{ "SchemaVersion": 2, "Trivy": { "Version": "0.69.3" }, "ReportID": "019d57b3-4fc3-746c-b3f4-0876ac6c8c80", "CreatedAt": "2026-04-04T08:54:22.403293006Z", "ArtifactName": "sboms/ai-containers-qdrant-v1.16.2-gpu-amd-cyclonedx.json", "ArtifactType": "cyclonedx", "Metadata": { "OS": { "Family": "ubuntu", "Name": "22.04" }, "ImageID": "sha256:34d68b0697247dd99863ef52d1765983fe4aa80dbda82df28ef97628824e39dc", "DiffIDs": [ "sha256:18d77267d4c259854eca66cec2188631d32b4981cce2811c3dfbedcde4b13735", "sha256:430b856894f5fd6f902e92a1ce9977aa370822638761b4d017b2698411a70cf1", "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5", "sha256:58ccaf23b8629509fbdfa23e720367b83332b8f3dd53fc2b95e7fd59f1fff9c3", "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b", "sha256:7945f3a6d68d14f2e4c0889a30297a128e171e94f548f3d900b8bb32eb9c4917", "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f", "sha256:c210255df05802aa41fa113a5cb9724887e59056482ff60c41010636d85feefc", "sha256:e36a3d2fd2929f012a4074881a28dcdd38a64e3f0dad88c6a6675eeae8d0f92a", "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11", "sha256:fe85f3c328efb8fb4e3a3cf6d01be51c59e7d41894f0e0137a535e378e212341" ], "RepoDigests": [ "registry.suse.com/ai/containers/qdrant@sha256:c7c9add39bd4e63119b695e0064008756de4eef7fa8e1a4e7665c709cbcb00cd" ], "Reference": "registry.suse.com/ai/containers/qdrant@sha256:c7c9add39bd4e63119b695e0064008756de4eef7fa8e1a4e7665c709cbcb00cd" }, "Results": [ { "Target": "sboms/ai-containers-qdrant-v1.16.2-gpu-amd-cyclonedx.json (ubuntu 22.04)", "Class": "os-pkgs", "Type": "ubuntu", "Packages": [ { "ID": "adduser@3.118ubuntu5", "Name": "adduser", "Identifier": { "PURL": "pkg:deb/ubuntu/adduser@3.118ubuntu5?arch=all\u0026distro=ubuntu-22.04", "UID": "de6d528f4bbb9fa7", "BOMRef": "pkg:deb/ubuntu/adduser@3.118ubuntu5?arch=all\u0026distro=ubuntu-22.04" }, "Version": "3.118ubuntu5", "Arch": "all", "SrcName": "adduser", "SrcVersion": "3.118ubuntu5", "Licenses": [ "GPL-2.0-only" ], "DependsOn": [ "debconf@1.5.79ubuntu1", "passwd@1:4.8.1-2ubuntu2.2" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "amd-smi-lib@26.2.0.70101-38~22.04", "Name": "amd-smi-lib", "Identifier": { "PURL": "pkg:deb/ubuntu/amd-smi-lib@26.2.0.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04", "UID": "e7d7300399263078", "BOMRef": "pkg:deb/ubuntu/amd-smi-lib@26.2.0.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "26.2.0.70101-38~22.04", "Arch": "amd64", "SrcName": "amd-smi-lib", "SrcVersion": "26.2.0.70101", "SrcRelease": "38~22.04", "DependsOn": [ "libc6@2.35-0ubuntu3.11", "python3-pip@22.0.2+dfsg-1ubuntu0.7", "python3-setuptools@59.6.0-1.2ubuntu0.22.04.3", "python3-wheel@0.37.1-2ubuntu0.22.04.1", "python3@3.10.6-1~22.04.1", "rocm-core@7.1.1.70101-38~22.04", "sudo@1.9.9-1ubuntu2.5" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "apt@2.4.14", "Name": "apt", "Identifier": { "PURL": "pkg:deb/ubuntu/apt@2.4.14?arch=amd64\u0026distro=ubuntu-22.04", "UID": "d98c55e8456942d4", "BOMRef": "pkg:deb/ubuntu/apt@2.4.14?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.4.14", "Arch": "amd64", "SrcName": "apt", "SrcVersion": "2.4.14", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only" ], "DependsOn": [ "adduser@3.118ubuntu5", "gpgv@2.2.27-3ubuntu2.4", "libapt-pkg6.0@2.4.14", "libc6@2.35-0ubuntu3.11", "libgcc-s1@12.3.0-1ubuntu1~22.04.2", "libgnutls30@3.7.3-4ubuntu1.7", "libseccomp2@2.5.3-2ubuntu3~22.04.1", "libstdc++6@12.3.0-1ubuntu1~22.04.2", "libsystemd0@249.11-0ubuntu3.17", "ubuntu-keyring@2021.03.26" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "base-files@12ubuntu4.7", "Name": "base-files", "Identifier": { "PURL": "pkg:deb/ubuntu/base-files@12ubuntu4.7?arch=amd64\u0026distro=ubuntu-22.04", "UID": "3b4c4012914d6914", "BOMRef": "pkg:deb/ubuntu/base-files@12ubuntu4.7?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "12ubuntu4.7", "Arch": "amd64", "SrcName": "base-files", "SrcVersion": "12ubuntu4.7", "Licenses": [ "GPL-2.0-or-later" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libcrypt1@1:4.4.27-1" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "base-passwd@3.5.52build1", "Name": "base-passwd", "Identifier": { "PURL": "pkg:deb/ubuntu/base-passwd@3.5.52build1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "bc37a74c09bb55d2", "BOMRef": "pkg:deb/ubuntu/base-passwd@3.5.52build1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "3.5.52build1", "Arch": "amd64", "SrcName": "base-passwd", "SrcVersion": "3.5.52build1", "Licenses": [ "GPL-2.0-only", "public-domain" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libdebconfclient0@0.261ubuntu1" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "bash@5.1-6ubuntu1.1", "Name": "bash", "Identifier": { "PURL": "pkg:deb/ubuntu/bash@5.1-6ubuntu1.1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "94c9ad5472082900", "BOMRef": "pkg:deb/ubuntu/bash@5.1-6ubuntu1.1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "5.1-6ubuntu1.1", "Arch": "amd64", "SrcName": "bash", "SrcVersion": "5.1", "SrcRelease": "6ubuntu1.1", "Licenses": [ "GPL-3.0-only" ], "DependsOn": [ "base-files@12ubuntu4.7", "debianutils@5.5-1ubuntu2" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "binutils@2.38-4ubuntu2.11", "Name": "binutils", "Identifier": { "PURL": "pkg:deb/ubuntu/binutils@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "8d70ef0a03180edc", "BOMRef": "pkg:deb/ubuntu/binutils@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.38-4ubuntu2.11", "Arch": "amd64", "SrcName": "binutils", "SrcVersion": "2.38", "SrcRelease": "4ubuntu2.11", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.0-or-later", "GFDL-1.3-or-later" ], "DependsOn": [ "binutils-common@2.38-4ubuntu2.11", "binutils-x86-64-linux-gnu@2.38-4ubuntu2.11", "libbinutils@2.38-4ubuntu2.11" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "binutils-common@2.38-4ubuntu2.11", "Name": "binutils-common", "Identifier": { "PURL": "pkg:deb/ubuntu/binutils-common@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "7ea551487aac860", "BOMRef": "pkg:deb/ubuntu/binutils-common@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.38-4ubuntu2.11", "Arch": "amd64", "SrcName": "binutils", "SrcVersion": "2.38", "SrcRelease": "4ubuntu2.11", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.0-or-later", "GFDL-1.3-or-later" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "binutils-x86-64-linux-gnu@2.38-4ubuntu2.11", "Name": "binutils-x86-64-linux-gnu", "Identifier": { "PURL": "pkg:deb/ubuntu/binutils-x86-64-linux-gnu@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "80586d57361b327d", "BOMRef": "pkg:deb/ubuntu/binutils-x86-64-linux-gnu@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.38-4ubuntu2.11", "Arch": "amd64", "SrcName": "binutils", "SrcVersion": "2.38", "SrcRelease": "4ubuntu2.11", "DependsOn": [ "binutils-common@2.38-4ubuntu2.11", "libbinutils@2.38-4ubuntu2.11", "libc6@2.35-0ubuntu3.11", "libctf-nobfd0@2.38-4ubuntu2.11", "libctf0@2.38-4ubuntu2.11", "libgcc-s1@12.3.0-1ubuntu1~22.04.2", "zlib1g@1:1.2.11.dfsg-2ubuntu9.2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "bsdutils@1:2.37.2-4ubuntu3.4", "Name": "bsdutils", "Identifier": { "PURL": "pkg:deb/ubuntu/bsdutils@2.37.2-4ubuntu3.4?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1", "UID": "ce8877366fa99e06", "BOMRef": "pkg:deb/ubuntu/bsdutils@2.37.2-4ubuntu3.4?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1" }, "Version": "2.37.2-4ubuntu3.4", "Epoch": 1, "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.37.2", "SrcRelease": "4ubuntu3.4", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "public-domain", "BSD-4-Clause", "MIT", "BSD-2-Clause", "BSD-3-Clause", "LGPL-2.0-or-later", "LGPL-2.1-or-later", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "build-essential@12.9ubuntu3", "Name": "build-essential", "Identifier": { "PURL": "pkg:deb/ubuntu/build-essential@12.9ubuntu3?arch=amd64\u0026distro=ubuntu-22.04", "UID": "d0b14ce4bf6fd84b", "BOMRef": "pkg:deb/ubuntu/build-essential@12.9ubuntu3?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "12.9ubuntu3", "Arch": "amd64", "SrcName": "build-essential", "SrcVersion": "12.9ubuntu3", "Licenses": [ "GPL-2.0-or-later" ], "DependsOn": [ "dpkg-dev@1.21.1ubuntu2.6", "g++@4:11.2.0-1ubuntu1", "gcc@4:11.2.0-1ubuntu1", "libc6-dev@2.35-0ubuntu3.11", "make@4.3-4.1build1" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "bzip2@1.0.8-5build1", "Name": "bzip2", "Identifier": { "PURL": "pkg:deb/ubuntu/bzip2@1.0.8-5build1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "64022cb219d31f92", "BOMRef": "pkg:deb/ubuntu/bzip2@1.0.8-5build1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.0.8-5build1", "Arch": "amd64", "SrcName": "bzip2", "SrcVersion": "1.0.8", "SrcRelease": "5build1", "Licenses": [ "BSD-3-Clause", "GPL-2.0-only" ], "DependsOn": [ "libbz2-1.0@1.0.8-5build1", "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "ca-certificates@20240203~22.04.1", "Name": "ca-certificates", "Identifier": { "PURL": "pkg:deb/ubuntu/ca-certificates@20240203~22.04.1?arch=all\u0026distro=ubuntu-22.04", "UID": "d71caeebe6900998", "BOMRef": "pkg:deb/ubuntu/ca-certificates@20240203~22.04.1?arch=all\u0026distro=ubuntu-22.04" }, "Version": "20240203~22.04.1", "Arch": "all", "SrcName": "ca-certificates", "SrcVersion": "20240203~22.04.1", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "MPL-2.0" ], "DependsOn": [ "debconf@1.5.79ubuntu1", "openssl@3.0.2-0ubuntu1.20" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "comgr@3.0.0.70101-38~22.04", "Name": "comgr", "Identifier": { "PURL": "pkg:deb/ubuntu/comgr@3.0.0.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04", "UID": "f584cce9deb88b74", "BOMRef": "pkg:deb/ubuntu/comgr@3.0.0.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "3.0.0.70101-38~22.04", "Arch": "amd64", "SrcName": "comgr", "SrcVersion": "3.0.0.70101", "SrcRelease": "38~22.04", "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libgcc-s1@12.3.0-1ubuntu1~22.04.2", "libstdc++6@12.3.0-1ubuntu1~22.04.2", "libtinfo-dev@6.3-2ubuntu0.1", "libzstd1@1.4.8+dfsg-3build1", "rocm-core@7.1.1.70101-38~22.04", "zlib1g@1:1.2.11.dfsg-2ubuntu9.2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "coreutils@8.32-4.1ubuntu1.2", "Name": "coreutils", "Identifier": { "PURL": "pkg:deb/ubuntu/coreutils@8.32-4.1ubuntu1.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "47149b5623a39bc", "BOMRef": "pkg:deb/ubuntu/coreutils@8.32-4.1ubuntu1.2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "8.32-4.1ubuntu1.2", "Arch": "amd64", "SrcName": "coreutils", "SrcVersion": "8.32", "SrcRelease": "4.1ubuntu1.2", "Licenses": [ "GPL-3.0-only" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "cpp@4:11.2.0-1ubuntu1", "Name": "cpp", "Identifier": { "PURL": "pkg:deb/ubuntu/cpp@11.2.0-1ubuntu1?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=4", "UID": "395b481f8d973cbe", "BOMRef": "pkg:deb/ubuntu/cpp@11.2.0-1ubuntu1?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=4" }, "Version": "11.2.0-1ubuntu1", "Epoch": 4, "Arch": "amd64", "SrcName": "gcc-defaults", "SrcVersion": "1.193ubuntu1", "Licenses": [ "GPL-2.0-only" ], "DependsOn": [ "cpp-11@11.4.0-1ubuntu1~22.04.2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "cpp-11@11.4.0-1ubuntu1~22.04.2", "Name": "cpp-11", "Identifier": { "PURL": "pkg:deb/ubuntu/cpp-11@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "79e97cdd51d1da63", "BOMRef": "pkg:deb/ubuntu/cpp-11@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "11.4.0-1ubuntu1~22.04.2", "Arch": "amd64", "SrcName": "gcc-11", "SrcVersion": "11.4.0", "SrcRelease": "1ubuntu1~22.04.2", "DependsOn": [ "gcc-11-base@11.4.0-1ubuntu1~22.04.2", "libc6@2.35-0ubuntu3.11", "libgmp10@2:6.2.1+dfsg-3ubuntu1", "libisl23@0.24-2build1", "libmpc3@1.2.1-2build1", "libmpfr6@4.1.0-3build3", "libzstd1@1.4.8+dfsg-3build1", "zlib1g@1:1.2.11.dfsg-2ubuntu9.2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "curl@7.81.0-1ubuntu1.21", "Name": "curl", "Identifier": { "PURL": "pkg:deb/ubuntu/curl@7.81.0-1ubuntu1.21?arch=amd64\u0026distro=ubuntu-22.04", "UID": "cfb730dbd76e403c", "BOMRef": "pkg:deb/ubuntu/curl@7.81.0-1ubuntu1.21?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "7.81.0-1ubuntu1.21", "Arch": "amd64", "SrcName": "curl", "SrcVersion": "7.81.0", "SrcRelease": "1ubuntu1.21", "Licenses": [ "curl", "ISC", "BSD-3-Clause", "public-domain", "BSD-4-Clause", "other" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libcurl4@7.81.0-1ubuntu1.21", "zlib1g@1:1.2.11.dfsg-2ubuntu9.2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "dash@0.5.11+git20210903+057cd650a4ed-3build1", "Name": "dash", "Identifier": { "PURL": "pkg:deb/ubuntu/dash@0.5.11%2Bgit20210903%2B057cd650a4ed-3build1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "c248bc50a3f6adfe", "BOMRef": "pkg:deb/ubuntu/dash@0.5.11%2Bgit20210903%2B057cd650a4ed-3build1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "0.5.11+git20210903+057cd650a4ed-3build1", "Arch": "amd64", "SrcName": "dash", "SrcVersion": "0.5.11+git20210903+057cd650a4ed", "SrcRelease": "3build1", "Licenses": [ "BSD-3-Clause", "FSFULLR", "FSFUL", "MIT", "GPL-2.0-or-later", "public-domain", "GPL-2.0-only" ], "DependsOn": [ "debconf@1.5.79ubuntu1", "debianutils@5.5-1ubuntu2", "dpkg@1.21.1ubuntu2.6" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "debconf@1.5.79ubuntu1", "Name": "debconf", "Identifier": { "PURL": "pkg:deb/ubuntu/debconf@1.5.79ubuntu1?arch=all\u0026distro=ubuntu-22.04", "UID": "4228ad27d6234b7f", "BOMRef": "pkg:deb/ubuntu/debconf@1.5.79ubuntu1?arch=all\u0026distro=ubuntu-22.04" }, "Version": "1.5.79ubuntu1", "Arch": "all", "SrcName": "debconf", "SrcVersion": "1.5.79ubuntu1", "Licenses": [ "BSD-2-Clause" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "debianutils@5.5-1ubuntu2", "Name": "debianutils", "Identifier": { "PURL": "pkg:deb/ubuntu/debianutils@5.5-1ubuntu2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "13e77c9782a1e530", "BOMRef": "pkg:deb/ubuntu/debianutils@5.5-1ubuntu2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "5.5-1ubuntu2", "Arch": "amd64", "SrcName": "debianutils", "SrcVersion": "5.5", "SrcRelease": "1ubuntu2", "Licenses": [ "GPL-2.0-only" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "diffutils@1:3.8-0ubuntu2", "Name": "diffutils", "Identifier": { "PURL": "pkg:deb/ubuntu/diffutils@3.8-0ubuntu2?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1", "UID": "ebe31ccb9185c797", "BOMRef": "pkg:deb/ubuntu/diffutils@3.8-0ubuntu2?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1" }, "Version": "3.8-0ubuntu2", "Epoch": 1, "Arch": "amd64", "SrcName": "diffutils", "SrcVersion": "3.8", "SrcRelease": "0ubuntu2", "SrcEpoch": 1, "Licenses": [ "GPL-2.0-or-later", "GFDL-1.3-or-later" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "dirmngr@2.2.27-3ubuntu2.4", "Name": "dirmngr", "Identifier": { "PURL": "pkg:deb/ubuntu/dirmngr@2.2.27-3ubuntu2.4?arch=amd64\u0026distro=ubuntu-22.04", "UID": "49c74f415e97b4b0", "BOMRef": "pkg:deb/ubuntu/dirmngr@2.2.27-3ubuntu2.4?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.2.27-3ubuntu2.4", "Arch": "amd64", "SrcName": "gnupg2", "SrcVersion": "2.2.27", "SrcRelease": "3ubuntu2.4", "Licenses": [ "GPL-3.0-or-later", "permissive", "LGPL-2.1-or-later", "MIT", "BSD-3-Clause", "LGPL-3.0-or-later", "RFC-Reference", "TinySCHEME", "CC0-1.0", "GPL-3.0-only", "LGPL-3.0-only", "LGPL-2.1-only" ], "DependsOn": [ "adduser@3.118ubuntu5", "gpgconf@2.2.27-3ubuntu2.4", "init-system-helpers@1.62", "libassuan0@2.5.5-1build1", "libc6@2.35-0ubuntu3.11", "libgcrypt20@1.9.4-3ubuntu3", "libgnutls30@3.7.3-4ubuntu1.7", "libgpg-error0@1.43-3", "libksba8@1.6.0-2ubuntu0.2", "libldap-2.5-0@2.5.19+dfsg-0ubuntu0.22.04.1", "libnpth0@1.6-3build2", "lsb-base@11.1.0ubuntu4" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "dpkg@1.21.1ubuntu2.6", "Name": "dpkg", "Identifier": { "PURL": "pkg:deb/ubuntu/dpkg@1.21.1ubuntu2.6?arch=amd64\u0026distro=ubuntu-22.04", "UID": "11407e0eefaccfb4", "BOMRef": "pkg:deb/ubuntu/dpkg@1.21.1ubuntu2.6?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.21.1ubuntu2.6", "Arch": "amd64", "SrcName": "dpkg", "SrcVersion": "1.21.1ubuntu2.6", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "BSD-2-Clause", "public-domain-s-s-d", "public-domain-md5" ], "DependsOn": [ "tar@1.34+dfsg-1ubuntu0.1.22.04.2" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "dpkg-dev@1.21.1ubuntu2.6", "Name": "dpkg-dev", "Identifier": { "PURL": "pkg:deb/ubuntu/dpkg-dev@1.21.1ubuntu2.6?arch=all\u0026distro=ubuntu-22.04", "UID": "b9ef3c21c399f96f", "BOMRef": "pkg:deb/ubuntu/dpkg-dev@1.21.1ubuntu2.6?arch=all\u0026distro=ubuntu-22.04" }, "Version": "1.21.1ubuntu2.6", "Arch": "all", "SrcName": "dpkg", "SrcVersion": "1.21.1ubuntu2.6", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "BSD-2-Clause", "public-domain-s-s-d", "public-domain-md5" ], "DependsOn": [ "binutils@2.38-4ubuntu2.11", "bzip2@1.0.8-5build1", "libdpkg-perl@1.21.1ubuntu2.6", "lto-disabled-list@24", "make@4.3-4.1build1", "patch@2.7.6-7build2", "tar@1.34+dfsg-1ubuntu0.1.22.04.2", "xz-utils@5.2.5-2ubuntu1" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "e2fsprogs@1.46.5-2ubuntu1.2", "Name": "e2fsprogs", "Identifier": { "PURL": "pkg:deb/ubuntu/e2fsprogs@1.46.5-2ubuntu1.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "d99cca2f79a53fed", "BOMRef": "pkg:deb/ubuntu/e2fsprogs@1.46.5-2ubuntu1.2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.46.5-2ubuntu1.2", "Arch": "amd64", "SrcName": "e2fsprogs", "SrcVersion": "1.46.5", "SrcRelease": "2ubuntu1.2", "Licenses": [ "GPL-2.0-only", "LGPL-2.0-only" ], "DependsOn": [ "logsave@1.46.5-2ubuntu1.2" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "file@1:5.41-3ubuntu0.1", "Name": "file", "Identifier": { "PURL": "pkg:deb/ubuntu/file@5.41-3ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1", "UID": "eace9a303b0a3f01", "BOMRef": "pkg:deb/ubuntu/file@5.41-3ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1" }, "Version": "5.41-3ubuntu0.1", "Epoch": 1, "Arch": "amd64", "SrcName": "file", "SrcVersion": "5.41", "SrcRelease": "3ubuntu0.1", "SrcEpoch": 1, "Licenses": [ "BSD-2-Clause-alike", "public-domain", "BSD-2-Clause-NetBSD", "BSD-2-Clause-regents", "MIT-Old-Style WITH legal-disclaimer-2" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libmagic1@1:5.41-3ubuntu0.1" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "findutils@4.8.0-1ubuntu3", "Name": "findutils", "Identifier": { "PURL": "pkg:deb/ubuntu/findutils@4.8.0-1ubuntu3?arch=amd64\u0026distro=ubuntu-22.04", "UID": "af398126cbab8ed5", "BOMRef": "pkg:deb/ubuntu/findutils@4.8.0-1ubuntu3?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "4.8.0-1ubuntu3", "Arch": "amd64", "SrcName": "findutils", "SrcVersion": "4.8.0", "SrcRelease": "1ubuntu3", "Licenses": [ "GPL-3.0-only", "GFDL-1.3-only" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "g++@4:11.2.0-1ubuntu1", "Name": "g++", "Identifier": { "PURL": "pkg:deb/ubuntu/g%2B%2B@11.2.0-1ubuntu1?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=4", "UID": "b9b3ebfbb1259ee7", "BOMRef": "pkg:deb/ubuntu/g%2B%2B@11.2.0-1ubuntu1?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=4" }, "Version": "11.2.0-1ubuntu1", "Epoch": 4, "Arch": "amd64", "SrcName": "gcc-defaults", "SrcVersion": "1.193ubuntu1", "DependsOn": [ "cpp@4:11.2.0-1ubuntu1", "g++-11@11.4.0-1ubuntu1~22.04.2", "gcc-11@11.4.0-1ubuntu1~22.04.2", "gcc@4:11.2.0-1ubuntu1" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "g++-11@11.4.0-1ubuntu1~22.04.2", "Name": "g++-11", "Identifier": { "PURL": "pkg:deb/ubuntu/g%2B%2B-11@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "c4d99e4e8992d8ce", "BOMRef": "pkg:deb/ubuntu/g%2B%2B-11@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "11.4.0-1ubuntu1~22.04.2", "Arch": "amd64", "SrcName": "gcc-11", "SrcVersion": "11.4.0", "SrcRelease": "1ubuntu1~22.04.2", "DependsOn": [ "gcc-11-base@11.4.0-1ubuntu1~22.04.2", "gcc-11@11.4.0-1ubuntu1~22.04.2", "libc6@2.35-0ubuntu3.11", "libgmp10@2:6.2.1+dfsg-3ubuntu1", "libisl23@0.24-2build1", "libmpc3@1.2.1-2build1", "libmpfr6@4.1.0-3build3", "libstdc++-11-dev@11.4.0-1ubuntu1~22.04.2", "libzstd1@1.4.8+dfsg-3build1", "zlib1g@1:1.2.11.dfsg-2ubuntu9.2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "gcc@4:11.2.0-1ubuntu1", "Name": "gcc", "Identifier": { "PURL": "pkg:deb/ubuntu/gcc@11.2.0-1ubuntu1?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=4", "UID": "46e4dbbe9ed8913a", "BOMRef": "pkg:deb/ubuntu/gcc@11.2.0-1ubuntu1?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=4" }, "Version": "11.2.0-1ubuntu1", "Epoch": 4, "Arch": "amd64", "SrcName": "gcc-defaults", "SrcVersion": "1.193ubuntu1", "DependsOn": [ "cpp@4:11.2.0-1ubuntu1", "gcc-11@11.4.0-1ubuntu1~22.04.2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "gcc-11@11.4.0-1ubuntu1~22.04.2", "Name": "gcc-11", "Identifier": { "PURL": "pkg:deb/ubuntu/gcc-11@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "db4ceebe1a0148d4", "BOMRef": "pkg:deb/ubuntu/gcc-11@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "11.4.0-1ubuntu1~22.04.2", "Arch": "amd64", "SrcName": "gcc-11", "SrcVersion": "11.4.0", "SrcRelease": "1ubuntu1~22.04.2", "DependsOn": [ "binutils@2.38-4ubuntu2.11", "cpp-11@11.4.0-1ubuntu1~22.04.2", "gcc-11-base@11.4.0-1ubuntu1~22.04.2", "libc6@2.35-0ubuntu3.11", "libcc1-0@12.3.0-1ubuntu1~22.04.2", "libgcc-11-dev@11.4.0-1ubuntu1~22.04.2", "libgcc-s1@12.3.0-1ubuntu1~22.04.2", "libgmp10@2:6.2.1+dfsg-3ubuntu1", "libisl23@0.24-2build1", "libmpc3@1.2.1-2build1", "libmpfr6@4.1.0-3build3", "libstdc++6@12.3.0-1ubuntu1~22.04.2", "libzstd1@1.4.8+dfsg-3build1", "zlib1g@1:1.2.11.dfsg-2ubuntu9.2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "gcc-11-base@11.4.0-1ubuntu1~22.04.2", "Name": "gcc-11-base", "Identifier": { "PURL": "pkg:deb/ubuntu/gcc-11-base@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2f7e9e1b5ddff29", "BOMRef": "pkg:deb/ubuntu/gcc-11-base@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "11.4.0-1ubuntu1~22.04.2", "Arch": "amd64", "SrcName": "gcc-11", "SrcVersion": "11.4.0", "SrcRelease": "1ubuntu1~22.04.2", "Licenses": [ "GPL-2.0-or-later", "GPL-3.0-only", "GFDL-1.2-only", "GPL-2.0-only", "Artistic-2.0", "LGPL-2.0-or-later" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "gcc-12-base@12.3.0-1ubuntu1~22.04.2", "Name": "gcc-12-base", "Identifier": { "PURL": "pkg:deb/ubuntu/gcc-12-base@12.3.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "93efb873ddf9d251", "BOMRef": "pkg:deb/ubuntu/gcc-12-base@12.3.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "12.3.0-1ubuntu1~22.04.2", "Arch": "amd64", "SrcName": "gcc-12", "SrcVersion": "12.3.0", "SrcRelease": "1ubuntu1~22.04.2", "Licenses": [ "GPL-2.0-or-later", "GPL-3.0-only", "GFDL-1.2-only", "GPL-2.0-only", "Artistic-2.0", "LGPL-2.0-or-later" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "gnupg@2.2.27-3ubuntu2.4", "Name": "gnupg", "Identifier": { "PURL": "pkg:deb/ubuntu/gnupg@2.2.27-3ubuntu2.4?arch=all\u0026distro=ubuntu-22.04", "UID": "7305b4597f3d0233", "BOMRef": "pkg:deb/ubuntu/gnupg@2.2.27-3ubuntu2.4?arch=all\u0026distro=ubuntu-22.04" }, "Version": "2.2.27-3ubuntu2.4", "Arch": "all", "SrcName": "gnupg2", "SrcVersion": "2.2.27", "SrcRelease": "3ubuntu2.4", "Licenses": [ "GPL-3.0-or-later", "permissive", "LGPL-2.1-or-later", "MIT", "BSD-3-Clause", "LGPL-3.0-or-later", "RFC-Reference", "TinySCHEME", "CC0-1.0", "GPL-3.0-only", "LGPL-3.0-only", "LGPL-2.1-only" ], "DependsOn": [ "dirmngr@2.2.27-3ubuntu2.4", "gnupg-l10n@2.2.27-3ubuntu2.4", "gnupg-utils@2.2.27-3ubuntu2.4", "gpg-agent@2.2.27-3ubuntu2.4", "gpg-wks-client@2.2.27-3ubuntu2.4", "gpg-wks-server@2.2.27-3ubuntu2.4", "gpg@2.2.27-3ubuntu2.4", "gpgsm@2.2.27-3ubuntu2.4", "gpgv@2.2.27-3ubuntu2.4" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "gnupg-l10n@2.2.27-3ubuntu2.4", "Name": "gnupg-l10n", "Identifier": { "PURL": "pkg:deb/ubuntu/gnupg-l10n@2.2.27-3ubuntu2.4?arch=all\u0026distro=ubuntu-22.04", "UID": "6002ceb656d72d82", "BOMRef": "pkg:deb/ubuntu/gnupg-l10n@2.2.27-3ubuntu2.4?arch=all\u0026distro=ubuntu-22.04" }, "Version": "2.2.27-3ubuntu2.4", "Arch": "all", "SrcName": "gnupg2", "SrcVersion": "2.2.27", "SrcRelease": "3ubuntu2.4", "Licenses": [ "GPL-3.0-or-later", "permissive", "LGPL-2.1-or-later", "MIT", "BSD-3-Clause", "LGPL-3.0-or-later", "RFC-Reference", "TinySCHEME", "CC0-1.0", "GPL-3.0-only", "LGPL-3.0-only", "LGPL-2.1-only" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "gnupg-utils@2.2.27-3ubuntu2.4", "Name": "gnupg-utils", "Identifier": { "PURL": "pkg:deb/ubuntu/gnupg-utils@2.2.27-3ubuntu2.4?arch=amd64\u0026distro=ubuntu-22.04", "UID": "b38e65c982598ef5", "BOMRef": "pkg:deb/ubuntu/gnupg-utils@2.2.27-3ubuntu2.4?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.2.27-3ubuntu2.4", "Arch": "amd64", "SrcName": "gnupg2", "SrcVersion": "2.2.27", "SrcRelease": "3ubuntu2.4", "Licenses": [ "GPL-3.0-or-later", "permissive", "LGPL-2.1-or-later", "MIT", "BSD-3-Clause", "LGPL-3.0-or-later", "RFC-Reference", "TinySCHEME", "CC0-1.0", "GPL-3.0-only", "LGPL-3.0-only", "LGPL-2.1-only" ], "DependsOn": [ "libassuan0@2.5.5-1build1", "libbz2-1.0@1.0.8-5build1", "libc6@2.35-0ubuntu3.11", "libgcrypt20@1.9.4-3ubuntu3", "libgpg-error0@1.43-3", "libksba8@1.6.0-2ubuntu0.2", "libreadline8@8.1.2-1", "zlib1g@1:1.2.11.dfsg-2ubuntu9.2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "gpg@2.2.27-3ubuntu2.4", "Name": "gpg", "Identifier": { "PURL": "pkg:deb/ubuntu/gpg@2.2.27-3ubuntu2.4?arch=amd64\u0026distro=ubuntu-22.04", "UID": "f43647b938b2f56e", "BOMRef": "pkg:deb/ubuntu/gpg@2.2.27-3ubuntu2.4?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.2.27-3ubuntu2.4", "Arch": "amd64", "SrcName": "gnupg2", "SrcVersion": "2.2.27", "SrcRelease": "3ubuntu2.4", "Licenses": [ "GPL-3.0-or-later", "permissive", "LGPL-2.1-or-later", "MIT", "BSD-3-Clause", "LGPL-3.0-or-later", "RFC-Reference", "TinySCHEME", "CC0-1.0", "GPL-3.0-only", "LGPL-3.0-only", "LGPL-2.1-only" ], "DependsOn": [ "gpgconf@2.2.27-3ubuntu2.4", "libassuan0@2.5.5-1build1", "libbz2-1.0@1.0.8-5build1", "libc6@2.35-0ubuntu3.11", "libgcrypt20@1.9.4-3ubuntu3", "libgpg-error0@1.43-3", "libreadline8@8.1.2-1", "libsqlite3-0@3.37.2-2ubuntu0.5", "zlib1g@1:1.2.11.dfsg-2ubuntu9.2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "gpg-agent@2.2.27-3ubuntu2.4", "Name": "gpg-agent", "Identifier": { "PURL": "pkg:deb/ubuntu/gpg-agent@2.2.27-3ubuntu2.4?arch=amd64\u0026distro=ubuntu-22.04", "UID": "5a65eb93a2d8359e", "BOMRef": "pkg:deb/ubuntu/gpg-agent@2.2.27-3ubuntu2.4?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.2.27-3ubuntu2.4", "Arch": "amd64", "SrcName": "gnupg2", "SrcVersion": "2.2.27", "SrcRelease": "3ubuntu2.4", "Licenses": [ "GPL-3.0-or-later", "permissive", "LGPL-2.1-or-later", "MIT", "BSD-3-Clause", "LGPL-3.0-or-later", "RFC-Reference", "TinySCHEME", "CC0-1.0", "GPL-3.0-only", "LGPL-3.0-only", "LGPL-2.1-only" ], "DependsOn": [ "gpgconf@2.2.27-3ubuntu2.4", "init-system-helpers@1.62", "libassuan0@2.5.5-1build1", "libc6@2.35-0ubuntu3.11", "libgcrypt20@1.9.4-3ubuntu3", "libgpg-error0@1.43-3", "libnpth0@1.6-3build2", "pinentry-curses@1.1.1-1build2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "gpg-wks-client@2.2.27-3ubuntu2.4", "Name": "gpg-wks-client", "Identifier": { "PURL": "pkg:deb/ubuntu/gpg-wks-client@2.2.27-3ubuntu2.4?arch=amd64\u0026distro=ubuntu-22.04", "UID": "20babe427c72d2b4", "BOMRef": "pkg:deb/ubuntu/gpg-wks-client@2.2.27-3ubuntu2.4?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.2.27-3ubuntu2.4", "Arch": "amd64", "SrcName": "gnupg2", "SrcVersion": "2.2.27", "SrcRelease": "3ubuntu2.4", "Licenses": [ "GPL-3.0-or-later", "permissive", "LGPL-2.1-or-later", "MIT", "BSD-3-Clause", "LGPL-3.0-or-later", "RFC-Reference", "TinySCHEME", "CC0-1.0", "GPL-3.0-only", "LGPL-3.0-only", "LGPL-2.1-only" ], "DependsOn": [ "dirmngr@2.2.27-3ubuntu2.4", "gpg-agent@2.2.27-3ubuntu2.4", "gpg@2.2.27-3ubuntu2.4", "libassuan0@2.5.5-1build1", "libc6@2.35-0ubuntu3.11", "libgcrypt20@1.9.4-3ubuntu3", "libgpg-error0@1.43-3" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "gpg-wks-server@2.2.27-3ubuntu2.4", "Name": "gpg-wks-server", "Identifier": { "PURL": "pkg:deb/ubuntu/gpg-wks-server@2.2.27-3ubuntu2.4?arch=amd64\u0026distro=ubuntu-22.04", "UID": "30176aa2c7215687", "BOMRef": "pkg:deb/ubuntu/gpg-wks-server@2.2.27-3ubuntu2.4?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.2.27-3ubuntu2.4", "Arch": "amd64", "SrcName": "gnupg2", "SrcVersion": "2.2.27", "SrcRelease": "3ubuntu2.4", "Licenses": [ "GPL-3.0-or-later", "permissive", "LGPL-2.1-or-later", "MIT", "BSD-3-Clause", "LGPL-3.0-or-later", "RFC-Reference", "TinySCHEME", "CC0-1.0", "GPL-3.0-only", "LGPL-3.0-only", "LGPL-2.1-only" ], "DependsOn": [ "gpg-agent@2.2.27-3ubuntu2.4", "gpg@2.2.27-3ubuntu2.4", "libc6@2.35-0ubuntu3.11", "libgcrypt20@1.9.4-3ubuntu3", "libgpg-error0@1.43-3" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "gpgconf@2.2.27-3ubuntu2.4", "Name": "gpgconf", "Identifier": { "PURL": "pkg:deb/ubuntu/gpgconf@2.2.27-3ubuntu2.4?arch=amd64\u0026distro=ubuntu-22.04", "UID": "c5cc074edb997929", "BOMRef": "pkg:deb/ubuntu/gpgconf@2.2.27-3ubuntu2.4?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.2.27-3ubuntu2.4", "Arch": "amd64", "SrcName": "gnupg2", "SrcVersion": "2.2.27", "SrcRelease": "3ubuntu2.4", "Licenses": [ "GPL-3.0-or-later", "permissive", "LGPL-2.1-or-later", "MIT", "BSD-3-Clause", "LGPL-3.0-or-later", "RFC-Reference", "TinySCHEME", "CC0-1.0", "GPL-3.0-only", "LGPL-3.0-only", "LGPL-2.1-only" ], "DependsOn": [ "libassuan0@2.5.5-1build1", "libc6@2.35-0ubuntu3.11", "libgcrypt20@1.9.4-3ubuntu3", "libgpg-error0@1.43-3", "libreadline8@8.1.2-1" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "gpgsm@2.2.27-3ubuntu2.4", "Name": "gpgsm", "Identifier": { "PURL": "pkg:deb/ubuntu/gpgsm@2.2.27-3ubuntu2.4?arch=amd64\u0026distro=ubuntu-22.04", "UID": "3b094a7a9917a92e", "BOMRef": "pkg:deb/ubuntu/gpgsm@2.2.27-3ubuntu2.4?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.2.27-3ubuntu2.4", "Arch": "amd64", "SrcName": "gnupg2", "SrcVersion": "2.2.27", "SrcRelease": "3ubuntu2.4", "Licenses": [ "GPL-3.0-or-later", "permissive", "LGPL-2.1-or-later", "MIT", "BSD-3-Clause", "LGPL-3.0-or-later", "RFC-Reference", "TinySCHEME", "CC0-1.0", "GPL-3.0-only", "LGPL-3.0-only", "LGPL-2.1-only" ], "DependsOn": [ "gpgconf@2.2.27-3ubuntu2.4", "libassuan0@2.5.5-1build1", "libc6@2.35-0ubuntu3.11", "libgcrypt20@1.9.4-3ubuntu3", "libgpg-error0@1.43-3", "libksba8@1.6.0-2ubuntu0.2", "libreadline8@8.1.2-1" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "gpgv@2.2.27-3ubuntu2.4", "Name": "gpgv", "Identifier": { "PURL": "pkg:deb/ubuntu/gpgv@2.2.27-3ubuntu2.4?arch=amd64\u0026distro=ubuntu-22.04", "UID": "b71a2171c2a48d2a", "BOMRef": "pkg:deb/ubuntu/gpgv@2.2.27-3ubuntu2.4?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.2.27-3ubuntu2.4", "Arch": "amd64", "SrcName": "gnupg2", "SrcVersion": "2.2.27", "SrcRelease": "3ubuntu2.4", "Licenses": [ "GPL-3.0-or-later", "permissive", "LGPL-2.1-or-later", "MIT", "BSD-3-Clause", "LGPL-3.0-or-later", "RFC-Reference", "TinySCHEME", "CC0-1.0", "GPL-3.0-only", "LGPL-3.0-only", "LGPL-2.1-only" ], "DependsOn": [ "libbz2-1.0@1.0.8-5build1", "libc6@2.35-0ubuntu3.11", "libgcrypt20@1.9.4-3ubuntu3", "libgpg-error0@1.43-3", "zlib1g@1:1.2.11.dfsg-2ubuntu9.2" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "grep@3.7-1build1", "Name": "grep", "Identifier": { "PURL": "pkg:deb/ubuntu/grep@3.7-1build1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "c58c680945e79e59", "BOMRef": "pkg:deb/ubuntu/grep@3.7-1build1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "3.7-1build1", "Arch": "amd64", "SrcName": "grep", "SrcVersion": "3.7", "SrcRelease": "1build1", "Licenses": [ "GPL-3.0-or-later", "GPL-3.0-only" ], "DependsOn": [ "dpkg@1.21.1ubuntu2.6" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "gzip@1.10-4ubuntu4.1", "Name": "gzip", "Identifier": { "PURL": "pkg:deb/ubuntu/gzip@1.10-4ubuntu4.1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "b5246959224cbfaf", "BOMRef": "pkg:deb/ubuntu/gzip@1.10-4ubuntu4.1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.10-4ubuntu4.1", "Arch": "amd64", "SrcName": "gzip", "SrcVersion": "1.10", "SrcRelease": "4ubuntu4.1", "Licenses": [ "GPL-3.0-or-later", "GFDL-1.3--no-invariant", "FSF-manpages", "GPL-3.0-only", "GFDL-3" ], "DependsOn": [ "dpkg@1.21.1ubuntu2.6" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "hip-dev@7.1.52802.70101-38~22.04", "Name": "hip-dev", "Identifier": { "PURL": "pkg:deb/ubuntu/hip-dev@7.1.52802.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04", "UID": "5683914e5198b196", "BOMRef": "pkg:deb/ubuntu/hip-dev@7.1.52802.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "7.1.52802.70101-38~22.04", "Arch": "amd64", "SrcName": "hip-dev", "SrcVersion": "7.1.52802.70101", "SrcRelease": "38~22.04", "DependsOn": [ "file@1:5.41-3ubuntu0.1", "hip-runtime-amd@7.1.52802.70101-38~22.04", "hipcc@1.1.1.70101-38~22.04", "hsa-rocr-dev@1.18.0.70101-38~22.04", "libc6@2.35-0ubuntu3.11", "rocm-core@7.1.1.70101-38~22.04", "rocm-llvm@20.0.0.25444.70101-38~22.04" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "hip-doc@7.1.52802.70101-38~22.04", "Name": "hip-doc", "Identifier": { "PURL": "pkg:deb/ubuntu/hip-doc@7.1.52802.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04", "UID": "ca4a7d3b471bf63e", "BOMRef": "pkg:deb/ubuntu/hip-doc@7.1.52802.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "7.1.52802.70101-38~22.04", "Arch": "amd64", "SrcName": "hip-doc", "SrcVersion": "7.1.52802.70101", "SrcRelease": "38~22.04", "DependsOn": [ "hip-dev@7.1.52802.70101-38~22.04", "rocm-core@7.1.1.70101-38~22.04" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "hip-runtime-amd@7.1.52802.70101-38~22.04", "Name": "hip-runtime-amd", "Identifier": { "PURL": "pkg:deb/ubuntu/hip-runtime-amd@7.1.52802.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04", "UID": "4ef90995e37aeb80", "BOMRef": "pkg:deb/ubuntu/hip-runtime-amd@7.1.52802.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "7.1.52802.70101-38~22.04", "Arch": "amd64", "SrcName": "hip-runtime-amd", "SrcVersion": "7.1.52802.70101", "SrcRelease": "38~22.04", "DependsOn": [ "comgr@3.0.0.70101-38~22.04", "hsa-rocr@1.18.0.70101-38~22.04", "libc6@2.35-0ubuntu3.11", "libgcc-s1@12.3.0-1ubuntu1~22.04.2", "libnuma1@2.0.14-3ubuntu2", "libstdc++6@12.3.0-1ubuntu1~22.04.2", "rocm-core@7.1.1.70101-38~22.04", "rocminfo@1.0.0.70101-38~22.04", "rocprofiler-register@0.6.0.70101-38~22.04" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "hip-samples@7.1.52802.70101-38~22.04", "Name": "hip-samples", "Identifier": { "PURL": "pkg:deb/ubuntu/hip-samples@7.1.52802.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04", "UID": "b9a2f9b0d38baa2f", "BOMRef": "pkg:deb/ubuntu/hip-samples@7.1.52802.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "7.1.52802.70101-38~22.04", "Arch": "amd64", "SrcName": "hip-samples", "SrcVersion": "7.1.52802.70101", "SrcRelease": "38~22.04", "DependsOn": [ "hip-dev@7.1.52802.70101-38~22.04", "hipcc@1.1.1.70101-38~22.04", "rocm-core@7.1.1.70101-38~22.04" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "hipcc@1.1.1.70101-38~22.04", "Name": "hipcc", "Identifier": { "PURL": "pkg:deb/ubuntu/hipcc@1.1.1.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04", "UID": "deaf1a2556dc4d23", "BOMRef": "pkg:deb/ubuntu/hipcc@1.1.1.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.1.1.70101-38~22.04", "Arch": "amd64", "SrcName": "hipcc", "SrcVersion": "1.1.1.70101", "SrcRelease": "38~22.04", "DependsOn": [ "rocm-core@7.1.1.70101-38~22.04", "rocm-llvm@20.0.0.25444.70101-38~22.04" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "hipify-clang@20.0.0.70101-38~22.04", "Name": "hipify-clang", "Identifier": { "PURL": "pkg:deb/ubuntu/hipify-clang@20.0.0.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04", "UID": "9b7222038c849d25", "BOMRef": "pkg:deb/ubuntu/hipify-clang@20.0.0.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "20.0.0.70101-38~22.04", "Arch": "amd64", "SrcName": "hipify-clang", "SrcVersion": "20.0.0.70101", "SrcRelease": "38~22.04", "DependsOn": [ "rocm-core@7.1.1.70101-38~22.04" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "hostname@3.23ubuntu2", "Name": "hostname", "Identifier": { "PURL": "pkg:deb/ubuntu/hostname@3.23ubuntu2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "142caf698bc6020e", "BOMRef": "pkg:deb/ubuntu/hostname@3.23ubuntu2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "3.23ubuntu2", "Arch": "amd64", "SrcName": "hostname", "SrcVersion": "3.23ubuntu2", "Licenses": [ "GPL-2.0-only" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "hsa-amd-aqlprofile@1.0.0.70101-38~22.04", "Name": "hsa-amd-aqlprofile", "Identifier": { "PURL": "pkg:deb/ubuntu/hsa-amd-aqlprofile@1.0.0.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04", "UID": "4f4ffc5249f2e11a", "BOMRef": "pkg:deb/ubuntu/hsa-amd-aqlprofile@1.0.0.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.0.0.70101-38~22.04", "Arch": "amd64", "SrcName": "hsa-amd-aqlprofile", "SrcVersion": "1.0.0.70101", "SrcRelease": "38~22.04", "DependsOn": [ "hsa-rocr@1.18.0.70101-38~22.04", "rocm-core@7.1.1.70101-38~22.04" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "hsa-rocr@1.18.0.70101-38~22.04", "Name": "hsa-rocr", "Identifier": { "PURL": "pkg:deb/ubuntu/hsa-rocr@1.18.0.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04", "UID": "bf1e65b14244e2fb", "BOMRef": "pkg:deb/ubuntu/hsa-rocr@1.18.0.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.18.0.70101-38~22.04", "Arch": "amd64", "SrcName": "hsa-rocr", "SrcVersion": "1.18.0.70101", "SrcRelease": "38~22.04", "DependsOn": [ "libdrm-amdgpu1@2.4.113-2~ubuntu0.22.04.1", "libelf1@0.186-1ubuntu0.1", "libnuma1@2.0.14-3ubuntu2", "rocm-core@7.1.1.70101-38~22.04", "rocprofiler-register@0.6.0.70101-38~22.04" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "hsa-rocr-dev@1.18.0.70101-38~22.04", "Name": "hsa-rocr-dev", "Identifier": { "PURL": "pkg:deb/ubuntu/hsa-rocr-dev@1.18.0.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04", "UID": "25388f4d2ed0f51d", "BOMRef": "pkg:deb/ubuntu/hsa-rocr-dev@1.18.0.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.18.0.70101-38~22.04", "Arch": "amd64", "SrcName": "hsa-rocr-dev", "SrcVersion": "1.18.0.70101", "SrcRelease": "38~22.04", "DependsOn": [ "hsa-rocr@1.18.0.70101-38~22.04", "libdrm-dev@2.4.113-2~ubuntu0.22.04.1", "rocm-core@7.1.1.70101-38~22.04" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "icu-devtools@70.1-2", "Name": "icu-devtools", "Identifier": { "PURL": "pkg:deb/ubuntu/icu-devtools@70.1-2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "f4097249b5ed370c", "BOMRef": "pkg:deb/ubuntu/icu-devtools@70.1-2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "70.1-2", "Arch": "amd64", "SrcName": "icu", "SrcVersion": "70.1", "SrcRelease": "2", "Licenses": [ "MIT", "GPL-3.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libgcc-s1@12.3.0-1ubuntu1~22.04.2", "libicu70@70.1-2", "libstdc++6@12.3.0-1ubuntu1~22.04.2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "init-system-helpers@1.62", "Name": "init-system-helpers", "Identifier": { "PURL": "pkg:deb/ubuntu/init-system-helpers@1.62?arch=all\u0026distro=ubuntu-22.04", "UID": "2a51f0860816635a", "BOMRef": "pkg:deb/ubuntu/init-system-helpers@1.62?arch=all\u0026distro=ubuntu-22.04" }, "Version": "1.62", "Arch": "all", "SrcName": "init-system-helpers", "SrcVersion": "1.62", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later", "GPL-2.0-only" ], "DependsOn": [ "perl-base@5.34.0-3ubuntu1.5" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "kmod@29-1ubuntu1", "Name": "kmod", "Identifier": { "PURL": "pkg:deb/ubuntu/kmod@29-1ubuntu1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "5ff4995b70335a7e", "BOMRef": "pkg:deb/ubuntu/kmod@29-1ubuntu1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "29-1ubuntu1", "Arch": "amd64", "SrcName": "kmod", "SrcVersion": "29", "SrcRelease": "1ubuntu1", "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libkmod2@29-1ubuntu1", "liblzma5@5.2.5-2ubuntu1", "libssl3@3.0.2-0ubuntu1.20", "libzstd1@1.4.8+dfsg-3build1", "lsb-base@11.1.0ubuntu4" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libacl1@2.3.1-1", "Name": "libacl1", "Identifier": { "PURL": "pkg:deb/ubuntu/libacl1@2.3.1-1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "c4ebabb7e8a0e7fb", "BOMRef": "pkg:deb/ubuntu/libacl1@2.3.1-1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.3.1-1", "Arch": "amd64", "SrcName": "acl", "SrcVersion": "2.3.1", "SrcRelease": "1", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.0-or-later", "LGPL-2.1-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libapt-pkg6.0@2.4.14", "Name": "libapt-pkg6.0", "Identifier": { "PURL": "pkg:deb/ubuntu/libapt-pkg6.0@2.4.14?arch=amd64\u0026distro=ubuntu-22.04", "UID": "3df60be88adb88f8", "BOMRef": "pkg:deb/ubuntu/libapt-pkg6.0@2.4.14?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.4.14", "Arch": "amd64", "SrcName": "apt", "SrcVersion": "2.4.14", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only" ], "DependsOn": [ "libbz2-1.0@1.0.8-5build1", "libc6@2.35-0ubuntu3.11", "libgcc-s1@12.3.0-1ubuntu1~22.04.2", "libgcrypt20@1.9.4-3ubuntu3", "liblz4-1@1.9.3-2build2", "liblzma5@5.2.5-2ubuntu1", "libstdc++6@12.3.0-1ubuntu1~22.04.2", "libsystemd0@249.11-0ubuntu3.17", "libudev1@249.11-0ubuntu3.17", "libxxhash0@0.8.1-1", "libzstd1@1.4.8+dfsg-3build1", "zlib1g@1:1.2.11.dfsg-2ubuntu9.2" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libasan6@11.4.0-1ubuntu1~22.04.2", "Name": "libasan6", "Identifier": { "PURL": "pkg:deb/ubuntu/libasan6@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "c9a1d2dbf5550fac", "BOMRef": "pkg:deb/ubuntu/libasan6@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "11.4.0-1ubuntu1~22.04.2", "Arch": "amd64", "SrcName": "gcc-11", "SrcVersion": "11.4.0", "SrcRelease": "1ubuntu1~22.04.2", "DependsOn": [ "gcc-11-base@11.4.0-1ubuntu1~22.04.2", "libc6@2.35-0ubuntu3.11", "libgcc-s1@12.3.0-1ubuntu1~22.04.2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libassuan0@2.5.5-1build1", "Name": "libassuan0", "Identifier": { "PURL": "pkg:deb/ubuntu/libassuan0@2.5.5-1build1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "91466612951d1d57", "BOMRef": "pkg:deb/ubuntu/libassuan0@2.5.5-1build1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.5.5-1build1", "Arch": "amd64", "SrcName": "libassuan", "SrcVersion": "2.5.5", "SrcRelease": "1build1", "Licenses": [ "LGPL-2.1-or-later", "GAP-FSF", "LGPL-3.0-or-later", "LGPL-3.0-only", "GPL-2.0-or-later WITH libtool-exception", "GPL-2.0-only", "GPL-3.0-or-later", "GPL-3.0-only", "GAP", "GPL-2.0-or-later", "LGPL-2.1-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libgpg-error0@1.43-3" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libatomic1@12.3.0-1ubuntu1~22.04.2", "Name": "libatomic1", "Identifier": { "PURL": "pkg:deb/ubuntu/libatomic1@12.3.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "c856d538e59a2d75", "BOMRef": "pkg:deb/ubuntu/libatomic1@12.3.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "12.3.0-1ubuntu1~22.04.2", "Arch": "amd64", "SrcName": "gcc-12", "SrcVersion": "12.3.0", "SrcRelease": "1ubuntu1~22.04.2", "DependsOn": [ "gcc-12-base@12.3.0-1ubuntu1~22.04.2", "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libattr1@1:2.5.1-1build1", "Name": "libattr1", "Identifier": { "PURL": "pkg:deb/ubuntu/libattr1@2.5.1-1build1?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1", "UID": "fc3de13474b1045e", "BOMRef": "pkg:deb/ubuntu/libattr1@2.5.1-1build1?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1" }, "Version": "2.5.1-1build1", "Epoch": 1, "Arch": "amd64", "SrcName": "attr", "SrcVersion": "2.5.1", "SrcRelease": "1build1", "SrcEpoch": 1, "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.0-or-later", "LGPL-2.1-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libaudit-common@1:3.0.7-1build1", "Name": "libaudit-common", "Identifier": { "PURL": "pkg:deb/ubuntu/libaudit-common@3.0.7-1build1?arch=all\u0026distro=ubuntu-22.04\u0026epoch=1", "UID": "8bbb1cb5a10bdc7c", "BOMRef": "pkg:deb/ubuntu/libaudit-common@3.0.7-1build1?arch=all\u0026distro=ubuntu-22.04\u0026epoch=1" }, "Version": "3.0.7-1build1", "Epoch": 1, "Arch": "all", "SrcName": "audit", "SrcVersion": "3.0.7", "SrcRelease": "1build1", "SrcEpoch": 1, "Licenses": [ "GPL-2.0-only", "LGPL-2.1-only", "GPL-1.0-only" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libaudit1@1:3.0.7-1build1", "Name": "libaudit1", "Identifier": { "PURL": "pkg:deb/ubuntu/libaudit1@3.0.7-1build1?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1", "UID": "cbbd1d5cfed3e0fb", "BOMRef": "pkg:deb/ubuntu/libaudit1@3.0.7-1build1?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1" }, "Version": "3.0.7-1build1", "Epoch": 1, "Arch": "amd64", "SrcName": "audit", "SrcVersion": "3.0.7", "SrcRelease": "1build1", "SrcEpoch": 1, "Licenses": [ "GPL-2.0-only", "LGPL-2.1-only", "GPL-1.0-only" ], "DependsOn": [ "libaudit-common@1:3.0.7-1build1", "libc6@2.35-0ubuntu3.11", "libcap-ng0@0.7.9-2.2build3" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libbinutils@2.38-4ubuntu2.11", "Name": "libbinutils", "Identifier": { "PURL": "pkg:deb/ubuntu/libbinutils@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "707f1612eb18db2a", "BOMRef": "pkg:deb/ubuntu/libbinutils@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.38-4ubuntu2.11", "Arch": "amd64", "SrcName": "binutils", "SrcVersion": "2.38", "SrcRelease": "4ubuntu2.11", "DependsOn": [ "binutils-common@2.38-4ubuntu2.11", "libc6@2.35-0ubuntu3.11", "zlib1g@1:1.2.11.dfsg-2ubuntu9.2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libblkid1@2.37.2-4ubuntu3.4", "Name": "libblkid1", "Identifier": { "PURL": "pkg:deb/ubuntu/libblkid1@2.37.2-4ubuntu3.4?arch=amd64\u0026distro=ubuntu-22.04", "UID": "4248ad200fef0e5d", "BOMRef": "pkg:deb/ubuntu/libblkid1@2.37.2-4ubuntu3.4?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.37.2-4ubuntu3.4", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.37.2", "SrcRelease": "4ubuntu3.4", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "public-domain", "BSD-4-Clause", "MIT", "BSD-2-Clause", "BSD-3-Clause", "LGPL-2.0-or-later", "LGPL-2.1-or-later", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libbrotli1@1.0.9-2build6", "Name": "libbrotli1", "Identifier": { "PURL": "pkg:deb/ubuntu/libbrotli1@1.0.9-2build6?arch=amd64\u0026distro=ubuntu-22.04", "UID": "40cdba2900e089e6", "BOMRef": "pkg:deb/ubuntu/libbrotli1@1.0.9-2build6?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.0.9-2build6", "Arch": "amd64", "SrcName": "brotli", "SrcVersion": "1.0.9", "SrcRelease": "2build6", "Licenses": [ "MIT" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libbsd0@0.11.5-1", "Name": "libbsd0", "Identifier": { "PURL": "pkg:deb/ubuntu/libbsd0@0.11.5-1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "b86fc3547407b3ff", "BOMRef": "pkg:deb/ubuntu/libbsd0@0.11.5-1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "0.11.5-1", "Arch": "amd64", "SrcName": "libbsd", "SrcVersion": "0.11.5", "SrcRelease": "1", "Licenses": [ "BSD-3-Clause", "BSD-4-clause-Niels-Provos", "BSD-4-clause-Christopher-G-Demetriou", "BSD-3-clause-Regents", "BSD-2-Clause-NetBSD", "BSD-3-clause-author", "BSD-3-clause-John-Birrell", "BSD-5-clause-Peter-Wemm", "BSD-2-Clause", "BSD-2-clause-verbatim", "BSD-2-clause-author", "ISC", "ISC-Original", "MIT", "public-domain", "Beerware" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libmd0@1.0.4-1build1" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libbz2-1.0@1.0.8-5build1", "Name": "libbz2-1.0", "Identifier": { "PURL": "pkg:deb/ubuntu/libbz2-1.0@1.0.8-5build1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "959267b494c342d6", "BOMRef": "pkg:deb/ubuntu/libbz2-1.0@1.0.8-5build1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.0.8-5build1", "Arch": "amd64", "SrcName": "bzip2", "SrcVersion": "1.0.8", "SrcRelease": "5build1", "Licenses": [ "BSD-3-Clause", "GPL-2.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libc-bin@2.35-0ubuntu3.11", "Name": "libc-bin", "Identifier": { "PURL": "pkg:deb/ubuntu/libc-bin@2.35-0ubuntu3.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "24489dbf2d3388db", "BOMRef": "pkg:deb/ubuntu/libc-bin@2.35-0ubuntu3.11?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.35-0ubuntu3.11", "Arch": "amd64", "SrcName": "glibc", "SrcVersion": "2.35", "SrcRelease": "0ubuntu3.11", "Licenses": [ "LGPL-2.1-only", "GPL-2.0-only", "GFDL-1.3-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libc-dev-bin@2.35-0ubuntu3.11", "Name": "libc-dev-bin", "Identifier": { "PURL": "pkg:deb/ubuntu/libc-dev-bin@2.35-0ubuntu3.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "4158124d50a25424", "BOMRef": "pkg:deb/ubuntu/libc-dev-bin@2.35-0ubuntu3.11?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.35-0ubuntu3.11", "Arch": "amd64", "SrcName": "glibc", "SrcVersion": "2.35", "SrcRelease": "0ubuntu3.11", "Licenses": [ "LGPL-2.1-only", "GPL-2.0-only", "GFDL-1.3-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libc6@2.35-0ubuntu3.11", "Name": "libc6", "Identifier": { "PURL": "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "feb7a9e4b39d76a6", "BOMRef": "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.11?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.35-0ubuntu3.11", "Arch": "amd64", "SrcName": "glibc", "SrcVersion": "2.35", "SrcRelease": "0ubuntu3.11", "Licenses": [ "LGPL-2.1-only", "GPL-2.0-only", "GFDL-1.3-only" ], "DependsOn": [ "libcrypt1@1:4.4.27-1", "libgcc-s1@12.3.0-1ubuntu1~22.04.2" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libc6-dev@2.35-0ubuntu3.11", "Name": "libc6-dev", "Identifier": { "PURL": "pkg:deb/ubuntu/libc6-dev@2.35-0ubuntu3.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "9024b8b3220c5637", "BOMRef": "pkg:deb/ubuntu/libc6-dev@2.35-0ubuntu3.11?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.35-0ubuntu3.11", "Arch": "amd64", "SrcName": "glibc", "SrcVersion": "2.35", "SrcRelease": "0ubuntu3.11", "Licenses": [ "LGPL-2.1-only", "GPL-2.0-only", "GFDL-1.3-only" ], "DependsOn": [ "libc-dev-bin@2.35-0ubuntu3.11", "libc6@2.35-0ubuntu3.11", "libcrypt-dev@1:4.4.27-1", "libnsl-dev@1.3.0-2build2", "libtirpc-dev@1.3.2-2ubuntu0.1", "linux-libc-dev@5.15.0-163.173", "rpcsvc-proto@1.4.2-0ubuntu6" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libcap-ng0@0.7.9-2.2build3", "Name": "libcap-ng0", "Identifier": { "PURL": "pkg:deb/ubuntu/libcap-ng0@0.7.9-2.2build3?arch=amd64\u0026distro=ubuntu-22.04", "UID": "cbc03b95dc062a4c", "BOMRef": "pkg:deb/ubuntu/libcap-ng0@0.7.9-2.2build3?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "0.7.9-2.2build3", "Arch": "amd64", "SrcName": "libcap-ng", "SrcVersion": "0.7.9", "SrcRelease": "2.2build3", "Licenses": [ "LGPL-2.1-only", "GPL-2.0-only", "GPL-3.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libcap2@1:2.44-1ubuntu0.22.04.2", "Name": "libcap2", "Identifier": { "PURL": "pkg:deb/ubuntu/libcap2@2.44-1ubuntu0.22.04.2?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1", "UID": "5bc8de32afa3632e", "BOMRef": "pkg:deb/ubuntu/libcap2@2.44-1ubuntu0.22.04.2?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1" }, "Version": "2.44-1ubuntu0.22.04.2", "Epoch": 1, "Arch": "amd64", "SrcName": "libcap2", "SrcVersion": "2.44", "SrcRelease": "1ubuntu0.22.04.2", "SrcEpoch": 1, "Licenses": [ "BSD-3-Clause", "GPL-2.0-only", "GPL-2.0-or-later" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libcc1-0@12.3.0-1ubuntu1~22.04.2", "Name": "libcc1-0", "Identifier": { "PURL": "pkg:deb/ubuntu/libcc1-0@12.3.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "1213b56786d5fd7", "BOMRef": "pkg:deb/ubuntu/libcc1-0@12.3.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "12.3.0-1ubuntu1~22.04.2", "Arch": "amd64", "SrcName": "gcc-12", "SrcVersion": "12.3.0", "SrcRelease": "1ubuntu1~22.04.2", "DependsOn": [ "gcc-12-base@12.3.0-1ubuntu1~22.04.2", "libc6@2.35-0ubuntu3.11", "libgcc-s1@12.3.0-1ubuntu1~22.04.2", "libstdc++6@12.3.0-1ubuntu1~22.04.2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libcom-err2@1.46.5-2ubuntu1.2", "Name": "libcom-err2", "Identifier": { "PURL": "pkg:deb/ubuntu/libcom-err2@1.46.5-2ubuntu1.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "dd69470ba31973c1", "BOMRef": "pkg:deb/ubuntu/libcom-err2@1.46.5-2ubuntu1.2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.46.5-2ubuntu1.2", "Arch": "amd64", "SrcName": "e2fsprogs", "SrcVersion": "1.46.5", "SrcRelease": "2ubuntu1.2", "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libcrypt-dev@1:4.4.27-1", "Name": "libcrypt-dev", "Identifier": { "PURL": "pkg:deb/ubuntu/libcrypt-dev@4.4.27-1?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1", "UID": "e8a4894415a34f8", "BOMRef": "pkg:deb/ubuntu/libcrypt-dev@4.4.27-1?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1" }, "Version": "4.4.27-1", "Epoch": 1, "Arch": "amd64", "SrcName": "libxcrypt", "SrcVersion": "4.4.27", "SrcRelease": "1", "SrcEpoch": 1, "DependsOn": [ "libcrypt1@1:4.4.27-1" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libcrypt1@1:4.4.27-1", "Name": "libcrypt1", "Identifier": { "PURL": "pkg:deb/ubuntu/libcrypt1@4.4.27-1?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1", "UID": "3d18feea28c3c45f", "BOMRef": "pkg:deb/ubuntu/libcrypt1@4.4.27-1?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1" }, "Version": "4.4.27-1", "Epoch": 1, "Arch": "amd64", "SrcName": "libxcrypt", "SrcVersion": "4.4.27", "SrcRelease": "1", "SrcEpoch": 1, "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libctf-nobfd0@2.38-4ubuntu2.11", "Name": "libctf-nobfd0", "Identifier": { "PURL": "pkg:deb/ubuntu/libctf-nobfd0@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "abfffb1af060fcd8", "BOMRef": "pkg:deb/ubuntu/libctf-nobfd0@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.38-4ubuntu2.11", "Arch": "amd64", "SrcName": "binutils", "SrcVersion": "2.38", "SrcRelease": "4ubuntu2.11", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.0-or-later", "GFDL-1.3-or-later" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "zlib1g@1:1.2.11.dfsg-2ubuntu9.2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libctf0@2.38-4ubuntu2.11", "Name": "libctf0", "Identifier": { "PURL": "pkg:deb/ubuntu/libctf0@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "9854d38fa16b489c", "BOMRef": "pkg:deb/ubuntu/libctf0@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.38-4ubuntu2.11", "Arch": "amd64", "SrcName": "binutils", "SrcVersion": "2.38", "SrcRelease": "4ubuntu2.11", "DependsOn": [ "libbinutils@2.38-4ubuntu2.11", "libc6@2.35-0ubuntu3.11", "zlib1g@1:1.2.11.dfsg-2ubuntu9.2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libcurl4@7.81.0-1ubuntu1.21", "Name": "libcurl4", "Identifier": { "PURL": "pkg:deb/ubuntu/libcurl4@7.81.0-1ubuntu1.21?arch=amd64\u0026distro=ubuntu-22.04", "UID": "9374090a58260ae8", "BOMRef": "pkg:deb/ubuntu/libcurl4@7.81.0-1ubuntu1.21?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "7.81.0-1ubuntu1.21", "Arch": "amd64", "SrcName": "curl", "SrcVersion": "7.81.0", "SrcRelease": "1ubuntu1.21", "Licenses": [ "curl", "ISC", "BSD-3-Clause", "public-domain", "BSD-4-Clause", "other" ], "DependsOn": [ "libbrotli1@1.0.9-2build6", "libc6@2.35-0ubuntu3.11", "libgssapi-krb5-2@1.19.2-2ubuntu0.7", "libidn2-0@2.3.2-2build1", "libldap-2.5-0@2.5.19+dfsg-0ubuntu0.22.04.1", "libnghttp2-14@1.43.0-1ubuntu0.2", "libpsl5@0.21.0-1.2build2", "librtmp1@2.4+20151223.gitfa8646d.1-2build4", "libssh-4@0.9.6-2ubuntu0.22.04.5", "libssl3@3.0.2-0ubuntu1.20", "libzstd1@1.4.8+dfsg-3build1", "zlib1g@1:1.2.11.dfsg-2ubuntu9.2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libdb5.3@5.3.28+dfsg1-0.8ubuntu3", "Name": "libdb5.3", "Identifier": { "PURL": "pkg:deb/ubuntu/libdb5.3@5.3.28%2Bdfsg1-0.8ubuntu3?arch=amd64\u0026distro=ubuntu-22.04", "UID": "ed0325a275e98238", "BOMRef": "pkg:deb/ubuntu/libdb5.3@5.3.28%2Bdfsg1-0.8ubuntu3?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "5.3.28+dfsg1-0.8ubuntu3", "Arch": "amd64", "SrcName": "db5.3", "SrcVersion": "5.3.28+dfsg1", "SrcRelease": "0.8ubuntu3", "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libdebconfclient0@0.261ubuntu1", "Name": "libdebconfclient0", "Identifier": { "PURL": "pkg:deb/ubuntu/libdebconfclient0@0.261ubuntu1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "199e49eaa8772faf", "BOMRef": "pkg:deb/ubuntu/libdebconfclient0@0.261ubuntu1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "0.261ubuntu1", "Arch": "amd64", "SrcName": "cdebconf", "SrcVersion": "0.261ubuntu1", "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libdpkg-perl@1.21.1ubuntu2.6", "Name": "libdpkg-perl", "Identifier": { "PURL": "pkg:deb/ubuntu/libdpkg-perl@1.21.1ubuntu2.6?arch=all\u0026distro=ubuntu-22.04", "UID": "b64ca16d00574517", "BOMRef": "pkg:deb/ubuntu/libdpkg-perl@1.21.1ubuntu2.6?arch=all\u0026distro=ubuntu-22.04" }, "Version": "1.21.1ubuntu2.6", "Arch": "all", "SrcName": "dpkg", "SrcVersion": "1.21.1ubuntu2.6", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "BSD-2-Clause", "public-domain-s-s-d", "public-domain-md5" ], "DependsOn": [ "dpkg@1.21.1ubuntu2.6" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libdrm-amdgpu1@2.4.113-2~ubuntu0.22.04.1", "Name": "libdrm-amdgpu1", "Identifier": { "PURL": "pkg:deb/ubuntu/libdrm-amdgpu1@2.4.113-2~ubuntu0.22.04.1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "7b2b5a5818fc1340", "BOMRef": "pkg:deb/ubuntu/libdrm-amdgpu1@2.4.113-2~ubuntu0.22.04.1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.4.113-2~ubuntu0.22.04.1", "Arch": "amd64", "SrcName": "libdrm", "SrcVersion": "2.4.113", "SrcRelease": "2~ubuntu0.22.04.1", "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libdrm2@2.4.113-2~ubuntu0.22.04.1" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libdrm-common@2.4.113-2~ubuntu0.22.04.1", "Name": "libdrm-common", "Identifier": { "PURL": "pkg:deb/ubuntu/libdrm-common@2.4.113-2~ubuntu0.22.04.1?arch=all\u0026distro=ubuntu-22.04", "UID": "8a9968fb4c7eaae2", "BOMRef": "pkg:deb/ubuntu/libdrm-common@2.4.113-2~ubuntu0.22.04.1?arch=all\u0026distro=ubuntu-22.04" }, "Version": "2.4.113-2~ubuntu0.22.04.1", "Arch": "all", "SrcName": "libdrm", "SrcVersion": "2.4.113", "SrcRelease": "2~ubuntu0.22.04.1", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libdrm-dev@2.4.113-2~ubuntu0.22.04.1", "Name": "libdrm-dev", "Identifier": { "PURL": "pkg:deb/ubuntu/libdrm-dev@2.4.113-2~ubuntu0.22.04.1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "36c260557add473a", "BOMRef": "pkg:deb/ubuntu/libdrm-dev@2.4.113-2~ubuntu0.22.04.1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.4.113-2~ubuntu0.22.04.1", "Arch": "amd64", "SrcName": "libdrm", "SrcVersion": "2.4.113", "SrcRelease": "2~ubuntu0.22.04.1", "DependsOn": [ "libdrm-amdgpu1@2.4.113-2~ubuntu0.22.04.1", "libdrm-intel1@2.4.113-2~ubuntu0.22.04.1", "libdrm-nouveau2@2.4.113-2~ubuntu0.22.04.1", "libdrm-radeon1@2.4.113-2~ubuntu0.22.04.1", "libdrm2@2.4.113-2~ubuntu0.22.04.1", "libpciaccess-dev@0.16-3" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libdrm-intel1@2.4.113-2~ubuntu0.22.04.1", "Name": "libdrm-intel1", "Identifier": { "PURL": "pkg:deb/ubuntu/libdrm-intel1@2.4.113-2~ubuntu0.22.04.1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "8be3ccb63184423b", "BOMRef": "pkg:deb/ubuntu/libdrm-intel1@2.4.113-2~ubuntu0.22.04.1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.4.113-2~ubuntu0.22.04.1", "Arch": "amd64", "SrcName": "libdrm", "SrcVersion": "2.4.113", "SrcRelease": "2~ubuntu0.22.04.1", "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libdrm2@2.4.113-2~ubuntu0.22.04.1", "libpciaccess0@0.16-3" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libdrm-nouveau2@2.4.113-2~ubuntu0.22.04.1", "Name": "libdrm-nouveau2", "Identifier": { "PURL": "pkg:deb/ubuntu/libdrm-nouveau2@2.4.113-2~ubuntu0.22.04.1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "ccb8245fbeda16a8", "BOMRef": "pkg:deb/ubuntu/libdrm-nouveau2@2.4.113-2~ubuntu0.22.04.1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.4.113-2~ubuntu0.22.04.1", "Arch": "amd64", "SrcName": "libdrm", "SrcVersion": "2.4.113", "SrcRelease": "2~ubuntu0.22.04.1", "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libdrm2@2.4.113-2~ubuntu0.22.04.1" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libdrm-radeon1@2.4.113-2~ubuntu0.22.04.1", "Name": "libdrm-radeon1", "Identifier": { "PURL": "pkg:deb/ubuntu/libdrm-radeon1@2.4.113-2~ubuntu0.22.04.1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "a4c870dd761c590e", "BOMRef": "pkg:deb/ubuntu/libdrm-radeon1@2.4.113-2~ubuntu0.22.04.1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.4.113-2~ubuntu0.22.04.1", "Arch": "amd64", "SrcName": "libdrm", "SrcVersion": "2.4.113", "SrcRelease": "2~ubuntu0.22.04.1", "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libdrm2@2.4.113-2~ubuntu0.22.04.1" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libdrm2@2.4.113-2~ubuntu0.22.04.1", "Name": "libdrm2", "Identifier": { "PURL": "pkg:deb/ubuntu/libdrm2@2.4.113-2~ubuntu0.22.04.1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "258cd0203b47188f", "BOMRef": "pkg:deb/ubuntu/libdrm2@2.4.113-2~ubuntu0.22.04.1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.4.113-2~ubuntu0.22.04.1", "Arch": "amd64", "SrcName": "libdrm", "SrcVersion": "2.4.113", "SrcRelease": "2~ubuntu0.22.04.1", "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libdrm-common@2.4.113-2~ubuntu0.22.04.1" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libedit2@3.1-20210910-1build1", "Name": "libedit2", "Identifier": { "PURL": "pkg:deb/ubuntu/libedit2@3.1-20210910-1build1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "a3c5bf46952d24d0", "BOMRef": "pkg:deb/ubuntu/libedit2@3.1-20210910-1build1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "3.1-20210910-1build1", "Arch": "amd64", "SrcName": "libedit", "SrcVersion": "3.1-20210910", "SrcRelease": "1build1", "Licenses": [ "BSD-3-Clause" ], "DependsOn": [ "libbsd0@0.11.5-1", "libc6@2.35-0ubuntu3.11", "libtinfo6@6.3-2ubuntu0.1" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libelf-dev@0.186-1ubuntu0.1", "Name": "libelf-dev", "Identifier": { "PURL": "pkg:deb/ubuntu/libelf-dev@0.186-1ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "ebec5af61690e7f2", "BOMRef": "pkg:deb/ubuntu/libelf-dev@0.186-1ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "0.186-1ubuntu0.1", "Arch": "amd64", "SrcName": "elfutils", "SrcVersion": "0.186", "SrcRelease": "1ubuntu0.1", "Licenses": [ "GPL-2.0-only", "GPL-3.0-only", "LGPL-3.0-only" ], "DependsOn": [ "libelf1@0.186-1ubuntu0.1", "zlib1g-dev@1:1.2.11.dfsg-2ubuntu9.2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libelf1@0.186-1ubuntu0.1", "Name": "libelf1", "Identifier": { "PURL": "pkg:deb/ubuntu/libelf1@0.186-1ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "4f2d2d9312928eed", "BOMRef": "pkg:deb/ubuntu/libelf1@0.186-1ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "0.186-1ubuntu0.1", "Arch": "amd64", "SrcName": "elfutils", "SrcVersion": "0.186", "SrcRelease": "1ubuntu0.1", "Licenses": [ "GPL-2.0-only", "GPL-3.0-only", "LGPL-3.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "zlib1g@1:1.2.11.dfsg-2ubuntu9.2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libexpat1@2.4.7-1ubuntu0.6", "Name": "libexpat1", "Identifier": { "PURL": "pkg:deb/ubuntu/libexpat1@2.4.7-1ubuntu0.6?arch=amd64\u0026distro=ubuntu-22.04", "UID": "70ca7ecd820e00ee", "BOMRef": "pkg:deb/ubuntu/libexpat1@2.4.7-1ubuntu0.6?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.4.7-1ubuntu0.6", "Arch": "amd64", "SrcName": "expat", "SrcVersion": "2.4.7", "SrcRelease": "1ubuntu0.6", "Licenses": [ "MIT" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libexpat1-dev@2.4.7-1ubuntu0.6", "Name": "libexpat1-dev", "Identifier": { "PURL": "pkg:deb/ubuntu/libexpat1-dev@2.4.7-1ubuntu0.6?arch=amd64\u0026distro=ubuntu-22.04", "UID": "60d976ccee5d735d", "BOMRef": "pkg:deb/ubuntu/libexpat1-dev@2.4.7-1ubuntu0.6?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.4.7-1ubuntu0.6", "Arch": "amd64", "SrcName": "expat", "SrcVersion": "2.4.7", "SrcRelease": "1ubuntu0.6", "Licenses": [ "MIT" ], "DependsOn": [ "libc6-dev@2.35-0ubuntu3.11", "libexpat1@2.4.7-1ubuntu0.6" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libext2fs2@1.46.5-2ubuntu1.2", "Name": "libext2fs2", "Identifier": { "PURL": "pkg:deb/ubuntu/libext2fs2@1.46.5-2ubuntu1.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "4c40a45cf4f62605", "BOMRef": "pkg:deb/ubuntu/libext2fs2@1.46.5-2ubuntu1.2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.46.5-2ubuntu1.2", "Arch": "amd64", "SrcName": "e2fsprogs", "SrcVersion": "1.46.5", "SrcRelease": "2ubuntu1.2", "Licenses": [ "GPL-2.0-only", "LGPL-2.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libffi8@3.4.2-4", "Name": "libffi8", "Identifier": { "PURL": "pkg:deb/ubuntu/libffi8@3.4.2-4?arch=amd64\u0026distro=ubuntu-22.04", "UID": "c2af7cbf1c966a26", "BOMRef": "pkg:deb/ubuntu/libffi8@3.4.2-4?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "3.4.2-4", "Arch": "amd64", "SrcName": "libffi", "SrcVersion": "3.4.2", "SrcRelease": "4", "Licenses": [ "GPL-2.0-or-later" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libgcc-11-dev@11.4.0-1ubuntu1~22.04.2", "Name": "libgcc-11-dev", "Identifier": { "PURL": "pkg:deb/ubuntu/libgcc-11-dev@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "a3f7f3bd085ca7b0", "BOMRef": "pkg:deb/ubuntu/libgcc-11-dev@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "11.4.0-1ubuntu1~22.04.2", "Arch": "amd64", "SrcName": "gcc-11", "SrcVersion": "11.4.0", "SrcRelease": "1ubuntu1~22.04.2", "DependsOn": [ "gcc-11-base@11.4.0-1ubuntu1~22.04.2", "libasan6@11.4.0-1ubuntu1~22.04.2", "libatomic1@12.3.0-1ubuntu1~22.04.2", "libgcc-s1@12.3.0-1ubuntu1~22.04.2", "libgomp1@12.3.0-1ubuntu1~22.04.2", "libitm1@12.3.0-1ubuntu1~22.04.2", "liblsan0@12.3.0-1ubuntu1~22.04.2", "libquadmath0@12.3.0-1ubuntu1~22.04.2", "libtsan0@11.4.0-1ubuntu1~22.04.2", "libubsan1@12.3.0-1ubuntu1~22.04.2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libgcc-s1@12.3.0-1ubuntu1~22.04.2", "Name": "libgcc-s1", "Identifier": { "PURL": "pkg:deb/ubuntu/libgcc-s1@12.3.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2bb534b139e6d4f2", "BOMRef": "pkg:deb/ubuntu/libgcc-s1@12.3.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "12.3.0-1ubuntu1~22.04.2", "Arch": "amd64", "SrcName": "gcc-12", "SrcVersion": "12.3.0", "SrcRelease": "1ubuntu1~22.04.2", "DependsOn": [ "gcc-12-base@12.3.0-1ubuntu1~22.04.2", "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libgcrypt20@1.9.4-3ubuntu3", "Name": "libgcrypt20", "Identifier": { "PURL": "pkg:deb/ubuntu/libgcrypt20@1.9.4-3ubuntu3?arch=amd64\u0026distro=ubuntu-22.04", "UID": "654726586f81e4b6", "BOMRef": "pkg:deb/ubuntu/libgcrypt20@1.9.4-3ubuntu3?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.9.4-3ubuntu3", "Arch": "amd64", "SrcName": "libgcrypt20", "SrcVersion": "1.9.4", "SrcRelease": "3ubuntu3", "Licenses": [ "LGPL-2.0-or-later", "GPL-2.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libgpg-error0@1.43-3" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libgdbm-compat4@1.23-1", "Name": "libgdbm-compat4", "Identifier": { "PURL": "pkg:deb/ubuntu/libgdbm-compat4@1.23-1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "94842b86ba7c6b97", "BOMRef": "pkg:deb/ubuntu/libgdbm-compat4@1.23-1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.23-1", "Arch": "amd64", "SrcName": "gdbm", "SrcVersion": "1.23", "SrcRelease": "1", "Licenses": [ "GPL-3.0-or-later", "GPL-2.0-or-later", "GFDL-1.3-no-invariants-or-later", "GPL-3.0-only", "GPL-2.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libgdbm6@1.23-1" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libgdbm6@1.23-1", "Name": "libgdbm6", "Identifier": { "PURL": "pkg:deb/ubuntu/libgdbm6@1.23-1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "392e7a339714ae26", "BOMRef": "pkg:deb/ubuntu/libgdbm6@1.23-1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.23-1", "Arch": "amd64", "SrcName": "gdbm", "SrcVersion": "1.23", "SrcRelease": "1", "Licenses": [ "GPL-3.0-or-later", "GPL-2.0-or-later", "GFDL-1.3-no-invariants-or-later", "GPL-3.0-only", "GPL-2.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libgl-dev@1.4.0-1", "Name": "libgl-dev", "Identifier": { "PURL": "pkg:deb/ubuntu/libgl-dev@1.4.0-1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "684aefd5353d28f4", "BOMRef": "pkg:deb/ubuntu/libgl-dev@1.4.0-1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.4.0-1", "Arch": "amd64", "SrcName": "libglvnd", "SrcVersion": "1.4.0", "SrcRelease": "1", "Licenses": [ "MIT", "Apache-2.0", "public-domain", "GPL-3.0-or-later", "BSD-1-Clause", "GPL-2.0-or-later", "GPL-3.0-only" ], "DependsOn": [ "libgl1@1.4.0-1", "libglx-dev@1.4.0-1" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libgl1@1.4.0-1", "Name": "libgl1", "Identifier": { "PURL": "pkg:deb/ubuntu/libgl1@1.4.0-1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "1df0931cb9c1bbd3", "BOMRef": "pkg:deb/ubuntu/libgl1@1.4.0-1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.4.0-1", "Arch": "amd64", "SrcName": "libglvnd", "SrcVersion": "1.4.0", "SrcRelease": "1", "Licenses": [ "MIT", "Apache-2.0", "public-domain", "GPL-3.0-or-later", "BSD-1-Clause", "GPL-2.0-or-later", "GPL-3.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libglvnd0@1.4.0-1", "libglx0@1.4.0-1" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libgl1-mesa-dri@23.2.1-1ubuntu3.1~22.04.3", "Name": "libgl1-mesa-dri", "Identifier": { "PURL": "pkg:deb/ubuntu/libgl1-mesa-dri@23.2.1-1ubuntu3.1~22.04.3?arch=amd64\u0026distro=ubuntu-22.04", "UID": "3af0828bc7451cbd", "BOMRef": "pkg:deb/ubuntu/libgl1-mesa-dri@23.2.1-1ubuntu3.1~22.04.3?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "23.2.1-1ubuntu3.1~22.04.3", "Arch": "amd64", "SrcName": "mesa", "SrcVersion": "23.2.1", "SrcRelease": "1ubuntu3.1~22.04.3", "Licenses": [ "MIT", "GPL-2.0-only", "GPL-1.0-or-later", "BSD-3-google", "Khronos", "Apache-2.0", "BSL-1.0", "MLAA", "SGI", "BSD-2-Clause", "GPL-2.0-or-later", "GPL-1.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libdrm-amdgpu1@2.4.113-2~ubuntu0.22.04.1", "libdrm-intel1@2.4.113-2~ubuntu0.22.04.1", "libdrm-nouveau2@2.4.113-2~ubuntu0.22.04.1", "libdrm-radeon1@2.4.113-2~ubuntu0.22.04.1", "libdrm2@2.4.113-2~ubuntu0.22.04.1", "libelf1@0.186-1ubuntu0.1", "libexpat1@2.4.7-1ubuntu0.6", "libgcc-s1@12.3.0-1ubuntu1~22.04.2", "libglapi-mesa@23.2.1-1ubuntu3.1~22.04.3", "libllvm15@1:15.0.7-0ubuntu0.22.04.3", "libsensors5@1:3.6.0-7ubuntu1", "libstdc++6@12.3.0-1ubuntu1~22.04.2", "libxcb-dri3-0@1.14-3ubuntu3", "libzstd1@1.4.8+dfsg-3build1", "zlib1g@1:1.2.11.dfsg-2ubuntu9.2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libglapi-mesa@23.2.1-1ubuntu3.1~22.04.3", "Name": "libglapi-mesa", "Identifier": { "PURL": "pkg:deb/ubuntu/libglapi-mesa@23.2.1-1ubuntu3.1~22.04.3?arch=amd64\u0026distro=ubuntu-22.04", "UID": "5ff45b8f965dfc80", "BOMRef": "pkg:deb/ubuntu/libglapi-mesa@23.2.1-1ubuntu3.1~22.04.3?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "23.2.1-1ubuntu3.1~22.04.3", "Arch": "amd64", "SrcName": "mesa", "SrcVersion": "23.2.1", "SrcRelease": "1ubuntu3.1~22.04.3", "Licenses": [ "MIT", "GPL-2.0-only", "GPL-1.0-or-later", "BSD-3-google", "Khronos", "Apache-2.0", "BSL-1.0", "MLAA", "SGI", "BSD-2-Clause", "GPL-2.0-or-later", "GPL-1.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libglvnd0@1.4.0-1", "Name": "libglvnd0", "Identifier": { "PURL": "pkg:deb/ubuntu/libglvnd0@1.4.0-1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "ec08bfcc94c33156", "BOMRef": "pkg:deb/ubuntu/libglvnd0@1.4.0-1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.4.0-1", "Arch": "amd64", "SrcName": "libglvnd", "SrcVersion": "1.4.0", "SrcRelease": "1", "Licenses": [ "MIT", "Apache-2.0", "public-domain", "GPL-3.0-or-later", "BSD-1-Clause", "GPL-2.0-or-later", "GPL-3.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libglx-dev@1.4.0-1", "Name": "libglx-dev", "Identifier": { "PURL": "pkg:deb/ubuntu/libglx-dev@1.4.0-1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "24379d4989c15725", "BOMRef": "pkg:deb/ubuntu/libglx-dev@1.4.0-1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.4.0-1", "Arch": "amd64", "SrcName": "libglvnd", "SrcVersion": "1.4.0", "SrcRelease": "1", "Licenses": [ "MIT", "Apache-2.0", "public-domain", "GPL-3.0-or-later", "BSD-1-Clause", "GPL-2.0-or-later", "GPL-3.0-only" ], "DependsOn": [ "libglx0@1.4.0-1", "libx11-dev@2:1.7.5-1ubuntu0.3" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libglx-mesa0@23.2.1-1ubuntu3.1~22.04.3", "Name": "libglx-mesa0", "Identifier": { "PURL": "pkg:deb/ubuntu/libglx-mesa0@23.2.1-1ubuntu3.1~22.04.3?arch=amd64\u0026distro=ubuntu-22.04", "UID": "359ff200a316e6f", "BOMRef": "pkg:deb/ubuntu/libglx-mesa0@23.2.1-1ubuntu3.1~22.04.3?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "23.2.1-1ubuntu3.1~22.04.3", "Arch": "amd64", "SrcName": "mesa", "SrcVersion": "23.2.1", "SrcRelease": "1ubuntu3.1~22.04.3", "Licenses": [ "MIT", "GPL-2.0-only", "GPL-1.0-or-later", "BSD-3-google", "Khronos", "Apache-2.0", "BSL-1.0", "MLAA", "SGI", "BSD-2-Clause", "GPL-2.0-or-later", "GPL-1.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libdrm2@2.4.113-2~ubuntu0.22.04.1", "libexpat1@2.4.7-1ubuntu0.6", "libgl1-mesa-dri@23.2.1-1ubuntu3.1~22.04.3", "libglapi-mesa@23.2.1-1ubuntu3.1~22.04.3", "libx11-6@2:1.7.5-1ubuntu0.3", "libx11-xcb1@2:1.7.5-1ubuntu0.3", "libxcb-dri2-0@1.14-3ubuntu3", "libxcb-dri3-0@1.14-3ubuntu3", "libxcb-glx0@1.14-3ubuntu3", "libxcb-present0@1.14-3ubuntu3", "libxcb-randr0@1.14-3ubuntu3", "libxcb-shm0@1.14-3ubuntu3", "libxcb-sync1@1.14-3ubuntu3", "libxcb-xfixes0@1.14-3ubuntu3", "libxcb1@1.14-3ubuntu3", "libxext6@2:1.3.4-1build1", "libxfixes3@1:6.0.0-1", "libxshmfence1@1.3-1build4", "libxxf86vm1@1:1.1.4-1build3" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libglx0@1.4.0-1", "Name": "libglx0", "Identifier": { "PURL": "pkg:deb/ubuntu/libglx0@1.4.0-1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "7e32a7428aaf95a8", "BOMRef": "pkg:deb/ubuntu/libglx0@1.4.0-1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.4.0-1", "Arch": "amd64", "SrcName": "libglvnd", "SrcVersion": "1.4.0", "SrcRelease": "1", "Licenses": [ "MIT", "Apache-2.0", "public-domain", "GPL-3.0-or-later", "BSD-1-Clause", "GPL-2.0-or-later", "GPL-3.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libglvnd0@1.4.0-1", "libglx-mesa0@23.2.1-1ubuntu3.1~22.04.3", "libx11-6@2:1.7.5-1ubuntu0.3" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libgmp10@2:6.2.1+dfsg-3ubuntu1", "Name": "libgmp10", "Identifier": { "PURL": "pkg:deb/ubuntu/libgmp10@6.2.1%2Bdfsg-3ubuntu1?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=2", "UID": "631b2c4cadc0b6e3", "BOMRef": "pkg:deb/ubuntu/libgmp10@6.2.1%2Bdfsg-3ubuntu1?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=2" }, "Version": "6.2.1+dfsg-3ubuntu1", "Epoch": 2, "Arch": "amd64", "SrcName": "gmp", "SrcVersion": "6.2.1+dfsg", "SrcRelease": "3ubuntu1", "SrcEpoch": 2, "Licenses": [ "LGPL-3.0-only", "GPL-2.0-only", "GPL-3.0-only", "GPL-2.0-or-later" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libgnutls30@3.7.3-4ubuntu1.7", "Name": "libgnutls30", "Identifier": { "PURL": "pkg:deb/ubuntu/libgnutls30@3.7.3-4ubuntu1.7?arch=amd64\u0026distro=ubuntu-22.04", "UID": "f355cd58df369fb5", "BOMRef": "pkg:deb/ubuntu/libgnutls30@3.7.3-4ubuntu1.7?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "3.7.3-4ubuntu1.7", "Arch": "amd64", "SrcName": "gnutls28", "SrcVersion": "3.7.3", "SrcRelease": "4ubuntu1.7", "Licenses": [ "LGPL-2.1-only", "LGPL-2.0-or-later", "LGPL-3.0-only", "GPL-2.0-or-later", "GPL-3.0-only", "GFDL-1.3-only", "CC0-1.0", "MIT", "Apache-2.0", "LGPL-3.0-or-later", "LGPL-2.1-or-later", "GPL-3.0-or-later", "BSD-3-Clause" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libgmp10@2:6.2.1+dfsg-3ubuntu1", "libhogweed6@3.7.3-1build2", "libidn2-0@2.3.2-2build1", "libnettle8@3.7.3-1build2", "libp11-kit0@0.24.0-6build1", "libtasn1-6@4.18.0-4ubuntu0.1", "libunistring2@1.0-1" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libgomp1@12.3.0-1ubuntu1~22.04.2", "Name": "libgomp1", "Identifier": { "PURL": "pkg:deb/ubuntu/libgomp1@12.3.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "166586e5bc10cd52", "BOMRef": "pkg:deb/ubuntu/libgomp1@12.3.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "12.3.0-1ubuntu1~22.04.2", "Arch": "amd64", "SrcName": "gcc-12", "SrcVersion": "12.3.0", "SrcRelease": "1ubuntu1~22.04.2", "DependsOn": [ "gcc-12-base@12.3.0-1ubuntu1~22.04.2", "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libgpg-error0@1.43-3", "Name": "libgpg-error0", "Identifier": { "PURL": "pkg:deb/ubuntu/libgpg-error0@1.43-3?arch=amd64\u0026distro=ubuntu-22.04", "UID": "88c30e2a2462a340", "BOMRef": "pkg:deb/ubuntu/libgpg-error0@1.43-3?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.43-3", "Arch": "amd64", "SrcName": "libgpg-error", "SrcVersion": "1.43", "SrcRelease": "3", "Licenses": [ "LGPL-2.1-or-later", "BSD-3-Clause", "g10-permissive", "GPL-3.0-or-later", "LGPL-2.1-only", "GPL-3.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libgssapi-krb5-2@1.19.2-2ubuntu0.7", "Name": "libgssapi-krb5-2", "Identifier": { "PURL": "pkg:deb/ubuntu/libgssapi-krb5-2@1.19.2-2ubuntu0.7?arch=amd64\u0026distro=ubuntu-22.04", "UID": "f370fa5257bc373d", "BOMRef": "pkg:deb/ubuntu/libgssapi-krb5-2@1.19.2-2ubuntu0.7?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.19.2-2ubuntu0.7", "Arch": "amd64", "SrcName": "krb5", "SrcVersion": "1.19.2", "SrcRelease": "2ubuntu0.7", "Licenses": [ "GPL-2.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libcom-err2@1.46.5-2ubuntu1.2", "libk5crypto3@1.19.2-2ubuntu0.7", "libkrb5-3@1.19.2-2ubuntu0.7", "libkrb5support0@1.19.2-2ubuntu0.7" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libhogweed6@3.7.3-1build2", "Name": "libhogweed6", "Identifier": { "PURL": "pkg:deb/ubuntu/libhogweed6@3.7.3-1build2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "85667eec69831442", "BOMRef": "pkg:deb/ubuntu/libhogweed6@3.7.3-1build2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "3.7.3-1build2", "Arch": "amd64", "SrcName": "nettle", "SrcVersion": "3.7.3", "SrcRelease": "1build2", "Licenses": [ "LGPL-3.0-or-later", "GPL-2.0-or-later", "LGPL-2.0-or-later", "LGPL-2.0-only", "MIT", "GPL-3.0-or-later", "GPL-3.0-only WITH autoconf-exception+", "public-domain", "GPL-2.0-only", "GAP" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libgmp10@2:6.2.1+dfsg-3ubuntu1", "libnettle8@3.7.3-1build2" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libicu-dev@70.1-2", "Name": "libicu-dev", "Identifier": { "PURL": "pkg:deb/ubuntu/libicu-dev@70.1-2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "6370c638d7ea081d", "BOMRef": "pkg:deb/ubuntu/libicu-dev@70.1-2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "70.1-2", "Arch": "amd64", "SrcName": "icu", "SrcVersion": "70.1", "SrcRelease": "2", "Licenses": [ "MIT", "GPL-3.0-only" ], "DependsOn": [ "icu-devtools@70.1-2", "libc6-dev@2.35-0ubuntu3.11", "libicu70@70.1-2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libicu70@70.1-2", "Name": "libicu70", "Identifier": { "PURL": "pkg:deb/ubuntu/libicu70@70.1-2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "80711690dd5aad02", "BOMRef": "pkg:deb/ubuntu/libicu70@70.1-2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "70.1-2", "Arch": "amd64", "SrcName": "icu", "SrcVersion": "70.1", "SrcRelease": "2", "Licenses": [ "MIT", "GPL-3.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libgcc-s1@12.3.0-1ubuntu1~22.04.2", "libstdc++6@12.3.0-1ubuntu1~22.04.2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libidn2-0@2.3.2-2build1", "Name": "libidn2-0", "Identifier": { "PURL": "pkg:deb/ubuntu/libidn2-0@2.3.2-2build1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "ab843795f8409b59", "BOMRef": "pkg:deb/ubuntu/libidn2-0@2.3.2-2build1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.3.2-2build1", "Arch": "amd64", "SrcName": "libidn2", "SrcVersion": "2.3.2", "SrcRelease": "2build1", "Licenses": [ "GPL-3.0-or-later", "LGPL-3.0-or-later", "GPL-2.0-or-later", "Unicode", "GPL-3.0-only", "GPL-2.0-only", "LGPL-3.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libunistring2@1.0-1" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libisl23@0.24-2build1", "Name": "libisl23", "Identifier": { "PURL": "pkg:deb/ubuntu/libisl23@0.24-2build1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "1ec0cabaff5757fd", "BOMRef": "pkg:deb/ubuntu/libisl23@0.24-2build1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "0.24-2build1", "Arch": "amd64", "SrcName": "isl", "SrcVersion": "0.24", "SrcRelease": "2build1", "Licenses": [ "MIT", "BSD-2-Clause", "LGPL-2.1-or-later", "LGPL-2.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libgmp10@2:6.2.1+dfsg-3ubuntu1" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libitm1@12.3.0-1ubuntu1~22.04.2", "Name": "libitm1", "Identifier": { "PURL": "pkg:deb/ubuntu/libitm1@12.3.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "cc223efaa2cd1d92", "BOMRef": "pkg:deb/ubuntu/libitm1@12.3.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "12.3.0-1ubuntu1~22.04.2", "Arch": "amd64", "SrcName": "gcc-12", "SrcVersion": "12.3.0", "SrcRelease": "1ubuntu1~22.04.2", "DependsOn": [ "gcc-12-base@12.3.0-1ubuntu1~22.04.2", "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libjs-jquery@3.6.0+dfsg+~3.5.13-1", "Name": "libjs-jquery", "Identifier": { "PURL": "pkg:deb/ubuntu/libjs-jquery@3.6.0%2Bdfsg%2B~3.5.13-1?arch=all\u0026distro=ubuntu-22.04", "UID": "4cccff96849623fa", "BOMRef": "pkg:deb/ubuntu/libjs-jquery@3.6.0%2Bdfsg%2B~3.5.13-1?arch=all\u0026distro=ubuntu-22.04" }, "Version": "3.6.0+dfsg+~3.5.13-1", "Arch": "all", "SrcName": "node-jquery", "SrcVersion": "3.6.0+dfsg+~3.5.13", "SrcRelease": "1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libjs-sphinxdoc@4.3.2-1", "Name": "libjs-sphinxdoc", "Identifier": { "PURL": "pkg:deb/ubuntu/libjs-sphinxdoc@4.3.2-1?arch=all\u0026distro=ubuntu-22.04", "UID": "e882df425ceaf892", "BOMRef": "pkg:deb/ubuntu/libjs-sphinxdoc@4.3.2-1?arch=all\u0026distro=ubuntu-22.04" }, "Version": "4.3.2-1", "Arch": "all", "SrcName": "sphinx", "SrcVersion": "4.3.2", "SrcRelease": "1", "Licenses": [ "BSD-2-Clause", "MIT", "BSD-3-Clause", "PSF-2", "public-domain" ], "DependsOn": [ "libjs-jquery@3.6.0+dfsg+~3.5.13-1", "libjs-underscore@1.13.2~dfsg-2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libjs-underscore@1.13.2~dfsg-2", "Name": "libjs-underscore", "Identifier": { "PURL": "pkg:deb/ubuntu/libjs-underscore@1.13.2~dfsg-2?arch=all\u0026distro=ubuntu-22.04", "UID": "b22950dec8b19f09", "BOMRef": "pkg:deb/ubuntu/libjs-underscore@1.13.2~dfsg-2?arch=all\u0026distro=ubuntu-22.04" }, "Version": "1.13.2~dfsg-2", "Arch": "all", "SrcName": "underscore", "SrcVersion": "1.13.2~dfsg", "SrcRelease": "2", "Licenses": [ "MIT", "BSD-3-Clause", "GPL-3.0-or-later", "GPL-3.0-only" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libk5crypto3@1.19.2-2ubuntu0.7", "Name": "libk5crypto3", "Identifier": { "PURL": "pkg:deb/ubuntu/libk5crypto3@1.19.2-2ubuntu0.7?arch=amd64\u0026distro=ubuntu-22.04", "UID": "92da1d26b5e663a9", "BOMRef": "pkg:deb/ubuntu/libk5crypto3@1.19.2-2ubuntu0.7?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.19.2-2ubuntu0.7", "Arch": "amd64", "SrcName": "krb5", "SrcVersion": "1.19.2", "SrcRelease": "2ubuntu0.7", "Licenses": [ "GPL-2.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libkrb5support0@1.19.2-2ubuntu0.7" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libkeyutils1@1.6.1-2ubuntu3", "Name": "libkeyutils1", "Identifier": { "PURL": "pkg:deb/ubuntu/libkeyutils1@1.6.1-2ubuntu3?arch=amd64\u0026distro=ubuntu-22.04", "UID": "f6a5cdbc84a5dda5", "BOMRef": "pkg:deb/ubuntu/libkeyutils1@1.6.1-2ubuntu3?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.6.1-2ubuntu3", "Arch": "amd64", "SrcName": "keyutils", "SrcVersion": "1.6.1", "SrcRelease": "2ubuntu3", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libkmod2@29-1ubuntu1", "Name": "libkmod2", "Identifier": { "PURL": "pkg:deb/ubuntu/libkmod2@29-1ubuntu1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "eb228b6c16261d59", "BOMRef": "pkg:deb/ubuntu/libkmod2@29-1ubuntu1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "29-1ubuntu1", "Arch": "amd64", "SrcName": "kmod", "SrcVersion": "29", "SrcRelease": "1ubuntu1", "Licenses": [ "GPL-2.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "liblzma5@5.2.5-2ubuntu1", "libssl3@3.0.2-0ubuntu1.20", "libzstd1@1.4.8+dfsg-3build1" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libkrb5-3@1.19.2-2ubuntu0.7", "Name": "libkrb5-3", "Identifier": { "PURL": "pkg:deb/ubuntu/libkrb5-3@1.19.2-2ubuntu0.7?arch=amd64\u0026distro=ubuntu-22.04", "UID": "b06177ba9bbdcafc", "BOMRef": "pkg:deb/ubuntu/libkrb5-3@1.19.2-2ubuntu0.7?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.19.2-2ubuntu0.7", "Arch": "amd64", "SrcName": "krb5", "SrcVersion": "1.19.2", "SrcRelease": "2ubuntu0.7", "Licenses": [ "GPL-2.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libcom-err2@1.46.5-2ubuntu1.2", "libk5crypto3@1.19.2-2ubuntu0.7", "libkeyutils1@1.6.1-2ubuntu3", "libkrb5support0@1.19.2-2ubuntu0.7", "libssl3@3.0.2-0ubuntu1.20" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libkrb5support0@1.19.2-2ubuntu0.7", "Name": "libkrb5support0", "Identifier": { "PURL": "pkg:deb/ubuntu/libkrb5support0@1.19.2-2ubuntu0.7?arch=amd64\u0026distro=ubuntu-22.04", "UID": "69c3a950c354a354", "BOMRef": "pkg:deb/ubuntu/libkrb5support0@1.19.2-2ubuntu0.7?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.19.2-2ubuntu0.7", "Arch": "amd64", "SrcName": "krb5", "SrcVersion": "1.19.2", "SrcRelease": "2ubuntu0.7", "Licenses": [ "GPL-2.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libksba8@1.6.0-2ubuntu0.2", "Name": "libksba8", "Identifier": { "PURL": "pkg:deb/ubuntu/libksba8@1.6.0-2ubuntu0.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "b85c0f1d3bba1245", "BOMRef": "pkg:deb/ubuntu/libksba8@1.6.0-2ubuntu0.2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.6.0-2ubuntu0.2", "Arch": "amd64", "SrcName": "libksba", "SrcVersion": "1.6.0", "SrcRelease": "2ubuntu0.2", "Licenses": [ "GPL-3.0-only", "FSFUL", "LGPL-2.1-or-later" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libgpg-error0@1.43-3" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libldap-2.5-0@2.5.19+dfsg-0ubuntu0.22.04.1", "Name": "libldap-2.5-0", "Identifier": { "PURL": "pkg:deb/ubuntu/libldap-2.5-0@2.5.19%2Bdfsg-0ubuntu0.22.04.1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "ac10685a9abd1ebb", "BOMRef": "pkg:deb/ubuntu/libldap-2.5-0@2.5.19%2Bdfsg-0ubuntu0.22.04.1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.5.19+dfsg-0ubuntu0.22.04.1", "Arch": "amd64", "SrcName": "openldap", "SrcVersion": "2.5.19+dfsg", "SrcRelease": "0ubuntu0.22.04.1", "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libgnutls30@3.7.3-4ubuntu1.7", "libsasl2-2@2.1.27+dfsg2-3ubuntu1.2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libllvm15@1:15.0.7-0ubuntu0.22.04.3", "Name": "libllvm15", "Identifier": { "PURL": "pkg:deb/ubuntu/libllvm15@15.0.7-0ubuntu0.22.04.3?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1", "UID": "9df8ffdb70c79b1a", "BOMRef": "pkg:deb/ubuntu/libllvm15@15.0.7-0ubuntu0.22.04.3?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1" }, "Version": "15.0.7-0ubuntu0.22.04.3", "Epoch": 1, "Arch": "amd64", "SrcName": "llvm-toolchain-15", "SrcVersion": "15.0.7", "SrcRelease": "0ubuntu0.22.04.3", "SrcEpoch": 1, "Licenses": [ "APACHE-2-LLVM-EXCEPTIONS", "Apache-2.0", "MIT", "BSD-3-Clause", "solar-public-domain", "Python-2.0" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libedit2@3.1-20210910-1build1", "libffi8@3.4.2-4", "libgcc-s1@12.3.0-1ubuntu1~22.04.2", "libstdc++6@12.3.0-1ubuntu1~22.04.2", "libtinfo6@6.3-2ubuntu0.1", "libxml2@2.9.13+dfsg-1ubuntu0.10", "zlib1g@1:1.2.11.dfsg-2ubuntu9.2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "liblsan0@12.3.0-1ubuntu1~22.04.2", "Name": "liblsan0", "Identifier": { "PURL": "pkg:deb/ubuntu/liblsan0@12.3.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "e4a58aaee7e86c33", "BOMRef": "pkg:deb/ubuntu/liblsan0@12.3.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "12.3.0-1ubuntu1~22.04.2", "Arch": "amd64", "SrcName": "gcc-12", "SrcVersion": "12.3.0", "SrcRelease": "1ubuntu1~22.04.2", "DependsOn": [ "gcc-12-base@12.3.0-1ubuntu1~22.04.2", "libc6@2.35-0ubuntu3.11", "libgcc-s1@12.3.0-1ubuntu1~22.04.2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "liblz4-1@1.9.3-2build2", "Name": "liblz4-1", "Identifier": { "PURL": "pkg:deb/ubuntu/liblz4-1@1.9.3-2build2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "95bbac053145677a", "BOMRef": "pkg:deb/ubuntu/liblz4-1@1.9.3-2build2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.9.3-2build2", "Arch": "amd64", "SrcName": "lz4", "SrcVersion": "1.9.3", "SrcRelease": "2build2", "Licenses": [ "BSD-2-Clause", "GPL-2.0-or-later", "GPL-2.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "liblzma5@5.2.5-2ubuntu1", "Name": "liblzma5", "Identifier": { "PURL": "pkg:deb/ubuntu/liblzma5@5.2.5-2ubuntu1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2bfea64453e4e6dc", "BOMRef": "pkg:deb/ubuntu/liblzma5@5.2.5-2ubuntu1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "5.2.5-2ubuntu1", "Arch": "amd64", "SrcName": "xz-utils", "SrcVersion": "5.2.5", "SrcRelease": "2ubuntu1", "Licenses": [ "PD", "probably-PD", "GPL-2.0-or-later", "LGPL-2.1-or-later", "permissive-fsf", "Autoconf", "permissive-nowarranty", "GPL-2.0-only", "none", "config-h", "LGPL-2.0-only", "LGPL-2.1-only", "noderivs", "PD-debian", "GPL-3.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libmagic-mgc@1:5.41-3ubuntu0.1", "Name": "libmagic-mgc", "Identifier": { "PURL": "pkg:deb/ubuntu/libmagic-mgc@5.41-3ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1", "UID": "40e5efa921af5585", "BOMRef": "pkg:deb/ubuntu/libmagic-mgc@5.41-3ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1" }, "Version": "5.41-3ubuntu0.1", "Epoch": 1, "Arch": "amd64", "SrcName": "file", "SrcVersion": "5.41", "SrcRelease": "3ubuntu0.1", "SrcEpoch": 1, "Licenses": [ "BSD-2-Clause-alike", "public-domain", "BSD-2-Clause-NetBSD", "BSD-2-Clause-regents", "MIT-Old-Style WITH legal-disclaimer-2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libmagic1@1:5.41-3ubuntu0.1", "Name": "libmagic1", "Identifier": { "PURL": "pkg:deb/ubuntu/libmagic1@5.41-3ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1", "UID": "798139f7e142d7d5", "BOMRef": "pkg:deb/ubuntu/libmagic1@5.41-3ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1" }, "Version": "5.41-3ubuntu0.1", "Epoch": 1, "Arch": "amd64", "SrcName": "file", "SrcVersion": "5.41", "SrcRelease": "3ubuntu0.1", "SrcEpoch": 1, "Licenses": [ "BSD-2-Clause-alike", "public-domain", "BSD-2-Clause-NetBSD", "BSD-2-Clause-regents", "MIT-Old-Style WITH legal-disclaimer-2" ], "DependsOn": [ "libbz2-1.0@1.0.8-5build1", "libc6@2.35-0ubuntu3.11", "liblzma5@5.2.5-2ubuntu1", "libmagic-mgc@1:5.41-3ubuntu0.1", "zlib1g@1:1.2.11.dfsg-2ubuntu9.2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libmd0@1.0.4-1build1", "Name": "libmd0", "Identifier": { "PURL": "pkg:deb/ubuntu/libmd0@1.0.4-1build1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "1e3d16319b68d844", "BOMRef": "pkg:deb/ubuntu/libmd0@1.0.4-1build1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.0.4-1build1", "Arch": "amd64", "SrcName": "libmd", "SrcVersion": "1.0.4", "SrcRelease": "1build1", "Licenses": [ "BSD-3-Clause", "BSD-3-clause-Aaron-D-Gifford", "BSD-2-Clause", "BSD-2-Clause-NetBSD", "ISC", "Beerware", "public-domain-md4", "public-domain-md5", "public-domain-sha1" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libmount1@2.37.2-4ubuntu3.4", "Name": "libmount1", "Identifier": { "PURL": "pkg:deb/ubuntu/libmount1@2.37.2-4ubuntu3.4?arch=amd64\u0026distro=ubuntu-22.04", "UID": "d30d4254cfe3088", "BOMRef": "pkg:deb/ubuntu/libmount1@2.37.2-4ubuntu3.4?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.37.2-4ubuntu3.4", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.37.2", "SrcRelease": "4ubuntu3.4", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "public-domain", "BSD-4-Clause", "MIT", "BSD-2-Clause", "BSD-3-Clause", "LGPL-2.0-or-later", "LGPL-2.1-or-later", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "DependsOn": [ "libblkid1@2.37.2-4ubuntu3.4", "libc6@2.35-0ubuntu3.11", "libselinux1@3.3-1build2" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libmpc3@1.2.1-2build1", "Name": "libmpc3", "Identifier": { "PURL": "pkg:deb/ubuntu/libmpc3@1.2.1-2build1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "7744e7114885a806", "BOMRef": "pkg:deb/ubuntu/libmpc3@1.2.1-2build1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.2.1-2build1", "Arch": "amd64", "SrcName": "mpclib3", "SrcVersion": "1.2.1", "SrcRelease": "2build1", "Licenses": [ "LGPL-3.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libgmp10@2:6.2.1+dfsg-3ubuntu1", "libmpfr6@4.1.0-3build3" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libmpdec3@2.5.1-2build2", "Name": "libmpdec3", "Identifier": { "PURL": "pkg:deb/ubuntu/libmpdec3@2.5.1-2build2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "6397bd8daee1cb41", "BOMRef": "pkg:deb/ubuntu/libmpdec3@2.5.1-2build2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.5.1-2build2", "Arch": "amd64", "SrcName": "mpdecimal", "SrcVersion": "2.5.1", "SrcRelease": "2build2", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later", "GPL-2.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libgcc-s1@12.3.0-1ubuntu1~22.04.2", "libstdc++6@12.3.0-1ubuntu1~22.04.2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libmpfr6@4.1.0-3build3", "Name": "libmpfr6", "Identifier": { "PURL": "pkg:deb/ubuntu/libmpfr6@4.1.0-3build3?arch=amd64\u0026distro=ubuntu-22.04", "UID": "984d137f77ec2c44", "BOMRef": "pkg:deb/ubuntu/libmpfr6@4.1.0-3build3?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "4.1.0-3build3", "Arch": "amd64", "SrcName": "mpfr4", "SrcVersion": "4.1.0", "SrcRelease": "3build3", "Licenses": [ "LGPL-3.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libgmp10@2:6.2.1+dfsg-3ubuntu1" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libncurses-dev@6.3-2ubuntu0.1", "Name": "libncurses-dev", "Identifier": { "PURL": "pkg:deb/ubuntu/libncurses-dev@6.3-2ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "e72d5190dd1e6bc5", "BOMRef": "pkg:deb/ubuntu/libncurses-dev@6.3-2ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "6.3-2ubuntu0.1", "Arch": "amd64", "SrcName": "ncurses", "SrcVersion": "6.3", "SrcRelease": "2ubuntu0.1", "DependsOn": [ "libc6-dev@2.35-0ubuntu3.11", "libncurses6@6.3-2ubuntu0.1", "libncursesw6@6.3-2ubuntu0.1", "libtinfo6@6.3-2ubuntu0.1", "ncurses-bin@6.3-2ubuntu0.1" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libncurses6@6.3-2ubuntu0.1", "Name": "libncurses6", "Identifier": { "PURL": "pkg:deb/ubuntu/libncurses6@6.3-2ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "d8ed2f03ac5aec1c", "BOMRef": "pkg:deb/ubuntu/libncurses6@6.3-2ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "6.3-2ubuntu0.1", "Arch": "amd64", "SrcName": "ncurses", "SrcVersion": "6.3", "SrcRelease": "2ubuntu0.1", "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libtinfo6@6.3-2ubuntu0.1" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libncursesw6@6.3-2ubuntu0.1", "Name": "libncursesw6", "Identifier": { "PURL": "pkg:deb/ubuntu/libncursesw6@6.3-2ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "ba96d3f385a080fe", "BOMRef": "pkg:deb/ubuntu/libncursesw6@6.3-2ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "6.3-2ubuntu0.1", "Arch": "amd64", "SrcName": "ncurses", "SrcVersion": "6.3", "SrcRelease": "2ubuntu0.1", "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libtinfo6@6.3-2ubuntu0.1" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libnettle8@3.7.3-1build2", "Name": "libnettle8", "Identifier": { "PURL": "pkg:deb/ubuntu/libnettle8@3.7.3-1build2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "5cbee2d6fd50e413", "BOMRef": "pkg:deb/ubuntu/libnettle8@3.7.3-1build2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "3.7.3-1build2", "Arch": "amd64", "SrcName": "nettle", "SrcVersion": "3.7.3", "SrcRelease": "1build2", "Licenses": [ "LGPL-3.0-or-later", "GPL-2.0-or-later", "LGPL-2.0-or-later", "LGPL-2.0-only", "MIT", "GPL-3.0-or-later", "GPL-3.0-only WITH autoconf-exception+", "public-domain", "GPL-2.0-only", "GAP" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libnghttp2-14@1.43.0-1ubuntu0.2", "Name": "libnghttp2-14", "Identifier": { "PURL": "pkg:deb/ubuntu/libnghttp2-14@1.43.0-1ubuntu0.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "41336082748c37a9", "BOMRef": "pkg:deb/ubuntu/libnghttp2-14@1.43.0-1ubuntu0.2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.43.0-1ubuntu0.2", "Arch": "amd64", "SrcName": "nghttp2", "SrcVersion": "1.43.0", "SrcRelease": "1ubuntu0.2", "Licenses": [ "MIT", "all-permissive", "GPL-3.0-only WITH autoconf-exception+", "BSD-2-Clause", "SIL-OFL-1.1", "GPL-3.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libnpth0@1.6-3build2", "Name": "libnpth0", "Identifier": { "PURL": "pkg:deb/ubuntu/libnpth0@1.6-3build2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "d905618ebb02b0af", "BOMRef": "pkg:deb/ubuntu/libnpth0@1.6-3build2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.6-3build2", "Arch": "amd64", "SrcName": "npth", "SrcVersion": "1.6", "SrcRelease": "3build2", "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.1-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libnsl-dev@1.3.0-2build2", "Name": "libnsl-dev", "Identifier": { "PURL": "pkg:deb/ubuntu/libnsl-dev@1.3.0-2build2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "60f319304bdb512d", "BOMRef": "pkg:deb/ubuntu/libnsl-dev@1.3.0-2build2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.3.0-2build2", "Arch": "amd64", "SrcName": "libnsl", "SrcVersion": "1.3.0", "SrcRelease": "2build2", "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.1-only", "BSD-3-Clause", "permissive-fsf", "permissive-makefile-in", "permissive-autoconf-m4-no-warranty", "GPL-3--autoconf-exception", "permissive-configure", "GPL-2--autoconf-exception", "MIT", "GPL-2--libtool-exception", "permissive-autoconf-m4", "GPL-2.0-only", "GPL-3.0-only" ], "DependsOn": [ "libnsl2@1.3.0-2build2", "libtirpc-dev@1.3.2-2ubuntu0.1" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libnsl2@1.3.0-2build2", "Name": "libnsl2", "Identifier": { "PURL": "pkg:deb/ubuntu/libnsl2@1.3.0-2build2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "eb01c675a636f15b", "BOMRef": "pkg:deb/ubuntu/libnsl2@1.3.0-2build2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.3.0-2build2", "Arch": "amd64", "SrcName": "libnsl", "SrcVersion": "1.3.0", "SrcRelease": "2build2", "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.1-only", "BSD-3-Clause", "permissive-fsf", "permissive-makefile-in", "permissive-autoconf-m4-no-warranty", "GPL-3--autoconf-exception", "permissive-configure", "GPL-2--autoconf-exception", "MIT", "GPL-2--libtool-exception", "permissive-autoconf-m4", "GPL-2.0-only", "GPL-3.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libtirpc3@1.3.2-2ubuntu0.1" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libnuma-dev@2.0.14-3ubuntu2", "Name": "libnuma-dev", "Identifier": { "PURL": "pkg:deb/ubuntu/libnuma-dev@2.0.14-3ubuntu2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "d0475c89641ff584", "BOMRef": "pkg:deb/ubuntu/libnuma-dev@2.0.14-3ubuntu2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.0.14-3ubuntu2", "Arch": "amd64", "SrcName": "numactl", "SrcVersion": "2.0.14", "SrcRelease": "3ubuntu2", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.0-or-later" ], "DependsOn": [ "libc6-dev@2.35-0ubuntu3.11", "libnuma1@2.0.14-3ubuntu2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libnuma1@2.0.14-3ubuntu2", "Name": "libnuma1", "Identifier": { "PURL": "pkg:deb/ubuntu/libnuma1@2.0.14-3ubuntu2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "d38e51bbac21f7e6", "BOMRef": "pkg:deb/ubuntu/libnuma1@2.0.14-3ubuntu2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.0.14-3ubuntu2", "Arch": "amd64", "SrcName": "numactl", "SrcVersion": "2.0.14", "SrcRelease": "3ubuntu2", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.0-or-later" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libp11-kit0@0.24.0-6build1", "Name": "libp11-kit0", "Identifier": { "PURL": "pkg:deb/ubuntu/libp11-kit0@0.24.0-6build1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "3be9d0ef53a03d69", "BOMRef": "pkg:deb/ubuntu/libp11-kit0@0.24.0-6build1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "0.24.0-6build1", "Arch": "amd64", "SrcName": "p11-kit", "SrcVersion": "0.24.0", "SrcRelease": "6build1", "Licenses": [ "BSD-3-Clause", "permissive-like-automake-output", "ISC", "ISC-IBM", "LGPL-2.1-or-later", "Apache-2.0", "same-as-rest-of-p11kit", "LGPL-2.1-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libffi8@3.4.2-4" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libpam-modules@1.4.0-11ubuntu2.6", "Name": "libpam-modules", "Identifier": { "PURL": "pkg:deb/ubuntu/libpam-modules@1.4.0-11ubuntu2.6?arch=amd64\u0026distro=ubuntu-22.04", "UID": "db28601ceccfcd49", "BOMRef": "pkg:deb/ubuntu/libpam-modules@1.4.0-11ubuntu2.6?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.4.0-11ubuntu2.6", "Arch": "amd64", "SrcName": "pam", "SrcVersion": "1.4.0", "SrcRelease": "11ubuntu2.6", "Licenses": [ "GPL-2.0-or-later" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libpam-modules-bin@1.4.0-11ubuntu2.6", "Name": "libpam-modules-bin", "Identifier": { "PURL": "pkg:deb/ubuntu/libpam-modules-bin@1.4.0-11ubuntu2.6?arch=amd64\u0026distro=ubuntu-22.04", "UID": "9656b9319d276725", "BOMRef": "pkg:deb/ubuntu/libpam-modules-bin@1.4.0-11ubuntu2.6?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.4.0-11ubuntu2.6", "Arch": "amd64", "SrcName": "pam", "SrcVersion": "1.4.0", "SrcRelease": "11ubuntu2.6", "Licenses": [ "GPL-2.0-or-later" ], "DependsOn": [ "libaudit1@1:3.0.7-1build1", "libc6@2.35-0ubuntu3.11", "libcrypt1@1:4.4.27-1", "libpam0g@1.4.0-11ubuntu2.6", "libselinux1@3.3-1build2" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libpam-runtime@1.4.0-11ubuntu2.6", "Name": "libpam-runtime", "Identifier": { "PURL": "pkg:deb/ubuntu/libpam-runtime@1.4.0-11ubuntu2.6?arch=all\u0026distro=ubuntu-22.04", "UID": "bffc530c5fbb90fa", "BOMRef": "pkg:deb/ubuntu/libpam-runtime@1.4.0-11ubuntu2.6?arch=all\u0026distro=ubuntu-22.04" }, "Version": "1.4.0-11ubuntu2.6", "Arch": "all", "SrcName": "pam", "SrcVersion": "1.4.0", "SrcRelease": "11ubuntu2.6", "Licenses": [ "GPL-2.0-or-later" ], "DependsOn": [ "debconf@1.5.79ubuntu1", "libpam-modules@1.4.0-11ubuntu2.6" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libpam0g@1.4.0-11ubuntu2.6", "Name": "libpam0g", "Identifier": { "PURL": "pkg:deb/ubuntu/libpam0g@1.4.0-11ubuntu2.6?arch=amd64\u0026distro=ubuntu-22.04", "UID": "5ec529e36e5446ea", "BOMRef": "pkg:deb/ubuntu/libpam0g@1.4.0-11ubuntu2.6?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.4.0-11ubuntu2.6", "Arch": "amd64", "SrcName": "pam", "SrcVersion": "1.4.0", "SrcRelease": "11ubuntu2.6", "Licenses": [ "GPL-2.0-or-later" ], "DependsOn": [ "debconf@1.5.79ubuntu1", "libaudit1@1:3.0.7-1build1", "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libpci3@1:3.7.0-6", "Name": "libpci3", "Identifier": { "PURL": "pkg:deb/ubuntu/libpci3@3.7.0-6?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1", "UID": "366193134ce4165d", "BOMRef": "pkg:deb/ubuntu/libpci3@3.7.0-6?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1" }, "Version": "3.7.0-6", "Epoch": 1, "Arch": "amd64", "SrcName": "pciutils", "SrcVersion": "3.7.0", "SrcRelease": "6", "SrcEpoch": 1, "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libudev1@249.11-0ubuntu3.17", "pci.ids@0.0~2022.01.22-1ubuntu0.1", "zlib1g@1:1.2.11.dfsg-2ubuntu9.2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libpciaccess-dev@0.16-3", "Name": "libpciaccess-dev", "Identifier": { "PURL": "pkg:deb/ubuntu/libpciaccess-dev@0.16-3?arch=amd64\u0026distro=ubuntu-22.04", "UID": "fdd2645734f44c27", "BOMRef": "pkg:deb/ubuntu/libpciaccess-dev@0.16-3?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "0.16-3", "Arch": "amd64", "SrcName": "libpciaccess", "SrcVersion": "0.16", "SrcRelease": "3", "Licenses": [ "GPL-2.0-or-later" ], "DependsOn": [ "libpciaccess0@0.16-3" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libpciaccess0@0.16-3", "Name": "libpciaccess0", "Identifier": { "PURL": "pkg:deb/ubuntu/libpciaccess0@0.16-3?arch=amd64\u0026distro=ubuntu-22.04", "UID": "359b99d036f3aa9d", "BOMRef": "pkg:deb/ubuntu/libpciaccess0@0.16-3?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "0.16-3", "Arch": "amd64", "SrcName": "libpciaccess", "SrcVersion": "0.16", "SrcRelease": "3", "Licenses": [ "GPL-2.0-or-later" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "zlib1g@1:1.2.11.dfsg-2ubuntu9.2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libpcre2-8-0@10.39-3ubuntu0.1", "Name": "libpcre2-8-0", "Identifier": { "PURL": "pkg:deb/ubuntu/libpcre2-8-0@10.39-3ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "a8abfa1e863e6371", "BOMRef": "pkg:deb/ubuntu/libpcre2-8-0@10.39-3ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "10.39-3ubuntu0.1", "Arch": "amd64", "SrcName": "pcre2", "SrcVersion": "10.39", "SrcRelease": "3ubuntu0.1", "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libpcre3@2:8.39-13ubuntu0.22.04.1", "Name": "libpcre3", "Identifier": { "PURL": "pkg:deb/ubuntu/libpcre3@8.39-13ubuntu0.22.04.1?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=2", "UID": "c69e88018274362f", "BOMRef": "pkg:deb/ubuntu/libpcre3@8.39-13ubuntu0.22.04.1?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=2" }, "Version": "8.39-13ubuntu0.22.04.1", "Epoch": 2, "Arch": "amd64", "SrcName": "pcre3", "SrcVersion": "8.39", "SrcRelease": "13ubuntu0.22.04.1", "SrcEpoch": 2, "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libperl5.34@5.34.0-3ubuntu1.5", "Name": "libperl5.34", "Identifier": { "PURL": "pkg:deb/ubuntu/libperl5.34@5.34.0-3ubuntu1.5?arch=amd64\u0026distro=ubuntu-22.04", "UID": "586038d1e0119ca3", "BOMRef": "pkg:deb/ubuntu/libperl5.34@5.34.0-3ubuntu1.5?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "5.34.0-3ubuntu1.5", "Arch": "amd64", "SrcName": "perl", "SrcVersion": "5.34.0", "SrcRelease": "3ubuntu1.5", "Licenses": [ "GPL-1.0-or-later", "Artistic-2.0", "MIT", "REGCOMP", "GPL-2.0-only WITH bison-exception+", "Unicode", "BZIP", "Zlib", "GPL-2.0-or-later", "RRA-KEEP-THIS-NOTICE", "BSD-3-Clause WITH weird-numbering", "CC0-1.0", "TEXT-TABS", "BSD-4-clause-POWERDOG", "BSD-3-clause-GENERIC", "BSD-3-Clause", "SDBM-PUBLIC-DOMAIN", "DONT-CHANGE-THE-GPL", "Artistic-dist", "LGPL-2.1-only", "GPL-1.0-only", "GPL-2.0-only", "Artistic-2", "HSIEH-DERIVATIVE", "HSIEH-BSD" ], "DependsOn": [ "libbz2-1.0@1.0.8-5build1", "libc6@2.35-0ubuntu3.11", "libcrypt1@1:4.4.27-1", "libdb5.3@5.3.28+dfsg1-0.8ubuntu3", "libgdbm-compat4@1.23-1", "libgdbm6@1.23-1", "perl-modules-5.34@5.34.0-3ubuntu1.5", "zlib1g@1:1.2.11.dfsg-2ubuntu9.2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libprocps8@2:3.3.17-6ubuntu2.1", "Name": "libprocps8", "Identifier": { "PURL": "pkg:deb/ubuntu/libprocps8@3.3.17-6ubuntu2.1?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=2", "UID": "38e4d7bec37f6132", "BOMRef": "pkg:deb/ubuntu/libprocps8@3.3.17-6ubuntu2.1?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=2" }, "Version": "3.3.17-6ubuntu2.1", "Epoch": 2, "Arch": "amd64", "SrcName": "procps", "SrcVersion": "3.3.17", "SrcRelease": "6ubuntu2.1", "SrcEpoch": 2, "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.0-or-later", "GPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.0-only", "LGPL-2.1-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libsystemd0@249.11-0ubuntu3.17" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libpsl5@0.21.0-1.2build2", "Name": "libpsl5", "Identifier": { "PURL": "pkg:deb/ubuntu/libpsl5@0.21.0-1.2build2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "64231fd61e779acb", "BOMRef": "pkg:deb/ubuntu/libpsl5@0.21.0-1.2build2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "0.21.0-1.2build2", "Arch": "amd64", "SrcName": "libpsl", "SrcVersion": "0.21.0", "SrcRelease": "1.2build2", "Licenses": [ "MIT", "Chromium" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libidn2-0@2.3.2-2build1", "libunistring2@1.0-1" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libpthread-stubs0-dev@0.4-1build2", "Name": "libpthread-stubs0-dev", "Identifier": { "PURL": "pkg:deb/ubuntu/libpthread-stubs0-dev@0.4-1build2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "dbcb72bbad4714da", "BOMRef": "pkg:deb/ubuntu/libpthread-stubs0-dev@0.4-1build2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "0.4-1build2", "Arch": "amd64", "SrcName": "libpthread-stubs", "SrcVersion": "0.4", "SrcRelease": "1build2", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libpython3-dev@3.10.6-1~22.04.1", "Name": "libpython3-dev", "Identifier": { "PURL": "pkg:deb/ubuntu/libpython3-dev@3.10.6-1~22.04.1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "d01907074be9abd8", "BOMRef": "pkg:deb/ubuntu/libpython3-dev@3.10.6-1~22.04.1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "3.10.6-1~22.04.1", "Arch": "amd64", "SrcName": "python3-defaults", "SrcVersion": "3.10.6", "SrcRelease": "1~22.04.1", "DependsOn": [ "libpython3.10-dev@3.10.12-1~22.04.12" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libpython3-stdlib@3.10.6-1~22.04.1", "Name": "libpython3-stdlib", "Identifier": { "PURL": "pkg:deb/ubuntu/libpython3-stdlib@3.10.6-1~22.04.1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "221aae4321041696", "BOMRef": "pkg:deb/ubuntu/libpython3-stdlib@3.10.6-1~22.04.1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "3.10.6-1~22.04.1", "Arch": "amd64", "SrcName": "python3-defaults", "SrcVersion": "3.10.6", "SrcRelease": "1~22.04.1", "DependsOn": [ "libpython3.10-stdlib@3.10.12-1~22.04.12" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libpython3.10@3.10.12-1~22.04.12", "Name": "libpython3.10", "Identifier": { "PURL": "pkg:deb/ubuntu/libpython3.10@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "fe1d28ec2a99619a", "BOMRef": "pkg:deb/ubuntu/libpython3.10@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "3.10.12-1~22.04.12", "Arch": "amd64", "SrcName": "python3.10", "SrcVersion": "3.10.12", "SrcRelease": "1~22.04.12", "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libexpat1@2.4.7-1ubuntu0.6", "libpython3.10-stdlib@3.10.12-1~22.04.12", "zlib1g@1:1.2.11.dfsg-2ubuntu9.2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libpython3.10-dev@3.10.12-1~22.04.12", "Name": "libpython3.10-dev", "Identifier": { "PURL": "pkg:deb/ubuntu/libpython3.10-dev@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "e71f1684ad22b590", "BOMRef": "pkg:deb/ubuntu/libpython3.10-dev@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "3.10.12-1~22.04.12", "Arch": "amd64", "SrcName": "python3.10", "SrcVersion": "3.10.12", "SrcRelease": "1~22.04.12", "DependsOn": [ "libexpat1-dev@2.4.7-1ubuntu0.6", "libpython3.10-stdlib@3.10.12-1~22.04.12", "libpython3.10@3.10.12-1~22.04.12", "zlib1g-dev@1:1.2.11.dfsg-2ubuntu9.2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libpython3.10-minimal@3.10.12-1~22.04.12", "Name": "libpython3.10-minimal", "Identifier": { "PURL": "pkg:deb/ubuntu/libpython3.10-minimal@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "a210faf17c531943", "BOMRef": "pkg:deb/ubuntu/libpython3.10-minimal@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "3.10.12-1~22.04.12", "Arch": "amd64", "SrcName": "python3.10", "SrcVersion": "3.10.12", "SrcRelease": "1~22.04.12", "Licenses": [ "GPL-2.0-only", "Redistribution and use in source and binary forms, with or without", "By obtaining, using, and/or copying this software and/or its", "Permission to use, copy, modify, and distribute this software and", "This software is provided 'as-is', without any express or implied", "Permission is hereby granted, free of charge, to any person", "Permission is hereby granted, free of charge, to any person obtaining", "Permission to use, copy, modify, and distribute this software and its", "This software is provided as-is, without express or implied", "Permission to use, copy, modify, and distribute this software for any", "* Permission to use this software in any way is granted without" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libssl3@3.0.2-0ubuntu1.20" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libpython3.10-stdlib@3.10.12-1~22.04.12", "Name": "libpython3.10-stdlib", "Identifier": { "PURL": "pkg:deb/ubuntu/libpython3.10-stdlib@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "ce02806c8d6aa41e", "BOMRef": "pkg:deb/ubuntu/libpython3.10-stdlib@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "3.10.12-1~22.04.12", "Arch": "amd64", "SrcName": "python3.10", "SrcVersion": "3.10.12", "SrcRelease": "1~22.04.12", "DependsOn": [ "libbz2-1.0@1.0.8-5build1", "libc6@2.35-0ubuntu3.11", "libcrypt1@1:4.4.27-1", "libdb5.3@5.3.28+dfsg1-0.8ubuntu3", "libffi8@3.4.2-4", "liblzma5@5.2.5-2ubuntu1", "libmpdec3@2.5.1-2build2", "libncursesw6@6.3-2ubuntu0.1", "libnsl2@1.3.0-2build2", "libpython3.10-minimal@3.10.12-1~22.04.12", "libreadline8@8.1.2-1", "libsqlite3-0@3.37.2-2ubuntu0.5", "libtinfo6@6.3-2ubuntu0.1", "libtirpc3@1.3.2-2ubuntu0.1", "libuuid1@2.37.2-4ubuntu3.4", "media-types@7.0.0" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libquadmath0@12.3.0-1ubuntu1~22.04.2", "Name": "libquadmath0", "Identifier": { "PURL": "pkg:deb/ubuntu/libquadmath0@12.3.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "9456f50ddd2bc3ab", "BOMRef": "pkg:deb/ubuntu/libquadmath0@12.3.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "12.3.0-1ubuntu1~22.04.2", "Arch": "amd64", "SrcName": "gcc-12", "SrcVersion": "12.3.0", "SrcRelease": "1ubuntu1~22.04.2", "DependsOn": [ "gcc-12-base@12.3.0-1ubuntu1~22.04.2", "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libreadline8@8.1.2-1", "Name": "libreadline8", "Identifier": { "PURL": "pkg:deb/ubuntu/libreadline8@8.1.2-1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "bceae27d40d9bb56", "BOMRef": "pkg:deb/ubuntu/libreadline8@8.1.2-1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "8.1.2-1", "Arch": "amd64", "SrcName": "readline", "SrcVersion": "8.1.2", "SrcRelease": "1", "Licenses": [ "GPL-3.0-only", "GFDL-1.3-or-later" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libtinfo6@6.3-2ubuntu0.1", "readline-common@8.1.2-1" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "librtmp1@2.4+20151223.gitfa8646d.1-2build4", "Name": "librtmp1", "Identifier": { "PURL": "pkg:deb/ubuntu/librtmp1@2.4%2B20151223.gitfa8646d.1-2build4?arch=amd64\u0026distro=ubuntu-22.04", "UID": "da560050f2c2383", "BOMRef": "pkg:deb/ubuntu/librtmp1@2.4%2B20151223.gitfa8646d.1-2build4?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.4+20151223.gitfa8646d.1-2build4", "Arch": "amd64", "SrcName": "rtmpdump", "SrcVersion": "2.4+20151223.gitfa8646d.1", "SrcRelease": "2build4", "Licenses": [ "GPL-2.0-only", "LGPL-2.1-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libgmp10@2:6.2.1+dfsg-3ubuntu1", "libgnutls30@3.7.3-4ubuntu1.7", "libhogweed6@3.7.3-1build2", "libnettle8@3.7.3-1build2", "zlib1g@1:1.2.11.dfsg-2ubuntu9.2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libsasl2-2@2.1.27+dfsg2-3ubuntu1.2", "Name": "libsasl2-2", "Identifier": { "PURL": "pkg:deb/ubuntu/libsasl2-2@2.1.27%2Bdfsg2-3ubuntu1.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "e798d10bee8abe9c", "BOMRef": "pkg:deb/ubuntu/libsasl2-2@2.1.27%2Bdfsg2-3ubuntu1.2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.1.27+dfsg2-3ubuntu1.2", "Arch": "amd64", "SrcName": "cyrus-sasl2", "SrcVersion": "2.1.27+dfsg2", "SrcRelease": "3ubuntu1.2", "Licenses": [ "BSD-4-Clause", "OpenSSL", "SSLeay", "BSD-3-Clause", "GPL-3.0-or-later", "BSD-2-Clause", "BSD-4-Clause-UC", "RSA-MD", "MIT-CMU", "BSD-4-clause and IBM-as-is", "BSD-3-clause-JANET", "BSD-3-clause-PADL", "MIT-OpenVision", "OpenLDAP", "FSFULLR", "MIT-Export", "BSD-2.2-clause", "GPL-3.0-only", "IBM-as-is" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libsasl2-modules-db@2.1.27+dfsg2-3ubuntu1.2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libsasl2-modules-db@2.1.27+dfsg2-3ubuntu1.2", "Name": "libsasl2-modules-db", "Identifier": { "PURL": "pkg:deb/ubuntu/libsasl2-modules-db@2.1.27%2Bdfsg2-3ubuntu1.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "d44e7d695217e0bd", "BOMRef": "pkg:deb/ubuntu/libsasl2-modules-db@2.1.27%2Bdfsg2-3ubuntu1.2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.1.27+dfsg2-3ubuntu1.2", "Arch": "amd64", "SrcName": "cyrus-sasl2", "SrcVersion": "2.1.27+dfsg2", "SrcRelease": "3ubuntu1.2", "Licenses": [ "BSD-4-Clause", "OpenSSL", "SSLeay", "BSD-3-Clause", "GPL-3.0-or-later", "BSD-2-Clause", "BSD-4-Clause-UC", "RSA-MD", "MIT-CMU", "BSD-4-clause and IBM-as-is", "BSD-3-clause-JANET", "BSD-3-clause-PADL", "MIT-OpenVision", "OpenLDAP", "FSFULLR", "MIT-Export", "BSD-2.2-clause", "GPL-3.0-only", "IBM-as-is" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libdb5.3@5.3.28+dfsg1-0.8ubuntu3" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libseccomp2@2.5.3-2ubuntu3~22.04.1", "Name": "libseccomp2", "Identifier": { "PURL": "pkg:deb/ubuntu/libseccomp2@2.5.3-2ubuntu3~22.04.1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "905595d60bb24dae", "BOMRef": "pkg:deb/ubuntu/libseccomp2@2.5.3-2ubuntu3~22.04.1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.5.3-2ubuntu3~22.04.1", "Arch": "amd64", "SrcName": "libseccomp", "SrcVersion": "2.5.3", "SrcRelease": "2ubuntu3~22.04.1", "Licenses": [ "LGPL-2.1-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libselinux1@3.3-1build2", "Name": "libselinux1", "Identifier": { "PURL": "pkg:deb/ubuntu/libselinux1@3.3-1build2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "460c3e5f7339453b", "BOMRef": "pkg:deb/ubuntu/libselinux1@3.3-1build2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "3.3-1build2", "Arch": "amd64", "SrcName": "libselinux", "SrcVersion": "3.3", "SrcRelease": "1build2", "Licenses": [ "LGPL-2.1-only", "GPL-2.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libpcre2-8-0@10.39-3ubuntu0.1" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libsemanage-common@3.3-1build2", "Name": "libsemanage-common", "Identifier": { "PURL": "pkg:deb/ubuntu/libsemanage-common@3.3-1build2?arch=all\u0026distro=ubuntu-22.04", "UID": "b75de8af8a9288ba", "BOMRef": "pkg:deb/ubuntu/libsemanage-common@3.3-1build2?arch=all\u0026distro=ubuntu-22.04" }, "Version": "3.3-1build2", "Arch": "all", "SrcName": "libsemanage", "SrcVersion": "3.3", "SrcRelease": "1build2", "Licenses": [ "LGPL-2.0-or-later", "GPL-2.0-or-later" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libsemanage2@3.3-1build2", "Name": "libsemanage2", "Identifier": { "PURL": "pkg:deb/ubuntu/libsemanage2@3.3-1build2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "668444cf8e359979", "BOMRef": "pkg:deb/ubuntu/libsemanage2@3.3-1build2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "3.3-1build2", "Arch": "amd64", "SrcName": "libsemanage", "SrcVersion": "3.3", "SrcRelease": "1build2", "Licenses": [ "LGPL-2.0-or-later", "GPL-2.0-or-later" ], "DependsOn": [ "libaudit1@1:3.0.7-1build1", "libbz2-1.0@1.0.8-5build1", "libc6@2.35-0ubuntu3.11", "libselinux1@3.3-1build2", "libsemanage-common@3.3-1build2", "libsepol2@3.3-1build1" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libsensors-config@1:3.6.0-7ubuntu1", "Name": "libsensors-config", "Identifier": { "PURL": "pkg:deb/ubuntu/libsensors-config@3.6.0-7ubuntu1?arch=all\u0026distro=ubuntu-22.04\u0026epoch=1", "UID": "9a8fe72bcf8c5e28", "BOMRef": "pkg:deb/ubuntu/libsensors-config@3.6.0-7ubuntu1?arch=all\u0026distro=ubuntu-22.04\u0026epoch=1" }, "Version": "3.6.0-7ubuntu1", "Epoch": 1, "Arch": "all", "SrcName": "lm-sensors", "SrcVersion": "3.6.0", "SrcRelease": "7ubuntu1", "SrcEpoch": 1, "Licenses": [ "LGPL-2.1-only", "GPL-2.0-only" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libsensors5@1:3.6.0-7ubuntu1", "Name": "libsensors5", "Identifier": { "PURL": "pkg:deb/ubuntu/libsensors5@3.6.0-7ubuntu1?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1", "UID": "57d686f7d064f161", "BOMRef": "pkg:deb/ubuntu/libsensors5@3.6.0-7ubuntu1?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1" }, "Version": "3.6.0-7ubuntu1", "Epoch": 1, "Arch": "amd64", "SrcName": "lm-sensors", "SrcVersion": "3.6.0", "SrcRelease": "7ubuntu1", "SrcEpoch": 1, "Licenses": [ "LGPL-2.1-only", "GPL-2.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libsensors-config@1:3.6.0-7ubuntu1" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libsepol2@3.3-1build1", "Name": "libsepol2", "Identifier": { "PURL": "pkg:deb/ubuntu/libsepol2@3.3-1build1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "f7e33351c5459e4e", "BOMRef": "pkg:deb/ubuntu/libsepol2@3.3-1build1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "3.3-1build1", "Arch": "amd64", "SrcName": "libsepol", "SrcVersion": "3.3", "SrcRelease": "1build1", "Licenses": [ "LGPL-2.0-or-later", "GPL-2.0-or-later" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libsmartcols1@2.37.2-4ubuntu3.4", "Name": "libsmartcols1", "Identifier": { "PURL": "pkg:deb/ubuntu/libsmartcols1@2.37.2-4ubuntu3.4?arch=amd64\u0026distro=ubuntu-22.04", "UID": "71015637f2110f32", "BOMRef": "pkg:deb/ubuntu/libsmartcols1@2.37.2-4ubuntu3.4?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.37.2-4ubuntu3.4", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.37.2", "SrcRelease": "4ubuntu3.4", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "public-domain", "BSD-4-Clause", "MIT", "BSD-2-Clause", "BSD-3-Clause", "LGPL-2.0-or-later", "LGPL-2.1-or-later", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libsqlite3-0@3.37.2-2ubuntu0.5", "Name": "libsqlite3-0", "Identifier": { "PURL": "pkg:deb/ubuntu/libsqlite3-0@3.37.2-2ubuntu0.5?arch=amd64\u0026distro=ubuntu-22.04", "UID": "a6db3b81779615b3", "BOMRef": "pkg:deb/ubuntu/libsqlite3-0@3.37.2-2ubuntu0.5?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "3.37.2-2ubuntu0.5", "Arch": "amd64", "SrcName": "sqlite3", "SrcVersion": "3.37.2", "SrcRelease": "2ubuntu0.5", "Licenses": [ "public-domain", "GPL-2.0-or-later", "GPL-2.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libss2@1.46.5-2ubuntu1.2", "Name": "libss2", "Identifier": { "PURL": "pkg:deb/ubuntu/libss2@1.46.5-2ubuntu1.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "868880fa626b9b49", "BOMRef": "pkg:deb/ubuntu/libss2@1.46.5-2ubuntu1.2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.46.5-2ubuntu1.2", "Arch": "amd64", "SrcName": "e2fsprogs", "SrcVersion": "1.46.5", "SrcRelease": "2ubuntu1.2", "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libcom-err2@1.46.5-2ubuntu1.2" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libssh-4@0.9.6-2ubuntu0.22.04.5", "Name": "libssh-4", "Identifier": { "PURL": "pkg:deb/ubuntu/libssh-4@0.9.6-2ubuntu0.22.04.5?arch=amd64\u0026distro=ubuntu-22.04", "UID": "b1e8152fb08c57ee", "BOMRef": "pkg:deb/ubuntu/libssh-4@0.9.6-2ubuntu0.22.04.5?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "0.9.6-2ubuntu0.22.04.5", "Arch": "amd64", "SrcName": "libssh", "SrcVersion": "0.9.6", "SrcRelease": "2ubuntu0.22.04.5", "Licenses": [ "LGPL-2.1--OpenSSL", "public-domain", "LGPL-2.1-only", "BSD-2-Clause", "BSD-3-Clause" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libgssapi-krb5-2@1.19.2-2ubuntu0.7", "libssl3@3.0.2-0ubuntu1.20", "zlib1g@1:1.2.11.dfsg-2ubuntu9.2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libssl3@3.0.2-0ubuntu1.20", "Name": "libssl3", "Identifier": { "PURL": "pkg:deb/ubuntu/libssl3@3.0.2-0ubuntu1.20?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2aea00c000c281c0", "BOMRef": "pkg:deb/ubuntu/libssl3@3.0.2-0ubuntu1.20?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "3.0.2-0ubuntu1.20", "Arch": "amd64", "SrcName": "openssl", "SrcVersion": "3.0.2", "SrcRelease": "0ubuntu1.20", "Licenses": [ "Apache-2.0", "Artistic-2.0", "GPL-1.0-or-later", "GPL-1.0-only" ], "DependsOn": [ "debconf@1.5.79ubuntu1", "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libstdc++-11-dev@11.4.0-1ubuntu1~22.04.2", "Name": "libstdc++-11-dev", "Identifier": { "PURL": "pkg:deb/ubuntu/libstdc%2B%2B-11-dev@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "d816088bcbe07a9b", "BOMRef": "pkg:deb/ubuntu/libstdc%2B%2B-11-dev@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "11.4.0-1ubuntu1~22.04.2", "Arch": "amd64", "SrcName": "gcc-11", "SrcVersion": "11.4.0", "SrcRelease": "1ubuntu1~22.04.2", "DependsOn": [ "gcc-11-base@11.4.0-1ubuntu1~22.04.2", "libc6-dev@2.35-0ubuntu3.11", "libgcc-11-dev@11.4.0-1ubuntu1~22.04.2", "libstdc++6@12.3.0-1ubuntu1~22.04.2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libstdc++6@12.3.0-1ubuntu1~22.04.2", "Name": "libstdc++6", "Identifier": { "PURL": "pkg:deb/ubuntu/libstdc%2B%2B6@12.3.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "aa17aff4512d0c11", "BOMRef": "pkg:deb/ubuntu/libstdc%2B%2B6@12.3.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "12.3.0-1ubuntu1~22.04.2", "Arch": "amd64", "SrcName": "gcc-12", "SrcVersion": "12.3.0", "SrcRelease": "1ubuntu1~22.04.2", "DependsOn": [ "gcc-12-base@12.3.0-1ubuntu1~22.04.2", "libc6@2.35-0ubuntu3.11", "libgcc-s1@12.3.0-1ubuntu1~22.04.2" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libsystemd0@249.11-0ubuntu3.17", "Name": "libsystemd0", "Identifier": { "PURL": "pkg:deb/ubuntu/libsystemd0@249.11-0ubuntu3.17?arch=amd64\u0026distro=ubuntu-22.04", "UID": "97e4ccc118ea397d", "BOMRef": "pkg:deb/ubuntu/libsystemd0@249.11-0ubuntu3.17?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "249.11-0ubuntu3.17", "Arch": "amd64", "SrcName": "systemd", "SrcVersion": "249.11", "SrcRelease": "0ubuntu3.17", "Licenses": [ "LGPL-2.1-or-later", "CC0-1.0", "GPL-2.0-only", "GPL-2.0-only WITH Linux-syscall-note-exception", "MIT", "public-domain", "GPL-2.0-or-later", "LGPL-2.1-only" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libtasn1-6@4.18.0-4ubuntu0.1", "Name": "libtasn1-6", "Identifier": { "PURL": "pkg:deb/ubuntu/libtasn1-6@4.18.0-4ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "b0122995dca7e7b2", "BOMRef": "pkg:deb/ubuntu/libtasn1-6@4.18.0-4ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "4.18.0-4ubuntu0.1", "Arch": "amd64", "SrcName": "libtasn1-6", "SrcVersion": "4.18.0", "SrcRelease": "4ubuntu0.1", "Licenses": [ "LGPL-2.0-or-later", "LGPL-2.1-only", "GPL-3.0-only", "GFDL-1.3-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libtinfo-dev@6.3-2ubuntu0.1", "Name": "libtinfo-dev", "Identifier": { "PURL": "pkg:deb/ubuntu/libtinfo-dev@6.3-2ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "7237fb638a4f6eb3", "BOMRef": "pkg:deb/ubuntu/libtinfo-dev@6.3-2ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "6.3-2ubuntu0.1", "Arch": "amd64", "SrcName": "ncurses", "SrcVersion": "6.3", "SrcRelease": "2ubuntu0.1", "DependsOn": [ "libncurses-dev@6.3-2ubuntu0.1", "libtinfo6@6.3-2ubuntu0.1" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libtinfo6@6.3-2ubuntu0.1", "Name": "libtinfo6", "Identifier": { "PURL": "pkg:deb/ubuntu/libtinfo6@6.3-2ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "dade956f0ea39589", "BOMRef": "pkg:deb/ubuntu/libtinfo6@6.3-2ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "6.3-2ubuntu0.1", "Arch": "amd64", "SrcName": "ncurses", "SrcVersion": "6.3", "SrcRelease": "2ubuntu0.1", "Licenses": [ "MIT-X11", "X11", "BSD-3-Clause" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libtirpc-common@1.3.2-2ubuntu0.1", "Name": "libtirpc-common", "Identifier": { "PURL": "pkg:deb/ubuntu/libtirpc-common@1.3.2-2ubuntu0.1?arch=all\u0026distro=ubuntu-22.04", "UID": "92a57012239bf735", "BOMRef": "pkg:deb/ubuntu/libtirpc-common@1.3.2-2ubuntu0.1?arch=all\u0026distro=ubuntu-22.04" }, "Version": "1.3.2-2ubuntu0.1", "Arch": "all", "SrcName": "libtirpc", "SrcVersion": "1.3.2", "SrcRelease": "2ubuntu0.1", "Licenses": [ "BSD-3-Clause", "GPL-2.0-only", "--AUTO-PERMISSIVE--", "BSD-2-Clause", "BSD-4-Clause", "LGPL-2.1-or-later", "PERMISSIVE", "LGPL-2.1-only" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libtirpc-dev@1.3.2-2ubuntu0.1", "Name": "libtirpc-dev", "Identifier": { "PURL": "pkg:deb/ubuntu/libtirpc-dev@1.3.2-2ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "8af8a96b311111f7", "BOMRef": "pkg:deb/ubuntu/libtirpc-dev@1.3.2-2ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.3.2-2ubuntu0.1", "Arch": "amd64", "SrcName": "libtirpc", "SrcVersion": "1.3.2", "SrcRelease": "2ubuntu0.1", "Licenses": [ "BSD-3-Clause", "GPL-2.0-only", "--AUTO-PERMISSIVE--", "BSD-2-Clause", "BSD-4-Clause", "LGPL-2.1-or-later", "PERMISSIVE", "LGPL-2.1-only" ], "DependsOn": [ "libtirpc3@1.3.2-2ubuntu0.1" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libtirpc3@1.3.2-2ubuntu0.1", "Name": "libtirpc3", "Identifier": { "PURL": "pkg:deb/ubuntu/libtirpc3@1.3.2-2ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "ea6e2b30c63e9334", "BOMRef": "pkg:deb/ubuntu/libtirpc3@1.3.2-2ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.3.2-2ubuntu0.1", "Arch": "amd64", "SrcName": "libtirpc", "SrcVersion": "1.3.2", "SrcRelease": "2ubuntu0.1", "Licenses": [ "BSD-3-Clause", "GPL-2.0-only", "--AUTO-PERMISSIVE--", "BSD-2-Clause", "BSD-4-Clause", "LGPL-2.1-or-later", "PERMISSIVE", "LGPL-2.1-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libgssapi-krb5-2@1.19.2-2ubuntu0.7", "libtirpc-common@1.3.2-2ubuntu0.1" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libtsan0@11.4.0-1ubuntu1~22.04.2", "Name": "libtsan0", "Identifier": { "PURL": "pkg:deb/ubuntu/libtsan0@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "f1b5936ed5b4d468", "BOMRef": "pkg:deb/ubuntu/libtsan0@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "11.4.0-1ubuntu1~22.04.2", "Arch": "amd64", "SrcName": "gcc-11", "SrcVersion": "11.4.0", "SrcRelease": "1ubuntu1~22.04.2", "DependsOn": [ "gcc-11-base@11.4.0-1ubuntu1~22.04.2", "libc6@2.35-0ubuntu3.11", "libgcc-s1@12.3.0-1ubuntu1~22.04.2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libubsan1@12.3.0-1ubuntu1~22.04.2", "Name": "libubsan1", "Identifier": { "PURL": "pkg:deb/ubuntu/libubsan1@12.3.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "ed03ae274baa235e", "BOMRef": "pkg:deb/ubuntu/libubsan1@12.3.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "12.3.0-1ubuntu1~22.04.2", "Arch": "amd64", "SrcName": "gcc-12", "SrcVersion": "12.3.0", "SrcRelease": "1ubuntu1~22.04.2", "DependsOn": [ "gcc-12-base@12.3.0-1ubuntu1~22.04.2", "libc6@2.35-0ubuntu3.11", "libgcc-s1@12.3.0-1ubuntu1~22.04.2", "libstdc++6@12.3.0-1ubuntu1~22.04.2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libudev1@249.11-0ubuntu3.17", "Name": "libudev1", "Identifier": { "PURL": "pkg:deb/ubuntu/libudev1@249.11-0ubuntu3.17?arch=amd64\u0026distro=ubuntu-22.04", "UID": "82b0450a22ed0177", "BOMRef": "pkg:deb/ubuntu/libudev1@249.11-0ubuntu3.17?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "249.11-0ubuntu3.17", "Arch": "amd64", "SrcName": "systemd", "SrcVersion": "249.11", "SrcRelease": "0ubuntu3.17", "Licenses": [ "LGPL-2.1-or-later", "CC0-1.0", "GPL-2.0-only", "GPL-2.0-only WITH Linux-syscall-note-exception", "MIT", "public-domain", "GPL-2.0-or-later", "LGPL-2.1-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libunistring2@1.0-1", "Name": "libunistring2", "Identifier": { "PURL": "pkg:deb/ubuntu/libunistring2@1.0-1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "ceefb0ea4015648", "BOMRef": "pkg:deb/ubuntu/libunistring2@1.0-1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.0-1", "Arch": "amd64", "SrcName": "libunistring", "SrcVersion": "1.0", "SrcRelease": "1", "Licenses": [ "LGPL-3.0-or-later", "GPL-2.0-or-later", "FreeSoftware", "GPL-3.0-or-later", "GFDL-1.2-or-later", "GPL-2.0-or-later WITH distribution-exception", "MIT", "LGPL-3.0-only", "GPL-3.0-only", "GPL-2.0-only", "GFDL-1.2-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libunwind8@1.3.2-2build2.1", "Name": "libunwind8", "Identifier": { "PURL": "pkg:deb/ubuntu/libunwind8@1.3.2-2build2.1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "43bca72a1a8aa503", "BOMRef": "pkg:deb/ubuntu/libunwind8@1.3.2-2build2.1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.3.2-2build2.1", "Arch": "amd64", "SrcName": "libunwind", "SrcVersion": "1.3.2", "SrcRelease": "2build2.1", "Licenses": [ "MIT", "GPL-2.0-or-later", "GPL-2.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "liblzma5@5.2.5-2ubuntu1" ], "Layer": { "Digest": "sha256:520d619d496a923893589b91d61cc10d760b77c1d1c2381402f7f1b03855d588", "DiffID": "sha256:430b856894f5fd6f902e92a1ce9977aa370822638761b4d017b2698411a70cf1" } }, { "ID": "libuuid1@2.37.2-4ubuntu3.4", "Name": "libuuid1", "Identifier": { "PURL": "pkg:deb/ubuntu/libuuid1@2.37.2-4ubuntu3.4?arch=amd64\u0026distro=ubuntu-22.04", "UID": "f08739b2621d6c9e", "BOMRef": "pkg:deb/ubuntu/libuuid1@2.37.2-4ubuntu3.4?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.37.2-4ubuntu3.4", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.37.2", "SrcRelease": "4ubuntu3.4", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "public-domain", "BSD-4-Clause", "MIT", "BSD-2-Clause", "BSD-3-Clause", "LGPL-2.0-or-later", "LGPL-2.1-or-later", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libvulkan-dev@1.3.204.1-2", "Name": "libvulkan-dev", "Identifier": { "PURL": "pkg:deb/ubuntu/libvulkan-dev@1.3.204.1-2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "b142fb04243d2c7a", "BOMRef": "pkg:deb/ubuntu/libvulkan-dev@1.3.204.1-2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.3.204.1-2", "Arch": "amd64", "SrcName": "vulkan-loader", "SrcVersion": "1.3.204.1", "SrcRelease": "2", "Licenses": [ "Apache-2.0", "MIT" ], "DependsOn": [ "libvulkan1@1.3.204.1-2" ], "Layer": { "Digest": "sha256:2c65a14fe76855a296b26229d53ad8f050f99bf95e876e5b48439874d47946db", "DiffID": "sha256:e36a3d2fd2929f012a4074881a28dcdd38a64e3f0dad88c6a6675eeae8d0f92a" } }, { "ID": "libvulkan1@1.3.204.1-2", "Name": "libvulkan1", "Identifier": { "PURL": "pkg:deb/ubuntu/libvulkan1@1.3.204.1-2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "c1119707fa9fd02d", "BOMRef": "pkg:deb/ubuntu/libvulkan1@1.3.204.1-2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.3.204.1-2", "Arch": "amd64", "SrcName": "vulkan-loader", "SrcVersion": "1.3.204.1", "SrcRelease": "2", "Licenses": [ "Apache-2.0", "MIT" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:2c65a14fe76855a296b26229d53ad8f050f99bf95e876e5b48439874d47946db", "DiffID": "sha256:e36a3d2fd2929f012a4074881a28dcdd38a64e3f0dad88c6a6675eeae8d0f92a" } }, { "ID": "libwayland-client0@1.20.0-1ubuntu0.1", "Name": "libwayland-client0", "Identifier": { "PURL": "pkg:deb/ubuntu/libwayland-client0@1.20.0-1ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "710aa5be81db6370", "BOMRef": "pkg:deb/ubuntu/libwayland-client0@1.20.0-1ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.20.0-1ubuntu0.1", "Arch": "amd64", "SrcName": "wayland", "SrcVersion": "1.20.0", "SrcRelease": "1ubuntu0.1", "Licenses": [ "X11" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libffi8@3.4.2-4" ], "Layer": { "Digest": "sha256:2c65a14fe76855a296b26229d53ad8f050f99bf95e876e5b48439874d47946db", "DiffID": "sha256:e36a3d2fd2929f012a4074881a28dcdd38a64e3f0dad88c6a6675eeae8d0f92a" } }, { "ID": "libx11-6@2:1.7.5-1ubuntu0.3", "Name": "libx11-6", "Identifier": { "PURL": "pkg:deb/ubuntu/libx11-6@1.7.5-1ubuntu0.3?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=2", "UID": "67dcaf042815a6a", "BOMRef": "pkg:deb/ubuntu/libx11-6@1.7.5-1ubuntu0.3?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=2" }, "Version": "1.7.5-1ubuntu0.3", "Epoch": 2, "Arch": "amd64", "SrcName": "libx11", "SrcVersion": "1.7.5", "SrcRelease": "1ubuntu0.3", "SrcEpoch": 2, "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libx11-data@2:1.7.5-1ubuntu0.3", "libxcb1@1.14-3ubuntu3" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libx11-data@2:1.7.5-1ubuntu0.3", "Name": "libx11-data", "Identifier": { "PURL": "pkg:deb/ubuntu/libx11-data@1.7.5-1ubuntu0.3?arch=all\u0026distro=ubuntu-22.04\u0026epoch=2", "UID": "caf52e9784c6a367", "BOMRef": "pkg:deb/ubuntu/libx11-data@1.7.5-1ubuntu0.3?arch=all\u0026distro=ubuntu-22.04\u0026epoch=2" }, "Version": "1.7.5-1ubuntu0.3", "Epoch": 2, "Arch": "all", "SrcName": "libx11", "SrcVersion": "1.7.5", "SrcRelease": "1ubuntu0.3", "SrcEpoch": 2, "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libx11-dev@2:1.7.5-1ubuntu0.3", "Name": "libx11-dev", "Identifier": { "PURL": "pkg:deb/ubuntu/libx11-dev@1.7.5-1ubuntu0.3?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=2", "UID": "ff7157dffd81353a", "BOMRef": "pkg:deb/ubuntu/libx11-dev@1.7.5-1ubuntu0.3?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=2" }, "Version": "1.7.5-1ubuntu0.3", "Epoch": 2, "Arch": "amd64", "SrcName": "libx11", "SrcVersion": "1.7.5", "SrcRelease": "1ubuntu0.3", "SrcEpoch": 2, "DependsOn": [ "libx11-6@2:1.7.5-1ubuntu0.3", "libxau-dev@1:1.0.9-1build5", "libxcb1-dev@1.14-3ubuntu3", "libxdmcp-dev@1:1.1.3-0ubuntu5", "x11proto-dev@2021.5-1", "xtrans-dev@1.4.0-1" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libx11-xcb1@2:1.7.5-1ubuntu0.3", "Name": "libx11-xcb1", "Identifier": { "PURL": "pkg:deb/ubuntu/libx11-xcb1@1.7.5-1ubuntu0.3?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=2", "UID": "f04106fe28d1bc49", "BOMRef": "pkg:deb/ubuntu/libx11-xcb1@1.7.5-1ubuntu0.3?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=2" }, "Version": "1.7.5-1ubuntu0.3", "Epoch": 2, "Arch": "amd64", "SrcName": "libx11", "SrcVersion": "1.7.5", "SrcRelease": "1ubuntu0.3", "SrcEpoch": 2, "DependsOn": [ "libx11-6@2:1.7.5-1ubuntu0.3" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libxau-dev@1:1.0.9-1build5", "Name": "libxau-dev", "Identifier": { "PURL": "pkg:deb/ubuntu/libxau-dev@1.0.9-1build5?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1", "UID": "5a54bca930f852f", "BOMRef": "pkg:deb/ubuntu/libxau-dev@1.0.9-1build5?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1" }, "Version": "1.0.9-1build5", "Epoch": 1, "Arch": "amd64", "SrcName": "libxau", "SrcVersion": "1.0.9", "SrcRelease": "1build5", "SrcEpoch": 1, "DependsOn": [ "libxau6@1:1.0.9-1build5", "x11proto-dev@2021.5-1" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libxau6@1:1.0.9-1build5", "Name": "libxau6", "Identifier": { "PURL": "pkg:deb/ubuntu/libxau6@1.0.9-1build5?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1", "UID": "22944eb34c7d8841", "BOMRef": "pkg:deb/ubuntu/libxau6@1.0.9-1build5?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1" }, "Version": "1.0.9-1build5", "Epoch": 1, "Arch": "amd64", "SrcName": "libxau", "SrcVersion": "1.0.9", "SrcRelease": "1build5", "SrcEpoch": 1, "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libxcb-dri2-0@1.14-3ubuntu3", "Name": "libxcb-dri2-0", "Identifier": { "PURL": "pkg:deb/ubuntu/libxcb-dri2-0@1.14-3ubuntu3?arch=amd64\u0026distro=ubuntu-22.04", "UID": "1cd60f40113cb17e", "BOMRef": "pkg:deb/ubuntu/libxcb-dri2-0@1.14-3ubuntu3?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.14-3ubuntu3", "Arch": "amd64", "SrcName": "libxcb", "SrcVersion": "1.14", "SrcRelease": "3ubuntu3", "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libxcb1@1.14-3ubuntu3" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libxcb-dri3-0@1.14-3ubuntu3", "Name": "libxcb-dri3-0", "Identifier": { "PURL": "pkg:deb/ubuntu/libxcb-dri3-0@1.14-3ubuntu3?arch=amd64\u0026distro=ubuntu-22.04", "UID": "3a642de50217d35f", "BOMRef": "pkg:deb/ubuntu/libxcb-dri3-0@1.14-3ubuntu3?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.14-3ubuntu3", "Arch": "amd64", "SrcName": "libxcb", "SrcVersion": "1.14", "SrcRelease": "3ubuntu3", "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libxcb1@1.14-3ubuntu3" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libxcb-glx0@1.14-3ubuntu3", "Name": "libxcb-glx0", "Identifier": { "PURL": "pkg:deb/ubuntu/libxcb-glx0@1.14-3ubuntu3?arch=amd64\u0026distro=ubuntu-22.04", "UID": "57b4fcfd6e6cd2f8", "BOMRef": "pkg:deb/ubuntu/libxcb-glx0@1.14-3ubuntu3?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.14-3ubuntu3", "Arch": "amd64", "SrcName": "libxcb", "SrcVersion": "1.14", "SrcRelease": "3ubuntu3", "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libxcb1@1.14-3ubuntu3" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libxcb-present0@1.14-3ubuntu3", "Name": "libxcb-present0", "Identifier": { "PURL": "pkg:deb/ubuntu/libxcb-present0@1.14-3ubuntu3?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2c3ffb671318fe8f", "BOMRef": "pkg:deb/ubuntu/libxcb-present0@1.14-3ubuntu3?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.14-3ubuntu3", "Arch": "amd64", "SrcName": "libxcb", "SrcVersion": "1.14", "SrcRelease": "3ubuntu3", "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libxcb1@1.14-3ubuntu3" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libxcb-randr0@1.14-3ubuntu3", "Name": "libxcb-randr0", "Identifier": { "PURL": "pkg:deb/ubuntu/libxcb-randr0@1.14-3ubuntu3?arch=amd64\u0026distro=ubuntu-22.04", "UID": "210048c282661384", "BOMRef": "pkg:deb/ubuntu/libxcb-randr0@1.14-3ubuntu3?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.14-3ubuntu3", "Arch": "amd64", "SrcName": "libxcb", "SrcVersion": "1.14", "SrcRelease": "3ubuntu3", "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libxcb1@1.14-3ubuntu3" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libxcb-shm0@1.14-3ubuntu3", "Name": "libxcb-shm0", "Identifier": { "PURL": "pkg:deb/ubuntu/libxcb-shm0@1.14-3ubuntu3?arch=amd64\u0026distro=ubuntu-22.04", "UID": "c07d8a2f3cff2f5c", "BOMRef": "pkg:deb/ubuntu/libxcb-shm0@1.14-3ubuntu3?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.14-3ubuntu3", "Arch": "amd64", "SrcName": "libxcb", "SrcVersion": "1.14", "SrcRelease": "3ubuntu3", "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libxcb1@1.14-3ubuntu3" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libxcb-sync1@1.14-3ubuntu3", "Name": "libxcb-sync1", "Identifier": { "PURL": "pkg:deb/ubuntu/libxcb-sync1@1.14-3ubuntu3?arch=amd64\u0026distro=ubuntu-22.04", "UID": "912f49f176956209", "BOMRef": "pkg:deb/ubuntu/libxcb-sync1@1.14-3ubuntu3?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.14-3ubuntu3", "Arch": "amd64", "SrcName": "libxcb", "SrcVersion": "1.14", "SrcRelease": "3ubuntu3", "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libxcb1@1.14-3ubuntu3" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libxcb-xfixes0@1.14-3ubuntu3", "Name": "libxcb-xfixes0", "Identifier": { "PURL": "pkg:deb/ubuntu/libxcb-xfixes0@1.14-3ubuntu3?arch=amd64\u0026distro=ubuntu-22.04", "UID": "d8d1ebed1877bb6d", "BOMRef": "pkg:deb/ubuntu/libxcb-xfixes0@1.14-3ubuntu3?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.14-3ubuntu3", "Arch": "amd64", "SrcName": "libxcb", "SrcVersion": "1.14", "SrcRelease": "3ubuntu3", "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libxcb1@1.14-3ubuntu3" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libxcb1@1.14-3ubuntu3", "Name": "libxcb1", "Identifier": { "PURL": "pkg:deb/ubuntu/libxcb1@1.14-3ubuntu3?arch=amd64\u0026distro=ubuntu-22.04", "UID": "d40bc7543cc82b2d", "BOMRef": "pkg:deb/ubuntu/libxcb1@1.14-3ubuntu3?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.14-3ubuntu3", "Arch": "amd64", "SrcName": "libxcb", "SrcVersion": "1.14", "SrcRelease": "3ubuntu3", "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libxau6@1:1.0.9-1build5", "libxdmcp6@1:1.1.3-0ubuntu5" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libxcb1-dev@1.14-3ubuntu3", "Name": "libxcb1-dev", "Identifier": { "PURL": "pkg:deb/ubuntu/libxcb1-dev@1.14-3ubuntu3?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2e53b9b1687ebd3", "BOMRef": "pkg:deb/ubuntu/libxcb1-dev@1.14-3ubuntu3?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.14-3ubuntu3", "Arch": "amd64", "SrcName": "libxcb", "SrcVersion": "1.14", "SrcRelease": "3ubuntu3", "DependsOn": [ "libpthread-stubs0-dev@0.4-1build2", "libxau-dev@1:1.0.9-1build5", "libxcb1@1.14-3ubuntu3", "libxdmcp-dev@1:1.1.3-0ubuntu5" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libxdmcp-dev@1:1.1.3-0ubuntu5", "Name": "libxdmcp-dev", "Identifier": { "PURL": "pkg:deb/ubuntu/libxdmcp-dev@1.1.3-0ubuntu5?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1", "UID": "dc1977e9b4e0c73a", "BOMRef": "pkg:deb/ubuntu/libxdmcp-dev@1.1.3-0ubuntu5?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1" }, "Version": "1.1.3-0ubuntu5", "Epoch": 1, "Arch": "amd64", "SrcName": "libxdmcp", "SrcVersion": "1.1.3", "SrcRelease": "0ubuntu5", "SrcEpoch": 1, "DependsOn": [ "libxdmcp6@1:1.1.3-0ubuntu5" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libxdmcp6@1:1.1.3-0ubuntu5", "Name": "libxdmcp6", "Identifier": { "PURL": "pkg:deb/ubuntu/libxdmcp6@1.1.3-0ubuntu5?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1", "UID": "5661fdfc35ae51a8", "BOMRef": "pkg:deb/ubuntu/libxdmcp6@1.1.3-0ubuntu5?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1" }, "Version": "1.1.3-0ubuntu5", "Epoch": 1, "Arch": "amd64", "SrcName": "libxdmcp", "SrcVersion": "1.1.3", "SrcRelease": "0ubuntu5", "SrcEpoch": 1, "DependsOn": [ "libbsd0@0.11.5-1", "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libxext6@2:1.3.4-1build1", "Name": "libxext6", "Identifier": { "PURL": "pkg:deb/ubuntu/libxext6@1.3.4-1build1?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=2", "UID": "dce71360b84bb190", "BOMRef": "pkg:deb/ubuntu/libxext6@1.3.4-1build1?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=2" }, "Version": "1.3.4-1build1", "Epoch": 2, "Arch": "amd64", "SrcName": "libxext", "SrcVersion": "1.3.4", "SrcRelease": "1build1", "SrcEpoch": 2, "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libx11-6@2:1.7.5-1ubuntu0.3" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libxfixes3@1:6.0.0-1", "Name": "libxfixes3", "Identifier": { "PURL": "pkg:deb/ubuntu/libxfixes3@6.0.0-1?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1", "UID": "334864be90e1e93b", "BOMRef": "pkg:deb/ubuntu/libxfixes3@6.0.0-1?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1" }, "Version": "6.0.0-1", "Epoch": 1, "Arch": "amd64", "SrcName": "libxfixes", "SrcVersion": "6.0.0", "SrcRelease": "1", "SrcEpoch": 1, "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libx11-6@2:1.7.5-1ubuntu0.3" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libxml2@2.9.13+dfsg-1ubuntu0.10", "Name": "libxml2", "Identifier": { "PURL": "pkg:deb/ubuntu/libxml2@2.9.13%2Bdfsg-1ubuntu0.10?arch=amd64\u0026distro=ubuntu-22.04", "UID": "fc344bfac67e94f", "BOMRef": "pkg:deb/ubuntu/libxml2@2.9.13%2Bdfsg-1ubuntu0.10?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.9.13+dfsg-1ubuntu0.10", "Arch": "amd64", "SrcName": "libxml2", "SrcVersion": "2.9.13+dfsg", "SrcRelease": "1ubuntu0.10", "Licenses": [ "MIT-1", "ISC" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libicu70@70.1-2", "liblzma5@5.2.5-2ubuntu1", "zlib1g@1:1.2.11.dfsg-2ubuntu9.2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libxml2-dev@2.9.13+dfsg-1ubuntu0.10", "Name": "libxml2-dev", "Identifier": { "PURL": "pkg:deb/ubuntu/libxml2-dev@2.9.13%2Bdfsg-1ubuntu0.10?arch=amd64\u0026distro=ubuntu-22.04", "UID": "c3df9646fcf3a8de", "BOMRef": "pkg:deb/ubuntu/libxml2-dev@2.9.13%2Bdfsg-1ubuntu0.10?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.9.13+dfsg-1ubuntu0.10", "Arch": "amd64", "SrcName": "libxml2", "SrcVersion": "2.9.13+dfsg", "SrcRelease": "1ubuntu0.10", "Licenses": [ "MIT-1", "ISC" ], "DependsOn": [ "libicu-dev@70.1-2", "libxml2@2.9.13+dfsg-1ubuntu0.10" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libxshmfence1@1.3-1build4", "Name": "libxshmfence1", "Identifier": { "PURL": "pkg:deb/ubuntu/libxshmfence1@1.3-1build4?arch=amd64\u0026distro=ubuntu-22.04", "UID": "746888acef8fc8a2", "BOMRef": "pkg:deb/ubuntu/libxshmfence1@1.3-1build4?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.3-1build4", "Arch": "amd64", "SrcName": "libxshmfence", "SrcVersion": "1.3", "SrcRelease": "1build4", "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libxxf86vm1@1:1.1.4-1build3", "Name": "libxxf86vm1", "Identifier": { "PURL": "pkg:deb/ubuntu/libxxf86vm1@1.1.4-1build3?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1", "UID": "a1e6e839e7860b98", "BOMRef": "pkg:deb/ubuntu/libxxf86vm1@1.1.4-1build3?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1" }, "Version": "1.1.4-1build3", "Epoch": 1, "Arch": "amd64", "SrcName": "libxxf86vm", "SrcVersion": "1.1.4", "SrcRelease": "1build3", "SrcEpoch": 1, "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libx11-6@2:1.7.5-1ubuntu0.3", "libxext6@2:1.3.4-1build1" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "libxxhash0@0.8.1-1", "Name": "libxxhash0", "Identifier": { "PURL": "pkg:deb/ubuntu/libxxhash0@0.8.1-1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "f7913f957b2655b2", "BOMRef": "pkg:deb/ubuntu/libxxhash0@0.8.1-1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "0.8.1-1", "Arch": "amd64", "SrcName": "xxhash", "SrcVersion": "0.8.1", "SrcRelease": "1", "Licenses": [ "BSD-2-Clause", "GPL-2.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "libzstd1@1.4.8+dfsg-3build1", "Name": "libzstd1", "Identifier": { "PURL": "pkg:deb/ubuntu/libzstd1@1.4.8%2Bdfsg-3build1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "699f41ce8db95953", "BOMRef": "pkg:deb/ubuntu/libzstd1@1.4.8%2Bdfsg-3build1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.4.8+dfsg-3build1", "Arch": "amd64", "SrcName": "libzstd", "SrcVersion": "1.4.8+dfsg", "SrcRelease": "3build1", "Licenses": [ "BSD-3-Clause", "GPL-2.0-only", "Zlib", "MIT" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "linux-libc-dev@5.15.0-163.173", "Name": "linux-libc-dev", "Identifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "5.15.0-163.173", "Arch": "amd64", "SrcName": "linux", "SrcVersion": "5.15.0", "SrcRelease": "163.173", "Licenses": [ "GPL-2.0-only" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "login@1:4.8.1-2ubuntu2.2", "Name": "login", "Identifier": { "PURL": "pkg:deb/ubuntu/login@4.8.1-2ubuntu2.2?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1", "UID": "affc8fb45548de91", "BOMRef": "pkg:deb/ubuntu/login@4.8.1-2ubuntu2.2?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1" }, "Version": "4.8.1-2ubuntu2.2", "Epoch": 1, "Arch": "amd64", "SrcName": "shadow", "SrcVersion": "4.8.1", "SrcRelease": "2ubuntu2.2", "SrcEpoch": 1, "Licenses": [ "GPL-2.0-only" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "logsave@1.46.5-2ubuntu1.2", "Name": "logsave", "Identifier": { "PURL": "pkg:deb/ubuntu/logsave@1.46.5-2ubuntu1.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "c7c3f84c705b102b", "BOMRef": "pkg:deb/ubuntu/logsave@1.46.5-2ubuntu1.2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.46.5-2ubuntu1.2", "Arch": "amd64", "SrcName": "e2fsprogs", "SrcVersion": "1.46.5", "SrcRelease": "2ubuntu1.2", "Licenses": [ "GPL-2.0-only", "LGPL-2.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "lsb-base@11.1.0ubuntu4", "Name": "lsb-base", "Identifier": { "PURL": "pkg:deb/ubuntu/lsb-base@11.1.0ubuntu4?arch=all\u0026distro=ubuntu-22.04", "UID": "a9f68d4a900345ea", "BOMRef": "pkg:deb/ubuntu/lsb-base@11.1.0ubuntu4?arch=all\u0026distro=ubuntu-22.04" }, "Version": "11.1.0ubuntu4", "Arch": "all", "SrcName": "lsb", "SrcVersion": "11.1.0ubuntu4", "Licenses": [ "GPL-2.0-only", "BSD-3-Clause" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "lto-disabled-list@24", "Name": "lto-disabled-list", "Identifier": { "PURL": "pkg:deb/ubuntu/lto-disabled-list@24?arch=all\u0026distro=ubuntu-22.04", "UID": "d0fdb1846f1711bb", "BOMRef": "pkg:deb/ubuntu/lto-disabled-list@24?arch=all\u0026distro=ubuntu-22.04" }, "Version": "24", "Arch": "all", "SrcName": "lto-disabled-list", "SrcVersion": "24", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "make@4.3-4.1build1", "Name": "make", "Identifier": { "PURL": "pkg:deb/ubuntu/make@4.3-4.1build1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "4bacdd921910087f", "BOMRef": "pkg:deb/ubuntu/make@4.3-4.1build1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "4.3-4.1build1", "Arch": "amd64", "SrcName": "make-dfsg", "SrcVersion": "4.3", "SrcRelease": "4.1build1", "Licenses": [ "GPL-3.0-or-later", "GPL-3.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "mawk@1.3.4.20200120-3", "Name": "mawk", "Identifier": { "PURL": "pkg:deb/ubuntu/mawk@1.3.4.20200120-3?arch=amd64\u0026distro=ubuntu-22.04", "UID": "1806df2e096d40e1", "BOMRef": "pkg:deb/ubuntu/mawk@1.3.4.20200120-3?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.3.4.20200120-3", "Arch": "amd64", "SrcName": "mawk", "SrcVersion": "1.3.4.20200120", "SrcRelease": "3", "Licenses": [ "GPL-2.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "media-types@7.0.0", "Name": "media-types", "Identifier": { "PURL": "pkg:deb/ubuntu/media-types@7.0.0?arch=all\u0026distro=ubuntu-22.04", "UID": "6af4e4a80b037ae4", "BOMRef": "pkg:deb/ubuntu/media-types@7.0.0?arch=all\u0026distro=ubuntu-22.04" }, "Version": "7.0.0", "Arch": "all", "SrcName": "media-types", "SrcVersion": "7.0.0", "Licenses": [ "ad-hoc" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "mesa-common-dev@23.2.1-1ubuntu3.1~22.04.3", "Name": "mesa-common-dev", "Identifier": { "PURL": "pkg:deb/ubuntu/mesa-common-dev@23.2.1-1ubuntu3.1~22.04.3?arch=amd64\u0026distro=ubuntu-22.04", "UID": "54860a78f7a48cd1", "BOMRef": "pkg:deb/ubuntu/mesa-common-dev@23.2.1-1ubuntu3.1~22.04.3?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "23.2.1-1ubuntu3.1~22.04.3", "Arch": "amd64", "SrcName": "mesa", "SrcVersion": "23.2.1", "SrcRelease": "1ubuntu3.1~22.04.3", "Licenses": [ "MIT", "GPL-2.0-only", "GPL-1.0-or-later", "BSD-3-google", "Khronos", "Apache-2.0", "BSL-1.0", "MLAA", "SGI", "BSD-2-Clause", "GPL-2.0-or-later", "GPL-1.0-only" ], "DependsOn": [ "libdrm-dev@2.4.113-2~ubuntu0.22.04.1", "libgl-dev@1.4.0-1", "libglx-dev@1.4.0-1", "libx11-dev@2:1.7.5-1ubuntu0.3" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "mesa-vulkan-drivers@23.2.1-1ubuntu3.1~22.04.3", "Name": "mesa-vulkan-drivers", "Identifier": { "PURL": "pkg:deb/ubuntu/mesa-vulkan-drivers@23.2.1-1ubuntu3.1~22.04.3?arch=amd64\u0026distro=ubuntu-22.04", "UID": "c39d0a20fce38199", "BOMRef": "pkg:deb/ubuntu/mesa-vulkan-drivers@23.2.1-1ubuntu3.1~22.04.3?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "23.2.1-1ubuntu3.1~22.04.3", "Arch": "amd64", "SrcName": "mesa", "SrcVersion": "23.2.1", "SrcRelease": "1ubuntu3.1~22.04.3", "Licenses": [ "MIT", "GPL-2.0-only", "GPL-1.0-or-later", "BSD-3-google", "Khronos", "Apache-2.0", "BSL-1.0", "MLAA", "SGI", "BSD-2-Clause", "GPL-2.0-or-later", "GPL-1.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libdrm-amdgpu1@2.4.113-2~ubuntu0.22.04.1", "libdrm2@2.4.113-2~ubuntu0.22.04.1", "libelf1@0.186-1ubuntu0.1", "libexpat1@2.4.7-1ubuntu0.6", "libgcc-s1@12.3.0-1ubuntu1~22.04.2", "libllvm15@1:15.0.7-0ubuntu0.22.04.3", "libstdc++6@12.3.0-1ubuntu1~22.04.2", "libvulkan1@1.3.204.1-2", "libwayland-client0@1.20.0-1ubuntu0.1", "libx11-xcb1@2:1.7.5-1ubuntu0.3", "libxcb-dri3-0@1.14-3ubuntu3", "libxcb-present0@1.14-3ubuntu3", "libxcb-randr0@1.14-3ubuntu3", "libxcb-shm0@1.14-3ubuntu3", "libxcb-sync1@1.14-3ubuntu3", "libxcb-xfixes0@1.14-3ubuntu3", "libxcb1@1.14-3ubuntu3", "libxshmfence1@1.3-1build4", "libzstd1@1.4.8+dfsg-3build1", "zlib1g@1:1.2.11.dfsg-2ubuntu9.2" ], "Layer": { "Digest": "sha256:2c65a14fe76855a296b26229d53ad8f050f99bf95e876e5b48439874d47946db", "DiffID": "sha256:e36a3d2fd2929f012a4074881a28dcdd38a64e3f0dad88c6a6675eeae8d0f92a" } }, { "ID": "mount@2.37.2-4ubuntu3.4", "Name": "mount", "Identifier": { "PURL": "pkg:deb/ubuntu/mount@2.37.2-4ubuntu3.4?arch=amd64\u0026distro=ubuntu-22.04", "UID": "14224737121816dd", "BOMRef": "pkg:deb/ubuntu/mount@2.37.2-4ubuntu3.4?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.37.2-4ubuntu3.4", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.37.2", "SrcRelease": "4ubuntu3.4", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "public-domain", "BSD-4-Clause", "MIT", "BSD-2-Clause", "BSD-3-Clause", "LGPL-2.0-or-later", "LGPL-2.1-or-later", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "ncurses-base@6.3-2ubuntu0.1", "Name": "ncurses-base", "Identifier": { "PURL": "pkg:deb/ubuntu/ncurses-base@6.3-2ubuntu0.1?arch=all\u0026distro=ubuntu-22.04", "UID": "6d396ec1ddf9c44d", "BOMRef": "pkg:deb/ubuntu/ncurses-base@6.3-2ubuntu0.1?arch=all\u0026distro=ubuntu-22.04" }, "Version": "6.3-2ubuntu0.1", "Arch": "all", "SrcName": "ncurses", "SrcVersion": "6.3", "SrcRelease": "2ubuntu0.1", "Licenses": [ "MIT-X11", "X11", "BSD-3-Clause" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "ncurses-bin@6.3-2ubuntu0.1", "Name": "ncurses-bin", "Identifier": { "PURL": "pkg:deb/ubuntu/ncurses-bin@6.3-2ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "8720ec09686c7e55", "BOMRef": "pkg:deb/ubuntu/ncurses-bin@6.3-2ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "6.3-2ubuntu0.1", "Arch": "amd64", "SrcName": "ncurses", "SrcVersion": "6.3", "SrcRelease": "2ubuntu0.1", "Licenses": [ "MIT-X11", "X11", "BSD-3-Clause" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "ocl-icd-libopencl1@2.2.14-3", "Name": "ocl-icd-libopencl1", "Identifier": { "PURL": "pkg:deb/ubuntu/ocl-icd-libopencl1@2.2.14-3?arch=amd64\u0026distro=ubuntu-22.04", "UID": "54a49524e7adc705", "BOMRef": "pkg:deb/ubuntu/ocl-icd-libopencl1@2.2.14-3?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.2.14-3", "Arch": "amd64", "SrcName": "ocl-icd", "SrcVersion": "2.2.14", "SrcRelease": "3", "Licenses": [ "BSD-2-Clause" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "ocl-icd-opencl-dev@2.2.14-3", "Name": "ocl-icd-opencl-dev", "Identifier": { "PURL": "pkg:deb/ubuntu/ocl-icd-opencl-dev@2.2.14-3?arch=amd64\u0026distro=ubuntu-22.04", "UID": "f01400116708886b", "BOMRef": "pkg:deb/ubuntu/ocl-icd-opencl-dev@2.2.14-3?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.2.14-3", "Arch": "amd64", "SrcName": "ocl-icd", "SrcVersion": "2.2.14", "SrcRelease": "3", "Licenses": [ "BSD-2-Clause" ], "DependsOn": [ "ocl-icd-libopencl1@2.2.14-3", "opencl-c-headers@3.0~2022.01.04-1", "opencl-clhpp-headers@3.0~2.0.15-1ubuntu1" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "opencl-c-headers@3.0~2022.01.04-1", "Name": "opencl-c-headers", "Identifier": { "PURL": "pkg:deb/ubuntu/opencl-c-headers@3.0~2022.01.04-1?arch=all\u0026distro=ubuntu-22.04", "UID": "b6ee8aebf218da19", "BOMRef": "pkg:deb/ubuntu/opencl-c-headers@3.0~2022.01.04-1?arch=all\u0026distro=ubuntu-22.04" }, "Version": "3.0~2022.01.04-1", "Arch": "all", "SrcName": "khronos-opencl-headers", "SrcVersion": "3.0~2022.01.04", "SrcRelease": "1", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "opencl-clhpp-headers@3.0~2.0.15-1ubuntu1", "Name": "opencl-clhpp-headers", "Identifier": { "PURL": "pkg:deb/ubuntu/opencl-clhpp-headers@3.0~2.0.15-1ubuntu1?arch=all\u0026distro=ubuntu-22.04", "UID": "37186d6dd7ecd7f3", "BOMRef": "pkg:deb/ubuntu/opencl-clhpp-headers@3.0~2.0.15-1ubuntu1?arch=all\u0026distro=ubuntu-22.04" }, "Version": "3.0~2.0.15-1ubuntu1", "Arch": "all", "SrcName": "khronos-opencl-clhpp", "SrcVersion": "3.0~2.0.15", "SrcRelease": "1ubuntu1", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "opencl-c-headers@3.0~2022.01.04-1" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "openmp-extras-dev@20.70.0.70101-38~22.04", "Name": "openmp-extras-dev", "Identifier": { "PURL": "pkg:deb/ubuntu/openmp-extras-dev@20.70.0.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04", "UID": "5872fe07b1e62947", "BOMRef": "pkg:deb/ubuntu/openmp-extras-dev@20.70.0.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "20.70.0.70101-38~22.04", "Arch": "amd64", "SrcName": "openmp-extras-dev", "SrcVersion": "20.70.0.70101", "SrcRelease": "38~22.04", "DependsOn": [ "hsa-rocr-dev@1.18.0.70101-38~22.04", "openmp-extras-runtime@20.70.0.70101-38~22.04", "rocm-core@7.1.1.70101-38~22.04", "rocm-device-libs@1.0.0.70101-38~22.04", "rocm-llvm@20.0.0.25444.70101-38~22.04" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "openmp-extras-runtime@20.70.0.70101-38~22.04", "Name": "openmp-extras-runtime", "Identifier": { "PURL": "pkg:deb/ubuntu/openmp-extras-runtime@20.70.0.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04", "UID": "c3505ba27927c0ce", "BOMRef": "pkg:deb/ubuntu/openmp-extras-runtime@20.70.0.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "20.70.0.70101-38~22.04", "Arch": "amd64", "SrcName": "openmp-extras-runtime", "SrcVersion": "20.70.0.70101", "SrcRelease": "38~22.04", "DependsOn": [ "hsa-rocr@1.18.0.70101-38~22.04", "rocm-core@7.1.1.70101-38~22.04", "rocm-device-libs@1.0.0.70101-38~22.04", "rocm-llvm@20.0.0.25444.70101-38~22.04" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "openssl@3.0.2-0ubuntu1.20", "Name": "openssl", "Identifier": { "PURL": "pkg:deb/ubuntu/openssl@3.0.2-0ubuntu1.20?arch=amd64\u0026distro=ubuntu-22.04", "UID": "67515f12d3671d54", "BOMRef": "pkg:deb/ubuntu/openssl@3.0.2-0ubuntu1.20?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "3.0.2-0ubuntu1.20", "Arch": "amd64", "SrcName": "openssl", "SrcVersion": "3.0.2", "SrcRelease": "0ubuntu1.20", "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libssl3@3.0.2-0ubuntu1.20" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "passwd@1:4.8.1-2ubuntu2.2", "Name": "passwd", "Identifier": { "PURL": "pkg:deb/ubuntu/passwd@4.8.1-2ubuntu2.2?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1", "UID": "63fa6f86238e7bc4", "BOMRef": "pkg:deb/ubuntu/passwd@4.8.1-2ubuntu2.2?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1" }, "Version": "4.8.1-2ubuntu2.2", "Epoch": 1, "Arch": "amd64", "SrcName": "shadow", "SrcVersion": "4.8.1", "SrcRelease": "2ubuntu2.2", "SrcEpoch": 1, "Licenses": [ "GPL-2.0-only" ], "DependsOn": [ "libaudit1@1:3.0.7-1build1", "libc6@2.35-0ubuntu3.11", "libcrypt1@1:4.4.27-1", "libpam-modules@1.4.0-11ubuntu2.6", "libpam0g@1.4.0-11ubuntu2.6", "libselinux1@3.3-1build2", "libsemanage2@3.3-1build2" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "patch@2.7.6-7build2", "Name": "patch", "Identifier": { "PURL": "pkg:deb/ubuntu/patch@2.7.6-7build2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "bfb90b2da486d9ea", "BOMRef": "pkg:deb/ubuntu/patch@2.7.6-7build2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.7.6-7build2", "Arch": "amd64", "SrcName": "patch", "SrcVersion": "2.7.6", "SrcRelease": "7build2", "Licenses": [ "GPL-2.0-or-later" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "pci.ids@0.0~2022.01.22-1ubuntu0.1", "Name": "pci.ids", "Identifier": { "PURL": "pkg:deb/ubuntu/pci.ids@0.0~2022.01.22-1ubuntu0.1?arch=all\u0026distro=ubuntu-22.04", "UID": "289565826b05ea7b", "BOMRef": "pkg:deb/ubuntu/pci.ids@0.0~2022.01.22-1ubuntu0.1?arch=all\u0026distro=ubuntu-22.04" }, "Version": "0.0~2022.01.22-1ubuntu0.1", "Arch": "all", "SrcName": "pci.ids", "SrcVersion": "0.0~2022.01.22", "SrcRelease": "1ubuntu0.1", "Licenses": [ "GPL-2.0-or-later", "BSD-3-Clause", "GPL-2.0-only" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "pciutils@1:3.7.0-6", "Name": "pciutils", "Identifier": { "PURL": "pkg:deb/ubuntu/pciutils@3.7.0-6?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1", "UID": "311369331b211e01", "BOMRef": "pkg:deb/ubuntu/pciutils@3.7.0-6?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1" }, "Version": "3.7.0-6", "Epoch": 1, "Arch": "amd64", "SrcName": "pciutils", "SrcVersion": "3.7.0", "SrcRelease": "6", "SrcEpoch": 1, "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libkmod2@29-1ubuntu1", "libpci3@1:3.7.0-6" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "perl@5.34.0-3ubuntu1.5", "Name": "perl", "Identifier": { "PURL": "pkg:deb/ubuntu/perl@5.34.0-3ubuntu1.5?arch=amd64\u0026distro=ubuntu-22.04", "UID": "cd814ea9df86e921", "BOMRef": "pkg:deb/ubuntu/perl@5.34.0-3ubuntu1.5?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "5.34.0-3ubuntu1.5", "Arch": "amd64", "SrcName": "perl", "SrcVersion": "5.34.0", "SrcRelease": "3ubuntu1.5", "Licenses": [ "GPL-1.0-or-later", "Artistic-2.0", "MIT", "REGCOMP", "GPL-2.0-only WITH bison-exception+", "Unicode", "BZIP", "Zlib", "GPL-2.0-or-later", "RRA-KEEP-THIS-NOTICE", "BSD-3-Clause WITH weird-numbering", "CC0-1.0", "TEXT-TABS", "BSD-4-clause-POWERDOG", "BSD-3-clause-GENERIC", "BSD-3-Clause", "SDBM-PUBLIC-DOMAIN", "DONT-CHANGE-THE-GPL", "Artistic-dist", "LGPL-2.1-only", "GPL-1.0-only", "GPL-2.0-only", "Artistic-2", "HSIEH-DERIVATIVE", "HSIEH-BSD" ], "DependsOn": [ "libperl5.34@5.34.0-3ubuntu1.5", "perl-base@5.34.0-3ubuntu1.5", "perl-modules-5.34@5.34.0-3ubuntu1.5" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "perl-base@5.34.0-3ubuntu1.5", "Name": "perl-base", "Identifier": { "PURL": "pkg:deb/ubuntu/perl-base@5.34.0-3ubuntu1.5?arch=amd64\u0026distro=ubuntu-22.04", "UID": "1e3bd7a9e935060c", "BOMRef": "pkg:deb/ubuntu/perl-base@5.34.0-3ubuntu1.5?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "5.34.0-3ubuntu1.5", "Arch": "amd64", "SrcName": "perl", "SrcVersion": "5.34.0", "SrcRelease": "3ubuntu1.5", "Licenses": [ "GPL-1.0-or-later", "Artistic-2.0", "MIT", "REGCOMP", "GPL-2.0-only WITH bison-exception+", "Unicode", "BZIP", "Zlib", "GPL-2.0-or-later", "RRA-KEEP-THIS-NOTICE", "BSD-3-Clause WITH weird-numbering", "CC0-1.0", "TEXT-TABS", "BSD-4-clause-POWERDOG", "BSD-3-clause-GENERIC", "BSD-3-Clause", "SDBM-PUBLIC-DOMAIN", "DONT-CHANGE-THE-GPL", "Artistic-dist", "LGPL-2.1-only", "GPL-1.0-only", "GPL-2.0-only", "Artistic-2", "HSIEH-DERIVATIVE", "HSIEH-BSD" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "perl-modules-5.34@5.34.0-3ubuntu1.5", "Name": "perl-modules-5.34", "Identifier": { "PURL": "pkg:deb/ubuntu/perl-modules-5.34@5.34.0-3ubuntu1.5?arch=all\u0026distro=ubuntu-22.04", "UID": "ed68bffc07a9a088", "BOMRef": "pkg:deb/ubuntu/perl-modules-5.34@5.34.0-3ubuntu1.5?arch=all\u0026distro=ubuntu-22.04" }, "Version": "5.34.0-3ubuntu1.5", "Arch": "all", "SrcName": "perl", "SrcVersion": "5.34.0", "SrcRelease": "3ubuntu1.5", "Licenses": [ "GPL-1.0-or-later", "Artistic-2.0", "MIT", "REGCOMP", "GPL-2.0-only WITH bison-exception+", "Unicode", "BZIP", "Zlib", "GPL-2.0-or-later", "RRA-KEEP-THIS-NOTICE", "BSD-3-Clause WITH weird-numbering", "CC0-1.0", "TEXT-TABS", "BSD-4-clause-POWERDOG", "BSD-3-clause-GENERIC", "BSD-3-Clause", "SDBM-PUBLIC-DOMAIN", "DONT-CHANGE-THE-GPL", "Artistic-dist", "LGPL-2.1-only", "GPL-1.0-only", "GPL-2.0-only", "Artistic-2", "HSIEH-DERIVATIVE", "HSIEH-BSD" ], "DependsOn": [ "perl-base@5.34.0-3ubuntu1.5" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "pinentry-curses@1.1.1-1build2", "Name": "pinentry-curses", "Identifier": { "PURL": "pkg:deb/ubuntu/pinentry-curses@1.1.1-1build2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "e454a2b91d3ae02d", "BOMRef": "pkg:deb/ubuntu/pinentry-curses@1.1.1-1build2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.1.1-1build2", "Arch": "amd64", "SrcName": "pinentry", "SrcVersion": "1.1.1", "SrcRelease": "1build2", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "X11", "LGPL-3.0-or-later", "LGPL-3.0-only" ], "DependsOn": [ "libassuan0@2.5.5-1build1", "libc6@2.35-0ubuntu3.11", "libgpg-error0@1.43-3", "libncursesw6@6.3-2ubuntu0.1", "libtinfo6@6.3-2ubuntu0.1" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "procps@2:3.3.17-6ubuntu2.1", "Name": "procps", "Identifier": { "PURL": "pkg:deb/ubuntu/procps@3.3.17-6ubuntu2.1?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=2", "UID": "a8c55cdb73bb7f9e", "BOMRef": "pkg:deb/ubuntu/procps@3.3.17-6ubuntu2.1?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=2" }, "Version": "3.3.17-6ubuntu2.1", "Epoch": 2, "Arch": "amd64", "SrcName": "procps", "SrcVersion": "3.3.17", "SrcRelease": "6ubuntu2.1", "SrcEpoch": 2, "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.0-or-later", "GPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.0-only", "LGPL-2.1-only" ], "DependsOn": [ "init-system-helpers@1.62", "libc6@2.35-0ubuntu3.11", "libncurses6@6.3-2ubuntu0.1", "libncursesw6@6.3-2ubuntu0.1", "libprocps8@2:3.3.17-6ubuntu2.1", "libtinfo6@6.3-2ubuntu0.1", "lsb-base@11.1.0ubuntu4" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "python3@3.10.6-1~22.04.1", "Name": "python3", "Identifier": { "PURL": "pkg:deb/ubuntu/python3@3.10.6-1~22.04.1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "62ec94dd91e1af", "BOMRef": "pkg:deb/ubuntu/python3@3.10.6-1~22.04.1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "3.10.6-1~22.04.1", "Arch": "amd64", "SrcName": "python3-defaults", "SrcVersion": "3.10.6", "SrcRelease": "1~22.04.1", "DependsOn": [ "libpython3-stdlib@3.10.6-1~22.04.1", "python3.10@3.10.12-1~22.04.12" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "python3-dev@3.10.6-1~22.04.1", "Name": "python3-dev", "Identifier": { "PURL": "pkg:deb/ubuntu/python3-dev@3.10.6-1~22.04.1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "9162f78b45416255", "BOMRef": "pkg:deb/ubuntu/python3-dev@3.10.6-1~22.04.1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "3.10.6-1~22.04.1", "Arch": "amd64", "SrcName": "python3-defaults", "SrcVersion": "3.10.6", "SrcRelease": "1~22.04.1", "DependsOn": [ "libjs-sphinxdoc@4.3.2-1", "libpython3-dev@3.10.6-1~22.04.1", "python3-distutils@3.10.8-1~22.04", "python3.10-dev@3.10.12-1~22.04.12", "python3@3.10.6-1~22.04.1" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "python3-distutils@3.10.8-1~22.04", "Name": "python3-distutils", "Identifier": { "PURL": "pkg:deb/ubuntu/python3-distutils@3.10.8-1~22.04?arch=all\u0026distro=ubuntu-22.04", "UID": "61cdb9bba7907e2b", "BOMRef": "pkg:deb/ubuntu/python3-distutils@3.10.8-1~22.04?arch=all\u0026distro=ubuntu-22.04" }, "Version": "3.10.8-1~22.04", "Arch": "all", "SrcName": "python3-stdlib-extensions", "SrcVersion": "3.10.8", "SrcRelease": "1~22.04", "DependsOn": [ "python3-lib2to3@3.10.8-1~22.04" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "python3-lib2to3@3.10.8-1~22.04", "Name": "python3-lib2to3", "Identifier": { "PURL": "pkg:deb/ubuntu/python3-lib2to3@3.10.8-1~22.04?arch=all\u0026distro=ubuntu-22.04", "UID": "6e4e1253a63c6637", "BOMRef": "pkg:deb/ubuntu/python3-lib2to3@3.10.8-1~22.04?arch=all\u0026distro=ubuntu-22.04" }, "Version": "3.10.8-1~22.04", "Arch": "all", "SrcName": "python3-stdlib-extensions", "SrcVersion": "3.10.8", "SrcRelease": "1~22.04", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "python3-minimal@3.10.6-1~22.04.1", "Name": "python3-minimal", "Identifier": { "PURL": "pkg:deb/ubuntu/python3-minimal@3.10.6-1~22.04.1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "77812e130edb8cd5", "BOMRef": "pkg:deb/ubuntu/python3-minimal@3.10.6-1~22.04.1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "3.10.6-1~22.04.1", "Arch": "amd64", "SrcName": "python3-defaults", "SrcVersion": "3.10.6", "SrcRelease": "1~22.04.1", "DependsOn": [ "dpkg@1.21.1ubuntu2.6" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "python3-pip@22.0.2+dfsg-1ubuntu0.7", "Name": "python3-pip", "Identifier": { "PURL": "pkg:deb/ubuntu/python3-pip@22.0.2%2Bdfsg-1ubuntu0.7?arch=all\u0026distro=ubuntu-22.04", "UID": "bf18903d38ed7866", "BOMRef": "pkg:deb/ubuntu/python3-pip@22.0.2%2Bdfsg-1ubuntu0.7?arch=all\u0026distro=ubuntu-22.04" }, "Version": "22.0.2+dfsg-1ubuntu0.7", "Arch": "all", "SrcName": "python-pip", "SrcVersion": "22.0.2+dfsg", "SrcRelease": "1ubuntu0.7", "Licenses": [ "MIT AND Apache-2.0 AND MPL-2.0 AND LGPL-2.1-or-later AND BSD-3-Clause AND Python-2.0 AND Apache-2.0 OR BSD-2-Clause AND ISC AND BSD-2-Clause AND LGPL-2.1-only" ], "DependsOn": [ "ca-certificates@20240203~22.04.1", "python3-distutils@3.10.8-1~22.04", "python3-setuptools@59.6.0-1.2ubuntu0.22.04.3", "python3-wheel@0.37.1-2ubuntu0.22.04.1" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "python3-pkg-resources@59.6.0-1.2ubuntu0.22.04.3", "Name": "python3-pkg-resources", "Identifier": { "PURL": "pkg:deb/ubuntu/python3-pkg-resources@59.6.0-1.2ubuntu0.22.04.3?arch=all\u0026distro=ubuntu-22.04", "UID": "3cad23adc7900c8a", "BOMRef": "pkg:deb/ubuntu/python3-pkg-resources@59.6.0-1.2ubuntu0.22.04.3?arch=all\u0026distro=ubuntu-22.04" }, "Version": "59.6.0-1.2ubuntu0.22.04.3", "Arch": "all", "SrcName": "setuptools", "SrcVersion": "59.6.0", "SrcRelease": "1.2ubuntu0.22.04.3", "Licenses": [ "Apache-2.0", "BSD-3-Clause" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "python3-setuptools@59.6.0-1.2ubuntu0.22.04.3", "Name": "python3-setuptools", "Identifier": { "PURL": "pkg:deb/ubuntu/python3-setuptools@59.6.0-1.2ubuntu0.22.04.3?arch=all\u0026distro=ubuntu-22.04", "UID": "5c4146949083663a", "BOMRef": "pkg:deb/ubuntu/python3-setuptools@59.6.0-1.2ubuntu0.22.04.3?arch=all\u0026distro=ubuntu-22.04" }, "Version": "59.6.0-1.2ubuntu0.22.04.3", "Arch": "all", "SrcName": "setuptools", "SrcVersion": "59.6.0", "SrcRelease": "1.2ubuntu0.22.04.3", "Licenses": [ "Apache-2.0", "BSD-3-Clause" ], "DependsOn": [ "python3-distutils@3.10.8-1~22.04", "python3-pkg-resources@59.6.0-1.2ubuntu0.22.04.3" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "python3-wheel@0.37.1-2ubuntu0.22.04.1", "Name": "python3-wheel", "Identifier": { "PURL": "pkg:deb/ubuntu/python3-wheel@0.37.1-2ubuntu0.22.04.1?arch=all\u0026distro=ubuntu-22.04", "UID": "1c58f5313d871ddf", "BOMRef": "pkg:deb/ubuntu/python3-wheel@0.37.1-2ubuntu0.22.04.1?arch=all\u0026distro=ubuntu-22.04" }, "Version": "0.37.1-2ubuntu0.22.04.1", "Arch": "all", "SrcName": "wheel", "SrcVersion": "0.37.1", "SrcRelease": "2ubuntu0.22.04.1", "Licenses": [ "MIT", "GPL-3.0-only" ], "DependsOn": [ "python3-distutils@3.10.8-1~22.04" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "python3.10@3.10.12-1~22.04.12", "Name": "python3.10", "Identifier": { "PURL": "pkg:deb/ubuntu/python3.10@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "a4385a63969fd344", "BOMRef": "pkg:deb/ubuntu/python3.10@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "3.10.12-1~22.04.12", "Arch": "amd64", "SrcName": "python3.10", "SrcVersion": "3.10.12", "SrcRelease": "1~22.04.12", "Licenses": [ "GPL-2.0-only", "Redistribution and use in source and binary forms, with or without", "By obtaining, using, and/or copying this software and/or its", "Permission to use, copy, modify, and distribute this software and", "This software is provided 'as-is', without any express or implied", "Permission is hereby granted, free of charge, to any person", "Permission is hereby granted, free of charge, to any person obtaining", "Permission to use, copy, modify, and distribute this software and its", "This software is provided as-is, without express or implied", "Permission to use, copy, modify, and distribute this software for any", "* Permission to use this software in any way is granted without" ], "DependsOn": [ "libpython3.10-stdlib@3.10.12-1~22.04.12", "media-types@7.0.0", "python3.10-minimal@3.10.12-1~22.04.12" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "python3.10-dev@3.10.12-1~22.04.12", "Name": "python3.10-dev", "Identifier": { "PURL": "pkg:deb/ubuntu/python3.10-dev@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "9f2e6dca0dac353", "BOMRef": "pkg:deb/ubuntu/python3.10-dev@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "3.10.12-1~22.04.12", "Arch": "amd64", "SrcName": "python3.10", "SrcVersion": "3.10.12", "SrcRelease": "1~22.04.12", "DependsOn": [ "libpython3.10-dev@3.10.12-1~22.04.12", "libpython3.10@3.10.12-1~22.04.12", "python3.10@3.10.12-1~22.04.12" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "python3.10-minimal@3.10.12-1~22.04.12", "Name": "python3.10-minimal", "Identifier": { "PURL": "pkg:deb/ubuntu/python3.10-minimal@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "1ddcbfcaee4d2a7e", "BOMRef": "pkg:deb/ubuntu/python3.10-minimal@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "3.10.12-1~22.04.12", "Arch": "amd64", "SrcName": "python3.10", "SrcVersion": "3.10.12", "SrcRelease": "1~22.04.12", "Licenses": [ "GPL-2.0-only", "Redistribution and use in source and binary forms, with or without", "By obtaining, using, and/or copying this software and/or its", "Permission to use, copy, modify, and distribute this software and", "This software is provided 'as-is', without any express or implied", "Permission is hereby granted, free of charge, to any person", "Permission is hereby granted, free of charge, to any person obtaining", "Permission to use, copy, modify, and distribute this software and its", "This software is provided as-is, without express or implied", "Permission to use, copy, modify, and distribute this software for any", "* Permission to use this software in any way is granted without" ], "DependsOn": [ "libexpat1@2.4.7-1ubuntu0.6", "libpython3.10-minimal@3.10.12-1~22.04.12", "zlib1g@1:1.2.11.dfsg-2ubuntu9.2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "readline-common@8.1.2-1", "Name": "readline-common", "Identifier": { "PURL": "pkg:deb/ubuntu/readline-common@8.1.2-1?arch=all\u0026distro=ubuntu-22.04", "UID": "a295f5cc228920e8", "BOMRef": "pkg:deb/ubuntu/readline-common@8.1.2-1?arch=all\u0026distro=ubuntu-22.04" }, "Version": "8.1.2-1", "Arch": "all", "SrcName": "readline", "SrcVersion": "8.1.2", "SrcRelease": "1", "Licenses": [ "GPL-3.0-only", "GFDL-1.3-or-later" ], "DependsOn": [ "dpkg@1.21.1ubuntu2.6" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "rocm-cmake@0.14.0.70101-38~22.04", "Name": "rocm-cmake", "Identifier": { "PURL": "pkg:deb/ubuntu/rocm-cmake@0.14.0.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04", "UID": "1e78295d68c451d2", "BOMRef": "pkg:deb/ubuntu/rocm-cmake@0.14.0.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "0.14.0.70101-38~22.04", "Arch": "amd64", "SrcName": "rocm-cmake", "SrcVersion": "0.14.0.70101", "SrcRelease": "38~22.04", "DependsOn": [ "rocm-core@7.1.1.70101-38~22.04" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "rocm-core@7.1.1.70101-38~22.04", "Name": "rocm-core", "Identifier": { "PURL": "pkg:deb/ubuntu/rocm-core@7.1.1.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04", "UID": "ec9d8aeeefbf1dda", "BOMRef": "pkg:deb/ubuntu/rocm-core@7.1.1.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "7.1.1.70101-38~22.04", "Arch": "amd64", "SrcName": "rocm-core", "SrcVersion": "7.1.1.70101", "SrcRelease": "38~22.04", "DependsOn": [ "libc6@2.35-0ubuntu3.11", "python3@3.10.6-1~22.04.1" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "rocm-dbgapi@0.77.4.70101-38~22.04", "Name": "rocm-dbgapi", "Identifier": { "PURL": "pkg:deb/ubuntu/rocm-dbgapi@0.77.4.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04", "UID": "b3bf4e6129636f44", "BOMRef": "pkg:deb/ubuntu/rocm-dbgapi@0.77.4.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "0.77.4.70101-38~22.04", "Arch": "amd64", "SrcName": "rocm-dbgapi", "SrcVersion": "0.77.4.70101", "SrcRelease": "38~22.04", "DependsOn": [ "comgr@3.0.0.70101-38~22.04", "rocm-core@7.1.1.70101-38~22.04" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "rocm-debug-agent@2.1.0.70101-38~22.04", "Name": "rocm-debug-agent", "Identifier": { "PURL": "pkg:deb/ubuntu/rocm-debug-agent@2.1.0.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04", "UID": "f7784e81df5ae593", "BOMRef": "pkg:deb/ubuntu/rocm-debug-agent@2.1.0.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.1.0.70101-38~22.04", "Arch": "amd64", "SrcName": "rocm-debug-agent", "SrcVersion": "2.1.0.70101", "SrcRelease": "38~22.04", "DependsOn": [ "hsa-rocr@1.18.0.70101-38~22.04", "rocm-core@7.1.1.70101-38~22.04", "rocm-dbgapi@0.77.4.70101-38~22.04" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "rocm-dev@7.1.1.70101-38~22.04", "Name": "rocm-dev", "Identifier": { "PURL": "pkg:deb/ubuntu/rocm-dev@7.1.1.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04", "UID": "d63df7a583068775", "BOMRef": "pkg:deb/ubuntu/rocm-dev@7.1.1.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "7.1.1.70101-38~22.04", "Arch": "amd64", "SrcName": "rocm-dev", "SrcVersion": "7.1.1.70101", "SrcRelease": "38~22.04", "DependsOn": [ "amd-smi-lib@26.2.0.70101-38~22.04", "comgr@3.0.0.70101-38~22.04", "hip-dev@7.1.52802.70101-38~22.04", "hip-doc@7.1.52802.70101-38~22.04", "hip-runtime-amd@7.1.52802.70101-38~22.04", "hip-samples@7.1.52802.70101-38~22.04", "hipcc@1.1.1.70101-38~22.04", "hipify-clang@20.0.0.70101-38~22.04", "hsa-amd-aqlprofile@1.0.0.70101-38~22.04", "hsa-rocr-dev@1.18.0.70101-38~22.04", "hsa-rocr@1.18.0.70101-38~22.04", "openmp-extras-dev@20.70.0.70101-38~22.04", "openmp-extras-runtime@20.70.0.70101-38~22.04", "rocm-cmake@0.14.0.70101-38~22.04", "rocm-core@7.1.1.70101-38~22.04", "rocm-dbgapi@0.77.4.70101-38~22.04", "rocm-debug-agent@2.1.0.70101-38~22.04", "rocm-device-libs@1.0.0.70101-38~22.04", "rocm-gdb@16.3.70101-38~22.04", "rocm-llvm@20.0.0.25444.70101-38~22.04", "rocm-opencl-dev@2.0.0.70101-38~22.04", "rocm-opencl@2.0.0.70101-38~22.04", "rocm-smi-lib@7.8.0.70101-38~22.04", "rocm-utils@7.1.1.70101-38~22.04", "rocprofiler-dev@2.0.70101.70101-38~22.04", "rocprofiler-plugins@2.0.70101.70101-38~22.04", "rocprofiler-register@0.6.0.70101-38~22.04", "rocprofiler-sdk-rocpd@1.0.0-38~22.04", "rocprofiler-sdk-roctx@1.0.0-38~22.04", "rocprofiler-sdk@1.0.0-38~22.04", "rocprofiler@2.0.70101.70101-38~22.04", "roctracer-dev@4.1.70101.70101-38~22.04", "roctracer@4.1.70101.70101-38~22.04" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "rocm-device-libs@1.0.0.70101-38~22.04", "Name": "rocm-device-libs", "Identifier": { "PURL": "pkg:deb/ubuntu/rocm-device-libs@1.0.0.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04", "UID": "46d558488b056910", "BOMRef": "pkg:deb/ubuntu/rocm-device-libs@1.0.0.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.0.0.70101-38~22.04", "Arch": "amd64", "SrcName": "rocm-device-libs", "SrcVersion": "1.0.0.70101", "SrcRelease": "38~22.04", "DependsOn": [ "rocm-core@7.1.1.70101-38~22.04" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "rocm-gdb@16.3.70101-38~22.04", "Name": "rocm-gdb", "Identifier": { "PURL": "pkg:deb/ubuntu/rocm-gdb@16.3.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04", "UID": "f9a16887c39fbbc2", "BOMRef": "pkg:deb/ubuntu/rocm-gdb@16.3.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "16.3.70101-38~22.04", "Arch": "amd64", "SrcName": "rocm-gdb", "SrcVersion": "16.3.70101", "SrcRelease": "38~22.04", "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libexpat1@2.4.7-1ubuntu0.6", "libgcc-s1@12.3.0-1ubuntu1~22.04.2", "libgmp10@2:6.2.1+dfsg-3ubuntu1", "liblzma5@5.2.5-2ubuntu1", "libmpfr6@4.1.0-3build3", "libncursesw6@6.3-2ubuntu0.1", "libstdc++6@12.3.0-1ubuntu1~22.04.2", "libtinfo6@6.3-2ubuntu0.1", "libzstd1@1.4.8+dfsg-3build1", "python3-dev@3.10.6-1~22.04.1", "rocm-core@7.1.1.70101-38~22.04", "rocm-dbgapi@0.77.4.70101-38~22.04", "zlib1g@1:1.2.11.dfsg-2ubuntu9.2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "rocm-llvm@20.0.0.25444.70101-38~22.04", "Name": "rocm-llvm", "Identifier": { "PURL": "pkg:deb/ubuntu/rocm-llvm@20.0.0.25444.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04", "UID": "f2118f9a9444dbc4", "BOMRef": "pkg:deb/ubuntu/rocm-llvm@20.0.0.25444.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "20.0.0.25444.70101-38~22.04", "Arch": "amd64", "SrcName": "rocm-llvm", "SrcVersion": "20.0.0.25444.70101", "SrcRelease": "38~22.04", "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libgcc-11-dev@11.4.0-1ubuntu1~22.04.2", "libstdc++-11-dev@11.4.0-1ubuntu1~22.04.2", "libstdc++6@12.3.0-1ubuntu1~22.04.2", "python3@3.10.6-1~22.04.1", "rocm-core@7.1.1.70101-38~22.04" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "rocm-opencl@2.0.0.70101-38~22.04", "Name": "rocm-opencl", "Identifier": { "PURL": "pkg:deb/ubuntu/rocm-opencl@2.0.0.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04", "UID": "3971099e416a2aca", "BOMRef": "pkg:deb/ubuntu/rocm-opencl@2.0.0.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.0.0.70101-38~22.04", "Arch": "amd64", "SrcName": "rocm-opencl", "SrcVersion": "2.0.0.70101", "SrcRelease": "38~22.04", "DependsOn": [ "comgr@3.0.0.70101-38~22.04", "hsa-rocr@1.18.0.70101-38~22.04", "libelf-dev@0.186-1ubuntu0.1", "ocl-icd-libopencl1@2.2.14-3", "rocm-core@7.1.1.70101-38~22.04" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "rocm-opencl-dev@2.0.0.70101-38~22.04", "Name": "rocm-opencl-dev", "Identifier": { "PURL": "pkg:deb/ubuntu/rocm-opencl-dev@2.0.0.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04", "UID": "51edb29b41c43d0d", "BOMRef": "pkg:deb/ubuntu/rocm-opencl-dev@2.0.0.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.0.0.70101-38~22.04", "Arch": "amd64", "SrcName": "rocm-opencl-dev", "SrcVersion": "2.0.0.70101", "SrcRelease": "38~22.04", "DependsOn": [ "hsa-rocr-dev@1.18.0.70101-38~22.04", "mesa-common-dev@23.2.1-1ubuntu3.1~22.04.3", "ocl-icd-opencl-dev@2.2.14-3", "rocm-core@7.1.1.70101-38~22.04", "rocm-opencl@2.0.0.70101-38~22.04" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "rocm-smi-lib@7.8.0.70101-38~22.04", "Name": "rocm-smi-lib", "Identifier": { "PURL": "pkg:deb/ubuntu/rocm-smi-lib@7.8.0.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04", "UID": "d6844d1d018fbec1", "BOMRef": "pkg:deb/ubuntu/rocm-smi-lib@7.8.0.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "7.8.0.70101-38~22.04", "Arch": "amd64", "SrcName": "rocm-smi-lib", "SrcVersion": "7.8.0.70101", "SrcRelease": "38~22.04", "DependsOn": [ "libc6@2.35-0ubuntu3.11", "python3@3.10.6-1~22.04.1", "rocm-core@7.1.1.70101-38~22.04" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "rocm-utils@7.1.1.70101-38~22.04", "Name": "rocm-utils", "Identifier": { "PURL": "pkg:deb/ubuntu/rocm-utils@7.1.1.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04", "UID": "1d3facf552c1221c", "BOMRef": "pkg:deb/ubuntu/rocm-utils@7.1.1.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "7.1.1.70101-38~22.04", "Arch": "amd64", "SrcName": "rocm-utils", "SrcVersion": "7.1.1.70101", "SrcRelease": "38~22.04", "DependsOn": [ "rocm-cmake@0.14.0.70101-38~22.04", "rocm-core@7.1.1.70101-38~22.04", "rocminfo@1.0.0.70101-38~22.04" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "rocminfo@1.0.0.70101-38~22.04", "Name": "rocminfo", "Identifier": { "PURL": "pkg:deb/ubuntu/rocminfo@1.0.0.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04", "UID": "15aec086414b09cf", "BOMRef": "pkg:deb/ubuntu/rocminfo@1.0.0.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.0.0.70101-38~22.04", "Arch": "amd64", "SrcName": "rocminfo", "SrcVersion": "1.0.0.70101", "SrcRelease": "38~22.04", "DependsOn": [ "hsa-rocr@1.18.0.70101-38~22.04", "libc6@2.35-0ubuntu3.11", "libgcc-s1@12.3.0-1ubuntu1~22.04.2", "libstdc++6@12.3.0-1ubuntu1~22.04.2", "pciutils@1:3.7.0-6", "python3@3.10.6-1~22.04.1", "rocm-core@7.1.1.70101-38~22.04" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "rocprofiler@2.0.70101.70101-38~22.04", "Name": "rocprofiler", "Identifier": { "PURL": "pkg:deb/ubuntu/rocprofiler@2.0.70101.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04", "UID": "e875e5b1f73da000", "BOMRef": "pkg:deb/ubuntu/rocprofiler@2.0.70101.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.0.70101.70101-38~22.04", "Arch": "amd64", "SrcName": "rocprofiler", "SrcVersion": "2.0.70101.70101", "SrcRelease": "38~22.04", "DependsOn": [ "hsa-rocr@1.18.0.70101-38~22.04", "libelf-dev@0.186-1ubuntu0.1", "libnuma-dev@2.0.14-3ubuntu2", "libxml2-dev@2.9.13+dfsg-1ubuntu0.10", "rocm-core@7.1.1.70101-38~22.04", "rocminfo@1.0.0.70101-38~22.04" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "rocprofiler-dev@2.0.70101.70101-38~22.04", "Name": "rocprofiler-dev", "Identifier": { "PURL": "pkg:deb/ubuntu/rocprofiler-dev@2.0.70101.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2a9d4387935b0d10", "BOMRef": "pkg:deb/ubuntu/rocprofiler-dev@2.0.70101.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.0.70101.70101-38~22.04", "Arch": "amd64", "SrcName": "rocprofiler-dev", "SrcVersion": "2.0.70101.70101", "SrcRelease": "38~22.04", "DependsOn": [ "hsa-rocr-dev@1.18.0.70101-38~22.04", "rocm-core@7.1.1.70101-38~22.04", "rocprofiler@2.0.70101.70101-38~22.04" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "rocprofiler-plugins@2.0.70101.70101-38~22.04", "Name": "rocprofiler-plugins", "Identifier": { "PURL": "pkg:deb/ubuntu/rocprofiler-plugins@2.0.70101.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04", "UID": "3883639b26f3b420", "BOMRef": "pkg:deb/ubuntu/rocprofiler-plugins@2.0.70101.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.0.70101.70101-38~22.04", "Arch": "amd64", "SrcName": "rocprofiler-plugins", "SrcVersion": "2.0.70101.70101", "SrcRelease": "38~22.04", "DependsOn": [ "hsa-rocr-dev@1.18.0.70101-38~22.04", "rocm-core@7.1.1.70101-38~22.04", "rocprofiler@2.0.70101.70101-38~22.04" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "rocprofiler-register@0.6.0.70101-38~22.04", "Name": "rocprofiler-register", "Identifier": { "PURL": "pkg:deb/ubuntu/rocprofiler-register@0.6.0.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04", "UID": "5fb1f049de9568f5", "BOMRef": "pkg:deb/ubuntu/rocprofiler-register@0.6.0.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "0.6.0.70101-38~22.04", "Arch": "amd64", "SrcName": "rocprofiler-register", "SrcVersion": "0.6.0.70101", "SrcRelease": "38~22.04", "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libgcc-s1@12.3.0-1ubuntu1~22.04.2", "libstdc++6@12.3.0-1ubuntu1~22.04.2", "rocm-core@7.1.1.70101-38~22.04" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "rocprofiler-sdk@1.0.0-38~22.04", "Name": "rocprofiler-sdk", "Identifier": { "PURL": "pkg:deb/ubuntu/rocprofiler-sdk@1.0.0-38~22.04?arch=amd64\u0026distro=ubuntu-22.04", "UID": "fa6d878c2b32cb68", "BOMRef": "pkg:deb/ubuntu/rocprofiler-sdk@1.0.0-38~22.04?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.0.0-38~22.04", "Arch": "amd64", "SrcName": "rocprofiler-sdk", "SrcVersion": "1.0.0", "SrcRelease": "38~22.04", "DependsOn": [ "rocm-core@7.1.1.70101-38~22.04", "rocprofiler-sdk-rocpd@1.0.0-38~22.04", "rocprofiler-sdk-roctx@1.0.0-38~22.04" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "rocprofiler-sdk-rocpd@1.0.0-38~22.04", "Name": "rocprofiler-sdk-rocpd", "Identifier": { "PURL": "pkg:deb/ubuntu/rocprofiler-sdk-rocpd@1.0.0-38~22.04?arch=amd64\u0026distro=ubuntu-22.04", "UID": "adc145903f4e8b36", "BOMRef": "pkg:deb/ubuntu/rocprofiler-sdk-rocpd@1.0.0-38~22.04?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.0.0-38~22.04", "Arch": "amd64", "SrcName": "rocprofiler-sdk-rocpd", "SrcVersion": "1.0.0", "SrcRelease": "38~22.04", "DependsOn": [ "rocm-core@7.1.1.70101-38~22.04" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "rocprofiler-sdk-roctx@1.0.0-38~22.04", "Name": "rocprofiler-sdk-roctx", "Identifier": { "PURL": "pkg:deb/ubuntu/rocprofiler-sdk-roctx@1.0.0-38~22.04?arch=amd64\u0026distro=ubuntu-22.04", "UID": "b7365da32469ffc2", "BOMRef": "pkg:deb/ubuntu/rocprofiler-sdk-roctx@1.0.0-38~22.04?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.0.0-38~22.04", "Arch": "amd64", "SrcName": "rocprofiler-sdk-roctx", "SrcVersion": "1.0.0", "SrcRelease": "38~22.04", "DependsOn": [ "rocm-core@7.1.1.70101-38~22.04", "rocprofiler-register@0.6.0.70101-38~22.04" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "roctracer@4.1.70101.70101-38~22.04", "Name": "roctracer", "Identifier": { "PURL": "pkg:deb/ubuntu/roctracer@4.1.70101.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04", "UID": "117ca35eac91f9ce", "BOMRef": "pkg:deb/ubuntu/roctracer@4.1.70101.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "4.1.70101.70101-38~22.04", "Arch": "amd64", "SrcName": "roctracer", "SrcVersion": "4.1.70101.70101", "SrcRelease": "38~22.04", "DependsOn": [ "rocm-core@7.1.1.70101-38~22.04" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "roctracer-dev@4.1.70101.70101-38~22.04", "Name": "roctracer-dev", "Identifier": { "PURL": "pkg:deb/ubuntu/roctracer-dev@4.1.70101.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04", "UID": "33bcdc02ac50ddb0", "BOMRef": "pkg:deb/ubuntu/roctracer-dev@4.1.70101.70101-38~22.04?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "4.1.70101.70101-38~22.04", "Arch": "amd64", "SrcName": "roctracer-dev", "SrcVersion": "4.1.70101.70101", "SrcRelease": "38~22.04", "DependsOn": [ "hsa-rocr-dev@1.18.0.70101-38~22.04", "rocm-core@7.1.1.70101-38~22.04", "roctracer@4.1.70101.70101-38~22.04" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "rpcsvc-proto@1.4.2-0ubuntu6", "Name": "rpcsvc-proto", "Identifier": { "PURL": "pkg:deb/ubuntu/rpcsvc-proto@1.4.2-0ubuntu6?arch=amd64\u0026distro=ubuntu-22.04", "UID": "123ce6d3b4f07d45", "BOMRef": "pkg:deb/ubuntu/rpcsvc-proto@1.4.2-0ubuntu6?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.4.2-0ubuntu6", "Arch": "amd64", "SrcName": "rpcsvc-proto", "SrcVersion": "1.4.2", "SrcRelease": "0ubuntu6", "Licenses": [ "BSD-3-Clause", "permissive-fsf", "permissive-makefile-in", "permissive-autoconf-m4-no-warranty", "GPL-3--autoconf-exception", "permissive-configure", "GPL-2--autoconf-exception", "MIT", "permissive-autoconf-m4", "GPL-2.0-only", "GPL-3.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "sed@4.8-1ubuntu2", "Name": "sed", "Identifier": { "PURL": "pkg:deb/ubuntu/sed@4.8-1ubuntu2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "e4e522a2f160dac5", "BOMRef": "pkg:deb/ubuntu/sed@4.8-1ubuntu2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "4.8-1ubuntu2", "Arch": "amd64", "SrcName": "sed", "SrcVersion": "4.8", "SrcRelease": "1ubuntu2", "Licenses": [ "GPL-3.0-only" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "sensible-utils@0.0.17", "Name": "sensible-utils", "Identifier": { "PURL": "pkg:deb/ubuntu/sensible-utils@0.0.17?arch=all\u0026distro=ubuntu-22.04", "UID": "677810ada5e50c61", "BOMRef": "pkg:deb/ubuntu/sensible-utils@0.0.17?arch=all\u0026distro=ubuntu-22.04" }, "Version": "0.0.17", "Arch": "all", "SrcName": "sensible-utils", "SrcVersion": "0.0.17", "Licenses": [ "GPL-2.0-or-later", "All-permissive", "configure", "installsh", "GPL-2.0-only" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "sudo@1.9.9-1ubuntu2.5", "Name": "sudo", "Identifier": { "PURL": "pkg:deb/ubuntu/sudo@1.9.9-1ubuntu2.5?arch=amd64\u0026distro=ubuntu-22.04", "UID": "a9d75f1416f525ad", "BOMRef": "pkg:deb/ubuntu/sudo@1.9.9-1ubuntu2.5?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.9.9-1ubuntu2.5", "Arch": "amd64", "SrcName": "sudo", "SrcVersion": "1.9.9", "SrcRelease": "1ubuntu2.5", "Licenses": [ "ISC", "other", "BSD-3-Clause", "BSD-2-Clause", "Zlib" ], "DependsOn": [ "libaudit1@1:3.0.7-1build1", "libc6@2.35-0ubuntu3.11", "libpam-modules@1.4.0-11ubuntu2.6", "libpam0g@1.4.0-11ubuntu2.6", "libselinux1@3.3-1build2", "lsb-base@11.1.0ubuntu4", "zlib1g@1:1.2.11.dfsg-2ubuntu9.2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "sysvinit-utils@3.01-1ubuntu1", "Name": "sysvinit-utils", "Identifier": { "PURL": "pkg:deb/ubuntu/sysvinit-utils@3.01-1ubuntu1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "1565427433879432", "BOMRef": "pkg:deb/ubuntu/sysvinit-utils@3.01-1ubuntu1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "3.01-1ubuntu1", "Arch": "amd64", "SrcName": "sysvinit", "SrcVersion": "3.01", "SrcRelease": "1ubuntu1", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "lsb-base@11.1.0ubuntu4" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "tar@1.34+dfsg-1ubuntu0.1.22.04.2", "Name": "tar", "Identifier": { "PURL": "pkg:deb/ubuntu/tar@1.34%2Bdfsg-1ubuntu0.1.22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "72ee54558d78e3e4", "BOMRef": "pkg:deb/ubuntu/tar@1.34%2Bdfsg-1ubuntu0.1.22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.34+dfsg-1ubuntu0.1.22.04.2", "Arch": "amd64", "SrcName": "tar", "SrcVersion": "1.34+dfsg", "SrcRelease": "1ubuntu0.1.22.04.2", "Licenses": [ "GPL-3.0-only", "GPL-2.0-only" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "tzdata@2025b-0ubuntu0.22.04.1", "Name": "tzdata", "Identifier": { "PURL": "pkg:deb/ubuntu/tzdata@2025b-0ubuntu0.22.04.1?arch=all\u0026distro=ubuntu-22.04", "UID": "6678e32793e0d1d7", "BOMRef": "pkg:deb/ubuntu/tzdata@2025b-0ubuntu0.22.04.1?arch=all\u0026distro=ubuntu-22.04" }, "Version": "2025b-0ubuntu0.22.04.1", "Arch": "all", "SrcName": "tzdata", "SrcVersion": "2025b", "SrcRelease": "0ubuntu0.22.04.1", "Licenses": [ "ICU" ], "DependsOn": [ "debconf@1.5.79ubuntu1" ], "Layer": { "Digest": "sha256:520d619d496a923893589b91d61cc10d760b77c1d1c2381402f7f1b03855d588", "DiffID": "sha256:430b856894f5fd6f902e92a1ce9977aa370822638761b4d017b2698411a70cf1" } }, { "ID": "ubuntu-keyring@2021.03.26", "Name": "ubuntu-keyring", "Identifier": { "PURL": "pkg:deb/ubuntu/ubuntu-keyring@2021.03.26?arch=all\u0026distro=ubuntu-22.04", "UID": "78e0656ecbea733f", "BOMRef": "pkg:deb/ubuntu/ubuntu-keyring@2021.03.26?arch=all\u0026distro=ubuntu-22.04" }, "Version": "2021.03.26", "Arch": "all", "SrcName": "ubuntu-keyring", "SrcVersion": "2021.03.26", "Licenses": [ "GPL-2.0-or-later" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "usrmerge@25ubuntu2", "Name": "usrmerge", "Identifier": { "PURL": "pkg:deb/ubuntu/usrmerge@25ubuntu2?arch=all\u0026distro=ubuntu-22.04", "UID": "88cbb0236e837970", "BOMRef": "pkg:deb/ubuntu/usrmerge@25ubuntu2?arch=all\u0026distro=ubuntu-22.04" }, "Version": "25ubuntu2", "Arch": "all", "SrcName": "usrmerge", "SrcVersion": "25ubuntu2", "Licenses": [ "GPL-2.0-or-later" ], "DependsOn": [ "perl-base@5.34.0-3ubuntu1.5" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "util-linux@2.37.2-4ubuntu3.4", "Name": "util-linux", "Identifier": { "PURL": "pkg:deb/ubuntu/util-linux@2.37.2-4ubuntu3.4?arch=amd64\u0026distro=ubuntu-22.04", "UID": "311451f505260d2d", "BOMRef": "pkg:deb/ubuntu/util-linux@2.37.2-4ubuntu3.4?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "2.37.2-4ubuntu3.4", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.37.2", "SrcRelease": "4ubuntu3.4", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "public-domain", "BSD-4-Clause", "MIT", "BSD-2-Clause", "BSD-3-Clause", "LGPL-2.0-or-later", "LGPL-2.1-or-later", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "vulkan-tools@1.3.204.0+dfsg1-1", "Name": "vulkan-tools", "Identifier": { "PURL": "pkg:deb/ubuntu/vulkan-tools@1.3.204.0%2Bdfsg1-1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "cd7edbbececbe691", "BOMRef": "pkg:deb/ubuntu/vulkan-tools@1.3.204.0%2Bdfsg1-1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "1.3.204.0+dfsg1-1", "Arch": "amd64", "SrcName": "vulkan-tools", "SrcVersion": "1.3.204.0+dfsg1", "SrcRelease": "1", "Licenses": [ "Apache-2.0", "MIT" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "libgcc-s1@12.3.0-1ubuntu1~22.04.2", "libstdc++6@12.3.0-1ubuntu1~22.04.2", "libvulkan1@1.3.204.1-2", "libwayland-client0@1.20.0-1ubuntu0.1", "libx11-6@2:1.7.5-1ubuntu0.3", "libxcb1@1.14-3ubuntu3" ], "Layer": { "Digest": "sha256:2c65a14fe76855a296b26229d53ad8f050f99bf95e876e5b48439874d47946db", "DiffID": "sha256:e36a3d2fd2929f012a4074881a28dcdd38a64e3f0dad88c6a6675eeae8d0f92a" } }, { "ID": "x11proto-dev@2021.5-1", "Name": "x11proto-dev", "Identifier": { "PURL": "pkg:deb/ubuntu/x11proto-dev@2021.5-1?arch=all\u0026distro=ubuntu-22.04", "UID": "42ed55c25382762c", "BOMRef": "pkg:deb/ubuntu/x11proto-dev@2021.5-1?arch=all\u0026distro=ubuntu-22.04" }, "Version": "2021.5-1", "Arch": "all", "SrcName": "xorgproto", "SrcVersion": "2021.5", "SrcRelease": "1", "Licenses": [ "MIT", "SGI" ], "DependsOn": [ "xorg-sgml-doctools@1:1.11-1.1" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "xorg-sgml-doctools@1:1.11-1.1", "Name": "xorg-sgml-doctools", "Identifier": { "PURL": "pkg:deb/ubuntu/xorg-sgml-doctools@1.11-1.1?arch=all\u0026distro=ubuntu-22.04\u0026epoch=1", "UID": "72725079099f38c", "BOMRef": "pkg:deb/ubuntu/xorg-sgml-doctools@1.11-1.1?arch=all\u0026distro=ubuntu-22.04\u0026epoch=1" }, "Version": "1.11-1.1", "Epoch": 1, "Arch": "all", "SrcName": "xorg-sgml-doctools", "SrcVersion": "1.11", "SrcRelease": "1.1", "SrcEpoch": 1, "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "xtrans-dev@1.4.0-1", "Name": "xtrans-dev", "Identifier": { "PURL": "pkg:deb/ubuntu/xtrans-dev@1.4.0-1?arch=all\u0026distro=ubuntu-22.04", "UID": "37a68a72d76b1d54", "BOMRef": "pkg:deb/ubuntu/xtrans-dev@1.4.0-1?arch=all\u0026distro=ubuntu-22.04" }, "Version": "1.4.0-1", "Arch": "all", "SrcName": "xtrans", "SrcVersion": "1.4.0", "SrcRelease": "1", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "xz-utils@5.2.5-2ubuntu1", "Name": "xz-utils", "Identifier": { "PURL": "pkg:deb/ubuntu/xz-utils@5.2.5-2ubuntu1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "d7fcc61e16b2130b", "BOMRef": "pkg:deb/ubuntu/xz-utils@5.2.5-2ubuntu1?arch=amd64\u0026distro=ubuntu-22.04" }, "Version": "5.2.5-2ubuntu1", "Arch": "amd64", "SrcName": "xz-utils", "SrcVersion": "5.2.5", "SrcRelease": "2ubuntu1", "Licenses": [ "PD", "probably-PD", "GPL-2.0-or-later", "LGPL-2.1-or-later", "permissive-fsf", "Autoconf", "permissive-nowarranty", "GPL-2.0-only", "none", "config-h", "LGPL-2.0-only", "LGPL-2.1-only", "noderivs", "PD-debian", "GPL-3.0-only" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11", "liblzma5@5.2.5-2ubuntu1" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } }, { "ID": "zlib1g@1:1.2.11.dfsg-2ubuntu9.2", "Name": "zlib1g", "Identifier": { "PURL": "pkg:deb/ubuntu/zlib1g@1.2.11.dfsg-2ubuntu9.2?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1", "UID": "53a1586f583aba93", "BOMRef": "pkg:deb/ubuntu/zlib1g@1.2.11.dfsg-2ubuntu9.2?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1" }, "Version": "1.2.11.dfsg-2ubuntu9.2", "Epoch": 1, "Arch": "amd64", "SrcName": "zlib", "SrcVersion": "1.2.11.dfsg", "SrcRelease": "2ubuntu9.2", "SrcEpoch": 1, "Licenses": [ "Zlib" ], "DependsOn": [ "libc6@2.35-0ubuntu3.11" ], "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" } }, { "ID": "zlib1g-dev@1:1.2.11.dfsg-2ubuntu9.2", "Name": "zlib1g-dev", "Identifier": { "PURL": "pkg:deb/ubuntu/zlib1g-dev@1.2.11.dfsg-2ubuntu9.2?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1", "UID": "4cb67cf8ac3ae913", "BOMRef": "pkg:deb/ubuntu/zlib1g-dev@1.2.11.dfsg-2ubuntu9.2?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1" }, "Version": "1.2.11.dfsg-2ubuntu9.2", "Epoch": 1, "Arch": "amd64", "SrcName": "zlib", "SrcVersion": "1.2.11.dfsg", "SrcRelease": "2ubuntu9.2", "SrcEpoch": 1, "Licenses": [ "Zlib" ], "DependsOn": [ "libc6-dev@2.35-0ubuntu3.11", "zlib1g@1:1.2.11.dfsg-2ubuntu9.2" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" } } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2025-11412", "PkgID": "binutils@2.38-4ubuntu2.11", "PkgName": "binutils", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/binutils@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "8d70ef0a03180edc", "BOMRef": "pkg:deb/ubuntu/binutils@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "FixedVersion": "2.38-4ubuntu2.12", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11412", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:08a92405a1d43c00c8e7b5d05f2c64027b57595c7a818b869cc0f6bcb6be59d8", "Title": "binutils: GNU Binutils Linker elflink.c bfd_elf_gc_record_vtentry out-of-bounds", "Description": "A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch.", "Severity": "MEDIUM", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11412", "https://nvd.nist.gov/vuln/detail/CVE-2025-11412", "https://sourceware.org/bugzilla/attachment.cgi?id=16378", "https://sourceware.org/bugzilla/show_bug.cgi?id=33452", "https://sourceware.org/bugzilla/show_bug.cgi?id=33452#c8", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=047435dd988a3975d40c6626a8f739a0b2e154bc", "https://ubuntu.com/security/notices/USN-7919-1", "https://vuldb.com/?ctiid.327348", "https://vuldb.com/?id.327348", "https://www.cve.org/CVERecord?id=CVE-2025-11412", "https://www.gnu.org/" ], "PublishedDate": "2025-10-07T22:15:34.03Z", "LastModifiedDate": "2025-10-14T15:09:07.05Z" }, { "VulnerabilityID": "CVE-2025-11413", "PkgID": "binutils@2.38-4ubuntu2.11", "PkgName": "binutils", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/binutils@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "8d70ef0a03180edc", "BOMRef": "pkg:deb/ubuntu/binutils@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "FixedVersion": "2.38-4ubuntu2.12", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11413", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:84ce8b8cc07667a98e981498331770a4ed2e3f8cb860b8422d26e5855d541f9e", "Title": "binutils: GNU Binutils Linker elflink.c elf_link_add_object_symbols out-of-bounds", "Description": "A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Upgrading to version 2.46 is able to address this issue. The patch is identified as 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. Upgrading the affected component is advised.", "Severity": "MEDIUM", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11413", "https://nvd.nist.gov/vuln/detail/CVE-2025-11413", "https://sourceware.org/bugzilla/attachment.cgi?id=16362", "https://sourceware.org/bugzilla/show_bug.cgi?id=33452", "https://sourceware.org/bugzilla/show_bug.cgi?id=33456", "https://sourceware.org/bugzilla/show_bug.cgi?id=33456#c10", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0", "https://ubuntu.com/security/notices/USN-7919-1", "https://vuldb.com/?ctiid.327349", "https://vuldb.com/?id.327349", "https://vuldb.com/?submit.665587", "https://vuldb.com/?submit.665590", "https://www.cve.org/CVERecord?id=CVE-2025-11413", "https://www.gnu.org/" ], "PublishedDate": "2025-10-07T22:15:34.23Z", "LastModifiedDate": "2026-02-24T07:16:31.417Z" }, { "VulnerabilityID": "CVE-2025-11414", "PkgID": "binutils@2.38-4ubuntu2.11", "PkgName": "binutils", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/binutils@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "8d70ef0a03180edc", "BOMRef": "pkg:deb/ubuntu/binutils@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "FixedVersion": "2.38-4ubuntu2.12", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11414", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d7e63e707e1bf1adb0624b716614739dab5cf9473d29ab604c9e6b009769c4f8", "Title": "binutils: GNU Binutils Linker elflink.c get_link_hash_entry out-of-bounds", "Description": "A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.46 addresses this issue. Patch name: aeaaa9af6359c8e394ce9cf24911fec4f4d23703. It is advisable to upgrade the affected component.", "Severity": "MEDIUM", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "azure": 1, "cbl-mariner": 2, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11414", "https://nvd.nist.gov/vuln/detail/CVE-2025-11414", "https://sourceware.org/bugzilla/attachment.cgi?id=16361", "https://sourceware.org/bugzilla/show_bug.cgi?id=33450", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aeaaa9af6359c8e394ce9cf24911fec4f4d23703", "https://ubuntu.com/security/notices/USN-7919-1", "https://vuldb.com/?ctiid.327350", "https://vuldb.com/?id.327350", "https://vuldb.com/?submit.665591", "https://www.cve.org/CVERecord?id=CVE-2025-11414", "https://www.gnu.org/" ], "PublishedDate": "2025-10-07T23:15:33.053Z", "LastModifiedDate": "2025-10-14T15:25:00.127Z" }, { "VulnerabilityID": "CVE-2025-11494", "PkgID": "binutils@2.38-4ubuntu2.11", "PkgName": "binutils", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/binutils@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "8d70ef0a03180edc", "BOMRef": "pkg:deb/ubuntu/binutils@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "FixedVersion": "2.38-4ubuntu2.12", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11494", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:54468959f1c5bcc03aafda24a41f882963e36299470cb686b22e2f1e1daf23b0", "Title": "binutils: GNU Binutils Linker out-of-bounds read", "Description": "A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11494", "https://nvd.nist.gov/vuln/detail/CVE-2025-11494", "https://sourceware.org/bugzilla/attachment.cgi?id=16389", "https://sourceware.org/bugzilla/show_bug.cgi?id=33499", "https://sourceware.org/bugzilla/show_bug.cgi?id=33499#c2", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a", "https://ubuntu.com/security/notices/USN-7919-1", "https://vuldb.com/?ctiid.327619", "https://vuldb.com/?id.327619", "https://vuldb.com/?submit.668281", "https://www.cve.org/CVERecord?id=CVE-2025-11494", "https://www.gnu.org/" ], "PublishedDate": "2025-10-08T20:15:34.77Z", "LastModifiedDate": "2025-10-14T15:27:45.803Z" }, { "VulnerabilityID": "CVE-2025-1180", "PkgID": "binutils@2.38-4ubuntu2.11", "PkgName": "binutils", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/binutils@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "8d70ef0a03180edc", "BOMRef": "pkg:deb/ubuntu/binutils@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1180", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6188c7dc6b026d2bcb33e4c22134a304918b797d72e4317b3676a2f75c11da96", "Title": "binutils: GNU Binutils ld elf-eh-frame.c _bfd_elf_write_section_eh_frame memory corruption", "Description": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function _bfd_elf_write_section_eh_frame of the file bfd/elf-eh-frame.c of the component ld. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "azure": 1, "cbl-mariner": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1180", "https://nvd.nist.gov/vuln/detail/CVE-2025-1180", "https://sourceware.org/bugzilla/attachment.cgi?id=15917", "https://sourceware.org/bugzilla/show_bug.cgi?id=32642", "https://vuldb.com/?ctiid.295083", "https://vuldb.com/?id.295083", "https://vuldb.com/?submit.495381", "https://www.cve.org/CVERecord?id=CVE-2025-1180", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T08:15:31.59Z", "LastModifiedDate": "2025-05-21T20:35:18.05Z" }, { "VulnerabilityID": "CVE-2017-13716", "PkgID": "binutils@2.38-4ubuntu2.11", "PkgName": "binutils", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/binutils@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "8d70ef0a03180edc", "BOMRef": "pkg:deb/ubuntu/binutils@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7a5644515483710b2eb8db4ea00bcc9fe177649d48fc639d04cebf4c8ecbad33", "Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty", "Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).", "Severity": "LOW", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 7.1, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2017-13716", "https://nvd.nist.gov/vuln/detail/CVE-2017-13716", "https://sourceware.org/bugzilla/show_bug.cgi?id=22009", "https://www.cve.org/CVERecord?id=CVE-2017-13716" ], "PublishedDate": "2017-08-28T21:29:00.293Z", "LastModifiedDate": "2025-04-20T01:37:25.86Z" }, { "VulnerabilityID": "CVE-2019-1010204", "PkgID": "binutils@2.38-4ubuntu2.11", "PkgName": "binutils", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/binutils@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "8d70ef0a03180edc", "BOMRef": "pkg:deb/ubuntu/binutils@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010204", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6c802b9715d2a8e03e15f58179ba1de14ee88e4e7c0e9d855b984f53ce81abb1", "Title": "binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service", "Description": "GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.", "Severity": "LOW", "CweIDs": [ "CWE-125", "CWE-681" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 1, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2019-1010204", "https://linux.oracle.com/cve/CVE-2019-1010204.html", "https://linux.oracle.com/errata/ELSA-2020-1797.html", "https://nvd.nist.gov/vuln/detail/CVE-2019-1010204", "https://security.netapp.com/advisory/ntap-20190822-0001/", "https://sourceware.org/bugzilla/show_bug.cgi?id=23765", "https://support.f5.com/csp/article/K05032915?utm_source=f5support\u0026amp%3Butm_medium=RSS", "https://ubuntu.com/security/notices/USN-5349-1", "https://www.cve.org/CVERecord?id=CVE-2019-1010204" ], "PublishedDate": "2019-07-23T14:15:13.373Z", "LastModifiedDate": "2024-11-21T04:18:03.163Z" }, { "VulnerabilityID": "CVE-2022-27943", "PkgID": "binutils@2.38-4ubuntu2.11", "PkgName": "binutils", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/binutils@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "8d70ef0a03180edc", "BOMRef": "pkg:deb/ubuntu/binutils@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1e7725d227d0687fa56cf72f251bad571a204189764dde1f373c01369df128b6", "Title": "binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const", "Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "amazon": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-27943", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead", "https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "https://sourceware.org/bugzilla/show_bug.cgi?id=28995", "https://www.cve.org/CVERecord?id=CVE-2022-27943" ], "PublishedDate": "2022-03-26T13:15:07.9Z", "LastModifiedDate": "2024-11-21T06:56:31.04Z" }, { "VulnerabilityID": "CVE-2022-48064", "PkgID": "binutils@2.38-4ubuntu2.11", "PkgName": "binutils", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/binutils@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "8d70ef0a03180edc", "BOMRef": "pkg:deb/ubuntu/binutils@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-48064", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c162ea9a408234c2f89b0f58120fb5f28a33dd1205a0450e260bb98ca37e474c", "Title": "binutils: excessive memory consumption in _bfd_dwarf2_find_nearest_line_with_alt() in dwarf2.c", "Description": "GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.", "Severity": "LOW", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 2, "cbl-mariner": 2, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-48064", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/", "https://nvd.nist.gov/vuln/detail/CVE-2022-48064", "https://security.netapp.com/advisory/ntap-20231006-0008/", "https://sourceware.org/bugzilla/show_bug.cgi?id=29922", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8f2c64de86bc3d7556121fe296dd679000283931", "https://www.cve.org/CVERecord?id=CVE-2022-48064" ], "PublishedDate": "2023-08-22T19:16:30.937Z", "LastModifiedDate": "2024-11-21T07:32:46.073Z" }, { "VulnerabilityID": "CVE-2025-1152", "PkgID": "binutils@2.38-4ubuntu2.11", "PkgName": "binutils", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/binutils@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "8d70ef0a03180edc", "BOMRef": "pkg:deb/ubuntu/binutils@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1152", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b36201134e0f13f41d25859046eee0f1759963303f38d46b744c3c14984ef742", "Title": "binutils: GNU Binutils ld xstrdup.c xstrdup memory leak", "Description": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "nvd": 1, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1152", "https://nvd.nist.gov/vuln/detail/CVE-2025-1152", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://vuldb.com/?ctiid.295056", "https://vuldb.com/?id.295056", "https://www.cve.org/CVERecord?id=CVE-2025-1152", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T18:15:34.043Z", "LastModifiedDate": "2025-03-03T17:32:01.613Z" }, { "VulnerabilityID": "CVE-2025-11412", "PkgID": "binutils-common@2.38-4ubuntu2.11", "PkgName": "binutils-common", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/binutils-common@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "7ea551487aac860", "BOMRef": "pkg:deb/ubuntu/binutils-common@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "FixedVersion": "2.38-4ubuntu2.12", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11412", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:14be57126cb6c94da3942d270b345fa6f723346c8af9700776a5b07aa33a5e24", "Title": "binutils: GNU Binutils Linker elflink.c bfd_elf_gc_record_vtentry out-of-bounds", "Description": "A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch.", "Severity": "MEDIUM", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11412", "https://nvd.nist.gov/vuln/detail/CVE-2025-11412", "https://sourceware.org/bugzilla/attachment.cgi?id=16378", "https://sourceware.org/bugzilla/show_bug.cgi?id=33452", "https://sourceware.org/bugzilla/show_bug.cgi?id=33452#c8", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=047435dd988a3975d40c6626a8f739a0b2e154bc", "https://ubuntu.com/security/notices/USN-7919-1", "https://vuldb.com/?ctiid.327348", "https://vuldb.com/?id.327348", "https://www.cve.org/CVERecord?id=CVE-2025-11412", "https://www.gnu.org/" ], "PublishedDate": "2025-10-07T22:15:34.03Z", "LastModifiedDate": "2025-10-14T15:09:07.05Z" }, { "VulnerabilityID": "CVE-2025-11413", "PkgID": "binutils-common@2.38-4ubuntu2.11", "PkgName": "binutils-common", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/binutils-common@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "7ea551487aac860", "BOMRef": "pkg:deb/ubuntu/binutils-common@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "FixedVersion": "2.38-4ubuntu2.12", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11413", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c7cdc2e58b1374d35ef62d0b8bf4ec2293ec2ee20521a085ba7b98b76043c97f", "Title": "binutils: GNU Binutils Linker elflink.c elf_link_add_object_symbols out-of-bounds", "Description": "A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Upgrading to version 2.46 is able to address this issue. The patch is identified as 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. Upgrading the affected component is advised.", "Severity": "MEDIUM", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11413", "https://nvd.nist.gov/vuln/detail/CVE-2025-11413", "https://sourceware.org/bugzilla/attachment.cgi?id=16362", "https://sourceware.org/bugzilla/show_bug.cgi?id=33452", "https://sourceware.org/bugzilla/show_bug.cgi?id=33456", "https://sourceware.org/bugzilla/show_bug.cgi?id=33456#c10", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0", "https://ubuntu.com/security/notices/USN-7919-1", "https://vuldb.com/?ctiid.327349", "https://vuldb.com/?id.327349", "https://vuldb.com/?submit.665587", "https://vuldb.com/?submit.665590", "https://www.cve.org/CVERecord?id=CVE-2025-11413", "https://www.gnu.org/" ], "PublishedDate": "2025-10-07T22:15:34.23Z", "LastModifiedDate": "2026-02-24T07:16:31.417Z" }, { "VulnerabilityID": "CVE-2025-11414", "PkgID": "binutils-common@2.38-4ubuntu2.11", "PkgName": "binutils-common", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/binutils-common@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "7ea551487aac860", "BOMRef": "pkg:deb/ubuntu/binutils-common@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "FixedVersion": "2.38-4ubuntu2.12", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11414", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:012fc4f99258e06bb6ee7fc8daec8fbfd954710392485825697561f4eda998a0", "Title": "binutils: GNU Binutils Linker elflink.c get_link_hash_entry out-of-bounds", "Description": "A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.46 addresses this issue. Patch name: aeaaa9af6359c8e394ce9cf24911fec4f4d23703. It is advisable to upgrade the affected component.", "Severity": "MEDIUM", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "azure": 1, "cbl-mariner": 2, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11414", "https://nvd.nist.gov/vuln/detail/CVE-2025-11414", "https://sourceware.org/bugzilla/attachment.cgi?id=16361", "https://sourceware.org/bugzilla/show_bug.cgi?id=33450", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aeaaa9af6359c8e394ce9cf24911fec4f4d23703", "https://ubuntu.com/security/notices/USN-7919-1", "https://vuldb.com/?ctiid.327350", "https://vuldb.com/?id.327350", "https://vuldb.com/?submit.665591", "https://www.cve.org/CVERecord?id=CVE-2025-11414", "https://www.gnu.org/" ], "PublishedDate": "2025-10-07T23:15:33.053Z", "LastModifiedDate": "2025-10-14T15:25:00.127Z" }, { "VulnerabilityID": "CVE-2025-11494", "PkgID": "binutils-common@2.38-4ubuntu2.11", "PkgName": "binutils-common", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/binutils-common@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "7ea551487aac860", "BOMRef": "pkg:deb/ubuntu/binutils-common@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "FixedVersion": "2.38-4ubuntu2.12", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11494", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3879116b65526ad14d5b86aa34969077e149e2eba4d9d988ffb132c8ed6f3392", "Title": "binutils: GNU Binutils Linker out-of-bounds read", "Description": "A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11494", "https://nvd.nist.gov/vuln/detail/CVE-2025-11494", "https://sourceware.org/bugzilla/attachment.cgi?id=16389", "https://sourceware.org/bugzilla/show_bug.cgi?id=33499", "https://sourceware.org/bugzilla/show_bug.cgi?id=33499#c2", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a", "https://ubuntu.com/security/notices/USN-7919-1", "https://vuldb.com/?ctiid.327619", "https://vuldb.com/?id.327619", "https://vuldb.com/?submit.668281", "https://www.cve.org/CVERecord?id=CVE-2025-11494", "https://www.gnu.org/" ], "PublishedDate": "2025-10-08T20:15:34.77Z", "LastModifiedDate": "2025-10-14T15:27:45.803Z" }, { "VulnerabilityID": "CVE-2025-1180", "PkgID": "binutils-common@2.38-4ubuntu2.11", "PkgName": "binutils-common", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/binutils-common@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "7ea551487aac860", "BOMRef": "pkg:deb/ubuntu/binutils-common@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1180", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0836f4fd437ab551e5171f2fd4954ea2d1aa8a53264a58828d28f2c649f97603", "Title": "binutils: GNU Binutils ld elf-eh-frame.c _bfd_elf_write_section_eh_frame memory corruption", "Description": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function _bfd_elf_write_section_eh_frame of the file bfd/elf-eh-frame.c of the component ld. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "azure": 1, "cbl-mariner": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1180", "https://nvd.nist.gov/vuln/detail/CVE-2025-1180", "https://sourceware.org/bugzilla/attachment.cgi?id=15917", "https://sourceware.org/bugzilla/show_bug.cgi?id=32642", "https://vuldb.com/?ctiid.295083", "https://vuldb.com/?id.295083", "https://vuldb.com/?submit.495381", "https://www.cve.org/CVERecord?id=CVE-2025-1180", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T08:15:31.59Z", "LastModifiedDate": "2025-05-21T20:35:18.05Z" }, { "VulnerabilityID": "CVE-2017-13716", "PkgID": "binutils-common@2.38-4ubuntu2.11", "PkgName": "binutils-common", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/binutils-common@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "7ea551487aac860", "BOMRef": "pkg:deb/ubuntu/binutils-common@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:71756fdcc15c2c2934c972cce3c18163ff6ee97788fe604b99adeb71f2b01587", "Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty", "Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).", "Severity": "LOW", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 7.1, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2017-13716", "https://nvd.nist.gov/vuln/detail/CVE-2017-13716", "https://sourceware.org/bugzilla/show_bug.cgi?id=22009", "https://www.cve.org/CVERecord?id=CVE-2017-13716" ], "PublishedDate": "2017-08-28T21:29:00.293Z", "LastModifiedDate": "2025-04-20T01:37:25.86Z" }, { "VulnerabilityID": "CVE-2019-1010204", "PkgID": "binutils-common@2.38-4ubuntu2.11", "PkgName": "binutils-common", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/binutils-common@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "7ea551487aac860", "BOMRef": "pkg:deb/ubuntu/binutils-common@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010204", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b69d89aeddb42bb2d7cf2fb01189023def507824b71d809275a1cee542ec5347", "Title": "binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service", "Description": "GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.", "Severity": "LOW", "CweIDs": [ "CWE-125", "CWE-681" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 1, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2019-1010204", "https://linux.oracle.com/cve/CVE-2019-1010204.html", "https://linux.oracle.com/errata/ELSA-2020-1797.html", "https://nvd.nist.gov/vuln/detail/CVE-2019-1010204", "https://security.netapp.com/advisory/ntap-20190822-0001/", "https://sourceware.org/bugzilla/show_bug.cgi?id=23765", "https://support.f5.com/csp/article/K05032915?utm_source=f5support\u0026amp%3Butm_medium=RSS", "https://ubuntu.com/security/notices/USN-5349-1", "https://www.cve.org/CVERecord?id=CVE-2019-1010204" ], "PublishedDate": "2019-07-23T14:15:13.373Z", "LastModifiedDate": "2024-11-21T04:18:03.163Z" }, { "VulnerabilityID": "CVE-2022-27943", "PkgID": "binutils-common@2.38-4ubuntu2.11", "PkgName": "binutils-common", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/binutils-common@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "7ea551487aac860", "BOMRef": "pkg:deb/ubuntu/binutils-common@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b58cff03b6d03626f9843e4ae5d1eece143aff4f4cc6fdd6a0f88f3b16aa33dc", "Title": "binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const", "Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "amazon": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-27943", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead", "https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "https://sourceware.org/bugzilla/show_bug.cgi?id=28995", "https://www.cve.org/CVERecord?id=CVE-2022-27943" ], "PublishedDate": "2022-03-26T13:15:07.9Z", "LastModifiedDate": "2024-11-21T06:56:31.04Z" }, { "VulnerabilityID": "CVE-2022-48064", "PkgID": "binutils-common@2.38-4ubuntu2.11", "PkgName": "binutils-common", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/binutils-common@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "7ea551487aac860", "BOMRef": "pkg:deb/ubuntu/binutils-common@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-48064", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:fe46377051818888cbd97fb5ca617037244e4d00b3b7d014d5d745342eebdbbc", "Title": "binutils: excessive memory consumption in _bfd_dwarf2_find_nearest_line_with_alt() in dwarf2.c", "Description": "GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.", "Severity": "LOW", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 2, "cbl-mariner": 2, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-48064", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/", "https://nvd.nist.gov/vuln/detail/CVE-2022-48064", "https://security.netapp.com/advisory/ntap-20231006-0008/", "https://sourceware.org/bugzilla/show_bug.cgi?id=29922", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8f2c64de86bc3d7556121fe296dd679000283931", "https://www.cve.org/CVERecord?id=CVE-2022-48064" ], "PublishedDate": "2023-08-22T19:16:30.937Z", "LastModifiedDate": "2024-11-21T07:32:46.073Z" }, { "VulnerabilityID": "CVE-2025-1152", "PkgID": "binutils-common@2.38-4ubuntu2.11", "PkgName": "binutils-common", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/binutils-common@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "7ea551487aac860", "BOMRef": "pkg:deb/ubuntu/binutils-common@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1152", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1fa712b822322626a345e72d770dab532a1ed0f4b4e4dff1701efcc9df52f70d", "Title": "binutils: GNU Binutils ld xstrdup.c xstrdup memory leak", "Description": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "nvd": 1, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1152", "https://nvd.nist.gov/vuln/detail/CVE-2025-1152", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://vuldb.com/?ctiid.295056", "https://vuldb.com/?id.295056", "https://www.cve.org/CVERecord?id=CVE-2025-1152", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T18:15:34.043Z", "LastModifiedDate": "2025-03-03T17:32:01.613Z" }, { "VulnerabilityID": "CVE-2025-11412", "PkgID": "binutils-x86-64-linux-gnu@2.38-4ubuntu2.11", "PkgName": "binutils-x86-64-linux-gnu", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/binutils-x86-64-linux-gnu@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "80586d57361b327d", "BOMRef": "pkg:deb/ubuntu/binutils-x86-64-linux-gnu@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "FixedVersion": "2.38-4ubuntu2.12", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11412", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2c7e9429252ff40ab452918a1205e1af6969d11a6de49cde820043593a657b5d", "Title": "binutils: GNU Binutils Linker elflink.c bfd_elf_gc_record_vtentry out-of-bounds", "Description": "A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch.", "Severity": "MEDIUM", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11412", "https://nvd.nist.gov/vuln/detail/CVE-2025-11412", "https://sourceware.org/bugzilla/attachment.cgi?id=16378", "https://sourceware.org/bugzilla/show_bug.cgi?id=33452", "https://sourceware.org/bugzilla/show_bug.cgi?id=33452#c8", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=047435dd988a3975d40c6626a8f739a0b2e154bc", "https://ubuntu.com/security/notices/USN-7919-1", "https://vuldb.com/?ctiid.327348", "https://vuldb.com/?id.327348", "https://www.cve.org/CVERecord?id=CVE-2025-11412", "https://www.gnu.org/" ], "PublishedDate": "2025-10-07T22:15:34.03Z", "LastModifiedDate": "2025-10-14T15:09:07.05Z" }, { "VulnerabilityID": "CVE-2025-11413", "PkgID": "binutils-x86-64-linux-gnu@2.38-4ubuntu2.11", "PkgName": "binutils-x86-64-linux-gnu", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/binutils-x86-64-linux-gnu@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "80586d57361b327d", "BOMRef": "pkg:deb/ubuntu/binutils-x86-64-linux-gnu@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "FixedVersion": "2.38-4ubuntu2.12", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11413", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b2b1e0b10921ab55b44f7be4084d7e131d552308dc0307ebbb413112198c7ce7", "Title": "binutils: GNU Binutils Linker elflink.c elf_link_add_object_symbols out-of-bounds", "Description": "A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Upgrading to version 2.46 is able to address this issue. The patch is identified as 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. Upgrading the affected component is advised.", "Severity": "MEDIUM", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11413", "https://nvd.nist.gov/vuln/detail/CVE-2025-11413", "https://sourceware.org/bugzilla/attachment.cgi?id=16362", "https://sourceware.org/bugzilla/show_bug.cgi?id=33452", "https://sourceware.org/bugzilla/show_bug.cgi?id=33456", "https://sourceware.org/bugzilla/show_bug.cgi?id=33456#c10", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0", "https://ubuntu.com/security/notices/USN-7919-1", "https://vuldb.com/?ctiid.327349", "https://vuldb.com/?id.327349", "https://vuldb.com/?submit.665587", "https://vuldb.com/?submit.665590", "https://www.cve.org/CVERecord?id=CVE-2025-11413", "https://www.gnu.org/" ], "PublishedDate": "2025-10-07T22:15:34.23Z", "LastModifiedDate": "2026-02-24T07:16:31.417Z" }, { "VulnerabilityID": "CVE-2025-11414", "PkgID": "binutils-x86-64-linux-gnu@2.38-4ubuntu2.11", "PkgName": "binutils-x86-64-linux-gnu", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/binutils-x86-64-linux-gnu@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "80586d57361b327d", "BOMRef": "pkg:deb/ubuntu/binutils-x86-64-linux-gnu@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "FixedVersion": "2.38-4ubuntu2.12", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11414", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:047ead2b03cfc3148a6bc1430891a279342a243d1df841db998761d03c1d5be2", "Title": "binutils: GNU Binutils Linker elflink.c get_link_hash_entry out-of-bounds", "Description": "A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.46 addresses this issue. Patch name: aeaaa9af6359c8e394ce9cf24911fec4f4d23703. It is advisable to upgrade the affected component.", "Severity": "MEDIUM", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "azure": 1, "cbl-mariner": 2, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11414", "https://nvd.nist.gov/vuln/detail/CVE-2025-11414", "https://sourceware.org/bugzilla/attachment.cgi?id=16361", "https://sourceware.org/bugzilla/show_bug.cgi?id=33450", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aeaaa9af6359c8e394ce9cf24911fec4f4d23703", "https://ubuntu.com/security/notices/USN-7919-1", "https://vuldb.com/?ctiid.327350", "https://vuldb.com/?id.327350", "https://vuldb.com/?submit.665591", "https://www.cve.org/CVERecord?id=CVE-2025-11414", "https://www.gnu.org/" ], "PublishedDate": "2025-10-07T23:15:33.053Z", "LastModifiedDate": "2025-10-14T15:25:00.127Z" }, { "VulnerabilityID": "CVE-2025-11494", "PkgID": "binutils-x86-64-linux-gnu@2.38-4ubuntu2.11", "PkgName": "binutils-x86-64-linux-gnu", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/binutils-x86-64-linux-gnu@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "80586d57361b327d", "BOMRef": "pkg:deb/ubuntu/binutils-x86-64-linux-gnu@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "FixedVersion": "2.38-4ubuntu2.12", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11494", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9338bc87ee63a602249f063eaa011fc80921ae4662eed5261ab359c17dc1937e", "Title": "binutils: GNU Binutils Linker out-of-bounds read", "Description": "A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11494", "https://nvd.nist.gov/vuln/detail/CVE-2025-11494", "https://sourceware.org/bugzilla/attachment.cgi?id=16389", "https://sourceware.org/bugzilla/show_bug.cgi?id=33499", "https://sourceware.org/bugzilla/show_bug.cgi?id=33499#c2", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a", "https://ubuntu.com/security/notices/USN-7919-1", "https://vuldb.com/?ctiid.327619", "https://vuldb.com/?id.327619", "https://vuldb.com/?submit.668281", "https://www.cve.org/CVERecord?id=CVE-2025-11494", "https://www.gnu.org/" ], "PublishedDate": "2025-10-08T20:15:34.77Z", "LastModifiedDate": "2025-10-14T15:27:45.803Z" }, { "VulnerabilityID": "CVE-2025-1180", "PkgID": "binutils-x86-64-linux-gnu@2.38-4ubuntu2.11", "PkgName": "binutils-x86-64-linux-gnu", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/binutils-x86-64-linux-gnu@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "80586d57361b327d", "BOMRef": "pkg:deb/ubuntu/binutils-x86-64-linux-gnu@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1180", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d2a9bb605deaf83c6f99b9f255b310514cc17b9658cc8eca85969a5e22b86ee3", "Title": "binutils: GNU Binutils ld elf-eh-frame.c _bfd_elf_write_section_eh_frame memory corruption", "Description": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function _bfd_elf_write_section_eh_frame of the file bfd/elf-eh-frame.c of the component ld. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "azure": 1, "cbl-mariner": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1180", "https://nvd.nist.gov/vuln/detail/CVE-2025-1180", "https://sourceware.org/bugzilla/attachment.cgi?id=15917", "https://sourceware.org/bugzilla/show_bug.cgi?id=32642", "https://vuldb.com/?ctiid.295083", "https://vuldb.com/?id.295083", "https://vuldb.com/?submit.495381", "https://www.cve.org/CVERecord?id=CVE-2025-1180", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T08:15:31.59Z", "LastModifiedDate": "2025-05-21T20:35:18.05Z" }, { "VulnerabilityID": "CVE-2017-13716", "PkgID": "binutils-x86-64-linux-gnu@2.38-4ubuntu2.11", "PkgName": "binutils-x86-64-linux-gnu", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/binutils-x86-64-linux-gnu@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "80586d57361b327d", "BOMRef": "pkg:deb/ubuntu/binutils-x86-64-linux-gnu@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:fbbac6bbbcf414a9a4049a2ee02424bca70b1f94d6117ee25370873de1ec9ad1", "Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty", "Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).", "Severity": "LOW", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 7.1, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2017-13716", "https://nvd.nist.gov/vuln/detail/CVE-2017-13716", "https://sourceware.org/bugzilla/show_bug.cgi?id=22009", "https://www.cve.org/CVERecord?id=CVE-2017-13716" ], "PublishedDate": "2017-08-28T21:29:00.293Z", "LastModifiedDate": "2025-04-20T01:37:25.86Z" }, { "VulnerabilityID": "CVE-2019-1010204", "PkgID": "binutils-x86-64-linux-gnu@2.38-4ubuntu2.11", "PkgName": "binutils-x86-64-linux-gnu", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/binutils-x86-64-linux-gnu@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "80586d57361b327d", "BOMRef": "pkg:deb/ubuntu/binutils-x86-64-linux-gnu@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010204", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c6114fa54d08482dbfcde52222cd506d7eac889ebb834df315ee4afda2b57234", "Title": "binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service", "Description": "GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.", "Severity": "LOW", "CweIDs": [ "CWE-125", "CWE-681" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 1, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2019-1010204", "https://linux.oracle.com/cve/CVE-2019-1010204.html", "https://linux.oracle.com/errata/ELSA-2020-1797.html", "https://nvd.nist.gov/vuln/detail/CVE-2019-1010204", "https://security.netapp.com/advisory/ntap-20190822-0001/", "https://sourceware.org/bugzilla/show_bug.cgi?id=23765", "https://support.f5.com/csp/article/K05032915?utm_source=f5support\u0026amp%3Butm_medium=RSS", "https://ubuntu.com/security/notices/USN-5349-1", "https://www.cve.org/CVERecord?id=CVE-2019-1010204" ], "PublishedDate": "2019-07-23T14:15:13.373Z", "LastModifiedDate": "2024-11-21T04:18:03.163Z" }, { "VulnerabilityID": "CVE-2022-27943", "PkgID": "binutils-x86-64-linux-gnu@2.38-4ubuntu2.11", "PkgName": "binutils-x86-64-linux-gnu", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/binutils-x86-64-linux-gnu@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "80586d57361b327d", "BOMRef": "pkg:deb/ubuntu/binutils-x86-64-linux-gnu@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f6bbaa90457d5fce73c6b3d4b0ebea1812b29a6c5cb9e710099599e3bab5ab80", "Title": "binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const", "Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "amazon": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-27943", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead", "https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "https://sourceware.org/bugzilla/show_bug.cgi?id=28995", "https://www.cve.org/CVERecord?id=CVE-2022-27943" ], "PublishedDate": "2022-03-26T13:15:07.9Z", "LastModifiedDate": "2024-11-21T06:56:31.04Z" }, { "VulnerabilityID": "CVE-2022-48064", "PkgID": "binutils-x86-64-linux-gnu@2.38-4ubuntu2.11", "PkgName": "binutils-x86-64-linux-gnu", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/binutils-x86-64-linux-gnu@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "80586d57361b327d", "BOMRef": "pkg:deb/ubuntu/binutils-x86-64-linux-gnu@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-48064", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5be2f2ea1412cc4d90e12f877572569852d42499172a96abda85b096bfd2cf65", "Title": "binutils: excessive memory consumption in _bfd_dwarf2_find_nearest_line_with_alt() in dwarf2.c", "Description": "GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.", "Severity": "LOW", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 2, "cbl-mariner": 2, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-48064", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/", "https://nvd.nist.gov/vuln/detail/CVE-2022-48064", "https://security.netapp.com/advisory/ntap-20231006-0008/", "https://sourceware.org/bugzilla/show_bug.cgi?id=29922", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8f2c64de86bc3d7556121fe296dd679000283931", "https://www.cve.org/CVERecord?id=CVE-2022-48064" ], "PublishedDate": "2023-08-22T19:16:30.937Z", "LastModifiedDate": "2024-11-21T07:32:46.073Z" }, { "VulnerabilityID": "CVE-2025-1152", "PkgID": "binutils-x86-64-linux-gnu@2.38-4ubuntu2.11", "PkgName": "binutils-x86-64-linux-gnu", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/binutils-x86-64-linux-gnu@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "80586d57361b327d", "BOMRef": "pkg:deb/ubuntu/binutils-x86-64-linux-gnu@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1152", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:53ff7333e68fc6d16e9bf8f35126a2eb0ac94858479a90d79ccc2345cd5a4c0f", "Title": "binutils: GNU Binutils ld xstrdup.c xstrdup memory leak", "Description": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "nvd": 1, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1152", "https://nvd.nist.gov/vuln/detail/CVE-2025-1152", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://vuldb.com/?ctiid.295056", "https://vuldb.com/?id.295056", "https://www.cve.org/CVERecord?id=CVE-2025-1152", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T18:15:34.043Z", "LastModifiedDate": "2025-03-03T17:32:01.613Z" }, { "VulnerabilityID": "CVE-2021-3826", "PkgID": "cpp-11@11.4.0-1ubuntu1~22.04.2", "PkgName": "cpp-11", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/cpp-11@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "79e97cdd51d1da63", "BOMRef": "pkg:deb/ubuntu/cpp-11@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "11.4.0-1ubuntu1~22.04.2", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3826", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ea5aa7860d3841fb346b1f668ad078f3b9fdb7353c42c04b9efb2128a635427d", "Title": "libiberty: Heap/stack buffer overflow in the dlang_lname function in d-demangle.c", "Description": "Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-787" ], "VendorSeverity": { "alma": 1, "nvd": 2, "oracle-oval": 1, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6372", "https://access.redhat.com/security/cve/CVE-2021-3826", "https://bugzilla.redhat.com/2122627", "https://errata.almalinux.org/9/ALSA-2023-6372.html", "https://gcc.gnu.org/git/?p=gcc.git%3Ba=commit%3Bh=5481040197402be6dfee265bd2ff5a4c88e30505", "https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=5481040197402be6dfee265bd2ff5a4c88e30505", "https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579987", "https://linux.oracle.com/cve/CVE-2021-3826.html", "https://linux.oracle.com/errata/ELSA-2023-6372.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYLS3VR4OPL5ECRWOR4ZHMGXUSCJFZY/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXFC74WRZ2Q7F2TSUKPYNIL7ZPBWYI6L/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", "https://nvd.nist.gov/vuln/detail/CVE-2021-3826", "https://www.cve.org/CVERecord?id=CVE-2021-3826" ], "PublishedDate": "2022-09-01T21:15:08.843Z", "LastModifiedDate": "2024-11-21T06:22:32.99Z" }, { "VulnerabilityID": "CVE-2021-46195", "PkgID": "cpp-11@11.4.0-1ubuntu1~22.04.2", "PkgName": "cpp-11", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/cpp-11@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "79e97cdd51d1da63", "BOMRef": "pkg:deb/ubuntu/cpp-11@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "11.4.0-1ubuntu1~22.04.2", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-46195", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0abc3317af8e8724ccf497cc65c2d0acdc4a5ec1353892ecb86cdfcb4d4b8a4a", "Title": "gcc: uncontrolled recursion in libiberty/rust-demangle.c", "Description": "GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "alma": 1, "nvd": 2, "oracle-oval": 1, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2022:8415", "https://access.redhat.com/security/cve/CVE-2021-46195", "https://bugzilla.redhat.com/2046300", "https://errata.almalinux.org/9/ALSA-2022-8415.html", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841", "https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=f10bec5ffa487ad3033ed5f38cfd0fc7d696deab", "https://linux.oracle.com/cve/CVE-2021-46195.html", "https://linux.oracle.com/errata/ELSA-2022-8415.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-46195", "https://www.cve.org/CVERecord?id=CVE-2021-46195" ], "PublishedDate": "2022-01-14T20:15:15.6Z", "LastModifiedDate": "2024-11-21T06:33:45.04Z" }, { "VulnerabilityID": "CVE-2022-27943", "PkgID": "cpp-11@11.4.0-1ubuntu1~22.04.2", "PkgName": "cpp-11", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/cpp-11@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "79e97cdd51d1da63", "BOMRef": "pkg:deb/ubuntu/cpp-11@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "11.4.0-1ubuntu1~22.04.2", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2ac16c531c70d3eb2edf5ab0577c749a5c85719c7f0bc93ac18f1f6308922238", "Title": "binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const", "Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "amazon": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-27943", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead", "https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "https://sourceware.org/bugzilla/show_bug.cgi?id=28995", "https://www.cve.org/CVERecord?id=CVE-2022-27943" ], "PublishedDate": "2022-03-26T13:15:07.9Z", "LastModifiedDate": "2024-11-21T06:56:31.04Z" }, { "VulnerabilityID": "CVE-2025-14017", "PkgID": "curl@7.81.0-1ubuntu1.21", "PkgName": "curl", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/curl@7.81.0-1ubuntu1.21?arch=amd64\u0026distro=ubuntu-22.04", "UID": "cfb730dbd76e403c", "BOMRef": "pkg:deb/ubuntu/curl@7.81.0-1ubuntu1.21?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "7.81.0-1ubuntu1.21", "FixedVersion": "7.81.0-1ubuntu1.22", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-14017", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:cc03b0591e77205a427ff35adc699924d4ffc1bb36f3b08445009dfacf70d458", "Title": "curl: curl: Security bypass due to global TLS option changes in multi-threaded LDAPS transfers", "Description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/07/3", "https://access.redhat.com/security/cve/CVE-2025-14017", "https://curl.se/docs/CVE-2025-14017.html", "https://curl.se/docs/CVE-2025-14017.json", "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "https://ubuntu.com/security/notices/USN-8062-1", "https://ubuntu.com/security/notices/USN-8062-2", "https://www.cve.org/CVERecord?id=CVE-2025-14017" ], "PublishedDate": "2026-01-08T10:15:45.667Z", "LastModifiedDate": "2026-01-27T21:29:39.953Z" }, { "VulnerabilityID": "CVE-2026-1965", "PkgID": "curl@7.81.0-1ubuntu1.21", "PkgName": "curl", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/curl@7.81.0-1ubuntu1.21?arch=amd64\u0026distro=ubuntu-22.04", "UID": "cfb730dbd76e403c", "BOMRef": "pkg:deb/ubuntu/curl@7.81.0-1ubuntu1.21?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "7.81.0-1ubuntu1.21", "FixedVersion": "7.81.0-1ubuntu1.23", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-1965", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:69886a4833996af46eab552d7c8ff5dd91a89659ec7ac5794beee090f7ef5efa", "Title": "curl: curl: Authentication bypass due to incorrect connection reuse with Negotiate authentication", "Description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "Severity": "MEDIUM", "CweIDs": [ "CWE-305" ], "VendorSeverity": { "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "V3Score": 6.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-1965", "https://curl.se/docs/CVE-2026-1965.html", "https://curl.se/docs/CVE-2026-1965.json", "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "https://ubuntu.com/security/notices/USN-8084-1", "https://ubuntu.com/security/notices/USN-8099-1", "https://www.cve.org/CVERecord?id=CVE-2026-1965" ], "PublishedDate": "2026-03-11T11:15:59.177Z", "LastModifiedDate": "2026-03-12T14:11:19.07Z" }, { "VulnerabilityID": "CVE-2026-3783", "PkgID": "curl@7.81.0-1ubuntu1.21", "PkgName": "curl", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/curl@7.81.0-1ubuntu1.21?arch=amd64\u0026distro=ubuntu-22.04", "UID": "cfb730dbd76e403c", "BOMRef": "pkg:deb/ubuntu/curl@7.81.0-1ubuntu1.21?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "7.81.0-1ubuntu1.21", "FixedVersion": "7.81.0-1ubuntu1.23", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3783", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6ef442100d0548d33d2c3f51384a1330aca1fdb79d682569b741c2c42a29c28e", "Title": "curl: curl: Information disclosure via OAuth2 bearer token leakage during HTTP(S) redirect", "Description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "Severity": "MEDIUM", "CweIDs": [ "CWE-522" ], "VendorSeverity": { "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "V3Score": 5.7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/11/2", "https://access.redhat.com/security/cve/CVE-2026-3783", "https://curl.se/docs/CVE-2026-3783.html", "https://curl.se/docs/CVE-2026-3783.json", "https://hackerone.com/reports/3583983", "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "https://ubuntu.com/security/notices/USN-8084-1", "https://ubuntu.com/security/notices/USN-8099-1", "https://www.cve.org/CVERecord?id=CVE-2026-3783" ], "PublishedDate": "2026-03-11T11:16:00.08Z", "LastModifiedDate": "2026-03-12T14:10:37.3Z" }, { "VulnerabilityID": "CVE-2025-0167", "PkgID": "curl@7.81.0-1ubuntu1.21", "PkgName": "curl", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/curl@7.81.0-1ubuntu1.21?arch=amd64\u0026distro=ubuntu-22.04", "UID": "cfb730dbd76e403c", "BOMRef": "pkg:deb/ubuntu/curl@7.81.0-1ubuntu1.21?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "7.81.0-1ubuntu1.21", "FixedVersion": "7.81.0-1ubuntu1.23", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0167", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:18579d9991e0219b6ff5c47b1bddbec67ce85d6747ccb53ae70eb3576ea11e86", "Title": "When asked to use a `.netrc` file for credentials **and** to follow HT ...", "Description": "When asked to use a `.netrc` file for credentials **and** to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has a `default` entry that\nomits both login and password. A rare circumstance.", "Severity": "LOW", "VendorSeverity": { "amazon": 2, "azure": 1, "cbl-mariner": 1, "photon": 1, "ubuntu": 1 }, "References": [ "https://curl.se/docs/CVE-2025-0167.html", "https://curl.se/docs/CVE-2025-0167.json", "https://hackerone.com/reports/2917232", "https://nvd.nist.gov/vuln/detail/CVE-2025-0167", "https://security.netapp.com/advisory/ntap-20250306-0008/", "https://ubuntu.com/security/notices/USN-8084-1", "https://www.cve.org/CVERecord?id=CVE-2025-0167" ], "PublishedDate": "2025-02-05T10:15:22.71Z", "LastModifiedDate": "2025-07-30T19:41:45.08Z" }, { "VulnerabilityID": "CVE-2025-14524", "PkgID": "curl@7.81.0-1ubuntu1.21", "PkgName": "curl", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/curl@7.81.0-1ubuntu1.21?arch=amd64\u0026distro=ubuntu-22.04", "UID": "cfb730dbd76e403c", "BOMRef": "pkg:deb/ubuntu/curl@7.81.0-1ubuntu1.21?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "7.81.0-1ubuntu1.21", "FixedVersion": "7.81.0-1ubuntu1.22", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-14524", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0b0c469788607924d83c2a58946ba0ffe856f4dd1f2cc8944979097004407b37", "Title": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that ...", "Description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", "Severity": "LOW", "CweIDs": [ "CWE-601" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "photon": 2, "ubuntu": 1 }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/07/4", "https://curl.se/docs/CVE-2025-14524.html", "https://curl.se/docs/CVE-2025-14524.json", "https://hackerone.com/reports/3459417", "https://nvd.nist.gov/vuln/detail/CVE-2025-14524", "https://ubuntu.com/security/notices/USN-8062-1", "https://www.cve.org/CVERecord?id=CVE-2025-14524" ], "PublishedDate": "2026-01-08T10:15:46.607Z", "LastModifiedDate": "2026-01-20T14:53:11.017Z" }, { "VulnerabilityID": "CVE-2025-15079", "PkgID": "curl@7.81.0-1ubuntu1.21", "PkgName": "curl", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/curl@7.81.0-1ubuntu1.21?arch=amd64\u0026distro=ubuntu-22.04", "UID": "cfb730dbd76e403c", "BOMRef": "pkg:deb/ubuntu/curl@7.81.0-1ubuntu1.21?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "7.81.0-1ubuntu1.21", "FixedVersion": "7.81.0-1ubuntu1.22", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15079", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:fdc3045a96a57a4018c48fe7c3966d6400291a7baf2a54d9d7142beab3e98599", "Title": "When doing SSH-based transfers using either SCP or SFTP, and setting t ...", "Description": "When doing SSH-based transfers using either SCP or SFTP, and setting the\nknown_hosts file, libcurl could still mistakenly accept connecting to hosts\n*not present* in the specified file if they were added as recognized in the\nlibssh *global* known_hosts file.", "Severity": "LOW", "CweIDs": [ "CWE-297" ], "VendorSeverity": { "amazon": 2, "photon": 2, "ubuntu": 1 }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/07/6", "https://curl.se/docs/CVE-2025-15079.html", "https://curl.se/docs/CVE-2025-15079.json", "https://hackerone.com/reports/3477116", "https://ubuntu.com/security/notices/USN-8062-1", "https://ubuntu.com/security/notices/USN-8062-2", "https://www.cve.org/CVERecord?id=CVE-2025-15079" ], "PublishedDate": "2026-01-08T10:15:47.1Z", "LastModifiedDate": "2026-01-20T14:50:24.33Z" }, { "VulnerabilityID": "CVE-2025-15224", "PkgID": "curl@7.81.0-1ubuntu1.21", "PkgName": "curl", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/curl@7.81.0-1ubuntu1.21?arch=amd64\u0026distro=ubuntu-22.04", "UID": "cfb730dbd76e403c", "BOMRef": "pkg:deb/ubuntu/curl@7.81.0-1ubuntu1.21?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "7.81.0-1ubuntu1.21", "FixedVersion": "7.81.0-1ubuntu1.22", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15224", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7aee9113c7a7eede4cda71b1b4aaa09a5242ef785aaedda79ab067010e6b1a26", "Title": "When doing SSH-based transfers using either SCP or SFTP, and asked to ...", "Description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "Severity": "LOW", "CweIDs": [ "CWE-287" ], "VendorSeverity": { "amazon": 2, "photon": 1, "ubuntu": 1 }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/07/7", "https://curl.se/docs/CVE-2025-15224.html", "https://curl.se/docs/CVE-2025-15224.json", "https://hackerone.com/reports/3480925", "https://ubuntu.com/security/notices/USN-8062-1", "https://ubuntu.com/security/notices/USN-8062-2", "https://www.cve.org/CVERecord?id=CVE-2025-15224" ], "PublishedDate": "2026-01-08T10:15:47.207Z", "LastModifiedDate": "2026-01-20T14:47:52.71Z" }, { "VulnerabilityID": "CVE-2026-3784", "PkgID": "curl@7.81.0-1ubuntu1.21", "PkgName": "curl", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/curl@7.81.0-1ubuntu1.21?arch=amd64\u0026distro=ubuntu-22.04", "UID": "cfb730dbd76e403c", "BOMRef": "pkg:deb/ubuntu/curl@7.81.0-1ubuntu1.21?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "7.81.0-1ubuntu1.21", "FixedVersion": "7.81.0-1ubuntu1.23", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3784", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:734077ead0b4e360ba5018d4b38820b619a54595cb6f96334ad665871740313b", "Title": "curl: curl: Unauthorized access due to improper HTTP proxy connection reuse", "Description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "Severity": "LOW", "CweIDs": [ "CWE-305" ], "VendorSeverity": { "photon": 2, "redhat": 2, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/11/3", "https://access.redhat.com/security/cve/CVE-2026-3784", "https://curl.se/docs/CVE-2026-3784.html", "https://curl.se/docs/CVE-2026-3784.json", "https://hackerone.com/reports/3584903", "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "https://ubuntu.com/security/notices/USN-8084-1", "https://ubuntu.com/security/notices/USN-8099-1", "https://www.cve.org/CVERecord?id=CVE-2026-3784" ], "PublishedDate": "2026-03-11T11:16:00.437Z", "LastModifiedDate": "2026-03-12T14:09:50.47Z" }, { "VulnerabilityID": "CVE-2025-68973", "PkgID": "dirmngr@2.2.27-3ubuntu2.4", "PkgName": "dirmngr", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/dirmngr@2.2.27-3ubuntu2.4?arch=amd64\u0026distro=ubuntu-22.04", "UID": "49c74f415e97b4b0", "BOMRef": "pkg:deb/ubuntu/dirmngr@2.2.27-3ubuntu2.4?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.2.27-3ubuntu2.4", "FixedVersion": "2.2.27-3ubuntu2.5", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68973", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:bfdaee18d898712b91fe96ece5313a4452d8b2f2b3a54389e0ff79f7537231b9", "Title": "GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write", "Description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "Severity": "HIGH", "CweIDs": [ "CWE-675", "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 3 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "V3Score": 7.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/12/29/11", "https://access.redhat.com/errata/RHSA-2026:0719", "https://access.redhat.com/security/cve/CVE-2025-68973", "https://bugzilla.redhat.com/2425966", "https://bugzilla.redhat.com/show_bug.cgi?id=2425966", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973", "https://dev.gnupg.org/T7906", "https://dev.gnupg.org/T8001", "https://errata.almalinux.org/9/ALSA-2026-0719.html", "https://errata.rockylinux.org/RLSA-2026:0719", "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9 (gnupg-2.5.14)", "https://github.com/gpg/gnupg/commit/1e929abd20fa2e4be3797a137caca63a971d5372 (gnupg-2.2.51)", "https://github.com/gpg/gnupg/commit/4ecc5122f20e10c17172ed72f4fa46c784b5fb48 (gnupg-2.4.9)", "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", "https://gpg.fail/memcpy", "https://linux.oracle.com/cve/CVE-2025-68973.html", "https://linux.oracle.com/errata/ELSA-2026-1677.html", "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html", "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", "https://news.ycombinator.com/item?id=46403200", "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "https://ubuntu.com/security/notices/USN-7946-1", "https://ubuntu.com/security/notices/USN-7946-2", "https://www.cve.org/CVERecord?id=CVE-2025-68973", "https://www.openwall.com/lists/oss-security/2025/12/28/5" ], "PublishedDate": "2025-12-28T17:16:01.5Z", "LastModifiedDate": "2026-01-14T19:16:46.857Z" }, { "VulnerabilityID": "CVE-2021-3826", "PkgID": "g++-11@11.4.0-1ubuntu1~22.04.2", "PkgName": "g++-11", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/g%2B%2B-11@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "c4d99e4e8992d8ce", "BOMRef": "pkg:deb/ubuntu/g%2B%2B-11@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "11.4.0-1ubuntu1~22.04.2", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3826", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a5c3fb1879562c0794fbf878230f282c387df09fd855dd2d873fde3fbe1cda25", "Title": "libiberty: Heap/stack buffer overflow in the dlang_lname function in d-demangle.c", "Description": "Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-787" ], "VendorSeverity": { "alma": 1, "nvd": 2, "oracle-oval": 1, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6372", "https://access.redhat.com/security/cve/CVE-2021-3826", "https://bugzilla.redhat.com/2122627", "https://errata.almalinux.org/9/ALSA-2023-6372.html", "https://gcc.gnu.org/git/?p=gcc.git%3Ba=commit%3Bh=5481040197402be6dfee265bd2ff5a4c88e30505", "https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=5481040197402be6dfee265bd2ff5a4c88e30505", "https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579987", "https://linux.oracle.com/cve/CVE-2021-3826.html", "https://linux.oracle.com/errata/ELSA-2023-6372.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYLS3VR4OPL5ECRWOR4ZHMGXUSCJFZY/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXFC74WRZ2Q7F2TSUKPYNIL7ZPBWYI6L/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", "https://nvd.nist.gov/vuln/detail/CVE-2021-3826", "https://www.cve.org/CVERecord?id=CVE-2021-3826" ], "PublishedDate": "2022-09-01T21:15:08.843Z", "LastModifiedDate": "2024-11-21T06:22:32.99Z" }, { "VulnerabilityID": "CVE-2021-46195", "PkgID": "g++-11@11.4.0-1ubuntu1~22.04.2", "PkgName": "g++-11", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/g%2B%2B-11@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "c4d99e4e8992d8ce", "BOMRef": "pkg:deb/ubuntu/g%2B%2B-11@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "11.4.0-1ubuntu1~22.04.2", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-46195", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ec29296789e4d517c1350f4116d4f8656b4caab5b3fb18efe0b8cb80d6dd6e99", "Title": "gcc: uncontrolled recursion in libiberty/rust-demangle.c", "Description": "GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "alma": 1, "nvd": 2, "oracle-oval": 1, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2022:8415", "https://access.redhat.com/security/cve/CVE-2021-46195", "https://bugzilla.redhat.com/2046300", "https://errata.almalinux.org/9/ALSA-2022-8415.html", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841", "https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=f10bec5ffa487ad3033ed5f38cfd0fc7d696deab", "https://linux.oracle.com/cve/CVE-2021-46195.html", "https://linux.oracle.com/errata/ELSA-2022-8415.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-46195", "https://www.cve.org/CVERecord?id=CVE-2021-46195" ], "PublishedDate": "2022-01-14T20:15:15.6Z", "LastModifiedDate": "2024-11-21T06:33:45.04Z" }, { "VulnerabilityID": "CVE-2022-27943", "PkgID": "g++-11@11.4.0-1ubuntu1~22.04.2", "PkgName": "g++-11", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/g%2B%2B-11@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "c4d99e4e8992d8ce", "BOMRef": "pkg:deb/ubuntu/g%2B%2B-11@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "11.4.0-1ubuntu1~22.04.2", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5f67100d3c3d9026f7bb17091a0d6d1d7b440092e37a323478398cd7581de17e", "Title": "binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const", "Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "amazon": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-27943", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead", "https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "https://sourceware.org/bugzilla/show_bug.cgi?id=28995", "https://www.cve.org/CVERecord?id=CVE-2022-27943" ], "PublishedDate": "2022-03-26T13:15:07.9Z", "LastModifiedDate": "2024-11-21T06:56:31.04Z" }, { "VulnerabilityID": "CVE-2021-3826", "PkgID": "gcc-11@11.4.0-1ubuntu1~22.04.2", "PkgName": "gcc-11", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/gcc-11@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "db4ceebe1a0148d4", "BOMRef": "pkg:deb/ubuntu/gcc-11@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "11.4.0-1ubuntu1~22.04.2", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3826", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:532da291a54c3c97112220cc48c4363c709ff63f454467fb89f8b62422dec63b", "Title": "libiberty: Heap/stack buffer overflow in the dlang_lname function in d-demangle.c", "Description": "Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-787" ], "VendorSeverity": { "alma": 1, "nvd": 2, "oracle-oval": 1, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6372", "https://access.redhat.com/security/cve/CVE-2021-3826", "https://bugzilla.redhat.com/2122627", "https://errata.almalinux.org/9/ALSA-2023-6372.html", "https://gcc.gnu.org/git/?p=gcc.git%3Ba=commit%3Bh=5481040197402be6dfee265bd2ff5a4c88e30505", "https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=5481040197402be6dfee265bd2ff5a4c88e30505", "https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579987", "https://linux.oracle.com/cve/CVE-2021-3826.html", "https://linux.oracle.com/errata/ELSA-2023-6372.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYLS3VR4OPL5ECRWOR4ZHMGXUSCJFZY/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXFC74WRZ2Q7F2TSUKPYNIL7ZPBWYI6L/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", "https://nvd.nist.gov/vuln/detail/CVE-2021-3826", "https://www.cve.org/CVERecord?id=CVE-2021-3826" ], "PublishedDate": "2022-09-01T21:15:08.843Z", "LastModifiedDate": "2024-11-21T06:22:32.99Z" }, { "VulnerabilityID": "CVE-2021-46195", "PkgID": "gcc-11@11.4.0-1ubuntu1~22.04.2", "PkgName": "gcc-11", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/gcc-11@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "db4ceebe1a0148d4", "BOMRef": "pkg:deb/ubuntu/gcc-11@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "11.4.0-1ubuntu1~22.04.2", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-46195", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:aa64c3a9ab961f7131bbc2d402e2883fd8f973589b4ac99b44b920419a56cfee", "Title": "gcc: uncontrolled recursion in libiberty/rust-demangle.c", "Description": "GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "alma": 1, "nvd": 2, "oracle-oval": 1, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2022:8415", "https://access.redhat.com/security/cve/CVE-2021-46195", "https://bugzilla.redhat.com/2046300", "https://errata.almalinux.org/9/ALSA-2022-8415.html", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841", "https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=f10bec5ffa487ad3033ed5f38cfd0fc7d696deab", "https://linux.oracle.com/cve/CVE-2021-46195.html", "https://linux.oracle.com/errata/ELSA-2022-8415.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-46195", "https://www.cve.org/CVERecord?id=CVE-2021-46195" ], "PublishedDate": "2022-01-14T20:15:15.6Z", "LastModifiedDate": "2024-11-21T06:33:45.04Z" }, { "VulnerabilityID": "CVE-2022-27943", "PkgID": "gcc-11@11.4.0-1ubuntu1~22.04.2", "PkgName": "gcc-11", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/gcc-11@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "db4ceebe1a0148d4", "BOMRef": "pkg:deb/ubuntu/gcc-11@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "11.4.0-1ubuntu1~22.04.2", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:608fb193096a35ff356df08df4f65ebcedf4482105214bf9044e6f29d9a01079", "Title": "binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const", "Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "amazon": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-27943", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead", "https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "https://sourceware.org/bugzilla/show_bug.cgi?id=28995", "https://www.cve.org/CVERecord?id=CVE-2022-27943" ], "PublishedDate": "2022-03-26T13:15:07.9Z", "LastModifiedDate": "2024-11-21T06:56:31.04Z" }, { "VulnerabilityID": "CVE-2021-3826", "PkgID": "gcc-11-base@11.4.0-1ubuntu1~22.04.2", "PkgName": "gcc-11-base", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/gcc-11-base@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2f7e9e1b5ddff29", "BOMRef": "pkg:deb/ubuntu/gcc-11-base@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "11.4.0-1ubuntu1~22.04.2", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3826", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3de60625325262201caad66f70e3e35646c888ed33b13767f616319be87ca745", "Title": "libiberty: Heap/stack buffer overflow in the dlang_lname function in d-demangle.c", "Description": "Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-787" ], "VendorSeverity": { "alma": 1, "nvd": 2, "oracle-oval": 1, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6372", "https://access.redhat.com/security/cve/CVE-2021-3826", "https://bugzilla.redhat.com/2122627", "https://errata.almalinux.org/9/ALSA-2023-6372.html", "https://gcc.gnu.org/git/?p=gcc.git%3Ba=commit%3Bh=5481040197402be6dfee265bd2ff5a4c88e30505", "https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=5481040197402be6dfee265bd2ff5a4c88e30505", "https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579987", "https://linux.oracle.com/cve/CVE-2021-3826.html", "https://linux.oracle.com/errata/ELSA-2023-6372.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYLS3VR4OPL5ECRWOR4ZHMGXUSCJFZY/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXFC74WRZ2Q7F2TSUKPYNIL7ZPBWYI6L/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", "https://nvd.nist.gov/vuln/detail/CVE-2021-3826", "https://www.cve.org/CVERecord?id=CVE-2021-3826" ], "PublishedDate": "2022-09-01T21:15:08.843Z", "LastModifiedDate": "2024-11-21T06:22:32.99Z" }, { "VulnerabilityID": "CVE-2021-46195", "PkgID": "gcc-11-base@11.4.0-1ubuntu1~22.04.2", "PkgName": "gcc-11-base", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/gcc-11-base@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2f7e9e1b5ddff29", "BOMRef": "pkg:deb/ubuntu/gcc-11-base@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "11.4.0-1ubuntu1~22.04.2", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-46195", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:74ac527ec01ee23e1ec6eb565255e77d0da3d1945ad76ac922e57fafafcb095f", "Title": "gcc: uncontrolled recursion in libiberty/rust-demangle.c", "Description": "GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "alma": 1, "nvd": 2, "oracle-oval": 1, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2022:8415", "https://access.redhat.com/security/cve/CVE-2021-46195", "https://bugzilla.redhat.com/2046300", "https://errata.almalinux.org/9/ALSA-2022-8415.html", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841", "https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=f10bec5ffa487ad3033ed5f38cfd0fc7d696deab", "https://linux.oracle.com/cve/CVE-2021-46195.html", "https://linux.oracle.com/errata/ELSA-2022-8415.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-46195", "https://www.cve.org/CVERecord?id=CVE-2021-46195" ], "PublishedDate": "2022-01-14T20:15:15.6Z", "LastModifiedDate": "2024-11-21T06:33:45.04Z" }, { "VulnerabilityID": "CVE-2022-27943", "PkgID": "gcc-11-base@11.4.0-1ubuntu1~22.04.2", "PkgName": "gcc-11-base", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/gcc-11-base@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2f7e9e1b5ddff29", "BOMRef": "pkg:deb/ubuntu/gcc-11-base@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "11.4.0-1ubuntu1~22.04.2", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:27cdd555524f8dacd91abfa067e6bbfe79dd2f9f51498c0da444b5638d7a0171", "Title": "binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const", "Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "amazon": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-27943", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead", "https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "https://sourceware.org/bugzilla/show_bug.cgi?id=28995", "https://www.cve.org/CVERecord?id=CVE-2022-27943" ], "PublishedDate": "2022-03-26T13:15:07.9Z", "LastModifiedDate": "2024-11-21T06:56:31.04Z" }, { "VulnerabilityID": "CVE-2022-27943", "PkgID": "gcc-12-base@12.3.0-1ubuntu1~22.04.2", "PkgName": "gcc-12-base", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/gcc-12-base@12.3.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "93efb873ddf9d251", "BOMRef": "pkg:deb/ubuntu/gcc-12-base@12.3.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "12.3.0-1ubuntu1~22.04.2", "Status": "affected", "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:29927c7f83cf7be70f4131720d4e85856dfeb7eb4c3f421e3dd3af7c6b8bcfb9", "Title": "binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const", "Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "amazon": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-27943", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead", "https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "https://sourceware.org/bugzilla/show_bug.cgi?id=28995", "https://www.cve.org/CVERecord?id=CVE-2022-27943" ], "PublishedDate": "2022-03-26T13:15:07.9Z", "LastModifiedDate": "2024-11-21T06:56:31.04Z" }, { "VulnerabilityID": "CVE-2025-68973", "PkgID": "gnupg@2.2.27-3ubuntu2.4", "PkgName": "gnupg", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/gnupg@2.2.27-3ubuntu2.4?arch=all\u0026distro=ubuntu-22.04", "UID": "7305b4597f3d0233", "BOMRef": "pkg:deb/ubuntu/gnupg@2.2.27-3ubuntu2.4?arch=all\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.2.27-3ubuntu2.4", "FixedVersion": "2.2.27-3ubuntu2.5", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68973", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ce127a125a46d12668ed1689066e43386af54a09e3122143098c15c4d0023efe", "Title": "GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write", "Description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "Severity": "HIGH", "CweIDs": [ "CWE-675", "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 3 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "V3Score": 7.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/12/29/11", "https://access.redhat.com/errata/RHSA-2026:0719", "https://access.redhat.com/security/cve/CVE-2025-68973", "https://bugzilla.redhat.com/2425966", "https://bugzilla.redhat.com/show_bug.cgi?id=2425966", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973", "https://dev.gnupg.org/T7906", "https://dev.gnupg.org/T8001", "https://errata.almalinux.org/9/ALSA-2026-0719.html", "https://errata.rockylinux.org/RLSA-2026:0719", "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9 (gnupg-2.5.14)", "https://github.com/gpg/gnupg/commit/1e929abd20fa2e4be3797a137caca63a971d5372 (gnupg-2.2.51)", "https://github.com/gpg/gnupg/commit/4ecc5122f20e10c17172ed72f4fa46c784b5fb48 (gnupg-2.4.9)", "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", "https://gpg.fail/memcpy", "https://linux.oracle.com/cve/CVE-2025-68973.html", "https://linux.oracle.com/errata/ELSA-2026-1677.html", "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html", "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", "https://news.ycombinator.com/item?id=46403200", "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "https://ubuntu.com/security/notices/USN-7946-1", "https://ubuntu.com/security/notices/USN-7946-2", "https://www.cve.org/CVERecord?id=CVE-2025-68973", "https://www.openwall.com/lists/oss-security/2025/12/28/5" ], "PublishedDate": "2025-12-28T17:16:01.5Z", "LastModifiedDate": "2026-01-14T19:16:46.857Z" }, { "VulnerabilityID": "CVE-2025-68973", "PkgID": "gnupg-l10n@2.2.27-3ubuntu2.4", "PkgName": "gnupg-l10n", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/gnupg-l10n@2.2.27-3ubuntu2.4?arch=all\u0026distro=ubuntu-22.04", "UID": "6002ceb656d72d82", "BOMRef": "pkg:deb/ubuntu/gnupg-l10n@2.2.27-3ubuntu2.4?arch=all\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.2.27-3ubuntu2.4", "FixedVersion": "2.2.27-3ubuntu2.5", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68973", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:db2f7d4251f29d2942c4f2b79e727a65f57de5bbaeddf72b760d87d1a114c18e", "Title": "GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write", "Description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "Severity": "HIGH", "CweIDs": [ "CWE-675", "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 3 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "V3Score": 7.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/12/29/11", "https://access.redhat.com/errata/RHSA-2026:0719", "https://access.redhat.com/security/cve/CVE-2025-68973", "https://bugzilla.redhat.com/2425966", "https://bugzilla.redhat.com/show_bug.cgi?id=2425966", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973", "https://dev.gnupg.org/T7906", "https://dev.gnupg.org/T8001", "https://errata.almalinux.org/9/ALSA-2026-0719.html", "https://errata.rockylinux.org/RLSA-2026:0719", "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9 (gnupg-2.5.14)", "https://github.com/gpg/gnupg/commit/1e929abd20fa2e4be3797a137caca63a971d5372 (gnupg-2.2.51)", "https://github.com/gpg/gnupg/commit/4ecc5122f20e10c17172ed72f4fa46c784b5fb48 (gnupg-2.4.9)", "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", "https://gpg.fail/memcpy", "https://linux.oracle.com/cve/CVE-2025-68973.html", "https://linux.oracle.com/errata/ELSA-2026-1677.html", "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html", "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", "https://news.ycombinator.com/item?id=46403200", "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "https://ubuntu.com/security/notices/USN-7946-1", "https://ubuntu.com/security/notices/USN-7946-2", "https://www.cve.org/CVERecord?id=CVE-2025-68973", "https://www.openwall.com/lists/oss-security/2025/12/28/5" ], "PublishedDate": "2025-12-28T17:16:01.5Z", "LastModifiedDate": "2026-01-14T19:16:46.857Z" }, { "VulnerabilityID": "CVE-2025-68973", "PkgID": "gnupg-utils@2.2.27-3ubuntu2.4", "PkgName": "gnupg-utils", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/gnupg-utils@2.2.27-3ubuntu2.4?arch=amd64\u0026distro=ubuntu-22.04", "UID": "b38e65c982598ef5", "BOMRef": "pkg:deb/ubuntu/gnupg-utils@2.2.27-3ubuntu2.4?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.2.27-3ubuntu2.4", "FixedVersion": "2.2.27-3ubuntu2.5", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68973", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:68039eef724d4a355c2c924a13b3cd386e08ca3935957870ae07558f98d6ee03", "Title": "GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write", "Description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "Severity": "HIGH", "CweIDs": [ "CWE-675", "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 3 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "V3Score": 7.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/12/29/11", "https://access.redhat.com/errata/RHSA-2026:0719", "https://access.redhat.com/security/cve/CVE-2025-68973", "https://bugzilla.redhat.com/2425966", "https://bugzilla.redhat.com/show_bug.cgi?id=2425966", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973", "https://dev.gnupg.org/T7906", "https://dev.gnupg.org/T8001", "https://errata.almalinux.org/9/ALSA-2026-0719.html", "https://errata.rockylinux.org/RLSA-2026:0719", "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9 (gnupg-2.5.14)", "https://github.com/gpg/gnupg/commit/1e929abd20fa2e4be3797a137caca63a971d5372 (gnupg-2.2.51)", "https://github.com/gpg/gnupg/commit/4ecc5122f20e10c17172ed72f4fa46c784b5fb48 (gnupg-2.4.9)", "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", "https://gpg.fail/memcpy", "https://linux.oracle.com/cve/CVE-2025-68973.html", "https://linux.oracle.com/errata/ELSA-2026-1677.html", "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html", "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", "https://news.ycombinator.com/item?id=46403200", "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "https://ubuntu.com/security/notices/USN-7946-1", "https://ubuntu.com/security/notices/USN-7946-2", "https://www.cve.org/CVERecord?id=CVE-2025-68973", "https://www.openwall.com/lists/oss-security/2025/12/28/5" ], "PublishedDate": "2025-12-28T17:16:01.5Z", "LastModifiedDate": "2026-01-14T19:16:46.857Z" }, { "VulnerabilityID": "CVE-2025-68973", "PkgID": "gpg@2.2.27-3ubuntu2.4", "PkgName": "gpg", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/gpg@2.2.27-3ubuntu2.4?arch=amd64\u0026distro=ubuntu-22.04", "UID": "f43647b938b2f56e", "BOMRef": "pkg:deb/ubuntu/gpg@2.2.27-3ubuntu2.4?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.2.27-3ubuntu2.4", "FixedVersion": "2.2.27-3ubuntu2.5", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68973", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:602101d5346a40b127ee2b2ca7d92eb42e888b68747609eb43ab8d0817d9eecb", "Title": "GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write", "Description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "Severity": "HIGH", "CweIDs": [ "CWE-675", "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 3 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "V3Score": 7.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/12/29/11", "https://access.redhat.com/errata/RHSA-2026:0719", "https://access.redhat.com/security/cve/CVE-2025-68973", "https://bugzilla.redhat.com/2425966", "https://bugzilla.redhat.com/show_bug.cgi?id=2425966", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973", "https://dev.gnupg.org/T7906", "https://dev.gnupg.org/T8001", "https://errata.almalinux.org/9/ALSA-2026-0719.html", "https://errata.rockylinux.org/RLSA-2026:0719", "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9 (gnupg-2.5.14)", "https://github.com/gpg/gnupg/commit/1e929abd20fa2e4be3797a137caca63a971d5372 (gnupg-2.2.51)", "https://github.com/gpg/gnupg/commit/4ecc5122f20e10c17172ed72f4fa46c784b5fb48 (gnupg-2.4.9)", "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", "https://gpg.fail/memcpy", "https://linux.oracle.com/cve/CVE-2025-68973.html", "https://linux.oracle.com/errata/ELSA-2026-1677.html", "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html", "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", "https://news.ycombinator.com/item?id=46403200", "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "https://ubuntu.com/security/notices/USN-7946-1", "https://ubuntu.com/security/notices/USN-7946-2", "https://www.cve.org/CVERecord?id=CVE-2025-68973", "https://www.openwall.com/lists/oss-security/2025/12/28/5" ], "PublishedDate": "2025-12-28T17:16:01.5Z", "LastModifiedDate": "2026-01-14T19:16:46.857Z" }, { "VulnerabilityID": "CVE-2025-68973", "PkgID": "gpg-agent@2.2.27-3ubuntu2.4", "PkgName": "gpg-agent", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/gpg-agent@2.2.27-3ubuntu2.4?arch=amd64\u0026distro=ubuntu-22.04", "UID": "5a65eb93a2d8359e", "BOMRef": "pkg:deb/ubuntu/gpg-agent@2.2.27-3ubuntu2.4?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.2.27-3ubuntu2.4", "FixedVersion": "2.2.27-3ubuntu2.5", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68973", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:26277cf3a5b7c60d00c9a8ff5d7bac5d95c12b7f8815be02cee44e84f74b0d84", "Title": "GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write", "Description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "Severity": "HIGH", "CweIDs": [ "CWE-675", "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 3 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "V3Score": 7.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/12/29/11", "https://access.redhat.com/errata/RHSA-2026:0719", "https://access.redhat.com/security/cve/CVE-2025-68973", "https://bugzilla.redhat.com/2425966", "https://bugzilla.redhat.com/show_bug.cgi?id=2425966", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973", "https://dev.gnupg.org/T7906", "https://dev.gnupg.org/T8001", "https://errata.almalinux.org/9/ALSA-2026-0719.html", "https://errata.rockylinux.org/RLSA-2026:0719", "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9 (gnupg-2.5.14)", "https://github.com/gpg/gnupg/commit/1e929abd20fa2e4be3797a137caca63a971d5372 (gnupg-2.2.51)", "https://github.com/gpg/gnupg/commit/4ecc5122f20e10c17172ed72f4fa46c784b5fb48 (gnupg-2.4.9)", "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", "https://gpg.fail/memcpy", "https://linux.oracle.com/cve/CVE-2025-68973.html", "https://linux.oracle.com/errata/ELSA-2026-1677.html", "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html", "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", "https://news.ycombinator.com/item?id=46403200", "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "https://ubuntu.com/security/notices/USN-7946-1", "https://ubuntu.com/security/notices/USN-7946-2", "https://www.cve.org/CVERecord?id=CVE-2025-68973", "https://www.openwall.com/lists/oss-security/2025/12/28/5" ], "PublishedDate": "2025-12-28T17:16:01.5Z", "LastModifiedDate": "2026-01-14T19:16:46.857Z" }, { "VulnerabilityID": "CVE-2025-68973", "PkgID": "gpg-wks-client@2.2.27-3ubuntu2.4", "PkgName": "gpg-wks-client", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/gpg-wks-client@2.2.27-3ubuntu2.4?arch=amd64\u0026distro=ubuntu-22.04", "UID": "20babe427c72d2b4", "BOMRef": "pkg:deb/ubuntu/gpg-wks-client@2.2.27-3ubuntu2.4?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.2.27-3ubuntu2.4", "FixedVersion": "2.2.27-3ubuntu2.5", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68973", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:862eb0646ff96f9c8eccbdaeda94646177a9f960aab36eb311ce0508493abce3", "Title": "GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write", "Description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "Severity": "HIGH", "CweIDs": [ "CWE-675", "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 3 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "V3Score": 7.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/12/29/11", "https://access.redhat.com/errata/RHSA-2026:0719", "https://access.redhat.com/security/cve/CVE-2025-68973", "https://bugzilla.redhat.com/2425966", "https://bugzilla.redhat.com/show_bug.cgi?id=2425966", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973", "https://dev.gnupg.org/T7906", "https://dev.gnupg.org/T8001", "https://errata.almalinux.org/9/ALSA-2026-0719.html", "https://errata.rockylinux.org/RLSA-2026:0719", "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9 (gnupg-2.5.14)", "https://github.com/gpg/gnupg/commit/1e929abd20fa2e4be3797a137caca63a971d5372 (gnupg-2.2.51)", "https://github.com/gpg/gnupg/commit/4ecc5122f20e10c17172ed72f4fa46c784b5fb48 (gnupg-2.4.9)", "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", "https://gpg.fail/memcpy", "https://linux.oracle.com/cve/CVE-2025-68973.html", "https://linux.oracle.com/errata/ELSA-2026-1677.html", "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html", "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", "https://news.ycombinator.com/item?id=46403200", "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "https://ubuntu.com/security/notices/USN-7946-1", "https://ubuntu.com/security/notices/USN-7946-2", "https://www.cve.org/CVERecord?id=CVE-2025-68973", "https://www.openwall.com/lists/oss-security/2025/12/28/5" ], "PublishedDate": "2025-12-28T17:16:01.5Z", "LastModifiedDate": "2026-01-14T19:16:46.857Z" }, { "VulnerabilityID": "CVE-2025-68973", "PkgID": "gpg-wks-server@2.2.27-3ubuntu2.4", "PkgName": "gpg-wks-server", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/gpg-wks-server@2.2.27-3ubuntu2.4?arch=amd64\u0026distro=ubuntu-22.04", "UID": "30176aa2c7215687", "BOMRef": "pkg:deb/ubuntu/gpg-wks-server@2.2.27-3ubuntu2.4?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.2.27-3ubuntu2.4", "FixedVersion": "2.2.27-3ubuntu2.5", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68973", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3c2657a4303d704c05ec260d7216682be8567e597ab398fd72fbc9aa5fd52089", "Title": "GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write", "Description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "Severity": "HIGH", "CweIDs": [ "CWE-675", "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 3 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "V3Score": 7.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/12/29/11", "https://access.redhat.com/errata/RHSA-2026:0719", "https://access.redhat.com/security/cve/CVE-2025-68973", "https://bugzilla.redhat.com/2425966", "https://bugzilla.redhat.com/show_bug.cgi?id=2425966", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973", "https://dev.gnupg.org/T7906", "https://dev.gnupg.org/T8001", "https://errata.almalinux.org/9/ALSA-2026-0719.html", "https://errata.rockylinux.org/RLSA-2026:0719", "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9 (gnupg-2.5.14)", "https://github.com/gpg/gnupg/commit/1e929abd20fa2e4be3797a137caca63a971d5372 (gnupg-2.2.51)", "https://github.com/gpg/gnupg/commit/4ecc5122f20e10c17172ed72f4fa46c784b5fb48 (gnupg-2.4.9)", "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", "https://gpg.fail/memcpy", "https://linux.oracle.com/cve/CVE-2025-68973.html", "https://linux.oracle.com/errata/ELSA-2026-1677.html", "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html", "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", "https://news.ycombinator.com/item?id=46403200", "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "https://ubuntu.com/security/notices/USN-7946-1", "https://ubuntu.com/security/notices/USN-7946-2", "https://www.cve.org/CVERecord?id=CVE-2025-68973", "https://www.openwall.com/lists/oss-security/2025/12/28/5" ], "PublishedDate": "2025-12-28T17:16:01.5Z", "LastModifiedDate": "2026-01-14T19:16:46.857Z" }, { "VulnerabilityID": "CVE-2025-68973", "PkgID": "gpgconf@2.2.27-3ubuntu2.4", "PkgName": "gpgconf", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/gpgconf@2.2.27-3ubuntu2.4?arch=amd64\u0026distro=ubuntu-22.04", "UID": "c5cc074edb997929", "BOMRef": "pkg:deb/ubuntu/gpgconf@2.2.27-3ubuntu2.4?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.2.27-3ubuntu2.4", "FixedVersion": "2.2.27-3ubuntu2.5", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68973", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:76f84f7e147d2b0480fb5869336eba11fc4d8db66e91c0874c7d4572db7385cc", "Title": "GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write", "Description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "Severity": "HIGH", "CweIDs": [ "CWE-675", "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 3 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "V3Score": 7.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/12/29/11", "https://access.redhat.com/errata/RHSA-2026:0719", "https://access.redhat.com/security/cve/CVE-2025-68973", "https://bugzilla.redhat.com/2425966", "https://bugzilla.redhat.com/show_bug.cgi?id=2425966", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973", "https://dev.gnupg.org/T7906", "https://dev.gnupg.org/T8001", "https://errata.almalinux.org/9/ALSA-2026-0719.html", "https://errata.rockylinux.org/RLSA-2026:0719", "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9 (gnupg-2.5.14)", "https://github.com/gpg/gnupg/commit/1e929abd20fa2e4be3797a137caca63a971d5372 (gnupg-2.2.51)", "https://github.com/gpg/gnupg/commit/4ecc5122f20e10c17172ed72f4fa46c784b5fb48 (gnupg-2.4.9)", "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", "https://gpg.fail/memcpy", "https://linux.oracle.com/cve/CVE-2025-68973.html", "https://linux.oracle.com/errata/ELSA-2026-1677.html", "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html", "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", "https://news.ycombinator.com/item?id=46403200", "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "https://ubuntu.com/security/notices/USN-7946-1", "https://ubuntu.com/security/notices/USN-7946-2", "https://www.cve.org/CVERecord?id=CVE-2025-68973", "https://www.openwall.com/lists/oss-security/2025/12/28/5" ], "PublishedDate": "2025-12-28T17:16:01.5Z", "LastModifiedDate": "2026-01-14T19:16:46.857Z" }, { "VulnerabilityID": "CVE-2025-68973", "PkgID": "gpgsm@2.2.27-3ubuntu2.4", "PkgName": "gpgsm", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/gpgsm@2.2.27-3ubuntu2.4?arch=amd64\u0026distro=ubuntu-22.04", "UID": "3b094a7a9917a92e", "BOMRef": "pkg:deb/ubuntu/gpgsm@2.2.27-3ubuntu2.4?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.2.27-3ubuntu2.4", "FixedVersion": "2.2.27-3ubuntu2.5", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68973", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:83e2b6157c7486e2555a2a999c69249a79707ab31febe62596efff66a93f08ef", "Title": "GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write", "Description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "Severity": "HIGH", "CweIDs": [ "CWE-675", "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 3 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "V3Score": 7.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/12/29/11", "https://access.redhat.com/errata/RHSA-2026:0719", "https://access.redhat.com/security/cve/CVE-2025-68973", "https://bugzilla.redhat.com/2425966", "https://bugzilla.redhat.com/show_bug.cgi?id=2425966", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973", "https://dev.gnupg.org/T7906", "https://dev.gnupg.org/T8001", "https://errata.almalinux.org/9/ALSA-2026-0719.html", "https://errata.rockylinux.org/RLSA-2026:0719", "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9 (gnupg-2.5.14)", "https://github.com/gpg/gnupg/commit/1e929abd20fa2e4be3797a137caca63a971d5372 (gnupg-2.2.51)", "https://github.com/gpg/gnupg/commit/4ecc5122f20e10c17172ed72f4fa46c784b5fb48 (gnupg-2.4.9)", "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", "https://gpg.fail/memcpy", "https://linux.oracle.com/cve/CVE-2025-68973.html", "https://linux.oracle.com/errata/ELSA-2026-1677.html", "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html", "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", "https://news.ycombinator.com/item?id=46403200", "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "https://ubuntu.com/security/notices/USN-7946-1", "https://ubuntu.com/security/notices/USN-7946-2", "https://www.cve.org/CVERecord?id=CVE-2025-68973", "https://www.openwall.com/lists/oss-security/2025/12/28/5" ], "PublishedDate": "2025-12-28T17:16:01.5Z", "LastModifiedDate": "2026-01-14T19:16:46.857Z" }, { "VulnerabilityID": "CVE-2025-68973", "PkgID": "gpgv@2.2.27-3ubuntu2.4", "PkgName": "gpgv", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/gpgv@2.2.27-3ubuntu2.4?arch=amd64\u0026distro=ubuntu-22.04", "UID": "b71a2171c2a48d2a", "BOMRef": "pkg:deb/ubuntu/gpgv@2.2.27-3ubuntu2.4?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.2.27-3ubuntu2.4", "FixedVersion": "2.2.27-3ubuntu2.5", "Status": "fixed", "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68973", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:55cfd2742c0f05a1ecc69f11f2023402c50766bb8f7ed773d36bcdc3aac6116f", "Title": "GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write", "Description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "Severity": "HIGH", "CweIDs": [ "CWE-675", "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 3 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "V3Score": 7.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/12/29/11", "https://access.redhat.com/errata/RHSA-2026:0719", "https://access.redhat.com/security/cve/CVE-2025-68973", "https://bugzilla.redhat.com/2425966", "https://bugzilla.redhat.com/show_bug.cgi?id=2425966", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973", "https://dev.gnupg.org/T7906", "https://dev.gnupg.org/T8001", "https://errata.almalinux.org/9/ALSA-2026-0719.html", "https://errata.rockylinux.org/RLSA-2026:0719", "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9 (gnupg-2.5.14)", "https://github.com/gpg/gnupg/commit/1e929abd20fa2e4be3797a137caca63a971d5372 (gnupg-2.2.51)", "https://github.com/gpg/gnupg/commit/4ecc5122f20e10c17172ed72f4fa46c784b5fb48 (gnupg-2.4.9)", "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", "https://gpg.fail/memcpy", "https://linux.oracle.com/cve/CVE-2025-68973.html", "https://linux.oracle.com/errata/ELSA-2026-1677.html", "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html", "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", "https://news.ycombinator.com/item?id=46403200", "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "https://ubuntu.com/security/notices/USN-7946-1", "https://ubuntu.com/security/notices/USN-7946-2", "https://www.cve.org/CVERecord?id=CVE-2025-68973", "https://www.openwall.com/lists/oss-security/2025/12/28/5" ], "PublishedDate": "2025-12-28T17:16:01.5Z", "LastModifiedDate": "2026-01-14T19:16:46.857Z" }, { "VulnerabilityID": "CVE-2025-5222", "PkgID": "icu-devtools@70.1-2", "PkgName": "icu-devtools", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/icu-devtools@70.1-2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "f4097249b5ed370c", "BOMRef": "pkg:deb/ubuntu/icu-devtools@70.1-2?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "70.1-2", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5222", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6408324e7aceaf321499ab935678010b9b7db7c5ed07dc33e2946b56eab6302d", "Title": "icu: Stack buffer overflow in the SRBRoot::addTag function", "Description": "A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.", "Severity": "LOW", "CweIDs": [ "CWE-120" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "cbl-mariner": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:11888", "https://access.redhat.com/errata/RHSA-2025:12083", "https://access.redhat.com/errata/RHSA-2025:12331", "https://access.redhat.com/errata/RHSA-2025:12332", "https://access.redhat.com/errata/RHSA-2025:12333", "https://access.redhat.com/security/cve/CVE-2025-5222", "https://bugzilla.redhat.com/2368600", "https://bugzilla.redhat.com/show_bug.cgi?id=2368600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5222", "https://errata.almalinux.org/9/ALSA-2025-12083.html", "https://errata.rockylinux.org/RLSA-2025:12083", "https://linux.oracle.com/cve/CVE-2025-5222.html", "https://linux.oracle.com/errata/ELSA-2025-12083.html", "https://lists.debian.org/debian-lts-announce/2025/06/msg00015.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-5222", "https://www.cve.org/CVERecord?id=CVE-2025-5222" ], "PublishedDate": "2025-05-27T21:15:23.03Z", "LastModifiedDate": "2026-01-23T11:33:07.2Z" }, { "VulnerabilityID": "CVE-2021-3826", "PkgID": "libasan6@11.4.0-1ubuntu1~22.04.2", "PkgName": "libasan6", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libasan6@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "c9a1d2dbf5550fac", "BOMRef": "pkg:deb/ubuntu/libasan6@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "11.4.0-1ubuntu1~22.04.2", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3826", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6d978ef3f9a9b7950aba9d4015b831d74b66c49cde807e8af35bed37c1fdcb84", "Title": "libiberty: Heap/stack buffer overflow in the dlang_lname function in d-demangle.c", "Description": "Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-787" ], "VendorSeverity": { "alma": 1, "nvd": 2, "oracle-oval": 1, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6372", "https://access.redhat.com/security/cve/CVE-2021-3826", "https://bugzilla.redhat.com/2122627", "https://errata.almalinux.org/9/ALSA-2023-6372.html", "https://gcc.gnu.org/git/?p=gcc.git%3Ba=commit%3Bh=5481040197402be6dfee265bd2ff5a4c88e30505", "https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=5481040197402be6dfee265bd2ff5a4c88e30505", "https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579987", "https://linux.oracle.com/cve/CVE-2021-3826.html", "https://linux.oracle.com/errata/ELSA-2023-6372.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYLS3VR4OPL5ECRWOR4ZHMGXUSCJFZY/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXFC74WRZ2Q7F2TSUKPYNIL7ZPBWYI6L/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", "https://nvd.nist.gov/vuln/detail/CVE-2021-3826", "https://www.cve.org/CVERecord?id=CVE-2021-3826" ], "PublishedDate": "2022-09-01T21:15:08.843Z", "LastModifiedDate": "2024-11-21T06:22:32.99Z" }, { "VulnerabilityID": "CVE-2021-46195", "PkgID": "libasan6@11.4.0-1ubuntu1~22.04.2", "PkgName": "libasan6", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libasan6@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "c9a1d2dbf5550fac", "BOMRef": "pkg:deb/ubuntu/libasan6@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "11.4.0-1ubuntu1~22.04.2", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-46195", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8e6800d35eb372f71f598f9a735f002abec7f529c954f94d519eec07c942b1ec", "Title": "gcc: uncontrolled recursion in libiberty/rust-demangle.c", "Description": "GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "alma": 1, "nvd": 2, "oracle-oval": 1, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2022:8415", "https://access.redhat.com/security/cve/CVE-2021-46195", "https://bugzilla.redhat.com/2046300", "https://errata.almalinux.org/9/ALSA-2022-8415.html", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841", "https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=f10bec5ffa487ad3033ed5f38cfd0fc7d696deab", "https://linux.oracle.com/cve/CVE-2021-46195.html", "https://linux.oracle.com/errata/ELSA-2022-8415.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-46195", "https://www.cve.org/CVERecord?id=CVE-2021-46195" ], "PublishedDate": "2022-01-14T20:15:15.6Z", "LastModifiedDate": "2024-11-21T06:33:45.04Z" }, { "VulnerabilityID": "CVE-2022-27943", "PkgID": "libasan6@11.4.0-1ubuntu1~22.04.2", "PkgName": "libasan6", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libasan6@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "c9a1d2dbf5550fac", "BOMRef": "pkg:deb/ubuntu/libasan6@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "11.4.0-1ubuntu1~22.04.2", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5907b0eab3ffcc50724d971c4299d4021aade857fce0dde1abb412bcd25c9645", "Title": "binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const", "Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "amazon": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-27943", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead", "https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "https://sourceware.org/bugzilla/show_bug.cgi?id=28995", "https://www.cve.org/CVERecord?id=CVE-2022-27943" ], "PublishedDate": "2022-03-26T13:15:07.9Z", "LastModifiedDate": "2024-11-21T06:56:31.04Z" }, { "VulnerabilityID": "CVE-2022-27943", "PkgID": "libatomic1@12.3.0-1ubuntu1~22.04.2", "PkgName": "libatomic1", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libatomic1@12.3.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "c856d538e59a2d75", "BOMRef": "pkg:deb/ubuntu/libatomic1@12.3.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "12.3.0-1ubuntu1~22.04.2", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:23a0de14b5c105d2f1eb307e4b98daa34657f720419ac86ce8dbf75ec022aaa5", "Title": "binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const", "Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "amazon": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-27943", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead", "https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "https://sourceware.org/bugzilla/show_bug.cgi?id=28995", "https://www.cve.org/CVERecord?id=CVE-2022-27943" ], "PublishedDate": "2022-03-26T13:15:07.9Z", "LastModifiedDate": "2024-11-21T06:56:31.04Z" }, { "VulnerabilityID": "CVE-2025-11412", "PkgID": "libbinutils@2.38-4ubuntu2.11", "PkgName": "libbinutils", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libbinutils@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "707f1612eb18db2a", "BOMRef": "pkg:deb/ubuntu/libbinutils@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "FixedVersion": "2.38-4ubuntu2.12", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11412", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:aceb17b36c6ed3ec3238a8a93d9f8f432720e8e6b2a8eedb36c8eb5c99df66cc", "Title": "binutils: GNU Binutils Linker elflink.c bfd_elf_gc_record_vtentry out-of-bounds", "Description": "A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch.", "Severity": "MEDIUM", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11412", "https://nvd.nist.gov/vuln/detail/CVE-2025-11412", "https://sourceware.org/bugzilla/attachment.cgi?id=16378", "https://sourceware.org/bugzilla/show_bug.cgi?id=33452", "https://sourceware.org/bugzilla/show_bug.cgi?id=33452#c8", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=047435dd988a3975d40c6626a8f739a0b2e154bc", "https://ubuntu.com/security/notices/USN-7919-1", "https://vuldb.com/?ctiid.327348", "https://vuldb.com/?id.327348", "https://www.cve.org/CVERecord?id=CVE-2025-11412", "https://www.gnu.org/" ], "PublishedDate": "2025-10-07T22:15:34.03Z", "LastModifiedDate": "2025-10-14T15:09:07.05Z" }, { "VulnerabilityID": "CVE-2025-11413", "PkgID": "libbinutils@2.38-4ubuntu2.11", "PkgName": "libbinutils", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libbinutils@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "707f1612eb18db2a", "BOMRef": "pkg:deb/ubuntu/libbinutils@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "FixedVersion": "2.38-4ubuntu2.12", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11413", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:88f3847bc93709dd321b3340e6591fd2e871d09308d529b83ebb6f2f4825aba6", "Title": "binutils: GNU Binutils Linker elflink.c elf_link_add_object_symbols out-of-bounds", "Description": "A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Upgrading to version 2.46 is able to address this issue. The patch is identified as 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. Upgrading the affected component is advised.", "Severity": "MEDIUM", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11413", "https://nvd.nist.gov/vuln/detail/CVE-2025-11413", "https://sourceware.org/bugzilla/attachment.cgi?id=16362", "https://sourceware.org/bugzilla/show_bug.cgi?id=33452", "https://sourceware.org/bugzilla/show_bug.cgi?id=33456", "https://sourceware.org/bugzilla/show_bug.cgi?id=33456#c10", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0", "https://ubuntu.com/security/notices/USN-7919-1", "https://vuldb.com/?ctiid.327349", "https://vuldb.com/?id.327349", "https://vuldb.com/?submit.665587", "https://vuldb.com/?submit.665590", "https://www.cve.org/CVERecord?id=CVE-2025-11413", "https://www.gnu.org/" ], "PublishedDate": "2025-10-07T22:15:34.23Z", "LastModifiedDate": "2026-02-24T07:16:31.417Z" }, { "VulnerabilityID": "CVE-2025-11414", "PkgID": "libbinutils@2.38-4ubuntu2.11", "PkgName": "libbinutils", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libbinutils@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "707f1612eb18db2a", "BOMRef": "pkg:deb/ubuntu/libbinutils@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "FixedVersion": "2.38-4ubuntu2.12", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11414", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0a8c741a9a77a7ade4cc30feea4b75e5f51c3591ae557da6c7f058ed5c3afc93", "Title": "binutils: GNU Binutils Linker elflink.c get_link_hash_entry out-of-bounds", "Description": "A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.46 addresses this issue. Patch name: aeaaa9af6359c8e394ce9cf24911fec4f4d23703. It is advisable to upgrade the affected component.", "Severity": "MEDIUM", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "azure": 1, "cbl-mariner": 2, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11414", "https://nvd.nist.gov/vuln/detail/CVE-2025-11414", "https://sourceware.org/bugzilla/attachment.cgi?id=16361", "https://sourceware.org/bugzilla/show_bug.cgi?id=33450", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aeaaa9af6359c8e394ce9cf24911fec4f4d23703", "https://ubuntu.com/security/notices/USN-7919-1", "https://vuldb.com/?ctiid.327350", "https://vuldb.com/?id.327350", "https://vuldb.com/?submit.665591", "https://www.cve.org/CVERecord?id=CVE-2025-11414", "https://www.gnu.org/" ], "PublishedDate": "2025-10-07T23:15:33.053Z", "LastModifiedDate": "2025-10-14T15:25:00.127Z" }, { "VulnerabilityID": "CVE-2025-11494", "PkgID": "libbinutils@2.38-4ubuntu2.11", "PkgName": "libbinutils", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libbinutils@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "707f1612eb18db2a", "BOMRef": "pkg:deb/ubuntu/libbinutils@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "FixedVersion": "2.38-4ubuntu2.12", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11494", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:18fa554bce0a85392b68f65f46bb32c15aa651ed73ded5af62d6369f67bfbc9c", "Title": "binutils: GNU Binutils Linker out-of-bounds read", "Description": "A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11494", "https://nvd.nist.gov/vuln/detail/CVE-2025-11494", "https://sourceware.org/bugzilla/attachment.cgi?id=16389", "https://sourceware.org/bugzilla/show_bug.cgi?id=33499", "https://sourceware.org/bugzilla/show_bug.cgi?id=33499#c2", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a", "https://ubuntu.com/security/notices/USN-7919-1", "https://vuldb.com/?ctiid.327619", "https://vuldb.com/?id.327619", "https://vuldb.com/?submit.668281", "https://www.cve.org/CVERecord?id=CVE-2025-11494", "https://www.gnu.org/" ], "PublishedDate": "2025-10-08T20:15:34.77Z", "LastModifiedDate": "2025-10-14T15:27:45.803Z" }, { "VulnerabilityID": "CVE-2025-1180", "PkgID": "libbinutils@2.38-4ubuntu2.11", "PkgName": "libbinutils", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libbinutils@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "707f1612eb18db2a", "BOMRef": "pkg:deb/ubuntu/libbinutils@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1180", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1246865cec834967654704395dd04c68dcde5e3ae3501f76c18d940539ced6fa", "Title": "binutils: GNU Binutils ld elf-eh-frame.c _bfd_elf_write_section_eh_frame memory corruption", "Description": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function _bfd_elf_write_section_eh_frame of the file bfd/elf-eh-frame.c of the component ld. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "azure": 1, "cbl-mariner": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1180", "https://nvd.nist.gov/vuln/detail/CVE-2025-1180", "https://sourceware.org/bugzilla/attachment.cgi?id=15917", "https://sourceware.org/bugzilla/show_bug.cgi?id=32642", "https://vuldb.com/?ctiid.295083", "https://vuldb.com/?id.295083", "https://vuldb.com/?submit.495381", "https://www.cve.org/CVERecord?id=CVE-2025-1180", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T08:15:31.59Z", "LastModifiedDate": "2025-05-21T20:35:18.05Z" }, { "VulnerabilityID": "CVE-2017-13716", "PkgID": "libbinutils@2.38-4ubuntu2.11", "PkgName": "libbinutils", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libbinutils@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "707f1612eb18db2a", "BOMRef": "pkg:deb/ubuntu/libbinutils@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:96ee70310eb509cd6ae563f66675feb6a5320f60417add17c79b8f29aa05de5c", "Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty", "Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).", "Severity": "LOW", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 7.1, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2017-13716", "https://nvd.nist.gov/vuln/detail/CVE-2017-13716", "https://sourceware.org/bugzilla/show_bug.cgi?id=22009", "https://www.cve.org/CVERecord?id=CVE-2017-13716" ], "PublishedDate": "2017-08-28T21:29:00.293Z", "LastModifiedDate": "2025-04-20T01:37:25.86Z" }, { "VulnerabilityID": "CVE-2019-1010204", "PkgID": "libbinutils@2.38-4ubuntu2.11", "PkgName": "libbinutils", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libbinutils@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "707f1612eb18db2a", "BOMRef": "pkg:deb/ubuntu/libbinutils@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010204", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d04732ecd29c5812577b2398e0dba74d53392d434e5255c311bd7e8db3784053", "Title": "binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service", "Description": "GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.", "Severity": "LOW", "CweIDs": [ "CWE-125", "CWE-681" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 1, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2019-1010204", "https://linux.oracle.com/cve/CVE-2019-1010204.html", "https://linux.oracle.com/errata/ELSA-2020-1797.html", "https://nvd.nist.gov/vuln/detail/CVE-2019-1010204", "https://security.netapp.com/advisory/ntap-20190822-0001/", "https://sourceware.org/bugzilla/show_bug.cgi?id=23765", "https://support.f5.com/csp/article/K05032915?utm_source=f5support\u0026amp%3Butm_medium=RSS", "https://ubuntu.com/security/notices/USN-5349-1", "https://www.cve.org/CVERecord?id=CVE-2019-1010204" ], "PublishedDate": "2019-07-23T14:15:13.373Z", "LastModifiedDate": "2024-11-21T04:18:03.163Z" }, { "VulnerabilityID": "CVE-2022-27943", "PkgID": "libbinutils@2.38-4ubuntu2.11", "PkgName": "libbinutils", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libbinutils@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "707f1612eb18db2a", "BOMRef": "pkg:deb/ubuntu/libbinutils@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a8933041f542de676b4a24b6df1fe9895ea3cb60886bde277c0abcc9dd4b32be", "Title": "binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const", "Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "amazon": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-27943", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead", "https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "https://sourceware.org/bugzilla/show_bug.cgi?id=28995", "https://www.cve.org/CVERecord?id=CVE-2022-27943" ], "PublishedDate": "2022-03-26T13:15:07.9Z", "LastModifiedDate": "2024-11-21T06:56:31.04Z" }, { "VulnerabilityID": "CVE-2022-48064", "PkgID": "libbinutils@2.38-4ubuntu2.11", "PkgName": "libbinutils", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libbinutils@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "707f1612eb18db2a", "BOMRef": "pkg:deb/ubuntu/libbinutils@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-48064", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:fa69abb13ca8cdfbb9d4b5aabe24c3a81a57d630135cded8ad6c9874827c530e", "Title": "binutils: excessive memory consumption in _bfd_dwarf2_find_nearest_line_with_alt() in dwarf2.c", "Description": "GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.", "Severity": "LOW", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 2, "cbl-mariner": 2, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-48064", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/", "https://nvd.nist.gov/vuln/detail/CVE-2022-48064", "https://security.netapp.com/advisory/ntap-20231006-0008/", "https://sourceware.org/bugzilla/show_bug.cgi?id=29922", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8f2c64de86bc3d7556121fe296dd679000283931", "https://www.cve.org/CVERecord?id=CVE-2022-48064" ], "PublishedDate": "2023-08-22T19:16:30.937Z", "LastModifiedDate": "2024-11-21T07:32:46.073Z" }, { "VulnerabilityID": "CVE-2025-1152", "PkgID": "libbinutils@2.38-4ubuntu2.11", "PkgName": "libbinutils", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libbinutils@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "707f1612eb18db2a", "BOMRef": "pkg:deb/ubuntu/libbinutils@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1152", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ff08084d46be40fb402c03fced24083e9ec65be7e82686d504c575ad409a49c3", "Title": "binutils: GNU Binutils ld xstrdup.c xstrdup memory leak", "Description": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "nvd": 1, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1152", "https://nvd.nist.gov/vuln/detail/CVE-2025-1152", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://vuldb.com/?ctiid.295056", "https://vuldb.com/?id.295056", "https://www.cve.org/CVERecord?id=CVE-2025-1152", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T18:15:34.043Z", "LastModifiedDate": "2025-03-03T17:32:01.613Z" }, { "VulnerabilityID": "CVE-2025-15281", "PkgID": "libc-bin@2.35-0ubuntu3.11", "PkgName": "libc-bin", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libc-bin@2.35-0ubuntu3.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "24489dbf2d3388db", "BOMRef": "pkg:deb/ubuntu/libc-bin@2.35-0ubuntu3.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.35-0ubuntu3.11", "FixedVersion": "2.35-0ubuntu3.13", "Status": "fixed", "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15281", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:993ab2650b4268fcd9e143c79097b8fcb55182295a659a4e4c6076b9d6cca7f6", "Title": "glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory", "Description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "Severity": "MEDIUM", "CweIDs": [ "CWE-908" ], "VendorSeverity": { "alma": 2, "azure": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 3, "redhat": 1, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/20/3", "https://access.redhat.com/errata/RHSA-2026:2786", "https://access.redhat.com/security/cve/CVE-2025-15281", "https://bugzilla.redhat.com/2429771", "https://bugzilla.redhat.com/2430201", "https://bugzilla.redhat.com/2431196", "https://bugzilla.redhat.com/show_bug.cgi?id=2429771", "https://bugzilla.redhat.com/show_bug.cgi?id=2430201", "https://bugzilla.redhat.com/show_bug.cgi?id=2431196", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915", "https://errata.almalinux.org/9/ALSA-2026-2786.html", "https://errata.rockylinux.org/RLSA-2026:2786", "https://linux.oracle.com/cve/CVE-2025-15281.html", "https://linux.oracle.com/errata/ELSA-2026-50174.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", "https://ubuntu.com/security/notices/USN-8005-1", "https://www.cve.org/CVERecord?id=CVE-2025-15281", "https://www.openwall.com/lists/oss-security/2026/01/20/3" ], "PublishedDate": "2026-01-20T14:16:07.843Z", "LastModifiedDate": "2026-02-05T17:43:18.63Z" }, { "VulnerabilityID": "CVE-2026-0861", "PkgID": "libc-bin@2.35-0ubuntu3.11", "PkgName": "libc-bin", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libc-bin@2.35-0ubuntu3.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "24489dbf2d3388db", "BOMRef": "pkg:deb/ubuntu/libc-bin@2.35-0ubuntu3.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.35-0ubuntu3.11", "FixedVersion": "2.35-0ubuntu3.13", "Status": "fixed", "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-0861", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7a24580b2bd86bf4620076aa056b0a7a14115c00b3e51612eb198fd7cfc122bf", "Title": "glibc: Integer overflow in memalign leads to heap corruption", "Description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1\u003c\u003c62+ 1, 1\u003c\u003c63] and exactly 1\u003c\u003c63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "alma": 2, "azure": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 3, "redhat": 1, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/16/5", "https://access.redhat.com/errata/RHSA-2026:2786", "https://access.redhat.com/security/cve/CVE-2026-0861", "https://bugzilla.redhat.com/2429771", "https://bugzilla.redhat.com/2430201", "https://bugzilla.redhat.com/2431196", "https://bugzilla.redhat.com/show_bug.cgi?id=2429771", "https://bugzilla.redhat.com/show_bug.cgi?id=2430201", "https://bugzilla.redhat.com/show_bug.cgi?id=2431196", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915", "https://errata.almalinux.org/9/ALSA-2026-2786.html", "https://errata.rockylinux.org/RLSA-2026:2786", "https://linux.oracle.com/cve/CVE-2026-0861.html", "https://linux.oracle.com/errata/ELSA-2026-50120.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", "https://ubuntu.com/security/notices/USN-8005-1", "https://www.cve.org/CVERecord?id=CVE-2026-0861" ], "PublishedDate": "2026-01-14T21:15:52.617Z", "LastModifiedDate": "2026-02-03T18:26:25.39Z" }, { "VulnerabilityID": "CVE-2026-0915", "PkgID": "libc-bin@2.35-0ubuntu3.11", "PkgName": "libc-bin", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libc-bin@2.35-0ubuntu3.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "24489dbf2d3388db", "BOMRef": "pkg:deb/ubuntu/libc-bin@2.35-0ubuntu3.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.35-0ubuntu3.11", "FixedVersion": "2.35-0ubuntu3.13", "Status": "fixed", "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-0915", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0b717ffebe19cb7d0b017d5c26ecf9029b5405e9f1749288e613496fc8bf933d", "Title": "glibc: glibc: Information disclosure via zero-valued network query", "Description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "Severity": "MEDIUM", "CweIDs": [ "CWE-908" ], "VendorSeverity": { "alma": 2, "azure": 1, "cbl-mariner": 2, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/16/6", "https://access.redhat.com/errata/RHSA-2026:2786", "https://access.redhat.com/security/cve/CVE-2026-0915", "https://bugzilla.redhat.com/2429771", "https://bugzilla.redhat.com/2430201", "https://bugzilla.redhat.com/2431196", "https://bugzilla.redhat.com/show_bug.cgi?id=2429771", "https://bugzilla.redhat.com/show_bug.cgi?id=2430201", "https://bugzilla.redhat.com/show_bug.cgi?id=2431196", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915", "https://errata.almalinux.org/9/ALSA-2026-2786.html", "https://errata.rockylinux.org/RLSA-2026:2786", "https://linux.oracle.com/cve/CVE-2026-0915.html", "https://linux.oracle.com/errata/ELSA-2026-50174.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", "https://ubuntu.com/security/notices/USN-8005-1", "https://www.cve.org/CVERecord?id=CVE-2026-0915", "https://www.openwall.com/lists/oss-security/2026/01/16/6" ], "PublishedDate": "2026-01-15T22:16:12.457Z", "LastModifiedDate": "2026-01-23T19:36:50.73Z" }, { "VulnerabilityID": "CVE-2025-15281", "PkgID": "libc-dev-bin@2.35-0ubuntu3.11", "PkgName": "libc-dev-bin", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libc-dev-bin@2.35-0ubuntu3.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "4158124d50a25424", "BOMRef": "pkg:deb/ubuntu/libc-dev-bin@2.35-0ubuntu3.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.35-0ubuntu3.11", "FixedVersion": "2.35-0ubuntu3.13", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15281", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0b43c2a103e829175ce69ab189cd420c50418f0a8ba2eba76e55b35463446ce3", "Title": "glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory", "Description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "Severity": "MEDIUM", "CweIDs": [ "CWE-908" ], "VendorSeverity": { "alma": 2, "azure": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 3, "redhat": 1, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/20/3", "https://access.redhat.com/errata/RHSA-2026:2786", "https://access.redhat.com/security/cve/CVE-2025-15281", "https://bugzilla.redhat.com/2429771", "https://bugzilla.redhat.com/2430201", "https://bugzilla.redhat.com/2431196", "https://bugzilla.redhat.com/show_bug.cgi?id=2429771", "https://bugzilla.redhat.com/show_bug.cgi?id=2430201", "https://bugzilla.redhat.com/show_bug.cgi?id=2431196", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915", "https://errata.almalinux.org/9/ALSA-2026-2786.html", "https://errata.rockylinux.org/RLSA-2026:2786", "https://linux.oracle.com/cve/CVE-2025-15281.html", "https://linux.oracle.com/errata/ELSA-2026-50174.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", "https://ubuntu.com/security/notices/USN-8005-1", "https://www.cve.org/CVERecord?id=CVE-2025-15281", "https://www.openwall.com/lists/oss-security/2026/01/20/3" ], "PublishedDate": "2026-01-20T14:16:07.843Z", "LastModifiedDate": "2026-02-05T17:43:18.63Z" }, { "VulnerabilityID": "CVE-2026-0861", "PkgID": "libc-dev-bin@2.35-0ubuntu3.11", "PkgName": "libc-dev-bin", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libc-dev-bin@2.35-0ubuntu3.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "4158124d50a25424", "BOMRef": "pkg:deb/ubuntu/libc-dev-bin@2.35-0ubuntu3.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.35-0ubuntu3.11", "FixedVersion": "2.35-0ubuntu3.13", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-0861", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d6b8862415aba9cf38cfc9195c34528490641b7e0e486c0400bbe51024f92b7c", "Title": "glibc: Integer overflow in memalign leads to heap corruption", "Description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1\u003c\u003c62+ 1, 1\u003c\u003c63] and exactly 1\u003c\u003c63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "alma": 2, "azure": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 3, "redhat": 1, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/16/5", "https://access.redhat.com/errata/RHSA-2026:2786", "https://access.redhat.com/security/cve/CVE-2026-0861", "https://bugzilla.redhat.com/2429771", "https://bugzilla.redhat.com/2430201", "https://bugzilla.redhat.com/2431196", "https://bugzilla.redhat.com/show_bug.cgi?id=2429771", "https://bugzilla.redhat.com/show_bug.cgi?id=2430201", "https://bugzilla.redhat.com/show_bug.cgi?id=2431196", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915", "https://errata.almalinux.org/9/ALSA-2026-2786.html", "https://errata.rockylinux.org/RLSA-2026:2786", "https://linux.oracle.com/cve/CVE-2026-0861.html", "https://linux.oracle.com/errata/ELSA-2026-50120.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", "https://ubuntu.com/security/notices/USN-8005-1", "https://www.cve.org/CVERecord?id=CVE-2026-0861" ], "PublishedDate": "2026-01-14T21:15:52.617Z", "LastModifiedDate": "2026-02-03T18:26:25.39Z" }, { "VulnerabilityID": "CVE-2026-0915", "PkgID": "libc-dev-bin@2.35-0ubuntu3.11", "PkgName": "libc-dev-bin", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libc-dev-bin@2.35-0ubuntu3.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "4158124d50a25424", "BOMRef": "pkg:deb/ubuntu/libc-dev-bin@2.35-0ubuntu3.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.35-0ubuntu3.11", "FixedVersion": "2.35-0ubuntu3.13", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-0915", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:854630315dfe7ced58d2d31705b8c0f9bb0bab04cd40fab65302922cf2f14852", "Title": "glibc: glibc: Information disclosure via zero-valued network query", "Description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "Severity": "MEDIUM", "CweIDs": [ "CWE-908" ], "VendorSeverity": { "alma": 2, "azure": 1, "cbl-mariner": 2, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/16/6", "https://access.redhat.com/errata/RHSA-2026:2786", "https://access.redhat.com/security/cve/CVE-2026-0915", "https://bugzilla.redhat.com/2429771", "https://bugzilla.redhat.com/2430201", "https://bugzilla.redhat.com/2431196", "https://bugzilla.redhat.com/show_bug.cgi?id=2429771", "https://bugzilla.redhat.com/show_bug.cgi?id=2430201", "https://bugzilla.redhat.com/show_bug.cgi?id=2431196", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915", "https://errata.almalinux.org/9/ALSA-2026-2786.html", "https://errata.rockylinux.org/RLSA-2026:2786", "https://linux.oracle.com/cve/CVE-2026-0915.html", "https://linux.oracle.com/errata/ELSA-2026-50174.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", "https://ubuntu.com/security/notices/USN-8005-1", "https://www.cve.org/CVERecord?id=CVE-2026-0915", "https://www.openwall.com/lists/oss-security/2026/01/16/6" ], "PublishedDate": "2026-01-15T22:16:12.457Z", "LastModifiedDate": "2026-01-23T19:36:50.73Z" }, { "VulnerabilityID": "CVE-2025-15281", "PkgID": "libc6@2.35-0ubuntu3.11", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "feb7a9e4b39d76a6", "BOMRef": "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.35-0ubuntu3.11", "FixedVersion": "2.35-0ubuntu3.13", "Status": "fixed", "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15281", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3476fdbc86bfe1cb6c511f50f2f6e011d5a06afb466373397ecd33d216ecb105", "Title": "glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory", "Description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "Severity": "MEDIUM", "CweIDs": [ "CWE-908" ], "VendorSeverity": { "alma": 2, "azure": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 3, "redhat": 1, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/20/3", "https://access.redhat.com/errata/RHSA-2026:2786", "https://access.redhat.com/security/cve/CVE-2025-15281", "https://bugzilla.redhat.com/2429771", "https://bugzilla.redhat.com/2430201", "https://bugzilla.redhat.com/2431196", "https://bugzilla.redhat.com/show_bug.cgi?id=2429771", "https://bugzilla.redhat.com/show_bug.cgi?id=2430201", "https://bugzilla.redhat.com/show_bug.cgi?id=2431196", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915", "https://errata.almalinux.org/9/ALSA-2026-2786.html", "https://errata.rockylinux.org/RLSA-2026:2786", "https://linux.oracle.com/cve/CVE-2025-15281.html", "https://linux.oracle.com/errata/ELSA-2026-50174.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", "https://ubuntu.com/security/notices/USN-8005-1", "https://www.cve.org/CVERecord?id=CVE-2025-15281", "https://www.openwall.com/lists/oss-security/2026/01/20/3" ], "PublishedDate": "2026-01-20T14:16:07.843Z", "LastModifiedDate": "2026-02-05T17:43:18.63Z" }, { "VulnerabilityID": "CVE-2026-0861", "PkgID": "libc6@2.35-0ubuntu3.11", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "feb7a9e4b39d76a6", "BOMRef": "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.35-0ubuntu3.11", "FixedVersion": "2.35-0ubuntu3.13", "Status": "fixed", "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-0861", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:65bc0ff02e982392045395e607284bb77474e284d0edee502b5308059ecf12b0", "Title": "glibc: Integer overflow in memalign leads to heap corruption", "Description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1\u003c\u003c62+ 1, 1\u003c\u003c63] and exactly 1\u003c\u003c63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "alma": 2, "azure": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 3, "redhat": 1, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/16/5", "https://access.redhat.com/errata/RHSA-2026:2786", "https://access.redhat.com/security/cve/CVE-2026-0861", "https://bugzilla.redhat.com/2429771", "https://bugzilla.redhat.com/2430201", "https://bugzilla.redhat.com/2431196", "https://bugzilla.redhat.com/show_bug.cgi?id=2429771", "https://bugzilla.redhat.com/show_bug.cgi?id=2430201", "https://bugzilla.redhat.com/show_bug.cgi?id=2431196", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915", "https://errata.almalinux.org/9/ALSA-2026-2786.html", "https://errata.rockylinux.org/RLSA-2026:2786", "https://linux.oracle.com/cve/CVE-2026-0861.html", "https://linux.oracle.com/errata/ELSA-2026-50120.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", "https://ubuntu.com/security/notices/USN-8005-1", "https://www.cve.org/CVERecord?id=CVE-2026-0861" ], "PublishedDate": "2026-01-14T21:15:52.617Z", "LastModifiedDate": "2026-02-03T18:26:25.39Z" }, { "VulnerabilityID": "CVE-2026-0915", "PkgID": "libc6@2.35-0ubuntu3.11", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "feb7a9e4b39d76a6", "BOMRef": "pkg:deb/ubuntu/libc6@2.35-0ubuntu3.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.35-0ubuntu3.11", "FixedVersion": "2.35-0ubuntu3.13", "Status": "fixed", "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-0915", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d0a3e196ab790778ed2a9a6412c25b7ec1d18afd1afa312acedb7da2bea3fa45", "Title": "glibc: glibc: Information disclosure via zero-valued network query", "Description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "Severity": "MEDIUM", "CweIDs": [ "CWE-908" ], "VendorSeverity": { "alma": 2, "azure": 1, "cbl-mariner": 2, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/16/6", "https://access.redhat.com/errata/RHSA-2026:2786", "https://access.redhat.com/security/cve/CVE-2026-0915", "https://bugzilla.redhat.com/2429771", "https://bugzilla.redhat.com/2430201", "https://bugzilla.redhat.com/2431196", "https://bugzilla.redhat.com/show_bug.cgi?id=2429771", "https://bugzilla.redhat.com/show_bug.cgi?id=2430201", "https://bugzilla.redhat.com/show_bug.cgi?id=2431196", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915", "https://errata.almalinux.org/9/ALSA-2026-2786.html", "https://errata.rockylinux.org/RLSA-2026:2786", "https://linux.oracle.com/cve/CVE-2026-0915.html", "https://linux.oracle.com/errata/ELSA-2026-50174.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", "https://ubuntu.com/security/notices/USN-8005-1", "https://www.cve.org/CVERecord?id=CVE-2026-0915", "https://www.openwall.com/lists/oss-security/2026/01/16/6" ], "PublishedDate": "2026-01-15T22:16:12.457Z", "LastModifiedDate": "2026-01-23T19:36:50.73Z" }, { "VulnerabilityID": "CVE-2025-15281", "PkgID": "libc6-dev@2.35-0ubuntu3.11", "PkgName": "libc6-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libc6-dev@2.35-0ubuntu3.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "9024b8b3220c5637", "BOMRef": "pkg:deb/ubuntu/libc6-dev@2.35-0ubuntu3.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.35-0ubuntu3.11", "FixedVersion": "2.35-0ubuntu3.13", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15281", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:294465538de3323f85b227061f62d2359167e210f9a5eb3ae62e6eb7c671743f", "Title": "glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory", "Description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "Severity": "MEDIUM", "CweIDs": [ "CWE-908" ], "VendorSeverity": { "alma": 2, "azure": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 3, "redhat": 1, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/20/3", "https://access.redhat.com/errata/RHSA-2026:2786", "https://access.redhat.com/security/cve/CVE-2025-15281", "https://bugzilla.redhat.com/2429771", "https://bugzilla.redhat.com/2430201", "https://bugzilla.redhat.com/2431196", "https://bugzilla.redhat.com/show_bug.cgi?id=2429771", "https://bugzilla.redhat.com/show_bug.cgi?id=2430201", "https://bugzilla.redhat.com/show_bug.cgi?id=2431196", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915", "https://errata.almalinux.org/9/ALSA-2026-2786.html", "https://errata.rockylinux.org/RLSA-2026:2786", "https://linux.oracle.com/cve/CVE-2025-15281.html", "https://linux.oracle.com/errata/ELSA-2026-50174.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", "https://ubuntu.com/security/notices/USN-8005-1", "https://www.cve.org/CVERecord?id=CVE-2025-15281", "https://www.openwall.com/lists/oss-security/2026/01/20/3" ], "PublishedDate": "2026-01-20T14:16:07.843Z", "LastModifiedDate": "2026-02-05T17:43:18.63Z" }, { "VulnerabilityID": "CVE-2026-0861", "PkgID": "libc6-dev@2.35-0ubuntu3.11", "PkgName": "libc6-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libc6-dev@2.35-0ubuntu3.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "9024b8b3220c5637", "BOMRef": "pkg:deb/ubuntu/libc6-dev@2.35-0ubuntu3.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.35-0ubuntu3.11", "FixedVersion": "2.35-0ubuntu3.13", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-0861", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6d892ad0a00340a0460763c69967c2b1206b5b2a9f9882c6d0bd85851c4d44f5", "Title": "glibc: Integer overflow in memalign leads to heap corruption", "Description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1\u003c\u003c62+ 1, 1\u003c\u003c63] and exactly 1\u003c\u003c63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "alma": 2, "azure": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 3, "redhat": 1, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/16/5", "https://access.redhat.com/errata/RHSA-2026:2786", "https://access.redhat.com/security/cve/CVE-2026-0861", "https://bugzilla.redhat.com/2429771", "https://bugzilla.redhat.com/2430201", "https://bugzilla.redhat.com/2431196", "https://bugzilla.redhat.com/show_bug.cgi?id=2429771", "https://bugzilla.redhat.com/show_bug.cgi?id=2430201", "https://bugzilla.redhat.com/show_bug.cgi?id=2431196", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915", "https://errata.almalinux.org/9/ALSA-2026-2786.html", "https://errata.rockylinux.org/RLSA-2026:2786", "https://linux.oracle.com/cve/CVE-2026-0861.html", "https://linux.oracle.com/errata/ELSA-2026-50120.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", "https://ubuntu.com/security/notices/USN-8005-1", "https://www.cve.org/CVERecord?id=CVE-2026-0861" ], "PublishedDate": "2026-01-14T21:15:52.617Z", "LastModifiedDate": "2026-02-03T18:26:25.39Z" }, { "VulnerabilityID": "CVE-2026-0915", "PkgID": "libc6-dev@2.35-0ubuntu3.11", "PkgName": "libc6-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libc6-dev@2.35-0ubuntu3.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "9024b8b3220c5637", "BOMRef": "pkg:deb/ubuntu/libc6-dev@2.35-0ubuntu3.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.35-0ubuntu3.11", "FixedVersion": "2.35-0ubuntu3.13", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-0915", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5d7ed61e5c1d5ec8aef4fb752c7a578e3d46e6a8faefdbba4debe48d4595bb63", "Title": "glibc: glibc: Information disclosure via zero-valued network query", "Description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "Severity": "MEDIUM", "CweIDs": [ "CWE-908" ], "VendorSeverity": { "alma": 2, "azure": 1, "cbl-mariner": 2, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/16/6", "https://access.redhat.com/errata/RHSA-2026:2786", "https://access.redhat.com/security/cve/CVE-2026-0915", "https://bugzilla.redhat.com/2429771", "https://bugzilla.redhat.com/2430201", "https://bugzilla.redhat.com/2431196", "https://bugzilla.redhat.com/show_bug.cgi?id=2429771", "https://bugzilla.redhat.com/show_bug.cgi?id=2430201", "https://bugzilla.redhat.com/show_bug.cgi?id=2431196", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915", "https://errata.almalinux.org/9/ALSA-2026-2786.html", "https://errata.rockylinux.org/RLSA-2026:2786", "https://linux.oracle.com/cve/CVE-2026-0915.html", "https://linux.oracle.com/errata/ELSA-2026-50174.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", "https://ubuntu.com/security/notices/USN-8005-1", "https://www.cve.org/CVERecord?id=CVE-2026-0915", "https://www.openwall.com/lists/oss-security/2026/01/16/6" ], "PublishedDate": "2026-01-15T22:16:12.457Z", "LastModifiedDate": "2026-01-23T19:36:50.73Z" }, { "VulnerabilityID": "CVE-2022-27943", "PkgID": "libcc1-0@12.3.0-1ubuntu1~22.04.2", "PkgName": "libcc1-0", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libcc1-0@12.3.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "1213b56786d5fd7", "BOMRef": "pkg:deb/ubuntu/libcc1-0@12.3.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "12.3.0-1ubuntu1~22.04.2", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b4ff137c0ba207977d8ad9c417db79597b19b3057d59a0e6b9c1405eaa1dfba4", "Title": "binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const", "Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "amazon": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-27943", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead", "https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "https://sourceware.org/bugzilla/show_bug.cgi?id=28995", "https://www.cve.org/CVERecord?id=CVE-2022-27943" ], "PublishedDate": "2022-03-26T13:15:07.9Z", "LastModifiedDate": "2024-11-21T06:56:31.04Z" }, { "VulnerabilityID": "CVE-2025-11412", "PkgID": "libctf-nobfd0@2.38-4ubuntu2.11", "PkgName": "libctf-nobfd0", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libctf-nobfd0@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "abfffb1af060fcd8", "BOMRef": "pkg:deb/ubuntu/libctf-nobfd0@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "FixedVersion": "2.38-4ubuntu2.12", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11412", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7d64769d618e78eaf6c16e5bb3d6b0c4ddd167379b7df9d12574fd5e97c9c98f", "Title": "binutils: GNU Binutils Linker elflink.c bfd_elf_gc_record_vtentry out-of-bounds", "Description": "A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch.", "Severity": "MEDIUM", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11412", "https://nvd.nist.gov/vuln/detail/CVE-2025-11412", "https://sourceware.org/bugzilla/attachment.cgi?id=16378", "https://sourceware.org/bugzilla/show_bug.cgi?id=33452", "https://sourceware.org/bugzilla/show_bug.cgi?id=33452#c8", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=047435dd988a3975d40c6626a8f739a0b2e154bc", "https://ubuntu.com/security/notices/USN-7919-1", "https://vuldb.com/?ctiid.327348", "https://vuldb.com/?id.327348", "https://www.cve.org/CVERecord?id=CVE-2025-11412", "https://www.gnu.org/" ], "PublishedDate": "2025-10-07T22:15:34.03Z", "LastModifiedDate": "2025-10-14T15:09:07.05Z" }, { "VulnerabilityID": "CVE-2025-11413", "PkgID": "libctf-nobfd0@2.38-4ubuntu2.11", "PkgName": "libctf-nobfd0", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libctf-nobfd0@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "abfffb1af060fcd8", "BOMRef": "pkg:deb/ubuntu/libctf-nobfd0@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "FixedVersion": "2.38-4ubuntu2.12", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11413", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:70684348f46083b03f5d96f927b006e1f552bf1e826b9da6339d86e963c22cd2", "Title": "binutils: GNU Binutils Linker elflink.c elf_link_add_object_symbols out-of-bounds", "Description": "A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Upgrading to version 2.46 is able to address this issue. The patch is identified as 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. Upgrading the affected component is advised.", "Severity": "MEDIUM", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11413", "https://nvd.nist.gov/vuln/detail/CVE-2025-11413", "https://sourceware.org/bugzilla/attachment.cgi?id=16362", "https://sourceware.org/bugzilla/show_bug.cgi?id=33452", "https://sourceware.org/bugzilla/show_bug.cgi?id=33456", "https://sourceware.org/bugzilla/show_bug.cgi?id=33456#c10", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0", "https://ubuntu.com/security/notices/USN-7919-1", "https://vuldb.com/?ctiid.327349", "https://vuldb.com/?id.327349", "https://vuldb.com/?submit.665587", "https://vuldb.com/?submit.665590", "https://www.cve.org/CVERecord?id=CVE-2025-11413", "https://www.gnu.org/" ], "PublishedDate": "2025-10-07T22:15:34.23Z", "LastModifiedDate": "2026-02-24T07:16:31.417Z" }, { "VulnerabilityID": "CVE-2025-11414", "PkgID": "libctf-nobfd0@2.38-4ubuntu2.11", "PkgName": "libctf-nobfd0", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libctf-nobfd0@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "abfffb1af060fcd8", "BOMRef": "pkg:deb/ubuntu/libctf-nobfd0@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "FixedVersion": "2.38-4ubuntu2.12", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11414", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:654bcfd199e5ee3c8e2634c8c05060754df21ba1961133b83ddcdab1f1a871bf", "Title": "binutils: GNU Binutils Linker elflink.c get_link_hash_entry out-of-bounds", "Description": "A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.46 addresses this issue. Patch name: aeaaa9af6359c8e394ce9cf24911fec4f4d23703. It is advisable to upgrade the affected component.", "Severity": "MEDIUM", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "azure": 1, "cbl-mariner": 2, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11414", "https://nvd.nist.gov/vuln/detail/CVE-2025-11414", "https://sourceware.org/bugzilla/attachment.cgi?id=16361", "https://sourceware.org/bugzilla/show_bug.cgi?id=33450", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aeaaa9af6359c8e394ce9cf24911fec4f4d23703", "https://ubuntu.com/security/notices/USN-7919-1", "https://vuldb.com/?ctiid.327350", "https://vuldb.com/?id.327350", "https://vuldb.com/?submit.665591", "https://www.cve.org/CVERecord?id=CVE-2025-11414", "https://www.gnu.org/" ], "PublishedDate": "2025-10-07T23:15:33.053Z", "LastModifiedDate": "2025-10-14T15:25:00.127Z" }, { "VulnerabilityID": "CVE-2025-11494", "PkgID": "libctf-nobfd0@2.38-4ubuntu2.11", "PkgName": "libctf-nobfd0", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libctf-nobfd0@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "abfffb1af060fcd8", "BOMRef": "pkg:deb/ubuntu/libctf-nobfd0@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "FixedVersion": "2.38-4ubuntu2.12", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11494", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:71432bd4693b408c0ad45c3271c22418be9cd03f4e6f57fbcc008d6872414559", "Title": "binutils: GNU Binutils Linker out-of-bounds read", "Description": "A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11494", "https://nvd.nist.gov/vuln/detail/CVE-2025-11494", "https://sourceware.org/bugzilla/attachment.cgi?id=16389", "https://sourceware.org/bugzilla/show_bug.cgi?id=33499", "https://sourceware.org/bugzilla/show_bug.cgi?id=33499#c2", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a", "https://ubuntu.com/security/notices/USN-7919-1", "https://vuldb.com/?ctiid.327619", "https://vuldb.com/?id.327619", "https://vuldb.com/?submit.668281", "https://www.cve.org/CVERecord?id=CVE-2025-11494", "https://www.gnu.org/" ], "PublishedDate": "2025-10-08T20:15:34.77Z", "LastModifiedDate": "2025-10-14T15:27:45.803Z" }, { "VulnerabilityID": "CVE-2025-1180", "PkgID": "libctf-nobfd0@2.38-4ubuntu2.11", "PkgName": "libctf-nobfd0", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libctf-nobfd0@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "abfffb1af060fcd8", "BOMRef": "pkg:deb/ubuntu/libctf-nobfd0@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1180", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:550f96d699a26ddf6a4f8bdd807320fb0f8f11a6dc63c1c2b1f744f79089e264", "Title": "binutils: GNU Binutils ld elf-eh-frame.c _bfd_elf_write_section_eh_frame memory corruption", "Description": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function _bfd_elf_write_section_eh_frame of the file bfd/elf-eh-frame.c of the component ld. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "azure": 1, "cbl-mariner": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1180", "https://nvd.nist.gov/vuln/detail/CVE-2025-1180", "https://sourceware.org/bugzilla/attachment.cgi?id=15917", "https://sourceware.org/bugzilla/show_bug.cgi?id=32642", "https://vuldb.com/?ctiid.295083", "https://vuldb.com/?id.295083", "https://vuldb.com/?submit.495381", "https://www.cve.org/CVERecord?id=CVE-2025-1180", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T08:15:31.59Z", "LastModifiedDate": "2025-05-21T20:35:18.05Z" }, { "VulnerabilityID": "CVE-2017-13716", "PkgID": "libctf-nobfd0@2.38-4ubuntu2.11", "PkgName": "libctf-nobfd0", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libctf-nobfd0@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "abfffb1af060fcd8", "BOMRef": "pkg:deb/ubuntu/libctf-nobfd0@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:dc071afdaadf85e084d8412af02c85afd0959fa1d31d3d165471c8c1f798c663", "Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty", "Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).", "Severity": "LOW", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 7.1, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2017-13716", "https://nvd.nist.gov/vuln/detail/CVE-2017-13716", "https://sourceware.org/bugzilla/show_bug.cgi?id=22009", "https://www.cve.org/CVERecord?id=CVE-2017-13716" ], "PublishedDate": "2017-08-28T21:29:00.293Z", "LastModifiedDate": "2025-04-20T01:37:25.86Z" }, { "VulnerabilityID": "CVE-2019-1010204", "PkgID": "libctf-nobfd0@2.38-4ubuntu2.11", "PkgName": "libctf-nobfd0", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libctf-nobfd0@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "abfffb1af060fcd8", "BOMRef": "pkg:deb/ubuntu/libctf-nobfd0@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010204", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3524aa2a2a845b59f2f8b4ae316dae4908359d8e5aa74ee7d1a65d081785ad1c", "Title": "binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service", "Description": "GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.", "Severity": "LOW", "CweIDs": [ "CWE-125", "CWE-681" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 1, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2019-1010204", "https://linux.oracle.com/cve/CVE-2019-1010204.html", "https://linux.oracle.com/errata/ELSA-2020-1797.html", "https://nvd.nist.gov/vuln/detail/CVE-2019-1010204", "https://security.netapp.com/advisory/ntap-20190822-0001/", "https://sourceware.org/bugzilla/show_bug.cgi?id=23765", "https://support.f5.com/csp/article/K05032915?utm_source=f5support\u0026amp%3Butm_medium=RSS", "https://ubuntu.com/security/notices/USN-5349-1", "https://www.cve.org/CVERecord?id=CVE-2019-1010204" ], "PublishedDate": "2019-07-23T14:15:13.373Z", "LastModifiedDate": "2024-11-21T04:18:03.163Z" }, { "VulnerabilityID": "CVE-2022-27943", "PkgID": "libctf-nobfd0@2.38-4ubuntu2.11", "PkgName": "libctf-nobfd0", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libctf-nobfd0@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "abfffb1af060fcd8", "BOMRef": "pkg:deb/ubuntu/libctf-nobfd0@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8cc7e6295731c6acef6b9d8e5e05cbc0c446901df9a93fc937860ceca944a8d3", "Title": "binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const", "Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "amazon": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-27943", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead", "https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "https://sourceware.org/bugzilla/show_bug.cgi?id=28995", "https://www.cve.org/CVERecord?id=CVE-2022-27943" ], "PublishedDate": "2022-03-26T13:15:07.9Z", "LastModifiedDate": "2024-11-21T06:56:31.04Z" }, { "VulnerabilityID": "CVE-2022-48064", "PkgID": "libctf-nobfd0@2.38-4ubuntu2.11", "PkgName": "libctf-nobfd0", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libctf-nobfd0@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "abfffb1af060fcd8", "BOMRef": "pkg:deb/ubuntu/libctf-nobfd0@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-48064", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:aafb5f1a7315e1ee4125339a571c5008f9d727ae16355c7e1cdc13332f18a82d", "Title": "binutils: excessive memory consumption in _bfd_dwarf2_find_nearest_line_with_alt() in dwarf2.c", "Description": "GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.", "Severity": "LOW", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 2, "cbl-mariner": 2, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-48064", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/", "https://nvd.nist.gov/vuln/detail/CVE-2022-48064", "https://security.netapp.com/advisory/ntap-20231006-0008/", "https://sourceware.org/bugzilla/show_bug.cgi?id=29922", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8f2c64de86bc3d7556121fe296dd679000283931", "https://www.cve.org/CVERecord?id=CVE-2022-48064" ], "PublishedDate": "2023-08-22T19:16:30.937Z", "LastModifiedDate": "2024-11-21T07:32:46.073Z" }, { "VulnerabilityID": "CVE-2025-1152", "PkgID": "libctf-nobfd0@2.38-4ubuntu2.11", "PkgName": "libctf-nobfd0", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libctf-nobfd0@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "abfffb1af060fcd8", "BOMRef": "pkg:deb/ubuntu/libctf-nobfd0@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1152", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3c1a122eba5a73a6d92a28b5eb3e9b23218438a5d0ee36c86400d5ebbb375377", "Title": "binutils: GNU Binutils ld xstrdup.c xstrdup memory leak", "Description": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "nvd": 1, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1152", "https://nvd.nist.gov/vuln/detail/CVE-2025-1152", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://vuldb.com/?ctiid.295056", "https://vuldb.com/?id.295056", "https://www.cve.org/CVERecord?id=CVE-2025-1152", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T18:15:34.043Z", "LastModifiedDate": "2025-03-03T17:32:01.613Z" }, { "VulnerabilityID": "CVE-2025-11412", "PkgID": "libctf0@2.38-4ubuntu2.11", "PkgName": "libctf0", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libctf0@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "9854d38fa16b489c", "BOMRef": "pkg:deb/ubuntu/libctf0@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "FixedVersion": "2.38-4ubuntu2.12", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11412", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:69b4c1a45b5528719937d1e329076b031c86afb2274a91472bf7f21062014665", "Title": "binutils: GNU Binutils Linker elflink.c bfd_elf_gc_record_vtentry out-of-bounds", "Description": "A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch.", "Severity": "MEDIUM", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11412", "https://nvd.nist.gov/vuln/detail/CVE-2025-11412", "https://sourceware.org/bugzilla/attachment.cgi?id=16378", "https://sourceware.org/bugzilla/show_bug.cgi?id=33452", "https://sourceware.org/bugzilla/show_bug.cgi?id=33452#c8", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=047435dd988a3975d40c6626a8f739a0b2e154bc", "https://ubuntu.com/security/notices/USN-7919-1", "https://vuldb.com/?ctiid.327348", "https://vuldb.com/?id.327348", "https://www.cve.org/CVERecord?id=CVE-2025-11412", "https://www.gnu.org/" ], "PublishedDate": "2025-10-07T22:15:34.03Z", "LastModifiedDate": "2025-10-14T15:09:07.05Z" }, { "VulnerabilityID": "CVE-2025-11413", "PkgID": "libctf0@2.38-4ubuntu2.11", "PkgName": "libctf0", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libctf0@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "9854d38fa16b489c", "BOMRef": "pkg:deb/ubuntu/libctf0@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "FixedVersion": "2.38-4ubuntu2.12", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11413", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2b7bd3ab22a2bb9afe9cb508bc5c0ea4679cd277c99b073c48bd39a9be9ab8d7", "Title": "binutils: GNU Binutils Linker elflink.c elf_link_add_object_symbols out-of-bounds", "Description": "A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Upgrading to version 2.46 is able to address this issue. The patch is identified as 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. Upgrading the affected component is advised.", "Severity": "MEDIUM", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11413", "https://nvd.nist.gov/vuln/detail/CVE-2025-11413", "https://sourceware.org/bugzilla/attachment.cgi?id=16362", "https://sourceware.org/bugzilla/show_bug.cgi?id=33452", "https://sourceware.org/bugzilla/show_bug.cgi?id=33456", "https://sourceware.org/bugzilla/show_bug.cgi?id=33456#c10", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0", "https://ubuntu.com/security/notices/USN-7919-1", "https://vuldb.com/?ctiid.327349", "https://vuldb.com/?id.327349", "https://vuldb.com/?submit.665587", "https://vuldb.com/?submit.665590", "https://www.cve.org/CVERecord?id=CVE-2025-11413", "https://www.gnu.org/" ], "PublishedDate": "2025-10-07T22:15:34.23Z", "LastModifiedDate": "2026-02-24T07:16:31.417Z" }, { "VulnerabilityID": "CVE-2025-11414", "PkgID": "libctf0@2.38-4ubuntu2.11", "PkgName": "libctf0", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libctf0@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "9854d38fa16b489c", "BOMRef": "pkg:deb/ubuntu/libctf0@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "FixedVersion": "2.38-4ubuntu2.12", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11414", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:cdc4652d0bc3e1e3ed3208e7a54d1c42a01a175e5101aff262ed5183de95d581", "Title": "binutils: GNU Binutils Linker elflink.c get_link_hash_entry out-of-bounds", "Description": "A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.46 addresses this issue. Patch name: aeaaa9af6359c8e394ce9cf24911fec4f4d23703. It is advisable to upgrade the affected component.", "Severity": "MEDIUM", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "azure": 1, "cbl-mariner": 2, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11414", "https://nvd.nist.gov/vuln/detail/CVE-2025-11414", "https://sourceware.org/bugzilla/attachment.cgi?id=16361", "https://sourceware.org/bugzilla/show_bug.cgi?id=33450", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aeaaa9af6359c8e394ce9cf24911fec4f4d23703", "https://ubuntu.com/security/notices/USN-7919-1", "https://vuldb.com/?ctiid.327350", "https://vuldb.com/?id.327350", "https://vuldb.com/?submit.665591", "https://www.cve.org/CVERecord?id=CVE-2025-11414", "https://www.gnu.org/" ], "PublishedDate": "2025-10-07T23:15:33.053Z", "LastModifiedDate": "2025-10-14T15:25:00.127Z" }, { "VulnerabilityID": "CVE-2025-11494", "PkgID": "libctf0@2.38-4ubuntu2.11", "PkgName": "libctf0", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libctf0@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "9854d38fa16b489c", "BOMRef": "pkg:deb/ubuntu/libctf0@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "FixedVersion": "2.38-4ubuntu2.12", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11494", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7ab19a656654a6a5fef500120f337b7fc5231538417e06fa2498e77f124fe892", "Title": "binutils: GNU Binutils Linker out-of-bounds read", "Description": "A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11494", "https://nvd.nist.gov/vuln/detail/CVE-2025-11494", "https://sourceware.org/bugzilla/attachment.cgi?id=16389", "https://sourceware.org/bugzilla/show_bug.cgi?id=33499", "https://sourceware.org/bugzilla/show_bug.cgi?id=33499#c2", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a", "https://ubuntu.com/security/notices/USN-7919-1", "https://vuldb.com/?ctiid.327619", "https://vuldb.com/?id.327619", "https://vuldb.com/?submit.668281", "https://www.cve.org/CVERecord?id=CVE-2025-11494", "https://www.gnu.org/" ], "PublishedDate": "2025-10-08T20:15:34.77Z", "LastModifiedDate": "2025-10-14T15:27:45.803Z" }, { "VulnerabilityID": "CVE-2025-1180", "PkgID": "libctf0@2.38-4ubuntu2.11", "PkgName": "libctf0", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libctf0@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "9854d38fa16b489c", "BOMRef": "pkg:deb/ubuntu/libctf0@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1180", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:db1e5bf70b2a9e0fa1bec0c4c41a9893b2966c96f1d1d10b89a82be2e88f2051", "Title": "binutils: GNU Binutils ld elf-eh-frame.c _bfd_elf_write_section_eh_frame memory corruption", "Description": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function _bfd_elf_write_section_eh_frame of the file bfd/elf-eh-frame.c of the component ld. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "azure": 1, "cbl-mariner": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1180", "https://nvd.nist.gov/vuln/detail/CVE-2025-1180", "https://sourceware.org/bugzilla/attachment.cgi?id=15917", "https://sourceware.org/bugzilla/show_bug.cgi?id=32642", "https://vuldb.com/?ctiid.295083", "https://vuldb.com/?id.295083", "https://vuldb.com/?submit.495381", "https://www.cve.org/CVERecord?id=CVE-2025-1180", "https://www.gnu.org/" ], "PublishedDate": "2025-02-11T08:15:31.59Z", "LastModifiedDate": "2025-05-21T20:35:18.05Z" }, { "VulnerabilityID": "CVE-2017-13716", "PkgID": "libctf0@2.38-4ubuntu2.11", "PkgName": "libctf0", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libctf0@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "9854d38fa16b489c", "BOMRef": "pkg:deb/ubuntu/libctf0@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f1f017cb70e9c4caa58ba6fd23d4cfea6b0d4313ae0655409aaf2f1161314e2d", "Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty", "Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).", "Severity": "LOW", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 7.1, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2017-13716", "https://nvd.nist.gov/vuln/detail/CVE-2017-13716", "https://sourceware.org/bugzilla/show_bug.cgi?id=22009", "https://www.cve.org/CVERecord?id=CVE-2017-13716" ], "PublishedDate": "2017-08-28T21:29:00.293Z", "LastModifiedDate": "2025-04-20T01:37:25.86Z" }, { "VulnerabilityID": "CVE-2019-1010204", "PkgID": "libctf0@2.38-4ubuntu2.11", "PkgName": "libctf0", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libctf0@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "9854d38fa16b489c", "BOMRef": "pkg:deb/ubuntu/libctf0@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010204", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3d63aca2a03305e23f5f27cb1af4437a5dabf4e941c7f50f84aa0f16272538c5", "Title": "binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service", "Description": "GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.", "Severity": "LOW", "CweIDs": [ "CWE-125", "CWE-681" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 1, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2019-1010204", "https://linux.oracle.com/cve/CVE-2019-1010204.html", "https://linux.oracle.com/errata/ELSA-2020-1797.html", "https://nvd.nist.gov/vuln/detail/CVE-2019-1010204", "https://security.netapp.com/advisory/ntap-20190822-0001/", "https://sourceware.org/bugzilla/show_bug.cgi?id=23765", "https://support.f5.com/csp/article/K05032915?utm_source=f5support\u0026amp%3Butm_medium=RSS", "https://ubuntu.com/security/notices/USN-5349-1", "https://www.cve.org/CVERecord?id=CVE-2019-1010204" ], "PublishedDate": "2019-07-23T14:15:13.373Z", "LastModifiedDate": "2024-11-21T04:18:03.163Z" }, { "VulnerabilityID": "CVE-2022-27943", "PkgID": "libctf0@2.38-4ubuntu2.11", "PkgName": "libctf0", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libctf0@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "9854d38fa16b489c", "BOMRef": "pkg:deb/ubuntu/libctf0@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:280d676ea77075091c8b504a6b2e55401ef088146d8aa223fe493a64ad338a44", "Title": "binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const", "Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "amazon": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-27943", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead", "https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "https://sourceware.org/bugzilla/show_bug.cgi?id=28995", "https://www.cve.org/CVERecord?id=CVE-2022-27943" ], "PublishedDate": "2022-03-26T13:15:07.9Z", "LastModifiedDate": "2024-11-21T06:56:31.04Z" }, { "VulnerabilityID": "CVE-2022-48064", "PkgID": "libctf0@2.38-4ubuntu2.11", "PkgName": "libctf0", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libctf0@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "9854d38fa16b489c", "BOMRef": "pkg:deb/ubuntu/libctf0@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-48064", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:aff4d233f27017d04a14371cc0ad3bce6e746fb1cec8275c07648852a339953c", "Title": "binutils: excessive memory consumption in _bfd_dwarf2_find_nearest_line_with_alt() in dwarf2.c", "Description": "GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.", "Severity": "LOW", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 2, "cbl-mariner": 2, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-48064", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/", "https://nvd.nist.gov/vuln/detail/CVE-2022-48064", "https://security.netapp.com/advisory/ntap-20231006-0008/", "https://sourceware.org/bugzilla/show_bug.cgi?id=29922", "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=8f2c64de86bc3d7556121fe296dd679000283931", "https://www.cve.org/CVERecord?id=CVE-2022-48064" ], "PublishedDate": "2023-08-22T19:16:30.937Z", "LastModifiedDate": "2024-11-21T07:32:46.073Z" }, { "VulnerabilityID": "CVE-2025-1152", "PkgID": "libctf0@2.38-4ubuntu2.11", "PkgName": "libctf0", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libctf0@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04", "UID": "9854d38fa16b489c", "BOMRef": "pkg:deb/ubuntu/libctf0@2.38-4ubuntu2.11?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.38-4ubuntu2.11", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1152", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:05a1edf2a5cc3cdcb43fd099bb35e6b2b319725f14f1ffd9bb65a4178674e0a5", "Title": "binutils: GNU Binutils ld xstrdup.c xstrdup memory leak", "Description": "A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "Severity": "LOW", "CweIDs": [ "CWE-401", "CWE-404" ], "VendorSeverity": { "nvd": 1, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1152", "https://nvd.nist.gov/vuln/detail/CVE-2025-1152", "https://sourceware.org/bugzilla/attachment.cgi?id=15887", "https://sourceware.org/bugzilla/show_bug.cgi?id=32576", "https://vuldb.com/?ctiid.295056", "https://vuldb.com/?id.295056", "https://www.cve.org/CVERecord?id=CVE-2025-1152", "https://www.gnu.org/" ], "PublishedDate": "2025-02-10T18:15:34.043Z", "LastModifiedDate": "2025-03-03T17:32:01.613Z" }, { "VulnerabilityID": "CVE-2025-14017", "PkgID": "libcurl4@7.81.0-1ubuntu1.21", "PkgName": "libcurl4", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libcurl4@7.81.0-1ubuntu1.21?arch=amd64\u0026distro=ubuntu-22.04", "UID": "9374090a58260ae8", "BOMRef": "pkg:deb/ubuntu/libcurl4@7.81.0-1ubuntu1.21?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "7.81.0-1ubuntu1.21", "FixedVersion": "7.81.0-1ubuntu1.22", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-14017", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:00f839a652c7d856c718131856ab21a9aeb1f5748b5a1dae78a3f50ca0e9db61", "Title": "curl: curl: Security bypass due to global TLS option changes in multi-threaded LDAPS transfers", "Description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/07/3", "https://access.redhat.com/security/cve/CVE-2025-14017", "https://curl.se/docs/CVE-2025-14017.html", "https://curl.se/docs/CVE-2025-14017.json", "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "https://ubuntu.com/security/notices/USN-8062-1", "https://ubuntu.com/security/notices/USN-8062-2", "https://www.cve.org/CVERecord?id=CVE-2025-14017" ], "PublishedDate": "2026-01-08T10:15:45.667Z", "LastModifiedDate": "2026-01-27T21:29:39.953Z" }, { "VulnerabilityID": "CVE-2026-1965", "PkgID": "libcurl4@7.81.0-1ubuntu1.21", "PkgName": "libcurl4", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libcurl4@7.81.0-1ubuntu1.21?arch=amd64\u0026distro=ubuntu-22.04", "UID": "9374090a58260ae8", "BOMRef": "pkg:deb/ubuntu/libcurl4@7.81.0-1ubuntu1.21?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "7.81.0-1ubuntu1.21", "FixedVersion": "7.81.0-1ubuntu1.23", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-1965", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0c636f8db62680e4b4803905fd36efff11aa8610aefdce40953a4197bc1e8c1f", "Title": "curl: curl: Authentication bypass due to incorrect connection reuse with Negotiate authentication", "Description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "Severity": "MEDIUM", "CweIDs": [ "CWE-305" ], "VendorSeverity": { "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "V3Score": 6.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-1965", "https://curl.se/docs/CVE-2026-1965.html", "https://curl.se/docs/CVE-2026-1965.json", "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "https://ubuntu.com/security/notices/USN-8084-1", "https://ubuntu.com/security/notices/USN-8099-1", "https://www.cve.org/CVERecord?id=CVE-2026-1965" ], "PublishedDate": "2026-03-11T11:15:59.177Z", "LastModifiedDate": "2026-03-12T14:11:19.07Z" }, { "VulnerabilityID": "CVE-2026-3783", "PkgID": "libcurl4@7.81.0-1ubuntu1.21", "PkgName": "libcurl4", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libcurl4@7.81.0-1ubuntu1.21?arch=amd64\u0026distro=ubuntu-22.04", "UID": "9374090a58260ae8", "BOMRef": "pkg:deb/ubuntu/libcurl4@7.81.0-1ubuntu1.21?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "7.81.0-1ubuntu1.21", "FixedVersion": "7.81.0-1ubuntu1.23", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3783", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9c1ebfa51d890a3a740b230c73770281d8008ccaa5c0c0a344fbd19785e0b19f", "Title": "curl: curl: Information disclosure via OAuth2 bearer token leakage during HTTP(S) redirect", "Description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "Severity": "MEDIUM", "CweIDs": [ "CWE-522" ], "VendorSeverity": { "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "V3Score": 5.7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/11/2", "https://access.redhat.com/security/cve/CVE-2026-3783", "https://curl.se/docs/CVE-2026-3783.html", "https://curl.se/docs/CVE-2026-3783.json", "https://hackerone.com/reports/3583983", "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "https://ubuntu.com/security/notices/USN-8084-1", "https://ubuntu.com/security/notices/USN-8099-1", "https://www.cve.org/CVERecord?id=CVE-2026-3783" ], "PublishedDate": "2026-03-11T11:16:00.08Z", "LastModifiedDate": "2026-03-12T14:10:37.3Z" }, { "VulnerabilityID": "CVE-2025-0167", "PkgID": "libcurl4@7.81.0-1ubuntu1.21", "PkgName": "libcurl4", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libcurl4@7.81.0-1ubuntu1.21?arch=amd64\u0026distro=ubuntu-22.04", "UID": "9374090a58260ae8", "BOMRef": "pkg:deb/ubuntu/libcurl4@7.81.0-1ubuntu1.21?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "7.81.0-1ubuntu1.21", "FixedVersion": "7.81.0-1ubuntu1.23", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0167", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:84f5ba1245295cc95c2b215b937d563baeccbf1a5f02af7961b37264cfd8098b", "Title": "When asked to use a `.netrc` file for credentials **and** to follow HT ...", "Description": "When asked to use a `.netrc` file for credentials **and** to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has a `default` entry that\nomits both login and password. A rare circumstance.", "Severity": "LOW", "VendorSeverity": { "amazon": 2, "azure": 1, "cbl-mariner": 1, "photon": 1, "ubuntu": 1 }, "References": [ "https://curl.se/docs/CVE-2025-0167.html", "https://curl.se/docs/CVE-2025-0167.json", "https://hackerone.com/reports/2917232", "https://nvd.nist.gov/vuln/detail/CVE-2025-0167", "https://security.netapp.com/advisory/ntap-20250306-0008/", "https://ubuntu.com/security/notices/USN-8084-1", "https://www.cve.org/CVERecord?id=CVE-2025-0167" ], "PublishedDate": "2025-02-05T10:15:22.71Z", "LastModifiedDate": "2025-07-30T19:41:45.08Z" }, { "VulnerabilityID": "CVE-2025-14524", "PkgID": "libcurl4@7.81.0-1ubuntu1.21", "PkgName": "libcurl4", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libcurl4@7.81.0-1ubuntu1.21?arch=amd64\u0026distro=ubuntu-22.04", "UID": "9374090a58260ae8", "BOMRef": "pkg:deb/ubuntu/libcurl4@7.81.0-1ubuntu1.21?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "7.81.0-1ubuntu1.21", "FixedVersion": "7.81.0-1ubuntu1.22", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-14524", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:32d8bd3d198c38199a48ac0cf664221e6804bae0b8503f84bf4b747f33febf6a", "Title": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that ...", "Description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a cross-protocol redirect to a second URL that uses an IMAP, LDAP,\nPOP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new\ntarget host.", "Severity": "LOW", "CweIDs": [ "CWE-601" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "photon": 2, "ubuntu": 1 }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/07/4", "https://curl.se/docs/CVE-2025-14524.html", "https://curl.se/docs/CVE-2025-14524.json", "https://hackerone.com/reports/3459417", "https://nvd.nist.gov/vuln/detail/CVE-2025-14524", "https://ubuntu.com/security/notices/USN-8062-1", "https://www.cve.org/CVERecord?id=CVE-2025-14524" ], "PublishedDate": "2026-01-08T10:15:46.607Z", "LastModifiedDate": "2026-01-20T14:53:11.017Z" }, { "VulnerabilityID": "CVE-2025-15079", "PkgID": "libcurl4@7.81.0-1ubuntu1.21", "PkgName": "libcurl4", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libcurl4@7.81.0-1ubuntu1.21?arch=amd64\u0026distro=ubuntu-22.04", "UID": "9374090a58260ae8", "BOMRef": "pkg:deb/ubuntu/libcurl4@7.81.0-1ubuntu1.21?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "7.81.0-1ubuntu1.21", "FixedVersion": "7.81.0-1ubuntu1.22", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15079", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:63cb85e9376513f5aad6cb08de49160074a4c467cf4f7b58a8b4e9901253ca52", "Title": "When doing SSH-based transfers using either SCP or SFTP, and setting t ...", "Description": "When doing SSH-based transfers using either SCP or SFTP, and setting the\nknown_hosts file, libcurl could still mistakenly accept connecting to hosts\n*not present* in the specified file if they were added as recognized in the\nlibssh *global* known_hosts file.", "Severity": "LOW", "CweIDs": [ "CWE-297" ], "VendorSeverity": { "amazon": 2, "photon": 2, "ubuntu": 1 }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/07/6", "https://curl.se/docs/CVE-2025-15079.html", "https://curl.se/docs/CVE-2025-15079.json", "https://hackerone.com/reports/3477116", "https://ubuntu.com/security/notices/USN-8062-1", "https://ubuntu.com/security/notices/USN-8062-2", "https://www.cve.org/CVERecord?id=CVE-2025-15079" ], "PublishedDate": "2026-01-08T10:15:47.1Z", "LastModifiedDate": "2026-01-20T14:50:24.33Z" }, { "VulnerabilityID": "CVE-2025-15224", "PkgID": "libcurl4@7.81.0-1ubuntu1.21", "PkgName": "libcurl4", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libcurl4@7.81.0-1ubuntu1.21?arch=amd64\u0026distro=ubuntu-22.04", "UID": "9374090a58260ae8", "BOMRef": "pkg:deb/ubuntu/libcurl4@7.81.0-1ubuntu1.21?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "7.81.0-1ubuntu1.21", "FixedVersion": "7.81.0-1ubuntu1.22", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15224", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b17fa956e4caf6b73f032a9cf3d8615cd3c5f3ebdcc7a64a5b97e94e6e36b878", "Title": "When doing SSH-based transfers using either SCP or SFTP, and asked to ...", "Description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "Severity": "LOW", "CweIDs": [ "CWE-287" ], "VendorSeverity": { "amazon": 2, "photon": 1, "ubuntu": 1 }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/07/7", "https://curl.se/docs/CVE-2025-15224.html", "https://curl.se/docs/CVE-2025-15224.json", "https://hackerone.com/reports/3480925", "https://ubuntu.com/security/notices/USN-8062-1", "https://ubuntu.com/security/notices/USN-8062-2", "https://www.cve.org/CVERecord?id=CVE-2025-15224" ], "PublishedDate": "2026-01-08T10:15:47.207Z", "LastModifiedDate": "2026-01-20T14:47:52.71Z" }, { "VulnerabilityID": "CVE-2026-3784", "PkgID": "libcurl4@7.81.0-1ubuntu1.21", "PkgName": "libcurl4", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libcurl4@7.81.0-1ubuntu1.21?arch=amd64\u0026distro=ubuntu-22.04", "UID": "9374090a58260ae8", "BOMRef": "pkg:deb/ubuntu/libcurl4@7.81.0-1ubuntu1.21?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "7.81.0-1ubuntu1.21", "FixedVersion": "7.81.0-1ubuntu1.23", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3784", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:400c0b2815d3536c569838c53bcceb063c1808907da39c580850ce0e87ff9a04", "Title": "curl: curl: Unauthorized access due to improper HTTP proxy connection reuse", "Description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "Severity": "LOW", "CweIDs": [ "CWE-305" ], "VendorSeverity": { "photon": 2, "redhat": 2, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/11/3", "https://access.redhat.com/security/cve/CVE-2026-3784", "https://curl.se/docs/CVE-2026-3784.html", "https://curl.se/docs/CVE-2026-3784.json", "https://hackerone.com/reports/3584903", "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "https://ubuntu.com/security/notices/USN-8084-1", "https://ubuntu.com/security/notices/USN-8099-1", "https://www.cve.org/CVERecord?id=CVE-2026-3784" ], "PublishedDate": "2026-03-11T11:16:00.437Z", "LastModifiedDate": "2026-03-12T14:09:50.47Z" }, { "VulnerabilityID": "CVE-2025-1352", "PkgID": "libelf-dev@0.186-1ubuntu0.1", "PkgName": "libelf-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libelf-dev@0.186-1ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "ebec5af61690e7f2", "BOMRef": "pkg:deb/ubuntu/libelf-dev@0.186-1ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "0.186-1ubuntu0.1", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1352", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:bcafdce96d690d7e0844b0e36b52e26cbf8be1cb89ed6020a9348849f986b60a", "Title": "elfutils: GNU elfutils eu-readelf libdw_alloc.c __libdw_thread_tail memory corruption", "Description": "A vulnerability has been found in GNU elfutils 0.192 and classified as critical. This vulnerability affects the function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf. The manipulation of the argument w leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 2636426a091bd6c6f7f02e49ab20d4cdc6bfc753. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "amazon": 2, "azure": 1, "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1352", "https://nvd.nist.gov/vuln/detail/CVE-2025-1352", "https://sourceware.org/bugzilla/attachment.cgi?id=15923", "https://sourceware.org/bugzilla/show_bug.cgi?id=32650", "https://sourceware.org/bugzilla/show_bug.cgi?id=32650#c2", "https://vuldb.com/?ctiid.295960", "https://vuldb.com/?id.295960", "https://vuldb.com/?submit.495965", "https://www.cve.org/CVERecord?id=CVE-2025-1352", "https://www.gnu.org/" ], "PublishedDate": "2025-02-16T15:15:09.133Z", "LastModifiedDate": "2025-11-03T20:34:23.89Z" }, { "VulnerabilityID": "CVE-2025-1376", "PkgID": "libelf-dev@0.186-1ubuntu0.1", "PkgName": "libelf-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libelf-dev@0.186-1ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "ebec5af61690e7f2", "BOMRef": "pkg:deb/ubuntu/libelf-dev@0.186-1ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "0.186-1ubuntu0.1", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1376", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c6d3d5dd4f0281166bf05bc54174bc868478f4cc3640dac456e0350ffa52ee09", "Title": "elfutils: GNU elfutils eu-strip elf_strptr.c elf_strptr denial of service", "Description": "A vulnerability classified as problematic was found in GNU elfutils 0.192. This vulnerability affects the function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is b16f441cca0a4841050e3215a9f120a6d8aea918. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-404" ], "VendorSeverity": { "azure": 1, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 2.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1376", "https://nvd.nist.gov/vuln/detail/CVE-2025-1376", "https://sourceware.org/bugzilla/attachment.cgi?id=15940", "https://sourceware.org/bugzilla/show_bug.cgi?id=32672", "https://sourceware.org/bugzilla/show_bug.cgi?id=32672#c3", "https://vuldb.com/?ctiid.295984", "https://vuldb.com/?id.295984", "https://vuldb.com/?submit.497538", "https://www.cve.org/CVERecord?id=CVE-2025-1376", "https://www.gnu.org/" ], "PublishedDate": "2025-02-17T05:15:09.807Z", "LastModifiedDate": "2025-11-04T20:21:18.26Z" }, { "VulnerabilityID": "CVE-2025-1352", "PkgID": "libelf1@0.186-1ubuntu0.1", "PkgName": "libelf1", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libelf1@0.186-1ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "4f2d2d9312928eed", "BOMRef": "pkg:deb/ubuntu/libelf1@0.186-1ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "0.186-1ubuntu0.1", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1352", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:28307a7d8fdefa5c0850dbecfd235277dd004e420c22f0431d3e2f4deef0236a", "Title": "elfutils: GNU elfutils eu-readelf libdw_alloc.c __libdw_thread_tail memory corruption", "Description": "A vulnerability has been found in GNU elfutils 0.192 and classified as critical. This vulnerability affects the function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf. The manipulation of the argument w leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 2636426a091bd6c6f7f02e49ab20d4cdc6bfc753. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "amazon": 2, "azure": 1, "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1352", "https://nvd.nist.gov/vuln/detail/CVE-2025-1352", "https://sourceware.org/bugzilla/attachment.cgi?id=15923", "https://sourceware.org/bugzilla/show_bug.cgi?id=32650", "https://sourceware.org/bugzilla/show_bug.cgi?id=32650#c2", "https://vuldb.com/?ctiid.295960", "https://vuldb.com/?id.295960", "https://vuldb.com/?submit.495965", "https://www.cve.org/CVERecord?id=CVE-2025-1352", "https://www.gnu.org/" ], "PublishedDate": "2025-02-16T15:15:09.133Z", "LastModifiedDate": "2025-11-03T20:34:23.89Z" }, { "VulnerabilityID": "CVE-2025-1376", "PkgID": "libelf1@0.186-1ubuntu0.1", "PkgName": "libelf1", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libelf1@0.186-1ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "4f2d2d9312928eed", "BOMRef": "pkg:deb/ubuntu/libelf1@0.186-1ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "0.186-1ubuntu0.1", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1376", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e01dcba2631b40e684c75ac47a51a2da5f995c2b3a737c06f8b64dde1b2ab320", "Title": "elfutils: GNU elfutils eu-strip elf_strptr.c elf_strptr denial of service", "Description": "A vulnerability classified as problematic was found in GNU elfutils 0.192. This vulnerability affects the function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is b16f441cca0a4841050e3215a9f120a6d8aea918. It is recommended to apply a patch to fix this issue.", "Severity": "LOW", "CweIDs": [ "CWE-404" ], "VendorSeverity": { "azure": 1, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 2.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1376", "https://nvd.nist.gov/vuln/detail/CVE-2025-1376", "https://sourceware.org/bugzilla/attachment.cgi?id=15940", "https://sourceware.org/bugzilla/show_bug.cgi?id=32672", "https://sourceware.org/bugzilla/show_bug.cgi?id=32672#c3", "https://vuldb.com/?ctiid.295984", "https://vuldb.com/?id.295984", "https://vuldb.com/?submit.497538", "https://www.cve.org/CVERecord?id=CVE-2025-1376", "https://www.gnu.org/" ], "PublishedDate": "2025-02-17T05:15:09.807Z", "LastModifiedDate": "2025-11-04T20:21:18.26Z" }, { "VulnerabilityID": "CVE-2025-66382", "PkgID": "libexpat1@2.4.7-1ubuntu0.6", "PkgName": "libexpat1", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libexpat1@2.4.7-1ubuntu0.6?arch=amd64\u0026distro=ubuntu-22.04", "UID": "70ca7ecd820e00ee", "BOMRef": "pkg:deb/ubuntu/libexpat1@2.4.7-1ubuntu0.6?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.4.7-1ubuntu0.6", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-66382", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:246975441cef6f56c03f70bc07b80d2cc039bafc3adae3ae80ce160b8d7ea436", "Title": "libexpat: libexpat: Denial of service via crafted file processing", "Description": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.", "Severity": "MEDIUM", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 2.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/12/02/1", "https://access.redhat.com/security/cve/CVE-2025-66382", "https://github.com/libexpat/libexpat/issues/1076", "https://nvd.nist.gov/vuln/detail/CVE-2025-66382", "https://www.cve.org/CVERecord?id=CVE-2025-66382" ], "PublishedDate": "2025-11-28T07:15:57.9Z", "LastModifiedDate": "2025-12-19T16:05:03.557Z" }, { "VulnerabilityID": "CVE-2026-24515", "PkgID": "libexpat1@2.4.7-1ubuntu0.6", "PkgName": "libexpat1", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libexpat1@2.4.7-1ubuntu0.6?arch=amd64\u0026distro=ubuntu-22.04", "UID": "70ca7ecd820e00ee", "BOMRef": "pkg:deb/ubuntu/libexpat1@2.4.7-1ubuntu0.6?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.4.7-1ubuntu0.6", "FixedVersion": "2.4.7-1ubuntu0.7", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-24515", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:fde246be8fc6566d82efbd60702fcda10cf8fad3d124e2982c313a62d679d8c1", "Title": "libexpat: libexpat null pointer dereference", "Description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 1, "cbl-mariner": 1, "nvd": 1, "photon": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 2.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 2.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-24515", "https://github.com/libexpat/libexpat/pull/1131", "https://nvd.nist.gov/vuln/detail/CVE-2026-24515", "https://ubuntu.com/security/notices/USN-8022-1", "https://ubuntu.com/security/notices/USN-8022-2", "https://ubuntu.com/security/notices/USN-8023-1", "https://www.cve.org/CVERecord?id=CVE-2026-24515" ], "PublishedDate": "2026-01-23T08:16:01.49Z", "LastModifiedDate": "2026-02-05T17:27:53.29Z" }, { "VulnerabilityID": "CVE-2026-25210", "PkgID": "libexpat1@2.4.7-1ubuntu0.6", "PkgName": "libexpat1", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libexpat1@2.4.7-1ubuntu0.6?arch=amd64\u0026distro=ubuntu-22.04", "UID": "70ca7ecd820e00ee", "BOMRef": "pkg:deb/ubuntu/libexpat1@2.4.7-1ubuntu0.6?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.4.7-1ubuntu0.6", "FixedVersion": "2.4.7-1ubuntu0.7", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25210", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6330a5b9c237081507acf505591b137df73c7f4d2e3129bb6f25cdde30b61d58", "Title": "libexpat: libexpat: Information disclosure and data integrity issues due to integer overflow in buffer reallocation", "Description": "In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "nvd": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L", "V3Score": 6.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-25210", "https://github.com/libexpat/libexpat/pull/1075", "https://github.com/libexpat/libexpat/pull/1075/commits/9c2d990389e6abe2e44527eeaa8b39f16fe859c7", "https://nvd.nist.gov/vuln/detail/CVE-2026-25210", "https://ubuntu.com/security/notices/USN-8022-1", "https://ubuntu.com/security/notices/USN-8022-2", "https://ubuntu.com/security/notices/USN-8023-1", "https://www.cve.org/CVERecord?id=CVE-2026-25210" ], "PublishedDate": "2026-01-30T07:16:15.57Z", "LastModifiedDate": "2026-03-10T18:17:12.78Z" }, { "VulnerabilityID": "CVE-2025-66382", "PkgID": "libexpat1-dev@2.4.7-1ubuntu0.6", "PkgName": "libexpat1-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libexpat1-dev@2.4.7-1ubuntu0.6?arch=amd64\u0026distro=ubuntu-22.04", "UID": "60d976ccee5d735d", "BOMRef": "pkg:deb/ubuntu/libexpat1-dev@2.4.7-1ubuntu0.6?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.4.7-1ubuntu0.6", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-66382", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2f8b45895afd02d8e70a170efa6ff7ecb6ca007b8ba188ab7f878a48fc9697fa", "Title": "libexpat: libexpat: Denial of service via crafted file processing", "Description": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.", "Severity": "MEDIUM", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 2.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/12/02/1", "https://access.redhat.com/security/cve/CVE-2025-66382", "https://github.com/libexpat/libexpat/issues/1076", "https://nvd.nist.gov/vuln/detail/CVE-2025-66382", "https://www.cve.org/CVERecord?id=CVE-2025-66382" ], "PublishedDate": "2025-11-28T07:15:57.9Z", "LastModifiedDate": "2025-12-19T16:05:03.557Z" }, { "VulnerabilityID": "CVE-2026-24515", "PkgID": "libexpat1-dev@2.4.7-1ubuntu0.6", "PkgName": "libexpat1-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libexpat1-dev@2.4.7-1ubuntu0.6?arch=amd64\u0026distro=ubuntu-22.04", "UID": "60d976ccee5d735d", "BOMRef": "pkg:deb/ubuntu/libexpat1-dev@2.4.7-1ubuntu0.6?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.4.7-1ubuntu0.6", "FixedVersion": "2.4.7-1ubuntu0.7", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-24515", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a2a1d877c61a8492a53eb755c104bbfe4dd07091c5c217a525dd391d42ed726f", "Title": "libexpat: libexpat null pointer dereference", "Description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 1, "cbl-mariner": 1, "nvd": 1, "photon": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 2.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 2.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-24515", "https://github.com/libexpat/libexpat/pull/1131", "https://nvd.nist.gov/vuln/detail/CVE-2026-24515", "https://ubuntu.com/security/notices/USN-8022-1", "https://ubuntu.com/security/notices/USN-8022-2", "https://ubuntu.com/security/notices/USN-8023-1", "https://www.cve.org/CVERecord?id=CVE-2026-24515" ], "PublishedDate": "2026-01-23T08:16:01.49Z", "LastModifiedDate": "2026-02-05T17:27:53.29Z" }, { "VulnerabilityID": "CVE-2026-25210", "PkgID": "libexpat1-dev@2.4.7-1ubuntu0.6", "PkgName": "libexpat1-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libexpat1-dev@2.4.7-1ubuntu0.6?arch=amd64\u0026distro=ubuntu-22.04", "UID": "60d976ccee5d735d", "BOMRef": "pkg:deb/ubuntu/libexpat1-dev@2.4.7-1ubuntu0.6?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.4.7-1ubuntu0.6", "FixedVersion": "2.4.7-1ubuntu0.7", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25210", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:eb8f0fab2b43acd3b0b2cc7b8951543836297bd826eb8d37ee99400f92550f75", "Title": "libexpat: libexpat: Information disclosure and data integrity issues due to integer overflow in buffer reallocation", "Description": "In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "nvd": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L", "V3Score": 6.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-25210", "https://github.com/libexpat/libexpat/pull/1075", "https://github.com/libexpat/libexpat/pull/1075/commits/9c2d990389e6abe2e44527eeaa8b39f16fe859c7", "https://nvd.nist.gov/vuln/detail/CVE-2026-25210", "https://ubuntu.com/security/notices/USN-8022-1", "https://ubuntu.com/security/notices/USN-8022-2", "https://ubuntu.com/security/notices/USN-8023-1", "https://www.cve.org/CVERecord?id=CVE-2026-25210" ], "PublishedDate": "2026-01-30T07:16:15.57Z", "LastModifiedDate": "2026-03-10T18:17:12.78Z" }, { "VulnerabilityID": "CVE-2021-3826", "PkgID": "libgcc-11-dev@11.4.0-1ubuntu1~22.04.2", "PkgName": "libgcc-11-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libgcc-11-dev@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "a3f7f3bd085ca7b0", "BOMRef": "pkg:deb/ubuntu/libgcc-11-dev@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "11.4.0-1ubuntu1~22.04.2", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3826", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5bd0e33c0dfe2485b9834bcee259f79eb62afc8d356bc08318fde82d73a59ec3", "Title": "libiberty: Heap/stack buffer overflow in the dlang_lname function in d-demangle.c", "Description": "Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-787" ], "VendorSeverity": { "alma": 1, "nvd": 2, "oracle-oval": 1, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6372", "https://access.redhat.com/security/cve/CVE-2021-3826", "https://bugzilla.redhat.com/2122627", "https://errata.almalinux.org/9/ALSA-2023-6372.html", "https://gcc.gnu.org/git/?p=gcc.git%3Ba=commit%3Bh=5481040197402be6dfee265bd2ff5a4c88e30505", "https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=5481040197402be6dfee265bd2ff5a4c88e30505", "https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579987", "https://linux.oracle.com/cve/CVE-2021-3826.html", "https://linux.oracle.com/errata/ELSA-2023-6372.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYLS3VR4OPL5ECRWOR4ZHMGXUSCJFZY/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXFC74WRZ2Q7F2TSUKPYNIL7ZPBWYI6L/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", "https://nvd.nist.gov/vuln/detail/CVE-2021-3826", "https://www.cve.org/CVERecord?id=CVE-2021-3826" ], "PublishedDate": "2022-09-01T21:15:08.843Z", "LastModifiedDate": "2024-11-21T06:22:32.99Z" }, { "VulnerabilityID": "CVE-2021-46195", "PkgID": "libgcc-11-dev@11.4.0-1ubuntu1~22.04.2", "PkgName": "libgcc-11-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libgcc-11-dev@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "a3f7f3bd085ca7b0", "BOMRef": "pkg:deb/ubuntu/libgcc-11-dev@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "11.4.0-1ubuntu1~22.04.2", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-46195", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c3eebf5ab011d801a73baaa52826db5a5e5d2ce64e8771dd11cb940bf8660243", "Title": "gcc: uncontrolled recursion in libiberty/rust-demangle.c", "Description": "GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "alma": 1, "nvd": 2, "oracle-oval": 1, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2022:8415", "https://access.redhat.com/security/cve/CVE-2021-46195", "https://bugzilla.redhat.com/2046300", "https://errata.almalinux.org/9/ALSA-2022-8415.html", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841", "https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=f10bec5ffa487ad3033ed5f38cfd0fc7d696deab", "https://linux.oracle.com/cve/CVE-2021-46195.html", "https://linux.oracle.com/errata/ELSA-2022-8415.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-46195", "https://www.cve.org/CVERecord?id=CVE-2021-46195" ], "PublishedDate": "2022-01-14T20:15:15.6Z", "LastModifiedDate": "2024-11-21T06:33:45.04Z" }, { "VulnerabilityID": "CVE-2022-27943", "PkgID": "libgcc-11-dev@11.4.0-1ubuntu1~22.04.2", "PkgName": "libgcc-11-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libgcc-11-dev@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "a3f7f3bd085ca7b0", "BOMRef": "pkg:deb/ubuntu/libgcc-11-dev@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "11.4.0-1ubuntu1~22.04.2", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0c486ece78d2d4bce9c7b5b465869d223e3641865ed049c36e8ce52a05a9d10b", "Title": "binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const", "Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "amazon": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-27943", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead", "https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "https://sourceware.org/bugzilla/show_bug.cgi?id=28995", "https://www.cve.org/CVERecord?id=CVE-2022-27943" ], "PublishedDate": "2022-03-26T13:15:07.9Z", "LastModifiedDate": "2024-11-21T06:56:31.04Z" }, { "VulnerabilityID": "CVE-2022-27943", "PkgID": "libgcc-s1@12.3.0-1ubuntu1~22.04.2", "PkgName": "libgcc-s1", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libgcc-s1@12.3.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2bb534b139e6d4f2", "BOMRef": "pkg:deb/ubuntu/libgcc-s1@12.3.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "12.3.0-1ubuntu1~22.04.2", "Status": "affected", "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:060a2fb26931474925bcd023394964f9ea2713ea00aa0c7b363686214d6ea5a3", "Title": "binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const", "Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "amazon": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-27943", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead", "https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "https://sourceware.org/bugzilla/show_bug.cgi?id=28995", "https://www.cve.org/CVERecord?id=CVE-2022-27943" ], "PublishedDate": "2022-03-26T13:15:07.9Z", "LastModifiedDate": "2024-11-21T06:56:31.04Z" }, { "VulnerabilityID": "CVE-2024-2236", "PkgID": "libgcrypt20@1.9.4-3ubuntu3", "PkgName": "libgcrypt20", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libgcrypt20@1.9.4-3ubuntu3?arch=amd64\u0026distro=ubuntu-22.04", "UID": "654726586f81e4b6", "BOMRef": "pkg:deb/ubuntu/libgcrypt20@1.9.4-3ubuntu3?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "1.9.4-3ubuntu3", "Status": "affected", "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-2236", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:99e93ba69c1a7d543f7dfce7214b678aabdaf6bc61cf51529a8e0d6d33b94efa", "Title": "libgcrypt: vulnerable to Marvin Attack", "Description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "Severity": "LOW", "CweIDs": [ "CWE-385" ], "VendorSeverity": { "alma": 2, "amazon": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:9404", "https://access.redhat.com/errata/RHSA-2025:3530", "https://access.redhat.com/errata/RHSA-2025:3534", "https://access.redhat.com/security/cve/CVE-2024-2236", "https://bugzilla.redhat.com/2245218", "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", "https://bugzilla.redhat.com/show_bug.cgi?id=2268268", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236", "https://dev.gnupg.org/T7136", "https://errata.almalinux.org/9/ALSA-2024-9404.html", "https://errata.rockylinux.org/RLSA-2024:9404", "https://github.com/tomato42/marvin-toolkit/tree/master/example/libgcrypt", "https://gitlab.com/redhat-crypto/libgcrypt/libgcrypt-mirror/-/merge_requests/17", "https://linux.oracle.com/cve/CVE-2024-2236.html", "https://linux.oracle.com/errata/ELSA-2024-9404.html", "https://lists.gnupg.org/pipermail/gcrypt-devel/2024-March/005607.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", "https://www.cve.org/CVERecord?id=CVE-2024-2236" ], "PublishedDate": "2024-03-06T22:15:57.977Z", "LastModifiedDate": "2026-02-25T20:17:20.547Z" }, { "VulnerabilityID": "CVE-2025-14831", "PkgID": "libgnutls30@3.7.3-4ubuntu1.7", "PkgName": "libgnutls30", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libgnutls30@3.7.3-4ubuntu1.7?arch=amd64\u0026distro=ubuntu-22.04", "UID": "f355cd58df369fb5", "BOMRef": "pkg:deb/ubuntu/libgnutls30@3.7.3-4ubuntu1.7?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.7.3-4ubuntu1.7", "FixedVersion": "3.7.3-4ubuntu1.8", "Status": "fixed", "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-14831", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9aeca139dcb4dc18e0361050e83002de9a89bd64d4448a6c73cea32ce8594086", "Title": "gnutls: GnuTLS: Denial of Service via excessive resource consumption during certificate verification", "Description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "Severity": "MEDIUM", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "alma": 2, "amazon": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:3477", "https://access.redhat.com/errata/RHSA-2026:4188", "https://access.redhat.com/errata/RHSA-2026:4655", "https://access.redhat.com/errata/RHSA-2026:4943", "https://access.redhat.com/errata/RHSA-2026:5585", "https://access.redhat.com/errata/RHSA-2026:5606", "https://access.redhat.com/security/cve/CVE-2025-14831", "https://bugzilla.redhat.com/2392528", "https://bugzilla.redhat.com/2423177", "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", "https://bugzilla.redhat.com/show_bug.cgi?id=2423177", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820", "https://errata.almalinux.org/9/ALSA-2026-4188.html", "https://errata.rockylinux.org/RLSA-2026:4188", "https://gitlab.com/gnutls/gnutls/-/issues/1773", "https://linux.oracle.com/cve/CVE-2025-14831.html", "https://linux.oracle.com/errata/ELSA-2026-5585.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", "https://ubuntu.com/security/notices/USN-8043-1", "https://www.cve.org/CVERecord?id=CVE-2025-14831" ], "PublishedDate": "2026-02-09T15:16:09.937Z", "LastModifiedDate": "2026-03-24T11:16:21.903Z" }, { "VulnerabilityID": "CVE-2025-9820", "PkgID": "libgnutls30@3.7.3-4ubuntu1.7", "PkgName": "libgnutls30", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libgnutls30@3.7.3-4ubuntu1.7?arch=amd64\u0026distro=ubuntu-22.04", "UID": "f355cd58df369fb5", "BOMRef": "pkg:deb/ubuntu/libgnutls30@3.7.3-4ubuntu1.7?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.7.3-4ubuntu1.7", "FixedVersion": "3.7.3-4ubuntu1.8", "Status": "fixed", "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9820", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a553733de1de29f1ab87a05450ec94e4eaddcb4431de6bb1cdb2406406ae7f1c", "Title": "gnutls: Stack-based Buffer Overflow in gnutls_pkcs11_token_init() Function", "Description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "Severity": "LOW", "CweIDs": [ "CWE-121" ], "VendorSeverity": { "alma": 2, "azure": 2, "cbl-mariner": 2, "oracle-oval": 2, "redhat": 1, "rocky": 2, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/11/20/2", "https://access.redhat.com/errata/RHSA-2026:3477", "https://access.redhat.com/errata/RHSA-2026:4188", "https://access.redhat.com/errata/RHSA-2026:4655", "https://access.redhat.com/errata/RHSA-2026:4943", "https://access.redhat.com/errata/RHSA-2026:5585", "https://access.redhat.com/errata/RHSA-2026:5606", "https://access.redhat.com/security/cve/CVE-2025-9820", "https://bugzilla.redhat.com/2392528", "https://bugzilla.redhat.com/2423177", "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", "https://bugzilla.redhat.com/show_bug.cgi?id=2423177", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820", "https://errata.almalinux.org/9/ALSA-2026-4188.html", "https://errata.rockylinux.org/RLSA-2026:4188", "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", "https://gitlab.com/gnutls/gnutls/-/issues/1732", "https://linux.oracle.com/cve/CVE-2025-9820.html", "https://linux.oracle.com/errata/ELSA-2026-5585.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "https://ubuntu.com/security/notices/USN-8043-1", "https://www.cve.org/CVERecord?id=CVE-2025-9820", "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18" ], "PublishedDate": "2026-01-26T20:16:09.37Z", "LastModifiedDate": "2026-03-24T11:16:22.723Z" }, { "VulnerabilityID": "CVE-2022-27943", "PkgID": "libgomp1@12.3.0-1ubuntu1~22.04.2", "PkgName": "libgomp1", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libgomp1@12.3.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "166586e5bc10cd52", "BOMRef": "pkg:deb/ubuntu/libgomp1@12.3.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "12.3.0-1ubuntu1~22.04.2", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4450956a97d56c1240c7859cc25a36106aa4769d8497a05b2dc1d028aa31a85a", "Title": "binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const", "Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "amazon": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-27943", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead", "https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "https://sourceware.org/bugzilla/show_bug.cgi?id=28995", "https://www.cve.org/CVERecord?id=CVE-2022-27943" ], "PublishedDate": "2022-03-26T13:15:07.9Z", "LastModifiedDate": "2024-11-21T06:56:31.04Z" }, { "VulnerabilityID": "CVE-2025-5222", "PkgID": "libicu-dev@70.1-2", "PkgName": "libicu-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libicu-dev@70.1-2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "6370c638d7ea081d", "BOMRef": "pkg:deb/ubuntu/libicu-dev@70.1-2?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "70.1-2", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5222", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f5af085c0bd0042860afb784219748bee6266c3f5059df089aafd9969e731cd4", "Title": "icu: Stack buffer overflow in the SRBRoot::addTag function", "Description": "A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.", "Severity": "LOW", "CweIDs": [ "CWE-120" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "cbl-mariner": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:11888", "https://access.redhat.com/errata/RHSA-2025:12083", "https://access.redhat.com/errata/RHSA-2025:12331", "https://access.redhat.com/errata/RHSA-2025:12332", "https://access.redhat.com/errata/RHSA-2025:12333", "https://access.redhat.com/security/cve/CVE-2025-5222", "https://bugzilla.redhat.com/2368600", "https://bugzilla.redhat.com/show_bug.cgi?id=2368600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5222", "https://errata.almalinux.org/9/ALSA-2025-12083.html", "https://errata.rockylinux.org/RLSA-2025:12083", "https://linux.oracle.com/cve/CVE-2025-5222.html", "https://linux.oracle.com/errata/ELSA-2025-12083.html", "https://lists.debian.org/debian-lts-announce/2025/06/msg00015.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-5222", "https://www.cve.org/CVERecord?id=CVE-2025-5222" ], "PublishedDate": "2025-05-27T21:15:23.03Z", "LastModifiedDate": "2026-01-23T11:33:07.2Z" }, { "VulnerabilityID": "CVE-2025-5222", "PkgID": "libicu70@70.1-2", "PkgName": "libicu70", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libicu70@70.1-2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "80711690dd5aad02", "BOMRef": "pkg:deb/ubuntu/libicu70@70.1-2?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "70.1-2", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5222", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:95fb84f616713c736e1ed8b5975c1e2b4c7d12066b43eb6e0899603edfa47222", "Title": "icu: Stack buffer overflow in the SRBRoot::addTag function", "Description": "A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.", "Severity": "LOW", "CweIDs": [ "CWE-120" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "cbl-mariner": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:11888", "https://access.redhat.com/errata/RHSA-2025:12083", "https://access.redhat.com/errata/RHSA-2025:12331", "https://access.redhat.com/errata/RHSA-2025:12332", "https://access.redhat.com/errata/RHSA-2025:12333", "https://access.redhat.com/security/cve/CVE-2025-5222", "https://bugzilla.redhat.com/2368600", "https://bugzilla.redhat.com/show_bug.cgi?id=2368600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5222", "https://errata.almalinux.org/9/ALSA-2025-12083.html", "https://errata.rockylinux.org/RLSA-2025:12083", "https://linux.oracle.com/cve/CVE-2025-5222.html", "https://linux.oracle.com/errata/ELSA-2025-12083.html", "https://lists.debian.org/debian-lts-announce/2025/06/msg00015.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-5222", "https://www.cve.org/CVERecord?id=CVE-2025-5222" ], "PublishedDate": "2025-05-27T21:15:23.03Z", "LastModifiedDate": "2026-01-23T11:33:07.2Z" }, { "VulnerabilityID": "CVE-2022-27943", "PkgID": "libitm1@12.3.0-1ubuntu1~22.04.2", "PkgName": "libitm1", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libitm1@12.3.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "cc223efaa2cd1d92", "BOMRef": "pkg:deb/ubuntu/libitm1@12.3.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "12.3.0-1ubuntu1~22.04.2", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d83848530a178f3e41a123a48373415b1ea11caf52e391564743b430a5d4fe75", "Title": "binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const", "Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "amazon": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-27943", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead", "https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "https://sourceware.org/bugzilla/show_bug.cgi?id=28995", "https://www.cve.org/CVERecord?id=CVE-2022-27943" ], "PublishedDate": "2022-03-26T13:15:07.9Z", "LastModifiedDate": "2024-11-21T06:56:31.04Z" }, { "VulnerabilityID": "CVE-2024-7883", "PkgID": "libllvm15@1:15.0.7-0ubuntu0.22.04.3", "PkgName": "libllvm15", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libllvm15@15.0.7-0ubuntu0.22.04.3?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1", "UID": "9df8ffdb70c79b1a", "BOMRef": "pkg:deb/ubuntu/libllvm15@15.0.7-0ubuntu0.22.04.3?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1" }, "InstalledVersion": "1:15.0.7-0ubuntu0.22.04.3", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-7883", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3edea4b1d7391d8544d61d2c092af22386c85d9f945a9ef9956f509781a11998", "Title": "clang: CMSE secure state may leak from stack to floating-point registers", "Description": "When using Arm Cortex-M Security Extensions (CMSE), Secure stack \ncontents can be leaked to Non-secure state via floating-point registers \nwhen a Secure to Non-secure function call is made that returns a \nfloating-point value and when this is the first use of floating-point \nsince entering Secure state. This allows an attacker to read a limited \nquantity of Secure stack contents with an impact on confidentiality. \nThis issue is specific to code generated using LLVM-based compilers.", "Severity": "LOW", "CweIDs": [ "CWE-226" ], "VendorSeverity": { "azure": 1, "redhat": 1, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-7883", "https://developer.arm.com/Arm%20Security%20Center/Cortex-M%20Security%20Extensions%20Vulnerability", "https://github.com/llvm/llvm-project/pull/114433", "https://nvd.nist.gov/vuln/detail/CVE-2024-7883", "https://www.cve.org/CVERecord?id=CVE-2024-7883" ], "PublishedDate": "2024-10-31T17:15:14.013Z", "LastModifiedDate": "2025-12-23T15:30:31.55Z" }, { "VulnerabilityID": "CVE-2022-27943", "PkgID": "liblsan0@12.3.0-1ubuntu1~22.04.2", "PkgName": "liblsan0", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/liblsan0@12.3.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "e4a58aaee7e86c33", "BOMRef": "pkg:deb/ubuntu/liblsan0@12.3.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "12.3.0-1ubuntu1~22.04.2", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:82e15ffe24b2321bb0d7584b8399b4eadf288cb58061beec9ceb059f8cdb8cfb", "Title": "binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const", "Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "amazon": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-27943", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead", "https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "https://sourceware.org/bugzilla/show_bug.cgi?id=28995", "https://www.cve.org/CVERecord?id=CVE-2022-27943" ], "PublishedDate": "2022-03-26T13:15:07.9Z", "LastModifiedDate": "2024-11-21T06:56:31.04Z" }, { "VulnerabilityID": "CVE-2023-50495", "PkgID": "libncurses-dev@6.3-2ubuntu0.1", "PkgName": "libncurses-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libncurses-dev@6.3-2ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "e72d5190dd1e6bc5", "BOMRef": "pkg:deb/ubuntu/libncurses-dev@6.3-2ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "6.3-2ubuntu0.1", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-50495", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:19f2cdb8674e76858bb43e34b0dd215a1ba250152340095377afbcacb1acc022", "Title": "ncurses: segmentation fault via _nc_wrap_entry()", "Description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "Severity": "LOW", "VendorSeverity": { "amazon": 2, "cbl-mariner": 2, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-50495", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "https://security.netapp.com/advisory/ntap-20240119-0008/", "https://ubuntu.com/security/notices/USN-6684-1", "https://www.cve.org/CVERecord?id=CVE-2023-50495" ], "PublishedDate": "2023-12-12T15:15:07.867Z", "LastModifiedDate": "2025-11-04T19:16:14.45Z" }, { "VulnerabilityID": "CVE-2023-50495", "PkgID": "libncurses6@6.3-2ubuntu0.1", "PkgName": "libncurses6", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libncurses6@6.3-2ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "d8ed2f03ac5aec1c", "BOMRef": "pkg:deb/ubuntu/libncurses6@6.3-2ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "6.3-2ubuntu0.1", "Status": "affected", "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-50495", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:de525f3b01a99ea6847bc5a997171eb00be722e9d6f67d6c6764a789a499f8b9", "Title": "ncurses: segmentation fault via _nc_wrap_entry()", "Description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "Severity": "LOW", "VendorSeverity": { "amazon": 2, "cbl-mariner": 2, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-50495", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "https://security.netapp.com/advisory/ntap-20240119-0008/", "https://ubuntu.com/security/notices/USN-6684-1", "https://www.cve.org/CVERecord?id=CVE-2023-50495" ], "PublishedDate": "2023-12-12T15:15:07.867Z", "LastModifiedDate": "2025-11-04T19:16:14.45Z" }, { "VulnerabilityID": "CVE-2023-50495", "PkgID": "libncursesw6@6.3-2ubuntu0.1", "PkgName": "libncursesw6", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libncursesw6@6.3-2ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "ba96d3f385a080fe", "BOMRef": "pkg:deb/ubuntu/libncursesw6@6.3-2ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "6.3-2ubuntu0.1", "Status": "affected", "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-50495", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:64a3eac59c6cbb8feb5532564dca6da1b02a9984397ab71b9c96d2b108324297", "Title": "ncurses: segmentation fault via _nc_wrap_entry()", "Description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "Severity": "LOW", "VendorSeverity": { "amazon": 2, "cbl-mariner": 2, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-50495", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "https://security.netapp.com/advisory/ntap-20240119-0008/", "https://ubuntu.com/security/notices/USN-6684-1", "https://www.cve.org/CVERecord?id=CVE-2023-50495" ], "PublishedDate": "2023-12-12T15:15:07.867Z", "LastModifiedDate": "2025-11-04T19:16:14.45Z" }, { "VulnerabilityID": "CVE-2022-41409", "PkgID": "libpcre2-8-0@10.39-3ubuntu0.1", "PkgName": "libpcre2-8-0", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libpcre2-8-0@10.39-3ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "a8abfa1e863e6371", "BOMRef": "pkg:deb/ubuntu/libpcre2-8-0@10.39-3ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "10.39-3ubuntu0.1", "Status": "affected", "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41409", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:450d61cb81013eb2d587de41b651c82e66620a512aba6dde6500a1179599c469", "Title": "pcre2: negative repeat value in a pcre2test subject line leads to inifinite loop", "Description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "Severity": "LOW", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "amazon": 1, "cbl-mariner": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-41409", "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", "https://github.com/PCRE2Project/pcre2/issues/141", "https://github.com/advisories/GHSA-4qfx-v7wh-3q4j", "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "https://www.cve.org/CVERecord?id=CVE-2022-41409" ], "PublishedDate": "2023-07-18T14:15:12.197Z", "LastModifiedDate": "2024-11-21T07:23:10.577Z" }, { "VulnerabilityID": "CVE-2017-11164", "PkgID": "libpcre3@2:8.39-13ubuntu0.22.04.1", "PkgName": "libpcre3", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libpcre3@8.39-13ubuntu0.22.04.1?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=2", "UID": "c69e88018274362f", "BOMRef": "pkg:deb/ubuntu/libpcre3@8.39-13ubuntu0.22.04.1?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=2" }, "InstalledVersion": "2:8.39-13ubuntu0.22.04.1", "Status": "affected", "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11164", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8e55b4b2c2471a2eb96b0ddd0c2027d22d8640b272f5f27878a8ab64de74f025", "Title": "pcre: OP_KETRMAX feature in the match function in pcre_exec.c", "Description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 7.8, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "http://openwall.com/lists/oss-security/2017/07/11/3", "http://www.openwall.com/lists/oss-security/2023/04/11/1", "http://www.openwall.com/lists/oss-security/2023/04/12/1", "http://www.securityfocus.com/bid/99575", "https://access.redhat.com/security/cve/CVE-2017-11164", "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", "https://nvd.nist.gov/vuln/detail/CVE-2017-11164", "https://www.cve.org/CVERecord?id=CVE-2017-11164" ], "PublishedDate": "2017-07-11T03:29:00.277Z", "LastModifiedDate": "2025-04-20T01:37:25.86Z" }, { "VulnerabilityID": "CVE-2025-11468", "PkgID": "libpython3.10@3.10.12-1~22.04.12", "PkgName": "libpython3.10", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libpython3.10@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "fe1d28ec2a99619a", "BOMRef": "pkg:deb/ubuntu/libpython3.10@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.14", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11468", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3222c1acdc86e3f3da116e7d17dbcfd77d494761ebf4de7787ead53f501d1941", "Title": "cpython: Missing character filtering in Python", "Description": "When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized.", "Severity": "MEDIUM", "CweIDs": [ "CWE-93" ], "VendorSeverity": { "amazon": 2, "azure": 2, "bitnami": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 5.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "V3Score": 4.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11468", "https://github.com/python/cpython/commit/003b8315669b9f08b1010a49071f73f15f818094", "https://github.com/python/cpython/commit/17d1490aa97bd6b98a42b1a9b324ead84e7fd8a2", "https://github.com/python/cpython/commit/61614a5e5056e4f61ced65008d4576f3df34acb6", "https://github.com/python/cpython/commit/a76e4cd62dd68e7cbe86e37e6ed988495a646b66", "https://github.com/python/cpython/commit/e9970f077240c7c670e8a6fc6662f2b30d3b6ad0", "https://github.com/python/cpython/commit/f738386838021c762efea6c9802c82de65e87796", "https://github.com/python/cpython/issues/143935", "https://github.com/python/cpython/pull/143936", "https://mail.python.org/archives/list/security-announce@python.org/thread/FELSEOLBI2QR6YLG6Q7VYF7FWSGQTKLI/", "https://nvd.nist.gov/vuln/detail/CVE-2025-11468", "https://ubuntu.com/security/notices/USN-8018-1", "https://www.cve.org/CVERecord?id=CVE-2025-11468" ], "PublishedDate": "2026-01-20T22:15:50.69Z", "LastModifiedDate": "2026-03-03T15:16:13.803Z" }, { "VulnerabilityID": "CVE-2025-12084", "PkgID": "libpython3.10@3.10.12-1~22.04.12", "PkgName": "libpython3.10", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libpython3.10@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "fe1d28ec2a99619a", "BOMRef": "pkg:deb/ubuntu/libpython3.10@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.14", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-12084", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:241a6e675123a3b54a6aec241bd16afd5c64696a0139b1182bd19ba643a3ae56", "Title": "cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service", "Description": "When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.", "Severity": "MEDIUM", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "V40Score": 6.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1478", "https://access.redhat.com/security/cve/CVE-2025-12084", "https://bugzilla.redhat.com/2418655", "https://bugzilla.redhat.com/show_bug.cgi?id=2418655", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12084", "https://errata.almalinux.org/9/ALSA-2026-1478.html", "https://errata.rockylinux.org/RLSA-2026:1478", "https://github.com/python/cpython/commit/027f21e417b26eed4505ac2db101a4352b7c51a0", "https://github.com/python/cpython/commit/08d8e18ad81cd45bc4a27d6da478b51ea49486e4", "https://github.com/python/cpython/commit/27648a1818749ef44c420afe6173af6868715437", "https://github.com/python/cpython/commit/41f468786762348960486c166833a218a0a436af", "https://github.com/python/cpython/commit/57937a8e5e293f0dcba5115f7b7a11b1e0c9a273", "https://github.com/python/cpython/commit/8d2d7bb2e754f8649a68ce4116271a4932f76907", "https://github.com/python/cpython/commit/9c9dda6625a2a90d2a06c657eee021d6be19842d", "https://github.com/python/cpython/commit/a46c10ec9d4050ab67b8a932e0859a2ea60c3cb8", "https://github.com/python/cpython/commit/a696ba8b4d42fd632afc9bc88ad830a2e4cceed8", "https://github.com/python/cpython/commit/c97e87593063d84a2bd9fe7068b30eb44de23dc0", "https://github.com/python/cpython/commit/ddcd2acd85d891a53e281c773b3093f9db953964", "https://github.com/python/cpython/commit/e91c11449cad34bac3ea55ee09ca557691d92b53", "https://github.com/python/cpython/issues/142145", "https://github.com/python/cpython/pull/142146", "https://linux.oracle.com/cve/CVE-2025-12084.html", "https://linux.oracle.com/errata/ELSA-2026-2713.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-12084", "https://ubuntu.com/security/notices/USN-8018-1", "https://ubuntu.com/security/notices/USN-8018-3", "https://www.cve.org/CVERecord?id=CVE-2025-12084" ], "PublishedDate": "2025-12-03T19:15:55.05Z", "LastModifiedDate": "2026-01-26T15:16:05.95Z" }, { "VulnerabilityID": "CVE-2025-13836", "PkgID": "libpython3.10@3.10.12-1~22.04.12", "PkgName": "libpython3.10", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libpython3.10@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "fe1d28ec2a99619a", "BOMRef": "pkg:deb/ubuntu/libpython3.10@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.13", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-13836", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2780529e122decd89ff9d786c834c5844fa85c9a1e045c8b5ee32b60467722e7", "Title": "cpython: Excessive read buffering DoS in http.client", "Description": "When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "bitnami": 2, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L", "V40Score": 6.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "V3Score": 6.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1410", "https://access.redhat.com/security/cve/CVE-2025-13836", "https://bugzilla.redhat.com/2418078", "https://bugzilla.redhat.com/2418655", "https://bugzilla.redhat.com/show_bug.cgi?id=2418078", "https://bugzilla.redhat.com/show_bug.cgi?id=2418655", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12084", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13836", "https://errata.almalinux.org/9/ALSA-2026-1410.html", "https://errata.rockylinux.org/RLSA-2026:1410", "https://github.com/python/cpython/commit/14b1fdb0a94b96f86fc7b86671ea9582b8676628", "https://github.com/python/cpython/commit/289f29b0fe38baf2d7cb5854f4bb573cc34a6a15", "https://github.com/python/cpython/commit/4ce27904b597c77d74dd93f2c912676021a99155", "https://github.com/python/cpython/commit/4ce27904b597c77d74dd93f2c912676021a99155 (3.14 branch)", "https://github.com/python/cpython/commit/5a4c4a033a4a54481be6870aa1896fad732555b5", "https://github.com/python/cpython/commit/5a4c4a033a4a54481be6870aa1896fad732555b5 (main)", "https://github.com/python/cpython/commit/5dc101675fd22918facbbe0fecdc821502beaaf0", "https://github.com/python/cpython/commit/afc40bdd3dd71f343fd9016f6d8eebbacbd6587c", "https://github.com/python/cpython/issues/119451", "https://github.com/python/cpython/pull/119454", "https://linux.oracle.com/cve/CVE-2025-13836.html", "https://linux.oracle.com/errata/ELSA-2026-2419.html", "https://mail.python.org/archives/list/security-announce@python.org/thread/OQ6G7MKRQIS3OAREC3HNG3D2DPOU34XO/", "https://nvd.nist.gov/vuln/detail/CVE-2025-13836", "https://ubuntu.com/security/notices/USN-7951-1", "https://www.cve.org/CVERecord?id=CVE-2025-13836" ], "PublishedDate": "2025-12-01T18:16:04.2Z", "LastModifiedDate": "2026-02-10T19:58:12.13Z" }, { "VulnerabilityID": "CVE-2025-13837", "PkgID": "libpython3.10@3.10.12-1~22.04.12", "PkgName": "libpython3.10", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libpython3.10@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "fe1d28ec2a99619a", "BOMRef": "pkg:deb/ubuntu/libpython3.10@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.14", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-13837", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:35022020ab9b80f67c5421af99c62e8f581d23b8490ed9bea45b46a3291c7890", "Title": "cpython: Out-of-memory when loading Plist", "Description": "When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "amazon": 2, "azure": 1, "bitnami": 1, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N", "V40Score": 2.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-13837", "https://github.com/python/cpython/commit/568342cfc8f002d9a15f30238f26b9d2e0e79036", "https://github.com/python/cpython/commit/5a8b19677d818fb41ee55f310233772e15aa1a2b", "https://github.com/python/cpython/commit/694922cf40aa3a28f898b5f5ee08b71b4922df70", "https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba", "https://github.com/python/cpython/commit/b64441e4852383645af5b435411a6f849dd1b4cb", "https://github.com/python/cpython/commit/cefee7d118a26ef6cd43db59bb9d98ca9a331111", "https://github.com/python/cpython/issues/119342", "https://github.com/python/cpython/pull/119343", "https://mail.python.org/archives/list/security-announce@python.org/thread/2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C/", "https://nvd.nist.gov/vuln/detail/CVE-2025-13837", "https://ubuntu.com/security/notices/USN-8018-1", "https://www.cve.org/CVERecord?id=CVE-2025-13837" ], "PublishedDate": "2025-12-01T18:16:04.38Z", "LastModifiedDate": "2026-03-03T15:16:14.483Z" }, { "VulnerabilityID": "CVE-2025-15282", "PkgID": "libpython3.10@3.10.12-1~22.04.12", "PkgName": "libpython3.10", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libpython3.10@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "fe1d28ec2a99619a", "BOMRef": "pkg:deb/ubuntu/libpython3.10@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.14", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15282", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:54c53dc0e0fcb99871ee4fbdf21880ab469d81abfb101f57f82ce342e7a96e37", "Title": "cpython: Header injection via newlines in data URL mediatype in Python", "Description": "User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.", "Severity": "MEDIUM", "CweIDs": [ "CWE-93" ], "VendorSeverity": { "amazon": 2, "bitnami": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N", "V40Score": 6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "V3Score": 4.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-15282", "https://github.com/python/cpython/commit/05356b1cc153108aaf27f3b72ce438af4aa218c0", "https://github.com/python/cpython/commit/34d76b00dabde81a793bd06dd8ecb057838c4b38", "https://github.com/python/cpython/commit/3f396ca9d7bbe2a50ea6b8c9b27c0082884d9f80", "https://github.com/python/cpython/commit/4ed11d3cd288e6b90196a15c5a825a45d318fe47", "https://github.com/python/cpython/commit/a35ca3be5842505dab74dc0b90b89cde0405017a", "https://github.com/python/cpython/commit/f25509e78e8be6ea73c811ac2b8c928c28841b9f", "https://github.com/python/cpython/issues/143925", "https://github.com/python/cpython/pull/143926", "https://mail.python.org/archives/list/security-announce@python.org/thread/X66HL7SISGJT33J53OHXMZT4DFLMHVKF/", "https://nvd.nist.gov/vuln/detail/CVE-2025-15282", "https://ubuntu.com/security/notices/USN-8018-1", "https://ubuntu.com/security/notices/USN-8018-3", "https://www.cve.org/CVERecord?id=CVE-2025-15282" ], "PublishedDate": "2026-01-20T22:15:50.883Z", "LastModifiedDate": "2026-01-26T15:16:06.62Z" }, { "VulnerabilityID": "CVE-2026-0672", "PkgID": "libpython3.10@3.10.12-1~22.04.12", "PkgName": "libpython3.10", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libpython3.10@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "fe1d28ec2a99619a", "BOMRef": "pkg:deb/ubuntu/libpython3.10@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.14", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-0672", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:488c1c3e245347ab72333d1d59f393afefeddc4a35995566811592992ec60ddc", "Title": "cpython: Header injection in http.cookies.Morsel in Python", "Description": "When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.", "Severity": "MEDIUM", "CweIDs": [ "CWE-93" ], "VendorSeverity": { "amazon": 2, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "V3Score": 4.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-0672", "https://github.com/python/cpython/commit/62700107418eb2cca3fc88da036a243ea975f172", "https://github.com/python/cpython/commit/712452e6f1d4b9f7f8c4c92ebfcaac1705faa440", "https://github.com/python/cpython/commit/7852d72b653fea0199acf5fc2a84f6f8b84eba8d", "https://github.com/python/cpython/commit/918387e4912d12ffc166c8f2a38df92b6ec756ca", "https://github.com/python/cpython/commit/95746b3a13a985787ef53b977129041971ed7f70", "https://github.com/python/cpython/commit/b1869ff648bbee0717221d09e6deff46617f3e85", "https://github.com/python/cpython/issues/143919", "https://github.com/python/cpython/pull/143920", "https://mail.python.org/archives/list/security-announce@python.org/thread/6VFLQQEIX673KXKFUZXCUNE5AZOGZ45M/", "https://nvd.nist.gov/vuln/detail/CVE-2026-0672", "https://ubuntu.com/security/notices/USN-8018-1", "https://ubuntu.com/security/notices/USN-8018-3", "https://www.cve.org/CVERecord?id=CVE-2026-0672" ], "PublishedDate": "2026-01-20T22:15:52.68Z", "LastModifiedDate": "2026-01-26T15:16:07.033Z" }, { "VulnerabilityID": "CVE-2026-0865", "PkgID": "libpython3.10@3.10.12-1~22.04.12", "PkgName": "libpython3.10", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libpython3.10@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "fe1d28ec2a99619a", "BOMRef": "pkg:deb/ubuntu/libpython3.10@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.14", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-0865", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:39ecc4d0b15ff13d3cafc8e419db7ebc3b5243522c1354001cd6915e093f04ad", "Title": "cpython: wsgiref.headers.Headers allows header newline injection in Python", "Description": "User-controlled header names and values containing newlines can allow injecting HTTP headers.", "Severity": "MEDIUM", "CweIDs": [ "CWE-74" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "V3Score": 4.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4168", "https://access.redhat.com/security/cve/CVE-2026-0865", "https://bugzilla.redhat.com/2431368", "https://bugzilla.redhat.com/2431373", "https://bugzilla.redhat.com/2432437", "https://bugzilla.redhat.com/show_bug.cgi?id=2431367", "https://bugzilla.redhat.com/show_bug.cgi?id=2431368", "https://bugzilla.redhat.com/show_bug.cgi?id=2431373", "https://bugzilla.redhat.com/show_bug.cgi?id=2432437", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15366", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15367", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0865", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1299", "https://errata.almalinux.org/9/ALSA-2026-4168.html", "https://errata.rockylinux.org/RLSA-2026:4168", "https://github.com/python/cpython/commit/22e4d55285cee52bc4dbe061324e5f30bd4dee58", "https://github.com/python/cpython/commit/23e3c0ae867cca0130e441e776c9955b9027c510", "https://github.com/python/cpython/commit/286e3ac39984fe85a17f4ab39c64d382137aae5f", "https://github.com/python/cpython/commit/2f840249550e082dc351743f474ba56da10478d2", "https://github.com/python/cpython/commit/4802b96a2cde58570c24c13ef3289490980961c5", "https://github.com/python/cpython/commit/66da7bf6fe7b81e3ecc9c0a25bd47d4616c8d1a6", "https://github.com/python/cpython/commit/83ecd18779f286d872f68bfce175651e407d9fff", "https://github.com/python/cpython/commit/8bb044d29310bb05d15086cdaa8bf64867d61a97", "https://github.com/python/cpython/commit/bfba660085767f8c2d582134e9d511a85eda04cf", "https://github.com/python/cpython/commit/c592227ffb48679af9845a45dbb0875d975bb219", "https://github.com/python/cpython/commit/e4846a93ac07a8ae9aa18203af0dd13d6e7a6995", "https://github.com/python/cpython/commit/f7fceed79ca1bceae8dbe5ba5bc8928564da7211", "https://github.com/python/cpython/issues/143916", "https://github.com/python/cpython/pull/143917", "https://linux.oracle.com/cve/CVE-2026-0865.html", "https://linux.oracle.com/errata/ELSA-2026-4713.html", "https://mail.python.org/archives/list/security-announce@python.org/thread/BJ6QPHNSHJTS3A7CFV6IBMCAP2DWRVNT/", "https://nvd.nist.gov/vuln/detail/CVE-2026-0865", "https://ubuntu.com/security/notices/USN-8018-1", "https://ubuntu.com/security/notices/USN-8018-3", "https://www.cve.org/CVERecord?id=CVE-2026-0865" ], "PublishedDate": "2026-01-20T22:15:52.8Z", "LastModifiedDate": "2026-03-03T15:16:17.59Z" }, { "VulnerabilityID": "CVE-2025-11468", "PkgID": "libpython3.10-dev@3.10.12-1~22.04.12", "PkgName": "libpython3.10-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libpython3.10-dev@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "e71f1684ad22b590", "BOMRef": "pkg:deb/ubuntu/libpython3.10-dev@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.14", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11468", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0e2f62c7f35ed257ba56daa7604dc76e9b38f522faad75272e101db00c67965b", "Title": "cpython: Missing character filtering in Python", "Description": "When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized.", "Severity": "MEDIUM", "CweIDs": [ "CWE-93" ], "VendorSeverity": { "amazon": 2, "azure": 2, "bitnami": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 5.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "V3Score": 4.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11468", "https://github.com/python/cpython/commit/003b8315669b9f08b1010a49071f73f15f818094", "https://github.com/python/cpython/commit/17d1490aa97bd6b98a42b1a9b324ead84e7fd8a2", "https://github.com/python/cpython/commit/61614a5e5056e4f61ced65008d4576f3df34acb6", "https://github.com/python/cpython/commit/a76e4cd62dd68e7cbe86e37e6ed988495a646b66", "https://github.com/python/cpython/commit/e9970f077240c7c670e8a6fc6662f2b30d3b6ad0", "https://github.com/python/cpython/commit/f738386838021c762efea6c9802c82de65e87796", "https://github.com/python/cpython/issues/143935", "https://github.com/python/cpython/pull/143936", "https://mail.python.org/archives/list/security-announce@python.org/thread/FELSEOLBI2QR6YLG6Q7VYF7FWSGQTKLI/", "https://nvd.nist.gov/vuln/detail/CVE-2025-11468", "https://ubuntu.com/security/notices/USN-8018-1", "https://www.cve.org/CVERecord?id=CVE-2025-11468" ], "PublishedDate": "2026-01-20T22:15:50.69Z", "LastModifiedDate": "2026-03-03T15:16:13.803Z" }, { "VulnerabilityID": "CVE-2025-12084", "PkgID": "libpython3.10-dev@3.10.12-1~22.04.12", "PkgName": "libpython3.10-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libpython3.10-dev@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "e71f1684ad22b590", "BOMRef": "pkg:deb/ubuntu/libpython3.10-dev@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.14", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-12084", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f266a23d827579130cc95ae6ac30ad20176776111846eb21ebcd09921b56f96c", "Title": "cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service", "Description": "When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.", "Severity": "MEDIUM", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "V40Score": 6.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1478", "https://access.redhat.com/security/cve/CVE-2025-12084", "https://bugzilla.redhat.com/2418655", "https://bugzilla.redhat.com/show_bug.cgi?id=2418655", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12084", "https://errata.almalinux.org/9/ALSA-2026-1478.html", "https://errata.rockylinux.org/RLSA-2026:1478", "https://github.com/python/cpython/commit/027f21e417b26eed4505ac2db101a4352b7c51a0", "https://github.com/python/cpython/commit/08d8e18ad81cd45bc4a27d6da478b51ea49486e4", "https://github.com/python/cpython/commit/27648a1818749ef44c420afe6173af6868715437", "https://github.com/python/cpython/commit/41f468786762348960486c166833a218a0a436af", "https://github.com/python/cpython/commit/57937a8e5e293f0dcba5115f7b7a11b1e0c9a273", "https://github.com/python/cpython/commit/8d2d7bb2e754f8649a68ce4116271a4932f76907", "https://github.com/python/cpython/commit/9c9dda6625a2a90d2a06c657eee021d6be19842d", "https://github.com/python/cpython/commit/a46c10ec9d4050ab67b8a932e0859a2ea60c3cb8", "https://github.com/python/cpython/commit/a696ba8b4d42fd632afc9bc88ad830a2e4cceed8", "https://github.com/python/cpython/commit/c97e87593063d84a2bd9fe7068b30eb44de23dc0", "https://github.com/python/cpython/commit/ddcd2acd85d891a53e281c773b3093f9db953964", "https://github.com/python/cpython/commit/e91c11449cad34bac3ea55ee09ca557691d92b53", "https://github.com/python/cpython/issues/142145", "https://github.com/python/cpython/pull/142146", "https://linux.oracle.com/cve/CVE-2025-12084.html", "https://linux.oracle.com/errata/ELSA-2026-2713.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-12084", "https://ubuntu.com/security/notices/USN-8018-1", "https://ubuntu.com/security/notices/USN-8018-3", "https://www.cve.org/CVERecord?id=CVE-2025-12084" ], "PublishedDate": "2025-12-03T19:15:55.05Z", "LastModifiedDate": "2026-01-26T15:16:05.95Z" }, { "VulnerabilityID": "CVE-2025-13836", "PkgID": "libpython3.10-dev@3.10.12-1~22.04.12", "PkgName": "libpython3.10-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libpython3.10-dev@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "e71f1684ad22b590", "BOMRef": "pkg:deb/ubuntu/libpython3.10-dev@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.13", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-13836", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f218b625db8d9410cf33bb2eb9a9970e68731886c5026ba6b648e1950f56cf54", "Title": "cpython: Excessive read buffering DoS in http.client", "Description": "When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "bitnami": 2, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L", "V40Score": 6.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "V3Score": 6.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1410", "https://access.redhat.com/security/cve/CVE-2025-13836", "https://bugzilla.redhat.com/2418078", "https://bugzilla.redhat.com/2418655", "https://bugzilla.redhat.com/show_bug.cgi?id=2418078", "https://bugzilla.redhat.com/show_bug.cgi?id=2418655", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12084", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13836", "https://errata.almalinux.org/9/ALSA-2026-1410.html", "https://errata.rockylinux.org/RLSA-2026:1410", "https://github.com/python/cpython/commit/14b1fdb0a94b96f86fc7b86671ea9582b8676628", "https://github.com/python/cpython/commit/289f29b0fe38baf2d7cb5854f4bb573cc34a6a15", "https://github.com/python/cpython/commit/4ce27904b597c77d74dd93f2c912676021a99155", "https://github.com/python/cpython/commit/4ce27904b597c77d74dd93f2c912676021a99155 (3.14 branch)", "https://github.com/python/cpython/commit/5a4c4a033a4a54481be6870aa1896fad732555b5", "https://github.com/python/cpython/commit/5a4c4a033a4a54481be6870aa1896fad732555b5 (main)", "https://github.com/python/cpython/commit/5dc101675fd22918facbbe0fecdc821502beaaf0", "https://github.com/python/cpython/commit/afc40bdd3dd71f343fd9016f6d8eebbacbd6587c", "https://github.com/python/cpython/issues/119451", "https://github.com/python/cpython/pull/119454", "https://linux.oracle.com/cve/CVE-2025-13836.html", "https://linux.oracle.com/errata/ELSA-2026-2419.html", "https://mail.python.org/archives/list/security-announce@python.org/thread/OQ6G7MKRQIS3OAREC3HNG3D2DPOU34XO/", "https://nvd.nist.gov/vuln/detail/CVE-2025-13836", "https://ubuntu.com/security/notices/USN-7951-1", "https://www.cve.org/CVERecord?id=CVE-2025-13836" ], "PublishedDate": "2025-12-01T18:16:04.2Z", "LastModifiedDate": "2026-02-10T19:58:12.13Z" }, { "VulnerabilityID": "CVE-2025-13837", "PkgID": "libpython3.10-dev@3.10.12-1~22.04.12", "PkgName": "libpython3.10-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libpython3.10-dev@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "e71f1684ad22b590", "BOMRef": "pkg:deb/ubuntu/libpython3.10-dev@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.14", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-13837", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:891ae7f883e207212dc2f6374646db8f6f0b8d1c6493857e6c5e2f4c2880a0bd", "Title": "cpython: Out-of-memory when loading Plist", "Description": "When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "amazon": 2, "azure": 1, "bitnami": 1, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N", "V40Score": 2.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-13837", "https://github.com/python/cpython/commit/568342cfc8f002d9a15f30238f26b9d2e0e79036", "https://github.com/python/cpython/commit/5a8b19677d818fb41ee55f310233772e15aa1a2b", "https://github.com/python/cpython/commit/694922cf40aa3a28f898b5f5ee08b71b4922df70", "https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba", "https://github.com/python/cpython/commit/b64441e4852383645af5b435411a6f849dd1b4cb", "https://github.com/python/cpython/commit/cefee7d118a26ef6cd43db59bb9d98ca9a331111", "https://github.com/python/cpython/issues/119342", "https://github.com/python/cpython/pull/119343", "https://mail.python.org/archives/list/security-announce@python.org/thread/2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C/", "https://nvd.nist.gov/vuln/detail/CVE-2025-13837", "https://ubuntu.com/security/notices/USN-8018-1", "https://www.cve.org/CVERecord?id=CVE-2025-13837" ], "PublishedDate": "2025-12-01T18:16:04.38Z", "LastModifiedDate": "2026-03-03T15:16:14.483Z" }, { "VulnerabilityID": "CVE-2025-15282", "PkgID": "libpython3.10-dev@3.10.12-1~22.04.12", "PkgName": "libpython3.10-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libpython3.10-dev@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "e71f1684ad22b590", "BOMRef": "pkg:deb/ubuntu/libpython3.10-dev@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.14", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15282", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5e02a88550b1c5baedd9b73b641d4952fb8a0b70f57697564f2db2119d1049ff", "Title": "cpython: Header injection via newlines in data URL mediatype in Python", "Description": "User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.", "Severity": "MEDIUM", "CweIDs": [ "CWE-93" ], "VendorSeverity": { "amazon": 2, "bitnami": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N", "V40Score": 6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "V3Score": 4.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-15282", "https://github.com/python/cpython/commit/05356b1cc153108aaf27f3b72ce438af4aa218c0", "https://github.com/python/cpython/commit/34d76b00dabde81a793bd06dd8ecb057838c4b38", "https://github.com/python/cpython/commit/3f396ca9d7bbe2a50ea6b8c9b27c0082884d9f80", "https://github.com/python/cpython/commit/4ed11d3cd288e6b90196a15c5a825a45d318fe47", "https://github.com/python/cpython/commit/a35ca3be5842505dab74dc0b90b89cde0405017a", "https://github.com/python/cpython/commit/f25509e78e8be6ea73c811ac2b8c928c28841b9f", "https://github.com/python/cpython/issues/143925", "https://github.com/python/cpython/pull/143926", "https://mail.python.org/archives/list/security-announce@python.org/thread/X66HL7SISGJT33J53OHXMZT4DFLMHVKF/", "https://nvd.nist.gov/vuln/detail/CVE-2025-15282", "https://ubuntu.com/security/notices/USN-8018-1", "https://ubuntu.com/security/notices/USN-8018-3", "https://www.cve.org/CVERecord?id=CVE-2025-15282" ], "PublishedDate": "2026-01-20T22:15:50.883Z", "LastModifiedDate": "2026-01-26T15:16:06.62Z" }, { "VulnerabilityID": "CVE-2026-0672", "PkgID": "libpython3.10-dev@3.10.12-1~22.04.12", "PkgName": "libpython3.10-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libpython3.10-dev@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "e71f1684ad22b590", "BOMRef": "pkg:deb/ubuntu/libpython3.10-dev@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.14", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-0672", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:75f1214b22f6896ad76c166d2d7657271bdfb7c343f3893b494f8b00a52eb34d", "Title": "cpython: Header injection in http.cookies.Morsel in Python", "Description": "When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.", "Severity": "MEDIUM", "CweIDs": [ "CWE-93" ], "VendorSeverity": { "amazon": 2, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "V3Score": 4.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-0672", "https://github.com/python/cpython/commit/62700107418eb2cca3fc88da036a243ea975f172", "https://github.com/python/cpython/commit/712452e6f1d4b9f7f8c4c92ebfcaac1705faa440", "https://github.com/python/cpython/commit/7852d72b653fea0199acf5fc2a84f6f8b84eba8d", "https://github.com/python/cpython/commit/918387e4912d12ffc166c8f2a38df92b6ec756ca", "https://github.com/python/cpython/commit/95746b3a13a985787ef53b977129041971ed7f70", "https://github.com/python/cpython/commit/b1869ff648bbee0717221d09e6deff46617f3e85", "https://github.com/python/cpython/issues/143919", "https://github.com/python/cpython/pull/143920", "https://mail.python.org/archives/list/security-announce@python.org/thread/6VFLQQEIX673KXKFUZXCUNE5AZOGZ45M/", "https://nvd.nist.gov/vuln/detail/CVE-2026-0672", "https://ubuntu.com/security/notices/USN-8018-1", "https://ubuntu.com/security/notices/USN-8018-3", "https://www.cve.org/CVERecord?id=CVE-2026-0672" ], "PublishedDate": "2026-01-20T22:15:52.68Z", "LastModifiedDate": "2026-01-26T15:16:07.033Z" }, { "VulnerabilityID": "CVE-2026-0865", "PkgID": "libpython3.10-dev@3.10.12-1~22.04.12", "PkgName": "libpython3.10-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libpython3.10-dev@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "e71f1684ad22b590", "BOMRef": "pkg:deb/ubuntu/libpython3.10-dev@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.14", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-0865", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:54fc1c7ea9cfebf89bb65e69f300a9e90a38a33526c729a5c4cfe275583f6bb7", "Title": "cpython: wsgiref.headers.Headers allows header newline injection in Python", "Description": "User-controlled header names and values containing newlines can allow injecting HTTP headers.", "Severity": "MEDIUM", "CweIDs": [ "CWE-74" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "V3Score": 4.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4168", "https://access.redhat.com/security/cve/CVE-2026-0865", "https://bugzilla.redhat.com/2431368", "https://bugzilla.redhat.com/2431373", "https://bugzilla.redhat.com/2432437", "https://bugzilla.redhat.com/show_bug.cgi?id=2431367", "https://bugzilla.redhat.com/show_bug.cgi?id=2431368", "https://bugzilla.redhat.com/show_bug.cgi?id=2431373", "https://bugzilla.redhat.com/show_bug.cgi?id=2432437", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15366", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15367", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0865", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1299", "https://errata.almalinux.org/9/ALSA-2026-4168.html", "https://errata.rockylinux.org/RLSA-2026:4168", "https://github.com/python/cpython/commit/22e4d55285cee52bc4dbe061324e5f30bd4dee58", "https://github.com/python/cpython/commit/23e3c0ae867cca0130e441e776c9955b9027c510", "https://github.com/python/cpython/commit/286e3ac39984fe85a17f4ab39c64d382137aae5f", "https://github.com/python/cpython/commit/2f840249550e082dc351743f474ba56da10478d2", "https://github.com/python/cpython/commit/4802b96a2cde58570c24c13ef3289490980961c5", "https://github.com/python/cpython/commit/66da7bf6fe7b81e3ecc9c0a25bd47d4616c8d1a6", "https://github.com/python/cpython/commit/83ecd18779f286d872f68bfce175651e407d9fff", "https://github.com/python/cpython/commit/8bb044d29310bb05d15086cdaa8bf64867d61a97", "https://github.com/python/cpython/commit/bfba660085767f8c2d582134e9d511a85eda04cf", "https://github.com/python/cpython/commit/c592227ffb48679af9845a45dbb0875d975bb219", "https://github.com/python/cpython/commit/e4846a93ac07a8ae9aa18203af0dd13d6e7a6995", "https://github.com/python/cpython/commit/f7fceed79ca1bceae8dbe5ba5bc8928564da7211", "https://github.com/python/cpython/issues/143916", "https://github.com/python/cpython/pull/143917", "https://linux.oracle.com/cve/CVE-2026-0865.html", "https://linux.oracle.com/errata/ELSA-2026-4713.html", "https://mail.python.org/archives/list/security-announce@python.org/thread/BJ6QPHNSHJTS3A7CFV6IBMCAP2DWRVNT/", "https://nvd.nist.gov/vuln/detail/CVE-2026-0865", "https://ubuntu.com/security/notices/USN-8018-1", "https://ubuntu.com/security/notices/USN-8018-3", "https://www.cve.org/CVERecord?id=CVE-2026-0865" ], "PublishedDate": "2026-01-20T22:15:52.8Z", "LastModifiedDate": "2026-03-03T15:16:17.59Z" }, { "VulnerabilityID": "CVE-2025-11468", "PkgID": "libpython3.10-minimal@3.10.12-1~22.04.12", "PkgName": "libpython3.10-minimal", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libpython3.10-minimal@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "a210faf17c531943", "BOMRef": "pkg:deb/ubuntu/libpython3.10-minimal@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.14", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11468", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e0f96134a58a74545bcd199e71dbb7663659e4f9870d53afced1db797bc85dde", "Title": "cpython: Missing character filtering in Python", "Description": "When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized.", "Severity": "MEDIUM", "CweIDs": [ "CWE-93" ], "VendorSeverity": { "amazon": 2, "azure": 2, "bitnami": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 5.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "V3Score": 4.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11468", "https://github.com/python/cpython/commit/003b8315669b9f08b1010a49071f73f15f818094", "https://github.com/python/cpython/commit/17d1490aa97bd6b98a42b1a9b324ead84e7fd8a2", "https://github.com/python/cpython/commit/61614a5e5056e4f61ced65008d4576f3df34acb6", "https://github.com/python/cpython/commit/a76e4cd62dd68e7cbe86e37e6ed988495a646b66", "https://github.com/python/cpython/commit/e9970f077240c7c670e8a6fc6662f2b30d3b6ad0", "https://github.com/python/cpython/commit/f738386838021c762efea6c9802c82de65e87796", "https://github.com/python/cpython/issues/143935", "https://github.com/python/cpython/pull/143936", "https://mail.python.org/archives/list/security-announce@python.org/thread/FELSEOLBI2QR6YLG6Q7VYF7FWSGQTKLI/", "https://nvd.nist.gov/vuln/detail/CVE-2025-11468", "https://ubuntu.com/security/notices/USN-8018-1", "https://www.cve.org/CVERecord?id=CVE-2025-11468" ], "PublishedDate": "2026-01-20T22:15:50.69Z", "LastModifiedDate": "2026-03-03T15:16:13.803Z" }, { "VulnerabilityID": "CVE-2025-12084", "PkgID": "libpython3.10-minimal@3.10.12-1~22.04.12", "PkgName": "libpython3.10-minimal", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libpython3.10-minimal@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "a210faf17c531943", "BOMRef": "pkg:deb/ubuntu/libpython3.10-minimal@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.14", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-12084", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:370fc71f3a7061769a97b205f9283bf915e5903454a0d211de192e301e8d5447", "Title": "cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service", "Description": "When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.", "Severity": "MEDIUM", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "V40Score": 6.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1478", "https://access.redhat.com/security/cve/CVE-2025-12084", "https://bugzilla.redhat.com/2418655", "https://bugzilla.redhat.com/show_bug.cgi?id=2418655", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12084", "https://errata.almalinux.org/9/ALSA-2026-1478.html", "https://errata.rockylinux.org/RLSA-2026:1478", "https://github.com/python/cpython/commit/027f21e417b26eed4505ac2db101a4352b7c51a0", "https://github.com/python/cpython/commit/08d8e18ad81cd45bc4a27d6da478b51ea49486e4", "https://github.com/python/cpython/commit/27648a1818749ef44c420afe6173af6868715437", "https://github.com/python/cpython/commit/41f468786762348960486c166833a218a0a436af", "https://github.com/python/cpython/commit/57937a8e5e293f0dcba5115f7b7a11b1e0c9a273", "https://github.com/python/cpython/commit/8d2d7bb2e754f8649a68ce4116271a4932f76907", "https://github.com/python/cpython/commit/9c9dda6625a2a90d2a06c657eee021d6be19842d", "https://github.com/python/cpython/commit/a46c10ec9d4050ab67b8a932e0859a2ea60c3cb8", "https://github.com/python/cpython/commit/a696ba8b4d42fd632afc9bc88ad830a2e4cceed8", "https://github.com/python/cpython/commit/c97e87593063d84a2bd9fe7068b30eb44de23dc0", "https://github.com/python/cpython/commit/ddcd2acd85d891a53e281c773b3093f9db953964", "https://github.com/python/cpython/commit/e91c11449cad34bac3ea55ee09ca557691d92b53", "https://github.com/python/cpython/issues/142145", "https://github.com/python/cpython/pull/142146", "https://linux.oracle.com/cve/CVE-2025-12084.html", "https://linux.oracle.com/errata/ELSA-2026-2713.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-12084", "https://ubuntu.com/security/notices/USN-8018-1", "https://ubuntu.com/security/notices/USN-8018-3", "https://www.cve.org/CVERecord?id=CVE-2025-12084" ], "PublishedDate": "2025-12-03T19:15:55.05Z", "LastModifiedDate": "2026-01-26T15:16:05.95Z" }, { "VulnerabilityID": "CVE-2025-13836", "PkgID": "libpython3.10-minimal@3.10.12-1~22.04.12", "PkgName": "libpython3.10-minimal", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libpython3.10-minimal@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "a210faf17c531943", "BOMRef": "pkg:deb/ubuntu/libpython3.10-minimal@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.13", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-13836", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a5f557cba0d3e470f314e4531e070b7b0ec24e86f9a0e689b68c691bc28e2597", "Title": "cpython: Excessive read buffering DoS in http.client", "Description": "When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "bitnami": 2, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L", "V40Score": 6.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "V3Score": 6.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1410", "https://access.redhat.com/security/cve/CVE-2025-13836", "https://bugzilla.redhat.com/2418078", "https://bugzilla.redhat.com/2418655", "https://bugzilla.redhat.com/show_bug.cgi?id=2418078", "https://bugzilla.redhat.com/show_bug.cgi?id=2418655", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12084", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13836", "https://errata.almalinux.org/9/ALSA-2026-1410.html", "https://errata.rockylinux.org/RLSA-2026:1410", "https://github.com/python/cpython/commit/14b1fdb0a94b96f86fc7b86671ea9582b8676628", "https://github.com/python/cpython/commit/289f29b0fe38baf2d7cb5854f4bb573cc34a6a15", "https://github.com/python/cpython/commit/4ce27904b597c77d74dd93f2c912676021a99155", "https://github.com/python/cpython/commit/4ce27904b597c77d74dd93f2c912676021a99155 (3.14 branch)", "https://github.com/python/cpython/commit/5a4c4a033a4a54481be6870aa1896fad732555b5", "https://github.com/python/cpython/commit/5a4c4a033a4a54481be6870aa1896fad732555b5 (main)", "https://github.com/python/cpython/commit/5dc101675fd22918facbbe0fecdc821502beaaf0", "https://github.com/python/cpython/commit/afc40bdd3dd71f343fd9016f6d8eebbacbd6587c", "https://github.com/python/cpython/issues/119451", "https://github.com/python/cpython/pull/119454", "https://linux.oracle.com/cve/CVE-2025-13836.html", "https://linux.oracle.com/errata/ELSA-2026-2419.html", "https://mail.python.org/archives/list/security-announce@python.org/thread/OQ6G7MKRQIS3OAREC3HNG3D2DPOU34XO/", "https://nvd.nist.gov/vuln/detail/CVE-2025-13836", "https://ubuntu.com/security/notices/USN-7951-1", "https://www.cve.org/CVERecord?id=CVE-2025-13836" ], "PublishedDate": "2025-12-01T18:16:04.2Z", "LastModifiedDate": "2026-02-10T19:58:12.13Z" }, { "VulnerabilityID": "CVE-2025-13837", "PkgID": "libpython3.10-minimal@3.10.12-1~22.04.12", "PkgName": "libpython3.10-minimal", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libpython3.10-minimal@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "a210faf17c531943", "BOMRef": "pkg:deb/ubuntu/libpython3.10-minimal@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.14", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-13837", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:59e5fa9e60cc44a4086101f08baf74c377d139bf1697bf82fab9ea4d3744c313", "Title": "cpython: Out-of-memory when loading Plist", "Description": "When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "amazon": 2, "azure": 1, "bitnami": 1, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N", "V40Score": 2.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-13837", "https://github.com/python/cpython/commit/568342cfc8f002d9a15f30238f26b9d2e0e79036", "https://github.com/python/cpython/commit/5a8b19677d818fb41ee55f310233772e15aa1a2b", "https://github.com/python/cpython/commit/694922cf40aa3a28f898b5f5ee08b71b4922df70", "https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba", "https://github.com/python/cpython/commit/b64441e4852383645af5b435411a6f849dd1b4cb", "https://github.com/python/cpython/commit/cefee7d118a26ef6cd43db59bb9d98ca9a331111", "https://github.com/python/cpython/issues/119342", "https://github.com/python/cpython/pull/119343", "https://mail.python.org/archives/list/security-announce@python.org/thread/2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C/", "https://nvd.nist.gov/vuln/detail/CVE-2025-13837", "https://ubuntu.com/security/notices/USN-8018-1", "https://www.cve.org/CVERecord?id=CVE-2025-13837" ], "PublishedDate": "2025-12-01T18:16:04.38Z", "LastModifiedDate": "2026-03-03T15:16:14.483Z" }, { "VulnerabilityID": "CVE-2025-15282", "PkgID": "libpython3.10-minimal@3.10.12-1~22.04.12", "PkgName": "libpython3.10-minimal", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libpython3.10-minimal@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "a210faf17c531943", "BOMRef": "pkg:deb/ubuntu/libpython3.10-minimal@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.14", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15282", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b3af055d26d439b02f279e3d22bbf9eaf6901db828e0c11be42bdbcf92d59c48", "Title": "cpython: Header injection via newlines in data URL mediatype in Python", "Description": "User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.", "Severity": "MEDIUM", "CweIDs": [ "CWE-93" ], "VendorSeverity": { "amazon": 2, "bitnami": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N", "V40Score": 6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "V3Score": 4.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-15282", "https://github.com/python/cpython/commit/05356b1cc153108aaf27f3b72ce438af4aa218c0", "https://github.com/python/cpython/commit/34d76b00dabde81a793bd06dd8ecb057838c4b38", "https://github.com/python/cpython/commit/3f396ca9d7bbe2a50ea6b8c9b27c0082884d9f80", "https://github.com/python/cpython/commit/4ed11d3cd288e6b90196a15c5a825a45d318fe47", "https://github.com/python/cpython/commit/a35ca3be5842505dab74dc0b90b89cde0405017a", "https://github.com/python/cpython/commit/f25509e78e8be6ea73c811ac2b8c928c28841b9f", "https://github.com/python/cpython/issues/143925", "https://github.com/python/cpython/pull/143926", "https://mail.python.org/archives/list/security-announce@python.org/thread/X66HL7SISGJT33J53OHXMZT4DFLMHVKF/", "https://nvd.nist.gov/vuln/detail/CVE-2025-15282", "https://ubuntu.com/security/notices/USN-8018-1", "https://ubuntu.com/security/notices/USN-8018-3", "https://www.cve.org/CVERecord?id=CVE-2025-15282" ], "PublishedDate": "2026-01-20T22:15:50.883Z", "LastModifiedDate": "2026-01-26T15:16:06.62Z" }, { "VulnerabilityID": "CVE-2026-0672", "PkgID": "libpython3.10-minimal@3.10.12-1~22.04.12", "PkgName": "libpython3.10-minimal", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libpython3.10-minimal@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "a210faf17c531943", "BOMRef": "pkg:deb/ubuntu/libpython3.10-minimal@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.14", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-0672", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e79cf30ed46c21a8f9b82975d25216092f58f7216e39278fc23bc3a1b75e7a69", "Title": "cpython: Header injection in http.cookies.Morsel in Python", "Description": "When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.", "Severity": "MEDIUM", "CweIDs": [ "CWE-93" ], "VendorSeverity": { "amazon": 2, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "V3Score": 4.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-0672", "https://github.com/python/cpython/commit/62700107418eb2cca3fc88da036a243ea975f172", "https://github.com/python/cpython/commit/712452e6f1d4b9f7f8c4c92ebfcaac1705faa440", "https://github.com/python/cpython/commit/7852d72b653fea0199acf5fc2a84f6f8b84eba8d", "https://github.com/python/cpython/commit/918387e4912d12ffc166c8f2a38df92b6ec756ca", "https://github.com/python/cpython/commit/95746b3a13a985787ef53b977129041971ed7f70", "https://github.com/python/cpython/commit/b1869ff648bbee0717221d09e6deff46617f3e85", "https://github.com/python/cpython/issues/143919", "https://github.com/python/cpython/pull/143920", "https://mail.python.org/archives/list/security-announce@python.org/thread/6VFLQQEIX673KXKFUZXCUNE5AZOGZ45M/", "https://nvd.nist.gov/vuln/detail/CVE-2026-0672", "https://ubuntu.com/security/notices/USN-8018-1", "https://ubuntu.com/security/notices/USN-8018-3", "https://www.cve.org/CVERecord?id=CVE-2026-0672" ], "PublishedDate": "2026-01-20T22:15:52.68Z", "LastModifiedDate": "2026-01-26T15:16:07.033Z" }, { "VulnerabilityID": "CVE-2026-0865", "PkgID": "libpython3.10-minimal@3.10.12-1~22.04.12", "PkgName": "libpython3.10-minimal", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libpython3.10-minimal@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "a210faf17c531943", "BOMRef": "pkg:deb/ubuntu/libpython3.10-minimal@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.14", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-0865", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0849ff0b8f9b1064ab72a6ac9ee861539737978e06fbd194718fe9a507d8f232", "Title": "cpython: wsgiref.headers.Headers allows header newline injection in Python", "Description": "User-controlled header names and values containing newlines can allow injecting HTTP headers.", "Severity": "MEDIUM", "CweIDs": [ "CWE-74" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "V3Score": 4.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4168", "https://access.redhat.com/security/cve/CVE-2026-0865", "https://bugzilla.redhat.com/2431368", "https://bugzilla.redhat.com/2431373", "https://bugzilla.redhat.com/2432437", "https://bugzilla.redhat.com/show_bug.cgi?id=2431367", "https://bugzilla.redhat.com/show_bug.cgi?id=2431368", "https://bugzilla.redhat.com/show_bug.cgi?id=2431373", "https://bugzilla.redhat.com/show_bug.cgi?id=2432437", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15366", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15367", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0865", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1299", "https://errata.almalinux.org/9/ALSA-2026-4168.html", "https://errata.rockylinux.org/RLSA-2026:4168", "https://github.com/python/cpython/commit/22e4d55285cee52bc4dbe061324e5f30bd4dee58", "https://github.com/python/cpython/commit/23e3c0ae867cca0130e441e776c9955b9027c510", "https://github.com/python/cpython/commit/286e3ac39984fe85a17f4ab39c64d382137aae5f", "https://github.com/python/cpython/commit/2f840249550e082dc351743f474ba56da10478d2", "https://github.com/python/cpython/commit/4802b96a2cde58570c24c13ef3289490980961c5", "https://github.com/python/cpython/commit/66da7bf6fe7b81e3ecc9c0a25bd47d4616c8d1a6", "https://github.com/python/cpython/commit/83ecd18779f286d872f68bfce175651e407d9fff", "https://github.com/python/cpython/commit/8bb044d29310bb05d15086cdaa8bf64867d61a97", "https://github.com/python/cpython/commit/bfba660085767f8c2d582134e9d511a85eda04cf", "https://github.com/python/cpython/commit/c592227ffb48679af9845a45dbb0875d975bb219", "https://github.com/python/cpython/commit/e4846a93ac07a8ae9aa18203af0dd13d6e7a6995", "https://github.com/python/cpython/commit/f7fceed79ca1bceae8dbe5ba5bc8928564da7211", "https://github.com/python/cpython/issues/143916", "https://github.com/python/cpython/pull/143917", "https://linux.oracle.com/cve/CVE-2026-0865.html", "https://linux.oracle.com/errata/ELSA-2026-4713.html", "https://mail.python.org/archives/list/security-announce@python.org/thread/BJ6QPHNSHJTS3A7CFV6IBMCAP2DWRVNT/", "https://nvd.nist.gov/vuln/detail/CVE-2026-0865", "https://ubuntu.com/security/notices/USN-8018-1", "https://ubuntu.com/security/notices/USN-8018-3", "https://www.cve.org/CVERecord?id=CVE-2026-0865" ], "PublishedDate": "2026-01-20T22:15:52.8Z", "LastModifiedDate": "2026-03-03T15:16:17.59Z" }, { "VulnerabilityID": "CVE-2025-11468", "PkgID": "libpython3.10-stdlib@3.10.12-1~22.04.12", "PkgName": "libpython3.10-stdlib", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libpython3.10-stdlib@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "ce02806c8d6aa41e", "BOMRef": "pkg:deb/ubuntu/libpython3.10-stdlib@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.14", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11468", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b63fb3c6b35121aa363e37666130289bf8bf2ba3da81943afd9f6397e8796708", "Title": "cpython: Missing character filtering in Python", "Description": "When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized.", "Severity": "MEDIUM", "CweIDs": [ "CWE-93" ], "VendorSeverity": { "amazon": 2, "azure": 2, "bitnami": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 5.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "V3Score": 4.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11468", "https://github.com/python/cpython/commit/003b8315669b9f08b1010a49071f73f15f818094", "https://github.com/python/cpython/commit/17d1490aa97bd6b98a42b1a9b324ead84e7fd8a2", "https://github.com/python/cpython/commit/61614a5e5056e4f61ced65008d4576f3df34acb6", "https://github.com/python/cpython/commit/a76e4cd62dd68e7cbe86e37e6ed988495a646b66", "https://github.com/python/cpython/commit/e9970f077240c7c670e8a6fc6662f2b30d3b6ad0", "https://github.com/python/cpython/commit/f738386838021c762efea6c9802c82de65e87796", "https://github.com/python/cpython/issues/143935", "https://github.com/python/cpython/pull/143936", "https://mail.python.org/archives/list/security-announce@python.org/thread/FELSEOLBI2QR6YLG6Q7VYF7FWSGQTKLI/", "https://nvd.nist.gov/vuln/detail/CVE-2025-11468", "https://ubuntu.com/security/notices/USN-8018-1", "https://www.cve.org/CVERecord?id=CVE-2025-11468" ], "PublishedDate": "2026-01-20T22:15:50.69Z", "LastModifiedDate": "2026-03-03T15:16:13.803Z" }, { "VulnerabilityID": "CVE-2025-12084", "PkgID": "libpython3.10-stdlib@3.10.12-1~22.04.12", "PkgName": "libpython3.10-stdlib", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libpython3.10-stdlib@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "ce02806c8d6aa41e", "BOMRef": "pkg:deb/ubuntu/libpython3.10-stdlib@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.14", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-12084", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:accc357bb8a326fdd98b3f2a18f44c63bee11cca641dfd4410e4fa32e1f004b7", "Title": "cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service", "Description": "When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.", "Severity": "MEDIUM", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "V40Score": 6.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1478", "https://access.redhat.com/security/cve/CVE-2025-12084", "https://bugzilla.redhat.com/2418655", "https://bugzilla.redhat.com/show_bug.cgi?id=2418655", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12084", "https://errata.almalinux.org/9/ALSA-2026-1478.html", "https://errata.rockylinux.org/RLSA-2026:1478", "https://github.com/python/cpython/commit/027f21e417b26eed4505ac2db101a4352b7c51a0", "https://github.com/python/cpython/commit/08d8e18ad81cd45bc4a27d6da478b51ea49486e4", "https://github.com/python/cpython/commit/27648a1818749ef44c420afe6173af6868715437", "https://github.com/python/cpython/commit/41f468786762348960486c166833a218a0a436af", "https://github.com/python/cpython/commit/57937a8e5e293f0dcba5115f7b7a11b1e0c9a273", "https://github.com/python/cpython/commit/8d2d7bb2e754f8649a68ce4116271a4932f76907", "https://github.com/python/cpython/commit/9c9dda6625a2a90d2a06c657eee021d6be19842d", "https://github.com/python/cpython/commit/a46c10ec9d4050ab67b8a932e0859a2ea60c3cb8", "https://github.com/python/cpython/commit/a696ba8b4d42fd632afc9bc88ad830a2e4cceed8", "https://github.com/python/cpython/commit/c97e87593063d84a2bd9fe7068b30eb44de23dc0", "https://github.com/python/cpython/commit/ddcd2acd85d891a53e281c773b3093f9db953964", "https://github.com/python/cpython/commit/e91c11449cad34bac3ea55ee09ca557691d92b53", "https://github.com/python/cpython/issues/142145", "https://github.com/python/cpython/pull/142146", "https://linux.oracle.com/cve/CVE-2025-12084.html", "https://linux.oracle.com/errata/ELSA-2026-2713.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-12084", "https://ubuntu.com/security/notices/USN-8018-1", "https://ubuntu.com/security/notices/USN-8018-3", "https://www.cve.org/CVERecord?id=CVE-2025-12084" ], "PublishedDate": "2025-12-03T19:15:55.05Z", "LastModifiedDate": "2026-01-26T15:16:05.95Z" }, { "VulnerabilityID": "CVE-2025-13836", "PkgID": "libpython3.10-stdlib@3.10.12-1~22.04.12", "PkgName": "libpython3.10-stdlib", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libpython3.10-stdlib@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "ce02806c8d6aa41e", "BOMRef": "pkg:deb/ubuntu/libpython3.10-stdlib@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.13", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-13836", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e32ed2bedb73aa63d0d71149f672e9594c840b2b4efcd580803f0fbcc84b7156", "Title": "cpython: Excessive read buffering DoS in http.client", "Description": "When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "bitnami": 2, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L", "V40Score": 6.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "V3Score": 6.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1410", "https://access.redhat.com/security/cve/CVE-2025-13836", "https://bugzilla.redhat.com/2418078", "https://bugzilla.redhat.com/2418655", "https://bugzilla.redhat.com/show_bug.cgi?id=2418078", "https://bugzilla.redhat.com/show_bug.cgi?id=2418655", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12084", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13836", "https://errata.almalinux.org/9/ALSA-2026-1410.html", "https://errata.rockylinux.org/RLSA-2026:1410", "https://github.com/python/cpython/commit/14b1fdb0a94b96f86fc7b86671ea9582b8676628", "https://github.com/python/cpython/commit/289f29b0fe38baf2d7cb5854f4bb573cc34a6a15", "https://github.com/python/cpython/commit/4ce27904b597c77d74dd93f2c912676021a99155", "https://github.com/python/cpython/commit/4ce27904b597c77d74dd93f2c912676021a99155 (3.14 branch)", "https://github.com/python/cpython/commit/5a4c4a033a4a54481be6870aa1896fad732555b5", "https://github.com/python/cpython/commit/5a4c4a033a4a54481be6870aa1896fad732555b5 (main)", "https://github.com/python/cpython/commit/5dc101675fd22918facbbe0fecdc821502beaaf0", "https://github.com/python/cpython/commit/afc40bdd3dd71f343fd9016f6d8eebbacbd6587c", "https://github.com/python/cpython/issues/119451", "https://github.com/python/cpython/pull/119454", "https://linux.oracle.com/cve/CVE-2025-13836.html", "https://linux.oracle.com/errata/ELSA-2026-2419.html", "https://mail.python.org/archives/list/security-announce@python.org/thread/OQ6G7MKRQIS3OAREC3HNG3D2DPOU34XO/", "https://nvd.nist.gov/vuln/detail/CVE-2025-13836", "https://ubuntu.com/security/notices/USN-7951-1", "https://www.cve.org/CVERecord?id=CVE-2025-13836" ], "PublishedDate": "2025-12-01T18:16:04.2Z", "LastModifiedDate": "2026-02-10T19:58:12.13Z" }, { "VulnerabilityID": "CVE-2025-13837", "PkgID": "libpython3.10-stdlib@3.10.12-1~22.04.12", "PkgName": "libpython3.10-stdlib", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libpython3.10-stdlib@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "ce02806c8d6aa41e", "BOMRef": "pkg:deb/ubuntu/libpython3.10-stdlib@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.14", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-13837", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:631e33ca917d30fea10cd67c4d0667119367eda5516909ac23ba00426f7df193", "Title": "cpython: Out-of-memory when loading Plist", "Description": "When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "amazon": 2, "azure": 1, "bitnami": 1, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N", "V40Score": 2.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-13837", "https://github.com/python/cpython/commit/568342cfc8f002d9a15f30238f26b9d2e0e79036", "https://github.com/python/cpython/commit/5a8b19677d818fb41ee55f310233772e15aa1a2b", "https://github.com/python/cpython/commit/694922cf40aa3a28f898b5f5ee08b71b4922df70", "https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba", "https://github.com/python/cpython/commit/b64441e4852383645af5b435411a6f849dd1b4cb", "https://github.com/python/cpython/commit/cefee7d118a26ef6cd43db59bb9d98ca9a331111", "https://github.com/python/cpython/issues/119342", "https://github.com/python/cpython/pull/119343", "https://mail.python.org/archives/list/security-announce@python.org/thread/2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C/", "https://nvd.nist.gov/vuln/detail/CVE-2025-13837", "https://ubuntu.com/security/notices/USN-8018-1", "https://www.cve.org/CVERecord?id=CVE-2025-13837" ], "PublishedDate": "2025-12-01T18:16:04.38Z", "LastModifiedDate": "2026-03-03T15:16:14.483Z" }, { "VulnerabilityID": "CVE-2025-15282", "PkgID": "libpython3.10-stdlib@3.10.12-1~22.04.12", "PkgName": "libpython3.10-stdlib", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libpython3.10-stdlib@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "ce02806c8d6aa41e", "BOMRef": "pkg:deb/ubuntu/libpython3.10-stdlib@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.14", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15282", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:650f025a575668403199f871ca70eb1a0a186ae0380c394ff72da4b8f406002e", "Title": "cpython: Header injection via newlines in data URL mediatype in Python", "Description": "User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.", "Severity": "MEDIUM", "CweIDs": [ "CWE-93" ], "VendorSeverity": { "amazon": 2, "bitnami": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N", "V40Score": 6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "V3Score": 4.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-15282", "https://github.com/python/cpython/commit/05356b1cc153108aaf27f3b72ce438af4aa218c0", "https://github.com/python/cpython/commit/34d76b00dabde81a793bd06dd8ecb057838c4b38", "https://github.com/python/cpython/commit/3f396ca9d7bbe2a50ea6b8c9b27c0082884d9f80", "https://github.com/python/cpython/commit/4ed11d3cd288e6b90196a15c5a825a45d318fe47", "https://github.com/python/cpython/commit/a35ca3be5842505dab74dc0b90b89cde0405017a", "https://github.com/python/cpython/commit/f25509e78e8be6ea73c811ac2b8c928c28841b9f", "https://github.com/python/cpython/issues/143925", "https://github.com/python/cpython/pull/143926", "https://mail.python.org/archives/list/security-announce@python.org/thread/X66HL7SISGJT33J53OHXMZT4DFLMHVKF/", "https://nvd.nist.gov/vuln/detail/CVE-2025-15282", "https://ubuntu.com/security/notices/USN-8018-1", "https://ubuntu.com/security/notices/USN-8018-3", "https://www.cve.org/CVERecord?id=CVE-2025-15282" ], "PublishedDate": "2026-01-20T22:15:50.883Z", "LastModifiedDate": "2026-01-26T15:16:06.62Z" }, { "VulnerabilityID": "CVE-2026-0672", "PkgID": "libpython3.10-stdlib@3.10.12-1~22.04.12", "PkgName": "libpython3.10-stdlib", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libpython3.10-stdlib@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "ce02806c8d6aa41e", "BOMRef": "pkg:deb/ubuntu/libpython3.10-stdlib@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.14", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-0672", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c8abaed08a9cbfab5f6458bdbf34077b93df8f40a55b0d2694c1e984192651e7", "Title": "cpython: Header injection in http.cookies.Morsel in Python", "Description": "When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.", "Severity": "MEDIUM", "CweIDs": [ "CWE-93" ], "VendorSeverity": { "amazon": 2, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "V3Score": 4.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-0672", "https://github.com/python/cpython/commit/62700107418eb2cca3fc88da036a243ea975f172", "https://github.com/python/cpython/commit/712452e6f1d4b9f7f8c4c92ebfcaac1705faa440", "https://github.com/python/cpython/commit/7852d72b653fea0199acf5fc2a84f6f8b84eba8d", "https://github.com/python/cpython/commit/918387e4912d12ffc166c8f2a38df92b6ec756ca", "https://github.com/python/cpython/commit/95746b3a13a985787ef53b977129041971ed7f70", "https://github.com/python/cpython/commit/b1869ff648bbee0717221d09e6deff46617f3e85", "https://github.com/python/cpython/issues/143919", "https://github.com/python/cpython/pull/143920", "https://mail.python.org/archives/list/security-announce@python.org/thread/6VFLQQEIX673KXKFUZXCUNE5AZOGZ45M/", "https://nvd.nist.gov/vuln/detail/CVE-2026-0672", "https://ubuntu.com/security/notices/USN-8018-1", "https://ubuntu.com/security/notices/USN-8018-3", "https://www.cve.org/CVERecord?id=CVE-2026-0672" ], "PublishedDate": "2026-01-20T22:15:52.68Z", "LastModifiedDate": "2026-01-26T15:16:07.033Z" }, { "VulnerabilityID": "CVE-2026-0865", "PkgID": "libpython3.10-stdlib@3.10.12-1~22.04.12", "PkgName": "libpython3.10-stdlib", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libpython3.10-stdlib@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "ce02806c8d6aa41e", "BOMRef": "pkg:deb/ubuntu/libpython3.10-stdlib@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.14", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-0865", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:78db456871fb0d8ac66bbb8d74cfcd7ab6c87b58f5f16f79c704a19d6c25a813", "Title": "cpython: wsgiref.headers.Headers allows header newline injection in Python", "Description": "User-controlled header names and values containing newlines can allow injecting HTTP headers.", "Severity": "MEDIUM", "CweIDs": [ "CWE-74" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "V3Score": 4.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4168", "https://access.redhat.com/security/cve/CVE-2026-0865", "https://bugzilla.redhat.com/2431368", "https://bugzilla.redhat.com/2431373", "https://bugzilla.redhat.com/2432437", "https://bugzilla.redhat.com/show_bug.cgi?id=2431367", "https://bugzilla.redhat.com/show_bug.cgi?id=2431368", "https://bugzilla.redhat.com/show_bug.cgi?id=2431373", "https://bugzilla.redhat.com/show_bug.cgi?id=2432437", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15366", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15367", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0865", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1299", "https://errata.almalinux.org/9/ALSA-2026-4168.html", "https://errata.rockylinux.org/RLSA-2026:4168", "https://github.com/python/cpython/commit/22e4d55285cee52bc4dbe061324e5f30bd4dee58", "https://github.com/python/cpython/commit/23e3c0ae867cca0130e441e776c9955b9027c510", "https://github.com/python/cpython/commit/286e3ac39984fe85a17f4ab39c64d382137aae5f", "https://github.com/python/cpython/commit/2f840249550e082dc351743f474ba56da10478d2", "https://github.com/python/cpython/commit/4802b96a2cde58570c24c13ef3289490980961c5", "https://github.com/python/cpython/commit/66da7bf6fe7b81e3ecc9c0a25bd47d4616c8d1a6", "https://github.com/python/cpython/commit/83ecd18779f286d872f68bfce175651e407d9fff", "https://github.com/python/cpython/commit/8bb044d29310bb05d15086cdaa8bf64867d61a97", "https://github.com/python/cpython/commit/bfba660085767f8c2d582134e9d511a85eda04cf", "https://github.com/python/cpython/commit/c592227ffb48679af9845a45dbb0875d975bb219", "https://github.com/python/cpython/commit/e4846a93ac07a8ae9aa18203af0dd13d6e7a6995", "https://github.com/python/cpython/commit/f7fceed79ca1bceae8dbe5ba5bc8928564da7211", "https://github.com/python/cpython/issues/143916", "https://github.com/python/cpython/pull/143917", "https://linux.oracle.com/cve/CVE-2026-0865.html", "https://linux.oracle.com/errata/ELSA-2026-4713.html", "https://mail.python.org/archives/list/security-announce@python.org/thread/BJ6QPHNSHJTS3A7CFV6IBMCAP2DWRVNT/", "https://nvd.nist.gov/vuln/detail/CVE-2026-0865", "https://ubuntu.com/security/notices/USN-8018-1", "https://ubuntu.com/security/notices/USN-8018-3", "https://www.cve.org/CVERecord?id=CVE-2026-0865" ], "PublishedDate": "2026-01-20T22:15:52.8Z", "LastModifiedDate": "2026-03-03T15:16:17.59Z" }, { "VulnerabilityID": "CVE-2022-27943", "PkgID": "libquadmath0@12.3.0-1ubuntu1~22.04.2", "PkgName": "libquadmath0", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libquadmath0@12.3.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "9456f50ddd2bc3ab", "BOMRef": "pkg:deb/ubuntu/libquadmath0@12.3.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "12.3.0-1ubuntu1~22.04.2", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8a01213a46a550a9a3d97be1c785b1124834054d5764c3e5a1f5617756459c09", "Title": "binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const", "Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "amazon": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-27943", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead", "https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "https://sourceware.org/bugzilla/show_bug.cgi?id=28995", "https://www.cve.org/CVERecord?id=CVE-2022-27943" ], "PublishedDate": "2022-03-26T13:15:07.9Z", "LastModifiedDate": "2024-11-21T06:56:31.04Z" }, { "VulnerabilityID": "CVE-2026-0964", "PkgID": "libssh-4@0.9.6-2ubuntu0.22.04.5", "PkgName": "libssh-4", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libssh-4@0.9.6-2ubuntu0.22.04.5?arch=amd64\u0026distro=ubuntu-22.04", "UID": "b1e8152fb08c57ee", "BOMRef": "pkg:deb/ubuntu/libssh-4@0.9.6-2ubuntu0.22.04.5?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "0.9.6-2ubuntu0.22.04.5", "FixedVersion": "0.9.6-2ubuntu0.22.04.6", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-0964", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:87a18481046eff306d900ec1a859e23965b0d7e7ba272b618bced970b3635d22", "Title": "libssh: Improper sanitation of paths received from SCP servers", "Description": "A malicious SCP server can send unexpected paths that could make the\nclient application override local files outside of working directory.\nThis could be misused to create malicious executable or configuration\nfiles and make the user execute them under specific consequences.\n\nThis is the same issue as in OpenSSH, tracked as CVE-2019-6111.", "Severity": "MEDIUM", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "amazon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-0964", "https://bugzilla.redhat.com/show_bug.cgi?id=2436979", "https://nvd.nist.gov/vuln/detail/CVE-2026-0964", "https://ubuntu.com/security/notices/USN-8051-1", "https://ubuntu.com/security/notices/USN-8051-2", "https://www.cve.org/CVERecord?id=CVE-2026-0964", "https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/", "https://www.libssh.org/security/advisories/CVE-2026-0964.txt" ], "PublishedDate": "2026-03-26T21:17:00.393Z", "LastModifiedDate": "2026-03-30T13:26:50.827Z" }, { "VulnerabilityID": "CVE-2026-0967", "PkgID": "libssh-4@0.9.6-2ubuntu0.22.04.5", "PkgName": "libssh-4", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libssh-4@0.9.6-2ubuntu0.22.04.5?arch=amd64\u0026distro=ubuntu-22.04", "UID": "b1e8152fb08c57ee", "BOMRef": "pkg:deb/ubuntu/libssh-4@0.9.6-2ubuntu0.22.04.5?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "0.9.6-2ubuntu0.22.04.5", "FixedVersion": "0.9.6-2ubuntu0.22.04.6", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-0967", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ed1378d22a78171c443f0837ca32be69a0f601955b287526f22208a7bb30eda5", "Title": "libssh: libssh: Denial of Service via inefficient regular expression processing", "Description": "A flaw was found in libssh. A remote attacker, by controlling client configuration files or known_hosts files, could craft specific hostnames that when processed by the `match_pattern()` function can lead to inefficient regular expression backtracking. This can cause timeouts and resource exhaustion, resulting in a Denial of Service (DoS) for the client.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "amazon": 2, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L", "V3Score": 2.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-0967", "https://bugzilla.redhat.com/show_bug.cgi?id=2436981", "https://nvd.nist.gov/vuln/detail/CVE-2026-0967", "https://ubuntu.com/security/notices/USN-8051-1", "https://ubuntu.com/security/notices/USN-8051-2", "https://www.cve.org/CVERecord?id=CVE-2026-0967", "https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/", "https://www.libssh.org/security/advisories/CVE-2026-0967.txt" ], "PublishedDate": "2026-03-26T21:17:00.97Z", "LastModifiedDate": "2026-04-02T17:28:27.853Z" }, { "VulnerabilityID": "CVE-2026-0968", "PkgID": "libssh-4@0.9.6-2ubuntu0.22.04.5", "PkgName": "libssh-4", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libssh-4@0.9.6-2ubuntu0.22.04.5?arch=amd64\u0026distro=ubuntu-22.04", "UID": "b1e8152fb08c57ee", "BOMRef": "pkg:deb/ubuntu/libssh-4@0.9.6-2ubuntu0.22.04.5?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "0.9.6-2ubuntu0.22.04.5", "FixedVersion": "0.9.6-2ubuntu0.22.04.6", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-0968", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1e3a52e6c821049d2dceaa7116c58ba6f102d8572b0f662c997d2d92d90cd69f", "Title": "libssh: libssh: Denial of Service due to malformed SFTP message", "Description": "A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a malformed 'longname' field within an `SSH_FXP_NAME` message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can cause unexpected behavior or lead to a denial of service (DoS) due to application crashes.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 4, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-0968", "https://bugzilla.redhat.com/show_bug.cgi?id=2436982", "https://nvd.nist.gov/vuln/detail/CVE-2026-0968", "https://ubuntu.com/security/notices/USN-8051-1", "https://ubuntu.com/security/notices/USN-8051-2", "https://www.cve.org/CVERecord?id=CVE-2026-0968", "https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/", "https://www.libssh.org/security/advisories/CVE-2026-0968.txt" ], "PublishedDate": "2026-03-26T21:17:01.15Z", "LastModifiedDate": "2026-04-03T20:06:16.037Z" }, { "VulnerabilityID": "CVE-2026-3731", "PkgID": "libssh-4@0.9.6-2ubuntu0.22.04.5", "PkgName": "libssh-4", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libssh-4@0.9.6-2ubuntu0.22.04.5?arch=amd64\u0026distro=ubuntu-22.04", "UID": "b1e8152fb08c57ee", "BOMRef": "pkg:deb/ubuntu/libssh-4@0.9.6-2ubuntu0.22.04.5?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "0.9.6-2ubuntu0.22.04.5", "FixedVersion": "0.9.6-2ubuntu0.22.04.7", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3731", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:aa5d7c0a865dbd015007dd963fb9d1f29ca13ec58f806ae683b2b44613804dcf", "Title": "libssh: libssh: Denial of Service via out-of-bounds read in SFTP extension name handler", "Description": "A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftp_extensions_get_name/sftp_extensions_get_data of the file src/sftp.c of the component SFTP Extension Name Handler. Executing a manipulation of the argument idx can lead to out-of-bounds read. The attack may be performed from remote. Upgrading to version 0.11.4 and 0.12.0 is sufficient to resolve this issue. This patch is called 855a0853ad3abd4a6cd85ce06fce6d8d4c7a0b60. You should upgrade the affected component.", "Severity": "MEDIUM", "CweIDs": [ "CWE-119", "CWE-125" ], "VendorSeverity": { "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-3731", "https://gitlab.com/libssh/libssh-mirror/-/commit/855a0853ad3abd4a6cd85ce06fce6d8d4c7a0b60", "https://nvd.nist.gov/vuln/detail/CVE-2026-3731", "https://ubuntu.com/security/notices/USN-8093-1", "https://vuldb.com/?ctiid.349709", "https://vuldb.com/?id.349709", "https://vuldb.com/?submit.767120", "https://www.cve.org/CVERecord?id=CVE-2026-3731", "https://www.libssh.org/files/0.12/libssh-0.12.0.tar.xz", "https://www.libssh.org/security/advisories/libssh-2026-sftp-extensions.txt" ], "PublishedDate": "2026-03-08T11:15:50.307Z", "LastModifiedDate": "2026-03-12T19:02:31.637Z" }, { "VulnerabilityID": "CVE-2025-8277", "PkgID": "libssh-4@0.9.6-2ubuntu0.22.04.5", "PkgName": "libssh-4", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libssh-4@0.9.6-2ubuntu0.22.04.5?arch=amd64\u0026distro=ubuntu-22.04", "UID": "b1e8152fb08c57ee", "BOMRef": "pkg:deb/ubuntu/libssh-4@0.9.6-2ubuntu0.22.04.5?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "0.9.6-2ubuntu0.22.04.5", "FixedVersion": "0.9.6-2ubuntu0.22.04.6", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8277", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3f1608eba5fca5b2acc802cd12d426e08778ac961c94b14ccbca018d50b19bd5", "Title": "libssh: Memory Exhaustion via Repeated Key Exchange in libssh", "Description": "A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.", "Severity": "LOW", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "amazon": 2, "azure": 1, "cbl-mariner": 1, "redhat": 1, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-8277", "https://bugzilla.redhat.com/show_bug.cgi?id=2383888", "https://nvd.nist.gov/vuln/detail/CVE-2025-8277", "https://ubuntu.com/security/notices/USN-8051-1", "https://ubuntu.com/security/notices/USN-8051-2", "https://www.cve.org/CVERecord?id=CVE-2025-8277", "https://www.libssh.org/security/advisories/CVE-2025-8277.txt" ], "PublishedDate": "2025-09-09T12:15:30.677Z", "LastModifiedDate": "2025-09-09T16:28:43.66Z" }, { "VulnerabilityID": "CVE-2026-0965", "PkgID": "libssh-4@0.9.6-2ubuntu0.22.04.5", "PkgName": "libssh-4", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libssh-4@0.9.6-2ubuntu0.22.04.5?arch=amd64\u0026distro=ubuntu-22.04", "UID": "b1e8152fb08c57ee", "BOMRef": "pkg:deb/ubuntu/libssh-4@0.9.6-2ubuntu0.22.04.5?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "0.9.6-2ubuntu0.22.04.5", "FixedVersion": "0.9.6-2ubuntu0.22.04.6", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-0965", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:87e6f0c08c0c66d4ccfd2625961b92b083f7349d586c101a3fc581c62a96b010", "Title": "libssh: libssh: Denial of Service via improper configuration file handling", "Description": "A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service (DoS) by causing the system to try and access dangerous files, such as block devices or large system files, which can disrupt normal operations.", "Severity": "LOW", "CweIDs": [ "CWE-73" ], "VendorSeverity": { "redhat": 1, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-0965", "https://bugzilla.redhat.com/show_bug.cgi?id=2436980", "https://nvd.nist.gov/vuln/detail/CVE-2026-0965", "https://ubuntu.com/security/notices/USN-8051-1", "https://ubuntu.com/security/notices/USN-8051-2", "https://www.cve.org/CVERecord?id=CVE-2026-0965", "https://www.libssh.org/security/advisories/CVE-2026-0965.txt" ], "PublishedDate": "2026-03-26T21:17:00.607Z", "LastModifiedDate": "2026-04-02T17:33:46.463Z" }, { "VulnerabilityID": "CVE-2026-0966", "PkgID": "libssh-4@0.9.6-2ubuntu0.22.04.5", "PkgName": "libssh-4", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libssh-4@0.9.6-2ubuntu0.22.04.5?arch=amd64\u0026distro=ubuntu-22.04", "UID": "b1e8152fb08c57ee", "BOMRef": "pkg:deb/ubuntu/libssh-4@0.9.6-2ubuntu0.22.04.5?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "0.9.6-2ubuntu0.22.04.5", "FixedVersion": "0.9.6-2ubuntu0.22.04.6", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-0966", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f19ea5edd57da28c4cae7705747f3bf1be574e76d6635235442936eeafb6432a", "Title": "libssh: Buffer underflow in ssh_get_hexa() on invalid input", "Description": "The API function `ssh_get_hexa()` is vulnerable, when 0-lenght\ninput is provided to this function. This function is used internally\nin `ssh_get_fingerprint_hash()` and `ssh_print_hexa()` (deprecated),\nwhich is vulnerable to the same input (length is provided by the\ncalling application).\n\nThe function is also used internally in the gssapi code for logging\nthe OIDs received by the server during GSSAPI authentication. This\ncould be triggered remotely, when the server allows GSSAPI authentication\nand logging verbosity is set at least to SSH_LOG_PACKET (3). This\ncould cause self-DoS of the per-connection daemon process.", "Severity": "LOW", "CweIDs": [ "CWE-124" ], "VendorSeverity": { "amazon": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-0966", "https://bugzilla.redhat.com/show_bug.cgi?id=2433121", "https://nvd.nist.gov/vuln/detail/CVE-2026-0966", "https://ubuntu.com/security/notices/USN-8051-1", "https://ubuntu.com/security/notices/USN-8051-2", "https://www.cve.org/CVERecord?id=CVE-2026-0966", "https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/", "https://www.libssh.org/security/advisories/CVE-2026-0966.txt" ], "PublishedDate": "2026-03-26T21:17:00.783Z", "LastModifiedDate": "2026-03-30T13:26:50.827Z" }, { "VulnerabilityID": "CVE-2025-15467", "PkgID": "libssl3@3.0.2-0ubuntu1.20", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libssl3@3.0.2-0ubuntu1.20?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2aea00c000c281c0", "BOMRef": "pkg:deb/ubuntu/libssl3@3.0.2-0ubuntu1.20?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.0.2-0ubuntu1.20", "FixedVersion": "3.0.2-0ubuntu1.21", "Status": "fixed", "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:dd73f44c562103de6bc1ec24e4ddaa219b3bfd6d0146f7b2bd3c43d4acef198f", "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 4, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/27/10", "http://www.openwall.com/lists/oss-security/2026/02/25/6", "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-15467", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/guiimoraes/CVE-2025-15467", "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://linux.oracle.com/cve/CVE-2025-15467.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://www.cve.org/CVERecord?id=CVE-2025-15467" ], "PublishedDate": "2026-01-27T16:16:14.257Z", "LastModifiedDate": "2026-03-19T19:16:19.23Z" }, { "VulnerabilityID": "CVE-2025-68160", "PkgID": "libssl3@3.0.2-0ubuntu1.20", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libssl3@3.0.2-0ubuntu1.20?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2aea00c000c281c0", "BOMRef": "pkg:deb/ubuntu/libssl3@3.0.2-0ubuntu1.20?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.0.2-0ubuntu1.20", "FixedVersion": "3.0.2-0ubuntu1.21", "Status": "fixed", "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68160", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:80e6aa0dabbfd5d5fffde78432ae5af894b7520bca5469960d7b88f89d0ee966", "Title": "openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter", "Description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "Severity": "LOW", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "rocky": 3, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-68160", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", "https://linux.oracle.com/cve/CVE-2025-68160.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-68160" ], "PublishedDate": "2026-01-27T16:16:15.9Z", "LastModifiedDate": "2026-02-02T18:36:57.727Z" }, { "VulnerabilityID": "CVE-2025-69418", "PkgID": "libssl3@3.0.2-0ubuntu1.20", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libssl3@3.0.2-0ubuntu1.20?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2aea00c000c281c0", "BOMRef": "pkg:deb/ubuntu/libssl3@3.0.2-0ubuntu1.20?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.0.2-0ubuntu1.20", "FixedVersion": "3.0.2-0ubuntu1.21", "Status": "fixed", "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69418", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:85b300e3c56b9cea2ca90f1e3754ada4ec5008ee0b88f340a3645155afc83e97", "Title": "openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls", "Description": "Issue summary: When using the low-level OCB API directly with AES-NI or\u003cbr\u003eother hardware-accelerated code paths, inputs whose length is not a multiple\u003cbr\u003eof 16 bytes can leave the final partial block unencrypted and unauthenticated.\u003cbr\u003e\u003cbr\u003eImpact summary: The trailing 1-15 bytes of a message may be exposed in\u003cbr\u003ecleartext on encryption and are not covered by the authentication tag,\u003cbr\u003eallowing an attacker to read or tamper with those bytes without detection.\u003cbr\u003e\u003cbr\u003eThe low-level OCB encrypt and decrypt routines in the hardware-accelerated\u003cbr\u003estream path process full 16-byte blocks but do not advance the input/output\u003cbr\u003epointers. The subsequent tail-handling code then operates on the original\u003cbr\u003ebase pointers, effectively reprocessing the beginning of the buffer while\u003cbr\u003eleaving the actual trailing bytes unprocessed. The authentication checksum\u003cbr\u003ealso excludes the true tail bytes.\u003cbr\u003e\u003cbr\u003eHowever, typical OpenSSL consumers using EVP are not affected because the\u003cbr\u003ehigher-level EVP and provider OCB implementations split inputs so that full\u003cbr\u003eblocks and trailing partial blocks are processed in separate calls, avoiding\u003cbr\u003ethe problematic code path. Additionally, TLS does not use OCB ciphersuites.\u003cbr\u003eThe vulnerability only affects applications that call the low-level\u003cbr\u003eCRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with\u003cbr\u003enon-block-aligned lengths in a single call on hardware-accelerated builds.\u003cbr\u003eFor these reasons the issue was assessed as Low severity.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected\u003cbr\u003eby this issue, as OCB mode is not a FIPS-approved algorithm.\u003cbr\u003e\u003cbr\u003eOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\u003cbr\u003e\u003cbr\u003eOpenSSL 1.0.2 is not affected by this issue.", "Severity": "LOW", "CweIDs": [ "CWE-325" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "rocky": 3, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-69418", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", "https://linux.oracle.com/cve/CVE-2025-69418.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69418" ], "PublishedDate": "2026-01-27T16:16:33.253Z", "LastModifiedDate": "2026-02-02T18:36:03.557Z" }, { "VulnerabilityID": "CVE-2025-69419", "PkgID": "libssl3@3.0.2-0ubuntu1.20", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libssl3@3.0.2-0ubuntu1.20?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2aea00c000c281c0", "BOMRef": "pkg:deb/ubuntu/libssl3@3.0.2-0ubuntu1.20?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.0.2-0ubuntu1.20", "FixedVersion": "3.0.2-0ubuntu1.21", "Status": "fixed", "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9bc813a9b734f8eb029f44f0e31717569a62a075829bf99f71c11df38bae96b7", "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "Severity": "LOW", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "cbl-mariner": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4472", "https://access.redhat.com/security/cve/CVE-2025-69419", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-4472.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", "https://linux.oracle.com/cve/CVE-2025-69419.html", "https://linux.oracle.com/errata/ELSA-2026-50131.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69419" ], "PublishedDate": "2026-01-27T16:16:34.113Z", "LastModifiedDate": "2026-02-02T18:35:02.177Z" }, { "VulnerabilityID": "CVE-2025-69420", "PkgID": "libssl3@3.0.2-0ubuntu1.20", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libssl3@3.0.2-0ubuntu1.20?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2aea00c000c281c0", "BOMRef": "pkg:deb/ubuntu/libssl3@3.0.2-0ubuntu1.20?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.0.2-0ubuntu1.20", "FixedVersion": "3.0.2-0ubuntu1.21", "Status": "fixed", "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69420", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f34523726826f9909c020b5688a823de58317722e4606a70b17d27022b917096", "Title": "openssl: OpenSSL: Denial of Service via malformed TimeStamp Response", "Description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "Severity": "LOW", "CweIDs": [ "CWE-754" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "rocky": 3, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-69420", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", "https://linux.oracle.com/cve/CVE-2025-69420.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69420" ], "PublishedDate": "2026-01-27T16:16:34.317Z", "LastModifiedDate": "2026-02-02T18:33:30.557Z" }, { "VulnerabilityID": "CVE-2025-69421", "PkgID": "libssl3@3.0.2-0ubuntu1.20", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libssl3@3.0.2-0ubuntu1.20?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2aea00c000c281c0", "BOMRef": "pkg:deb/ubuntu/libssl3@3.0.2-0ubuntu1.20?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.0.2-0ubuntu1.20", "FixedVersion": "3.0.2-0ubuntu1.21", "Status": "fixed", "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9aa660789eb01851f461c6581d0f2758e94cac2e324429e66be7c630fc811006", "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "Severity": "LOW", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "rocky": 3, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-69421", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://linux.oracle.com/cve/CVE-2025-69421.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69421" ], "PublishedDate": "2026-01-27T16:16:34.437Z", "LastModifiedDate": "2026-02-28T04:16:17.457Z" }, { "VulnerabilityID": "CVE-2026-22795", "PkgID": "libssl3@3.0.2-0ubuntu1.20", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libssl3@3.0.2-0ubuntu1.20?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2aea00c000c281c0", "BOMRef": "pkg:deb/ubuntu/libssl3@3.0.2-0ubuntu1.20?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.0.2-0ubuntu1.20", "FixedVersion": "3.0.2-0ubuntu1.21", "Status": "fixed", "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22795", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:445d5942adb3cdec33f4028821fa529e1b33006b487fb83bcd374b1b8b33f087", "Title": "openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing", "Description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "Severity": "LOW", "CweIDs": [ "CWE-754" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "rocky": 3, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2026-22795", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", "https://linux.oracle.com/cve/CVE-2026-22795.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2026-22795" ], "PublishedDate": "2026-01-27T16:16:35.43Z", "LastModifiedDate": "2026-02-02T18:41:14.917Z" }, { "VulnerabilityID": "CVE-2026-22796", "PkgID": "libssl3@3.0.2-0ubuntu1.20", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libssl3@3.0.2-0ubuntu1.20?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2aea00c000c281c0", "BOMRef": "pkg:deb/ubuntu/libssl3@3.0.2-0ubuntu1.20?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.0.2-0ubuntu1.20", "FixedVersion": "3.0.2-0ubuntu1.21", "Status": "fixed", "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22796", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a61fef09ab5c466f3bca1fff38963084b3ee32165189643b6d4af0bd8c85ac0b", "Title": "openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification", "Description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "Severity": "LOW", "CweIDs": [ "CWE-754" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "rocky": 3, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2026-22796", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", "https://linux.oracle.com/cve/CVE-2026-22796.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2026-22796" ], "PublishedDate": "2026-01-27T16:16:35.543Z", "LastModifiedDate": "2026-02-02T18:40:27.467Z" }, { "VulnerabilityID": "CVE-2021-3826", "PkgID": "libstdc++-11-dev@11.4.0-1ubuntu1~22.04.2", "PkgName": "libstdc++-11-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libstdc%2B%2B-11-dev@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "d816088bcbe07a9b", "BOMRef": "pkg:deb/ubuntu/libstdc%2B%2B-11-dev@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "11.4.0-1ubuntu1~22.04.2", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3826", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:eff44edbd9172167498936dca8a90190d81f84692f5e2e6ab1fe881edf20ccd6", "Title": "libiberty: Heap/stack buffer overflow in the dlang_lname function in d-demangle.c", "Description": "Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-787" ], "VendorSeverity": { "alma": 1, "nvd": 2, "oracle-oval": 1, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6372", "https://access.redhat.com/security/cve/CVE-2021-3826", "https://bugzilla.redhat.com/2122627", "https://errata.almalinux.org/9/ALSA-2023-6372.html", "https://gcc.gnu.org/git/?p=gcc.git%3Ba=commit%3Bh=5481040197402be6dfee265bd2ff5a4c88e30505", "https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=5481040197402be6dfee265bd2ff5a4c88e30505", "https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579987", "https://linux.oracle.com/cve/CVE-2021-3826.html", "https://linux.oracle.com/errata/ELSA-2023-6372.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYLS3VR4OPL5ECRWOR4ZHMGXUSCJFZY/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXFC74WRZ2Q7F2TSUKPYNIL7ZPBWYI6L/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", "https://nvd.nist.gov/vuln/detail/CVE-2021-3826", "https://www.cve.org/CVERecord?id=CVE-2021-3826" ], "PublishedDate": "2022-09-01T21:15:08.843Z", "LastModifiedDate": "2024-11-21T06:22:32.99Z" }, { "VulnerabilityID": "CVE-2021-46195", "PkgID": "libstdc++-11-dev@11.4.0-1ubuntu1~22.04.2", "PkgName": "libstdc++-11-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libstdc%2B%2B-11-dev@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "d816088bcbe07a9b", "BOMRef": "pkg:deb/ubuntu/libstdc%2B%2B-11-dev@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "11.4.0-1ubuntu1~22.04.2", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-46195", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c90d2c26dad4e5d9a30eee83e3604ee8d43003f2cc72868c678d5a36d58b1295", "Title": "gcc: uncontrolled recursion in libiberty/rust-demangle.c", "Description": "GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "alma": 1, "nvd": 2, "oracle-oval": 1, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2022:8415", "https://access.redhat.com/security/cve/CVE-2021-46195", "https://bugzilla.redhat.com/2046300", "https://errata.almalinux.org/9/ALSA-2022-8415.html", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841", "https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=f10bec5ffa487ad3033ed5f38cfd0fc7d696deab", "https://linux.oracle.com/cve/CVE-2021-46195.html", "https://linux.oracle.com/errata/ELSA-2022-8415.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-46195", "https://www.cve.org/CVERecord?id=CVE-2021-46195" ], "PublishedDate": "2022-01-14T20:15:15.6Z", "LastModifiedDate": "2024-11-21T06:33:45.04Z" }, { "VulnerabilityID": "CVE-2022-27943", "PkgID": "libstdc++-11-dev@11.4.0-1ubuntu1~22.04.2", "PkgName": "libstdc++-11-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libstdc%2B%2B-11-dev@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "d816088bcbe07a9b", "BOMRef": "pkg:deb/ubuntu/libstdc%2B%2B-11-dev@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "11.4.0-1ubuntu1~22.04.2", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c4b869eecebc3f8abfc17542def6bd0e49b7f45582c558534b1af6c670734f45", "Title": "binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const", "Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "amazon": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-27943", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead", "https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "https://sourceware.org/bugzilla/show_bug.cgi?id=28995", "https://www.cve.org/CVERecord?id=CVE-2022-27943" ], "PublishedDate": "2022-03-26T13:15:07.9Z", "LastModifiedDate": "2024-11-21T06:56:31.04Z" }, { "VulnerabilityID": "CVE-2022-27943", "PkgID": "libstdc++6@12.3.0-1ubuntu1~22.04.2", "PkgName": "libstdc++6", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libstdc%2B%2B6@12.3.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "aa17aff4512d0c11", "BOMRef": "pkg:deb/ubuntu/libstdc%2B%2B6@12.3.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "12.3.0-1ubuntu1~22.04.2", "Status": "affected", "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:29d47780433835155d86adb20b91626667121b681e340c92765d581e3506bbbf", "Title": "binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const", "Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "amazon": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-27943", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead", "https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "https://sourceware.org/bugzilla/show_bug.cgi?id=28995", "https://www.cve.org/CVERecord?id=CVE-2022-27943" ], "PublishedDate": "2022-03-26T13:15:07.9Z", "LastModifiedDate": "2024-11-21T06:56:31.04Z" }, { "VulnerabilityID": "CVE-2026-29111", "PkgID": "libsystemd0@249.11-0ubuntu3.17", "PkgName": "libsystemd0", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libsystemd0@249.11-0ubuntu3.17?arch=amd64\u0026distro=ubuntu-22.04", "UID": "97e4ccc118ea397d", "BOMRef": "pkg:deb/ubuntu/libsystemd0@249.11-0ubuntu3.17?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "249.11-0ubuntu3.17", "FixedVersion": "249.11-0ubuntu3.19", "Status": "fixed", "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-29111", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d650f9f457afdfcec760be187151375442887abc045cb866e08413d2cd2d14c1", "Title": "systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data", "Description": "systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available.", "Severity": "MEDIUM", "CweIDs": [ "CWE-269" ], "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-29111", "https://github.com/systemd/systemd/commit/1d22f706bd04f45f8422e17fbde3f56ece17758a", "https://github.com/systemd/systemd/commit/20021e7686426052e3a7505425d7e12085feb2a6", "https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412", "https://github.com/systemd/systemd/commit/3cee294fe8cf4fa0eff933ab21416d099942cabd", "https://github.com/systemd/systemd/commit/42aee39107fbdd7db1ccd402a2151822b2805e9f", "https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f", "https://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69", "https://github.com/systemd/systemd/commit/80acea4ef80a4bb78560ed970c34952299b890d6", "https://github.com/systemd/systemd/commit/b5fd14693057e5f2c9b4a49603be64ec3608ff6c", "https://github.com/systemd/systemd/commit/efa6ba2ab625aaa160ac435a09e6482fc63bdbe8", "https://github.com/systemd/systemd/security/advisories/GHSA-gx6q-6f99-m764", "https://nvd.nist.gov/vuln/detail/CVE-2026-29111", "https://ubuntu.com/security/notices/USN-8119-1", "https://ubuntu.com/security/notices/USN-8119-2", "https://www.cve.org/CVERecord?id=CVE-2026-29111" ], "PublishedDate": "2026-03-23T22:16:26.267Z", "LastModifiedDate": "2026-03-24T15:53:48.067Z" }, { "VulnerabilityID": "CVE-2023-7008", "PkgID": "libsystemd0@249.11-0ubuntu3.17", "PkgName": "libsystemd0", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libsystemd0@249.11-0ubuntu3.17?arch=amd64\u0026distro=ubuntu-22.04", "UID": "97e4ccc118ea397d", "BOMRef": "pkg:deb/ubuntu/libsystemd0@249.11-0ubuntu3.17?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "249.11-0ubuntu3.17", "Status": "affected", "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-7008", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:238b07d4f3ac2ceeec5196029f146941a5c3bd6c35a16bae9de3d3841a9ade55", "Title": "systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Severity": "LOW", "CweIDs": [ "CWE-300" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2463", "https://access.redhat.com/errata/RHSA-2024:3203", "https://access.redhat.com/security/cve/CVE-2023-7008", "https://bugzilla.redhat.com/2222672", "https://bugzilla.redhat.com/show_bug.cgi?id=2222261", "https://bugzilla.redhat.com/show_bug.cgi?id=2222672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7008", "https://errata.almalinux.org/9/ALSA-2024-2463.html", "https://errata.rockylinux.org/RLSA-2024:2463", "https://github.com/systemd/systemd/issues/25676", "https://linux.oracle.com/cve/CVE-2023-7008.html", "https://linux.oracle.com/errata/ELSA-2024-3203.html", "https://lists.debian.org/debian-lts-announce/2024/09/msg00001.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GMDEG5PKONWNHOEYSUDRT6JEOISRMN2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHNBXGKJWISJETTTDTZKTBFIBJUOSLKL/", "https://nvd.nist.gov/vuln/detail/CVE-2023-7008", "https://security.netapp.com/advisory/ntap-20241122-0004/", "https://www.cve.org/CVERecord?id=CVE-2023-7008" ], "PublishedDate": "2023-12-23T13:15:07.573Z", "LastModifiedDate": "2025-11-04T17:15:43.4Z" }, { "VulnerabilityID": "CVE-2025-13151", "PkgID": "libtasn1-6@4.18.0-4ubuntu0.1", "PkgName": "libtasn1-6", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libtasn1-6@4.18.0-4ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "b0122995dca7e7b2", "BOMRef": "pkg:deb/ubuntu/libtasn1-6@4.18.0-4ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "4.18.0-4ubuntu0.1", "FixedVersion": "4.18.0-4ubuntu0.2", "Status": "fixed", "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-13151", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:37c7b6563ef56b32c9568f443a08562d5ac5fbea185872688a09022bb6507343", "Title": "libtasn1: libtasn1: Denial of Service via stack-based buffer overflow in asn1_expend_octet_string", "Description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "amazon": 3, "azure": 1, "cbl-mariner": 1, "photon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/08/5", "https://access.redhat.com/security/cve/CVE-2025-13151", "https://gitlab.com/gnutls/libtasn1", "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "https://ubuntu.com/security/notices/USN-7954-1", "https://ubuntu.com/security/notices/USN-7954-2", "https://www.cve.org/CVERecord?id=CVE-2025-13151", "https://www.kb.cert.org/vuls/id/271649" ], "PublishedDate": "2026-01-07T22:15:43.2Z", "LastModifiedDate": "2026-02-02T19:27:23.07Z" }, { "VulnerabilityID": "CVE-2021-46848", "PkgID": "libtasn1-6@4.18.0-4ubuntu0.1", "PkgName": "libtasn1-6", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libtasn1-6@4.18.0-4ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "b0122995dca7e7b2", "BOMRef": "pkg:deb/ubuntu/libtasn1-6@4.18.0-4ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "4.18.0-4ubuntu0.1", "FixedVersion": "4.18.0-4ubuntu0.2", "Status": "fixed", "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-46848", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1f8ffa6be8014585737b468024121298cfbafb4b614236ce62a27fd967957264", "Title": "libtasn1: Out-of-bound access in ETYPE_OK", "Description": "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "Severity": "LOW", "CweIDs": [ "CWE-193" ], "VendorSeverity": { "alma": 2, "amazon": 3, "cbl-mariner": 4, "nvd": 4, "oracle-oval": 2, "photon": 4, "redhat": 2, "rocky": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "V3Score": 9.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:0343", "https://access.redhat.com/security/cve/CVE-2021-46848", "https://bugs.gentoo.org/866237", "https://bugzilla.redhat.com/2140058", "https://bugzilla.redhat.com/show_bug.cgi?id=2140058", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46848", "https://errata.almalinux.org/9/ALSA-2023-0343.html", "https://errata.rockylinux.org/RLSA-2023:0343", "https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5", "https://gitlab.com/gnutls/libtasn1/-/issues/32", "https://linux.oracle.com/cve/CVE-2021-46848.html", "https://linux.oracle.com/errata/ELSA-2023-0343.html", "https://lists.debian.org/debian-lts-announce/2023/01/msg00003.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AV4SHDJF2XLB4CUPTBPQQ6CLGZ5LKXPZ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECM2ELTVRYV4BZ5L5GMIRQE27RFHPAQ6/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGO7XST4EIJGX4B2ITZCYSWM24534BSU/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V5LWOGF7QRMNFRUCZY6TDYQJVFI6MOQ2/", "https://nvd.nist.gov/vuln/detail/CVE-2021-46848", "https://security.netapp.com/advisory/ntap-20221118-0006/", "https://ubuntu.com/security/notices/USN-5707-1", "https://ubuntu.com/security/notices/USN-7954-1", "https://ubuntu.com/security/notices/USN-7954-2", "https://www.cve.org/CVERecord?id=CVE-2021-46848" ], "PublishedDate": "2022-10-24T14:15:49.973Z", "LastModifiedDate": "2025-05-07T15:15:52.307Z" }, { "VulnerabilityID": "CVE-2023-50495", "PkgID": "libtinfo-dev@6.3-2ubuntu0.1", "PkgName": "libtinfo-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libtinfo-dev@6.3-2ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "7237fb638a4f6eb3", "BOMRef": "pkg:deb/ubuntu/libtinfo-dev@6.3-2ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "6.3-2ubuntu0.1", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-50495", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:490cb65988ea765eaeff94a52c463b6b174567eb50be0fd523fa368129658e31", "Title": "ncurses: segmentation fault via _nc_wrap_entry()", "Description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "Severity": "LOW", "VendorSeverity": { "amazon": 2, "cbl-mariner": 2, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-50495", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "https://security.netapp.com/advisory/ntap-20240119-0008/", "https://ubuntu.com/security/notices/USN-6684-1", "https://www.cve.org/CVERecord?id=CVE-2023-50495" ], "PublishedDate": "2023-12-12T15:15:07.867Z", "LastModifiedDate": "2025-11-04T19:16:14.45Z" }, { "VulnerabilityID": "CVE-2023-50495", "PkgID": "libtinfo6@6.3-2ubuntu0.1", "PkgName": "libtinfo6", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libtinfo6@6.3-2ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "dade956f0ea39589", "BOMRef": "pkg:deb/ubuntu/libtinfo6@6.3-2ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "6.3-2ubuntu0.1", "Status": "affected", "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-50495", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8678d12fe55f655a8c5dafe87175e365f14e6931c4bd50b197a014a34a4aa194", "Title": "ncurses: segmentation fault via _nc_wrap_entry()", "Description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "Severity": "LOW", "VendorSeverity": { "amazon": 2, "cbl-mariner": 2, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-50495", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "https://security.netapp.com/advisory/ntap-20240119-0008/", "https://ubuntu.com/security/notices/USN-6684-1", "https://www.cve.org/CVERecord?id=CVE-2023-50495" ], "PublishedDate": "2023-12-12T15:15:07.867Z", "LastModifiedDate": "2025-11-04T19:16:14.45Z" }, { "VulnerabilityID": "CVE-2021-3826", "PkgID": "libtsan0@11.4.0-1ubuntu1~22.04.2", "PkgName": "libtsan0", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libtsan0@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "f1b5936ed5b4d468", "BOMRef": "pkg:deb/ubuntu/libtsan0@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "11.4.0-1ubuntu1~22.04.2", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3826", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8fab0d7646ac3229cd556de90ed16604744b4d30a83ecfb6f64b57bf1173c5d3", "Title": "libiberty: Heap/stack buffer overflow in the dlang_lname function in d-demangle.c", "Description": "Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.", "Severity": "LOW", "CweIDs": [ "CWE-119", "CWE-787" ], "VendorSeverity": { "alma": 1, "nvd": 2, "oracle-oval": 1, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6372", "https://access.redhat.com/security/cve/CVE-2021-3826", "https://bugzilla.redhat.com/2122627", "https://errata.almalinux.org/9/ALSA-2023-6372.html", "https://gcc.gnu.org/git/?p=gcc.git%3Ba=commit%3Bh=5481040197402be6dfee265bd2ff5a4c88e30505", "https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=5481040197402be6dfee265bd2ff5a4c88e30505", "https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579987", "https://linux.oracle.com/cve/CVE-2021-3826.html", "https://linux.oracle.com/errata/ELSA-2023-6372.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4MYLS3VR4OPL5ECRWOR4ZHMGXUSCJFZY/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AKZ2DTS3ATVN5PANNVLKLE5OP4OF25Q/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MTEHT3G6YKJ7F7MSGWYSI4UM3XBAYXZ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AXFC74WRZ2Q7F2TSUKPYNIL7ZPBWYI6L/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", "https://nvd.nist.gov/vuln/detail/CVE-2021-3826", "https://www.cve.org/CVERecord?id=CVE-2021-3826" ], "PublishedDate": "2022-09-01T21:15:08.843Z", "LastModifiedDate": "2024-11-21T06:22:32.99Z" }, { "VulnerabilityID": "CVE-2021-46195", "PkgID": "libtsan0@11.4.0-1ubuntu1~22.04.2", "PkgName": "libtsan0", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libtsan0@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "f1b5936ed5b4d468", "BOMRef": "pkg:deb/ubuntu/libtsan0@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "11.4.0-1ubuntu1~22.04.2", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-46195", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:bc34a305fc144f4f133fa6f8acdeaa1bcf5057f3f61e4c0789ec3e61fd6233d6", "Title": "gcc: uncontrolled recursion in libiberty/rust-demangle.c", "Description": "GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "alma": 1, "nvd": 2, "oracle-oval": 1, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2022:8415", "https://access.redhat.com/security/cve/CVE-2021-46195", "https://bugzilla.redhat.com/2046300", "https://errata.almalinux.org/9/ALSA-2022-8415.html", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841", "https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=f10bec5ffa487ad3033ed5f38cfd0fc7d696deab", "https://linux.oracle.com/cve/CVE-2021-46195.html", "https://linux.oracle.com/errata/ELSA-2022-8415.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-46195", "https://www.cve.org/CVERecord?id=CVE-2021-46195" ], "PublishedDate": "2022-01-14T20:15:15.6Z", "LastModifiedDate": "2024-11-21T06:33:45.04Z" }, { "VulnerabilityID": "CVE-2022-27943", "PkgID": "libtsan0@11.4.0-1ubuntu1~22.04.2", "PkgName": "libtsan0", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libtsan0@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "f1b5936ed5b4d468", "BOMRef": "pkg:deb/ubuntu/libtsan0@11.4.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "11.4.0-1ubuntu1~22.04.2", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:bbe77683aff165eef068d591328465c1be0c48cb0d7264c2a2883857bb7d303c", "Title": "binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const", "Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "amazon": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-27943", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead", "https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "https://sourceware.org/bugzilla/show_bug.cgi?id=28995", "https://www.cve.org/CVERecord?id=CVE-2022-27943" ], "PublishedDate": "2022-03-26T13:15:07.9Z", "LastModifiedDate": "2024-11-21T06:56:31.04Z" }, { "VulnerabilityID": "CVE-2022-27943", "PkgID": "libubsan1@12.3.0-1ubuntu1~22.04.2", "PkgName": "libubsan1", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libubsan1@12.3.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "ed03ae274baa235e", "BOMRef": "pkg:deb/ubuntu/libubsan1@12.3.0-1ubuntu1~22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "12.3.0-1ubuntu1~22.04.2", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:183c2688f8e2137f7391bf08b97de78878f1fc95b0cfd96615d15f774050d6d9", "Title": "binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const", "Description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "Severity": "LOW", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "amazon": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-27943", "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1a770b01ef415e114164b6151d1e55acdee09371", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79", "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=fc968115a742d9e4674d9725ce9c2106b91b6ead", "https://gcc.gnu.org/pipermail/gcc-patches/2022-March/592244.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "https://sourceware.org/bugzilla/show_bug.cgi?id=28995", "https://www.cve.org/CVERecord?id=CVE-2022-27943" ], "PublishedDate": "2022-03-26T13:15:07.9Z", "LastModifiedDate": "2024-11-21T06:56:31.04Z" }, { "VulnerabilityID": "CVE-2026-29111", "PkgID": "libudev1@249.11-0ubuntu3.17", "PkgName": "libudev1", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libudev1@249.11-0ubuntu3.17?arch=amd64\u0026distro=ubuntu-22.04", "UID": "82b0450a22ed0177", "BOMRef": "pkg:deb/ubuntu/libudev1@249.11-0ubuntu3.17?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "249.11-0ubuntu3.17", "FixedVersion": "249.11-0ubuntu3.19", "Status": "fixed", "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-29111", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:85eee549a4a8f1a8dd2dda29249039b6a8ae29461d44343e8f7d68cb187242c5", "Title": "systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data", "Description": "systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available.", "Severity": "MEDIUM", "CweIDs": [ "CWE-269" ], "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-29111", "https://github.com/systemd/systemd/commit/1d22f706bd04f45f8422e17fbde3f56ece17758a", "https://github.com/systemd/systemd/commit/20021e7686426052e3a7505425d7e12085feb2a6", "https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412", "https://github.com/systemd/systemd/commit/3cee294fe8cf4fa0eff933ab21416d099942cabd", "https://github.com/systemd/systemd/commit/42aee39107fbdd7db1ccd402a2151822b2805e9f", "https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f", "https://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69", "https://github.com/systemd/systemd/commit/80acea4ef80a4bb78560ed970c34952299b890d6", "https://github.com/systemd/systemd/commit/b5fd14693057e5f2c9b4a49603be64ec3608ff6c", "https://github.com/systemd/systemd/commit/efa6ba2ab625aaa160ac435a09e6482fc63bdbe8", "https://github.com/systemd/systemd/security/advisories/GHSA-gx6q-6f99-m764", "https://nvd.nist.gov/vuln/detail/CVE-2026-29111", "https://ubuntu.com/security/notices/USN-8119-1", "https://ubuntu.com/security/notices/USN-8119-2", "https://www.cve.org/CVERecord?id=CVE-2026-29111" ], "PublishedDate": "2026-03-23T22:16:26.267Z", "LastModifiedDate": "2026-03-24T15:53:48.067Z" }, { "VulnerabilityID": "CVE-2023-7008", "PkgID": "libudev1@249.11-0ubuntu3.17", "PkgName": "libudev1", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libudev1@249.11-0ubuntu3.17?arch=amd64\u0026distro=ubuntu-22.04", "UID": "82b0450a22ed0177", "BOMRef": "pkg:deb/ubuntu/libudev1@249.11-0ubuntu3.17?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "249.11-0ubuntu3.17", "Status": "affected", "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-7008", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:50f6493f2191651fae6abcf6e82a0bca500ab9111405da2311e90560cff7bbcb", "Title": "systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes", "Description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "Severity": "LOW", "CweIDs": [ "CWE-300" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2463", "https://access.redhat.com/errata/RHSA-2024:3203", "https://access.redhat.com/security/cve/CVE-2023-7008", "https://bugzilla.redhat.com/2222672", "https://bugzilla.redhat.com/show_bug.cgi?id=2222261", "https://bugzilla.redhat.com/show_bug.cgi?id=2222672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7008", "https://errata.almalinux.org/9/ALSA-2024-2463.html", "https://errata.rockylinux.org/RLSA-2024:2463", "https://github.com/systemd/systemd/issues/25676", "https://linux.oracle.com/cve/CVE-2023-7008.html", "https://linux.oracle.com/errata/ELSA-2024-3203.html", "https://lists.debian.org/debian-lts-announce/2024/09/msg00001.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GMDEG5PKONWNHOEYSUDRT6JEOISRMN2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHNBXGKJWISJETTTDTZKTBFIBJUOSLKL/", "https://nvd.nist.gov/vuln/detail/CVE-2023-7008", "https://security.netapp.com/advisory/ntap-20241122-0004/", "https://www.cve.org/CVERecord?id=CVE-2023-7008" ], "PublishedDate": "2023-12-23T13:15:07.573Z", "LastModifiedDate": "2025-11-04T17:15:43.4Z" }, { "VulnerabilityID": "CVE-2026-0989", "PkgID": "libxml2@2.9.13+dfsg-1ubuntu0.10", "PkgName": "libxml2", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libxml2@2.9.13%2Bdfsg-1ubuntu0.10?arch=amd64\u0026distro=ubuntu-22.04", "UID": "fc344bfac67e94f", "BOMRef": "pkg:deb/ubuntu/libxml2@2.9.13%2Bdfsg-1ubuntu0.10?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.9.13+dfsg-1ubuntu0.10", "FixedVersion": "2.9.13+dfsg-1ubuntu0.11", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-0989", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0c52cda7713128d6e6edcf8ac4ede22b78f2065c3d71f28cf8f8c55aefd6833e", "Title": "libxml2: Unbounded RelaxNG Include Recursion Leading to Stack Overflow", "Description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested \u003cinclude\u003e directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "Severity": "MEDIUM", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "amazon": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-0989", "https://bugzilla.redhat.com/show_bug.cgi?id=2429933", "https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/374", "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "https://ubuntu.com/security/notices/USN-7974-1", "https://www.cve.org/CVERecord?id=CVE-2026-0989" ], "PublishedDate": "2026-01-15T15:15:52.35Z", "LastModifiedDate": "2026-01-16T15:55:33.063Z" }, { "VulnerabilityID": "CVE-2026-0990", "PkgID": "libxml2@2.9.13+dfsg-1ubuntu0.10", "PkgName": "libxml2", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libxml2@2.9.13%2Bdfsg-1ubuntu0.10?arch=amd64\u0026distro=ubuntu-22.04", "UID": "fc344bfac67e94f", "BOMRef": "pkg:deb/ubuntu/libxml2@2.9.13%2Bdfsg-1ubuntu0.10?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.9.13+dfsg-1ubuntu0.10", "FixedVersion": "2.9.13+dfsg-1ubuntu0.11", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-0990", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9944f24852b5539aabe71f28b2160bb0fc69ab8aa576c9072a86f7138ea1ef96", "Title": "libxml2: libxml2: Denial of Service via uncontrolled recursion in XML catalog processing", "Description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "Severity": "MEDIUM", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-0990", "https://bugzilla.redhat.com/show_bug.cgi?id=2429959", "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "https://ubuntu.com/security/notices/USN-7974-1", "https://www.cve.org/CVERecord?id=CVE-2026-0990" ], "PublishedDate": "2026-01-15T15:15:52.503Z", "LastModifiedDate": "2026-01-16T15:55:33.063Z" }, { "VulnerabilityID": "CVE-2026-0992", "PkgID": "libxml2@2.9.13+dfsg-1ubuntu0.10", "PkgName": "libxml2", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libxml2@2.9.13%2Bdfsg-1ubuntu0.10?arch=amd64\u0026distro=ubuntu-22.04", "UID": "fc344bfac67e94f", "BOMRef": "pkg:deb/ubuntu/libxml2@2.9.13%2Bdfsg-1ubuntu0.10?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.9.13+dfsg-1ubuntu0.10", "FixedVersion": "2.9.13+dfsg-1ubuntu0.11", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-0992", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e908f275fcd34632f8e04ff778931d5b0d1429d3787ad66991602706ab10b47d", "Title": "libxml2: libxml2: Denial of Service via crafted XML catalogs", "Description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated \u003cnextCatalog\u003e elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "amazon": 2, "azure": 1, "cbl-mariner": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 2.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-0992", "https://bugzilla.redhat.com/show_bug.cgi?id=2429975", "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "https://ubuntu.com/security/notices/USN-7974-1", "https://www.cve.org/CVERecord?id=CVE-2026-0992" ], "PublishedDate": "2026-01-15T15:15:52.657Z", "LastModifiedDate": "2026-01-16T15:55:33.063Z" }, { "VulnerabilityID": "CVE-2025-8732", "PkgID": "libxml2@2.9.13+dfsg-1ubuntu0.10", "PkgName": "libxml2", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libxml2@2.9.13%2Bdfsg-1ubuntu0.10?arch=amd64\u0026distro=ubuntu-22.04", "UID": "fc344bfac67e94f", "BOMRef": "pkg:deb/ubuntu/libxml2@2.9.13%2Bdfsg-1ubuntu0.10?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.9.13+dfsg-1ubuntu0.10", "FixedVersion": "2.9.13+dfsg-1ubuntu0.11", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8732", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:bc7c771d1e06258bfc2543464dbecbca99a00540bac386485286da81a482190e", "Title": "libxml2: libxml2: Uncontrolled Recursion Vulnerability", "Description": "A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains, that \"[t]he issue can only be triggered with untrusted SGML catalogs and it makes absolutely no sense to use untrusted catalogs. I also doubt that anyone is still using SGML catalogs at all.\"", "Severity": "LOW", "CweIDs": [ "CWE-404", "CWE-674" ], "VendorSeverity": { "amazon": 1, "azure": 1, "cbl-mariner": 1, "redhat": 1, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-8732", "https://drive.google.com/file/d/1woIeYVcSQB_NwfEhaVnX6MedpWJ_nqWl/view?usp=drive_link", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/958", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/958#note_2505853", "https://nvd.nist.gov/vuln/detail/CVE-2025-8732", "https://ubuntu.com/security/notices/USN-7974-1", "https://vuldb.com/?ctiid.319228", "https://vuldb.com/?id.319228", "https://vuldb.com/?submit.622285", "https://www.cve.org/CVERecord?id=CVE-2025-8732" ], "PublishedDate": "2025-08-08T17:15:30.583Z", "LastModifiedDate": "2025-08-08T20:30:18.18Z" }, { "VulnerabilityID": "CVE-2026-0989", "PkgID": "libxml2-dev@2.9.13+dfsg-1ubuntu0.10", "PkgName": "libxml2-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libxml2-dev@2.9.13%2Bdfsg-1ubuntu0.10?arch=amd64\u0026distro=ubuntu-22.04", "UID": "c3df9646fcf3a8de", "BOMRef": "pkg:deb/ubuntu/libxml2-dev@2.9.13%2Bdfsg-1ubuntu0.10?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.9.13+dfsg-1ubuntu0.10", "FixedVersion": "2.9.13+dfsg-1ubuntu0.11", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-0989", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b7c8c68d82241d1d410838f0331c3204eef4f1ff6fa826a0cd2b8b2185d15f2b", "Title": "libxml2: Unbounded RelaxNG Include Recursion Leading to Stack Overflow", "Description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested \u003cinclude\u003e directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "Severity": "MEDIUM", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "amazon": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-0989", "https://bugzilla.redhat.com/show_bug.cgi?id=2429933", "https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/374", "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "https://ubuntu.com/security/notices/USN-7974-1", "https://www.cve.org/CVERecord?id=CVE-2026-0989" ], "PublishedDate": "2026-01-15T15:15:52.35Z", "LastModifiedDate": "2026-01-16T15:55:33.063Z" }, { "VulnerabilityID": "CVE-2026-0990", "PkgID": "libxml2-dev@2.9.13+dfsg-1ubuntu0.10", "PkgName": "libxml2-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libxml2-dev@2.9.13%2Bdfsg-1ubuntu0.10?arch=amd64\u0026distro=ubuntu-22.04", "UID": "c3df9646fcf3a8de", "BOMRef": "pkg:deb/ubuntu/libxml2-dev@2.9.13%2Bdfsg-1ubuntu0.10?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.9.13+dfsg-1ubuntu0.10", "FixedVersion": "2.9.13+dfsg-1ubuntu0.11", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-0990", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:42a37f45f41b8389e705cf275ca9e8685a385c29872e9ebb1f3915ed918ca4e1", "Title": "libxml2: libxml2: Denial of Service via uncontrolled recursion in XML catalog processing", "Description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "Severity": "MEDIUM", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-0990", "https://bugzilla.redhat.com/show_bug.cgi?id=2429959", "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "https://ubuntu.com/security/notices/USN-7974-1", "https://www.cve.org/CVERecord?id=CVE-2026-0990" ], "PublishedDate": "2026-01-15T15:15:52.503Z", "LastModifiedDate": "2026-01-16T15:55:33.063Z" }, { "VulnerabilityID": "CVE-2026-0992", "PkgID": "libxml2-dev@2.9.13+dfsg-1ubuntu0.10", "PkgName": "libxml2-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libxml2-dev@2.9.13%2Bdfsg-1ubuntu0.10?arch=amd64\u0026distro=ubuntu-22.04", "UID": "c3df9646fcf3a8de", "BOMRef": "pkg:deb/ubuntu/libxml2-dev@2.9.13%2Bdfsg-1ubuntu0.10?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.9.13+dfsg-1ubuntu0.10", "FixedVersion": "2.9.13+dfsg-1ubuntu0.11", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-0992", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ebe589774be3ccfa8bd16ad97f2e5f1a2f1160873210cf5f7bb2a74c27f445ed", "Title": "libxml2: libxml2: Denial of Service via crafted XML catalogs", "Description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated \u003cnextCatalog\u003e elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "amazon": 2, "azure": 1, "cbl-mariner": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 2.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-0992", "https://bugzilla.redhat.com/show_bug.cgi?id=2429975", "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "https://ubuntu.com/security/notices/USN-7974-1", "https://www.cve.org/CVERecord?id=CVE-2026-0992" ], "PublishedDate": "2026-01-15T15:15:52.657Z", "LastModifiedDate": "2026-01-16T15:55:33.063Z" }, { "VulnerabilityID": "CVE-2025-8732", "PkgID": "libxml2-dev@2.9.13+dfsg-1ubuntu0.10", "PkgName": "libxml2-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libxml2-dev@2.9.13%2Bdfsg-1ubuntu0.10?arch=amd64\u0026distro=ubuntu-22.04", "UID": "c3df9646fcf3a8de", "BOMRef": "pkg:deb/ubuntu/libxml2-dev@2.9.13%2Bdfsg-1ubuntu0.10?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.9.13+dfsg-1ubuntu0.10", "FixedVersion": "2.9.13+dfsg-1ubuntu0.11", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8732", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b0f1ffc9ec75f45955e57e4c9a0b572ae0dd2cc1bfe1e3d0df4ddcdf8d96a985", "Title": "libxml2: libxml2: Uncontrolled Recursion Vulnerability", "Description": "A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains, that \"[t]he issue can only be triggered with untrusted SGML catalogs and it makes absolutely no sense to use untrusted catalogs. I also doubt that anyone is still using SGML catalogs at all.\"", "Severity": "LOW", "CweIDs": [ "CWE-404", "CWE-674" ], "VendorSeverity": { "amazon": 1, "azure": 1, "cbl-mariner": 1, "redhat": 1, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-8732", "https://drive.google.com/file/d/1woIeYVcSQB_NwfEhaVnX6MedpWJ_nqWl/view?usp=drive_link", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/958", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/958#note_2505853", "https://nvd.nist.gov/vuln/detail/CVE-2025-8732", "https://ubuntu.com/security/notices/USN-7974-1", "https://vuldb.com/?ctiid.319228", "https://vuldb.com/?id.319228", "https://vuldb.com/?submit.622285", "https://www.cve.org/CVERecord?id=CVE-2025-8732" ], "PublishedDate": "2025-08-08T17:15:30.583Z", "LastModifiedDate": "2025-08-08T20:30:18.18Z" }, { "VulnerabilityID": "CVE-2022-4899", "PkgID": "libzstd1@1.4.8+dfsg-3build1", "PkgName": "libzstd1", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libzstd1@1.4.8%2Bdfsg-3build1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "699f41ce8db95953", "BOMRef": "pkg:deb/ubuntu/libzstd1@1.4.8%2Bdfsg-3build1?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "1.4.8+dfsg-3build1", "Status": "affected", "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4899", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:430bd9fd7bd5d9c3610a53d0c6fd5d17da939772976ad63f7794654d81fd4960", "Title": "zstd: mysql: buffer overrun in util.c", "Description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "Severity": "LOW", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "alma": 2, "amazon": 2, "cbl-mariner": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 1 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:1141", "https://access.redhat.com/security/cve/CVE-2022-4899", "https://bugzilla.redhat.com/2179864", "https://bugzilla.redhat.com/2188109", "https://bugzilla.redhat.com/2188113", "https://bugzilla.redhat.com/2188115", "https://bugzilla.redhat.com/2188116", "https://bugzilla.redhat.com/2188117", "https://bugzilla.redhat.com/2188118", "https://bugzilla.redhat.com/2188119", "https://bugzilla.redhat.com/2188120", "https://bugzilla.redhat.com/2188121", "https://bugzilla.redhat.com/2188122", "https://bugzilla.redhat.com/2188123", "https://bugzilla.redhat.com/2188124", "https://bugzilla.redhat.com/2188125", "https://bugzilla.redhat.com/2188127", "https://bugzilla.redhat.com/2188128", "https://bugzilla.redhat.com/2188129", "https://bugzilla.redhat.com/2188130", "https://bugzilla.redhat.com/2188131", "https://bugzilla.redhat.com/2188132", "https://bugzilla.redhat.com/2224211", "https://bugzilla.redhat.com/2224212", "https://bugzilla.redhat.com/2224213", "https://bugzilla.redhat.com/2224214", "https://bugzilla.redhat.com/2224215", "https://bugzilla.redhat.com/2224216", "https://bugzilla.redhat.com/2224217", "https://bugzilla.redhat.com/2224218", "https://bugzilla.redhat.com/2224219", "https://bugzilla.redhat.com/2224220", "https://bugzilla.redhat.com/2224221", "https://bugzilla.redhat.com/2224222", "https://bugzilla.redhat.com/2245014", "https://bugzilla.redhat.com/2245015", "https://bugzilla.redhat.com/2245016", "https://bugzilla.redhat.com/2245017", "https://bugzilla.redhat.com/2245018", "https://bugzilla.redhat.com/2245019", "https://bugzilla.redhat.com/2245020", "https://bugzilla.redhat.com/2245021", "https://bugzilla.redhat.com/2245022", "https://bugzilla.redhat.com/2245023", "https://bugzilla.redhat.com/2245024", "https://bugzilla.redhat.com/2245026", "https://bugzilla.redhat.com/2245027", "https://bugzilla.redhat.com/2245028", "https://bugzilla.redhat.com/2245029", "https://bugzilla.redhat.com/2245030", "https://bugzilla.redhat.com/2245031", "https://bugzilla.redhat.com/2245032", "https://bugzilla.redhat.com/2245033", "https://bugzilla.redhat.com/2245034", "https://bugzilla.redhat.com/2258771", "https://bugzilla.redhat.com/2258772", "https://bugzilla.redhat.com/2258773", "https://bugzilla.redhat.com/2258774", "https://bugzilla.redhat.com/2258775", "https://bugzilla.redhat.com/2258776", "https://bugzilla.redhat.com/2258777", "https://bugzilla.redhat.com/2258778", "https://bugzilla.redhat.com/2258779", "https://bugzilla.redhat.com/2258780", "https://bugzilla.redhat.com/2258781", "https://bugzilla.redhat.com/2258782", "https://bugzilla.redhat.com/2258783", "https://bugzilla.redhat.com/2258784", "https://bugzilla.redhat.com/2258785", "https://bugzilla.redhat.com/2258787", "https://bugzilla.redhat.com/2258788", "https://bugzilla.redhat.com/2258789", "https://bugzilla.redhat.com/2258790", "https://bugzilla.redhat.com/2258791", "https://bugzilla.redhat.com/2258792", "https://bugzilla.redhat.com/2258793", "https://bugzilla.redhat.com/2258794", "https://bugzilla.redhat.com/show_bug.cgi?id=2179864", "https://bugzilla.redhat.com/show_bug.cgi?id=2188109", "https://bugzilla.redhat.com/show_bug.cgi?id=2188113", "https://bugzilla.redhat.com/show_bug.cgi?id=2188115", "https://bugzilla.redhat.com/show_bug.cgi?id=2188116", "https://bugzilla.redhat.com/show_bug.cgi?id=2188117", "https://bugzilla.redhat.com/show_bug.cgi?id=2188118", "https://bugzilla.redhat.com/show_bug.cgi?id=2188119", "https://bugzilla.redhat.com/show_bug.cgi?id=2188120", "https://bugzilla.redhat.com/show_bug.cgi?id=2188121", "https://bugzilla.redhat.com/show_bug.cgi?id=2188122", "https://bugzilla.redhat.com/show_bug.cgi?id=2188123", "https://bugzilla.redhat.com/show_bug.cgi?id=2188124", "https://bugzilla.redhat.com/show_bug.cgi?id=2188125", "https://bugzilla.redhat.com/show_bug.cgi?id=2188127", "https://bugzilla.redhat.com/show_bug.cgi?id=2188128", "https://bugzilla.redhat.com/show_bug.cgi?id=2188129", "https://bugzilla.redhat.com/show_bug.cgi?id=2188130", "https://bugzilla.redhat.com/show_bug.cgi?id=2188131", "https://bugzilla.redhat.com/show_bug.cgi?id=2188132", "https://bugzilla.redhat.com/show_bug.cgi?id=2224211", "https://bugzilla.redhat.com/show_bug.cgi?id=2224212", "https://bugzilla.redhat.com/show_bug.cgi?id=2224213", "https://bugzilla.redhat.com/show_bug.cgi?id=2224214", "https://bugzilla.redhat.com/show_bug.cgi?id=2224215", "https://bugzilla.redhat.com/show_bug.cgi?id=2224216", "https://bugzilla.redhat.com/show_bug.cgi?id=2224217", "https://bugzilla.redhat.com/show_bug.cgi?id=2224218", "https://bugzilla.redhat.com/show_bug.cgi?id=2224219", "https://bugzilla.redhat.com/show_bug.cgi?id=2224220", "https://bugzilla.redhat.com/show_bug.cgi?id=2224221", "https://bugzilla.redhat.com/show_bug.cgi?id=2224222", "https://bugzilla.redhat.com/show_bug.cgi?id=2245014", "https://bugzilla.redhat.com/show_bug.cgi?id=2245015", "https://bugzilla.redhat.com/show_bug.cgi?id=2245016", "https://bugzilla.redhat.com/show_bug.cgi?id=2245017", "https://bugzilla.redhat.com/show_bug.cgi?id=2245018", "https://bugzilla.redhat.com/show_bug.cgi?id=2245019", "https://bugzilla.redhat.com/show_bug.cgi?id=2245020", "https://bugzilla.redhat.com/show_bug.cgi?id=2245021", "https://bugzilla.redhat.com/show_bug.cgi?id=2245022", "https://bugzilla.redhat.com/show_bug.cgi?id=2245023", "https://bugzilla.redhat.com/show_bug.cgi?id=2245024", "https://bugzilla.redhat.com/show_bug.cgi?id=2245026", "https://bugzilla.redhat.com/show_bug.cgi?id=2245027", "https://bugzilla.redhat.com/show_bug.cgi?id=2245028", "https://bugzilla.redhat.com/show_bug.cgi?id=2245029", "https://bugzilla.redhat.com/show_bug.cgi?id=2245030", "https://bugzilla.redhat.com/show_bug.cgi?id=2245031", "https://bugzilla.redhat.com/show_bug.cgi?id=2245032", "https://bugzilla.redhat.com/show_bug.cgi?id=2245033", "https://bugzilla.redhat.com/show_bug.cgi?id=2245034", "https://bugzilla.redhat.com/show_bug.cgi?id=2258771", "https://bugzilla.redhat.com/show_bug.cgi?id=2258772", "https://bugzilla.redhat.com/show_bug.cgi?id=2258773", "https://bugzilla.redhat.com/show_bug.cgi?id=2258774", "https://bugzilla.redhat.com/show_bug.cgi?id=2258775", "https://bugzilla.redhat.com/show_bug.cgi?id=2258776", "https://bugzilla.redhat.com/show_bug.cgi?id=2258777", "https://bugzilla.redhat.com/show_bug.cgi?id=2258778", "https://bugzilla.redhat.com/show_bug.cgi?id=2258779", "https://bugzilla.redhat.com/show_bug.cgi?id=2258780", "https://bugzilla.redhat.com/show_bug.cgi?id=2258781", "https://bugzilla.redhat.com/show_bug.cgi?id=2258782", "https://bugzilla.redhat.com/show_bug.cgi?id=2258783", "https://bugzilla.redhat.com/show_bug.cgi?id=2258784", "https://bugzilla.redhat.com/show_bug.cgi?id=2258785", "https://bugzilla.redhat.com/show_bug.cgi?id=2258787", "https://bugzilla.redhat.com/show_bug.cgi?id=2258788", "https://bugzilla.redhat.com/show_bug.cgi?id=2258789", "https://bugzilla.redhat.com/show_bug.cgi?id=2258790", "https://bugzilla.redhat.com/show_bug.cgi?id=2258791", "https://bugzilla.redhat.com/show_bug.cgi?id=2258792", "https://bugzilla.redhat.com/show_bug.cgi?id=2258793", "https://bugzilla.redhat.com/show_bug.cgi?id=2258794", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4899", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21911", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21919", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21920", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21929", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21933", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21935", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21940", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21945", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21946", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21947", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21953", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21955", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21962", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21966", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21972", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21976", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21977", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21980", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21982", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22005", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22007", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22008", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22032", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22033", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22038", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22046", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22048", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22053", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22054", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22057", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22058", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22059", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22065", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22066", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22068", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22070", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22078", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22079", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22084", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22092", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22103", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22104", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22110", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22112", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22113", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22114", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22115", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20960", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20962", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20963", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20964", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20965", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20966", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20967", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20968", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20969", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20970", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20971", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20972", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20973", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20974", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20976", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20977", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20978", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20981", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20982", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20983", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20984", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20985", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20993", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21049", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21050", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21051", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21052", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21053", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21055", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21057", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21061", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21137", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21200", "https://errata.almalinux.org/9/ALSA-2024-1141.html", "https://errata.rockylinux.org/RLSA-2024:0894", "https://github.com/facebook/zstd", "https://github.com/facebook/zstd/issues/3200", "https://github.com/facebook/zstd/pull/3220", "https://github.com/pypa/advisory-database/tree/main/vulns/zstd/PYSEC-2023-121.yaml", "https://github.com/sergey-dryabzhinsky/python-zstd/commit/c8a619aebdbd6b838fbfef6e19325a70f631a4c6", "https://linux.oracle.com/cve/CVE-2022-4899.html", "https://linux.oracle.com/errata/ELSA-2024-1141.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN", "https://nvd.nist.gov/vuln/detail/CVE-2022-4899", "https://security.netapp.com/advisory/ntap-20230725-0005", "https://security.netapp.com/advisory/ntap-20230725-0005/", "https://www.cve.org/CVERecord?id=CVE-2022-4899" ], "PublishedDate": "2023-03-31T20:15:07.213Z", "LastModifiedDate": "2025-02-18T18:15:14.023Z" }, { "VulnerabilityID": "CVE-2022-49390", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-164.174", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49390", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e6f27131699da5617760e25f2d3379853b8dcd25bffb18f85edd5ef62bfca175", "Title": "kernel: macsec: fix UAF bug for real_dev", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmacsec: fix UAF bug for real_dev\n\nCreate a new macsec device but not get reference to real_dev. That can\nnot ensure that real_dev is freed after macsec. That will trigger the\nUAF bug for real_dev as following:\n\n==================================================================\nBUG: KASAN: use-after-free in macsec_get_iflink+0x5f/0x70 drivers/net/macsec.c:3662\nCall Trace:\n ...\n macsec_get_iflink+0x5f/0x70 drivers/net/macsec.c:3662\n dev_get_iflink+0x73/0xe0 net/core/dev.c:637\n default_operstate net/core/link_watch.c:42 [inline]\n rfc2863_policy+0x233/0x2d0 net/core/link_watch.c:54\n linkwatch_do_dev+0x2a/0x150 net/core/link_watch.c:161\n\nAllocated by task 22209:\n ...\n alloc_netdev_mqs+0x98/0x1100 net/core/dev.c:10549\n rtnl_create_link+0x9d7/0xc00 net/core/rtnetlink.c:3235\n veth_newlink+0x20e/0xa90 drivers/net/veth.c:1748\n\nFreed by task 8:\n ...\n kfree+0xd6/0x4d0 mm/slub.c:4552\n kvfree+0x42/0x50 mm/util.c:615\n device_release+0x9f/0x240 drivers/base/core.c:2229\n kobject_cleanup lib/kobject.c:673 [inline]\n kobject_release lib/kobject.c:704 [inline]\n kref_put include/linux/kref.h:65 [inline]\n kobject_put+0x1c8/0x540 lib/kobject.c:721\n netdev_run_todo+0x72e/0x10b0 net/core/dev.c:10327\n\nAfter commit faab39f63c1f (\"net: allow out-of-order netdev unregistration\")\nand commit e5f80fcf869a (\"ipv6: give an IPv6 dev to blackhole_netdev\"), we\ncan add dev_hold_track() in macsec_dev_init() and dev_put_track() in\nmacsec_free_netdev() to fix the problem.", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "redhat": 2, "ubuntu": 3 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49390", "https://git.kernel.org/linus/196a888ca6571deb344468e1d7138e3273206335 (5.19-rc1)", "https://git.kernel.org/stable/c/196a888ca6571deb344468e1d7138e3273206335", "https://git.kernel.org/stable/c/78933cbc143b82d02330e00900d2fd08f2682f4e", "https://git.kernel.org/stable/c/d130282179aa6051449ac8f8df1115769998a665", "https://lore.kernel.org/linux-cve-announce/2025022649-CVE-2022-49390-1583@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49390", "https://ubuntu.com/security/notices/USN-7907-1", "https://ubuntu.com/security/notices/USN-7907-2", "https://ubuntu.com/security/notices/USN-7907-3", "https://ubuntu.com/security/notices/USN-7907-4", "https://ubuntu.com/security/notices/USN-7907-5", "https://ubuntu.com/security/notices/USN-7922-1", "https://ubuntu.com/security/notices/USN-7922-2", "https://ubuntu.com/security/notices/USN-7922-3", "https://ubuntu.com/security/notices/USN-7922-4", "https://ubuntu.com/security/notices/USN-7922-5", "https://ubuntu.com/security/notices/USN-7928-1", "https://ubuntu.com/security/notices/USN-7928-2", "https://ubuntu.com/security/notices/USN-7928-3", "https://ubuntu.com/security/notices/USN-7928-4", "https://ubuntu.com/security/notices/USN-7928-5", "https://ubuntu.com/security/notices/USN-7937-1", "https://ubuntu.com/security/notices/USN-7938-1", "https://ubuntu.com/security/notices/USN-7939-1", "https://ubuntu.com/security/notices/USN-7939-2", "https://www.cve.org/CVERecord?id=CVE-2022-49390" ], "PublishedDate": "2025-02-26T07:01:15.62Z", "LastModifiedDate": "2025-03-25T13:48:09.85Z" }, { "VulnerabilityID": "CVE-2024-35870", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-35870", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:db85c2a68553584cecdc0e8698f4d5f4c423c9cb617d36df0fe9e8a93fd46fd2", "Title": "kernel: smb: client: fix UAF in smb2_reconnect_server()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix UAF in smb2_reconnect_server()\n\nThe UAF bug is due to smb2_reconnect_server() accessing a session that\nis already being teared down by another thread that is executing\n__cifs_put_smb_ses(). This can happen when (a) the client has\nconnection to the server but no session or (b) another thread ends up\nsetting @ses-\u003eses_status again to something different than\nSES_EXITING.\n\nTo fix this, we need to make sure to unconditionally set\n@ses-\u003eses_status to SES_EXITING and prevent any other threads from\nsetting a new status while we're still tearing it down.\n\nThe following can be reproduced by adding some delay to right after\nthe ipc is freed in __cifs_put_smb_ses() - which will give\nsmb2_reconnect_server() worker a chance to run and then accessing\n@ses-\u003eipc:\n\nkinit ...\nmount.cifs //srv/share /mnt/1 -o sec=krb5,nohandlecache,echo_interval=10\n[disconnect srv]\nls /mnt/1 \u0026\u003e/dev/null\nsleep 30\nkdestroy\n[reconnect srv]\nsleep 10\numount /mnt/1\n...\nCIFS: VFS: Verify user has a krb5 ticket and keyutils is installed\nCIFS: VFS: \\\\srv Send error in SessSetup = -126\nCIFS: VFS: Verify user has a krb5 ticket and keyutils is installed\nCIFS: VFS: \\\\srv Send error in SessSetup = -126\ngeneral protection fault, probably for non-canonical address\n0x6b6b6b6b6b6b6b6b: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 3 PID: 50 Comm: kworker/3:1 Not tainted 6.9.0-rc2 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-1.fc39\n04/01/2014\nWorkqueue: cifsiod smb2_reconnect_server [cifs]\nRIP: 0010:__list_del_entry_valid_or_report+0x33/0xf0\nCode: 4f 08 48 85 d2 74 42 48 85 c9 74 59 48 b8 00 01 00 00 00 00 ad\nde 48 39 c2 74 61 48 b8 22 01 00 00 00 00 74 69 \u003c48\u003e 8b 01 48 39 f8 75\n7b 48 8b 72 08 48 39 c6 0f 85 88 00 00 00 b8\nRSP: 0018:ffffc900001bfd70 EFLAGS: 00010a83\nRAX: dead000000000122 RBX: ffff88810da53838 RCX: 6b6b6b6b6b6b6b6b\nRDX: 6b6b6b6b6b6b6b6b RSI: ffffffffc02f6878 RDI: ffff88810da53800\nRBP: ffff88810da53800 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: ffff88810c064000\nR13: 0000000000000001 R14: ffff88810c064000 R15: ffff8881039cc000\nFS: 0000000000000000(0000) GS:ffff888157c00000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fe3728b1000 CR3: 000000010caa4000 CR4: 0000000000750ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? die_addr+0x36/0x90\n ? exc_general_protection+0x1c1/0x3f0\n ? asm_exc_general_protection+0x26/0x30\n ? __list_del_entry_valid_or_report+0x33/0xf0\n __cifs_put_smb_ses+0x1ae/0x500 [cifs]\n smb2_reconnect_server+0x4ed/0x710 [cifs]\n process_one_work+0x205/0x6b0\n worker_thread+0x191/0x360\n ? __pfx_worker_thread+0x10/0x10\n kthread+0xe2/0x110\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x34/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "alma": 2, "amazon": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 3 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:4349", "https://access.redhat.com/security/cve/CVE-2024-35870", "https://bugzilla.redhat.com/2271680", "https://bugzilla.redhat.com/2273429", "https://bugzilla.redhat.com/2278354", "https://bugzilla.redhat.com/2280745", "https://bugzilla.redhat.com/2281350", "https://bugzilla.redhat.com/2281740", "https://bugzilla.redhat.com/2281920", "https://bugzilla.redhat.com/2282336", "https://bugzilla.redhat.com/show_bug.cgi?id=2271680", "https://bugzilla.redhat.com/show_bug.cgi?id=2273429", "https://bugzilla.redhat.com/show_bug.cgi?id=2278354", "https://bugzilla.redhat.com/show_bug.cgi?id=2280745", "https://bugzilla.redhat.com/show_bug.cgi?id=2281350", "https://bugzilla.redhat.com/show_bug.cgi?id=2281740", "https://bugzilla.redhat.com/show_bug.cgi?id=2281920", "https://bugzilla.redhat.com/show_bug.cgi?id=2282336", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52626", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52667", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26801", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26974", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27393", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35870", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35960", "https://errata.almalinux.org/9/ALSA-2024-4349.html", "https://errata.rockylinux.org/RLSA-2024:4349", "https://git.kernel.org/linus/24a9799aa8efecd0eb55a75e35f9d8e6400063aa (6.9-rc3)", "https://git.kernel.org/stable/c/24a9799aa8efecd0eb55a75e35f9d8e6400063aa", "https://git.kernel.org/stable/c/45f2beda1f1bc3d962ec07db1ccc3197c25499a5", "https://git.kernel.org/stable/c/6202996a1c1887e83d0b3b0fcd86d0e5e6910ea0", "https://git.kernel.org/stable/c/755fe68cd4b59e1d2a2dd3286177fd4404f57fed", "https://linux.oracle.com/cve/CVE-2024-35870.html", "https://linux.oracle.com/errata/ELSA-2024-4349.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024051940-CVE-2024-35870-3c02@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-35870", "https://ubuntu.com/security/notices/USN-6893-1", "https://ubuntu.com/security/notices/USN-6893-2", "https://ubuntu.com/security/notices/USN-6893-3", "https://ubuntu.com/security/notices/USN-6918-1", "https://www.cve.org/CVERecord?id=CVE-2024-35870" ], "PublishedDate": "2024-05-19T09:15:08.427Z", "LastModifiedDate": "2025-11-03T21:16:11.8Z" }, { "VulnerabilityID": "CVE-2024-53179", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-53179", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3584341b41661c3b73bcbdebb528bc1eb168f24b2e5ca23dcd2f63a0553ab5e6", "Title": "kernel: smb: client: fix use-after-free of signing key", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix use-after-free of signing key\n\nCustomers have reported use-after-free in @ses-\u003eauth_key.response with\nSMB2.1 + sign mounts which occurs due to following race:\n\ntask A task B\ncifs_mount()\n dfs_mount_share()\n get_session()\n cifs_mount_get_session() cifs_send_recv()\n cifs_get_smb_ses() compound_send_recv()\n cifs_setup_session() smb2_setup_request()\n kfree_sensitive() smb2_calc_signature()\n crypto_shash_setkey() *UAF*\n\nFix this by ensuring that we have a valid @ses-\u003eauth_key.response by\nchecking whether @ses-\u003eses_status is SES_GOOD or SES_EXITING with\n@ses-\u003eses_lock held. After commit 24a9799aa8ef (\"smb: client: fix UAF\nin smb2_reconnect_server()\"), we made sure to call -\u003elogoff() only\nwhen @ses was known to be good (e.g. valid -\u003eauth_key.response), so\nit's safe to access signing key when @ses-\u003eses_status == SES_EXITING.", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "azure": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 3 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-53179", "https://git.kernel.org/linus/343d7fe6df9e247671440a932b6a73af4fa86d95 (6.13-rc1)", "https://git.kernel.org/stable/c/0e2b654a3848bf9da3b0d54c1ccf3f1b8c635591", "https://git.kernel.org/stable/c/343d7fe6df9e247671440a932b6a73af4fa86d95", "https://git.kernel.org/stable/c/39619c65ab4bbb3e78c818f537687653e112764d", "https://linux.oracle.com/cve/CVE-2024-53179.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2024122719-CVE-2024-53179-2179@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-53179", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7513-1", "https://ubuntu.com/security/notices/USN-7513-2", "https://ubuntu.com/security/notices/USN-7513-3", "https://ubuntu.com/security/notices/USN-7513-4", "https://ubuntu.com/security/notices/USN-7513-5", "https://ubuntu.com/security/notices/USN-7514-1", "https://ubuntu.com/security/notices/USN-7515-1", "https://ubuntu.com/security/notices/USN-7515-2", "https://ubuntu.com/security/notices/USN-7522-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-53179" ], "PublishedDate": "2024-12-27T14:15:25.307Z", "LastModifiedDate": "2025-02-10T18:15:27.533Z" }, { "VulnerabilityID": "CVE-2025-21780", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-171.181", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21780", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7676c70b7dcdb318a6bcf1f995b36bd7ef899a8a86761defcf43adf919158377", "Title": "kernel: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()\n\nIt malicious user provides a small pptable through sysfs and then\na bigger pptable, it may cause buffer overflow attack in function\nsmu_sys_set_pp_table().", "Severity": "HIGH", "CweIDs": [ "CWE-120" ], "VendorSeverity": { "azure": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "ubuntu": 3 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21780", "https://git.kernel.org/linus/1abb2648698bf10783d2236a6b4a7ca5e8021699 (6.14-rc3)", "https://git.kernel.org/stable/c/1abb2648698bf10783d2236a6b4a7ca5e8021699", "https://git.kernel.org/stable/c/231075c5a8ea54f34b7c4794687baa980814e6de", "https://git.kernel.org/stable/c/2498d2db1d35e88a2060ea191ae75dce853dd084", "https://git.kernel.org/stable/c/3484ea33157bc7334f57e64826ec5a4bf992151a", "https://git.kernel.org/stable/c/e43a8b9c4d700ffec819c5043a48769b3e7d9cab", "https://linux.oracle.com/cve/CVE-2025-21780.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html", "https://lore.kernel.org/linux-cve-announce/2025022607-CVE-2025-21780-8283@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21780", "https://ubuntu.com/security/notices/USN-7521-1", "https://ubuntu.com/security/notices/USN-7521-2", "https://ubuntu.com/security/notices/USN-7521-3", "https://ubuntu.com/security/notices/USN-7703-1", "https://ubuntu.com/security/notices/USN-7703-2", "https://ubuntu.com/security/notices/USN-7703-3", "https://ubuntu.com/security/notices/USN-7703-4", "https://ubuntu.com/security/notices/USN-7719-1", "https://ubuntu.com/security/notices/USN-7737-1", "https://ubuntu.com/security/notices/USN-8060-1", "https://ubuntu.com/security/notices/USN-8060-2", "https://ubuntu.com/security/notices/USN-8060-3", "https://ubuntu.com/security/notices/USN-8060-4", "https://ubuntu.com/security/notices/USN-8060-5", "https://ubuntu.com/security/notices/USN-8060-6", "https://ubuntu.com/security/notices/USN-8060-7", "https://ubuntu.com/security/notices/USN-8098-1", "https://ubuntu.com/security/notices/USN-8098-2", "https://ubuntu.com/security/notices/USN-8098-3", "https://ubuntu.com/security/notices/USN-8098-4", "https://ubuntu.com/security/notices/USN-8098-5", "https://ubuntu.com/security/notices/USN-8098-6", "https://ubuntu.com/security/notices/USN-8098-7", "https://ubuntu.com/security/notices/USN-8098-8", "https://ubuntu.com/security/notices/USN-8098-9", "https://ubuntu.com/security/notices/USN-8107-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-21780" ], "PublishedDate": "2025-02-27T03:15:18.827Z", "LastModifiedDate": "2025-11-03T21:19:09.307Z" }, { "VulnerabilityID": "CVE-2025-37899", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37899", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8e0f4510046b05f6845712d35b434b4090beb1c091a2fa40e92125062ff2440b", "Title": "kernel: ksmbd: fix use-after-free in session logoff", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix use-after-free in session logoff\n\nThe sess-\u003euser object can currently be in use by another thread, for\nexample if another connection has sent a session setup request to\nbind to the session being free'd. The handler for that connection could\nbe in the smb2_sess_setup function which makes use of sess-\u003euser.", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 3, "oracle-oval": 3, "redhat": 1, "ubuntu": 3 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37899", "https://git.kernel.org/linus/2fc9feff45d92a92cd5f96487655d5be23fb7e2b (6.15-rc5)", "https://git.kernel.org/stable/c/02d16046cd11a5c037b28c12ffb818c56dd3ef43", "https://git.kernel.org/stable/c/2fc9feff45d92a92cd5f96487655d5be23fb7e2b", "https://git.kernel.org/stable/c/70ad6455139e26e85f48f95d0e21f351c1909342", "https://git.kernel.org/stable/c/931dc8a3670f71c45c0b1379ea4e92dafbda1aca", "https://git.kernel.org/stable/c/d5ec1d79509b3ee01de02c236f096bc050221b7f", "https://linux.oracle.com/cve/CVE-2025-37899.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025052055-CVE-2025-37899-7366@gregkh/T", "https://news.ycombinator.com/item?id=44081338", "https://nvd.nist.gov/vuln/detail/CVE-2025-37899", "https://sean.heelan.io/2025/05/22/how-i-used-o3-to-find-cve-2025-37899-a-remote-zeroday-vulnerability-in-the-linux-kernels-smb-implementation/", "https://ubuntu.com/security/notices/USN-7649-1", "https://ubuntu.com/security/notices/USN-7649-2", "https://ubuntu.com/security/notices/USN-7650-1", "https://ubuntu.com/security/notices/USN-7665-1", "https://ubuntu.com/security/notices/USN-7665-2", "https://ubuntu.com/security/notices/USN-7721-1", "https://ubuntu.com/security/notices/USN-8059-1", "https://ubuntu.com/security/notices/USN-8059-2", "https://ubuntu.com/security/notices/USN-8059-3", "https://ubuntu.com/security/notices/USN-8059-4", "https://ubuntu.com/security/notices/USN-8059-5", "https://ubuntu.com/security/notices/USN-8059-6", "https://ubuntu.com/security/notices/USN-8059-7", "https://ubuntu.com/security/notices/USN-8059-8", "https://ubuntu.com/security/notices/USN-8059-9", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-37899" ], "PublishedDate": "2025-05-20T16:15:26.273Z", "LastModifiedDate": "2025-12-06T22:15:50.277Z" }, { "VulnerabilityID": "CVE-2025-38118", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38118", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5d35a8235edba10a75f923a8ba7b0149742d064c71f0b0b0a2337ae243e1f77f", "Title": "kernel: Linux kernel: Bluetooth MGMT use-after-free vulnerability allows privilege escalation", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete\n\nThis reworks MGMT_OP_REMOVE_ADV_MONITOR to not use mgmt_pending_add to\navoid crashes like bellow:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in mgmt_remove_adv_monitor_complete+0xe5/0x540 net/bluetooth/mgmt.c:5406\nRead of size 8 at addr ffff88801c53f318 by task kworker/u5:5/5341\n\nCPU: 0 UID: 0 PID: 5341 Comm: kworker/u5:5 Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xd2/0x2b0 mm/kasan/report.c:521\n kasan_report+0x118/0x150 mm/kasan/report.c:634\n mgmt_remove_adv_monitor_complete+0xe5/0x540 net/bluetooth/mgmt.c:5406\n hci_cmd_sync_work+0x261/0x3a0 net/bluetooth/hci_sync.c:334\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x711/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nAllocated by task 5987:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4358\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n mgmt_pending_new+0x65/0x240 net/bluetooth/mgmt_util.c:252\n mgmt_pending_add+0x34/0x120 net/bluetooth/mgmt_util.c:279\n remove_adv_monitor+0x103/0x1b0 net/bluetooth/mgmt.c:5454\n hci_mgmt_cmd+0x9c9/0xef0 net/bluetooth/hci_sock.c:1719\n hci_sock_sendmsg+0x6ca/0xef0 net/bluetooth/hci_sock.c:1839\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:727\n sock_write_iter+0x258/0x330 net/socket.c:1131\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x548/0xa90 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 5989:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2380 [inline]\n slab_free mm/slub.c:4642 [inline]\n kfree+0x18e/0x440 mm/slub.c:4841\n mgmt_pending_foreach+0xc9/0x120 net/bluetooth/mgmt_util.c:242\n mgmt_index_removed+0x10d/0x2f0 net/bluetooth/mgmt.c:9366\n hci_sock_bind+0xbe9/0x1000 net/bluetooth/hci_sock.c:1314\n __sys_bind_socket net/socket.c:1810 [inline]\n __sys_bind+0x2c3/0x3e0 net/socket.c:1841\n __do_sys_bind net/socket.c:1846 [inline]\n __se_sys_bind net/socket.c:1844 [inline]\n __x64_sys_bind+0x7a/0x90 net/socket.c:1844\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 3 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38118", "https://git.kernel.org/linus/e6ed54e86aae9e4f7286ce8d5c73780f91b48d1c (6.16-rc2)", "https://git.kernel.org/stable/c/32aa2fbe319f33b0318ec6f4fceb63879771a286", "https://git.kernel.org/stable/c/3c9aba9cbdf163e2654be9f82d43ff8a04273962", "https://git.kernel.org/stable/c/9df3e5e7f7e4653fd9802878cedc36defc5ef42d", "https://git.kernel.org/stable/c/9f66b6531c2b4e996bb61720ee94adb4b2e8d1be", "https://git.kernel.org/stable/c/e6ed54e86aae9e4f7286ce8d5c73780f91b48d1c", "https://linux.oracle.com/cve/CVE-2025-38118.html", "https://linux.oracle.com/errata/ELSA-2025-20551.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025070326-CVE-2025-38118-f9ca@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38118", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://ubuntu.com/security/notices/USN-7861-1", "https://ubuntu.com/security/notices/USN-7861-2", "https://ubuntu.com/security/notices/USN-7861-3", "https://ubuntu.com/security/notices/USN-7861-5", "https://ubuntu.com/security/notices/USN-7864-1", "https://ubuntu.com/security/notices/USN-7935-1", "https://ubuntu.com/security/notices/USN-7940-1", "https://ubuntu.com/security/notices/USN-7940-2", "https://www.cve.org/CVERecord?id=CVE-2025-38118" ], "PublishedDate": "2025-07-03T09:15:25.757Z", "LastModifiedDate": "2025-12-17T18:29:15.03Z" }, { "VulnerabilityID": "CVE-2025-38561", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-168.178", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38561", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:257547b2359f320b45c826bd330fdad7a0ff837ec62cda9a195faf3140ce2530", "Title": "kernel: ksmbd: fix Preauh_HashValue race condition", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix Preauh_HashValue race condition\n\nIf client send multiple session setup requests to ksmbd,\nPreauh_HashValue race condition could happen.\nThere is no need to free sess-\u003ePreauh_HashValue at session setup phase.\nIt can be freed together with session at connection termination phase.", "Severity": "HIGH", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "nvd": 2, "photon": 2, "ubuntu": 3 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38561", "https://git.kernel.org/linus/44a3059c4c8cc635a1fb2afd692d0730ca1ba4b6 (6.17-rc1)", "https://git.kernel.org/stable/c/44a3059c4c8cc635a1fb2afd692d0730ca1ba4b6", "https://git.kernel.org/stable/c/6613887da1d18dd2ecfd6c6148a873c4d903ebdc", "https://git.kernel.org/stable/c/7d7c0c5304c88bcbd7a85e9bcd61d27e998ba5fc", "https://git.kernel.org/stable/c/b69fd87076daa66f3d186bd421a7b0ee0cb45829", "https://git.kernel.org/stable/c/edeecc7871e8fc0878d53ce286c75040a0e38f6c", "https://git.kernel.org/stable/c/fbf5c0845ed15122a770bca9be1d9b60b470d3aa", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025081907-CVE-2025-38561-0f75@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38561", "https://ubuntu.com/security/notices/USN-7879-1", "https://ubuntu.com/security/notices/USN-7879-2", "https://ubuntu.com/security/notices/USN-7879-3", "https://ubuntu.com/security/notices/USN-7879-4", "https://ubuntu.com/security/notices/USN-7880-1", "https://ubuntu.com/security/notices/USN-7934-1", "https://ubuntu.com/security/notices/USN-8013-1", "https://ubuntu.com/security/notices/USN-8013-2", "https://ubuntu.com/security/notices/USN-8013-3", "https://ubuntu.com/security/notices/USN-8013-4", "https://ubuntu.com/security/notices/USN-8015-1", "https://ubuntu.com/security/notices/USN-8015-2", "https://ubuntu.com/security/notices/USN-8015-3", "https://ubuntu.com/security/notices/USN-8015-4", "https://ubuntu.com/security/notices/USN-8015-5", "https://ubuntu.com/security/notices/USN-8016-1", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38561", "https://www.zerodayinitiative.com/advisories/ZDI-25-916/" ], "PublishedDate": "2025-08-19T17:15:32.503Z", "LastModifiedDate": "2026-01-07T20:41:54.54Z" }, { "VulnerabilityID": "CVE-2026-23112", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23112", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d411fc2195d80b7c7f7f77c87e29a2dd157be358b78542c2e53c714666a52e16", "Title": "kernel: nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec\n\nnvmet_tcp_build_pdu_iovec() could walk past cmd-\u003ereq.sg when a PDU\nlength or offset exceeds sg_cnt and then use bogus sg-\u003elength/offset\nvalues, leading to _copy_to_iter() GPF/KASAN. Guard sg_idx, remaining\nentries, and sg-\u003elength/offset before building the bvec.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "azure": 2, "nvd": 4, "oracle-oval": 3, "photon": 4, "redhat": 2, "ubuntu": 3 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 6.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23112", "https://git.kernel.org/linus/52a0a98549344ca20ad81a4176d68d28e3c05a5c (6.19)", "https://git.kernel.org/stable/c/043b4307a99f902697349128fde93b2ddde4686c", "https://git.kernel.org/stable/c/1385be357e8acd09b36e026567f3a9d5c61139de", "https://git.kernel.org/stable/c/19672ae68d52ff75347ebe2420dde1b07adca09f", "https://git.kernel.org/stable/c/42afe8ed8ad2de9c19457156244ef3e1eca94b5d", "https://git.kernel.org/stable/c/52a0a98549344ca20ad81a4176d68d28e3c05a5c", "https://git.kernel.org/stable/c/ab200d71553bdcf4de554a5985b05b2dd606bc57", "https://git.kernel.org/stable/c/dca1a6ba0da9f472ef040525fab10fd9956db59f", "https://linux.oracle.com/cve/CVE-2026-23112.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026021302-CVE-2026-23112-6499@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23112", "https://www.cve.org/CVERecord?id=CVE-2026-23112" ], "PublishedDate": "2026-02-13T14:16:10.403Z", "LastModifiedDate": "2026-04-03T14:16:24.067Z" }, { "VulnerabilityID": "CVE-2026-23268", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23268", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:25cf852cd9920b449fc1e63c63de5aac7cb4dd63a3156b19a47768929105e250", "Title": "kernel: apparmor: fix unprivileged local user can do privileged policy management", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix unprivileged local user can do privileged policy management\n\nAn unprivileged local user can load, replace, and remove profiles by\nopening the apparmorfs interfaces, via a confused deputy attack, by\npassing the opened fd to a privileged process, and getting the\nprivileged process to write to the interface.\n\nThis does require a privileged target that can be manipulated to do\nthe write for the unprivileged process, but once such access is\nachieved full policy management is possible and all the possible\nimplications that implies: removing confinement, DoS of system or\ntarget applications by denying all execution, by-passing the\nunprivileged user namespace restriction, to exploiting kernel bugs for\na local privilege escalation.\n\nThe policy management interface can not have its permissions simply\nchanged from 0666 to 0600 because non-root processes need to be able\nto load policy to different policy namespaces.\n\nInstead ensure the task writing the interface has privileges that\nare a subset of the task that opened the interface. This is already\ndone via policy for confined processes, but unconfined can delegate\naccess to the opened fd, by-passing the usual policy check.", "Severity": "HIGH", "VendorSeverity": { "azure": 3, "photon": 3, "ubuntu": 3 }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23268", "https://cdn2.qualys.com/advisory/2026/03/10/crack-armor.txt", "https://git.kernel.org/stable/c/0fc63dd9170643d15c25681fca792539e23f4640", "https://git.kernel.org/stable/c/17debf5586020790b5717f96e5e6a3ca5bb961ab", "https://git.kernel.org/stable/c/6601e13e82841879406bf9f369032656f441a425", "https://git.kernel.org/stable/c/b60b3f7a35c46b2e0ca934f9c988b8fca06d76c6", "https://git.kernel.org/stable/c/b6a94eeca9c6c8f7c55ad44c62c98324f51ec596", "https://lore.kernel.org/linux-cve-announce/2026031846-CVE-2026-23268-6be3@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23268", "https://ubuntu.com/blog/apparmor-vulnerability-fixes-available", "https://ubuntu.com/security/notices/USN-8141-1", "https://ubuntu.com/security/vulnerabilities/crackarmor", "https://www.cve.org/CVERecord?id=CVE-2026-23268", "https://www.qualys.com/2026/03/10/crack-armor.txt" ], "PublishedDate": "2026-03-18T18:16:25.753Z", "LastModifiedDate": "2026-04-02T15:16:27.533Z" }, { "VulnerabilityID": "CVE-2026-23410", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23410", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:515c47aa41938673d3cd7f2b564b4b830d5a1652a603dbb63c397b4c79068193", "Title": "kernel: apparmor: fix race on rawdata dereference", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix race on rawdata dereference\n\nThere is a race condition that leads to a use-after-free situation:\nbecause the rawdata inodes are not refcounted, an attacker can start\nopen()ing one of the rawdata files, and at the same time remove the\nlast reference to this rawdata (by removing the corresponding profile,\nfor example), which frees its struct aa_loaddata; as a result, when\nseq_rawdata_open() is reached, i_private is a dangling pointer and\nfreed memory is accessed.\n\nThe rawdata inodes weren't refcounted to avoid a circular refcount and\nwere supposed to be held by the profile rawdata reference. However\nduring profile removal there is a window where the vfs and profile\ndestruction race, resulting in the use after free.\n\nFix this by moving to a double refcount scheme. Where the profile\nrefcount on rawdata is used to break the circular dependency. Allowing\nfor freeing of the rawdata once all inode references to the rawdata\nare put.", "Severity": "HIGH", "VendorSeverity": { "redhat": 2, "ubuntu": 3 }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23410", "https://cdn2.qualys.com/advisory/2026/03/10/crack-armor.txt", "https://git.kernel.org/stable/c/6ef1f2926c41ab96952d9696d55a052f1b3a9418", "https://git.kernel.org/stable/c/763e838adc3c7ec5a7df2990ce84cad951e42721", "https://git.kernel.org/stable/c/a0b7091c4de45a7325c8780e6934a894f92ac86b", "https://git.kernel.org/stable/c/af782cc8871e3683ddd5a3cd2f7df526599863a9", "https://git.kernel.org/stable/c/f9761add6d100962a23996cb68f3d6abdd4d1815", "https://lore.kernel.org/linux-cve-announce/2026040113-CVE-2026-23410-d7d5@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23410", "https://ubuntu.com/blog/apparmor-vulnerability-fixes-available", "https://ubuntu.com/security/vulnerabilities/crackarmor", "https://www.cve.org/CVERecord?id=CVE-2026-23410", "https://www.openwall.com/lists/oss-security/2026/04/01/3" ], "PublishedDate": "2026-04-01T09:16:17.093Z", "LastModifiedDate": "2026-04-02T15:16:34.127Z" }, { "VulnerabilityID": "CVE-2026-23411", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23411", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5f952f4386dcf27f587b9f207f707d2a1aa93e5dd7b28fe7ac640f4b3fe7d7f7", "Title": "kernel: apparmor: fix race between freeing data and fs accessing it", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix race between freeing data and fs accessing it\n\nAppArmor was putting the reference to i_private data on its end after\nremoving the original entry from the file system. However the inode\ncan aand does live beyond that point and it is possible that some of\nthe fs call back functions will be invoked after the reference has\nbeen put, which results in a race between freeing the data and\naccessing it through the fs.\n\nWhile the rawdata/loaddata is the most likely candidate to fail the\nrace, as it has the fewest references. If properly crafted it might be\npossible to trigger a race for the other types stored in i_private.\n\nFix this by moving the put of i_private referenced data to the correct\nplace which is during inode eviction.", "Severity": "HIGH", "VendorSeverity": { "ubuntu": 3 }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23411", "https://cdn2.qualys.com/advisory/2026/03/10/crack-armor.txt", "https://git.kernel.org/stable/c/13bc2772414d68e94e273dea013181a986948ddf", "https://git.kernel.org/stable/c/2a732ed26fbd048e7925d227af8cf9ea43fb5cc9", "https://git.kernel.org/stable/c/8e135b8aee5a06c52a4347a5a6d51223c6f36ba3", "https://git.kernel.org/stable/c/ae10787d955fb255d381e0d5589451dd72c614b1", "https://git.kernel.org/stable/c/eecce026399917f6efa532c56bc7a3e9dd6ee68b", "https://lore.kernel.org/linux-cve-announce/2026040114-CVE-2026-23411-00f7@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23411", "https://ubuntu.com/blog/apparmor-vulnerability-fixes-available", "https://ubuntu.com/security/vulnerabilities/crackarmor", "https://www.cve.org/CVERecord?id=CVE-2026-23411", "https://www.openwall.com/lists/oss-security/2026/04/01/3" ], "PublishedDate": "2026-04-01T09:16:17.27Z", "LastModifiedDate": "2026-04-02T15:16:34.32Z" }, { "VulnerabilityID": "CVE-2013-7445", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-7445", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:808e29ca8710ca471ba2e1e796106d42761b37375c93b682beb6435321726e7c", "Title": "kernel: memory exhaustion via crafted Graphics Execution Manager (GEM) objects", "Description": "The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.", "Severity": "MEDIUM", "CweIDs": [ "CWE-399" ], "VendorSeverity": { "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "V2Score": 7.8 }, "redhat": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V2Score": 4.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2013-7445", "https://bugzilla.kernel.org/show_bug.cgi?id=60533", "https://lists.freedesktop.org/archives/dri-devel/2015-September/089778.html (potential start towards fixing)", "https://nvd.nist.gov/vuln/detail/CVE-2013-7445", "https://www.cve.org/CVERecord?id=CVE-2013-7445" ], "PublishedDate": "2015-10-16T01:59:00.12Z", "LastModifiedDate": "2025-04-12T10:46:40.837Z" }, { "VulnerabilityID": "CVE-2015-7837", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-7837", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ea0f84722c5fa986cb91998e47081b1bee56ddb733b0b04385dcf27f3b503226", "Title": "kernel: securelevel disabled after kexec", "Description": "The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot.", "Severity": "MEDIUM", "CweIDs": [ "CWE-254" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V2Score": 2.1, "V3Score": 5.5 }, "redhat": { "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "V2Score": 1.9 } }, "References": [ "http://rhn.redhat.com/errata/RHSA-2015-2152.html", "http://rhn.redhat.com/errata/RHSA-2015-2411.html", "http://www.openwall.com/lists/oss-security/2015/10/15", "http://www.openwall.com/lists/oss-security/2015/10/15/6", "http://www.securityfocus.com/bid/77097", "https://access.redhat.com/security/cve/CVE-2015-7837", "https://bugzilla.redhat.com/show_bug.cgi?id=1243998#c3", "https://bugzilla.redhat.com/show_bug.cgi?id=1272472", "https://github.com/mjg59/linux/commit/4b2b64d5a6ebc84214755ebccd599baef7c1b798", "https://linux.oracle.com/cve/CVE-2015-7837.html", "https://linux.oracle.com/errata/ELSA-2019-4316.html", "https://nvd.nist.gov/vuln/detail/CVE-2015-7837", "https://ubuntu.com/security/notices/USN-3405-1", "https://ubuntu.com/security/notices/USN-3405-2", "https://www.cve.org/CVERecord?id=CVE-2015-7837" ], "PublishedDate": "2017-09-19T16:29:00.23Z", "LastModifiedDate": "2025-04-20T01:37:25.86Z" }, { "VulnerabilityID": "CVE-2015-8553", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8553", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:41c53c9bb05a93cf846ee24a5ccfff9144a1e7c0817ec939923875f4fb8021b0", "Title": "xen: non-maskable interrupts triggerable by guests (xsa120)", "Description": "Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777.", "Severity": "MEDIUM", "CweIDs": [ "CWE-200" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "V2Score": 2.1, "V3Score": 6.5 }, "redhat": { "V2Vector": "AV:A/AC:M/Au:S/C:N/I:N/A:C", "V2Score": 5.2 } }, "References": [ "http://thread.gmane.org/gmane.linux.kernel/1924087/focus=1930758 (regression mention)", "http://xenbits.xen.org/xsa/advisory-120.html", "https://access.redhat.com/security/cve/CVE-2015-8553", "https://nvd.nist.gov/vuln/detail/CVE-2015-8553", "https://seclists.org/bugtraq/2019/Aug/18", "https://www.cve.org/CVERecord?id=CVE-2015-8553", "https://www.debian.org/security/2019/dsa-4497" ], "PublishedDate": "2016-04-13T15:59:07.307Z", "LastModifiedDate": "2025-04-12T10:46:40.837Z" }, { "VulnerabilityID": "CVE-2016-8660", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8660", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:fb0bbfbd7f9bf8c57c4c6174111f95e683187c15175241b6a9139aec3db829f9", "Title": "kernel: xfs: local DoS due to a page lock order bug in the XFS seek hole/data implementation", "Description": "The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a \"page lock order bug in the XFS seek hole/data implementation.\"", "Severity": "MEDIUM", "CweIDs": [ "CWE-19" ], "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V2Score": 4.9, "V3Score": 5.5 }, "redhat": { "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V2Score": 4.7, "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2016/10/13/8", "http://www.securityfocus.com/bid/93558", "https://access.redhat.com/security/cve/CVE-2016-8660", "https://bugzilla.redhat.com/show_bug.cgi?id=1384851", "https://lore.kernel.org/linux-xfs/895314622.769515.1476375930648.JavaMail.zimbra@redhat.com/", "https://marc.info/?l=linux-fsdevel\u0026m=147639177409294\u0026w=2", "https://marc.info/?l=linux-xfs\u0026m=149498118228320\u0026w=2", "https://nvd.nist.gov/vuln/detail/CVE-2016-8660", "https://www.cve.org/CVERecord?id=CVE-2016-8660" ], "PublishedDate": "2016-10-16T21:59:14.333Z", "LastModifiedDate": "2025-04-12T10:46:40.837Z" }, { "VulnerabilityID": "CVE-2018-17977", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17977", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:95c7dd439de58c54bb15db0cba1578a443af3e26f856b2ab2622b86b64106195", "Title": "kernel: Mishandled interactions among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets resulting in a denial of service", "Description": "The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service (memory consumption and system hang) by leveraging root access to execute crafted applications, as demonstrated on CentOS 7.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V2Score": 4.9, "V3Score": 4.4 }, "redhat": { "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.9 } }, "References": [ "http://www.securityfocus.com/bid/105539", "https://access.redhat.com/security/cve/CVE-2018-17977", "https://bugzilla.suse.com/show_bug.cgi?id=1111609", "https://nvd.nist.gov/vuln/detail/CVE-2018-17977", "https://www.cve.org/CVERecord?id=CVE-2018-17977", "https://www.openwall.com/lists/oss-security/2018/10/05/5" ], "PublishedDate": "2018-10-08T17:29:00.653Z", "LastModifiedDate": "2024-11-21T03:55:19.193Z" }, { "VulnerabilityID": "CVE-2019-15794", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-15794", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:682657c26dee31777de3389de17921e88c532a24e0147b9c2cba32bb6e2b1673", "Title": "kernel: Overlayfs in the Linux kernel and shiftfs not restoring original value on error leading to a refcount underflow", "Description": "Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma-\u003evm_file in their mmap handlers. On error the original value is not restored, and the reference is put for the file to which vm_file points. On upstream kernels this is not an issue, as no callers dereference vm_file following after call_mmap() returns an error. However, the aufs patchs change mmap_region() to replace the fput() using a local variable with vma_fput(), which will fput() vm_file, leading to a refcount underflow.", "Severity": "MEDIUM", "CweIDs": [ "CWE-672" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "V2Score": 7.2, "V3Score": 6.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2019-15794", "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/eoan/commit/?id=270d16ae48a4dbf1c7e25e94cc3e38b4bea37635", "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/eoan/commit/?id=ef81780548d20a786cc77ed4203fca146fd81ce3", "https://nvd.nist.gov/vuln/detail/CVE-2019-15794", "https://ubuntu.com/security/notices/USN-4208-1", "https://ubuntu.com/security/notices/USN-4209-1", "https://usn.ubuntu.com/usn/usn-4208-1", "https://usn.ubuntu.com/usn/usn-4209-1", "https://www.cve.org/CVERecord?id=CVE-2019-15794" ], "PublishedDate": "2020-04-24T00:15:11.933Z", "LastModifiedDate": "2024-11-21T04:29:28.88Z" }, { "VulnerabilityID": "CVE-2020-14356", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-14356", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2b4a98a95a5216d178488a62ff461da1144d0fd137c59903e8b1b329ee72fdab", "Title": "kernel: Use After Free vulnerability in cgroup BPF component", "Description": "A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 3, "amazon": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V2Score": 7.2, "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html", "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html", "https://access.redhat.com/security/cve/CVE-2020-14356", "https://bugzilla.kernel.org/show_bug.cgi?id=208003", "https://bugzilla.redhat.com/show_bug.cgi?id=1868453", "https://linux.oracle.com/cve/CVE-2020-14356.html", "https://linux.oracle.com/errata/ELSA-2021-1578.html", "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html", "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html", "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html", "https://lore.kernel.org/netdev/CAM_iQpUKQJrj8wE+Qa8NGR3P0L+5Uz=qo-O5+k_P60HzTde6aw%40mail.gmail.com/t/", "https://nvd.nist.gov/vuln/detail/CVE-2020-14356", "https://security.netapp.com/advisory/ntap-20200904-0002/", "https://ubuntu.com/security/notices/USN-4483-1", "https://ubuntu.com/security/notices/USN-4484-1", "https://ubuntu.com/security/notices/USN-4526-1", "https://usn.ubuntu.com/4483-1/", "https://usn.ubuntu.com/4484-1/", "https://usn.ubuntu.com/4526-1/", "https://www.cve.org/CVERecord?id=CVE-2020-14356" ], "PublishedDate": "2020-08-19T15:15:12.06Z", "LastModifiedDate": "2024-11-21T05:03:05.017Z" }, { "VulnerabilityID": "CVE-2021-3714", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3714", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1dc193259eb58951ed353a20d3d2706732eb50a29b1aff1f530d50f3cf186729", "Title": "kernel: Remote Page Deduplication Attacks", "Description": "A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a networked service to determine if the page has been merged.", "Severity": "MEDIUM", "CweIDs": [ "CWE-200" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-3714", "https://arxiv.org/abs/2111.08553", "https://arxiv.org/pdf/2111.08553.pdf", "https://bugzilla.redhat.com/show_bug.cgi?id=1931327", "https://nvd.nist.gov/vuln/detail/CVE-2021-3714", "https://www.cve.org/CVERecord?id=CVE-2021-3714" ], "PublishedDate": "2022-08-23T16:15:09.6Z", "LastModifiedDate": "2024-11-21T06:22:13.803Z" }, { "VulnerabilityID": "CVE-2021-3864", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3864", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c1cd6b3767205ea534a26e13b162dc2b9b00b6b46f51002720523eb3798a7532", "Title": "kernel: descendant's dumpable setting with certain SUID binaries", "Description": "A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges.", "Severity": "MEDIUM", "CweIDs": [ "CWE-284" ], "VendorSeverity": { "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-3864", "https://bugzilla.redhat.com/show_bug.cgi?id=2015046", "https://lore.kernel.org/all/20211221021744.864115-1-longman%40redhat.com/", "https://lore.kernel.org/all/20211221021744.864115-1-longman@redhat.com", "https://lore.kernel.org/all/20211226150310.GA992%401wt.eu/", "https://lore.kernel.org/all/20211226150310.GA992@1wt.eu/", "https://lore.kernel.org/lkml/20211228170910.623156-1-wander%40redhat.com/", "https://lore.kernel.org/lkml/20211228170910.623156-1-wander@redhat.com", "https://nvd.nist.gov/vuln/detail/CVE-2021-3864", "https://security-tracker.debian.org/tracker/CVE-2021-3864", "https://www.cve.org/CVERecord?id=CVE-2021-3864", "https://www.openwall.com/lists/oss-security/2021/10/20/2" ], "PublishedDate": "2022-08-26T16:15:09.68Z", "LastModifiedDate": "2024-11-21T06:22:41.197Z" }, { "VulnerabilityID": "CVE-2021-4095", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-4095", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0451a96b4ecf05707b44376820b3d0699ad27979c7265a456528c504aeceba54", "Title": "kernel: KVM: NULL pointer dereference in kvm_dirty_ring_get() in virt/kvm/dirty_ring.c", "Description": "A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a denial of service by issuing a KVM_XEN_HVM_SET_ATTR ioctl. This flaw affects Linux kernel versions prior to 5.17-rc1.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "cbl-mariner": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V2Score": 1.9, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2022/01/17/1", "https://access.redhat.com/security/cve/CVE-2021-4095", "https://bugzilla.redhat.com/show_bug.cgi?id=2031194", "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=55749769fe608fa3f4a075e42e89d237c8e3763", "https://linux.oracle.com/cve/CVE-2021-4095.html", "https://linux.oracle.com/errata/ELSA-2022-9534.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIOQN7JJNN6ABIDGRSTVZA65MHRLMH2Q/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VT6573CGKVK3DU2632VVO5BVM4IU7SBV/", "https://lore.kernel.org/kvm/CAFcO6XOmoS7EacN_n6v4Txk7xL7iqRa2gABg3F7E3Naf5uG94g@mail.gmail.com/", "https://nvd.nist.gov/vuln/detail/CVE-2021-4095", "https://patchwork.kernel.org/project/kvm/patch/20211121125451.9489-12-dwmw2@infradead.org/", "https://seclists.org/oss-sec/2021/q4/157", "https://www.cve.org/CVERecord?id=CVE-2021-4095" ], "PublishedDate": "2022-03-10T17:44:53.563Z", "LastModifiedDate": "2024-11-21T06:36:53.443Z" }, { "VulnerabilityID": "CVE-2021-47432", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-47432", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2df78cd7fcc7ee65a67cc13e2c86007b6eeae37916daf73ccc5a08c292bf2aa0", "Title": "kernel: lib/generic-radix-tree.c: Don't overflow in peek()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/generic-radix-tree.c: Don't overflow in peek()\n\nWhen we started spreading new inode numbers throughout most of the 64\nbit inode space, that triggered some corner case bugs, in particular\nsome integer overflows related to the radix tree code. Oops.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "alma": 3, "amazon": 3, "oracle-oval": 2, "photon": 2, "redhat": 1, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:7001", "https://access.redhat.com/security/cve/CVE-2021-47432", "https://bugzilla.redhat.com/2258012", "https://bugzilla.redhat.com/2258013", "https://bugzilla.redhat.com/2260038", "https://bugzilla.redhat.com/2265799", "https://bugzilla.redhat.com/2266358", "https://bugzilla.redhat.com/2266750", "https://bugzilla.redhat.com/2267036", "https://bugzilla.redhat.com/2267041", "https://bugzilla.redhat.com/2267795", "https://bugzilla.redhat.com/2267916", "https://bugzilla.redhat.com/2267925", "https://bugzilla.redhat.com/2268295", "https://bugzilla.redhat.com/2271648", "https://bugzilla.redhat.com/2271796", "https://bugzilla.redhat.com/2272793", "https://bugzilla.redhat.com/2273141", "https://bugzilla.redhat.com/2273148", "https://bugzilla.redhat.com/2273180", "https://bugzilla.redhat.com/2275661", "https://bugzilla.redhat.com/2275690", "https://bugzilla.redhat.com/2275742", "https://bugzilla.redhat.com/2277171", "https://bugzilla.redhat.com/2278220", "https://bugzilla.redhat.com/2278270", "https://bugzilla.redhat.com/2278447", "https://bugzilla.redhat.com/2281217", "https://bugzilla.redhat.com/2281317", "https://bugzilla.redhat.com/2281704", "https://bugzilla.redhat.com/2281720", "https://bugzilla.redhat.com/2281807", "https://bugzilla.redhat.com/2281847", "https://bugzilla.redhat.com/2282324", "https://bugzilla.redhat.com/2282345", "https://bugzilla.redhat.com/2282354", "https://bugzilla.redhat.com/2282355", "https://bugzilla.redhat.com/2282356", "https://bugzilla.redhat.com/2282357", "https://bugzilla.redhat.com/2282366", "https://bugzilla.redhat.com/2282401", "https://bugzilla.redhat.com/2282422", "https://bugzilla.redhat.com/2282440", "https://bugzilla.redhat.com/2282508", "https://bugzilla.redhat.com/2282511", "https://bugzilla.redhat.com/2282676", "https://bugzilla.redhat.com/2282757", "https://bugzilla.redhat.com/2282851", "https://bugzilla.redhat.com/2282890", "https://bugzilla.redhat.com/2282903", "https://bugzilla.redhat.com/2282918", "https://bugzilla.redhat.com/2283389", "https://bugzilla.redhat.com/2283424", "https://bugzilla.redhat.com/2284271", "https://bugzilla.redhat.com/2284515", "https://bugzilla.redhat.com/2284545", "https://bugzilla.redhat.com/2284596", "https://bugzilla.redhat.com/2284628", "https://bugzilla.redhat.com/2284634", "https://bugzilla.redhat.com/2293247", "https://bugzilla.redhat.com/2293270", "https://bugzilla.redhat.com/2293273", "https://bugzilla.redhat.com/2293304", "https://bugzilla.redhat.com/2293377", "https://bugzilla.redhat.com/2293408", "https://bugzilla.redhat.com/2293423", "https://bugzilla.redhat.com/2293440", "https://bugzilla.redhat.com/2293441", "https://bugzilla.redhat.com/2293658", "https://bugzilla.redhat.com/2294313", "https://bugzilla.redhat.com/2297471", "https://bugzilla.redhat.com/2297473", "https://bugzilla.redhat.com/2297478", "https://bugzilla.redhat.com/2297488", "https://bugzilla.redhat.com/2297495", "https://bugzilla.redhat.com/2297496", "https://bugzilla.redhat.com/2297513", "https://bugzilla.redhat.com/2297515", "https://bugzilla.redhat.com/2297525", "https://bugzilla.redhat.com/2297538", "https://bugzilla.redhat.com/2297542", "https://bugzilla.redhat.com/2297543", "https://bugzilla.redhat.com/2297544", "https://bugzilla.redhat.com/2297556", "https://bugzilla.redhat.com/2297561", "https://bugzilla.redhat.com/2297562", "https://bugzilla.redhat.com/2297572", "https://bugzilla.redhat.com/2297573", "https://bugzilla.redhat.com/2297579", "https://bugzilla.redhat.com/2297581", "https://bugzilla.redhat.com/2297582", "https://bugzilla.redhat.com/2297589", "https://bugzilla.redhat.com/2297706", "https://bugzilla.redhat.com/2297909", "https://bugzilla.redhat.com/2298079", "https://bugzilla.redhat.com/2298140", "https://bugzilla.redhat.com/2298177", "https://bugzilla.redhat.com/2298640", "https://bugzilla.redhat.com/2299240", "https://bugzilla.redhat.com/2299336", "https://bugzilla.redhat.com/2299452", "https://bugzilla.redhat.com/2300296", "https://bugzilla.redhat.com/2300297", "https://bugzilla.redhat.com/2300402", "https://bugzilla.redhat.com/2300407", "https://bugzilla.redhat.com/2300408", "https://bugzilla.redhat.com/2300409", "https://bugzilla.redhat.com/2300410", "https://bugzilla.redhat.com/2300414", "https://bugzilla.redhat.com/2300429", "https://bugzilla.redhat.com/2300430", "https://bugzilla.redhat.com/2300434", "https://bugzilla.redhat.com/2300448", "https://bugzilla.redhat.com/2300453", "https://bugzilla.redhat.com/2300492", "https://bugzilla.redhat.com/2300533", "https://bugzilla.redhat.com/2300552", "https://bugzilla.redhat.com/2300713", "https://bugzilla.redhat.com/2301477", "https://bugzilla.redhat.com/2301489", "https://bugzilla.redhat.com/2301496", "https://bugzilla.redhat.com/2301519", "https://bugzilla.redhat.com/2301522", "https://bugzilla.redhat.com/2301544", "https://bugzilla.redhat.com/2303077", "https://bugzilla.redhat.com/2303505", "https://bugzilla.redhat.com/2303506", "https://bugzilla.redhat.com/2303508", "https://bugzilla.redhat.com/2303514", "https://bugzilla.redhat.com/2305467", "https://bugzilla.redhat.com/2306365", "https://bugzilla.redhat.com/show_bug.cgi?id=2258012", "https://bugzilla.redhat.com/show_bug.cgi?id=2258013", "https://bugzilla.redhat.com/show_bug.cgi?id=2260038", "https://bugzilla.redhat.com/show_bug.cgi?id=2265799", "https://bugzilla.redhat.com/show_bug.cgi?id=2265838", "https://bugzilla.redhat.com/show_bug.cgi?id=2266358", "https://bugzilla.redhat.com/show_bug.cgi?id=2266750", "https://bugzilla.redhat.com/show_bug.cgi?id=2267036", "https://bugzilla.redhat.com/show_bug.cgi?id=2267041", "https://bugzilla.redhat.com/show_bug.cgi?id=2267795", "https://bugzilla.redhat.com/show_bug.cgi?id=2267916", "https://bugzilla.redhat.com/show_bug.cgi?id=2267925", "https://bugzilla.redhat.com/show_bug.cgi?id=2268295", "https://bugzilla.redhat.com/show_bug.cgi?id=2270103", "https://bugzilla.redhat.com/show_bug.cgi?id=2271648", "https://bugzilla.redhat.com/show_bug.cgi?id=2271796", "https://bugzilla.redhat.com/show_bug.cgi?id=2272793", "https://bugzilla.redhat.com/show_bug.cgi?id=2273141", "https://bugzilla.redhat.com/show_bug.cgi?id=2273148", "https://bugzilla.redhat.com/show_bug.cgi?id=2273180", "https://bugzilla.redhat.com/show_bug.cgi?id=2275558", "https://bugzilla.redhat.com/show_bug.cgi?id=2275661", "https://bugzilla.redhat.com/show_bug.cgi?id=2275690", "https://bugzilla.redhat.com/show_bug.cgi?id=2275742", "https://bugzilla.redhat.com/show_bug.cgi?id=2277171", "https://bugzilla.redhat.com/show_bug.cgi?id=2278220", "https://bugzilla.redhat.com/show_bug.cgi?id=2278270", "https://bugzilla.redhat.com/show_bug.cgi?id=2278447", "https://bugzilla.redhat.com/show_bug.cgi?id=2281217", "https://bugzilla.redhat.com/show_bug.cgi?id=2281317", "https://bugzilla.redhat.com/show_bug.cgi?id=2281704", "https://bugzilla.redhat.com/show_bug.cgi?id=2281720", "https://bugzilla.redhat.com/show_bug.cgi?id=2281807", "https://bugzilla.redhat.com/show_bug.cgi?id=2281847", "https://bugzilla.redhat.com/show_bug.cgi?id=2282324", "https://bugzilla.redhat.com/show_bug.cgi?id=2282345", "https://bugzilla.redhat.com/show_bug.cgi?id=2282354", "https://bugzilla.redhat.com/show_bug.cgi?id=2282355", "https://bugzilla.redhat.com/show_bug.cgi?id=2282356", "https://bugzilla.redhat.com/show_bug.cgi?id=2282357", "https://bugzilla.redhat.com/show_bug.cgi?id=2282366", "https://bugzilla.redhat.com/show_bug.cgi?id=2282401", "https://bugzilla.redhat.com/show_bug.cgi?id=2282422", "https://bugzilla.redhat.com/show_bug.cgi?id=2282440", "https://bugzilla.redhat.com/show_bug.cgi?id=2282508", "https://bugzilla.redhat.com/show_bug.cgi?id=2282511", "https://bugzilla.redhat.com/show_bug.cgi?id=2282648", "https://bugzilla.redhat.com/show_bug.cgi?id=2282669", "https://bugzilla.redhat.com/show_bug.cgi?id=2282676", "https://bugzilla.redhat.com/show_bug.cgi?id=2282757", "https://bugzilla.redhat.com/show_bug.cgi?id=2282764", "https://bugzilla.redhat.com/show_bug.cgi?id=2282851", "https://bugzilla.redhat.com/show_bug.cgi?id=2282890", "https://bugzilla.redhat.com/show_bug.cgi?id=2282903", "https://bugzilla.redhat.com/show_bug.cgi?id=2282918", "https://bugzilla.redhat.com/show_bug.cgi?id=2283389", "https://bugzilla.redhat.com/show_bug.cgi?id=2283424", "https://bugzilla.redhat.com/show_bug.cgi?id=2284271", "https://bugzilla.redhat.com/show_bug.cgi?id=2284511", "https://bugzilla.redhat.com/show_bug.cgi?id=2284515", "https://bugzilla.redhat.com/show_bug.cgi?id=2284545", "https://bugzilla.redhat.com/show_bug.cgi?id=2284596", "https://bugzilla.redhat.com/show_bug.cgi?id=2284628", "https://bugzilla.redhat.com/show_bug.cgi?id=2284630", "https://bugzilla.redhat.com/show_bug.cgi?id=2284634", "https://bugzilla.redhat.com/show_bug.cgi?id=2293247", "https://bugzilla.redhat.com/show_bug.cgi?id=2293270", "https://bugzilla.redhat.com/show_bug.cgi?id=2293273", "https://bugzilla.redhat.com/show_bug.cgi?id=2293304", "https://bugzilla.redhat.com/show_bug.cgi?id=2293377", "https://bugzilla.redhat.com/show_bug.cgi?id=2293408", "https://bugzilla.redhat.com/show_bug.cgi?id=2293414", "https://bugzilla.redhat.com/show_bug.cgi?id=2293423", "https://bugzilla.redhat.com/show_bug.cgi?id=2293440", "https://bugzilla.redhat.com/show_bug.cgi?id=2293441", "https://bugzilla.redhat.com/show_bug.cgi?id=2293658", "https://bugzilla.redhat.com/show_bug.cgi?id=2294313", "https://bugzilla.redhat.com/show_bug.cgi?id=2297471", "https://bugzilla.redhat.com/show_bug.cgi?id=2297473", "https://bugzilla.redhat.com/show_bug.cgi?id=2297478", "https://bugzilla.redhat.com/show_bug.cgi?id=2297488", "https://bugzilla.redhat.com/show_bug.cgi?id=2297495", "https://bugzilla.redhat.com/show_bug.cgi?id=2297496", "https://bugzilla.redhat.com/show_bug.cgi?id=2297513", "https://bugzilla.redhat.com/show_bug.cgi?id=2297515", "https://bugzilla.redhat.com/show_bug.cgi?id=2297525", "https://bugzilla.redhat.com/show_bug.cgi?id=2297538", "https://bugzilla.redhat.com/show_bug.cgi?id=2297542", "https://bugzilla.redhat.com/show_bug.cgi?id=2297543", "https://bugzilla.redhat.com/show_bug.cgi?id=2297544", "https://bugzilla.redhat.com/show_bug.cgi?id=2297556", "https://bugzilla.redhat.com/show_bug.cgi?id=2297561", "https://bugzilla.redhat.com/show_bug.cgi?id=2297562", "https://bugzilla.redhat.com/show_bug.cgi?id=2297572", "https://bugzilla.redhat.com/show_bug.cgi?id=2297573", "https://bugzilla.redhat.com/show_bug.cgi?id=2297579", "https://bugzilla.redhat.com/show_bug.cgi?id=2297581", "https://bugzilla.redhat.com/show_bug.cgi?id=2297582", "https://bugzilla.redhat.com/show_bug.cgi?id=2297589", "https://bugzilla.redhat.com/show_bug.cgi?id=2297706", "https://bugzilla.redhat.com/show_bug.cgi?id=2297909", "https://bugzilla.redhat.com/show_bug.cgi?id=2298079", "https://bugzilla.redhat.com/show_bug.cgi?id=2298140", "https://bugzilla.redhat.com/show_bug.cgi?id=2298177", "https://bugzilla.redhat.com/show_bug.cgi?id=2298640", "https://bugzilla.redhat.com/show_bug.cgi?id=2299240", "https://bugzilla.redhat.com/show_bug.cgi?id=2299336", "https://bugzilla.redhat.com/show_bug.cgi?id=2299452", "https://bugzilla.redhat.com/show_bug.cgi?id=2300296", "https://bugzilla.redhat.com/show_bug.cgi?id=2300297", "https://bugzilla.redhat.com/show_bug.cgi?id=2300381", "https://bugzilla.redhat.com/show_bug.cgi?id=2300402", "https://bugzilla.redhat.com/show_bug.cgi?id=2300407", "https://bugzilla.redhat.com/show_bug.cgi?id=2300408", "https://bugzilla.redhat.com/show_bug.cgi?id=2300409", "https://bugzilla.redhat.com/show_bug.cgi?id=2300410", "https://bugzilla.redhat.com/show_bug.cgi?id=2300414", "https://bugzilla.redhat.com/show_bug.cgi?id=2300429", "https://bugzilla.redhat.com/show_bug.cgi?id=2300430", "https://bugzilla.redhat.com/show_bug.cgi?id=2300434", "https://bugzilla.redhat.com/show_bug.cgi?id=2300439", "https://bugzilla.redhat.com/show_bug.cgi?id=2300440", "https://bugzilla.redhat.com/show_bug.cgi?id=2300448", "https://bugzilla.redhat.com/show_bug.cgi?id=2300453", "https://bugzilla.redhat.com/show_bug.cgi?id=2300492", "https://bugzilla.redhat.com/show_bug.cgi?id=2300533", "https://bugzilla.redhat.com/show_bug.cgi?id=2300552", "https://bugzilla.redhat.com/show_bug.cgi?id=2300709", "https://bugzilla.redhat.com/show_bug.cgi?id=2300713", "https://bugzilla.redhat.com/show_bug.cgi?id=2301477", "https://bugzilla.redhat.com/show_bug.cgi?id=2301489", "https://bugzilla.redhat.com/show_bug.cgi?id=2301496", "https://bugzilla.redhat.com/show_bug.cgi?id=2301519", "https://bugzilla.redhat.com/show_bug.cgi?id=2301522", "https://bugzilla.redhat.com/show_bug.cgi?id=2301543", "https://bugzilla.redhat.com/show_bug.cgi?id=2301544", "https://bugzilla.redhat.com/show_bug.cgi?id=2303077", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46984", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47101", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47287", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47289", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47338", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47352", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47383", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47384", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47385", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47386", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47393", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47412", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47432", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47441", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47455", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47466", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47497", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47527", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47560", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47582", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47609", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48619", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48754", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48760", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48804", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48836", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48866", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49316", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52470", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52476", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52478", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52522", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52605", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52683", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52798", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52800", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52817", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52840", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6040", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23848", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26595", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26638", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26645", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26649", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26665", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26717", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26720", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26769", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26846", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26855", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26880", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26894", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26923", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26939", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27013", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27042", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35877", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35884", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35944", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36883", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36901", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36902", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36919", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36920", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36922", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36939", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36953", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37356", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38558", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38559", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38570", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38579", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38581", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38619", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39471", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39499", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39501", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39506", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40901", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40904", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40911", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40912", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40929", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40931", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40941", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40954", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40958", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40959", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40960", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40972", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40977", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40978", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40988", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40995", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40997", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40998", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41005", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41007", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41008", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41012", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41013", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41023", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41035", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41038", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41039", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41040", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41041", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41044", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41055", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41060", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41065", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41071", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41076", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41090", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41091", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42084", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42090", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42094", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42096", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42114", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42124", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42131", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42152", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42154", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42225", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42226", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42228", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42237", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42238", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42240", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42246", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42265", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43830", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43871", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45026", "https://errata.almalinux.org/8/ALSA-2024-7001.html", "https://errata.rockylinux.org/RLSA-2024:7000", "https://git.kernel.org/linus/9492261ff2460252cf2d8de89cdf854c7e2b28a0 (6.7-rc1)", "https://git.kernel.org/stable/c/784d01f9bbc282abb0c5ade5beb98a87f50343ac", "https://git.kernel.org/stable/c/9492261ff2460252cf2d8de89cdf854c7e2b28a0", "https://git.kernel.org/stable/c/aa7f1827953100cdde0795289a80c6c077bfe437", "https://git.kernel.org/stable/c/ec298b958cb0c40d70c68079da933c8f31c5134c", "https://linux.oracle.com/cve/CVE-2021-47432.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/2024052143-CVE-2021-47432-5e69@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2021-47432", "https://www.cve.org/CVERecord?id=CVE-2021-47432" ], "PublishedDate": "2024-05-21T16:15:12.007Z", "LastModifiedDate": "2025-04-02T14:51:30.763Z" }, { "VulnerabilityID": "CVE-2021-47658", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-47658", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1d45df62b760e0f5c9b1d0be0b5eb6f75cdb565acea913ff85dc735cbad8a113", "Title": "kernel: drm/amd/pm: fix a potential gpu_metrics_table memory leak", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: fix a potential gpu_metrics_table memory leak\n\nMemory is allocated for gpu_metrics_table in renoir_init_smc_tables(),\nbut not freed in int smu_v12_0_fini_smc_tables(). Free it!", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-47658", "https://git.kernel.org/linus/583637d66a70fc7090e12fb0ebbacc33d39e2214 (5.17-rc1)", "https://git.kernel.org/stable/c/583637d66a70fc7090e12fb0ebbacc33d39e2214", "https://lore.kernel.org/linux-cve-announce/2025022624-CVE-2021-47658-3eb0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2021-47658", "https://www.cve.org/CVERecord?id=CVE-2021-47658" ], "PublishedDate": "2025-02-26T06:37:07.557Z", "LastModifiedDate": "2025-09-23T18:48:03.193Z" }, { "VulnerabilityID": "CVE-2022-0400", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0400", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e77a0eee0a7d8dc52839360e3f86d31a84c061b1c9d12cfee1dc2b218386af55", "Title": "kernel: Out of bounds read in the smc protocol stack", "Description": "An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "nvd": 3, "redhat": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-0400", "https://bugzilla.redhat.com/show_bug.cgi?id=2040604", "https://bugzilla.redhat.com/show_bug.cgi?id=2040604 (not public)", "https://bugzilla.redhat.com/show_bug.cgi?id=2044575", "https://nvd.nist.gov/vuln/detail/CVE-2022-0400", "https://www.cve.org/CVERecord?id=CVE-2022-0400" ], "PublishedDate": "2022-08-29T15:15:09.423Z", "LastModifiedDate": "2024-11-21T06:38:32.81Z" }, { "VulnerabilityID": "CVE-2022-0480", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0480", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8f7d72692340d0bcf4dabc934536636976f02608b27cdef021b7da929c295add", "Title": "kernel: memcg does not limit the number of POSIX file locks allowing memory exhaustion", "Description": "A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2394", "https://access.redhat.com/security/cve/CVE-2022-0480", "https://bugzilla.redhat.com/1918601", "https://bugzilla.redhat.com/2049700", "https://bugzilla.redhat.com/2133452", "https://bugzilla.redhat.com/2151959", "https://bugzilla.redhat.com/2177759", "https://bugzilla.redhat.com/2185519", "https://bugzilla.redhat.com/2188102", "https://bugzilla.redhat.com/2210024", "https://bugzilla.redhat.com/2213132", "https://bugzilla.redhat.com/2218332", "https://bugzilla.redhat.com/2219359", "https://bugzilla.redhat.com/2221039", "https://bugzilla.redhat.com/2221463", "https://bugzilla.redhat.com/2221702", "https://bugzilla.redhat.com/2226777", "https://bugzilla.redhat.com/2226787", "https://bugzilla.redhat.com/2226788", "https://bugzilla.redhat.com/2231410", "https://bugzilla.redhat.com/2239845", "https://bugzilla.redhat.com/2239848", "https://bugzilla.redhat.com/2244720", "https://bugzilla.redhat.com/2246980", "https://bugzilla.redhat.com/2250043", "https://bugzilla.redhat.com/2252731", "https://bugzilla.redhat.com/2253034", "https://bugzilla.redhat.com/2253632", "https://bugzilla.redhat.com/2254961", "https://bugzilla.redhat.com/2254982", "https://bugzilla.redhat.com/2255283", "https://bugzilla.redhat.com/2255498", "https://bugzilla.redhat.com/2256490", "https://bugzilla.redhat.com/2256822", "https://bugzilla.redhat.com/2257682", "https://bugzilla.redhat.com/2258013", "https://bugzilla.redhat.com/2258518", "https://bugzilla.redhat.com/2260005", "https://bugzilla.redhat.com/2262126", "https://bugzilla.redhat.com/2262127", "https://bugzilla.redhat.com/2265285", "https://bugzilla.redhat.com/2265517", "https://bugzilla.redhat.com/2265518", "https://bugzilla.redhat.com/2265519", "https://bugzilla.redhat.com/2265520", "https://bugzilla.redhat.com/2265645", "https://bugzilla.redhat.com/2265646", "https://bugzilla.redhat.com/2265653", "https://bugzilla.redhat.com/2267041", "https://bugzilla.redhat.com/2267695", "https://bugzilla.redhat.com/2267750", "https://bugzilla.redhat.com/2267758", "https://bugzilla.redhat.com/2267760", "https://bugzilla.redhat.com/2267761", "https://bugzilla.redhat.com/2267788", "https://bugzilla.redhat.com/2267795", "https://bugzilla.redhat.com/2269189", "https://bugzilla.redhat.com/2269217", "https://bugzilla.redhat.com/2270080", "https://bugzilla.redhat.com/2270118", "https://bugzilla.redhat.com/2270883", "https://bugzilla.redhat.com/show_bug.cgi?id=2049700", "https://errata.almalinux.org/9/ALSA-2024-2394.html", "https://git.kernel.org/linus/0f12156dff2862ac54235fc72703f18770769042 (5.15-rc1)", "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0f12156dff2862ac54235fc72703f18770769042", "https://github.com/kata-containers/kata-containers/issues/3373", "https://linux.oracle.com/cve/CVE-2022-0480.html", "https://linux.oracle.com/errata/ELSA-2024-2394.html", "https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm%40linux-foundation.org/", "https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm@linux-foundation.org/", "https://nvd.nist.gov/vuln/detail/CVE-2022-0480", "https://ubuntu.com/security/CVE-2022-0480", "https://www.cve.org/CVERecord?id=CVE-2022-0480" ], "PublishedDate": "2022-08-29T15:15:09.477Z", "LastModifiedDate": "2024-11-21T06:38:44.91Z" }, { "VulnerabilityID": "CVE-2022-1205", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-1205", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:789ff419bcc549fe3d978417ab52224ec05fdd75cc77eef810ede9366be9def9", "Title": "kernel: Null pointer dereference and use after free in net/ax25/ax25_timer.c", "Description": "A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416", "CWE-476" ], "VendorSeverity": { "cbl-mariner": 2, "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-1205", "https://bugzilla.redhat.com/show_bug.cgi?id=2071047", "https://github.com/torvalds/linux/commit/82e31755e55fbcea6a9dfaae5fe4860ade17cbc0", "https://github.com/torvalds/linux/commit/fc6d01ff9ef03b66d4a3a23b46fc3c3d8cf92009", "https://marc.info/?i=56c38247.32aa9.17fe95728b3.Coremail.duoming@zju.edu.cn", "https://nvd.nist.gov/vuln/detail/CVE-2022-1205", "https://ubuntu.com/security/notices/USN-5469-1", "https://ubuntu.com/security/notices/USN-5471-1", "https://ubuntu.com/security/notices/USN-5514-1", "https://ubuntu.com/security/notices/USN-5515-1", "https://ubuntu.com/security/notices/USN-5539-1", "https://ubuntu.com/security/notices/USN-5541-1", "https://ubuntu.com/security/notices/USN-6001-1", "https://ubuntu.com/security/notices/USN-6013-1", "https://ubuntu.com/security/notices/USN-6014-1", "https://www.cve.org/CVERecord?id=CVE-2022-1205", "https://www.openwall.com/lists/oss-security/2022/04/02/4" ], "PublishedDate": "2022-08-31T16:15:09.11Z", "LastModifiedDate": "2024-11-21T06:40:15.083Z" }, { "VulnerabilityID": "CVE-2022-1247", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-1247", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1dcf2f379550b22ef8089866d11f715a6fff4384b45d6477833352838569a300", "Title": "kernel: A race condition bug in rose_connect()", "Description": "An issue found in linux-kernel that leads to a race condition in rose_connect(). The rose driver uses rose_neigh-\u003euse to represent how many objects are using the rose_neigh. When a user wants to delete a rose_route via rose_ioctl(), the rose driver calls rose_del_node() and removes neighbours only if their “count” and “use” are zero.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-1247", "https://bugzilla.redhat.com/show_bug.cgi?id=2066799", "https://lore.kernel.org/all/20220711013111.33183-1-duoming@zju.edu.cn/", "https://lore.kernel.org/all/cover.1656031586.git.duoming@zju.edu.cn/", "https://nvd.nist.gov/vuln/detail/CVE-2022-1247", "https://www.cve.org/CVERecord?id=CVE-2022-1247" ], "PublishedDate": "2022-08-31T16:15:09.177Z", "LastModifiedDate": "2024-11-21T06:40:20.19Z" }, { "VulnerabilityID": "CVE-2022-25836", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-25836", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d9f792993e4423755f9f43bfe9e1c627c72c4b6c9cc4fd495f82556b8222f35d", "Description": "Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4.0 through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when the MITM negotiates Legacy Passkey Pairing with the pairing Initiator and Secure Connections Passkey Pairing with the pairing Responder and brute forces the Passkey entered by the user into the Initiator. The MITM attacker can use the identified Passkey value to complete authentication with the Responder via Bluetooth pairing method confusion.", "Severity": "MEDIUM", "CweIDs": [ "CWE-294" ], "VendorSeverity": { "nvd": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "V3Score": 7.5 } }, "References": [ "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/confusion-in-ble-passkey/", "https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/", "https://www.cve.org/CVERecord?id=CVE-2022-25836" ], "PublishedDate": "2022-12-12T04:15:09.587Z", "LastModifiedDate": "2025-04-22T21:15:42.16Z" }, { "VulnerabilityID": "CVE-2022-2961", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2961", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5e7b5da485f0d571b80b95044291a4a5e3bfaea4df0149f495228c5cbcab19a7", "Title": "kernel: race condition in rose_bind()", "Description": "A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. This flaw allows a local user to crash or potentially escalate their privileges on the system.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416", "CWE-362" ], "VendorSeverity": { "cbl-mariner": 3, "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-2961", "https://nvd.nist.gov/vuln/detail/CVE-2022-2961", "https://security.netapp.com/advisory/ntap-20230214-0004/", "https://www.cve.org/CVERecord?id=CVE-2022-2961" ], "PublishedDate": "2022-08-29T15:15:10.81Z", "LastModifiedDate": "2024-11-21T07:01:59.55Z" }, { "VulnerabilityID": "CVE-2022-3238", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3238", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:df56990aceda9975650e575010223e53b2d70001678efa9bf9a7a4e41f613c34", "Title": "kernel: ntfs3 local privledge escalation if NTFS character set and remount and umount called simultaneously", "Description": "A double-free flaw was found in the Linux kernel’s NTFS3 subsystem in how a user triggers remount and umount simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system.", "Severity": "MEDIUM", "CweIDs": [ "CWE-459", "CWE-415" ], "VendorSeverity": { "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-3238", "https://bugzilla.redhat.com/show_bug.cgi?id=2127927", "https://nvd.nist.gov/vuln/detail/CVE-2022-3238", "https://www.cve.org/CVERecord?id=CVE-2022-3238" ], "PublishedDate": "2022-11-14T21:15:16.163Z", "LastModifiedDate": "2025-05-01T14:15:27.813Z" }, { "VulnerabilityID": "CVE-2022-3523", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3523", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d2b82bc65e5f8e26039673be4589c572cd002e8dfb2b997a750e8d1836328b0a", "Title": "Kernel: race when faulting a device private page in memory manager", "Description": "A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is an unknown function of the file mm/memory.c of the component Driver Handler. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211020.", "Severity": "MEDIUM", "CweIDs": [ "CWE-119", "CWE-416" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-3523", "https://git.kernel.org/linus/16ce101db85db694a91380aa4c89b25530871d33", "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=16ce101db85db694a91380aa4c89b25530871d33", "https://linux.oracle.com/cve/CVE-2022-3523.html", "https://linux.oracle.com/errata/ELSA-2023-6583.html", "https://lore.kernel.org/all/8735bbuyvs.fsf@nvidia.com/", "https://nvd.nist.gov/vuln/detail/CVE-2022-3523", "https://vuldb.com/?id.211020", "https://www.cve.org/CVERecord?id=CVE-2022-3523" ], "PublishedDate": "2022-10-16T10:15:10.193Z", "LastModifiedDate": "2024-11-21T07:19:42.283Z" }, { "VulnerabilityID": "CVE-2022-38457", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-38457", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:dbd339aba6372f80cc723a2c38e95053645bf2b037a0d1bde15586a3ccb04925", "Title": "kernel: vmwgfx: use-after-free in vmw_cmd_res_check", "Description": "A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "alma": 3, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:7077", "https://access.redhat.com/security/cve/CVE-2022-38457", "https://bugzilla.openanolis.cn/show_bug.cgi?id=2074", "https://bugzilla.redhat.com/2024989", "https://bugzilla.redhat.com/2073091", "https://bugzilla.redhat.com/2133453", "https://bugzilla.redhat.com/2133455", "https://bugzilla.redhat.com/2139610", "https://bugzilla.redhat.com/2147356", "https://bugzilla.redhat.com/2148520", "https://bugzilla.redhat.com/2149024", "https://bugzilla.redhat.com/2151317", "https://bugzilla.redhat.com/2156322", "https://bugzilla.redhat.com/2165741", "https://bugzilla.redhat.com/2165926", "https://bugzilla.redhat.com/2168332", "https://bugzilla.redhat.com/2173403", "https://bugzilla.redhat.com/2173430", "https://bugzilla.redhat.com/2173434", "https://bugzilla.redhat.com/2173444", "https://bugzilla.redhat.com/2174400", "https://bugzilla.redhat.com/2175903", "https://bugzilla.redhat.com/2176140", "https://bugzilla.redhat.com/2177371", "https://bugzilla.redhat.com/2177389", "https://bugzilla.redhat.com/2181330", "https://bugzilla.redhat.com/2182443", "https://bugzilla.redhat.com/2184578", "https://bugzilla.redhat.com/2185945", "https://bugzilla.redhat.com/2187257", "https://bugzilla.redhat.com/2188468", "https://bugzilla.redhat.com/2192667", "https://bugzilla.redhat.com/2192671", "https://bugzilla.redhat.com/2193097", "https://bugzilla.redhat.com/2193219", "https://bugzilla.redhat.com/2213139", "https://bugzilla.redhat.com/2213199", "https://bugzilla.redhat.com/2213485", "https://bugzilla.redhat.com/2213802", "https://bugzilla.redhat.com/2214348", "https://bugzilla.redhat.com/2215502", "https://bugzilla.redhat.com/2215835", "https://bugzilla.redhat.com/2215836", "https://bugzilla.redhat.com/2215837", "https://bugzilla.redhat.com/2218195", "https://bugzilla.redhat.com/2218212", "https://bugzilla.redhat.com/2218943", "https://bugzilla.redhat.com/2221707", "https://bugzilla.redhat.com/2223949", "https://bugzilla.redhat.com/2225191", "https://bugzilla.redhat.com/2225201", "https://bugzilla.redhat.com/2225511", "https://bugzilla.redhat.com/2236982", "https://errata.almalinux.org/8/ALSA-2023-7077.html", "https://linux.oracle.com/cve/CVE-2022-38457.html", "https://linux.oracle.com/errata/ELSA-2023-7077.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-38457", "https://www.cve.org/CVERecord?id=CVE-2022-38457" ], "PublishedDate": "2022-09-09T15:15:14.52Z", "LastModifiedDate": "2024-11-21T07:16:30.88Z" }, { "VulnerabilityID": "CVE-2022-40133", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-40133", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2f1c65a76628709c4c99162fc9b785087003f307ee18419d50598621fb47719a", "Title": "kernel: vmwgfx: use-after-free in vmw_execbuf_tie_context", "Description": "A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "alma": 3, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:7077", "https://access.redhat.com/security/cve/CVE-2022-40133", "https://bugzilla.openanolis.cn/show_bug.cgi?id=2075", "https://bugzilla.redhat.com/2024989", "https://bugzilla.redhat.com/2073091", "https://bugzilla.redhat.com/2133453", "https://bugzilla.redhat.com/2133455", "https://bugzilla.redhat.com/2139610", "https://bugzilla.redhat.com/2147356", "https://bugzilla.redhat.com/2148520", "https://bugzilla.redhat.com/2149024", "https://bugzilla.redhat.com/2151317", "https://bugzilla.redhat.com/2156322", "https://bugzilla.redhat.com/2165741", "https://bugzilla.redhat.com/2165926", "https://bugzilla.redhat.com/2168332", "https://bugzilla.redhat.com/2173403", "https://bugzilla.redhat.com/2173430", "https://bugzilla.redhat.com/2173434", "https://bugzilla.redhat.com/2173444", "https://bugzilla.redhat.com/2174400", "https://bugzilla.redhat.com/2175903", "https://bugzilla.redhat.com/2176140", "https://bugzilla.redhat.com/2177371", "https://bugzilla.redhat.com/2177389", "https://bugzilla.redhat.com/2181330", "https://bugzilla.redhat.com/2182443", "https://bugzilla.redhat.com/2184578", "https://bugzilla.redhat.com/2185945", "https://bugzilla.redhat.com/2187257", "https://bugzilla.redhat.com/2188468", "https://bugzilla.redhat.com/2192667", "https://bugzilla.redhat.com/2192671", "https://bugzilla.redhat.com/2193097", "https://bugzilla.redhat.com/2193219", "https://bugzilla.redhat.com/2213139", "https://bugzilla.redhat.com/2213199", "https://bugzilla.redhat.com/2213485", "https://bugzilla.redhat.com/2213802", "https://bugzilla.redhat.com/2214348", "https://bugzilla.redhat.com/2215502", "https://bugzilla.redhat.com/2215835", "https://bugzilla.redhat.com/2215836", "https://bugzilla.redhat.com/2215837", "https://bugzilla.redhat.com/2218195", "https://bugzilla.redhat.com/2218212", "https://bugzilla.redhat.com/2218943", "https://bugzilla.redhat.com/2221707", "https://bugzilla.redhat.com/2223949", "https://bugzilla.redhat.com/2225191", "https://bugzilla.redhat.com/2225201", "https://bugzilla.redhat.com/2225511", "https://bugzilla.redhat.com/2236982", "https://errata.almalinux.org/8/ALSA-2023-7077.html", "https://linux.oracle.com/cve/CVE-2022-40133.html", "https://linux.oracle.com/errata/ELSA-2023-7077.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-40133", "https://www.cve.org/CVERecord?id=CVE-2022-40133" ], "PublishedDate": "2022-09-09T15:15:15.137Z", "LastModifiedDate": "2024-11-21T07:20:55.827Z" }, { "VulnerabilityID": "CVE-2022-4543", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4543", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d316a8710ce5a18309e4451c1cae0ad47dc1a5b95f1355a512f9b1cb64eebca7", "Title": "kernel: KASLR Prefetch Bypass Breaks KPTI", "Description": "A flaw named \"EntryBleed\" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems.", "Severity": "MEDIUM", "CweIDs": [ "CWE-200", "CWE-203" ], "VendorSeverity": { "cbl-mariner": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-4543", "https://github.com/KSPP/linux/issues/361", "https://nvd.nist.gov/vuln/detail/CVE-2022-4543", "https://www.cve.org/CVERecord?id=CVE-2022-4543", "https://www.openwall.com/lists/oss-security/2022/12/16/3", "https://www.willsroot.io/2022/12/entrybleed.html" ], "PublishedDate": "2023-01-11T15:15:09.673Z", "LastModifiedDate": "2025-04-08T20:15:18.79Z" }, { "VulnerabilityID": "CVE-2022-48628", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-48628", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b8ced286dfa4de035d102dde7016371a82fa9672f4de1875e5bf7ba95a89444e", "Title": "kernel: ceph: drop messages from MDS when unmounting", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: drop messages from MDS when unmounting\n\nWhen unmounting all the dirty buffers will be flushed and after\nthe last osd request is finished the last reference of the i_count\nwill be released. Then it will flush the dirty cap/snap to MDSs,\nand the unmounting won't wait the possible acks, which will ihold\nthe inodes when updating the metadata locally but makes no sense\nany more, of this. This will make the evict_inodes() to skip these\ninodes.\n\nIf encrypt is enabled the kernel generate a warning when removing\nthe encrypt keys when the skipped inodes still hold the keyring:\n\nWARNING: CPU: 4 PID: 168846 at fs/crypto/keyring.c:242 fscrypt_destroy_keyring+0x7e/0xd0\nCPU: 4 PID: 168846 Comm: umount Tainted: G S 6.1.0-rc5-ceph-g72ead199864c #1\nHardware name: Supermicro SYS-5018R-WR/X10SRW-F, BIOS 2.0 12/17/2015\nRIP: 0010:fscrypt_destroy_keyring+0x7e/0xd0\nRSP: 0018:ffffc9000b277e28 EFLAGS: 00010202\nRAX: 0000000000000002 RBX: ffff88810d52ac00 RCX: ffff88810b56aa00\nRDX: 0000000080000000 RSI: ffffffff822f3a09 RDI: ffff888108f59000\nRBP: ffff8881d394fb88 R08: 0000000000000028 R09: 0000000000000000\nR10: 0000000000000001 R11: 11ff4fe6834fcd91 R12: ffff8881d394fc40\nR13: ffff888108f59000 R14: ffff8881d394f800 R15: 0000000000000000\nFS: 00007fd83f6f1080(0000) GS:ffff88885fd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f918d417000 CR3: 000000017f89a005 CR4: 00000000003706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\ngeneric_shutdown_super+0x47/0x120\nkill_anon_super+0x14/0x30\nceph_kill_sb+0x36/0x90 [ceph]\ndeactivate_locked_super+0x29/0x60\ncleanup_mnt+0xb8/0x140\ntask_work_run+0x67/0xb0\nexit_to_user_mode_prepare+0x23d/0x240\nsyscall_exit_to_user_mode+0x25/0x60\ndo_syscall_64+0x40/0x80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7fd83dc39e9b\n\nLater the kernel will crash when iput() the inodes and dereferencing\nthe \"sb-\u003es_master_keys\", which has been released by the\ngeneric_shutdown_super().", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-48628", "https://git.kernel.org/linus/e3dfcab2080dc1f9a4b09cc1327361bc2845bfcd (6.6-rc1)", "https://git.kernel.org/stable/c/47f82395f04a976d4fa97de7f2acffa1c1096571", "https://git.kernel.org/stable/c/89744b64914426cbabceb3d8a149176b5dafdfb5", "https://git.kernel.org/stable/c/e3dfcab2080dc1f9a4b09cc1327361bc2845bfcd", "https://lore.kernel.org/linux-cve-announce/2024030245-CVE-2022-48628-181a@gregkh/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2022-48628", "https://www.cve.org/CVERecord?id=CVE-2022-48628" ], "PublishedDate": "2024-03-02T22:15:47Z", "LastModifiedDate": "2025-01-13T18:26:13.343Z" }, { "VulnerabilityID": "CVE-2022-48633", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-48633", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ef7410d2329625473d979dd20776c3697b4c8b11723cb0cd465126e1743929b5", "Title": "kernel: drm/gma500: Fix WARN_ON(lock--\u003emagic != lock) error", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: Fix WARN_ON(lock-\u003emagic != lock) error\n\npsb_gem_unpin() calls dma_resv_lock() but the underlying ww_mutex\ngets destroyed by drm_gem_object_release() move the\ndrm_gem_object_release() call in psb_gem_free_object() to after\nthe unpin to fix the below warning:\n\n[ 79.693962] ------------[ cut here ]------------\n[ 79.693992] DEBUG_LOCKS_WARN_ON(lock-\u003emagic != lock)\n[ 79.694015] WARNING: CPU: 0 PID: 240 at kernel/locking/mutex.c:582 __ww_mutex_lock.constprop.0+0x569/0xfb0\n[ 79.694052] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer qrtr bnep ath9k ath9k_common ath9k_hw snd_hda_codec_realtek snd_hda_codec_generic ledtrig_audio snd_hda_codec_hdmi snd_hda_intel ath3k snd_intel_dspcfg mac80211 snd_intel_sdw_acpi btusb snd_hda_codec btrtl btbcm btintel btmtk bluetooth at24 snd_hda_core snd_hwdep uvcvideo snd_seq libarc4 videobuf2_vmalloc ath videobuf2_memops videobuf2_v4l2 videobuf2_common snd_seq_device videodev acer_wmi intel_powerclamp coretemp mc snd_pcm joydev sparse_keymap ecdh_generic pcspkr wmi_bmof cfg80211 i2c_i801 i2c_smbus snd_timer snd r8169 rfkill lpc_ich soundcore acpi_cpufreq zram rtsx_pci_sdmmc mmc_core serio_raw rtsx_pci gma500_gfx(E) video wmi ip6_tables ip_tables i2c_dev fuse\n[ 79.694436] CPU: 0 PID: 240 Comm: plymouthd Tainted: G W E 6.0.0-rc3+ #490\n[ 79.694457] Hardware name: Packard Bell dot s/SJE01_CT, BIOS V1.10 07/23/2013\n[ 79.694469] RIP: 0010:__ww_mutex_lock.constprop.0+0x569/0xfb0\n[ 79.694496] Code: ff 85 c0 0f 84 15 fb ff ff 8b 05 ca 3c 11 01 85 c0 0f 85 07 fb ff ff 48 c7 c6 30 cb 84 aa 48 c7 c7 a3 e1 82 aa e8 ac 29 f8 ff \u003c0f\u003e 0b e9 ed fa ff ff e8 5b 83 8a ff 85 c0 74 10 44 8b 0d 98 3c 11\n[ 79.694513] RSP: 0018:ffffad1dc048bbe0 EFLAGS: 00010282\n[ 79.694623] RAX: 0000000000000028 RBX: 0000000000000000 RCX: 0000000000000000\n[ 79.694636] RDX: 0000000000000001 RSI: ffffffffaa8b0ffc RDI: 00000000ffffffff\n[ 79.694650] RBP: ffffad1dc048bc80 R08: 0000000000000000 R09: ffffad1dc048ba90\n[ 79.694662] R10: 0000000000000003 R11: ffffffffaad62fe8 R12: ffff9ff302103138\n[ 79.694675] R13: ffff9ff306ec8000 R14: ffff9ff307779078 R15: ffff9ff3014c0270\n[ 79.694690] FS: 00007ff1cccf1740(0000) GS:ffff9ff3bc200000(0000) knlGS:0000000000000000\n[ 79.694705] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 79.694719] CR2: 0000559ecbcb4420 CR3: 0000000013210000 CR4: 00000000000006f0\n[ 79.694734] Call Trace:\n[ 79.694749] \u003cTASK\u003e\n[ 79.694761] ? __schedule+0x47f/0x1670\n[ 79.694796] ? psb_gem_unpin+0x27/0x1a0 [gma500_gfx]\n[ 79.694830] ? lock_is_held_type+0xe3/0x140\n[ 79.694864] ? ww_mutex_lock+0x38/0xa0\n[ 79.694885] ? __cond_resched+0x1c/0x30\n[ 79.694902] ww_mutex_lock+0x38/0xa0\n[ 79.694925] psb_gem_unpin+0x27/0x1a0 [gma500_gfx]\n[ 79.694964] psb_gem_unpin+0x199/0x1a0 [gma500_gfx]\n[ 79.694996] drm_gem_object_release_handle+0x50/0x60\n[ 79.695020] ? drm_gem_object_handle_put_unlocked+0xf0/0xf0\n[ 79.695042] idr_for_each+0x4b/0xb0\n[ 79.695066] ? _raw_spin_unlock_irqrestore+0x30/0x60\n[ 79.695095] drm_gem_release+0x1c/0x30\n[ 79.695118] drm_file_free.part.0+0x1ea/0x260\n[ 79.695150] drm_release+0x6a/0x120\n[ 79.695175] __fput+0x9f/0x260\n[ 79.695203] task_work_run+0x59/0xa0\n[ 79.695227] do_exit+0x387/0xbe0\n[ 79.695250] ? seqcount_lockdep_reader_access.constprop.0+0x82/0x90\n[ 79.695275] ? lockdep_hardirqs_on+0x7d/0x100\n[ 79.695304] do_group_exit+0x33/0xb0\n[ 79.695331] __x64_sys_exit_group+0x14/0x20\n[ 79.695353] do_syscall_64+0x58/0x80\n[ 79.695376] ? up_read+0x17/0x20\n[ 79.695401] ? lock_is_held_type+0xe3/0x140\n[ 79.695429] ? asm_exc_page_fault+0x22/0x30\n[ 79.695450] ? lockdep_hardirqs_on+0x7d/0x100\n[ 79.695473] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[ 79.695493] RIP: 0033:0x7ff1ccefe3f1\n[ 79.695516] Code: Unable to access opcode bytes at RIP 0x7ff1ccefe3c7.\n[ 79.695607] RSP: 002b:00007ffed4413378 EFLAGS: \n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-617" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "V3Score": 2.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-48633", "https://git.kernel.org/linus/b6f25c3b94f2aadbf5cbef954db4073614943d74 (6.0-rc6)", "https://git.kernel.org/stable/c/55c077d97fa67e9f19952bb24122a8316b089474", "https://git.kernel.org/stable/c/b6f25c3b94f2aadbf5cbef954db4073614943d74", "https://lore.kernel.org/linux-cve-announce/2024042854-CVE-2022-48633-f726@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-48633", "https://www.cve.org/CVERecord?id=CVE-2022-48633" ], "PublishedDate": "2024-04-28T13:15:06.56Z", "LastModifiedDate": "2025-09-19T14:56:52.39Z" }, { "VulnerabilityID": "CVE-2022-48646", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-48646", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7a98200327f8e9d04050f7562f25b1ac824ec06ac5c6079d90cdd705e05a9e12", "Title": "kernel: sfc/siena: fix null pointer dereference in efx_hard_start_xmit", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsfc/siena: fix null pointer dereference in efx_hard_start_xmit\n\nLike in previous patch for sfc, prevent potential (but unlikely) NULL\npointer dereference.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-48646", "https://git.kernel.org/linus/589c6eded10c77a12b7b2cf235b6b19a2bdb91fa (6.0-rc7)", "https://git.kernel.org/stable/c/589c6eded10c77a12b7b2cf235b6b19a2bdb91fa", "https://git.kernel.org/stable/c/a4eadca702dff0768dd01be6789bbec2a18e5b0a", "https://lore.kernel.org/linux-cve-announce/2024042857-CVE-2022-48646-35f2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-48646", "https://www.cve.org/CVERecord?id=CVE-2022-48646" ], "PublishedDate": "2024-04-28T13:15:07.187Z", "LastModifiedDate": "2025-03-20T21:29:44.733Z" }, { "VulnerabilityID": "CVE-2022-48667", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-48667", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2766c8dca8980e95d28c2eb536a5961634204efc29a7503879eec1e2536c8a1e", "Title": "kernel: smb3: fix temporary data corruption in insert range", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb3: fix temporary data corruption in insert range\n\ninsert range doesn't discard the affected cached region\nso can risk temporarily corrupting file data.\n\nAlso includes some minor cleanup (avoiding rereading\ninode size repeatedly unnecessarily) to make it clearer.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-48667", "https://git.kernel.org/linus/9c8b7a293f50253e694f19161c045817a938e551 (6.0-rc4)", "https://git.kernel.org/stable/c/0cdde8460c304283d4ebe3f767a70215d1ab9d4e", "https://git.kernel.org/stable/c/9c8b7a293f50253e694f19161c045817a938e551", "https://lore.kernel.org/linux-cve-announce/2024042802-CVE-2022-48667-0aa2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-48667", "https://www.cve.org/CVERecord?id=CVE-2022-48667" ], "PublishedDate": "2024-04-28T13:15:08.157Z", "LastModifiedDate": "2025-09-19T15:04:31.3Z" }, { "VulnerabilityID": "CVE-2022-48668", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-48668", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0f55e440928ab846f0e8831cf1311312778da9c4b53d62f68db70faff0a7fd8d", "Title": "kernel: smb3: fix temporary data corruption in collapse range", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb3: fix temporary data corruption in collapse range\n\ncollapse range doesn't discard the affected cached region\nso can risk temporarily corrupting the file data. This\nfixes xfstest generic/031\n\nI also decided to merge a minor cleanup to this into the same patch\n(avoiding rereading inode size repeatedly unnecessarily) to make it\nclearer.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-48668", "https://git.kernel.org/linus/fa30a81f255a56cccd89552cd6ce7ea6e8d8acc4 (6.0-rc4)", "https://git.kernel.org/stable/c/49523a4732204bdacbf3941a016503ddb4ddb3b9", "https://git.kernel.org/stable/c/fa30a81f255a56cccd89552cd6ce7ea6e8d8acc4", "https://lore.kernel.org/linux-cve-announce/2024042802-CVE-2022-48668-3790@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-48668", "https://www.cve.org/CVERecord?id=CVE-2022-48668" ], "PublishedDate": "2024-04-28T13:15:08.203Z", "LastModifiedDate": "2025-09-19T15:04:39.217Z" }, { "VulnerabilityID": "CVE-2022-48673", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-48673", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0f82f2f08fe2ffa5564e7ae8926540bee24c4d4b3ee8256ff0b26c66853ce4c5", "Title": "kernel: net/smc: Fix possible access to freed memory in link clear", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: Fix possible access to freed memory in link clear\n\nAfter modifying the QP to the Error state, all RX WR would be completed\nwith WC in IB_WC_WR_FLUSH_ERR status. Current implementation does not\nwait for it is done, but destroy the QP and free the link group directly.\nSo there is a risk that accessing the freed memory in tasklet context.\n\nHere is a crash example:\n\n BUG: unable to handle page fault for address: ffffffff8f220860\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD f7300e067 P4D f7300e067 PUD f7300f063 PMD 8c4e45063 PTE 800ffff08c9df060\n Oops: 0002 [#1] SMP PTI\n CPU: 1 PID: 0 Comm: swapper/1 Kdump: loaded Tainted: G S OE 5.10.0-0607+ #23\n Hardware name: Inspur NF5280M4/YZMB-00689-101, BIOS 4.1.20 07/09/2018\n RIP: 0010:native_queued_spin_lock_slowpath+0x176/0x1b0\n Code: f3 90 48 8b 32 48 85 f6 74 f6 eb d5 c1 ee 12 83 e0 03 83 ee 01 48 c1 e0 05 48 63 f6 48 05 00 c8 02 00 48 03 04 f5 00 09 98 8e \u003c48\u003e 89 10 8b 42 08 85 c0 75 09 f3 90 8b 42 08 85 c0 74 f7 48 8b 32\n RSP: 0018:ffffb3b6c001ebd8 EFLAGS: 00010086\n RAX: ffffffff8f220860 RBX: 0000000000000246 RCX: 0000000000080000\n RDX: ffff91db1f86c800 RSI: 000000000000173c RDI: ffff91db62bace00\n RBP: ffff91db62bacc00 R08: 0000000000000000 R09: c00000010000028b\n R10: 0000000000055198 R11: ffffb3b6c001ea58 R12: ffff91db80e05010\n R13: 000000000000000a R14: 0000000000000006 R15: 0000000000000040\n FS: 0000000000000000(0000) GS:ffff91db1f840000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: ffffffff8f220860 CR3: 00000001f9580004 CR4: 00000000003706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cIRQ\u003e\n _raw_spin_lock_irqsave+0x30/0x40\n mlx5_ib_poll_cq+0x4c/0xc50 [mlx5_ib]\n smc_wr_rx_tasklet_fn+0x56/0xa0 [smc]\n tasklet_action_common.isra.21+0x66/0x100\n __do_softirq+0xd5/0x29c\n asm_call_irq_on_stack+0x12/0x20\n \u003c/IRQ\u003e\n do_softirq_own_stack+0x37/0x40\n irq_exit_rcu+0x9d/0xa0\n sysvec_call_function_single+0x34/0x80\n asm_sysvec_call_function_single+0x12/0x20", "Severity": "MEDIUM", "CweIDs": [ "CWE-755" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-48673", "https://git.kernel.org/linus/e9b1a4f867ae9c1dbd1d71cd09cbdb3239fb4968 (6.0-rc5)", "https://git.kernel.org/stable/c/89fcb70f1acd6b0bbf2f7bfbf45d7aa75a9bdcde", "https://git.kernel.org/stable/c/e9b1a4f867ae9c1dbd1d71cd09cbdb3239fb4968", "https://lore.kernel.org/linux-cve-announce/2024050318-CVE-2022-48673-1692@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-48673", "https://www.cve.org/CVERecord?id=CVE-2022-48673" ], "PublishedDate": "2024-05-03T15:15:07.53Z", "LastModifiedDate": "2024-11-21T07:33:45.173Z" }, { "VulnerabilityID": "CVE-2022-48706", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-48706", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:24b4ff3ceeaf004971cd18fb3d3f3934fd93a4936e65c9bcc8f7c17dc7d60f87", "Title": "kernel: vdpa: ifcvf: Do proper cleanup if IFCVF init fails", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa: ifcvf: Do proper cleanup if IFCVF init fails\n\nifcvf_mgmt_dev leaks memory if it is not freed before\nreturning. Call is made to correct return statement\nso memory does not leak. ifcvf_init_hw does not take\ncare of this so it is needed to do it here.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-48706", "https://git.kernel.org/linus/6b04456e248761cf68f562f2fd7c04e591fcac94 (6.2-rc7)", "https://git.kernel.org/stable/c/5d2cc32c1c10bd889125d2adc16a6bc3338dcd3e", "https://git.kernel.org/stable/c/6b04456e248761cf68f562f2fd7c04e591fcac94", "https://lore.kernel.org/linux-cve-announce/2024052153-CVE-2022-48706-3175@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-48706", "https://www.cve.org/CVERecord?id=CVE-2022-48706" ], "PublishedDate": "2024-05-21T16:15:12.1Z", "LastModifiedDate": "2025-02-03T16:12:16.05Z" }, { "VulnerabilityID": "CVE-2022-48744", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-48744", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:90e115b80fbdb5074dd04e6061308aa93c25bb81a83930c1154a3b7d48823822", "Title": "kernel: net/mlx5e: Avoid field-overflowing memcpy()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Avoid field-overflowing memcpy()\n\nIn preparation for FORTIFY_SOURCE performing compile-time and run-time\nfield bounds checking for memcpy(), memmove(), and memset(), avoid\nintentionally writing across neighboring fields.\n\nUse flexible arrays instead of zero-element arrays (which look like they\nare always overflowing) and split the cross-field memcpy() into two halves\nthat can be appropriately bounds-checked by the compiler.\n\nWe were doing:\n\n\t#define ETH_HLEN 14\n\t#define VLAN_HLEN 4\n\t...\n\t#define MLX5E_XDP_MIN_INLINE (ETH_HLEN + VLAN_HLEN)\n\t...\n struct mlx5e_tx_wqe *wqe = mlx5_wq_cyc_get_wqe(wq, pi);\n\t...\n struct mlx5_wqe_eth_seg *eseg = \u0026wqe-\u003eeth;\n struct mlx5_wqe_data_seg *dseg = wqe-\u003edata;\n\t...\n\tmemcpy(eseg-\u003einline_hdr.start, xdptxd-\u003edata, MLX5E_XDP_MIN_INLINE);\n\ntarget is wqe-\u003eeth.inline_hdr.start (which the compiler sees as being\n2 bytes in size), but copying 18, intending to write across start\n(really vlan_tci, 2 bytes). The remaining 16 bytes get written into\nwqe-\u003edata[0], covering byte_count (4 bytes), lkey (4 bytes), and addr\n(8 bytes).\n\nstruct mlx5e_tx_wqe {\n struct mlx5_wqe_ctrl_seg ctrl; /* 0 16 */\n struct mlx5_wqe_eth_seg eth; /* 16 16 */\n struct mlx5_wqe_data_seg data[]; /* 32 0 */\n\n /* size: 32, cachelines: 1, members: 3 */\n /* last cacheline: 32 bytes */\n};\n\nstruct mlx5_wqe_eth_seg {\n u8 swp_outer_l4_offset; /* 0 1 */\n u8 swp_outer_l3_offset; /* 1 1 */\n u8 swp_inner_l4_offset; /* 2 1 */\n u8 swp_inner_l3_offset; /* 3 1 */\n u8 cs_flags; /* 4 1 */\n u8 swp_flags; /* 5 1 */\n __be16 mss; /* 6 2 */\n __be32 flow_table_metadata; /* 8 4 */\n union {\n struct {\n __be16 sz; /* 12 2 */\n u8 start[2]; /* 14 2 */\n } inline_hdr; /* 12 4 */\n struct {\n __be16 type; /* 12 2 */\n __be16 vlan_tci; /* 14 2 */\n } insert; /* 12 4 */\n __be32 trailer; /* 12 4 */\n }; /* 12 4 */\n\n /* size: 16, cachelines: 1, members: 9 */\n /* last cacheline: 16 bytes */\n};\n\nstruct mlx5_wqe_data_seg {\n __be32 byte_count; /* 0 4 */\n __be32 lkey; /* 4 4 */\n __be64 addr; /* 8 8 */\n\n /* size: 16, cachelines: 1, members: 3 */\n /* last cacheline: 16 bytes */\n};\n\nSo, split the memcpy() so the compiler can reason about the buffer\nsizes.\n\n\"pahole\" shows no size nor member offset changes to struct mlx5e_tx_wqe\nnor struct mlx5e_umr_wqe. \"objdump -d\" shows no meaningful object\ncode changes (i.e. only source line number induced differences and\noptimizations).", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-48744", "https://git.kernel.org/linus/ad5185735f7dab342fdd0dd41044da4c9ccfef67 (5.17-rc3)", "https://git.kernel.org/stable/c/49bcbe531f79fc35bb10020f7695f9f01e4f0ca8", "https://git.kernel.org/stable/c/8fbdf8c8b8ab82beab882175157650452c46493e", "https://git.kernel.org/stable/c/ad5185735f7dab342fdd0dd41044da4c9ccfef67", "https://lore.kernel.org/linux-cve-announce/2024062003-CVE-2022-48744-0f03@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-48744", "https://www.cve.org/CVERecord?id=CVE-2022-48744" ], "PublishedDate": "2024-06-20T12:15:12.7Z", "LastModifiedDate": "2026-01-21T16:08:23.18Z" }, { "VulnerabilityID": "CVE-2022-48766", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-48766", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d8323b91ce67e39c1f90e318f1c149b06a7d4739ee79700db94614fdccd8ceae", "Title": "kernel: drm/amd/display: Wrap dcn301_calculate_wm_and_dlg for FPU.", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Wrap dcn301_calculate_wm_and_dlg for FPU.\n\nMirrors the logic for dcn30. Cue lots of WARNs and some\nkernel panics without this fix.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-48766", "https://git.kernel.org/linus/25f1488bdbba63415239ff301fe61a8546140d9f (5.17-rc2)", "https://git.kernel.org/stable/c/25f1488bdbba63415239ff301fe61a8546140d9f", "https://git.kernel.org/stable/c/456ba2433844a6483cc4c933aa8f43d24575e341", "https://lore.kernel.org/linux-cve-announce/2024062010-CVE-2022-48766-3b8e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-48766", "https://www.cve.org/CVERecord?id=CVE-2022-48766" ], "PublishedDate": "2024-06-20T12:15:14.617Z", "LastModifiedDate": "2025-01-06T21:44:09.75Z" }, { "VulnerabilityID": "CVE-2022-48771", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-48771", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5656c15a629e592c8379f828310857fdb671689bc7e63c51115631640861dec1", "Title": "kernel: drm/vmwgfx: Fix stale file descriptors on failed usercopy", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Fix stale file descriptors on failed usercopy\n\nA failing usercopy of the fence_rep object will lead to a stale entry in\nthe file descriptor table as put_unused_fd() won't release it. This\nenables userland to refer to a dangling 'file' object through that still\nvalid file descriptor, leading to all kinds of use-after-free\nexploitation scenarios.\n\nFix this by deferring the call to fd_install() until after the usercopy\nhas succeeded.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-48771", "https://git.kernel.org/linus/a0f90c8815706981c483a652a6aefca51a5e191c (5.17-rc2)", "https://git.kernel.org/stable/c/0008a0c78fc33a84e2212a7c04e6b21a36ca6f4d", "https://git.kernel.org/stable/c/1d833b27fb708d6fdf5de9f6b3a8be4bd4321565", "https://git.kernel.org/stable/c/6066977961fc6f437bc064f628cf9b0e4571c56c", "https://git.kernel.org/stable/c/84b1259fe36ae0915f3d6ddcea6377779de48b82", "https://git.kernel.org/stable/c/a0f90c8815706981c483a652a6aefca51a5e191c", "https://git.kernel.org/stable/c/ae2b20f27732fe92055d9e7b350abc5cdf3e2414", "https://git.kernel.org/stable/c/e8d092a62449dcfc73517ca43963d2b8f44d0516", "https://lore.kernel.org/linux-cve-announce/2024062011-CVE-2022-48771-2c90@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-48771", "https://www.cve.org/CVERecord?id=CVE-2022-48771" ], "PublishedDate": "2024-06-20T12:15:15.043Z", "LastModifiedDate": "2025-01-06T21:41:47.617Z" }, { "VulnerabilityID": "CVE-2022-48816", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-48816", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4353130f0014725a6d4a5d54ed54cdd23fcb2dc0cdbee806fa715902d1f6a181", "Title": "kernel: SUNRPC: lock against -\u0026gt;sock changing during sysfs read", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: lock against -\u003esock changing during sysfs read\n\n-\u003esock can be set to NULL asynchronously unless -\u003erecv_mutex is held.\nSo it is important to hold that mutex. Otherwise a sysfs read can\ntrigger an oops.\nCommit 17f09d3f619a (\"SUNRPC: Check if the xprt is connected before\nhandling sysfs reads\") appears to attempt to fix this problem, but it\nonly narrows the race window.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-48816", "https://git.kernel.org/linus/b49ea673e119f59c71645e2f65b3ccad857c90ee (5.17-rc4)", "https://git.kernel.org/stable/c/9482ab4540f5bcc869b44c067ae99b5fca16bd07", "https://git.kernel.org/stable/c/b49ea673e119f59c71645e2f65b3ccad857c90ee", "https://lore.kernel.org/linux-cve-announce/2024071648-CVE-2022-48816-e2a3@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-48816", "https://www.cve.org/CVERecord?id=CVE-2022-48816" ], "PublishedDate": "2024-07-16T12:15:05.687Z", "LastModifiedDate": "2025-10-06T17:07:26.41Z" }, { "VulnerabilityID": "CVE-2022-48887", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-48887", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:170640c5decf08a96b73beb2f706f0d4fb602c2ef2d27c8c2995949064c1e78e", "Title": "kernel: drm/vmwgfx: Remove rcu locks from user resources", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Remove rcu locks from user resources\n\nUser resource lookups used rcu to avoid two extra atomics. Unfortunately\nthe rcu paths were buggy and it was easy to make the driver crash by\nsubmitting command buffers from two different threads. Because the\nlookups never show up in performance profiles replace them with a\nregular spin lock which fixes the races in accesses to those shared\nresources.\n\nFixes kernel oops'es in IGT's vmwgfx execution_buffer stress test and\nseen crashes with apps using shared resources.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-48887", "https://git.kernel.org/linus/a309c7194e8a2f8bd4539b9449917913f6c2cd50 (6.2-rc4)", "https://git.kernel.org/stable/c/7ac9578e45b20e3f3c0c8eb71f5417a499a7226a", "https://git.kernel.org/stable/c/a309c7194e8a2f8bd4539b9449917913f6c2cd50", "https://lore.kernel.org/linux-cve-announce/2024082109-CVE-2022-48887-4019@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-48887", "https://www.cve.org/CVERecord?id=CVE-2022-48887" ], "PublishedDate": "2024-08-21T07:15:05.143Z", "LastModifiedDate": "2024-09-06T14:55:46.46Z" }, { "VulnerabilityID": "CVE-2022-48929", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-48929", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:797473bb5bb20576c292c1195a6b83c7a2f7e23f5f47518fdc3569605d7dd589", "Title": "kernel: bpf: Fix crash due to out of bounds access into reg2btf_ids.", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix crash due to out of bounds access into reg2btf_ids.\n\nWhen commit e6ac2450d6de (\"bpf: Support bpf program calling kernel function\") added\nkfunc support, it defined reg2btf_ids as a cheap way to translate the verifier\nreg type to the appropriate btf_vmlinux BTF ID, however\ncommit c25b2ae13603 (\"bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL\")\nmoved the __BPF_REG_TYPE_MAX from the last member of bpf_reg_type enum to after\nthe base register types, and defined other variants using type flag\ncomposition. However, now, the direct usage of reg-\u003etype to index into\nreg2btf_ids may no longer fall into __BPF_REG_TYPE_MAX range, and hence lead to\nout of bounds access and kernel crash on dereference of bad pointer.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-48929", "https://git.kernel.org/linus/45ce4b4f9009102cd9f581196d480a59208690c1 (5.17-rc6)", "https://git.kernel.org/stable/c/45ce4b4f9009102cd9f581196d480a59208690c1", "https://git.kernel.org/stable/c/8c39925e98d498b9531343066ef82ae39e41adae", "https://git.kernel.org/stable/c/f0ce1bc9e0235dd7412240be493d7ea65ed9eadc", "https://linux.oracle.com/cve/CVE-2022-48929.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/2024082222-CVE-2022-48929-857d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-48929", "https://www.cve.org/CVERecord?id=CVE-2022-48929" ], "PublishedDate": "2024-08-22T04:15:15.773Z", "LastModifiedDate": "2024-08-23T02:00:22.653Z" }, { "VulnerabilityID": "CVE-2022-48976", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-48976", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3122d87f02690a6ec6db652f4b5adb6a07cd5367fa6fcf7988c4a840949e7ccd", "Title": "kernel: netfilter: flowtable_offload: fix using __this_cpu_add in preemptible", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable_offload: fix using __this_cpu_add in preemptible\n\nflow_offload_queue_work() can be called in workqueue without\nbh disabled, like the call trace showed in my act_ct testing,\ncalling NF_FLOW_TABLE_STAT_INC() there would cause a call\ntrace:\n\n BUG: using __this_cpu_add() in preemptible [00000000] code: kworker/u4:0/138560\n caller is flow_offload_queue_work+0xec/0x1b0 [nf_flow_table]\n Workqueue: act_ct_workqueue tcf_ct_flow_table_cleanup_work [act_ct]\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x33/0x46\n check_preemption_disabled+0xc3/0xf0\n flow_offload_queue_work+0xec/0x1b0 [nf_flow_table]\n nf_flow_table_iterate+0x138/0x170 [nf_flow_table]\n nf_flow_table_free+0x140/0x1a0 [nf_flow_table]\n tcf_ct_flow_table_cleanup_work+0x2f/0x2b0 [act_ct]\n process_one_work+0x6a3/0x1030\n worker_thread+0x8a/0xdf0\n\nThis patch fixes it by using NF_FLOW_TABLE_STAT_INC_ATOMIC()\ninstead in flow_offload_queue_work().\n\nNote that for FLOW_CLS_REPLACE branch in flow_offload_queue_work(),\nit may not be called in preemptible path, but it's good to use\nNF_FLOW_TABLE_STAT_INC_ATOMIC() for all cases in\nflow_offload_queue_work().", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-48976", "https://git.kernel.org/linus/a81047154e7ce4eb8769d5d21adcbc9693542a79 (6.1)", "https://git.kernel.org/stable/c/a220a11fda012fba506b35929672374c2723ae6d", "https://git.kernel.org/stable/c/a81047154e7ce4eb8769d5d21adcbc9693542a79", "https://lore.kernel.org/linux-cve-announce/2024102145-CVE-2022-48976-2980@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-48976", "https://www.cve.org/CVERecord?id=CVE-2022-48976" ], "PublishedDate": "2024-10-21T20:15:09.68Z", "LastModifiedDate": "2024-10-25T18:47:40.823Z" }, { "VulnerabilityID": "CVE-2022-48979", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-48979", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:900b552c6def6b7b6243f86406f709daeb31534175fc39d05daccb4a09cf9d32", "Title": "kernel: drm/amd/display: fix array index out of bound error in DCN32 DML", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix array index out of bound error in DCN32 DML\n\n[Why\u0026How]\nLinkCapacitySupport array is indexed with the number of voltage states and\nnot the number of max DPPs. Fix the error by changing the array\ndeclaration to use the correct (larger) array size of total number of\nvoltage states.", "Severity": "MEDIUM", "CweIDs": [ "CWE-129" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-48979", "https://git.kernel.org/linus/aeffc8fb2174f017a10df114bc312f899904dc68 (6.1)", "https://git.kernel.org/stable/c/3d8a298b2e83b98042e6ec726e934f535b23e6aa", "https://git.kernel.org/stable/c/aeffc8fb2174f017a10df114bc312f899904dc68", "https://lore.kernel.org/linux-cve-announce/2024102146-CVE-2022-48979-d40f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-48979", "https://www.cve.org/CVERecord?id=CVE-2022-48979" ], "PublishedDate": "2024-10-21T20:15:09.947Z", "LastModifiedDate": "2024-10-25T18:40:16.227Z" }, { "VulnerabilityID": "CVE-2022-48990", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-48990", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8d54cf87508e36d5cc9926a4d751161280da280f4e9de25599df6fa8b8eab364", "Title": "kernel: drm/amdgpu: fix use-after-free during gpu recovery", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix use-after-free during gpu recovery\n\n[Why]\n [ 754.862560] refcount_t: underflow; use-after-free.\n [ 754.862898] Call Trace:\n [ 754.862903] \u003cTASK\u003e\n [ 754.862913] amdgpu_job_free_cb+0xc2/0xe1 [amdgpu]\n [ 754.863543] drm_sched_main.cold+0x34/0x39 [amd_sched]\n\n[How]\n The fw_fence may be not init, check whether dma_fence_init\n is performed before job free", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-48990", "https://git.kernel.org/linus/3cb93f390453cde4d6afda1587aaa00e75e09617 (6.1-rc7)", "https://git.kernel.org/stable/c/3cb93f390453cde4d6afda1587aaa00e75e09617", "https://git.kernel.org/stable/c/d2a89cd942edd50c1e652004fd64019be78b0a96", "https://lore.kernel.org/linux-cve-announce/2024102148-CVE-2022-48990-1cf1@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-48990", "https://www.cve.org/CVERecord?id=CVE-2022-48990" ], "PublishedDate": "2024-10-21T20:15:10.91Z", "LastModifiedDate": "2024-10-25T16:03:41.527Z" }, { "VulnerabilityID": "CVE-2022-48998", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-48998", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d55edf7a706f8d6901ba2a33d51e2c397b1df671f5db938cae790ba66f5af98d", "Title": "kernel: powerpc/bpf/32: Fix Oops on tail call tests", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/bpf/32: Fix Oops on tail call tests\n\ntest_bpf tail call tests end up as:\n\n test_bpf: #0 Tail call leaf jited:1 85 PASS\n test_bpf: #1 Tail call 2 jited:1 111 PASS\n test_bpf: #2 Tail call 3 jited:1 145 PASS\n test_bpf: #3 Tail call 4 jited:1 170 PASS\n test_bpf: #4 Tail call load/store leaf jited:1 190 PASS\n test_bpf: #5 Tail call load/store jited:1\n BUG: Unable to handle kernel data access on write at 0xf1b4e000\n Faulting instruction address: 0xbe86b710\n Oops: Kernel access of bad area, sig: 11 [#1]\n BE PAGE_SIZE=4K MMU=Hash PowerMac\n Modules linked in: test_bpf(+)\n CPU: 0 PID: 97 Comm: insmod Not tainted 6.1.0-rc4+ #195\n Hardware name: PowerMac3,1 750CL 0x87210 PowerMac\n NIP: be86b710 LR: be857e88 CTR: be86b704\n REGS: f1b4df20 TRAP: 0300 Not tainted (6.1.0-rc4+)\n MSR: 00009032 \u003cEE,ME,IR,DR,RI\u003e CR: 28008242 XER: 00000000\n DAR: f1b4e000 DSISR: 42000000\n GPR00: 00000001 f1b4dfe0 c11d2280 00000000 00000000 00000000 00000002 00000000\n GPR08: f1b4e000 be86b704 f1b4e000 00000000 00000000 100d816a f2440000 fe73baa8\n GPR16: f2458000 00000000 c1941ae4 f1fe2248 00000045 c0de0000 f2458030 00000000\n GPR24: 000003e8 0000000f f2458000 f1b4dc90 3e584b46 00000000 f24466a0 c1941a00\n NIP [be86b710] 0xbe86b710\n LR [be857e88] __run_one+0xec/0x264 [test_bpf]\n Call Trace:\n [f1b4dfe0] [00000002] 0x2 (unreliable)\n Instruction dump:\n XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX\n XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX\n ---[ end trace 0000000000000000 ]---\n\nThis is a tentative to write above the stack. The problem is encoutered\nwith tests added by commit 38608ee7b690 (\"bpf, tests: Add load store\ntest case for tail call\")\n\nThis happens because tail call is done to a BPF prog with a different\nstack_depth. At the time being, the stack is kept as is when the caller\ntail calls its callee. But at exit, the callee restores the stack based\non its own properties. Therefore here, at each run, r1 is erroneously\nincreased by 32 - 16 = 16 bytes.\n\nThis was done that way in order to pass the tail call count from caller\nto callee through the stack. As powerpc32 doesn't have a red zone in\nthe stack, it was necessary the maintain the stack as is for the tail\ncall. But it was not anticipated that the BPF frame size could be\ndifferent.\n\nLet's take a new approach. Use register r4 to carry the tail call count\nduring the tail call, and save it into the stack at function entry if\nrequired. This means the input parameter must be in r3, which is more\ncorrect as it is a 32 bits parameter, then tail call better match with\nnormal BPF function entry, the down side being that we move that input\nparameter back and forth between r3 and r4. That can be optimised later.\n\nDoing that also has the advantage of maximising the common parts between\ntail calls and a normal function exit.\n\nWith the fix, tail call tests are now successfull:\n\n test_bpf: #0 Tail call leaf jited:1 53 PASS\n test_bpf: #1 Tail call 2 jited:1 115 PASS\n test_bpf: #2 Tail call 3 jited:1 154 PASS\n test_bpf: #3 Tail call 4 jited:1 165 PASS\n test_bpf: #4 Tail call load/store leaf jited:1 101 PASS\n test_bpf: #5 Tail call load/store jited:1 141 PASS\n test_bpf: #6 Tail call error path, max count reached jited:1 994 PASS\n test_bpf: #7 Tail call count preserved across function calls jited:1 140975 PASS\n test_bpf: #8 Tail call error path, NULL target jited:1 110 PASS\n test_bpf: #9 Tail call error path, index out of range jited:1 69 PASS\n test_bpf: test_tail_calls: Summary: 10 PASSED, 0 FAILED, [10/10 JIT'ed]", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-48998", "https://git.kernel.org/linus/89d21e259a94f7d5582ec675aa445f5a79f347e4 (6.1-rc8)", "https://git.kernel.org/stable/c/747a6e547240baaaf41874d27333b87b87cfd24c", "https://git.kernel.org/stable/c/89d21e259a94f7d5582ec675aa445f5a79f347e4", "https://lore.kernel.org/linux-cve-announce/2024102149-CVE-2022-48998-1016@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-48998", "https://www.cve.org/CVERecord?id=CVE-2022-48998" ], "PublishedDate": "2024-10-21T20:15:11.57Z", "LastModifiedDate": "2024-11-07T17:08:38.677Z" }, { "VulnerabilityID": "CVE-2022-49069", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49069", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d693abaa05e6187e4b0c82c9d93f82aee871e0208e697a8068aa692448423a84", "Title": "kernel: drm/amd/display: Fix by adding FPU protection for dcn30_internal_validate_bw", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix by adding FPU protection for dcn30_internal_validate_bw\n\n[Why]\nBelow general protection fault observed when WebGL Aquarium is run for\nlonger duration. If drm debug logs are enabled and set to 0x1f then the\nissue is observed within 10 minutes of run.\n\n[ 100.717056] general protection fault, probably for non-canonical address 0x2d33302d32323032: 0000 [#1] PREEMPT SMP NOPTI\n[ 100.727921] CPU: 3 PID: 1906 Comm: DrmThread Tainted: G W 5.15.30 #12 d726c6a2d6ebe5cf9223931cbca6892f916fe18b\n[ 100.754419] RIP: 0010:CalculateSwathWidth+0x1f7/0x44f\n[ 100.767109] Code: 00 00 00 f2 42 0f 11 04 f0 48 8b 85 88 00 00 00 f2 42 0f 10 04 f0 48 8b 85 98 00 00 00 f2 42 0f 11 04 f0 48 8b 45 10 0f 57 c0 \u003cf3\u003e 42 0f 2a 04 b0 0f 57 c9 f3 43 0f 2a 0c b4 e8 8c e2 f3 ff 48 8b\n[ 100.781269] RSP: 0018:ffffa9230079eeb0 EFLAGS: 00010246\n[ 100.812528] RAX: 2d33302d32323032 RBX: 0000000000000500 RCX: 0000000000000000\n[ 100.819656] RDX: 0000000000000001 RSI: ffff99deb712c49c RDI: 0000000000000000\n[ 100.826781] RBP: ffffa9230079ef50 R08: ffff99deb712460c R09: ffff99deb712462c\n[ 100.833907] R10: ffff99deb7124940 R11: ffff99deb7124d70 R12: ffff99deb712ae44\n[ 100.841033] R13: 0000000000000001 R14: 0000000000000000 R15: ffffa9230079f0a0\n[ 100.848159] FS: 00007af121212640(0000) GS:ffff99deba780000(0000) knlGS:0000000000000000\n[ 100.856240] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 100.861980] CR2: 0000209000fe1000 CR3: 000000011b18c000 CR4: 0000000000350ee0\n[ 100.869106] Call Trace:\n[ 100.871555] \u003cTASK\u003e\n[ 100.873655] ? asm_sysvec_reschedule_ipi+0x12/0x20\n[ 100.878449] CalculateSwathAndDETConfiguration+0x1a3/0x6dd\n[ 100.883937] dml31_ModeSupportAndSystemConfigurationFull+0x2ce4/0x76da\n[ 100.890467] ? kallsyms_lookup_buildid+0xc8/0x163\n[ 100.895173] ? kallsyms_lookup_buildid+0xc8/0x163\n[ 100.899874] ? __sprint_symbol+0x80/0x135\n[ 100.903883] ? dm_update_plane_state+0x3f9/0x4d2\n[ 100.908500] ? symbol_string+0xb7/0xde\n[ 100.912250] ? number+0x145/0x29b\n[ 100.915566] ? vsnprintf+0x341/0x5ff\n[ 100.919141] ? desc_read_finalized_seq+0x39/0x87\n[ 100.923755] ? update_load_avg+0x1b9/0x607\n[ 100.927849] ? compute_mst_dsc_configs_for_state+0x7d/0xd5b\n[ 100.933416] ? fetch_pipe_params+0xa4d/0xd0c\n[ 100.937686] ? dc_fpu_end+0x3d/0xa8\n[ 100.941175] dml_get_voltage_level+0x16b/0x180\n[ 100.945619] dcn30_internal_validate_bw+0x10e/0x89b\n[ 100.950495] ? dcn31_validate_bandwidth+0x68/0x1fc\n[ 100.955285] ? resource_build_scaling_params+0x98b/0xb8c\n[ 100.960595] ? dcn31_validate_bandwidth+0x68/0x1fc\n[ 100.965384] dcn31_validate_bandwidth+0x9a/0x1fc\n[ 100.970001] dc_validate_global_state+0x238/0x295\n[ 100.974703] amdgpu_dm_atomic_check+0x9c1/0xbce\n[ 100.979235] ? _printk+0x59/0x73\n[ 100.982467] drm_atomic_check_only+0x403/0x78b\n[ 100.986912] drm_mode_atomic_ioctl+0x49b/0x546\n[ 100.991358] ? drm_ioctl+0x1c1/0x3b3\n[ 100.994936] ? drm_atomic_set_property+0x92a/0x92a\n[ 100.999725] drm_ioctl_kernel+0xdc/0x149\n[ 101.003648] drm_ioctl+0x27f/0x3b3\n[ 101.007051] ? drm_atomic_set_property+0x92a/0x92a\n[ 101.011842] amdgpu_drm_ioctl+0x49/0x7d\n[ 101.015679] __se_sys_ioctl+0x7c/0xb8\n[ 101.015685] do_syscall_64+0x5f/0xb8\n[ 101.015690] ? __irq_exit_rcu+0x34/0x96\n\n[How]\nIt calles populate_dml_pipes which uses doubles to initialize.\nAdding FPU protection avoids context switch and probable loss of vba context\nas there is potential contention while drm debug logs are enabled.", "Severity": "MEDIUM", "VendorSeverity": { "cbl-mariner": 2, "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49069", "https://git.kernel.org/linus/ca1198849ab0e7af5efb392ef6baf1138f6fc086 (5.18-rc2)", "https://git.kernel.org/stable/c/76f4c5e5f99ee7084b555d9a38e8ffeb16ec65a2", "https://git.kernel.org/stable/c/ca1198849ab0e7af5efb392ef6baf1138f6fc086", "https://git.kernel.org/stable/c/e995c5d52ec7415644eee617fc7e906b51aec7ae", "https://lore.kernel.org/linux-cve-announce/2025022654-CVE-2022-49069-2dba@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49069", "https://www.cve.org/CVERecord?id=CVE-2022-49069" ], "PublishedDate": "2025-02-26T07:00:44.12Z", "LastModifiedDate": "2025-10-14T20:00:22.493Z" }, { "VulnerabilityID": "CVE-2022-49108", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49108", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8dab2d965605d075a8965c8e02f22195253d368bd9292ffb4f2768b6af944a7e", "Title": "kernel: clk: mediatek: Fix memory leaks on probe", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: mediatek: Fix memory leaks on probe\n\nHandle the error branches to free memory where required.\n\nAddresses-Coverity-ID: 1491825 (\"Resource leak\")", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49108", "https://git.kernel.org/linus/7a688c91d3fd54c53e7a9edd6052cdae98dd99d8 (5.18-rc1)", "https://git.kernel.org/stable/c/02742d1d5c95cff8b6e9379aae4ab12674f7265d", "https://git.kernel.org/stable/c/7a688c91d3fd54c53e7a9edd6052cdae98dd99d8", "https://git.kernel.org/stable/c/c6a0b413398588fc2d8b174a79ea715b66413fca", "https://lore.kernel.org/linux-cve-announce/2025022601-CVE-2022-49108-328f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49108", "https://www.cve.org/CVERecord?id=CVE-2022-49108" ], "PublishedDate": "2025-02-26T07:00:48.183Z", "LastModifiedDate": "2025-10-01T20:15:47.29Z" }, { "VulnerabilityID": "CVE-2022-49123", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49123", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0cb63112c5b0b8b5eaa18be40856b6c74485f3c078b71bb2cfbb5564c9488515", "Title": "kernel: ath11k: Fix frames flush failure caused by deadlock", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nath11k: Fix frames flush failure caused by deadlock\n\nWe are seeing below warnings:\n\nkernel: [25393.301506] ath11k_pci 0000:01:00.0: failed to flush mgmt transmit queue 0\nkernel: [25398.421509] ath11k_pci 0000:01:00.0: failed to flush mgmt transmit queue 0\nkernel: [25398.421831] ath11k_pci 0000:01:00.0: dropping mgmt frame for vdev 0, is_started 0\n\nthis means ath11k fails to flush mgmt. frames because wmi_mgmt_tx_work\nhas no chance to run in 5 seconds.\n\nBy setting /proc/sys/kernel/hung_task_timeout_secs to 20 and increasing\nATH11K_FLUSH_TIMEOUT to 50 we get below warnings:\n\nkernel: [ 120.763160] INFO: task wpa_supplicant:924 blocked for more than 20 seconds.\nkernel: [ 120.763169] Not tainted 5.10.90 #12\nkernel: [ 120.763177] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\nkernel: [ 120.763186] task:wpa_supplicant state:D stack: 0 pid: 924 ppid: 1 flags:0x000043a0\nkernel: [ 120.763201] Call Trace:\nkernel: [ 120.763214] __schedule+0x785/0x12fa\nkernel: [ 120.763224] ? lockdep_hardirqs_on_prepare+0xe2/0x1bb\nkernel: [ 120.763242] schedule+0x7e/0xa1\nkernel: [ 120.763253] schedule_timeout+0x98/0xfe\nkernel: [ 120.763266] ? run_local_timers+0x4a/0x4a\nkernel: [ 120.763291] ath11k_mac_flush_tx_complete+0x197/0x2b1 [ath11k 13c3a9bf37790f4ac8103b3decf7ab4008ac314a]\nkernel: [ 120.763306] ? init_wait_entry+0x2e/0x2e\nkernel: [ 120.763343] __ieee80211_flush_queues+0x167/0x21f [mac80211 335da900954f1c5ea7f1613d92088ce83342042c]\nkernel: [ 120.763378] __ieee80211_recalc_idle+0x105/0x125 [mac80211 335da900954f1c5ea7f1613d92088ce83342042c]\nkernel: [ 120.763411] ieee80211_recalc_idle+0x14/0x27 [mac80211 335da900954f1c5ea7f1613d92088ce83342042c]\nkernel: [ 120.763441] ieee80211_free_chanctx+0x77/0xa2 [mac80211 335da900954f1c5ea7f1613d92088ce83342042c]\nkernel: [ 120.763473] __ieee80211_vif_release_channel+0x100/0x131 [mac80211 335da900954f1c5ea7f1613d92088ce83342042c]\nkernel: [ 120.763540] ieee80211_vif_release_channel+0x66/0x81 [mac80211 335da900954f1c5ea7f1613d92088ce83342042c]\nkernel: [ 120.763572] ieee80211_destroy_auth_data+0xa3/0xe6 [mac80211 335da900954f1c5ea7f1613d92088ce83342042c]\nkernel: [ 120.763612] ieee80211_mgd_deauth+0x178/0x29b [mac80211 335da900954f1c5ea7f1613d92088ce83342042c]\nkernel: [ 120.763654] cfg80211_mlme_deauth+0x1a8/0x22c [cfg80211 8945aa5bc2af5f6972336665d8ad6f9c191ad5be]\nkernel: [ 120.763697] nl80211_deauthenticate+0xfa/0x123 [cfg80211 8945aa5bc2af5f6972336665d8ad6f9c191ad5be]\nkernel: [ 120.763715] genl_rcv_msg+0x392/0x3c2\nkernel: [ 120.763750] ? nl80211_associate+0x432/0x432 [cfg80211 8945aa5bc2af5f6972336665d8ad6f9c191ad5be]\nkernel: [ 120.763782] ? nl80211_associate+0x432/0x432 [cfg80211 8945aa5bc2af5f6972336665d8ad6f9c191ad5be]\nkernel: [ 120.763802] ? genl_rcv+0x36/0x36\nkernel: [ 120.763814] netlink_rcv_skb+0x89/0xf7\nkernel: [ 120.763829] genl_rcv+0x28/0x36\nkernel: [ 120.763840] netlink_unicast+0x179/0x24b\nkernel: [ 120.763854] netlink_sendmsg+0x393/0x401\nkernel: [ 120.763872] sock_sendmsg+0x72/0x76\nkernel: [ 120.763886] ____sys_sendmsg+0x170/0x1e6\nkernel: [ 120.763897] ? copy_msghdr_from_user+0x7a/0xa2\nkernel: [ 120.763914] ___sys_sendmsg+0x95/0xd1\nkernel: [ 120.763940] __sys_sendmsg+0x85/0xbf\nkernel: [ 120.763956] do_syscall_64+0x43/0x55\nkernel: [ 120.763966] entry_SYSCALL_64_after_hwframe+0x44/0xa9\nkernel: [ 120.763977] RIP: 0033:0x79089f3fcc83\nkernel: [ 120.763986] RSP: 002b:00007ffe604f0508 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nkernel: [ 120.763997] RAX: ffffffffffffffda RBX: 000059b40e987690 RCX: 000079089f3fcc83\nkernel: [ 120.764006] RDX: 0000000000000000 RSI: 00007ffe604f0558 RDI: 0000000000000009\nkernel: [ 120.764014] RBP: 00007ffe604f0540 R08: 0000000000000004 R09: 0000000000400000\nkernel: [ 120.764023] R10: 00007ffe604f0638 R11: 0000000000000246 R12: 000059b40ea04980\nkernel: [ 120.764032] R13: 00007ffe604\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49123", "https://git.kernel.org/linus/261b07519518bd14cb168b287b17e1d195f8d0c8 (5.18-rc1)", "https://git.kernel.org/stable/c/261b07519518bd14cb168b287b17e1d195f8d0c8", "https://git.kernel.org/stable/c/33e723dc054edfc94da90eecca3b72cb424ce4a3", "https://lore.kernel.org/linux-cve-announce/2025022604-CVE-2022-49123-8a84@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49123", "https://www.cve.org/CVERecord?id=CVE-2022-49123" ], "PublishedDate": "2025-02-26T07:00:49.64Z", "LastModifiedDate": "2025-10-01T20:15:48.9Z" }, { "VulnerabilityID": "CVE-2022-49124", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49124", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d206d044f354c0647d59d4a597dd3b58c2a89ae441dc93ae5f9e93d3fcd50360", "Title": "kernel: x86/mce: Work around an erratum on fast string copy instructions", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mce: Work around an erratum on fast string copy instructions\n\nA rare kernel panic scenario can happen when the following conditions\nare met due to an erratum on fast string copy instructions:\n\n1) An uncorrected error.\n2) That error must be in first cache line of a page.\n3) Kernel must execute page_copy from the page immediately before that\npage.\n\nThe fast string copy instructions (\"REP; MOVS*\") could consume an\nuncorrectable memory error in the cache line _right after_ the desired\nregion to copy and raise an MCE.\n\nBit 0 of MSR_IA32_MISC_ENABLE can be cleared to disable fast string\ncopy and will avoid such spurious machine checks. However, that is less\npreferable due to the permanent performance impact. Considering memory\npoison is rare, it's desirable to keep fast string copy enabled until an\nMCE is seen.\n\nIntel has confirmed the following:\n1. The CPU erratum of fast string copy only applies to Skylake,\nCascade Lake and Cooper Lake generations.\n\nDirectly return from the MCE handler:\n2. Will result in complete execution of the \"REP; MOVS*\" with no data\nloss or corruption.\n3. Will not result in another MCE firing on the next poisoned cache line\ndue to \"REP; MOVS*\".\n4. Will resume execution from a correct point in code.\n5. Will result in the same instruction that triggered the MCE firing a\nsecond MCE immediately for any other software recoverable data fetch\nerrors.\n6. Is not safe without disabling the fast string copy, as the next fast\nstring copy of the same buffer on the same CPU would result in a PANIC\nMCE.\n\nThis should mitigate the erratum completely with the only caveat that\nthe fast string copy is disabled on the affected hyper thread thus\nperformance degradation.\n\nThis is still better than the OS crashing on MCEs raised on an\nirrelevant process due to \"REP; MOVS*' accesses in a kernel context,\ne.g., copy_page.\n\n\nInjected errors on 1st cache line of 8 anonymous pages of process\n'proc1' and observed MCE consumption from 'proc2' with no panic\n(directly returned).\n\nWithout the fix, the host panicked within a few minutes on a\nrandom 'proc2' process due to kernel access from copy_page.\n\n [ bp: Fix comment style + touch ups, zap an unlikely(), improve the\n quirk function's readability. ]", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49124", "https://git.kernel.org/linus/8ca97812c3c830573f965a07bbd84223e8c5f5bd (5.18-rc1)", "https://git.kernel.org/stable/c/8ca97812c3c830573f965a07bbd84223e8c5f5bd", "https://git.kernel.org/stable/c/ba37c73be3d5632f6fb9fa20b250ce45560ca85d", "https://lore.kernel.org/linux-cve-announce/2025022604-CVE-2022-49124-b593@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49124", "https://www.cve.org/CVERecord?id=CVE-2022-49124" ], "PublishedDate": "2025-02-26T07:00:49.74Z", "LastModifiedDate": "2025-10-15T19:44:53.177Z" }, { "VulnerabilityID": "CVE-2022-49125", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49125", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:bbff0675cd7d4b9d1437899ecbeeac388de8946238f9d89f1092532c5c78d9ee", "Title": "kernel: drm/sprd: fix potential NULL dereference", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/sprd: fix potential NULL dereference\n\n'drm' could be null in sprd_drm_shutdown, and drm_warn maybe dereference\nit, remove this warning log.\n\n\nv1 -\u003e v2:\n- Split checking platform_get_resource() return value to a separate patch\n- Use dev_warn() instead of removing the warning log", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49125", "https://git.kernel.org/linus/8668658aebb0a19d877d5a81c004baf716c4aaa6 (5.18-rc1)", "https://git.kernel.org/stable/c/8668658aebb0a19d877d5a81c004baf716c4aaa6", "https://git.kernel.org/stable/c/c3acc8db1bc221604e2db9807f01d8a44b97a64d", "https://lore.kernel.org/linux-cve-announce/2025022604-CVE-2022-49125-5909@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49125", "https://www.cve.org/CVERecord?id=CVE-2022-49125" ], "PublishedDate": "2025-02-26T07:00:49.837Z", "LastModifiedDate": "2025-10-01T20:15:49.127Z" }, { "VulnerabilityID": "CVE-2022-49127", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49127", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8f3131c3d0cd5c70114c1307b42e82f20f0d298f100024b8d39dea95efd7faf6", "Title": "kernel: ref_tracker: implement use-after-free detection", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nref_tracker: implement use-after-free detection\n\nWhenever ref_tracker_dir_init() is called, mark the struct ref_tracker_dir\nas dead.\n\nTest the dead status from ref_tracker_alloc() and ref_tracker_free()\n\nThis should detect buggy dev_put()/dev_hold() happening too late\nin netdevice dismantle process.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49127", "https://git.kernel.org/linus/e3ececfe668facd87d920b608349a32607060e66 (5.18-rc1)", "https://git.kernel.org/stable/c/3743c9de303fa36c2e2ca2522ab280c52bcafbd2", "https://git.kernel.org/stable/c/e3ececfe668facd87d920b608349a32607060e66", "https://lore.kernel.org/linux-cve-announce/2025022605-CVE-2022-49127-15e6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49127", "https://www.cve.org/CVERecord?id=CVE-2022-49127" ], "PublishedDate": "2025-02-26T07:00:50.023Z", "LastModifiedDate": "2025-03-25T16:19:12.31Z" }, { "VulnerabilityID": "CVE-2022-49133", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49133", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3e97f4a8685d920b5c1502710d062ab48cf8a8afbde3f4cd6b68dae016a8b74b", "Title": "kernel: drm/amdkfd: svm range restore work deadlock when process exit", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: svm range restore work deadlock when process exit\n\nkfd_process_notifier_release flush svm_range_restore_work\nwhich calls svm_range_list_lock_and_flush_work to flush deferred_list\nwork, but if deferred_list work mmput release the last user, it will\ncall exit_mmap -\u003e notifier_release, it is deadlock with below backtrace.\n\nMove flush svm_range_restore_work to kfd_process_wq_release to avoid\ndeadlock. Then svm_range_restore_work take task-\u003emm ref to avoid mm is\ngone while validating and mapping ranges to GPU.\n\nWorkqueue: events svm_range_deferred_list_work [amdgpu]\nCall Trace:\n wait_for_completion+0x94/0x100\n __flush_work+0x12a/0x1e0\n __cancel_work_timer+0x10e/0x190\n cancel_delayed_work_sync+0x13/0x20\n kfd_process_notifier_release+0x98/0x2a0 [amdgpu]\n __mmu_notifier_release+0x74/0x1f0\n exit_mmap+0x170/0x200\n mmput+0x5d/0x130\n svm_range_deferred_list_work+0x104/0x230 [amdgpu]\n process_one_work+0x220/0x3c0", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49133", "https://git.kernel.org/linus/6225bb3a88d22594aacea2485dc28ca12d596721 (5.18-rc1)", "https://git.kernel.org/stable/c/6225bb3a88d22594aacea2485dc28ca12d596721", "https://git.kernel.org/stable/c/858822905f4bf44100d63c5e22e263109976f7cb", "https://git.kernel.org/stable/c/a6be83086e91891081e0589e4b4645bf4643e897", "https://lore.kernel.org/linux-cve-announce/2025022606-CVE-2022-49133-d5c9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49133", "https://www.cve.org/CVERecord?id=CVE-2022-49133" ], "PublishedDate": "2025-02-26T07:00:50.59Z", "LastModifiedDate": "2025-10-15T19:46:01.45Z" }, { "VulnerabilityID": "CVE-2022-49134", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49134", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ee0fb1d7576e5ce9de1db58a7ac82dbc1939ec192cde3e1cbcea15c2322e09df", "Title": "kernel: mlxsw: spectrum: Guard against invalid local ports", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum: Guard against invalid local ports\n\nWhen processing events generated by the device's firmware, the driver\nprotects itself from events reported for non-existent local ports, but\nnot for the CPU port (local port 0), which exists, but does not have all\nthe fields as any local port.\n\nThis can result in a NULL pointer dereference when trying access\n'struct mlxsw_sp_port' fields which are not initialized for CPU port.\n\nCommit 63b08b1f6834 (\"mlxsw: spectrum: Protect driver from buggy firmware\")\nalready handled such issue by bailing early when processing a PUDE event\nreported for the CPU port.\n\nGeneralize the approach by moving the check to a common function and\nmaking use of it in all relevant places.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49134", "https://git.kernel.org/linus/bcdfd615f83b4bd04678109bf18022d1476e4bbf (5.18-rc1)", "https://git.kernel.org/stable/c/4cad27ba2e5a5843a7fab5aa30de2b8e8c3db3a8", "https://git.kernel.org/stable/c/bcdfd615f83b4bd04678109bf18022d1476e4bbf", "https://lore.kernel.org/linux-cve-announce/2025022606-CVE-2022-49134-f6cf@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49134", "https://www.cve.org/CVERecord?id=CVE-2022-49134" ], "PublishedDate": "2025-02-26T07:00:50.68Z", "LastModifiedDate": "2025-10-01T20:15:50.087Z" }, { "VulnerabilityID": "CVE-2022-49136", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49136", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:59f77e84d9d0b500c8d19d457170a32d0b718c9c93b405046afaf1a44fbccedb", "Title": "kernel: Bluetooth: hci_sync: Fix queuing commands when HCI_UNREGISTER is set", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_sync: Fix queuing commands when HCI_UNREGISTER is set\n\nhci_cmd_sync_queue shall return an error if HCI_UNREGISTER flag has\nbeen set as that means hci_unregister_dev has been called so it will\nlikely cause a uaf after the timeout as the hdev will be freed.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "alma": 3, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:10670", "https://access.redhat.com/security/cve/CVE-2022-49136", "https://bugzilla.redhat.com/2347952", "https://bugzilla.redhat.com/2348179", "https://bugzilla.redhat.com/2363432", "https://errata.almalinux.org/8/ALSA-2025-10670.html", "https://git.kernel.org/linus/0b94f2651f56b9e4aa5f012b0d7eb57308c773cf (5.18-rc1)", "https://git.kernel.org/stable/c/0b94f2651f56b9e4aa5f012b0d7eb57308c773cf", "https://git.kernel.org/stable/c/1c69ef84a808676cceb69210addf5df45b741323", "https://linux.oracle.com/cve/CVE-2022-49136.html", "https://linux.oracle.com/errata/ELSA-2025-10669.html", "https://lore.kernel.org/linux-cve-announce/2025022606-CVE-2022-49136-033c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49136", "https://www.cve.org/CVERecord?id=CVE-2022-49136" ], "PublishedDate": "2025-02-26T07:00:50.867Z", "LastModifiedDate": "2025-03-25T16:13:39.227Z" }, { "VulnerabilityID": "CVE-2022-49138", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49138", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d5da47c11c63bd7fe6cb578e1a46b4d7ea05399a7109735d919698b5429b222e", "Title": "kernel: Bluetooth: hci_event: Ignore multiple conn complete events", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: Ignore multiple conn complete events\n\nWhen one of the three connection complete events is received multiple\ntimes for the same handle, the device is registered multiple times which\nleads to memory corruptions. Therefore, consequent events for a single\nconnection are ignored.\n\nThe conn-\u003estate can hold different values, therefore HCI_CONN_HANDLE_UNSET\nis introduced to identify new connections. To make sure the events do not\ncontain this or another invalid handle HCI_CONN_HANDLE_MAX and checks\nare introduced.\n\nBuglink: https://bugzilla.kernel.org/show_bug.cgi?id=215497", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49138", "https://git.kernel.org/linus/d5ebaa7c5f6f688959e8d40840b2249ede63b8ed (5.18-rc1)", "https://git.kernel.org/stable/c/aa1ca580e3ffe62a2c5ea1c095b609b2943c5269", "https://git.kernel.org/stable/c/d5ebaa7c5f6f688959e8d40840b2249ede63b8ed", "https://lore.kernel.org/linux-cve-announce/2025022606-CVE-2022-49138-a241@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49138", "https://www.cve.org/CVERecord?id=CVE-2022-49138" ], "PublishedDate": "2025-02-26T07:00:51.047Z", "LastModifiedDate": "2025-09-23T18:23:18.157Z" }, { "VulnerabilityID": "CVE-2022-49161", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49161", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b27f30c3787623aae2a5c26f0c9bd7ec4bccdcd398f077a0680ed1ee8dbe08aa", "Title": "kernel: ASoC: mediatek: Fix error handling in mt8183_da7219_max98357_dev_probe", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mediatek: Fix error handling in mt8183_da7219_max98357_dev_probe\n\nThe device_node pointer is returned by of_parse_phandle() with refcount\nincremented. We should use of_node_put() on it when done.\n\nThis function only calls of_node_put() in the regular path.\nAnd it will cause refcount leak in error paths.\nFix this by calling of_node_put() in error handling too.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49161", "https://git.kernel.org/linus/28a265a1ee11febeec5ea73a804f30dcec3181ca (5.18-rc1)", "https://git.kernel.org/stable/c/28a265a1ee11febeec5ea73a804f30dcec3181ca", "https://git.kernel.org/stable/c/9b9f6227e8d0c7c46b6d9d7b8a5c4e0536049fcf", "https://lore.kernel.org/linux-cve-announce/2025022611-CVE-2022-49161-ff61@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49161", "https://www.cve.org/CVERecord?id=CVE-2022-49161" ], "PublishedDate": "2025-02-26T07:00:53.28Z", "LastModifiedDate": "2025-09-23T14:16:08.97Z" }, { "VulnerabilityID": "CVE-2022-49167", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49167", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:10a4c6871619c482604e1c3c7b1cfdf6f536cb15efb10c1be3251ee91745814d", "Title": "kernel: btrfs: do not double complete bio on errors during compressed reads", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not double complete bio on errors during compressed reads\n\nI hit some weird panics while fixing up the error handling from\nbtrfs_lookup_bio_sums(). Turns out the compression path will complete\nthe bio we use if we set up any of the compression bios and then return\nan error, and then btrfs_submit_data_bio() will also call bio_endio() on\nthe bio.\n\nFix this by making btrfs_submit_compressed_read() responsible for\ncalling bio_endio() on the bio if there are any errors. Currently it\nwas only doing it if we created the compression bios, otherwise it was\ndepending on btrfs_submit_data_bio() to do the right thing. This\ncreates the above problem, so fix up btrfs_submit_compressed_read() to\nalways call bio_endio() in case of an error, and then simply return from\nbtrfs_submit_data_bio() if we had to call\nbtrfs_submit_compressed_read().", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49167", "https://git.kernel.org/linus/f9f15de85d74e7eef021af059ca53a15f041cdd8 (5.18-rc1)", "https://git.kernel.org/stable/c/4a4ceb2b990771c374d85d496a1a45255dde48e3", "https://git.kernel.org/stable/c/987b5df1d10355d377315a26e7fb6c72ded83c9f", "https://git.kernel.org/stable/c/f9f15de85d74e7eef021af059ca53a15f041cdd8", "https://lore.kernel.org/linux-cve-announce/2025022612-CVE-2022-49167-d747@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49167", "https://www.cve.org/CVERecord?id=CVE-2022-49167" ], "PublishedDate": "2025-02-26T07:00:53.837Z", "LastModifiedDate": "2025-10-21T17:13:31.16Z" }, { "VulnerabilityID": "CVE-2022-49172", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49172", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:df636b966df9d7c4b6292e96ed67ad0cd12029d17a30865ac44acf4fab2fd9e3", "Title": "kernel: parisc: Fix non-access data TLB cache flush faults", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nparisc: Fix non-access data TLB cache flush faults\n\nWhen a page is not present, we get non-access data TLB faults from\nthe fdc and fic instructions in flush_user_dcache_range_asm and\nflush_user_icache_range_asm. When these occur, the cache line is\nnot invalidated and potentially we get memory corruption. The\nproblem was hidden by the nullification of the flush instructions.\n\nThese faults also affect performance. With pa8800/pa8900 processors,\nthere will be 32 faults per 4 KB page since the cache line is 128\nbytes. There will be more faults with earlier processors.\n\nThe problem is fixed by using flush_cache_pages(). It does the flush\nusing a tmp alias mapping.\n\nThe flush_cache_pages() call in flush_cache_range() flushed too\nlarge a range.\n\nV2: Remove unnecessary preempt_disable() and preempt_enable() calls.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49172", "https://git.kernel.org/linus/f839e5f1cef36ce268950c387129b1bfefdaebc9 (5.18-rc1)", "https://git.kernel.org/stable/c/b3d6adb3a49d82e4e557c5fc16f50c9ff731da5d", "https://git.kernel.org/stable/c/ddca4b82027e2a66333dd40fab21a4beff435c7e", "https://git.kernel.org/stable/c/f839e5f1cef36ce268950c387129b1bfefdaebc9", "https://lore.kernel.org/linux-cve-announce/2025022612-CVE-2022-49172-3fe3@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49172", "https://www.cve.org/CVERecord?id=CVE-2022-49172" ], "PublishedDate": "2025-02-26T07:00:54.313Z", "LastModifiedDate": "2025-09-23T13:42:30.587Z" }, { "VulnerabilityID": "CVE-2022-49173", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49173", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ef7c88746ada1feb2345fe9b81fd95965b27b8d76e3c4140627733cdcd7cd679", "Title": "kernel: spi: fsi: Implement a timeout for polling status", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: fsi: Implement a timeout for polling status\n\nThe data transfer routines must poll the status register to\ndetermine when more data can be shifted in or out. If the hardware\ngets into a bad state, these polling loops may never exit. Prevent\nthis by returning an error if a timeout is exceeded.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49173", "https://git.kernel.org/linus/89b35e3f28514087d3f1e28e8f5634fbfd07c554 (5.18-rc1)", "https://git.kernel.org/stable/c/89b35e3f28514087d3f1e28e8f5634fbfd07c554", "https://git.kernel.org/stable/c/d4982ceb137e6ecd2b466a6de639790a148cf19a", "https://git.kernel.org/stable/c/dac1438f347d3b8cf892105c94e254f29c5764de", "https://lore.kernel.org/linux-cve-announce/2025022613-CVE-2022-49173-4844@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49173", "https://www.cve.org/CVERecord?id=CVE-2022-49173" ], "PublishedDate": "2025-02-26T07:00:54.407Z", "LastModifiedDate": "2025-10-22T17:14:47.427Z" }, { "VulnerabilityID": "CVE-2022-49177", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49177", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d34fb1ce7a56c6d4bbe45d0777d820d3ee6581f189b9fd68ec0cde055522d341", "Title": "kernel: hwrng: cavium - fix NULL but dereferenced coccicheck error", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwrng: cavium - fix NULL but dereferenced coccicheck error\n\nFix following coccicheck warning:\n./drivers/char/hw_random/cavium-rng-vf.c:182:17-20: ERROR:\npdev is NULL but dereferenced.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49177", "https://git.kernel.org/linus/e6205ad58a7ac194abfb33897585b38687d797fa (5.18-rc1)", "https://git.kernel.org/stable/c/e47b12f9415169eceda6770fcf45802e0c8d2a66", "https://git.kernel.org/stable/c/e6205ad58a7ac194abfb33897585b38687d797fa", "https://lore.kernel.org/linux-cve-announce/2025022613-CVE-2022-49177-f751@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49177", "https://www.cve.org/CVERecord?id=CVE-2022-49177" ], "PublishedDate": "2025-02-26T07:00:54.85Z", "LastModifiedDate": "2025-10-01T20:15:52.753Z" }, { "VulnerabilityID": "CVE-2022-49178", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49178", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6a1a4c343dc3e501be3d254c5025671a5e6b66b734b98014908eceaabfcff562", "Title": "kernel: memstick/mspro_block: fix handling of read-only devices", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemstick/mspro_block: fix handling of read-only devices\n\nUse set_disk_ro to propagate the read-only state to the block layer\ninstead of checking for it in -\u003eopen and leaking a reference in case\nof a read-only device.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49178", "https://git.kernel.org/linus/6dab421bfe06a59bf8f212a72e34673e8acf2018 (5.18-rc1)", "https://git.kernel.org/stable/c/057b53c4f87690d626203acef8b63d52a9bf2f43", "https://git.kernel.org/stable/c/6a0725b9d78ff6efdc95a37e4f05072e79c63918", "https://git.kernel.org/stable/c/6dab421bfe06a59bf8f212a72e34673e8acf2018", "https://lore.kernel.org/linux-cve-announce/2025022614-CVE-2022-49178-b663@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49178", "https://www.cve.org/CVERecord?id=CVE-2022-49178" ], "PublishedDate": "2025-02-26T07:00:54.947Z", "LastModifiedDate": "2025-09-23T13:43:49.667Z" }, { "VulnerabilityID": "CVE-2022-49203", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49203", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:532d55c54ad343a82ea0fdbf53d935f805d1daa280fc940e7e57c621db891e9c", "Title": "kernel: drm/amd/display: Fix double free during GPU reset on DC streams", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix double free during GPU reset on DC streams\n\n[Why]\nThe issue only occurs during the GPU reset code path.\n\nWe first backup the current state prior to commiting 0 streams\ninternally from DM to DC. This state backup contains valid link\nencoder assignments.\n\nDC will clear the link encoder assignments as part of current state\n(but not the backup, since it was a copied before the commit) and\nfree the extra stream reference it held.\n\nDC requires that the link encoder assignments remain cleared/invalid\nprior to commiting. Since the backup still has valid assignments we\ncall the interface post reset to clear them. This routine also\nreleases the extra reference that the link encoder interface held -\nresulting in a double free (and eventually a NULL pointer dereference).\n\n[How]\nWe'll have to do a full DC commit anyway after GPU reset because\nthe stream count previously went to 0.\n\nWe don't need to retain the assignment that we had backed up, so\njust copy off of the now clean current state assignment after the\nreset has occcurred with the new link_enc_cfg_copy() interface.", "Severity": "MEDIUM", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49203", "https://git.kernel.org/linus/32685b32d825ca08c5dec826477332df886c4743 (5.18-rc1)", "https://git.kernel.org/stable/c/32685b32d825ca08c5dec826477332df886c4743", "https://git.kernel.org/stable/c/bbfcdd6289ba6f00f0cd7d496946dce9f6c600ac", "https://lore.kernel.org/linux-cve-announce/2025022618-CVE-2022-49203-48ec@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49203", "https://www.cve.org/CVERecord?id=CVE-2022-49203" ], "PublishedDate": "2025-02-26T07:00:57.357Z", "LastModifiedDate": "2025-10-01T20:15:55.04Z" }, { "VulnerabilityID": "CVE-2022-49218", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49218", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b0e2da5fce5af5dbfe16a170d4e18d1217764ec7aaace98320538fb98ae9a425", "Title": "kernel: drm/dp: Fix OOB read when handling Post Cursor2 register", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/dp: Fix OOB read when handling Post Cursor2 register\n\nThe link_status array was not large enough to read the Adjust Request\nPost Cursor2 register, so remove the common helper function to avoid\nan OOB read, found with a -Warray-bounds build:\n\ndrivers/gpu/drm/drm_dp_helper.c: In function 'drm_dp_get_adjust_request_post_cursor':\ndrivers/gpu/drm/drm_dp_helper.c:59:27: error: array subscript 10 is outside array bounds of 'const u8[6]' {aka 'const unsigned char[6]'} [-Werror=array-bounds]\n 59 | return link_status[r - DP_LANE0_1_STATUS];\n | ~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~\ndrivers/gpu/drm/drm_dp_helper.c:147:51: note: while referencing 'link_status'\n 147 | u8 drm_dp_get_adjust_request_post_cursor(const u8 link_status[DP_LINK_STATUS_SIZE],\n | ~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nReplace the only user of the helper with an open-coded fetch and decode,\nsimilar to drivers/gpu/drm/amd/display/dc/core/dc_link_dp.c.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49218", "https://git.kernel.org/linus/a2151490cc6c57b368d7974ffd447a8b36ade639 (5.18-rc1)", "https://git.kernel.org/stable/c/a2151490cc6c57b368d7974ffd447a8b36ade639", "https://git.kernel.org/stable/c/aeaed9a9fe694f8b1462fb81e2d33298c929180b", "https://lore.kernel.org/linux-cve-announce/2025022621-CVE-2022-49218-26ee@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49218", "https://www.cve.org/CVERecord?id=CVE-2022-49218" ], "PublishedDate": "2025-02-26T07:00:58.89Z", "LastModifiedDate": "2025-10-01T20:15:57.24Z" }, { "VulnerabilityID": "CVE-2022-49234", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49234", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:92d928e24849b64695fb1c60e33f8a45821beda9a10e694abe6c9461b0856a33", "Title": "kernel: net: dsa: Avoid cross-chip syncing of VLAN filtering", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: Avoid cross-chip syncing of VLAN filtering\n\nChanges to VLAN filtering are not applicable to cross-chip\nnotifications.\n\nOn a system like this:\n\n.-----. .-----. .-----.\n| sw1 +---+ sw2 +---+ sw3 |\n'-1-2-' '-1-2-' '-1-2-'\n\nBefore this change, upon sw1p1 leaving a bridge, a call to\ndsa_port_vlan_filtering would also be made to sw2p1 and sw3p1.\n\nIn this scenario:\n\n.---------. .-----. .-----.\n| sw1 +---+ sw2 +---+ sw3 |\n'-1-2-3-4-' '-1-2-' '-1-2-'\n\nWhen sw1p4 would leave a bridge, dsa_port_vlan_filtering would be\ncalled for sw2 and sw3 with a non-existing port - leading to array\nout-of-bounds accesses and crashes on mv88e6xxx.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "nvd": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49234", "https://git.kernel.org/linus/108dc8741c203e9d6ce4e973367f1bac20c7192b (5.18-rc1)", "https://git.kernel.org/stable/c/108dc8741c203e9d6ce4e973367f1bac20c7192b", "https://git.kernel.org/stable/c/e1f2a4dd8d433eec393d09273a78a3d3551339cf", "https://lore.kernel.org/linux-cve-announce/2025022623-CVE-2022-49234-b4b1@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49234", "https://www.cve.org/CVERecord?id=CVE-2022-49234" ], "PublishedDate": "2025-02-26T07:01:00.407Z", "LastModifiedDate": "2025-09-22T21:03:34.317Z" }, { "VulnerabilityID": "CVE-2022-49245", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49245", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b7feb628e132fe8aaf97f6493892c49460d831657cda59cea2b09fb3a5b9b1c6", "Title": "kernel: ASoC: rockchip: Fix PM usage reference of rockchip_i2s_tdm_resume", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: rockchip: Fix PM usage reference of rockchip_i2s_tdm_resume\n\npm_runtime_get_sync will increment pm usage counter\neven it failed. Forgetting to putting operation will\nresult in reference leak here. We fix it by replacing\nit with pm_runtime_resume_and_get to keep usage counter\nbalanced.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49245", "https://git.kernel.org/linus/cc5d8ac95663a5813c696008bc524b794d471215 (5.18-rc1)", "https://git.kernel.org/stable/c/4e5510219111607b1f1875ab3c3f0485ba3c381c", "https://git.kernel.org/stable/c/5c1834aac759ddfd0f17c9f38db1b30adc8eb4e8", "https://git.kernel.org/stable/c/cc5d8ac95663a5813c696008bc524b794d471215", "https://lore.kernel.org/linux-cve-announce/2025022625-CVE-2022-49245-dcd4@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49245", "https://www.cve.org/CVERecord?id=CVE-2022-49245" ], "PublishedDate": "2025-02-26T07:01:01.45Z", "LastModifiedDate": "2025-09-22T21:17:51.69Z" }, { "VulnerabilityID": "CVE-2022-49296", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49296", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d0df0d25fdf0422acf23e78c27d6b1dae8c977240f8290e646cd6052c23c3d92", "Title": "kernel: ceph: fix possible deadlock when holding Fwb to get inline_data", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: fix possible deadlock when holding Fwb to get inline_data\n\n1, mount with wsync.\n2, create a file with O_RDWR, and the request was sent to mds.0:\n\n ceph_atomic_open()--\u003e\n ceph_mdsc_do_request(openc)\n finish_open(file, dentry, ceph_open)--\u003e\n ceph_open()--\u003e\n ceph_init_file()--\u003e\n ceph_init_file_info()--\u003e\n ceph_uninline_data()--\u003e\n {\n ...\n if (inline_version == 1 || /* initial version, no data */\n inline_version == CEPH_INLINE_NONE)\n goto out_unlock;\n ...\n }\n\nThe inline_version will be 1, which is the initial version for the\nnew create file. And here the ci-\u003ei_inline_version will keep with 1,\nit's buggy.\n\n3, buffer write to the file immediately:\n\n ceph_write_iter()--\u003e\n ceph_get_caps(file, need=Fw, want=Fb, ...);\n generic_perform_write()--\u003e\n a_ops-\u003ewrite_begin()--\u003e\n ceph_write_begin()--\u003e\n netfs_write_begin()--\u003e\n netfs_begin_read()--\u003e\n netfs_rreq_submit_slice()--\u003e\n netfs_read_from_server()--\u003e\n rreq-\u003enetfs_ops-\u003eissue_read()--\u003e\n ceph_netfs_issue_read()--\u003e\n {\n ...\n if (ci-\u003ei_inline_version != CEPH_INLINE_NONE \u0026\u0026\n ceph_netfs_issue_op_inline(subreq))\n return;\n ...\n }\n ceph_put_cap_refs(ci, Fwb);\n\nThe ceph_netfs_issue_op_inline() will send a getattr(Fsr) request to\nmds.1.\n\n4, then the mds.1 will request the rd lock for CInode::filelock from\nthe auth mds.0, the mds.0 will do the CInode::filelock state transation\nfrom excl --\u003e sync, but it need to revoke the Fxwb caps back from the\nclients.\n\nWhile the kernel client has aleady held the Fwb caps and waiting for\nthe getattr(Fsr).\n\nIt's deadlock!\n\nURL: https://tracker.ceph.com/issues/55377", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49296", "https://git.kernel.org/linus/825978fd6a0defc3c29d8a38b6cea76a0938d21e (5.19-rc1)", "https://git.kernel.org/stable/c/292b7a7275ce535a1abfa4dd0b2e586162aaae1e", "https://git.kernel.org/stable/c/825978fd6a0defc3c29d8a38b6cea76a0938d21e", "https://lore.kernel.org/linux-cve-announce/2025022625-CVE-2022-49296-f8f1@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49296", "https://www.cve.org/CVERecord?id=CVE-2022-49296" ], "PublishedDate": "2025-02-26T07:01:06.433Z", "LastModifiedDate": "2025-10-01T20:16:02.43Z" }, { "VulnerabilityID": "CVE-2022-49303", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49303", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e874c8914b960137e1f416e4820f21843e893ac5aada18174fa31fad4d9fbd34", "Title": "kernel: drivers: staging: rtl8192eu: Fix deadlock in rtw_joinbss_event_prehandle", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: staging: rtl8192eu: Fix deadlock in rtw_joinbss_event_prehandle\n\nThere is a deadlock in rtw_joinbss_event_prehandle(), which is shown below:\n\n (Thread 1) | (Thread 2)\n | _set_timer()\nrtw_joinbss_event_prehandle()| mod_timer()\n spin_lock_bh() //(1) | (wait a time)\n ... | rtw_join_timeout_handler()\n | _rtw_join_timeout_handler()\n del_timer_sync() | spin_lock_bh() //(2)\n (wait timer to stop) | ...\n\nWe hold pmlmepriv-\u003elock in position (1) of thread 1 and\nuse del_timer_sync() to wait timer to stop, but timer handler\nalso need pmlmepriv-\u003elock in position (2) of thread 2.\nAs a result, rtw_joinbss_event_prehandle() will block forever.\n\nThis patch extracts del_timer_sync() from the protection of\nspin_lock_bh(), which could let timer handler to obtain\nthe needed lock. What`s more, we change spin_lock_bh() to\nspin_lock_irq() in _rtw_join_timeout_handler() in order to\nprevent deadlock.", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49303", "https://git.kernel.org/linus/0fcddf9c7c10202946d5b19409efbdff744fba88 (5.19-rc1)", "https://git.kernel.org/stable/c/0fcddf9c7c10202946d5b19409efbdff744fba88", "https://git.kernel.org/stable/c/25cf414b0610fea29d8e045f315648d9007c9a46", "https://lore.kernel.org/linux-cve-announce/2025022634-CVE-2022-49303-58f0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49303", "https://www.cve.org/CVERecord?id=CVE-2022-49303" ], "PublishedDate": "2025-02-26T07:01:07.123Z", "LastModifiedDate": "2025-10-01T20:16:03.543Z" }, { "VulnerabilityID": "CVE-2022-49306", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49306", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:348323b4146c113cdf23f406e4c8610c32d97c965539048dc051f77019481954", "Title": "kernel: usb: dwc3: host: Stop setting the ACPI companion", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: host: Stop setting the ACPI companion\n\nIt is no longer needed. The sysdev pointer is now used when\nassigning the ACPI companions to the xHCI ports and USB\ndevices.\n\nAssigning the ACPI companion here resulted in the\nfwnode-\u003esecondary pointer to be replaced also for the parent\ndwc3 device since the primary fwnode (the ACPI companion)\nwas shared. That was unintentional and it created potential\nside effects like resource leaks.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49306", "https://git.kernel.org/linus/7fd069d65da2e20b1caec3b7bcf9dfbe28c04bb2 (5.19-rc1)", "https://git.kernel.org/stable/c/7fd069d65da2e20b1caec3b7bcf9dfbe28c04bb2", "https://git.kernel.org/stable/c/9c185fde906a48368bd2d2a8c17d4b6fb3d670af", "https://git.kernel.org/stable/c/d7f35934f7ab67bfd9adabc84207e59da9c19108", "https://lore.kernel.org/linux-cve-announce/2025022635-CVE-2022-49306-a115@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49306", "https://www.cve.org/CVERecord?id=CVE-2022-49306" ], "PublishedDate": "2025-02-26T07:01:07.413Z", "LastModifiedDate": "2025-10-21T11:45:22.003Z" }, { "VulnerabilityID": "CVE-2022-49317", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49317", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f978e65597651f7036c7f2bb91bcfb12caa946884f8169b20760bd6c83903f88", "Title": "kernel: f2fs: avoid infinite loop to flush node pages", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: avoid infinite loop to flush node pages\n\nxfstests/generic/475 can give EIO all the time which give an infinite loop\nto flush node page like below. Let's avoid it.\n\n[16418.518551] Call Trace:\n[16418.518553] ? dm_submit_bio+0x48/0x400\n[16418.518574] ? submit_bio_checks+0x1ac/0x5a0\n[16418.525207] __submit_bio+0x1a9/0x230\n[16418.525210] ? kmem_cache_alloc+0x29e/0x3c0\n[16418.525223] submit_bio_noacct+0xa8/0x2b0\n[16418.525226] submit_bio+0x4d/0x130\n[16418.525238] __submit_bio+0x49/0x310 [f2fs]\n[16418.525339] ? bio_add_page+0x6a/0x90\n[16418.525344] f2fs_submit_page_bio+0x134/0x1f0 [f2fs]\n[16418.525365] read_node_page+0x125/0x1b0 [f2fs]\n[16418.525388] __get_node_page.part.0+0x58/0x3f0 [f2fs]\n[16418.525409] __get_node_page+0x2f/0x60 [f2fs]\n[16418.525431] f2fs_get_dnode_of_data+0x423/0x860 [f2fs]\n[16418.525452] ? asm_sysvec_apic_timer_interrupt+0x12/0x20\n[16418.525458] ? __mod_memcg_state.part.0+0x2a/0x30\n[16418.525465] ? __mod_memcg_lruvec_state+0x27/0x40\n[16418.525467] ? __xa_set_mark+0x57/0x70\n[16418.525472] f2fs_do_write_data_page+0x10e/0x7b0 [f2fs]\n[16418.525493] f2fs_write_single_data_page+0x555/0x830 [f2fs]\n[16418.525514] ? sysvec_apic_timer_interrupt+0x4e/0x90\n[16418.525518] ? asm_sysvec_apic_timer_interrupt+0x12/0x20\n[16418.525523] f2fs_write_cache_pages+0x303/0x880 [f2fs]\n[16418.525545] ? blk_flush_plug_list+0x47/0x100\n[16418.525548] f2fs_write_data_pages+0xfd/0x320 [f2fs]\n[16418.525569] do_writepages+0xd5/0x210\n[16418.525648] filemap_fdatawrite_wbc+0x7d/0xc0\n[16418.525655] filemap_fdatawrite+0x50/0x70\n[16418.525658] f2fs_sync_dirty_inodes+0xa4/0x230 [f2fs]\n[16418.525679] f2fs_write_checkpoint+0x16d/0x1720 [f2fs]\n[16418.525699] ? ttwu_do_wakeup+0x1c/0x160\n[16418.525709] ? ttwu_do_activate+0x6d/0xd0\n[16418.525711] ? __wait_for_common+0x11d/0x150\n[16418.525715] kill_f2fs_super+0xca/0x100 [f2fs]\n[16418.525733] deactivate_locked_super+0x3b/0xb0\n[16418.525739] deactivate_super+0x40/0x50\n[16418.525741] cleanup_mnt+0x139/0x190\n[16418.525747] __cleanup_mnt+0x12/0x20\n[16418.525749] task_work_run+0x6d/0xa0\n[16418.525765] exit_to_user_mode_prepare+0x1ad/0x1b0\n[16418.525771] syscall_exit_to_user_mode+0x27/0x50\n[16418.525774] do_syscall_64+0x48/0xc0\n[16418.525776] entry_SYSCALL_64_after_hwframe+0x44/0xae", "Severity": "MEDIUM", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49317", "https://git.kernel.org/linus/a7b8618aa2f0f926ce85f2486ac835a85c753ca7 (5.19-rc1)", "https://git.kernel.org/stable/c/a7b8618aa2f0f926ce85f2486ac835a85c753ca7", "https://git.kernel.org/stable/c/bd47ea5d776d8b524fb6f60de3240f95603901dd", "https://lore.kernel.org/linux-cve-announce/2025022637-CVE-2022-49317-0b90@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49317", "https://www.cve.org/CVERecord?id=CVE-2022-49317" ], "PublishedDate": "2025-02-26T07:01:08.567Z", "LastModifiedDate": "2025-10-01T20:16:06.733Z" }, { "VulnerabilityID": "CVE-2022-49333", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49333", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8ac114e6e229ca917bc8c67166764f6075427076be3043b2aeae4c4f7aa24639", "Title": "kernel: net/mlx5: E-Switch, pair only capable devices", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: E-Switch, pair only capable devices\n\nOFFLOADS paring using devcom is possible only on devices\nthat support LAG. Filter based on lag capabilities.\n\nThis fixes an issue where mlx5_get_next_phys_dev() was\ncalled without holding the interface lock.\n\nThis issue was found when commit\nbc4c2f2e0179 (\"net/mlx5: Lag, filter non compatible devices\")\nadded an assert that verifies the interface lock is held.\n\nWARNING: CPU: 9 PID: 1706 at drivers/net/ethernet/mellanox/mlx5/core/dev.c:642 mlx5_get_next_phys_dev+0xd2/0x100 [mlx5_core]\nModules linked in: mlx5_vdpa vringh vhost_iotlb vdpa mlx5_ib mlx5_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_umad ib_ipoib ib_cm ib_uverbs ib_core overlay fuse [last unloaded: mlx5_core]\nCPU: 9 PID: 1706 Comm: devlink Not tainted 5.18.0-rc7+ #11\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:mlx5_get_next_phys_dev+0xd2/0x100 [mlx5_core]\nCode: 02 00 75 48 48 8b 85 80 04 00 00 5d c3 31 c0 5d c3 be ff ff ff ff 48 c7 c7 08 41 5b a0 e8 36 87 28 e3 85 c0 0f 85 6f ff ff ff \u003c0f\u003e 0b e9 68 ff ff ff 48 c7 c7 0c 91 cc 84 e8 cb 36 6f e1 e9 4d ff\nRSP: 0018:ffff88811bf47458 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88811b398000 RCX: 0000000000000001\nRDX: 0000000080000000 RSI: ffffffffa05b4108 RDI: ffff88812daaaa78\nRBP: ffff88812d050380 R08: 0000000000000001 R09: ffff88811d6b3437\nR10: 0000000000000001 R11: 00000000fddd3581 R12: ffff88815238c000\nR13: ffff88812d050380 R14: ffff8881018aa7e0 R15: ffff88811d6b3428\nFS: 00007fc82e18ae80(0000) GS:ffff88842e080000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f9630d1b421 CR3: 0000000149802004 CR4: 0000000000370ea0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n mlx5_esw_offloads_devcom_event+0x99/0x3b0 [mlx5_core]\n mlx5_devcom_send_event+0x167/0x1d0 [mlx5_core]\n esw_offloads_enable+0x1153/0x1500 [mlx5_core]\n ? mlx5_esw_offloads_controller_valid+0x170/0x170 [mlx5_core]\n ? wait_for_completion_io_timeout+0x20/0x20\n ? mlx5_rescan_drivers_locked+0x318/0x810 [mlx5_core]\n mlx5_eswitch_enable_locked+0x586/0xc50 [mlx5_core]\n ? mlx5_eswitch_disable_pf_vf_vports+0x1d0/0x1d0 [mlx5_core]\n ? mlx5_esw_try_lock+0x1b/0xb0 [mlx5_core]\n ? mlx5_eswitch_enable+0x270/0x270 [mlx5_core]\n ? __debugfs_create_file+0x260/0x3e0\n mlx5_devlink_eswitch_mode_set+0x27e/0x870 [mlx5_core]\n ? mutex_lock_io_nested+0x12c0/0x12c0\n ? esw_offloads_disable+0x250/0x250 [mlx5_core]\n ? devlink_nl_cmd_trap_get_dumpit+0x470/0x470\n ? rcu_read_lock_sched_held+0x3f/0x70\n devlink_nl_cmd_eswitch_set_doit+0x217/0x620", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49333", "https://git.kernel.org/linus/3008e6a0049361e731b803c60fe8f3ab44e1d73f (5.19-rc2)", "https://git.kernel.org/stable/c/0cef0b7eb044bb8cfdaff4c1db55a8fd442f6bc9", "https://git.kernel.org/stable/c/3008e6a0049361e731b803c60fe8f3ab44e1d73f", "https://git.kernel.org/stable/c/cdbcdddb8076a09aa6ddaf20fd911fc787dca0e5", "https://lore.kernel.org/linux-cve-announce/2025022639-CVE-2022-49333-8ae3@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49333", "https://www.cve.org/CVERecord?id=CVE-2022-49333" ], "PublishedDate": "2025-02-26T07:01:10.09Z", "LastModifiedDate": "2025-10-21T12:19:07.81Z" }, { "VulnerabilityID": "CVE-2022-49342", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49342", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d182f2fb4dc788c29c93771cd64926993ab7e14de152e68141aa3ce28cf3a626", "Title": "kernel: net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register\n\nof_get_child_by_name() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49342", "https://git.kernel.org/linus/b8d91399775c55162073bb2aca061ec42e3d4bc1 (5.19-rc2)", "https://git.kernel.org/stable/c/7fb1fe7d9a167205413f1de8db9f7d0f82c78286", "https://git.kernel.org/stable/c/b51996e35bbfcc7a27d94dfeed5cc2429b2c0df4", "https://git.kernel.org/stable/c/b8d91399775c55162073bb2aca061ec42e3d4bc1", "https://lore.kernel.org/linux-cve-announce/2025022641-CVE-2022-49342-1ad0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49342", "https://www.cve.org/CVERecord?id=CVE-2022-49342" ], "PublishedDate": "2025-02-26T07:01:10.953Z", "LastModifiedDate": "2025-10-01T20:16:10.8Z" }, { "VulnerabilityID": "CVE-2022-49359", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49359", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f97650c635e720f48dd19b38690a3d3d5c074ebcc0624eb6008c0340ba083654", "Title": "kernel: drm/panfrost: Job should reference MMU not file_priv", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/panfrost: Job should reference MMU not file_priv\n\nFor a while now it's been allowed for a MMU context to outlive it's\ncorresponding panfrost_priv, however the job structure still references\npanfrost_priv to get hold of the MMU context. If panfrost_priv has been\nfreed this is a use-after-free which I've been able to trigger resulting\nin a splat.\n\nTo fix this, drop the reference to panfrost_priv in the job structure\nand add a direct reference to the MMU structure which is what's actually\nneeded.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "redhat": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49359", "https://git.kernel.org/linus/6e516faf04317db2c46cbec4e3b78b4653a5b109 (5.19-rc2)", "https://git.kernel.org/stable/c/472dd7ea5e19a1aeabf1711ddc756777e05ee7c2", "https://git.kernel.org/stable/c/6e516faf04317db2c46cbec4e3b78b4653a5b109", "https://git.kernel.org/stable/c/8c8e8cc91a6ffc79865108279a74fd57d9070a17", "https://lore.kernel.org/linux-cve-announce/2025022644-CVE-2022-49359-f054@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49359", "https://www.cve.org/CVERecord?id=CVE-2022-49359" ], "PublishedDate": "2025-02-26T07:01:12.583Z", "LastModifiedDate": "2025-03-25T14:51:30.127Z" }, { "VulnerabilityID": "CVE-2022-49393", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49393", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ca36c8a484cbbff72696fe2a2122040c3244ded8bafb46a662b76cab43706170", "Title": "kernel: misc: fastrpc: fix list iterator in fastrpc_req_mem_unmap_impl", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: fix list iterator in fastrpc_req_mem_unmap_impl\n\nThis is another instance of incorrect use of list iterator and\nchecking it for NULL.\n\nThe list iterator value 'map' will *always* be set and non-NULL\nby list_for_each_entry(), so it is incorrect to assume that the\niterator value will be NULL if the list is empty (in this case, the\ncheck 'if (!map) {' will always be false and never exit as expected).\n\nTo fix the bug, use a new variable 'iter' as the list iterator,\nwhile use the original variable 'map' as a dedicated pointer to\npoint to the found element.\n\nWithout this patch, Kernel crashes with below trace:\n\nUnable to handle kernel access to user memory outside uaccess routines\n at virtual address 0000ffff7fb03750\n...\nCall trace:\n fastrpc_map_create+0x70/0x290 [fastrpc]\n fastrpc_req_mem_map+0xf0/0x2dc [fastrpc]\n fastrpc_device_ioctl+0x138/0xc60 [fastrpc]\n __arm64_sys_ioctl+0xa8/0xec\n invoke_syscall+0x48/0x114\n el0_svc_common.constprop.0+0xd4/0xfc\n do_el0_svc+0x28/0x90\n el0_svc+0x3c/0x130\n el0t_64_sync_handler+0xa4/0x130\n el0t_64_sync+0x18c/0x190\nCode: 14000016 f94000a5 eb05029f 54000260 (b94018a6)\n---[ end trace 0000000000000000 ]---", "Severity": "MEDIUM", "CweIDs": [ "CWE-670" ], "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49393", "https://git.kernel.org/linus/c5c07c5958cf0c9af6e76813e6de15d42ee49822 (5.19-rc1)", "https://git.kernel.org/stable/c/2d12905aad462383f4e7a5fdb024d2b7ae2d10cf", "https://git.kernel.org/stable/c/c5c07c5958cf0c9af6e76813e6de15d42ee49822", "https://lore.kernel.org/linux-cve-announce/2025022649-CVE-2022-49393-dd81@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49393", "https://www.cve.org/CVERecord?id=CVE-2022-49393" ], "PublishedDate": "2025-02-26T07:01:15.89Z", "LastModifiedDate": "2025-09-22T19:46:54.023Z" }, { "VulnerabilityID": "CVE-2022-49401", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49401", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c1e29c38d611f38d2e9c8a3a55689d455cf2199157151941428ab2718d8985e9", "Title": "kernel: mm/page_owner: use strscpy() instead of strlcpy()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/page_owner: use strscpy() instead of strlcpy()\n\ncurrent-\u003ecomm[] is not a string (no guarantee for a zero byte in it).\n\nstrlcpy(s1, s2, l) is calling strlen(s2), potentially\ncausing out-of-bound access, as reported by syzbot:\n\ndetected buffer overflow in __fortify_strlen\n------------[ cut here ]------------\nkernel BUG at lib/string_helpers.c:980!\ninvalid opcode: 0000 [#1] PREEMPT SMP KASAN\nCPU: 0 PID: 4087 Comm: dhcpcd-run-hooks Not tainted 5.18.0-rc3-syzkaller-01537-g20b87e7c29df #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nRIP: 0010:fortify_panic+0x18/0x1a lib/string_helpers.c:980\nCode: 8c e8 c5 ba e1 fa e9 23 0f bf fa e8 0b 5d 8c f8 eb db 55 48 89 fd e8 e0 49 40 f8 48 89 ee 48 c7 c7 80 f5 26 8a e8 99 09 f1 ff \u003c0f\u003e 0b e8 ca 49 40 f8 48 8b 54 24 18 4c 89 f1 48 c7 c7 00 00 27 8a\nRSP: 0018:ffffc900000074a8 EFLAGS: 00010286\n\nRAX: 000000000000002c RBX: ffff88801226b728 RCX: 0000000000000000\nRDX: ffff8880198e0000 RSI: ffffffff81600458 RDI: fffff52000000e87\nRBP: ffffffff89da2aa0 R08: 000000000000002c R09: 0000000000000000\nR10: ffffffff815fae2e R11: 0000000000000000 R12: ffff88801226b700\nR13: ffff8880198e0830 R14: 0000000000000000 R15: 0000000000000000\nFS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f5876ad6ff8 CR3: 000000001a48c000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600\nCall Trace:\n \u003cIRQ\u003e\n __fortify_strlen include/linux/fortify-string.h:128 [inline]\n strlcpy include/linux/fortify-string.h:143 [inline]\n __set_page_owner_handle+0x2b1/0x3e0 mm/page_owner.c:171\n __set_page_owner+0x3e/0x50 mm/page_owner.c:190\n prep_new_page mm/page_alloc.c:2441 [inline]\n get_page_from_freelist+0xba2/0x3e00 mm/page_alloc.c:4182\n __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5408\n alloc_pages+0x1aa/0x310 mm/mempolicy.c:2272\n alloc_slab_page mm/slub.c:1799 [inline]\n allocate_slab+0x26c/0x3c0 mm/slub.c:1944\n new_slab mm/slub.c:2004 [inline]\n ___slab_alloc+0x8df/0xf20 mm/slub.c:3005\n __slab_alloc.constprop.0+0x4d/0xa0 mm/slub.c:3092\n slab_alloc_node mm/slub.c:3183 [inline]\n slab_alloc mm/slub.c:3225 [inline]\n __kmem_cache_alloc_lru mm/slub.c:3232 [inline]\n kmem_cache_alloc+0x360/0x3b0 mm/slub.c:3242\n dst_alloc+0x146/0x1f0 net/core/dst.c:92", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49401", "https://git.kernel.org/linus/cd8c1fd8cdd14158f2d8bea2d1bfe8015dccfa3a (5.19-rc1)", "https://git.kernel.org/stable/c/5cd9900a1ac8b0a4ff3cd97d4d77b7711be435bf", "https://git.kernel.org/stable/c/cd8c1fd8cdd14158f2d8bea2d1bfe8015dccfa3a", "https://lore.kernel.org/linux-cve-announce/2025022651-CVE-2022-49401-2fa3@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49401", "https://www.cve.org/CVERecord?id=CVE-2022-49401" ], "PublishedDate": "2025-02-26T07:01:16.66Z", "LastModifiedDate": "2025-09-22T19:57:51.84Z" }, { "VulnerabilityID": "CVE-2022-49420", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49420", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f6d034edd0bcbf2efc527c7d614bd63c3615222b0c0b7b08df78530bf45bc90d", "Title": "kernel: net: annotate races around sk-\u003esk_bound_dev_if", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: annotate races around sk-\u003esk_bound_dev_if\n\nUDP sendmsg() is lockless, and reads sk-\u003esk_bound_dev_if while\nthis field can be changed by another thread.\n\nAdds minimal annotations to avoid KCSAN splats for UDP.\nFollowing patches will add more annotations to potential lockless readers.\n\nBUG: KCSAN: data-race in __ip6_datagram_connect / udpv6_sendmsg\n\nwrite to 0xffff888136d47a94 of 4 bytes by task 7681 on cpu 0:\n __ip6_datagram_connect+0x6e2/0x930 net/ipv6/datagram.c:221\n ip6_datagram_connect+0x2a/0x40 net/ipv6/datagram.c:272\n inet_dgram_connect+0x107/0x190 net/ipv4/af_inet.c:576\n __sys_connect_file net/socket.c:1900 [inline]\n __sys_connect+0x197/0x1b0 net/socket.c:1917\n __do_sys_connect net/socket.c:1927 [inline]\n __se_sys_connect net/socket.c:1924 [inline]\n __x64_sys_connect+0x3d/0x50 net/socket.c:1924\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x2b/0x50 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nread to 0xffff888136d47a94 of 4 bytes by task 7670 on cpu 1:\n udpv6_sendmsg+0xc60/0x16e0 net/ipv6/udp.c:1436\n inet6_sendmsg+0x5f/0x80 net/ipv6/af_inet6.c:652\n sock_sendmsg_nosec net/socket.c:705 [inline]\n sock_sendmsg net/socket.c:725 [inline]\n ____sys_sendmsg+0x39a/0x510 net/socket.c:2413\n ___sys_sendmsg net/socket.c:2467 [inline]\n __sys_sendmmsg+0x267/0x4c0 net/socket.c:2553\n __do_sys_sendmmsg net/socket.c:2582 [inline]\n __se_sys_sendmmsg net/socket.c:2579 [inline]\n __x64_sys_sendmmsg+0x53/0x60 net/socket.c:2579\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x2b/0x50 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nvalue changed: 0x00000000 -\u003e 0xffffff9b\n\nReported by Kernel Concurrency Sanitizer on:\nCPU: 1 PID: 7670 Comm: syz-executor.3 Tainted: G W 5.18.0-rc1-syzkaller-dirty #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\n\nI chose to not add Fixes: tag because race has minor consequences\nand stable teams busy enough.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49420", "https://git.kernel.org/linus/4c971d2f3548e4f11b1460ac048f5307e4b39fdb (5.19-rc1)", "https://git.kernel.org/stable/c/20b2f61797873a2b18b5ff1a304ad2674fa1e0a5", "https://git.kernel.org/stable/c/4c971d2f3548e4f11b1460ac048f5307e4b39fdb", "https://lore.kernel.org/linux-cve-announce/2025022654-CVE-2022-49420-2ad4@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49420", "https://www.cve.org/CVERecord?id=CVE-2022-49420" ], "PublishedDate": "2025-02-26T07:01:18.44Z", "LastModifiedDate": "2025-10-21T12:13:56.75Z" }, { "VulnerabilityID": "CVE-2022-49465", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49465", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1f1b9f9445c6cb14230639ba5974b55f7eb06af487a4a30401bb212121a5e148", "Title": "kernel: blk-throttle: Set BIO_THROTTLED when bio has been throttled", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-throttle: Set BIO_THROTTLED when bio has been throttled\n\n1.In current process, all bio will set the BIO_THROTTLED flag\nafter __blk_throtl_bio().\n\n2.If bio needs to be throttled, it will start the timer and\nstop submit bio directly. Bio will submit in\nblk_throtl_dispatch_work_fn() when the timer expires.But in\nthe current process, if bio is throttled. The BIO_THROTTLED\nwill be set to bio after timer start. If the bio has been\ncompleted, it may cause use-after-free blow.\n\nBUG: KASAN: use-after-free in blk_throtl_bio+0x12f0/0x2c70\nRead of size 2 at addr ffff88801b8902d4 by task fio/26380\n\n dump_stack+0x9b/0xce\n print_address_description.constprop.6+0x3e/0x60\n kasan_report.cold.9+0x22/0x3a\n blk_throtl_bio+0x12f0/0x2c70\n submit_bio_checks+0x701/0x1550\n submit_bio_noacct+0x83/0xc80\n submit_bio+0xa7/0x330\n mpage_readahead+0x380/0x500\n read_pages+0x1c1/0xbf0\n page_cache_ra_unbounded+0x471/0x6f0\n do_page_cache_ra+0xda/0x110\n ondemand_readahead+0x442/0xae0\n page_cache_async_ra+0x210/0x300\n generic_file_buffered_read+0x4d9/0x2130\n generic_file_read_iter+0x315/0x490\n blkdev_read_iter+0x113/0x1b0\n aio_read+0x2ad/0x450\n io_submit_one+0xc8e/0x1d60\n __se_sys_io_submit+0x125/0x350\n do_syscall_64+0x2d/0x40\n entry_SYSCALL_64_after_hwframe+0x44/0xa9\n\nAllocated by task 26380:\n kasan_save_stack+0x19/0x40\n __kasan_kmalloc.constprop.2+0xc1/0xd0\n kmem_cache_alloc+0x146/0x440\n mempool_alloc+0x125/0x2f0\n bio_alloc_bioset+0x353/0x590\n mpage_alloc+0x3b/0x240\n do_mpage_readpage+0xddf/0x1ef0\n mpage_readahead+0x264/0x500\n read_pages+0x1c1/0xbf0\n page_cache_ra_unbounded+0x471/0x6f0\n do_page_cache_ra+0xda/0x110\n ondemand_readahead+0x442/0xae0\n page_cache_async_ra+0x210/0x300\n generic_file_buffered_read+0x4d9/0x2130\n generic_file_read_iter+0x315/0x490\n blkdev_read_iter+0x113/0x1b0\n aio_read+0x2ad/0x450\n io_submit_one+0xc8e/0x1d60\n __se_sys_io_submit+0x125/0x350\n do_syscall_64+0x2d/0x40\n entry_SYSCALL_64_after_hwframe+0x44/0xa9\n\nFreed by task 0:\n kasan_save_stack+0x19/0x40\n kasan_set_track+0x1c/0x30\n kasan_set_free_info+0x1b/0x30\n __kasan_slab_free+0x111/0x160\n kmem_cache_free+0x94/0x460\n mempool_free+0xd6/0x320\n bio_free+0xe0/0x130\n bio_put+0xab/0xe0\n bio_endio+0x3a6/0x5d0\n blk_update_request+0x590/0x1370\n scsi_end_request+0x7d/0x400\n scsi_io_completion+0x1aa/0xe50\n scsi_softirq_done+0x11b/0x240\n blk_mq_complete_request+0xd4/0x120\n scsi_mq_done+0xf0/0x200\n virtscsi_vq_done+0xbc/0x150\n vring_interrupt+0x179/0x390\n __handle_irq_event_percpu+0xf7/0x490\n handle_irq_event_percpu+0x7b/0x160\n handle_irq_event+0xcc/0x170\n handle_edge_irq+0x215/0xb20\n common_interrupt+0x60/0x120\n asm_common_interrupt+0x1e/0x40\n\nFix this by move BIO_THROTTLED set into the queue_lock.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "cbl-mariner": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "V3Score": 6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49465", "https://git.kernel.org/linus/5a011f889b4832aa80c2a872a5aade5c48d2756f (5.19-rc1)", "https://git.kernel.org/stable/c/047ea38d41d90d748bca812a43339632f52ba715", "https://git.kernel.org/stable/c/0cfc8a0fb07cde61915e4a77c4794c47de3114a4", "https://git.kernel.org/stable/c/24ba80efaf6e772f6132465fad08e20fb4767da7", "https://git.kernel.org/stable/c/5a011f889b4832aa80c2a872a5aade5c48d2756f", "https://git.kernel.org/stable/c/935fa666534d7b7185e8c6b0191cd06281be4290", "https://lore.kernel.org/linux-cve-announce/2025022601-CVE-2022-49465-c14f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49465", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2022-49465" ], "PublishedDate": "2025-02-26T07:01:22.787Z", "LastModifiedDate": "2026-01-21T16:08:09.84Z" }, { "VulnerabilityID": "CVE-2022-49469", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49469", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c068de0e6b2ec7e2553a69e025fcca8201ac781af80a1b92ff667e27eac2478b", "Title": "kernel: btrfs: fix anon_dev leak in create_subvol()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix anon_dev leak in create_subvol()\n\nWhen btrfs_qgroup_inherit(), btrfs_alloc_tree_block, or\nbtrfs_insert_root() fail in create_subvol(), we return without freeing\nanon_dev. Reorganize the error handling in create_subvol() to fix this.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 2.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49469", "https://git.kernel.org/linus/2256e901f5bddc56e24089c96f27b77da932dfcc (5.19-rc1)", "https://git.kernel.org/stable/c/2256e901f5bddc56e24089c96f27b77da932dfcc", "https://git.kernel.org/stable/c/7a875ad8706f0903a0e812e0dd701956ee9826ff", "https://git.kernel.org/stable/c/d887b3de318834f9aa637ecf79c6bc66cba7c69a", "https://lore.kernel.org/linux-cve-announce/2025022602-CVE-2022-49469-8006@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49469", "https://www.cve.org/CVERecord?id=CVE-2022-49469" ], "PublishedDate": "2025-02-26T07:01:23.157Z", "LastModifiedDate": "2025-10-22T17:22:59.173Z" }, { "VulnerabilityID": "CVE-2022-49471", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49471", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:102890e28b0c616de52223c46bb456c65677488512a19ffdcd1cd51b9c5437c1", "Title": "kernel: rtw89: cfo: check mac_id to avoid out-of-bounds", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtw89: cfo: check mac_id to avoid out-of-bounds\n\nSomehow, hardware reports incorrect mac_id and pollute memory. Check index\nbefore we access the array.\n\n UBSAN: array-index-out-of-bounds in rtw89/phy.c:2517:23\n index 188 is out of range for type 's32 [64]'\n CPU: 1 PID: 51550 Comm: irq/35-rtw89_pc Tainted: G OE\n Call Trace:\n \u003cIRQ\u003e\n show_stack+0x52/0x58\n dump_stack_lvl+0x4c/0x63\n dump_stack+0x10/0x12\n ubsan_epilogue+0x9/0x45\n __ubsan_handle_out_of_bounds.cold+0x44/0x49\n ? __alloc_skb+0x92/0x1d0\n rtw89_phy_cfo_parse+0x44/0x7f [rtw89_core]\n rtw89_core_rx+0x261/0x871 [rtw89_core]\n ? __alloc_skb+0xee/0x1d0\n rtw89_pci_napi_poll+0x3fa/0x4ea [rtw89_pci]\n __napi_poll+0x33/0x1a0\n net_rx_action+0x126/0x260\n ? __queue_work+0x217/0x4c0\n __do_softirq+0xd9/0x315\n ? disable_irq_nosync+0x10/0x10\n do_softirq.part.0+0x6d/0x90\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n __local_bh_enable_ip+0x62/0x70\n rtw89_pci_interrupt_threadfn+0x182/0x1a6 [rtw89_pci]\n irq_thread_fn+0x28/0x60\n irq_thread+0xc8/0x190\n ? irq_thread_fn+0x60/0x60\n kthread+0x16b/0x190\n ? irq_thread_check_affinity+0xe0/0xe0\n ? set_kthread_struct+0x50/0x50\n ret_from_fork+0x22/0x30\n \u003c/TASK\u003e", "Severity": "MEDIUM", "CweIDs": [ "CWE-129" ], "VendorSeverity": { "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49471", "https://git.kernel.org/linus/97df85871a5b187609d30fca6d85b912d9e02f29 (5.19-rc1)", "https://git.kernel.org/stable/c/03ed236480aeec8c2fd327a1ea6d711364c495e3", "https://git.kernel.org/stable/c/97df85871a5b187609d30fca6d85b912d9e02f29", "https://git.kernel.org/stable/c/c32fafe68298bb599e825c298e1d0ba30186f0a5", "https://lore.kernel.org/linux-cve-announce/2025022602-CVE-2022-49471-4e82@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49471", "https://www.cve.org/CVERecord?id=CVE-2022-49471" ], "PublishedDate": "2025-02-26T07:01:23.333Z", "LastModifiedDate": "2025-10-01T20:16:23.84Z" }, { "VulnerabilityID": "CVE-2022-49476", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49476", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:795ff92cf9111f012785e4c673bd8389329245e7e35932ba417505f9e9cc52a4", "Title": "kernel: mt76: mt7921: fix kernel crash at mt7921_pci_remove", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmt76: mt7921: fix kernel crash at mt7921_pci_remove\n\nThe crash log shown it is possible that mt7921_irq_handler is called while\ndevm_free_irq is being handled so mt76_free_device need to be postponed\nuntil devm_free_irq is completed to solve the crash we free the mt76 device\ntoo early.\n\n[ 9299.339655] BUG: kernel NULL pointer dereference, address: 0000000000000008\n[ 9299.339705] #PF: supervisor read access in kernel mode\n[ 9299.339735] #PF: error_code(0x0000) - not-present page\n[ 9299.339768] PGD 0 P4D 0\n[ 9299.339786] Oops: 0000 [#1] SMP PTI\n[ 9299.339812] CPU: 1 PID: 1624 Comm: prepare-suspend Not tainted 5.15.14-1.fc32.qubes.x86_64 #1\n[ 9299.339863] Hardware name: Xen HVM domU, BIOS 4.14.3 01/20/2022\n[ 9299.339901] RIP: 0010:mt7921_irq_handler+0x1e/0x70 [mt7921e]\n[ 9299.340048] RSP: 0018:ffffa81b80c27cb0 EFLAGS: 00010082\n[ 9299.340081] RAX: 0000000000000000 RBX: ffff98a4cb752020 RCX: ffffffffa96211c5\n[ 9299.340123] RDX: 0000000000000000 RSI: 00000000000d4204 RDI: ffff98a4cb752020\n[ 9299.340165] RBP: ffff98a4c28a62a4 R08: ffff98a4c37a96c0 R09: 0000000080150011\n[ 9299.340207] R10: 0000000040000000 R11: 0000000000000000 R12: ffff98a4c4eaa080\n[ 9299.340249] R13: ffff98a4c28a6360 R14: ffff98a4cb752020 R15: ffff98a4c28a6228\n[ 9299.340297] FS: 00007260840d3740(0000) GS:ffff98a4ef700000(0000) knlGS:0000000000000000\n[ 9299.340345] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 9299.340383] CR2: 0000000000000008 CR3: 0000000004c56001 CR4: 0000000000770ee0\n[ 9299.340432] PKRU: 55555554\n[ 9299.340449] Call Trace:\n[ 9299.340467] \u003cTASK\u003e\n[ 9299.340485] __free_irq+0x221/0x350\n[ 9299.340527] free_irq+0x30/0x70\n[ 9299.340553] devm_free_irq+0x55/0x80\n[ 9299.340579] mt7921_pci_remove+0x2f/0x40 [mt7921e]\n[ 9299.340616] pci_device_remove+0x3b/0xa0\n[ 9299.340651] __device_release_driver+0x17a/0x240\n[ 9299.340686] device_driver_detach+0x3c/0xa0\n[ 9299.340714] unbind_store+0x113/0x130\n[ 9299.340740] kernfs_fop_write_iter+0x124/0x1b0\n[ 9299.340775] new_sync_write+0x15c/0x1f0\n[ 9299.340806] vfs_write+0x1d2/0x270\n[ 9299.340831] ksys_write+0x67/0xe0\n[ 9299.340857] do_syscall_64+0x3b/0x90\n[ 9299.340887] entry_SYSCALL_64_after_hwframe+0x44/0xae", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49476", "https://git.kernel.org/linus/ad483ed9dd5193a54293269c852a29051813b7bd (5.19-rc1)", "https://git.kernel.org/stable/c/09693f5b636fb3f6dd56fd943226fc1bbc600b51", "https://git.kernel.org/stable/c/677e669973bf5460705bc65033445ea9f6615999", "https://git.kernel.org/stable/c/ad483ed9dd5193a54293269c852a29051813b7bd", "https://lore.kernel.org/linux-cve-announce/2025022603-CVE-2022-49476-1946@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49476", "https://www.cve.org/CVERecord?id=CVE-2022-49476" ], "PublishedDate": "2025-02-26T07:01:23.8Z", "LastModifiedDate": "2025-10-01T20:16:26.823Z" }, { "VulnerabilityID": "CVE-2022-49484", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49484", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ef37e312e7e9c5c4bc215df9b9274270bd5b969c11c738148b948edb2bcdd895", "Title": "kernel: mt76: mt7915: fix possible NULL pointer dereference in mt7915_mac_fill_rx_vector", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmt76: mt7915: fix possible NULL pointer dereference in mt7915_mac_fill_rx_vector\n\nFix possible NULL pointer dereference in mt7915_mac_fill_rx_vector\nroutine if the chip does not support dbdc and the hw reports band_idx\nset to 1.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49484", "https://git.kernel.org/linus/62fdc974894eec80d678523458cf99bbdb887e22 (5.19-rc1)", "https://git.kernel.org/stable/c/268e8ef187eb8780d021b0e4f5ffa92dee5c4983", "https://git.kernel.org/stable/c/62fdc974894eec80d678523458cf99bbdb887e22", "https://lore.kernel.org/linux-cve-announce/2025022605-CVE-2022-49484-4983@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49484", "https://www.cve.org/CVERecord?id=CVE-2022-49484" ], "PublishedDate": "2025-02-26T07:01:24.62Z", "LastModifiedDate": "2025-10-01T20:16:28.617Z" }, { "VulnerabilityID": "CVE-2022-49496", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49496", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:fffa03cf54a49b8c5f7a826ce7ceb2116ecdd2f81383b9de3fc9e819ca567359", "Title": "kernel: media: mediatek: vcodec: prevent kernel crash when rmmod mtk-vcodec-dec.ko", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: prevent kernel crash when rmmod mtk-vcodec-dec.ko\n\nIf the driver support subdev mode, the parameter \"dev-\u003epm.dev\" will be\nNULL in mtk_vcodec_dec_remove. Kernel will crash when try to rmmod\nmtk-vcodec-dec.ko.\n\n[ 4380.702726] pc : do_raw_spin_trylock+0x4/0x80\n[ 4380.707075] lr : _raw_spin_lock_irq+0x90/0x14c\n[ 4380.711509] sp : ffff80000819bc10\n[ 4380.714811] x29: ffff80000819bc10 x28: ffff3600c03e4000 x27: 0000000000000000\n[ 4380.721934] x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\n[ 4380.729057] x23: ffff3600c0f34930 x22: ffffd5e923549000 x21: 0000000000000220\n[ 4380.736179] x20: 0000000000000208 x19: ffffd5e9213e8ebc x18: 0000000000000020\n[ 4380.743298] x17: 0000002000000000 x16: ffffd5e9213e8e90 x15: 696c346f65646976\n[ 4380.750420] x14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000040\n[ 4380.757542] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\n[ 4380.764664] x8 : 0000000000000000 x7 : ffff3600c7273ae8 x6 : ffffd5e9213e8ebc\n[ 4380.771786] x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000\n[ 4380.778908] x2 : 0000000000000000 x1 : ffff3600c03e4000 x0 : 0000000000000208\n[ 4380.786031] Call trace:\n[ 4380.788465] do_raw_spin_trylock+0x4/0x80\n[ 4380.792462] __pm_runtime_disable+0x2c/0x1b0\n[ 4380.796723] mtk_vcodec_dec_remove+0x5c/0xa0 [mtk_vcodec_dec]\n[ 4380.802466] platform_remove+0x2c/0x60\n[ 4380.806204] __device_release_driver+0x194/0x250\n[ 4380.810810] driver_detach+0xc8/0x15c\n[ 4380.814462] bus_remove_driver+0x5c/0xb0\n[ 4380.818375] driver_unregister+0x34/0x64\n[ 4380.822288] platform_driver_unregister+0x18/0x24\n[ 4380.826979] mtk_vcodec_dec_driver_exit+0x1c/0x888 [mtk_vcodec_dec]\n[ 4380.833240] __arm64_sys_delete_module+0x190/0x224\n[ 4380.838020] invoke_syscall+0x48/0x114\n[ 4380.841760] el0_svc_common.constprop.0+0x60/0x11c\n[ 4380.846540] do_el0_svc+0x28/0x90\n[ 4380.849844] el0_svc+0x4c/0x100\n[ 4380.852975] el0t_64_sync_handler+0xec/0xf0\n[ 4380.857148] el0t_64_sync+0x190/0x194\n[ 4380.860801] Code: 94431515 17ffffca d503201f d503245f (b9400004)", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49496", "https://git.kernel.org/linus/c10c0086db688c95bb4e0e378e523818dff1551d (5.19-rc1)", "https://git.kernel.org/stable/c/1fa37b00dc55a061a3eb82e378849862b4aeca9d", "https://git.kernel.org/stable/c/c10c0086db688c95bb4e0e378e523818dff1551d", "https://lore.kernel.org/linux-cve-announce/2025022607-CVE-2022-49496-a532@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49496", "https://www.cve.org/CVERecord?id=CVE-2022-49496" ], "PublishedDate": "2025-02-26T07:01:25.8Z", "LastModifiedDate": "2025-10-01T20:16:30.46Z" }, { "VulnerabilityID": "CVE-2022-49504", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49504", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c4c657033399971b697746c8c94d3940817246003af8d28e5dfd293e008d4114", "Title": "kernel: scsi: lpfc: Inhibit aborts if external loopback plug is inserted", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Inhibit aborts if external loopback plug is inserted\n\nAfter running a short external loopback test, when the external loopback is\nremoved and a normal cable inserted that is directly connected to a target\ndevice, the system oops in the llpfc_set_rrq_active() routine.\n\nWhen the loopback was inserted an FLOGI was transmit. As we're looped back,\nwe receive the FLOGI request. The FLOGI is ABTS'd as we recognize the same\nwppn thus understand it's a loopback. However, as the ABTS sends address\ninformation the port is not set to (fffffe), the ABTS is dropped on the\nwire. A short 1 frame loopback test is run and completes before the ABTS\ntimes out. The looback is unplugged and the new cable plugged in, and the\nan FLOGI to the new device occurs and completes. Due to a mixup in ref\ncounting the completion of the new FLOGI releases the fabric ndlp. Then the\noriginal ABTS completes and references the released ndlp generating the\noops.\n\nCorrect by no-op'ing the ABTS when in loopback mode (it will be dropped\nanyway). Added a flag to track the mode to recognize when it should be\nno-op'd.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49504", "https://git.kernel.org/linus/ead76d4c09b89f4c8d632648026a476a5a34fde8 (5.19-rc1)", "https://git.kernel.org/stable/c/a1516930cb605caee3bc7b4f3b7994b88c0b8505", "https://git.kernel.org/stable/c/ead76d4c09b89f4c8d632648026a476a5a34fde8", "https://lore.kernel.org/linux-cve-announce/2025022608-CVE-2022-49504-9b25@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49504", "https://www.cve.org/CVERecord?id=CVE-2022-49504" ], "PublishedDate": "2025-02-26T07:01:26.543Z", "LastModifiedDate": "2025-10-21T12:09:27.027Z" }, { "VulnerabilityID": "CVE-2022-49516", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49516", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e1e4063058c9065c1a6d039893d4b693b87cfd860f396cbdaf77971a188bada0", "Title": "kernel: ice: always check VF VSI pointer values", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: always check VF VSI pointer values\n\nThe ice_get_vf_vsi function can return NULL in some cases, such as if\nhandling messages during a reset where the VSI is being removed and\nrecreated.\n\nSeveral places throughout the driver do not bother to check whether this\nVSI pointer is valid. Static analysis tools maybe report issues because\nthey detect paths where a potentially NULL pointer could be dereferenced.\n\nFix this by checking the return value of ice_get_vf_vsi everywhere.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49516", "https://git.kernel.org/linus/baeb705fd6a7245cc1fa69ed991a9cffdf44a174 (5.19-rc1)", "https://git.kernel.org/stable/c/baeb705fd6a7245cc1fa69ed991a9cffdf44a174", "https://git.kernel.org/stable/c/e7be3877589d539c52e5d1d23a625f889b541b9d", "https://lore.kernel.org/linux-cve-announce/2025022610-CVE-2022-49516-2748@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49516", "https://www.cve.org/CVERecord?id=CVE-2022-49516" ], "PublishedDate": "2025-02-26T07:01:27.653Z", "LastModifiedDate": "2025-10-01T20:16:35.18Z" }, { "VulnerabilityID": "CVE-2022-49518", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49518", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:95c282430d797bbe3587ac66a064765660fc3aafe6390a8ce14d833d2a65b92b", "Title": "kernel: ASoC: SOF: ipc3-topology: Correct get_control_data for non bytes payload", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: ipc3-topology: Correct get_control_data for non bytes payload\n\nIt is possible to craft a topology where sof_get_control_data() would do\nout of bounds access because it expects that it is only called when the\npayload is bytes type.\nConfusingly it also handles other types of controls, but the payload\nparsing implementation is only valid for bytes.\n\nFix the code to count the non bytes controls and instead of storing a\npointer to sof_abi_hdr in sof_widget_data (which is only valid for bytes),\nstore the pointer to the data itself and add a new member to save the size\nof the data.\n\nIn case of non bytes controls we store the pointer to the chanv itself,\nwhich is just an array of values at the end.\n\nIn case of bytes control, drop the wrong cdata-\u003edata (wdata[i].pdata) check\nagainst NULL since it is incorrect and invalid in this context.\nThe data is pointing to the end of cdata struct, so it should never be\nnull.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49518", "https://git.kernel.org/linus/a962890a5a3cce903ff7c7a19fadee63ed9efdc7 (5.19-rc1)", "https://git.kernel.org/stable/c/896b03bb7c7010042786cfae2115083d4c241dd3", "https://git.kernel.org/stable/c/a962890a5a3cce903ff7c7a19fadee63ed9efdc7", "https://lore.kernel.org/linux-cve-announce/2025022610-CVE-2022-49518-082d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49518", "https://www.cve.org/CVERecord?id=CVE-2022-49518" ], "PublishedDate": "2025-02-26T07:01:27.837Z", "LastModifiedDate": "2025-10-21T12:07:55.643Z" }, { "VulnerabilityID": "CVE-2022-49528", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49528", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:38453641c0c49713f6b935ef7681165dc93930215d101a80819af4b866b17fa1", "Title": "kernel: media: i2c: dw9714: Disable the regulator when the driver fails to probe", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c: dw9714: Disable the regulator when the driver fails to probe\n\nWhen the driver fails to probe, we will get the following splat:\n\n[ 59.305988] ------------[ cut here ]------------\n[ 59.306417] WARNING: CPU: 2 PID: 395 at drivers/regulator/core.c:2257 _regulator_put+0x3ec/0x4e0\n[ 59.310345] RIP: 0010:_regulator_put+0x3ec/0x4e0\n[ 59.318362] Call Trace:\n[ 59.318582] \u003cTASK\u003e\n[ 59.318765] regulator_put+0x1f/0x30\n[ 59.319058] devres_release_group+0x319/0x3d0\n[ 59.319420] i2c_device_probe+0x766/0x940\n\nFix this by disabling the regulator in error handling.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49528", "https://git.kernel.org/linus/02276e18defa2fccf16413b44440277d98c2b1ea (5.19-rc1)", "https://git.kernel.org/stable/c/02276e18defa2fccf16413b44440277d98c2b1ea", "https://git.kernel.org/stable/c/fa83ea1de5b3efd87fe01408d5db1fd2ff4767fa", "https://lore.kernel.org/linux-cve-announce/2025022612-CVE-2022-49528-9957@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49528", "https://www.cve.org/CVERecord?id=CVE-2022-49528" ], "PublishedDate": "2025-02-26T07:01:28.78Z", "LastModifiedDate": "2025-10-21T12:05:31.203Z" }, { "VulnerabilityID": "CVE-2022-49529", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49529", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d3fd4a324e8d08031ecec1f08d6a2dca62d1033084e3470f790dd85a4b360ad8", "Title": "kernel: drm/amdgpu/pm: fix the null pointer while the smu is disabled", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/pm: fix the null pointer while the smu is disabled\n\nIt needs to check if the pp_funcs is initialized while release the\ncontext, otherwise it will trigger null pointer panic while the software\nsmu is not enabled.\n\n[ 1109.404555] BUG: kernel NULL pointer dereference, address: 0000000000000078\n[ 1109.404609] #PF: supervisor read access in kernel mode\n[ 1109.404638] #PF: error_code(0x0000) - not-present page\n[ 1109.404657] PGD 0 P4D 0\n[ 1109.404672] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ 1109.404701] CPU: 7 PID: 9150 Comm: amdgpu_test Tainted: G OEL 5.16.0-custom #1\n[ 1109.404732] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006\n[ 1109.404765] RIP: 0010:amdgpu_dpm_force_performance_level+0x1d/0x170 [amdgpu]\n[ 1109.405109] Code: 5d c3 44 8b a3 f0 80 00 00 eb e5 66 90 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 ec 08 4c 8b b7 f0 7d 00 00 \u003c49\u003e 83 7e 78 00 0f 84 f2 00 00 00 80 bf 87 80 00 00 00 48 89 fb 0f\n[ 1109.405176] RSP: 0018:ffffaf3083ad7c20 EFLAGS: 00010282\n[ 1109.405203] RAX: 0000000000000000 RBX: ffff9796b1c14600 RCX: 0000000002862007\n[ 1109.405229] RDX: ffff97968591c8c0 RSI: 0000000000000001 RDI: ffff9796a3700000\n[ 1109.405260] RBP: ffffaf3083ad7c50 R08: ffffffff9897de00 R09: ffff979688d9db60\n[ 1109.405286] R10: 0000000000000000 R11: ffff979688d9db90 R12: 0000000000000001\n[ 1109.405316] R13: ffff9796a3700000 R14: 0000000000000000 R15: ffff9796a3708fc0\n[ 1109.405345] FS: 00007ff055cff180(0000) GS:ffff9796bfdc0000(0000) knlGS:0000000000000000\n[ 1109.405378] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 1109.405400] CR2: 0000000000000078 CR3: 000000000a394000 CR4: 00000000000506e0\n[ 1109.405434] Call Trace:\n[ 1109.405445] \u003cTASK\u003e\n[ 1109.405456] ? delete_object_full+0x1d/0x20\n[ 1109.405480] amdgpu_ctx_set_stable_pstate+0x7c/0xa0 [amdgpu]\n[ 1109.405698] amdgpu_ctx_fini.part.0+0xcb/0x100 [amdgpu]\n[ 1109.405911] amdgpu_ctx_do_release+0x71/0x80 [amdgpu]\n[ 1109.406121] amdgpu_ctx_ioctl+0x52d/0x550 [amdgpu]\n[ 1109.406327] ? _raw_spin_unlock+0x1a/0x30\n[ 1109.406354] ? drm_gem_handle_delete+0x81/0xb0 [drm]\n[ 1109.406400] ? amdgpu_ctx_get_entity+0x2c0/0x2c0 [amdgpu]\n[ 1109.406609] drm_ioctl_kernel+0xb6/0x140 [drm]", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49529", "https://git.kernel.org/linus/eea5c7b3390c6e006ba4cbd906447dd8cea8cfbf (5.19-rc1)", "https://git.kernel.org/stable/c/49ec3441aa5e5940f3e82dd2f0205b9c856e399d", "https://git.kernel.org/stable/c/eea5c7b3390c6e006ba4cbd906447dd8cea8cfbf", "https://lore.kernel.org/linux-cve-announce/2025022612-CVE-2022-49529-39ba@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49529", "https://www.cve.org/CVERecord?id=CVE-2022-49529" ], "PublishedDate": "2025-02-26T07:01:28.873Z", "LastModifiedDate": "2025-10-01T20:16:36.583Z" }, { "VulnerabilityID": "CVE-2022-49531", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49531", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1abdc69a189c1d9fea27867a91c56ea0f3e6dd1c8d090ef1f2f30d87960f1b8a", "Title": "kernel: loop: implement -\u003efree_disk", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nloop: implement -\u003efree_disk\n\nEnsure that the lo_device which is stored in the gendisk private\ndata is valid until the gendisk is freed. Currently the loop driver\nuses a lot of effort to make sure a device is not freed when it is\nstill in use, but to to fix a potential deadlock this will be relaxed\na bit soon.", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49531", "https://git.kernel.org/linus/d2c7f56f8b5256d57f9e3fc7794c31361d43bdd9 (5.19-rc1)", "https://git.kernel.org/stable/c/aadd1443aae7fe8956e3b11157827067f034406a", "https://git.kernel.org/stable/c/d2c7f56f8b5256d57f9e3fc7794c31361d43bdd9", "https://lore.kernel.org/linux-cve-announce/2025022612-CVE-2022-49531-573a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49531", "https://www.cve.org/CVERecord?id=CVE-2022-49531" ], "PublishedDate": "2025-02-26T07:01:29.067Z", "LastModifiedDate": "2025-10-01T20:16:37.313Z" }, { "VulnerabilityID": "CVE-2022-49533", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49533", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:96a59acc03e5c9e1724db3abdd7a37a36139b3c9cd99f71ae95582b9314822d7", "Title": "kernel: ath11k: Change max no of active probe SSID and BSSID to fw capability", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nath11k: Change max no of active probe SSID and BSSID to fw capability\n\nThe maximum number of SSIDs in a for active probe requests is currently\nreported as 16 (WLAN_SCAN_PARAMS_MAX_SSID) when registering the driver.\nThe scan_req_params structure only has the capacity to hold 10 SSIDs.\nThis leads to a buffer overflow which can be triggered from\nwpa_supplicant in userspace. When copying the SSIDs into the\nscan_req_params structure in the ath11k_mac_op_hw_scan route, it can\noverwrite the extraie pointer.\n\nFirmware supports 16 ssid * 4 bssid, for each ssid 4 bssid combo probe\nrequest will be sent, so totally 64 probe requests supported. So\nset both max ssid and bssid to 16 and 4 respectively. Remove the\nredundant macros of ssid and bssid.\n\nTested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.7.0.1-01300-QCAHKSWPL_SILICONZ-1", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49533", "https://git.kernel.org/linus/50dc9ce9f80554a88e33b73c30851acf2be36ed3 (5.19-rc1)", "https://git.kernel.org/stable/c/210505788f1d243232e21ef660efcd4838890ce8", "https://git.kernel.org/stable/c/50dc9ce9f80554a88e33b73c30851acf2be36ed3", "https://git.kernel.org/stable/c/ec5dfa1d66f2f71a48dab027d26a9fa78eb0f58f", "https://lore.kernel.org/linux-cve-announce/2025022613-CVE-2022-49533-a0a4@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49533", "https://www.cve.org/CVERecord?id=CVE-2022-49533" ], "PublishedDate": "2025-02-26T07:01:29.293Z", "LastModifiedDate": "2025-10-21T12:05:17.793Z" }, { "VulnerabilityID": "CVE-2022-49534", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49534", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:557fa05e11009bdfe13acf2d50c1128d2ab1f82f3e8073328418c781453cbb1b", "Title": "kernel: scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT\n\nThere is a potential memory leak in lpfc_ignore_els_cmpl() and\nlpfc_els_rsp_reject() that was allocated from NPIV PLOGI_RJT\n(lpfc_rcv_plogi()'s login_mbox).\n\nCheck if cmdiocb-\u003econtext_un.mbox was allocated in lpfc_ignore_els_cmpl(),\nand then free it back to phba-\u003embox_mem_pool along with mbox-\u003ectx_buf for\nservice parameters.\n\nFor lpfc_els_rsp_reject() failure, free both the ctx_buf for service\nparameters and the login_mbox.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49534", "https://git.kernel.org/linus/672d1cb40551ea9c95efad43ab6d45e4ab4e015f (5.19-rc1)", "https://git.kernel.org/stable/c/672d1cb40551ea9c95efad43ab6d45e4ab4e015f", "https://git.kernel.org/stable/c/c00df0f34a6d5e14da379f96ea67e501ce67b002", "https://lore.kernel.org/linux-cve-announce/2025022613-CVE-2022-49534-ad11@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49534", "https://www.cve.org/CVERecord?id=CVE-2022-49534" ], "PublishedDate": "2025-02-26T07:01:29.4Z", "LastModifiedDate": "2025-10-01T20:16:37.977Z" }, { "VulnerabilityID": "CVE-2022-49539", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49539", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:78be7a41e8c1c081a462c9558e01b9afc14bd6ea86e7bb7efc9ef310b4ade253", "Title": "kernel: rtw89: ser: fix CAM leaks occurring in L2 reset", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtw89: ser: fix CAM leaks occurring in L2 reset\n\nThe CAM, meaning address CAM and bssid CAM here, will get leaks during\nSER (system error recover) L2 reset process and ieee80211_restart_hw()\nwhich is called by L2 reset process eventually.\n\nThe normal flow would be like\n-\u003e add interface (acquire 1)\n-\u003e enter ips (release 1)\n-\u003e leave ips (acquire 1)\n-\u003e connection (occupy 1) \u003c(A) 1 leak after L2 reset if non-sec connection\u003e\n\nThe ieee80211_restart_hw() flow (under connection)\n-\u003e ieee80211 reconfig\n-\u003e add interface (acquire 1)\n-\u003e leave ips (acquire 1)\n-\u003e connection (occupy (A) + 2) \u003c(B) 1 more leak\u003e\n\nOriginally, CAM is released before HW restart only if connection is under\nsecurity. Now, release CAM whatever connection it is to fix leak in (A).\nOTOH, check if CAM is already valid to avoid acquiring multiple times to\nfix (B).\n\nBesides, if AP mode, release address CAM of all stations before HW restart.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49539", "https://git.kernel.org/linus/b169f877f001a474fb89939842c390518160bcc5 (5.19-rc1)", "https://git.kernel.org/stable/c/b169f877f001a474fb89939842c390518160bcc5", "https://git.kernel.org/stable/c/f6aff772c9978844529618d86aafb53e5d3ae161", "https://lore.kernel.org/linux-cve-announce/2025022614-CVE-2022-49539-9ea2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49539", "https://www.cve.org/CVERecord?id=CVE-2022-49539" ], "PublishedDate": "2025-02-26T07:01:29.857Z", "LastModifiedDate": "2025-10-21T12:04:50.363Z" }, { "VulnerabilityID": "CVE-2022-49543", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49543", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3532a85683deb6836346f8c89d6b3f7e7ae955cbd57c22cd8e9fcd17619564d4", "Title": "kernel: ath11k: fix the warning of dev_wake in mhi_pm_disable_transition()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nath11k: fix the warning of dev_wake in mhi_pm_disable_transition()\n\nWhen test device recovery with below command, it has warning in message\nas below.\necho assert \u003e /sys/kernel/debug/ath11k/wcn6855\\ hw2.0/simulate_fw_crash\necho assert \u003e /sys/kernel/debug/ath11k/qca6390\\ hw2.0/simulate_fw_crash\n\nwarning message:\n[ 1965.642121] ath11k_pci 0000:06:00.0: simulating firmware assert crash\n[ 1968.471364] ieee80211 phy0: Hardware restart was requested\n[ 1968.511305] ------------[ cut here ]------------\n[ 1968.511368] WARNING: CPU: 3 PID: 1546 at drivers/bus/mhi/core/pm.c:505 mhi_pm_disable_transition+0xb37/0xda0 [mhi]\n[ 1968.511443] Modules linked in: ath11k_pci ath11k mac80211 libarc4 cfg80211 qmi_helpers qrtr_mhi mhi qrtr nvme nvme_core\n[ 1968.511563] CPU: 3 PID: 1546 Comm: kworker/u17:0 Kdump: loaded Tainted: G W 5.17.0-rc3-wt-ath+ #579\n[ 1968.511629] Hardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0067.2021.0528.1339 05/28/2021\n[ 1968.511704] Workqueue: mhi_hiprio_wq mhi_pm_st_worker [mhi]\n[ 1968.511787] RIP: 0010:mhi_pm_disable_transition+0xb37/0xda0 [mhi]\n[ 1968.511870] Code: a9 fe ff ff 4c 89 ff 44 89 04 24 e8 03 46 f6 e5 44 8b 04 24 41 83 f8 01 0f 84 21 fe ff ff e9 4c fd ff ff 0f 0b e9 af f8 ff ff \u003c0f\u003e 0b e9 5c f8 ff ff 48 89 df e8 da 9e ee e3 e9 12 fd ff ff 4c 89\n[ 1968.511923] RSP: 0018:ffffc900024efbf0 EFLAGS: 00010286\n[ 1968.511969] RAX: 00000000ffffffff RBX: ffff88811d241250 RCX: ffffffffc0176922\n[ 1968.512014] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff888118a90a24\n[ 1968.512059] RBP: ffff888118a90800 R08: 0000000000000000 R09: ffff888118a90a27\n[ 1968.512102] R10: ffffed1023152144 R11: 0000000000000001 R12: ffff888118a908ac\n[ 1968.512229] R13: ffff888118a90928 R14: dffffc0000000000 R15: ffff888118a90a24\n[ 1968.512310] FS: 0000000000000000(0000) GS:ffff888234200000(0000) knlGS:0000000000000000\n[ 1968.512405] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 1968.512493] CR2: 00007f5538f443a8 CR3: 000000016dc28001 CR4: 00000000003706e0\n[ 1968.512587] Call Trace:\n[ 1968.512672] \u003cTASK\u003e\n[ 1968.512751] ? _raw_spin_unlock_irq+0x1f/0x40\n[ 1968.512859] mhi_pm_st_worker+0x3ac/0x790 [mhi]\n[ 1968.512959] ? mhi_pm_mission_mode_transition.isra.0+0x7d0/0x7d0 [mhi]\n[ 1968.513063] process_one_work+0x86a/0x1400\n[ 1968.513184] ? pwq_dec_nr_in_flight+0x230/0x230\n[ 1968.513312] ? move_linked_works+0x125/0x290\n[ 1968.513416] worker_thread+0x6db/0xf60\n[ 1968.513536] ? process_one_work+0x1400/0x1400\n[ 1968.513627] kthread+0x241/0x2d0\n[ 1968.513733] ? kthread_complete_and_exit+0x20/0x20\n[ 1968.513821] ret_from_fork+0x22/0x30\n[ 1968.513924] \u003c/TASK\u003e\n\nReason is mhi_deassert_dev_wake() from mhi_device_put() is called\nbut mhi_assert_dev_wake() from __mhi_device_get_sync() is not called\nin progress of recovery. Commit 8e0559921f9a (\"bus: mhi: core:\nSkip device wake in error or shutdown state\") add check for the\npm_state of mhi in __mhi_device_get_sync(), and the pm_state is not\nthe normal state untill recovery is completed, so it leads the\ndev_wake is not 0 and above warning print in mhi_pm_disable_transition()\nwhile checking mhi_cntrl-\u003edev_wake.\n\nAdd check in ath11k_pci_write32()/ath11k_pci_read32() to skip call\nmhi_device_put() if mhi_device_get_sync() does not really do wake,\nthen the warning gone.\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03003-QCAHSPSWPL_V1_V2_SILICONZ_LITE-2", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49543", "https://git.kernel.org/linus/0d7a8a6204ea9271f1d0a8c66a9fd2f54d2e3cbc (5.19-rc1)", "https://git.kernel.org/stable/c/0d7a8a6204ea9271f1d0a8c66a9fd2f54d2e3cbc", "https://git.kernel.org/stable/c/5f18206cddae033c488e4879f198699092ca0524", "https://git.kernel.org/stable/c/a2d9b7357469949ad02f511fc69f8fa3a1afbf89", "https://lore.kernel.org/linux-cve-announce/2025022614-CVE-2022-49543-09f7@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49543", "https://www.cve.org/CVERecord?id=CVE-2022-49543" ], "PublishedDate": "2025-02-26T07:01:30.22Z", "LastModifiedDate": "2025-10-22T17:15:36.74Z" }, { "VulnerabilityID": "CVE-2022-49547", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49547", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6cae2f7adec86ec2feb6e69c6880dc68ed32aea4f182c550441aa1ca86151eff", "Title": "kernel: btrfs: fix deadlock between concurrent dio writes when low on free data space", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix deadlock between concurrent dio writes when low on free data space\n\nWhen reserving data space for a direct IO write we can end up deadlocking\nif we have multiple tasks attempting a write to the same file range, there\nare multiple extents covered by that file range, we are low on available\nspace for data and the writes don't expand the inode's i_size.\n\nThe deadlock can happen like this:\n\n1) We have a file with an i_size of 1M, at offset 0 it has an extent with\n a size of 128K and at offset 128K it has another extent also with a\n size of 128K;\n\n2) Task A does a direct IO write against file range [0, 256K), and because\n the write is within the i_size boundary, it takes the inode's lock (VFS\n level) in shared mode;\n\n3) Task A locks the file range [0, 256K) at btrfs_dio_iomap_begin(), and\n then gets the extent map for the extent covering the range [0, 128K).\n At btrfs_get_blocks_direct_write(), it creates an ordered extent for\n that file range ([0, 128K));\n\n4) Before returning from btrfs_dio_iomap_begin(), it unlocks the file\n range [0, 256K);\n\n5) Task A executes btrfs_dio_iomap_begin() again, this time for the file\n range [128K, 256K), and locks the file range [128K, 256K);\n\n6) Task B starts a direct IO write against file range [0, 256K) as well.\n It also locks the inode in shared mode, as it's within the i_size limit,\n and then tries to lock file range [0, 256K). It is able to lock the\n subrange [0, 128K) but then blocks waiting for the range [128K, 256K),\n as it is currently locked by task A;\n\n7) Task A enters btrfs_get_blocks_direct_write() and tries to reserve data\n space. Because we are low on available free space, it triggers the\n async data reclaim task, and waits for it to reserve data space;\n\n8) The async reclaim task decides to wait for all existing ordered extents\n to complete (through btrfs_wait_ordered_roots()).\n It finds the ordered extent previously created by task A for the file\n range [0, 128K) and waits for it to complete;\n\n9) The ordered extent for the file range [0, 128K) can not complete\n because it blocks at btrfs_finish_ordered_io() when trying to lock the\n file range [0, 128K).\n\n This results in a deadlock, because:\n\n - task B is holding the file range [0, 128K) locked, waiting for the\n range [128K, 256K) to be unlocked by task A;\n\n - task A is holding the file range [128K, 256K) locked and it's waiting\n for the async data reclaim task to satisfy its space reservation\n request;\n\n - the async data reclaim task is waiting for ordered extent [0, 128K)\n to complete, but the ordered extent can not complete because the\n file range [0, 128K) is currently locked by task B, which is waiting\n on task A to unlock file range [128K, 256K) and task A waiting\n on the async data reclaim task.\n\n This results in a deadlock between 4 task: task A, task B, the async\n data reclaim task and the task doing ordered extent completion (a work\n queue task).\n\nThis type of deadlock can sporadically be triggered by the test case\ngeneric/300 from fstests, and results in a stack trace like the following:\n\n[12084.033689] INFO: task kworker/u16:7:123749 blocked for more than 241 seconds.\n[12084.034877] Not tainted 5.18.0-rc2-btrfs-next-115 #1\n[12084.035562] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[12084.036548] task:kworker/u16:7 state:D stack: 0 pid:123749 ppid: 2 flags:0x00004000\n[12084.036554] Workqueue: btrfs-flush_delalloc btrfs_work_helper [btrfs]\n[12084.036599] Call Trace:\n[12084.036601] \u003cTASK\u003e\n[12084.036606] __schedule+0x3cb/0xed0\n[12084.036616] schedule+0x4e/0xb0\n[12084.036620] btrfs_start_ordered_extent+0x109/0x1c0 [btrfs]\n[12084.036651] ? prepare_to_wait_exclusive+0xc0/0xc0\n[12084.036659] btrfs_run_ordered_extent_work+0x1a/0x30 [btrfs]\n[12084.036688] btrfs_work_helper+0xf8/0x400 [btrfs]\n[12084.0367\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49547", "https://git.kernel.org/linus/f5585f4f0ef5b17026bbd60fbff6fcc91b99d5bf (5.19-rc1)", "https://git.kernel.org/stable/c/cfae6f765b3c40882ee90dae8fbf9325c8de9c35", "https://git.kernel.org/stable/c/f5585f4f0ef5b17026bbd60fbff6fcc91b99d5bf", "https://lore.kernel.org/linux-cve-announce/2025022615-CVE-2022-49547-c0fc@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49547", "https://www.cve.org/CVERecord?id=CVE-2022-49547" ], "PublishedDate": "2025-02-26T07:01:30.59Z", "LastModifiedDate": "2025-10-01T20:16:41.473Z" }, { "VulnerabilityID": "CVE-2022-49552", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49552", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4d5daadb4758ef814d8afeb1112d5e32770818e66c6913d2c0ce3e2e066a8503", "Title": "kernel: bpf: Fix combination of jit blinding and pointers to bpf subprogs.", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix combination of jit blinding and pointers to bpf subprogs.\n\nThe combination of jit blinding and pointers to bpf subprogs causes:\n[ 36.989548] BUG: unable to handle page fault for address: 0000000100000001\n[ 36.990342] #PF: supervisor instruction fetch in kernel mode\n[ 36.990968] #PF: error_code(0x0010) - not-present page\n[ 36.994859] RIP: 0010:0x100000001\n[ 36.995209] Code: Unable to access opcode bytes at RIP 0xffffffd7.\n[ 37.004091] Call Trace:\n[ 37.004351] \u003cTASK\u003e\n[ 37.004576] ? bpf_loop+0x4d/0x70\n[ 37.004932] ? bpf_prog_3899083f75e4c5de_F+0xe3/0x13b\n\nThe jit blinding logic didn't recognize that ld_imm64 with an address\nof bpf subprogram is a special instruction and proceeded to randomize it.\nBy itself it wouldn't have been an issue, but jit_subprogs() logic\nrelies on two step process to JIT all subprogs and then JIT them\nagain when addresses of all subprogs are known.\nBlinding process in the first JIT phase caused second JIT to miss\nadjustment of special ld_imm64.\n\nFix this issue by ignoring special ld_imm64 instructions that don't have\nuser controlled constants and shouldn't be blinded.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49552", "https://git.kernel.org/linus/4b6313cf99b0d51b49aeaea98ec76ca8161ecb80 (5.19-rc1)", "https://git.kernel.org/stable/c/4b6313cf99b0d51b49aeaea98ec76ca8161ecb80", "https://git.kernel.org/stable/c/a029b02b47dd5bb87a21550d9d9a80cb4dd3f714", "https://git.kernel.org/stable/c/d106a3e96fca30e44081eae9c27aab28fc132a46", "https://lore.kernel.org/linux-cve-announce/2025022616-CVE-2022-49552-e30f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49552", "https://www.cve.org/CVERecord?id=CVE-2022-49552" ], "PublishedDate": "2025-02-26T07:01:31.04Z", "LastModifiedDate": "2025-10-22T17:14:05.087Z" }, { "VulnerabilityID": "CVE-2022-49562", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49562", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:842cd85aad9c750bcb61c06a50b871243711b3f2136c72caba06cf3182cb778a", "Title": "kernel: KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits\n\nUse the recently introduced __try_cmpxchg_user() to update guest PTE A/D\nbits instead of mapping the PTE into kernel address space. The VM_PFNMAP\npath is broken as it assumes that vm_pgoff is the base pfn of the mapped\nVMA range, which is conceptually wrong as vm_pgoff is the offset relative\nto the file and has nothing to do with the pfn. The horrific hack worked\nfor the original use case (backing guest memory with /dev/mem), but leads\nto accessing \"random\" pfns for pretty much any other VM_PFNMAP case.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49562", "https://git.kernel.org/linus/f122dfe4476890d60b8c679128cd2259ec96a24c (5.19-rc1)", "https://git.kernel.org/stable/c/38b888911e8dc89b89d8147cfb1d2dbe6373bf78", "https://git.kernel.org/stable/c/8089e5e1d18402fb8152d6b6815450a36fffa9b0", "https://git.kernel.org/stable/c/f122dfe4476890d60b8c679128cd2259ec96a24c", "https://lore.kernel.org/linux-cve-announce/2025022618-CVE-2022-49562-1d2c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49562", "https://www.cve.org/CVERecord?id=CVE-2022-49562" ], "PublishedDate": "2025-02-26T07:01:31.97Z", "LastModifiedDate": "2025-10-22T19:10:00.477Z" }, { "VulnerabilityID": "CVE-2022-49622", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49622", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:652b7a03a0b38996b92ff2788eb4b4426059d89bb3a981c5513766905c4427b5", "Title": "kernel: netfilter: nf_tables: avoid skb access on nf_stolen", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: avoid skb access on nf_stolen\n\nWhen verdict is NF_STOLEN, the skb might have been freed.\n\nWhen tracing is enabled, this can result in a use-after-free:\n1. access to skb-\u003enf_trace\n2. access to skb-\u003emark\n3. computation of trace id\n4. dump of packet payload\n\nTo avoid 1, keep a cached copy of skb-\u003enf_trace in the\ntrace state struct.\nRefresh this copy whenever verdict is != STOLEN.\n\nAvoid 2 by skipping skb-\u003emark access if verdict is STOLEN.\n\n3 is avoided by precomputing the trace id.\n\nOnly dump the packet when verdict is not \"STOLEN\".", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49622", "https://git.kernel.org/linus/e34b9ed96ce3b06c79bf884009b16961ca478f87 (5.19-rc5)", "https://git.kernel.org/stable/c/0016d5d46d7440729a3132f61a8da3bf7f84e2ba", "https://git.kernel.org/stable/c/e34b9ed96ce3b06c79bf884009b16961ca478f87", "https://lore.kernel.org/linux-cve-announce/2025022615-CVE-2022-49622-bd19@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49622", "https://www.cve.org/CVERecord?id=CVE-2022-49622" ], "PublishedDate": "2025-02-26T07:01:37.58Z", "LastModifiedDate": "2025-03-24T19:48:44.753Z" }, { "VulnerabilityID": "CVE-2022-49635", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49635", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:71d321089e627edb2972faae2fbdf608fa725a656f1320ef34a132fa900043b5", "Title": "kernel: drm/i915/selftests: fix subtraction overflow bug", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/selftests: fix subtraction overflow bug\n\nOn some machines hole_end can be small enough to cause subtraction\noverflow. On the other side (addr + 2 * min_alignment) can overflow\nin case of mock tests. This patch should handle both cases.\n\n(cherry picked from commit ab3edc679c552a466e4bf0b11af3666008bd65a2)", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "nvd": 3, "photon": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49635", "https://git.kernel.org/linus/333991c4e66b3d4b5613315f18016da80344f659 (5.19-rc7)", "https://git.kernel.org/stable/c/333991c4e66b3d4b5613315f18016da80344f659", "https://git.kernel.org/stable/c/e8997d2d6b8d764e12489f1af2a1ce1d7384ca2a", "https://lore.kernel.org/linux-cve-announce/2025022617-CVE-2022-49635-af1b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49635", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2022-49635" ], "PublishedDate": "2025-02-26T07:01:38.733Z", "LastModifiedDate": "2025-10-23T12:09:27.17Z" }, { "VulnerabilityID": "CVE-2022-49651", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49651", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:746cb54916e31ed38e06dd68cb8c196c16eca86bf4cd0845444fca97a8efc968", "Title": "kernel: srcu: Tighten cleanup_srcu_struct() GP checks", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsrcu: Tighten cleanup_srcu_struct() GP checks\n\nCurrently, cleanup_srcu_struct() checks for a grace period in progress,\nbut it does not check for a grace period that has not yet started but\nwhich might start at any time. Such a situation could result in a\nuse-after-free bug, so this commit adds a check for a grace period that\nis needed but not yet started to cleanup_srcu_struct().", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49651", "https://git.kernel.org/linus/8ed00760203d8018bee042fbfe8e076579be2c2b (5.19-rc1)", "https://git.kernel.org/stable/c/8ed00760203d8018bee042fbfe8e076579be2c2b", "https://git.kernel.org/stable/c/e997dda6502eefbc1032d6b0da7b353c53344b07", "https://lore.kernel.org/linux-cve-announce/2025022620-CVE-2022-49651-601b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49651", "https://www.cve.org/CVERecord?id=CVE-2022-49651" ], "PublishedDate": "2025-02-26T07:01:40.237Z", "LastModifiedDate": "2025-03-24T19:03:58.443Z" }, { "VulnerabilityID": "CVE-2022-49699", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49699", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ebbb276a0c3dd2158d2b247d849db538647f900bf2c5588feb17ec56d1ded9f5", "Title": "kernel: filemap: Handle sibling entries in filemap_get_read_batch()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfilemap: Handle sibling entries in filemap_get_read_batch()\n\nIf a read races with an invalidation followed by another read, it is\npossible for a folio to be replaced with a higher-order folio. If that\nhappens, we'll see a sibling entry for the new folio in the next iteration\nof the loop. This manifests as a NULL pointer dereference while holding\nthe RCU read lock.\n\nHandle this by simply returning. The next call will find the new folio\nand handle it correctly. The other ways of handling this rare race are\nmore complex and it's just not worth it.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49699", "https://git.kernel.org/linus/cb995f4eeba9d268fd4b56c2423ad6c1d1ea1b82 (5.19-rc4)", "https://git.kernel.org/stable/c/a66f131d30e53000f08301776bf85c912ef47aad", "https://git.kernel.org/stable/c/cb995f4eeba9d268fd4b56c2423ad6c1d1ea1b82", "https://lore.kernel.org/linux-cve-announce/2025022628-CVE-2022-49699-d60e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49699", "https://www.cve.org/CVERecord?id=CVE-2022-49699" ], "PublishedDate": "2025-02-26T07:01:44.64Z", "LastModifiedDate": "2025-10-24T15:54:39.313Z" }, { "VulnerabilityID": "CVE-2022-49722", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49722", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ae0b137e064555dccbe978dacb589273c1e5754a850cb8ba41a421252b349c86", "Title": "kernel: ice: Fix memory corruption in VF driver", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix memory corruption in VF driver\n\nDisable VF's RX/TX queues, when it's disabled. VF can have queues enabled,\nwhen it requests a reset. If PF driver assumes that VF is disabled,\nwhile VF still has queues configured, VF may unmap DMA resources.\nIn such scenario device still can map packets to memory, which ends up\nsilently corrupting it.\nPreviously, VF driver could experience memory corruption, which lead to\ncrash:\n[ 5119.170157] BUG: unable to handle kernel paging request at 00001b9780003237\n[ 5119.170166] PGD 0 P4D 0\n[ 5119.170173] Oops: 0002 [#1] PREEMPT_RT SMP PTI\n[ 5119.170181] CPU: 30 PID: 427592 Comm: kworker/u96:2 Kdump: loaded Tainted: G W I --------- - - 4.18.0-372.9.1.rt7.166.el8.x86_64 #1\n[ 5119.170189] Hardware name: Dell Inc. PowerEdge R740/014X06, BIOS 2.3.10 08/15/2019\n[ 5119.170193] Workqueue: iavf iavf_adminq_task [iavf]\n[ 5119.170219] RIP: 0010:__page_frag_cache_drain+0x5/0x30\n[ 5119.170238] Code: 0f 0f b6 77 51 85 f6 74 07 31 d2 e9 05 df ff ff e9 90 fe ff ff 48 8b 05 49 db 33 01 eb b4 0f 1f 80 00 00 00 00 0f 1f 44 00 00 \u003cf0\u003e 29 77 34 74 01 c3 48 8b 07 f6 c4 80 74 0f 0f b6 77 51 85 f6 74\n[ 5119.170244] RSP: 0018:ffffa43b0bdcfd78 EFLAGS: 00010282\n[ 5119.170250] RAX: ffffffff896b3e40 RBX: ffff8fb282524000 RCX: 0000000000000002\n[ 5119.170254] RDX: 0000000049000000 RSI: 0000000000000000 RDI: 00001b9780003203\n[ 5119.170259] RBP: ffff8fb248217b00 R08: 0000000000000022 R09: 0000000000000009\n[ 5119.170262] R10: 2b849d6300000000 R11: 0000000000000020 R12: 0000000000000000\n[ 5119.170265] R13: 0000000000001000 R14: 0000000000000009 R15: 0000000000000000\n[ 5119.170269] FS: 0000000000000000(0000) GS:ffff8fb1201c0000(0000) knlGS:0000000000000000\n[ 5119.170274] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 5119.170279] CR2: 00001b9780003237 CR3: 00000008f3e1a003 CR4: 00000000007726e0\n[ 5119.170283] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 5119.170286] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 5119.170290] PKRU: 55555554\n[ 5119.170292] Call Trace:\n[ 5119.170298] iavf_clean_rx_ring+0xad/0x110 [iavf]\n[ 5119.170324] iavf_free_rx_resources+0xe/0x50 [iavf]\n[ 5119.170342] iavf_free_all_rx_resources.part.51+0x30/0x40 [iavf]\n[ 5119.170358] iavf_virtchnl_completion+0xd8a/0x15b0 [iavf]\n[ 5119.170377] ? iavf_clean_arq_element+0x210/0x280 [iavf]\n[ 5119.170397] iavf_adminq_task+0x126/0x2e0 [iavf]\n[ 5119.170416] process_one_work+0x18f/0x420\n[ 5119.170429] worker_thread+0x30/0x370\n[ 5119.170437] ? process_one_work+0x420/0x420\n[ 5119.170445] kthread+0x151/0x170\n[ 5119.170452] ? set_kthread_struct+0x40/0x40\n[ 5119.170460] ret_from_fork+0x35/0x40\n[ 5119.170477] Modules linked in: iavf sctp ip6_udp_tunnel udp_tunnel mlx4_en mlx4_core nfp tls vhost_net vhost vhost_iotlb tap tun xt_CHECKSUM ipt_MASQUERADE xt_conntrack ipt_REJECT nf_reject_ipv4 nft_compat nft_counter nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables nfnetlink bridge stp llc rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache sunrpc intel_rapl_msr iTCO_wdt iTCO_vendor_support dell_smbios wmi_bmof dell_wmi_descriptor dcdbas kvm_intel kvm irqbypass intel_rapl_common isst_if_common skx_edac irdma nfit libnvdimm x86_pkg_temp_thermal i40e intel_powerclamp coretemp crct10dif_pclmul crc32_pclmul ghash_clmulni_intel ib_uverbs rapl ipmi_ssif intel_cstate intel_uncore mei_me pcspkr acpi_ipmi ib_core mei lpc_ich i2c_i801 ipmi_si ipmi_devintf wmi ipmi_msghandler acpi_power_meter xfs libcrc32c sd_mod t10_pi sg mgag200 drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ice ahci drm libahci crc32c_intel libata tg3 megaraid_sas\n[ 5119.170613] i2c_algo_bit dm_mirror dm_region_hash dm_log dm_mod fuse [last unloaded: iavf]\n[ 5119.170627] CR2: 00001b9780003237", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49722", "https://git.kernel.org/linus/efe41860008e57fb6b69855b4b93fdf34bc42798 (5.19-rc3)", "https://git.kernel.org/stable/c/1bb8253b1dd44cf004e12c333acc6f25ee286cf3", "https://git.kernel.org/stable/c/efe41860008e57fb6b69855b4b93fdf34bc42798", "https://lore.kernel.org/linux-cve-announce/2025022632-CVE-2022-49722-9d4e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49722", "https://www.cve.org/CVERecord?id=CVE-2022-49722" ], "PublishedDate": "2025-02-26T07:01:47.887Z", "LastModifiedDate": "2025-10-24T15:53:11.103Z" }, { "VulnerabilityID": "CVE-2022-49742", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49742", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b7e164c33bc69fcef180e923eae85b5d45b15277ac546567e7d0c64aad91fa1a", "Title": "kernel: f2fs: initialize locks earlier in f2fs_fill_super()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: initialize locks earlier in f2fs_fill_super()\n\nsyzbot is reporting lockdep warning at f2fs_handle_error() [1], for\nspin_lock(\u0026sbi-\u003eerror_lock) is called before spin_lock_init() is called.\nFor safe locking in error handling, move initialization of locks (and\nobvious structures) in f2fs_fill_super() to immediately after memory\nallocation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49742", "https://git.kernel.org/linus/92b4cf5b48955a4bdd15fe4e2067db8ebd87f04c (6.2-rc1)", "https://git.kernel.org/stable/c/92b4cf5b48955a4bdd15fe4e2067db8ebd87f04c", "https://git.kernel.org/stable/c/ddeff03bb33810fcf2f0c18e03d099cf0aacda62", "https://lore.kernel.org/linux-cve-announce/2025032757-CVE-2022-49742-e3d5@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49742", "https://www.cve.org/CVERecord?id=CVE-2022-49742" ], "PublishedDate": "2025-03-27T17:15:38.847Z", "LastModifiedDate": "2025-10-01T18:15:31.557Z" }, { "VulnerabilityID": "CVE-2022-49750", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49750", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:72b12f90b961d5f5eae153367b700efcbfab2b832a43af6c9d3e211a5ef8d07b", "Title": "kernel: cpufreq: CPPC: Add u64 casts to avoid overflowing", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: CPPC: Add u64 casts to avoid overflowing\n\nThe fields of the _CPC object are unsigned 32-bits values.\nTo avoid overflows while using _CPC's values, add 'u64' casts.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49750", "https://git.kernel.org/linus/f5f94b9c8b805d87ff185caf9779c3a4d07819e3 (6.2-rc4)", "https://git.kernel.org/stable/c/7d596bbc66a52ff2c7a83d7e0ee840cb07e2a045", "https://git.kernel.org/stable/c/f5f94b9c8b805d87ff185caf9779c3a4d07819e3", "https://lore.kernel.org/linux-cve-announce/2025032700-CVE-2022-49750-743d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49750", "https://www.cve.org/CVERecord?id=CVE-2022-49750" ], "PublishedDate": "2025-03-27T17:15:39.85Z", "LastModifiedDate": "2025-10-01T18:15:32.503Z" }, { "VulnerabilityID": "CVE-2022-49759", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49759", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3cedde906a4025966f067cc12614de2fbcaba4fb5e119bda1ced49b9c5d586f0", "Title": "kernel: VMCI: Use threaded irqs instead of tasklets", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nVMCI: Use threaded irqs instead of tasklets\n\nThe vmci_dispatch_dgs() tasklet function calls vmci_read_data()\nwhich uses wait_event() resulting in invalid sleep in an atomic\ncontext (and therefore potentially in a deadlock).\n\nUse threaded irqs to fix this issue and completely remove usage\nof tasklets.\n\n[ 20.264639] BUG: sleeping function called from invalid context at drivers/misc/vmw_vmci/vmci_guest.c:145\n[ 20.264643] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 762, name: vmtoolsd\n[ 20.264645] preempt_count: 101, expected: 0\n[ 20.264646] RCU nest depth: 0, expected: 0\n[ 20.264647] 1 lock held by vmtoolsd/762:\n[ 20.264648] #0: ffff0000874ae440 (sk_lock-AF_VSOCK){+.+.}-{0:0}, at: vsock_connect+0x60/0x330 [vsock]\n[ 20.264658] Preemption disabled at:\n[ 20.264659] [\u003cffff80000151d7d8\u003e] vmci_send_datagram+0x44/0xa0 [vmw_vmci]\n[ 20.264665] CPU: 0 PID: 762 Comm: vmtoolsd Not tainted 5.19.0-0.rc8.20220727git39c3c396f813.60.fc37.aarch64 #1\n[ 20.264667] Hardware name: VMware, Inc. VBSA/VBSA, BIOS VEFI 12/31/2020\n[ 20.264668] Call trace:\n[ 20.264669] dump_backtrace+0xc4/0x130\n[ 20.264672] show_stack+0x24/0x80\n[ 20.264673] dump_stack_lvl+0x88/0xb4\n[ 20.264676] dump_stack+0x18/0x34\n[ 20.264677] __might_resched+0x1a0/0x280\n[ 20.264679] __might_sleep+0x58/0x90\n[ 20.264681] vmci_read_data+0x74/0x120 [vmw_vmci]\n[ 20.264683] vmci_dispatch_dgs+0x64/0x204 [vmw_vmci]\n[ 20.264686] tasklet_action_common.constprop.0+0x13c/0x150\n[ 20.264688] tasklet_action+0x40/0x50\n[ 20.264689] __do_softirq+0x23c/0x6b4\n[ 20.264690] __irq_exit_rcu+0x104/0x214\n[ 20.264691] irq_exit_rcu+0x1c/0x50\n[ 20.264693] el1_interrupt+0x38/0x6c\n[ 20.264695] el1h_64_irq_handler+0x18/0x24\n[ 20.264696] el1h_64_irq+0x68/0x6c\n[ 20.264697] preempt_count_sub+0xa4/0xe0\n[ 20.264698] _raw_spin_unlock_irqrestore+0x64/0xb0\n[ 20.264701] vmci_send_datagram+0x7c/0xa0 [vmw_vmci]\n[ 20.264703] vmci_datagram_dispatch+0x84/0x100 [vmw_vmci]\n[ 20.264706] vmci_datagram_send+0x2c/0x40 [vmw_vmci]\n[ 20.264709] vmci_transport_send_control_pkt+0xb8/0x120 [vmw_vsock_vmci_transport]\n[ 20.264711] vmci_transport_connect+0x40/0x7c [vmw_vsock_vmci_transport]\n[ 20.264713] vsock_connect+0x278/0x330 [vsock]\n[ 20.264715] __sys_connect_file+0x8c/0xc0\n[ 20.264718] __sys_connect+0x84/0xb4\n[ 20.264720] __arm64_sys_connect+0x2c/0x3c\n[ 20.264721] invoke_syscall+0x78/0x100\n[ 20.264723] el0_svc_common.constprop.0+0x68/0x124\n[ 20.264724] do_el0_svc+0x38/0x4c\n[ 20.264725] el0_svc+0x60/0x180\n[ 20.264726] el0t_64_sync_handler+0x11c/0x150\n[ 20.264728] el0t_64_sync+0x190/0x194", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49759", "https://git.kernel.org/linus/3daed6345d5880464f46adab871d208e1baa2f3a (6.2-rc5)", "https://git.kernel.org/stable/c/3daed6345d5880464f46adab871d208e1baa2f3a", "https://git.kernel.org/stable/c/548ea9dd5e01b0ecf53d2563004c80abd636743d", "https://lore.kernel.org/linux-cve-announce/2025032702-CVE-2022-49759-5392@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49759", "https://www.cve.org/CVERecord?id=CVE-2022-49759" ], "PublishedDate": "2025-03-27T17:15:41.163Z", "LastModifiedDate": "2025-10-01T18:15:33.273Z" }, { "VulnerabilityID": "CVE-2022-49764", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49764", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:80a5090f5bc1f58d481c0f82876665452215f9377467c5ceab6ab6925b435424", "Title": "kernel: bpf: Prevent bpf program recursion for raw tracepoint probes", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Prevent bpf program recursion for raw tracepoint probes\n\nWe got report from sysbot [1] about warnings that were caused by\nbpf program attached to contention_begin raw tracepoint triggering\nthe same tracepoint by using bpf_trace_printk helper that takes\ntrace_printk_lock lock.\n\n Call Trace:\n \u003cTASK\u003e\n ? trace_event_raw_event_bpf_trace_printk+0x5f/0x90\n bpf_trace_printk+0x2b/0xe0\n bpf_prog_a9aec6167c091eef_prog+0x1f/0x24\n bpf_trace_run2+0x26/0x90\n native_queued_spin_lock_slowpath+0x1c6/0x2b0\n _raw_spin_lock_irqsave+0x44/0x50\n bpf_trace_printk+0x3f/0xe0\n bpf_prog_a9aec6167c091eef_prog+0x1f/0x24\n bpf_trace_run2+0x26/0x90\n native_queued_spin_lock_slowpath+0x1c6/0x2b0\n _raw_spin_lock_irqsave+0x44/0x50\n bpf_trace_printk+0x3f/0xe0\n bpf_prog_a9aec6167c091eef_prog+0x1f/0x24\n bpf_trace_run2+0x26/0x90\n native_queued_spin_lock_slowpath+0x1c6/0x2b0\n _raw_spin_lock_irqsave+0x44/0x50\n bpf_trace_printk+0x3f/0xe0\n bpf_prog_a9aec6167c091eef_prog+0x1f/0x24\n bpf_trace_run2+0x26/0x90\n native_queued_spin_lock_slowpath+0x1c6/0x2b0\n _raw_spin_lock_irqsave+0x44/0x50\n __unfreeze_partials+0x5b/0x160\n ...\n\nThe can be reproduced by attaching bpf program as raw tracepoint on\ncontention_begin tracepoint. The bpf prog calls bpf_trace_printk\nhelper. Then by running perf bench the spin lock code is forced to\ntake slow path and call contention_begin tracepoint.\n\nFixing this by skipping execution of the bpf program if it's\nalready running, Using bpf prog 'active' field, which is being\ncurrently used by trampoline programs for the same reason.\n\nMoving bpf_prog_inc_misses_counter to syscall.c because\ntrampoline.c is compiled in just for CONFIG_BPF_JIT option.\n\n[1] https://lore.kernel.org/bpf/YxhFe3EwqchC%2FfYf@krava/T/#t", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49764", "https://git.kernel.org/linus/05b24ff9b2cfabfcfd951daaa915a036ab53c9e1 (6.1-rc1)", "https://git.kernel.org/stable/c/05b24ff9b2cfabfcfd951daaa915a036ab53c9e1", "https://git.kernel.org/stable/c/2e5399879024fedd6cdc41f73fbf9bbe7208f899", "https://lore.kernel.org/linux-cve-announce/2025050113-CVE-2022-49764-5947@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49764", "https://www.cve.org/CVERecord?id=CVE-2022-49764" ], "PublishedDate": "2025-05-01T15:15:59.17Z", "LastModifiedDate": "2025-11-06T21:58:54.597Z" }, { "VulnerabilityID": "CVE-2022-49766", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49766", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:124640303e1078de6180ef1f9c0d3d55dd215bf852df0dc8e6d8687105ecc9dc", "Title": "kernel: netlink: Bounds-check struct nlmsgerr creation", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: Bounds-check struct nlmsgerr creation\n\nIn preparation for FORTIFY_SOURCE doing bounds-check on memcpy(),\nswitch from __nlmsg_put to nlmsg_put(), and explain the bounds check\nfor dealing with the memcpy() across a composite flexible array struct.\nAvoids this future run-time warning:\n\n memcpy: detected field-spanning write (size 32) of single field \"\u0026errmsg-\u003emsg\" at net/netlink/af_netlink.c:2447 (size 16)", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 2.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49766", "https://git.kernel.org/linus/710d21fdff9a98d621cd4e64167f3ef8af4e2fd1 (6.1-rc1)", "https://git.kernel.org/stable/c/710d21fdff9a98d621cd4e64167f3ef8af4e2fd1", "https://git.kernel.org/stable/c/aff4eb16f589c3af322a2582044bca365381fcd6", "https://lore.kernel.org/linux-cve-announce/2025050114-CVE-2022-49766-7b16@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49766", "https://www.cve.org/CVERecord?id=CVE-2022-49766" ], "PublishedDate": "2025-05-01T15:15:59.38Z", "LastModifiedDate": "2025-11-06T21:57:43.357Z" }, { "VulnerabilityID": "CVE-2022-49773", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49773", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:18d1293f3a2951aa289442015830871e20f8337c52b53d46bd492687c9a1836a", "Title": "kernel: drm/amd/display: Fix optc2_configure warning on dcn314", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix optc2_configure warning on dcn314\n\n[Why]\ndcn314 uses optc2_configure_crc() that wraps\noptc1_configure_crc() + set additional registers\nnot applicable to dcn314.\nIt's not critical but when used leads to warning like:\nWARNING: drivers/gpu/drm/amd/amdgpu/../display/dc/dc_helper.c\nCall Trace:\n\u003cTASK\u003e\ngeneric_reg_set_ex+0x6d/0xe0 [amdgpu]\noptc2_configure_crc+0x60/0x80 [amdgpu]\ndc_stream_configure_crc+0x129/0x150 [amdgpu]\namdgpu_dm_crtc_configure_crc_source+0x5d/0xe0 [amdgpu]\n\n[How]\nUse optc1_configure_crc() directly", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49773", "https://git.kernel.org/linus/e7e4f77c991c9abf90924929a9d55f90b0bb78de (6.1-rc6)", "https://git.kernel.org/stable/c/e7e4f77c991c9abf90924929a9d55f90b0bb78de", "https://git.kernel.org/stable/c/f67ef5aa88e3db0a13ae3befab2ddf14ac00a91c", "https://lore.kernel.org/linux-cve-announce/2025050116-CVE-2022-49773-2f2e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49773", "https://www.cve.org/CVERecord?id=CVE-2022-49773" ], "PublishedDate": "2025-05-01T15:16:00.453Z", "LastModifiedDate": "2025-11-07T18:26:22.07Z" }, { "VulnerabilityID": "CVE-2022-49783", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49783", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6c164af12df0e9599cc6229fb28c72a0fab762f85d839c47edfc4d4663090002", "Title": "kernel: x86/fpu: Drop fpregs lock before inheriting FPU permissions", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/fpu: Drop fpregs lock before inheriting FPU permissions\n\nMike Galbraith reported the following against an old fork of preempt-rt\nbut the same issue also applies to the current preempt-rt tree.\n\n BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:46\n in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1, name: systemd\n preempt_count: 1, expected: 0\n RCU nest depth: 0, expected: 0\n Preemption disabled at:\n fpu_clone\n CPU: 6 PID: 1 Comm: systemd Tainted: G E (unreleased)\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl\n ? fpu_clone\n __might_resched\n rt_spin_lock\n fpu_clone\n ? copy_thread\n ? copy_process\n ? shmem_alloc_inode\n ? kmem_cache_alloc\n ? kernel_clone\n ? __do_sys_clone\n ? do_syscall_64\n ? __x64_sys_rt_sigprocmask\n ? syscall_exit_to_user_mode\n ? do_syscall_64\n ? syscall_exit_to_user_mode\n ? do_syscall_64\n ? syscall_exit_to_user_mode\n ? do_syscall_64\n ? exc_page_fault\n ? entry_SYSCALL_64_after_hwframe\n \u003c/TASK\u003e\n\nMike says:\n\n The splat comes from fpu_inherit_perms() being called under fpregs_lock(),\n and us reaching the spin_lock_irq() therein due to fpu_state_size_dynamic()\n returning true despite static key __fpu_state_size_dynamic having never\n been enabled.\n\nMike's assessment looks correct. fpregs_lock on a PREEMPT_RT kernel disables\npreemption so calling spin_lock_irq() in fpu_inherit_perms() is unsafe. This\nproblem exists since commit\n\n 9e798e9aa14c (\"x86/fpu: Prepare fpu_clone() for dynamically enabled features\").\n\nEven though the original bug report should not have enabled the paths at\nall, the bug still exists.\n\nfpregs_lock is necessary when editing the FPU registers or a task's FP\nstate but it is not necessary for fpu_inherit_perms(). The only write\nof any FP state in fpu_inherit_perms() is for the new child which is\nnot running yet and cannot context switch or be borrowed by a kernel\nthread yet. Hence, fpregs_lock is not protecting anything in the new\nchild until clone() completes and can be dropped earlier. The siglock\nstill needs to be acquired by fpu_inherit_perms() as the read of the\nparent's permissions has to be serialised.\n\n [ bp: Cleanup splat. ]", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49783", "https://git.kernel.org/linus/36b038791e1e2baea892e9276588815fd14894b4 (6.1-rc6)", "https://git.kernel.org/stable/c/36b038791e1e2baea892e9276588815fd14894b4", "https://git.kernel.org/stable/c/c6e8a7a1780af3da65e78a615f7d0874da6aabb0", "https://lore.kernel.org/linux-cve-announce/2025050120-CVE-2022-49783-a870@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49783", "https://www.cve.org/CVERecord?id=CVE-2022-49783" ], "PublishedDate": "2025-05-01T15:16:01.51Z", "LastModifiedDate": "2025-11-07T17:48:52.48Z" }, { "VulnerabilityID": "CVE-2022-49803", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49803", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e0d0b40a2250ba46974d36e5df40b4b988d7c2ec529faf822c96a117beea9022", "Title": "kernel: netdevsim: Fix memory leak of nsim_dev-\u003efa_cookie", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetdevsim: Fix memory leak of nsim_dev-\u003efa_cookie\n\nkmemleak reports this issue:\n\nunreferenced object 0xffff8881bac872d0 (size 8):\n comm \"sh\", pid 58603, jiffies 4481524462 (age 68.065s)\n hex dump (first 8 bytes):\n 04 00 00 00 de ad be ef ........\n backtrace:\n [\u003c00000000c80b8577\u003e] __kmalloc+0x49/0x150\n [\u003c000000005292b8c6\u003e] nsim_dev_trap_fa_cookie_write+0xc1/0x210 [netdevsim]\n [\u003c0000000093d78e77\u003e] full_proxy_write+0xf3/0x180\n [\u003c000000005a662c16\u003e] vfs_write+0x1c5/0xaf0\n [\u003c000000007aabf84a\u003e] ksys_write+0xed/0x1c0\n [\u003c000000005f1d2e47\u003e] do_syscall_64+0x3b/0x90\n [\u003c000000006001c6ec\u003e] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe issue occurs in the following scenarios:\n\nnsim_dev_trap_fa_cookie_write()\n kmalloc() fa_cookie\n nsim_dev-\u003efa_cookie = fa_cookie\n..\nnsim_drv_remove()\n\nThe fa_cookie allocked in nsim_dev_trap_fa_cookie_write() is not freed. To\nfix, add kfree(nsim_dev-\u003efa_cookie) to nsim_drv_remove().", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49803", "https://git.kernel.org/linus/064bc7312bd09a48798418663090be0c776183db (6.1-rc6)", "https://git.kernel.org/stable/c/064bc7312bd09a48798418663090be0c776183db", "https://git.kernel.org/stable/c/207edad5717e0a5709ce8467f0eff41c607835c9", "https://lore.kernel.org/linux-cve-announce/2025050127-CVE-2022-49803-38e4@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49803", "https://www.cve.org/CVERecord?id=CVE-2022-49803" ], "PublishedDate": "2025-05-01T15:16:03.617Z", "LastModifiedDate": "2025-11-07T19:20:07.703Z" }, { "VulnerabilityID": "CVE-2022-49810", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49810", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e5cf4eb7e7bcf83fe7a6eaaae025b0e753f2e5ac07769ff840dbc7c89f3458a6", "Title": "kernel: netfs: Fix missing xas_retry() calls in xarray iteration", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix missing xas_retry() calls in xarray iteration\n\nnetfslib has a number of places in which it performs iteration of an xarray\nwhilst being under the RCU read lock. It *should* call xas_retry() as the\nfirst thing inside of the loop and do \"continue\" if it returns true in case\nthe xarray walker passed out a special value indicating that the walk needs\nto be redone from the root[*].\n\nFix this by adding the missing retry checks.\n\n[*] I wonder if this should be done inside xas_find(), xas_next_node() and\n suchlike, but I'm told that's not an simple change to effect.\n\nThis can cause an oops like that below. Note the faulting address - this\nis an internal value (|0x2) returned from xarray.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000402\n...\nRIP: 0010:netfs_rreq_unlock+0xef/0x380 [netfs]\n...\nCall Trace:\n netfs_rreq_assess+0xa6/0x240 [netfs]\n netfs_readpage+0x173/0x3b0 [netfs]\n ? init_wait_var_entry+0x50/0x50\n filemap_read_page+0x33/0xf0\n filemap_get_pages+0x2f2/0x3f0\n filemap_read+0xaa/0x320\n ? do_filp_open+0xb2/0x150\n ? rmqueue+0x3be/0xe10\n ceph_read_iter+0x1fe/0x680 [ceph]\n ? new_sync_read+0x115/0x1a0\n new_sync_read+0x115/0x1a0\n vfs_read+0xf3/0x180\n ksys_read+0x5f/0xe0\n do_syscall_64+0x38/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nChanges:\n========\nver #2)\n - Changed an unsigned int to a size_t to reduce the likelihood of an\n overflow as per Willy's suggestion.\n - Added an additional patch to fix the maths.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49810", "https://git.kernel.org/linus/7e043a80b5dae5c2d2cf84031501de7827fd6c00 (6.1-rc6)", "https://git.kernel.org/stable/c/7e043a80b5dae5c2d2cf84031501de7827fd6c00", "https://git.kernel.org/stable/c/b2cc07a76f1eb12de3b22caf5fdbf856a7bef16d", "https://lore.kernel.org/linux-cve-announce/2025050129-CVE-2022-49810-e637@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49810", "https://www.cve.org/CVERecord?id=CVE-2022-49810" ], "PublishedDate": "2025-05-01T15:16:04.347Z", "LastModifiedDate": "2025-11-07T19:31:03.147Z" }, { "VulnerabilityID": "CVE-2022-49829", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49829", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f4ad15a2f46ebf2262fdeb948da4c72d5541c51326068309291590624c5ce243", "Title": "kernel: drm/scheduler: fix fence ref counting", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/scheduler: fix fence ref counting\n\nWe leaked dependency fences when processes were beeing killed.\n\nAdditional to that grab a reference to the last scheduled fence.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49829", "https://git.kernel.org/linus/b3af84383e7abdc5e63435817bb73a268e7c3637 (6.1-rc3)", "https://git.kernel.org/stable/c/b3af84383e7abdc5e63435817bb73a268e7c3637", "https://git.kernel.org/stable/c/e5f4b38362df93594cb426b04979d8834122f159", "https://lore.kernel.org/linux-cve-announce/2025050136-CVE-2022-49829-8c4e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49829", "https://www.cve.org/CVERecord?id=CVE-2022-49829" ], "PublishedDate": "2025-05-01T15:16:06.373Z", "LastModifiedDate": "2025-11-10T20:07:23.567Z" }, { "VulnerabilityID": "CVE-2022-49833", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49833", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e6deeb354fee7df40b8309794a0dd76ebb1ef9ee24a998efd467561ef1c3667c", "Title": "kernel: btrfs: zoned: clone zoned device info when cloning a device", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: zoned: clone zoned device info when cloning a device\n\nWhen cloning a btrfs_device, we're not cloning the associated\nbtrfs_zoned_device_info structure of the device in case of a zoned\nfilesystem.\n\nLater on this leads to a NULL pointer dereference when accessing the\ndevice's zone_info for instance when setting a zone as active.\n\nThis was uncovered by fstests' testcase btrfs/161.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49833", "https://git.kernel.org/linus/21e61ec6d0bb786818490e926aa9aeb4de95ad0d (6.1-rc5)", "https://git.kernel.org/stable/c/21e61ec6d0bb786818490e926aa9aeb4de95ad0d", "https://git.kernel.org/stable/c/ad88cabcec942c033f980cd1e28d56ecdaf5f3b8", "https://lore.kernel.org/linux-cve-announce/2025050137-CVE-2022-49833-b809@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49833", "https://www.cve.org/CVERecord?id=CVE-2022-49833" ], "PublishedDate": "2025-05-01T15:16:06.78Z", "LastModifiedDate": "2025-11-10T21:13:04.667Z" }, { "VulnerabilityID": "CVE-2022-49858", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49858", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4019ad25413d91a0f891bfe17b888b87fc58e7eb7de9b41472eb7d6c98187635", "Title": "kernel: octeontx2-pf: Fix SQE threshold checking", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: Fix SQE threshold checking\n\nCurrent way of checking available SQE count which is based on\nHW updated SQB count could result in driver submitting an SQE\neven before CQE for the previously transmitted SQE at the same\nindex is processed in NAPI resulting losing SKB pointers,\nhence a leak. Fix this by checking a consumer index which\nis updated once CQE is processed.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49858", "https://git.kernel.org/linus/f0dfc4c88ef39be0ba736aa0ce6119263fc19aeb (6.1-rc5)", "https://git.kernel.org/stable/c/015e3c0a3b16193aab23beefe4719484b9984c2d", "https://git.kernel.org/stable/c/f0dfc4c88ef39be0ba736aa0ce6119263fc19aeb", "https://lore.kernel.org/linux-cve-announce/2025050146-CVE-2022-49858-a1ee@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49858", "https://www.cve.org/CVERecord?id=CVE-2022-49858" ], "PublishedDate": "2025-05-01T15:16:09.41Z", "LastModifiedDate": "2025-11-10T21:03:21.9Z" }, { "VulnerabilityID": "CVE-2022-49901", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49901", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7867a63d69c4eb4f93c9519b96ec751c3edce00e56840adaee679a33244a17c2", "Title": "kernel: blk-mq: Fix kmemleak in blk_mq_init_allocated_queue", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-mq: Fix kmemleak in blk_mq_init_allocated_queue\n\nThere is a kmemleak caused by modprobe null_blk.ko\n\nunreferenced object 0xffff8881acb1f000 (size 1024):\n comm \"modprobe\", pid 836, jiffies 4294971190 (age 27.068s)\n hex dump (first 32 bytes):\n 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........\n ff ff ff ff ff ff ff ff 00 53 99 9e ff ff ff ff .........S......\n backtrace:\n [\u003c000000004a10c249\u003e] kmalloc_node_trace+0x22/0x60\n [\u003c00000000648f7950\u003e] blk_mq_alloc_and_init_hctx+0x289/0x350\n [\u003c00000000af06de0e\u003e] blk_mq_realloc_hw_ctxs+0x2fe/0x3d0\n [\u003c00000000e00c1872\u003e] blk_mq_init_allocated_queue+0x48c/0x1440\n [\u003c00000000d16b4e68\u003e] __blk_mq_alloc_disk+0xc8/0x1c0\n [\u003c00000000d10c98c3\u003e] 0xffffffffc450d69d\n [\u003c00000000b9299f48\u003e] 0xffffffffc4538392\n [\u003c0000000061c39ed6\u003e] do_one_initcall+0xd0/0x4f0\n [\u003c00000000b389383b\u003e] do_init_module+0x1a4/0x680\n [\u003c0000000087cf3542\u003e] load_module+0x6249/0x7110\n [\u003c00000000beba61b8\u003e] __do_sys_finit_module+0x140/0x200\n [\u003c00000000fdcfff51\u003e] do_syscall_64+0x35/0x80\n [\u003c000000003c0f1f71\u003e] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nThat is because q-\u003ema_ops is set to NULL before blk_release_queue is\ncalled.\n\nblk_mq_init_queue_data\n blk_mq_init_allocated_queue\n blk_mq_realloc_hw_ctxs\n for (i = 0; i \u003c set-\u003enr_hw_queues; i++) {\n old_hctx = xa_load(\u0026q-\u003ehctx_table, i);\n if (!blk_mq_alloc_and_init_hctx(.., i, ..))\t\t[1]\n if (!old_hctx)\n\t break;\n\n xa_for_each_start(\u0026q-\u003ehctx_table, j, hctx, j)\n blk_mq_exit_hctx(q, set, hctx, j); \t\t\t[2]\n\n if (!q-\u003enr_hw_queues)\t\t\t\t\t[3]\n goto err_hctxs;\n\n err_exit:\n q-\u003emq_ops = NULL;\t\t\t \t\t\t[4]\n\n blk_put_queue\n blk_release_queue\n if (queue_is_mq(q))\t\t\t\t\t[5]\n blk_mq_release(q);\n\n[1]: blk_mq_alloc_and_init_hctx failed at i != 0.\n[2]: The hctxs allocated by [1] are moved to q-\u003eunused_hctx_list and\nwill be cleaned up in blk_mq_release.\n[3]: q-\u003enr_hw_queues is 0.\n[4]: Set q-\u003emq_ops to NULL.\n[5]: queue_is_mq returns false due to [4]. And blk_mq_release\nwill not be called. The hctxs in q-\u003eunused_hctx_list are leaked.\n\nTo fix it, call blk_release_queue in exception path.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49901", "https://git.kernel.org/linus/943f45b9399ed8b2b5190cbc797995edaa97f58f (6.1-rc4)", "https://git.kernel.org/stable/c/2dc97e15a54b7bdf457848aa8c663c98a24e58a6", "https://git.kernel.org/stable/c/943f45b9399ed8b2b5190cbc797995edaa97f58f", "https://lore.kernel.org/linux-cve-announce/2025050101-CVE-2022-49901-1130@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49901", "https://www.cve.org/CVERecord?id=CVE-2022-49901" ], "PublishedDate": "2025-05-01T15:16:15.167Z", "LastModifiedDate": "2025-10-01T21:15:41.587Z" }, { "VulnerabilityID": "CVE-2022-49910", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49910", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a6c3bb6beab39826f7c854414c8544b3053dce3182fac4078abdd657ff706594", "Title": "kernel: Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu\n\nFix the race condition between the following two flows that run in\nparallel:\n\n1. l2cap_reassemble_sdu -\u003e chan-\u003eops-\u003erecv (l2cap_sock_recv_cb) -\u003e\n __sock_queue_rcv_skb.\n\n2. bt_sock_recvmsg -\u003e skb_recv_datagram, skb_free_datagram.\n\nAn SKB can be queued by the first flow and immediately dequeued and\nfreed by the second flow, therefore the callers of l2cap_reassemble_sdu\ncan't use the SKB after that function returns. However, some places\ncontinue accessing struct l2cap_ctrl that resides in the SKB's CB for a\nshort time after l2cap_reassemble_sdu returns, leading to a\nuse-after-free condition (the stack trace is below, line numbers for\nkernel 5.19.8).\n\nFix it by keeping a local copy of struct l2cap_ctrl.\n\nBUG: KASAN: use-after-free in l2cap_rx_state_recv (net/bluetooth/l2cap_core.c:6906) bluetooth\nRead of size 1 at addr ffff88812025f2f0 by task kworker/u17:3/43169\n\nWorkqueue: hci0 hci_rx_work [bluetooth]\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl (lib/dump_stack.c:107 (discriminator 4))\n print_report.cold (mm/kasan/report.c:314 mm/kasan/report.c:429)\n ? l2cap_rx_state_recv (net/bluetooth/l2cap_core.c:6906) bluetooth\n kasan_report (mm/kasan/report.c:162 mm/kasan/report.c:493)\n ? l2cap_rx_state_recv (net/bluetooth/l2cap_core.c:6906) bluetooth\n l2cap_rx_state_recv (net/bluetooth/l2cap_core.c:6906) bluetooth\n l2cap_rx (net/bluetooth/l2cap_core.c:7236 net/bluetooth/l2cap_core.c:7271) bluetooth\n ret_from_fork (arch/x86/entry/entry_64.S:306)\n \u003c/TASK\u003e\n\nAllocated by task 43169:\n kasan_save_stack (mm/kasan/common.c:39)\n __kasan_slab_alloc (mm/kasan/common.c:45 mm/kasan/common.c:436 mm/kasan/common.c:469)\n kmem_cache_alloc_node (mm/slab.h:750 mm/slub.c:3243 mm/slub.c:3293)\n __alloc_skb (net/core/skbuff.c:414)\n l2cap_recv_frag (./include/net/bluetooth/bluetooth.h:425 net/bluetooth/l2cap_core.c:8329) bluetooth\n l2cap_recv_acldata (net/bluetooth/l2cap_core.c:8442) bluetooth\n hci_rx_work (net/bluetooth/hci_core.c:3642 net/bluetooth/hci_core.c:3832) bluetooth\n process_one_work (kernel/workqueue.c:2289)\n worker_thread (./include/linux/list.h:292 kernel/workqueue.c:2437)\n kthread (kernel/kthread.c:376)\n ret_from_fork (arch/x86/entry/entry_64.S:306)\n\nFreed by task 27920:\n kasan_save_stack (mm/kasan/common.c:39)\n kasan_set_track (mm/kasan/common.c:45)\n kasan_set_free_info (mm/kasan/generic.c:372)\n ____kasan_slab_free (mm/kasan/common.c:368 mm/kasan/common.c:328)\n slab_free_freelist_hook (mm/slub.c:1780)\n kmem_cache_free (mm/slub.c:3536 mm/slub.c:3553)\n skb_free_datagram (./include/net/sock.h:1578 ./include/net/sock.h:1639 net/core/datagram.c:323)\n bt_sock_recvmsg (net/bluetooth/af_bluetooth.c:295) bluetooth\n l2cap_sock_recvmsg (net/bluetooth/l2cap_sock.c:1212) bluetooth\n sock_read_iter (net/socket.c:1087)\n new_sync_read (./include/linux/fs.h:2052 fs/read_write.c:401)\n vfs_read (fs/read_write.c:482)\n ksys_read (fs/read_write.c:620)\n do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "nvd": 3, "photon": 3, "redhat": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49910", "https://git.kernel.org/linus/3aff8aaca4e36dc8b17eaa011684881a80238966 (6.1-rc4)", "https://git.kernel.org/stable/c/03af22e23b96fb7ef75fb7885407ef457e8b403d", "https://git.kernel.org/stable/c/3aff8aaca4e36dc8b17eaa011684881a80238966", "https://git.kernel.org/stable/c/4cd094fd5d872862ca278e15b9b51b07e915ef3f", "https://git.kernel.org/stable/c/6c7407bfbeafc80a04e6eaedcf34d378532a04f2", "https://git.kernel.org/stable/c/8278a87bb1eeea94350d675ef961ee5a03341fde", "https://git.kernel.org/stable/c/9a04161244603f502c6e453913e51edd59cb70c1", "https://git.kernel.org/stable/c/cb1c012099ef5904cd468bdb8d6fcdfdd9bcb569", "https://git.kernel.org/stable/c/dc30e05bb18852303084430c03ca76e69257d9ea", "https://lore.kernel.org/linux-cve-announce/2025050104-CVE-2022-49910-96ae@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49910", "https://www.cve.org/CVERecord?id=CVE-2022-49910" ], "PublishedDate": "2025-05-01T15:16:16.147Z", "LastModifiedDate": "2025-11-11T01:38:30.043Z" }, { "VulnerabilityID": "CVE-2022-49932", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49932", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b9ed17d27a3d1540f7a3a514d569e38f83d5d2a41f78bb5c6db032fdfd9af6aa", "Title": "kernel: KVM: VMX: Do _all_ initialization before exposing /dev/kvm to userspace", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: VMX: Do _all_ initialization before exposing /dev/kvm to userspace\n\nCall kvm_init() only after _all_ setup is complete, as kvm_init() exposes\n/dev/kvm to userspace and thus allows userspace to create VMs (and call\nother ioctls). E.g. KVM will encounter a NULL pointer when attempting to\nadd a vCPU to the per-CPU loaded_vmcss_on_cpu list if userspace is able to\ncreate a VM before vmx_init() configures said list.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000008\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD 0 P4D 0\n Oops: 0002 [#1] SMP\n CPU: 6 PID: 1143 Comm: stable Not tainted 6.0.0-rc7+ #988\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n RIP: 0010:vmx_vcpu_load_vmcs+0x68/0x230 [kvm_intel]\n \u003cTASK\u003e\n vmx_vcpu_load+0x16/0x60 [kvm_intel]\n kvm_arch_vcpu_load+0x32/0x1f0 [kvm]\n vcpu_load+0x2f/0x40 [kvm]\n kvm_arch_vcpu_create+0x231/0x310 [kvm]\n kvm_vm_ioctl+0x79f/0xe10 [kvm]\n ? handle_mm_fault+0xb1/0x220\n __x64_sys_ioctl+0x80/0xb0\n do_syscall_64+0x2b/0x50\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n RIP: 0033:0x7f5a6b05743b\n \u003c/TASK\u003e\n Modules linked in: vhost_net vhost vhost_iotlb tap kvm_intel(+) kvm irqbypass", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49932", "https://git.kernel.org/linus/e32b120071ea114efc0b4ddd439547750b85f618 (6.3-rc1)", "https://git.kernel.org/stable/c/e136e969d268b9b89329c816c002e53f60e82985", "https://git.kernel.org/stable/c/e28533c08023c4b319b7f2cd77f3f7c9204eb517", "https://git.kernel.org/stable/c/e32b120071ea114efc0b4ddd439547750b85f618", "https://lore.kernel.org/linux-cve-announce/2025050257-CVE-2022-49932-17ac@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49932", "https://www.cve.org/CVERecord?id=CVE-2022-49932" ], "PublishedDate": "2025-05-02T16:15:22.07Z", "LastModifiedDate": "2025-11-12T15:56:49.603Z" }, { "VulnerabilityID": "CVE-2022-49935", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49935", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:88b5fecb92e1eedc1298721f51ee54320a7a4950c3db48c47d60f6bc779ad6e1", "Title": "kernel: dma-buf/dma-resv: check if the new fence is really later", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf/dma-resv: check if the new fence is really later\n\nPreviously when we added a fence to a dma_resv object we always\nassumed the the newer than all the existing fences.\n\nWith Jason's work to add an UAPI to explicit export/import that's not\nnecessary the case any more. So without this check we would allow\nuserspace to force the kernel into an use after free error.\n\nSince the change is very small and defensive it's probably a good\nidea to backport this to stable kernels as well just in case others\nare using the dma_resv object in the same way.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49935", "https://git.kernel.org/linus/a3f7c10a269d5b77dd5822ade822643ced3057f0 (6.0-rc4)", "https://git.kernel.org/stable/c/a3f7c10a269d5b77dd5822ade822643ced3057f0", "https://git.kernel.org/stable/c/c4c798fe98adceb642050819cb57cbc8f5c27870", "https://lore.kernel.org/linux-cve-announce/2025061847-CVE-2022-49935-bf21@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49935", "https://www.cve.org/CVERecord?id=CVE-2022-49935" ], "PublishedDate": "2025-06-18T11:15:20.34Z", "LastModifiedDate": "2025-11-14T20:24:22.17Z" }, { "VulnerabilityID": "CVE-2022-49940", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49940", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:25830535f5379a544309d4420ee489115ea075320356f588eeb8eacf601e56d3", "Title": "kernel: tty: n_gsm: add sanity check for gsm-\u003ereceive in gsm_receive_buf()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: add sanity check for gsm-\u003ereceive in gsm_receive_buf()\n\nA null pointer dereference can happen when attempting to access the\n\"gsm-\u003ereceive()\" function in gsmld_receive_buf(). Currently, the code\nassumes that gsm-\u003erecieve is only called after MUX activation.\nSince the gsmld_receive_buf() function can be accessed without the need to\ninitialize the MUX, the gsm-\u003ereceive() function will not be set and a\nNULL pointer dereference will occur.\n\nFix this by avoiding the call to \"gsm-\u003ereceive()\" in case the function is\nnot initialized by adding a sanity check.\n\nCall Trace:\n \u003cTASK\u003e\n gsmld_receive_buf+0x1c2/0x2f0 drivers/tty/n_gsm.c:2861\n tiocsti drivers/tty/tty_io.c:2293 [inline]\n tty_ioctl+0xa75/0x15d0 drivers/tty/tty_io.c:2692\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:870 [inline]\n __se_sys_ioctl fs/ioctl.c:856 [inline]\n __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:856\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49940", "https://git.kernel.org/linus/f16c6d2e58a4c2b972efcf9eb12390ee0ba3befb (6.0-rc4)", "https://git.kernel.org/stable/c/309aea4b6b813f6678c3a547cfd7fe3a76ffa976", "https://git.kernel.org/stable/c/5a82cf64f8ad63caf6bf115642ce44ddbc64311e", "https://git.kernel.org/stable/c/5aa37f9510345a812c0998bcbbc4d88d1dcc4d8b", "https://git.kernel.org/stable/c/f16c6d2e58a4c2b972efcf9eb12390ee0ba3befb", "https://lore.kernel.org/linux-cve-announce/2025061848-CVE-2022-49940-181b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49940", "https://www.cve.org/CVERecord?id=CVE-2022-49940" ], "PublishedDate": "2025-06-18T11:15:20.917Z", "LastModifiedDate": "2025-11-14T19:39:56.137Z" }, { "VulnerabilityID": "CVE-2022-49943", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49943", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f15d610d91efe19d116897fd1b14cf4f0fb8e59cc35b852d459f38a15dedcf80", "Title": "kernel: USB: gadget: Fix obscure lockdep violation for udc_mutex", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: Fix obscure lockdep violation for udc_mutex\n\nA recent commit expanding the scope of the udc_lock mutex in the\ngadget core managed to cause an obscure and slightly bizarre lockdep\nviolation. In abbreviated form:\n\n======================================================\nWARNING: possible circular locking dependency detected\n5.19.0-rc7+ #12510 Not tainted\n------------------------------------------------------\nudevadm/312 is trying to acquire lock:\nffff80000aae1058 (udc_lock){+.+.}-{3:3}, at: usb_udc_uevent+0x54/0xe0\n\nbut task is already holding lock:\nffff000002277548 (kn-\u003eactive#4){++++}-{0:0}, at: kernfs_seq_start+0x34/0xe0\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-\u003e #3 (kn-\u003eactive#4){++++}-{0:0}:\n        lock_acquire+0x68/0x84\n        __kernfs_remove+0x268/0x380\n        kernfs_remove_by_name_ns+0x58/0xac\n        sysfs_remove_file_ns+0x18/0x24\n        device_del+0x15c/0x440\n\n-\u003e #2 (device_links_lock){+.+.}-{3:3}:\n        lock_acquire+0x68/0x84\n        __mutex_lock+0x9c/0x430\n        mutex_lock_nested+0x38/0x64\n        device_link_remove+0x3c/0xa0\n        _regulator_put.part.0+0x168/0x190\n        regulator_put+0x3c/0x54\n        devm_regulator_release+0x14/0x20\n\n-\u003e #1 (regulator_list_mutex){+.+.}-{3:3}:\n        lock_acquire+0x68/0x84\n        __mutex_lock+0x9c/0x430\n        mutex_lock_nested+0x38/0x64\n        regulator_lock_dependent+0x54/0x284\n        regulator_enable+0x34/0x80\n        phy_power_on+0x24/0x130\n        __dwc2_lowlevel_hw_enable+0x100/0x130\n        dwc2_lowlevel_hw_enable+0x18/0x40\n        dwc2_hsotg_udc_start+0x6c/0x2f0\n        gadget_bind_driver+0x124/0x1f4\n\n-\u003e #0 (udc_lock){+.+.}-{3:3}:\n        __lock_acquire+0x1298/0x20cc\n        lock_acquire.part.0+0xe0/0x230\n        lock_acquire+0x68/0x84\n        __mutex_lock+0x9c/0x430\n        mutex_lock_nested+0x38/0x64\n        usb_udc_uevent+0x54/0xe0\n\nEvidently this was caused by the scope of udc_mutex being too large.\nThe mutex is only meant to protect udc-\u003edriver along with a few other\nthings. As far as I can tell, there's no reason for the mutex to be\nheld while the gadget core calls a gadget driver's -\u003ebind or -\u003eunbind\nroutine, or while a UDC is being started or stopped. (This accounts\nfor link #1 in the chain above, where the mutex is held while the\ndwc2_hsotg_udc is started as part of driver probing.)\n\nGadget drivers' -\u003edisconnect callbacks are problematic. Even though\nusb_gadget_disconnect() will now acquire the udc_mutex, there's a\nwindow in usb_gadget_bind_driver() between the times when the mutex is\nreleased and the -\u003ebind callback is invoked. If a disconnect occurred\nduring that window, we could call the driver's -\u003edisconnect routine\nbefore its -\u003ebind routine. To prevent this from happening, it will be\nnecessary to prevent a UDC from connecting while it has no gadget\ndriver. This should be done already but it doesn't seem to be;\ncurrently usb_gadget_connect() has no check for this. Such a check\nwill have to be added later.\n\nSome degree of mutual exclusion is required in soft_connect_store(),\nwhich can dereference udc-\u003edriver at arbitrary times since it is a\nsysfs callback. The solution here is to acquire the gadget's device\nlock rather than the udc_mutex. Since the driver core guarantees that\nthe device lock is always held during driver binding and unbinding,\nthis will make the accesses in soft_connect_store() mutually exclusive\nwith any changes to udc-\u003edriver.\n\nLastly, it turns out there is one place which should hold the\nudc_mutex but currently does not: The function_show() routine needs\nprotection while it dereferences udc-\u003edriver. The missing lock and\nunlock calls are added.", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49943", "https://git.kernel.org/stable/c/1016fc0c096c92dd0e6e0541daac7a7868169903", "https://git.kernel.org/stable/c/1a065e4673cbdd9f222a05f85e17d78ea50c8d9c", "https://lore.kernel.org/linux-cve-announce/2025061807-CVE-2022-49943-7809@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49943", "https://www.cve.org/CVERecord?id=CVE-2022-49943" ], "PublishedDate": "2025-06-18T11:15:21.267Z", "LastModifiedDate": "2025-11-14T19:41:15.223Z" }, { "VulnerabilityID": "CVE-2022-49955", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49955", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:eaca1c5f7ece12423515f9d33bd4d03db40eb4b8cda4e220a5db251f10926fe0", "Title": "kernel: powerpc/rtas: Fix RTAS MSR[HV] handling for Cell", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/rtas: Fix RTAS MSR[HV] handling for Cell\n\nThe semi-recent changes to MSR handling when entering RTAS (firmware)\ncause crashes on IBM Cell machines. An example trace:\n\n kernel tried to execute user page (2fff01a8) - exploit attempt? (uid: 0)\n BUG: Unable to handle kernel instruction fetch\n Faulting instruction address: 0x2fff01a8\n Oops: Kernel access of bad area, sig: 11 [#1]\n BE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=4 NUMA Cell\n Modules linked in:\n CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 6.0.0-rc2-00433-gede0a8d3307a #207\n NIP: 000000002fff01a8 LR: 0000000000032608 CTR: 0000000000000000\n REGS: c0000000015236b0 TRAP: 0400 Tainted: G W (6.0.0-rc2-00433-gede0a8d3307a)\n MSR: 0000000008001002 \u003cME,RI\u003e CR: 00000000 XER: 20000000\n ...\n NIP 0x2fff01a8\n LR 0x32608\n Call Trace:\n 0xc00000000143c5f8 (unreliable)\n .rtas_call+0x224/0x320\n .rtas_get_boot_time+0x70/0x150\n .read_persistent_clock64+0x114/0x140\n .read_persistent_wall_and_boot_offset+0x24/0x80\n .timekeeping_init+0x40/0x29c\n .start_kernel+0x674/0x8f0\n start_here_common+0x1c/0x50\n\nUnlike PAPR platforms where RTAS is only used in guests, on the IBM Cell\nmachines Linux runs with MSR[HV] set but also uses RTAS, provided by\nSLOF.\n\nFix it by copying the MSR[HV] bit from the MSR value we've just read\nusing mfmsr into the value used for RTAS.\n\nIt seems like we could also fix it using an #ifdef CELL to set MSR[HV],\nbut that doesn't work because it's possible to build a single kernel\nimage that runs on both Cell native and pseries.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49955", "https://git.kernel.org/stable/c/8b08d4f97233d8e58fff2fd9d5f86397a49733c5", "https://git.kernel.org/stable/c/91926d8b7e71aaf5f84f0cf208fc5a8b7a761050", "https://lore.kernel.org/linux-cve-announce/2025061811-CVE-2022-49955-500b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49955", "https://www.cve.org/CVERecord?id=CVE-2022-49955" ], "PublishedDate": "2025-06-18T11:15:22.63Z", "LastModifiedDate": "2025-11-14T18:59:35.72Z" }, { "VulnerabilityID": "CVE-2022-49961", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49961", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ab7cfc1cd8dc4d8678beb31e8d885594b5f17356cd7280b27baa28eff37282a7", "Title": "kernel: bpf: Do mark_chain_precision for ARG_CONST_ALLOC_SIZE_OR_ZERO", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Do mark_chain_precision for ARG_CONST_ALLOC_SIZE_OR_ZERO\n\nPrecision markers need to be propagated whenever we have an ARG_CONST_*\nstyle argument, as the verifier cannot consider imprecise scalars to be\nequivalent for the purposes of states_equal check when such arguments\nrefine the return value (in this case, set mem_size for PTR_TO_MEM). The\nresultant mem_size for the R0 is derived from the constant value, and if\nthe verifier incorrectly prunes states considering them equivalent where\nsuch arguments exist (by seeing that both registers have reg-\u003eprecise as\nfalse in regsafe), we can end up with invalid programs passing the\nverifier which can do access beyond what should have been the correct\nmem_size in that explored state.\n\nTo show a concrete example of the problem:\n\n0000000000000000 \u003cprog\u003e:\n 0: r2 = *(u32 *)(r1 + 80)\n 1: r1 = *(u32 *)(r1 + 76)\n 2: r3 = r1\n 3: r3 += 4\n 4: if r3 \u003e r2 goto +18 \u003cLBB5_5\u003e\n 5: w2 = 0\n 6: *(u32 *)(r1 + 0) = r2\n 7: r1 = *(u32 *)(r1 + 0)\n 8: r2 = 1\n 9: if w1 == 0 goto +1 \u003cLBB5_3\u003e\n 10: r2 = -1\n\n0000000000000058 \u003cLBB5_3\u003e:\n 11: r1 = 0 ll\n 13: r3 = 0\n 14: call bpf_ringbuf_reserve\n 15: if r0 == 0 goto +7 \u003cLBB5_5\u003e\n 16: r1 = r0\n 17: r1 += 16777215\n 18: w2 = 0\n 19: *(u8 *)(r1 + 0) = r2\n 20: r1 = r0\n 21: r2 = 0\n 22: call bpf_ringbuf_submit\n\n00000000000000b8 \u003cLBB5_5\u003e:\n 23: w0 = 0\n 24: exit\n\nFor the first case, the single line execution's exploration will prune\nthe search at insn 14 for the branch insn 9's second leg as it will be\nverified first using r2 = -1 (UINT_MAX), while as w1 at insn 9 will\nalways be 0 so at runtime we don't get error for being greater than\nUINT_MAX/4 from bpf_ringbuf_reserve. The verifier during regsafe just\nsees reg-\u003eprecise as false for both r2 registers in both states, hence\nconsiders them equal for purposes of states_equal.\n\nIf we propagated precise markers using the backtracking support, we\nwould use the precise marking to then ensure that old r2 (UINT_MAX) was\nwithin the new r2 (1) and this would never be true, so the verification\nwould rightfully fail.\n\nThe end result is that the out of bounds access at instruction 19 would\nbe permitted without this fix.\n\nNote that reg-\u003eprecise is always set to true when user does not have\nCAP_BPF (or when subprog count is greater than 1 (i.e. use of any static\nor global functions)), hence this is only a problem when precision marks\nneed to be explicitly propagated (i.e. privileged users with CAP_BPF).\n\nA simplified test case has been included in the next patch to prevent\nfuture regressions.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49961", "https://git.kernel.org/stable/c/2459615a8d7f44ac81f0965bc094e55ccb254717", "https://git.kernel.org/stable/c/2fc31465c5373b5ca4edf2e5238558cb62902311", "https://lore.kernel.org/linux-cve-announce/2025061814-CVE-2022-49961-b7fa@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49961", "https://www.cve.org/CVERecord?id=CVE-2022-49961" ], "PublishedDate": "2025-06-18T11:15:23.347Z", "LastModifiedDate": "2025-11-14T18:09:29.983Z" }, { "VulnerabilityID": "CVE-2022-49965", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49965", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:55b8f157f694c884f768e7192859205301d1ce839dcaa2977e74ded5460e0c13", "Title": "kernel: drm/amd/pm: add missing -\u003efini_xxxx interfaces for some SMU13 asics", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: add missing -\u003efini_xxxx interfaces for some SMU13 asics\n\nWithout these, potential memory leak may be induced.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49965", "https://git.kernel.org/stable/c/22a75c616f1971c23838506b14971a4ef4a66bd7", "https://git.kernel.org/stable/c/4bac1c846eff8042dd59ddecd0a43f3b9de5fd23", "https://lore.kernel.org/linux-cve-announce/2025061815-CVE-2022-49965-08f3@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49965", "https://www.cve.org/CVERecord?id=CVE-2022-49965" ], "PublishedDate": "2025-06-18T11:15:23.797Z", "LastModifiedDate": "2025-11-14T18:08:03.373Z" }, { "VulnerabilityID": "CVE-2022-49967", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49967", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1a203f119d8caa0d8a5dde55c144221646bac12a8e9a52733a796b78572e1dcb", "Title": "kernel: bpf: Fix a data-race around bpf_jit_limit.", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a data-race around bpf_jit_limit.\n\nWhile reading bpf_jit_limit, it can be changed concurrently via sysctl,\nWRITE_ONCE() in __do_proc_doulongvec_minmax(). The size of bpf_jit_limit\nis long, so we need to add a paired READ_ONCE() to avoid load-tearing.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49967", "https://git.kernel.org/stable/c/0947ae1121083d363d522ff7518ee72b55bd8d29", "https://git.kernel.org/stable/c/ba632ad0bacb13197a8f38e7526448974e87f292", "https://lore.kernel.org/linux-cve-announce/2025061816-CVE-2022-49967-d167@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49967", "https://www.cve.org/CVERecord?id=CVE-2022-49967" ], "PublishedDate": "2025-06-18T11:15:24.013Z", "LastModifiedDate": "2025-11-14T17:28:43.243Z" }, { "VulnerabilityID": "CVE-2022-49971", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49971", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f6c694472fd69d446c1f48617e50ce388b00a8a519c07f86bf6cbdece9dbeb32", "Title": "kernel: drm/amd/pm: Fix a potential gpu_metrics_table memory leak", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Fix a potential gpu_metrics_table memory leak\n\nMemory is allocated for gpu_metrics_table in\nsmu_v13_0_4_init_smc_tables(), but not freed in\nsmu_v13_0_4_fini_smc_tables(). This may cause memory leaks, fix it.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49971", "https://git.kernel.org/stable/c/4b25bdb54578f3b96ff055e5d27bc1cb82950e51", "https://git.kernel.org/stable/c/5afb76522a0af0513b6dc01f84128a73206b051b", "https://lore.kernel.org/linux-cve-announce/2025061817-CVE-2022-49971-7e9c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49971", "https://www.cve.org/CVERecord?id=CVE-2022-49971" ], "PublishedDate": "2025-06-18T11:15:24.473Z", "LastModifiedDate": "2025-11-13T21:19:52.613Z" }, { "VulnerabilityID": "CVE-2022-49974", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49974", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c4f5a11f68b606aa964319e708bc6f19c5b1b89252f96041e5991df2d3e16c76", "Title": "kernel: HID: nintendo: fix rumble worker null pointer deref", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: nintendo: fix rumble worker null pointer deref\n\nWe can dereference a null pointer trying to queue work to a destroyed\nworkqueue.\n\nIf the device is disconnected, nintendo_hid_remove is called, in which\nthe rumble_queue is destroyed. Avoid using that queue to defer rumble\nwork once the controller state is set to JOYCON_CTLR_STATE_REMOVED.\n\nThis eliminates the null pointer dereference.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49974", "https://git.kernel.org/stable/c/1ff89e06c2e5fab30274e4b02360d4241d6e605e", "https://git.kernel.org/stable/c/7c6e6c334154be16740b44dcd7638fb510b9bd91", "https://lore.kernel.org/linux-cve-announce/2025061818-CVE-2022-49974-86bb@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49974", "https://www.cve.org/CVERecord?id=CVE-2022-49974" ], "PublishedDate": "2025-06-18T11:15:24.783Z", "LastModifiedDate": "2025-11-13T21:27:21.473Z" }, { "VulnerabilityID": "CVE-2022-49980", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49980", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ec1d5cd0b3559b9273e0c17fc70aa3d5375d97581479895ae756b9b5ff3bf231", "Title": "kernel: USB: gadget: Fix use-after-free Read in usb_udc_uevent()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: Fix use-after-free Read in usb_udc_uevent()\n\nThe syzbot fuzzer found a race between uevent callbacks and gadget\ndriver unregistration that can cause a use-after-free bug:\n\n---------------------------------------------------------------\nBUG: KASAN: use-after-free in usb_udc_uevent+0x11f/0x130\ndrivers/usb/gadget/udc/core.c:1732\nRead of size 8 at addr ffff888078ce2050 by task udevd/2968\n\nCPU: 1 PID: 2968 Comm: udevd Not tainted 5.19.0-rc4-next-20220628-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google\n06/29/2022\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:317 [inline]\n print_report.cold+0x2ba/0x719 mm/kasan/report.c:433\n kasan_report+0xbe/0x1f0 mm/kasan/report.c:495\n usb_udc_uevent+0x11f/0x130 drivers/usb/gadget/udc/core.c:1732\n dev_uevent+0x290/0x770 drivers/base/core.c:2424\n---------------------------------------------------------------\n\nThe bug occurs because usb_udc_uevent() dereferences udc-\u003edriver but\ndoes so without acquiring the udc_lock mutex, which protects this\nfield. If the gadget driver is unbound from the udc concurrently with\nuevent processing, the driver structure may be accessed after it has\nbeen deallocated.\n\nTo prevent the race, we make sure that the routine holds the mutex\naround the racing accesses.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49980", "https://git.kernel.org/stable/c/2191c00855b03aa59c20e698be713d952d51fc18", "https://git.kernel.org/stable/c/f44b0b95d50fffeca036e1ba36770390e0b519dd", "https://lore.kernel.org/linux-cve-announce/2025061820-CVE-2022-49980-982c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49980", "https://www.cve.org/CVERecord?id=CVE-2022-49980" ], "PublishedDate": "2025-06-18T11:15:25.48Z", "LastModifiedDate": "2025-11-14T18:15:11.93Z" }, { "VulnerabilityID": "CVE-2022-49997", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-49997", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:03b80409ae4eb82035b5b944117a6df590c340c716e38be1c8745f798f038162", "Title": "kernel: net: lantiq_xrx200: restore buffer if memory allocation failed", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: lantiq_xrx200: restore buffer if memory allocation failed\n\nIn a situation where memory allocation fails, an invalid buffer address\nis stored. When this descriptor is used again, the system panics in the\nbuild_skb() function when accessing memory.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-49997", "https://git.kernel.org/stable/c/3ef2786e32d93e562cd40601248a14ae090de873", "https://git.kernel.org/stable/c/c9c3b1775f80fa21f5bff874027d2ccb10f5d90c", "https://lore.kernel.org/linux-cve-announce/2025061826-CVE-2022-49997-f087@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-49997", "https://www.cve.org/CVERecord?id=CVE-2022-49997" ], "PublishedDate": "2025-06-18T11:15:27.447Z", "LastModifiedDate": "2025-11-14T18:11:19.123Z" }, { "VulnerabilityID": "CVE-2022-50002", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50002", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:534b072e0afcea3974a0a6cd3ab78670718a5dd5a42f6504aa06786f7f860fb8", "Title": "kernel: net/mlx5: LAG, fix logic over MLX5_LAG_FLAG_NDEVS_READY", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: LAG, fix logic over MLX5_LAG_FLAG_NDEVS_READY\n\nOnly set MLX5_LAG_FLAG_NDEVS_READY if both netdevices are registered.\nDoing so guarantees that both ldev-\u003epf[MLX5_LAG_P0].dev and\nldev-\u003epf[MLX5_LAG_P1].dev have valid pointers when\nMLX5_LAG_FLAG_NDEVS_READY is set.\n\nThe core issue is asymmetry in setting MLX5_LAG_FLAG_NDEVS_READY and\nclearing it. Setting it is done wrongly when both\nldev-\u003epf[MLX5_LAG_P0].dev and ldev-\u003epf[MLX5_LAG_P1].dev are set;\nclearing it is done right when either of ldev-\u003epf[i].netdev is cleared.\n\nConsider the following scenario:\n1. PF0 loads and sets ldev-\u003epf[MLX5_LAG_P0].dev to a valid pointer\n2. PF1 loads and sets both ldev-\u003epf[MLX5_LAG_P1].dev and\n ldev-\u003epf[MLX5_LAG_P1].netdev with valid pointers. This results in\n MLX5_LAG_FLAG_NDEVS_READY is set.\n3. PF0 is unloaded before setting dev-\u003epf[MLX5_LAG_P0].netdev.\n MLX5_LAG_FLAG_NDEVS_READY remains set.\n\nFurther execution of mlx5_do_bond() will result in null pointer\ndereference when calling mlx5_lag_is_multipath()\n\nThis patch fixes the following call trace actually encountered:\n\n[ 1293.475195] BUG: kernel NULL pointer dereference, address: 00000000000009a8\n[ 1293.478756] #PF: supervisor read access in kernel mode\n[ 1293.481320] #PF: error_code(0x0000) - not-present page\n[ 1293.483686] PGD 0 P4D 0\n[ 1293.484434] Oops: 0000 [#1] SMP PTI\n[ 1293.485377] CPU: 1 PID: 23690 Comm: kworker/u16:2 Not tainted 5.18.0-rc5_for_upstream_min_debug_2022_05_05_10_13 #1\n[ 1293.488039] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n[ 1293.490836] Workqueue: mlx5_lag mlx5_do_bond_work [mlx5_core]\n[ 1293.492448] RIP: 0010:mlx5_lag_is_multipath+0x5/0x50 [mlx5_core]\n[ 1293.494044] Code: e8 70 40 ff e0 48 8b 14 24 48 83 05 5c 1a 1b 00 01 e9 19 ff ff ff 48 83 05 47 1a 1b 00 01 eb d7 0f 1f 44 00 00 0f 1f 44 00 00 \u003c48\u003e 8b 87 a8 09 00 00 48 85 c0 74 26 48 83 05 a7 1b 1b 00 01 41 b8\n[ 1293.498673] RSP: 0018:ffff88811b2fbe40 EFLAGS: 00010202\n[ 1293.500152] RAX: ffff88818a94e1c0 RBX: ffff888165eca6c0 RCX: 0000000000000000\n[ 1293.501841] RDX: 0000000000000001 RSI: ffff88818a94e1c0 RDI: 0000000000000000\n[ 1293.503585] RBP: 0000000000000000 R08: ffff888119886740 R09: ffff888165eca73c\n[ 1293.505286] R10: 0000000000000018 R11: 0000000000000018 R12: ffff88818a94e1c0\n[ 1293.506979] R13: ffff888112729800 R14: 0000000000000000 R15: ffff888112729858\n[ 1293.508753] FS: 0000000000000000(0000) GS:ffff88852cc40000(0000) knlGS:0000000000000000\n[ 1293.510782] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 1293.512265] CR2: 00000000000009a8 CR3: 00000001032d4002 CR4: 0000000000370ea0\n[ 1293.514001] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 1293.515806] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50002", "https://git.kernel.org/stable/c/4c040acf5744e87a7b3490f9ec8bedd0d15c9f29", "https://git.kernel.org/stable/c/a6e675a66175869b7d87c0e1dd0ddf93e04f8098", "https://lore.kernel.org/linux-cve-announce/2025061828-CVE-2022-50002-9e5f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50002", "https://www.cve.org/CVERecord?id=CVE-2022-50002" ], "PublishedDate": "2025-06-18T11:15:28.063Z", "LastModifiedDate": "2025-11-14T16:05:56.757Z" }, { "VulnerabilityID": "CVE-2022-50009", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50009", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d2353c4d793bc1f65927e00e780fe9ba4f821a40788fd8e45f5b0e6834dfb12e", "Title": "kernel: f2fs: fix null-ptr-deref in f2fs_get_dnode_of_data", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix null-ptr-deref in f2fs_get_dnode_of_data\n\nThere is issue as follows when test f2fs atomic write:\nF2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock\nF2FS-fs (loop0): invalid crc_offset: 0\nF2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.\nF2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.\n==================================================================\nBUG: KASAN: null-ptr-deref in f2fs_get_dnode_of_data+0xac/0x16d0\nRead of size 8 at addr 0000000000000028 by task rep/1990\n\nCPU: 4 PID: 1990 Comm: rep Not tainted 5.19.0-rc6-next-20220715 #266\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x6e/0x91\n print_report.cold+0x49a/0x6bb\n kasan_report+0xa8/0x130\n f2fs_get_dnode_of_data+0xac/0x16d0\n f2fs_do_write_data_page+0x2a5/0x1030\n move_data_page+0x3c5/0xdf0\n do_garbage_collect+0x2015/0x36c0\n f2fs_gc+0x554/0x1d30\n f2fs_balance_fs+0x7f5/0xda0\n f2fs_write_single_data_page+0xb66/0xdc0\n f2fs_write_cache_pages+0x716/0x1420\n f2fs_write_data_pages+0x84f/0x9a0\n do_writepages+0x130/0x3a0\n filemap_fdatawrite_wbc+0x87/0xa0\n file_write_and_wait_range+0x157/0x1c0\n f2fs_do_sync_file+0x206/0x12d0\n f2fs_sync_file+0x99/0xc0\n vfs_fsync_range+0x75/0x140\n f2fs_file_write_iter+0xd7b/0x1850\n vfs_write+0x645/0x780\n ksys_write+0xf1/0x1e0\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nAs 3db1de0e582c commit changed atomic write way which new a cow_inode for\natomic write file, and also mark cow_inode as FI_ATOMIC_FILE.\nWhen f2fs_do_write_data_page write cow_inode will use cow_inode's cow_inode\nwhich is NULL. Then will trigger null-ptr-deref.\nTo solve above issue, introduce FI_COW_FILE flag for COW inode.\n\nFiexes: 3db1de0e582c(\"f2fs: change the current atomic write way\")", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50009", "https://git.kernel.org/stable/c/0f63e33eca6fa29a11c76fa31db5fe1cada5ad6e", "https://git.kernel.org/stable/c/4a2c5b7994960fac29cf8a3f4e62855bae1b27d4", "https://git.kernel.org/stable/c/7000ad53ec1b17bd2fac76984b7b0c663755cbb7", "https://lore.kernel.org/linux-cve-announce/2025061831-CVE-2022-50009-214a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50009", "https://www.cve.org/CVERecord?id=CVE-2022-50009" ], "PublishedDate": "2025-06-18T11:15:28.857Z", "LastModifiedDate": "2025-11-14T16:59:15.58Z" }, { "VulnerabilityID": "CVE-2022-50015", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50015", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:afaccd7ea0b6af6abd1b1a8ff76067965ebea9766e68597390ac93f5067c02b0", "Title": "kernel: ASoC: SOF: Intel: hda-ipc: Do not process IPC reply before firmware boot", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Intel: hda-ipc: Do not process IPC reply before firmware boot\n\nIt is not yet clear, but it is possible to create a firmware so broken\nthat it will send a reply message before a FW_READY message (it is not\nyet clear if FW_READY will arrive later).\nSince the reply_data is allocated only after the FW_READY message, this\nwill lead to a NULL pointer dereference if not filtered out.\n\nThe issue was reported with IPC4 firmware but the same condition is present\nfor IPC3.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50015", "https://git.kernel.org/stable/c/48945246cf802b9866f3a821103f1a7a196baf68", "https://git.kernel.org/stable/c/499cc881b09c8283ab5e75b0d6d21cb427722161", "https://lore.kernel.org/linux-cve-announce/2025061833-CVE-2022-50015-4f7f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50015", "https://www.cve.org/CVERecord?id=CVE-2022-50015" ], "PublishedDate": "2025-06-18T11:15:29.593Z", "LastModifiedDate": "2025-11-14T17:06:49.39Z" }, { "VulnerabilityID": "CVE-2022-50016", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50016", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b30d479d4c4ec7bab189ffe13f150cc5b96613b26e11f126766a48473f0cbb09", "Title": "kernel: ASoC: SOF: Intel: cnl: Do not process IPC reply before firmware boot", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Intel: cnl: Do not process IPC reply before firmware boot\n\nIt is not yet clear, but it is possible to create a firmware so broken\nthat it will send a reply message before a FW_READY message (it is not\nyet clear if FW_READY will arrive later).\nSince the reply_data is allocated only after the FW_READY message, this\nwill lead to a NULL pointer dereference if not filtered out.\n\nThe issue was reported with IPC4 firmware but the same condition is present\nfor IPC3.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50016", "https://git.kernel.org/stable/c/230f646085d17a008b609eb8fe8befb8811868f0", "https://git.kernel.org/stable/c/acacd9eefd0def5a83244d88e5483b5f38ee7287", "https://lore.kernel.org/linux-cve-announce/2025061833-CVE-2022-50016-ec03@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50016", "https://www.cve.org/CVERecord?id=CVE-2022-50016" ], "PublishedDate": "2025-06-18T11:15:29.7Z", "LastModifiedDate": "2025-11-14T17:06:58.53Z" }, { "VulnerabilityID": "CVE-2022-50071", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50071", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:82c56f97ba278543434030ac09c05b9707b2c5507ead161a0d7c151c1bb8cbda", "Title": "kernel: mptcp: move subflow cleanup in mptcp_destroy_common()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: move subflow cleanup in mptcp_destroy_common()\n\nIf the mptcp socket creation fails due to a CGROUP_INET_SOCK_CREATE\neBPF program, the MPTCP protocol ends-up leaking all the subflows:\nthe related cleanup happens in __mptcp_destroy_sock() that is not\ninvoked in such code path.\n\nAddress the issue moving the subflow sockets cleanup in the\nmptcp_destroy_common() helper, which is invoked in every msk cleanup\npath.\n\nAdditionally get rid of the intermediate list_splice_init step, which\nis an unneeded relic from the past.\n\nThe issue is present since before the reported root cause commit, but\nany attempt to backport the fix before that hash will require a complete\nrewrite.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "V3Score": 2.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50071", "https://git.kernel.org/stable/c/6139039c8fc5c9dbcdc3ad389b9a6d0cacb4d693", "https://git.kernel.org/stable/c/c0bf3c6aa444a5ef44acc57ef6cfa53fd4fc1c9b", "https://lore.kernel.org/linux-cve-announce/2025061853-CVE-2022-50071-874c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50071", "https://www.cve.org/CVERecord?id=CVE-2022-50071" ], "PublishedDate": "2025-06-18T11:15:35.95Z", "LastModifiedDate": "2025-11-17T18:15:43.283Z" }, { "VulnerabilityID": "CVE-2022-50073", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50073", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8876f3b6dc406e3458db2e272b9553ea4a45402f03d7f81472e32cbed3c4ad48", "Title": "kernel: net: tap: NULL pointer derefence in dev_parse_header_protocol when skb-\u003edev is null", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tap: NULL pointer derefence in dev_parse_header_protocol when skb-\u003edev is null\n\nFixes a NULL pointer derefence bug triggered from tap driver.\nWhen tap_get_user calls virtio_net_hdr_to_skb the skb-\u003edev is null\n(in tap.c skb-\u003edev is set after the call to virtio_net_hdr_to_skb)\nvirtio_net_hdr_to_skb calls dev_parse_header_protocol which\nneeds skb-\u003edev field to be valid.\n\nThe line that trigers the bug is in dev_parse_header_protocol\n(dev is at offset 0x10 from skb and is stored in RAX register)\n if (!dev-\u003eheader_ops || !dev-\u003eheader_ops-\u003eparse_protocol)\n 22e1: mov 0x10(%rbx),%rax\n 22e5:\t mov 0x230(%rax),%rax\n\nSetting skb-\u003edev before the call in tap.c fixes the issue.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000230\nRIP: 0010:virtio_net_hdr_to_skb.constprop.0+0x335/0x410 [tap]\nCode: c0 0f 85 b7 fd ff ff eb d4 41 39 c6 77 cf 29 c6 48 89 df 44 01 f6 e8 7a 79 83 c1 48 85 c0 0f 85 d9 fd ff ff eb b7 48 8b 43 10 \u003c48\u003e 8b 80 30 02 00 00 48 85 c0 74 55 48 8b 40 28 48 85 c0 74 4c 48\nRSP: 0018:ffffc90005c27c38 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff888298f25300 RCX: 0000000000000010\nRDX: 0000000000000005 RSI: ffffc90005c27cb6 RDI: ffff888298f25300\nRBP: ffffc90005c27c80 R08: 00000000ffffffea R09: 00000000000007e8\nR10: ffff88858ec77458 R11: 0000000000000000 R12: 0000000000000001\nR13: 0000000000000014 R14: ffffc90005c27e08 R15: ffffc90005c27cb6\nFS: 0000000000000000(0000) GS:ffff88858ec40000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000230 CR3: 0000000281408006 CR4: 00000000003706e0\nCall Trace:\n tap_get_user+0x3f1/0x540 [tap]\n tap_sendmsg+0x56/0x362 [tap]\n ? get_tx_bufs+0xc2/0x1e0 [vhost_net]\n handle_tx_copy+0x114/0x670 [vhost_net]\n handle_tx+0xb0/0xe0 [vhost_net]\n handle_tx_kick+0x15/0x20 [vhost_net]\n vhost_worker+0x7b/0xc0 [vhost]\n ? vhost_vring_call_reset+0x40/0x40 [vhost]\n kthread+0xfa/0x120\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x1f/0x30", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50073", "https://git.kernel.org/stable/c/4f61f133f354853bc394ec7d6028adb9b02dd701", "https://git.kernel.org/stable/c/dd29648fcf69339713f2d25f7014ae905dcdfc18", "https://lore.kernel.org/linux-cve-announce/2025061854-CVE-2022-50073-7199@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50073", "https://www.cve.org/CVERecord?id=CVE-2022-50073" ], "PublishedDate": "2025-06-18T11:15:36.173Z", "LastModifiedDate": "2025-11-17T17:59:44.237Z" }, { "VulnerabilityID": "CVE-2022-50090", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50090", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3f5c704a03b5c98ce5c79700465598bee801a2c1da20ce1c458e4884cc049d41", "Title": "kernel: btrfs: replace BTRFS_MAX_EXTENT_SIZE with fs_info-\u003emax_extent_size", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: replace BTRFS_MAX_EXTENT_SIZE with fs_info-\u003emax_extent_size\n\nOn zoned filesystem, data write out is limited by max_zone_append_size,\nand a large ordered extent is split according the size of a bio. OTOH,\nthe number of extents to be written is calculated using\nBTRFS_MAX_EXTENT_SIZE, and that estimated number is used to reserve the\nmetadata bytes to update and/or create the metadata items.\n\nThe metadata reservation is done at e.g, btrfs_buffered_write() and then\nreleased according to the estimation changes. Thus, if the number of extent\nincreases massively, the reserved metadata can run out.\n\nThe increase of the number of extents easily occurs on zoned filesystem\nif BTRFS_MAX_EXTENT_SIZE \u003e max_zone_append_size. And, it causes the\nfollowing warning on a small RAM environment with disabling metadata\nover-commit (in the following patch).\n\n[75721.498492] ------------[ cut here ]------------\n[75721.505624] BTRFS: block rsv 1 returned -28\n[75721.512230] WARNING: CPU: 24 PID: 2327559 at fs/btrfs/block-rsv.c:537 btrfs_use_block_rsv+0x560/0x760 [btrfs]\n[75721.581854] CPU: 24 PID: 2327559 Comm: kworker/u64:10 Kdump: loaded Tainted: G W 5.18.0-rc2-BTRFS-ZNS+ #109\n[75721.597200] Hardware name: Supermicro Super Server/H12SSL-NT, BIOS 2.0 02/22/2021\n[75721.607310] Workqueue: btrfs-endio-write btrfs_work_helper [btrfs]\n[75721.616209] RIP: 0010:btrfs_use_block_rsv+0x560/0x760 [btrfs]\n[75721.646649] RSP: 0018:ffffc9000fbdf3e0 EFLAGS: 00010286\n[75721.654126] RAX: 0000000000000000 RBX: 0000000000004000 RCX: 0000000000000000\n[75721.663524] RDX: 0000000000000004 RSI: 0000000000000008 RDI: fffff52001f7be6e\n[75721.672921] RBP: ffffc9000fbdf420 R08: 0000000000000001 R09: ffff889f8d1fc6c7\n[75721.682493] R10: ffffed13f1a3f8d8 R11: 0000000000000001 R12: ffff88980a3c0e28\n[75721.692284] R13: ffff889b66590000 R14: ffff88980a3c0e40 R15: ffff88980a3c0e8a\n[75721.701878] FS: 0000000000000000(0000) GS:ffff889f8d000000(0000) knlGS:0000000000000000\n[75721.712601] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[75721.720726] CR2: 000055d12e05c018 CR3: 0000800193594000 CR4: 0000000000350ee0\n[75721.730499] Call Trace:\n[75721.735166] \u003cTASK\u003e\n[75721.739886] btrfs_alloc_tree_block+0x1e1/0x1100 [btrfs]\n[75721.747545] ? btrfs_alloc_logged_file_extent+0x550/0x550 [btrfs]\n[75721.756145] ? btrfs_get_32+0xea/0x2d0 [btrfs]\n[75721.762852] ? btrfs_get_32+0xea/0x2d0 [btrfs]\n[75721.769520] ? push_leaf_left+0x420/0x620 [btrfs]\n[75721.776431] ? memcpy+0x4e/0x60\n[75721.781931] split_leaf+0x433/0x12d0 [btrfs]\n[75721.788392] ? btrfs_get_token_32+0x580/0x580 [btrfs]\n[75721.795636] ? push_for_double_split.isra.0+0x420/0x420 [btrfs]\n[75721.803759] ? leaf_space_used+0x15d/0x1a0 [btrfs]\n[75721.811156] btrfs_search_slot+0x1bc3/0x2790 [btrfs]\n[75721.818300] ? lock_downgrade+0x7c0/0x7c0\n[75721.824411] ? free_extent_buffer.part.0+0x107/0x200 [btrfs]\n[75721.832456] ? split_leaf+0x12d0/0x12d0 [btrfs]\n[75721.839149] ? free_extent_buffer.part.0+0x14f/0x200 [btrfs]\n[75721.846945] ? free_extent_buffer+0x13/0x20 [btrfs]\n[75721.853960] ? btrfs_release_path+0x4b/0x190 [btrfs]\n[75721.861429] btrfs_csum_file_blocks+0x85c/0x1500 [btrfs]\n[75721.869313] ? rcu_read_lock_sched_held+0x16/0x80\n[75721.876085] ? lock_release+0x552/0xf80\n[75721.881957] ? btrfs_del_csums+0x8c0/0x8c0 [btrfs]\n[75721.888886] ? __kasan_check_write+0x14/0x20\n[75721.895152] ? do_raw_read_unlock+0x44/0x80\n[75721.901323] ? _raw_write_lock_irq+0x60/0x80\n[75721.907983] ? btrfs_global_root+0xb9/0xe0 [btrfs]\n[75721.915166] ? btrfs_csum_root+0x12b/0x180 [btrfs]\n[75721.921918] ? btrfs_get_global_root+0x820/0x820 [btrfs]\n[75721.929166] ? _raw_write_unlock+0x23/0x40\n[75721.935116] ? unpin_extent_cache+0x1e3/0x390 [btrfs]\n[75721.942041] btrfs_finish_ordered_io.isra.0+0xa0c/0x1dc0 [btrfs]\n[75721.949906] ? try_to_wake_up+0x30/0x14a0\n[75721.955700] ? btrfs_unlink_subvol+0xda0/0xda0 [btrfs]\n[75721.962661] ? rcu\n---truncated---", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50090", "https://git.kernel.org/stable/c/096e8eb9639b342bc35f9b741cf05e26d0106e92", "https://git.kernel.org/stable/c/1aa262c1d056551dd1246115af8b7e351184deae", "https://git.kernel.org/stable/c/6cb4b96df97082a54634ba02196516919cda228c", "https://git.kernel.org/stable/c/f7b12a62f008a3041f42f2426983e59a6a0a3c59", "https://lore.kernel.org/linux-cve-announce/2025061800-CVE-2022-50090-d7bb@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50090", "https://www.cve.org/CVERecord?id=CVE-2022-50090" ], "PublishedDate": "2025-06-18T11:15:38.153Z", "LastModifiedDate": "2025-11-18T02:17:16.44Z" }, { "VulnerabilityID": "CVE-2022-50095", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50095", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:915a0269d0cc3143b233ca9d948813d79bf98b48ebb2b183aae53a80c4c291aa", "Title": "kernel: posix-cpu-timers: Cleanup CPU timers before freeing them during exec", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nposix-cpu-timers: Cleanup CPU timers before freeing them during exec\n\nCommit 55e8c8eb2c7b (\"posix-cpu-timers: Store a reference to a pid not a\ntask\") started looking up tasks by PID when deleting a CPU timer.\n\nWhen a non-leader thread calls execve, it will switch PIDs with the leader\nprocess. Then, as it calls exit_itimers, posix_cpu_timer_del cannot find\nthe task because the timer still points out to the old PID.\n\nThat means that armed timers won't be disarmed, that is, they won't be\nremoved from the timerqueue_list. exit_itimers will still release their\nmemory, and when that list is later processed, it leads to a\nuse-after-free.\n\nClean up the timers from the de-threaded task before freeing them. This\nprevents a reported use-after-free.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50095", "https://git.kernel.org/stable/c/541840859ace9c2ccebc32fa9e376c7bd3def490", "https://git.kernel.org/stable/c/9e255ed238fc67058df87b0388ad6d4b2ef3a2bd", "https://git.kernel.org/stable/c/b2fc1723eb65abb83e00d5f011de670296af0b28", "https://git.kernel.org/stable/c/e362359ace6f87c201531872486ff295df306d13", "https://git.kernel.org/stable/c/e8cb6e8fd9890780f1bfcf5592889e1b879e779c", "https://lore.kernel.org/linux-cve-announce/2025061802-CVE-2022-50095-981c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50095", "https://www.cve.org/CVERecord?id=CVE-2022-50095" ], "PublishedDate": "2025-06-18T11:15:38.74Z", "LastModifiedDate": "2025-11-18T02:45:38.987Z" }, { "VulnerabilityID": "CVE-2022-50116", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50116", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3ce975e4f58f50234269157f4085019b14f939305127e880fedeef98fa5ae5b0", "Title": "kernel: tty: n_gsm: fix deadlock and link starvation in outgoing data path", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: fix deadlock and link starvation in outgoing data path\n\nThe current implementation queues up new control and user packets as needed\nand processes this queue down to the ldisc in the same code path.\nThat means that the upper and the lower layer are hard coupled in the code.\nDue to this deadlocks can happen as seen below while transmitting data,\nespecially during ldisc congestion. Furthermore, the data channels starve\nthe control channel on high transmission load on the ldisc.\n\nIntroduce an additional control channel data queue to prevent timeouts and\nlink hangups during ldisc congestion. This is being processed before the\nuser channel data queue in gsm_data_kick(), i.e. with the highest priority.\nPut the queue to ldisc data path into a workqueue and trigger it whenever\nnew data has been put into the transmission queue. Change\ngsm_dlci_data_sweep() accordingly to fill up the transmission queue until\nTX_THRESH_HI. This solves the locking issue, keeps latency low and provides\ngood performance on high data load.\nNote that now all packets from a DLCI are removed from the internal queue\nif the associated DLCI was closed. This ensures that no data is sent by the\nintroduced write task to an already closed DLCI.\n\nBUG: spinlock recursion on CPU#0, test_v24_loop/124\n lock: serial8250_ports+0x3a8/0x7500, .magic: dead4ead, .owner: test_v24_loop/124, .owner_cpu: 0\nCPU: 0 PID: 124 Comm: test_v24_loop Tainted: G O 5.18.0-rc2 #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x34/0x44\n do_raw_spin_lock+0x76/0xa0\n _raw_spin_lock_irqsave+0x72/0x80\n uart_write_room+0x3b/0xc0\n gsm_data_kick+0x14b/0x240 [n_gsm]\n gsmld_write_wakeup+0x35/0x70 [n_gsm]\n tty_wakeup+0x53/0x60\n tty_port_default_wakeup+0x1b/0x30\n serial8250_tx_chars+0x12f/0x220\n serial8250_handle_irq.part.0+0xfe/0x150\n serial8250_default_handle_irq+0x48/0x80\n serial8250_interrupt+0x56/0xa0\n __handle_irq_event_percpu+0x78/0x1f0\n handle_irq_event+0x34/0x70\n handle_fasteoi_irq+0x90/0x1e0\n __common_interrupt+0x69/0x100\n common_interrupt+0x48/0xc0\n asm_common_interrupt+0x1e/0x40\nRIP: 0010:__do_softirq+0x83/0x34e\nCode: 2a 0a ff 0f b7 ed c7 44 24 10 0a 00 00 00 48 c7 c7 51 2a 64 82 e8 2d\ne2 d5 ff 65 66 c7 05 83 af 1e 7e 00 00 fb b8 ff ff ff ff \u003c49\u003e c7 c2 40 61\n80 82 0f bc c5 41 89 c4 41 83 c4 01 0f 84 e6 00 00\nRSP: 0018:ffffc90000003f98 EFLAGS: 00000286\nRAX: 00000000ffffffff RBX: 0000000000000000 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffffffff82642a51 RDI: ffffffff825bb5e7\nRBP: 0000000000000200 R08: 00000008de3271a8 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000\nR13: 0000000000000030 R14: 0000000000000000 R15: 0000000000000000\n ? __do_softirq+0x73/0x34e\n irq_exit_rcu+0xb5/0x100\n common_interrupt+0xa4/0xc0\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_common_interrupt+0x1e/0x40\nRIP: 0010:_raw_spin_unlock_irqrestore+0x2e/0x50\nCode: 00 55 48 89 fd 48 83 c7 18 53 48 89 f3 48 8b 74 24 10 e8 85 28 36 ff\n48 89 ef e8 cd 58 36 ff 80 e7 02 74 01 fb bf 01 00 00 00 \u003ce8\u003e 3d 97 33 ff\n65 8b 05 96 23 2b 7e 85 c0 74 03 5b 5d c3 0f 1f 44\nRSP: 0018:ffffc9000020fd08 EFLAGS: 00000202\nRAX: 0000000000000000 RBX: 0000000000000246 RCX: 0000000000000000\nRDX: 0000000000000004 RSI: ffffffff8257fd74 RDI: 0000000000000001\nRBP: ffff8880057de3a0 R08: 00000008de233000 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000\nR13: 0000000000000100 R14: 0000000000000202 R15: ffff8880057df0b8\n ? _raw_spin_unlock_irqrestore+0x23/0x50\n gsmtty_write+0x65/0x80 [n_gsm]\n n_tty_write+0x33f/0x530\n ? swake_up_all+0xe0/0xe0\n file_tty_write.constprop.0+0x1b1/0x320\n ? n_tty_flush_buffer+0xb0/0xb0\n new_sync_write+0x10c/0x190\n vfs_write+0x282/0x310\n ksys_write+0x68/0xe0\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7f3e5e35c15c\nCode: 8b 7c 24 08 89 c5 e8 c5 ff ff ff 89 ef 89 44 24\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50116", "https://git.kernel.org/stable/c/0af021678d5d30c31f5a6b631f404ead3575212a", "https://git.kernel.org/stable/c/7962a4b900099cf90e02859bb297f2c618d8d940", "https://git.kernel.org/stable/c/c165698c9919b000bdbe73859d3bb7b33bdb9223", "https://lore.kernel.org/linux-cve-announce/2025061809-CVE-2022-50116-bf10@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50116", "https://www.cve.org/CVERecord?id=CVE-2022-50116" ], "PublishedDate": "2025-06-18T11:15:41.257Z", "LastModifiedDate": "2025-11-18T18:13:48.47Z" }, { "VulnerabilityID": "CVE-2022-50163", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50163", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ce20b3cda795bdb03516412d5c087b9038867e8fd88de7aa655737aef7f07ba1", "Title": "kernel: ax25: fix incorrect dev_tracker usage", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: fix incorrect dev_tracker usage\n\nWhile investigating a separate rose issue [1], and enabling\nCONFIG_NET_DEV_REFCNT_TRACKER=y, Bernard reported an orthogonal ax25 issue [2]\n\nAn ax25_dev can be used by one (or many) struct ax25_cb.\nWe thus need different dev_tracker, one per struct ax25_cb.\n\nAfter this patch is applied, we are able to focus on rose.\n\n[1] https://lore.kernel.org/netdev/fb7544a1-f42e-9254-18cc-c9b071f4ca70@free.fr/\n\n[2]\n[ 205.798723] reference already released.\n[ 205.798732] allocated in:\n[ 205.798734] ax25_bind+0x1a2/0x230 [ax25]\n[ 205.798747] __sys_bind+0xea/0x110\n[ 205.798753] __x64_sys_bind+0x18/0x20\n[ 205.798758] do_syscall_64+0x5c/0x80\n[ 205.798763] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ 205.798768] freed in:\n[ 205.798770] ax25_release+0x115/0x370 [ax25]\n[ 205.798778] __sock_release+0x42/0xb0\n[ 205.798782] sock_close+0x15/0x20\n[ 205.798785] __fput+0x9f/0x260\n[ 205.798789] ____fput+0xe/0x10\n[ 205.798792] task_work_run+0x64/0xa0\n[ 205.798798] exit_to_user_mode_prepare+0x18b/0x190\n[ 205.798804] syscall_exit_to_user_mode+0x26/0x40\n[ 205.798808] do_syscall_64+0x69/0x80\n[ 205.798812] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ 205.798827] ------------[ cut here ]------------\n[ 205.798829] WARNING: CPU: 2 PID: 2605 at lib/ref_tracker.c:136 ref_tracker_free.cold+0x60/0x81\n[ 205.798837] Modules linked in: rose netrom mkiss ax25 rfcomm cmac algif_hash algif_skcipher af_alg bnep snd_hda_codec_hdmi nls_iso8859_1 i915 rtw88_8821ce rtw88_8821c x86_pkg_temp_thermal rtw88_pci intel_powerclamp rtw88_core snd_hda_codec_realtek snd_hda_codec_generic ledtrig_audio coretemp snd_hda_intel kvm_intel snd_intel_dspcfg mac80211 snd_hda_codec kvm i2c_algo_bit drm_buddy drm_dp_helper btusb drm_kms_helper snd_hwdep btrtl snd_hda_core btbcm joydev crct10dif_pclmul btintel crc32_pclmul ghash_clmulni_intel mei_hdcp btmtk intel_rapl_msr aesni_intel bluetooth input_leds snd_pcm crypto_simd syscopyarea processor_thermal_device_pci_legacy sysfillrect cryptd intel_soc_dts_iosf snd_seq sysimgblt ecdh_generic fb_sys_fops rapl libarc4 processor_thermal_device intel_cstate processor_thermal_rfim cec snd_timer ecc snd_seq_device cfg80211 processor_thermal_mbox mei_me processor_thermal_rapl mei rc_core at24 snd intel_pch_thermal intel_rapl_common ttm soundcore int340x_thermal_zone video\n[ 205.798948] mac_hid acpi_pad sch_fq_codel ipmi_devintf ipmi_msghandler drm msr parport_pc ppdev lp parport ramoops pstore_blk reed_solomon pstore_zone efi_pstore ip_tables x_tables autofs4 hid_generic usbhid hid i2c_i801 i2c_smbus r8169 xhci_pci ahci libahci realtek lpc_ich xhci_pci_renesas [last unloaded: ax25]\n[ 205.798992] CPU: 2 PID: 2605 Comm: ax25ipd Not tainted 5.18.11-F6BVP #3\n[ 205.798996] Hardware name: To be filled by O.E.M. To be filled by O.E.M./CK3, BIOS 5.011 09/16/2020\n[ 205.798999] RIP: 0010:ref_tracker_free.cold+0x60/0x81\n[ 205.799005] Code: e8 d2 01 9b ff 83 7b 18 00 74 14 48 c7 c7 2f d7 ff 98 e8 10 6e fc ff 8b 7b 18 e8 b8 01 9b ff 4c 89 ee 4c 89 e7 e8 5d fd 07 00 \u003c0f\u003e 0b b8 ea ff ff ff e9 30 05 9b ff 41 0f b6 f7 48 c7 c7 a0 fa 4e\n[ 205.799008] RSP: 0018:ffffaf5281073958 EFLAGS: 00010286\n[ 205.799011] RAX: 0000000080000000 RBX: ffff9a0bd687ebe0 RCX: 0000000000000000\n[ 205.799014] RDX: 0000000000000001 RSI: 0000000000000282 RDI: 00000000ffffffff\n[ 205.799016] RBP: ffffaf5281073a10 R08: 0000000000000003 R09: fffffffffffd5618\n[ 205.799019] R10: 0000000000ffff10 R11: 000000000000000f R12: ffff9a0bc53384d0\n[ 205.799022] R13: 0000000000000282 R14: 00000000ae000001 R15: 0000000000000001\n[ 205.799024] FS: 0000000000000000(0000) GS:ffff9a0d0f300000(0000) knlGS:0000000000000000\n[ 205.799028] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 205.799031] CR2: 00007ff6b8311554 CR3: 000000001ac10004 CR4: 00000000001706e0\n[ 205.799033] Call Trace:\n[ 205.799035] \u003cTASK\u003e\n[ 205.799038] ? ax25_dev_device_down+0xd9/\n---truncated---", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50163", "https://git.kernel.org/stable/c/4294df1374450912b2f64ee3cf575069fc784679", "https://git.kernel.org/stable/c/d08e3d71e5942f77fbff7f3529ed7fc82fbb3dfa", "https://git.kernel.org/stable/c/d7c4c9e075f8cc6d88d277bc24e5d99297f03c06", "https://lore.kernel.org/linux-cve-announce/2025061826-CVE-2022-50163-1013@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50163", "https://www.cve.org/CVERecord?id=CVE-2022-50163" ], "PublishedDate": "2025-06-18T11:15:46.56Z", "LastModifiedDate": "2025-11-18T21:19:35.34Z" }, { "VulnerabilityID": "CVE-2022-50166", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50166", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:818b3936d2208069cb62d6b9005632bc27a2787ff06921c738cec4d48b4f5b11", "Title": "kernel: Bluetooth: When HCI work queue is drained, only queue chained work", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: When HCI work queue is drained, only queue chained work\n\nThe HCI command, event, and data packet processing workqueue is drained\nto avoid deadlock in commit\n76727c02c1e1 (\"Bluetooth: Call drain_workqueue() before resetting state\").\n\nThere is another delayed work, which will queue command to this drained\nworkqueue. Which results in the following error report:\n\nBluetooth: hci2: command 0x040f tx timeout\nWARNING: CPU: 1 PID: 18374 at kernel/workqueue.c:1438 __queue_work+0xdad/0x1140\nWorkqueue: events hci_cmd_timeout\nRIP: 0010:__queue_work+0xdad/0x1140\nRSP: 0000:ffffc90002cffc60 EFLAGS: 00010093\nRAX: 0000000000000000 RBX: ffff8880b9d3ec00 RCX: 0000000000000000\nRDX: ffff888024ba0000 RSI: ffffffff814e048d RDI: ffff8880b9d3ec08\nRBP: 0000000000000008 R08: 0000000000000000 R09: 00000000b9d39700\nR10: ffffffff814f73c6 R11: 0000000000000000 R12: ffff88807cce4c60\nR13: 0000000000000000 R14: ffff8880796d8800 R15: ffff8880796d8800\nFS: 0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000c0174b4000 CR3: 000000007cae9000 CR4: 00000000003506e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? queue_work_on+0xcb/0x110\n ? lockdep_hardirqs_off+0x90/0xd0\n queue_work_on+0xee/0x110\n process_one_work+0x996/0x1610\n ? pwq_dec_nr_in_flight+0x2a0/0x2a0\n ? rwlock_bug.part.0+0x90/0x90\n ? _raw_spin_lock_irq+0x41/0x50\n worker_thread+0x665/0x1080\n ? process_one_work+0x1610/0x1610\n kthread+0x2e9/0x3a0\n ? kthread_complete_and_exit+0x40/0x40\n ret_from_fork+0x1f/0x30\n \u003c/TASK\u003e\n\nTo fix this, we can add a new HCI_DRAIN_WQ flag, and don't queue the\ntimeout workqueue while command workqueue is draining.", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50166", "https://git.kernel.org/stable/c/3b382555706558f5c0587862b6dc03e96a252bba", "https://git.kernel.org/stable/c/4bf367fa1fefabdf14938d0ac9ed60020389112e", "https://git.kernel.org/stable/c/877afadad2dce8aae1f2aad8ce47e072d4f6165e", "https://lore.kernel.org/linux-cve-announce/2025061827-CVE-2022-50166-5ecc@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50166", "https://www.cve.org/CVERecord?id=CVE-2022-50166" ], "PublishedDate": "2025-06-18T11:15:46.907Z", "LastModifiedDate": "2025-11-17T19:48:18.647Z" }, { "VulnerabilityID": "CVE-2022-50167", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50167", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:bb8c47384ea93fd72a11cff7f93d671235dc912347c7769f222a02519a1b2b29", "Title": "kernel: bpf: fix potential 32-bit overflow when accessing ARRAY map element", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: fix potential 32-bit overflow when accessing ARRAY map element\n\nIf BPF array map is bigger than 4GB, element pointer calculation can\noverflow because both index and elem_size are u32. Fix this everywhere\nby forcing 64-bit multiplication. Extract this formula into separate\nsmall helper and use it consistently in various places.\n\nSpeculative-preventing formula utilizing index_mask trick is left as is,\nbut explicit u64 casts are added in both places.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50167", "https://git.kernel.org/stable/c/063e092534d4c6785228e5b1eb6e9329f66ccbe4", "https://git.kernel.org/stable/c/3c7256b880b3a5aa1895fd169a34aa4224a11862", "https://git.kernel.org/stable/c/87ac0d600943994444e24382a87aa19acc4cd3d4", "https://lore.kernel.org/linux-cve-announce/2025061827-CVE-2022-50167-e4bf@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50167", "https://www.cve.org/CVERecord?id=CVE-2022-50167" ], "PublishedDate": "2025-06-18T11:15:47.01Z", "LastModifiedDate": "2025-11-17T19:48:41.02Z" }, { "VulnerabilityID": "CVE-2022-50178", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50178", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3eed04745992751c1f92c2507c48786fc9d5bcd9a682e35aafb67eaebe6d668f", "Title": "kernel: wifi: rtw89: 8852a: rfk: fix div 0 exception", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: 8852a: rfk: fix div 0 exception\n\nThe DPK is a kind of RF calibration whose algorithm is to fine tune\nparameters and calibrate, and check the result. If the result isn't good\nenough, it could adjust parameters and try again.\n\nThis issue is to read and show the result, but it could be a negative\ncalibration result that causes divisor 0 and core dump. So, fix it by\nphy_div() that does division only if divisor isn't zero; otherwise,\nzero is adopted.\n\n divide error: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 1 PID: 728 Comm: wpa_supplicant Not tainted 5.10.114-16019-g462a1661811a #1 \u003cHASH:d024 28\u003e\n RIP: 0010:rtw8852a_dpk+0x14ae/0x288f [rtw89_core]\n RSP: 0018:ffffa9bb412a7520 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: 00000000000180fc RDI: ffffa141d01023c0\n RBP: ffffa9bb412a76a0 R08: 0000000000001319 R09: 00000000ffffff92\n R10: ffffffffc0292de3 R11: ffffffffc00d2f51 R12: 0000000000000000\n R13: ffffa141d01023c0 R14: ffffffffc0290250 R15: ffffa141d0102638\n FS: 00007fa99f5c2740(0000) GS:ffffa142e5e80000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000013e8e010 CR3: 0000000110d2c000 CR4: 0000000000750ee0\n PKRU: 55555554\n Call Trace:\n rtw89_core_sta_add+0x95/0x9c [rtw89_core \u003cHASH:d239 29\u003e]\n rtw89_ops_sta_state+0x5d/0x108 [rtw89_core \u003cHASH:d239 29\u003e]\n drv_sta_state+0x115/0x66f [mac80211 \u003cHASH:81fe 30\u003e]\n sta_info_insert_rcu+0x45c/0x713 [mac80211 \u003cHASH:81fe 30\u003e]\n sta_info_insert+0xf/0x1b [mac80211 \u003cHASH:81fe 30\u003e]\n ieee80211_prep_connection+0x9d6/0xb0c [mac80211 \u003cHASH:81fe 30\u003e]\n ieee80211_mgd_auth+0x2aa/0x352 [mac80211 \u003cHASH:81fe 30\u003e]\n cfg80211_mlme_auth+0x160/0x1f6 [cfg80211 \u003cHASH:00cd 31\u003e]\n nl80211_authenticate+0x2e5/0x306 [cfg80211 \u003cHASH:00cd 31\u003e]\n genl_rcv_msg+0x371/0x3a1\n ? nl80211_stop_sched_scan+0xe5/0xe5 [cfg80211 \u003cHASH:00cd 31\u003e]\n ? genl_rcv+0x36/0x36\n netlink_rcv_skb+0x8a/0xf9\n genl_rcv+0x28/0x36\n netlink_unicast+0x27b/0x3a0\n netlink_sendmsg+0x2aa/0x469\n sock_sendmsg_nosec+0x49/0x4d\n ____sys_sendmsg+0xe5/0x213\n __sys_sendmsg+0xec/0x157\n ? syscall_enter_from_user_mode+0xd7/0x116\n do_syscall_64+0x43/0x55\n entry_SYSCALL_64_after_hwframe+0x44/0xa9\n RIP: 0033:0x7fa99f6e689b", "Severity": "MEDIUM", "CweIDs": [ "CWE-369" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50178", "https://git.kernel.org/stable/c/065e83ac83c0c0e615b96947145c85c4bd76c09a", "https://git.kernel.org/stable/c/5abc81a138f873ab55223ec674afc3a3f945d60f", "https://git.kernel.org/stable/c/683a4647a7a3044868cfdc14c117525091b9fa0c", "https://lore.kernel.org/linux-cve-announce/2025061831-CVE-2022-50178-52a0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50178", "https://www.cve.org/CVERecord?id=CVE-2022-50178" ], "PublishedDate": "2025-06-18T11:15:48.217Z", "LastModifiedDate": "2025-11-28T14:51:56.25Z" }, { "VulnerabilityID": "CVE-2022-50195", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50195", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9d1d83aff39c7d8a789cf02523ef46996d5151f89be72ebf0d8ef802d2397cef", "Title": "kernel: ARM: dts: qcom: replace gcc PXO with pxo_board fixed clock", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: dts: qcom: replace gcc PXO with pxo_board fixed clock\n\nReplace gcc PXO phandle to pxo_board fixed clock declared in the dts.\ngcc driver doesn't provide PXO_SRC as it's a fixed-clock. This cause a\nkernel panic if any driver actually try to use it.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50195", "https://git.kernel.org/stable/c/0a4fa4ce697987b71eafce17bb198961ed9070bd", "https://git.kernel.org/stable/c/eb9e93937756a05787977875830c0dc482cb57e0", "https://lore.kernel.org/linux-cve-announce/2025061838-CVE-2022-50195-c685@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50195", "https://www.cve.org/CVERecord?id=CVE-2022-50195" ], "PublishedDate": "2025-06-18T11:15:50.14Z", "LastModifiedDate": "2025-11-19T12:48:34.587Z" }, { "VulnerabilityID": "CVE-2022-50212", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50212", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ffd1cb2f6100a3f0d3290db9b956efd8210c8c7c2b93c719785aebe82b1d99db", "Title": "kernel: netfilter: nf_tables: do not allow CHAIN_ID to refer to another table", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: do not allow CHAIN_ID to refer to another table\n\nWhen doing lookups for chains on the same batch by using its ID, a chain\nfrom a different table can be used. If a rule is added to a table but\nrefers to a chain in a different table, it will be linked to the chain in\ntable2, but would have expressions referring to objects in table1.\n\nThen, when table1 is removed, the rule will not be removed as its linked to\na chain in table2. When expressions in the rule are processed or removed,\nthat will lead to a use-after-free.\n\nWhen looking for chains by ID, use the table that was used for the lookup\nby name, and only return chains belonging to that same table.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50212", "https://git.kernel.org/stable/c/0f49613a213d918af790c1276f79da741968de11", "https://git.kernel.org/stable/c/58e863f64ee3d0879297e5e53b646e4b91e59620", "https://git.kernel.org/stable/c/91501513016903077f91033fa5d2aa26cac399b2", "https://git.kernel.org/stable/c/95f466d22364a33d183509629d0879885b4f547e", "https://git.kernel.org/stable/c/9e7dcb88ec8e85e4a8ad0ea494ea2f90f32d2583", "https://lore.kernel.org/linux-cve-announce/2025061844-CVE-2022-50212-1ff1@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50212", "https://www.cve.org/CVERecord?id=CVE-2022-50212" ], "PublishedDate": "2025-06-18T11:15:52.087Z", "LastModifiedDate": "2025-11-19T13:00:22.187Z" }, { "VulnerabilityID": "CVE-2022-50213", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50213", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c25799f00f9b50d217f1383a3f2b47844987ddb7fee57f585c5174d83149ecd6", "Title": "kernel: netfilter: nf_tables: do not allow SET_ID to refer to another table", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: do not allow SET_ID to refer to another table\n\nWhen doing lookups for sets on the same batch by using its ID, a set from a\ndifferent table can be used.\n\nThen, when the table is removed, a reference to the set may be kept after\nthe set is freed, leading to a potential use-after-free.\n\nWhen looking for sets by ID, use the table that was used for the lookup by\nname, and only return sets belonging to that same table.\n\nThis fixes CVE-2022-2586, also reported as ZDI-CAN-17470.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50213", "https://git.kernel.org/stable/c/0d07039397527361850c554c192e749cfc879ea9", "https://git.kernel.org/stable/c/1a4b18b1ff11ba26f9a852019d674fde9d1d1cff", "https://git.kernel.org/stable/c/470ee20e069a6d05ae549f7d0ef2bdbcee6a81b2", "https://git.kernel.org/stable/c/77d3b5038b7462318f5183e2ad704b01d57215a2", "https://git.kernel.org/stable/c/f4fa03410f7c5f5bd8f90e9c11e9a8c4b526ff6f", "https://git.kernel.org/stable/c/faafd9286f1355c76fe9ac3021c280297213330e", "https://git.kernel.org/stable/c/fab2f61cc3b0e441b1749f017cfee75f9bbaded7", "https://lore.kernel.org/linux-cve-announce/2025061844-CVE-2022-50213-bc19@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50213", "https://www.cve.org/CVERecord?id=CVE-2022-50213" ], "PublishedDate": "2025-06-18T11:15:52.197Z", "LastModifiedDate": "2025-11-19T13:00:13.527Z" }, { "VulnerabilityID": "CVE-2022-50224", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50224", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3ada891dff965c59643dbd7e088e6a26f891791af07d6aee6039b23726fd4240", "Title": "kernel: KVM: x86/mmu: Treat NX as a valid SPTE bit for NPT", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86/mmu: Treat NX as a valid SPTE bit for NPT\n\nTreat the NX bit as valid when using NPT, as KVM will set the NX bit when\nthe NX huge page mitigation is enabled (mindblowing) and trigger the WARN\nthat fires on reserved SPTE bits being set.\n\nKVM has required NX support for SVM since commit b26a71a1a5b9 (\"KVM: SVM:\nRefuse to load kvm_amd if NX support is not available\") for exactly this\nreason, but apparently it never occurred to anyone to actually test NPT\nwith the mitigation enabled.\n\n ------------[ cut here ]------------\n spte = 0x800000018a600ee7, level = 2, rsvd bits = 0x800f0000001fe000\n WARNING: CPU: 152 PID: 15966 at arch/x86/kvm/mmu/spte.c:215 make_spte+0x327/0x340 [kvm]\n Hardware name: Google, Inc. Arcadia_IT_80/Arcadia_IT_80, BIOS 10.48.0 01/27/2022\n RIP: 0010:make_spte+0x327/0x340 [kvm]\n Call Trace:\n \u003cTASK\u003e\n tdp_mmu_map_handle_target_level+0xc3/0x230 [kvm]\n kvm_tdp_mmu_map+0x343/0x3b0 [kvm]\n direct_page_fault+0x1ae/0x2a0 [kvm]\n kvm_tdp_page_fault+0x7d/0x90 [kvm]\n kvm_mmu_page_fault+0xfb/0x2e0 [kvm]\n npf_interception+0x55/0x90 [kvm_amd]\n svm_invoke_exit_handler+0x31/0xf0 [kvm_amd]\n svm_handle_exit+0xf6/0x1d0 [kvm_amd]\n vcpu_enter_guest+0xb6d/0xee0 [kvm]\n ? kvm_pmu_trigger_event+0x6d/0x230 [kvm]\n vcpu_run+0x65/0x2c0 [kvm]\n kvm_arch_vcpu_ioctl_run+0x355/0x610 [kvm]\n kvm_vcpu_ioctl+0x551/0x610 [kvm]\n __se_sys_ioctl+0x77/0xc0\n __x64_sys_ioctl+0x1d/0x20\n do_syscall_64+0x44/0xa0\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50224", "https://git.kernel.org/stable/c/6271f2854b9233702e236e576b885a876dde4889", "https://git.kernel.org/stable/c/6c6ab524cfae0799e55c82b2c1d61f1af0156f8d", "https://lore.kernel.org/linux-cve-announce/2025061848-CVE-2022-50224-7549@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50224", "https://www.cve.org/CVERecord?id=CVE-2022-50224" ], "PublishedDate": "2025-06-18T11:15:53.41Z", "LastModifiedDate": "2025-11-19T12:58:27.033Z" }, { "VulnerabilityID": "CVE-2022-50230", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50230", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0b48e327fecb9b1112c8838da78dfba04118d8dd482b634b7b9a5e8aa5366e49", "Title": "kernel: arm64: set UXN on swapper page tables", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: set UXN on swapper page tables\n\n[ This issue was fixed upstream by accident in c3cee924bd85 (\"arm64:\n head: cover entire kernel image in initial ID map\") as part of a\n large refactoring of the arm64 boot flow. This simple fix is therefore\n preferred for -stable backporting ]\n\nOn a system that implements FEAT_EPAN, read/write access to the idmap\nis denied because UXN is not set on the swapper PTEs. As a result,\nidmap_kpti_install_ng_mappings panics the kernel when accessing\n__idmap_kpti_flag. Fix it by setting UXN on these PTEs.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50230", "https://git.kernel.org/stable/c/9283e708a9b8529e7aafac9ab5c5c79a9fab8846", "https://git.kernel.org/stable/c/c3cee924bd855184d15bc4aa6088dcf8e2c1394c", "https://lore.kernel.org/linux-cve-announce/2025061850-CVE-2022-50230-034a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50230", "https://www.cve.org/CVERecord?id=CVE-2022-50230" ], "PublishedDate": "2025-06-18T11:15:54.083Z", "LastModifiedDate": "2025-11-19T12:57:34.46Z" }, { "VulnerabilityID": "CVE-2022-50232", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50232", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3ecc814f3f4896ea8ef63531beb847e30e2942adad24e60f3481c50811654424", "Title": "kernel: arm64: set UXN on swapper page tables", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: set UXN on swapper page tables\n\n[ This issue was fixed upstream by accident in c3cee924bd85 (\"arm64:\n head: cover entire kernel image in initial ID map\") as part of a\n large refactoring of the arm64 boot flow. This simple fix is therefore\n preferred for -stable backporting ]\n\nOn a system that implements FEAT_EPAN, read/write access to the idmap\nis denied because UXN is not set on the swapper PTEs. As a result,\nidmap_kpti_install_ng_mappings panics the kernel when accessing\n__idmap_kpti_flag. Fix it by setting UXN on these PTEs.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50232", "https://git.kernel.org/stable/c/775871d4be0d75e219cca937af843a4a1b60489a", "https://git.kernel.org/stable/c/c3cee924bd855184d15bc4aa6088dcf8e2c1394c", "https://lore.kernel.org/linux-cve-announce/2025061851-CVE-2022-50232-373d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50232", "https://www.cve.org/CVERecord?id=CVE-2022-50232" ], "PublishedDate": "2025-06-18T11:15:54.297Z", "LastModifiedDate": "2025-11-19T12:57:15.41Z" }, { "VulnerabilityID": "CVE-2022-50234", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50234", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:08b11c647f939110be1399c6ddefea74d28b5d413494ec9bcd9bbf276289f6b8", "Title": "kernel: Linux kernel: Denial of Service due to improper io_uring/af_unix file cleanup", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/af_unix: defer registered files gc to io_uring release\n\nInstead of putting io_uring's registered files in unix_gc() we want it\nto be done by io_uring itself. The trick here is to consider io_uring\nregistered files for cycle detection but not actually putting them down.\nBecause io_uring can't register other ring instances, this will remove\nall refs to the ring file triggering the -\u003erelease path and clean up\nwith io_ring_ctx_free().\n\n[axboe: add kerneldoc comment to skb, fold in skb leak fix]", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50234", "https://git.kernel.org/linus/0091bfc81741b8d3aeb3b7ab8636f911b2de6e80 (6.1-rc1)", "https://git.kernel.org/stable/c/0091bfc81741b8d3aeb3b7ab8636f911b2de6e80", "https://git.kernel.org/stable/c/04df9719df1865f6770af9bc7880874af0e594b2", "https://git.kernel.org/stable/c/75e94c7e8859e58aadc15a98cc9704edff47d4f2", "https://git.kernel.org/stable/c/813d8fe5d30388f73a21d3a2bf46b0a1fd72498c", "https://git.kernel.org/stable/c/b4293c01ee0d0ecdd3cb5801e13f62271144667a", "https://git.kernel.org/stable/c/c378c479c5175833bb22ff71974cda47d7b05401", "https://lore.kernel.org/linux-cve-announce/2025091545-CVE-2022-50234-bd01@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50234", "https://www.cve.org/CVERecord?id=CVE-2022-50234" ], "PublishedDate": "2025-09-15T14:15:33.727Z", "LastModifiedDate": "2025-11-24T17:46:10.13Z" }, { "VulnerabilityID": "CVE-2022-50236", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50236", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:dee620d1a730bf5af5b042bae016d9abbeb24ae0b4df4d2ef105236956545df4", "Title": "kernel: iommu/mediatek: Fix crash on isr after kexec()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/mediatek: Fix crash on isr after kexec()\n\nIf the system is rebooted via isr(), the IRQ handler might\nbe triggered before the domain is initialized. Resulting on\nan invalid memory access error.\n\nFix:\n[ 0.500930] Unable to handle kernel read from unreadable memory at virtual address 0000000000000070\n[ 0.501166] Call trace:\n[ 0.501174] report_iommu_fault+0x28/0xfc\n[ 0.501180] mtk_iommu_isr+0x10c/0x1c0\n\n[ joro: Fixed spelling in commit message ]", "Severity": "MEDIUM", "CweIDs": [ "CWE-908" ], "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50236", "https://git.kernel.org/linus/00ef8885a945c37551547d8ac8361cacd20c4e42 (6.2-rc1)", "https://git.kernel.org/stable/c/00ef8885a945c37551547d8ac8361cacd20c4e42", "https://git.kernel.org/stable/c/85cc8a187f2de7a91e2cea522e9406fa12999269", "https://git.kernel.org/stable/c/f13acee780cedb3e06a6dadf64d9104cccd2b9fc", "https://lore.kernel.org/linux-cve-announce/2025091547-CVE-2022-50236-dc41@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50236", "https://www.cve.org/CVERecord?id=CVE-2022-50236" ], "PublishedDate": "2025-09-15T14:15:34.003Z", "LastModifiedDate": "2025-11-24T17:35:33.767Z" }, { "VulnerabilityID": "CVE-2022-50240", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50240", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a61accefd26d8bd521c44dbc77f6c03cd0936e9438350d26f59e1b998f2d3afa", "Title": "kernel: binder: fix UAF of alloc-\u003evma in race with munmap()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nandroid: binder: stop saving a pointer to the VMA\n\nDo not record a pointer to a VMA outside of the mmap_lock for later use. \nThis is unsafe and there are a number of failure paths *after* the\nrecorded VMA pointer may be freed during setup. There is no callback to\nthe driver to clear the saved pointer from generic mm code. Furthermore,\nthe VMA pointer may become stale if any number of VMA operations end up\nfreeing the VMA so saving it was fragile to being with.\n\nInstead, change the binder_alloc struct to record the start address of the\nVMA and use vma_lookup() to get the vma when needed. Add lockdep\nmmap_lock checks on updates to the vma pointer to ensure the lock is held\nand depend on that lock for synchronization of readers and writers - which\nwas already the case anyways, so the smp_wmb()/smp_rmb() was not\nnecessary.\n\n[akpm@linux-foundation.org: fix drivers/android/binder_alloc_selftest.c]", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "nvd": 3, "photon": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50240", "https://git.kernel.org/linus/015ac18be7de25d17d6e5f1643cb3b60bfbe859e (5.10.154)", "https://git.kernel.org/stable/c/015ac18be7de25d17d6e5f1643cb3b60bfbe859e", "https://git.kernel.org/stable/c/1ec3f76a436d750fd5023caec5da0494fc2870d2", "https://git.kernel.org/stable/c/27a594bc7a7c8238d239e3cdbcf2edfa3bbe9a1b", "https://git.kernel.org/stable/c/622ef885a89ad04cfb76ee478fb44f051125d1f1", "https://git.kernel.org/stable/c/925e6b6f82c9c80ab3c17acbde8d16f349da7d26", "https://git.kernel.org/stable/c/a43cfc87caaf46710c8027a8c23b8a55f1078f19", "https://lore.kernel.org/linux-cve-announce/2025091547-CVE-2022-50240-6e40@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50240", "https://www.cve.org/CVERecord?id=CVE-2022-50240" ], "PublishedDate": "2025-09-15T14:15:34.25Z", "LastModifiedDate": "2025-11-24T17:25:46.107Z" }, { "VulnerabilityID": "CVE-2022-50256", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50256", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:cdcfdc4927940e2343e34fc5c77b738dce2c0714f918c56afe84bafe8100609d", "Title": "kernel: drm/meson: remove drm bridges at aggregate driver unbind time", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/meson: remove drm bridges at aggregate driver unbind time\n\ndrm bridges added by meson_encoder_hdmi_init and meson_encoder_cvbs_init\nwere not manually removed at module unload time, which caused dangling\nreferences to freed memory to remain linked in the global bridge_list.\n\nWhen loading the driver modules back in, the same functions would again\ncall drm_bridge_add, and when traversing the global bridge_list, would\nend up peeking into freed memory.\n\nOnce again KASAN revealed the problem:\n\n[ +0.000095] =============================================================\n[ +0.000008] BUG: KASAN: use-after-free in __list_add_valid+0x9c/0x120\n[ +0.000018] Read of size 8 at addr ffff00003da291f0 by task modprobe/2483\n\n[ +0.000018] CPU: 3 PID: 2483 Comm: modprobe Tainted: G C O 5.19.0-rc6-lrmbkasan+ #1\n[ +0.000011] Hardware name: Hardkernel ODROID-N2Plus (DT)\n[ +0.000008] Call trace:\n[ +0.000006] dump_backtrace+0x1ec/0x280\n[ +0.000012] show_stack+0x24/0x80\n[ +0.000008] dump_stack_lvl+0x98/0xd4\n[ +0.000011] print_address_description.constprop.0+0x80/0x520\n[ +0.000011] print_report+0x128/0x260\n[ +0.000008] kasan_report+0xb8/0xfc\n[ +0.000008] __asan_report_load8_noabort+0x3c/0x50\n[ +0.000009] __list_add_valid+0x9c/0x120\n[ +0.000009] drm_bridge_add+0x6c/0x104 [drm]\n[ +0.000165] dw_hdmi_probe+0x1900/0x2360 [dw_hdmi]\n[ +0.000022] meson_dw_hdmi_bind+0x520/0x814 [meson_dw_hdmi]\n[ +0.000014] component_bind+0x174/0x520\n[ +0.000012] component_bind_all+0x1a8/0x38c\n[ +0.000010] meson_drv_bind_master+0x5e8/0xb74 [meson_drm]\n[ +0.000032] meson_drv_bind+0x20/0x2c [meson_drm]\n[ +0.000027] try_to_bring_up_aggregate_device+0x19c/0x390\n[ +0.000010] component_master_add_with_match+0x1c8/0x284\n[ +0.000009] meson_drv_probe+0x274/0x280 [meson_drm]\n[ +0.000026] platform_probe+0xd0/0x220\n[ +0.000009] really_probe+0x3ac/0xa80\n[ +0.000009] __driver_probe_device+0x1f8/0x400\n[ +0.000009] driver_probe_device+0x68/0x1b0\n[ +0.000009] __driver_attach+0x20c/0x480\n[ +0.000008] bus_for_each_dev+0x114/0x1b0\n[ +0.000009] driver_attach+0x48/0x64\n[ +0.000008] bus_add_driver+0x390/0x564\n[ +0.000009] driver_register+0x1a8/0x3e4\n[ +0.000009] __platform_driver_register+0x6c/0x94\n[ +0.000008] meson_drm_platform_driver_init+0x3c/0x1000 [meson_drm]\n[ +0.000027] do_one_initcall+0xc4/0x2b0\n[ +0.000011] do_init_module+0x154/0x570\n[ +0.000011] load_module+0x1a78/0x1ea4\n[ +0.000008] __do_sys_init_module+0x184/0x1cc\n[ +0.000009] __arm64_sys_init_module+0x78/0xb0\n[ +0.000009] invoke_syscall+0x74/0x260\n[ +0.000009] el0_svc_common.constprop.0+0xcc/0x260\n[ +0.000008] do_el0_svc+0x50/0x70\n[ +0.000007] el0_svc+0x68/0x1a0\n[ +0.000012] el0t_64_sync_handler+0x11c/0x150\n[ +0.000008] el0t_64_sync+0x18c/0x190\n\n[ +0.000016] Allocated by task 879:\n[ +0.000008] kasan_save_stack+0x2c/0x5c\n[ +0.000011] __kasan_kmalloc+0x90/0xd0\n[ +0.000007] __kmalloc+0x278/0x4a0\n[ +0.000011] mpi_resize+0x13c/0x1d0\n[ +0.000011] mpi_powm+0xd24/0x1570\n[ +0.000009] rsa_enc+0x1a4/0x30c\n[ +0.000009] pkcs1pad_verify+0x3f0/0x580\n[ +0.000009] public_key_verify_signature+0x7a8/0xba4\n[ +0.000010] public_key_verify_signature_2+0x40/0x60\n[ +0.000008] verify_signature+0xb4/0x114\n[ +0.000008] pkcs7_validate_trust_one.constprop.0+0x3b8/0x574\n[ +0.000009] pkcs7_validate_trust+0xb8/0x15c\n[ +0.000008] verify_pkcs7_message_sig+0xec/0x1b0\n[ +0.000012] verify_pkcs7_signature+0x78/0xac\n[ +0.000007] mod_verify_sig+0x110/0x190\n[ +0.000009] module_sig_check+0x114/0x1e0\n[ +0.000009] load_module+0xa0/0x1ea4\n[ +0.000008] __do_sys_init_module+0x184/0x1cc\n[ +0.000008] __arm64_sys_init_module+0x78/0xb0\n[ +0.000008] invoke_syscall+0x74/0x260\n[ +0.000009] el0_svc_common.constprop.0+0x1a8/0x260\n[ +0.000008] do_el0_svc+0x50/0x70\n[ +0.000007] el0_svc+0x68/0x1a0\n[ +0.000009] el0t_64_sync_handler+0x11c/0x150\n[ +0.000009] el0t_64\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50256", "https://git.kernel.org/linus/09847723c12fc2753749cec3939a02ee92dac468 (6.1-rc1)", "https://git.kernel.org/stable/c/09847723c12fc2753749cec3939a02ee92dac468", "https://git.kernel.org/stable/c/de2b6ebe0cb7746b5b6b35d79e150d934392b958", "https://git.kernel.org/stable/c/fc1fd114dde3d2623ac37676df3d74ffeedb0da8", "https://lore.kernel.org/linux-cve-announce/2025091550-CVE-2022-50256-069f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50256", "https://www.cve.org/CVERecord?id=CVE-2022-50256" ], "PublishedDate": "2025-09-15T14:15:36.363Z", "LastModifiedDate": "2025-11-25T16:52:25.453Z" }, { "VulnerabilityID": "CVE-2022-50260", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50260", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a6ff3a65ea1b68096526a479456ec7b67c9bd32bce74ac96077f6600d557e3da", "Title": "kernel: drm/msm: Make .remove and .shutdown HW shutdown consistent", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: Make .remove and .shutdown HW shutdown consistent\n\nDrivers' .remove and .shutdown callbacks are executed on different code\npaths. The former is called when a device is removed from the bus, while\nthe latter is called at system shutdown time to quiesce the device.\n\nThis means that some overlap exists between the two, because both have to\ntake care of properly shutting down the hardware. But currently the logic\nused in these two callbacks isn't consistent in msm drivers, which could\nlead to kernel panic.\n\nFor example, on .remove the component is deleted and its .unbind callback\nleads to the hardware being shutdown but only if the DRM device has been\nmarked as registered.\n\nThat check doesn't exist in the .shutdown logic and this can lead to the\ndriver calling drm_atomic_helper_shutdown() for a DRM device that hasn't\nbeen properly initialized.\n\nA situation like this can happen if drivers for expected sub-devices fail\nto probe, since the .bind callback will never be executed. If that is the\ncase, drm_atomic_helper_shutdown() will attempt to take mutexes that are\nonly initialized if drm_mode_config_init() is called during a device bind.\n\nThis bug was attempted to be fixed in commit 623f279c7781 (\"drm/msm: fix\nshutdown hook in case GPU components failed to bind\"), but unfortunately\nit still happens in some cases as the one mentioned above, i.e:\n\n systemd-shutdown[1]: Powering off.\n kvm: exiting hardware virtualization\n platform wifi-firmware.0: Removing from iommu group 12\n platform video-firmware.0: Removing from iommu group 10\n ------------[ cut here ]------------\n WARNING: CPU: 6 PID: 1 at drivers/gpu/drm/drm_modeset_lock.c:317 drm_modeset_lock_all_ctx+0x3c4/0x3d0\n ...\n Hardware name: Google CoachZ (rev3+) (DT)\n pstate: a0400009 (NzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : drm_modeset_lock_all_ctx+0x3c4/0x3d0\n lr : drm_modeset_lock_all_ctx+0x48/0x3d0\n sp : ffff80000805bb80\n x29: ffff80000805bb80 x28: ffff327c00128000 x27: 0000000000000000\n x26: 0000000000000000 x25: 0000000000000001 x24: ffffc95d820ec030\n x23: ffff327c00bbd090 x22: ffffc95d8215eca0 x21: ffff327c039c5800\n x20: ffff327c039c5988 x19: ffff80000805bbe8 x18: 0000000000000034\n x17: 000000040044ffff x16: ffffc95d80cac920 x15: 0000000000000000\n x14: 0000000000000315 x13: 0000000000000315 x12: 0000000000000000\n x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\n x8 : ffff80000805bc28 x7 : 0000000000000000 x6 : 0000000000000000\n x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000\n x2 : ffff327c00128000 x1 : 0000000000000000 x0 : ffff327c039c59b0\n Call trace:\n drm_modeset_lock_all_ctx+0x3c4/0x3d0\n drm_atomic_helper_shutdown+0x70/0x134\n msm_drv_shutdown+0x30/0x40\n platform_shutdown+0x28/0x40\n device_shutdown+0x148/0x350\n kernel_power_off+0x38/0x80\n __do_sys_reboot+0x288/0x2c0\n __arm64_sys_reboot+0x28/0x34\n invoke_syscall+0x48/0x114\n el0_svc_common.constprop.0+0x44/0xec\n do_el0_svc+0x2c/0xc0\n el0_svc+0x2c/0x84\n el0t_64_sync_handler+0x11c/0x150\n el0t_64_sync+0x18c/0x190\n ---[ end trace 0000000000000000 ]---\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000018\n Mem abort info:\n ESR = 0x0000000096000004\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x04: level 0 translation fault\n Data abort info:\n ISV = 0, ISS = 0x00000004\n CM = 0, WnR = 0\n user pgtable: 4k pages, 48-bit VAs, pgdp=000000010eab1000\n [0000000000000018] pgd=0000000000000000, p4d=0000000000000000\n Internal error: Oops: 96000004 [#1] PREEMPT SMP\n ...\n Hardware name: Google CoachZ (rev3+) (DT)\n pstate: a0400009 (NzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : ww_mutex_lock+0x28/0x32c\n lr : drm_modeset_lock_all_ctx+0x1b0/0x3d0\n sp : ffff80000805bb50\n x29: ffff80000805bb50 x28: ffff327c00128000 x27: 0000000000000000\n x26: 00000\n---truncated---", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50260", "https://git.kernel.org/linus/0a58d2ae572adaec8d046f8d35b40c2c32ac7468 (6.1-rc1)", "https://git.kernel.org/stable/c/0a58d2ae572adaec8d046f8d35b40c2c32ac7468", "https://git.kernel.org/stable/c/0e6649a2e31ac157c711d583ec8f5ec59da5de0e", "https://git.kernel.org/stable/c/26f9a766f87b33c50ed400a9500cc1dc9aced953", "https://lore.kernel.org/linux-cve-announce/2025091551-CVE-2022-50260-a136@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50260", "https://www.cve.org/CVERecord?id=CVE-2022-50260" ], "PublishedDate": "2025-09-15T14:15:36.873Z", "LastModifiedDate": "2025-11-25T17:02:41.887Z" }, { "VulnerabilityID": "CVE-2022-50266", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50266", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1a5c1609c003ee1ce7a8383e9e009e507ab877b23aaa7a92712f78b8c9d30524", "Title": "kernel: kprobes: Fix check for probe enabled in kill_kprobe()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nkprobes: Fix check for probe enabled in kill_kprobe()\n\nIn kill_kprobe(), the check whether disarm_kprobe_ftrace() needs to be\ncalled always fails. This is because before that we set the\nKPROBE_FLAG_GONE flag for kprobe so that \"!kprobe_disabled(p)\" is always\nfalse.\n\nThe disarm_kprobe_ftrace() call introduced by commit:\n\n 0cb2f1372baa (\"kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler\")\n\nto fix the NULL pointer reference problem. When the probe is enabled, if\nwe do not disarm it, this problem still exists.\n\nFix it by putting the probe enabled check before setting the\nKPROBE_FLAG_GONE flag.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50266", "https://git.kernel.org/linus/0c76ef3f26d5ef2ac2c21b47e7620cff35809fbb (6.2-rc1)", "https://git.kernel.org/stable/c/0c76ef3f26d5ef2ac2c21b47e7620cff35809fbb", "https://git.kernel.org/stable/c/c909985dd0c0f74b61e3f8f0e04bf8aa9c8b97c7", "https://git.kernel.org/stable/c/f20a067f13106565816b4b6a6b665b2088a63824", "https://lore.kernel.org/linux-cve-announce/2025091504-CVE-2022-50266-9532@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50266", "https://www.cve.org/CVERecord?id=CVE-2022-50266" ], "PublishedDate": "2025-09-15T15:15:37.347Z", "LastModifiedDate": "2025-12-02T19:27:30.377Z" }, { "VulnerabilityID": "CVE-2022-50284", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50284", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6f19ab7442e69a1756fae72e1e08640c038e1fa679f42863d82ea3cec10f13db", "Title": "kernel: ipc: fix memory leak in init_mqueue_fs()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nipc: fix memory leak in init_mqueue_fs()\n\nWhen setup_mq_sysctls() failed in init_mqueue_fs(), mqueue_inode_cachep is\nnot released. In order to fix this issue, the release path is reordered.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50284", "https://git.kernel.org/linus/12b677f2c697d61e5ddbcb6c1650050a39392f54 (6.2-rc1)", "https://git.kernel.org/stable/c/12b677f2c697d61e5ddbcb6c1650050a39392f54", "https://git.kernel.org/stable/c/28dad915abe46d38c5799a0c8130e9a2a1540385", "https://git.kernel.org/stable/c/86273624a68d07f129dc182b8394f487ed4de484", "https://lore.kernel.org/linux-cve-announce/2025091507-CVE-2022-50284-b5c2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50284", "https://www.cve.org/CVERecord?id=CVE-2022-50284" ], "PublishedDate": "2025-09-15T15:15:39.55Z", "LastModifiedDate": "2025-12-03T19:20:00.62Z" }, { "VulnerabilityID": "CVE-2022-50303", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50303", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9ba9b78a94e5d630e568b4bced500b3f94774f3e49319f1649c4ec0bd9378bcd", "Title": "kernel: drm/amdkfd: Fix double release compute pasid", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Fix double release compute pasid\n\nIf kfd_process_device_init_vm returns failure after vm is converted to\ncompute vm and vm-\u003epasid set to compute pasid, KFD will not take\npdd-\u003edrm_file reference. As a result, drm close file handler maybe\ncalled to release the compute pasid before KFD process destroy worker to\nrelease the same pasid and set vm-\u003epasid to zero, this generates below\nWARNING backtrace and NULL pointer access.\n\nAdd helper amdgpu_amdkfd_gpuvm_set_vm_pasid and call it at the last step\nof kfd_process_device_init_vm, to ensure vm pasid is the original pasid\nif acquiring vm failed or is the compute pasid with pdd-\u003edrm_file\nreference taken to avoid double release same pasid.\n\n amdgpu: Failed to create process VM object\n ida_free called for id=32770 which is not allocated.\n WARNING: CPU: 57 PID: 72542 at ../lib/idr.c:522 ida_free+0x96/0x140\n RIP: 0010:ida_free+0x96/0x140\n Call Trace:\n amdgpu_pasid_free_delayed+0xe1/0x2a0 [amdgpu]\n amdgpu_driver_postclose_kms+0x2d8/0x340 [amdgpu]\n drm_file_free.part.13+0x216/0x270 [drm]\n drm_close_helper.isra.14+0x60/0x70 [drm]\n drm_release+0x6e/0xf0 [drm]\n __fput+0xcc/0x280\n ____fput+0xe/0x20\n task_work_run+0x96/0xc0\n do_exit+0x3d0/0xc10\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n RIP: 0010:ida_free+0x76/0x140\n Call Trace:\n amdgpu_pasid_free_delayed+0xe1/0x2a0 [amdgpu]\n amdgpu_driver_postclose_kms+0x2d8/0x340 [amdgpu]\n drm_file_free.part.13+0x216/0x270 [drm]\n drm_close_helper.isra.14+0x60/0x70 [drm]\n drm_release+0x6e/0xf0 [drm]\n __fput+0xcc/0x280\n ____fput+0xe/0x20\n task_work_run+0x96/0xc0\n do_exit+0x3d0/0xc10", "Severity": "MEDIUM", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50303", "https://git.kernel.org/linus/1a799c4c190ea9f0e81028e3eb3037ed0ab17ff5 (6.2-rc1)", "https://git.kernel.org/stable/c/1a799c4c190ea9f0e81028e3eb3037ed0ab17ff5", "https://git.kernel.org/stable/c/89f0d766c9e3fdeafbed6f855d433c2768cde862", "https://git.kernel.org/stable/c/a02c07b619899179384fde06f951530438a3512d", "https://lore.kernel.org/linux-cve-announce/2025091558-CVE-2022-50303-7759@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50303", "https://www.cve.org/CVERecord?id=CVE-2022-50303" ], "PublishedDate": "2025-09-15T15:15:41.84Z", "LastModifiedDate": "2025-12-04T15:31:34.053Z" }, { "VulnerabilityID": "CVE-2022-50304", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50304", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4e317f60a49dcd081149e0bf1a7ea88e91992bfd0bcbd1ce3d1f5a4618e96893", "Title": "kernel: mtd: core: fix possible resource leak in init_mtd()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: core: fix possible resource leak in init_mtd()\n\nI got the error report while inject fault in init_mtd():\n\nsysfs: cannot create duplicate filename '/devices/virtual/bdi/mtd-0'\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x67/0x83\n sysfs_warn_dup+0x60/0x70\n sysfs_create_dir_ns+0x109/0x120\n kobject_add_internal+0xce/0x2f0\n kobject_add+0x98/0x110\n device_add+0x179/0xc00\n device_create_groups_vargs+0xf4/0x100\n device_create+0x7b/0xb0\n bdi_register_va.part.13+0x58/0x2d0\n bdi_register+0x9b/0xb0\n init_mtd+0x62/0x171 [mtd]\n do_one_initcall+0x6c/0x3c0\n do_init_module+0x58/0x222\n load_module+0x268e/0x27d0\n __do_sys_finit_module+0xd5/0x140\n do_syscall_64+0x37/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n \u003c/TASK\u003e\nkobject_add_internal failed for mtd-0 with -EEXIST, don't try to register\n\tthings with the same name in the same directory.\nError registering mtd class or bdi: -17\n\nIf init_mtdchar() fails in init_mtd(), mtd_bdi will not be unregistered,\nas a result, we can't load the mtd module again, to fix this by calling\nbdi_unregister(mtd_bdi) after out_procfs label.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50304", "https://git.kernel.org/linus/1aadf01e5076b9ab6bf294b9622335c651314895 (6.2-rc1)", "https://git.kernel.org/stable/c/1aadf01e5076b9ab6bf294b9622335c651314895", "https://git.kernel.org/stable/c/26c304a3f136009c5a2a04e2bf3ac6aa25aabcb4", "https://git.kernel.org/stable/c/78816504100cbd8e6836df9f58cc4fbb8b262f1c", "https://lore.kernel.org/linux-cve-announce/2025091558-CVE-2022-50304-4b20@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50304", "https://www.cve.org/CVERecord?id=CVE-2022-50304" ], "PublishedDate": "2025-09-15T15:15:41.953Z", "LastModifiedDate": "2025-12-04T15:31:23.977Z" }, { "VulnerabilityID": "CVE-2022-50316", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50316", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8b9d7de558b8f930848caaad4bf8276a40f1fffe413fcd40e8af81232174111d", "Title": "kernel: orangefs: Fix kmemleak in orangefs_sysfs_init()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\norangefs: Fix kmemleak in orangefs_sysfs_init()\n\nWhen insert and remove the orangefs module, there are kobjects memory\nleaked as below:\n\nunreferenced object 0xffff88810f95af00 (size 64):\n comm \"insmod\", pid 783, jiffies 4294813439 (age 65.512s)\n hex dump (first 32 bytes):\n a0 83 af 01 81 88 ff ff 08 af 95 0f 81 88 ff ff ................\n 08 af 95 0f 81 88 ff ff 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003c0000000031ab7788\u003e] kmalloc_trace+0x27/0xa0\n [\u003c000000005a6e4dfe\u003e] orangefs_sysfs_init+0x42/0x3a0\n [\u003c00000000722645ca\u003e] 0xffffffffa02780fe\n [\u003c000000004232d9f7\u003e] do_one_initcall+0x87/0x2a0\n [\u003c0000000054f22384\u003e] do_init_module+0xdf/0x320\n [\u003c000000003263bdea\u003e] load_module+0x2f98/0x3330\n [\u003c0000000052cd4153\u003e] __do_sys_finit_module+0x113/0x1b0\n [\u003c00000000250ae02b\u003e] do_syscall_64+0x35/0x80\n [\u003c00000000f11c03c7\u003e] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nunreferenced object 0xffff88810f95ae80 (size 64):\n comm \"insmod\", pid 783, jiffies 4294813439 (age 65.512s)\n hex dump (first 32 bytes):\n c8 90 0f 02 81 88 ff ff 88 ae 95 0f 81 88 ff ff ................\n 88 ae 95 0f 81 88 ff ff 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003c0000000031ab7788\u003e] kmalloc_trace+0x27/0xa0\n [\u003c000000001a4841fa\u003e] orangefs_sysfs_init+0xc7/0x3a0\n [\u003c00000000722645ca\u003e] 0xffffffffa02780fe\n [\u003c000000004232d9f7\u003e] do_one_initcall+0x87/0x2a0\n [\u003c0000000054f22384\u003e] do_init_module+0xdf/0x320\n [\u003c000000003263bdea\u003e] load_module+0x2f98/0x3330\n [\u003c0000000052cd4153\u003e] __do_sys_finit_module+0x113/0x1b0\n [\u003c00000000250ae02b\u003e] do_syscall_64+0x35/0x80\n [\u003c00000000f11c03c7\u003e] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nunreferenced object 0xffff88810f95ae00 (size 64):\n comm \"insmod\", pid 783, jiffies 4294813440 (age 65.511s)\n hex dump (first 32 bytes):\n 60 87 a1 00 81 88 ff ff 08 ae 95 0f 81 88 ff ff `...............\n 08 ae 95 0f 81 88 ff ff 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003c0000000031ab7788\u003e] kmalloc_trace+0x27/0xa0\n [\u003c000000005915e797\u003e] orangefs_sysfs_init+0x12b/0x3a0\n [\u003c00000000722645ca\u003e] 0xffffffffa02780fe\n [\u003c000000004232d9f7\u003e] do_one_initcall+0x87/0x2a0\n [\u003c0000000054f22384\u003e] do_init_module+0xdf/0x320\n [\u003c000000003263bdea\u003e] load_module+0x2f98/0x3330\n [\u003c0000000052cd4153\u003e] __do_sys_finit_module+0x113/0x1b0\n [\u003c00000000250ae02b\u003e] do_syscall_64+0x35/0x80\n [\u003c00000000f11c03c7\u003e] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nunreferenced object 0xffff88810f95ad80 (size 64):\n comm \"insmod\", pid 783, jiffies 4294813440 (age 65.511s)\n hex dump (first 32 bytes):\n 78 90 0f 02 81 88 ff ff 88 ad 95 0f 81 88 ff ff x...............\n 88 ad 95 0f 81 88 ff ff 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003c0000000031ab7788\u003e] kmalloc_trace+0x27/0xa0\n [\u003c000000007a14eb35\u003e] orangefs_sysfs_init+0x1ac/0x3a0\n [\u003c00000000722645ca\u003e] 0xffffffffa02780fe\n [\u003c000000004232d9f7\u003e] do_one_initcall+0x87/0x2a0\n [\u003c0000000054f22384\u003e] do_init_module+0xdf/0x320\n [\u003c000000003263bdea\u003e] load_module+0x2f98/0x3330\n [\u003c0000000052cd4153\u003e] __do_sys_finit_module+0x113/0x1b0\n [\u003c00000000250ae02b\u003e] do_syscall_64+0x35/0x80\n [\u003c00000000f11c03c7\u003e] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nunreferenced object 0xffff88810f95ac00 (size 64):\n comm \"insmod\", pid 783, jiffies 4294813440 (age 65.531s)\n hex dump (first 32 bytes):\n e0 ff 67 02 81 88 ff ff 08 ac 95 0f 81 88 ff ff ..g.............\n 08 ac 95 0f 81 88 ff ff 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003c0000000031ab7788\u003e] kmalloc_trace+0x27/0xa0\n [\u003c000000001f38adcb\u003e] orangefs_sysfs_init+0x291/0x3a0\n [\u003c00000000722645ca\u003e] 0xffffffffa02780fe\n [\u003c000000004232d9f7\u003e] do_one_initcall+0x87/0x2a0\n [\u003c0000000054f22384\u003e] do_init_module+0xdf/0x320\n [\u003c000000003263bdea\u003e] load_module+0x2f98/0x3330\n [\u003c0000000052cd4153\u003e] __do_sys_finit_module+0x113/0x1b0\n [\u003c00000000250ae02b\u003e] do_syscall_64+0x35/\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50316", "https://git.kernel.org/linus/1f2c0e8a587bcafad85019a2d80f158d8d41a868 (6.2-rc1)", "https://git.kernel.org/stable/c/1f2c0e8a587bcafad85019a2d80f158d8d41a868", "https://git.kernel.org/stable/c/22409490294180c39be7dd0e5b2667d41556307d", "https://git.kernel.org/stable/c/9ce4ba7fff5af36da82dc5964221367630621b99", "https://lore.kernel.org/linux-cve-announce/2025091552-CVE-2022-50316-6e9e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50316", "https://www.cve.org/CVERecord?id=CVE-2022-50316" ], "PublishedDate": "2025-09-15T15:15:43.5Z", "LastModifiedDate": "2025-12-03T19:29:19.307Z" }, { "VulnerabilityID": "CVE-2022-50322", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50322", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b2cf61d3bcbbc64275df599cf4eff96bcee3869daf719755b7a4dbf1070b7220", "Title": "kernel: Linux kernel: Denial of Service due to function prototype mismatch", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtc: msc313: Fix function prototype mismatch in msc313_rtc_probe()\n\nWith clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG),\nindirect call targets are validated against the expected function\npointer prototype to make sure the call target is valid to help mitigate\nROP attacks. If they are not identical, there is a failure at run time,\nwhich manifests as either a kernel panic or thread getting killed.\n\nmsc313_rtc_probe() was passing clk_disable_unprepare() directly, which\ndid not have matching prototypes for devm_add_action_or_reset()'s\ncallback argument. Refactor to use devm_clk_get_enabled() instead.\n\nThis was found as a result of Clang's new -Wcast-function-type-strict\nflag, which is more sensitive than the simpler -Wcast-function-type,\nwhich only checks for type width mismatches.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50322", "https://git.kernel.org/linus/21b8a1dd56a163825e5749b303858fb902ebf198 (6.2-rc1)", "https://git.kernel.org/stable/c/21b8a1dd56a163825e5749b303858fb902ebf198", "https://git.kernel.org/stable/c/5affaaf3334c9274131dae889ed79ea0553d61b4", "https://git.kernel.org/stable/c/ba50fee6b41bcbafaeed3c51f90d37d1480ff9a0", "https://lore.kernel.org/linux-cve-announce/2025091553-CVE-2022-50322-079d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50322", "https://www.cve.org/CVERecord?id=CVE-2022-50322" ], "PublishedDate": "2025-09-15T15:15:44.24Z", "LastModifiedDate": "2025-12-04T15:12:01.39Z" }, { "VulnerabilityID": "CVE-2022-50332", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50332", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:54f0f7c61b1ad217d8c1d95f541f576e60bfeea70d2e58bde6c1a4eb1c76ca48", "Title": "kernel: Linux kernel: Denial of Service due to improper PCI device handling in aperture driver", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nvideo/aperture: Call sysfb_disable() before removing PCI devices\n\nCall sysfb_disable() from aperture_remove_conflicting_pci_devices()\nbefore removing PCI devices. Without, simpledrm can still bind to\nsimple-framebuffer devices after the hardware driver has taken over\nthe hardware. Both drivers interfere with each other and results are\nundefined.\n\nReported modesetting errors [1] are shown below.\n\n---- snap ----\nrcu: INFO: rcu_sched detected expedited stalls on CPUs/tasks: { 13-.... } 7 jiffies s: 165 root: 0x2000/.\nrcu: blocking rcu_node structures (internal RCU debug):\nTask dump for CPU 13:\ntask:X state:R running task stack: 0 pid: 4242 ppid: 4228 flags:0x00000008\nCall Trace:\n \u003cTASK\u003e\n ? commit_tail+0xd7/0x130\n ? drm_atomic_helper_commit+0x126/0x150\n ? drm_atomic_commit+0xa4/0xe0\n ? drm_plane_get_damage_clips.cold+0x1c/0x1c\n ? drm_atomic_helper_dirtyfb+0x19e/0x280\n ? drm_mode_dirtyfb_ioctl+0x10f/0x1e0\n ? drm_mode_getfb2_ioctl+0x2d0/0x2d0\n ? drm_ioctl_kernel+0xc4/0x150\n ? drm_ioctl+0x246/0x3f0\n ? drm_mode_getfb2_ioctl+0x2d0/0x2d0\n ? __x64_sys_ioctl+0x91/0xd0\n ? do_syscall_64+0x60/0xd0\n ? entry_SYSCALL_64_after_hwframe+0x4b/0xb5\n \u003c/TASK\u003e\n...\nrcu: INFO: rcu_sched detected expedited stalls on CPUs/tasks: { 13-.... } 30 jiffies s: 169 root: 0x2000/.\nrcu: blocking rcu_node structures (internal RCU debug):\nTask dump for CPU 13:\ntask:X state:R running task stack: 0 pid: 4242 ppid: 4228 flags:0x0000400e\nCall Trace:\n \u003cTASK\u003e\n ? memcpy_toio+0x76/0xc0\n ? memcpy_toio+0x1b/0xc0\n ? drm_fb_memcpy_toio+0x76/0xb0\n ? drm_fb_blit_toio+0x75/0x2b0\n ? simpledrm_simple_display_pipe_update+0x132/0x150\n ? drm_atomic_helper_commit_planes+0xb6/0x230\n ? drm_atomic_helper_commit_tail+0x44/0x80\n ? commit_tail+0xd7/0x130\n ? drm_atomic_helper_commit+0x126/0x150\n ? drm_atomic_commit+0xa4/0xe0\n ? drm_plane_get_damage_clips.cold+0x1c/0x1c\n ? drm_atomic_helper_dirtyfb+0x19e/0x280\n ? drm_mode_dirtyfb_ioctl+0x10f/0x1e0\n ? drm_mode_getfb2_ioctl+0x2d0/0x2d0\n ? drm_ioctl_kernel+0xc4/0x150\n ? drm_ioctl+0x246/0x3f0\n ? drm_mode_getfb2_ioctl+0x2d0/0x2d0\n ? __x64_sys_ioctl+0x91/0xd0\n ? do_syscall_64+0x60/0xd0\n ? entry_SYSCALL_64_after_hwframe+0x4b/0xb5\n \u003c/TASK\u003e\n\nThe problem was added by commit 5e0137612430 (\"video/aperture: Disable\nand unregister sysfb devices via aperture helpers\") to v6.0.3 and does\nnot exist in the mainline branch.\n\nThe mainline commit 5e0137612430 (\"video/aperture: Disable and\nunregister sysfb devices via aperture helpers\") has been backported\nfrom v6.0-rc1 to stable v6.0.3 from a larger patch series [2] that\nreworks fbdev framebuffer ownership. The backport misses a change to\naperture_remove_conflicting_pci_devices(). Mainline itself is fine,\nbecause the function does not exist there as a result of the patch\nseries.\n\nInstead of backporting the whole series, fix the additional function.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50332", "https://git.kernel.org/linus/25a6688f27ff54f97adf7cce1d7e18c38bf51eb4 (6.0.6)", "https://git.kernel.org/stable/c/25a6688f27ff54f97adf7cce1d7e18c38bf51eb4", "https://lore.kernel.org/linux-cve-announce/2025091555-CVE-2022-50332-a052@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50332", "https://www.cve.org/CVERecord?id=CVE-2022-50332" ], "PublishedDate": "2025-09-15T15:15:45.427Z", "LastModifiedDate": "2025-12-04T13:46:08.2Z" }, { "VulnerabilityID": "CVE-2022-50350", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50350", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1d1321fec24eba1b1032551e188e14413b3937432dd92eeb689c8cbb2790fcab", "Title": "kernel: scsi: target: iscsi: Fix a race condition between login_work and the login thread", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: iscsi: Fix a race condition between login_work and the login thread\n\nIn case a malicious initiator sends some random data immediately after a\nlogin PDU; the iscsi_target_sk_data_ready() callback will schedule the\nlogin_work and, at the same time, the negotiation may end without clearing\nthe LOGIN_FLAGS_INITIAL_PDU flag (because no additional PDU exchanges are\nrequired to complete the login).\n\nThe login has been completed but the login_work function will find the\nLOGIN_FLAGS_INITIAL_PDU flag set and will never stop from rescheduling\nitself; at this point, if the initiator drops the connection, the\niscsit_conn structure will be freed, login_work will dereference a released\nsocket structure and the kernel crashes.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000230\nPF: supervisor write access in kernel mode\nPF: error_code(0x0002) - not-present page\nWorkqueue: events iscsi_target_do_login_rx [iscsi_target_mod]\nRIP: 0010:_raw_read_lock_bh+0x15/0x30\nCall trace:\n iscsi_target_do_login_rx+0x75/0x3f0 [iscsi_target_mod]\n process_one_work+0x1e8/0x3c0\n\nFix this bug by forcing login_work to stop after the login has been\ncompleted and the socket callbacks have been restored.\n\nAdd a comment to clearify the return values of iscsi_target_do_login()", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50350", "https://git.kernel.org/linus/fec1b2fa62c162d03f5dcd7b03e3c89d3116d49f (6.2-rc1)", "https://git.kernel.org/stable/c/1533b8b3058db618409f41554ebe768c2e3acfae", "https://git.kernel.org/stable/c/3ecdca49ca49d4770639d81503c873b6d25887c4", "https://git.kernel.org/stable/c/fec1b2fa62c162d03f5dcd7b03e3c89d3116d49f", "https://lore.kernel.org/linux-cve-announce/2025091640-CVE-2022-50350-31bb@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50350", "https://www.cve.org/CVERecord?id=CVE-2022-50350" ], "PublishedDate": "2025-09-16T17:15:34.833Z", "LastModifiedDate": "2026-01-14T19:16:06.033Z" }, { "VulnerabilityID": "CVE-2022-50354", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50354", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c5fae033bf9d9e1ad9651013d4c8caddc4815b6aed5a0d233625d66511dd2139", "Title": "kernel: drm/amdkfd: Fix kfd_process_device_init_vm error handling", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Fix kfd_process_device_init_vm error handling\n\nShould only destroy the ib_mem and let process cleanup worker to free\nthe outstanding BOs. Reset the pointer in pdd-\u003eqpd structure, to avoid\nNULL pointer access in process destroy worker.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000010\n Call Trace:\n amdgpu_amdkfd_gpuvm_unmap_gtt_bo_from_kernel+0x46/0xb0 [amdgpu]\n kfd_process_device_destroy_cwsr_dgpu+0x40/0x70 [amdgpu]\n kfd_process_destroy_pdds+0x71/0x190 [amdgpu]\n kfd_process_wq_release+0x2a2/0x3b0 [amdgpu]\n process_one_work+0x2a1/0x600\n worker_thread+0x39/0x3d0", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50354", "https://git.kernel.org/linus/29d48b87db64b6697ddad007548e51d032081c59 (6.2-rc1)", "https://git.kernel.org/stable/c/29d48b87db64b6697ddad007548e51d032081c59", "https://git.kernel.org/stable/c/9d74d1f52e16d8e07f7fbe52e96d6391418a2fe9", "https://git.kernel.org/stable/c/b6e78bd3bf2eb964c95eb2596d3cd367307a20b5", "https://lore.kernel.org/linux-cve-announce/2025091714-CVE-2022-50354-45cc@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50354", "https://www.cve.org/CVERecord?id=CVE-2022-50354" ], "PublishedDate": "2025-09-17T15:15:34.037Z", "LastModifiedDate": "2026-01-14T19:16:06.71Z" }, { "VulnerabilityID": "CVE-2022-50357", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50357", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6ba6e44dc2709575a184f4c41460d51e94202a03774c5a1b6463d2969729bc00", "Title": "kernel: usb: dwc3: core: fix some leaks in probe", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: core: fix some leaks in probe\n\nThe dwc3_get_properties() function calls:\n\n\tdwc-\u003eusb_psy = power_supply_get_by_name(usb_psy_name);\n\nso there is some additional clean up required on these error paths.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50357", "https://git.kernel.org/linus/2a735e4b5580a2a6bbd6572109b4c4f163c57462 (6.1-rc1)", "https://git.kernel.org/stable/c/2a735e4b5580a2a6bbd6572109b4c4f163c57462", "https://git.kernel.org/stable/c/3a213503f483173e7eea76f2e7e3bdd6df7fd6f8", "https://git.kernel.org/stable/c/79c3afb55942368921237d7b5355d48c52bdde20", "https://lore.kernel.org/linux-cve-announce/2025091714-CVE-2022-50357-4ae9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50357", "https://www.cve.org/CVERecord?id=CVE-2022-50357" ], "PublishedDate": "2025-09-17T15:15:34.397Z", "LastModifiedDate": "2026-01-14T19:16:07.64Z" }, { "VulnerabilityID": "CVE-2022-50380", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50380", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:80d3941f0fdc801cd041b9532b5674f62b7f97ca0a4c6797fbab0a4b800f0a1e", "Title": "kernel: mm: /proc/pid/smaps_rollup: fix no vma's null-deref", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: /proc/pid/smaps_rollup: fix no vma's null-deref\n\nCommit 258f669e7e88 (\"mm: /proc/pid/smaps_rollup: convert to single value\nseq_file\") introduced a null-deref if there are no vma's in the task in\nshow_smaps_rollup.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50380", "https://git.kernel.org/linus/33fc9e26b7cb39f0d4219c875a2451802249c225 (5.15.76)", "https://git.kernel.org/stable/c/33fc9e26b7cb39f0d4219c875a2451802249c225", "https://git.kernel.org/stable/c/6bb8769326c46db3058780c0640dcc49d8187b24", "https://git.kernel.org/stable/c/97898139ca9b81ba9322a585e07490983c53b55a", "https://git.kernel.org/stable/c/a50ed2d28727ff605d95fb9a53be8ff94e8eaaf4", "https://git.kernel.org/stable/c/c4c84f06285e48f80e9843d0775ad92714ffc35a", "https://git.kernel.org/stable/c/dbe863bce7679c7f5ec0e993d834fe16c5e687b5", "https://lore.kernel.org/linux-cve-announce/2025091851-CVE-2022-50380-25c9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50380", "https://www.cve.org/CVERecord?id=CVE-2022-50380" ], "PublishedDate": "2025-09-18T14:15:36.767Z", "LastModifiedDate": "2026-01-14T19:16:11.76Z" }, { "VulnerabilityID": "CVE-2022-50383", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50383", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:516735e2aa3d8632fa6de06cd839470cc08158b67edddf309061d3300507e1a8", "Title": "kernel: media: mediatek: vcodec: Can't set dst buffer to done when lat decode error", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Can't set dst buffer to done when lat decode error\n\nCore thread will call v4l2_m2m_buf_done to set dst buffer done for\nlat architecture. If lat call v4l2_m2m_buf_done_and_job_finish to\nfree dst buffer when lat decode error, core thread will access kernel\nNULL pointer dereference, then crash.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50383", "https://git.kernel.org/linus/3568ecd3f3a6d133ab7feffbba34955c8c79bbc4 (6.2-rc1)", "https://git.kernel.org/stable/c/3568ecd3f3a6d133ab7feffbba34955c8c79bbc4", "https://git.kernel.org/stable/c/66d26ed30056e7d2da3e9c14125ffe6049a4f907", "https://git.kernel.org/stable/c/eeb090420f3477eb5011586709409fc655c2b16c", "https://lore.kernel.org/linux-cve-announce/2025091852-CVE-2022-50383-e1c7@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50383", "https://www.cve.org/CVERecord?id=CVE-2022-50383" ], "PublishedDate": "2025-09-18T14:15:37.113Z", "LastModifiedDate": "2026-01-14T19:16:12.26Z" }, { "VulnerabilityID": "CVE-2022-50390", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50390", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:361a0b100e81a8adf2ba1ff3de49da392922764f38d1a201efddaadb53bf5299", "Title": "kernel: Linux kernel: Denial of Service and information disclosure via undefined bit shift in drm/ttm", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/ttm: fix undefined behavior in bit shift for TTM_TT_FLAG_PRIV_POPULATED\n\nShifting signed 32-bit value by 31 bits is undefined, so changing\nsignificant bit to unsigned. The UBSAN warning calltrace like below:\n\nUBSAN: shift-out-of-bounds in ./include/drm/ttm/ttm_tt.h:122:26\nleft shift of 1 by 31 places cannot be represented in type 'int'\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x7d/0xa5\n dump_stack+0x15/0x1b\n ubsan_epilogue+0xe/0x4e\n __ubsan_handle_shift_out_of_bounds+0x1e7/0x20c\n ttm_bo_move_memcpy+0x3b4/0x460 [ttm]\n bo_driver_move+0x32/0x40 [drm_vram_helper]\n ttm_bo_handle_move_mem+0x118/0x200 [ttm]\n ttm_bo_validate+0xfa/0x220 [ttm]\n drm_gem_vram_pin_locked+0x70/0x1b0 [drm_vram_helper]\n drm_gem_vram_pin+0x48/0xb0 [drm_vram_helper]\n drm_gem_vram_plane_helper_prepare_fb+0x53/0xe0 [drm_vram_helper]\n drm_gem_vram_simple_display_pipe_prepare_fb+0x26/0x30 [drm_vram_helper]\n drm_simple_kms_plane_prepare_fb+0x4d/0xe0 [drm_kms_helper]\n drm_atomic_helper_prepare_planes+0xda/0x210 [drm_kms_helper]\n drm_atomic_helper_commit+0xc3/0x1e0 [drm_kms_helper]\n drm_atomic_commit+0x9c/0x160 [drm]\n drm_client_modeset_commit_atomic+0x33a/0x380 [drm]\n drm_client_modeset_commit_locked+0x77/0x220 [drm]\n drm_client_modeset_commit+0x31/0x60 [drm]\n __drm_fb_helper_restore_fbdev_mode_unlocked+0xa7/0x170 [drm_kms_helper]\n drm_fb_helper_set_par+0x51/0x90 [drm_kms_helper]\n fbcon_init+0x316/0x790\n visual_init+0x113/0x1d0\n do_bind_con_driver+0x2a3/0x5c0\n do_take_over_console+0xa9/0x270\n do_fbcon_takeover+0xa1/0x170\n do_fb_registered+0x2a8/0x340\n fbcon_fb_registered+0x47/0xe0\n register_framebuffer+0x294/0x4a0\n __drm_fb_helper_initial_config_and_unlock+0x43c/0x880 [drm_kms_helper]\n drm_fb_helper_initial_config+0x52/0x80 [drm_kms_helper]\n drm_fbdev_client_hotplug+0x156/0x1b0 [drm_kms_helper]\n drm_fbdev_generic_setup+0xfc/0x290 [drm_kms_helper]\n bochs_pci_probe+0x6ca/0x772 [bochs]\n local_pci_probe+0x4d/0xb0\n pci_device_probe+0x119/0x320\n really_probe+0x181/0x550\n __driver_probe_device+0xc6/0x220\n driver_probe_device+0x32/0x100\n __driver_attach+0x195/0x200\n bus_for_each_dev+0xbb/0x120\n driver_attach+0x27/0x30\n bus_add_driver+0x22e/0x2f0\n driver_register+0xa9/0x190\n __pci_register_driver+0x90/0xa0\n bochs_pci_driver_init+0x52/0x1000 [bochs]\n do_one_initcall+0x76/0x430\n do_init_module+0x61/0x28a\n load_module+0x1f82/0x2e50\n __do_sys_finit_module+0xf8/0x190\n __x64_sys_finit_module+0x23/0x30\n do_syscall_64+0x58/0x80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n \u003c/TASK\u003e", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50390", "https://git.kernel.org/linus/387659939c00156f8d6bab0fbc55b4eaf2b6bc5b (6.2-rc1)", "https://git.kernel.org/stable/c/2ff0309b73d86e8591881ac035af06e01c112e89", "https://git.kernel.org/stable/c/387659939c00156f8d6bab0fbc55b4eaf2b6bc5b", "https://git.kernel.org/stable/c/6528971fdce0dfc0a28fec42c151a1eccdabadf5", "https://git.kernel.org/stable/c/c4079a34c0adef9f35a16783fb13a9084406f96d", "https://lore.kernel.org/linux-cve-announce/2025091853-CVE-2022-50390-742c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50390", "https://www.cve.org/CVERecord?id=CVE-2022-50390" ], "PublishedDate": "2025-09-18T14:15:37.997Z", "LastModifiedDate": "2026-03-17T16:35:18.55Z" }, { "VulnerabilityID": "CVE-2022-50393", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50393", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e41c666af437345374a489a183ff60b42cb47709e4f1c2ed6c32cabd2c3eab2a", "Title": "kernel: drm/amdgpu: SDMA update use unlocked iterator", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: SDMA update use unlocked iterator\n\nSDMA update page table may be called from unlocked context, this\ngenerate below warning. Use unlocked iterator to handle this case.\n\nWARNING: CPU: 0 PID: 1475 at\ndrivers/dma-buf/dma-resv.c:483 dma_resv_iter_next\nCall Trace:\n dma_resv_iter_first+0x43/0xa0\n amdgpu_vm_sdma_update+0x69/0x2d0 [amdgpu]\n amdgpu_vm_ptes_update+0x29c/0x870 [amdgpu]\n amdgpu_vm_update_range+0x2f6/0x6c0 [amdgpu]\n svm_range_unmap_from_gpus+0x115/0x300 [amdgpu]\n svm_range_cpu_invalidate_pagetables+0x510/0x5e0 [amdgpu]\n __mmu_notifier_invalidate_range_start+0x1d3/0x230\n unmap_vmas+0x140/0x150\n unmap_region+0xa8/0x110", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50393", "https://git.kernel.org/linus/3913f0179ba366f7d7d160c506ce00de1602bbc4 (6.1-rc1)", "https://git.kernel.org/stable/c/3913f0179ba366f7d7d160c506ce00de1602bbc4", "https://git.kernel.org/stable/c/4ff3d517cebe8a29b9f3c302b5292bb1ce291e00", "https://git.kernel.org/stable/c/b892c57a3a04c8de247ab9ee08a0a8cf53290e19", "https://lore.kernel.org/linux-cve-announce/2025091853-CVE-2022-50393-d5da@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50393", "https://www.cve.org/CVERecord?id=CVE-2022-50393" ], "PublishedDate": "2025-09-18T14:15:38.38Z", "LastModifiedDate": "2026-01-14T19:16:14.633Z" }, { "VulnerabilityID": "CVE-2022-50406", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50406", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ff080b7063bbc93a87770be16c3de702d6ed540e7985810fa9294f1aff795ebd", "Title": "kernel: iomap: iomap: fix memory corruption when recording errors during writeback", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\niomap: iomap: fix memory corruption when recording errors during writeback\n\nEvery now and then I see this crash on arm64:\n\nUnable to handle kernel NULL pointer dereference at virtual address 00000000000000f8\nBuffer I/O error on dev dm-0, logical block 8733687, async page read\nMem abort info:\n ESR = 0x0000000096000006\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x06: level 2 translation fault\nData abort info:\n ISV = 0, ISS = 0x00000006\n CM = 0, WnR = 0\nuser pgtable: 64k pages, 42-bit VAs, pgdp=0000000139750000\n[00000000000000f8] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000, pmd=0000000000000000\nInternal error: Oops: 96000006 [#1] PREEMPT SMP\nBuffer I/O error on dev dm-0, logical block 8733688, async page read\nDumping ftrace buffer:\nBuffer I/O error on dev dm-0, logical block 8733689, async page read\n (ftrace buffer empty)\nXFS (dm-0): log I/O error -5\nModules linked in: dm_thin_pool dm_persistent_data\nXFS (dm-0): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x1ec/0x590 [xfs] (fs/xfs/xfs_trans_buf.c:296).\n dm_bio_prison\nXFS (dm-0): Please unmount the filesystem and rectify the problem(s)\nXFS (dm-0): xfs_imap_lookup: xfs_ialloc_read_agi() returned error -5, agno 0\n dm_bufio dm_log_writes xfs nft_chain_nat xt_REDIRECT nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip6t_REJECT\npotentially unexpected fatal signal 6.\n nf_reject_ipv6\npotentially unexpected fatal signal 6.\n ipt_REJECT nf_reject_ipv4\nCPU: 1 PID: 122166 Comm: fsstress Tainted: G W 6.0.0-rc5-djwa #rc5 3004c9f1de887ebae86015f2677638ce51ee7\n rpcsec_gss_krb5 auth_rpcgss xt_tcpudp ip_set_hash_ip ip_set_hash_net xt_set nft_compat ip_set_hash_mac ip_set nf_tables\nHardware name: QEMU KVM Virtual Machine, BIOS 1.5.1 06/16/2021\npstate: 60001000 (nZCv daif -PAN -UAO -TCO -DIT +SSBS BTYPE=--)\n ip_tables\npc : 000003fd6d7df200\n x_tables\nlr : 000003fd6d7df1ec\n overlay nfsv4\nCPU: 0 PID: 54031 Comm: u4:3 Tainted: G W 6.0.0-rc5-djwa #rc5 3004c9f1de887ebae86015f2677638ce51ee7405\nHardware name: QEMU KVM Virtual Machine, BIOS 1.5.1 06/16/2021\nWorkqueue: writeback wb_workfn\nsp : 000003ffd9522fd0\n (flush-253:0)\npstate: 60401005 (nZCv daif +PAN -UAO -TCO -DIT +SSBS BTYPE=--)\npc : errseq_set+0x1c/0x100\nx29: 000003ffd9522fd0 x28: 0000000000000023 x27: 000002acefeb6780\nx26: 0000000000000005 x25: 0000000000000001 x24: 0000000000000000\nx23: 00000000ffffffff x22: 0000000000000005\nlr : __filemap_set_wb_err+0x24/0xe0\n x21: 0000000000000006\nsp : fffffe000f80f760\nx29: fffffe000f80f760 x28: 0000000000000003 x27: fffffe000f80f9f8\nx26: 0000000002523000 x25: 00000000fffffffb x24: fffffe000f80f868\nx23: fffffe000f80fbb0 x22: fffffc0180c26a78 x21: 0000000002530000\nx20: 0000000000000000 x19: 0000000000000000 x18: 0000000000000000\n\nx17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\nx14: 0000000000000001 x13: 0000000000470af3 x12: fffffc0058f70000\nx11: 0000000000000040 x10: 0000000000001b20 x9 : fffffe000836b288\nx8 : fffffc00eb9fd480 x7 : 0000000000f83659 x6 : 0000000000000000\nx5 : 0000000000000869 x4 : 0000000000000005 x3 : 00000000000000f8\nx20: 000003fd6d740020 x19: 000000000001dd36 x18: 0000000000000001\nx17: 000003fd6d78704c x16: 0000000000000001 x15: 000002acfac87668\nx2 : 0000000000000ffa x1 : 00000000fffffffb x0 : 00000000000000f8\nCall trace:\n errseq_set+0x1c/0x100\n __filemap_set_wb_err+0x24/0xe0\n iomap_do_writepage+0x5e4/0xd5c\n write_cache_pages+0x208/0x674\n iomap_writepages+0x34/0x60\n xfs_vm_writepages+0x8c/0xcc [xfs 7a861f39c43631f15d3a5884246ba5035d4ca78b]\nx14: 0000000000000000 x13: 2064656e72757465 x12: 0000000000002180\nx11: 000003fd6d8a82d0 x10: 0000000000000000 x9 : 000003fd6d8ae288\nx8 : 0000000000000083 x7 : 00000000ffffffff x6 : 00000000ffffffee\nx5 : 00000000fbad2887 x4 : 000003fd6d9abb58 x3 : 000003fd6d740020\nx2 : 0000000000000006 x1 : 000000000001dd36 x0 : 0000000000000000\nCPU: \n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50406", "https://git.kernel.org/linus/3d5f3ba1ac28059bdf7000cae2403e4e984308d2 (6.1-rc1)", "https://git.kernel.org/stable/c/3d5f3ba1ac28059bdf7000cae2403e4e984308d2", "https://git.kernel.org/stable/c/7308591d9c7787aec58f6a01a7823f14e90db7a2", "https://git.kernel.org/stable/c/82c66c46f73b88be74c869e2cbfef45281adf3c6", "https://linux.oracle.com/cve/CVE-2022-50406.html", "https://linux.oracle.com/errata/ELSA-2025-23947.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-50406", "https://www.cve.org/CVERecord?id=CVE-2022-50406" ], "PublishedDate": "2025-09-18T16:15:43.76Z", "LastModifiedDate": "2026-01-14T20:15:53.127Z" }, { "VulnerabilityID": "CVE-2022-50407", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50407", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c0e391b6a2eed1f5d0cd4604980d2ffdc5f28c157ca568ef91a01c43328ed350", "Title": "kernel: crypto: hisilicon/qm - increase the memory of local variables", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: hisilicon/qm - increase the memory of local variables\n\nIncrease the buffer to prevent stack overflow by fuzz test. The maximum\nlength of the qos configuration buffer is 256 bytes. Currently, the value\nof the 'val buffer' is only 32 bytes. The sscanf does not check the dest\nmemory length. So the 'val buffer' may stack overflow.", "Severity": "MEDIUM", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50407", "https://git.kernel.org/linus/3efe90af4c0c46c58dba1b306de142827153d9c0 (6.2-rc1)", "https://git.kernel.org/stable/c/34c4f8ad45b4ea814c7ecc3f23a2d292959d5a52", "https://git.kernel.org/stable/c/3efe90af4c0c46c58dba1b306de142827153d9c0", "https://git.kernel.org/stable/c/fc521abb6ee4b8f06fdfc52646140dab6a2ed334", "https://lore.kernel.org/linux-cve-announce/2025091853-CVE-2022-50407-e539@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50407", "https://www.cve.org/CVERecord?id=CVE-2022-50407" ], "PublishedDate": "2025-09-18T16:15:43.88Z", "LastModifiedDate": "2026-01-14T20:15:53.287Z" }, { "VulnerabilityID": "CVE-2022-50418", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50418", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:286f1453c5f9c876f625e8eaf3439b474284c32204e58642ed228243e726d33a", "Title": "kernel: wifi: ath11k: mhi: fix potential memory leak in ath11k_mhi_register()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: mhi: fix potential memory leak in ath11k_mhi_register()\n\nmhi_alloc_controller() allocates a memory space for mhi_ctrl. When gets\nsome error, mhi_ctrl should be freed with mhi_free_controller(). But\nwhen ath11k_mhi_read_addr_from_dt() fails, the function returns without\ncalling mhi_free_controller(), which will lead to a memory leak.\n\nWe can fix it by calling mhi_free_controller() when\nath11k_mhi_read_addr_from_dt() fails.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50418", "https://git.kernel.org/linus/43e7c3505ec70db3d3c6458824d5fa40f62e3e7b (6.1-rc1)", "https://git.kernel.org/stable/c/015ced9eb63b8b19cb725a1d592d150b60494ced", "https://git.kernel.org/stable/c/43e7c3505ec70db3d3c6458824d5fa40f62e3e7b", "https://git.kernel.org/stable/c/72ef896e80b6ec7cdc1dd42577045f8e7c9c32b3", "https://lore.kernel.org/linux-cve-announce/2025091855-CVE-2022-50418-deac@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50418", "https://www.cve.org/CVERecord?id=CVE-2022-50418" ], "PublishedDate": "2025-09-18T16:15:45.247Z", "LastModifiedDate": "2026-01-14T20:15:55.007Z" }, { "VulnerabilityID": "CVE-2022-50425", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50425", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:97b8eddad947157a5f59798d9acf0598b5a4e031d2231b23510cca6089e0c32a", "Title": "kernel: x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly\n\nWhen an extended state component is not present in fpstate, but in init\nstate, the function copies from init_fpstate via copy_feature().\n\nBut, dynamic states are not present in init_fpstate because of all-zeros\ninit states. Then retrieving them from init_fpstate will explode like this:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n ...\n RIP: 0010:memcpy_erms+0x6/0x10\n ? __copy_xstate_to_uabi_buf+0x381/0x870\n fpu_copy_guest_fpstate_to_uabi+0x28/0x80\n kvm_arch_vcpu_ioctl+0x14c/0x1460 [kvm]\n ? __this_cpu_preempt_check+0x13/0x20\n ? vmx_vcpu_put+0x2e/0x260 [kvm_intel]\n kvm_vcpu_ioctl+0xea/0x6b0 [kvm]\n ? kvm_vcpu_ioctl+0xea/0x6b0 [kvm]\n ? __fget_light+0xd4/0x130\n __x64_sys_ioctl+0xe3/0x910\n ? debug_smp_processor_id+0x17/0x20\n ? fpregs_assert_state_consistent+0x27/0x50\n do_syscall_64+0x3f/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nAdjust the 'mask' to zero out the userspace buffer for the features that\nare not available both from fpstate and from init_fpstate.\n\nThe dynamic features depend on the compacted XSAVE format. Ensure it is\nenabled before reading XCOMP_BV in init_fpstate.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50425", "https://git.kernel.org/linus/471f0aa7fa64e23766a1473b32d9ec3f0718895a (6.1-rc2)", "https://git.kernel.org/stable/c/471f0aa7fa64e23766a1473b32d9ec3f0718895a", "https://git.kernel.org/stable/c/6ff29642fd28965a8f8d6d326ac91bf6075f3113", "https://lore.kernel.org/linux-cve-announce/2025100156-CVE-2022-50425-6722@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50425", "https://www.cve.org/CVERecord?id=CVE-2022-50425" ], "PublishedDate": "2025-10-01T12:15:33.987Z", "LastModifiedDate": "2026-01-20T20:14:12.247Z" }, { "VulnerabilityID": "CVE-2022-50461", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50461", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c40418b3ddb27dc578601f5c3de70b8c6710f7763da9af63f83e07361ecdc8bf", "Title": "kernel: net: ethernet: ti: am65-cpsw: Fix PM runtime leakage in am65_cpsw_nuss_ndo_slave_open()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: ti: am65-cpsw: Fix PM runtime leakage in am65_cpsw_nuss_ndo_slave_open()\n\nEnsure pm_runtime_put() is issued in error path.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50461", "https://git.kernel.org/linus/5821504f5073983733465b8bc430049c4343bbd7 (6.2-rc1)", "https://git.kernel.org/stable/c/2c14f5cf74c4995eaf284b496481866f012eba19", "https://git.kernel.org/stable/c/5821504f5073983733465b8bc430049c4343bbd7", "https://git.kernel.org/stable/c/a8846b3398600a632696b6cf79f8a44a107eb226", "https://lore.kernel.org/linux-cve-announce/2025100120-CVE-2022-50461-5ee8@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50461", "https://www.cve.org/CVERecord?id=CVE-2022-50461" ], "PublishedDate": "2025-10-01T12:15:39.56Z", "LastModifiedDate": "2026-01-16T19:14:42.013Z" }, { "VulnerabilityID": "CVE-2022-50464", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50464", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0b90faa6286cd5605eb71f98b52156ee1d7e46b5d2622e7b6884628da3d48b99", "Title": "kernel: mt76: mt7915: Fix PCI device refcount leak in mt7915_pci_init_hif2()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmt76: mt7915: Fix PCI device refcount leak in mt7915_pci_init_hif2()\n\nAs comment of pci_get_device() says, it returns a pci_device with its\nrefcount increased. We need to call pci_dev_put() to decrease the\nrefcount. Save the return value of pci_get_device() and call\npci_dev_put() to decrease the refcount.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50464", "https://git.kernel.org/linus/5938196cc188ba4323bc6357f5ac55127d715888 (6.2-rc1)", "https://git.kernel.org/stable/c/2d4b9c7e81f3a4df27749ebecb426b145e68be2a", "https://git.kernel.org/stable/c/5938196cc188ba4323bc6357f5ac55127d715888", "https://git.kernel.org/stable/c/8abc6579667129afd13ff2ccb0319ba3f46e6995", "https://lore.kernel.org/linux-cve-announce/2025100121-CVE-2022-50464-3c96@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50464", "https://www.cve.org/CVERecord?id=CVE-2022-50464" ], "PublishedDate": "2025-10-01T12:15:39.997Z", "LastModifiedDate": "2026-01-16T19:14:57.737Z" }, { "VulnerabilityID": "CVE-2022-50467", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50467", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:20b0362b014abd1f638f5439403928e77f53447c608796e903f4875e898071e8", "Title": "kernel: scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID\n\nAn error case exit from lpfc_cmpl_ct_cmd_gft_id() results in a call to\nlpfc_nlp_put() with a null pointer to a nodelist structure.\n\nChanged lpfc_cmpl_ct_cmd_gft_id() to initialize nodelist pointer upon\nentry.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50467", "https://git.kernel.org/linus/59b7e210a522b836a01516c71ee85d1d92c1f075 (6.1-rc1)", "https://git.kernel.org/stable/c/04e7cd8c85636a329d1a6e5a269a7c8b6f71c41c", "https://git.kernel.org/stable/c/59b7e210a522b836a01516c71ee85d1d92c1f075", "https://git.kernel.org/stable/c/82dc1fe4324e2c897f2ed1c66f4fcff03094ac3a", "https://lore.kernel.org/linux-cve-announce/2025100122-CVE-2022-50467-13ec@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50467", "https://www.cve.org/CVERecord?id=CVE-2022-50467" ], "PublishedDate": "2025-10-01T12:15:40.457Z", "LastModifiedDate": "2026-01-16T19:15:20.38Z" }, { "VulnerabilityID": "CVE-2022-50479", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50479", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:193fc86642ccf8568e6db426f4037611ee537e227cd84f2868e7379fe932f406", "Title": "kernel: drm/amd: fix potential memory leak", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd: fix potential memory leak\n\nThis patch fix potential memory leak (clk_src) when function run\ninto last return NULL.\n\ns/free/kfree/ - Alex", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50479", "https://git.kernel.org/linus/6160216fd2c97107e8a9ab39863b056d677fcd85 (6.1-rc1)", "https://git.kernel.org/stable/c/6160216fd2c97107e8a9ab39863b056d677fcd85", "https://git.kernel.org/stable/c/a6e6ab9caeac96b277a3fe7da1dfa8f69a591759", "https://lore.kernel.org/linux-cve-announce/2025100439-CVE-2022-50479-de1c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50479", "https://www.cve.org/CVERecord?id=CVE-2022-50479" ], "PublishedDate": "2025-10-04T16:15:44.547Z", "LastModifiedDate": "2026-01-23T20:04:52.49Z" }, { "VulnerabilityID": "CVE-2022-50492", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50492", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:72cf883efb790f38b78e4a30cb6310f034149a777cfba6ef5e9a8df119ba9472", "Title": "kernel: drm/msm: fix use-after-free on probe deferral", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: fix use-after-free on probe deferral\n\nThe bridge counter was never reset when tearing down the DRM device so\nthat stale pointers to deallocated structures would be accessed on the\nnext tear down (e.g. after a second late bind deferral).\n\nGiven enough bridges and a few probe deferrals this could currently also\nlead to data beyond the bridge array being corrupted.\n\nPatchwork: https://patchwork.freedesktop.org/patch/502665/", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50492", "https://git.kernel.org/linus/6808abdb33bf90330e70a687d29f038507e06ebb (6.1-rc3)", "https://git.kernel.org/stable/c/0a30a47741b6df1f9555a0fac6aebb7e8c363bad", "https://git.kernel.org/stable/c/6808abdb33bf90330e70a687d29f038507e06ebb", "https://lore.kernel.org/linux-cve-announce/2025100418-CVE-2022-50492-19b5@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50492", "https://www.cve.org/CVERecord?id=CVE-2022-50492" ], "PublishedDate": "2025-10-04T16:15:46.19Z", "LastModifiedDate": "2026-01-23T20:43:01.383Z" }, { "VulnerabilityID": "CVE-2022-50500", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50500", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:48b4a71218b38d87106932d791dfe7cda91e6d891f62440fa9fd5502a4a4b2f3", "Title": "kernel: netdevsim: fix memory leak in nsim_drv_probe() when nsim_dev_resources_register() failed", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetdevsim: fix memory leak in nsim_drv_probe() when nsim_dev_resources_register() failed\n\nIf some items in nsim_dev_resources_register() fail, memory leak will\noccur. The following is the memory leak information.\n\nunreferenced object 0xffff888074c02600 (size 128):\n comm \"echo\", pid 8159, jiffies 4294945184 (age 493.530s)\n hex dump (first 32 bytes):\n 40 47 ea 89 ff ff ff ff 01 00 00 00 00 00 00 00 @G..............\n ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................\n backtrace:\n [\u003c0000000011a31c98\u003e] kmalloc_trace+0x22/0x60\n [\u003c0000000027384c69\u003e] devl_resource_register+0x144/0x4e0\n [\u003c00000000a16db248\u003e] nsim_drv_probe+0x37a/0x1260\n [\u003c000000007d1f448c\u003e] really_probe+0x20b/0xb10\n [\u003c00000000c416848a\u003e] __driver_probe_device+0x1b3/0x4a0\n [\u003c00000000077e0351\u003e] driver_probe_device+0x49/0x140\n [\u003c0000000054f2465a\u003e] __device_attach_driver+0x18c/0x2a0\n [\u003c000000008538f359\u003e] bus_for_each_drv+0x151/0x1d0\n [\u003c0000000038e09747\u003e] __device_attach+0x1c9/0x4e0\n [\u003c00000000dd86e533\u003e] bus_probe_device+0x1d5/0x280\n [\u003c00000000839bea35\u003e] device_add+0xae0/0x1cb0\n [\u003c000000009c2abf46\u003e] new_device_store+0x3b6/0x5f0\n [\u003c00000000fb823d7f\u003e] bus_attr_store+0x72/0xa0\n [\u003c000000007acc4295\u003e] sysfs_kf_write+0x106/0x160\n [\u003c000000005f50cb4d\u003e] kernfs_fop_write_iter+0x3a8/0x5a0\n [\u003c0000000075eb41bf\u003e] vfs_write+0x8f0/0xc80", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50500", "https://git.kernel.org/linus/6b1da9f7126f05e857da6db24c6a04aa7974d644 (6.1-rc3)", "https://git.kernel.org/stable/c/6b1da9f7126f05e857da6db24c6a04aa7974d644", "https://git.kernel.org/stable/c/7c4957fe40e2a628b7cceaf4c9bfb5b701774d05", "https://lore.kernel.org/linux-cve-announce/2025100420-CVE-2022-50500-787b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50500", "https://www.cve.org/CVERecord?id=CVE-2022-50500" ], "PublishedDate": "2025-10-04T16:15:47.153Z", "LastModifiedDate": "2026-01-22T19:53:01.873Z" }, { "VulnerabilityID": "CVE-2022-50518", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50518", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:23d0ed0ca75a3e8876e18028c79a0f2755d3797e80c6d9feb8852b25abb10cb9", "Title": "kernel: parisc: Fix locking in pdc_iodc_print() firmware call", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nparisc: Fix locking in pdc_iodc_print() firmware call\n\nUtilize pdc_lock spinlock to protect parallel modifications of the\niodc_dbuf[] buffer, check length to prevent buffer overflow of\niodc_dbuf[], drop the iodc_retbuf[] buffer and fix some wrong\nindentings.", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "nvd": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50518", "https://git.kernel.org/linus/7236aae5f81f3efbd93d0601e74fc05994bc2580 (6.2-rc1)", "https://git.kernel.org/stable/c/04a603058e70b8b881bb7860b8bd649f931f2591", "https://git.kernel.org/stable/c/553bc5890ed96a8d006224c3a4673c47fee0d12a", "https://git.kernel.org/stable/c/7236aae5f81f3efbd93d0601e74fc05994bc2580", "https://lore.kernel.org/linux-cve-announce/2025100703-CVE-2022-50518-0bf9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50518", "https://www.cve.org/CVERecord?id=CVE-2022-50518" ], "PublishedDate": "2025-10-07T16:15:35.49Z", "LastModifiedDate": "2026-03-17T14:15:19.117Z" }, { "VulnerabilityID": "CVE-2022-50527", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50527", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:64f3511d0deed8ff31c014b33ae9b234abac4e1086d44baa83f84f8b19ede9cd", "Title": "kernel: drm/amdgpu: Fix size validation for non-exclusive domains (v4)", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix size validation for non-exclusive domains (v4)\n\nFix amdgpu_bo_validate_size() to check whether the TTM domain manager for the\nrequested memory exists, else we get a kernel oops when dereferencing \"man\".\n\nv2: Make the patch standalone, i.e. not dependent on local patches.\nv3: Preserve old behaviour and just check that the manager pointer is not\n NULL.\nv4: Complain if GTT domain requested and it is uninitialized--most likely a\n bug.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50527", "https://git.kernel.org/linus/7554886daa31eacc8e7fac9e15bbce67d10b8f1f (6.2-rc1)", "https://git.kernel.org/stable/c/7554886daa31eacc8e7fac9e15bbce67d10b8f1f", "https://git.kernel.org/stable/c/80546eef216854a7bd47e39e828f04b406c00599", "https://git.kernel.org/stable/c/8ba7c55e112f4ffd2a95b99be1cb1c891ef08ba1", "https://lore.kernel.org/linux-cve-announce/2025100706-CVE-2022-50527-de17@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50527", "https://www.cve.org/CVERecord?id=CVE-2022-50527" ], "PublishedDate": "2025-10-07T16:15:36.65Z", "LastModifiedDate": "2026-03-17T16:53:02.343Z" }, { "VulnerabilityID": "CVE-2022-50539", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50539", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:13d874fd9b034313b9a53cf3e7c924d1dbf0d8f09e4c886e6587807efe668016", "Title": "kernel: ARM: OMAP2+: omap4-common: Fix refcount leak bug", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: OMAP2+: omap4-common: Fix refcount leak bug\n\nIn omap4_sram_init(), of_find_compatible_node() will return a node\npointer with refcount incremented. We should use of_node_put() when\nit is not used anymore.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50539", "https://git.kernel.org/linus/7c32919a378782c95c72bc028b5c30dfe8c11f82 (6.3-rc1)", "https://git.kernel.org/stable/c/049875b76660bbdc4873a915afb294f954eb7320", "https://git.kernel.org/stable/c/1d9452ae3bdb830f9309cf10a2f65977999cb14e", "https://git.kernel.org/stable/c/7c32919a378782c95c72bc028b5c30dfe8c11f82", "https://lore.kernel.org/linux-cve-announce/2025100755-CVE-2022-50539-4f53@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50539", "https://www.cve.org/CVERecord?id=CVE-2022-50539" ], "PublishedDate": "2025-10-07T16:15:38.2Z", "LastModifiedDate": "2026-02-26T23:16:47.367Z" }, { "VulnerabilityID": "CVE-2022-50550", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50550", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:84e47f623ffd98c45473dea5923221812562f3137fba6fd3fcaefdf1253c7360", "Title": "kernel: blk-iolatency: Fix memory leak on add_disk() failures", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-iolatency: Fix memory leak on add_disk() failures\n\nWhen a gendisk is successfully initialized but add_disk() fails such as when\na loop device has invalid number of minor device numbers specified,\nblkcg_init_disk() is called during init and then blkcg_exit_disk() during\nerror handling. Unfortunately, iolatency gets initialized in the former but\ndoesn't get cleaned up in the latter.\n\nThis is because, in non-error cases, the cleanup is performed by\ndel_gendisk() calling rq_qos_exit(), the assumption being that rq_qos\npolicies, iolatency being one of them, can only be activated once the disk\nis fully registered and visible. That assumption is true for wbt and iocost,\nbut not so for iolatency as it gets initialized before add_disk() is called.\n\nIt is desirable to lazy-init rq_qos policies because they are optional\nfeatures and add to hot path overhead once initialized - each IO has to walk\nall the registered rq_qos policies. So, we want to switch iolatency to lazy\ninit too. However, that's a bigger change. As a fix for the immediate\nproblem, let's just add an extra call to rq_qos_exit() in blkcg_exit_disk().\nThis is safe because duplicate calls to rq_qos_exit() become noop's.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50550", "https://git.kernel.org/linus/813e693023ba10da9e75067780f8378465bf27cc (6.2-rc1)", "https://git.kernel.org/stable/c/215f9437dda09531bcb80605298a24219f01cec5", "https://git.kernel.org/stable/c/2a126e1db5553ce4498290df019866952f858954", "https://git.kernel.org/stable/c/813e693023ba10da9e75067780f8378465bf27cc", "https://lore.kernel.org/linux-cve-announce/2025100759-CVE-2022-50550-7147@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50550", "https://www.cve.org/CVERecord?id=CVE-2022-50550" ], "PublishedDate": "2025-10-07T16:15:40.79Z", "LastModifiedDate": "2026-02-26T23:17:48.157Z" }, { "VulnerabilityID": "CVE-2022-50551", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50551", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:72d753a20df670906c6e1954bca60595271e9d01f4156ff2e0595205e30b6ad3", "Title": "kernel: wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request()\n\nThis patch fixes a shift-out-of-bounds in brcmfmac that occurs in\nBIT(chiprev) when a 'chiprev' provided by the device is too large.\nIt should also not be equal to or greater than BITS_PER_TYPE(u32)\nas we do bitwise AND with a u32 variable and BIT(chiprev). The patch\nadds a check that makes the function return NULL if that is the case.\nNote that the NULL case is later handled by the bus-specific caller,\nbrcmf_usb_probe_cb() or brcmf_usb_reset_resume(), for example.\n\nFound by a modified version of syzkaller.\n\nUBSAN: shift-out-of-bounds in drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.c\nshift exponent 151055786 is too large for 64-bit type 'long unsigned int'\nCPU: 0 PID: 1885 Comm: kworker/0:2 Tainted: G O 5.14.0+ #132\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014\nWorkqueue: usb_hub_wq hub_event\nCall Trace:\n dump_stack_lvl+0x57/0x7d\n ubsan_epilogue+0x5/0x40\n __ubsan_handle_shift_out_of_bounds.cold+0x53/0xdb\n ? lock_chain_count+0x20/0x20\n brcmf_fw_alloc_request.cold+0x19/0x3ea\n ? brcmf_fw_get_firmwares+0x250/0x250\n ? brcmf_usb_ioctl_resp_wait+0x1a7/0x1f0\n brcmf_usb_get_fwname+0x114/0x1a0\n ? brcmf_usb_reset_resume+0x120/0x120\n ? number+0x6c4/0x9a0\n brcmf_c_process_clm_blob+0x168/0x590\n ? put_dec+0x90/0x90\n ? enable_ptr_key_workfn+0x20/0x20\n ? brcmf_common_pd_remove+0x50/0x50\n ? rcu_read_lock_sched_held+0xa1/0xd0\n brcmf_c_preinit_dcmds+0x673/0xc40\n ? brcmf_c_set_joinpref_default+0x100/0x100\n ? rcu_read_lock_sched_held+0xa1/0xd0\n ? rcu_read_lock_bh_held+0xb0/0xb0\n ? lock_acquire+0x19d/0x4e0\n ? find_held_lock+0x2d/0x110\n ? brcmf_usb_deq+0x1cc/0x260\n ? mark_held_locks+0x9f/0xe0\n ? lockdep_hardirqs_on_prepare+0x273/0x3e0\n ? _raw_spin_unlock_irqrestore+0x47/0x50\n ? trace_hardirqs_on+0x1c/0x120\n ? brcmf_usb_deq+0x1a7/0x260\n ? brcmf_usb_rx_fill_all+0x5a/0xf0\n brcmf_attach+0x246/0xd40\n ? wiphy_new_nm+0x1476/0x1d50\n ? kmemdup+0x30/0x40\n brcmf_usb_probe+0x12de/0x1690\n ? brcmf_usbdev_qinit.constprop.0+0x470/0x470\n usb_probe_interface+0x25f/0x710\n really_probe+0x1be/0xa90\n __driver_probe_device+0x2ab/0x460\n ? usb_match_id.part.0+0x88/0xc0\n driver_probe_device+0x49/0x120\n __device_attach_driver+0x18a/0x250\n ? driver_allows_async_probing+0x120/0x120\n bus_for_each_drv+0x123/0x1a0\n ? bus_rescan_devices+0x20/0x20\n ? lockdep_hardirqs_on_prepare+0x273/0x3e0\n ? trace_hardirqs_on+0x1c/0x120\n __device_attach+0x207/0x330\n ? device_bind_driver+0xb0/0xb0\n ? kobject_uevent_env+0x230/0x12c0\n bus_probe_device+0x1a2/0x260\n device_add+0xa61/0x1ce0\n ? __mutex_unlock_slowpath+0xe7/0x660\n ? __fw_devlink_link_to_suppliers+0x550/0x550\n usb_set_configuration+0x984/0x1770\n ? kernfs_create_link+0x175/0x230\n usb_generic_driver_probe+0x69/0x90\n usb_probe_device+0x9c/0x220\n really_probe+0x1be/0xa90\n __driver_probe_device+0x2ab/0x460\n driver_probe_device+0x49/0x120\n __device_attach_driver+0x18a/0x250\n ? driver_allows_async_probing+0x120/0x120\n bus_for_each_drv+0x123/0x1a0\n ? bus_rescan_devices+0x20/0x20\n ? lockdep_hardirqs_on_prepare+0x273/0x3e0\n ? trace_hardirqs_on+0x1c/0x120\n __device_attach+0x207/0x330\n ? device_bind_driver+0xb0/0xb0\n ? kobject_uevent_env+0x230/0x12c0\n bus_probe_device+0x1a2/0x260\n device_add+0xa61/0x1ce0\n ? __fw_devlink_link_to_suppliers+0x550/0x550\n usb_new_device.cold+0x463/0xf66\n ? hub_disconnect+0x400/0x400\n ? _raw_spin_unlock_irq+0x24/0x30\n hub_event+0x10d5/0x3330\n ? hub_port_debounce+0x280/0x280\n ? __lock_acquire+0x1671/0x5790\n ? wq_calc_node_cpumask+0x170/0x2a0\n ? lock_release+0x640/0x640\n ? rcu_read_lock_sched_held+0xa1/0xd0\n ? rcu_read_lock_bh_held+0xb0/0xb0\n ? lockdep_hardirqs_on_prepare+0x273/0x3e0\n process_one_work+0x873/0x13e0\n ? lock_release+0x640/0x640\n ? pwq_dec_nr_in_flight+0x320/0x320\n ? rwlock_bug.part.0+0x90/0x90\n worker_thread+0x8b/0xd10\n ? __kthread_parkme+0xd9/0x1d0\n ? pr\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50551", "https://git.kernel.org/linus/81d17f6f3331f03c8eafdacea68ab773426c1e3c (6.2-rc1)", "https://git.kernel.org/stable/c/0b12d2aa264bac35bff9b5399bb162262b2b8949", "https://git.kernel.org/stable/c/1db036d13e10809943c2dce553e2fa7fc9c6cd80", "https://git.kernel.org/stable/c/4c8fc44c44b97854623c56363c359f711fc0b887", "https://git.kernel.org/stable/c/579c9b9838e8a73f6e93ddece07972c241514dcc", "https://git.kernel.org/stable/c/5b06a8a25eba07628313aa3c5496522eff97be53", "https://git.kernel.org/stable/c/81d17f6f3331f03c8eafdacea68ab773426c1e3c", "https://git.kernel.org/stable/c/87792567d9ed93fd336d2c3b8d7870f44e141e6d", "https://git.kernel.org/stable/c/9d2f70fa2c7cc6c73a420ff15682454782d3d6f6", "https://git.kernel.org/stable/c/bc45aa1911bf699b9905f12414e3c1879d6b784f", "https://git.kernel.org/stable/c/ffb589963df103caaf062081a32db0b9e1798660", "https://lore.kernel.org/linux-cve-announce/2025100759-CVE-2022-50551-7398@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50551", "https://www.cve.org/CVERecord?id=CVE-2022-50551" ], "PublishedDate": "2025-10-07T16:15:41.397Z", "LastModifiedDate": "2026-02-26T23:17:54.647Z" }, { "VulnerabilityID": "CVE-2022-50552", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50552", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9def2a679709a203629858325db4d64698f45c7935b42833643bebe336321a9d", "Title": "kernel: blk-mq: use quiesced elevator switch when reinitializing queues", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-mq: use quiesced elevator switch when reinitializing queues\n\nThe hctx's run_work may be racing with the elevator switch when\nreinitializing hardware queues. The queue is merely frozen in this\ncontext, but that only prevents requests from allocating and doesn't\nstop the hctx work from running. The work may get an elevator pointer\nthat's being torn down, and can result in use-after-free errors and\nkernel panics (example below). Use the quiesced elevator switch instead,\nand make the previous one static since it is now only used locally.\n\n nvme nvme0: resetting controller\n nvme nvme0: 32/0/0 default/read/poll queues\n BUG: kernel NULL pointer dereference, address: 0000000000000008\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 80000020c8861067 P4D 80000020c8861067 PUD 250f8c8067 PMD 0\n Oops: 0000 [#1] SMP PTI\n Workqueue: kblockd blk_mq_run_work_fn\n RIP: 0010:kyber_has_work+0x29/0x70\n\n...\n\n Call Trace:\n __blk_mq_do_dispatch_sched+0x83/0x2b0\n __blk_mq_sched_dispatch_requests+0x12e/0x170\n blk_mq_sched_dispatch_requests+0x30/0x60\n __blk_mq_run_hw_queue+0x2b/0x50\n process_one_work+0x1ef/0x380\n worker_thread+0x2d/0x3e0", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50552", "https://git.kernel.org/linus/8237c01f1696bc53c470493bf1fe092a107648a6 (6.1-rc1)", "https://git.kernel.org/stable/c/63a681bcc32a43528ce0f690569f7f48e59c3963", "https://git.kernel.org/stable/c/8237c01f1696bc53c470493bf1fe092a107648a6", "https://git.kernel.org/stable/c/c478b3b2900f1834cf9eda5bfef0d5696099505d", "https://lore.kernel.org/linux-cve-announce/2025100759-CVE-2022-50552-5100@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50552", "https://www.cve.org/CVERecord?id=CVE-2022-50552" ], "PublishedDate": "2025-10-07T16:15:41.91Z", "LastModifiedDate": "2026-02-26T23:17:59.9Z" }, { "VulnerabilityID": "CVE-2022-50554", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50554", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:48e29672d24ff0854f3070568ed45a48fee8eacb1876c7e35b909d214c29714d", "Title": "kernel: blk-mq: avoid double -\u003equeue_rq() because of early timeout", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-mq: avoid double -\u003equeue_rq() because of early timeout\n\nDavid Jeffery found one double -\u003equeue_rq() issue, so far it can\nbe triggered in VM use case because of long vmexit latency or preempt\nlatency of vCPU pthread or long page fault in vCPU pthread, then block\nIO req could be timed out before queuing the request to hardware but after\ncalling blk_mq_start_request() during -\u003equeue_rq(), then timeout handler\nmay handle it by requeue, then double -\u003equeue_rq() is caused, and kernel\npanic.\n\nSo far, it is driver's responsibility to cover the race between timeout\nand completion, so it seems supposed to be solved in driver in theory,\ngiven driver has enough knowledge.\n\nBut it is really one common problem, lots of driver could have similar\nissue, and could be hard to fix all affected drivers, even it isn't easy\nfor driver to handle the race. So David suggests this patch by draining\nin-progress -\u003equeue_rq() for solving this issue.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H", "V3Score": 5.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50554", "https://git.kernel.org/linus/82c229476b8f6afd7e09bc4dc77d89dc19ff7688 (6.2-rc1)", "https://git.kernel.org/stable/c/7a73c54a3750895888ab586896736c9434e062a1", "https://git.kernel.org/stable/c/82c229476b8f6afd7e09bc4dc77d89dc19ff7688", "https://git.kernel.org/stable/c/8b3d6b029a552d2978bbac275303d11419826a69", "https://lore.kernel.org/linux-cve-announce/2025100700-CVE-2022-50554-f4fb@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50554", "https://www.cve.org/CVERecord?id=CVE-2022-50554" ], "PublishedDate": "2025-10-07T16:15:43.423Z", "LastModifiedDate": "2026-02-06T13:44:50.99Z" }, { "VulnerabilityID": "CVE-2022-50571", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50571", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9569a413682aab4845d0d98b7584f33301881f9a4f1d2c06152beb2643967688", "Title": "kernel: btrfs: call __btrfs_remove_free_space_cache_locked on cache load failure", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: call __btrfs_remove_free_space_cache_locked on cache load failure\n\nNow that lockdep is staying enabled through our entire CI runs I started\nseeing the following stack in generic/475\n\n------------[ cut here ]------------\nWARNING: CPU: 1 PID: 2171864 at fs/btrfs/discard.c:604 btrfs_discard_update_discardable+0x98/0xb0\nCPU: 1 PID: 2171864 Comm: kworker/u4:0 Not tainted 5.19.0-rc8+ #789\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-2.fc32 04/01/2014\nWorkqueue: btrfs-cache btrfs_work_helper\nRIP: 0010:btrfs_discard_update_discardable+0x98/0xb0\nRSP: 0018:ffffb857c2f7bad0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff8c85c605c200 RCX: 0000000000000001\nRDX: 0000000000000000 RSI: ffffffff86807c5b RDI: ffffffff868a831e\nRBP: ffff8c85c4c54000 R08: 0000000000000000 R09: 0000000000000000\nR10: ffff8c85c66932f0 R11: 0000000000000001 R12: ffff8c85c3899010\nR13: ffff8c85d5be4f40 R14: ffff8c85c4c54000 R15: ffff8c86114bfa80\nFS: 0000000000000000(0000) GS:ffff8c863bd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f2e7f168160 CR3: 000000010289a004 CR4: 0000000000370ee0\nCall Trace:\n\n __btrfs_remove_free_space_cache+0x27/0x30\n load_free_space_cache+0xad2/0xaf0\n caching_thread+0x40b/0x650\n ? lock_release+0x137/0x2d0\n btrfs_work_helper+0xf2/0x3e0\n ? lock_is_held_type+0xe2/0x140\n process_one_work+0x271/0x590\n ? process_one_work+0x590/0x590\n worker_thread+0x52/0x3b0\n ? process_one_work+0x590/0x590\n kthread+0xf0/0x120\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x1f/0x30\n\nThis is the code\n\n ctl = block_group-\u003efree_space_ctl;\n discard_ctl = \u0026block_group-\u003efs_info-\u003ediscard_ctl;\n\n lockdep_assert_held(\u0026ctl-\u003etree_lock);\n\nWe have a temporary free space ctl for loading the free space cache in\norder to avoid having allocations happening while we're loading the\ncache. When we hit an error we free it all up, however this also calls\nbtrfs_discard_update_discardable, which requires\nblock_group-\u003efree_space_ctl-\u003etree_lock to be held. However this is our\ntemporary ctl so this lock isn't held. Fix this by calling\n__btrfs_remove_free_space_cache_locked instead so that we only clean up\nthe entries and do not mess with the discardable stats.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50571", "https://git.kernel.org/linus/8a1ae2781dee9fc21ca82db682d37bea4bd074ad (6.1-rc1)", "https://git.kernel.org/stable/c/819a61301275dcc573e3f520be3dc2c8531bee2d", "https://git.kernel.org/stable/c/8a1ae2781dee9fc21ca82db682d37bea4bd074ad", "https://lore.kernel.org/linux-cve-announce/2025102208-CVE-2022-50571-00cd@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50571", "https://www.cve.org/CVERecord?id=CVE-2022-50571" ], "PublishedDate": "2025-10-22T14:15:42.02Z", "LastModifiedDate": "2025-10-22T21:12:48.953Z" }, { "VulnerabilityID": "CVE-2022-50583", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50583", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c7ca512b7ee1aa1cb4abaf43a3a74afa68b4f0d503d91bfba28fe29aa31d2c76", "Title": "kernel: md/raid0, raid10: Don't set discard sectors for request queue", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid0, raid10: Don't set discard sectors for request queue\n\nIt should use disk_stack_limits to get a proper max_discard_sectors\nrather than setting a value by stack drivers.\n\nAnd there is a bug. If all member disks are rotational devices,\nraid0/raid10 set max_discard_sectors. So the member devices are\nnot ssd/nvme, but raid0/raid10 export the wrong value. It reports\nwarning messages in function __blkdev_issue_discard when mkfs.xfs\nlike this:\n\n[ 4616.022599] ------------[ cut here ]------------\n[ 4616.027779] WARNING: CPU: 4 PID: 99634 at block/blk-lib.c:50 __blkdev_issue_discard+0x16a/0x1a0\n[ 4616.140663] RIP: 0010:__blkdev_issue_discard+0x16a/0x1a0\n[ 4616.146601] Code: 24 4c 89 20 31 c0 e9 fe fe ff ff c1 e8 09 8d 48 ff 4c 89 f0 4c 09 e8 48 85 c1 0f 84 55 ff ff ff b8 ea ff ff ff e9 df fe ff ff \u003c0f\u003e 0b 48 8d 74 24 08 e8 ea d6 00 00 48 c7 c6 20 1e 89 ab 48 c7 c7\n[ 4616.167567] RSP: 0018:ffffaab88cbffca8 EFLAGS: 00010246\n[ 4616.173406] RAX: ffff9ba1f9e44678 RBX: 0000000000000000 RCX: ffff9ba1c9792080\n[ 4616.181376] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff9ba1c9792080\n[ 4616.189345] RBP: 0000000000000cc0 R08: ffffaab88cbffd10 R09: 0000000000000000\n[ 4616.197317] R10: 0000000000000012 R11: 0000000000000000 R12: 0000000000000000\n[ 4616.205288] R13: 0000000000400000 R14: 0000000000000cc0 R15: ffff9ba1c9792080\n[ 4616.213259] FS: 00007f9a5534e980(0000) GS:ffff9ba1b7c80000(0000) knlGS:0000000000000000\n[ 4616.222298] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 4616.228719] CR2: 000055a390a4c518 CR3: 0000000123e40006 CR4: 00000000001706e0\n[ 4616.236689] Call Trace:\n[ 4616.239428] blkdev_issue_discard+0x52/0xb0\n[ 4616.244108] blkdev_common_ioctl+0x43c/0xa00\n[ 4616.248883] blkdev_ioctl+0x116/0x280\n[ 4616.252977] __x64_sys_ioctl+0x8a/0xc0\n[ 4616.257163] do_syscall_64+0x5c/0x90\n[ 4616.261164] ? handle_mm_fault+0xc5/0x2a0\n[ 4616.265652] ? do_user_addr_fault+0x1d8/0x690\n[ 4616.270527] ? do_syscall_64+0x69/0x90\n[ 4616.274717] ? exc_page_fault+0x62/0x150\n[ 4616.279097] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[ 4616.284748] RIP: 0033:0x7f9a55398c6b", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "V3Score": 2.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50583", "https://git.kernel.org/linus/8e1a2279ca2b0485cc379a153d02a9793f74a48f (6.2-rc1)", "https://git.kernel.org/stable/c/27e5d61a8e6919b5c0c6f473703ffea2acba862a", "https://git.kernel.org/stable/c/8e1a2279ca2b0485cc379a153d02a9793f74a48f", "https://git.kernel.org/stable/c/e80bef070699d2e791badefccb1ddabd6998d468", "https://lore.kernel.org/linux-cve-announce/2025120822-CVE-2022-50583-a25a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50583", "https://www.cve.org/CVERecord?id=CVE-2022-50583" ], "PublishedDate": "2025-12-08T02:15:46.903Z", "LastModifiedDate": "2025-12-08T18:26:19.9Z" }, { "VulnerabilityID": "CVE-2022-50616", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50616", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:076bc7c41cd8c137fc2c97b66fa3b4cb18b11bc569cdedc10c6801d97b3aedbe", "Title": "kernel: regulator: core: Use different devices for resource allocation and DT lookup", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: core: Use different devices for resource allocation and DT lookup\n\nFollowing by the below discussion, there's the potential UAF issue\nbetween regulator and mfd.\nhttps://lore.kernel.org/all/20221128143601.1698148-1-yangyingliang@huawei.com/\n\nFrom the analysis of Yingliang\n\nCPU A\t\t\t\t|CPU B\nmt6370_probe()\t\t\t|\n devm_mfd_add_devices()\t|\n\t\t\t\t|mt6370_regulator_probe()\n\t\t\t\t| regulator_register()\n\t\t\t\t| //allocate init_data and add it to devres\n\t\t\t\t| regulator_of_get_init_data()\ni2c_unregister_device()\t\t|\n device_del()\t\t\t|\n devres_release_all()\t|\n // init_data is freed\t|\n release_nodes()\t\t|\n\t\t\t\t| // using init_data causes UAF\n\t\t\t\t| regulator_register()\n\nIt's common to use mfd core to create child device for the regulator.\nIn order to do the DT lookup for init data, the child that registered\nthe regulator would pass its parent as the parameter. And this causes\ninit data resource allocated to its parent, not itself. The issue happen\nwhen parent device is going to release and regulator core is still doing\nsome operation of init data constraint for the regulator of child device.\n\nTo fix it, this patch expand 'regulator_register' API to use the\ndifferent devices for init data allocation and DT lookup.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50616", "https://git.kernel.org/linus/8f3cbcd6b440032ebc7f7d48a1689dcc70a4eb98 (6.2-rc1)", "https://git.kernel.org/stable/c/8f3cbcd6b440032ebc7f7d48a1689dcc70a4eb98", "https://git.kernel.org/stable/c/b0f25ca1ff9be7abd1679ae7e59a8f25dbffe67a", "https://git.kernel.org/stable/c/cb29811d989bcb7ea81ca111c4b13878b344e086", "https://lore.kernel.org/linux-cve-announce/2025120851-CVE-2022-50616-bef8@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50616", "https://www.cve.org/CVERecord?id=CVE-2022-50616" ], "PublishedDate": "2025-12-08T02:15:47.33Z", "LastModifiedDate": "2025-12-08T18:26:19.9Z" }, { "VulnerabilityID": "CVE-2022-50627", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50627", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0d6bcaaa79a261c259bdc0385bb8ec53ad7da78e5763f28a0c361fda07fae982", "Title": "kernel: wifi: ath11k: fix monitor mode bringup crash", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix monitor mode bringup crash\n\nWhen the interface is brought up in monitor mode, it leads\nto NULL pointer dereference crash. This crash happens when\nthe packet type is extracted for a SKB. This extraction\nwhich is present in the received msdu delivery path,is\nnot needed for the monitor ring packets since they are\nall RAW packets. Hence appending the flags with\n\"RX_FLAG_ONLY_MONITOR\" to skip that extraction.\n\nObserved calltrace:\n\nUnable to handle kernel NULL pointer dereference at virtual address\n0000000000000064\nMem abort info:\n ESR = 0x0000000096000004\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x04: level 0 translation fault\nData abort info:\n ISV = 0, ISS = 0x00000004\n CM = 0, WnR = 0\nuser pgtable: 4k pages, 48-bit VAs, pgdp=0000000048517000\n[0000000000000064] pgd=0000000000000000, p4d=0000000000000000\nInternal error: Oops: 0000000096000004 [#1] PREEMPT SMP\nModules linked in: ath11k_pci ath11k qmi_helpers\nCPU: 2 PID: 1781 Comm: napi/-271 Not tainted\n6.1.0-rc5-wt-ath-656295-gef907406320c-dirty #6\nHardware name: Qualcomm Technologies, Inc. IPQ8074/AP-HK10-C2 (DT)\npstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : ath11k_hw_qcn9074_rx_desc_get_decap_type+0x34/0x60 [ath11k]\nlr : ath11k_hw_qcn9074_rx_desc_get_decap_type+0x5c/0x60 [ath11k]\nsp : ffff80000ef5bb10\nx29: ffff80000ef5bb10 x28: 0000000000000000 x27: ffff000007baafa0\nx26: ffff000014a91ed0 x25: 0000000000000000 x24: 0000000000000000\nx23: ffff800002b77378 x22: ffff000014a91ec0 x21: ffff000006c8d600\nx20: 0000000000000000 x19: ffff800002b77740 x18: 0000000000000006\nx17: 736564203634343a x16: 656e694c20657079 x15: 0000000000000143\nx14: 00000000ffffffea x13: ffff80000ef5b8b8 x12: ffff80000ef5b8c8\nx11: ffff80000a591d30 x10: ffff80000a579d40 x9 : c0000000ffffefff\nx8 : 0000000000000003 x7 : 0000000000017fe8 x6 : ffff80000a579ce8\nx5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000\nx2 : 3a35ec12ed7f8900 x1 : 0000000000000000 x0 : 0000000000000052\nCall trace:\n ath11k_hw_qcn9074_rx_desc_get_decap_type+0x34/0x60 [ath11k]\n ath11k_dp_rx_deliver_msdu.isra.42+0xa4/0x3d0 [ath11k]\n ath11k_dp_rx_mon_deliver.isra.43+0x2f8/0x458 [ath11k]\n ath11k_dp_rx_process_mon_rings+0x310/0x4c0 [ath11k]\n ath11k_dp_service_srng+0x234/0x338 [ath11k]\n ath11k_pcic_ext_grp_napi_poll+0x30/0xb8 [ath11k]\n __napi_poll+0x5c/0x190\n napi_threaded_poll+0xf0/0x118\n kthread+0xf4/0x110\n ret_from_fork+0x10/0x20\n\nTested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50627", "https://git.kernel.org/linus/950b43f8bd8a4d476d2da6d2a083a89bcd3c90d7 (6.3-rc1)", "https://git.kernel.org/stable/c/9089c3080a98f1452335e08b8014a28003a211ce", "https://git.kernel.org/stable/c/950b43f8bd8a4d476d2da6d2a083a89bcd3c90d7", "https://git.kernel.org/stable/c/d6ea1ca1d456bb661e5a9d104e69d2c261161115", "https://lore.kernel.org/linux-cve-announce/2025120853-CVE-2022-50627-a907@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50627", "https://www.cve.org/CVERecord?id=CVE-2022-50627" ], "PublishedDate": "2025-12-08T02:15:48.797Z", "LastModifiedDate": "2025-12-08T18:26:19.9Z" }, { "VulnerabilityID": "CVE-2022-50628", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50628", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4187478aba2a4d3775aae06f4a0d07f287c58a6ebe5c65f95973502d5b7c0c0c", "Title": "kernel: drm/gud: Fix UBSAN warning", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gud: Fix UBSAN warning\n\nUBSAN complains about invalid value for bool:\n\n[ 101.165172] [drm] Initialized gud 1.0.0 20200422 for 2-3.2:1.0 on minor 1\n[ 101.213360] gud 2-3.2:1.0: [drm] fb1: guddrmfb frame buffer device\n[ 101.213426] usbcore: registered new interface driver gud\n[ 101.989431] ================================================================================\n[ 101.989441] UBSAN: invalid-load in linux/include/linux/iosys-map.h:253:9\n[ 101.989447] load of value 121 is not a valid value for type '_Bool'\n[ 101.989451] CPU: 1 PID: 455 Comm: kworker/1:6 Not tainted 5.18.0-rc5-gud-5.18-rc5 #3\n[ 101.989456] Hardware name: Hewlett-Packard HP EliteBook 820 G1/1991, BIOS L71 Ver. 01.44 04/12/2018\n[ 101.989459] Workqueue: events_long gud_flush_work [gud]\n[ 101.989471] Call Trace:\n[ 101.989474] \u003cTASK\u003e\n[ 101.989479] dump_stack_lvl+0x49/0x5f\n[ 101.989488] dump_stack+0x10/0x12\n[ 101.989493] ubsan_epilogue+0x9/0x3b\n[ 101.989498] __ubsan_handle_load_invalid_value.cold+0x44/0x49\n[ 101.989504] dma_buf_vmap.cold+0x38/0x3d\n[ 101.989511] ? find_busiest_group+0x48/0x300\n[ 101.989520] drm_gem_shmem_vmap+0x76/0x1b0 [drm_shmem_helper]\n[ 101.989528] drm_gem_shmem_object_vmap+0x9/0xb [drm_shmem_helper]\n[ 101.989535] drm_gem_vmap+0x26/0x60 [drm]\n[ 101.989594] drm_gem_fb_vmap+0x47/0x150 [drm_kms_helper]\n[ 101.989630] gud_prep_flush+0xc1/0x710 [gud]\n[ 101.989639] ? _raw_spin_lock+0x17/0x40\n[ 101.989648] gud_flush_work+0x1e0/0x430 [gud]\n[ 101.989653] ? __switch_to+0x11d/0x470\n[ 101.989664] process_one_work+0x21f/0x3f0\n[ 101.989673] worker_thread+0x200/0x3e0\n[ 101.989679] ? rescuer_thread+0x390/0x390\n[ 101.989684] kthread+0xfd/0x130\n[ 101.989690] ? kthread_complete_and_exit+0x20/0x20\n[ 101.989696] ret_from_fork+0x22/0x30\n[ 101.989706] \u003c/TASK\u003e\n[ 101.989708] ================================================================================\n\nThe source of this warning is in iosys_map_clear() called from\ndma_buf_vmap(). It conditionally sets values based on map-\u003eis_iomem. The\niosys_map variables are allocated uninitialized on the stack leading to\n-\u003eis_iomem having all kinds of values and not only 0/1.\n\nFix this by zeroing the iosys_map variables.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50628", "https://git.kernel.org/linus/951df98024f7272f85df5044eca7374f5b5b24ef (6.3-rc1)", "https://git.kernel.org/stable/c/832f861a46039d50536dcfda0a9fb334b48d0f8b", "https://git.kernel.org/stable/c/951df98024f7272f85df5044eca7374f5b5b24ef", "https://git.kernel.org/stable/c/e1078b270d218f8d58efb4d78ea25a4d16ba3490", "https://lore.kernel.org/linux-cve-announce/2025120854-CVE-2022-50628-69d3@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50628", "https://www.cve.org/CVERecord?id=CVE-2022-50628" ], "PublishedDate": "2025-12-08T02:15:48.927Z", "LastModifiedDate": "2025-12-08T18:26:19.9Z" }, { "VulnerabilityID": "CVE-2022-50634", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50634", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2b3dde51834e779594e36c3b5c0f9449bf551d4e93d59ac4b0befed00439cef6", "Title": "kernel: power: supply: cw2015: Fix potential null-ptr-deref in cw_bat_probe()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\npower: supply: cw2015: Fix potential null-ptr-deref in cw_bat_probe()\n\ncw_bat_probe() calls create_singlethread_workqueue() and not checked the\nret value, which may return NULL. And a null-ptr-deref may happen:\n\ncw_bat_probe()\n create_singlethread_workqueue() # failed, cw_bat-\u003ewq is NULL\n queue_delayed_work()\n queue_delayed_work_on()\n __queue_delayed_work() # warning here, but continue\n __queue_work() # access wq-\u003eflags, null-ptr-deref\n\nCheck the ret value and return -ENOMEM if it is NULL.", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50634", "https://git.kernel.org/linus/97f2b4ddb0aa700d673691a7d5e44d226d22bab7 (6.2-rc1)", "https://git.kernel.org/stable/c/5150b76aa2eb8bb8feb7f7a048417f9d39c3dd04", "https://git.kernel.org/stable/c/97f2b4ddb0aa700d673691a7d5e44d226d22bab7", "https://git.kernel.org/stable/c/f7e2ba8ed08138102f21f3fe6414498c93177fd8", "https://lore.kernel.org/linux-cve-announce/2025120934-CVE-2022-50634-2887@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50634", "https://www.cve.org/CVERecord?id=CVE-2022-50634" ], "PublishedDate": "2025-12-09T01:16:45.59Z", "LastModifiedDate": "2025-12-09T18:37:13.64Z" }, { "VulnerabilityID": "CVE-2022-50700", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50700", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9c8612249cd57a1a9cd4186b526685302d12f757fd9c525867f9d370d73348c2", "Title": "kernel: wifi: ath10k: Delay the unmapping of the buffer", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath10k: Delay the unmapping of the buffer\n\nOn WCN3990, we are seeing a rare scenario where copy engine hardware is\nsending a copy complete interrupt to the host driver while still\nprocessing the buffer that the driver has sent, this is leading into an\nSMMU fault triggering kernel panic. This is happening on copy engine\nchannel 3 (CE3) where the driver normally enqueues WMI commands to the\nfirmware. Upon receiving a copy complete interrupt, host driver will\nimmediately unmap and frees the buffer presuming that hardware has\nprocessed the buffer. In the issue case, upon receiving copy complete\ninterrupt, host driver will unmap and free the buffer but since hardware\nis still accessing the buffer (which in this case got unmapped in\nparallel), SMMU hardware will trigger an SMMU fault resulting in a\nkernel panic.\n\nIn order to avoid this, as a work around, add a delay before unmapping\nthe copy engine source DMA buffer. This is conditionally done for\nWCN3990 and only for the CE3 channel where issue is seen.\n\nBelow is the crash signature:\n\nwifi smmu error: kernel: [ 10.120965] arm-smmu 15000000.iommu: Unhandled\ncontext fault: fsr=0x402, iova=0x7fdfd8ac0,\nfsynr=0x500003,cbfrsynra=0xc1, cb=6 arm-smmu 15000000.iommu: Unhandled\ncontext fault:fsr=0x402, iova=0x7fe06fdc0, fsynr=0x710003,\ncbfrsynra=0xc1, cb=6 qcom-q6v5-mss 4080000.remoteproc: fatal error\nreceived: err_qdi.c:1040:EF:wlan_process:0x1:WLAN RT:0x2091:\ncmnos_thread.c:3998:Asserted in copy_engine.c:AXI_ERROR_DETECTED:2149\nremoteproc remoteproc0: crash detected in\n4080000.remoteproc: type fatal error \u003c3\u003e remoteproc remoteproc0:\nhandling crash #1 in 4080000.remoteproc\n\npc : __arm_lpae_unmap+0x500/0x514\nlr : __arm_lpae_unmap+0x4bc/0x514\nsp : ffffffc011ffb530\nx29: ffffffc011ffb590 x28: 0000000000000000\nx27: 0000000000000000 x26: 0000000000000004\nx25: 0000000000000003 x24: ffffffc011ffb890\nx23: ffffffa762ef9be0 x22: ffffffa77244ef00\nx21: 0000000000000009 x20: 00000007fff7c000\nx19: 0000000000000003 x18: 0000000000000000\nx17: 0000000000000004 x16: ffffffd7a357d9f0\nx15: 0000000000000000 x14: 00fd5d4fa7ffffff\nx13: 000000000000000e x12: 0000000000000000\nx11: 00000000ffffffff x10: 00000000fffffe00\nx9 : 000000000000017c x8 : 000000000000000c\nx7 : 0000000000000000 x6 : ffffffa762ef9000\nx5 : 0000000000000003 x4 : 0000000000000004\nx3 : 0000000000001000 x2 : 00000007fff7c000\nx1 : ffffffc011ffb890 x0 : 0000000000000000 Call trace:\n__arm_lpae_unmap+0x500/0x514\n__arm_lpae_unmap+0x4bc/0x514\n__arm_lpae_unmap+0x4bc/0x514\narm_lpae_unmap_pages+0x78/0xa4\narm_smmu_unmap_pages+0x78/0x104\n__iommu_unmap+0xc8/0x1e4\niommu_unmap_fast+0x38/0x48\n__iommu_dma_unmap+0x84/0x104\niommu_dma_free+0x34/0x50\ndma_free_attrs+0xa4/0xd0\nath10k_htt_rx_free+0xc4/0xf4 [ath10k_core] ath10k_core_stop+0x64/0x7c\n[ath10k_core]\nath10k_halt+0x11c/0x180 [ath10k_core]\nath10k_stop+0x54/0x94 [ath10k_core]\ndrv_stop+0x48/0x1c8 [mac80211]\nieee80211_do_open+0x638/0x77c [mac80211] ieee80211_open+0x48/0x5c\n[mac80211]\n__dev_open+0xb4/0x174\n__dev_change_flags+0xc4/0x1dc\ndev_change_flags+0x3c/0x7c\ndevinet_ioctl+0x2b4/0x580\ninet_ioctl+0xb0/0x1b4\nsock_do_ioctl+0x4c/0x16c\ncompat_ifreq_ioctl+0x1cc/0x35c\ncompat_sock_ioctl+0x110/0x2ac\n__arm64_compat_sys_ioctl+0xf4/0x3e0\nel0_svc_common+0xb4/0x17c\nel0_svc_compat_handler+0x2c/0x58\nel0_svc_compat+0x8/0x2c\n\nTested-on: WCN3990 hw1.0 SNOC WLAN.HL.2.0-01387-QCAHLSWMTPLZ-1", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50700", "https://git.kernel.org/stable/c/79a124b588aadb5a22695542778de14366ff3219", "https://git.kernel.org/stable/c/acd4324e5f1f11351630234297f95076f0ac9a2f", "https://git.kernel.org/stable/c/c4bedc3cda09d896c92adcdb6b62aa93b0c47a8a", "https://lore.kernel.org/linux-cve-announce/2025122418-CVE-2022-50700-9cf6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50700", "https://www.cve.org/CVERecord?id=CVE-2022-50700" ], "PublishedDate": "2025-12-24T11:15:50.153Z", "LastModifiedDate": "2025-12-29T15:58:56.26Z" }, { "VulnerabilityID": "CVE-2022-50704", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50704", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7ef96ea82e08b586eff58411b5b07ca1fbc7eabec20ba4bf876d5d009e22bb6c", "Title": "kernel: USB: gadget: Fix use-after-free during usb config switch", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: Fix use-after-free during usb config switch\n\nIn the process of switching USB config from rndis to other config,\nif the hardware does not support the -\u003epullup callback, or the\nhardware encounters a low probability fault, both of them may cause\nthe -\u003epullup callback to fail, which will then cause a system panic\n(use after free).\n\nThe gadget drivers sometimes need to be unloaded regardless of the\nhardware's behavior.\n\nAnalysis as follows:\n=======================================================================\n(1) write /config/usb_gadget/g1/UDC \"none\"\n\ngether_disconnect+0x2c/0x1f8\nrndis_disable+0x4c/0x74\ncomposite_disconnect+0x74/0xb0\nconfigfs_composite_disconnect+0x60/0x7c\nusb_gadget_disconnect+0x70/0x124\nusb_gadget_unregister_driver+0xc8/0x1d8\ngadget_dev_desc_UDC_store+0xec/0x1e4\n\n(2) rm /config/usb_gadget/g1/configs/b.1/f1\n\nrndis_deregister+0x28/0x54\nrndis_free+0x44/0x7c\nusb_put_function+0x14/0x1c\nconfig_usb_cfg_unlink+0xc4/0xe0\nconfigfs_unlink+0x124/0x1c8\nvfs_unlink+0x114/0x1dc\n\n(3) rmdir /config/usb_gadget/g1/functions/rndis.gs4\n\npanic+0x1fc/0x3d0\ndo_page_fault+0xa8/0x46c\ndo_mem_abort+0x3c/0xac\nel1_sync_handler+0x40/0x78\n0xffffff801138f880\nrndis_close+0x28/0x34\neth_stop+0x74/0x110\ndev_close_many+0x48/0x194\nrollback_registered_many+0x118/0x814\nunregister_netdev+0x20/0x30\ngether_cleanup+0x1c/0x38\nrndis_attr_release+0xc/0x14\nkref_put+0x74/0xb8\nconfigfs_rmdir+0x314/0x374\n\nIf gadget-\u003eops-\u003epullup() return an error, function rndis_close() will be\ncalled, then it will causes a use-after-free problem.\n=======================================================================", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50704", "https://git.kernel.org/stable/c/30e926aa835ac2e6ad05822e4cb75833feb0d99f", "https://git.kernel.org/stable/c/99a58ac42d9b6911834b0224b6782aea0c311346", "https://git.kernel.org/stable/c/afdc12887f2b2ecf20d065a7d81ad29824155083", "https://lore.kernel.org/linux-cve-announce/2025122419-CVE-2022-50704-ca2b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50704", "https://www.cve.org/CVERecord?id=CVE-2022-50704" ], "PublishedDate": "2025-12-24T11:15:50.573Z", "LastModifiedDate": "2025-12-29T15:58:56.26Z" }, { "VulnerabilityID": "CVE-2022-50708", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50708", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:636420bb5552f2d6bce2559387c7b001eb3cfd91d4bc79ccd6d2c16746e81206", "Title": "kernel: HSI: ssi_protocol: fix potential resource leak in ssip_pn_open()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nHSI: ssi_protocol: fix potential resource leak in ssip_pn_open()\n\nssip_pn_open() claims the HSI client's port with hsi_claim_port(). When\nhsi_register_port_event() gets some error and returns a negetive value,\nthe HSI client's port should be released with hsi_release_port().\n\nFix it by calling hsi_release_port() when hsi_register_port_event() fails.", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50708", "https://git.kernel.org/stable/c/78b0ef14896f843c45372f9bbdb6f6070f977eaf", "https://git.kernel.org/stable/c/b28dbcb379e6a7f80262c2732a57681b1ee548ca", "https://git.kernel.org/stable/c/e78b45b3eeee1cec77c794fcbf0512537c20b1dc", "https://lore.kernel.org/linux-cve-announce/2025122420-CVE-2022-50708-dfe3@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50708", "https://www.cve.org/CVERecord?id=CVE-2022-50708" ], "PublishedDate": "2025-12-24T11:15:50.983Z", "LastModifiedDate": "2025-12-29T15:58:56.26Z" }, { "VulnerabilityID": "CVE-2022-50720", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50720", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:34f7ae36c49553661d1a581a0560d4b8971b4b961ca18916b6420282526a5d96", "Title": "kernel: x86/apic: Don't disable x2APIC if locked", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/apic: Don't disable x2APIC if locked\n\nThe APIC supports two modes, legacy APIC (or xAPIC), and Extended APIC\n(or x2APIC). X2APIC mode is mostly compatible with legacy APIC, but\nit disables the memory-mapped APIC interface in favor of one that uses\nMSRs. The APIC mode is controlled by the EXT bit in the APIC MSR.\n\nThe MMIO/xAPIC interface has some problems, most notably the APIC LEAK\n[1]. This bug allows an attacker to use the APIC MMIO interface to\nextract data from the SGX enclave.\n\nIntroduce support for a new feature that will allow the BIOS to lock\nthe APIC in x2APIC mode. If the APIC is locked in x2APIC mode and the\nkernel tries to disable the APIC or revert to legacy APIC mode a GP\nfault will occur.\n\nIntroduce support for a new MSR (IA32_XAPIC_DISABLE_STATUS) and handle\nthe new locked mode when the LEGACY_XAPIC_DISABLED bit is set by\npreventing the kernel from trying to disable the x2APIC.\n\nOn platforms with the IA32_XAPIC_DISABLE_STATUS MSR, if SGX or TDX are\nenabled the LEGACY_XAPIC_DISABLED will be set by the BIOS. If\nlegacy APIC is required, then it SGX and TDX need to be disabled in the\nBIOS.\n\n[1]: https://aepicleak.com/aepicleak.pdf", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50720", "https://git.kernel.org/stable/c/05785ba834f23272f9d23427ae4a80ac505a5296", "https://git.kernel.org/stable/c/b8d1d163604bd1e600b062fb00de5dc42baa355f", "https://git.kernel.org/stable/c/dd1241e00addbf0b95f6cd6ce32152692820657e", "https://lore.kernel.org/linux-cve-announce/2025122417-CVE-2022-50720-0297@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50720", "https://www.cve.org/CVERecord?id=CVE-2022-50720" ], "PublishedDate": "2025-12-24T13:15:58.667Z", "LastModifiedDate": "2025-12-29T15:58:34.503Z" }, { "VulnerabilityID": "CVE-2022-50721", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50721", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3f76e4c779a2152cb43832bef0ac96f439a99fa565758b58044eb1f3c55e92b3", "Title": "kernel: dmaengine: qcom-adm: fix wrong calling convention for prep_slave_sg", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: qcom-adm: fix wrong calling convention for prep_slave_sg\n\nThe calling convention for pre_slave_sg is to return NULL on error and\nprovide an error log to the system. Qcom-adm instead provide error\npointer when an error occur. This indirectly cause kernel panic for\nexample for the nandc driver that checks only if the pointer returned by\ndevice_prep_slave_sg is not NULL. Returning an error pointer makes nandc\nthink the device_prep_slave_sg function correctly completed and makes\nthe kernel panics later in the code.\n\nWhile nandc is the one that makes the kernel crash, it was pointed out\nthat the real problem is qcom-adm not following calling convention for\nthat function.\n\nTo fix this, drop returning error pointer and return NULL with an error\nlog.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50721", "https://git.kernel.org/stable/c/5653bd0200944e5803fa8e32dc36aa49931312f9", "https://git.kernel.org/stable/c/9a041174c58a226e713f6cebd41eccec7a5cfa72", "https://git.kernel.org/stable/c/b9d2140c3badf4107973ad77c5a0ec3075705c85", "https://lore.kernel.org/linux-cve-announce/2025122417-CVE-2022-50721-9683@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50721", "https://www.cve.org/CVERecord?id=CVE-2022-50721" ], "PublishedDate": "2025-12-24T13:15:58.767Z", "LastModifiedDate": "2025-12-29T15:58:34.503Z" }, { "VulnerabilityID": "CVE-2022-50746", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50746", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:40be2567c6fc45f82e20744aebd78ae330e132baf2e071c65af24cd5c8c2df3a", "Title": "kernel: erofs: validate the extent length for uncompressed pclusters", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: validate the extent length for uncompressed pclusters\n\nsyzkaller reported a KASAN use-after-free:\nhttps://syzkaller.appspot.com/bug?extid=2ae90e873e97f1faf6f2\n\nThe referenced fuzzed image actually has two issues:\n - m_pa == 0 as a non-inlined pcluster;\n - The logical length is longer than its physical length.\n\nThe first issue has already been addressed. This patch addresses\nthe second issue by checking the extent length validity.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50746", "https://git.kernel.org/stable/c/40c73b2ea9611b5388807be406f30f5e4e1162da", "https://git.kernel.org/stable/c/c505feba4c0d76084e56ec498ce819f02a7043ae", "https://git.kernel.org/stable/c/dc8b6bd587b13b85aff6e9d36cdfcd3f955cac9e", "https://lore.kernel.org/linux-cve-announce/2025122450-CVE-2022-50746-7cbf@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50746", "https://www.cve.org/CVERecord?id=CVE-2022-50746" ], "PublishedDate": "2025-12-24T13:16:01.313Z", "LastModifiedDate": "2025-12-29T15:58:34.503Z" }, { "VulnerabilityID": "CVE-2022-50748", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50748", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5d117ed286494737647fb0e73d45aa185a7401b82295b88da61e67e4a1e7a4cb", "Title": "kernel: Kernel: Denial of Service via memory leak in mqueue component", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nipc: mqueue: fix possible memory leak in init_mqueue_fs()\n\ncommit db7cfc380900 (\"ipc: Free mq_sysctls if ipc namespace creation\nfailed\")\n\nHere's a similar memory leak to the one fixed by the patch above.\nretire_mq_sysctls need to be called when init_mqueue_fs fails after\nsetup_mq_sysctls.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50748", "https://git.kernel.org/stable/c/55b3709c6d68e32cd3fdd2a630b1f4c97d51b17c", "https://git.kernel.org/stable/c/a1f321051e0dcf2415fb94f81fdc5044cad4c1d6", "https://git.kernel.org/stable/c/c579d60f0d0cd87552f64fdebe68b5d941d20309", "https://lore.kernel.org/linux-cve-announce/2025122451-CVE-2022-50748-0136@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50748", "https://www.cve.org/CVERecord?id=CVE-2022-50748" ], "PublishedDate": "2025-12-24T13:16:01.517Z", "LastModifiedDate": "2025-12-29T15:58:34.503Z" }, { "VulnerabilityID": "CVE-2022-50759", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50759", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:62c8c71d8ccaa19ccf3efb98589cf41bc9f62e1db0624d7eb13f82b775de47bc", "Title": "kernel: media: i2c: ov5648: Free V4L2 fwnode data on unbind", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c: ov5648: Free V4L2 fwnode data on unbind\n\nThe V4L2 fwnode data structure doesn't get freed on unbind, which leads to\na memleak.", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50759", "https://git.kernel.org/stable/c/3a54b72868930f07935accaf95ec4df639324940", "https://git.kernel.org/stable/c/4a34fd4d9b548789d4a2018940edbec86282ed3b", "https://git.kernel.org/stable/c/c95770e4fc172696dcb1450893cda7d6324d96fc", "https://lore.kernel.org/linux-cve-announce/2025122454-CVE-2022-50759-747e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50759", "https://www.cve.org/CVERecord?id=CVE-2022-50759" ], "PublishedDate": "2025-12-24T13:16:02.667Z", "LastModifiedDate": "2025-12-29T15:58:34.503Z" }, { "VulnerabilityID": "CVE-2022-50772", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50772", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0a077081812263bddd9b8cfbed3507c9a5df1185e02974d6c6a51fe6ff8a4381", "Title": "kernel: Linux kernel: Denial of Service due to memory leak in netdevsim", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetdevsim: fix memory leak in nsim_bus_dev_new()\n\nIf device_register() failed in nsim_bus_dev_new(), the value of reference\nin nsim_bus_dev-\u003edev is 1. obj-\u003ename in nsim_bus_dev-\u003edev will not be\nreleased.\n\nunreferenced object 0xffff88810352c480 (size 16):\n comm \"echo\", pid 5691, jiffies 4294945921 (age 133.270s)\n hex dump (first 16 bytes):\n 6e 65 74 64 65 76 73 69 6d 31 00 00 00 00 00 00 netdevsim1......\n backtrace:\n [\u003c000000005e2e5e26\u003e] __kmalloc_node_track_caller+0x3a/0xb0\n [\u003c0000000094ca4fc8\u003e] kvasprintf+0xc3/0x160\n [\u003c00000000aad09bcc\u003e] kvasprintf_const+0x55/0x180\n [\u003c000000009bac868d\u003e] kobject_set_name_vargs+0x56/0x150\n [\u003c000000007c1a5d70\u003e] dev_set_name+0xbb/0xf0\n [\u003c00000000ad0d126b\u003e] device_add+0x1f8/0x1cb0\n [\u003c00000000c222ae24\u003e] new_device_store+0x3b6/0x5e0\n [\u003c0000000043593421\u003e] bus_attr_store+0x72/0xa0\n [\u003c00000000cbb1833a\u003e] sysfs_kf_write+0x106/0x160\n [\u003c00000000d0dedb8a\u003e] kernfs_fop_write_iter+0x3a8/0x5a0\n [\u003c00000000770b66e2\u003e] vfs_write+0x8f0/0xc80\n [\u003c0000000078bb39be\u003e] ksys_write+0x106/0x210\n [\u003c00000000005e55a4\u003e] do_syscall_64+0x35/0x80\n [\u003c00000000eaa40bbc\u003e] entry_SYSCALL_64_after_hwframe+0x46/0xb0", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50772", "https://git.kernel.org/stable/c/77579e4065295071fbd9662f03430dca5b50b086", "https://git.kernel.org/stable/c/cf2010aa1c739bab067cbc90b690d28eaa0b47da", "https://lore.kernel.org/linux-cve-announce/2025122458-CVE-2022-50772-774d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50772", "https://www.cve.org/CVERecord?id=CVE-2022-50772" ], "PublishedDate": "2025-12-24T13:16:04.02Z", "LastModifiedDate": "2025-12-29T15:58:34.503Z" }, { "VulnerabilityID": "CVE-2022-50778", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50778", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:36c269f24e40c55d67f8395489326f62342cfe57d989f29e2adb75e78509d314", "Title": "kernel: fortify: Fix __compiletime_strlen() under UBSAN_BOUNDS_LOCAL", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfortify: Fix __compiletime_strlen() under UBSAN_BOUNDS_LOCAL\n\nWith CONFIG_FORTIFY=y and CONFIG_UBSAN_LOCAL_BOUNDS=y enabled, we observe\na runtime panic while running Android's Compatibility Test Suite's (CTS)\nandroid.hardware.input.cts.tests. This is stemming from a strlen()\ncall in hidinput_allocate().\n\n__compiletime_strlen() is implemented in terms of __builtin_object_size(),\nthen does an array access to check for NUL-termination. A quirk of\n__builtin_object_size() is that for strings whose values are runtime\ndependent, __builtin_object_size(str, 1 or 0) returns the maximum size\nof possible values when those sizes are determinable at compile time.\nExample:\n\n static const char *v = \"FOO BAR\";\n static const char *y = \"FOO BA\";\n unsigned long x (int z) {\n // Returns 8, which is:\n // max(__builtin_object_size(v, 1), __builtin_object_size(y, 1))\n return __builtin_object_size(z ? v : y, 1);\n }\n\nSo when FORTIFY_SOURCE is enabled, the current implementation of\n__compiletime_strlen() will try to access beyond the end of y at runtime\nusing the size of v. Mixed with UBSAN_LOCAL_BOUNDS we get a fault.\n\nhidinput_allocate() has a local C string whose value is control flow\ndependent on a switch statement, so __builtin_object_size(str, 1)\nevaluates to the maximum string length, making all other cases fault on\nthe last character check. hidinput_allocate() could be cleaned up to\navoid runtime calls to strlen() since the local variable can only have\nliteral values, so there's no benefit to trying to fortify the strlen\ncall site there.\n\nPerform a __builtin_constant_p() check against index 0 earlier in the\nmacro to filter out the control-flow-dependant case. Add a KUnit test\nfor checking the expected behavioral characteristics of FORTIFY_SOURCE\ninternals.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50778", "https://git.kernel.org/stable/c/5d59ad2bfb35fccfe2ad5e8bb8801f6224d3f7d4", "https://git.kernel.org/stable/c/d07c0acb4f41cc42a0d97530946965b3e4fa68c1", "https://git.kernel.org/stable/c/ed42391164e6839a48aaf4c53eefda516835e799", "https://lore.kernel.org/linux-cve-announce/2025122400-CVE-2022-50778-0b9a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50778", "https://www.cve.org/CVERecord?id=CVE-2022-50778" ], "PublishedDate": "2025-12-24T13:16:04.64Z", "LastModifiedDate": "2025-12-29T15:58:34.503Z" }, { "VulnerabilityID": "CVE-2022-50785", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50785", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1b4993ae125ffee5291285b6c2f15b2df51c2c962e64bf22c92b6b7241d4941d", "Title": "kernel: fsi: occ: Prevent use after free", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfsi: occ: Prevent use after free\n\nUse get_device and put_device in the open and close functions to\nmake sure the device doesn't get freed while a file descriptor is\nopen.\nAlso, lock around the freeing of the device buffer and check the\nbuffer before using it in the submit function.", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50785", "https://git.kernel.org/linus/d3e1e24604031b0d83b6c2d38f54eeea265cfcc0 (6.1-rc1)", "https://git.kernel.org/stable/c/1d5ad0a874ddfcee9f932f54b1d34cbe8b9ddcfe", "https://git.kernel.org/stable/c/3593e8efc9f0dac6be70bd5c964eadaa86bf2713", "https://git.kernel.org/stable/c/d3e1e24604031b0d83b6c2d38f54eeea265cfcc0", "https://lore.kernel.org/linux-cve-announce/2025123028-CVE-2022-50785-ed95@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50785", "https://www.cve.org/CVERecord?id=CVE-2022-50785" ], "PublishedDate": "2025-12-30T12:15:44.143Z", "LastModifiedDate": "2025-12-31T20:43:05.16Z" }, { "VulnerabilityID": "CVE-2022-50811", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50811", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8501ea83b12ddb8190b9b90bdb801ffa34324a7bfe90b7c1350f6bafb2cf63a8", "Title": "kernel: erofs: fix missing unmap if z_erofs_get_extent_compressedlen() fails", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix missing unmap if z_erofs_get_extent_compressedlen() fails\n\nOtherwise, meta buffers could be leaked.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50811", "https://git.kernel.org/linus/d5d188b8f8b38d3d71dd05993874b4fc9284ce95 (6.2-rc1)", "https://git.kernel.org/stable/c/091a8ca572a2e48554427feda78aa503e98c1028", "https://git.kernel.org/stable/c/373b6f350aecf5dca2e7474f0b4ec8cca659f2f0", "https://git.kernel.org/stable/c/d5d188b8f8b38d3d71dd05993874b4fc9284ce95", "https://lore.kernel.org/linux-cve-announce/2025123013-CVE-2022-50811-66f4@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50811", "https://www.cve.org/CVERecord?id=CVE-2022-50811" ], "PublishedDate": "2025-12-30T13:15:55.423Z", "LastModifiedDate": "2025-12-31T20:43:05.16Z" }, { "VulnerabilityID": "CVE-2022-50815", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50815", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:91b42ad35a7c36c390fb81931ebb215095c769982c4a7e9bdbaeae5ed2be63fa", "Title": "kernel: ext2: Add sanity checks for group and filesystem size", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\next2: Add sanity checks for group and filesystem size\n\nAdd sanity check that filesystem size does not exceed the underlying\ndevice size and that group size is big enough so that metadata can fit\ninto it. This avoid trying to mount some crafted filesystems with\nextremely large group counts.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50815", "https://git.kernel.org/linus/d766f2d1e3e3bd44024a7f971ffcf8b8fbb7c5d2 (6.1-rc1)", "https://git.kernel.org/stable/c/321440079763998076b75e0c802524e2218a7d97", "https://git.kernel.org/stable/c/40ff52527daec00cf1530c17a95636916ddd3b38", "https://git.kernel.org/stable/c/d766f2d1e3e3bd44024a7f971ffcf8b8fbb7c5d2", "https://lore.kernel.org/linux-cve-announce/2025123014-CVE-2022-50815-6923@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50815", "https://www.cve.org/CVERecord?id=CVE-2022-50815" ], "PublishedDate": "2025-12-30T13:15:55.86Z", "LastModifiedDate": "2025-12-31T20:43:05.16Z" }, { "VulnerabilityID": "CVE-2022-50851", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50851", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:35f1754eea12c8358f290ca68a1097916123b2afbffe67376948e20ce1bc5f55", "Title": "kernel: Linux kernel (vhost_vdpa): Denial of service via large memory unmap", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost_vdpa: fix the crash in unmap a large memory\n\nWhile testing in vIOMMU, sometimes Guest will unmap very large memory,\nwhich will cause the crash. To fix this, add a new function\nvhost_vdpa_general_unmap(). This function will only unmap the memory\nthat saved in iotlb.\n\nCall Trace:\n[ 647.820144] ------------[ cut here ]------------\n[ 647.820848] kernel BUG at drivers/iommu/intel/iommu.c:1174!\n[ 647.821486] invalid opcode: 0000 [#1] PREEMPT SMP PTI\n[ 647.822082] CPU: 10 PID: 1181 Comm: qemu-system-x86 Not tainted 6.0.0-rc1home_lulu_2452_lulu7_vhost+ #62\n[ 647.823139] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.15.0-29-g6a62e0cb0dfe-prebuilt.qem4\n[ 647.824365] RIP: 0010:domain_unmap+0x48/0x110\n[ 647.825424] Code: 48 89 fb 8d 4c f6 1e 39 c1 0f 4f c8 83 e9 0c 83 f9 3f 7f 18 48 89 e8 48 d3 e8 48 85 c0 75 59\n[ 647.828064] RSP: 0018:ffffae5340c0bbf0 EFLAGS: 00010202\n[ 647.828973] RAX: 0000000000000001 RBX: ffff921793d10540 RCX: 000000000000001b\n[ 647.830083] RDX: 00000000080000ff RSI: 0000000000000001 RDI: ffff921793d10540\n[ 647.831214] RBP: 0000000007fc0100 R08: ffffae5340c0bcd0 R09: 0000000000000003\n[ 647.832388] R10: 0000007fc0100000 R11: 0000000000100000 R12: 00000000080000ff\n[ 647.833668] R13: ffffae5340c0bcd0 R14: ffff921793d10590 R15: 0000008000100000\n[ 647.834782] FS: 00007f772ec90640(0000) GS:ffff921ce7a80000(0000) knlGS:0000000000000000\n[ 647.836004] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 647.836990] CR2: 00007f02c27a3a20 CR3: 0000000101b0c006 CR4: 0000000000372ee0\n[ 647.838107] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 647.839283] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 647.840666] Call Trace:\n[ 647.841437] \u003cTASK\u003e\n[ 647.842107] intel_iommu_unmap_pages+0x93/0x140\n[ 647.843112] __iommu_unmap+0x91/0x1b0\n[ 647.844003] iommu_unmap+0x6a/0x95\n[ 647.844885] vhost_vdpa_unmap+0x1de/0x1f0 [vhost_vdpa]\n[ 647.845985] vhost_vdpa_process_iotlb_msg+0xf0/0x90b [vhost_vdpa]\n[ 647.847235] ? _raw_spin_unlock+0x15/0x30\n[ 647.848181] ? _copy_from_iter+0x8c/0x580\n[ 647.849137] vhost_chr_write_iter+0xb3/0x430 [vhost]\n[ 647.850126] vfs_write+0x1e4/0x3a0\n[ 647.850897] ksys_write+0x53/0xd0\n[ 647.851688] do_syscall_64+0x3a/0x90\n[ 647.852508] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[ 647.853457] RIP: 0033:0x7f7734ef9f4f\n[ 647.854408] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 76 f8 ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c8\n[ 647.857217] RSP: 002b:00007f772ec8f040 EFLAGS: 00000293 ORIG_RAX: 0000000000000001\n[ 647.858486] RAX: ffffffffffffffda RBX: 00000000fef00000 RCX: 00007f7734ef9f4f\n[ 647.859713] RDX: 0000000000000048 RSI: 00007f772ec8f090 RDI: 0000000000000010\n[ 647.860942] RBP: 00007f772ec8f1a0 R08: 0000000000000000 R09: 0000000000000000\n[ 647.862206] R10: 0000000000000001 R11: 0000000000000293 R12: 0000000000000010\n[ 647.863446] R13: 0000000000000002 R14: 0000000000000000 R15: ffffffff01100000\n[ 647.864692] \u003c/TASK\u003e\n[ 647.865458] Modules linked in: rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs v]\n[ 647.874688] ---[ end trace 0000000000000000 ]---", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 6.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50851", "https://git.kernel.org/linus/e794070af224ade46db368271896b2685ff4f96b (6.2-rc3)", "https://git.kernel.org/stable/c/26b7400c89b81e2f6de4f224ba1fdf06f293de31", "https://git.kernel.org/stable/c/8b258a31c2e8d4d4e42be70a7c6ca35a5afbff0d", "https://git.kernel.org/stable/c/e794070af224ade46db368271896b2685ff4f96b", "https://lore.kernel.org/linux-cve-announce/2025123044-CVE-2022-50851-fd02@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50851", "https://www.cve.org/CVERecord?id=CVE-2022-50851" ], "PublishedDate": "2025-12-30T13:15:59.797Z", "LastModifiedDate": "2025-12-31T20:43:05.16Z" }, { "VulnerabilityID": "CVE-2022-50862", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50862", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:776081c5e1e28b8204089dd83605cf35cca7a4e7391fdbe3518174d896d166ab", "Title": "kernel: bpf: prevent decl_tag from being referenced in func_proto", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: prevent decl_tag from being referenced in func_proto\n\nSyzkaller was able to hit the following issue:\n\n------------[ cut here ]------------\nWARNING: CPU: 0 PID: 3609 at kernel/bpf/btf.c:1946\nbtf_type_id_size+0x2d5/0x9d0 kernel/bpf/btf.c:1946\nModules linked in:\nCPU: 0 PID: 3609 Comm: syz-executor361 Not tainted\n6.0.0-syzkaller-02734-g0326074ff465 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS\nGoogle 09/22/2022\nRIP: 0010:btf_type_id_size+0x2d5/0x9d0 kernel/bpf/btf.c:1946\nCode: ef e8 7f 8e e4 ff 41 83 ff 0b 77 28 f6 44 24 10 18 75 3f e8 6d 91\ne4 ff 44 89 fe bf 0e 00 00 00 e8 20 8e e4 ff e8 5b 91 e4 ff \u003c0f\u003e 0b 45\n31 f6 e9 98 02 00 00 41 83 ff 12 74 18 e8 46 91 e4 ff 44\nRSP: 0018:ffffc90003cefb40 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000\nRDX: ffff8880259c0000 RSI: ffffffff81968415 RDI: 0000000000000005\nRBP: ffff88801270ca00 R08: 0000000000000005 R09: 000000000000000e\nR10: 0000000000000011 R11: 0000000000000000 R12: 0000000000000000\nR13: 0000000000000011 R14: ffff888026ee6424 R15: 0000000000000011\nFS: 000055555641b300(0000) GS:ffff8880b9a00000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000f2e258 CR3: 000000007110e000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n btf_func_proto_check kernel/bpf/btf.c:4447 [inline]\n btf_check_all_types kernel/bpf/btf.c:4723 [inline]\n btf_parse_type_sec kernel/bpf/btf.c:4752 [inline]\n btf_parse kernel/bpf/btf.c:5026 [inline]\n btf_new_fd+0x1926/0x1e70 kernel/bpf/btf.c:6892\n bpf_btf_load kernel/bpf/syscall.c:4324 [inline]\n __sys_bpf+0xb7d/0x4cf0 kernel/bpf/syscall.c:5010\n __do_sys_bpf kernel/bpf/syscall.c:5069 [inline]\n __se_sys_bpf kernel/bpf/syscall.c:5067 [inline]\n __x64_sys_bpf+0x75/0xb0 kernel/bpf/syscall.c:5067\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7f0fbae41c69\nCode: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89\nf7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01\nf0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffc8aeb6228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0fbae41c69\nRDX: 0000000000000020 RSI: 0000000020000140 RDI: 0000000000000012\nRBP: 00007f0fbae05e10 R08: 0000000000000000 R09: 0000000000000000\nR10: 00000000ffffffff R11: 0000000000000246 R12: 00007f0fbae05ea0\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\n\nLooks like it tries to create a func_proto which return type is\ndecl_tag. For the details, see Martin's spot on analysis in [0].\n\n0: https://lore.kernel.org/bpf/CAKH8qBuQDLva_hHxxBuZzyAcYNO4ejhovz6TQeVSk8HY-2SO6g@mail.gmail.com/T/#mea6524b3fcd6298347432226e81b1e6155efc62c", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50862", "https://git.kernel.org/linus/ea68376c8bed5cd156900852aada20c3a0874d17 (6.1-rc3)", "https://git.kernel.org/stable/c/e9dbb4c539d058852b76937dcd7347d3f38054f2", "https://git.kernel.org/stable/c/ea68376c8bed5cd156900852aada20c3a0874d17", "https://lore.kernel.org/linux-cve-announce/2025123048-CVE-2022-50862-124f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50862", "https://www.cve.org/CVERecord?id=CVE-2022-50862" ], "PublishedDate": "2025-12-30T13:16:00.997Z", "LastModifiedDate": "2025-12-31T20:43:05.16Z" }, { "VulnerabilityID": "CVE-2022-50863", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50863", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:10c6ab9a24458f5dbf7dad1b31b0a44788923556968981a5713aef253db3d489", "Title": "kernel: Kernel: Denial of Service via memory leak in wifi power saving mode", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: free unused skb to prevent memory leak\n\nThis avoid potential memory leak under power saving mode.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50863", "https://git.kernel.org/linus/eae672f386049146058b9e5d3d33e9e4af9dca1d (6.1-rc1)", "https://git.kernel.org/stable/c/216c59b66f2d0c428a4fdaa24dc28cd6be4a2bf6", "https://git.kernel.org/stable/c/d4b4f6ff8ff1b87d25977423cf38fb61744d0023", "https://git.kernel.org/stable/c/eae672f386049146058b9e5d3d33e9e4af9dca1d", "https://lore.kernel.org/linux-cve-announce/2025123048-CVE-2022-50863-7f8b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50863", "https://www.cve.org/CVERecord?id=CVE-2022-50863" ], "PublishedDate": "2025-12-30T13:16:01.103Z", "LastModifiedDate": "2025-12-31T20:43:05.16Z" }, { "VulnerabilityID": "CVE-2022-50871", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-50871", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:55cdd2318b689df577ea4dc1627a43dae31dda4df21395ad8af8a5b9795ac7e1", "Title": "kernel: wifi: ath11k: Fix qmi_msg_handler data structure initialization", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: Fix qmi_msg_handler data structure initialization\n\nqmi_msg_handler is required to be null terminated by QMI module.\nThere might be a case where a handler for a msg id is not present in the\nhandlers array which can lead to infinite loop while searching the handler\nand therefore out of bound access in qmi_invoke_handler().\nHence update the initialization in qmi_msg_handler data structure.\n\nTested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.5.0.1-01100-QCAHKSWPL_SILICONZ-1", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-50871", "https://git.kernel.org/linus/ed3725e15a154ebebf44e0c34806c57525483f92 (6.2-rc1)", "https://git.kernel.org/stable/c/a10e1530c424bb277b4edc7def0195857a548495", "https://git.kernel.org/stable/c/d5d71de448f36e34592f7c81b5e300d3e8dbb735", "https://git.kernel.org/stable/c/ed3725e15a154ebebf44e0c34806c57525483f92", "https://lore.kernel.org/linux-cve-announce/2025123051-CVE-2022-50871-c4e0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2022-50871", "https://www.cve.org/CVERecord?id=CVE-2022-50871" ], "PublishedDate": "2025-12-30T13:16:02.03Z", "LastModifiedDate": "2025-12-31T20:43:05.16Z" }, { "VulnerabilityID": "CVE-2023-0030", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0030", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5c198ed5301ccae4aa27a954ce603d13cbfd5933172e9e77f582e4f64bd94fc0", "Title": "kernel: Use after Free in nvkm_vmm_pfn_map", "Description": "A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a local user to crash or potentially escalate their privileges on the system.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-0030", "https://bugzilla.redhat.com/show_bug.cgi?id=2157270", "https://git.kernel.org/linus/729eba3355674f2d9524629b73683ba1d1cd3f10 (5.0-rc1)", "https://github.com/torvalds/linux/commit/729eba3355674f2d9524629b73683ba1d1cd3f10", "https://lore.kernel.org/all/20221230072758.443644-1-zyytlz.wz@163.com/", "https://lore.kernel.org/all/63d485b2.170a0220.4af4c.d54f@mx.google.com/", "https://nvd.nist.gov/vuln/detail/CVE-2023-0030", "https://security.netapp.com/advisory/ntap-20230413-0010/", "https://www.cve.org/CVERecord?id=CVE-2023-0030" ], "PublishedDate": "2023-03-08T23:15:10.963Z", "LastModifiedDate": "2025-03-05T21:15:15.52Z" }, { "VulnerabilityID": "CVE-2023-0160", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0160", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:51ac91c3e9e345d98af15dc7fac016a17c48244920a5db8e816cd60e6758934f", "Title": "kernel: possibility of deadlock in libbpf function sock_hash_delete_elem", "Description": "A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system.", "Severity": "MEDIUM", "CweIDs": [ "CWE-833", "CWE-667" ], "VendorSeverity": { "amazon": 3, "cbl-mariner": 2, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-0160", "https://bugzilla.redhat.com/show_bug.cgi?id=2159764", "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ed17aa92dc56", "https://lore.kernel.org/all/20230406122622.109978-1-liuxin350@huawei.com/", "https://lore.kernel.org/all/CABcoxUayum5oOqFMMqAeWuS8+EzojquSOSyDA3J_2omY=2EeAg@mail.gmail.com/", "https://lore.kernel.org/bpf/000000000000f1db9605f939720e@google.com/", "https://nvd.nist.gov/vuln/detail/CVE-2023-0160", "https://www.cve.org/CVERecord?id=CVE-2023-0160" ], "PublishedDate": "2023-07-18T17:15:11.313Z", "LastModifiedDate": "2024-11-21T07:36:39.893Z" }, { "VulnerabilityID": "CVE-2023-1193", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-1193", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d863929b95d41540f54669ea9f1104c7b60ec300724d667f5841460b575d0e3f", "Title": "kernel: use-after-free in setup_async_work()", "Description": "A use-after-free flaw was found in setup_async_work in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "cbl-mariner": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-1193", "https://bugzilla.redhat.com/show_bug.cgi?id=2154177", "https://lkml.kernel.org/linux-cifs/20230401084951.6085-2-linkinjeon@kernel.org/T/", "https://nvd.nist.gov/vuln/detail/CVE-2023-1193", "https://www.cve.org/CVERecord?id=CVE-2023-1193" ], "PublishedDate": "2023-11-01T20:15:08.663Z", "LastModifiedDate": "2024-11-21T07:38:38.71Z" }, { "VulnerabilityID": "CVE-2023-2007", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2007", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e32d03d1d9a3d29c5bc99839ef72a855f24842bb077f9a36a01c7654ca772979", "Title": "kernel: DPT I2O controller TOCTOU information disclosure vulnerability", "Description": "The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.", "Severity": "MEDIUM", "CweIDs": [ "CWE-367", "CWE-667" ], "VendorSeverity": { "cbl-mariner": 3, "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", "V3Score": 6.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-2007", "https://github.com/torvalds/linux/commit/b04e75a4a8a81887386a0d2dbf605a48e779d2a0", "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html", "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-2007", "https://security.netapp.com/advisory/ntap-20240119-0011/", "https://www.cve.org/CVERecord?id=CVE-2023-2007", "https://www.debian.org/security/2023/dsa-5480", "https://www.zerodayinitiative.com/advisories/ZDI-23-440/" ], "PublishedDate": "2023-04-24T23:15:18.877Z", "LastModifiedDate": "2024-11-21T07:57:45.283Z" }, { "VulnerabilityID": "CVE-2023-26242", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-26242", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9085000fde9438ce53272d4c050b158d3dd565b58846e21e0f968c87cd9997e6", "Title": "afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the ...", "Description": "afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 has an integer overflow.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "cbl-mariner": 3, "nvd": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://bugzilla.suse.com/show_bug.cgi?id=1208518", "https://lore.kernel.org/all/20230206054326.89323-1-k1rh4.lee@gmail.com/", "https://nvd.nist.gov/vuln/detail/CVE-2023-26242", "https://patchwork.kernel.org/project/linux-fpga/patch/20230206054326.89323-1-k1rh4.lee%40gmail.com", "https://patchwork.kernel.org/project/linux-fpga/patch/20230206054326.89323-1-k1rh4.lee@gmail.com/", "https://security.netapp.com/advisory/ntap-20230406-0002/", "https://www.cve.org/CVERecord?id=CVE-2023-26242" ], "PublishedDate": "2023-02-21T01:15:11.423Z", "LastModifiedDate": "2025-05-05T16:15:31.123Z" }, { "VulnerabilityID": "CVE-2023-31082", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31082", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:58c51e4537af266e09d372025a8d4b0a4079b561e899c9a50e55740a61010fd0", "Title": "kernel: sleeping function called from an invalid context in gsmld_write", "Description": "An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2. There is a sleeping function called from an invalid context in gsmld_write, which will block the kernel. Note: This has been disputed by 3rd parties as not a valid vulnerability.", "Severity": "MEDIUM", "CweIDs": [ "CWE-763" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-31082", "https://bugzilla.suse.com/show_bug.cgi?id=1210781", "https://lore.kernel.org/all/CA+UBctCZok5FSQ=LPRA+A-jocW=L8FuMVZ_7MNqhh483P5yN8A%40mail.gmail.com/", "https://lore.kernel.org/all/CA+UBctCZok5FSQ=LPRA+A-jocW=L8FuMVZ_7MNqhh483P5yN8A@mail.gmail.com/", "https://nvd.nist.gov/vuln/detail/CVE-2023-31082", "https://security.netapp.com/advisory/ntap-20230929-0003/", "https://www.cve.org/CVERecord?id=CVE-2023-31082" ], "PublishedDate": "2023-04-24T06:15:07.783Z", "LastModifiedDate": "2024-11-21T08:01:22.69Z" }, { "VulnerabilityID": "CVE-2023-45896", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45896", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7f8e29d6ab6846754bae43cdbaa8f2a7a258e53dd87a93470d04c6778b24bdaf", "Title": "kernel: ntfs3: kernel memory read by mounting a filesystem", "Description": "ntfs3 in the Linux kernel through 6.8.0 allows a physically proximate attacker to read kernel memory by mounting a filesystem (e.g., if a Linux distribution is configured to allow unprivileged mounts of removable media) and then leveraging local access to trigger an out-of-bounds read. A length value can be larger than the amount of memory allocated. NOTE: the supplier's perspective is that there is no vulnerability when an attack requires an attacker-modified filesystem image.", "Severity": "MEDIUM", "CweIDs": [ "CWE-276" ], "VendorSeverity": { "amazon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 4.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-45896", "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.11", "https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/", "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=013ff63b649475f0ee134e2c8d0c8e65284ede50", "https://git.kernel.org/linus/013ff63b649475f0ee134e2c8d0c8e65284ede50 (6.6-rc7)", "https://github.com/torvalds/linux/commit/013ff63b649475f0ee134e2c8d0c8e65284ede50", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-45896", "https://www.cve.org/CVERecord?id=CVE-2023-45896" ], "PublishedDate": "2024-08-28T05:15:13.657Z", "LastModifiedDate": "2025-11-03T22:16:28.32Z" }, { "VulnerabilityID": "CVE-2023-52452", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52452", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0f2550af67407dd2af740c0ff50144f0411b6fdd6b5a9a28196563b86db11680", "Title": "kernel: bpf: Fix accesses to uninit stack slots", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix accesses to uninit stack slots\n\nPrivileged programs are supposed to be able to read uninitialized stack\nmemory (ever since 6715df8d5) but, before this patch, these accesses\nwere permitted inconsistently. In particular, accesses were permitted\nabove state-\u003eallocated_stack, but not below it. In other words, if the\nstack was already \"large enough\", the access was permitted, but\notherwise the access was rejected instead of being allowed to \"grow the\nstack\". This undesired rejection was happening in two places:\n- in check_stack_slot_within_bounds()\n- in check_stack_range_initialized()\nThis patch arranges for these accesses to be permitted. A bunch of tests\nthat were relying on the old rejection had to change; all of them were\nchanged to add also run unprivileged, in which case the old behavior\npersists. One tests couldn't be updated - global_func16 - because it\ncan't run unprivileged for other reasons.\n\nThis patch also fixes the tracking of the stack size for variable-offset\nreads. This second fix is bundled in the same commit as the first one\nbecause they're inter-related. Before this patch, writes to the stack\nusing registers containing a variable offset (as opposed to registers\nwith fixed, known values) were not properly contributing to the\nfunction's needed stack size. As a result, it was possible for a program\nto verify, but then to attempt to read out-of-bounds data at runtime\nbecause a too small stack had been allocated for it.\n\nEach function tracks the size of the stack it needs in\nbpf_subprog_info.stack_depth, which is maintained by\nupdate_stack_depth(). For regular memory accesses, check_mem_access()\nwas calling update_state_depth() but it was passing in only the fixed\npart of the offset register, ignoring the variable offset. This was\nincorrect; the minimum possible value of that register should be used\ninstead.\n\nThis tracking is now fixed by centralizing the tracking of stack size in\ngrow_stack_state(), and by lifting the calls to grow_stack_state() to\ncheck_stack_access_within_bounds() as suggested by Andrii. The code is\nnow simpler and more convincingly tracks the correct maximum stack size.\ncheck_stack_range_initialized() can now rely on enough stack having been\nallocated for the access; this helps with the fix for the first issue.\n\nA few tests were changed to also check the stack depth computation. The\none that fails without this patch is verifier_var_off:stack_write_priv_vs_unpriv.", "Severity": "MEDIUM", "CweIDs": [ "CWE-665" ], "VendorSeverity": { "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-52452", "https://git.kernel.org/stable/c/0954982db8283016bf38e9db2da5adf47a102e19", "https://git.kernel.org/stable/c/6b4a64bafd107e521c01eec3453ce94a3fb38529", "https://git.kernel.org/stable/c/fbcf372c8eda2290470268e0afb5ab5d5f5d5fde", "https://lore.kernel.org/linux-cve-announce/2024022258-CVE-2023-52452-7904@gregkh/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2023-52452", "https://ubuntu.com/security/notices/USN-6818-1", "https://ubuntu.com/security/notices/USN-6818-2", "https://ubuntu.com/security/notices/USN-6818-3", "https://ubuntu.com/security/notices/USN-6818-4", "https://ubuntu.com/security/notices/USN-6819-1", "https://ubuntu.com/security/notices/USN-6819-2", "https://ubuntu.com/security/notices/USN-6819-3", "https://ubuntu.com/security/notices/USN-6819-4", "https://www.cve.org/CVERecord?id=CVE-2023-52452" ], "PublishedDate": "2024-02-22T17:15:08.83Z", "LastModifiedDate": "2024-11-21T08:39:48.05Z" }, { "VulnerabilityID": "CVE-2023-52481", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52481", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:94b27f121aa97201c7a372c7b8d6339cea5ff8a6272ece7908349ef457203582", "Title": "kernel: arm64: errata: Add Cortex-A520 speculative unprivileged load workaround", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: errata: Add Cortex-A520 speculative unprivileged load workaround\n\nImplement the workaround for ARM Cortex-A520 erratum 2966298. On an\naffected Cortex-A520 core, a speculatively executed unprivileged load\nmight leak data from a privileged load via a cache side channel. The\nissue only exists for loads within a translation regime with the same\ntranslation (e.g. same ASID and VMID). Therefore, the issue only affects\nthe return to EL0.\n\nThe workaround is to execute a TLBI before returning to EL0 after all\nloads of privileged data. A non-shareable TLBI to any address is\nsufficient.\n\nThe workaround isn't necessary if page table isolation (KPTI) is\nenabled, but for simplicity it will be. Page table isolation should\nnormally be disabled for Cortex-A520 as it supports the CSV3 feature\nand the E0PD feature (used when KASLR is enabled).", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "V3Score": 6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-52481", "https://git.kernel.org/linus/471470bc7052d28ce125901877dd10e4c048e513 (6.6-rc5)", "https://git.kernel.org/stable/c/32b0a4ffcaea44a00a61e40c0d1bcc50362aee25", "https://git.kernel.org/stable/c/471470bc7052d28ce125901877dd10e4c048e513", "https://git.kernel.org/stable/c/6e3ae2927b432a3b7c8374f14dbc1bd9ebe4372c", "https://lore.kernel.org/linux-cve-announce/2024022922-CVE-2023-52481-99a8@gregkh/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2023-52481", "https://www.cve.org/CVERecord?id=CVE-2023-52481" ], "PublishedDate": "2024-02-29T06:15:46.06Z", "LastModifiedDate": "2025-04-04T14:59:11.65Z" }, { "VulnerabilityID": "CVE-2023-52485", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52485", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e2bf5d3b037524e0ec52c709170954364d76bdd2fc0e7afc212127663980ee65", "Title": "kernel: drm/amd/display: Wake DMCUB before sending a command cause deadlock", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Wake DMCUB before sending a command\n\n[Why]\nWe can hang in place trying to send commands when the DMCUB isn't\npowered on.\n\n[How]\nFor functions that execute within a DC context or DC lock we can\nwrap the direct calls to dm_execute_dmub_cmd/list with code that\nexits idle power optimizations and reallows once we're done with\nthe command submission on success.\n\nFor DM direct submissions the DM will need to manage the enter/exit\nsequencing manually.\n\nWe cannot invoke a DMCUB command directly within the DM execution\nhelper or we can deadlock.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-52485", "https://git.kernel.org/linus/8892780834ae294bc3697c7d0e056d7743900b39 (6.8-rc1)", "https://git.kernel.org/stable/c/303197775a97416b62d4da69280d0c120a20e009", "https://git.kernel.org/stable/c/8892780834ae294bc3697c7d0e056d7743900b39", "https://lore.kernel.org/linux-cve-announce/20240229150009.1525992-2-lee@kernel.org/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2023-52485", "https://www.cve.org/CVERecord?id=CVE-2023-52485" ], "PublishedDate": "2024-02-29T15:15:07.397Z", "LastModifiedDate": "2025-01-09T20:20:59.593Z" }, { "VulnerabilityID": "CVE-2023-52508", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52508", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:91a8be0c7d28f64226d31691c8d88963236784de7755a121d5b78cf4cb814c0d", "Title": "kernel: nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid()\n\nThe nvme_fc_fcp_op structure describing an AEN operation is initialized with a\nnull request structure pointer. An FC LLDD may make a call to\nnvme_fc_io_getuuid passing a pointer to an nvmefc_fcp_req for an AEN operation.\n\nAdd validation of the request structure pointer before dereference.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-52508", "https://git.kernel.org/linus/8ae5b3a685dc59a8cf7ccfe0e850999ba9727a3c (6.6-rc2)", "https://git.kernel.org/stable/c/8ae5b3a685dc59a8cf7ccfe0e850999ba9727a3c", "https://git.kernel.org/stable/c/be90c9e29dd59b7d19a73297a1590ff3ec1d22ea", "https://git.kernel.org/stable/c/dd46b3ac7322baf3772b33b29726e94f98289db7", "https://lore.kernel.org/linux-cve-announce/2024030250-CVE-2023-52508-359c@gregkh/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2023-52508", "https://www.cve.org/CVERecord?id=CVE-2023-52508" ], "PublishedDate": "2024-03-02T22:15:47.493Z", "LastModifiedDate": "2025-03-19T16:11:52.4Z" }, { "VulnerabilityID": "CVE-2023-52561", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52561", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:81e906167035b9b32333c10f8622569a2b2637b98db8c48c00c2f846b02f8ce5", "Title": "kernel: arm64: dts: qcom: sdm845-db845c: unreserved cont splash memory region leads to kernel panic", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: dts: qcom: sdm845-db845c: Mark cont splash memory region as reserved\n\nAdding a reserved memory region for the framebuffer memory\n(the splash memory region set up by the bootloader).\n\nIt fixes a kernel panic (arm-smmu: Unhandled context fault\nat this particular memory region) reported on DB845c running\nv5.10.y.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-52561", "https://git.kernel.org/linus/110e70fccce4f22b53986ae797d665ffb1950aa6 (6.6-rc1)", "https://git.kernel.org/stable/c/110e70fccce4f22b53986ae797d665ffb1950aa6", "https://git.kernel.org/stable/c/82dacd0ca0d9640723824026d6fdf773c02de1d2", "https://git.kernel.org/stable/c/dc1ab6577475b0460ba4261cd9caec37bd62ca0b", "https://lore.kernel.org/linux-cve-announce/2024030253-CVE-2023-52561-89b2@gregkh/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2023-52561", "https://www.cve.org/CVERecord?id=CVE-2023-52561" ], "PublishedDate": "2024-03-02T22:15:48.803Z", "LastModifiedDate": "2025-04-08T15:09:34.487Z" }, { "VulnerabilityID": "CVE-2023-52569", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52569", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:650dd950e925cb70ee3891b36ae0e9f1695333fb3accf1553ad2e00eb0c9424c", "Title": "kernel: btrfs: improper BUG() call after failure to insert delayed dir index item", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: remove BUG() after failure to insert delayed dir index item\n\nInstead of calling BUG() when we fail to insert a delayed dir index item\ninto the delayed node's tree, we can just release all the resources we\nhave allocated/acquired before and return the error to the caller. This is\nfine because all existing call chains undo anything they have done before\ncalling btrfs_insert_delayed_dir_index() or BUG_ON (when creating pending\nsnapshots in the transaction commit path).\n\nSo remove the BUG() call and do proper error handling.\n\nThis relates to a syzbot report linked below, but does not fix it because\nit only prevents hitting a BUG(), it does not fix the issue where somehow\nwe attempt to use twice the same index number for different index items.", "Severity": "MEDIUM", "CweIDs": [ "CWE-617" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-52569", "https://git.kernel.org/linus/2c58c3931ede7cd08cbecf1f1a4acaf0a04a41a9 (6.6-rc2)", "https://git.kernel.org/stable/c/2c58c3931ede7cd08cbecf1f1a4acaf0a04a41a9", "https://git.kernel.org/stable/c/39c4a9522db0072570d602e9b365119e17fb9f4f", "https://git.kernel.org/stable/c/d10fd53393cc5de4b9cf1a4b8f9984f0a037aa51", "https://nvd.nist.gov/vuln/detail/CVE-2023-52569", "https://www.cve.org/CVERecord?id=CVE-2023-52569" ], "PublishedDate": "2024-03-02T22:15:49.163Z", "LastModifiedDate": "2025-06-19T13:15:25.037Z" }, { "VulnerabilityID": "CVE-2023-52576", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52576", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:390f0f0a2e5334c84182cf8034c015a81fb40148b15b04c8393eb305bcb2e239", "Title": "kernel: x86/mm, kexec, ima: potential use-after-free in memblock_isolate_range()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm, kexec, ima: Use memblock_free_late() from ima_free_kexec_buffer()\n\nThe code calling ima_free_kexec_buffer() runs long after the memblock\nallocator has already been torn down, potentially resulting in a use\nafter free in memblock_isolate_range().\n\nWith KASAN or KFENCE, this use after free will result in a BUG\nfrom the idle task, and a subsequent kernel panic.\n\nSwitch ima_free_kexec_buffer() over to memblock_free_late() to avoid\nthat bug.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-52576", "https://git.kernel.org/linus/34cf99c250d5cd2530b93a57b0de31d3aaf8685b (6.6-rc3)", "https://git.kernel.org/stable/c/34cf99c250d5cd2530b93a57b0de31d3aaf8685b", "https://git.kernel.org/stable/c/d2dfbc0e3b7a04c2d941421a958dc31c897fb204", "https://git.kernel.org/stable/c/eef16bfdb212da60f5144689f2967fb25b051a2b", "https://lore.kernel.org/linux-cve-announce/2024030257-CVE-2023-52576-7ee2@gregkh/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2023-52576", "https://www.cve.org/CVERecord?id=CVE-2023-52576" ], "PublishedDate": "2024-03-02T22:15:49.49Z", "LastModifiedDate": "2025-04-08T15:04:03.76Z" }, { "VulnerabilityID": "CVE-2023-52582", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52582", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:eec26b7349cd1c68b95e6cea60f04948b93528ac030085a65e12218595b5c759", "Title": "kernel: netfs: improper loop in netfs_rreq_unlock_folios()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Only call folio_start_fscache() one time for each folio\n\nIf a network filesystem using netfs implements a clamp_length()\nfunction, it can set subrequest lengths smaller than a page size.\n\nWhen we loop through the folios in netfs_rreq_unlock_folios() to\nset any folios to be written back, we need to make sure we only\ncall folio_start_fscache() once for each folio.\n\nOtherwise, this simple testcase:\n\n mount -o fsc,rsize=1024,wsize=1024 127.0.0.1:/export /mnt/nfs\n dd if=/dev/zero of=/mnt/nfs/file.bin bs=4096 count=1\n 1+0 records in\n 1+0 records out\n 4096 bytes (4.1 kB, 4.0 KiB) copied, 0.0126359 s, 324 kB/s\n echo 3 \u003e /proc/sys/vm/drop_caches\n cat /mnt/nfs/file.bin \u003e /dev/null\n\nwill trigger an oops similar to the following:\n\n page dumped because: VM_BUG_ON_FOLIO(folio_test_private_2(folio))\n ------------[ cut here ]------------\n kernel BUG at include/linux/netfs.h:44!\n ...\n CPU: 5 PID: 134 Comm: kworker/u16:5 Kdump: loaded Not tainted 6.4.0-rc5\n ...\n RIP: 0010:netfs_rreq_unlock_folios+0x68e/0x730 [netfs]\n ...\n Call Trace:\n netfs_rreq_assess+0x497/0x660 [netfs]\n netfs_subreq_terminated+0x32b/0x610 [netfs]\n nfs_netfs_read_completion+0x14e/0x1a0 [nfs]\n nfs_read_completion+0x2f9/0x330 [nfs]\n rpc_free_task+0x72/0xa0 [sunrpc]\n rpc_async_release+0x46/0x70 [sunrpc]\n process_one_work+0x3bd/0x710\n worker_thread+0x89/0x610\n kthread+0x181/0x1c0\n ret_from_fork+0x29/0x50", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-52582", "https://git.kernel.org/linus/df1c357f25d808e30b216188330e708e09e1a412 (6.6-rc3)", "https://git.kernel.org/stable/c/d9f5537479d4ec97ea92ff24e81a517d5772581a", "https://git.kernel.org/stable/c/df1c357f25d808e30b216188330e708e09e1a412", "https://git.kernel.org/stable/c/df9950d37df113db59495fa09d060754366a2b7c", "https://lore.kernel.org/linux-cve-announce/2024030258-CVE-2023-52582-07c8@gregkh/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2023-52582", "https://www.cve.org/CVERecord?id=CVE-2023-52582" ], "PublishedDate": "2024-03-02T22:15:49.77Z", "LastModifiedDate": "2025-01-16T17:33:18.49Z" }, { "VulnerabilityID": "CVE-2023-52586", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52586", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b4a15ce355c83dbfd998fbe291732d54797cb4e6308ab313152b6e2cf7bcddc5", "Title": "kernel: drm/msm/dpu: Add mutex lock in control vblank irq", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: Add mutex lock in control vblank irq\n\nAdd a mutex lock to control vblank irq to synchronize vblank\nenable/disable operations happening from different threads to prevent\nrace conditions while registering/unregistering the vblank irq callback.\n\nv4: -Removed vblank_ctl_lock from dpu_encoder_virt, so it is only a\n parameter of dpu_encoder_phys.\n -Switch from atomic refcnt to a simple int counter as mutex has\n now been added\nv3: Mistakenly did not change wording in last version. It is done now.\nv2: Slightly changed wording of commit message\n\nPatchwork: https://patchwork.freedesktop.org/patch/571854/", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-52586", "https://git.kernel.org/linus/45284ff733e4caf6c118aae5131eb7e7cf3eea5a (6.8-rc1)", "https://git.kernel.org/stable/c/14f109bf74dd67e1d0469fed859c8e506b0df53f", "https://git.kernel.org/stable/c/45284ff733e4caf6c118aae5131eb7e7cf3eea5a", "https://lore.kernel.org/linux-cve-announce/2024030644-CVE-2023-52586-3ecb@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-52586", "https://www.cve.org/CVERecord?id=CVE-2023-52586" ], "PublishedDate": "2024-03-06T07:15:07.443Z", "LastModifiedDate": "2025-02-14T15:38:51.95Z" }, { "VulnerabilityID": "CVE-2023-52589", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52589", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7d0de7ad37801c584fd3d116cbda06d424630428b484a8c8b0cbef9725814fa4", "Title": "kernel: media: rkisp1: Fix IRQ disable race issue", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rkisp1: Fix IRQ disable race issue\n\nIn rkisp1_isp_stop() and rkisp1_csi_disable() the driver masks the\ninterrupts and then apparently assumes that the interrupt handler won't\nbe running, and proceeds in the stop procedure. This is not the case, as\nthe interrupt handler can already be running, which would lead to the\nISP being disabled while the interrupt handler handling a captured\nframe.\n\nThis brings up two issues: 1) the ISP could be powered off while the\ninterrupt handler is still running and accessing registers, leading to\nboard lockup, and 2) the interrupt handler code and the code that\ndisables the streaming might do things that conflict.\n\nIt is not clear to me if 2) causes a real issue, but 1) can be seen with\na suitable delay (or printk in my case) in the interrupt handler,\nleading to board lockup.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-52589", "https://git.kernel.org/linus/870565f063a58576e8a4529f122cac4325c6b395 (6.8-rc1)", "https://git.kernel.org/stable/c/7bb1a2822aa2c2de4e09bf7c56dd93bd532f1fa7", "https://git.kernel.org/stable/c/870565f063a58576e8a4529f122cac4325c6b395", "https://git.kernel.org/stable/c/bf808f58681cab64c81cd814551814fd34e540fe", "https://git.kernel.org/stable/c/fab483438342984f2a315fe13c882a80f0f7e545", "https://lore.kernel.org/linux-cve-announce/2024030644-CVE-2023-52589-8f84@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-52589", "https://ubuntu.com/security/notices/USN-6688-1", "https://ubuntu.com/security/notices/USN-6818-1", "https://ubuntu.com/security/notices/USN-6818-2", "https://ubuntu.com/security/notices/USN-6818-3", "https://ubuntu.com/security/notices/USN-6818-4", "https://ubuntu.com/security/notices/USN-6819-1", "https://ubuntu.com/security/notices/USN-6819-2", "https://ubuntu.com/security/notices/USN-6819-3", "https://ubuntu.com/security/notices/USN-6819-4", "https://www.cve.org/CVERecord?id=CVE-2023-52589" ], "PublishedDate": "2024-03-06T07:15:08.053Z", "LastModifiedDate": "2025-02-14T16:40:27.767Z" }, { "VulnerabilityID": "CVE-2023-52590", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52590", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5aa26098beac30749d862242c0d6fa56bca74eb5722556e866e7fbe5fd5824cd", "Title": "kernel: ocfs2: Avoid touching renamed directory if parent does not change", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: Avoid touching renamed directory if parent does not change\n\nThe VFS will not be locking moved directory if its parent does not\nchange. Change ocfs2 rename code to avoid touching renamed directory if\nits parent does not change as without locking that can corrupt the\nfilesystem.", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-52590", "https://git.kernel.org/linus/9d618d19b29c2943527e3a43da0a35aea91062fc (6.8-rc1)", "https://git.kernel.org/stable/c/9d618d19b29c2943527e3a43da0a35aea91062fc", "https://git.kernel.org/stable/c/de940cede3c41624e2de27f805b490999f419df9", "https://lore.kernel.org/linux-cve-announce/2024030644-CVE-2023-52590-fca9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-52590", "https://www.cve.org/CVERecord?id=CVE-2023-52590" ], "PublishedDate": "2024-03-06T07:15:08.297Z", "LastModifiedDate": "2025-02-14T16:40:22.487Z" }, { "VulnerabilityID": "CVE-2023-52591", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52591", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:31aac43508b20485bfcf9b6297fcd9fbc78026385564aaf01e26084d513545c4", "Title": "kernel: reiserfs: Avoid touching renamed directory if parent does not change", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nreiserfs: Avoid touching renamed directory if parent does not change\n\nThe VFS will not be locking moved directory if its parent does not\nchange. Change reiserfs rename code to avoid touching renamed directory\nif its parent does not change as without locking that can corrupt the\nfilesystem.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-52591", "https://git.kernel.org/linus/49db9b1b86a82448dfaf3fcfefcf678dee56c8ed (6.8-rc1)", "https://git.kernel.org/stable/c/17e1361cb91dc1325834da95d2ab532959d2debc", "https://git.kernel.org/stable/c/49db9b1b86a82448dfaf3fcfefcf678dee56c8ed", "https://git.kernel.org/stable/c/c04c162f82ac403917780eb6d1654694455d4e7c", "https://lore.kernel.org/linux-cve-announce/2024030644-CVE-2023-52591-46a0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-52591", "https://ubuntu.com/security/notices/USN-6818-1", "https://ubuntu.com/security/notices/USN-6818-2", "https://ubuntu.com/security/notices/USN-6818-3", "https://ubuntu.com/security/notices/USN-6818-4", "https://ubuntu.com/security/notices/USN-6819-1", "https://ubuntu.com/security/notices/USN-6819-2", "https://ubuntu.com/security/notices/USN-6819-3", "https://ubuntu.com/security/notices/USN-6819-4", "https://www.cve.org/CVERecord?id=CVE-2023-52591" ], "PublishedDate": "2024-03-06T07:15:08.51Z", "LastModifiedDate": "2025-03-14T18:52:21.107Z" }, { "VulnerabilityID": "CVE-2023-52624", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52624", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:39731e84596ce7ec6dde5818c33f20bab03a1f62b64a79a19835427db61b6e12", "Title": "kernel: drm/amd/display: Wake DMCUB before executing GPINT commands", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Wake DMCUB before executing GPINT commands\n\n[Why]\nDMCUB can be in idle when we attempt to interface with the HW through\nthe GPINT mailbox resulting in a system hang.\n\n[How]\nAdd dc_wake_and_execute_gpint() to wrap the wake, execute, sleep\nsequence.\n\nIf the GPINT executes successfully then DMCUB will be put back into\nsleep after the optional response is returned.\n\nIt functions similar to the inbox command interface.", "Severity": "MEDIUM", "CweIDs": [ "CWE-77" ], "VendorSeverity": { "nvd": 3, "oracle-oval": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-52624", "https://git.kernel.org/linus/e5ffd1263dd5b44929c676171802e7b6af483f21 (6.8-rc1)", "https://git.kernel.org/stable/c/2ef98c6d753a744e333b7e34b9cf687040fba57d", "https://git.kernel.org/stable/c/e5ffd1263dd5b44929c676171802e7b6af483f21", "https://linux.oracle.com/cve/CVE-2023-52624.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/20240326175007.1388794-10-lee@kernel.org/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-52624", "https://www.cve.org/CVERecord?id=CVE-2023-52624" ], "PublishedDate": "2024-03-26T18:15:08.99Z", "LastModifiedDate": "2025-03-17T15:19:42.927Z" }, { "VulnerabilityID": "CVE-2023-52625", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52625", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:43bda745e7224a07fa7a65623f798cbc2709e308c5ee1af4efcf74a19dcfc385", "Title": "kernel: drm/amd/display: Refactor DMCUB enter/exit idle interface", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Refactor DMCUB enter/exit idle interface\n\n[Why]\nWe can hang in place trying to send commands when the DMCUB isn't\npowered on.\n\n[How]\nWe need to exit out of the idle state prior to sending a command,\nbut the process that performs the exit also invokes a command itself.\n\nFixing this issue involves the following:\n\n1. Using a software state to track whether or not we need to start\n the process to exit idle or notify idle.\n\nIt's possible for the hardware to have exited an idle state without\ndriver knowledge, but entering one is always restricted to a driver\nallow - which makes the SW state vs HW state mismatch issue purely one\nof optimization, which should seldomly be hit, if at all.\n\n2. Refactor any instances of exit/notify idle to use a single wrapper\n that maintains this SW state.\n\nThis works simialr to dc_allow_idle_optimizations, but works at the\nDMCUB level and makes sure the state is marked prior to any notify/exit\nidle so we don't enter an infinite loop.\n\n3. Make sure we exit out of idle prior to sending any commands or\n waiting for DMCUB idle.\n\nThis patch takes care of 1/2. A future patch will take care of wrapping\nDMCUB command submission with calls to this new interface.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-52625", "https://git.kernel.org/linus/8e57c06bf4b0f51a4d6958e15e1a99c9520d00fa (6.8-rc1)", "https://git.kernel.org/stable/c/820c3870c491946a78950cdf961bf40e28c1025f", "https://git.kernel.org/stable/c/8e57c06bf4b0f51a4d6958e15e1a99c9520d00fa", "https://linux.oracle.com/cve/CVE-2023-52625.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/20240326175007.1388794-11-lee@kernel.org/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-52625", "https://www.cve.org/CVERecord?id=CVE-2023-52625" ], "PublishedDate": "2024-03-26T18:15:09.04Z", "LastModifiedDate": "2025-03-17T15:19:34.277Z" }, { "VulnerabilityID": "CVE-2023-52632", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52632", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:82b2941953f25e767d0e70e52e8f869fba165de59427f382406cecde6b1a7d72", "Title": "kernel: drm/amdkfd: lock dependency warning with srcu", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Fix lock dependency warning with srcu\n\n======================================================\nWARNING: possible circular locking dependency detected\n6.5.0-kfd-yangp #2289 Not tainted\n------------------------------------------------------\nkworker/0:2/996 is trying to acquire lock:\n (srcu){.+.+}-{0:0}, at: __synchronize_srcu+0x5/0x1a0\n\nbut task is already holding lock:\n ((work_completion)(\u0026svms-\u003edeferred_list_work)){+.+.}-{0:0}, at:\n\tprocess_one_work+0x211/0x560\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-\u003e #3 ((work_completion)(\u0026svms-\u003edeferred_list_work)){+.+.}-{0:0}:\n __flush_work+0x88/0x4f0\n svm_range_list_lock_and_flush_work+0x3d/0x110 [amdgpu]\n svm_range_set_attr+0xd6/0x14c0 [amdgpu]\n kfd_ioctl+0x1d1/0x630 [amdgpu]\n __x64_sys_ioctl+0x88/0xc0\n\n-\u003e #2 (\u0026info-\u003elock#2){+.+.}-{3:3}:\n __mutex_lock+0x99/0xc70\n amdgpu_amdkfd_gpuvm_restore_process_bos+0x54/0x740 [amdgpu]\n restore_process_helper+0x22/0x80 [amdgpu]\n restore_process_worker+0x2d/0xa0 [amdgpu]\n process_one_work+0x29b/0x560\n worker_thread+0x3d/0x3d0\n\n-\u003e #1 ((work_completion)(\u0026(\u0026process-\u003erestore_work)-\u003ework)){+.+.}-{0:0}:\n __flush_work+0x88/0x4f0\n __cancel_work_timer+0x12c/0x1c0\n kfd_process_notifier_release_internal+0x37/0x1f0 [amdgpu]\n __mmu_notifier_release+0xad/0x240\n exit_mmap+0x6a/0x3a0\n mmput+0x6a/0x120\n do_exit+0x322/0xb90\n do_group_exit+0x37/0xa0\n __x64_sys_exit_group+0x18/0x20\n do_syscall_64+0x38/0x80\n\n-\u003e #0 (srcu){.+.+}-{0:0}:\n __lock_acquire+0x1521/0x2510\n lock_sync+0x5f/0x90\n __synchronize_srcu+0x4f/0x1a0\n __mmu_notifier_release+0x128/0x240\n exit_mmap+0x6a/0x3a0\n mmput+0x6a/0x120\n svm_range_deferred_list_work+0x19f/0x350 [amdgpu]\n process_one_work+0x29b/0x560\n worker_thread+0x3d/0x3d0\n\nother info that might help us debug this:\nChain exists of:\n srcu --\u003e \u0026info-\u003elock#2 --\u003e (work_completion)(\u0026svms-\u003edeferred_list_work)\n\nPossible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock((work_completion)(\u0026svms-\u003edeferred_list_work));\n lock(\u0026info-\u003elock#2);\n\t\t\tlock((work_completion)(\u0026svms-\u003edeferred_list_work));\n sync(srcu);", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-52632", "https://git.kernel.org/linus/2a9de42e8d3c82c6990d226198602be44f43f340 (6.8-rc1)", "https://git.kernel.org/stable/c/1556c242e64cdffe58736aa650b0b395854fe4d4", "https://git.kernel.org/stable/c/2a9de42e8d3c82c6990d226198602be44f43f340", "https://git.kernel.org/stable/c/752312f6a79440086ac0f9b08d7776870037323c", "https://git.kernel.org/stable/c/b602f098f716723fa5c6c96a486e0afba83b7b94", "https://linux.oracle.com/cve/CVE-2023-52632.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/2024040218-CVE-2023-52632-f7bb@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-52632", "https://ubuntu.com/security/notices/USN-6818-1", "https://ubuntu.com/security/notices/USN-6818-2", "https://ubuntu.com/security/notices/USN-6818-3", "https://ubuntu.com/security/notices/USN-6818-4", "https://ubuntu.com/security/notices/USN-6819-1", "https://ubuntu.com/security/notices/USN-6819-2", "https://ubuntu.com/security/notices/USN-6819-3", "https://ubuntu.com/security/notices/USN-6819-4", "https://www.cve.org/CVERecord?id=CVE-2023-52632" ], "PublishedDate": "2024-04-02T07:15:41.01Z", "LastModifiedDate": "2025-03-17T15:17:57.207Z" }, { "VulnerabilityID": "CVE-2023-52634", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52634", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:84c8a2e72e0f71978f721cd016e24a9e86c88945cbbd5bab7a3076bd0a1cffc8", "Title": "kernel: drm/amd/display: Fix disable_otg_wa logic", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix disable_otg_wa logic\n\n[Why]\nWhen switching to another HDMI mode, we are unnecesarilly\ndisabling/enabling FIFO causing both HPO and DIG registers to be set at\nthe same time when only HPO is supposed to be set.\n\nThis can lead to a system hang the next time we change refresh rates as\nthere are cases when we don't disable OTG/FIFO but FIFO is enabled when\nit isn't supposed to be.\n\n[How]\nRemoving the enable/disable FIFO entirely.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-52634", "https://git.kernel.org/linus/2ce156482a6fef349d2eba98e5070c412d3af662 (6.8-rc1)", "https://git.kernel.org/stable/c/2ce156482a6fef349d2eba98e5070c412d3af662", "https://git.kernel.org/stable/c/ce29728ef6485a367934cc100249c66dd3cde5b6", "https://linux.oracle.com/cve/CVE-2023-52634.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/2024040219-CVE-2023-52634-27e0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-52634", "https://www.cve.org/CVERecord?id=CVE-2023-52634" ], "PublishedDate": "2024-04-02T07:15:41.177Z", "LastModifiedDate": "2025-03-17T15:17:36.907Z" }, { "VulnerabilityID": "CVE-2023-52648", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52648", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:72b5388c46142a00845b8a9660a1a4a46f09a588dd17aeda9df8a33fede11b7a", "Title": "kernel: drm/vmwgfx: Unmap the surface before resetting it on a plane state", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Unmap the surface before resetting it on a plane state\n\nSwitch to a new plane state requires unreferencing of all held surfaces.\nIn the work required for mob cursors the mapped surfaces started being\ncached but the variable indicating whether the surface is currently\nmapped was not being reset. This leads to crashes as the duplicated\nstate, incorrectly, indicates the that surface is mapped even when\nno surface is present. That's because after unreferencing the surface\nit's perfectly possible for the plane to be backed by a bo instead of a\nsurface.\n\nReset the surface mapped flag when unreferencing the plane state surface\nto fix null derefs in cleanup. Fixes crashes in KDE KWin 6.0 on Wayland:\n\nOops: 0000 [#1] PREEMPT SMP PTI\nCPU: 4 PID: 2533 Comm: kwin_wayland Not tainted 6.7.0-rc3-vmwgfx #2\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nRIP: 0010:vmw_du_cursor_plane_cleanup_fb+0x124/0x140 [vmwgfx]\nCode: 00 00 00 75 3a 48 83 c4 10 5b 5d c3 cc cc cc cc 48 8b b3 a8 00 00 00 48 c7 c7 99 90 43 c0 e8 93 c5 db ca 48 8b 83 a8 00 00 00 \u003c48\u003e 8b 78 28 e8 e3 f\u003e\nRSP: 0018:ffffb6b98216fa80 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff969d84cdcb00 RCX: 0000000000000027\nRDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff969e75f21600\nRBP: ffff969d4143dc50 R08: 0000000000000000 R09: ffffb6b98216f920\nR10: 0000000000000003 R11: ffff969e7feb3b10 R12: 0000000000000000\nR13: 0000000000000000 R14: 000000000000027b R15: ffff969d49c9fc00\nFS: 00007f1e8f1b4180(0000) GS:ffff969e75f00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000028 CR3: 0000000104006004 CR4: 00000000003706f0\nCall Trace:\n \u003cTASK\u003e\n ? __die+0x23/0x70\n ? page_fault_oops+0x171/0x4e0\n ? exc_page_fault+0x7f/0x180\n ? asm_exc_page_fault+0x26/0x30\n ? vmw_du_cursor_plane_cleanup_fb+0x124/0x140 [vmwgfx]\n drm_atomic_helper_cleanup_planes+0x9b/0xc0\n commit_tail+0xd1/0x130\n drm_atomic_helper_commit+0x11a/0x140\n drm_atomic_commit+0x97/0xd0\n ? __pfx___drm_printfn_info+0x10/0x10\n drm_atomic_helper_update_plane+0xf5/0x160\n drm_mode_cursor_universal+0x10e/0x270\n drm_mode_cursor_common+0x102/0x230\n ? __pfx_drm_mode_cursor2_ioctl+0x10/0x10\n drm_ioctl_kernel+0xb2/0x110\n drm_ioctl+0x26d/0x4b0\n ? __pfx_drm_mode_cursor2_ioctl+0x10/0x10\n ? __pfx_drm_ioctl+0x10/0x10\n vmw_generic_ioctl+0xa4/0x110 [vmwgfx]\n __x64_sys_ioctl+0x94/0xd0\n do_syscall_64+0x61/0xe0\n ? __x64_sys_ioctl+0xaf/0xd0\n ? syscall_exit_to_user_mode+0x2b/0x40\n ? do_syscall_64+0x70/0xe0\n ? __x64_sys_ioctl+0xaf/0xd0\n ? syscall_exit_to_user_mode+0x2b/0x40\n ? do_syscall_64+0x70/0xe0\n ? exc_page_fault+0x7f/0x180\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\nRIP: 0033:0x7f1e93f279ed\nCode: 04 25 28 00 00 00 48 89 45 c8 31 c0 48 8d 45 10 c7 45 b0 10 00 00 00 48 89 45 b8 48 8d 45 d0 48 89 45 c0 b8 10 00 00 00 0f 05 \u003c89\u003e c2 3d 00 f0 ff f\u003e\nRSP: 002b:00007ffca0faf600 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 000055db876ed2c0 RCX: 00007f1e93f279ed\nRDX: 00007ffca0faf6c0 RSI: 00000000c02464bb RDI: 0000000000000015\nRBP: 00007ffca0faf650 R08: 000055db87184010 R09: 0000000000000007\nR10: 000055db886471a0 R11: 0000000000000246 R12: 00007ffca0faf6c0\nR13: 00000000c02464bb R14: 0000000000000015 R15: 00007ffca0faf790\n \u003c/TASK\u003e\nModules linked in: snd_seq_dummy snd_hrtimer nf_conntrack_netbios_ns nf_conntrack_broadcast nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_ine\u003e\nCR2: 0000000000000028\n---[ end trace 0000000000000000 ]---\nRIP: 0010:vmw_du_cursor_plane_cleanup_fb+0x124/0x140 [vmwgfx]\nCode: 00 00 00 75 3a 48 83 c4 10 5b 5d c3 cc cc cc cc 48 8b b3 a8 00 00 00 48 c7 c7 99 90 43 c0 e8 93 c5 db ca 48 8b 83 a8 00 00 00 \u003c48\u003e 8b 78 28 e8 e3 f\u003e\nRSP: 0018:ffffb6b98216fa80 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff969d84cdcb00 RCX: 0000000000000027\nRDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff969e75f21600\nRBP: ffff969d4143\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 3, "azure": 2, "nvd": 2, "oracle-oval": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:5102", "https://access.redhat.com/security/cve/CVE-2023-52648", "https://bugzilla.redhat.com/2263879", "https://bugzilla.redhat.com/2265645", "https://bugzilla.redhat.com/2265797", "https://bugzilla.redhat.com/2266341", "https://bugzilla.redhat.com/2266347", "https://bugzilla.redhat.com/2266497", "https://bugzilla.redhat.com/2267787", "https://bugzilla.redhat.com/2268118", "https://bugzilla.redhat.com/2269070", "https://bugzilla.redhat.com/2269211", "https://bugzilla.redhat.com/2270084", "https://bugzilla.redhat.com/2270100", "https://bugzilla.redhat.com/2271686", "https://bugzilla.redhat.com/2271688", "https://bugzilla.redhat.com/2272782", "https://bugzilla.redhat.com/2272795", "https://bugzilla.redhat.com/2273109", "https://bugzilla.redhat.com/2273174", "https://bugzilla.redhat.com/2273236", "https://bugzilla.redhat.com/2273242", "https://bugzilla.redhat.com/2273247", "https://bugzilla.redhat.com/2273268", "https://bugzilla.redhat.com/2273427", "https://bugzilla.redhat.com/2273654", "https://bugzilla.redhat.com/2275565", "https://bugzilla.redhat.com/2275573", "https://bugzilla.redhat.com/2275580", "https://bugzilla.redhat.com/2275694", "https://bugzilla.redhat.com/2275711", "https://bugzilla.redhat.com/2275748", "https://bugzilla.redhat.com/2275761", "https://bugzilla.redhat.com/2275928", "https://bugzilla.redhat.com/2277166", "https://bugzilla.redhat.com/2277238", "https://bugzilla.redhat.com/2277840", "https://bugzilla.redhat.com/2278176", "https://bugzilla.redhat.com/2278178", "https://bugzilla.redhat.com/2278182", "https://bugzilla.redhat.com/2278218", "https://bugzilla.redhat.com/2278256", "https://bugzilla.redhat.com/2278258", "https://bugzilla.redhat.com/2278277", "https://bugzilla.redhat.com/2278279", "https://bugzilla.redhat.com/2278380", "https://bugzilla.redhat.com/2278484", "https://bugzilla.redhat.com/2278515", "https://bugzilla.redhat.com/2278535", "https://bugzilla.redhat.com/2278539", "https://bugzilla.redhat.com/2278989", "https://bugzilla.redhat.com/2280440", "https://bugzilla.redhat.com/2281054", "https://bugzilla.redhat.com/2281133", "https://bugzilla.redhat.com/2281149", "https://bugzilla.redhat.com/2281207", "https://bugzilla.redhat.com/2281215", "https://bugzilla.redhat.com/2281221", "https://bugzilla.redhat.com/2281235", "https://bugzilla.redhat.com/2281268", "https://bugzilla.redhat.com/2281326", "https://bugzilla.redhat.com/2281360", "https://bugzilla.redhat.com/2281510", "https://bugzilla.redhat.com/2281519", "https://bugzilla.redhat.com/2281636", "https://bugzilla.redhat.com/2281641", "https://bugzilla.redhat.com/2281664", "https://bugzilla.redhat.com/2281667", "https://bugzilla.redhat.com/2281672", "https://bugzilla.redhat.com/2281675", "https://bugzilla.redhat.com/2281682", "https://bugzilla.redhat.com/2281725", "https://bugzilla.redhat.com/2281752", "https://bugzilla.redhat.com/2281758", "https://bugzilla.redhat.com/2281819", "https://bugzilla.redhat.com/2281821", "https://bugzilla.redhat.com/2281833", "https://bugzilla.redhat.com/2281938", "https://bugzilla.redhat.com/2281949", "https://bugzilla.redhat.com/2281968", "https://bugzilla.redhat.com/2281989", "https://bugzilla.redhat.com/2282328", "https://bugzilla.redhat.com/2282373", "https://bugzilla.redhat.com/2282479", "https://bugzilla.redhat.com/2282553", "https://bugzilla.redhat.com/2282615", "https://bugzilla.redhat.com/2282623", "https://bugzilla.redhat.com/2282640", "https://bugzilla.redhat.com/2282642", "https://bugzilla.redhat.com/2282645", "https://bugzilla.redhat.com/2282717", "https://bugzilla.redhat.com/2282719", "https://bugzilla.redhat.com/2282727", "https://bugzilla.redhat.com/2282742", "https://bugzilla.redhat.com/2282743", "https://bugzilla.redhat.com/2282744", "https://bugzilla.redhat.com/2282759", "https://bugzilla.redhat.com/2282763", "https://bugzilla.redhat.com/2282766", "https://bugzilla.redhat.com/2282772", "https://bugzilla.redhat.com/2282780", "https://bugzilla.redhat.com/2282887", "https://bugzilla.redhat.com/2282896", "https://bugzilla.redhat.com/2282923", "https://bugzilla.redhat.com/2282925", "https://bugzilla.redhat.com/2282950", "https://bugzilla.redhat.com/2283401", "https://bugzilla.redhat.com/2283894", "https://bugzilla.redhat.com/2284400", "https://bugzilla.redhat.com/2284417", "https://bugzilla.redhat.com/2284421", "https://bugzilla.redhat.com/2284474", "https://bugzilla.redhat.com/2284477", "https://bugzilla.redhat.com/2284488", "https://bugzilla.redhat.com/2284496", "https://bugzilla.redhat.com/2284500", "https://bugzilla.redhat.com/2284513", "https://bugzilla.redhat.com/2284519", "https://bugzilla.redhat.com/2284539", "https://bugzilla.redhat.com/2284541", "https://bugzilla.redhat.com/2284556", "https://bugzilla.redhat.com/2284571", "https://bugzilla.redhat.com/2284590", "https://bugzilla.redhat.com/2284625", "https://bugzilla.redhat.com/2290408", "https://bugzilla.redhat.com/2292331", "https://bugzilla.redhat.com/2293078", "https://bugzilla.redhat.com/2293250", "https://bugzilla.redhat.com/2293276", "https://bugzilla.redhat.com/2293312", "https://bugzilla.redhat.com/2293316", "https://bugzilla.redhat.com/2293348", "https://bugzilla.redhat.com/2293371", "https://bugzilla.redhat.com/2293383", "https://bugzilla.redhat.com/2293418", "https://bugzilla.redhat.com/2293420", "https://bugzilla.redhat.com/2293444", "https://bugzilla.redhat.com/2293461", "https://bugzilla.redhat.com/2293653", "https://bugzilla.redhat.com/2293657", "https://bugzilla.redhat.com/2293684", "https://bugzilla.redhat.com/2293687", "https://bugzilla.redhat.com/2293700", "https://bugzilla.redhat.com/2293711", "https://bugzilla.redhat.com/2294274", "https://bugzilla.redhat.com/2295914", "https://bugzilla.redhat.com/2296067", "https://bugzilla.redhat.com/2297056", "https://bugzilla.redhat.com/2297474", "https://bugzilla.redhat.com/2297511", "https://bugzilla.redhat.com/2298108", "https://bugzilla.redhat.com/show_bug.cgi?id=2263879", "https://bugzilla.redhat.com/show_bug.cgi?id=2265645", "https://bugzilla.redhat.com/show_bug.cgi?id=2265650", "https://bugzilla.redhat.com/show_bug.cgi?id=2265797", "https://bugzilla.redhat.com/show_bug.cgi?id=2266341", "https://bugzilla.redhat.com/show_bug.cgi?id=2266347", "https://bugzilla.redhat.com/show_bug.cgi?id=2266497", "https://bugzilla.redhat.com/show_bug.cgi?id=2266594", "https://bugzilla.redhat.com/show_bug.cgi?id=2267787", "https://bugzilla.redhat.com/show_bug.cgi?id=2268118", "https://bugzilla.redhat.com/show_bug.cgi?id=2269070", "https://bugzilla.redhat.com/show_bug.cgi?id=2269211", "https://bugzilla.redhat.com/show_bug.cgi?id=2270084", "https://bugzilla.redhat.com/show_bug.cgi?id=2270100", "https://bugzilla.redhat.com/show_bug.cgi?id=2270700", "https://bugzilla.redhat.com/show_bug.cgi?id=2271686", "https://bugzilla.redhat.com/show_bug.cgi?id=2271688", "https://bugzilla.redhat.com/show_bug.cgi?id=2272782", "https://bugzilla.redhat.com/show_bug.cgi?id=2272795", "https://bugzilla.redhat.com/show_bug.cgi?id=2273109", "https://bugzilla.redhat.com/show_bug.cgi?id=2273117", "https://bugzilla.redhat.com/show_bug.cgi?id=2273174", "https://bugzilla.redhat.com/show_bug.cgi?id=2273236", "https://bugzilla.redhat.com/show_bug.cgi?id=2273242", "https://bugzilla.redhat.com/show_bug.cgi?id=2273247", "https://bugzilla.redhat.com/show_bug.cgi?id=2273268", "https://bugzilla.redhat.com/show_bug.cgi?id=2273427", "https://bugzilla.redhat.com/show_bug.cgi?id=2273654", "https://bugzilla.redhat.com/show_bug.cgi?id=2275565", "https://bugzilla.redhat.com/show_bug.cgi?id=2275573", "https://bugzilla.redhat.com/show_bug.cgi?id=2275580", "https://bugzilla.redhat.com/show_bug.cgi?id=2275694", "https://bugzilla.redhat.com/show_bug.cgi?id=2275711", "https://bugzilla.redhat.com/show_bug.cgi?id=2275744", "https://bugzilla.redhat.com/show_bug.cgi?id=2275748", "https://bugzilla.redhat.com/show_bug.cgi?id=2275761", "https://bugzilla.redhat.com/show_bug.cgi?id=2275928", "https://bugzilla.redhat.com/show_bug.cgi?id=2277166", "https://bugzilla.redhat.com/show_bug.cgi?id=2277238", "https://bugzilla.redhat.com/show_bug.cgi?id=2277840", "https://bugzilla.redhat.com/show_bug.cgi?id=2278176", "https://bugzilla.redhat.com/show_bug.cgi?id=2278178", "https://bugzilla.redhat.com/show_bug.cgi?id=2278182", "https://bugzilla.redhat.com/show_bug.cgi?id=2278218", "https://bugzilla.redhat.com/show_bug.cgi?id=2278256", "https://bugzilla.redhat.com/show_bug.cgi?id=2278258", "https://bugzilla.redhat.com/show_bug.cgi?id=2278277", "https://bugzilla.redhat.com/show_bug.cgi?id=2278279", "https://bugzilla.redhat.com/show_bug.cgi?id=2278380", "https://bugzilla.redhat.com/show_bug.cgi?id=2278484", "https://bugzilla.redhat.com/show_bug.cgi?id=2278515", "https://bugzilla.redhat.com/show_bug.cgi?id=2278535", "https://bugzilla.redhat.com/show_bug.cgi?id=2278539", "https://bugzilla.redhat.com/show_bug.cgi?id=2278989", "https://bugzilla.redhat.com/show_bug.cgi?id=2280440", "https://bugzilla.redhat.com/show_bug.cgi?id=2281054", "https://bugzilla.redhat.com/show_bug.cgi?id=2281133", "https://bugzilla.redhat.com/show_bug.cgi?id=2281149", "https://bugzilla.redhat.com/show_bug.cgi?id=2281189", "https://bugzilla.redhat.com/show_bug.cgi?id=2281190", "https://bugzilla.redhat.com/show_bug.cgi?id=2281207", "https://bugzilla.redhat.com/show_bug.cgi?id=2281215", "https://bugzilla.redhat.com/show_bug.cgi?id=2281221", "https://bugzilla.redhat.com/show_bug.cgi?id=2281235", "https://bugzilla.redhat.com/show_bug.cgi?id=2281268", "https://bugzilla.redhat.com/show_bug.cgi?id=2281326", "https://bugzilla.redhat.com/show_bug.cgi?id=2281360", "https://bugzilla.redhat.com/show_bug.cgi?id=2281510", "https://bugzilla.redhat.com/show_bug.cgi?id=2281519", "https://bugzilla.redhat.com/show_bug.cgi?id=2281636", "https://bugzilla.redhat.com/show_bug.cgi?id=2281641", "https://bugzilla.redhat.com/show_bug.cgi?id=2281664", "https://bugzilla.redhat.com/show_bug.cgi?id=2281667", "https://bugzilla.redhat.com/show_bug.cgi?id=2281672", "https://bugzilla.redhat.com/show_bug.cgi?id=2281675", "https://bugzilla.redhat.com/show_bug.cgi?id=2281682", "https://bugzilla.redhat.com/show_bug.cgi?id=2281725", "https://bugzilla.redhat.com/show_bug.cgi?id=2281752", "https://bugzilla.redhat.com/show_bug.cgi?id=2281758", "https://bugzilla.redhat.com/show_bug.cgi?id=2281819", "https://bugzilla.redhat.com/show_bug.cgi?id=2281821", "https://bugzilla.redhat.com/show_bug.cgi?id=2281833", "https://bugzilla.redhat.com/show_bug.cgi?id=2281938", "https://bugzilla.redhat.com/show_bug.cgi?id=2281949", "https://bugzilla.redhat.com/show_bug.cgi?id=2281968", "https://bugzilla.redhat.com/show_bug.cgi?id=2281989", "https://bugzilla.redhat.com/show_bug.cgi?id=2282328", "https://bugzilla.redhat.com/show_bug.cgi?id=2282373", "https://bugzilla.redhat.com/show_bug.cgi?id=2282479", "https://bugzilla.redhat.com/show_bug.cgi?id=2282553", "https://bugzilla.redhat.com/show_bug.cgi?id=2282615", "https://bugzilla.redhat.com/show_bug.cgi?id=2282623", "https://bugzilla.redhat.com/show_bug.cgi?id=2282640", "https://bugzilla.redhat.com/show_bug.cgi?id=2282642", "https://bugzilla.redhat.com/show_bug.cgi?id=2282645", "https://bugzilla.redhat.com/show_bug.cgi?id=2282690", "https://bugzilla.redhat.com/show_bug.cgi?id=2282717", "https://bugzilla.redhat.com/show_bug.cgi?id=2282719", "https://bugzilla.redhat.com/show_bug.cgi?id=2282727", "https://bugzilla.redhat.com/show_bug.cgi?id=2282742", "https://bugzilla.redhat.com/show_bug.cgi?id=2282743", "https://bugzilla.redhat.com/show_bug.cgi?id=2282744", "https://bugzilla.redhat.com/show_bug.cgi?id=2282759", "https://bugzilla.redhat.com/show_bug.cgi?id=2282763", "https://bugzilla.redhat.com/show_bug.cgi?id=2282766", "https://bugzilla.redhat.com/show_bug.cgi?id=2282772", "https://bugzilla.redhat.com/show_bug.cgi?id=2282780", "https://bugzilla.redhat.com/show_bug.cgi?id=2282887", "https://bugzilla.redhat.com/show_bug.cgi?id=2282896", "https://bugzilla.redhat.com/show_bug.cgi?id=2282923", "https://bugzilla.redhat.com/show_bug.cgi?id=2282925", "https://bugzilla.redhat.com/show_bug.cgi?id=2282950", "https://bugzilla.redhat.com/show_bug.cgi?id=2283401", "https://bugzilla.redhat.com/show_bug.cgi?id=2283894", "https://bugzilla.redhat.com/show_bug.cgi?id=2284400", "https://bugzilla.redhat.com/show_bug.cgi?id=2284417", "https://bugzilla.redhat.com/show_bug.cgi?id=2284421", "https://bugzilla.redhat.com/show_bug.cgi?id=2284465", "https://bugzilla.redhat.com/show_bug.cgi?id=2284474", "https://bugzilla.redhat.com/show_bug.cgi?id=2284477", "https://bugzilla.redhat.com/show_bug.cgi?id=2284488", "https://bugzilla.redhat.com/show_bug.cgi?id=2284496", "https://bugzilla.redhat.com/show_bug.cgi?id=2284500", "https://bugzilla.redhat.com/show_bug.cgi?id=2284513", "https://bugzilla.redhat.com/show_bug.cgi?id=2284519", "https://bugzilla.redhat.com/show_bug.cgi?id=2284539", "https://bugzilla.redhat.com/show_bug.cgi?id=2284541", "https://bugzilla.redhat.com/show_bug.cgi?id=2284556", "https://bugzilla.redhat.com/show_bug.cgi?id=2284571", "https://bugzilla.redhat.com/show_bug.cgi?id=2284590", "https://bugzilla.redhat.com/show_bug.cgi?id=2284625", "https://bugzilla.redhat.com/show_bug.cgi?id=2290408", "https://bugzilla.redhat.com/show_bug.cgi?id=2292331", "https://bugzilla.redhat.com/show_bug.cgi?id=2293078", "https://bugzilla.redhat.com/show_bug.cgi?id=2293250", "https://bugzilla.redhat.com/show_bug.cgi?id=2293276", "https://bugzilla.redhat.com/show_bug.cgi?id=2293312", "https://bugzilla.redhat.com/show_bug.cgi?id=2293316", "https://bugzilla.redhat.com/show_bug.cgi?id=2293348", "https://bugzilla.redhat.com/show_bug.cgi?id=2293367", "https://bugzilla.redhat.com/show_bug.cgi?id=2293371", "https://bugzilla.redhat.com/show_bug.cgi?id=2293383", "https://bugzilla.redhat.com/show_bug.cgi?id=2293418", "https://bugzilla.redhat.com/show_bug.cgi?id=2293420", "https://bugzilla.redhat.com/show_bug.cgi?id=2293444", "https://bugzilla.redhat.com/show_bug.cgi?id=2293461", "https://bugzilla.redhat.com/show_bug.cgi?id=2293653", "https://bugzilla.redhat.com/show_bug.cgi?id=2293657", "https://bugzilla.redhat.com/show_bug.cgi?id=2293684", "https://bugzilla.redhat.com/show_bug.cgi?id=2293687", "https://bugzilla.redhat.com/show_bug.cgi?id=2293700", "https://bugzilla.redhat.com/show_bug.cgi?id=2293711", "https://bugzilla.redhat.com/show_bug.cgi?id=2294274", "https://bugzilla.redhat.com/show_bug.cgi?id=2295914", "https://bugzilla.redhat.com/show_bug.cgi?id=2296067", "https://bugzilla.redhat.com/show_bug.cgi?id=2297056", "https://bugzilla.redhat.com/show_bug.cgi?id=2297474", "https://bugzilla.redhat.com/show_bug.cgi?id=2297558", "https://bugzilla.redhat.com/show_bug.cgi?id=2298108", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974", "https://errata.almalinux.org/8/ALSA-2024-5102.html", "https://errata.rockylinux.org/RLSA-2024:5101", "https://git.kernel.org/linus/27571c64f1855881753e6f33c3186573afbab7ba (6.9-rc1)", "https://git.kernel.org/stable/c/0a23f95af7f28dae7c0f7c82578ca5e1a239d461", "https://git.kernel.org/stable/c/105f72cc48c4c93f4578fcc61e06276471858e92", "https://git.kernel.org/stable/c/27571c64f1855881753e6f33c3186573afbab7ba", "https://git.kernel.org/stable/c/75baad63c033b3b900d822bffbc96c9d3649bc75", "https://linux.oracle.com/cve/CVE-2023-52648.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/2024050122-CVE-2023-52648-4e0d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-52648", "https://ubuntu.com/security/notices/USN-6816-1", "https://ubuntu.com/security/notices/USN-6817-1", "https://ubuntu.com/security/notices/USN-6817-2", "https://ubuntu.com/security/notices/USN-6817-3", "https://ubuntu.com/security/notices/USN-6878-1", "https://www.cve.org/CVERecord?id=CVE-2023-52648" ], "PublishedDate": "2024-05-01T06:15:07.217Z", "LastModifiedDate": "2025-09-18T14:19:47.87Z" }, { "VulnerabilityID": "CVE-2023-52653", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52653", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b800344cc003f85a640f27b0180e7c668531589a11be1d713b006be13ca8e9c9", "Title": "kernel: SUNRPC: fix a memleak in gss_import_v2_context", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: fix a memleak in gss_import_v2_context\n\nThe ctx-\u003emech_used.data allocated by kmemdup is not freed in neither\ngss_import_v2_context nor it only caller gss_krb5_import_sec_context,\nwhich frees ctx on error.\n\nThus, this patch reform the last call of gss_import_v2_context to the\ngss_krb5_import_ctx_v2, preventing the memleak while keepping the return\nformation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "alma": 3, "oracle-oval": 3, "photon": 2, "redhat": 1, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:5102", "https://access.redhat.com/security/cve/CVE-2023-52653", "https://bugzilla.redhat.com/2263879", "https://bugzilla.redhat.com/2265645", "https://bugzilla.redhat.com/2265797", "https://bugzilla.redhat.com/2266341", "https://bugzilla.redhat.com/2266347", "https://bugzilla.redhat.com/2266497", "https://bugzilla.redhat.com/2267787", "https://bugzilla.redhat.com/2268118", "https://bugzilla.redhat.com/2269070", "https://bugzilla.redhat.com/2269211", "https://bugzilla.redhat.com/2270084", "https://bugzilla.redhat.com/2270100", "https://bugzilla.redhat.com/2271686", "https://bugzilla.redhat.com/2271688", "https://bugzilla.redhat.com/2272782", "https://bugzilla.redhat.com/2272795", "https://bugzilla.redhat.com/2273109", "https://bugzilla.redhat.com/2273174", "https://bugzilla.redhat.com/2273236", "https://bugzilla.redhat.com/2273242", "https://bugzilla.redhat.com/2273247", "https://bugzilla.redhat.com/2273268", "https://bugzilla.redhat.com/2273427", "https://bugzilla.redhat.com/2273654", "https://bugzilla.redhat.com/2275565", "https://bugzilla.redhat.com/2275573", "https://bugzilla.redhat.com/2275580", "https://bugzilla.redhat.com/2275694", "https://bugzilla.redhat.com/2275711", "https://bugzilla.redhat.com/2275748", "https://bugzilla.redhat.com/2275761", "https://bugzilla.redhat.com/2275928", "https://bugzilla.redhat.com/2277166", "https://bugzilla.redhat.com/2277238", "https://bugzilla.redhat.com/2277840", "https://bugzilla.redhat.com/2278176", "https://bugzilla.redhat.com/2278178", "https://bugzilla.redhat.com/2278182", "https://bugzilla.redhat.com/2278218", "https://bugzilla.redhat.com/2278256", "https://bugzilla.redhat.com/2278258", "https://bugzilla.redhat.com/2278277", "https://bugzilla.redhat.com/2278279", "https://bugzilla.redhat.com/2278380", "https://bugzilla.redhat.com/2278484", "https://bugzilla.redhat.com/2278515", "https://bugzilla.redhat.com/2278535", "https://bugzilla.redhat.com/2278539", "https://bugzilla.redhat.com/2278989", "https://bugzilla.redhat.com/2280440", "https://bugzilla.redhat.com/2281054", "https://bugzilla.redhat.com/2281133", "https://bugzilla.redhat.com/2281149", "https://bugzilla.redhat.com/2281207", "https://bugzilla.redhat.com/2281215", "https://bugzilla.redhat.com/2281221", "https://bugzilla.redhat.com/2281235", "https://bugzilla.redhat.com/2281268", "https://bugzilla.redhat.com/2281326", "https://bugzilla.redhat.com/2281360", "https://bugzilla.redhat.com/2281510", "https://bugzilla.redhat.com/2281519", "https://bugzilla.redhat.com/2281636", "https://bugzilla.redhat.com/2281641", "https://bugzilla.redhat.com/2281664", "https://bugzilla.redhat.com/2281667", "https://bugzilla.redhat.com/2281672", "https://bugzilla.redhat.com/2281675", "https://bugzilla.redhat.com/2281682", "https://bugzilla.redhat.com/2281725", "https://bugzilla.redhat.com/2281752", "https://bugzilla.redhat.com/2281758", "https://bugzilla.redhat.com/2281819", "https://bugzilla.redhat.com/2281821", "https://bugzilla.redhat.com/2281833", "https://bugzilla.redhat.com/2281938", "https://bugzilla.redhat.com/2281949", "https://bugzilla.redhat.com/2281968", "https://bugzilla.redhat.com/2281989", "https://bugzilla.redhat.com/2282328", "https://bugzilla.redhat.com/2282373", "https://bugzilla.redhat.com/2282479", "https://bugzilla.redhat.com/2282553", "https://bugzilla.redhat.com/2282615", "https://bugzilla.redhat.com/2282623", "https://bugzilla.redhat.com/2282640", "https://bugzilla.redhat.com/2282642", "https://bugzilla.redhat.com/2282645", "https://bugzilla.redhat.com/2282717", "https://bugzilla.redhat.com/2282719", "https://bugzilla.redhat.com/2282727", "https://bugzilla.redhat.com/2282742", "https://bugzilla.redhat.com/2282743", "https://bugzilla.redhat.com/2282744", "https://bugzilla.redhat.com/2282759", "https://bugzilla.redhat.com/2282763", "https://bugzilla.redhat.com/2282766", "https://bugzilla.redhat.com/2282772", "https://bugzilla.redhat.com/2282780", "https://bugzilla.redhat.com/2282887", "https://bugzilla.redhat.com/2282896", "https://bugzilla.redhat.com/2282923", "https://bugzilla.redhat.com/2282925", "https://bugzilla.redhat.com/2282950", "https://bugzilla.redhat.com/2283401", "https://bugzilla.redhat.com/2283894", "https://bugzilla.redhat.com/2284400", "https://bugzilla.redhat.com/2284417", "https://bugzilla.redhat.com/2284421", "https://bugzilla.redhat.com/2284474", "https://bugzilla.redhat.com/2284477", "https://bugzilla.redhat.com/2284488", "https://bugzilla.redhat.com/2284496", "https://bugzilla.redhat.com/2284500", "https://bugzilla.redhat.com/2284513", "https://bugzilla.redhat.com/2284519", "https://bugzilla.redhat.com/2284539", "https://bugzilla.redhat.com/2284541", "https://bugzilla.redhat.com/2284556", "https://bugzilla.redhat.com/2284571", "https://bugzilla.redhat.com/2284590", "https://bugzilla.redhat.com/2284625", "https://bugzilla.redhat.com/2290408", "https://bugzilla.redhat.com/2292331", "https://bugzilla.redhat.com/2293078", "https://bugzilla.redhat.com/2293250", "https://bugzilla.redhat.com/2293276", "https://bugzilla.redhat.com/2293312", "https://bugzilla.redhat.com/2293316", "https://bugzilla.redhat.com/2293348", "https://bugzilla.redhat.com/2293371", "https://bugzilla.redhat.com/2293383", "https://bugzilla.redhat.com/2293418", "https://bugzilla.redhat.com/2293420", "https://bugzilla.redhat.com/2293444", "https://bugzilla.redhat.com/2293461", "https://bugzilla.redhat.com/2293653", "https://bugzilla.redhat.com/2293657", "https://bugzilla.redhat.com/2293684", "https://bugzilla.redhat.com/2293687", "https://bugzilla.redhat.com/2293700", "https://bugzilla.redhat.com/2293711", "https://bugzilla.redhat.com/2294274", "https://bugzilla.redhat.com/2295914", "https://bugzilla.redhat.com/2296067", "https://bugzilla.redhat.com/2297056", "https://bugzilla.redhat.com/2297474", "https://bugzilla.redhat.com/2297511", "https://bugzilla.redhat.com/2298108", "https://bugzilla.redhat.com/show_bug.cgi?id=2263879", "https://bugzilla.redhat.com/show_bug.cgi?id=2265645", "https://bugzilla.redhat.com/show_bug.cgi?id=2265650", "https://bugzilla.redhat.com/show_bug.cgi?id=2265797", "https://bugzilla.redhat.com/show_bug.cgi?id=2266341", "https://bugzilla.redhat.com/show_bug.cgi?id=2266347", "https://bugzilla.redhat.com/show_bug.cgi?id=2266497", "https://bugzilla.redhat.com/show_bug.cgi?id=2266594", "https://bugzilla.redhat.com/show_bug.cgi?id=2267787", "https://bugzilla.redhat.com/show_bug.cgi?id=2268118", "https://bugzilla.redhat.com/show_bug.cgi?id=2269070", "https://bugzilla.redhat.com/show_bug.cgi?id=2269211", "https://bugzilla.redhat.com/show_bug.cgi?id=2270084", "https://bugzilla.redhat.com/show_bug.cgi?id=2270100", "https://bugzilla.redhat.com/show_bug.cgi?id=2270700", "https://bugzilla.redhat.com/show_bug.cgi?id=2271686", "https://bugzilla.redhat.com/show_bug.cgi?id=2271688", "https://bugzilla.redhat.com/show_bug.cgi?id=2272782", "https://bugzilla.redhat.com/show_bug.cgi?id=2272795", "https://bugzilla.redhat.com/show_bug.cgi?id=2273109", "https://bugzilla.redhat.com/show_bug.cgi?id=2273117", "https://bugzilla.redhat.com/show_bug.cgi?id=2273174", "https://bugzilla.redhat.com/show_bug.cgi?id=2273236", "https://bugzilla.redhat.com/show_bug.cgi?id=2273242", "https://bugzilla.redhat.com/show_bug.cgi?id=2273247", "https://bugzilla.redhat.com/show_bug.cgi?id=2273268", "https://bugzilla.redhat.com/show_bug.cgi?id=2273427", "https://bugzilla.redhat.com/show_bug.cgi?id=2273654", "https://bugzilla.redhat.com/show_bug.cgi?id=2275565", "https://bugzilla.redhat.com/show_bug.cgi?id=2275573", "https://bugzilla.redhat.com/show_bug.cgi?id=2275580", "https://bugzilla.redhat.com/show_bug.cgi?id=2275694", "https://bugzilla.redhat.com/show_bug.cgi?id=2275711", "https://bugzilla.redhat.com/show_bug.cgi?id=2275744", "https://bugzilla.redhat.com/show_bug.cgi?id=2275748", "https://bugzilla.redhat.com/show_bug.cgi?id=2275761", "https://bugzilla.redhat.com/show_bug.cgi?id=2275928", "https://bugzilla.redhat.com/show_bug.cgi?id=2277166", "https://bugzilla.redhat.com/show_bug.cgi?id=2277238", "https://bugzilla.redhat.com/show_bug.cgi?id=2277840", "https://bugzilla.redhat.com/show_bug.cgi?id=2278176", "https://bugzilla.redhat.com/show_bug.cgi?id=2278178", "https://bugzilla.redhat.com/show_bug.cgi?id=2278182", "https://bugzilla.redhat.com/show_bug.cgi?id=2278218", "https://bugzilla.redhat.com/show_bug.cgi?id=2278256", "https://bugzilla.redhat.com/show_bug.cgi?id=2278258", "https://bugzilla.redhat.com/show_bug.cgi?id=2278277", "https://bugzilla.redhat.com/show_bug.cgi?id=2278279", "https://bugzilla.redhat.com/show_bug.cgi?id=2278380", "https://bugzilla.redhat.com/show_bug.cgi?id=2278484", "https://bugzilla.redhat.com/show_bug.cgi?id=2278515", "https://bugzilla.redhat.com/show_bug.cgi?id=2278535", "https://bugzilla.redhat.com/show_bug.cgi?id=2278539", "https://bugzilla.redhat.com/show_bug.cgi?id=2278989", "https://bugzilla.redhat.com/show_bug.cgi?id=2280440", "https://bugzilla.redhat.com/show_bug.cgi?id=2281054", "https://bugzilla.redhat.com/show_bug.cgi?id=2281133", "https://bugzilla.redhat.com/show_bug.cgi?id=2281149", "https://bugzilla.redhat.com/show_bug.cgi?id=2281189", "https://bugzilla.redhat.com/show_bug.cgi?id=2281190", "https://bugzilla.redhat.com/show_bug.cgi?id=2281207", "https://bugzilla.redhat.com/show_bug.cgi?id=2281215", "https://bugzilla.redhat.com/show_bug.cgi?id=2281221", "https://bugzilla.redhat.com/show_bug.cgi?id=2281235", "https://bugzilla.redhat.com/show_bug.cgi?id=2281268", "https://bugzilla.redhat.com/show_bug.cgi?id=2281326", "https://bugzilla.redhat.com/show_bug.cgi?id=2281360", "https://bugzilla.redhat.com/show_bug.cgi?id=2281510", "https://bugzilla.redhat.com/show_bug.cgi?id=2281519", "https://bugzilla.redhat.com/show_bug.cgi?id=2281636", "https://bugzilla.redhat.com/show_bug.cgi?id=2281641", "https://bugzilla.redhat.com/show_bug.cgi?id=2281664", "https://bugzilla.redhat.com/show_bug.cgi?id=2281667", "https://bugzilla.redhat.com/show_bug.cgi?id=2281672", "https://bugzilla.redhat.com/show_bug.cgi?id=2281675", "https://bugzilla.redhat.com/show_bug.cgi?id=2281682", "https://bugzilla.redhat.com/show_bug.cgi?id=2281725", "https://bugzilla.redhat.com/show_bug.cgi?id=2281752", "https://bugzilla.redhat.com/show_bug.cgi?id=2281758", "https://bugzilla.redhat.com/show_bug.cgi?id=2281819", "https://bugzilla.redhat.com/show_bug.cgi?id=2281821", "https://bugzilla.redhat.com/show_bug.cgi?id=2281833", "https://bugzilla.redhat.com/show_bug.cgi?id=2281938", "https://bugzilla.redhat.com/show_bug.cgi?id=2281949", "https://bugzilla.redhat.com/show_bug.cgi?id=2281968", "https://bugzilla.redhat.com/show_bug.cgi?id=2281989", "https://bugzilla.redhat.com/show_bug.cgi?id=2282328", "https://bugzilla.redhat.com/show_bug.cgi?id=2282373", "https://bugzilla.redhat.com/show_bug.cgi?id=2282479", "https://bugzilla.redhat.com/show_bug.cgi?id=2282553", "https://bugzilla.redhat.com/show_bug.cgi?id=2282615", "https://bugzilla.redhat.com/show_bug.cgi?id=2282623", "https://bugzilla.redhat.com/show_bug.cgi?id=2282640", "https://bugzilla.redhat.com/show_bug.cgi?id=2282642", "https://bugzilla.redhat.com/show_bug.cgi?id=2282645", "https://bugzilla.redhat.com/show_bug.cgi?id=2282690", "https://bugzilla.redhat.com/show_bug.cgi?id=2282717", "https://bugzilla.redhat.com/show_bug.cgi?id=2282719", "https://bugzilla.redhat.com/show_bug.cgi?id=2282727", "https://bugzilla.redhat.com/show_bug.cgi?id=2282742", "https://bugzilla.redhat.com/show_bug.cgi?id=2282743", "https://bugzilla.redhat.com/show_bug.cgi?id=2282744", "https://bugzilla.redhat.com/show_bug.cgi?id=2282759", "https://bugzilla.redhat.com/show_bug.cgi?id=2282763", "https://bugzilla.redhat.com/show_bug.cgi?id=2282766", "https://bugzilla.redhat.com/show_bug.cgi?id=2282772", "https://bugzilla.redhat.com/show_bug.cgi?id=2282780", "https://bugzilla.redhat.com/show_bug.cgi?id=2282887", "https://bugzilla.redhat.com/show_bug.cgi?id=2282896", "https://bugzilla.redhat.com/show_bug.cgi?id=2282923", "https://bugzilla.redhat.com/show_bug.cgi?id=2282925", "https://bugzilla.redhat.com/show_bug.cgi?id=2282950", "https://bugzilla.redhat.com/show_bug.cgi?id=2283401", "https://bugzilla.redhat.com/show_bug.cgi?id=2283894", "https://bugzilla.redhat.com/show_bug.cgi?id=2284400", "https://bugzilla.redhat.com/show_bug.cgi?id=2284417", "https://bugzilla.redhat.com/show_bug.cgi?id=2284421", "https://bugzilla.redhat.com/show_bug.cgi?id=2284465", "https://bugzilla.redhat.com/show_bug.cgi?id=2284474", "https://bugzilla.redhat.com/show_bug.cgi?id=2284477", "https://bugzilla.redhat.com/show_bug.cgi?id=2284488", "https://bugzilla.redhat.com/show_bug.cgi?id=2284496", "https://bugzilla.redhat.com/show_bug.cgi?id=2284500", "https://bugzilla.redhat.com/show_bug.cgi?id=2284513", "https://bugzilla.redhat.com/show_bug.cgi?id=2284519", "https://bugzilla.redhat.com/show_bug.cgi?id=2284539", "https://bugzilla.redhat.com/show_bug.cgi?id=2284541", "https://bugzilla.redhat.com/show_bug.cgi?id=2284556", "https://bugzilla.redhat.com/show_bug.cgi?id=2284571", "https://bugzilla.redhat.com/show_bug.cgi?id=2284590", "https://bugzilla.redhat.com/show_bug.cgi?id=2284625", "https://bugzilla.redhat.com/show_bug.cgi?id=2290408", "https://bugzilla.redhat.com/show_bug.cgi?id=2292331", "https://bugzilla.redhat.com/show_bug.cgi?id=2293078", "https://bugzilla.redhat.com/show_bug.cgi?id=2293250", "https://bugzilla.redhat.com/show_bug.cgi?id=2293276", "https://bugzilla.redhat.com/show_bug.cgi?id=2293312", "https://bugzilla.redhat.com/show_bug.cgi?id=2293316", "https://bugzilla.redhat.com/show_bug.cgi?id=2293348", "https://bugzilla.redhat.com/show_bug.cgi?id=2293367", "https://bugzilla.redhat.com/show_bug.cgi?id=2293371", "https://bugzilla.redhat.com/show_bug.cgi?id=2293383", "https://bugzilla.redhat.com/show_bug.cgi?id=2293418", "https://bugzilla.redhat.com/show_bug.cgi?id=2293420", "https://bugzilla.redhat.com/show_bug.cgi?id=2293444", "https://bugzilla.redhat.com/show_bug.cgi?id=2293461", "https://bugzilla.redhat.com/show_bug.cgi?id=2293653", "https://bugzilla.redhat.com/show_bug.cgi?id=2293657", "https://bugzilla.redhat.com/show_bug.cgi?id=2293684", "https://bugzilla.redhat.com/show_bug.cgi?id=2293687", "https://bugzilla.redhat.com/show_bug.cgi?id=2293700", "https://bugzilla.redhat.com/show_bug.cgi?id=2293711", "https://bugzilla.redhat.com/show_bug.cgi?id=2294274", "https://bugzilla.redhat.com/show_bug.cgi?id=2295914", "https://bugzilla.redhat.com/show_bug.cgi?id=2296067", "https://bugzilla.redhat.com/show_bug.cgi?id=2297056", "https://bugzilla.redhat.com/show_bug.cgi?id=2297474", "https://bugzilla.redhat.com/show_bug.cgi?id=2297558", "https://bugzilla.redhat.com/show_bug.cgi?id=2298108", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974", "https://errata.almalinux.org/8/ALSA-2024-5102.html", "https://errata.rockylinux.org/RLSA-2024:5101", "https://git.kernel.org/linus/e67b652d8e8591d3b1e569dbcdfcee15993e91fa (6.9-rc1)", "https://git.kernel.org/stable/c/47ac11db93e74ac49cd6c3fc69bcbc5964c4a8b4", "https://git.kernel.org/stable/c/99044c01ed5329e73651c054d8a4baacdbb1a27c", "https://git.kernel.org/stable/c/d111e30d9cd846bb368faf3637dc0f71fcbcf822", "https://git.kernel.org/stable/c/e67b652d8e8591d3b1e569dbcdfcee15993e91fa", "https://linux.oracle.com/cve/CVE-2023-52653.html", "https://linux.oracle.com/errata/ELSA-2024-5101.html", "https://lore.kernel.org/linux-cve-announce/2024050131-CVE-2023-52653-a5c2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-52653", "https://ubuntu.com/security/notices/USN-6816-1", "https://ubuntu.com/security/notices/USN-6817-1", "https://ubuntu.com/security/notices/USN-6817-2", "https://ubuntu.com/security/notices/USN-6817-3", "https://ubuntu.com/security/notices/USN-6878-1", "https://www.cve.org/CVERecord?id=CVE-2023-52653" ], "PublishedDate": "2024-05-01T13:15:48.47Z", "LastModifiedDate": "2025-04-08T18:42:28.773Z" }, { "VulnerabilityID": "CVE-2023-52657", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52657", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:deeb42a1d19bbeadb0012c0771ae520892ceb667477692941f3a967d00be4cbb", "Title": "kernel: Revert \u0026#34;drm/amd/pm: resolve reboot exception for si oland\u0026#34;", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"drm/amd/pm: resolve reboot exception for si oland\"\n\nThis reverts commit e490d60a2f76bff636c68ce4fe34c1b6c34bbd86.\n\nThis causes hangs on SI when DC is enabled and errors on driver\nreboot and power off cycles.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-52657", "https://git.kernel.org/linus/955558030954b9637b41c97b730f9b38c92ac488 (6.8-rc7)", "https://git.kernel.org/stable/c/2e443ed55fe3ffb08327b331a9f45e9382413c94", "https://git.kernel.org/stable/c/955558030954b9637b41c97b730f9b38c92ac488", "https://git.kernel.org/stable/c/baac292852c0e347626fb5436916947188e5838f", "https://git.kernel.org/stable/c/c51468ac328d3922747be55507c117e47da813e6", "https://lore.kernel.org/linux-cve-announce/2024051758-CVE-2023-52657-628c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-52657", "https://www.cve.org/CVERecord?id=CVE-2023-52657" ], "PublishedDate": "2024-05-17T12:15:09.077Z", "LastModifiedDate": "2025-09-18T17:07:34.477Z" }, { "VulnerabilityID": "CVE-2023-52660", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52660", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a05e0a2c9c936d2eba8e2342f4367835eaa4d6da09720e611cf4299606a55ba2", "Title": "kernel: media: rkisp1: Fix IRQ handling due to shared interrupts", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rkisp1: Fix IRQ handling due to shared interrupts\n\nThe driver requests the interrupts as IRQF_SHARED, so the interrupt\nhandlers can be called at any time. If such a call happens while the ISP\nis powered down, the SoC will hang as the driver tries to access the\nISP registers.\n\nThis can be reproduced even without the platform sharing the IRQ line:\nEnable CONFIG_DEBUG_SHIRQ and unload the driver, and the board will\nhang.\n\nFix this by adding a new field, 'irqs_enabled', which is used to bail\nout from the interrupt handler when the ISP is not operational.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-52660", "https://git.kernel.org/linus/ffb635bb398fc07cb38f8a7b4a82cbe5f412f08e (6.8-rc5)", "https://git.kernel.org/stable/c/abd34206f396d3ae50cddbd5aa840b8cd7f68c63", "https://git.kernel.org/stable/c/b39b4d207d4f236a74e20d291f6356f2231fd9ee", "https://git.kernel.org/stable/c/edcf92bc66d8361c51dff953a55210e5cfd95587", "https://git.kernel.org/stable/c/ffb635bb398fc07cb38f8a7b4a82cbe5f412f08e", "https://lore.kernel.org/linux-cve-announce/2024051755-CVE-2023-52660-6eac@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-52660", "https://www.cve.org/CVERecord?id=CVE-2023-52660" ], "PublishedDate": "2024-05-17T13:15:57.77Z", "LastModifiedDate": "2025-09-25T16:24:10.86Z" }, { "VulnerabilityID": "CVE-2023-52671", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52671", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d24d2b775d52ad5bb0af9551c8963957f39836bc579cfcaf793a6bb3846210ba", "Title": "kernel: drm/amd/display: Fix hang/underflow when transitioning to ODM4:1", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix hang/underflow when transitioning to ODM4:1\n\n[Why]\nUnder some circumstances, disabling an OPTC and attempting to reclaim\nits OPP(s) for a different OPTC could cause a hang/underflow due to OPPs\nnot being properly disconnected from the disabled OPTC.\n\n[How]\nEnsure that all OPPs are unassigned from an OPTC when it gets disabled.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-52671", "https://git.kernel.org/linus/e7b2b108cdeab76a7e7324459e50b0c1214c0386 (6.8-rc1)", "https://git.kernel.org/stable/c/4b6b479b2da6badff099b2e3abf0248936eefbf5", "https://git.kernel.org/stable/c/ae62f1dde66a6f0eee98defc4c7a346bd5acd239", "https://git.kernel.org/stable/c/e7b2b108cdeab76a7e7324459e50b0c1214c0386", "https://lore.kernel.org/linux-cve-announce/2024051729-CVE-2023-52671-a2df@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-52671", "https://www.cve.org/CVERecord?id=CVE-2023-52671" ], "PublishedDate": "2024-05-17T14:15:10.29Z", "LastModifiedDate": "2025-09-25T16:23:45.113Z" }, { "VulnerabilityID": "CVE-2023-52673", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52673", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8fc837743a37bad2652906e86c7e80401bfcb451c39fe305908042f0c3238e04", "Title": "kernel: drm/amd/display: Fix a debugfs null pointer error", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix a debugfs null pointer error\n\n[WHY \u0026 HOW]\nCheck whether get_subvp_en() callback exists before calling it.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-52673", "https://git.kernel.org/linus/efb91fea652a42fcc037d2a9ef4ecd1ffc5ff4b7 (6.8-rc1)", "https://git.kernel.org/stable/c/43235db21fc23559f50a62f8f273002eeb506f5a", "https://git.kernel.org/stable/c/efb91fea652a42fcc037d2a9ef4ecd1ffc5ff4b7", "https://lore.kernel.org/linux-cve-announce/2024051729-CVE-2023-52673-57e2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-52673", "https://www.cve.org/CVERecord?id=CVE-2023-52673" ], "PublishedDate": "2024-05-17T14:15:10.773Z", "LastModifiedDate": "2025-09-19T14:47:36.197Z" }, { "VulnerabilityID": "CVE-2023-52676", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52676", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0e64d7061102a8890cae2169ca5e509b4b642a7c357ff3d96a56fa0fd544dcc4", "Title": "kernel: bpf: Guard stack limits against 32bit overflow", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Guard stack limits against 32bit overflow\n\nThis patch promotes the arithmetic around checking stack bounds to be\ndone in the 64-bit domain, instead of the current 32bit. The arithmetic\nimplies adding together a 64-bit register with a int offset. The\nregister was checked to be below 1\u003c\u003c29 when it was variable, but not\nwhen it was fixed. The offset either comes from an instruction (in which\ncase it is 16 bit), from another register (in which case the caller\nchecked it to be below 1\u003c\u003c29 [1]), or from the size of an argument to a\nkfunc (in which case it can be a u32 [2]). Between the register being\ninconsistently checked to be below 1\u003c\u003c29, and the offset being up to an\nu32, it appears that we were open to overflowing the `int`s which were\ncurrently used for arithmetic.\n\n[1] https://github.com/torvalds/linux/blob/815fb87b753055df2d9e50f6cd80eb10235fe3e9/kernel/bpf/verifier.c#L7494-L7498\n[2] https://github.com/torvalds/linux/blob/815fb87b753055df2d9e50f6cd80eb10235fe3e9/kernel/bpf/verifier.c#L11904", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-52676", "https://git.kernel.org/linus/1d38a9ee81570c4bd61f557832dead4d6f816760 (6.8-rc1)", "https://git.kernel.org/stable/c/1d38a9ee81570c4bd61f557832dead4d6f816760", "https://git.kernel.org/stable/c/ad140fc856f0b1d5e2215bcb6d0cc247a86805a2", "https://git.kernel.org/stable/c/e5ad9ecb84405637df82732ee02ad741a5f782a6", "https://linux.oracle.com/cve/CVE-2023-52676.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/2024051749-CVE-2023-52676-e224@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-52676", "https://ubuntu.com/security/notices/USN-6818-1", "https://ubuntu.com/security/notices/USN-6818-2", "https://ubuntu.com/security/notices/USN-6818-3", "https://ubuntu.com/security/notices/USN-6818-4", "https://ubuntu.com/security/notices/USN-6819-1", "https://ubuntu.com/security/notices/USN-6819-2", "https://ubuntu.com/security/notices/USN-6819-3", "https://ubuntu.com/security/notices/USN-6819-4", "https://www.cve.org/CVERecord?id=CVE-2023-52676" ], "PublishedDate": "2024-05-17T15:15:18.633Z", "LastModifiedDate": "2025-09-25T16:23:01.237Z" }, { "VulnerabilityID": "CVE-2023-52682", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52682", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:72182c02bac5b10c372703566177b038eca9ae2f87708e75a16cc202a3f10f8b", "Title": "kernel: f2fs: fix to wait on block writeback for post_read case", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to wait on block writeback for post_read case\n\nIf inode is compressed, but not encrypted, it missed to call\nf2fs_wait_on_block_writeback() to wait for GCed page writeback\nin IPU write path.\n\nThread A\t\t\t\tGC-Thread\n\t\t\t\t\t- f2fs_gc\n\t\t\t\t\t - do_garbage_collect\n\t\t\t\t\t - gc_data_segment\n\t\t\t\t\t - move_data_block\n\t\t\t\t\t - f2fs_submit_page_write\n\t\t\t\t\t migrate normal cluster's block via\n\t\t\t\t\t meta_inode's page cache\n- f2fs_write_single_data_page\n - f2fs_do_write_data_page\n - f2fs_inplace_write_data\n - f2fs_submit_page_bio\n\nIRQ\n- f2fs_read_end_io\n\t\t\t\t\tIRQ\n\t\t\t\t\told data overrides new data due to\n\t\t\t\t\tout-of-order GC and common IO.\n\t\t\t\t\t- f2fs_read_end_io", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-52682", "https://git.kernel.org/linus/55fdc1c24a1d6229fe0ecf31335fb9a2eceaaa00 (6.8-rc1)", "https://git.kernel.org/stable/c/4535be48780431753505e74e1b1ad4836a189bc2", "https://git.kernel.org/stable/c/55fdc1c24a1d6229fe0ecf31335fb9a2eceaaa00", "https://git.kernel.org/stable/c/9bfd5ea71521d0e522ba581c6ccc5db93759c0c3", "https://git.kernel.org/stable/c/f904c156d8011d8291ffd5b6b398f3747e294986", "https://lore.kernel.org/linux-cve-announce/2024051751-CVE-2023-52682-fae2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-52682", "https://ubuntu.com/security/notices/USN-6818-1", "https://ubuntu.com/security/notices/USN-6818-2", "https://ubuntu.com/security/notices/USN-6818-3", "https://ubuntu.com/security/notices/USN-6818-4", "https://ubuntu.com/security/notices/USN-6819-1", "https://ubuntu.com/security/notices/USN-6819-2", "https://ubuntu.com/security/notices/USN-6819-3", "https://ubuntu.com/security/notices/USN-6819-4", "https://www.cve.org/CVERecord?id=CVE-2023-52682" ], "PublishedDate": "2024-05-17T15:15:19.427Z", "LastModifiedDate": "2025-09-19T18:45:46.573Z" }, { "VulnerabilityID": "CVE-2023-52700", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52700", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:df62276b91938e855d8b5f78b20130f3a93ea59af8881d300abd998acacc3d42", "Title": "kernel: tipc: fix kernel warning when sending SYN message", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix kernel warning when sending SYN message\n\nWhen sending a SYN message, this kernel stack trace is observed:\n\n...\n[ 13.396352] RIP: 0010:_copy_from_iter+0xb4/0x550\n...\n[ 13.398494] Call Trace:\n[ 13.398630] \u003cTASK\u003e\n[ 13.398630] ? __alloc_skb+0xed/0x1a0\n[ 13.398630] tipc_msg_build+0x12c/0x670 [tipc]\n[ 13.398630] ? shmem_add_to_page_cache.isra.71+0x151/0x290\n[ 13.398630] __tipc_sendmsg+0x2d1/0x710 [tipc]\n[ 13.398630] ? tipc_connect+0x1d9/0x230 [tipc]\n[ 13.398630] ? __local_bh_enable_ip+0x37/0x80\n[ 13.398630] tipc_connect+0x1d9/0x230 [tipc]\n[ 13.398630] ? __sys_connect+0x9f/0xd0\n[ 13.398630] __sys_connect+0x9f/0xd0\n[ 13.398630] ? preempt_count_add+0x4d/0xa0\n[ 13.398630] ? fpregs_assert_state_consistent+0x22/0x50\n[ 13.398630] __x64_sys_connect+0x16/0x20\n[ 13.398630] do_syscall_64+0x42/0x90\n[ 13.398630] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nIt is because commit a41dad905e5a (\"iov_iter: saner checks for attempt\nto copy to/from iterator\") has introduced sanity check for copying\nfrom/to iov iterator. Lacking of copy direction from the iterator\nviewpoint would lead to kernel stack trace like above.\n\nThis commit fixes this issue by initializing the iov iterator with\nthe correct copy direction when sending SYN or ACK without data.", "Severity": "MEDIUM", "CweIDs": [ "CWE-668" ], "VendorSeverity": { "alma": 3, "nvd": 2, "oracle-oval": 3, "redhat": 1, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:4352", "https://access.redhat.com/security/cve/CVE-2023-52700", "https://bugzilla.redhat.com/1918601", "https://bugzilla.redhat.com/2248122", "https://bugzilla.redhat.com/2258875", "https://bugzilla.redhat.com/2265517", "https://bugzilla.redhat.com/2265519", "https://bugzilla.redhat.com/2265520", "https://bugzilla.redhat.com/2265800", "https://bugzilla.redhat.com/2266408", "https://bugzilla.redhat.com/2266831", "https://bugzilla.redhat.com/2267513", "https://bugzilla.redhat.com/2267518", "https://bugzilla.redhat.com/2267730", "https://bugzilla.redhat.com/2270093", "https://bugzilla.redhat.com/2271680", "https://bugzilla.redhat.com/2272692", "https://bugzilla.redhat.com/2272829", "https://bugzilla.redhat.com/2273204", "https://bugzilla.redhat.com/2273278", "https://bugzilla.redhat.com/2273423", "https://bugzilla.redhat.com/2273429", "https://bugzilla.redhat.com/2275604", "https://bugzilla.redhat.com/2275633", "https://bugzilla.redhat.com/2275635", "https://bugzilla.redhat.com/2275733", "https://bugzilla.redhat.com/2278337", "https://bugzilla.redhat.com/2278354", "https://bugzilla.redhat.com/2280434", "https://bugzilla.redhat.com/2281057", "https://bugzilla.redhat.com/2281113", "https://bugzilla.redhat.com/2281157", "https://bugzilla.redhat.com/2281165", "https://bugzilla.redhat.com/2281251", "https://bugzilla.redhat.com/2281253", "https://bugzilla.redhat.com/2281255", "https://bugzilla.redhat.com/2281257", "https://bugzilla.redhat.com/2281272", "https://bugzilla.redhat.com/2281350", "https://bugzilla.redhat.com/2281689", "https://bugzilla.redhat.com/2281693", "https://bugzilla.redhat.com/2281920", "https://bugzilla.redhat.com/2281923", "https://bugzilla.redhat.com/2281925", "https://bugzilla.redhat.com/2281953", "https://bugzilla.redhat.com/2281986", "https://bugzilla.redhat.com/2282394", "https://bugzilla.redhat.com/2282400", "https://bugzilla.redhat.com/2282471", "https://bugzilla.redhat.com/2282472", "https://bugzilla.redhat.com/2282581", "https://bugzilla.redhat.com/2282609", "https://bugzilla.redhat.com/2282612", "https://bugzilla.redhat.com/2282653", "https://bugzilla.redhat.com/2282680", "https://bugzilla.redhat.com/2282698", "https://bugzilla.redhat.com/2282712", "https://bugzilla.redhat.com/2282735", "https://bugzilla.redhat.com/2282902", "https://bugzilla.redhat.com/2282920", "https://bugzilla.redhat.com/show_bug.cgi?id=1918601", "https://bugzilla.redhat.com/show_bug.cgi?id=2248122", "https://bugzilla.redhat.com/show_bug.cgi?id=2258875", "https://bugzilla.redhat.com/show_bug.cgi?id=2265517", "https://bugzilla.redhat.com/show_bug.cgi?id=2265519", "https://bugzilla.redhat.com/show_bug.cgi?id=2265520", "https://bugzilla.redhat.com/show_bug.cgi?id=2265800", "https://bugzilla.redhat.com/show_bug.cgi?id=2266408", "https://bugzilla.redhat.com/show_bug.cgi?id=2266831", "https://bugzilla.redhat.com/show_bug.cgi?id=2267513", "https://bugzilla.redhat.com/show_bug.cgi?id=2267518", "https://bugzilla.redhat.com/show_bug.cgi?id=2267730", "https://bugzilla.redhat.com/show_bug.cgi?id=2270093", "https://bugzilla.redhat.com/show_bug.cgi?id=2271680", "https://bugzilla.redhat.com/show_bug.cgi?id=2272692", "https://bugzilla.redhat.com/show_bug.cgi?id=2272829", "https://bugzilla.redhat.com/show_bug.cgi?id=2273204", "https://bugzilla.redhat.com/show_bug.cgi?id=2273278", "https://bugzilla.redhat.com/show_bug.cgi?id=2273423", "https://bugzilla.redhat.com/show_bug.cgi?id=2273429", "https://bugzilla.redhat.com/show_bug.cgi?id=2275604", "https://bugzilla.redhat.com/show_bug.cgi?id=2275633", "https://bugzilla.redhat.com/show_bug.cgi?id=2275635", "https://bugzilla.redhat.com/show_bug.cgi?id=2275733", "https://bugzilla.redhat.com/show_bug.cgi?id=2278337", "https://bugzilla.redhat.com/show_bug.cgi?id=2278354", "https://bugzilla.redhat.com/show_bug.cgi?id=2280434", "https://bugzilla.redhat.com/show_bug.cgi?id=2281057", "https://bugzilla.redhat.com/show_bug.cgi?id=2281113", "https://bugzilla.redhat.com/show_bug.cgi?id=2281157", "https://bugzilla.redhat.com/show_bug.cgi?id=2281165", "https://bugzilla.redhat.com/show_bug.cgi?id=2281251", "https://bugzilla.redhat.com/show_bug.cgi?id=2281253", "https://bugzilla.redhat.com/show_bug.cgi?id=2281255", "https://bugzilla.redhat.com/show_bug.cgi?id=2281257", "https://bugzilla.redhat.com/show_bug.cgi?id=2281272", "https://bugzilla.redhat.com/show_bug.cgi?id=2281311", "https://bugzilla.redhat.com/show_bug.cgi?id=2281334", "https://bugzilla.redhat.com/show_bug.cgi?id=2281346", "https://bugzilla.redhat.com/show_bug.cgi?id=2281350", "https://bugzilla.redhat.com/show_bug.cgi?id=2281689", "https://bugzilla.redhat.com/show_bug.cgi?id=2281693", "https://bugzilla.redhat.com/show_bug.cgi?id=2281920", "https://bugzilla.redhat.com/show_bug.cgi?id=2281923", "https://bugzilla.redhat.com/show_bug.cgi?id=2281925", "https://bugzilla.redhat.com/show_bug.cgi?id=2281953", "https://bugzilla.redhat.com/show_bug.cgi?id=2281986", "https://bugzilla.redhat.com/show_bug.cgi?id=2282394", "https://bugzilla.redhat.com/show_bug.cgi?id=2282400", "https://bugzilla.redhat.com/show_bug.cgi?id=2282471", "https://bugzilla.redhat.com/show_bug.cgi?id=2282472", "https://bugzilla.redhat.com/show_bug.cgi?id=2282581", "https://bugzilla.redhat.com/show_bug.cgi?id=2282609", "https://bugzilla.redhat.com/show_bug.cgi?id=2282612", "https://bugzilla.redhat.com/show_bug.cgi?id=2282653", "https://bugzilla.redhat.com/show_bug.cgi?id=2282680", "https://bugzilla.redhat.com/show_bug.cgi?id=2282698", "https://bugzilla.redhat.com/show_bug.cgi?id=2282712", "https://bugzilla.redhat.com/show_bug.cgi?id=2282735", "https://bugzilla.redhat.com/show_bug.cgi?id=2282902", "https://bugzilla.redhat.com/show_bug.cgi?id=2282920", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26555", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46909", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46972", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47069", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47073", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47236", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47310", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47311", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47353", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47356", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47456", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47495", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5090", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52464", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52560", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52615", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52626", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52667", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52669", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52686", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52700", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52703", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52781", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52813", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52835", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52877", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52878", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52881", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26583", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26584", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26585", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26656", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26735", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26759", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26801", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26804", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26859", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26906", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26907", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26974", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26982", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27397", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27410", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35789", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35835", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35838", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35845", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35852", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35854", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35855", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35888", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35890", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35958", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35959", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35960", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36004", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36007", "https://errata.almalinux.org/8/ALSA-2024-4352.html", "https://errata.rockylinux.org/RLSA-2024:4211", "https://git.kernel.org/linus/11a4d6f67cf55883dc78e31c247d1903ed7feccc (6.2)", "https://git.kernel.org/stable/c/11a4d6f67cf55883dc78e31c247d1903ed7feccc", "https://git.kernel.org/stable/c/54b6082aec178f16ad6d193b4ecdc9c4823d9a32", "https://linux.oracle.com/cve/CVE-2023-52700.html", "https://linux.oracle.com/errata/ELSA-2024-4211.html", "https://lore.kernel.org/linux-cve-announce/2024052156-CVE-2023-52700-1e45@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-52700", "https://www.cve.org/CVERecord?id=CVE-2023-52700" ], "PublishedDate": "2024-05-21T16:15:12.48Z", "LastModifiedDate": "2025-09-19T14:36:55.547Z" }, { "VulnerabilityID": "CVE-2023-52701", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52701", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:36a2b28b8de30da16be6b6ffe1cdbc19fb7bf6f3ad1ee0fe5178ba6d105e27e5", "Title": "kernel: net: use a bounce buffer for copying skb-\u0026gt;mark", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: use a bounce buffer for copying skb-\u003emark\n\nsyzbot found arm64 builds would crash in sock_recv_mark()\nwhen CONFIG_HARDENED_USERCOPY=y\n\nx86 and powerpc are not detecting the issue because\nthey define user_access_begin.\nThis will be handled in a different patch,\nbecause a check_object_size() is missing.\n\nOnly data from skb-\u003ecb[] can be copied directly to/from user space,\nas explained in commit 79a8a642bf05 (\"net: Whitelist\nthe skbuff_head_cache \"cb\" field\")\n\nsyzbot report was:\nusercopy: Kernel memory exposure attempt detected from SLUB object 'skbuff_head_cache' (offset 168, size 4)!\n------------[ cut here ]------------\nkernel BUG at mm/usercopy.c:102 !\nInternal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\nModules linked in:\nCPU: 0 PID: 4410 Comm: syz-executor533 Not tainted 6.2.0-rc7-syzkaller-17907-g2d3827b3f393 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : usercopy_abort+0x90/0x94 mm/usercopy.c:90\nlr : usercopy_abort+0x90/0x94 mm/usercopy.c:90\nsp : ffff80000fb9b9a0\nx29: ffff80000fb9b9b0 x28: ffff0000c6073400 x27: 0000000020001a00\nx26: 0000000000000014 x25: ffff80000cf52000 x24: fffffc0000000000\nx23: 05ffc00000000200 x22: fffffc000324bf80 x21: ffff0000c92fe1a8\nx20: 0000000000000001 x19: 0000000000000004 x18: 0000000000000000\nx17: 656a626f2042554c x16: ffff0000c6073dd0 x15: ffff80000dbd2118\nx14: ffff0000c6073400 x13: 00000000ffffffff x12: ffff0000c6073400\nx11: ff808000081bbb4c x10: 0000000000000000 x9 : 7b0572d7cc0ccf00\nx8 : 7b0572d7cc0ccf00 x7 : ffff80000bf650d4 x6 : 0000000000000000\nx5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000000\nx2 : ffff0001fefbff08 x1 : 0000000100000000 x0 : 000000000000006c\nCall trace:\nusercopy_abort+0x90/0x94 mm/usercopy.c:90\n__check_heap_object+0xa8/0x100 mm/slub.c:4761\ncheck_heap_object mm/usercopy.c:196 [inline]\n__check_object_size+0x208/0x6b8 mm/usercopy.c:251\ncheck_object_size include/linux/thread_info.h:199 [inline]\n__copy_to_user include/linux/uaccess.h:115 [inline]\nput_cmsg+0x408/0x464 net/core/scm.c:238\nsock_recv_mark net/socket.c:975 [inline]\n__sock_recv_cmsgs+0x1fc/0x248 net/socket.c:984\nsock_recv_cmsgs include/net/sock.h:2728 [inline]\npacket_recvmsg+0x2d8/0x678 net/packet/af_packet.c:3482\n____sys_recvmsg+0x110/0x3a0\n___sys_recvmsg net/socket.c:2737 [inline]\n__sys_recvmsg+0x194/0x210 net/socket.c:2767\n__do_sys_recvmsg net/socket.c:2777 [inline]\n__se_sys_recvmsg net/socket.c:2774 [inline]\n__arm64_sys_recvmsg+0x2c/0x3c net/socket.c:2774\n__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]\ninvoke_syscall+0x64/0x178 arch/arm64/kernel/syscall.c:52\nel0_svc_common+0xbc/0x180 arch/arm64/kernel/syscall.c:142\ndo_el0_svc+0x48/0x110 arch/arm64/kernel/syscall.c:193\nel0_svc+0x58/0x14c arch/arm64/kernel/entry-common.c:637\nel0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655\nel0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591\nCode: 91388800 aa0903e1 f90003e8 94e6d752 (d4210000)", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-52701", "https://git.kernel.org/linus/2558b8039d059342197610498c8749ad294adee5 (6.2)", "https://git.kernel.org/stable/c/2558b8039d059342197610498c8749ad294adee5", "https://git.kernel.org/stable/c/863a7de987f02a901bf215509276a7de0370e0f9", "https://lore.kernel.org/linux-cve-announce/2024052156-CVE-2023-52701-5037@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-52701", "https://www.cve.org/CVERecord?id=CVE-2023-52701" ], "PublishedDate": "2024-05-21T16:15:12.547Z", "LastModifiedDate": "2025-09-25T16:48:56.387Z" }, { "VulnerabilityID": "CVE-2023-52732", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52732", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:687f40fadd5fb29e98f9f634fbd3a2caaf1d47e564de1f48fd06cd7df6e79c2d", "Title": "kernel: ceph: blocklist the kclient when receiving corrupted snap trace", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: blocklist the kclient when receiving corrupted snap trace\n\nWhen received corrupted snap trace we don't know what exactly has\nhappened in MDS side. And we shouldn't continue IOs and metadatas\naccess to MDS, which may corrupt or get incorrect contents.\n\nThis patch will just block all the further IO/MDS requests\nimmediately and then evict the kclient itself.\n\nThe reason why we still need to evict the kclient just after\nblocking all the further IOs is that the MDS could revoke the caps\nfaster.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-52732", "https://git.kernel.org/linus/a68e564adcaa69b0930809fb64d9d5f7d9c32ba9 (6.2-rc7)", "https://git.kernel.org/stable/c/66ec619e4591f8350f99c5269a7ce160cccc7a7c", "https://git.kernel.org/stable/c/a68e564adcaa69b0930809fb64d9d5f7d9c32ba9", "https://lore.kernel.org/linux-cve-announce/2024052159-CVE-2023-52732-c783@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-52732", "https://www.cve.org/CVERecord?id=CVE-2023-52732" ], "PublishedDate": "2024-05-21T16:15:13.303Z", "LastModifiedDate": "2025-09-25T16:47:39.937Z" }, { "VulnerabilityID": "CVE-2023-52737", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52737", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:bc3999a73325390ffc4da583641c1c5c19791710b29d9157c2e8955a5dd6e4fe", "Title": "kernel: btrfs: lock the inode in shared mode before starting fiemap", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: lock the inode in shared mode before starting fiemap\n\nCurrently fiemap does not take the inode's lock (VFS lock), it only locks\na file range in the inode's io tree. This however can lead to a deadlock\nif we have a concurrent fsync on the file and fiemap code triggers a fault\nwhen accessing the user space buffer with fiemap_fill_next_extent(). The\ndeadlock happens on the inode's i_mmap_lock semaphore, which is taken both\nby fsync and btrfs_page_mkwrite(). This deadlock was recently reported by\nsyzbot and triggers a trace like the following:\n\n task:syz-executor361 state:D stack:20264 pid:5668 ppid:5119 flags:0x00004004\n Call Trace:\n \u003cTASK\u003e\n context_switch kernel/sched/core.c:5293 [inline]\n __schedule+0x995/0xe20 kernel/sched/core.c:6606\n schedule+0xcb/0x190 kernel/sched/core.c:6682\n wait_on_state fs/btrfs/extent-io-tree.c:707 [inline]\n wait_extent_bit+0x577/0x6f0 fs/btrfs/extent-io-tree.c:751\n lock_extent+0x1c2/0x280 fs/btrfs/extent-io-tree.c:1742\n find_lock_delalloc_range+0x4e6/0x9c0 fs/btrfs/extent_io.c:488\n writepage_delalloc+0x1ef/0x540 fs/btrfs/extent_io.c:1863\n __extent_writepage+0x736/0x14e0 fs/btrfs/extent_io.c:2174\n extent_write_cache_pages+0x983/0x1220 fs/btrfs/extent_io.c:3091\n extent_writepages+0x219/0x540 fs/btrfs/extent_io.c:3211\n do_writepages+0x3c3/0x680 mm/page-writeback.c:2581\n filemap_fdatawrite_wbc+0x11e/0x170 mm/filemap.c:388\n __filemap_fdatawrite_range mm/filemap.c:421 [inline]\n filemap_fdatawrite_range+0x175/0x200 mm/filemap.c:439\n btrfs_fdatawrite_range fs/btrfs/file.c:3850 [inline]\n start_ordered_ops fs/btrfs/file.c:1737 [inline]\n btrfs_sync_file+0x4ff/0x1190 fs/btrfs/file.c:1839\n generic_write_sync include/linux/fs.h:2885 [inline]\n btrfs_do_write_iter+0xcd3/0x1280 fs/btrfs/file.c:1684\n call_write_iter include/linux/fs.h:2189 [inline]\n new_sync_write fs/read_write.c:491 [inline]\n vfs_write+0x7dc/0xc50 fs/read_write.c:584\n ksys_write+0x177/0x2a0 fs/read_write.c:637\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n RIP: 0033:0x7f7d4054e9b9\n RSP: 002b:00007f7d404fa2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n RAX: ffffffffffffffda RBX: 00007f7d405d87a0 RCX: 00007f7d4054e9b9\n RDX: 0000000000000090 RSI: 0000000020000000 RDI: 0000000000000006\n RBP: 00007f7d405a51d0 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 61635f65646f6e69\n R13: 65646f7475616f6e R14: 7261637369646f6e R15: 00007f7d405d87a8\n \u003c/TASK\u003e\n INFO: task syz-executor361:5697 blocked for more than 145 seconds.\n Not tainted 6.2.0-rc3-syzkaller-00376-g7c6984405241 #0\n \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n task:syz-executor361 state:D stack:21216 pid:5697 ppid:5119 flags:0x00004004\n Call Trace:\n \u003cTASK\u003e\n context_switch kernel/sched/core.c:5293 [inline]\n __schedule+0x995/0xe20 kernel/sched/core.c:6606\n schedule+0xcb/0x190 kernel/sched/core.c:6682\n rwsem_down_read_slowpath+0x5f9/0x930 kernel/locking/rwsem.c:1095\n __down_read_common+0x54/0x2a0 kernel/locking/rwsem.c:1260\n btrfs_page_mkwrite+0x417/0xc80 fs/btrfs/inode.c:8526\n do_page_mkwrite+0x19e/0x5e0 mm/memory.c:2947\n wp_page_shared+0x15e/0x380 mm/memory.c:3295\n handle_pte_fault mm/memory.c:4949 [inline]\n __handle_mm_fault mm/memory.c:5073 [inline]\n handle_mm_fault+0x1b79/0x26b0 mm/memory.c:5219\n do_user_addr_fault+0x69b/0xcb0 arch/x86/mm/fault.c:1428\n handle_page_fault arch/x86/mm/fault.c:1519 [inline]\n exc_page_fault+0x7a/0x110 arch/x86/mm/fault.c:1575\n asm_exc_page_fault+0x22/0x30 arch/x86/include/asm/idtentry.h:570\n RIP: 0010:copy_user_short_string+0xd/0x40 arch/x86/lib/copy_user_64.S:233\n Code: 74 0a 89 (...)\n RSP: 0018:ffffc9000570f330 EFLAGS: 000502\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-52737", "https://git.kernel.org/linus/519b7e13b5ae8dd38da1e52275705343be6bb508 (6.2-rc8)", "https://git.kernel.org/stable/c/519b7e13b5ae8dd38da1e52275705343be6bb508", "https://git.kernel.org/stable/c/d8c594da79bc0244e610a70594e824a401802be1", "https://lore.kernel.org/linux-cve-announce/2024052101-CVE-2023-52737-e10e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-52737", "https://www.cve.org/CVERecord?id=CVE-2023-52737" ], "PublishedDate": "2024-05-21T16:15:13.667Z", "LastModifiedDate": "2025-01-10T18:15:07.667Z" }, { "VulnerabilityID": "CVE-2023-52751", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52751", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:48ba07a7c17f92f8694bb11381bf68b7e77d3463ef335e422c412c31b042aad9", "Title": "kernel: smb: client: fix use-after-free in smb2_query_info_compound()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix use-after-free in smb2_query_info_compound()\n\nThe following UAF was triggered when running fstests generic/072 with\nKASAN enabled against Windows Server 2022 and mount options\n'multichannel,max_channels=2,vers=3.1.1,mfsymlinks,noperm'\n\n BUG: KASAN: slab-use-after-free in smb2_query_info_compound+0x423/0x6d0 [cifs]\n Read of size 8 at addr ffff888014941048 by task xfs_io/27534\n\n CPU: 0 PID: 27534 Comm: xfs_io Not tainted 6.6.0-rc7 #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS\n rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014\n Call Trace:\n dump_stack_lvl+0x4a/0x80\n print_report+0xcf/0x650\n ? srso_alias_return_thunk+0x5/0x7f\n ? srso_alias_return_thunk+0x5/0x7f\n ? __phys_addr+0x46/0x90\n kasan_report+0xda/0x110\n ? smb2_query_info_compound+0x423/0x6d0 [cifs]\n ? smb2_query_info_compound+0x423/0x6d0 [cifs]\n smb2_query_info_compound+0x423/0x6d0 [cifs]\n ? __pfx_smb2_query_info_compound+0x10/0x10 [cifs]\n ? srso_alias_return_thunk+0x5/0x7f\n ? __stack_depot_save+0x39/0x480\n ? kasan_save_stack+0x33/0x60\n ? kasan_set_track+0x25/0x30\n ? ____kasan_slab_free+0x126/0x170\n smb2_queryfs+0xc2/0x2c0 [cifs]\n ? __pfx_smb2_queryfs+0x10/0x10 [cifs]\n ? __pfx___lock_acquire+0x10/0x10\n smb311_queryfs+0x210/0x220 [cifs]\n ? __pfx_smb311_queryfs+0x10/0x10 [cifs]\n ? srso_alias_return_thunk+0x5/0x7f\n ? __lock_acquire+0x480/0x26c0\n ? lock_release+0x1ed/0x640\n ? srso_alias_return_thunk+0x5/0x7f\n ? do_raw_spin_unlock+0x9b/0x100\n cifs_statfs+0x18c/0x4b0 [cifs]\n statfs_by_dentry+0x9b/0xf0\n fd_statfs+0x4e/0xb0\n __do_sys_fstatfs+0x7f/0xe0\n ? __pfx___do_sys_fstatfs+0x10/0x10\n ? srso_alias_return_thunk+0x5/0x7f\n ? lockdep_hardirqs_on_prepare+0x136/0x200\n ? srso_alias_return_thunk+0x5/0x7f\n do_syscall_64+0x3f/0x90\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\n Allocated by task 27534:\n kasan_save_stack+0x33/0x60\n kasan_set_track+0x25/0x30\n __kasan_kmalloc+0x8f/0xa0\n open_cached_dir+0x71b/0x1240 [cifs]\n smb2_query_info_compound+0x5c3/0x6d0 [cifs]\n smb2_queryfs+0xc2/0x2c0 [cifs]\n smb311_queryfs+0x210/0x220 [cifs]\n cifs_statfs+0x18c/0x4b0 [cifs]\n statfs_by_dentry+0x9b/0xf0\n fd_statfs+0x4e/0xb0\n __do_sys_fstatfs+0x7f/0xe0\n do_syscall_64+0x3f/0x90\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\n Freed by task 27534:\n kasan_save_stack+0x33/0x60\n kasan_set_track+0x25/0x30\n kasan_save_free_info+0x2b/0x50\n ____kasan_slab_free+0x126/0x170\n slab_free_freelist_hook+0xd0/0x1e0\n __kmem_cache_free+0x9d/0x1b0\n open_cached_dir+0xff5/0x1240 [cifs]\n smb2_query_info_compound+0x5c3/0x6d0 [cifs]\n smb2_queryfs+0xc2/0x2c0 [cifs]\n\nThis is a race between open_cached_dir() and cached_dir_lease_break()\nwhere the cache entry for the open directory handle receives a lease\nbreak while creating it. And before returning from open_cached_dir(),\nwe put the last reference of the new @cfid because of\n!@cfid-\u003ehas_lease.\n\nBesides the UAF, while running xfstests a lot of missed lease breaks\nhave been noticed in tests that run several concurrent statfs(2) calls\non those cached fids\n\n CIFS: VFS: \\\\w22-root1.gandalf.test No task to wake, unknown frame...\n CIFS: VFS: \\\\w22-root1.gandalf.test Cmd: 18 Err: 0x0 Flags: 0x1...\n CIFS: VFS: \\\\w22-root1.gandalf.test smb buf 00000000715bfe83 len 108\n CIFS: VFS: Dump pending requests:\n CIFS: VFS: \\\\w22-root1.gandalf.test No task to wake, unknown frame...\n CIFS: VFS: \\\\w22-root1.gandalf.test Cmd: 18 Err: 0x0 Flags: 0x1...\n CIFS: VFS: \\\\w22-root1.gandalf.test smb buf 000000005aa7316e len 108\n ...\n\nTo fix both, in open_cached_dir() ensure that @cfid-\u003ehas_lease is set\nright before sending out compounded request so that any potential\nlease break will be get processed by demultiplex thread while we're\nstill caching @cfid. And, if open failed for some reason, re-check\n@cfid-\u003ehas_lease to decide whether or not put lease reference.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "nvd": 3, "oracle-oval": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-52751", "https://git.kernel.org/linus/5c86919455c1edec99ebd3338ad213b59271a71b (6.7-rc1)", "https://git.kernel.org/stable/c/5c86919455c1edec99ebd3338ad213b59271a71b", "https://git.kernel.org/stable/c/6db94d08359c43f2c8fe372811cdee04564a41b9", "https://git.kernel.org/stable/c/93877b9afc2994c89362007aac480a7b150f386f", "https://linux.oracle.com/cve/CVE-2023-52751.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/2024052144-CVE-2023-52751-69df@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-52751", "https://ubuntu.com/security/notices/USN-7123-1", "https://ubuntu.com/security/notices/USN-7194-1", "https://www.cve.org/CVERecord?id=CVE-2023-52751" ], "PublishedDate": "2024-05-21T16:15:14.763Z", "LastModifiedDate": "2025-01-06T20:27:16.983Z" }, { "VulnerabilityID": "CVE-2023-52761", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52761", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d8ce766bb36076d17c64c05b44f980c9ae2d287bc57a212272f4950520193f1a", "Title": "kernel: riscv: VMAP_STACK overflow detection thread-safe", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: VMAP_STACK overflow detection thread-safe\n\ncommit 31da94c25aea (\"riscv: add VMAP_STACK overflow detection\") added\nsupport for CONFIG_VMAP_STACK. If overflow is detected, CPU switches to\n`shadow_stack` temporarily before switching finally to per-cpu\n`overflow_stack`.\n\nIf two CPUs/harts are racing and end up in over flowing kernel stack, one\nor both will end up corrupting each other state because `shadow_stack` is\nnot per-cpu. This patch optimizes per-cpu overflow stack switch by\ndirectly picking per-cpu `overflow_stack` and gets rid of `shadow_stack`.\n\nFollowing are the changes in this patch\n\n - Defines an asm macro to obtain per-cpu symbols in destination\n register.\n - In entry.S, when overflow is detected, per-cpu overflow stack is\n located using per-cpu asm macro. Computing per-cpu symbol requires\n a temporary register. x31 is saved away into CSR_SCRATCH\n (CSR_SCRATCH is anyways zero since we're in kernel).\n\nPlease see Links for additional relevant disccussion and alternative\nsolution.\n\nTested by `echo EXHAUST_STACK \u003e /sys/kernel/debug/provoke-crash/DIRECT`\nKernel crash log below\n\n Insufficient stack space to handle exception!/debug/provoke-crash/DIRECT\n Task stack: [0xff20000010a98000..0xff20000010a9c000]\n Overflow stack: [0xff600001f7d98370..0xff600001f7d99370]\n CPU: 1 PID: 205 Comm: bash Not tainted 6.1.0-rc2-00001-g328a1f96f7b9 #34\n Hardware name: riscv-virtio,qemu (DT)\n epc : __memset+0x60/0xfc\n ra : recursive_loop+0x48/0xc6 [lkdtm]\n epc : ffffffff808de0e4 ra : ffffffff0163a752 sp : ff20000010a97e80\n gp : ffffffff815c0330 tp : ff600000820ea280 t0 : ff20000010a97e88\n t1 : 000000000000002e t2 : 3233206874706564 s0 : ff20000010a982b0\n s1 : 0000000000000012 a0 : ff20000010a97e88 a1 : 0000000000000000\n a2 : 0000000000000400 a3 : ff20000010a98288 a4 : 0000000000000000\n a5 : 0000000000000000 a6 : fffffffffffe43f0 a7 : 00007fffffffffff\n s2 : ff20000010a97e88 s3 : ffffffff01644680 s4 : ff20000010a9be90\n s5 : ff600000842ba6c0 s6 : 00aaaaaac29e42b0 s7 : 00fffffff0aa3684\n s8 : 00aaaaaac2978040 s9 : 0000000000000065 s10: 00ffffff8a7cad10\n s11: 00ffffff8a76a4e0 t3 : ffffffff815dbaf4 t4 : ffffffff815dbaf4\n t5 : ffffffff815dbab8 t6 : ff20000010a9bb48\n status: 0000000200000120 badaddr: ff20000010a97e88 cause: 000000000000000f\n Kernel panic - not syncing: Kernel stack overflow\n CPU: 1 PID: 205 Comm: bash Not tainted 6.1.0-rc2-00001-g328a1f96f7b9 #34\n Hardware name: riscv-virtio,qemu (DT)\n Call Trace:\n [\u003cffffffff80006754\u003e] dump_backtrace+0x30/0x38\n [\u003cffffffff808de798\u003e] show_stack+0x40/0x4c\n [\u003cffffffff808ea2a8\u003e] dump_stack_lvl+0x44/0x5c\n [\u003cffffffff808ea2d8\u003e] dump_stack+0x18/0x20\n [\u003cffffffff808dec06\u003e] panic+0x126/0x2fe\n [\u003cffffffff800065ea\u003e] walk_stackframe+0x0/0xf0\n [\u003cffffffff0163a752\u003e] recursive_loop+0x48/0xc6 [lkdtm]\n SMP: stopping secondary CPUs\n ---[ end Kernel panic - not syncing: Kernel stack overflow ]---", "Severity": "MEDIUM", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-52761", "https://git.kernel.org/linus/be97d0db5f44c0674480cb79ac6f5b0529b84c76 (6.7-rc1)", "https://git.kernel.org/stable/c/1493baaf09e3c1899959c8a107cd1207e16d1788", "https://git.kernel.org/stable/c/be97d0db5f44c0674480cb79ac6f5b0529b84c76", "https://git.kernel.org/stable/c/eff53aea3855f71992c043cebb1c00988c17ee20", "https://lore.kernel.org/linux-cve-announce/2024052147-CVE-2023-52761-5ddf@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-52761", "https://www.cve.org/CVERecord?id=CVE-2023-52761" ], "PublishedDate": "2024-05-21T16:15:15.487Z", "LastModifiedDate": "2025-09-23T19:28:31.913Z" }, { "VulnerabilityID": "CVE-2023-52829", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52829", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ac3d132adde41946a3b74f79102f2e3973dc9ca243ba34f3f0e4515a04453e8d", "Title": "kernel: wifi: ath12k: fix possible out-of-bound write in ath12k_wmi_ext_hal_reg_caps()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix possible out-of-bound write in ath12k_wmi_ext_hal_reg_caps()\n\nreg_cap.phy_id is extracted from WMI event and could be an unexpected value\nin case some errors happen. As a result out-of-bound write may occur to\nsoc-\u003ehal_reg_cap. Fix it by validating reg_cap.phy_id before using it.\n\nThis is found during code review.\n\nCompile tested only.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-52829", "https://git.kernel.org/linus/b302dce3d9edea5b93d1902a541684a967f3c63c (6.7-rc1)", "https://git.kernel.org/stable/c/4dd0547e8b45faf6f95373be5436b66cde326c0e", "https://git.kernel.org/stable/c/b302dce3d9edea5b93d1902a541684a967f3c63c", "https://git.kernel.org/stable/c/dfe13eaab043130f90dd3d57c7d88577c04adc97", "https://lore.kernel.org/linux-cve-announce/2024052108-CVE-2023-52829-3283@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-52829", "https://www.cve.org/CVERecord?id=CVE-2023-52829" ], "PublishedDate": "2024-05-21T16:15:20.6Z", "LastModifiedDate": "2025-04-02T14:59:54.617Z" }, { "VulnerabilityID": "CVE-2023-52831", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52831", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6ec24bb40ff60ecc894e4c8c1df13126760c18aa8c3ff2556bdc73c690680a9b", "Title": "kernel: cpu/hotplug: Don't offline the last non-isolated CPU", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpu/hotplug: Don't offline the last non-isolated CPU\n\nIf a system has isolated CPUs via the \"isolcpus=\" command line parameter,\nthen an attempt to offline the last housekeeping CPU will result in a\nWARN_ON() when rebuilding the scheduler domains and a subsequent panic due\nto and unhandled empty CPU mas in partition_sched_domains_locked().\n\ncpuset_hotplug_workfn()\n rebuild_sched_domains_locked()\n ndoms = generate_sched_domains(\u0026doms, \u0026attr);\n cpumask_and(doms[0], top_cpuset.effective_cpus, housekeeping_cpumask(HK_FLAG_DOMAIN));\n\nThus results in an empty CPU mask which triggers the warning and then the\nsubsequent crash:\n\nWARNING: CPU: 4 PID: 80 at kernel/sched/topology.c:2366 build_sched_domains+0x120c/0x1408\nCall trace:\n build_sched_domains+0x120c/0x1408\n partition_sched_domains_locked+0x234/0x880\n rebuild_sched_domains_locked+0x37c/0x798\n rebuild_sched_domains+0x30/0x58\n cpuset_hotplug_workfn+0x2a8/0x930\n\nUnable to handle kernel paging request at virtual address fffe80027ab37080\n partition_sched_domains_locked+0x318/0x880\n rebuild_sched_domains_locked+0x37c/0x798\n\nAside of the resulting crash, it does not make any sense to offline the last\nlast housekeeping CPU.\n\nPrevent this by masking out the non-housekeeping CPUs when selecting a\ntarget CPU for initiating the CPU unplug operation via the work queue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-617" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-52831", "https://git.kernel.org/linus/38685e2a0476127db766f81b1c06019ddc4c9ffa (6.7-rc1)", "https://git.kernel.org/stable/c/3073f6df783d9d75f7f69f73e16c7ef85d6cfb63", "https://git.kernel.org/stable/c/335a47ed71e332c82339d1aec0c7f6caccfcda13", "https://git.kernel.org/stable/c/3410b702354702b500bde10e3cc1f9db8731d908", "https://git.kernel.org/stable/c/38685e2a0476127db766f81b1c06019ddc4c9ffa", "https://linux.oracle.com/cve/CVE-2023-52831.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/2024052108-CVE-2023-52831-ce31@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-52831", "https://www.cve.org/CVERecord?id=CVE-2023-52831" ], "PublishedDate": "2024-05-21T16:15:20.743Z", "LastModifiedDate": "2025-09-23T22:46:04.313Z" }, { "VulnerabilityID": "CVE-2023-52837", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52837", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e1c0e86acf2114bec688322f523337d50c6a9ad544570d64d074844c52b36e17", "Title": "kernel: nbd: fix uaf in nbd_open", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: fix uaf in nbd_open\n\nCommit 4af5f2e03013 (\"nbd: use blk_mq_alloc_disk and\nblk_cleanup_disk\") cleans up disk by blk_cleanup_disk() and it won't set\ndisk-\u003eprivate_data as NULL as before. UAF may be triggered in nbd_open()\nif someone tries to open nbd device right after nbd_put() since nbd has\nbeen free in nbd_dev_remove().\n\nFix this by implementing -\u003efree_disk and free private data in it.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-52837", "https://git.kernel.org/linus/327462725b0f759f093788dfbcb2f1fd132f956b (6.7-rc1)", "https://git.kernel.org/stable/c/327462725b0f759f093788dfbcb2f1fd132f956b", "https://git.kernel.org/stable/c/4e9b3ec84dc97909876641dad14e0a2300d6c2a3", "https://git.kernel.org/stable/c/56bd7901b5e9dbc9112036ea615ebcba1565fafe", "https://git.kernel.org/stable/c/879947f4180bc6e83af64eb0515e0cf57fce15db", "https://linux.oracle.com/cve/CVE-2023-52837.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/2024052110-CVE-2023-52837-6490@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-52837", "https://www.cve.org/CVERecord?id=CVE-2023-52837" ], "PublishedDate": "2024-05-21T16:15:21.17Z", "LastModifiedDate": "2025-01-15T18:14:41.857Z" }, { "VulnerabilityID": "CVE-2023-52857", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52857", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7a0b2d89e0b532112861b40e409c829f8270834a528af89ee0fe5cd282c05b7c", "Title": "kernel: drm/mediatek: Fix coverity issue with unintentional integer overflow", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: Fix coverity issue with unintentional integer overflow\n\n1. Instead of multiplying 2 variable of different types. Change to\nassign a value of one variable and then multiply the other variable.\n\n2. Add a int variable for multiplier calculation instead of calculating\ndifferent types multiplier with dma_addr_t variable directly.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-52857", "https://git.kernel.org/linus/b0b0d811eac6b4c52cb9ad632fa6384cf48869e7 (6.7-rc1)", "https://git.kernel.org/stable/c/0d8a1df39d3fc34560e2cc663b5c340d06a25396", "https://git.kernel.org/stable/c/96312a251d4dcee5d36e32edba3002bfde0ddd9c", "https://git.kernel.org/stable/c/a12bd675100531f9fb4508fd4430dd1632325a0e", "https://git.kernel.org/stable/c/b0b0d811eac6b4c52cb9ad632fa6384cf48869e7", "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html", "https://lore.kernel.org/linux-cve-announce/2024052116-CVE-2023-52857-e288@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-52857", "https://www.cve.org/CVERecord?id=CVE-2023-52857" ], "PublishedDate": "2024-05-21T16:15:22.803Z", "LastModifiedDate": "2025-11-03T20:16:05.767Z" }, { "VulnerabilityID": "CVE-2023-52879", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52879", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c02a655fa8cdebb0e248c2c1bd75d6689c8879d5c55bd182a7eedf87ea72a7ae", "Title": "kernel: tracing: Have trace_event_file have ref counters", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Have trace_event_file have ref counters\n\nThe following can crash the kernel:\n\n # cd /sys/kernel/tracing\n # echo 'p:sched schedule' \u003e kprobe_events\n # exec 5\u003e\u003eevents/kprobes/sched/enable\n # \u003e kprobe_events\n # exec 5\u003e\u0026-\n\nThe above commands:\n\n 1. Change directory to the tracefs directory\n 2. Create a kprobe event (doesn't matter what one)\n 3. Open bash file descriptor 5 on the enable file of the kprobe event\n 4. Delete the kprobe event (removes the files too)\n 5. Close the bash file descriptor 5\n\nThe above causes a crash!\n\n BUG: kernel NULL pointer dereference, address: 0000000000000028\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP PTI\n CPU: 6 PID: 877 Comm: bash Not tainted 6.5.0-rc4-test-00008-g2c6b6b1029d4-dirty #186\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\n RIP: 0010:tracing_release_file_tr+0xc/0x50\n\nWhat happens here is that the kprobe event creates a trace_event_file\n\"file\" descriptor that represents the file in tracefs to the event. It\nmaintains state of the event (is it enabled for the given instance?).\nOpening the \"enable\" file gets a reference to the event \"file\" descriptor\nvia the open file descriptor. When the kprobe event is deleted, the file is\nalso deleted from the tracefs system which also frees the event \"file\"\ndescriptor.\n\nBut as the tracefs file is still opened by user space, it will not be\ntotally removed until the final dput() is called on it. But this is not\ntrue with the event \"file\" descriptor that is already freed. If the user\ndoes a write to or simply closes the file descriptor it will reference the\nevent \"file\" descriptor that was just freed, causing a use-after-free bug.\n\nTo solve this, add a ref count to the event \"file\" descriptor as well as a\nnew flag called \"FREED\". The \"file\" will not be freed until the last\nreference is released. But the FREE flag will be set when the event is\nremoved to prevent any more modifications to that event from happening,\neven if there's still a reference to the event \"file\" descriptor.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-52879", "https://git.kernel.org/linus/bb32500fb9b78215e4ef6ee8b4345c5f5d7eafb4 (6.7-rc1)", "https://git.kernel.org/stable/c/2c9de867ca285c397cd71af703763fe416265706", "https://git.kernel.org/stable/c/2fa74d29fc1899c237d51bf9a6e132ea5c488976", "https://git.kernel.org/stable/c/9034c87d61be8cff989017740a91701ac8195a1d", "https://git.kernel.org/stable/c/961c4511c7578d6b8f39118be919016ec3db1c1e", "https://git.kernel.org/stable/c/a98172e36e5f1b3d29ad71fade2d611cfcc2fe6f", "https://git.kernel.org/stable/c/bb32500fb9b78215e4ef6ee8b4345c5f5d7eafb4", "https://git.kernel.org/stable/c/cbc7c29dff0fa18162f2a3889d82eeefd67305e0", "https://lore.kernel.org/linux-cve-announce/2024052122-CVE-2023-52879-fa4d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-52879", "https://www.cve.org/CVERecord?id=CVE-2023-52879" ], "PublishedDate": "2024-05-21T16:15:24.53Z", "LastModifiedDate": "2025-02-03T15:46:08.837Z" }, { "VulnerabilityID": "CVE-2023-52888", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52888", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:668fbe046d41f3afe7490a42c189000d168de8d87d8b6d1c5c1665b850ddc927", "Title": "kernel: media: mediatek: vcodec: Only free buffer VA that is not NULL", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Only free buffer VA that is not NULL\n\nIn the MediaTek vcodec driver, while mtk_vcodec_mem_free() is mostly\ncalled only when the buffer to free exists, there are some instances\nthat didn't do the check and triggered warnings in practice.\n\nWe believe those checks were forgotten unintentionally. Add the checks\nback to fix the warnings.", "Severity": "MEDIUM", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-52888", "https://git.kernel.org/linus/eb005c801ec70ff4307727bd3bd6e8280169ef32 (6.10-rc1)", "https://git.kernel.org/stable/c/303d01082edaf817ee2df53a40dca9da637a2c04", "https://git.kernel.org/stable/c/5c217253c76c94f76d1df31d0bbdcb88dc07be91", "https://git.kernel.org/stable/c/eb005c801ec70ff4307727bd3bd6e8280169ef32", "https://lore.kernel.org/linux-cve-announce/2024073015-CVE-2023-52888-51c6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-52888", "https://ubuntu.com/security/notices/USN-7089-1", "https://ubuntu.com/security/notices/USN-7089-2", "https://ubuntu.com/security/notices/USN-7089-3", "https://ubuntu.com/security/notices/USN-7089-4", "https://ubuntu.com/security/notices/USN-7089-5", "https://ubuntu.com/security/notices/USN-7089-6", "https://ubuntu.com/security/notices/USN-7089-7", "https://ubuntu.com/security/notices/USN-7090-1", "https://ubuntu.com/security/notices/USN-7095-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://www.cve.org/CVERecord?id=CVE-2023-52888" ], "PublishedDate": "2024-07-30T08:15:02.293Z", "LastModifiedDate": "2025-10-07T16:04:13.36Z" }, { "VulnerabilityID": "CVE-2023-52905", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52905", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c4403bd66e9d0ab45007917d8a9d8f7dc236ec46f79d17343241961f29bd34c8", "Title": "kernel: octeontx2-pf: Fix resource leakage in VF driver unbind", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: Fix resource leakage in VF driver unbind\n\nresources allocated like mcam entries to support the Ntuple feature\nand hash tables for the tc feature are not getting freed in driver\nunbind. This patch fixes the issue.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-52905", "https://git.kernel.org/linus/53da7aec32982f5ee775b69dce06d63992ce4af3 (6.2-rc4)", "https://git.kernel.org/stable/c/53da7aec32982f5ee775b69dce06d63992ce4af3", "https://git.kernel.org/stable/c/c8ca0ad10df08ea36bcac1288062d567d22604c9", "https://lore.kernel.org/linux-cve-announce/2024082113-CVE-2023-52905-53fd@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-52905", "https://www.cve.org/CVERecord?id=CVE-2023-52905" ], "PublishedDate": "2024-08-21T07:15:06.597Z", "LastModifiedDate": "2024-09-13T13:27:29.043Z" }, { "VulnerabilityID": "CVE-2023-52916", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52916", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:46ba556fe4f41f4bdd56db762942e3dca90c451ef305d1872a1436cee125ff0f", "Title": "kernel: media: aspeed: Fix memory overwrite if timing is 1600x900", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: aspeed: Fix memory overwrite if timing is 1600x900\n\nWhen capturing 1600x900, system could crash when system memory usage is\ntight.\n\nThe way to reproduce this issue:\n1. Use 1600x900 to display on host\n2. Mount ISO through 'Virtual media' on OpenBMC's web\n3. Run script as below on host to do sha continuously\n #!/bin/bash\n while [ [1] ];\n do\n\tfind /media -type f -printf '\"%h/%f\"\\n' | xargs sha256sum\n done\n4. Open KVM on OpenBMC's web\n\nThe size of macro block captured is 8x8. Therefore, we should make sure\nthe height of src-buf is 8 aligned to fix this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-52916", "https://git.kernel.org/linus/c281355068bc258fd619c5aefd978595bede7bfe (6.6-rc1)", "https://git.kernel.org/stable/c/4c823e4027dd1d6e88c31028dec13dd19bc7b02d", "https://git.kernel.org/stable/c/c281355068bc258fd619c5aefd978595bede7bfe", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024090655-CVE-2023-52916-edc0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-52916", "https://www.cve.org/CVERecord?id=CVE-2023-52916" ], "PublishedDate": "2024-09-06T09:15:03.327Z", "LastModifiedDate": "2025-11-03T21:16:03.377Z" }, { "VulnerabilityID": "CVE-2023-52920", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52920", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:dc48b30ead21bcd7fbb87a6532a2e124def60c7854a317e8549b9628099dd6d3", "Title": "kernel: bpf: support non-r10 register spill/fill to/from stack in precision tracking", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: support non-r10 register spill/fill to/from stack in precision tracking\n\nUse instruction (jump) history to record instructions that performed\nregister spill/fill to/from stack, regardless if this was done through\nread-only r10 register, or any other register after copying r10 into it\n*and* potentially adjusting offset.\n\nTo make this work reliably, we push extra per-instruction flags into\ninstruction history, encoding stack slot index (spi) and stack frame\nnumber in extra 10 bit flags we take away from prev_idx in instruction\nhistory. We don't touch idx field for maximum performance, as it's\nchecked most frequently during backtracking.\n\nThis change removes basically the last remaining practical limitation of\nprecision backtracking logic in BPF verifier. It fixes known\ndeficiencies, but also opens up new opportunities to reduce number of\nverified states, explored in the subsequent patches.\n\nThere are only three differences in selftests' BPF object files\naccording to veristat, all in the positive direction (less states).\n\nFile Program Insns (A) Insns (B) Insns (DIFF) States (A) States (B) States (DIFF)\n-------------------------------------- ------------- --------- --------- ------------- ---------- ---------- -------------\ntest_cls_redirect_dynptr.bpf.linked3.o cls_redirect 2987 2864 -123 (-4.12%) 240 231 -9 (-3.75%)\nxdp_synproxy_kern.bpf.linked3.o syncookie_tc 82848 82661 -187 (-0.23%) 5107 5073 -34 (-0.67%)\nxdp_synproxy_kern.bpf.linked3.o syncookie_xdp 85116 84964 -152 (-0.18%) 5162 5130 -32 (-0.62%)\n\nNote, I avoided renaming jmp_history to more generic insn_hist to\nminimize number of lines changed and potential merge conflicts between\nbpf and bpf-next trees.\n\nNotice also cur_hist_entry pointer reset to NULL at the beginning of\ninstruction verification loop. This pointer avoids the problem of\nrelying on last jump history entry's insn_idx to determine whether we\nalready have entry for current instruction or not. It can happen that we\nadded jump history entry because current instruction is_jmp_point(), but\nalso we need to add instruction flags for stack access. In this case, we\ndon't want to entries, so we need to reuse last added entry, if it is\npresent.\n\nRelying on insn_idx comparison has the same ambiguity problem as the one\nthat was fixed recently in [0], so we avoid that.\n\n [0] https://patchwork.kernel.org/project/netdevbpf/patch/20231110002638.4168352-3-andrii@kernel.org/", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-52920", "https://git.kernel.org/linus/41f6f64e6999a837048b1bd13a2f8742964eca6b (6.8-rc1)", "https://git.kernel.org/stable/c/199f0452873741fa4b8d4d88958e929030b2f92b", "https://git.kernel.org/stable/c/41f6f64e6999a837048b1bd13a2f8742964eca6b", "https://git.kernel.org/stable/c/ecc2aeeaa08a355d84d3ca9c3d2512399a194f29", "https://lore.kernel.org/linux-cve-announce/2024110518-CVE-2023-52920-17f6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-52920", "https://www.cve.org/CVERecord?id=CVE-2023-52920" ], "PublishedDate": "2024-11-05T10:15:24.58Z", "LastModifiedDate": "2025-01-09T16:15:35.587Z" }, { "VulnerabilityID": "CVE-2023-52921", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52921", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:bd47a3958fe9c3fc480e69ce6e2a36ef87e9a04be3d158a027a7899144a52fa6", "Title": "kernel: drm/amdgpu: fix possible UAF in amdgpu_cs_pass1()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix possible UAF in amdgpu_cs_pass1()\n\nSince the gang_size check is outside of chunk parsing\nloop, we need to reset i before we free the chunk data.\n\nSuggested by Ye Zhang (@VAR10CK) of Baidu Security.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-52921", "https://git.kernel.org/linus/90e065677e0362a777b9db97ea21d43a39211399 (6.5-rc6)", "https://git.kernel.org/stable/c/90e065677e0362a777b9db97ea21d43a39211399", "https://git.kernel.org/stable/c/9a2393af1f35d1975204fc00035c64a1c792b278", "https://git.kernel.org/stable/c/e08e9dd09809b16f8f8cee8c466841b33d24ed96", "https://lore.kernel.org/linux-cve-announce/2024111958-CVE-2023-52921-78df@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-52921", "https://www.cve.org/CVERecord?id=CVE-2023-52921" ], "PublishedDate": "2024-11-19T02:15:09.31Z", "LastModifiedDate": "2025-06-19T13:15:30.64Z" }, { "VulnerabilityID": "CVE-2023-52926", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52926", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:fb39002ae0aa339266f8d58fe2bf695e95da342cd39ce5b8cb8041a28524355c", "Title": "kernel: io_uring/rw: split io_read() into a helper", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nIORING_OP_READ did not correctly consume the provided buffer list when\nread i/o returned \u003c 0 (except for -EAGAIN and -EIOCBQUEUED return).\nThis can lead to a potential use-after-free when the completion via\nio_rw_done runs at separate context.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "photon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-52926", "https://git.kernel.org/linus/a08d195b586a217d76b42062f88f375a3eedda4d (6.7-rc1)", "https://git.kernel.org/stable/c/6c27fc6a783c8a77c756dd5461b15e465020d075", "https://git.kernel.org/stable/c/72060434a14caea20925e492310d6e680e3f9007", "https://git.kernel.org/stable/c/a08d195b586a217d76b42062f88f375a3eedda4d", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2025022416-CVE-2023-52926-7cb1@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-52926", "https://www.cve.org/CVERecord?id=CVE-2023-52926" ], "PublishedDate": "2025-02-24T09:15:09.373Z", "LastModifiedDate": "2025-11-03T21:16:03.5Z" }, { "VulnerabilityID": "CVE-2023-52939", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52939", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ee5c5da3d6c35a0002cdb7b9377d71d63f07919c00c2477bd1e99cfc503c6224", "Title": "kernel: mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath()\n\nAs commit 18365225f044 (\"hwpoison, memcg: forcibly uncharge LRU pages\"),\nhwpoison will forcibly uncharg a LRU hwpoisoned page, the folio_memcg\ncould be NULl, then, mem_cgroup_track_foreign_dirty_slowpath() could\noccurs a NULL pointer dereference, let's do not record the foreign\nwritebacks for folio memcg is null in mem_cgroup_track_foreign_dirty() to\nfix it.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-52939", "https://git.kernel.org/linus/ac86f547ca1002aec2ef66b9e64d03f45bbbfbb9 (6.2-rc7)", "https://git.kernel.org/stable/c/ac86f547ca1002aec2ef66b9e64d03f45bbbfbb9", "https://git.kernel.org/stable/c/b79ba5953f6fdc5559389ad415620bffc24f024b", "https://lore.kernel.org/linux-cve-announce/2025032722-CVE-2023-52939-8bb1@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-52939", "https://www.cve.org/CVERecord?id=CVE-2023-52939" ], "PublishedDate": "2025-03-27T17:15:43.803Z", "LastModifiedDate": "2025-10-01T18:15:33.91Z" }, { "VulnerabilityID": "CVE-2023-52981", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52981", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:336a5355681c808c15de5c771b0d52e1e16d4a6fba85425476e5bbdcd3a84d51", "Title": "kernel: drm/i915: Fix request ref counting during error capture \u0026 debugfs dump", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915: Fix request ref counting during error capture \u0026 debugfs dump\n\nWhen GuC support was added to error capture, the reference counting\naround the request object was broken. Fix it up.\n\nThe context based search manages the spinlocking around the search\ninternally. So it needs to grab the reference count internally as\nwell. The execlist only request based search relies on external\nlocking, so it needs an external reference count but within the\nspinlock not outside it.\n\nThe only other caller of the context based search is the code for\ndumping engine state to debugfs. That code wasn't previously getting\nan explicit reference at all as it does everything while holding the\nexeclist specific spinlock. So, that needs updaing as well as that\nspinlock doesn't help when using GuC submission. Rather than trying to\nconditionally get/put depending on submission model, just change it to\nalways do the get/put.\n\nv2: Explicitly document adding an extra blank line in some dense code\n(Andy Shevchenko). Fix multiple potential null pointer derefs in case\nof no request found (some spotted by Tvrtko, but there was more!).\nAlso fix a leaked request in case of !started and another in\n__guc_reset_context now that intel_context_find_active_request is\nactually reference counting the returned request.\nv3: Add a _get suffix to intel_context_find_active_request now that it\ngrabs a reference (Daniele).\nv4: Split the intel_guc_find_hung_context change to a separate patch\nand rename intel_context_find_active_request_get to\nintel_context_get_active_request (Tvrtko).\nv5: s/locking/reference counting/ in commit message (Tvrtko)\n\n(cherry picked from commit 3700e353781e27f1bc7222f51f2cc36cbeb9b4ec)", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-52981", "https://git.kernel.org/linus/86d8ddc74124c3fdfc139f246ba6da15e45e86e3 (6.2-rc7)", "https://git.kernel.org/stable/c/86d8ddc74124c3fdfc139f246ba6da15e45e86e3", "https://git.kernel.org/stable/c/9467397f417dd7b5d0db91452f0474e79716a527", "https://lore.kernel.org/linux-cve-announce/2025032706-CVE-2023-52981-070c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-52981", "https://www.cve.org/CVERecord?id=CVE-2023-52981" ], "PublishedDate": "2025-03-27T17:15:45.313Z", "LastModifiedDate": "2025-10-28T18:22:48.96Z" }, { "VulnerabilityID": "CVE-2023-53002", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53002", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:60efe3ff42259359a98feca2bbbebde0e9c86bc0352cd841a36f32d3a21fd7df", "Title": "kernel: drm/i915: Fix a memory leak with reused mmap_offset", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915: Fix a memory leak with reused mmap_offset\n\ndrm_vma_node_allow() and drm_vma_node_revoke() should be called in\nbalanced pairs. We call drm_vma_node_allow() once per-file everytime a\nuser calls mmap_offset, but only call drm_vma_node_revoke once per-file\non each mmap_offset. As the mmap_offset is reused by the client, the\nper-file vm_count may remain non-zero and the rbtree leaked.\n\nCall drm_vma_node_allow_once() instead to prevent that memory leak.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53002", "https://git.kernel.org/linus/0220e4fe178c3390eb0291cdb34912d66972db8a (6.2-rc6)", "https://git.kernel.org/stable/c/0220e4fe178c3390eb0291cdb34912d66972db8a", "https://git.kernel.org/stable/c/0bdc4b4ba7206c452ee81c82fa66e39d0e1780fb", "https://lore.kernel.org/linux-cve-announce/2025032712-CVE-2023-53002-1f76@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53002", "https://www.cve.org/CVERecord?id=CVE-2023-53002" ], "PublishedDate": "2025-03-27T17:15:49.05Z", "LastModifiedDate": "2025-10-01T21:15:42.723Z" }, { "VulnerabilityID": "CVE-2023-53008", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53008", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b35b87ac0eed8c4a11fa7b5fefc0363be8806a067f047f8c536a3adaeb0489e5", "Title": "kernel: cifs: fix potential memory leaks in session setup", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix potential memory leaks in session setup\n\nMake sure to free cifs_ses::auth_key.response before allocating it as\nwe might end up leaking memory in reconnect or mounting.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53008", "https://git.kernel.org/linus/2fe58d977ee05da5bb89ef5dc4f5bf2dc15db46f (6.2-rc4)", "https://git.kernel.org/stable/c/2fe58d977ee05da5bb89ef5dc4f5bf2dc15db46f", "https://git.kernel.org/stable/c/893d45394dbe4b5cbf3723c19e2ccc8b93a6ac9b", "https://lore.kernel.org/linux-cve-announce/2025032714-CVE-2023-53008-415c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53008", "https://www.cve.org/CVERecord?id=CVE-2023-53008" ], "PublishedDate": "2025-03-27T17:15:49.797Z", "LastModifiedDate": "2025-10-01T21:15:43.077Z" }, { "VulnerabilityID": "CVE-2023-53009", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53009", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3cee196e8eb96a5f0f792bc4a86ff23b9c3a4fb28bbcfb9303e3de11e2c235a3", "Title": "kernel: drm/amdkfd: Add sync after creating vram bo", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Add sync after creating vram bo\n\nThere will be data corruption on vram allocated by svm\nif the initialization is not complete and application is\nwritting on the memory. Adding sync to wait for the\ninitialization completion is to resolve this issue.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53009", "https://git.kernel.org/linus/ba029e9991d9be90a28b6a0ceb25e9a6fb348829 (6.2-rc4)", "https://git.kernel.org/stable/c/92af2d3b57a1afdfdcafb1c6a07ffd89cf3e98fb", "https://git.kernel.org/stable/c/ba029e9991d9be90a28b6a0ceb25e9a6fb348829", "https://lore.kernel.org/linux-cve-announce/2025032714-CVE-2023-53009-82cd@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53009", "https://www.cve.org/CVERecord?id=CVE-2023-53009" ], "PublishedDate": "2025-03-27T17:15:49.92Z", "LastModifiedDate": "2025-10-30T16:23:48.473Z" }, { "VulnerabilityID": "CVE-2023-53010", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53010", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:54e16e816da659530360c6dc2d0cb0f9f3c97f1d6dedce4d129fc40b543535b9", "Title": "kernel: bnxt: Do not read past the end of test names", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt: Do not read past the end of test names\n\nTest names were being concatenated based on a offset beyond the end of\nthe first name, which tripped the buffer overflow detection logic:\n\n detected buffer overflow in strnlen\n [...]\n Call Trace:\n bnxt_ethtool_init.cold+0x18/0x18\n\nRefactor struct hwrm_selftest_qlist_output to use an actual array,\nand adjust the concatenation to use snprintf() rather than a series of\nstrncat() calls.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53010", "https://git.kernel.org/linus/d3e599c090fc6977331150c5f0a69ab8ce87da21 (6.2-rc5)", "https://git.kernel.org/stable/c/cefa85480ac99c0bef5a09daadb48d65fc28e279", "https://git.kernel.org/stable/c/d3e599c090fc6977331150c5f0a69ab8ce87da21", "https://lore.kernel.org/linux-cve-announce/2025032714-CVE-2023-53010-56af@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53010", "https://www.cve.org/CVERecord?id=CVE-2023-53010" ], "PublishedDate": "2025-03-27T17:15:50.03Z", "LastModifiedDate": "2025-10-30T16:20:51.15Z" }, { "VulnerabilityID": "CVE-2023-53036", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53036", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:cb5b724e67ee517fbf811cead4cd2d5d426ad7ee93c8cdb514ee26c171f8f91c", "Title": "kernel: drm/amdgpu: Fix call trace warning and hang when removing amdgpu device", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix call trace warning and hang when removing amdgpu device\n\nOn GPUs with RAS enabled, below call trace and hang are observed when\nshutting down device.\n\nv2: use DRM device unplugged flag instead of shutdown flag as the check to\nprevent memory wipe in shutdown stage.\n\n[ +0.000000] RIP: 0010:amdgpu_vram_mgr_fini+0x18d/0x1c0 [amdgpu]\n[ +0.000001] PKRU: 55555554\n[ +0.000001] Call Trace:\n[ +0.000001] \u003cTASK\u003e\n[ +0.000002] amdgpu_ttm_fini+0x140/0x1c0 [amdgpu]\n[ +0.000183] amdgpu_bo_fini+0x27/0xa0 [amdgpu]\n[ +0.000184] gmc_v11_0_sw_fini+0x2b/0x40 [amdgpu]\n[ +0.000163] amdgpu_device_fini_sw+0xb6/0x510 [amdgpu]\n[ +0.000152] amdgpu_driver_release_kms+0x16/0x30 [amdgpu]\n[ +0.000090] drm_dev_release+0x28/0x50 [drm]\n[ +0.000016] devm_drm_dev_init_release+0x38/0x60 [drm]\n[ +0.000011] devm_action_release+0x15/0x20\n[ +0.000003] release_nodes+0x40/0xc0\n[ +0.000001] devres_release_all+0x9e/0xe0\n[ +0.000001] device_unbind_cleanup+0x12/0x80\n[ +0.000003] device_release_driver_internal+0xff/0x160\n[ +0.000001] driver_detach+0x4a/0x90\n[ +0.000001] bus_remove_driver+0x6c/0xf0\n[ +0.000001] driver_unregister+0x31/0x50\n[ +0.000001] pci_unregister_driver+0x40/0x90\n[ +0.000003] amdgpu_exit+0x15/0x120 [amdgpu]", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53036", "https://git.kernel.org/linus/93bb18d2a873d2fa9625c8ea927723660a868b95 (6.3-rc2)", "https://git.kernel.org/stable/c/93bb18d2a873d2fa9625c8ea927723660a868b95", "https://git.kernel.org/stable/c/9a02dae3bbfe2df8e1c81e61a08695709e9588f9", "https://git.kernel.org/stable/c/f06b902511ea05526f405ee64da54a8313d91831", "https://lore.kernel.org/linux-cve-announce/2025050201-CVE-2023-53036-db6a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53036", "https://www.cve.org/CVERecord?id=CVE-2023-53036" ], "PublishedDate": "2025-05-02T16:15:22.733Z", "LastModifiedDate": "2025-11-12T19:10:59.69Z" }, { "VulnerabilityID": "CVE-2023-53037", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53037", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:18708986eafe03a127caba03644f64f906df797b5c19b18bc7bdbd1c389589d9", "Title": "kernel: scsi: mpi3mr: Bad drive in topology results kernel crash", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Bad drive in topology results kernel crash\n\nWhen the SAS Transport Layer support is enabled and a device exposed to\nthe OS by the driver fails INQUIRY commands, the driver frees up the memory\nallocated for an internal HBA port data structure. However, in some places,\nthe reference to the freed memory is not cleared. When the firmware sends\nthe Device Info change event for the same device again, the freed memory is\naccessed and that leads to memory corruption and OS crash.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53037", "https://git.kernel.org/linus/8e45183978d64699df639e795235433a60f35047 (6.3-rc2)", "https://git.kernel.org/stable/c/1f822ae8fb2a20fffa71e9bfa9b203c03d72d3ba", "https://git.kernel.org/stable/c/8e45183978d64699df639e795235433a60f35047", "https://git.kernel.org/stable/c/aa11e4b6cdb403b9fdef6939550f6b36dd61624d", "https://lore.kernel.org/linux-cve-announce/2025050201-CVE-2023-53037-afe2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53037", "https://www.cve.org/CVERecord?id=CVE-2023-53037" ], "PublishedDate": "2025-05-02T16:15:22.827Z", "LastModifiedDate": "2025-11-12T19:13:52.06Z" }, { "VulnerabilityID": "CVE-2023-53042", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53042", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:62f233b94539c89170001f0f1cf4a5c2a33cae8606eaf3898a4f6240536f119c", "Title": "kernel: drm/amd/display: Do not set DRR on pipe Commit", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Do not set DRR on pipe Commit\n\n[WHY]\nWriting to DRR registers such as OTG_V_TOTAL_MIN on the same frame as a\npipe commit can cause underflow.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53042", "https://git.kernel.org/linus/56574f89dbd84004c3fd6485bcaafb5aa9b8be14 (6.3-rc3)", "https://git.kernel.org/stable/c/3c20a098b507020936e02a98f4fbb924deeef44b", "https://git.kernel.org/stable/c/56574f89dbd84004c3fd6485bcaafb5aa9b8be14", "https://git.kernel.org/stable/c/f8080f1e300e7abcc03025ec8b5bab69ae98daaa", "https://lore.kernel.org/linux-cve-announce/2025050203-CVE-2023-53042-e4e8@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53042", "https://www.cve.org/CVERecord?id=CVE-2023-53042" ], "PublishedDate": "2025-05-02T16:15:23.32Z", "LastModifiedDate": "2025-11-12T19:15:48.96Z" }, { "VulnerabilityID": "CVE-2023-53068", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53068", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:dc8edf068fbe517ab2f1a9d982f461b889275fa754960039c11ee9beda83f64f", "Title": "kernel: net: usb: lan78xx: Limit packet length to skb-\u003elen", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: lan78xx: Limit packet length to skb-\u003elen\n\nPacket length retrieved from descriptor may be larger than\nthe actual socket buffer length. In such case the cloned\nskb passed up the network stack will leak kernel memory contents.\n\nAdditionally prevent integer underflow when size is less than\nETH_FCS_LEN.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53068", "https://git.kernel.org/linus/7f247f5a2c18b3f21206cdd51193df4f38e1b9f5 (6.3-rc4)", "https://git.kernel.org/stable/c/44b9ed73369fc5ec85dd2ee487e986301792a82d", "https://git.kernel.org/stable/c/7f247f5a2c18b3f21206cdd51193df4f38e1b9f5", "https://git.kernel.org/stable/c/83de34967473ed31d276381373713cc2869a42e5", "https://lore.kernel.org/linux-cve-announce/2025050212-CVE-2023-53068-0127@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53068", "https://www.cve.org/CVERecord?id=CVE-2023-53068" ], "PublishedDate": "2025-05-02T16:15:25.87Z", "LastModifiedDate": "2025-11-12T20:51:51.977Z" }, { "VulnerabilityID": "CVE-2023-53072", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53072", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f0af561647e405c95f2a8279a866a0ddd789ee1687399c3580721bd8a6eadb25", "Title": "kernel: mptcp: use the workqueue to destroy unaccepted sockets", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: use the workqueue to destroy unaccepted sockets\n\nChristoph reported a UaF at token lookup time after having\nrefactored the passive socket initialization part:\n\n BUG: KASAN: use-after-free in __token_bucket_busy+0x253/0x260\n Read of size 4 at addr ffff88810698d5b0 by task syz-executor653/3198\n\n CPU: 1 PID: 3198 Comm: syz-executor653 Not tainted 6.2.0-rc59af4eaa31c1f6c00c8f1e448ed99a45c66340dd5 #6\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x6e/0x91\n print_report+0x16a/0x46f\n kasan_report+0xad/0x130\n __token_bucket_busy+0x253/0x260\n mptcp_token_new_connect+0x13d/0x490\n mptcp_connect+0x4ed/0x860\n __inet_stream_connect+0x80e/0xd90\n tcp_sendmsg_fastopen+0x3ce/0x710\n mptcp_sendmsg+0xff1/0x1a20\n inet_sendmsg+0x11d/0x140\n __sys_sendto+0x405/0x490\n __x64_sys_sendto+0xdc/0x1b0\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nWe need to properly clean-up all the paired MPTCP-level\nresources and be sure to release the msk last, even when\nthe unaccepted subflow is destroyed by the TCP internals\nvia inet_child_forget().\n\nWe can re-use the existing MPTCP_WORK_CLOSE_SUBFLOW infra,\nexplicitly checking that for the critical scenario: the\nclosed subflow is the MPC one, the msk is not accepted and\neventually going through full cleanup.\n\nWith such change, __mptcp_destroy_sock() is always called\non msk sockets, even on accepted ones. We don't need anymore\nto transiently drop one sk reference at msk clone time.\n\nPlease note this commit depends on the parent one:\n\n mptcp: refactor passive socket initialization", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53072", "https://git.kernel.org/linus/b6985b9b82954caa53f862d6059d06c0526254f0 (6.3-rc3)", "https://git.kernel.org/stable/c/2827f099b3fb9a59263c997400e9182f5d423e84", "https://git.kernel.org/stable/c/804cf487fb0031f3c74755b78d8663333f0ba636", "https://git.kernel.org/stable/c/b6985b9b82954caa53f862d6059d06c0526254f0", "https://lore.kernel.org/linux-cve-announce/2025050213-CVE-2023-53072-4ab2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53072", "https://www.cve.org/CVERecord?id=CVE-2023-53072" ], "PublishedDate": "2025-05-02T16:15:26.237Z", "LastModifiedDate": "2025-11-12T20:50:40.05Z" }, { "VulnerabilityID": "CVE-2023-53093", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53093", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ce0f4ca6b7b16e03adec5e941d89fb4af92be3d42d759a4b816add42044ae7fe", "Title": "kernel: tracing: Do not let histogram values have some modifiers", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Do not let histogram values have some modifiers\n\nHistogram values can not be strings, stacktraces, graphs, symbols,\nsyscalls, or grouped in buckets or log. Give an error if a value is set to\ndo so.\n\nNote, the histogram code was not prepared to handle these modifiers for\nhistograms and caused a bug.\n\nMark Rutland reported:\n\n # echo 'p:copy_to_user __arch_copy_to_user n=$arg2' \u003e\u003e /sys/kernel/tracing/kprobe_events\n # echo 'hist:keys=n:vals=hitcount.buckets=8:sort=hitcount' \u003e /sys/kernel/tracing/events/kprobes/copy_to_user/trigger\n # cat /sys/kernel/tracing/events/kprobes/copy_to_user/hist\n[ 143.694628] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n[ 143.695190] Mem abort info:\n[ 143.695362] ESR = 0x0000000096000004\n[ 143.695604] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 143.695889] SET = 0, FnV = 0\n[ 143.696077] EA = 0, S1PTW = 0\n[ 143.696302] FSC = 0x04: level 0 translation fault\n[ 143.702381] Data abort info:\n[ 143.702614] ISV = 0, ISS = 0x00000004\n[ 143.702832] CM = 0, WnR = 0\n[ 143.703087] user pgtable: 4k pages, 48-bit VAs, pgdp=00000000448f9000\n[ 143.703407] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n[ 143.704137] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 143.704714] Modules linked in:\n[ 143.705273] CPU: 0 PID: 133 Comm: cat Not tainted 6.2.0-00003-g6fc512c10a7c #3\n[ 143.706138] Hardware name: linux,dummy-virt (DT)\n[ 143.706723] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 143.707120] pc : hist_field_name.part.0+0x14/0x140\n[ 143.707504] lr : hist_field_name.part.0+0x104/0x140\n[ 143.707774] sp : ffff800008333a30\n[ 143.707952] x29: ffff800008333a30 x28: 0000000000000001 x27: 0000000000400cc0\n[ 143.708429] x26: ffffd7a653b20260 x25: 0000000000000000 x24: ffff10d303ee5800\n[ 143.708776] x23: ffffd7a6539b27b0 x22: ffff10d303fb8c00 x21: 0000000000000001\n[ 143.709127] x20: ffff10d303ec2000 x19: 0000000000000000 x18: 0000000000000000\n[ 143.709478] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\n[ 143.709824] x14: 0000000000000000 x13: 203a6f666e692072 x12: 6567676972742023\n[ 143.710179] x11: 0a230a6d6172676f x10: 000000000000002c x9 : ffffd7a6521e018c\n[ 143.710584] x8 : 000000000000002c x7 : 7f7f7f7f7f7f7f7f x6 : 000000000000002c\n[ 143.710915] x5 : ffff10d303b0103e x4 : ffffd7a653b20261 x3 : 000000000000003d\n[ 143.711239] x2 : 0000000000020001 x1 : 0000000000000001 x0 : 0000000000000000\n[ 143.711746] Call trace:\n[ 143.712115] hist_field_name.part.0+0x14/0x140\n[ 143.712642] hist_field_name.part.0+0x104/0x140\n[ 143.712925] hist_field_print+0x28/0x140\n[ 143.713125] event_hist_trigger_print+0x174/0x4d0\n[ 143.713348] hist_show+0xf8/0x980\n[ 143.713521] seq_read_iter+0x1bc/0x4b0\n[ 143.713711] seq_read+0x8c/0xc4\n[ 143.713876] vfs_read+0xc8/0x2a4\n[ 143.714043] ksys_read+0x70/0xfc\n[ 143.714218] __arm64_sys_read+0x24/0x30\n[ 143.714400] invoke_syscall+0x50/0x120\n[ 143.714587] el0_svc_common.constprop.0+0x4c/0x100\n[ 143.714807] do_el0_svc+0x44/0xd0\n[ 143.714970] el0_svc+0x2c/0x84\n[ 143.715134] el0t_64_sync_handler+0xbc/0x140\n[ 143.715334] el0t_64_sync+0x190/0x194\n[ 143.715742] Code: a9bd7bfd 910003fd a90153f3 aa0003f3 (f9400000)\n[ 143.716510] ---[ end trace 0000000000000000 ]---\nSegmentation fault", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53093", "https://git.kernel.org/linus/e0213434fe3e4a0d118923dc98d31e7ff1cd9e45 (6.3-rc3)", "https://git.kernel.org/stable/c/2fc0ee435c9264cdb7c5e872f76cd9bb97640227", "https://git.kernel.org/stable/c/39cd75f2f3a43c0e2f95749eb6dd6420c553f87d", "https://git.kernel.org/stable/c/e0213434fe3e4a0d118923dc98d31e7ff1cd9e45", "https://lore.kernel.org/linux-cve-announce/2025050221-CVE-2023-53093-0791@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53093", "https://www.cve.org/CVERecord?id=CVE-2023-53093" ], "PublishedDate": "2025-05-02T16:15:28.27Z", "LastModifiedDate": "2025-11-12T21:01:19.127Z" }, { "VulnerabilityID": "CVE-2023-53105", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53105", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:46d27bd109de120eab4c93a2f591cd43911e85f77f5697b58373c81fdd3bb851", "Title": "kernel: net/mlx5e: Fix cleanup null-ptr deref on encap lock", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix cleanup null-ptr deref on encap lock\n\nDuring module is unloaded while a peer tc flow is still offloaded,\nfirst the peer uplink rep profile is changed to a nic profile, and so\nneigh encap lock is destroyed. Next during unload, the VF reps netdevs\nare unregistered which causes the original non-peer tc flow to be deleted,\nwhich deletes the peer flow. The peer flow deletion detaches the encap\nentry and try to take the already destroyed encap lock, causing the\nbelow trace.\n\nFix this by clearing peer flows during tc eswitch cleanup\n(mlx5e_tc_esw_cleanup()).\n\nRelevant trace:\n[ 4316.837128] BUG: kernel NULL pointer dereference, address: 00000000000001d8\n[ 4316.842239] RIP: 0010:__mutex_lock+0xb5/0xc40\n[ 4316.851897] Call Trace:\n[ 4316.852481] \u003cTASK\u003e\n[ 4316.857214] mlx5e_rep_neigh_entry_release+0x93/0x790 [mlx5_core]\n[ 4316.858258] mlx5e_rep_encap_entry_detach+0xa7/0xf0 [mlx5_core]\n[ 4316.859134] mlx5e_encap_dealloc+0xa3/0xf0 [mlx5_core]\n[ 4316.859867] clean_encap_dests.part.0+0x5c/0xe0 [mlx5_core]\n[ 4316.860605] mlx5e_tc_del_fdb_flow+0x32a/0x810 [mlx5_core]\n[ 4316.862609] __mlx5e_tc_del_fdb_peer_flow+0x1a2/0x250 [mlx5_core]\n[ 4316.863394] mlx5e_tc_del_flow+0x(/0x630 [mlx5_core]\n[ 4316.864090] mlx5e_flow_put+0x5f/0x100 [mlx5_core]\n[ 4316.864771] mlx5e_delete_flower+0x4de/0xa40 [mlx5_core]\n[ 4316.865486] tc_setup_cb_reoffload+0x20/0x80\n[ 4316.865905] fl_reoffload+0x47c/0x510 [cls_flower]\n[ 4316.869181] tcf_block_playback_offloads+0x91/0x1d0\n[ 4316.869649] tcf_block_unbind+0xe7/0x1b0\n[ 4316.870049] tcf_block_offload_cmd.isra.0+0x1ee/0x270\n[ 4316.879266] tcf_block_offload_unbind+0x61/0xa0\n[ 4316.879711] __tcf_block_put+0xa4/0x310", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53105", "https://git.kernel.org/linus/c9668f0b1d28570327dbba189f2c61f6f9e43ae7 (6.3-rc3)", "https://git.kernel.org/stable/c/01fdaea410787fe372daeaeda93a29ed0606d334", "https://git.kernel.org/stable/c/b7350f8dbe0c2a1d4d3ad7c35b610abd3cb91750", "https://git.kernel.org/stable/c/c9668f0b1d28570327dbba189f2c61f6f9e43ae7", "https://lore.kernel.org/linux-cve-announce/2025050225-CVE-2023-53105-7c94@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53105", "https://www.cve.org/CVERecord?id=CVE-2023-53105" ], "PublishedDate": "2025-05-02T16:15:29.43Z", "LastModifiedDate": "2025-11-10T17:54:56.077Z" }, { "VulnerabilityID": "CVE-2023-53115", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53115", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1d1cabdf2f9a13b2101db699e0ec1e38db88567c2dfe9aceb84f1337af55ccf9", "Title": "kernel: scsi: mpi3mr: Fix memory leaks in mpi3mr_init_ioc()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Fix memory leaks in mpi3mr_init_ioc()\n\nDon't allocate memory again when IOC is being reinitialized.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53115", "https://git.kernel.org/linus/c798304470cab88723d895726d17fcb96472e0e9 (6.3-rc3)", "https://git.kernel.org/stable/c/5aab9342f12f980b64617a034d121efbbf09100a", "https://git.kernel.org/stable/c/7277b4eec2f25a0653646ba95b1f25fa16be1d6c", "https://git.kernel.org/stable/c/c798304470cab88723d895726d17fcb96472e0e9", "https://lore.kernel.org/linux-cve-announce/2025050229-CVE-2023-53115-0a1f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53115", "https://www.cve.org/CVERecord?id=CVE-2023-53115" ], "PublishedDate": "2025-05-02T16:15:30.59Z", "LastModifiedDate": "2025-11-10T17:52:31.233Z" }, { "VulnerabilityID": "CVE-2023-53149", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53149", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:126872a92ce9e1ba7bc0b43c53b22d2b7d0eb33083eb8478922976035ecf6035", "Title": "kernel: ext4: avoid deadlock in fs reclaim with page writeback", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid deadlock in fs reclaim with page writeback\n\nExt4 has a filesystem wide lock protecting ext4_writepages() calls to\navoid races with switching of journalled data flag or inode format. This\nlock can however cause a deadlock like:\n\nCPU0 CPU1\n\next4_writepages()\n percpu_down_read(sbi-\u003es_writepages_rwsem);\n ext4_change_inode_journal_flag()\n percpu_down_write(sbi-\u003es_writepages_rwsem);\n - blocks, all readers block from now on\n ext4_do_writepages()\n ext4_init_io_end()\n kmem_cache_zalloc(io_end_cachep, GFP_KERNEL)\n fs_reclaim frees dentry...\n dentry_unlink_inode()\n iput() - last ref =\u003e\n iput_final() - inode dirty =\u003e\n write_inode_now()...\n ext4_writepages() tries to acquire sbi-\u003es_writepages_rwsem\n and blocks forever\n\nMake sure we cannot recurse into filesystem reclaim from writeback code\nto avoid the deadlock.", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53149", "https://git.kernel.org/linus/00d873c17e29cc32d90ca852b82685f1673acaa5 (6.4-rc2)", "https://git.kernel.org/stable/c/00d873c17e29cc32d90ca852b82685f1673acaa5", "https://git.kernel.org/stable/c/2ec97dc90df40c50e509809dc9a198638a7e18b6", "https://git.kernel.org/stable/c/4b4340bf04ce9a52061f15000ecedd126abc093c", "https://lore.kernel.org/linux-cve-announce/2025091552-CVE-2023-53149-2f0a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53149", "https://www.cve.org/CVERecord?id=CVE-2023-53149" ], "PublishedDate": "2025-09-15T14:15:37.393Z", "LastModifiedDate": "2025-11-25T17:03:43Z" }, { "VulnerabilityID": "CVE-2023-53152", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53152", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:dda92258baf6cfda44ae7226737a9b1ace9ae69e8024b6d56d8631f16f67a1a6", "Title": "kernel: drm/amdgpu: fix calltrace warning in amddrm_buddy_fini", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix calltrace warning in amddrm_buddy_fini\n\nThe following call trace is observed when removing the amdgpu driver, which\nis caused by that BOs allocated for psp are not freed until removing.\n\n[61811.450562] RIP: 0010:amddrm_buddy_fini.cold+0x29/0x47 [amddrm_buddy]\n[61811.450577] Call Trace:\n[61811.450577] \u003cTASK\u003e\n[61811.450579] amdgpu_vram_mgr_fini+0x135/0x1c0 [amdgpu]\n[61811.450728] amdgpu_ttm_fini+0x207/0x290 [amdgpu]\n[61811.450870] amdgpu_bo_fini+0x27/0xa0 [amdgpu]\n[61811.451012] gmc_v9_0_sw_fini+0x4a/0x60 [amdgpu]\n[61811.451166] amdgpu_device_fini_sw+0x117/0x520 [amdgpu]\n[61811.451306] amdgpu_driver_release_kms+0x16/0x30 [amdgpu]\n[61811.451447] devm_drm_dev_init_release+0x4d/0x80 [drm]\n[61811.451466] devm_action_release+0x15/0x20\n[61811.451469] release_nodes+0x40/0xb0\n[61811.451471] devres_release_all+0x9b/0xd0\n[61811.451473] __device_release_driver+0x1bb/0x2a0\n[61811.451476] driver_detach+0xf3/0x140\n[61811.451479] bus_remove_driver+0x6c/0xf0\n[61811.451481] driver_unregister+0x31/0x60\n[61811.451483] pci_unregister_driver+0x40/0x90\n[61811.451486] amdgpu_exit+0x15/0x447 [amdgpu]\n\nFor smu v13_0_2, if the GPU supports xgmi, refer to\n\ncommit f5c7e7797060 (\"drm/amdgpu: Adjust removal control flow for smu v13_0_2\"),\n\nit will run gpu recover in AMDGPU_RESET_FOR_DEVICE_REMOVE mode when removing,\nwhich makes all devices in hive list have hw reset but no resume except the\nbasic ip blocks, then other ip blocks will not call .hw_fini according to\nip_block.status.hw.\n\nSince psp_free_shared_bufs just includes some software operations, so move\nit to psp_sw_fini.", "Severity": "MEDIUM", "CweIDs": [ "CWE-772" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53152", "https://git.kernel.org/linus/01382501509871d0799bab6bd412c228486af5bf (6.5-rc1)", "https://git.kernel.org/stable/c/01382501509871d0799bab6bd412c228486af5bf", "https://git.kernel.org/stable/c/756d674117f5c451f415d1c4046b927052a90c14", "https://git.kernel.org/stable/c/ab6f446c220db0c131f2071846afd835799be0fb", "https://lore.kernel.org/linux-cve-announce/2025091552-CVE-2023-53152-130d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53152", "https://www.cve.org/CVERecord?id=CVE-2023-53152" ], "PublishedDate": "2025-09-15T14:15:37.753Z", "LastModifiedDate": "2025-11-24T21:01:16.823Z" }, { "VulnerabilityID": "CVE-2023-53168", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53168", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5110b3e8e4e60c7649f319f1ad4521180b73c4c1f965c78ddc661f415ef1d475", "Title": "kernel: usb: ucsi_acpi: Increase the command completion timeout", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: ucsi_acpi: Increase the command completion timeout\n\nCommit 130a96d698d7 (\"usb: typec: ucsi: acpi: Increase command\ncompletion timeout value\") increased the timeout from 5 seconds\nto 60 seconds due to issues related to alternate mode discovery.\n\nAfter the alternate mode discovery switch to polled mode\nthe timeout was reduced, but instead of being set back to\n5 seconds it was reduced to 1 second.\n\nThis is causing problems when using a Lenovo ThinkPad X1 yoga gen7\nconnected over Type-C to a LG 27UL850-W (charging DP over Type-C).\n\nWhen the monitor is already connected at boot the following error\nis logged: \"PPM init failed (-110)\", /sys/class/typec is empty and\non unplugging the NULL pointer deref fixed earlier in this series\nhappens.\n\nWhen the monitor is connected after boot the following error\nis logged instead: \"GET_CONNECTOR_STATUS failed (-110)\".\n\nSetting the timeout back to 5 seconds fixes both cases.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53168", "https://git.kernel.org/linus/02d210f434249a7edbc160969b75df030dc6934d (6.3-rc4)", "https://git.kernel.org/stable/c/02d210f434249a7edbc160969b75df030dc6934d", "https://git.kernel.org/stable/c/1e8525f37871741a52370627633962f8bdcab15a", "https://git.kernel.org/stable/c/8346d21d1d8a63f46f60e6899f4f80b1306acf32", "https://lore.kernel.org/linux-cve-announce/2025091554-CVE-2023-53168-7628@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53168", "https://www.cve.org/CVERecord?id=CVE-2023-53168" ], "PublishedDate": "2025-09-15T14:15:38.58Z", "LastModifiedDate": "2025-11-24T21:02:45.563Z" }, { "VulnerabilityID": "CVE-2023-53178", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53178", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:22089abe0ab50d0f9726104287377aba5ea331bfb406d3e881cfef50ac28c0ad", "Title": "kernel: mm: fix zswap writeback race condition", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: fix zswap writeback race condition\n\nThe zswap writeback mechanism can cause a race condition resulting in\nmemory corruption, where a swapped out page gets swapped in with data that\nwas written to a different page.\n\nThe race unfolds like this:\n1. a page with data A and swap offset X is stored in zswap\n2. page A is removed off the LRU by zpool driver for writeback in\n zswap-shrink work, data for A is mapped by zpool driver\n3. user space program faults and invalidates page entry A, offset X is\n considered free\n4. kswapd stores page B at offset X in zswap (zswap could also be\n full, if so, page B would then be IOed to X, then skip step 5.)\n5. entry A is replaced by B in tree-\u003erbroot, this doesn't affect the\n local reference held by zswap-shrink work\n6. zswap-shrink work writes back A at X, and frees zswap entry A\n7. swapin of slot X brings A in memory instead of B\n\nThe fix:\nOnce the swap page cache has been allocated (case ZSWAP_SWAPCACHE_NEW),\nzswap-shrink work just checks that the local zswap_entry reference is\nstill the same as the one in the tree. If it's not the same it means that\nit's either been invalidated or replaced, in both cases the writeback is\naborted because the local entry contains stale data.\n\nReproducer:\nI originally found this by running `stress` overnight to validate my work\non the zswap writeback mechanism, it manifested after hours on my test\nmachine. The key to make it happen is having zswap writebacks, so\nwhatever setup pumps /sys/kernel/debug/zswap/written_back_pages should do\nthe trick.\n\nIn order to reproduce this faster on a vm, I setup a system with ~100M of\navailable memory and a 500M swap file, then running `stress --vm 1\n--vm-bytes 300000000 --vm-stride 4000` makes it happen in matter of tens\nof minutes. One can speed things up even more by swinging\n/sys/module/zswap/parameters/max_pool_percent up and down between, say, 20\nand 1; this makes it reproduce in tens of seconds. It's crucial to set\n`--vm-stride` to something other than 4096 otherwise `stress` won't\nrealize that memory has been corrupted because all pages would have the\nsame data.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "alma": 2, "amazon": 3, "nvd": 2, "oracle-oval": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "V3Score": 7.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:19932", "https://access.redhat.com/security/cve/CVE-2023-53178", "https://bugzilla.redhat.com/2394627", "https://bugzilla.redhat.com/2395358", "https://bugzilla.redhat.com/2396114", "https://errata.almalinux.org/8/ALSA-2025-19932.html", "https://git.kernel.org/linus/04fc7816089c5a32c29a04ec94b998e219dfb946 (6.4-rc3)", "https://git.kernel.org/stable/c/04fc7816089c5a32c29a04ec94b998e219dfb946", "https://git.kernel.org/stable/c/2cab13f500a6333bd2b853783ac76be9e4956f8a", "https://git.kernel.org/stable/c/ba700ea13bf0105a4773c654f7d3bef8adb64ab2", "https://linux.oracle.com/cve/CVE-2023-53178.html", "https://linux.oracle.com/errata/ELSA-2025-23947.html", "https://lore.kernel.org/linux-cve-announce/2025091555-CVE-2023-53178-9d27@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53178", "https://www.cve.org/CVERecord?id=CVE-2023-53178" ], "PublishedDate": "2025-09-15T14:15:39.803Z", "LastModifiedDate": "2025-12-02T02:57:41.047Z" }, { "VulnerabilityID": "CVE-2023-53180", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53180", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:eefeac5b14075fda4778f34a8b13d42bba1b7c04ad2567ce7b55e8459d30d1f7", "Title": "kernel: wifi: ath12k: Avoid NULL pointer access during management transmit cleanup", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Avoid NULL pointer access during management transmit cleanup\n\nCurrently 'ar' reference is not added in skb_cb.\nThough this is generally not used during transmit completion\ncallbacks, on interface removal the remaining idr cleanup callback\nuses the ar pointer from skb_cb from management txmgmt_idr. Hence fill them\nduring transmit call for proper usage to avoid NULL pointer dereference.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53180", "https://git.kernel.org/linus/054b5580a36e435692c203c19abdcb9f7734320e (6.5-rc1)", "https://git.kernel.org/stable/c/054b5580a36e435692c203c19abdcb9f7734320e", "https://git.kernel.org/stable/c/7382d02160ef93c806fe1c1d4ef1fec445266747", "https://lore.kernel.org/linux-cve-announce/2025091556-CVE-2023-53180-5e16@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53180", "https://www.cve.org/CVERecord?id=CVE-2023-53180" ], "PublishedDate": "2025-09-15T14:15:40.057Z", "LastModifiedDate": "2025-12-02T02:57:51.23Z" }, { "VulnerabilityID": "CVE-2023-53187", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53187", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:96c2ceef5d1a697ad515ce489ba02e47c3d0e2f62a117464325898b820f2276f", "Title": "kernel: btrfs: fix use-after-free of new block group that became unused", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix use-after-free of new block group that became unused\n\nIf a task creates a new block group and that block group becomes unused\nbefore we finish its creation, at btrfs_create_pending_block_groups(),\nthen when btrfs_mark_bg_unused() is called against the block group, we\nassume that the block group is currently in the list of block groups to\nreclaim, and we move it out of the list of new block groups and into the\nlist of unused block groups. This has two consequences:\n\n1) We move it out of the list of new block groups associated to the\n current transaction. So the block group creation is not finished and\n if we attempt to delete the bg because it's unused, we will not find\n the block group item in the extent tree (or the new block group tree),\n its device extent items in the device tree etc, resulting in the\n deletion to fail due to the missing items;\n\n2) We don't increment the reference count on the block group when we\n move it to the list of unused block groups, because we assumed the\n block group was on the list of block groups to reclaim, and in that\n case it already has the correct reference count. However the block\n group was on the list of new block groups, in which case no extra\n reference was taken because it's local to the current task. This\n later results in doing an extra reference count decrement when\n removing the block group from the unused list, eventually leading the\n reference count to 0.\n\nThis second case was caught when running generic/297 from fstests, which\nproduced the following assertion failure and stack trace:\n\n [589.559] assertion failed: refcount_read(\u0026block_group-\u003erefs) == 1, in fs/btrfs/block-group.c:4299\n [589.559] ------------[ cut here ]------------\n [589.559] kernel BUG at fs/btrfs/block-group.c:4299!\n [589.560] invalid opcode: 0000 [#1] PREEMPT SMP PTI\n [589.560] CPU: 8 PID: 2819134 Comm: umount Tainted: G W 6.4.0-rc6-btrfs-next-134+ #1\n [589.560] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-0-gea1b7a073390-prebuilt.qemu.org 04/01/2014\n [589.560] RIP: 0010:btrfs_free_block_groups+0x449/0x4a0 [btrfs]\n [589.561] Code: 68 62 da c0 (...)\n [589.561] RSP: 0018:ffffa55a8c3b3d98 EFLAGS: 00010246\n [589.561] RAX: 0000000000000058 RBX: ffff8f030d7f2000 RCX: 0000000000000000\n [589.562] RDX: 0000000000000000 RSI: ffffffff953f0878 RDI: 00000000ffffffff\n [589.562] RBP: ffff8f030d7f2088 R08: 0000000000000000 R09: ffffa55a8c3b3c50\n [589.562] R10: 0000000000000001 R11: 0000000000000001 R12: ffff8f05850b4c00\n [589.562] R13: ffff8f030d7f2090 R14: ffff8f05850b4cd8 R15: dead000000000100\n [589.563] FS: 00007f497fd2e840(0000) GS:ffff8f09dfc00000(0000) knlGS:0000000000000000\n [589.563] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [589.563] CR2: 00007f497ff8ec10 CR3: 0000000271472006 CR4: 0000000000370ee0\n [589.563] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n [589.564] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n [589.564] Call Trace:\n [589.564] \u003cTASK\u003e\n [589.565] ? __die_body+0x1b/0x60\n [589.565] ? die+0x39/0x60\n [589.565] ? do_trap+0xeb/0x110\n [589.565] ? btrfs_free_block_groups+0x449/0x4a0 [btrfs]\n [589.566] ? do_error_trap+0x6a/0x90\n [589.566] ? btrfs_free_block_groups+0x449/0x4a0 [btrfs]\n [589.566] ? exc_invalid_op+0x4e/0x70\n [589.566] ? btrfs_free_block_groups+0x449/0x4a0 [btrfs]\n [589.567] ? asm_exc_invalid_op+0x16/0x20\n [589.567] ? btrfs_free_block_groups+0x449/0x4a0 [btrfs]\n [589.567] ? btrfs_free_block_groups+0x449/0x4a0 [btrfs]\n [589.567] close_ctree+0x35d/0x560 [btrfs]\n [589.568] ? fsnotify_sb_delete+0x13e/0x1d0\n [589.568] ? dispose_list+0x3a/0x50\n [589.568] ? evict_inodes+0x151/0x1a0\n [589.568] generic_shutdown_super+0x73/0x1a0\n [589.569] kill_anon_super+0x14/0x30\n [589.569] btrfs_kill_super+0x12/0x20 [btrfs]\n [589.569] deactivate_locked\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53187", "https://git.kernel.org/linus/0657b20c5a76c938612f8409735a8830d257866e (6.5-rc3)", "https://git.kernel.org/stable/c/0657b20c5a76c938612f8409735a8830d257866e", "https://git.kernel.org/stable/c/6297644db23f77c02ae7961cc542d162629ae2c4", "https://git.kernel.org/stable/c/7569c4294ba6ff9f194635b14876198f8a687c4a", "https://lore.kernel.org/linux-cve-announce/2025091557-CVE-2023-53187-fb77@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53187", "https://www.cve.org/CVERecord?id=CVE-2023-53187" ], "PublishedDate": "2025-09-15T14:15:40.907Z", "LastModifiedDate": "2025-12-02T02:55:45.26Z" }, { "VulnerabilityID": "CVE-2023-53198", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53198", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:70feac3b7b5b347763a5a38d5bd62c4e5a7ae800b5996302bcf739a732fd721c", "Title": "kernel: raw: Fix NULL deref in raw_get_next()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nraw: Fix NULL deref in raw_get_next().\n\nDae R. Jeong reported a NULL deref in raw_get_next() [0].\n\nIt seems that the repro was running these sequences in parallel so\nthat one thread was iterating on a socket that was being freed in\nanother netns.\n\n unshare(0x40060200)\n r0 = syz_open_procfs(0x0, \u0026(0x7f0000002080)='net/raw\\x00')\n socket$inet_icmp_raw(0x2, 0x3, 0x1)\n pread64(r0, \u0026(0x7f0000000000)=\"\"/10, 0xa, 0x10000000007f)\n\nAfter commit 0daf07e52709 (\"raw: convert raw sockets to RCU\"), we\nuse RCU and hlist_nulls_for_each_entry() to iterate over SOCK_RAW\nsockets. However, we should use spinlock for slow paths to avoid\nthe NULL deref.\n\nAlso, SOCK_RAW does not use SLAB_TYPESAFE_BY_RCU, and the slab object\nis not reused during iteration in the grace period. In fact, the\nlockless readers do not check the nulls marker with get_nulls_value().\nSo, SOCK_RAW should use hlist instead of hlist_nulls.\n\nInstead of adding an unnecessary barrier by sk_nulls_for_each_rcu(),\nlet's convert hlist_nulls to hlist and use sk_for_each_rcu() for\nfast paths and sk_for_each() and spinlock for /proc/net/raw.\n\n[0]:\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]\nCPU: 2 PID: 20952 Comm: syz-executor.0 Not tainted 6.2.0-g048ec869bafd-dirty #7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\nRIP: 0010:read_pnet include/net/net_namespace.h:383 [inline]\nRIP: 0010:sock_net include/net/sock.h:649 [inline]\nRIP: 0010:raw_get_next net/ipv4/raw.c:974 [inline]\nRIP: 0010:raw_get_idx net/ipv4/raw.c:986 [inline]\nRIP: 0010:raw_seq_start+0x431/0x800 net/ipv4/raw.c:995\nCode: ef e8 33 3d 94 f7 49 8b 6d 00 4c 89 ef e8 b7 65 5f f7 49 89 ed 49 83 c5 98 0f 84 9a 00 00 00 48 83 c5 c8 48 89 e8 48 c1 e8 03 \u003c42\u003e 80 3c 30 00 74 08 48 89 ef e8 00 3d 94 f7 4c 8b 7d 00 48 89 ef\nRSP: 0018:ffffc9001154f9b0 EFLAGS: 00010206\nRAX: 0000000000000005 RBX: 1ffff1100302c8fd RCX: 0000000000000000\nRDX: 0000000000000028 RSI: ffffc9001154f988 RDI: ffffc9000f77a338\nRBP: 0000000000000029 R08: ffffffff8a50ffb4 R09: fffffbfff24b6bd9\nR10: fffffbfff24b6bd9 R11: 0000000000000000 R12: ffff88801db73b78\nR13: fffffffffffffff9 R14: dffffc0000000000 R15: 0000000000000030\nFS: 00007f843ae8e700(0000) GS:ffff888063700000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000055bb9614b35f CR3: 000000003c672000 CR4: 00000000003506e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n seq_read_iter+0x4c6/0x10f0 fs/seq_file.c:225\n seq_read+0x224/0x320 fs/seq_file.c:162\n pde_read fs/proc/inode.c:316 [inline]\n proc_reg_read+0x23f/0x330 fs/proc/inode.c:328\n vfs_read+0x31e/0xd30 fs/read_write.c:468\n ksys_pread64 fs/read_write.c:665 [inline]\n __do_sys_pread64 fs/read_write.c:675 [inline]\n __se_sys_pread64 fs/read_write.c:672 [inline]\n __x64_sys_pread64+0x1e9/0x280 fs/read_write.c:672\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x4e/0xa0 arch/x86/entry/common.c:82\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x478d29\nCode: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f843ae8dbe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000011\nRAX: ffffffffffffffda RBX: 0000000000791408 RCX: 0000000000478d29\nRDX: 000000000000000a RSI: 0000000020000000 RDI: 0000000000000003\nRBP: 00000000f477909a R08: 0000000000000000 R09: 0000000000000000\nR10: 000010000000007f R11: 0000000000000246 R12: 0000000000791740\nR13: 0000000000791414 R14: 0000000000791408 R15: 00007ffc2eb48a50\n \u003c/TASK\u003e\nModules linked in:\n---[ end trace 0000000000000000 ]---\nRIP: 0010\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53198", "https://git.kernel.org/linus/0a78cf7264d29abeca098eae0b188a10aabc8a32 (6.3-rc6)", "https://git.kernel.org/stable/c/0a78cf7264d29abeca098eae0b188a10aabc8a32", "https://git.kernel.org/stable/c/67daeaecd70ef20ab540c21739d3f633734967a1", "https://git.kernel.org/stable/c/b34056bedf04d08ef24f713a7f93bad1274a838d", "https://lore.kernel.org/linux-cve-announce/2025091559-CVE-2023-53198-094a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53198", "https://www.cve.org/CVERecord?id=CVE-2023-53198" ], "PublishedDate": "2025-09-15T14:15:42.223Z", "LastModifiedDate": "2025-12-02T19:19:05.83Z" }, { "VulnerabilityID": "CVE-2023-53209", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53209", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:91ba66f54e285e73bfe5f37b6bfa1f55a1213ed478c924f49a149510296c853c", "Title": "kernel: wifi: mac80211_hwsim: Fix possible NULL dereference", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211_hwsim: Fix possible NULL dereference\n\nIn a call to mac80211_hwsim_select_tx_link() the sta pointer might\nbe NULL, thus need to check that it is not NULL before accessing it.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53209", "https://git.kernel.org/linus/0cc80943ef518a1c51a1111e9346d1daf11dd545 (6.5-rc1)", "https://git.kernel.org/stable/c/0cc80943ef518a1c51a1111e9346d1daf11dd545", "https://git.kernel.org/stable/c/a8a20fed3e05b3a6866c5c58855deaf3c217ccd6", "https://git.kernel.org/stable/c/d0124848c7940aba73492e282506b32a13f2e30e", "https://lore.kernel.org/linux-cve-announce/2025091510-CVE-2023-53209-ed9e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53209", "https://www.cve.org/CVERecord?id=CVE-2023-53209" ], "PublishedDate": "2025-09-15T15:15:47.437Z", "LastModifiedDate": "2026-01-14T18:16:28.617Z" }, { "VulnerabilityID": "CVE-2023-53218", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53218", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:be501007a349920b184762e1c323772b92518d27cd417a444811fa7b68aba889", "Title": "kernel: rxrpc: Make it so that a waiting process can be aborted", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Make it so that a waiting process can be aborted\n\nWhen sendmsg() creates an rxrpc call, it queues it to wait for a connection\nand channel to be assigned and then waits before it can start shovelling\ndata as the encrypted DATA packet content includes a summary of the\nconnection parameters.\n\nHowever, sendmsg() may get interrupted before a connection gets assigned\nand further sendmsg() calls will fail with EBUSY until an assignment is\nmade.\n\nFix this so that the call can at least be aborted without failing on\nEBUSY. We have to be careful here as sendmsg() mustn't be allowed to start\nthe call timer if the call doesn't yet have a connection assigned as an\noops may follow shortly thereafter.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53218", "https://git.kernel.org/linus/0eb362d254814ce04848730bf32e75b8ee1a4d6c (6.4-rc1)", "https://git.kernel.org/stable/c/0eb362d254814ce04848730bf32e75b8ee1a4d6c", "https://git.kernel.org/stable/c/7161cf61c64e9e9413d790f2fa2b9dada71a2249", "https://git.kernel.org/stable/c/876d96faacbc407daf4978d7ec95051b68f5344a", "https://lore.kernel.org/linux-cve-announce/2025091512-CVE-2023-53218-0fca@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53218", "https://www.cve.org/CVERecord?id=CVE-2023-53218" ], "PublishedDate": "2025-09-15T15:15:48.51Z", "LastModifiedDate": "2026-01-14T18:16:29.897Z" }, { "VulnerabilityID": "CVE-2023-53221", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53221", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e2ac89816edd735fa3d95e1dce62990d0b938207f601db5b1d57f2618e7f66b1", "Title": "kernel: bpf: Fix memleak due to fentry attach failure", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix memleak due to fentry attach failure\n\nIf it fails to attach fentry, the allocated bpf trampoline image will be\nleft in the system. That can be verified by checking /proc/kallsyms.\n\nThis meamleak can be verified by a simple bpf program as follows:\n\n SEC(\"fentry/trap_init\")\n int fentry_run()\n {\n return 0;\n }\n\nIt will fail to attach trap_init because this function is freed after\nkernel init, and then we can find the trampoline image is left in the\nsystem by checking /proc/kallsyms.\n\n $ tail /proc/kallsyms\n ffffffffc0613000 t bpf_trampoline_6442453466_1 [bpf]\n ffffffffc06c3000 t bpf_trampoline_6442453466_1 [bpf]\n\n $ bpftool btf dump file /sys/kernel/btf/vmlinux | grep \"FUNC 'trap_init'\"\n [2522] FUNC 'trap_init' type_id=119 linkage=static\n\n $ echo $((6442453466 \u0026 0x7fffffff))\n 2522\n\nNote that there are two left bpf trampoline images, that is because the\nlibbpf will fallback to raw tracepoint if -EINVAL is returned.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53221", "https://git.kernel.org/linus/108598c39eefbedc9882273ac0df96127a629220 (6.5-rc1)", "https://git.kernel.org/stable/c/108598c39eefbedc9882273ac0df96127a629220", "https://git.kernel.org/stable/c/20109ddd5bea2c24d790debf5d02584ef24c3f5e", "https://git.kernel.org/stable/c/6aa27775db63ba8c7c73891c7dfb71ddc230c48d", "https://git.kernel.org/stable/c/f72c67d1a82dada7d6d504c806e111e913721a30", "https://lore.kernel.org/linux-cve-announce/2025091513-CVE-2023-53221-c23e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53221", "https://www.cve.org/CVERecord?id=CVE-2023-53221" ], "PublishedDate": "2025-09-15T15:15:48.873Z", "LastModifiedDate": "2026-01-14T18:16:31.613Z" }, { "VulnerabilityID": "CVE-2023-53231", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53231", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:27d4c13a7be255e423f835fe9199eb30d4f90dc152867fd4231cdbf8b901786c", "Title": "kernel: erofs: Fix detection of atomic context", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: Fix detection of atomic context\n\nCurrent check for atomic context is not sufficient as\nz_erofs_decompressqueue_endio can be called under rcu lock\nfrom blk_mq_flush_plug_list(). See the stacktrace [1]\n\nIn such case we should hand off the decompression work for async\nprocessing rather than trying to do sync decompression in current\ncontext. Patch fixes the detection by checking for\nrcu_read_lock_any_held() and while at it use more appropriate\n!in_task() check than in_atomic().\n\nBackground: Historically erofs would always schedule a kworker for\ndecompression which would incur the scheduling cost regardless of\nthe context. But z_erofs_decompressqueue_endio() may not always\nbe in atomic context and we could actually benefit from doing the\ndecompression in z_erofs_decompressqueue_endio() if we are in\nthread context, for example when running with dm-verity.\nThis optimization was later added in patch [2] which has shown\nimprovement in performance benchmarks.\n\n==============================================\n[1] Problem stacktrace\n[name:core\u0026]BUG: sleeping function called from invalid context at kernel/locking/mutex.c:291\n[name:core\u0026]in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 1615, name: CpuMonitorServi\n[name:core\u0026]preempt_count: 0, expected: 0\n[name:core\u0026]RCU nest depth: 1, expected: 0\nCPU: 7 PID: 1615 Comm: CpuMonitorServi Tainted: G S W OE 6.1.25-android14-5-maybe-dirty-mainline #1\nHardware name: MT6897 (DT)\nCall trace:\n dump_backtrace+0x108/0x15c\n show_stack+0x20/0x30\n dump_stack_lvl+0x6c/0x8c\n dump_stack+0x20/0x48\n __might_resched+0x1fc/0x308\n __might_sleep+0x50/0x88\n mutex_lock+0x2c/0x110\n z_erofs_decompress_queue+0x11c/0xc10\n z_erofs_decompress_kickoff+0x110/0x1a4\n z_erofs_decompressqueue_endio+0x154/0x180\n bio_endio+0x1b0/0x1d8\n __dm_io_complete+0x22c/0x280\n clone_endio+0xe4/0x280\n bio_endio+0x1b0/0x1d8\n blk_update_request+0x138/0x3a4\n blk_mq_plug_issue_direct+0xd4/0x19c\n blk_mq_flush_plug_list+0x2b0/0x354\n __blk_flush_plug+0x110/0x160\n blk_finish_plug+0x30/0x4c\n read_pages+0x2fc/0x370\n page_cache_ra_unbounded+0xa4/0x23c\n page_cache_ra_order+0x290/0x320\n do_sync_mmap_readahead+0x108/0x2c0\n filemap_fault+0x19c/0x52c\n __do_fault+0xc4/0x114\n handle_mm_fault+0x5b4/0x1168\n do_page_fault+0x338/0x4b4\n do_translation_fault+0x40/0x60\n do_mem_abort+0x60/0xc8\n el0_da+0x4c/0xe0\n el0t_64_sync_handler+0xd4/0xfc\n el0t_64_sync+0x1a0/0x1a4\n\n[2] Link: https://lore.kernel.org/all/20210317035448.13921-1-huangjianan@oppo.com/", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53231", "https://git.kernel.org/linus/12d0a24afd9ea58e581ea64d64e066f2027b28d9 (6.5-rc1)", "https://git.kernel.org/stable/c/12d0a24afd9ea58e581ea64d64e066f2027b28d9", "https://git.kernel.org/stable/c/597fb60c75132719687e173b75cab8f6eb1ca657", "https://lore.kernel.org/linux-cve-announce/2025091514-CVE-2023-53231-7743@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53231", "https://www.cve.org/CVERecord?id=CVE-2023-53231" ], "PublishedDate": "2025-09-15T15:15:50.063Z", "LastModifiedDate": "2026-01-14T18:16:34.1Z" }, { "VulnerabilityID": "CVE-2023-53240", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53240", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6e268182b1b8ebee4be9ab2e347c36cce9b003718779bf7124f7fe4be2d72fce", "Title": "kernel: xsk: check IFF_UP earlier in Tx path", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: check IFF_UP earlier in Tx path\n\nXsk Tx can be triggered via either sendmsg() or poll() syscalls. These\ntwo paths share a call to common function xsk_xmit() which has two\nsanity checks within. A pseudo code example to show the two paths:\n\n__xsk_sendmsg() : xsk_poll():\nif (unlikely(!xsk_is_bound(xs))) if (unlikely(!xsk_is_bound(xs)))\n return -ENXIO; return mask;\nif (unlikely(need_wait)) (...)\n return -EOPNOTSUPP; xsk_xmit()\nmark napi id\n(...)\nxsk_xmit()\n\nxsk_xmit():\nif (unlikely(!(xs-\u003edev-\u003eflags \u0026 IFF_UP)))\n\treturn -ENETDOWN;\nif (unlikely(!xs-\u003etx))\n\treturn -ENOBUFS;\n\nAs it can be observed above, in sendmsg() napi id can be marked on\ninterface that was not brought up and this causes a NULL ptr\ndereference:\n\n[31757.505631] BUG: kernel NULL pointer dereference, address: 0000000000000018\n[31757.512710] #PF: supervisor read access in kernel mode\n[31757.517936] #PF: error_code(0x0000) - not-present page\n[31757.523149] PGD 0 P4D 0\n[31757.525726] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[31757.530154] CPU: 26 PID: 95641 Comm: xdpsock Not tainted 6.2.0-rc5+ #40\n[31757.536871] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0008.031920191559 03/19/2019\n[31757.547457] RIP: 0010:xsk_sendmsg+0xde/0x180\n[31757.551799] Code: 00 75 a2 48 8b 00 a8 04 75 9b 84 d2 74 69 8b 85 14 01 00 00 85 c0 75 1b 48 8b 85 28 03 00 00 48 8b 80 98 00 00 00 48 8b 40 20 \u003c8b\u003e 40 18 89 85 14 01 00 00 8b bd 14 01 00 00 81 ff 00 01 00 00 0f\n[31757.570840] RSP: 0018:ffffc90034f27dc0 EFLAGS: 00010246\n[31757.576143] RAX: 0000000000000000 RBX: ffffc90034f27e18 RCX: 0000000000000000\n[31757.583389] RDX: 0000000000000001 RSI: ffffc90034f27e18 RDI: ffff88984cf3c100\n[31757.590631] RBP: ffff88984714a800 R08: ffff88984714a800 R09: 0000000000000000\n[31757.597877] R10: 0000000000000001 R11: 0000000000000000 R12: 00000000fffffffa\n[31757.605123] R13: 0000000000000000 R14: 0000000000000003 R15: 0000000000000000\n[31757.612364] FS: 00007fb4c5931180(0000) GS:ffff88afdfa00000(0000) knlGS:0000000000000000\n[31757.620571] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[31757.626406] CR2: 0000000000000018 CR3: 000000184b41c003 CR4: 00000000007706e0\n[31757.633648] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[31757.640894] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[31757.648139] PKRU: 55555554\n[31757.650894] Call Trace:\n[31757.653385] \u003cTASK\u003e\n[31757.655524] sock_sendmsg+0x8f/0xa0\n[31757.659077] ? sockfd_lookup_light+0x12/0x70\n[31757.663416] __sys_sendto+0xfc/0x170\n[31757.667051] ? do_sched_setscheduler+0xdb/0x1b0\n[31757.671658] __x64_sys_sendto+0x20/0x30\n[31757.675557] do_syscall_64+0x38/0x90\n[31757.679197] entry_SYSCALL_64_after_hwframe+0x72/0xdc\n[31757.687969] Code: 8e f6 ff 44 8b 4c 24 2c 4c 8b 44 24 20 41 89 c4 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 3a 44 89 e7 48 89 44 24 08 e8 b5 8e f6 ff 48\n[31757.707007] RSP: 002b:00007ffd49c73c70 EFLAGS: 00000293 ORIG_RAX: 000000000000002c\n[31757.714694] RAX: ffffffffffffffda RBX: 000055a996565380 RCX: 00007fb4c5727c16\n[31757.721939] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003\n[31757.729184] RBP: 0000000000000040 R08: 0000000000000000 R09: 0000000000000000\n[31757.736429] R10: 0000000000000040 R11: 0000000000000293 R12: 0000000000000000\n[31757.743673] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n[31757.754940] \u003c/TASK\u003e\n\nTo fix this, let's make xsk_xmit a function that will be responsible for\ngeneric Tx, where RCU is handled accordingly and pull out sanity checks\nand xs-\u003ezc handling. Populate sanity checks to __xsk_sendmsg() and\nxsk_poll().", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53240", "https://git.kernel.org/linus/1596dae2f17ec5c6e8c8f0e3fec78c5ae55c1e0b (6.3-rc1)", "https://git.kernel.org/stable/c/1596dae2f17ec5c6e8c8f0e3fec78c5ae55c1e0b", "https://git.kernel.org/stable/c/cecc68559cd57fffb2be50685f262b9af2318e16", "https://git.kernel.org/stable/c/ffe19750e68d0bb21e8110b398346eef20b156a7", "https://lore.kernel.org/linux-cve-announce/2025091516-CVE-2023-53240-c379@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53240", "https://www.cve.org/CVERecord?id=CVE-2023-53240" ], "PublishedDate": "2025-09-15T15:15:51.12Z", "LastModifiedDate": "2026-01-14T18:16:35.39Z" }, { "VulnerabilityID": "CVE-2023-53247", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53247", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:17d62dc29a14835527a02b24e42102b1a8c8886baaac53eda158985d7da2308b", "Title": "kernel: btrfs: set_page_extent_mapped after read_folio in btrfs_cont_expand", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: set_page_extent_mapped after read_folio in btrfs_cont_expand\n\nWhile trying to get the subpage blocksize tests running, I hit the\nfollowing panic on generic/476\n\n assertion failed: PagePrivate(page) \u0026\u0026 page-\u003eprivate, in fs/btrfs/subpage.c:229\n kernel BUG at fs/btrfs/subpage.c:229!\n Internal error: Oops - BUG: 00000000f2000800 [#1] SMP\n CPU: 1 PID: 1453 Comm: fsstress Not tainted 6.4.0-rc7+ #12\n Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20230301gitf80f052277c8-26.fc38 03/01/2023\n pstate: 61400005 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n pc : btrfs_subpage_assert+0xbc/0xf0\n lr : btrfs_subpage_assert+0xbc/0xf0\n Call trace:\n btrfs_subpage_assert+0xbc/0xf0\n btrfs_subpage_clear_checked+0x38/0xc0\n btrfs_page_clear_checked+0x48/0x98\n btrfs_truncate_block+0x5d0/0x6a8\n btrfs_cont_expand+0x5c/0x528\n btrfs_write_check.isra.0+0xf8/0x150\n btrfs_buffered_write+0xb4/0x760\n btrfs_do_write_iter+0x2f8/0x4b0\n btrfs_file_write_iter+0x1c/0x30\n do_iter_readv_writev+0xc8/0x158\n do_iter_write+0x9c/0x210\n vfs_iter_write+0x24/0x40\n iter_file_splice_write+0x224/0x390\n direct_splice_actor+0x38/0x68\n splice_direct_to_actor+0x12c/0x260\n do_splice_direct+0x90/0xe8\n generic_copy_file_range+0x50/0x90\n vfs_copy_file_range+0x29c/0x470\n __arm64_sys_copy_file_range+0xcc/0x498\n invoke_syscall.constprop.0+0x80/0xd8\n do_el0_svc+0x6c/0x168\n el0_svc+0x50/0x1b0\n el0t_64_sync_handler+0x114/0x120\n el0t_64_sync+0x194/0x198\n\nThis happens because during btrfs_cont_expand we'll get a page, set it\nas mapped, and if it's not Uptodate we'll read it. However between the\nread and re-locking the page we could have called release_folio() on the\npage, but left the page in the file mapping. release_folio() can clear\nthe page private, and thus further down we blow up when we go to modify\nthe subpage bits.\n\nFix this by putting the set_page_extent_mapped() after the read. This\nis safe because read_folio() will call set_page_extent_mapped() before\nit does the read, and then if we clear page private but leave it on the\nmapping we're completely safe re-setting set_page_extent_mapped(). With\nthis patch I can now run generic/476 without panicing.", "Severity": "MEDIUM", "CweIDs": [ "CWE-617" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53247", "https://git.kernel.org/linus/17b17fcd6d446b95904a6929c40012ee7f0afc0c (6.5-rc3)", "https://git.kernel.org/stable/c/0a5e0bc8e8618e32a6ca64450867628eb0a627bf", "https://git.kernel.org/stable/c/17b17fcd6d446b95904a6929c40012ee7f0afc0c", "https://git.kernel.org/stable/c/a5880e69cf7fe4a0bb1eabae02205352d1b59b7b", "https://lore.kernel.org/linux-cve-announce/2025091501-CVE-2023-53247-60a0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53247", "https://www.cve.org/CVERecord?id=CVE-2023-53247" ], "PublishedDate": "2025-09-15T15:15:51.93Z", "LastModifiedDate": "2026-01-14T18:16:36.673Z" }, { "VulnerabilityID": "CVE-2023-53248", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53248", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3c2acecc78ee4de0d16a742572418d290e879448bd234747f448f498bb7e94c1", "Title": "kernel: drm/amdgpu: install stub fence into potential unused fence pointers", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: install stub fence into potential unused fence pointers\n\nWhen using cpu to update page tables, vm update fences are unused.\nInstall stub fence into these fence pointers instead of NULL\nto avoid NULL dereference when calling dma_fence_wait() on them.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H", "V3Score": 6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53248", "https://git.kernel.org/linus/187916e6ed9d0c3b3abc27429f7a5f8c936bd1f0 (6.5-rc1)", "https://git.kernel.org/stable/c/187916e6ed9d0c3b3abc27429f7a5f8c936bd1f0", "https://git.kernel.org/stable/c/78b25110eb8c6990f7f5096bc0136c12a2b4cc99", "https://git.kernel.org/stable/c/aa9e9ba5748c524eb0925a2ef6984b78793646d6", "https://lore.kernel.org/linux-cve-announce/2025091501-CVE-2023-53248-aa39@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53248", "https://www.cve.org/CVERecord?id=CVE-2023-53248" ], "PublishedDate": "2025-09-15T15:15:52.04Z", "LastModifiedDate": "2026-01-14T18:16:36.83Z" }, { "VulnerabilityID": "CVE-2023-53254", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53254", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ddf92b6988f885f93284e7dc4a25679b4c43b8c22c7d286e8a0d795f137d952b", "Title": "kernel: cacheinfo: Fix shared_cpu_map to handle shared caches at different levels", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncacheinfo: Fix shared_cpu_map to handle shared caches at different levels\n\nThe cacheinfo sets up the shared_cpu_map by checking whether the caches\nwith the same index are shared between CPUs. However, this will trigger\nslab-out-of-bounds access if the CPUs do not have the same cache hierarchy.\nAnother problem is the mismatched shared_cpu_map when the shared cache does\nnot have the same index between CPUs.\n\nCPU0\tI\tD\tL3\nindex\t0\t1\t2\tx\n\t^\t^\t^\t^\nindex\t0\t1\t2\t3\nCPU1\tI\tD\tL2\tL3\n\nThis patch checks each cache is shared with all caches on other CPUs.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "amazon": 3, "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53254", "https://git.kernel.org/linus/198102c9103fc78d8478495971947af77edb05c1 (6.3-rc1)", "https://git.kernel.org/stable/c/198102c9103fc78d8478495971947af77edb05c1", "https://git.kernel.org/stable/c/2f588d0345d69a35e451077afed428fd057a5e34", "https://git.kernel.org/stable/c/dea49f2993f57d8a2df2cacb0bf649ef49b28879", "https://lore.kernel.org/linux-cve-announce/2025091503-CVE-2023-53254-0aa0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53254", "https://www.cve.org/CVERecord?id=CVE-2023-53254" ], "PublishedDate": "2025-09-15T15:15:52.727Z", "LastModifiedDate": "2026-01-14T18:16:37.867Z" }, { "VulnerabilityID": "CVE-2023-53258", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53258", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e6bd4f894f09790b478a8f117d8c44fe9a25e13f031aec4a406f8f5485f92871", "Title": "kernel: drm/amd/display: Fix possible underflow for displays with large vblank", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix possible underflow for displays with large vblank\n\n[Why]\nUnderflow observed when using a display with a large vblank region\nand low refresh rate\n\n[How]\nSimplify calculation of vblank_nom\n\nIncrease value for VBlankNomDefaultUS to 800us", "Severity": "MEDIUM", "CweIDs": [ "CWE-191" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53258", "https://git.kernel.org/linus/1a4bcdbea4319efeb26cc4b05be859a7867e02dc (6.5-rc1)", "https://git.kernel.org/stable/c/1a4bcdbea4319efeb26cc4b05be859a7867e02dc", "https://git.kernel.org/stable/c/64bc8e10c87adf60b2d32aacf3afb288e51d5a62", "https://git.kernel.org/stable/c/d5741133e6e2f304b40ca1da0e16f62af06f4d22", "https://lore.kernel.org/linux-cve-announce/2025091503-CVE-2023-53258-35f0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53258", "https://www.cve.org/CVERecord?id=CVE-2023-53258" ], "PublishedDate": "2025-09-15T15:15:53.203Z", "LastModifiedDate": "2026-01-14T18:16:38.503Z" }, { "VulnerabilityID": "CVE-2023-53261", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53261", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:75abc5a16e3d961b2471685c08b40286ce2e692e3f23592d860b17676005756a", "Title": "kernel: coresight: Fix memory leak in acpi_buffer-\u003epointer", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: Fix memory leak in acpi_buffer-\u003epointer\n\nThere are memory leaks reported by kmemleak:\n...\nunreferenced object 0xffff00213c141000 (size 1024):\n comm \"systemd-udevd\", pid 2123, jiffies 4294909467 (age 6062.160s)\n hex dump (first 32 bytes):\n 04 00 00 00 02 00 00 00 18 10 14 3c 21 00 ff ff ...........\u003c!...\n 00 00 00 00 00 00 00 00 03 00 00 00 10 00 00 00 ................\n backtrace:\n [\u003c000000004b7c9001\u003e] __kmem_cache_alloc_node+0x2f8/0x348\n [\u003c00000000b0fc7ceb\u003e] __kmalloc+0x58/0x108\n [\u003c0000000064ff4695\u003e] acpi_os_allocate+0x2c/0x68\n [\u003c000000007d57d116\u003e] acpi_ut_initialize_buffer+0x54/0xe0\n [\u003c0000000024583908\u003e] acpi_evaluate_object+0x388/0x438\n [\u003c0000000017b2e72b\u003e] acpi_evaluate_object_typed+0xe8/0x240\n [\u003c000000005df0eac2\u003e] coresight_get_platform_data+0x1b4/0x988 [coresight]\n...\n\nThe ACPI buffer memory (buf.pointer) should be freed. But the buffer\nis also used after returning from acpi_get_dsd_graph().\nMove the temporary variables buf to acpi_coresight_parse_graph(),\nand free it before the function return to prevent memory leak.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53261", "https://git.kernel.org/linus/1a9e02673e2550f5612099e64e8761f0c8fc0f50 (6.6-rc1)", "https://git.kernel.org/stable/c/1a9e02673e2550f5612099e64e8761f0c8fc0f50", "https://git.kernel.org/stable/c/d1b60e7c9fee34eaedf1fc4e0471f75b33f83a4a", "https://lore.kernel.org/linux-cve-announce/2025091504-CVE-2023-53261-6a1a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53261", "https://www.cve.org/CVERecord?id=CVE-2023-53261" ], "PublishedDate": "2025-09-15T15:15:53.54Z", "LastModifiedDate": "2026-01-14T19:16:15.927Z" }, { "VulnerabilityID": "CVE-2023-53292", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53292", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:45f1e4d411d04608bb1427242f26eac3908ccd41a5132cded136ccbdd66f47d2", "Title": "kernel: blk-mq: fix NULL dereference on q-\u003eelevator in blk_mq_elv_switch_none", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-mq: fix NULL dereference on q-\u003eelevator in blk_mq_elv_switch_none\n\nAfter grabbing q-\u003esysfs_lock, q-\u003eelevator may become NULL because of\nelevator switch.\n\nFix the NULL dereference on q-\u003eelevator by checking it with lock.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53292", "https://git.kernel.org/linus/245165658e1c9f95c0fecfe02b9b1ebd30a1198a (6.5-rc1)", "https://git.kernel.org/stable/c/245165658e1c9f95c0fecfe02b9b1ebd30a1198a", "https://git.kernel.org/stable/c/3e977386521b71471e66ec2ba82efdfcc456adf2", "https://lore.kernel.org/linux-cve-announce/2025091626-CVE-2023-53292-24e9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53292", "https://www.cve.org/CVERecord?id=CVE-2023-53292" ], "PublishedDate": "2025-09-16T08:15:38.457Z", "LastModifiedDate": "2026-01-14T19:16:21.32Z" }, { "VulnerabilityID": "CVE-2023-53320", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53320", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9c64493f7d675474eeda57b903ad1c6207e557508455bcc424380ae85a901fa0", "Title": "kernel: scsi: mpi3mr: Fix issues in mpi3mr_get_all_tgt_info()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Fix issues in mpi3mr_get_all_tgt_info()\n\nThe function mpi3mr_get_all_tgt_info() has four issues:\n\n1) It calculates valid entry length in alltgt_info assuming the header part\n of the struct mpi3mr_device_map_info would equal to sizeof(u32). The\n correct size is sizeof(u64).\n\n2) When it calculates the valid entry length kern_entrylen, it excludes one\n entry by subtracting 1 from num_devices.\n\n3) It copies num_device by calling memcpy(). Substitution is enough.\n\n4) It does not specify the calculated length to sg_copy_from_buffer().\n Instead, it specifies the payload length which is larger than the\n alltgt_info size. It causes \"BUG: KASAN: slab-out-of-bounds\".\n\nFix the issues by using the correct header size, removing the subtraction\nfrom num_devices, replacing the memcpy() with substitution and specifying\nthe correct length to sg_copy_from_buffer().", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "V3Score": 6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53320", "https://git.kernel.org/linus/fb428a2005fc1260d18b989cc5199f281617f44d (6.3-rc1)", "https://git.kernel.org/stable/c/2f3d3fa5b8ed7d3b147478f42b00b468eeb1ecd2", "https://git.kernel.org/stable/c/8ba997b22f2cd5d29aad8c39f6201f7608ed0c04", "https://git.kernel.org/stable/c/fb428a2005fc1260d18b989cc5199f281617f44d", "https://lore.kernel.org/linux-cve-announce/2025091644-CVE-2023-53320-d419@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53320", "https://www.cve.org/CVERecord?id=CVE-2023-53320" ], "PublishedDate": "2025-09-16T17:15:38.05Z", "LastModifiedDate": "2026-01-14T19:16:25.747Z" }, { "VulnerabilityID": "CVE-2023-53323", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53323", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9454bedc99d7cc28a1981fc4dd4c788012f296cb251b8308f6b0d0c570c10bb8", "Title": "kernel: ext2/dax: Fix ext2_setsize when len is page aligned", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\next2/dax: Fix ext2_setsize when len is page aligned\n\nPAGE_ALIGN(x) macro gives the next highest value which is multiple of\npagesize. But if x is already page aligned then it simply returns x.\nSo, if x passed is 0 in dax_zero_range() function, that means the\nlength gets passed as 0 to -\u003eiomap_begin().\n\nIn ext2 it then calls ext2_get_blocks -\u003e max_blocks as 0 and hits bug_on\nhere in ext2_get_blocks().\n\tBUG_ON(maxblocks == 0);\n\nInstead we should be calling dax_truncate_page() here which takes\ncare of it. i.e. it only calls dax_zero_range if the offset is not\npage/block aligned.\n\nThis can be easily triggered with following on fsdax mounted pmem\ndevice.\n\ndd if=/dev/zero of=file count=1 bs=512\ntruncate -s 0 file\n\n[79.525838] EXT2-fs (pmem0): DAX enabled. Warning: EXPERIMENTAL, use at your own risk\n[79.529376] ext2 filesystem being mounted at /mnt1/test supports timestamps until 2038 (0x7fffffff)\n[93.793207] ------------[ cut here ]------------\n[93.795102] kernel BUG at fs/ext2/inode.c:637!\n[93.796904] invalid opcode: 0000 [#1] PREEMPT SMP PTI\n[93.798659] CPU: 0 PID: 1192 Comm: truncate Not tainted 6.3.0-rc2-xfstests-00056-g131086faa369 #139\n[93.806459] RIP: 0010:ext2_get_blocks.constprop.0+0x524/0x610\n\u003c...\u003e\n[93.835298] Call Trace:\n[93.836253] \u003cTASK\u003e\n[93.837103] ? lock_acquire+0xf8/0x110\n[93.838479] ? d_lookup+0x69/0xd0\n[93.839779] ext2_iomap_begin+0xa7/0x1c0\n[93.841154] iomap_iter+0xc7/0x150\n[93.842425] dax_zero_range+0x6e/0xa0\n[93.843813] ext2_setsize+0x176/0x1b0\n[93.845164] ext2_setattr+0x151/0x200\n[93.846467] notify_change+0x341/0x4e0\n[93.847805] ? lock_acquire+0xf8/0x110\n[93.849143] ? do_truncate+0x74/0xe0\n[93.850452] ? do_truncate+0x84/0xe0\n[93.851739] do_truncate+0x84/0xe0\n[93.852974] do_sys_ftruncate+0x2b4/0x2f0\n[93.854404] do_syscall_64+0x3f/0x90\n[93.855789] entry_SYSCALL_64_after_hwframe+0x72/0xdc", "Severity": "MEDIUM", "CweIDs": [ "CWE-617" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53323", "https://git.kernel.org/linus/fcced95b6ba2a507a83b8b3e0358a8ac16b13e35 (6.5-rc1)", "https://git.kernel.org/stable/c/5cee8bfb8cbd99c97aff85d2bf066b6a496e13ab", "https://git.kernel.org/stable/c/9e54fd14bd143c261e52fde74355e85e9526c58c", "https://git.kernel.org/stable/c/fcced95b6ba2a507a83b8b3e0358a8ac16b13e35", "https://lore.kernel.org/linux-cve-announce/2025091644-CVE-2023-53323-6a1b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53323", "https://www.cve.org/CVERecord?id=CVE-2023-53323" ], "PublishedDate": "2025-09-16T17:15:38.41Z", "LastModifiedDate": "2026-01-14T19:16:26.46Z" }, { "VulnerabilityID": "CVE-2023-53325", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53325", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:899711cd3b8ad513ffb1adbc2894452b12a3090c4a2fa918058bee2143c33d1a", "Title": "kernel: drm/mediatek: dp: Change logging to dev for mtk_dp_aux_transfer()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: dp: Change logging to dev for mtk_dp_aux_transfer()\n\nChange logging from drm_{err,info}() to dev_{err,info}() in functions\nmtk_dp_aux_transfer() and mtk_dp_aux_do_transfer(): this will be\nessential to avoid getting NULL pointer kernel panics if any kind\nof error happens during AUX transfers happening before the bridge\nis attached.\n\nThis may potentially start happening in a later commit implementing\naux-bus support, as AUX transfers will be triggered from the panel\ndriver (for EDID) before the mtk-dp bridge gets attached, and it's\ndone in preparation for the same.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53325", "https://git.kernel.org/linus/fd70e2019bfbcb0ed90c5e23839bf510ce6acf8f (6.6-rc1)", "https://git.kernel.org/stable/c/4c743c1dd2ee2a72951660b6798d4d7f7674f87b", "https://git.kernel.org/stable/c/7839f62294039959076dd06232e07aec7f7d5b2b", "https://git.kernel.org/stable/c/fd70e2019bfbcb0ed90c5e23839bf510ce6acf8f", "https://lore.kernel.org/linux-cve-announce/2025091644-CVE-2023-53325-a6b9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53325", "https://www.cve.org/CVERecord?id=CVE-2023-53325" ], "PublishedDate": "2025-09-16T17:15:38.657Z", "LastModifiedDate": "2026-01-14T19:16:26.843Z" }, { "VulnerabilityID": "CVE-2023-53332", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53332", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e3dea5b4fa896007d91f6e6f9479fdb4d9741f3929ca6d5c3096c1696639e73a", "Title": "kernel: genirq/ipi: Fix NULL pointer deref in irq_data_get_affinity_mask()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ngenirq/ipi: Fix NULL pointer deref in irq_data_get_affinity_mask()\n\nIf ipi_send_{mask|single}() is called with an invalid interrupt number, all\nthe local variables there will be NULL. ipi_send_verify() which is invoked\nfrom these functions does verify its 'data' parameter, resulting in a\nkernel oops in irq_data_get_affinity_mask() as the passed NULL pointer gets\ndereferenced.\n\nAdd a missing NULL pointer check in ipi_send_verify()...\n\nFound by Linux Verification Center (linuxtesting.org) with the SVACE static\nanalysis tool.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53332", "https://git.kernel.org/linus/feabecaff5902f896531dde90646ca5dfa9d4f7d (6.3-rc1)", "https://git.kernel.org/stable/c/7448c73d64075051f50caed2c62f46553b69ab8a", "https://git.kernel.org/stable/c/926aef60ea64cd9becf2829f7388f48dbe8bcb11", "https://git.kernel.org/stable/c/feabecaff5902f896531dde90646ca5dfa9d4f7d", "https://lore.kernel.org/linux-cve-announce/2025091646-CVE-2023-53332-9a4d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53332", "https://www.cve.org/CVERecord?id=CVE-2023-53332" ], "PublishedDate": "2025-09-16T17:15:39.73Z", "LastModifiedDate": "2026-01-14T19:16:28.07Z" }, { "VulnerabilityID": "CVE-2023-53347", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53347", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9aec8e1566ad2c406f5650810c3d65b91e332f1c171113d43df1ace0d70d9435", "Title": "kernel: net/mlx5: Handle pairing of E-switch via uplink un/load APIs", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Handle pairing of E-switch via uplink un/load APIs\n\nIn case user switch a device from switchdev mode to legacy mode, mlx5\nfirst unpair the E-switch and afterwards unload the uplink vport.\nFrom the other hand, in case user remove or reload a device, mlx5\nfirst unload the uplink vport and afterwards unpair the E-switch.\n\nThe latter is causing a bug[1], hence, handle pairing of E-switch as\npart of uplink un/load APIs.\n\n[1]\nIn case VF_LAG is used, every tc fdb flow is duplicated to the peer\nesw. However, the original esw keeps a pointer to this duplicated\nflow, not the peer esw.\ne.g.: if user create tc fdb flow over esw0, the flow is duplicated\nover esw1, in FW/HW, but in SW, esw0 keeps a pointer to the duplicated\nflow.\nDuring module unload while a peer tc fdb flow is still offloaded, in\ncase the first device to be removed is the peer device (esw1 in the\nexample above), the peer net-dev is destroyed, and so the mlx5e_priv\nis memset to 0.\nAfterwards, the peer device is trying to unpair himself from the\noriginal device (esw0 in the example above). Unpair API invoke the\noriginal device to clear peer flow from its eswitch (esw0), but the\npeer flow, which is stored over the original eswitch (esw0), is\ntrying to use the peer mlx5e_priv, which is memset to 0 and result in\nbellow kernel-oops.\n\n[ 157.964081 ] BUG: unable to handle page fault for address: 000000000002ce60\n[ 157.964662 ] #PF: supervisor read access in kernel mode\n[ 157.965123 ] #PF: error_code(0x0000) - not-present page\n[ 157.965582 ] PGD 0 P4D 0\n[ 157.965866 ] Oops: 0000 [#1] SMP\n[ 157.967670 ] RIP: 0010:mlx5e_tc_del_fdb_flow+0x48/0x460 [mlx5_core]\n[ 157.976164 ] Call Trace:\n[ 157.976437 ] \u003cTASK\u003e\n[ 157.976690 ] __mlx5e_tc_del_fdb_peer_flow+0xe6/0x100 [mlx5_core]\n[ 157.977230 ] mlx5e_tc_clean_fdb_peer_flows+0x67/0x90 [mlx5_core]\n[ 157.977767 ] mlx5_esw_offloads_unpair+0x2d/0x1e0 [mlx5_core]\n[ 157.984653 ] mlx5_esw_offloads_devcom_event+0xbf/0x130 [mlx5_core]\n[ 157.985212 ] mlx5_devcom_send_event+0xa3/0xb0 [mlx5_core]\n[ 157.985714 ] esw_offloads_disable+0x5a/0x110 [mlx5_core]\n[ 157.986209 ] mlx5_eswitch_disable_locked+0x152/0x170 [mlx5_core]\n[ 157.986757 ] mlx5_eswitch_disable+0x51/0x80 [mlx5_core]\n[ 157.987248 ] mlx5_unload+0x2a/0xb0 [mlx5_core]\n[ 157.987678 ] mlx5_uninit_one+0x5f/0xd0 [mlx5_core]\n[ 157.988127 ] remove_one+0x64/0xe0 [mlx5_core]\n[ 157.988549 ] pci_device_remove+0x31/0xa0\n[ 157.988933 ] device_release_driver_internal+0x18f/0x1f0\n[ 157.989402 ] driver_detach+0x3f/0x80\n[ 157.989754 ] bus_remove_driver+0x70/0xf0\n[ 157.990129 ] pci_unregister_driver+0x34/0x90\n[ 157.990537 ] mlx5_cleanup+0xc/0x1c [mlx5_core]\n[ 157.990972 ] __x64_sys_delete_module+0x15a/0x250\n[ 157.991398 ] ? exit_to_user_mode_prepare+0xea/0x110\n[ 157.991840 ] do_syscall_64+0x3d/0x90\n[ 157.992198 ] entry_SYSCALL_64_after_hwframe+0x46/0xb0", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53347", "https://git.kernel.org/linus/2be5bd42a5bba1a05daedc86cf0e248210009669 (6.4-rc4)", "https://git.kernel.org/stable/c/10cbfecc0f99f579fb170feee866c9efaab7ee47", "https://git.kernel.org/stable/c/2be5bd42a5bba1a05daedc86cf0e248210009669", "https://git.kernel.org/stable/c/b17294e7aa8c39dbb9c3e28e2d1983c88b94b387", "https://lore.kernel.org/linux-cve-announce/2025091719-CVE-2023-53347-ed20@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53347", "https://www.cve.org/CVERecord?id=CVE-2023-53347" ], "PublishedDate": "2025-09-17T15:15:38.603Z", "LastModifiedDate": "2026-01-14T19:16:30.497Z" }, { "VulnerabilityID": "CVE-2023-53348", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53348", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a1f9ab2f7b263810952fed001a846021105262c90f47528876791b0318503747", "Title": "kernel: Kernel: Denial of Service due to deadlock in btrfs during block group relocation with scrub", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix deadlock when aborting transaction during relocation with scrub\n\nBefore relocating a block group we pause scrub, then do the relocation and\nthen unpause scrub. The relocation process requires starting and committing\na transaction, and if we have a failure in the critical section of the\ntransaction commit path (transaction state \u003e= TRANS_STATE_COMMIT_START),\nwe will deadlock if there is a paused scrub.\n\nThat results in stack traces like the following:\n\n [42.479] BTRFS info (device sdc): relocating block group 53876686848 flags metadata|raid6\n [42.936] BTRFS warning (device sdc): Skipping commit of aborted transaction.\n [42.936] ------------[ cut here ]------------\n [42.936] BTRFS: Transaction aborted (error -28)\n [42.936] WARNING: CPU: 11 PID: 346822 at fs/btrfs/transaction.c:1977 btrfs_commit_transaction+0xcc8/0xeb0 [btrfs]\n [42.936] Modules linked in: dm_flakey dm_mod loop btrfs (...)\n [42.936] CPU: 11 PID: 346822 Comm: btrfs Tainted: G W 6.3.0-rc2-btrfs-next-127+ #1\n [42.936] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n [42.936] RIP: 0010:btrfs_commit_transaction+0xcc8/0xeb0 [btrfs]\n [42.936] Code: ff ff 45 8b (...)\n [42.936] RSP: 0018:ffffb58649633b48 EFLAGS: 00010282\n [42.936] RAX: 0000000000000000 RBX: ffff8be6ef4d5bd8 RCX: 0000000000000000\n [42.936] RDX: 0000000000000002 RSI: ffffffffb35e7782 RDI: 00000000ffffffff\n [42.936] RBP: ffff8be6ef4d5c98 R08: 0000000000000000 R09: ffffb586496339e8\n [42.936] R10: 0000000000000001 R11: 0000000000000001 R12: ffff8be6d38c7c00\n [42.936] R13: 00000000ffffffe4 R14: ffff8be6c268c000 R15: ffff8be6ef4d5cf0\n [42.936] FS: 00007f381a82b340(0000) GS:ffff8beddfcc0000(0000) knlGS:0000000000000000\n [42.936] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [42.936] CR2: 00007f1e35fb7638 CR3: 0000000117680006 CR4: 0000000000370ee0\n [42.936] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n [42.936] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n [42.936] Call Trace:\n [42.936] \u003cTASK\u003e\n [42.936] ? start_transaction+0xcb/0x610 [btrfs]\n [42.936] prepare_to_relocate+0x111/0x1a0 [btrfs]\n [42.936] relocate_block_group+0x57/0x5d0 [btrfs]\n [42.936] ? btrfs_wait_nocow_writers+0x25/0xb0 [btrfs]\n [42.936] btrfs_relocate_block_group+0x248/0x3c0 [btrfs]\n [42.936] ? __pfx_autoremove_wake_function+0x10/0x10\n [42.936] btrfs_relocate_chunk+0x3b/0x150 [btrfs]\n [42.936] btrfs_balance+0x8ff/0x11d0 [btrfs]\n [42.936] ? __kmem_cache_alloc_node+0x14a/0x410\n [42.936] btrfs_ioctl+0x2334/0x32c0 [btrfs]\n [42.937] ? mod_objcg_state+0xd2/0x360\n [42.937] ? refill_obj_stock+0xb0/0x160\n [42.937] ? seq_release+0x25/0x30\n [42.937] ? __rseq_handle_notify_resume+0x3b5/0x4b0\n [42.937] ? percpu_counter_add_batch+0x2e/0xa0\n [42.937] ? __x64_sys_ioctl+0x88/0xc0\n [42.937] __x64_sys_ioctl+0x88/0xc0\n [42.937] do_syscall_64+0x38/0x90\n [42.937] entry_SYSCALL_64_after_hwframe+0x72/0xdc\n [42.937] RIP: 0033:0x7f381a6ffe9b\n [42.937] Code: 00 48 89 44 24 (...)\n [42.937] RSP: 002b:00007ffd45ecf060 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\n [42.937] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f381a6ffe9b\n [42.937] RDX: 00007ffd45ecf150 RSI: 00000000c4009420 RDI: 0000000000000003\n [42.937] RBP: 0000000000000003 R08: 0000000000000013 R09: 0000000000000000\n [42.937] R10: 00007f381a60c878 R11: 0000000000000246 R12: 00007ffd45ed0423\n [42.937] R13: 00007ffd45ecf150 R14: 0000000000000000 R15: 00007ffd45ecf148\n [42.937] \u003c/TASK\u003e\n [42.937] ---[ end trace 0000000000000000 ]---\n [42.937] BTRFS: error (device sdc: state A) in cleanup_transaction:1977: errno=-28 No space left\n [59.196] INFO: task btrfs:346772 blocked for more than 120 seconds.\n [59.196] Tainted: G W 6.3.0-rc2-btrfs-next-127+ #1\n [59.196] \"echo 0 \u003e /proc/sys/kernel/hung_\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53348", "https://git.kernel.org/linus/2d82a40aa7d6fcae0250ec68b8566cdee7bfd44c (6.3-rc5)", "https://git.kernel.org/stable/c/10a5831b193390b77705fc174a309476c23ba64a", "https://git.kernel.org/stable/c/2d82a40aa7d6fcae0250ec68b8566cdee7bfd44c", "https://git.kernel.org/stable/c/6134a4bb6b1c411a244edee041ac89266c78d45c", "https://lore.kernel.org/linux-cve-announce/2025091720-CVE-2023-53348-513e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53348", "https://www.cve.org/CVERecord?id=CVE-2023-53348" ], "PublishedDate": "2025-09-17T15:15:38.727Z", "LastModifiedDate": "2026-01-14T19:16:30.693Z" }, { "VulnerabilityID": "CVE-2023-53353", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53353", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ed34c255557293f1daccdc7f8f5ff82e312c6bfb1cbd54cbd082fba49c14f0b3", "Title": "kernel: accel/habanalabs: postpone mem_mgr IDR destruction to hpriv_release()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/habanalabs: postpone mem_mgr IDR destruction to hpriv_release()\n\nThe memory manager IDR is currently destroyed when user releases the\nfile descriptor.\nHowever, at this point the user context might be still held, and memory\nbuffers might be still in use.\nLater on, calls to release those buffers will fail due to not finding\ntheir handles in the IDR, leading to a memory leak.\nTo avoid this leak, split the IDR destruction from the memory manager\nfini, and postpone it to hpriv_release() when there is no user context\nand no buffers are used.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53353", "https://git.kernel.org/linus/2e8e9a895c4589f124a37fc84d123b5114406e94 (6.4-rc1)", "https://git.kernel.org/stable/c/2e8e9a895c4589f124a37fc84d123b5114406e94", "https://git.kernel.org/stable/c/840de329ca99cafd0cdde9c6ac160b1330942aba", "https://lore.kernel.org/linux-cve-announce/2025091720-CVE-2023-53353-2611@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53353", "https://www.cve.org/CVERecord?id=CVE-2023-53353" ], "PublishedDate": "2025-09-17T15:15:39.293Z", "LastModifiedDate": "2026-01-14T19:16:31.51Z" }, { "VulnerabilityID": "CVE-2023-53355", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53355", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:652a22305d7077a1748dc641cbe4ada7122a65043ddb4beb5fd21a759098c37d", "Title": "kernel: staging: pi433: fix memory leak with using debugfs_lookup()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: pi433: fix memory leak with using debugfs_lookup()\n\nWhen calling debugfs_lookup() the result must have dput() called on it,\notherwise the memory will leak over time. To make things simpler, just\ncall debugfs_lookup_and_remove() instead which handles all of the logic\nat once. This requires saving off the root directory dentry to make\ncreation of individual device subdirectories easier.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53355", "https://git.kernel.org/linus/2f36e789e540df6a9fbf471b3a2ba62a8b361586 (6.3-rc1)", "https://git.kernel.org/stable/c/04f3cda40e9f6653ae15ed3fcf26ef2860f4df66", "https://git.kernel.org/stable/c/2f36e789e540df6a9fbf471b3a2ba62a8b361586", "https://git.kernel.org/stable/c/bb16f3102607b69e1a0233f4b73c6e337f86ef8d", "https://lore.kernel.org/linux-cve-announce/2025091721-CVE-2023-53355-823c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53355", "https://www.cve.org/CVERecord?id=CVE-2023-53355" ], "PublishedDate": "2025-09-17T15:15:39.523Z", "LastModifiedDate": "2026-01-14T19:16:31.88Z" }, { "VulnerabilityID": "CVE-2023-53362", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53362", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d38afdc7db8ab4b4ef729f466855933997f9a3a1b37dd43619129442365984d1", "Title": "kernel: bus: fsl-mc: don't assume child devices are all fsl-mc devices", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: fsl-mc: don't assume child devices are all fsl-mc devices\n\nChanges in VFIO caused a pseudo-device to be created as child of\nfsl-mc devices causing a crash [1] when trying to bind a fsl-mc\ndevice to VFIO. Fix this by checking the device type when enumerating\nfsl-mc child devices.\n\n[1]\nModules linked in:\nInternal error: Oops: 0000000096000004 [#1] PREEMPT SMP\nCPU: 6 PID: 1289 Comm: sh Not tainted 6.2.0-rc5-00047-g7c46948a6e9c #2\nHardware name: NXP Layerscape LX2160ARDB (DT)\npstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : mc_send_command+0x24/0x1f0\nlr : dprc_get_obj_region+0xfc/0x1c0\nsp : ffff80000a88b900\nx29: ffff80000a88b900 x28: ffff48a9429e1400 x27: 00000000000002b2\nx26: ffff48a9429e1718 x25: 0000000000000000 x24: 0000000000000000\nx23: ffffd59331ba3918 x22: ffffd59331ba3000 x21: 0000000000000000\nx20: ffff80000a88b9b8 x19: 0000000000000000 x18: 0000000000000001\nx17: 7270642f636d2d6c x16: 73662e3030303030 x15: ffffffffffffffff\nx14: ffffd59330f1d668 x13: ffff48a8727dc389 x12: ffff48a8727dc386\nx11: 0000000000000002 x10: 00008ceaf02f35d4 x9 : 0000000000000012\nx8 : 0000000000000000 x7 : 0000000000000006 x6 : ffff80000a88bab0\nx5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff80000a88b9e8\nx2 : ffff80000a88b9e8 x1 : 0000000000000000 x0 : ffff48a945142b80\nCall trace:\n mc_send_command+0x24/0x1f0\n dprc_get_obj_region+0xfc/0x1c0\n fsl_mc_device_add+0x340/0x590\n fsl_mc_obj_device_add+0xd0/0xf8\n dprc_scan_objects+0x1c4/0x340\n dprc_scan_container+0x38/0x60\n vfio_fsl_mc_probe+0x9c/0xf8\n fsl_mc_driver_probe+0x24/0x70\n really_probe+0xbc/0x2a8\n __driver_probe_device+0x78/0xe0\n device_driver_attach+0x30/0x68\n bind_store+0xa8/0x130\n drv_attr_store+0x24/0x38\n sysfs_kf_write+0x44/0x60\n kernfs_fop_write_iter+0x128/0x1b8\n vfs_write+0x334/0x448\n ksys_write+0x68/0xf0\n __arm64_sys_write+0x1c/0x28\n invoke_syscall+0x44/0x108\n el0_svc_common.constprop.1+0x94/0xf8\n do_el0_svc+0x38/0xb0\n el0_svc+0x20/0x50\n el0t_64_sync_handler+0x98/0xc0\n el0t_64_sync+0x174/0x178\nCode: aa0103f4 a9025bf5 d5384100 b9400801 (79401260)\n---[ end trace 0000000000000000 ]---", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53362", "https://git.kernel.org/linus/303c9c63abb9390e906052863f82bb4e9824e5c0 (6.5-rc1)", "https://git.kernel.org/stable/c/303c9c63abb9390e906052863f82bb4e9824e5c0", "https://git.kernel.org/stable/c/5bd9dc3e767edf582be483be8d6bbc7433bd4cf8", "https://git.kernel.org/stable/c/8bdd5c21ec02835bd445d022f4c23195aff407d2", "https://lore.kernel.org/linux-cve-announce/2025091722-CVE-2023-53362-740e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53362", "https://www.cve.org/CVERecord?id=CVE-2023-53362" ], "PublishedDate": "2025-09-17T15:15:40.37Z", "LastModifiedDate": "2026-01-14T19:16:33.013Z" }, { "VulnerabilityID": "CVE-2023-53366", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53366", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8a77adc3652371c19229497096c729e2e1d9b74834e5e69c4aa9a2dfc5753803", "Title": "kernel: block: be a bit more careful in checking for NULL bdev while polling", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: be a bit more careful in checking for NULL bdev while polling\n\nWei reports a crash with an application using polled IO:\n\nPGD 14265e067 P4D 14265e067 PUD 47ec50067 PMD 0\nOops: 0000 [#1] SMP\nCPU: 0 PID: 21915 Comm: iocore_0 Kdump: loaded Tainted: G S 5.12.0-0_fbk12_clang_7346_g1bb6f2e7058f #1\nHardware name: Wiwynn Delta Lake MP T8/Delta Lake-Class2, BIOS Y3DLM08 04/10/2022\nRIP: 0010:bio_poll+0x25/0x200\nCode: 0f 1f 44 00 00 0f 1f 44 00 00 55 41 57 41 56 41 55 41 54 53 48 83 ec 28 65 48 8b 04 25 28 00 00 00 48 89 44 24 20 48 8b 47 08 \u003c48\u003e 8b 80 70 02 00 00 4c 8b 70 50 8b 6f 34 31 db 83 fd ff 75 25 65\nRSP: 0018:ffffc90005fafdf8 EFLAGS: 00010292\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: 74b43cd65dd66600\nRDX: 0000000000000003 RSI: ffffc90005fafe78 RDI: ffff8884b614e140\nRBP: ffff88849964df78 R08: 0000000000000000 R09: 0000000000000008\nR10: 0000000000000000 R11: 0000000000000000 R12: ffff88849964df00\nR13: ffffc90005fafe78 R14: ffff888137d3c378 R15: 0000000000000001\nFS: 00007fd195000640(0000) GS:ffff88903f400000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000270 CR3: 0000000466121001 CR4: 00000000007706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n iocb_bio_iopoll+0x1d/0x30\n io_do_iopoll+0xac/0x250\n __se_sys_io_uring_enter+0x3c5/0x5a0\n ? __x64_sys_write+0x89/0xd0\n do_syscall_64+0x2d/0x40\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x94f225d\nCode: 24 cc 00 00 00 41 8b 84 24 d0 00 00 00 c1 e0 04 83 e0 10 41 09 c2 8b 33 8b 53 04 4c 8b 43 18 4c 63 4b 0c b8 aa 01 00 00 0f 05 \u003c85\u003e c0 0f 88 85 00 00 00 29 03 45 84 f6 0f 84 88 00 00 00 41 f6 c7\nRSP: 002b:00007fd194ffcd88 EFLAGS: 00000202 ORIG_RAX: 00000000000001aa\nRAX: ffffffffffffffda RBX: 00007fd194ffcdc0 RCX: 00000000094f225d\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007\nRBP: 00007fd194ffcdb0 R08: 0000000000000000 R09: 0000000000000008\nR10: 0000000000000001 R11: 0000000000000202 R12: 00007fd269d68030\nR13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000\n\nwhich is due to bio-\u003ebi_bdev being NULL. This can happen if we have two\ntasks doing polled IO, and task B ends up completing IO from task A if\nthey are sharing a poll queue. If task B completes the IO and puts the\nbio into our cache, then it can allocate that bio again before task A\nis done polling for it. As that would necessitate a preempt between the\ntwo tasks, it's enough to just be a bit more careful in checking for\nwhether or not bio-\u003ebi_bdev is NULL.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53366", "https://git.kernel.org/linus/310726c33ad76cebdee312dbfafc12c1b44bf977 (6.3-rc1)", "https://git.kernel.org/stable/c/0510d5e654d05053ed0e6309a9b42043ac9903ab", "https://git.kernel.org/stable/c/1af0bdca03f367874da45d6cbe05fa05b90b1439", "https://git.kernel.org/stable/c/310726c33ad76cebdee312dbfafc12c1b44bf977", "https://lore.kernel.org/linux-cve-announce/2025091723-CVE-2023-53366-c8e7@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53366", "https://www.cve.org/CVERecord?id=CVE-2023-53366" ], "PublishedDate": "2025-09-17T15:15:40.957Z", "LastModifiedDate": "2026-01-14T19:16:33.707Z" }, { "VulnerabilityID": "CVE-2023-53367", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53367", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d4121459d1796ecc7f33a05e8f397e79177172560661fa4375461b4a4a1619cd", "Title": "kernel: accel/habanalabs: fix mem leak in capture user mappings", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/habanalabs: fix mem leak in capture user mappings\n\nThis commit fixes a memory leak caused when clearing the user_mappings\ninfo when a new context is opened immediately after user_mapping is\ncaptured and a hard reset is performed.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53367", "https://git.kernel.org/linus/314a7ffd7c196b27eedd50cb7553029e17789b55 (6.5-rc1)", "https://git.kernel.org/stable/c/314a7ffd7c196b27eedd50cb7553029e17789b55", "https://git.kernel.org/stable/c/973e0890e5264cb075ef668661cad06b67777121", "https://lore.kernel.org/linux-cve-announce/2025091723-CVE-2023-53367-ccb9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53367", "https://www.cve.org/CVERecord?id=CVE-2023-53367" ], "PublishedDate": "2025-09-17T15:15:41.1Z", "LastModifiedDate": "2026-01-14T19:16:33.863Z" }, { "VulnerabilityID": "CVE-2023-53370", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53370", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5fff45a54fed6b86b83442e5cf41d93cc566c6fcae4bbee2d452b033105c631a", "Title": "kernel: drm/amdgpu: fix memory leak in mes self test", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix memory leak in mes self test\n\nThe fences associated with mes queue have to be freed\nup during amdgpu_ring_fini.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53370", "https://git.kernel.org/linus/31d7c3a4fc3d312a0646990767647925d5bde540 (6.5-rc1)", "https://git.kernel.org/stable/c/31d7c3a4fc3d312a0646990767647925d5bde540", "https://git.kernel.org/stable/c/8d8c96efcec95736622381b2afc0fe9e317f88aa", "https://git.kernel.org/stable/c/ce3288d8d654b252ba832626e7de481c195ef20a", "https://lore.kernel.org/linux-cve-announce/2025091855-CVE-2023-53370-1085@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53370", "https://www.cve.org/CVERecord?id=CVE-2023-53370" ], "PublishedDate": "2025-09-18T14:15:39.51Z", "LastModifiedDate": "2026-01-14T19:16:34.35Z" }, { "VulnerabilityID": "CVE-2023-53371", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53371", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a3d428748cec8d5119591d9012880fc07d4815294e44fdad3999cf680677b4ec", "Title": "kernel: net/mlx5e: fix memory leak in mlx5e_fs_tt_redirect_any_create", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: fix memory leak in mlx5e_fs_tt_redirect_any_create\n\nThe memory pointed to by the fs-\u003eany pointer is not freed in the error\npath of mlx5e_fs_tt_redirect_any_create, which can lead to a memory leak.\nFix by freeing the memory in the error path, thereby making the error path\nidentical to mlx5e_fs_tt_redirect_any_destroy().", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53371", "https://git.kernel.org/linus/3250affdc658557a41df9c5fb567723e421f8bf2 (6.5-rc2)", "https://git.kernel.org/stable/c/3250affdc658557a41df9c5fb567723e421f8bf2", "https://git.kernel.org/stable/c/75df2fe6d160e16be880aacacd521b135d7177c9", "https://git.kernel.org/stable/c/8a75a6f169c3df3a94802314aa61282772ac75b8", "https://lore.kernel.org/linux-cve-announce/2025091855-CVE-2023-53371-e5f9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53371", "https://www.cve.org/CVERecord?id=CVE-2023-53371" ], "PublishedDate": "2025-09-18T14:15:39.637Z", "LastModifiedDate": "2026-01-14T19:16:34.517Z" }, { "VulnerabilityID": "CVE-2023-53376", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53376", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c93a7960063ef7f6023532561f70d7121b67596e0375c69151c8067183124c6e", "Title": "kernel: scsi: mpi3mr: Use number of bits to manage bitmap sizes", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Use number of bits to manage bitmap sizes\n\nTo allocate bitmaps, the mpi3mr driver calculates sizes of bitmaps using\nbyte as unit. However, bitmap helper functions assume that bitmaps are\nallocated using unsigned long as unit. This gap causes memory access beyond\nthe bitmap sizes and results in \"BUG: KASAN: slab-out-of-bounds\". The BUG\nwas observed at firmware download to eHBA-9600. Call trace indicated that\nthe out-of-bounds access happened in find_first_zero_bit() called from\nmpi3mr_send_event_ack() for miroc-\u003eevtack_cmds_bitmap.\n\nTo fix the BUG, do not use bytes to manage bitmap sizes. Instead, use\nnumber of bits, and call bitmap helper functions which take number of bits\nas arguments. For memory allocation, call bitmap_zalloc() instead of\nkzalloc() and krealloc(). For memory free, call bitmap_free() instead of\nkfree(). For zero clear, call bitmap_clear() instead of memset().\n\nRemove three fields for bitmap byte sizes in struct scmd_priv which are no\nlonger required. Replace the field dev_handle_bitmap_sz with\ndev_handle_bitmap_bits to keep number of bits of removepend_bitmap across\nresize.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H", "V3Score": 6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53376", "https://git.kernel.org/linus/339e61565f81a6534afdc18fd854b2e2628bf5db (6.3-rc1)", "https://git.kernel.org/stable/c/339e61565f81a6534afdc18fd854b2e2628bf5db", "https://git.kernel.org/stable/c/6a675a6d57d31da43d8da576465c1cd5d5b0bd3d", "https://git.kernel.org/stable/c/8ac713d2e9845e9234bb12ae5903040685d5aff9", "https://lore.kernel.org/linux-cve-announce/2025091856-CVE-2023-53376-d18b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53376", "https://www.cve.org/CVERecord?id=CVE-2023-53376" ], "PublishedDate": "2025-09-18T14:15:40.473Z", "LastModifiedDate": "2026-01-14T19:16:35.33Z" }, { "VulnerabilityID": "CVE-2023-53382", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53382", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9f3114d137389889413781e584557682ae733903cd418401500c62daf6b42bfc", "Title": "kernel: net/smc: Reset connection when trying to use SMCRv2 fails", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: Reset connection when trying to use SMCRv2 fails.\n\nWe found a crash when using SMCRv2 with 2 Mellanox ConnectX-4. It\ncan be reproduced by:\n\n- smc_run nginx\n- smc_run wrk -t 32 -c 500 -d 30 http://\u003cip\u003e:\u003cport\u003e\n\n BUG: kernel NULL pointer dereference, address: 0000000000000014\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 8000000108713067 P4D 8000000108713067 PUD 151127067 PMD 0\n Oops: 0000 [#1] PREEMPT SMP PTI\n CPU: 4 PID: 2441 Comm: kworker/4:249 Kdump: loaded Tainted: G W E 6.4.0-rc1+ #42\n Workqueue: smc_hs_wq smc_listen_work [smc]\n RIP: 0010:smc_clc_send_confirm_accept+0x284/0x580 [smc]\n RSP: 0018:ffffb8294b2d7c78 EFLAGS: 00010a06\n RAX: ffff8f1873238880 RBX: ffffb8294b2d7dc8 RCX: 0000000000000000\n RDX: 00000000000000b4 RSI: 0000000000000001 RDI: 0000000000b40c00\n RBP: ffffb8294b2d7db8 R08: ffff8f1815c5860c R09: 0000000000000000\n R10: 0000000000000400 R11: 0000000000000000 R12: ffff8f1846f56180\n R13: ffff8f1815c5860c R14: 0000000000000001 R15: 0000000000000001\n FS: 0000000000000000(0000) GS:ffff8f1aefd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000014 CR3: 00000001027a0001 CR4: 00000000003706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n ? mlx5_ib_map_mr_sg+0xa1/0xd0 [mlx5_ib]\n ? smcr_buf_map_link+0x24b/0x290 [smc]\n ? __smc_buf_create+0x4ee/0x9b0 [smc]\n smc_clc_send_accept+0x4c/0xb0 [smc]\n smc_listen_work+0x346/0x650 [smc]\n ? __schedule+0x279/0x820\n process_one_work+0x1e5/0x3f0\n worker_thread+0x4d/0x2f0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0xe5/0x120\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2c/0x50\n \u003c/TASK\u003e\n\nDuring the CLC handshake, server sequentially tries available SMCRv2\nand SMCRv1 devices in smc_listen_work().\n\nIf an SMCRv2 device is found. SMCv2 based link group and link will be\nassigned to the connection. Then assumed that some buffer assignment\nerrors happen later in the CLC handshake, such as RMB registration\nfailure, server will give up SMCRv2 and try SMCRv1 device instead. But\nthe resources assigned to the connection won't be reset.\n\nWhen server tries SMCRv1 device, the connection creation process will\nbe executed again. Since conn-\u003elnk has been assigned when trying SMCRv2,\nit will not be set to the correct SMCRv1 link in\nsmcr_lgr_conn_assign_link(). So in such situation, conn-\u003elgr points to\ncorrect SMCRv1 link group but conn-\u003elnk points to the SMCRv2 link\nmistakenly.\n\nThen in smc_clc_send_confirm_accept(), conn-\u003ermb_desc-\u003emr[link-\u003elink_idx]\nwill be accessed. Since the link-\u003elink_idx is not correct, the related\nMR may not have been initialized, so crash happens.\n\n | Try SMCRv2 device first\n | |-\u003e conn-\u003elgr:\tassign existed SMCRv2 link group;\n | |-\u003e conn-\u003elink:\tassign existed SMCRv2 link (link_idx may be 1 in SMC_LGR_SYMMETRIC);\n | |-\u003e sndbuf \u0026 RMB creation fails, quit;\n |\n | Try SMCRv1 device then\n | |-\u003e conn-\u003elgr:\tcreate SMCRv1 link group and assign;\n | |-\u003e conn-\u003elink:\tkeep SMCRv2 link mistakenly;\n | |-\u003e sndbuf \u0026 RMB creation succeed, only RMB-\u003emr[link_idx = 0]\n | initialized.\n |\n | Then smc_clc_send_confirm_accept() accesses\n | conn-\u003ermb_desc-\u003emr[conn-\u003elink-\u003elink_idx, which is 1], then crash.\n v\n\nThis patch tries to fix this by cleaning conn-\u003elnk before assigning\nlink. In addition, it is better to reset the connection and clean the\nresources assigned if trying SMCRv2 failed in buffer creation or\nregistration.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53382", "https://git.kernel.org/linus/35112271672ae98f45df7875244a4e33aa215e31 (6.4-rc4)", "https://git.kernel.org/stable/c/35112271672ae98f45df7875244a4e33aa215e31", "https://git.kernel.org/stable/c/9540765d1882d15497d880096de99fafabcfa08c", "https://git.kernel.org/stable/c/d33be18917ffe69865dfed18b0a67b0dee0b47d7", "https://lore.kernel.org/linux-cve-announce/2025091857-CVE-2023-53382-0f75@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53382", "https://www.cve.org/CVERecord?id=CVE-2023-53382" ], "PublishedDate": "2025-09-18T14:15:41.18Z", "LastModifiedDate": "2026-01-14T19:16:36.307Z" }, { "VulnerabilityID": "CVE-2023-53383", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53383", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e2d099e5540f408e3473101e3ed7ff9c9ee3c37f44eec02ac29db6b3f48fd421", "Title": "kernel: irqchip/gicv3: Workaround for NVIDIA erratum T241-FABRIC-4", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/gicv3: Workaround for NVIDIA erratum T241-FABRIC-4\n\nThe T241 platform suffers from the T241-FABRIC-4 erratum which causes\nunexpected behavior in the GIC when multiple transactions are received\nsimultaneously from different sources. This hardware issue impacts\nNVIDIA server platforms that use more than two T241 chips\ninterconnected. Each chip has support for 320 {E}SPIs.\n\nThis issue occurs when multiple packets from different GICs are\nincorrectly interleaved at the target chip. The erratum text below\nspecifies exactly what can cause multiple transfer packets susceptible\nto interleaving and GIC state corruption. GIC state corruption can\nlead to a range of problems, including kernel panics, and unexpected\nbehavior.\n\n\u003eFrom the erratum text:\n \"In some cases, inter-socket AXI4 Stream packets with multiple\n transfers, may be interleaved by the fabric when presented to ARM\n Generic Interrupt Controller. GIC expects all transfers of a packet\n to be delivered without any interleaving.\n\n The following GICv3 commands may result in multiple transfer packets\n over inter-socket AXI4 Stream interface:\n - Register reads from GICD_I* and GICD_N*\n - Register writes to 64-bit GICD registers other than GICD_IROUTERn*\n - ITS command MOVALL\n\n Multiple commands in GICv4+ utilize multiple transfer packets,\n including VMOVP, VMOVI, VMAPP, and 64-bit register accesses.\"\n\n This issue impacts system configurations with more than 2 sockets,\n that require multi-transfer packets to be sent over inter-socket\n AXI4 Stream interface between GIC instances on different sockets.\n GICv4 cannot be supported. GICv3 SW model can only be supported\n with the workaround. Single and Dual socket configurations are not\n impacted by this issue and support GICv3 and GICv4.\"\n\n\nWriting to the chip alias region of the GICD_In{E} registers except\nGICD_ICENABLERn has an equivalent effect as writing to the global\ndistributor. The SPI interrupt deactivate path is not impacted by\nthe erratum.\n\nTo fix this problem, implement a workaround that ensures read accesses\nto the GICD_In{E} registers are directed to the chip that owns the\nSPI, and disable GICv4.x features. To simplify code changes, the\ngic_configure_irq() function uses the same alias region for both read\nand write operations to GICD_ICFGR.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53383", "https://git.kernel.org/linus/35727af2b15d98a2dd2811d631d3a3886111312e (6.4-rc1)", "https://git.kernel.org/stable/c/35727af2b15d98a2dd2811d631d3a3886111312e", "https://git.kernel.org/stable/c/867a4f6cf1a8f511c06e131477988b3b3e7a0633", "https://git.kernel.org/stable/c/86ba4f7b9f949e4c4bcb425f2a1ce490fea30df0", "https://lore.kernel.org/linux-cve-announce/2025091857-CVE-2023-53383-fea9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53383", "https://www.cve.org/CVERecord?id=CVE-2023-53383" ], "PublishedDate": "2025-09-18T14:15:41.31Z", "LastModifiedDate": "2026-01-14T19:16:36.47Z" }, { "VulnerabilityID": "CVE-2023-53385", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53385", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0a16ecdaa5642d285d88f1f8d1fee068d7e611ad77c5356053dd4b21e2c4be0b", "Title": "kernel: media: mdp3: Fix resource leaks in of_find_device_by_node", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mdp3: Fix resource leaks in of_find_device_by_node\n\nUse put_device to release the object get through of_find_device_by_node,\navoiding resource leaks.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53385", "https://git.kernel.org/linus/35ca8ce495366909b4c2e701d1356570dd40c4e2 (6.6-rc1)", "https://git.kernel.org/stable/c/35ca8ce495366909b4c2e701d1356570dd40c4e2", "https://git.kernel.org/stable/c/8ba9d91c8f21f070af2049f114c206a8f2d5c71e", "https://git.kernel.org/stable/c/fa481125bc4ca8edc1a4c62fe53486ac9a817593", "https://lore.kernel.org/linux-cve-announce/2025091857-CVE-2023-53385-7f7c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53385", "https://www.cve.org/CVERecord?id=CVE-2023-53385" ], "PublishedDate": "2025-09-18T14:15:41.553Z", "LastModifiedDate": "2026-01-14T19:16:36.79Z" }, { "VulnerabilityID": "CVE-2023-53387", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53387", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:34ce9438c237c6eec967d3c2e1cb614574d97fa95290343c95b5d05f6a7e2dc4", "Title": "kernel: scsi: ufs: core: Fix device management cmd timeout flow", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix device management cmd timeout flow\n\nIn the UFS error handling flow, the host will send a device management cmd\n(NOP OUT) to the device for link recovery. If this cmd times out and\nclearing the doorbell fails, ufshcd_wait_for_dev_cmd() will do nothing and\nreturn. hba-\u003edev_cmd.complete struct is not set to NULL.\n\nWhen this happens, if cmd has been completed by device, then we will call\ncomplete() in __ufshcd_transfer_req_compl(). Because the complete struct is\nallocated on the stack, the following crash will occur:\n\n ipanic_die+0x24/0x38 [mrdump]\n die+0x344/0x748\n arm64_notify_die+0x44/0x104\n do_debug_exception+0x104/0x1e0\n el1_dbg+0x38/0x54\n el1_sync_handler+0x40/0x88\n el1_sync+0x8c/0x140\n queued_spin_lock_slowpath+0x2e4/0x3c0\n __ufshcd_transfer_req_compl+0x3b0/0x1164\n ufshcd_trc_handler+0x15c/0x308\n ufshcd_host_reset_and_restore+0x54/0x260\n ufshcd_reset_and_restore+0x28c/0x57c\n ufshcd_err_handler+0xeb8/0x1b6c\n process_one_work+0x288/0x964\n worker_thread+0x4bc/0xc7c\n kthread+0x15c/0x264\n ret_from_fork+0x10/0x30", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53387", "https://git.kernel.org/linus/36822124f9de200cedc2f42516301b50d386a6cd (6.3-rc1)", "https://git.kernel.org/stable/c/36822124f9de200cedc2f42516301b50d386a6cd", "https://git.kernel.org/stable/c/3ffd2cd644e0f1eea01339831bac4b1054e8817c", "https://git.kernel.org/stable/c/cf45493432704786a0f8294c7723ad4eeb5fff24", "https://lore.kernel.org/linux-cve-announce/2025091857-CVE-2023-53387-1fb7@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53387", "https://www.cve.org/CVERecord?id=CVE-2023-53387" ], "PublishedDate": "2025-09-18T14:15:41.767Z", "LastModifiedDate": "2026-01-14T19:16:37.11Z" }, { "VulnerabilityID": "CVE-2023-53401", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53401", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:195ed61f92d065049c753d21bd03cd9cf4927abd2f4f91ee0a1a877ca889538d", "Title": "kernel: mm: kmem: fix a NULL pointer dereference in obj_stock_flush_required()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: kmem: fix a NULL pointer dereference in obj_stock_flush_required()\n\nKCSAN found an issue in obj_stock_flush_required():\nstock-\u003ecached_objcg can be reset between the check and dereference:\n\n==================================================================\nBUG: KCSAN: data-race in drain_all_stock / drain_obj_stock\n\nwrite to 0xffff888237c2a2f8 of 8 bytes by task 19625 on cpu 0:\n drain_obj_stock+0x408/0x4e0 mm/memcontrol.c:3306\n refill_obj_stock+0x9c/0x1e0 mm/memcontrol.c:3340\n obj_cgroup_uncharge+0xe/0x10 mm/memcontrol.c:3408\n memcg_slab_free_hook mm/slab.h:587 [inline]\n __cache_free mm/slab.c:3373 [inline]\n __do_kmem_cache_free mm/slab.c:3577 [inline]\n kmem_cache_free+0x105/0x280 mm/slab.c:3602\n __d_free fs/dcache.c:298 [inline]\n dentry_free fs/dcache.c:375 [inline]\n __dentry_kill+0x422/0x4a0 fs/dcache.c:621\n dentry_kill+0x8d/0x1e0\n dput+0x118/0x1f0 fs/dcache.c:913\n __fput+0x3bf/0x570 fs/file_table.c:329\n ____fput+0x15/0x20 fs/file_table.c:349\n task_work_run+0x123/0x160 kernel/task_work.c:179\n resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]\n exit_to_user_mode_loop+0xcf/0xe0 kernel/entry/common.c:171\n exit_to_user_mode_prepare+0x6a/0xa0 kernel/entry/common.c:203\n __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]\n syscall_exit_to_user_mode+0x26/0x140 kernel/entry/common.c:296\n do_syscall_64+0x4d/0xc0 arch/x86/entry/common.c:86\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nread to 0xffff888237c2a2f8 of 8 bytes by task 19632 on cpu 1:\n obj_stock_flush_required mm/memcontrol.c:3319 [inline]\n drain_all_stock+0x174/0x2a0 mm/memcontrol.c:2361\n try_charge_memcg+0x6d0/0xd10 mm/memcontrol.c:2703\n try_charge mm/memcontrol.c:2837 [inline]\n mem_cgroup_charge_skmem+0x51/0x140 mm/memcontrol.c:7290\n sock_reserve_memory+0xb1/0x390 net/core/sock.c:1025\n sk_setsockopt+0x800/0x1e70 net/core/sock.c:1525\n udp_lib_setsockopt+0x99/0x6c0 net/ipv4/udp.c:2692\n udp_setsockopt+0x73/0xa0 net/ipv4/udp.c:2817\n sock_common_setsockopt+0x61/0x70 net/core/sock.c:3668\n __sys_setsockopt+0x1c3/0x230 net/socket.c:2271\n __do_sys_setsockopt net/socket.c:2282 [inline]\n __se_sys_setsockopt net/socket.c:2279 [inline]\n __x64_sys_setsockopt+0x66/0x80 net/socket.c:2279\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nvalue changed: 0xffff8881382d52c0 -\u003e 0xffff888138893740\n\nReported by Kernel Concurrency Sanitizer on:\nCPU: 1 PID: 19632 Comm: syz-executor.0 Not tainted 6.3.0-rc2-syzkaller-00387-g534293368afa #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023\n\nFix it by using READ_ONCE()/WRITE_ONCE() for all accesses to\nstock-\u003ecached_objcg.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 2, "amazon": 3, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "V3Score": 7.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:22801", "https://access.redhat.com/security/cve/CVE-2023-53401", "https://bugzilla.redhat.com/2396417", "https://bugzilla.redhat.com/2401510", "https://bugzilla.redhat.com/2402222", "https://bugzilla.redhat.com/show_bug.cgi?id=2396417", "https://bugzilla.redhat.com/show_bug.cgi?id=2401510", "https://bugzilla.redhat.com/show_bug.cgi?id=2402222", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-50543", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-53401", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-53539", "https://errata.almalinux.org/8/ALSA-2025-22801.html", "https://errata.rockylinux.org/RLSA-2025:22801", "https://git.kernel.org/linus/3b8abb3239530c423c0b97e42af7f7e856e1ee96 (6.5-rc1)", "https://git.kernel.org/stable/c/33391c7e1a2ad612bf3922cc168cb09a46bbe236", "https://git.kernel.org/stable/c/33d9490b27e5d8da4444aefd714a4f50189db978", "https://git.kernel.org/stable/c/3b8abb3239530c423c0b97e42af7f7e856e1ee96", "https://linux.oracle.com/cve/CVE-2023-53401.html", "https://linux.oracle.com/errata/ELSA-2025-22801.html", "https://lore.kernel.org/linux-cve-announce/2025091800-CVE-2023-53401-b668@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53401", "https://www.cve.org/CVERecord?id=CVE-2023-53401" ], "PublishedDate": "2025-09-18T14:15:43.417Z", "LastModifiedDate": "2026-01-14T19:16:39.937Z" }, { "VulnerabilityID": "CVE-2023-53410", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53410", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a2176dafe1fcb227d599c8eb70f46a7b18f4565985b6f17bd125d319a71e093f", "Title": "kernel: USB: ULPI: fix memory leak with using debugfs_lookup()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: ULPI: fix memory leak with using debugfs_lookup()\n\nWhen calling debugfs_lookup() the result must have dput() called on it,\notherwise the memory will leak over time. To make things simpler, just\ncall debugfs_lookup_and_remove() instead which handles all of the logic\nat once.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53410", "https://git.kernel.org/linus/8f4d25eba599c4bd4b5ea8ae8752cda480a9d563 (6.3-rc1)", "https://git.kernel.org/stable/c/2b8aa879e28df11e45855b04788050c61fb6b02a", "https://git.kernel.org/stable/c/8f4d25eba599c4bd4b5ea8ae8752cda480a9d563", "https://git.kernel.org/stable/c/dcbe69f4f743a938344b32e60531ea55355e0c08", "https://lore.kernel.org/linux-cve-announce/2025091801-CVE-2023-53410-4483@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53410", "https://www.cve.org/CVERecord?id=CVE-2023-53410" ], "PublishedDate": "2025-09-18T14:15:44.503Z", "LastModifiedDate": "2026-01-14T20:15:58.91Z" }, { "VulnerabilityID": "CVE-2023-53424", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53424", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:37f58c38d134609c296ebca6716bf513517a946d005447c08039af543fa281ec", "Title": "kernel: clk: mediatek: fix of_iomap memory leak", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: mediatek: fix of_iomap memory leak\n\nSmatch reports:\ndrivers/clk/mediatek/clk-mtk.c:583 mtk_clk_simple_probe() warn:\n 'base' from of_iomap() not released on lines: 496.\n\nThis problem was also found in linux-next. In mtk_clk_simple_probe(),\nbase is not released when handling errors\nif clk_data is not existed, which may cause a leak.\nSo free_base should be added here to release base.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "photon": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53424", "https://git.kernel.org/linus/3db7285e044144fd88a356f5b641b9cd4b231a77 (6.5-rc1)", "https://git.kernel.org/stable/c/2cae6a28d8c12c597e8656962271520434c61c48", "https://git.kernel.org/stable/c/3db7285e044144fd88a356f5b641b9cd4b231a77", "https://git.kernel.org/stable/c/47234e19b00816a8a7b278c7173f6d4e928c43c7", "https://git.kernel.org/stable/c/847d5dd788ce05f0aaaa36ea174f7f0b9cf86f7d", "https://lore.kernel.org/linux-cve-announce/2025091856-CVE-2023-53424-d5b6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53424", "https://www.cve.org/CVERecord?id=CVE-2023-53424" ], "PublishedDate": "2025-09-18T16:15:46.26Z", "LastModifiedDate": "2026-02-19T16:27:08.123Z" }, { "VulnerabilityID": "CVE-2023-53429", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53429", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3d78bc605c9c7ba912a4db0778e9879f6ae6a07f83e39ac6ee6def7b89c20f4a", "Title": "kernel: btrfs: don't check PageError in __extent_writepage", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don't check PageError in __extent_writepage\n\n__extent_writepage currenly sets PageError whenever any error happens,\nand the also checks for PageError to decide if to call error handling.\nThis leads to very unclear responsibility for cleaning up on errors.\nIn the VM and generic writeback helpers the basic idea is that once\nI/O is fired off all error handling responsibility is delegated to the\nend I/O handler. But if that end I/O handler sets the PageError bit,\nand the submitter checks it, the bit could in some cases leak into the\nsubmission context for fast enough I/O.\n\nFix this by simply not checking PageError and just using the local\nret variable to check for submission errors. This also fundamentally\nsolves the long problem documented in a comment in __extent_writepage\nby never leaking the error bit into the submission context.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53429", "https://git.kernel.org/linus/3e92499e3b004baffb479d61e191b41b604ece9a (6.5-rc1)", "https://git.kernel.org/stable/c/3e92499e3b004baffb479d61e191b41b604ece9a", "https://git.kernel.org/stable/c/d40be032ecd8ee1ca033bee43c7755d21fb4d72a", "https://lore.kernel.org/linux-cve-announce/2025091857-CVE-2023-53429-dd4c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53429", "https://www.cve.org/CVERecord?id=CVE-2023-53429" ], "PublishedDate": "2025-09-18T16:15:46.847Z", "LastModifiedDate": "2026-01-14T20:16:02.293Z" }, { "VulnerabilityID": "CVE-2023-53434", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53434", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a17e9a83ac316cfe7d7c5ddccc240118f9a808687cb82b1c2f509ee7f83f94cd", "Title": "kernel: remoteproc: imx_dsp_rproc: Add custom memory copy implementation for i.MX DSP Cores", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: imx_dsp_rproc: Add custom memory copy implementation for i.MX DSP Cores\n\nThe IRAM is part of the HiFi DSP.\nAccording to hardware specification only 32-bits write are allowed\notherwise we get a Kernel panic.\n\nTherefore add a custom memory copy and memset functions to deal with\nthe above restriction.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53434", "https://git.kernel.org/linus/408ec1ff0caa340c57eecf4cbd14ef0132036a50 (6.4-rc1)", "https://git.kernel.org/stable/c/331cd77f3d02c35f98b48d1aa934c54c4e7102c8", "https://git.kernel.org/stable/c/408ec1ff0caa340c57eecf4cbd14ef0132036a50", "https://git.kernel.org/stable/c/44361033a8806aabd0f49b24e5a2fc07232cc5ff", "https://lore.kernel.org/linux-cve-announce/2025091858-CVE-2023-53434-243b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53434", "https://www.cve.org/CVERecord?id=CVE-2023-53434" ], "PublishedDate": "2025-09-18T16:15:47.49Z", "LastModifiedDate": "2026-01-14T20:16:03.097Z" }, { "VulnerabilityID": "CVE-2023-53438", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53438", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3c3b36929c842241eb91a0da5abb1ecd346884626a086e8b88681fab9e0f7e81", "Title": "kernel: x86/MCE: Always save CS register on AMD Zen IF Poison errors", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/MCE: Always save CS register on AMD Zen IF Poison errors\n\nThe Instruction Fetch (IF) units on current AMD Zen-based systems do not\nguarantee a synchronous #MC is delivered for poison consumption errors.\nTherefore, MCG_STATUS[EIPV|RIPV] will not be set. However, the\nmicroarchitecture does guarantee that the exception is delivered within\nthe same context. In other words, the exact rIP is not known, but the\ncontext is known to not have changed.\n\nThere is no architecturally-defined method to determine this behavior.\n\nThe Code Segment (CS) register is always valid on such IF unit poison\nerrors regardless of the value of MCG_STATUS[EIPV|RIPV].\n\nAdd a quirk to save the CS register for poison consumption from the IF\nunit banks.\n\nThis is needed to properly determine the context of the error.\nOtherwise, the severity grading function will assume the context is\nIN_KERNEL due to the m-\u003ecs value being 0 (the initialized value). This\nleads to unnecessary kernel panics on data poison errors due to the\nkernel believing the poison consumption occurred in kernel context.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53438", "https://git.kernel.org/linus/4240e2ebe67941ce2c4f5c866c3af4b5ac7a0c67 (6.6-rc1)", "https://git.kernel.org/stable/c/2e01bdf7203c383e9d8489d9f963c52d6c81e4db", "https://git.kernel.org/stable/c/4240e2ebe67941ce2c4f5c866c3af4b5ac7a0c67", "https://git.kernel.org/stable/c/6eac3965901489ae114a664a78cd2d1415d1af5c", "https://git.kernel.org/stable/c/e6e6a5f50f58fadec397b23064b7e4830292863d", "https://lore.kernel.org/linux-cve-announce/2025091858-CVE-2023-53438-50e2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53438", "https://www.cve.org/CVERecord?id=CVE-2023-53438" ], "PublishedDate": "2025-09-18T16:15:47.967Z", "LastModifiedDate": "2026-01-14T20:16:03.76Z" }, { "VulnerabilityID": "CVE-2023-53447", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53447", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4d5876d28b0989ff4378bc4be9d73df384039e2bca826a9e216f238abc53ab41", "Title": "kernel: f2fs: don't reset unchangable mount option in f2fs_remount()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: don't reset unchangable mount option in f2fs_remount()\n\nsyzbot reports a bug as below:\n\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000009: 0000 [#1] PREEMPT SMP KASAN\nRIP: 0010:__lock_acquire+0x69/0x2000 kernel/locking/lockdep.c:4942\nCall Trace:\n lock_acquire+0x1e3/0x520 kernel/locking/lockdep.c:5691\n __raw_write_lock include/linux/rwlock_api_smp.h:209 [inline]\n _raw_write_lock+0x2e/0x40 kernel/locking/spinlock.c:300\n __drop_extent_tree+0x3ac/0x660 fs/f2fs/extent_cache.c:1100\n f2fs_drop_extent_tree+0x17/0x30 fs/f2fs/extent_cache.c:1116\n f2fs_insert_range+0x2d5/0x3c0 fs/f2fs/file.c:1664\n f2fs_fallocate+0x4e4/0x6d0 fs/f2fs/file.c:1838\n vfs_fallocate+0x54b/0x6b0 fs/open.c:324\n ksys_fallocate fs/open.c:347 [inline]\n __do_sys_fallocate fs/open.c:355 [inline]\n __se_sys_fallocate fs/open.c:353 [inline]\n __x64_sys_fallocate+0xbd/0x100 fs/open.c:353\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe root cause is race condition as below:\n- since it tries to remount rw filesystem, so that do_remount won't\ncall sb_prepare_remount_readonly to block fallocate, there may be race\ncondition in between remount and fallocate.\n- in f2fs_remount(), default_options() will reset mount option to default\none, and then update it based on result of parse_options(), so there is\na hole which race condition can happen.\n\nThread A\t\t\tThread B\n- f2fs_fill_super\n - parse_options\n - clear_opt(READ_EXTENT_CACHE)\n\n- f2fs_remount\n - default_options\n - set_opt(READ_EXTENT_CACHE)\n\t\t\t\t- f2fs_fallocate\n\t\t\t\t - f2fs_insert_range\n\t\t\t\t - f2fs_drop_extent_tree\n\t\t\t\t - __drop_extent_tree\n\t\t\t\t - __may_extent_tree\n\t\t\t\t - test_opt(READ_EXTENT_CACHE) return true\n\t\t\t\t - write_lock(\u0026et-\u003elock) access NULL pointer\n - parse_options\n - clear_opt(READ_EXTENT_CACHE)", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "nvd": 2, "photon": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53447", "https://git.kernel.org/linus/458c15dfbce62c35fefd9ca637b20a051309c9f1 (6.5-rc1)", "https://git.kernel.org/stable/c/115557cc226a927924f2d7d1980ccbf6e3b3bb36", "https://git.kernel.org/stable/c/458c15dfbce62c35fefd9ca637b20a051309c9f1", "https://lore.kernel.org/linux-cve-announce/2025091800-CVE-2023-53447-e0ee@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53447", "https://www.cve.org/CVERecord?id=CVE-2023-53447" ], "PublishedDate": "2025-09-18T16:15:49.067Z", "LastModifiedDate": "2026-01-14T20:16:05.213Z" }, { "VulnerabilityID": "CVE-2023-53452", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53452", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d9db46c27c1a01a611b91ccef653c7a42d6e007301f14cf4e4b00ef47570f56e", "Title": "kernel: wifi: rtw89: fix potential race condition between napi_init and napi_enable", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fix potential race condition between napi_init and napi_enable\n\nA race condition can happen if netdev is registered, but NAPI isn't\ninitialized yet, and meanwhile user space starts the netdev that will\nenable NAPI. Then, it hits BUG_ON():\n\n kernel BUG at net/core/dev.c:6423!\n invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 0 PID: 417 Comm: iwd Not tainted 6.2.7-slab-dirty #3 eb0f5a8a9d91\n Hardware name: LENOVO 21DL/LNVNB161216, BIOS JPCN20WW(V1.06) 09/20/2022\n RIP: 0010:napi_enable+0x3f/0x50\n Code: 48 89 c2 48 83 e2 f6 f6 81 89 08 00 00 02 74 0d 48 83 ...\n RSP: 0018:ffffada1414f3548 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: ffffa01425802080 RCX: 0000000000000000\n RDX: 00000000000002ff RSI: ffffada14e50c614 RDI: ffffa01425808dc0\n RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000001 R11: 0000000000000100 R12: ffffa01425808f58\n R13: 0000000000000000 R14: ffffa01423498940 R15: 0000000000000001\n FS: 00007f5577c0a740(0000) GS:ffffa0169fc00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f5577a19972 CR3: 0000000125a7a000 CR4: 0000000000750ef0\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n rtw89_pci_ops_start+0x1c/0x70 [rtw89_pci 6cbc75429515c181cbc386478d5cfb32ffc5a0f8]\n rtw89_core_start+0xbe/0x160 [rtw89_core fe07ecb874820b6d778370d4acb6ef8a37847f22]\n rtw89_ops_start+0x26/0x40 [rtw89_core fe07ecb874820b6d778370d4acb6ef8a37847f22]\n drv_start+0x42/0x100 [mac80211 c07fa22af8c3cf3f7d7ab3884ca990784d72e2d2]\n ieee80211_do_open+0x311/0x7d0 [mac80211 c07fa22af8c3cf3f7d7ab3884ca990784d72e2d2]\n ieee80211_open+0x6a/0x90 [mac80211 c07fa22af8c3cf3f7d7ab3884ca990784d72e2d2]\n __dev_open+0xe0/0x180\n __dev_change_flags+0x1da/0x250\n dev_change_flags+0x26/0x70\n do_setlink+0x37c/0x12c0\n ? ep_poll_callback+0x246/0x290\n ? __nla_validate_parse+0x61/0xd00\n ? __wake_up_common_lock+0x8f/0xd0\n\nTo fix this, follow Jonas' suggestion to switch the order of these\nfunctions and move register netdev to be the last step of PCI probe.\nAlso, correct the error handling of rtw89_core_register_hw().", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53452", "https://git.kernel.org/linus/47515664ecfbde11425dff121f298ae4499425c9 (6.4-rc1)", "https://git.kernel.org/stable/c/39712c8aeb79691bcec8bd6ff658cde1651e0803", "https://git.kernel.org/stable/c/47515664ecfbde11425dff121f298ae4499425c9", "https://git.kernel.org/stable/c/aa48073c2f993e1b0c0bc66b03ae105cac0130bc", "https://git.kernel.org/stable/c/b1b90c7df08ef385f95827ee3aee87bddd1ef5c5", "https://lore.kernel.org/linux-cve-announce/2025100104-CVE-2023-53452-f6e5@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53452", "https://www.cve.org/CVERecord?id=CVE-2023-53452" ], "PublishedDate": "2025-10-01T12:15:43.6Z", "LastModifiedDate": "2026-01-16T21:23:45.69Z" }, { "VulnerabilityID": "CVE-2023-53460", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53460", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:395b91baffa51f15e039dd101435205f8bae9f59a7cd7915598d03107d814dcb", "Title": "kernel: wifi: rtw88: fix memory leak in rtw_usb_probe()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: fix memory leak in rtw_usb_probe()\n\ndrivers/net/wireless/realtek/rtw88/usb.c:876 rtw_usb_probe()\nwarn: 'hw' from ieee80211_alloc_hw() not released on lines: 811\n\nFix this by modifying return to a goto statement.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53460", "https://git.kernel.org/linus/48181d285623198c33bb9698992502687b258efa (6.4-rc1)", "https://git.kernel.org/stable/c/48181d285623198c33bb9698992502687b258efa", "https://git.kernel.org/stable/c/6cc92379b80af005e1f49ef6ef790cddc58cf0da", "https://lore.kernel.org/linux-cve-announce/2025100106-CVE-2023-53460-cdc8@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53460", "https://www.cve.org/CVERecord?id=CVE-2023-53460" ], "PublishedDate": "2025-10-01T12:15:47.57Z", "LastModifiedDate": "2026-01-16T21:19:46.06Z" }, { "VulnerabilityID": "CVE-2023-53466", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53466", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4436e5be1fe8a63c65b567fc61b62b417eae4b397ed9bf98a9b2826767f3f461", "Title": "kernel: wifi: mt76: mt7915: fix memory leak in mt7915_mcu_exit", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7915: fix memory leak in mt7915_mcu_exit\n\nAlways purge mcu skb queues in mt7915_mcu_exit routine even if\nmt7915_firmware_state fails.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53466", "https://git.kernel.org/linus/49bd78282e79ad177d14f37f4049f0605bf92dad (6.3-rc1)", "https://git.kernel.org/stable/c/3095fe1e1d3198e62a3c7116c4cf7c734871475f", "https://git.kernel.org/stable/c/49bd78282e79ad177d14f37f4049f0605bf92dad", "https://git.kernel.org/stable/c/4cbb876153b63fe248200f734069c6881cf97722", "https://lore.kernel.org/linux-cve-announce/2025100108-CVE-2023-53466-dcff@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53466", "https://www.cve.org/CVERecord?id=CVE-2023-53466" ], "PublishedDate": "2025-10-01T12:15:48.55Z", "LastModifiedDate": "2026-01-20T15:53:42.2Z" }, { "VulnerabilityID": "CVE-2023-53478", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53478", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6213737b457bbb2f47e4fc790f41623f5fa797c54614aefb068d74b4340f4709", "Title": "kernel: tracing/synthetic: Fix races on freeing last_cmd", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/synthetic: Fix races on freeing last_cmd\n\nCurrently, the \"last_cmd\" variable can be accessed by multiple processes\nasynchronously when multiple users manipulate synthetic_events node\nat the same time, it could lead to use-after-free or double-free.\n\nThis patch add \"lastcmd_mutex\" to prevent \"last_cmd\" from being accessed\nasynchronously.\n\n================================================================\n\nIt's easy to reproduce in the KASAN environment by running the two\nscripts below in different shells.\n\nscript 1:\n while :\n do\n echo -n -e '\\x88' \u003e /sys/kernel/tracing/synthetic_events\n done\n\nscript 2:\n while :\n do\n echo -n -e '\\xb0' \u003e /sys/kernel/tracing/synthetic_events\n done\n\n================================================================\ndouble-free scenario:\n\n process A process B\n------------------- ---------------\n1.kstrdup last_cmd\n 2.free last_cmd\n3.free last_cmd(double-free)\n\n================================================================\nuse-after-free scenario:\n\n process A process B\n------------------- ---------------\n1.kstrdup last_cmd\n 2.free last_cmd\n3.tracing_log_err(use-after-free)\n\n================================================================\n\nAppendix 1. KASAN report double-free:\n\nBUG: KASAN: double-free in kfree+0xdc/0x1d4\nFree of addr ***** by task sh/4879\nCall trace:\n ...\n kfree+0xdc/0x1d4\n create_or_delete_synth_event+0x60/0x1e8\n trace_parse_run_command+0x2bc/0x4b8\n synth_events_write+0x20/0x30\n vfs_write+0x200/0x830\n ...\n\nAllocated by task 4879:\n ...\n kstrdup+0x5c/0x98\n create_or_delete_synth_event+0x6c/0x1e8\n trace_parse_run_command+0x2bc/0x4b8\n synth_events_write+0x20/0x30\n vfs_write+0x200/0x830\n ...\n\nFreed by task 5464:\n ...\n kfree+0xdc/0x1d4\n create_or_delete_synth_event+0x60/0x1e8\n trace_parse_run_command+0x2bc/0x4b8\n synth_events_write+0x20/0x30\n vfs_write+0x200/0x830\n ...\n\n================================================================\nAppendix 2. KASAN report use-after-free:\n\nBUG: KASAN: use-after-free in strlen+0x5c/0x7c\nRead of size 1 at addr ***** by task sh/5483\nsh: CPU: 7 PID: 5483 Comm: sh\n ...\n __asan_report_load1_noabort+0x34/0x44\n strlen+0x5c/0x7c\n tracing_log_err+0x60/0x444\n create_or_delete_synth_event+0xc4/0x204\n trace_parse_run_command+0x2bc/0x4b8\n synth_events_write+0x20/0x30\n vfs_write+0x200/0x830\n ...\n\nAllocated by task 5483:\n ...\n kstrdup+0x5c/0x98\n create_or_delete_synth_event+0x80/0x204\n trace_parse_run_command+0x2bc/0x4b8\n synth_events_write+0x20/0x30\n vfs_write+0x200/0x830\n ...\n\nFreed by task 5480:\n ...\n kfree+0xdc/0x1d4\n create_or_delete_synth_event+0x74/0x204\n trace_parse_run_command+0x2bc/0x4b8\n synth_events_write+0x20/0x30\n vfs_write+0x200/0x830\n ...", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53478", "https://git.kernel.org/linus/4ccf11c4e8a8e051499d53a12f502196c97a758e (6.3-rc6)", "https://git.kernel.org/stable/c/4ccf11c4e8a8e051499d53a12f502196c97a758e", "https://git.kernel.org/stable/c/8826d9e7bd51e7656f78baa4472e8e2f5e7069f0", "https://git.kernel.org/stable/c/9fe183f659a2704255e5d84f6ae308c234a113ec", "https://lore.kernel.org/linux-cve-announce/2025100112-CVE-2023-53478-3da0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53478", "https://www.cve.org/CVERecord?id=CVE-2023-53478" ], "PublishedDate": "2025-10-01T12:15:50.27Z", "LastModifiedDate": "2026-01-20T16:38:08.117Z" }, { "VulnerabilityID": "CVE-2023-53483", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53483", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9a8c0b188e32b2bbe53b29026aefd809dec25572b14a6e1852f57fa261656bc8", "Title": "kernel: ACPI: processor: Check for null return of devm_kzalloc() in fch_misc_setup()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: processor: Check for null return of devm_kzalloc() in fch_misc_setup()\n\ndevm_kzalloc() may fail, clk_data-\u003ename might be NULL and will\ncause a NULL pointer dereference later.\n\n[ rjw: Subject and changelog edits ]", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53483", "https://git.kernel.org/linus/4dea41775d951ff1f7b472a346a8ca3ae7e74455 (6.4-rc1)", "https://git.kernel.org/stable/c/4dea41775d951ff1f7b472a346a8ca3ae7e74455", "https://git.kernel.org/stable/c/79ca94bc3e8cc3befa883c7d30b30a27ef0ea386", "https://git.kernel.org/stable/c/8a632ff6a2bea49993002b4c46092a2aea625840", "https://lore.kernel.org/linux-cve-announce/2025100113-CVE-2023-53483-cf50@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53483", "https://www.cve.org/CVERecord?id=CVE-2023-53483" ], "PublishedDate": "2025-10-01T12:15:51.027Z", "LastModifiedDate": "2026-01-23T02:07:43.93Z" }, { "VulnerabilityID": "CVE-2023-53491", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53491", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4db98bf2262893d111ec6df0704b86ac5ff938cbd33fe0f8732e7fdbc042598c", "Title": "kernel: start_kernel: Add __no_stack_protector function attribute", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nstart_kernel: Add __no_stack_protector function attribute\n\nBack during the discussion of\ncommit a9a3ed1eff36 (\"x86: Fix early boot crash on gcc-10, third try\")\nwe discussed the need for a function attribute to control the omission\nof stack protectors on a per-function basis; at the time Clang had\nsupport for no_stack_protector but GCC did not. This was fixed in\ngcc-11. Now that the function attribute is available, let's start using\nit.\n\nCallers of boot_init_stack_canary need to use this function attribute\nunless they're compiled with -fno-stack-protector, otherwise the canary\nstored in the stack slot of the caller will differ upon the call to\nboot_init_stack_canary. This will lead to a call to __stack_chk_fail()\nthen panic.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53491", "https://git.kernel.org/linus/514ca14ed5444b911de59ed3381dfd195d99fe4b (6.5-rc1)", "https://git.kernel.org/stable/c/25e73018b4093e0cfbcec5dc4a4bb86d0b69ed56", "https://git.kernel.org/stable/c/514ca14ed5444b911de59ed3381dfd195d99fe4b", "https://lore.kernel.org/linux-cve-announce/2025100123-CVE-2023-53491-2d8b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53491", "https://www.cve.org/CVERecord?id=CVE-2023-53491" ], "PublishedDate": "2025-10-01T12:15:52.26Z", "LastModifiedDate": "2026-01-23T02:06:17.203Z" }, { "VulnerabilityID": "CVE-2023-53509", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53509", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:11c2ae8f59cd9cba2a654dabd747b3cf70ceabdc5f67ea10d75af75ed1b986e2", "Title": "kernel: qed: allow sleep in qed_mcp_trace_dump()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nqed: allow sleep in qed_mcp_trace_dump()\n\nBy default, qed_mcp_cmd_and_union() delays 10us at a time in a loop\nthat can run 500K times, so calls to qed_mcp_nvm_rd_cmd()\nmay block the current thread for over 5s.\nWe observed thread scheduling delays over 700ms in production,\nwith stacktraces pointing to this code as the culprit.\n\nqed_mcp_trace_dump() is called from ethtool, so sleeping is permitted.\nIt already can sleep in qed_mcp_halt(), which calls qed_mcp_cmd().\nAdd a \"can sleep\" parameter to qed_find_nvram_image() and\nqed_nvram_read() so they can sleep during qed_mcp_trace_dump().\nqed_mcp_trace_get_meta_info() and qed_mcp_trace_read_meta(),\ncalled only by qed_mcp_trace_dump(), allow these functions to sleep.\nI can't tell if the other caller (qed_grc_dump_mcp_hw_dump()) can sleep,\nso keep b_can_sleep set to false when it calls these functions.\n\nAn example stacktrace from a custom warning we added to the kernel\nshowing a thread that has not scheduled despite long needing resched:\n[ 2745.362925,17] ------------[ cut here ]------------\n[ 2745.362941,17] WARNING: CPU: 23 PID: 5640 at arch/x86/kernel/irq.c:233 do_IRQ+0x15e/0x1a0()\n[ 2745.362946,17] Thread not rescheduled for 744 ms after irq 99\n[ 2745.362956,17] Modules linked in: ...\n[ 2745.363339,17] CPU: 23 PID: 5640 Comm: lldpd Tainted: P O 4.4.182+ #202104120910+6d1da174272d.61x\n[ 2745.363343,17] Hardware name: FOXCONN MercuryB/Quicksilver Controller, BIOS H11P1N09 07/08/2020\n[ 2745.363346,17] 0000000000000000 ffff885ec07c3ed8 ffffffff8131eb2f ffff885ec07c3f20\n[ 2745.363358,17] ffffffff81d14f64 ffff885ec07c3f10 ffffffff81072ac2 ffff88be98ed0000\n[ 2745.363369,17] 0000000000000063 0000000000000174 0000000000000074 0000000000000000\n[ 2745.363379,17] Call Trace:\n[ 2745.363382,17] \u003cIRQ\u003e [\u003cffffffff8131eb2f\u003e] dump_stack+0x8e/0xcf\n[ 2745.363393,17] [\u003cffffffff81072ac2\u003e] warn_slowpath_common+0x82/0xc0\n[ 2745.363398,17] [\u003cffffffff81072b4c\u003e] warn_slowpath_fmt+0x4c/0x50\n[ 2745.363404,17] [\u003cffffffff810d5a8e\u003e] ? rcu_irq_exit+0xae/0xc0\n[ 2745.363408,17] [\u003cffffffff817c99fe\u003e] do_IRQ+0x15e/0x1a0\n[ 2745.363413,17] [\u003cffffffff817c7ac9\u003e] common_interrupt+0x89/0x89\n[ 2745.363416,17] \u003cEOI\u003e [\u003cffffffff8132aa74\u003e] ? delay_tsc+0x24/0x50\n[ 2745.363425,17] [\u003cffffffff8132aa04\u003e] __udelay+0x34/0x40\n[ 2745.363457,17] [\u003cffffffffa04d45ff\u003e] qed_mcp_cmd_and_union+0x36f/0x7d0 [qed]\n[ 2745.363473,17] [\u003cffffffffa04d5ced\u003e] qed_mcp_nvm_rd_cmd+0x4d/0x90 [qed]\n[ 2745.363490,17] [\u003cffffffffa04e1dc7\u003e] qed_mcp_trace_dump+0x4a7/0x630 [qed]\n[ 2745.363504,17] [\u003cffffffffa04e2556\u003e] ? qed_fw_asserts_dump+0x1d6/0x1f0 [qed]\n[ 2745.363520,17] [\u003cffffffffa04e4ea7\u003e] qed_dbg_mcp_trace_get_dump_buf_size+0x37/0x80 [qed]\n[ 2745.363536,17] [\u003cffffffffa04ea881\u003e] qed_dbg_feature_size+0x61/0xa0 [qed]\n[ 2745.363551,17] [\u003cffffffffa04eb427\u003e] qed_dbg_all_data_size+0x247/0x260 [qed]\n[ 2745.363560,17] [\u003cffffffffa0482c10\u003e] qede_get_regs_len+0x30/0x40 [qede]\n[ 2745.363566,17] [\u003cffffffff816c9783\u003e] ethtool_get_drvinfo+0xe3/0x190\n[ 2745.363570,17] [\u003cffffffff816cc152\u003e] dev_ethtool+0x1362/0x2140\n[ 2745.363575,17] [\u003cffffffff8109bcc6\u003e] ? finish_task_switch+0x76/0x260\n[ 2745.363580,17] [\u003cffffffff817c2116\u003e] ? __schedule+0x3c6/0x9d0\n[ 2745.363585,17] [\u003cffffffff810dbd50\u003e] ? hrtimer_start_range_ns+0x1d0/0x370\n[ 2745.363589,17] [\u003cffffffff816c1e5b\u003e] ? dev_get_by_name_rcu+0x6b/0x90\n[ 2745.363594,17] [\u003cffffffff816de6a8\u003e] dev_ioctl+0xe8/0x710\n[ 2745.363599,17] [\u003cffffffff816a58a8\u003e] sock_do_ioctl+0x48/0x60\n[ 2745.363603,17] [\u003cffffffff816a5d87\u003e] sock_ioctl+0x1c7/0x280\n[ 2745.363608,17] [\u003cffffffff8111f393\u003e] ? seccomp_phase1+0x83/0x220\n[ 2745.363612,17] [\u003cffffffff811e3503\u003e] do_vfs_ioctl+0x2b3/0x4e0\n[ 2745.363616,17] [\u003cffffffff811e3771\u003e] SyS_ioctl+0x41/0x70\n[ 2745.363619,17] [\u003cffffffff817c6ffe\u003e] entry_SYSCALL_64_fastpath+0x1e/0x79\n[ 2745.363622,17] ---[ end trace f6954aa440266421 ]---", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53509", "https://git.kernel.org/linus/5401c3e0992860b11fb4b25796e4c4f1921740df (6.2-rc3)", "https://git.kernel.org/stable/c/50c81b35df01db12b348c5cbf4b1917dc9a7db54", "https://git.kernel.org/stable/c/5401c3e0992860b11fb4b25796e4c4f1921740df", "https://git.kernel.org/stable/c/e0387f4f39a8d92302273ac356d1f6b2a38160d8", "https://lore.kernel.org/linux-cve-announce/2025100129-CVE-2023-53509-2b4c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53509", "https://www.cve.org/CVERecord?id=CVE-2023-53509" ], "PublishedDate": "2025-10-01T12:15:54.73Z", "LastModifiedDate": "2026-01-23T01:58:58.4Z" }, { "VulnerabilityID": "CVE-2023-53510", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53510", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3de96f08161dbaecfa4d7c725aaf3a7fcb45dd532c3a8fceee78cc0d032d0964", "Title": "kernel: scsi: ufs: core: Fix handling of lrbp-\u003ecmd", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix handling of lrbp-\u003ecmd\n\nufshcd_queuecommand() may be called two times in a row for a SCSI command\nbefore it is completed. Hence make the following changes:\n\n - In the functions that submit a command, do not check the old value of\n lrbp-\u003ecmd nor clear lrbp-\u003ecmd in error paths.\n\n - In ufshcd_release_scsi_cmd(), do not clear lrbp-\u003ecmd.\n\nSee also scsi_send_eh_cmnd().\n\nThis commit prevents that the following appears if a command times out:\n\nWARNING: at drivers/ufs/core/ufshcd.c:2965 ufshcd_queuecommand+0x6f8/0x9a8\nCall trace:\n ufshcd_queuecommand+0x6f8/0x9a8\n scsi_send_eh_cmnd+0x2c0/0x960\n scsi_eh_test_devices+0x100/0x314\n scsi_eh_ready_devs+0xd90/0x114c\n scsi_error_handler+0x2b4/0xb70\n kthread+0x16c/0x1e0", "Severity": "MEDIUM", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53510", "https://git.kernel.org/linus/549e91a9bbaa0ee480f59357868421a61d369770 (6.5-rc1)", "https://git.kernel.org/stable/c/49234a401e161a2f2698f4612ab792c49b3cad1b", "https://git.kernel.org/stable/c/549e91a9bbaa0ee480f59357868421a61d369770", "https://git.kernel.org/stable/c/b6d76d63c6d21d5d26c301a46853a2aee72397d5", "https://git.kernel.org/stable/c/f3ee24af62681b942bbd799ac77b90a6d7e1fdb1", "https://lore.kernel.org/linux-cve-announce/2025100130-CVE-2023-53510-9e6a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53510", "https://www.cve.org/CVERecord?id=CVE-2023-53510" ], "PublishedDate": "2025-10-01T12:15:54.88Z", "LastModifiedDate": "2026-03-25T11:16:05.983Z" }, { "VulnerabilityID": "CVE-2023-53529", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53529", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:235fb53524417634b83090291c0b6cdc71b068b5bd30d4ac17d16824279b5b75", "Title": "kernel: wifi: rtw88: Fix memory leak in rtw88_usb", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: Fix memory leak in rtw88_usb\n\nKmemleak shows the following leak arising from routine in the usb\nprobe routine:\n\nunreferenced object 0xffff895cb29bba00 (size 512):\n comm \"(udev-worker)\", pid 534, jiffies 4294903932 (age 102751.088s)\n hex dump (first 32 bytes):\n 77 30 30 30 00 00 00 00 02 2f 2d 2b 30 00 00 00 w000...../-+0...\n 02 00 2a 28 00 00 00 00 ff 55 ff ff ff 00 00 00 ..*(.....U......\n backtrace:\n [\u003cffffffff9265fa36\u003e] kmalloc_trace+0x26/0x90\n [\u003cffffffffc17eec41\u003e] rtw_usb_probe+0x2f1/0x680 [rtw_usb]\n [\u003cffffffffc03e19fd\u003e] usb_probe_interface+0xdd/0x2e0 [usbcore]\n [\u003cffffffff92b4f2fe\u003e] really_probe+0x18e/0x3d0\n [\u003cffffffff92b4f5b8\u003e] __driver_probe_device+0x78/0x160\n [\u003cffffffff92b4f6bf\u003e] driver_probe_device+0x1f/0x90\n [\u003cffffffff92b4f8df\u003e] __driver_attach+0xbf/0x1b0\n [\u003cffffffff92b4d350\u003e] bus_for_each_dev+0x70/0xc0\n [\u003cffffffff92b4e51e\u003e] bus_add_driver+0x10e/0x210\n [\u003cffffffff92b50935\u003e] driver_register+0x55/0xf0\n [\u003cffffffffc03e0708\u003e] usb_register_driver+0x88/0x140 [usbcore]\n [\u003cffffffff92401153\u003e] do_one_initcall+0x43/0x210\n [\u003cffffffff9254f42a\u003e] do_init_module+0x4a/0x200\n [\u003cffffffff92551d1c\u003e] __do_sys_finit_module+0xac/0x120\n [\u003cffffffff92ee6626\u003e] do_syscall_64+0x56/0x80\n [\u003cffffffff9300006a\u003e] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nThe leak was verified to be real by unloading the driver, which resulted\nin a dangling pointer to the allocation.\n\nThe allocated memory is freed in rtw_usb_intf_deinit().", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53529", "https://git.kernel.org/linus/59a3a312009723e3e5082899655fdcc420e2b47a (6.4-rc1)", "https://git.kernel.org/stable/c/59a3a312009723e3e5082899655fdcc420e2b47a", "https://git.kernel.org/stable/c/5bba1ad561a8b5bb14704d8f511cf10466336e3d", "https://lore.kernel.org/linux-cve-announce/2025100136-CVE-2023-53529-db9a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53529", "https://www.cve.org/CVERecord?id=CVE-2023-53529" ], "PublishedDate": "2025-10-01T12:15:57.59Z", "LastModifiedDate": "2026-01-23T20:06:45.883Z" }, { "VulnerabilityID": "CVE-2023-53538", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53538", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:cbf14423c5f9ccf8b6c87fe413b6afde154b18e83c40d23077521f09c8207f4d", "Title": "kernel: btrfs: insert tree mod log move in push_node_left", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: insert tree mod log move in push_node_left\n\nThere is a fairly unlikely race condition in tree mod log rewind that\ncan result in a kernel panic which has the following trace:\n\n [530.569] BTRFS critical (device sda3): unable to find logical 0 length 4096\n [530.585] BTRFS critical (device sda3): unable to find logical 0 length 4096\n [530.602] BUG: kernel NULL pointer dereference, address: 0000000000000002\n [530.618] #PF: supervisor read access in kernel mode\n [530.629] #PF: error_code(0x0000) - not-present page\n [530.641] PGD 0 P4D 0\n [530.647] Oops: 0000 [#1] SMP\n [530.654] CPU: 30 PID: 398973 Comm: below Kdump: loaded Tainted: G S O K 5.12.0-0_fbk13_clang_7455_gb24de3bdb045 #1\n [530.680] Hardware name: Quanta Mono Lake-M.2 SATA 1HY9U9Z001G/Mono Lake-M.2 SATA, BIOS F20_3A15 08/16/2017\n [530.703] RIP: 0010:__btrfs_map_block+0xaa/0xd00\n [530.755] RSP: 0018:ffffc9002c2f7600 EFLAGS: 00010246\n [530.767] RAX: ffffffffffffffea RBX: ffff888292e41000 RCX: f2702d8b8be15100\n [530.784] RDX: ffff88885fda6fb8 RSI: ffff88885fd973c8 RDI: ffff88885fd973c8\n [530.800] RBP: ffff888292e410d0 R08: ffffffff82fd7fd0 R09: 00000000fffeffff\n [530.816] R10: ffffffff82e57fd0 R11: ffffffff82e57d70 R12: 0000000000000000\n [530.832] R13: 0000000000001000 R14: 0000000000001000 R15: ffffc9002c2f76f0\n [530.848] FS: 00007f38d64af000(0000) GS:ffff88885fd80000(0000) knlGS:0000000000000000\n [530.866] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [530.880] CR2: 0000000000000002 CR3: 00000002b6770004 CR4: 00000000003706e0\n [530.896] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n [530.912] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n [530.928] Call Trace:\n [530.934] ? btrfs_printk+0x13b/0x18c\n [530.943] ? btrfs_bio_counter_inc_blocked+0x3d/0x130\n [530.955] btrfs_map_bio+0x75/0x330\n [530.963] ? kmem_cache_alloc+0x12a/0x2d0\n [530.973] ? btrfs_submit_metadata_bio+0x63/0x100\n [530.984] btrfs_submit_metadata_bio+0xa4/0x100\n [530.995] submit_extent_page+0x30f/0x360\n [531.004] read_extent_buffer_pages+0x49e/0x6d0\n [531.015] ? submit_extent_page+0x360/0x360\n [531.025] btree_read_extent_buffer_pages+0x5f/0x150\n [531.037] read_tree_block+0x37/0x60\n [531.046] read_block_for_search+0x18b/0x410\n [531.056] btrfs_search_old_slot+0x198/0x2f0\n [531.066] resolve_indirect_ref+0xfe/0x6f0\n [531.076] ? ulist_alloc+0x31/0x60\n [531.084] ? kmem_cache_alloc_trace+0x12e/0x2b0\n [531.095] find_parent_nodes+0x720/0x1830\n [531.105] ? ulist_alloc+0x10/0x60\n [531.113] iterate_extent_inodes+0xea/0x370\n [531.123] ? btrfs_previous_extent_item+0x8f/0x110\n [531.134] ? btrfs_search_path_in_tree+0x240/0x240\n [531.146] iterate_inodes_from_logical+0x98/0xd0\n [531.157] ? btrfs_search_path_in_tree+0x240/0x240\n [531.168] btrfs_ioctl_logical_to_ino+0xd9/0x180\n [531.179] btrfs_ioctl+0xe2/0x2eb0\n\nThis occurs when logical inode resolution takes a tree mod log sequence\nnumber, and then while backref walking hits a rewind on a busy node\nwhich has the following sequence of tree mod log operations (numbers\nfilled in from a specific example, but they are somewhat arbitrary)\n\n REMOVE_WHILE_FREEING slot 532\n REMOVE_WHILE_FREEING slot 531\n REMOVE_WHILE_FREEING slot 530\n ...\n REMOVE_WHILE_FREEING slot 0\n REMOVE slot 455\n REMOVE slot 454\n REMOVE slot 453\n ...\n REMOVE slot 0\n ADD slot 455\n ADD slot 454\n ADD slot 453\n ...\n ADD slot 0\n MOVE src slot 0 -\u003e dst slot 456 nritems 533\n REMOVE slot 455\n REMOVE slot 454\n REMOVE slot 453\n ...\n REMOVE slot 0\n\nWhen this sequence gets applied via btrfs_tree_mod_log_rewind, it\nallocates a fresh rewind eb, and first inserts the correct key info for\nthe 533 elements, then overwrites the first 456 of them, then decrements\nthe count by 456 via the add ops, then rewinds the move by doing a\nmemmove from 456:988-\u003e0:532. We have never written anything past 532,\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53538", "https://git.kernel.org/linus/5cead5422a0e3d13b0bcee986c0f5c4ebb94100b (6.5-rc1)", "https://git.kernel.org/stable/c/11f14402fe3437852cb44945b3b9f1bdb4032956", "https://git.kernel.org/stable/c/5cead5422a0e3d13b0bcee986c0f5c4ebb94100b", "https://lore.kernel.org/linux-cve-announce/2025100443-CVE-2023-53538-f39c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53538", "https://www.cve.org/CVERecord?id=CVE-2023-53538" ], "PublishedDate": "2025-10-04T16:15:48.813Z", "LastModifiedDate": "2026-03-25T00:40:36.257Z" }, { "VulnerabilityID": "CVE-2023-53539", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53539", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:926d8e97700f839f68a77c87e7ac68157b71e390435c1b02de16ba4eb2e792a4", "Title": "kernel: RDMA/rxe: Fix incomplete state save in rxe_requester", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix incomplete state save in rxe_requester\n\nIf a send packet is dropped by the IP layer in rxe_requester()\nthe call to rxe_xmit_packet() can fail with err == -EAGAIN.\nTo recover, the state of the wqe is restored to the state before\nthe packet was sent so it can be resent. However, the routines\nthat save and restore the state miss a significnt part of the\nvariable state in the wqe, the dma struct which is used to process\nthrough the sge table. And, the state is not saved before the packet\nis built which modifies the dma struct.\n\nUnder heavy stress testing with many QPs on a fast node sending\nlarge messages to a slow node dropped packets are observed and\nthe resent packets are corrupted because the dma struct was not\nrestored. This patch fixes this behavior and allows the test cases\nto succeed.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "nvd": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:22801", "https://access.redhat.com/security/cve/CVE-2023-53539", "https://bugzilla.redhat.com/2396417", "https://bugzilla.redhat.com/2401510", "https://bugzilla.redhat.com/2402222", "https://bugzilla.redhat.com/show_bug.cgi?id=2396417", "https://bugzilla.redhat.com/show_bug.cgi?id=2401510", "https://bugzilla.redhat.com/show_bug.cgi?id=2402222", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-50543", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-53401", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-53539", "https://errata.almalinux.org/8/ALSA-2025-22801.html", "https://errata.rockylinux.org/RLSA-2025:22801", "https://git.kernel.org/linus/5d122db2ff80cd2aed4dcd630befb56b51ddf947 (6.6-rc1)", "https://git.kernel.org/stable/c/255c0e60e1d16874fc151358d94bc8df661600dd", "https://git.kernel.org/stable/c/2f2a6422287fe29f9343247d77b645100ece0652", "https://git.kernel.org/stable/c/5d122db2ff80cd2aed4dcd630befb56b51ddf947", "https://git.kernel.org/stable/c/70518f3aaf5a059b691867d7d2d46b999319656a", "https://linux.oracle.com/cve/CVE-2023-53539.html", "https://linux.oracle.com/errata/ELSA-2025-22801.html", "https://lore.kernel.org/linux-cve-announce/2025100443-CVE-2023-53539-4411@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53539", "https://www.cve.org/CVERecord?id=CVE-2023-53539" ], "PublishedDate": "2025-10-04T16:15:48.93Z", "LastModifiedDate": "2026-03-21T00:25:38.097Z" }, { "VulnerabilityID": "CVE-2023-53540", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53540", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e1b3dfb5ff86f045b280b2c4af2c8f6e960895a2cc1177611fedefcccbffaf99", "Title": "kernel: wifi: cfg80211: reject auth/assoc to AP with our address", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: reject auth/assoc to AP with our address\n\nIf the AP uses our own address as its MLD address or BSSID, then\nclearly something's wrong. Reject such connections so we don't\ntry and fail later.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53540", "https://git.kernel.org/linus/5d4e04bf3a0f098bd9033de3a5291810fa14c7a6 (6.6-rc1)", "https://git.kernel.org/stable/c/07added2c6cd63de047bc786b39436322abb67c0", "https://git.kernel.org/stable/c/5d4e04bf3a0f098bd9033de3a5291810fa14c7a6", "https://git.kernel.org/stable/c/676a423410131d111a264d29aecbe6aadd57fb22", "https://lore.kernel.org/linux-cve-announce/2025100444-CVE-2023-53540-8805@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53540", "https://www.cve.org/CVERecord?id=CVE-2023-53540" ], "PublishedDate": "2025-10-04T16:15:49.05Z", "LastModifiedDate": "2026-02-09T22:05:52.99Z" }, { "VulnerabilityID": "CVE-2023-53544", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53544", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:08b6e5f153519137ee40a77ec5ae9780d8799d5b0c57ed1e094b3548f0ee67d4", "Title": "kernel: cpufreq: davinci: Fix clk use after free", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: davinci: Fix clk use after free\n\nThe remove function first frees the clks and only then calls\ncpufreq_unregister_driver(). If one of the cpufreq callbacks is called\njust before cpufreq_unregister_driver() is run, the freed clks might be\nused.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53544", "https://git.kernel.org/linus/5d8f384a9b4fc50f6a18405f1c08e5a87a77b5b3 (6.3-rc1)", "https://git.kernel.org/stable/c/5d8f384a9b4fc50f6a18405f1c08e5a87a77b5b3", "https://git.kernel.org/stable/c/66b3bbe6fbd8dd410868e5b53ac3944a934b9310", "https://git.kernel.org/stable/c/a5f024d0e6f91e05c816ad4ee8837173369dd5cb", "https://git.kernel.org/stable/c/ab05ae4ab831f64bbc427592c86f599ed9c4324f", "https://lore.kernel.org/linux-cve-announce/2025100445-CVE-2023-53544-f48f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53544", "https://www.cve.org/CVERecord?id=CVE-2023-53544" ], "PublishedDate": "2025-10-04T16:15:49.527Z", "LastModifiedDate": "2026-03-21T00:29:58.727Z" }, { "VulnerabilityID": "CVE-2023-53545", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53545", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0599ee8c14ce2afe5b761ebb578f2f3ebc3a447823c7a05bb4db708f2b0fd5ce", "Title": "kernel: drm/amdgpu: unmap and remove csa_va properly", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: unmap and remove csa_va properly\n\nRoot PD BO should be reserved before unmap and remove\na bo_va from VM otherwise lockdep will complain.\n\nv2: check fpriv-\u003ecsa_va is not NULL instead of amdgpu_mcbp (christian)\n\n[14616.936827] WARNING: CPU: 6 PID: 1711 at drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c:1762 amdgpu_vm_bo_del+0x399/0x3f0 [amdgpu]\n[14616.937096] Call Trace:\n[14616.937097] \u003cTASK\u003e\n[14616.937102] amdgpu_driver_postclose_kms+0x249/0x2f0 [amdgpu]\n[14616.937187] drm_file_free+0x1d6/0x300 [drm]\n[14616.937207] drm_close_helper.isra.0+0x62/0x70 [drm]\n[14616.937220] drm_release+0x5e/0x100 [drm]\n[14616.937234] __fput+0x9f/0x280\n[14616.937239] ____fput+0xe/0x20\n[14616.937241] task_work_run+0x61/0x90\n[14616.937246] exit_to_user_mode_prepare+0x215/0x220\n[14616.937251] syscall_exit_to_user_mode+0x2a/0x60\n[14616.937254] do_syscall_64+0x48/0x90\n[14616.937257] entry_SYSCALL_64_after_hwframe+0x63/0xcd", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53545", "https://git.kernel.org/linus/5daff15cd013422bc6d1efcfe82b586800025384 (6.5-rc1)", "https://git.kernel.org/stable/c/5daff15cd013422bc6d1efcfe82b586800025384", "https://git.kernel.org/stable/c/a3a96bf843c356d1d9b2d7f6d0784b6ee28ca9d0", "https://git.kernel.org/stable/c/ae325b245208394279a1dc412c831ebd71befb0d", "https://lore.kernel.org/linux-cve-announce/2025100445-CVE-2023-53545-8d50@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53545", "https://www.cve.org/CVERecord?id=CVE-2023-53545" ], "PublishedDate": "2025-10-04T16:15:49.637Z", "LastModifiedDate": "2026-03-25T11:16:06.19Z" }, { "VulnerabilityID": "CVE-2023-53547", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53547", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:478e3a8157f0fb47c9fa3ebc9401c752e5a94b95c0789ee6565fdbc52518adc1", "Title": "kernel: drm/amdgpu: Fix sdma v4 sw fini error", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix sdma v4 sw fini error\n\nFix sdma v4 sw fini error for sdma 4.2.2 to\nsolve the following general protection fault\n\n[ +0.108196] general protection fault, probably for non-canonical\naddress 0xd5e5a4ae79d24a32: 0000 [#1] PREEMPT SMP PTI\n[ +0.000018] RIP: 0010:free_fw_priv+0xd/0x70\n[ +0.000022] Call Trace:\n[ +0.000012] \u003cTASK\u003e\n[ +0.000011] release_firmware+0x55/0x80\n[ +0.000021] amdgpu_ucode_release+0x11/0x20 [amdgpu]\n[ +0.000415] amdgpu_sdma_destroy_inst_ctx+0x4f/0x90 [amdgpu]\n[ +0.000360] sdma_v4_0_sw_fini+0xce/0x110 [amdgpu]", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53547", "https://git.kernel.org/linus/5e08e9c742a00384e5abe74bd40cf4dc15cb3a2e (6.4-rc1)", "https://git.kernel.org/stable/c/0ebc02d9ff85626a526353584526da6aa9c96792", "https://git.kernel.org/stable/c/210ef6cd8e634f18fd889421012192b81325b27b", "https://git.kernel.org/stable/c/5e08e9c742a00384e5abe74bd40cf4dc15cb3a2e", "https://lore.kernel.org/linux-cve-announce/2025100446-CVE-2023-53547-38ce@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53547", "https://www.cve.org/CVERecord?id=CVE-2023-53547" ], "PublishedDate": "2025-10-04T16:15:49.907Z", "LastModifiedDate": "2026-03-21T00:32:30.573Z" }, { "VulnerabilityID": "CVE-2023-53558", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53558", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ce10403ba5eb03f19da24401fac8b1b6a4c1b125d7f2536c6d6055d7be7357d6", "Title": "kernel: rcu-tasks: Avoid pr_info() with spin lock in cblist_init_generic()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcu-tasks: Avoid pr_info() with spin lock in cblist_init_generic()\n\npr_info() is called with rtp-\u003ecbs_gbl_lock spin lock locked. Because\npr_info() calls printk() that might sleep, this will result in BUG\nlike below:\n\n[ 0.206455] cblist_init_generic: Setting adjustable number of callback queues.\n[ 0.206463]\n[ 0.206464] =============================\n[ 0.206464] [ BUG: Invalid wait context ]\n[ 0.206465] 5.19.0-00428-g9de1f9c8ca51 #5 Not tainted\n[ 0.206466] -----------------------------\n[ 0.206466] swapper/0/1 is trying to lock:\n[ 0.206467] ffffffffa0167a58 (\u0026port_lock_key){....}-{3:3}, at: serial8250_console_write+0x327/0x4a0\n[ 0.206473] other info that might help us debug this:\n[ 0.206473] context-{5:5}\n[ 0.206474] 3 locks held by swapper/0/1:\n[ 0.206474] #0: ffffffff9eb597e0 (rcu_tasks.cbs_gbl_lock){....}-{2:2}, at: cblist_init_generic.constprop.0+0x14/0x1f0\n[ 0.206478] #1: ffffffff9eb579c0 (console_lock){+.+.}-{0:0}, at: _printk+0x63/0x7e\n[ 0.206482] #2: ffffffff9ea77780 (console_owner){....}-{0:0}, at: console_emit_next_record.constprop.0+0x111/0x330\n[ 0.206485] stack backtrace:\n[ 0.206486] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-00428-g9de1f9c8ca51 #5\n[ 0.206488] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-1.fc36 04/01/2014\n[ 0.206489] Call Trace:\n[ 0.206490] \u003cTASK\u003e\n[ 0.206491] dump_stack_lvl+0x6a/0x9f\n[ 0.206493] __lock_acquire.cold+0x2d7/0x2fe\n[ 0.206496] ? stack_trace_save+0x46/0x70\n[ 0.206497] lock_acquire+0xd1/0x2f0\n[ 0.206499] ? serial8250_console_write+0x327/0x4a0\n[ 0.206500] ? __lock_acquire+0x5c7/0x2720\n[ 0.206502] _raw_spin_lock_irqsave+0x3d/0x90\n[ 0.206504] ? serial8250_console_write+0x327/0x4a0\n[ 0.206506] serial8250_console_write+0x327/0x4a0\n[ 0.206508] console_emit_next_record.constprop.0+0x180/0x330\n[ 0.206511] console_unlock+0xf7/0x1f0\n[ 0.206512] vprintk_emit+0xf7/0x330\n[ 0.206514] _printk+0x63/0x7e\n[ 0.206516] cblist_init_generic.constprop.0.cold+0x24/0x32\n[ 0.206518] rcu_init_tasks_generic+0x5/0xd9\n[ 0.206522] kernel_init_freeable+0x15b/0x2a2\n[ 0.206523] ? rest_init+0x160/0x160\n[ 0.206526] kernel_init+0x11/0x120\n[ 0.206527] ret_from_fork+0x1f/0x30\n[ 0.206530] \u003c/TASK\u003e\n[ 0.207018] cblist_init_generic: Setting shift to 1 and lim to 1.\n\nThis patch moves pr_info() so that it is called without\nrtp-\u003ecbs_gbl_lock locked.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53558", "https://git.kernel.org/linus/5fc8cbe4cf0fd34ded8045c385790c3bf04f6785 (6.5-rc1)", "https://git.kernel.org/stable/c/5fc8cbe4cf0fd34ded8045c385790c3bf04f6785", "https://git.kernel.org/stable/c/9027d69221ff96e1356f070f7feb2ff989ae7388", "https://git.kernel.org/stable/c/ea9b81c7d9104040b46a84d2303045de267f5557", "https://lore.kernel.org/linux-cve-announce/2025100449-CVE-2023-53558-e6f7@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53558", "https://www.cve.org/CVERecord?id=CVE-2023-53558" ], "PublishedDate": "2025-10-04T16:15:51.163Z", "LastModifiedDate": "2026-03-21T01:00:18.15Z" }, { "VulnerabilityID": "CVE-2023-53561", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53561", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:dcce519660f1185595ed8283498991c65cb17cce4289e34e04de645999af23a9", "Title": "kernel: net: wwan: iosm: fix NULL pointer dereference when removing device", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: wwan: iosm: fix NULL pointer dereference when removing device\n\nIn suspend and resume cycle, the removal and rescan of device ends\nup in NULL pointer dereference.\n\nDuring driver initialization, if the ipc_imem_wwan_channel_init()\nfails to get the valid device capabilities it returns an error and\nfurther no resource (wwan struct) will be allocated. Now in this\nsituation if driver removal procedure is initiated it would result\nin NULL pointer exception since unallocated wwan struct is dereferenced\ninside ipc_wwan_deinit().\n\nipc_imem_run_state_worker() to handle the called functions return value\nand to release the resource in failure case. It also reports the link\ndown event in failure cases. The user space application can handle this\nevent to do a device reset for restoring the device communication.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53561", "https://git.kernel.org/linus/60829145f1e2650b31ebe6a0ec70a9725b38fa2c (6.4-rc3)", "https://git.kernel.org/stable/c/60829145f1e2650b31ebe6a0ec70a9725b38fa2c", "https://git.kernel.org/stable/c/862c6e3e26735247d8a4df41fa2421909c3f4d63", "https://git.kernel.org/stable/c/ee44bacf462db3ec6e4f0dcfa7931e768670d77c", "https://lore.kernel.org/linux-cve-announce/2025100450-CVE-2023-53561-75a1@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53561", "https://www.cve.org/CVERecord?id=CVE-2023-53561" ], "PublishedDate": "2025-10-04T16:15:51.53Z", "LastModifiedDate": "2026-03-21T00:38:05.61Z" }, { "VulnerabilityID": "CVE-2023-53562", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53562", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e9e9af46c706168bb97052f36495c5ac890a4d63370f8c9c104dbc0be0aa9dac", "Title": "kernel: drm/msm: fix vram leak on bind errors", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: fix vram leak on bind errors\n\nMake sure to release the VRAM buffer also in a case a subcomponent fails\nto bind.\n\nPatchwork: https://patchwork.freedesktop.org/patch/525094/", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53562", "https://git.kernel.org/linus/60d476af96015891c7959f30838ae7a9749932bf (6.4-rc1)", "https://git.kernel.org/stable/c/544711591a67a6da4d9f0f70ba3c805eb2548729", "https://git.kernel.org/stable/c/60d476af96015891c7959f30838ae7a9749932bf", "https://git.kernel.org/stable/c/c02e8c1c5b3eb0b6193946194ac280f58f48b3b5", "https://git.kernel.org/stable/c/e3401e07ba98a94b978164b7e873c25e5fc82b4b", "https://lore.kernel.org/linux-cve-announce/2025100450-CVE-2023-53562-a73f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53562", "https://www.cve.org/CVERecord?id=CVE-2023-53562" ], "PublishedDate": "2025-10-04T16:15:51.643Z", "LastModifiedDate": "2026-03-21T00:39:20.147Z" }, { "VulnerabilityID": "CVE-2023-53574", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53574", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:cc06e7958ed8990b07d58e9ecc2063f931d9485411369ae9f9c7bd2044666cce", "Title": "kernel: wifi: rtw88: delete timer and free skb queue when unloading", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: delete timer and free skb queue when unloading\n\nFix possible crash and memory leak on driver unload by deleting\nTX purge timer and freeing C2H queue in 'rtw_core_deinit()',\nshrink critical section in the latter by freeing COEX queue\nout of TX report lock scope.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53574", "https://git.kernel.org/linus/634fcbcaa4062db39aeb5ac6ed1bc1feb8dd5216 (6.6-rc1)", "https://git.kernel.org/stable/c/4128b00a6006870e117ab1841e58f369e9284ecb", "https://git.kernel.org/stable/c/634fcbcaa4062db39aeb5ac6ed1bc1feb8dd5216", "https://lore.kernel.org/linux-cve-announce/2025100454-CVE-2023-53574-f72d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53574", "https://www.cve.org/CVERecord?id=CVE-2023-53574" ], "PublishedDate": "2025-10-04T16:15:53.023Z", "LastModifiedDate": "2026-03-21T01:07:02.217Z" }, { "VulnerabilityID": "CVE-2023-53575", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53575", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:37b097f48d2b976b0680ba5fa194b63cdcf7e56137f23446db02cddce0a6fc57", "Title": "kernel: wifi: iwlwifi: mvm: fix potential array out of bounds access", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: fix potential array out of bounds access\n\nAccount for IWL_SEC_WEP_KEY_OFFSET when needed while verifying\nkey_len size in iwl_mvm_sec_key_add().", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "V3Score": 6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53575", "https://git.kernel.org/linus/637452360ecde9ac972d19416e9606529576b302 (6.5-rc1)", "https://git.kernel.org/stable/c/133b1cd4d98bb8b272335c8e6b0e0c399c0b2ffa", "https://git.kernel.org/stable/c/637452360ecde9ac972d19416e9606529576b302", "https://lore.kernel.org/linux-cve-announce/2025100454-CVE-2023-53575-2079@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53575", "https://www.cve.org/CVERecord?id=CVE-2023-53575" ], "PublishedDate": "2025-10-04T16:15:53.14Z", "LastModifiedDate": "2026-03-21T01:06:48.147Z" }, { "VulnerabilityID": "CVE-2023-53584", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53584", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:74beb590507095b8b0c09cbc6d6264f96b3f751e335d99e7c0b2202c12e4f815", "Title": "kernel: ubifs: ubifs_releasepage: Remove ubifs_assert(0) to valid this process", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: ubifs_releasepage: Remove ubifs_assert(0) to valid this process\n\nThere are two states for ubifs writing pages:\n1. Dirty, Private\n2. Not Dirty, Not Private\n\nThe normal process cannot go to ubifs_releasepage() which means there\nexists pages being private but not dirty. Reproducer[1] shows that it\ncould occur (which maybe related to [2]) with following process:\n\n PA PB PC\nlock(page)[PA]\nubifs_write_end\n attach_page_private // set Private\n __set_page_dirty_nobuffers // set Dirty\nunlock(page)\n\nwrite_cache_pages[PA]\n lock(page)\n clear_page_dirty_for_io(page)\t// clear Dirty\n ubifs_writepage\n\n do_truncation[PB]\n\t\t\t truncate_setsize\n\t\t\t i_size_write(inode, newsize) // newsize = 0\n\n i_size = i_size_read(inode)\t// i_size = 0\n end_index = i_size \u003e\u003e PAGE_SHIFT\n if (page-\u003eindex \u003e end_index)\n goto out // jump\nout:\nunlock(page) // Private, Not Dirty\n\n\t\t\t\t\t\tgeneric_fadvise[PC]\n\t\t\t\t\t\t lock(page)\n\t\t\t\t\t\t invalidate_inode_page\n\t\t\t\t\t\t try_to_release_page\n\t\t\t\t\t\t ubifs_releasepage\n\t\t\t\t\t\t ubifs_assert(c, 0)\n\t\t // bad assertion!\n\t\t\t\t\t\t unlock(page)\n\t\t\t truncate_pagecache[PB]\n\nThen we may get following assertion failed:\n UBIFS error (ubi0:0 pid 1683): ubifs_assert_failed [ubifs]:\n UBIFS assert failed: 0, in fs/ubifs/file.c:1513\n UBIFS warning (ubi0:0 pid 1683): ubifs_ro_mode [ubifs]:\n switched to read-only mode, error -22\n CPU: 2 PID: 1683 Comm: aa Not tainted 5.16.0-rc5-00184-g0bca5994cacc-dirty #308\n Call Trace:\n dump_stack+0x13/0x1b\n ubifs_ro_mode+0x54/0x60 [ubifs]\n ubifs_assert_failed+0x4b/0x80 [ubifs]\n ubifs_releasepage+0x67/0x1d0 [ubifs]\n try_to_release_page+0x57/0xe0\n invalidate_inode_page+0xfb/0x130\n __invalidate_mapping_pages+0xb9/0x280\n invalidate_mapping_pagevec+0x12/0x20\n generic_fadvise+0x303/0x3c0\n ksys_fadvise64_64+0x4c/0xb0\n\n[1] https://bugzilla.kernel.org/show_bug.cgi?id=215373\n[2] https://linux-mtd.infradead.narkive.com/NQoBeT1u/patch-rfc-ubifs-fix-assert-failed-in-ubifs-set-page-dirty", "Severity": "MEDIUM", "CweIDs": [ "CWE-617" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53584", "https://git.kernel.org/linus/66f4742e93523ab2f062d9d9828b3e590bc61536 (6.3-rc1)", "https://git.kernel.org/stable/c/66f4742e93523ab2f062d9d9828b3e590bc61536", "https://git.kernel.org/stable/c/7750be5d3e18500b454714677463b500a0b8b0d8", "https://git.kernel.org/stable/c/bd188ff1c8a1935c93a1e3cacf3be62667fdf762", "https://lore.kernel.org/linux-cve-announce/2025100424-CVE-2023-53584-2034@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53584", "https://www.cve.org/CVERecord?id=CVE-2023-53584" ], "PublishedDate": "2025-10-04T16:15:54.217Z", "LastModifiedDate": "2026-03-23T18:35:11.927Z" }, { "VulnerabilityID": "CVE-2023-53588", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53588", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:109f37f15ffc776bf74d3f11f4d7a36d17ce1b5dd44eddad413096e21398a989", "Title": "kernel: wifi: mac80211: check for station first in client probe", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: check for station first in client probe\n\nWhen probing a client, first check if we have it, and then\ncheck for the channel context, otherwise you can trigger\nthe warning there easily by probing when the AP isn't even\nstarted yet. Since a client existing means the AP is also\noperating, we can then keep the warning.\n\nAlso simplify the moved code a bit.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53588", "https://git.kernel.org/linus/67dfa589aa8806c7959cbca2f4613b8d41c75a06 (6.6-rc1)", "https://git.kernel.org/stable/c/67dfa589aa8806c7959cbca2f4613b8d41c75a06", "https://git.kernel.org/stable/c/7dce2deb0b03aaf46c87ceedea81ef4153e26c40", "https://git.kernel.org/stable/c/7e1cda5cf07f848e6b50b4e5e7761ffbce905a3d", "https://lore.kernel.org/linux-cve-announce/2025100426-CVE-2023-53588-1220@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53588", "https://www.cve.org/CVERecord?id=CVE-2023-53588" ], "PublishedDate": "2025-10-04T16:15:55.2Z", "LastModifiedDate": "2026-03-23T18:36:24.41Z" }, { "VulnerabilityID": "CVE-2023-53596", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53596", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1bcd0d2c67a81e32e3d42b06058f85f8e5552859d5b5366997dfa86d4a8b5442", "Title": "kernel: drivers: base: Free devm resources when unregistering a device", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: base: Free devm resources when unregistering a device\n\nIn the current code, devres_release_all() only gets called if the device\nhas a bus and has been probed.\n\nThis leads to issues when using bus-less or driver-less devices where\nthe device might never get freed if a managed resource holds a reference\nto the device. This is happening in the DRM framework for example.\n\nWe should thus call devres_release_all() in the device_del() function to\nmake sure that the device-managed actions are properly executed when the\ndevice is unregistered, even if it has neither a bus nor a driver.\n\nThis is effectively the same change than commit 2f8d16a996da (\"devres:\nrelease resources on device_del()\") that got reverted by commit\na525a3ddeaca (\"driver core: free devres in device_release\") over\nmemory leaks concerns.\n\nThis patch effectively combines the two commits mentioned above to\nrelease the resources both on device_del() and device_release() and get\nthe best of both worlds.", "Severity": "MEDIUM", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "amazon": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53596", "https://git.kernel.org/linus/699fb50d99039a50e7494de644f96c889279aca3 (6.6-rc1)", "https://git.kernel.org/stable/c/297992e5c63528e603666e36081836204fc36ec9", "https://git.kernel.org/stable/c/3bcc4c2a096e8342c8c719e595ce15de212694dd", "https://git.kernel.org/stable/c/699fb50d99039a50e7494de644f96c889279aca3", "https://git.kernel.org/stable/c/c8c426fae26086a0ca8ab6cc6da2de79810ec038", "https://lore.kernel.org/linux-cve-announce/2025100429-CVE-2023-53596-dbfb@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53596", "https://www.cve.org/CVERecord?id=CVE-2023-53596" ], "PublishedDate": "2025-10-04T16:15:56.153Z", "LastModifiedDate": "2026-03-21T00:54:29.787Z" }, { "VulnerabilityID": "CVE-2023-53602", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53602", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8ba458dd9500fa8441f1be5d74fe35993e7d6dd4308a5c30e07dfd12d915b863", "Title": "kernel: wifi: ath11k: fix memory leak in WMI firmware stats", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix memory leak in WMI firmware stats\n\nMemory allocated for firmware pdev, vdev and beacon statistics\nare not released during rmmod.\n\nFix it by calling ath11k_fw_stats_free() function before hardware\nunregister.\n\nWhile at it, avoid calling ath11k_fw_stats_free() while processing\nthe firmware stats received in the WMI event because the local list\nis getting spliced and reinitialised and hence there are no elements\nin the list after splicing.\n\nTested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53602", "https://git.kernel.org/linus/6aafa1c2d3e3fea2ebe84c018003f2a91722e607 (6.5-rc1)", "https://git.kernel.org/stable/c/55248d36beb79d3a61c9fb3122dc377fff523c89", "https://git.kernel.org/stable/c/6aafa1c2d3e3fea2ebe84c018003f2a91722e607", "https://git.kernel.org/stable/c/86f9330a49d1464849482298dd34d361859183eb", "https://lore.kernel.org/linux-cve-announce/2025100431-CVE-2023-53602-2de6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53602", "https://www.cve.org/CVERecord?id=CVE-2023-53602" ], "PublishedDate": "2025-10-04T16:15:56.83Z", "LastModifiedDate": "2026-03-23T18:24:06.477Z" }, { "VulnerabilityID": "CVE-2023-53609", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53609", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:77985af037ae8fff5a9931d4462a101d3764f78bf61ed312569dfe8e423586c9", "Title": "kernel: scsi: Revert \"scsi: core: Do not increase scsi_device's iorequest_cnt if dispatch failed\"", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: Revert \"scsi: core: Do not increase scsi_device's iorequest_cnt if dispatch failed\"\n\nThe \"atomic_inc(\u0026cmd-\u003edevice-\u003eiorequest_cnt)\" in scsi_queue_rq() would\ncause kernel panic because cmd-\u003edevice may be freed after returning from\nscsi_dispatch_cmd().\n\nThis reverts commit cfee29ffb45b1c9798011b19d454637d1b0fe87d.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53609", "https://git.kernel.org/linus/6ca9818d1624e136a76ae8faedb6b6c95ca66903 (6.4-rc3)", "https://git.kernel.org/stable/c/35fe6fa57b994e7da222893adf0bb748d6055e73", "https://git.kernel.org/stable/c/6ca9818d1624e136a76ae8faedb6b6c95ca66903", "https://lore.kernel.org/linux-cve-announce/2025100433-CVE-2023-53609-1c39@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53609", "https://www.cve.org/CVERecord?id=CVE-2023-53609" ], "PublishedDate": "2025-10-04T16:15:57.647Z", "LastModifiedDate": "2026-03-17T16:44:23.773Z" }, { "VulnerabilityID": "CVE-2023-53620", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53620", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c0d0e84050b273535844946a00f0f5c75a3f5282cb03b36fe13073bbd8f2fc23", "Title": "kernel: md: fix soft lockup in status_resync", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: fix soft lockup in status_resync\n\nstatus_resync() will calculate 'curr_resync - recovery_active' to show\nuser a progress bar like following:\n\n[============\u003e........] resync = 61.4%\n\n'curr_resync' and 'recovery_active' is updated in md_do_sync(), and\nstatus_resync() can read them concurrently, hence it's possible that\n'curr_resync - recovery_active' can overflow to a huge number. In this\ncase status_resync() will be stuck in the loop to print a large amount\nof '=', which will end up soft lockup.\n\nFix the problem by setting 'resync' to MD_RESYNC_ACTIVE in this case,\nthis way resync in progress will be reported to user.", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53620", "https://git.kernel.org/linus/6efddf1e32e2a264694766ca485a4f5e04ee82a7 (6.4-rc1)", "https://git.kernel.org/stable/c/23309704e90859af2662bedc44101e6d1d2ece7e", "https://git.kernel.org/stable/c/6efddf1e32e2a264694766ca485a4f5e04ee82a7", "https://git.kernel.org/stable/c/b4acb6c3ede88d6b7d33742a09e63cfce5e7fb69", "https://lore.kernel.org/linux-cve-announce/2025100709-CVE-2023-53620-3924@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53620", "https://www.cve.org/CVERecord?id=CVE-2023-53620" ], "PublishedDate": "2025-10-07T16:15:44.66Z", "LastModifiedDate": "2026-02-05T14:50:21.203Z" }, { "VulnerabilityID": "CVE-2023-53627", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53627", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ba03a13c9c71063e59633f4260d16e06f2111073c2898d46e584ab03d057629e", "Title": "kernel: scsi: hisi_sas: Grab sas_dev lock when traversing the members of sas_dev.list", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: hisi_sas: Grab sas_dev lock when traversing the members of sas_dev.list\n\nWhen freeing slots in function slot_complete_v3_hw(), it is possible that\nsas_dev.list is being traversed elsewhere, and it may trigger a NULL\npointer exception, such as follows:\n\n==\u003ecq thread ==\u003escsi_eh_6\n\n ==\u003escsi_error_handler()\n\t\t\t\t ==\u003esas_eh_handle_sas_errors()\n\t\t\t\t ==\u003esas_scsi_find_task()\n\t\t\t\t ==\u003elldd_abort_task()\n==\u003eslot_complete_v3_hw() ==\u003ehisi_sas_abort_task()\n ==\u003ehisi_sas_slot_task_free()\t ==\u003edereg_device_v3_hw()\n ==\u003elist_del_init() \t\t ==\u003elist_for_each_entry_safe()\n\n[ 7165.434918] sas: Enter sas_scsi_recover_host busy: 32 failed: 32\n[ 7165.434926] sas: trying to find task 0x00000000769b5ba5\n[ 7165.434927] sas: sas_scsi_find_task: aborting task 0x00000000769b5ba5\n[ 7165.434940] hisi_sas_v3_hw 0000:b4:02.0: slot complete: task(00000000769b5ba5) aborted\n[ 7165.434964] hisi_sas_v3_hw 0000:b4:02.0: slot complete: task(00000000c9f7aa07) ignored\n[ 7165.434965] hisi_sas_v3_hw 0000:b4:02.0: slot complete: task(00000000e2a1cf01) ignored\n[ 7165.434968] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n[ 7165.434972] hisi_sas_v3_hw 0000:b4:02.0: slot complete: task(0000000022d52d93) ignored\n[ 7165.434975] hisi_sas_v3_hw 0000:b4:02.0: slot complete: task(0000000066a7516c) ignored\n[ 7165.434976] Mem abort info:\n[ 7165.434982] ESR = 0x96000004\n[ 7165.434991] Exception class = DABT (current EL), IL = 32 bits\n[ 7165.434992] SET = 0, FnV = 0\n[ 7165.434993] EA = 0, S1PTW = 0\n[ 7165.434994] Data abort info:\n[ 7165.434994] ISV = 0, ISS = 0x00000004\n[ 7165.434995] CM = 0, WnR = 0\n[ 7165.434997] user pgtable: 4k pages, 48-bit VAs, pgdp = 00000000f29543f2\n[ 7165.434998] [0000000000000000] pgd=0000000000000000\n[ 7165.435003] Internal error: Oops: 96000004 [#1] SMP\n[ 7165.439863] Process scsi_eh_6 (pid: 4109, stack limit = 0x00000000c43818d5)\n[ 7165.468862] pstate: 00c00009 (nzcv daif +PAN +UAO)\n[ 7165.473637] pc : dereg_device_v3_hw+0x68/0xa8 [hisi_sas_v3_hw]\n[ 7165.479443] lr : dereg_device_v3_hw+0x2c/0xa8 [hisi_sas_v3_hw]\n[ 7165.485247] sp : ffff00001d623bc0\n[ 7165.488546] x29: ffff00001d623bc0 x28: ffffa027d03b9508\n[ 7165.493835] x27: ffff80278ed50af0 x26: ffffa027dd31e0a8\n[ 7165.499123] x25: ffffa027d9b27f88 x24: ffffa027d9b209f8\n[ 7165.504411] x23: ffffa027c45b0d60 x22: ffff80278ec07c00\n[ 7165.509700] x21: 0000000000000008 x20: ffffa027d9b209f8\n[ 7165.514988] x19: ffffa027d9b27f88 x18: ffffffffffffffff\n[ 7165.520276] x17: 0000000000000000 x16: 0000000000000000\n[ 7165.525564] x15: ffff0000091d9708 x14: ffff0000093b7dc8\n[ 7165.530852] x13: ffff0000093b7a23 x12: 6e7265746e692067\n[ 7165.536140] x11: 0000000000000000 x10: 0000000000000bb0\n[ 7165.541429] x9 : ffff00001d6238f0 x8 : ffffa027d877af00\n[ 7165.546718] x7 : ffffa027d6329600 x6 : ffff7e809f58ca00\n[ 7165.552006] x5 : 0000000000001f8a x4 : 000000000000088e\n[ 7165.557295] x3 : ffffa027d9b27fa8 x2 : 0000000000000000\n[ 7165.562583] x1 : 0000000000000000 x0 : 000000003000188e\n[ 7165.567872] Call trace:\n[ 7165.570309] dereg_device_v3_hw+0x68/0xa8 [hisi_sas_v3_hw]\n[ 7165.575775] hisi_sas_abort_task+0x248/0x358 [hisi_sas_main]\n[ 7165.581415] sas_eh_handle_sas_errors+0x258/0x8e0 [libsas]\n[ 7165.586876] sas_scsi_recover_host+0x134/0x458 [libsas]\n[ 7165.592082] scsi_error_handler+0xb4/0x488\n[ 7165.596163] kthread+0x134/0x138\n[ 7165.599380] ret_from_fork+0x10/0x18\n[ 7165.602940] Code: d5033e9f b9000040 aa0103e2 eb03003f (f9400021)\n[ 7165.609004] kernel fault(0x1) notification starting on CPU 75\n[ 7165.700728] ---[ end trace fc042cbbea224efc ]---\n[ 7165.705326] Kernel panic - not syncing: Fatal exception\n\nTo fix the issue, grab sas_dev lock when traversing the members of\nsas_dev.list in dereg_device_v3_hw() and hisi_sas_release_tasks() to avoid\nconcurrency of adding and deleting member. When \n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53627", "https://git.kernel.org/linus/71fb36b5ff113a7674710b9d6063241eada84ff7 (6.4-rc1)", "https://git.kernel.org/stable/c/6e2a40b3a332ea84079983be21c944de8ddbc4f3", "https://git.kernel.org/stable/c/71fb36b5ff113a7674710b9d6063241eada84ff7", "https://lore.kernel.org/linux-cve-announce/2025100711-CVE-2023-53627-aaa6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53627", "https://www.cve.org/CVERecord?id=CVE-2023-53627" ], "PublishedDate": "2025-10-07T16:15:45.69Z", "LastModifiedDate": "2026-02-03T22:27:40.173Z" }, { "VulnerabilityID": "CVE-2023-53628", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53628", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4ca46948da735b62a598943517bb5ad7da55d95503b7b6af05cc3719e050455a", "Title": "kernel: drm/amdgpu: drop gfx_v11_0_cp_ecc_error_irq_funcs", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: drop gfx_v11_0_cp_ecc_error_irq_funcs\n\nThe gfx.cp_ecc_error_irq is retired in gfx11. In gfx_v11_0_hw_fini still\nuse amdgpu_irq_put to disable this interrupt, which caused the call trace\nin this function.\n\n[ 102.873958] Call Trace:\n[ 102.873959] \u003cTASK\u003e\n[ 102.873961] gfx_v11_0_hw_fini+0x23/0x1e0 [amdgpu]\n[ 102.874019] gfx_v11_0_suspend+0xe/0x20 [amdgpu]\n[ 102.874072] amdgpu_device_ip_suspend_phase2+0x240/0x460 [amdgpu]\n[ 102.874122] amdgpu_device_ip_suspend+0x3d/0x80 [amdgpu]\n[ 102.874172] amdgpu_device_pre_asic_reset+0xd9/0x490 [amdgpu]\n[ 102.874223] amdgpu_device_gpu_recover.cold+0x548/0xce6 [amdgpu]\n[ 102.874321] amdgpu_debugfs_reset_work+0x4c/0x70 [amdgpu]\n[ 102.874375] process_one_work+0x21f/0x3f0\n[ 102.874377] worker_thread+0x200/0x3e0\n[ 102.874378] ? process_one_work+0x3f0/0x3f0\n[ 102.874379] kthread+0xfd/0x130\n[ 102.874380] ? kthread_complete_and_exit+0x20/0x20\n[ 102.874381] ret_from_fork+0x22/0x30\n\nv2:\n- Handle umc and gfx ras cases in separated patch\n- Retired the gfx_v11_0_cp_ecc_error_irq_funcs in gfx11\n\nv3:\n- Improve the subject and code comments\n- Add judgment on gfx11 in the function of amdgpu_gfx_ras_late_init\n\nv4:\n- Drop the define of CP_ME1_PIPE_INST_ADDR_INTERVAL and\nSET_ECC_ME_PIPE_STATE which using in gfx_v11_0_set_cp_ecc_error_state\n- Check cp_ecc_error_irq.funcs rather than ip version for a more\nsustainable life\n\nv5:\n- Simplify judgment conditions", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53628", "https://git.kernel.org/linus/720b47229a5b24061d1c2e29ddb6043a59178d79 (6.4-rc2)", "https://git.kernel.org/stable/c/31b07aec4a2bdcab00770ea3a18efe49734ce153", "https://git.kernel.org/stable/c/720b47229a5b24061d1c2e29ddb6043a59178d79", "https://git.kernel.org/stable/c/7b5a8a23acbc3ee50b23602b61db1563561faf84", "https://lore.kernel.org/linux-cve-announce/2025100712-CVE-2023-53628-a5b2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53628", "https://www.cve.org/CVERecord?id=CVE-2023-53628" ], "PublishedDate": "2025-10-07T16:15:45.81Z", "LastModifiedDate": "2026-02-03T22:27:34.34Z" }, { "VulnerabilityID": "CVE-2023-53629", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53629", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:035bf3504064a0dde76258a7204089061b67e32a7fa7ec6bd8a58e16ef56b12a", "Title": "kernel: fs: dlm: fix use after free in midcomms commit", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: dlm: fix use after free in midcomms commit\n\nWhile working on processing dlm message in softirq context I experienced\nthe following KASAN use-after-free warning:\n\n[ 151.760477] ==================================================================\n[ 151.761803] BUG: KASAN: use-after-free in dlm_midcomms_commit_mhandle+0x19d/0x4b0\n[ 151.763414] Read of size 4 at addr ffff88811a980c60 by task lock_torture/1347\n\n[ 151.765284] CPU: 7 PID: 1347 Comm: lock_torture Not tainted 6.1.0-rc4+ #2828\n[ 151.766778] Hardware name: Red Hat KVM/RHEL-AV, BIOS 1.16.0-3.module+el8.7.0+16134+e5908aa2 04/01/2014\n[ 151.768726] Call Trace:\n[ 151.769277] \u003cTASK\u003e\n[ 151.769748] dump_stack_lvl+0x5b/0x86\n[ 151.770556] print_report+0x180/0x4c8\n[ 151.771378] ? kasan_complete_mode_report_info+0x7c/0x1e0\n[ 151.772241] ? dlm_midcomms_commit_mhandle+0x19d/0x4b0\n[ 151.773069] kasan_report+0x93/0x1a0\n[ 151.773668] ? dlm_midcomms_commit_mhandle+0x19d/0x4b0\n[ 151.774514] __asan_load4+0x7e/0xa0\n[ 151.775089] dlm_midcomms_commit_mhandle+0x19d/0x4b0\n[ 151.775890] ? create_message.isra.29.constprop.64+0x57/0xc0\n[ 151.776770] send_common+0x19f/0x1b0\n[ 151.777342] ? remove_from_waiters+0x60/0x60\n[ 151.778017] ? lock_downgrade+0x410/0x410\n[ 151.778648] ? __this_cpu_preempt_check+0x13/0x20\n[ 151.779421] ? rcu_lockdep_current_cpu_online+0x88/0xc0\n[ 151.780292] _convert_lock+0x46/0x150\n[ 151.780893] convert_lock+0x7b/0xc0\n[ 151.781459] dlm_lock+0x3ac/0x580\n[ 151.781993] ? 0xffffffffc0540000\n[ 151.782522] ? torture_stop+0x120/0x120 [dlm_locktorture]\n[ 151.783379] ? dlm_scan_rsbs+0xa70/0xa70\n[ 151.784003] ? preempt_count_sub+0xd6/0x130\n[ 151.784661] ? is_module_address+0x47/0x70\n[ 151.785309] ? torture_stop+0x120/0x120 [dlm_locktorture]\n[ 151.786166] ? 0xffffffffc0540000\n[ 151.786693] ? lockdep_init_map_type+0xc3/0x360\n[ 151.787414] ? 0xffffffffc0540000\n[ 151.787947] torture_dlm_lock_sync.isra.3+0xe9/0x150 [dlm_locktorture]\n[ 151.789004] ? torture_stop+0x120/0x120 [dlm_locktorture]\n[ 151.789858] ? 0xffffffffc0540000\n[ 151.790392] ? lock_torture_cleanup+0x20/0x20 [dlm_locktorture]\n[ 151.791347] ? delay_tsc+0x94/0xc0\n[ 151.791898] torture_ex_iter+0xc3/0xea [dlm_locktorture]\n[ 151.792735] ? torture_start+0x30/0x30 [dlm_locktorture]\n[ 151.793606] lock_torture+0x177/0x270 [dlm_locktorture]\n[ 151.794448] ? torture_dlm_lock_sync.isra.3+0x150/0x150 [dlm_locktorture]\n[ 151.795539] ? lock_torture_stats+0x80/0x80 [dlm_locktorture]\n[ 151.796476] ? do_raw_spin_lock+0x11e/0x1e0\n[ 151.797152] ? mark_held_locks+0x34/0xb0\n[ 151.797784] ? _raw_spin_unlock_irqrestore+0x30/0x70\n[ 151.798581] ? __kthread_parkme+0x79/0x110\n[ 151.799246] ? trace_preempt_on+0x2a/0xf0\n[ 151.799902] ? __kthread_parkme+0x79/0x110\n[ 151.800579] ? preempt_count_sub+0xd6/0x130\n[ 151.801271] ? __kasan_check_read+0x11/0x20\n[ 151.801963] ? __kthread_parkme+0xec/0x110\n[ 151.802630] ? lock_torture_stats+0x80/0x80 [dlm_locktorture]\n[ 151.803569] kthread+0x192/0x1d0\n[ 151.804104] ? kthread_complete_and_exit+0x30/0x30\n[ 151.804881] ret_from_fork+0x1f/0x30\n[ 151.805480] \u003c/TASK\u003e\n\n[ 151.806111] Allocated by task 1347:\n[ 151.806681] kasan_save_stack+0x26/0x50\n[ 151.807308] kasan_set_track+0x25/0x30\n[ 151.807920] kasan_save_alloc_info+0x1e/0x30\n[ 151.808609] __kasan_slab_alloc+0x63/0x80\n[ 151.809263] kmem_cache_alloc+0x1ad/0x830\n[ 151.809916] dlm_allocate_mhandle+0x17/0x20\n[ 151.810590] dlm_midcomms_get_mhandle+0x96/0x260\n[ 151.811344] _create_message+0x95/0x180\n[ 151.811994] create_message.isra.29.constprop.64+0x57/0xc0\n[ 151.812880] send_common+0x129/0x1b0\n[ 151.813467] _convert_lock+0x46/0x150\n[ 151.814074] convert_lock+0x7b/0xc0\n[ 151.814648] dlm_lock+0x3ac/0x580\n[ 151.815199] torture_dlm_lock_sync.isra.3+0xe9/0x150 [dlm_locktorture]\n[ 151.816258] torture_ex_iter+0xc3/0xea [dlm_locktorture]\n[ 151.817129] lock_t\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53629", "https://git.kernel.org/linus/724b6bab0d75f1dc01fdfbf7fe8d4217a5cb90ba (6.3-rc1)", "https://git.kernel.org/stable/c/724b6bab0d75f1dc01fdfbf7fe8d4217a5cb90ba", "https://git.kernel.org/stable/c/a2de9f9b686c71b4fa3663ae374f5f643c46a446", "https://git.kernel.org/stable/c/a3b0e9ac3c2447008db942d51f593841d8329e99", "https://lore.kernel.org/linux-cve-announce/2025100712-CVE-2023-53629-042c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53629", "https://www.cve.org/CVERecord?id=CVE-2023-53629" ], "PublishedDate": "2025-10-07T16:15:45.933Z", "LastModifiedDate": "2026-02-03T22:27:26.107Z" }, { "VulnerabilityID": "CVE-2023-53635", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53635", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9ec20ff4cc294aa32cfa9f23c76cd1d6964df6c0f1a076380cb196830f4ec267", "Title": "kernel: netfilter: conntrack: fix wrong ct-\u003etimeout value", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: conntrack: fix wrong ct-\u003etimeout value\n\n(struct nf_conn)-\u003etimeout is an interval before the conntrack\nconfirmed. After confirmed, it becomes a timestamp.\n\nIt is observed that timeout of an unconfirmed conntrack:\n- Set by calling ctnetlink_change_timeout(). As a result,\n `nfct_time_stamp` was wrongly added to `ct-\u003etimeout` twice.\n- Get by calling ctnetlink_dump_timeout(). As a result,\n `nfct_time_stamp` was wrongly subtracted.\n\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl\n ctnetlink_dump_timeout\n __ctnetlink_glue_build\n ctnetlink_glue_build\n __nfqnl_enqueue_packet\n nf_queue\n nf_hook_slow\n ip_mc_output\n ? __pfx_ip_finish_output\n ip_send_skb\n ? __pfx_dst_output\n udp_send_skb\n udp_sendmsg\n ? __pfx_ip_generic_getfrag\n sock_sendmsg\n\nSeparate the 2 cases in:\n- Setting `ct-\u003etimeout` in __nf_ct_set_timeout().\n- Getting `ct-\u003etimeout` in ctnetlink_dump_timeout().\n\nPablo appends:\n\nUpdate ctnetlink to set up the timeout _after_ the IPS_CONFIRMED flag is\nset on, otherwise conntrack creation via ctnetlink breaks.\n\nNote that the problem described in this patch occurs since the\nintroduction of the nfnetlink_queue conntrack support, select a\nsufficiently old Fixes: tag for -stable kernel to pick up this fix.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53635", "https://git.kernel.org/linus/73db1b8f2bb6725b7391e85aab41fdf592b3c0c1 (6.4-rc1)", "https://git.kernel.org/stable/c/73db1b8f2bb6725b7391e85aab41fdf592b3c0c1", "https://git.kernel.org/stable/c/80c5ba0078e20d926d11d0778f9a43902664ebf0", "https://git.kernel.org/stable/c/f612ae1ab4793701caf39386fb3b7f4b3ef44e48", "https://git.kernel.org/stable/c/ff5e4ac8dd7be7f1faba955c5779a68571eeb0f8", "https://lore.kernel.org/linux-cve-announce/2025100714-CVE-2023-53635-de6f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53635", "https://www.cve.org/CVERecord?id=CVE-2023-53635" ], "PublishedDate": "2025-10-07T16:15:46.643Z", "LastModifiedDate": "2026-02-03T22:25:58.24Z" }, { "VulnerabilityID": "CVE-2023-53647", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53647", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9baff325605f4eb1bda6bfe735e535c91289f95076b34fbb6069eaaaf3e32682", "Title": "kernel: Drivers: hv: vmbus: Don't dereference ACPI root object handle", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nDrivers: hv: vmbus: Don't dereference ACPI root object handle\n\nSince the commit referenced in the Fixes: tag below the VMBus client driver\nis walking the ACPI namespace up from the VMBus ACPI device to the ACPI\nnamespace root object trying to find Hyper-V MMIO ranges.\n\nHowever, if it is not able to find them it ends trying to walk resources of\nthe ACPI namespace root object itself.\nThis object has all-ones handle, which causes a NULL pointer dereference\nin the ACPI code (from dereferencing this pointer with an offset).\n\nThis in turn causes an oops on boot with VMBus host implementations that do\nnot provide Hyper-V MMIO ranges in their VMBus ACPI device or its\nancestors.\nThe QEMU VMBus implementation is an example of such implementation.\n\nI guess providing these ranges is optional, since all tested Windows\nversions seem to be able to use VMBus devices without them.\n\nFix this by explicitly terminating the lookup at the ACPI namespace root\nobject.\n\nNote that Linux guests under KVM/QEMU do not use the Hyper-V PV interface\nby default - they only do so if the KVM PV interface is missing or\ndisabled.\n\nExample stack trace of such oops:\n[ 3.710827] ? __die+0x1f/0x60\n[ 3.715030] ? page_fault_oops+0x159/0x460\n[ 3.716008] ? exc_page_fault+0x73/0x170\n[ 3.716959] ? asm_exc_page_fault+0x22/0x30\n[ 3.717957] ? acpi_ns_lookup+0x7a/0x4b0\n[ 3.718898] ? acpi_ns_internalize_name+0x79/0xc0\n[ 3.720018] acpi_ns_get_node_unlocked+0xb5/0xe0\n[ 3.721120] ? acpi_ns_check_object_type+0xfe/0x200\n[ 3.722285] ? acpi_rs_convert_aml_to_resource+0x37/0x6e0\n[ 3.723559] ? down_timeout+0x3a/0x60\n[ 3.724455] ? acpi_ns_get_node+0x3a/0x60\n[ 3.725412] acpi_ns_get_node+0x3a/0x60\n[ 3.726335] acpi_ns_evaluate+0x1c3/0x2c0\n[ 3.727295] acpi_ut_evaluate_object+0x64/0x1b0\n[ 3.728400] acpi_rs_get_method_data+0x2b/0x70\n[ 3.729476] ? vmbus_platform_driver_probe+0x1d0/0x1d0 [hv_vmbus]\n[ 3.730940] ? vmbus_platform_driver_probe+0x1d0/0x1d0 [hv_vmbus]\n[ 3.732411] acpi_walk_resources+0x78/0xd0\n[ 3.733398] vmbus_platform_driver_probe+0x9f/0x1d0 [hv_vmbus]\n[ 3.734802] platform_probe+0x3d/0x90\n[ 3.735684] really_probe+0x19b/0x400\n[ 3.736570] ? __device_attach_driver+0x100/0x100\n[ 3.737697] __driver_probe_device+0x78/0x160\n[ 3.738746] driver_probe_device+0x1f/0x90\n[ 3.739743] __driver_attach+0xc2/0x1b0\n[ 3.740671] bus_for_each_dev+0x70/0xc0\n[ 3.741601] bus_add_driver+0x10e/0x210\n[ 3.742527] driver_register+0x55/0xf0\n[ 3.744412] ? 0xffffffffc039a000\n[ 3.745207] hv_acpi_init+0x3c/0x1000 [hv_vmbus]", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53647", "https://git.kernel.org/linus/78e04bbff849b51b56f5925b1945db2c6e128b61 (6.6-rc1)", "https://git.kernel.org/stable/c/64f09d45e94547fbf219f36d1d02ac42742c028c", "https://git.kernel.org/stable/c/78e04bbff849b51b56f5925b1945db2c6e128b61", "https://git.kernel.org/stable/c/96db43aced395844a7abc9a0a5cc702513e3534a", "https://git.kernel.org/stable/c/9fc162c59edc841032a3553eb2334320abab0784", "https://lore.kernel.org/linux-cve-announce/2025100718-CVE-2023-53647-c01f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53647", "https://www.cve.org/CVERecord?id=CVE-2023-53647" ], "PublishedDate": "2025-10-07T16:15:48.13Z", "LastModifiedDate": "2026-02-03T22:29:16.717Z" }, { "VulnerabilityID": "CVE-2023-53651", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53651", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:43f613f683e5afeb5da33e8847920a0f51916a56da24e58ca3de89038aef37b2", "Title": "kernel: Input: exc3000 - properly stop timer on shutdown", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: exc3000 - properly stop timer on shutdown\n\nWe need to stop the timer on driver unbind or probe failures, otherwise\nwe get UAF/Oops.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53651", "https://git.kernel.org/linus/79c81d137d36f9635bbcbc3916c0cccb418a61dd (6.3-rc1)", "https://git.kernel.org/stable/c/526a177ac6353d65057eadb5d6edafc168f64484", "https://git.kernel.org/stable/c/79c81d137d36f9635bbcbc3916c0cccb418a61dd", "https://git.kernel.org/stable/c/bee57c20fc0ca5ef9b9a53a0335eab2ac9e9cae1", "https://lore.kernel.org/linux-cve-announce/2025100719-CVE-2023-53651-c6c7@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53651", "https://www.cve.org/CVERecord?id=CVE-2023-53651" ], "PublishedDate": "2025-10-07T16:15:48.62Z", "LastModifiedDate": "2026-02-03T22:24:42.04Z" }, { "VulnerabilityID": "CVE-2023-53657", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53657", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f3eb4f2cfb7e1f556561a3b84047dc10453926fab3de2374a13819c27e4c8cb6", "Title": "kernel: ice: Don't tx before switchdev is fully configured", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Don't tx before switchdev is fully configured\n\nThere is possibility that ice_eswitch_port_start_xmit might be\ncalled while some resources are still not allocated which might\ncause NULL pointer dereference. Fix this by checking if switchdev\nconfiguration was finished.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53657", "https://git.kernel.org/linus/7aa529a69e92b9aff585e569d5003f7c15d8d60b (6.6-rc1)", "https://git.kernel.org/stable/c/5760a72b3060150b587eff3e879648c7470efddd", "https://git.kernel.org/stable/c/63ff5a94649837d980e3b9ef535c793ec8cb0ca7", "https://git.kernel.org/stable/c/7aa529a69e92b9aff585e569d5003f7c15d8d60b", "https://lore.kernel.org/linux-cve-announce/2025100701-CVE-2023-53657-d0c7@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53657", "https://www.cve.org/CVERecord?id=CVE-2023-53657" ], "PublishedDate": "2025-10-07T16:15:49.33Z", "LastModifiedDate": "2026-02-03T19:27:32.453Z" }, { "VulnerabilityID": "CVE-2023-53671", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53671", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d4474150b3bbb84e6e1696b120aabf2a7577e04ba4875b29a3870154d583c40b", "Title": "kernel: srcu: Delegate work to the boot cpu if using SRCU_SIZE_SMALL", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsrcu: Delegate work to the boot cpu if using SRCU_SIZE_SMALL\n\nCommit 994f706872e6 (\"srcu: Make Tree SRCU able to operate without\nsnp_node array\") assumes that cpu 0 is always online. However, there\nreally are situations when some other CPU is the boot CPU, for example,\nwhen booting a kdump kernel with the maxcpus=1 boot parameter.\n\nOn PowerPC, the kdump kernel can hang as follows:\n...\n[ 1.740036] systemd[1]: Hostname set to \u003cxyz.com\u003e\n[ 243.686240] INFO: task systemd:1 blocked for more than 122 seconds.\n[ 243.686264] Not tainted 6.1.0-rc1 #1\n[ 243.686272] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 243.686281] task:systemd state:D stack:0 pid:1 ppid:0 flags:0x00042000\n[ 243.686296] Call Trace:\n[ 243.686301] [c000000016657640] [c000000016657670] 0xc000000016657670 (unreliable)\n[ 243.686317] [c000000016657830] [c00000001001dec0] __switch_to+0x130/0x220\n[ 243.686333] [c000000016657890] [c000000010f607b8] __schedule+0x1f8/0x580\n[ 243.686347] [c000000016657940] [c000000010f60bb4] schedule+0x74/0x140\n[ 243.686361] [c0000000166579b0] [c000000010f699b8] schedule_timeout+0x168/0x1c0\n[ 243.686374] [c000000016657a80] [c000000010f61de8] __wait_for_common+0x148/0x360\n[ 243.686387] [c000000016657b20] [c000000010176bb0] __flush_work.isra.0+0x1c0/0x3d0\n[ 243.686401] [c000000016657bb0] [c0000000105f2768] fsnotify_wait_marks_destroyed+0x28/0x40\n[ 243.686415] [c000000016657bd0] [c0000000105f21b8] fsnotify_destroy_group+0x68/0x160\n[ 243.686428] [c000000016657c40] [c0000000105f6500] inotify_release+0x30/0xa0\n[ 243.686440] [c000000016657cb0] [c0000000105751a8] __fput+0xc8/0x350\n[ 243.686452] [c000000016657d00] [c00000001017d524] task_work_run+0xe4/0x170\n[ 243.686464] [c000000016657d50] [c000000010020e94] do_notify_resume+0x134/0x140\n[ 243.686478] [c000000016657d80] [c00000001002eb18] interrupt_exit_user_prepare_main+0x198/0x270\n[ 243.686493] [c000000016657de0] [c00000001002ec60] syscall_exit_prepare+0x70/0x180\n[ 243.686505] [c000000016657e10] [c00000001000bf7c] system_call_vectored_common+0xfc/0x280\n[ 243.686520] --- interrupt: 3000 at 0x7fffa47d5ba4\n[ 243.686528] NIP: 00007fffa47d5ba4 LR: 0000000000000000 CTR: 0000000000000000\n[ 243.686538] REGS: c000000016657e80 TRAP: 3000 Not tainted (6.1.0-rc1)\n[ 243.686548] MSR: 800000000000d033 \u003cSF,EE,PR,ME,IR,DR,RI,LE\u003e CR: 42044440 XER: 00000000\n[ 243.686572] IRQMASK: 0\n[ 243.686572] GPR00: 0000000000000006 00007ffffa606710 00007fffa48e7200 0000000000000000\n[ 243.686572] GPR04: 0000000000000002 000000000000000a 0000000000000000 0000000000000001\n[ 243.686572] GPR08: 000001000c172dd0 0000000000000000 0000000000000000 0000000000000000\n[ 243.686572] GPR12: 0000000000000000 00007fffa4ff4bc0 0000000000000000 0000000000000000\n[ 243.686572] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000\n[ 243.686572] GPR20: 0000000132dfdc50 000000000000000e 0000000000189375 0000000000000000\n[ 243.686572] GPR24: 00007ffffa606ae0 0000000000000005 000001000c185490 000001000c172570\n[ 243.686572] GPR28: 000001000c172990 000001000c184850 000001000c172e00 00007fffa4fedd98\n[ 243.686683] NIP [00007fffa47d5ba4] 0x7fffa47d5ba4\n[ 243.686691] LR [0000000000000000] 0x0\n[ 243.686698] --- interrupt: 3000\n[ 243.686708] INFO: task kworker/u16:1:24 blocked for more than 122 seconds.\n[ 243.686717] Not tainted 6.1.0-rc1 #1\n[ 243.686724] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 243.686733] task:kworker/u16:1 state:D stack:0 pid:24 ppid:2 flags:0x00000800\n[ 243.686747] Workqueue: events_unbound fsnotify_mark_destroy_workfn\n[ 243.686758] Call Trace:\n[ 243.686762] [c0000000166736e0] [c00000004fd91000] 0xc00000004fd91000 (unreliable)\n[ 243.686775] [c0000000166738d0] [c00000001001dec0] __switch_to+0x130/0x220\n[ 243.686788] [c000000016673930] [c000000010f607b8] __schedule+0x1f8/0x\n---truncated---", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53671", "https://git.kernel.org/linus/7f24626d6dd844bfc6d1f492d214d29c86d02550 (6.3-rc1)", "https://git.kernel.org/stable/c/2c4d26dad76eadaa45a24543e311e9ce5d09f04e", "https://git.kernel.org/stable/c/7f24626d6dd844bfc6d1f492d214d29c86d02550", "https://git.kernel.org/stable/c/c7c0bc03fa44942fe0fdc5ac52cda6e11529c0ea", "https://lore.kernel.org/linux-cve-announce/2025100705-CVE-2023-53671-a34e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53671", "https://www.cve.org/CVERecord?id=CVE-2023-53671" ], "PublishedDate": "2025-10-07T16:15:51Z", "LastModifiedDate": "2026-02-26T23:15:00.707Z" }, { "VulnerabilityID": "CVE-2023-53673", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53673", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9dc26137a1893932e76d2754f56e69af8848e2278bedb83571d8c9645d3ff6ea", "Title": "kernel: Bluetooth: hci_event: call disconnect callback before deleting conn", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: call disconnect callback before deleting conn\n\nIn hci_cs_disconnect, we do hci_conn_del even if disconnection failed.\n\nISO, L2CAP and SCO connections refer to the hci_conn without\nhci_conn_get, so disconn_cfm must be called so they can clean up their\nconn, otherwise use-after-free occurs.\n\nISO:\n==========================================================\niso_sock_connect:880: sk 00000000eabd6557\niso_connect_cis:356: 70:1a:b8:98:ff:a2 -\u003e 28:3d:c2:4a:7e:da\n...\niso_conn_add:140: hcon 000000001696f1fd conn 00000000b6251073\nhci_dev_put:1487: hci0 orig refcnt 17\n__iso_chan_add:214: conn 00000000b6251073\niso_sock_clear_timer:117: sock 00000000eabd6557 state 3\n...\nhci_rx_work:4085: hci0 Event packet\nhci_event_packet:7601: hci0: event 0x0f\nhci_cmd_status_evt:4346: hci0: opcode 0x0406\nhci_cs_disconnect:2760: hci0: status 0x0c\nhci_sent_cmd_data:3107: hci0 opcode 0x0406\nhci_conn_del:1151: hci0 hcon 000000001696f1fd handle 2560\nhci_conn_unlink:1102: hci0: hcon 000000001696f1fd\nhci_conn_drop:1451: hcon 00000000d8521aaf orig refcnt 2\nhci_chan_list_flush:2780: hcon 000000001696f1fd\nhci_dev_put:1487: hci0 orig refcnt 21\nhci_dev_put:1487: hci0 orig refcnt 20\nhci_req_cmd_complete:3978: opcode 0x0406 status 0x0c\n... \u003cno iso_* activity on sk/conn\u003e ...\niso_sock_sendmsg:1098: sock 00000000dea5e2e0, sk 00000000eabd6557\nBUG: kernel NULL pointer dereference, address: 0000000000000668\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP PTI\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-1.fc38 04/01/2014\nRIP: 0010:iso_sock_sendmsg (net/bluetooth/iso.c:1112) bluetooth\n==========================================================\n\nL2CAP:\n==================================================================\nhci_cmd_status_evt:4359: hci0: opcode 0x0406\nhci_cs_disconnect:2760: hci0: status 0x0c\nhci_sent_cmd_data:3085: hci0 opcode 0x0406\nhci_conn_del:1151: hci0 hcon ffff88800c999000 handle 3585\nhci_conn_unlink:1102: hci0: hcon ffff88800c999000\nhci_chan_list_flush:2780: hcon ffff88800c999000\nhci_chan_del:2761: hci0 hcon ffff88800c999000 chan ffff888018ddd280\n...\nBUG: KASAN: slab-use-after-free in hci_send_acl+0x2d/0x540 [bluetooth]\nRead of size 8 at addr ffff888018ddd298 by task bluetoothd/1175\n\nCPU: 0 PID: 1175 Comm: bluetoothd Tainted: G E 6.4.0-rc4+ #2\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-1.fc38 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5b/0x90\n print_report+0xcf/0x670\n ? __virt_addr_valid+0xf8/0x180\n ? hci_send_acl+0x2d/0x540 [bluetooth]\n kasan_report+0xa8/0xe0\n ? hci_send_acl+0x2d/0x540 [bluetooth]\n hci_send_acl+0x2d/0x540 [bluetooth]\n ? __pfx___lock_acquire+0x10/0x10\n l2cap_chan_send+0x1fd/0x1300 [bluetooth]\n ? l2cap_sock_sendmsg+0xf2/0x170 [bluetooth]\n ? __pfx_l2cap_chan_send+0x10/0x10 [bluetooth]\n ? lock_release+0x1d5/0x3c0\n ? mark_held_locks+0x1a/0x90\n l2cap_sock_sendmsg+0x100/0x170 [bluetooth]\n sock_write_iter+0x275/0x280\n ? __pfx_sock_write_iter+0x10/0x10\n ? __pfx___lock_acquire+0x10/0x10\n do_iter_readv_writev+0x176/0x220\n ? __pfx_do_iter_readv_writev+0x10/0x10\n ? find_held_lock+0x83/0xa0\n ? selinux_file_permission+0x13e/0x210\n do_iter_write+0xda/0x340\n vfs_writev+0x1b4/0x400\n ? __pfx_vfs_writev+0x10/0x10\n ? __seccomp_filter+0x112/0x750\n ? populate_seccomp_data+0x182/0x220\n ? __fget_light+0xdf/0x100\n ? do_writev+0x19d/0x210\n do_writev+0x19d/0x210\n ? __pfx_do_writev+0x10/0x10\n ? mark_held_locks+0x1a/0x90\n do_syscall_64+0x60/0x90\n ? lockdep_hardirqs_on_prepare+0x149/0x210\n ? do_syscall_64+0x6c/0x90\n ? lockdep_hardirqs_on_prepare+0x149/0x210\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\nRIP: 0033:0x7ff45cb23e64\nCode: 15 d1 1f 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 80 3d 9d a7 0d 00 00 74 13 b8 14 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 54 c3 0f 1f 00 48 83 ec 28 89 54 24 1c 48 89\nRSP: 002b:00007fff21ae09b8 EFLAGS: 00000202 ORIG_RAX: 0000000000000014\nRAX: ffffffffffffffda RBX: \n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "alma": 3, "nvd": 3, "oracle-oval": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1148", "https://access.redhat.com/security/cve/CVE-2023-53673", "https://bugzilla.redhat.com/2402193", "https://bugzilla.redhat.com/2414494", "https://bugzilla.redhat.com/2418872", "https://bugzilla.redhat.com/2419954", "https://bugzilla.redhat.com/show_bug.cgi?id=2402193", "https://bugzilla.redhat.com/show_bug.cgi?id=2414494", "https://bugzilla.redhat.com/show_bug.cgi?id=2418872", "https://bugzilla.redhat.com/show_bug.cgi?id=2419954", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-53673", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40154", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40248", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40277", "https://errata.almalinux.org/8/ALSA-2026-1148.html", "https://errata.rockylinux.org/RLSA-2026:1142", "https://git.kernel.org/linus/7f7cfcb6f0825652973b780f248603e23f16ee90 (6.5-rc3)", "https://git.kernel.org/stable/c/093a07052406b363b1b2ab489e17dbadaf3e509b", "https://git.kernel.org/stable/c/1ecf6dc2676ead4b927c50b1be0851fa4d756574", "https://git.kernel.org/stable/c/59bd1e476bbc7bc6dff3c61bba787095a4839796", "https://git.kernel.org/stable/c/7f7cfcb6f0825652973b780f248603e23f16ee90", "https://linux.oracle.com/cve/CVE-2023-53673.html", "https://linux.oracle.com/errata/ELSA-2026-1142.html", "https://lore.kernel.org/linux-cve-announce/2025100706-CVE-2023-53673-36b9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53673", "https://www.cve.org/CVERecord?id=CVE-2023-53673" ], "PublishedDate": "2025-10-07T16:15:51.247Z", "LastModifiedDate": "2026-02-26T23:15:14.977Z" }, { "VulnerabilityID": "CVE-2023-53682", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53682", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:185e0f84f43a4b691a58a9e5f691029d29fdebf62b10c7203e93c9892840999c", "Title": "kernel: hwmon: (xgene) Fix ioremap and memremap leak", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (xgene) Fix ioremap and memremap leak\n\nSmatch reports:\n\ndrivers/hwmon/xgene-hwmon.c:757 xgene_hwmon_probe() warn:\n'ctx-\u003epcc_comm_addr' from ioremap() not released on line: 757.\n\nThis is because in drivers/hwmon/xgene-hwmon.c:701 xgene_hwmon_probe(),\nioremap and memremap is not released, which may cause a leak.\n\nTo fix this, ioremap and memremap is modified to devm_ioremap and\ndevm_memremap.\n\n[groeck: Fixed formatting and subject]", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53682", "https://git.kernel.org/linus/813cc94c7847ae4a17e9f744fb4dbdf7df6bd732 (6.3-rc4)", "https://git.kernel.org/stable/c/1773185a0a87006c1be78a978d9dd61aa7a33db8", "https://git.kernel.org/stable/c/813cc94c7847ae4a17e9f744fb4dbdf7df6bd732", "https://git.kernel.org/stable/c/9d482a09acd3d5f61a56aefc125d32c81994707b", "https://lore.kernel.org/linux-cve-announce/2025100709-CVE-2023-53682-10e4@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53682", "https://www.cve.org/CVERecord?id=CVE-2023-53682" ], "PublishedDate": "2025-10-07T16:15:52.413Z", "LastModifiedDate": "2026-02-26T23:09:44.487Z" }, { "VulnerabilityID": "CVE-2023-53685", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53685", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d78ff2344fed0d224cde3e7e726bc8ec151fab38f737993734492f5182929ef9", "Title": "kernel: tun: Fix memory leak for detached NAPI queue", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntun: Fix memory leak for detached NAPI queue.\n\nsyzkaller reported [0] memory leaks of sk and skb related to the TUN\ndevice with no repro, but we can reproduce it easily with:\n\n struct ifreq ifr = {}\n int fd_tun, fd_tmp;\n char buf[4] = {};\n\n fd_tun = openat(AT_FDCWD, \"/dev/net/tun\", O_WRONLY, 0);\n ifr.ifr_flags = IFF_TUN | IFF_NAPI | IFF_MULTI_QUEUE;\n ioctl(fd_tun, TUNSETIFF, \u0026ifr);\n\n ifr.ifr_flags = IFF_DETACH_QUEUE;\n ioctl(fd_tun, TUNSETQUEUE, \u0026ifr);\n\n fd_tmp = socket(AF_PACKET, SOCK_PACKET, 0);\n ifr.ifr_flags = IFF_UP;\n ioctl(fd_tmp, SIOCSIFFLAGS, \u0026ifr);\n\n write(fd_tun, buf, sizeof(buf));\n close(fd_tun);\n\nIf we enable NAPI and multi-queue on a TUN device, we can put skb into\ntfile-\u003esk.sk_write_queue after the queue is detached. We should prevent\nit by checking tfile-\u003edetached before queuing skb.\n\nNote this must be done under tfile-\u003esk.sk_write_queue.lock because write()\nand ioctl(IFF_DETACH_QUEUE) can run concurrently. Otherwise, there would\nbe a small race window:\n\n write() ioctl(IFF_DETACH_QUEUE)\n `- tun_get_user `- __tun_detach\n |- if (tfile-\u003edetached) |- tun_disable_queue\n | `-\u003e false | `- tfile-\u003edetached = tun\n | `- tun_queue_purge\n |- spin_lock_bh(\u0026queue-\u003elock)\n `- __skb_queue_tail(queue, skb)\n\nAnother solution is to call tun_queue_purge() when closing and\nreattaching the detached queue, but it could paper over another\nproblems. Also, we do the same kind of test for IFF_NAPI_FRAGS.\n\n[0]:\nunreferenced object 0xffff88801edbc800 (size 2048):\n comm \"syz-executor.1\", pid 33269, jiffies 4295743834 (age 18.756s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00 ...@............\n backtrace:\n [\u003c000000008c16ea3d\u003e] __do_kmalloc_node mm/slab_common.c:965 [inline]\n [\u003c000000008c16ea3d\u003e] __kmalloc+0x4a/0x130 mm/slab_common.c:979\n [\u003c000000003addde56\u003e] kmalloc include/linux/slab.h:563 [inline]\n [\u003c000000003addde56\u003e] sk_prot_alloc+0xef/0x1b0 net/core/sock.c:2035\n [\u003c000000003e20621f\u003e] sk_alloc+0x36/0x2f0 net/core/sock.c:2088\n [\u003c0000000028e43843\u003e] tun_chr_open+0x3d/0x190 drivers/net/tun.c:3438\n [\u003c000000001b0f1f28\u003e] misc_open+0x1a6/0x1f0 drivers/char/misc.c:165\n [\u003c000000004376f706\u003e] chrdev_open+0x111/0x300 fs/char_dev.c:414\n [\u003c00000000614d379f\u003e] do_dentry_open+0x2f9/0x750 fs/open.c:920\n [\u003c000000008eb24774\u003e] do_open fs/namei.c:3636 [inline]\n [\u003c000000008eb24774\u003e] path_openat+0x143f/0x1a30 fs/namei.c:3791\n [\u003c00000000955077b5\u003e] do_filp_open+0xce/0x1c0 fs/namei.c:3818\n [\u003c00000000b78973b0\u003e] do_sys_openat2+0xf0/0x260 fs/open.c:1356\n [\u003c00000000057be699\u003e] do_sys_open fs/open.c:1372 [inline]\n [\u003c00000000057be699\u003e] __do_sys_openat fs/open.c:1388 [inline]\n [\u003c00000000057be699\u003e] __se_sys_openat fs/open.c:1383 [inline]\n [\u003c00000000057be699\u003e] __x64_sys_openat+0x83/0xf0 fs/open.c:1383\n [\u003c00000000a7d2182d\u003e] do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n [\u003c00000000a7d2182d\u003e] do_syscall_64+0x3c/0x90 arch/x86/entry/common.c:80\n [\u003c000000004cc4e8c4\u003e] entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nunreferenced object 0xffff88802f671700 (size 240):\n comm \"syz-executor.1\", pid 33269, jiffies 4295743854 (age 18.736s)\n hex dump (first 32 bytes):\n 68 c9 db 1e 80 88 ff ff 68 c9 db 1e 80 88 ff ff h.......h.......\n 00 c0 7b 2f 80 88 ff ff 00 c8 db 1e 80 88 ff ff ..{/............\n backtrace:\n [\u003c00000000e9d9fdb6\u003e] __alloc_skb+0x223/0x250 net/core/skbuff.c:644\n [\u003c000000002c3e4e0b\u003e] alloc_skb include/linux/skbuff.h:1288 [inline]\n [\u003c000000002c3e4e0b\u003e] alloc_skb_with_frags+0x6f/0x350 net/core/skbuff.c:6378\n [\u003c00000000825f98d7\u003e] sock_alloc_send_pskb+0x3ac/0x3e0 net/core/sock.c:2729\n [\u003c00000000e9eb3df3\u003e] tun_alloc_skb drivers/net/tun.c:1529 [inline]\n [\u003c\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53685", "https://git.kernel.org/linus/82b2bc279467c875ec36f8ef820f00997c2a4e8e (6.4-rc3)", "https://git.kernel.org/stable/c/0d20210a190f76db9ec35ee4e0fc77e6c7a148f5", "https://git.kernel.org/stable/c/82b2bc279467c875ec36f8ef820f00997c2a4e8e", "https://git.kernel.org/stable/c/9cae243b9ae25adfe468cd47ceca591f6725b79c", "https://lore.kernel.org/linux-cve-announce/2025100710-CVE-2023-53685-68d1@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53685", "https://www.cve.org/CVERecord?id=CVE-2023-53685" ], "PublishedDate": "2025-10-07T16:15:52.777Z", "LastModifiedDate": "2026-02-26T23:10:09.747Z" }, { "VulnerabilityID": "CVE-2023-53694", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53694", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:450b235481470ce6a384423476977c2cea554cdff669a81e75fdf0436ec33970", "Title": "kernel: riscv: ftrace: Fixup panic by disabling preemption", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: ftrace: Fixup panic by disabling preemption\n\nIn RISCV, we must use an AUIPC + JALR pair to encode an immediate,\nforming a jump that jumps to an address over 4K. This may cause errors\nif we want to enable kernel preemption and remove dependency from\npatching code with stop_machine(). For example, if a task was switched\nout on auipc. And, if we changed the ftrace function before it was\nswitched back, then it would jump to an address that has updated 11:0\nbits mixing with previous XLEN:12 part.\n\np: patched area performed by dynamic ftrace\nftrace_prologue:\np| REG_S ra, -SZREG(sp)\np| auipc ra, 0x? ------------\u003e preempted\n\t\t\t\t\t...\n\t\t\t\tchange ftrace function\n\t\t\t\t\t...\np| jalr -?(ra) \u003c------------- switched back\np| REG_L ra, -SZREG(sp)\nfunc:\n\txxx\n\tret", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53694", "https://git.kernel.org/linus/8547649981e6631328cd64f583667501ae385531 (6.3-rc1)", "https://git.kernel.org/stable/c/20a7510e781084364691b4962de31de758194cc9", "https://git.kernel.org/stable/c/84cfcf240f4a577733b1d98fcd2611a611612b03", "https://git.kernel.org/stable/c/8547649981e6631328cd64f583667501ae385531", "https://lore.kernel.org/linux-cve-announce/2025102210-CVE-2023-53694-ed6b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53694", "https://www.cve.org/CVERecord?id=CVE-2023-53694" ], "PublishedDate": "2025-10-22T14:15:43.887Z", "LastModifiedDate": "2025-10-22T21:12:48.953Z" }, { "VulnerabilityID": "CVE-2023-53702", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53702", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:50019c2fbdfe0c7af0ef295129faa28db603b1c480781d93db3759108627da2c", "Title": "kernel: s390/crypto: use vector instructions only if available for ChaCha20", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/crypto: use vector instructions only if available for ChaCha20\n\nCommit 349d03ffd5f6 (\"crypto: s390 - add crypto library interface for\nChaCha20\") added a library interface to the s390 specific ChaCha20\nimplementation. However no check was added to verify if the required\nfacilities are installed before branching into the assembler code.\n\nIf compiled into the kernel, this will lead to the following crash,\nif vector instructions are not available:\n\ndata exception: 0007 ilc:3 [#1] SMP\nModules linked in:\nCPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.3.0-rc7+ #11\nHardware name: IBM 3931 A01 704 (KVM/Linux)\nKrnl PSW : 0704e00180000000 000000001857277a (chacha20_vx+0x32/0x818)\n R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 RI:0 EA:3\nKrnl GPRS: 0000037f0000000a ffffffffffffff60 000000008184b000 0000000019f5c8e6\n 0000000000000109 0000037fffb13c58 0000037fffb13c78 0000000019bb1780\n 0000037fffb13c58 0000000019f5c8e6 000000008184b000 0000000000000109\n 00000000802d8000 0000000000000109 0000000018571ebc 0000037fffb13718\nKrnl Code: 000000001857276a: c07000b1f80b larl %r7,0000000019bb1780\n 0000000018572770: a708000a lhi %r0,10\n #0000000018572774: e78950000c36 vlm %v24,%v25,0(%r5),0\n \u003e000000001857277a: e7a060000806 vl %v26,0(%r6),0\n 0000000018572780: e7bf70004c36 vlm %v27,%v31,0(%r7),4\n 0000000018572786: e70b00000456 vlr %v0,%v27\n 000000001857278c: e71800000456 vlr %v1,%v24\n 0000000018572792: e74b00000456 vlr %v4,%v27\nCall Trace:\n [\u003c000000001857277a\u003e] chacha20_vx+0x32/0x818\nLast Breaking-Event-Address:\n [\u003c0000000018571eb6\u003e] chacha20_crypt_s390.constprop.0+0x6e/0xd8\n---[ end trace 0000000000000000 ]---\nKernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b\n\nFix this by adding a missing MACHINE_HAS_VX check.\n\n[agordeev@linux.ibm.com: remove duplicates in commit message]", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53702", "https://git.kernel.org/linus/8703dd6b238da0ec6c276e53836f8200983d3d9b (6.4-rc3)", "https://git.kernel.org/stable/c/25e8d30507aa2f251152df1af7809e85b5538f4a", "https://git.kernel.org/stable/c/8703dd6b238da0ec6c276e53836f8200983d3d9b", "https://git.kernel.org/stable/c/debb7797bba0caffdbdadc3e7968bb2c414f50da", "https://lore.kernel.org/linux-cve-announce/2025102211-CVE-2023-53702-a6b6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53702", "https://www.cve.org/CVERecord?id=CVE-2023-53702" ], "PublishedDate": "2025-10-22T14:15:44.76Z", "LastModifiedDate": "2025-10-22T21:12:48.953Z" }, { "VulnerabilityID": "CVE-2023-53707", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53707", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:074681a024c8fceaf7925dc5c0b96b4872bbc82ef91b6a6698942c2cfddd7075", "Title": "kernel: drm/amdgpu: Fix integer overflow in amdgpu_cs_pass1", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix integer overflow in amdgpu_cs_pass1\n\nThe type of size is unsigned int, if size is 0x40000000, there will\nbe an integer overflow, size will be zero after size *= sizeof(uint32_t),\nwill cause uninitialized memory to be referenced later.", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53707", "https://git.kernel.org/linus/87c2213e85bd81e4a9a4d0880c256568794ae388 (6.5-rc1)", "https://git.kernel.org/stable/c/87c2213e85bd81e4a9a4d0880c256568794ae388", "https://git.kernel.org/stable/c/9f55d300541cb5b435984d269087810581580b00", "https://git.kernel.org/stable/c/c3deb091398e9e469d08dd1599b6d76fd6b29df8", "https://lore.kernel.org/linux-cve-announce/2025102212-CVE-2023-53707-361a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53707", "https://www.cve.org/CVERecord?id=CVE-2023-53707" ], "PublishedDate": "2025-10-22T14:15:45.303Z", "LastModifiedDate": "2025-10-22T21:12:48.953Z" }, { "VulnerabilityID": "CVE-2023-53714", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53714", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2fa0bb1886434be15b13e2ff266616c4472985492102b728f28cb226bcd6c0b4", "Title": "kernel: drm/stm: ltdc: fix late dereference check", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/stm: ltdc: fix late dereference check\n\nIn ltdc_crtc_set_crc_source(), struct drm_crtc was dereferenced in a\ncontainer_of() before the pointer check. This could cause a kernel panic.\n\nFix this smatch warning:\ndrivers/gpu/drm/stm/ltdc.c:1124 ltdc_crtc_set_crc_source() warn: variable dereferenced before check 'crtc' (see line 1119)", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53714", "https://git.kernel.org/linus/898a9e3f56db9860ab091d4bf41b6caa99aafc3d (6.5-rc1)", "https://git.kernel.org/stable/c/04fe3b82528232aa85a6c45464906d0727ef4f20", "https://git.kernel.org/stable/c/340dba127bbed51e8425cd8e097aacfadd175462", "https://git.kernel.org/stable/c/898a9e3f56db9860ab091d4bf41b6caa99aafc3d", "https://lore.kernel.org/linux-cve-announce/2025102213-CVE-2023-53714-6b41@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53714", "https://www.cve.org/CVERecord?id=CVE-2023-53714" ], "PublishedDate": "2025-10-22T14:15:46.04Z", "LastModifiedDate": "2025-10-22T21:12:48.953Z" }, { "VulnerabilityID": "CVE-2023-53721", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53721", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:fb169807f9e037a76b1421cef93836bd2e75481aca2249dbcd873a8fabe4b550", "Title": "kernel: wifi: ath12k: Fix a NULL pointer dereference in ath12k_mac_op_hw_scan()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Fix a NULL pointer dereference in ath12k_mac_op_hw_scan()\n\nIn ath12k_mac_op_hw_scan(), the return value of kzalloc() is directly\nused in memcpy(), which may lead to a NULL pointer dereference on\nfailure of kzalloc().\n\nFix this bug by adding a check of arg.extraie.ptr.\n\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53721", "https://git.kernel.org/linus/8ad314da54c6dd223a6b6cc85019160aa842f659 (6.6-rc1)", "https://git.kernel.org/stable/c/5a263df398b581189fe632b4ab8440f3dd76c251", "https://git.kernel.org/stable/c/8ad314da54c6dd223a6b6cc85019160aa842f659", "https://lore.kernel.org/linux-cve-announce/2025102214-CVE-2023-53721-f0ca@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53721", "https://www.cve.org/CVERecord?id=CVE-2023-53721" ], "PublishedDate": "2025-10-22T14:15:46.803Z", "LastModifiedDate": "2025-10-22T21:12:48.953Z" }, { "VulnerabilityID": "CVE-2023-53733", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53733", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:cc33ebe5b26583447be084d8e19e5bffd73775dffdc4414ef630705c8d7e26fd", "Title": "kernel: net: sched: cls_u32: Undo tcf_bind_filter if u32_replace_hw_knode", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: cls_u32: Undo tcf_bind_filter if u32_replace_hw_knode\n\nWhen u32_replace_hw_knode fails, we need to undo the tcf_bind_filter\noperation done at u32_set_parms.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53733", "https://git.kernel.org/linus/9cb36faedeafb9720ac236aeae2ea57091d90a09 (6.5-rc3)", "https://git.kernel.org/stable/c/025159ed118ba5145b241d574edadb0e00d3c20f", "https://git.kernel.org/stable/c/9cb36faedeafb9720ac236aeae2ea57091d90a09", "https://git.kernel.org/stable/c/a9345793469b65ee5ba7b033239916c2a67d3dd4", "https://lore.kernel.org/linux-cve-announce/2025102432-CVE-2023-53733-8b6c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53733", "https://www.cve.org/CVERecord?id=CVE-2023-53733" ], "PublishedDate": "2025-10-24T12:15:35.617Z", "LastModifiedDate": "2025-10-27T13:20:15.637Z" }, { "VulnerabilityID": "CVE-2023-53742", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53742", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2596a564a03bd0478e37e20310db51fabb7eeb5ed98d985c1076b02f510bff10", "Title": "kernel: kcsan: Avoid READ_ONCE() in read_instrumented_memory()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nkcsan: Avoid READ_ONCE() in read_instrumented_memory()\n\nHaibo Li reported:\n\n | Unable to handle kernel paging request at virtual address\n | ffffff802a0d8d7171\n | Mem abort info:o:\n | ESR = 0x9600002121\n | EC = 0x25: DABT (current EL), IL = 32 bitsts\n | SET = 0, FnV = 0 0\n | EA = 0, S1PTW = 0 0\n | FSC = 0x21: alignment fault\n | Data abort info:o:\n | ISV = 0, ISS = 0x0000002121\n | CM = 0, WnR = 0 0\n | swapper pgtable: 4k pages, 39-bit VAs, pgdp=000000002835200000\n | [ffffff802a0d8d71] pgd=180000005fbf9003, p4d=180000005fbf9003,\n | pud=180000005fbf9003, pmd=180000005fbe8003, pte=006800002a0d8707\n | Internal error: Oops: 96000021 [#1] PREEMPT SMP\n | Modules linked in:\n | CPU: 2 PID: 45 Comm: kworker/u8:2 Not tainted\n | 5.15.78-android13-8-g63561175bbda-dirty #1\n | ...\n | pc : kcsan_setup_watchpoint+0x26c/0x6bc\n | lr : kcsan_setup_watchpoint+0x88/0x6bc\n | sp : ffffffc00ab4b7f0\n | x29: ffffffc00ab4b800 x28: ffffff80294fe588 x27: 0000000000000001\n | x26: 0000000000000019 x25: 0000000000000001 x24: ffffff80294fdb80\n | x23: 0000000000000000 x22: ffffffc00a70fb68 x21: ffffff802a0d8d71\n | x20: 0000000000000002 x19: 0000000000000000 x18: ffffffc00a9bd060\n | x17: 0000000000000001 x16: 0000000000000000 x15: ffffffc00a59f000\n | x14: 0000000000000001 x13: 0000000000000000 x12: ffffffc00a70faa0\n | x11: 00000000aaaaaaab x10: 0000000000000054 x9 : ffffffc00839adf8\n | x8 : ffffffc009b4cf00 x7 : 0000000000000000 x6 : 0000000000000007\n | x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffffffc00a70fb70\n | x2 : 0005ff802a0d8d71 x1 : 0000000000000000 x0 : 0000000000000000\n | Call trace:\n | kcsan_setup_watchpoint+0x26c/0x6bc\n | __tsan_read2+0x1f0/0x234\n | inflate_fast+0x498/0x750\n | zlib_inflate+0x1304/0x2384\n | __gunzip+0x3a0/0x45c\n | gunzip+0x20/0x30\n | unpack_to_rootfs+0x2a8/0x3fc\n | do_populate_rootfs+0xe8/0x11c\n | async_run_entry_fn+0x58/0x1bc\n | process_one_work+0x3ec/0x738\n | worker_thread+0x4c4/0x838\n | kthread+0x20c/0x258\n | ret_from_fork+0x10/0x20\n | Code: b8bfc2a8 2a0803f7 14000007 d503249f (78bfc2a8) )\n | ---[ end trace 613a943cb0a572b6 ]-----\n\nThe reason for this is that on certain arm64 configuration since\ne35123d83ee3 (\"arm64: lto: Strengthen READ_ONCE() to acquire when\nCONFIG_LTO=y\"), READ_ONCE() may be promoted to a full atomic acquire\ninstruction which cannot be used on unaligned addresses.\n\nFix it by avoiding READ_ONCE() in read_instrumented_memory(), and simply\nforcing the compiler to do the required access by casting to the\nappropriate volatile type. In terms of generated code this currently\nonly affects architectures that do not use the default READ_ONCE()\nimplementation.\n\nThe only downside is that we are not guaranteed atomicity of the access\nitself, although on most architectures a plain load up to machine word\nsize should still be atomic (a fact the default READ_ONCE() still relies\non itself).", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53742", "https://git.kernel.org/linus/8dec88070d964bfeb4198f34cb5956d89dd1f557 (6.4-rc1)", "https://git.kernel.org/stable/c/706ae665747b629bcf87a2d7e6438602f904b8d5", "https://git.kernel.org/stable/c/75c03a8cfc731519236f08c34c7e029ae153a613", "https://git.kernel.org/stable/c/8dec88070d964bfeb4198f34cb5956d89dd1f557", "https://git.kernel.org/stable/c/f8f2297355513e5e0631e604ef9d7e449c7dcd00", "https://lore.kernel.org/linux-cve-announce/2025120840-CVE-2023-53742-3a0d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53742", "https://www.cve.org/CVERecord?id=CVE-2023-53742" ], "PublishedDate": "2025-12-08T02:15:49.38Z", "LastModifiedDate": "2025-12-08T18:26:19.9Z" }, { "VulnerabilityID": "CVE-2023-53743", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53743", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:47cd6ff0ccdfb06288697c0d0957ecaf749d6ab7c2a7fdf197821ceda288ad3e", "Title": "kernel: Linux kernel: Denial of Service due to PCI resource leak", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Free released resource after coalescing\n\nrelease_resource() doesn't actually free the resource or resource list\nentry so free the resource list entry to avoid a leak.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53743", "https://git.kernel.org/linus/8ec9c1d5d0a5a4744516adb483b97a238892f9d5 (6.6-rc1)", "https://git.kernel.org/stable/c/4443f3695d581ad1a55f2ef59259dcd0c52402b3", "https://git.kernel.org/stable/c/8ec9c1d5d0a5a4744516adb483b97a238892f9d5", "https://git.kernel.org/stable/c/a076e73dd6e619729e1af8d0d802fe52ac5eb2b3", "https://git.kernel.org/stable/c/a08713b9d9031683b83b3ecf12bad40a1ca35211", "https://lore.kernel.org/linux-cve-announce/2025120840-CVE-2023-53743-5da6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53743", "https://www.cve.org/CVERecord?id=CVE-2023-53743" ], "PublishedDate": "2025-12-08T02:15:49.52Z", "LastModifiedDate": "2025-12-08T18:26:19.9Z" }, { "VulnerabilityID": "CVE-2023-53748", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53748", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a7280cd5e0dd6bc61faff62a64fd3c0ebbc7fbf8c87922fc7842ca01e38d19a8", "Title": "kernel: media: mediatek: vcodec: Fix potential array out-of-bounds in decoder queue_setup", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Fix potential array out-of-bounds in decoder queue_setup\n\nvariable *nplanes is provided by user via system call argument. The\npossible value of q_data-\u003efmt-\u003enum_planes is 1-3, while the value\nof *nplanes can be 1-8. The array access by index i can cause array\nout-of-bounds.\n\nFix this bug by checking *nplanes against the array size.", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53748", "https://git.kernel.org/linus/8fbcf730cb89c3647f3365226fe7014118fa93c7 (6.4-rc1)", "https://git.kernel.org/stable/c/48e4e06e2c5fe1fda283d499f91492eda2248bb9", "https://git.kernel.org/stable/c/8fbcf730cb89c3647f3365226fe7014118fa93c7", "https://git.kernel.org/stable/c/b8e19bf3b4aebd855be01b64674187dcf6d1db51", "https://lore.kernel.org/linux-cve-announce/2025120842-CVE-2023-53748-4905@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53748", "https://www.cve.org/CVERecord?id=CVE-2023-53748" ], "PublishedDate": "2025-12-08T02:15:50.2Z", "LastModifiedDate": "2025-12-08T18:26:19.9Z" }, { "VulnerabilityID": "CVE-2023-53751", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53751", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:492c1ac950bbc3d383067acfc130932284f1672e268d46003ef3bfec8f37574e", "Title": "kernel: Linux kernel (CIFS): Use-after-free vulnerability allows data integrity compromise and denial of service", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix potential use-after-free bugs in TCP_Server_Info::hostname\n\nTCP_Server_Info::hostname may be updated once or many times during\nreconnect, so protect its access outside reconnect path as well and\nthen prevent any potential use-after-free bugs.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53751", "https://git.kernel.org/linus/90c49fce1c43e1cc152695e20363ff5087897c09 (6.4-rc1)", "https://git.kernel.org/stable/c/0b08c4c499200be67d54c439d56e5ea866869945", "https://git.kernel.org/stable/c/64d62ac6d6514cba1305bd08e271ec1843bdd612", "https://git.kernel.org/stable/c/90c49fce1c43e1cc152695e20363ff5087897c09", "https://git.kernel.org/stable/c/c511954bf142fe1995aec3c739a9f1a76990283a", "https://lore.kernel.org/linux-cve-announce/2025120842-CVE-2023-53751-2ff2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53751", "https://www.cve.org/CVERecord?id=CVE-2023-53751" ], "PublishedDate": "2025-12-08T02:15:50.59Z", "LastModifiedDate": "2025-12-08T18:26:19.9Z" }, { "VulnerabilityID": "CVE-2023-53753", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53753", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:eeffab6b707b4aaaf1e4317b37aea1fd1184268ccfb4e4d00c2e73b443f1edcf", "Title": "kernel: drm/amd/display: fix mapping to non-allocated address", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix mapping to non-allocated address\n\n[Why]\nThere is an issue mapping non-allocated location of memory.\nIt would allocate gpio registers from an array out of bounds.\n\n[How]\nPatch correct numbers of bounds for using.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53753", "https://git.kernel.org/linus/9190d4a263264eabf715f5fc1827da45e3fdc247 (6.3-rc1)", "https://git.kernel.org/stable/c/24aaf6603600d6d1159973c809ea2737664b28c4", "https://git.kernel.org/stable/c/8ce8a443ddd9002861a4ee8a7e33a0c02717422f", "https://git.kernel.org/stable/c/9190d4a263264eabf715f5fc1827da45e3fdc247", "https://lore.kernel.org/linux-cve-announce/2025120843-CVE-2023-53753-1a11@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53753", "https://www.cve.org/CVERecord?id=CVE-2023-53753" ], "PublishedDate": "2025-12-08T02:15:50.847Z", "LastModifiedDate": "2025-12-08T18:26:19.9Z" }, { "VulnerabilityID": "CVE-2023-53764", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53764", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3c3bf833a0a2a973e5c9ca05da3a158c741328e8cb8a457e2fa5934e3c9287ae", "Title": "kernel: wifi: ath12k: Handle lock during peer_id find", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Handle lock during peer_id find\n\nath12k_peer_find_by_id() requires that the caller hold the\nab-\u003ebase_lock. Currently the WBM error path does not hold\nthe lock and calling that function, leads to the\nfollowing lockdep_assert()in QCN9274:\n\n[105162.160893] ------------[ cut here ]------------\n[105162.160916] WARNING: CPU: 3 PID: 0 at drivers/net/wireless/ath/ath12k/peer.c:71 ath12k_peer_find_by_id+0x52/0x60 [ath12k]\n[105162.160933] Modules linked in: ath12k(O) qrtr_mhi qrtr mac80211 cfg80211 mhi qmi_helpers libarc4 nvme nvme_core [last unloaded: ath12k(O)]\n[105162.160967] CPU: 3 PID: 0 Comm: swapper/3 Tainted: G W O 6.1.0-rc2+ #3\n[105162.160972] Hardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0056.2019.0506.1527 05/06/2019\n[105162.160977] RIP: 0010:ath12k_peer_find_by_id+0x52/0x60 [ath12k]\n[105162.160990] Code: 07 eb 0f 39 68 24 74 0a 48 8b 00 48 39 f8 75 f3 31 c0 5b 5d c3 48 8d bf b0 f2 00 00 be ff ff ff ff e8 22 20 c4 e2 85 c0 75 bf \u003c0f\u003e 0b eb bb 66 2e 0f 1f 84 00 00 00 00 00 41 54 4c 8d a7 98 f2 00\n[105162.160996] RSP: 0018:ffffa223001acc60 EFLAGS: 00010246\n[105162.161003] RAX: 0000000000000000 RBX: ffff9f0573940000 RCX: 0000000000000000\n[105162.161008] RDX: 0000000000000001 RSI: ffffffffa3951c8e RDI: ffffffffa39a96d7\n[105162.161013] RBP: 000000000000000a R08: 0000000000000000 R09: 0000000000000000\n[105162.161017] R10: ffffa223001acb40 R11: ffffffffa3d57c60 R12: ffff9f057394f2e0\n[105162.161022] R13: ffff9f0573940000 R14: ffff9f04ecd659c0 R15: ffff9f04d5a9b040\n[105162.161026] FS: 0000000000000000(0000) GS:ffff9f0575600000(0000) knlGS:0000000000000000\n[105162.161031] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[105162.161036] CR2: 00001d5c8277a008 CR3: 00000001e6224006 CR4: 00000000003706e0\n[105162.161041] Call Trace:\n[105162.161046] \u003cIRQ\u003e\n[105162.161051] ath12k_dp_rx_process_wbm_err+0x6da/0xaf0 [ath12k]\n[105162.161072] ? ath12k_dp_rx_process_err+0x80e/0x15a0 [ath12k]\n[105162.161084] ? __lock_acquire+0x4ca/0x1a60\n[105162.161104] ath12k_dp_service_srng+0x263/0x310 [ath12k]\n[105162.161120] ath12k_pci_ext_grp_napi_poll+0x1c/0x70 [ath12k]\n[105162.161133] __napi_poll+0x22/0x260\n[105162.161141] net_rx_action+0x2f8/0x380\n[105162.161153] __do_softirq+0xd0/0x4c9\n[105162.161162] irq_exit_rcu+0x88/0xe0\n[105162.161169] common_interrupt+0xa5/0xc0\n[105162.161174] \u003c/IRQ\u003e\n[105162.161179] \u003cTASK\u003e\n[105162.161184] asm_common_interrupt+0x22/0x40\n\nHandle spin lock/unlock in WBM error path to hold the necessary lock\nexpected by ath12k_peer_find_by_id().\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0-03171-QCAHKSWPL_SILICONZ-1", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53764", "https://git.kernel.org/linus/95a389e2ff3212d866cc51c77d682d2934074eb8 (6.4-rc1)", "https://git.kernel.org/stable/c/95a389e2ff3212d866cc51c77d682d2934074eb8", "https://git.kernel.org/stable/c/9faf7c696610a348ca94a224d55c946b19b3279d", "https://lore.kernel.org/linux-cve-announce/2025120845-CVE-2023-53764-c257@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53764", "https://www.cve.org/CVERecord?id=CVE-2023-53764" ], "PublishedDate": "2025-12-08T02:15:52.297Z", "LastModifiedDate": "2025-12-08T18:26:19.9Z" }, { "VulnerabilityID": "CVE-2023-53765", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53765", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:744036ecaa688dc1366cbad9b2c233d0e1a096fbd47a23790ccaa1d3e4de67e3", "Title": "kernel: dm cache: free background tracker's queued work in btracker_destroy", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm cache: free background tracker's queued work in btracker_destroy\n\nOtherwise the kernel can BUG with:\n\n[ 2245.426978] =============================================================================\n[ 2245.435155] BUG bt_work (Tainted: G B W ): Objects remaining in bt_work on __kmem_cache_shutdown()\n[ 2245.445233] -----------------------------------------------------------------------------\n[ 2245.445233]\n[ 2245.454879] Slab 0x00000000b0ce2b30 objects=64 used=2 fp=0x000000000a3c6a4e flags=0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)\n[ 2245.467300] CPU: 7 PID: 10805 Comm: lvm Kdump: loaded Tainted: G B W 6.0.0-rc2 #19\n[ 2245.476078] Hardware name: Dell Inc. PowerEdge R7525/0590KW, BIOS 2.5.6 10/06/2021\n[ 2245.483646] Call Trace:\n[ 2245.486100] \u003cTASK\u003e\n[ 2245.488206] dump_stack_lvl+0x34/0x48\n[ 2245.491878] slab_err+0x95/0xcd\n[ 2245.495028] __kmem_cache_shutdown.cold+0x31/0x136\n[ 2245.499821] kmem_cache_destroy+0x49/0x130\n[ 2245.503928] btracker_destroy+0x12/0x20 [dm_cache]\n[ 2245.508728] smq_destroy+0x15/0x60 [dm_cache_smq]\n[ 2245.513435] dm_cache_policy_destroy+0x12/0x20 [dm_cache]\n[ 2245.518834] destroy+0xc0/0x110 [dm_cache]\n[ 2245.522933] dm_table_destroy+0x5c/0x120 [dm_mod]\n[ 2245.527649] __dm_destroy+0x10e/0x1c0 [dm_mod]\n[ 2245.532102] dev_remove+0x117/0x190 [dm_mod]\n[ 2245.536384] ctl_ioctl+0x1a2/0x290 [dm_mod]\n[ 2245.540579] dm_ctl_ioctl+0xa/0x20 [dm_mod]\n[ 2245.544773] __x64_sys_ioctl+0x8a/0xc0\n[ 2245.548524] do_syscall_64+0x5c/0x90\n[ 2245.552104] ? syscall_exit_to_user_mode+0x12/0x30\n[ 2245.556897] ? do_syscall_64+0x69/0x90\n[ 2245.560648] ? do_syscall_64+0x69/0x90\n[ 2245.564394] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[ 2245.569447] RIP: 0033:0x7fe52583ec6b\n...\n[ 2245.646771] ------------[ cut here ]------------\n[ 2245.651395] kmem_cache_destroy bt_work: Slab cache still has objects when called from btracker_destroy+0x12/0x20 [dm_cache]\n[ 2245.651408] WARNING: CPU: 7 PID: 10805 at mm/slab_common.c:478 kmem_cache_destroy+0x128/0x130\n\nFound using: lvm2-testsuite --only \"cache-single-split.sh\"\n\nBen bisected and found that commit 0495e337b703 (\"mm/slab_common:\nDeleting kobject in kmem_cache_destroy() without holding\nslab_mutex/cpu_hotplug_lock\") first exposed dm-cache's incomplete\ncleanup of its background tracker work objects.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53765", "https://git.kernel.org/linus/95ab80a8a0fef2ce0cc494a306dd283948066ce7 (6.3-rc1)", "https://git.kernel.org/stable/c/673a3af21d5e3ed769f3eaed0c888244290a3506", "https://git.kernel.org/stable/c/95ab80a8a0fef2ce0cc494a306dd283948066ce7", "https://git.kernel.org/stable/c/ed56ad5cacb7a3aeb611494d5d66e2399d2bfecc", "https://lore.kernel.org/linux-cve-announce/2025120845-CVE-2023-53765-0317@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53765", "https://www.cve.org/CVERecord?id=CVE-2023-53765" ], "PublishedDate": "2025-12-08T02:15:52.42Z", "LastModifiedDate": "2025-12-08T18:26:19.9Z" }, { "VulnerabilityID": "CVE-2023-53767", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53767", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:394ff434c65e412fe58fd73ef32bc77a360fbcd0b3c6dd47a992f258a21e0011", "Title": "kernel: Linux kernel: Denial of Service via memory leak in ath12k Wi-Fi driver", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix memory leak in ath12k_qmi_driver_event_work()\n\nCurrently the buffer pointed by event is not freed in case\nATH12K_FLAG_UNREGISTERING bit is set, this causes memory leak.\n\nAdd a goto skip instead of return, to ensure event and all the\nlist entries are freed properly.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53767", "https://git.kernel.org/linus/960412bee0ea75f6b3c2dca4a3535795ee84c47a (6.4-rc1)", "https://git.kernel.org/stable/c/960412bee0ea75f6b3c2dca4a3535795ee84c47a", "https://git.kernel.org/stable/c/a87f59041a7f77b4bdab05cea60ac6adc69dc5d2", "https://lore.kernel.org/linux-cve-announce/2025120846-CVE-2023-53767-02ae@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53767", "https://www.cve.org/CVERecord?id=CVE-2023-53767" ], "PublishedDate": "2025-12-08T02:15:52.677Z", "LastModifiedDate": "2025-12-08T18:26:19.9Z" }, { "VulnerabilityID": "CVE-2023-53780", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53780", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ee4f7da501fc65328d2e5a5a737d656ab41e33cb596e9edae4dc67cf164542a2", "Title": "kernel: drm/amd/display: fix FCLK pstate change underflow", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix FCLK pstate change underflow\n\n[Why]\nCurrently we set FCLK p-state change\nwatermark calculated based on dummy\np-state latency when UCLK p-state is\nnot supported\n\n[How]\nCalculate FCLK p-state change watermark\nbased on on FCLK pstate change latency\nin case UCLK p-state is not supported", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53780", "https://git.kernel.org/linus/972243f973eb0821084e5833d5f7f4ed025f42da (6.3-rc1)", "https://git.kernel.org/stable/c/4bdfa48d74649898468a0bf5c8b8a48dded77b4a", "https://git.kernel.org/stable/c/6853d56dba56d1c24db403ff3885c71e18d572c4", "https://git.kernel.org/stable/c/972243f973eb0821084e5833d5f7f4ed025f42da", "https://lore.kernel.org/linux-cve-announce/2025120939-CVE-2023-53780-914d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53780", "https://www.cve.org/CVERecord?id=CVE-2023-53780" ], "PublishedDate": "2025-12-09T01:16:49.147Z", "LastModifiedDate": "2025-12-09T18:37:13.64Z" }, { "VulnerabilityID": "CVE-2023-53781", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53781", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1f23b782fd554559bc288bd7119980d09a008f24e4f36bcf86aff7f0e5918a09", "Title": "kernel: smc: Fix use-after-free in tcp_write_timer_handler()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmc: Fix use-after-free in tcp_write_timer_handler().\n\nWith Eric's ref tracker, syzbot finally found a repro for\nuse-after-free in tcp_write_timer_handler() by kernel TCP\nsockets. [0]\n\nIf SMC creates a kernel socket in __smc_create(), the kernel\nsocket is supposed to be freed in smc_clcsock_release() by\ncalling sock_release() when we close() the parent SMC socket.\n\nHowever, at the end of smc_clcsock_release(), the kernel\nsocket's sk_state might not be TCP_CLOSE. This means that\nwe have not called inet_csk_destroy_sock() in __tcp_close()\nand have not stopped the TCP timers.\n\nThe kernel socket's TCP timers can be fired later, so we\nneed to hold a refcnt for net as we do for MPTCP subflows\nin mptcp_subflow_create_socket().\n\n[0]:\nleaked reference.\n sk_alloc (./include/net/net_namespace.h:335 net/core/sock.c:2108)\n inet_create (net/ipv4/af_inet.c:319 net/ipv4/af_inet.c:244)\n __sock_create (net/socket.c:1546)\n smc_create (net/smc/af_smc.c:3269 net/smc/af_smc.c:3284)\n __sock_create (net/socket.c:1546)\n __sys_socket (net/socket.c:1634 net/socket.c:1618 net/socket.c:1661)\n __x64_sys_socket (net/socket.c:1672)\n do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)\n==================================================================\nBUG: KASAN: slab-use-after-free in tcp_write_timer_handler (net/ipv4/tcp_timer.c:378 net/ipv4/tcp_timer.c:624 net/ipv4/tcp_timer.c:594)\nRead of size 1 at addr ffff888052b65e0d by task syzrepro/18091\n\nCPU: 0 PID: 18091 Comm: syzrepro Tainted: G W 6.3.0-rc4-01174-gb5d54eb5899a #7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-1.amzn2022.0.1 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl (lib/dump_stack.c:107)\n print_report (mm/kasan/report.c:320 mm/kasan/report.c:430)\n kasan_report (mm/kasan/report.c:538)\n tcp_write_timer_handler (net/ipv4/tcp_timer.c:378 net/ipv4/tcp_timer.c:624 net/ipv4/tcp_timer.c:594)\n tcp_write_timer (./include/linux/spinlock.h:390 net/ipv4/tcp_timer.c:643)\n call_timer_fn (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/timer.h:127 kernel/time/timer.c:1701)\n __run_timers.part.0 (kernel/time/timer.c:1752 kernel/time/timer.c:2022)\n run_timer_softirq (kernel/time/timer.c:2037)\n __do_softirq (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/irq.h:142 kernel/softirq.c:572)\n __irq_exit_rcu (kernel/softirq.c:445 kernel/softirq.c:650)\n irq_exit_rcu (kernel/softirq.c:664)\n sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1107 (discriminator 14))\n \u003c/IRQ\u003e", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53781", "https://git.kernel.org/linus/9744d2bf19762703704ecba885b7ac282c02eacf (6.3-rc7)", "https://git.kernel.org/stable/c/1cc41c8acfc1ee30b4868559058db97fa44b0137", "https://git.kernel.org/stable/c/9744d2bf19762703704ecba885b7ac282c02eacf", "https://lore.kernel.org/linux-cve-announce/2025120939-CVE-2023-53781-cb1d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53781", "https://www.cve.org/CVERecord?id=CVE-2023-53781" ], "PublishedDate": "2025-12-09T01:16:49.28Z", "LastModifiedDate": "2025-12-09T18:37:13.64Z" }, { "VulnerabilityID": "CVE-2023-53785", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53785", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:23c41e44f258d36406883af6c8ec392e4e2c332277780be3d3fe68c0dcf16554", "Title": "kernel: mt76: mt7921: don't assume adequate headroom for SDIO headers", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmt76: mt7921: don't assume adequate headroom for SDIO headers\n\nmt7921_usb_sdio_tx_prepare_skb() calls mt7921_usb_sdio_write_txwi() and\nmt7921_skb_add_usb_sdio_hdr(), both of which blindly assume that\nadequate headroom will be available in the passed skb. This assumption\ntypically is satisfied when the skb was allocated in the net core for\ntransmission via the mt7921 netdev (although even that is only an\noptimization and is not strictly guaranteed), but the assumption is\nsometimes not satisfied when the skb originated in the receive path of\nanother netdev and was passed through to the mt7921, such as by the\nbridge layer. Blindly prepending bytes to an skb is always wrong.\n\nThis commit introduces a call to skb_cow_head() before the call to\nmt7921_usb_sdio_write_txwi() in mt7921_usb_sdio_tx_prepare_skb() to\nensure that at least MT_SDIO_TXD_SIZE + MT_SDIO_HDR_SIZE bytes can be\npushed onto the skb.\n\nWithout this fix, I can trivially cause kernel panics by bridging an\nMT7921AU-based USB 802.11ax interface with an Ethernet interface on an\nIntel Atom-based x86 system using its onboard RTL8169 PCI Ethernet\nadapter and also on an ARM-based Raspberry Pi 1 using its onboard\nSMSC9512 USB Ethernet adapter. Note that the panics do not occur in\nevery system configuration, as they occur only if the receiving netdev\nleaves less headroom in its received skbs than the mt7921 needs for its\nSDIO headers.\n\nHere is an example stack trace of this panic on Raspberry Pi OS Lite\n2023-02-21 running kernel 6.1.24+ [1]:\n\n skb_panic from skb_push+0x44/0x48\n skb_push from mt7921_usb_sdio_tx_prepare_skb+0xd4/0x190 [mt7921_common]\n mt7921_usb_sdio_tx_prepare_skb [mt7921_common] from mt76u_tx_queue_skb+0x94/0x1d0 [mt76_usb]\n mt76u_tx_queue_skb [mt76_usb] from __mt76_tx_queue_skb+0x4c/0xc8 [mt76]\n __mt76_tx_queue_skb [mt76] from mt76_txq_schedule.part.0+0x13c/0x398 [mt76]\n mt76_txq_schedule.part.0 [mt76] from mt76_txq_schedule_all+0x24/0x30 [mt76]\n mt76_txq_schedule_all [mt76] from mt7921_tx_worker+0x58/0xf4 [mt7921_common]\n mt7921_tx_worker [mt7921_common] from __mt76_worker_fn+0x9c/0xec [mt76]\n __mt76_worker_fn [mt76] from kthread+0xbc/0xe0\n kthread from ret_from_fork+0x14/0x34\n\nAfter this fix, bridging the mt7921 interface works fine on both of my\npreviously problematic systems.\n\n[1] https://github.com/raspberrypi/firmware/tree/5c276f55a4b21345cd4d6200a504ee991851ff7a", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53785", "https://git.kernel.org/linus/98c4d0abf5c478db1ad126ff0c187dbb84c0803c (6.6-rc1)", "https://git.kernel.org/stable/c/414c0c04703423b78bc9dea1aa6493334dc61f6e", "https://git.kernel.org/stable/c/5c8bbb79c7cbca65534badf360f3b1145759c7bc", "https://git.kernel.org/stable/c/98c4d0abf5c478db1ad126ff0c187dbb84c0803c", "https://lore.kernel.org/linux-cve-announce/2025120940-CVE-2023-53785-2a61@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53785", "https://www.cve.org/CVERecord?id=CVE-2023-53785" ], "PublishedDate": "2025-12-09T01:16:49.81Z", "LastModifiedDate": "2025-12-09T18:37:13.64Z" }, { "VulnerabilityID": "CVE-2023-53789", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53789", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:dc648a553be4d50195a6859efeee704244a80c2d7e2b0ae6aad7a632109969ff", "Title": "kernel: iommu/amd: Improve page fault error reporting", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/amd: Improve page fault error reporting\n\nIf IOMMU domain for device group is not setup properly then we may hit\nIOMMU page fault. Current page fault handler assumes that domain is\nalways setup and it will hit NULL pointer derefence (see below sample log).\n\nLets check whether domain is setup or not and log appropriate message.\n\nSample log:\n----------\n amdgpu 0000:00:01.0: amdgpu: SE 1, SH per SE 1, CU per SH 8, active_cu_number 6\n BUG: kernel NULL pointer dereference, address: 0000000000000058\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 2 PID: 56 Comm: irq/24-AMD-Vi Not tainted 6.2.0-rc2+ #89\n Hardware name: xxx\n RIP: 0010:report_iommu_fault+0x11/0x90\n [...]\n Call Trace:\n \u003cTASK\u003e\n amd_iommu_int_thread+0x60c/0x760\n ? __pfx_irq_thread_fn+0x10/0x10\n irq_thread_fn+0x1f/0x60\n irq_thread+0xea/0x1a0\n ? preempt_count_add+0x6a/0xa0\n ? __pfx_irq_thread_dtor+0x10/0x10\n ? __pfx_irq_thread+0x10/0x10\n kthread+0xe9/0x110\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2c/0x50\n \u003c/TASK\u003e\n\n[joro: Edit commit message]", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53789", "https://git.kernel.org/linus/996d120b4de2b0d6b592bd9fbbe6e244b81ab3cc (6.3-rc1)", "https://git.kernel.org/stable/c/446080b353f048b1fddaec1434cb3d27b5de7efe", "https://git.kernel.org/stable/c/996d120b4de2b0d6b592bd9fbbe6e244b81ab3cc", "https://git.kernel.org/stable/c/be8301e2d5a8b95c04ae8e35d7bfee7b0f03f83a", "https://lore.kernel.org/linux-cve-announce/2025120940-CVE-2023-53789-c5cb@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53789", "https://www.cve.org/CVERecord?id=CVE-2023-53789" ], "PublishedDate": "2025-12-09T01:16:50.317Z", "LastModifiedDate": "2025-12-09T18:37:13.64Z" }, { "VulnerabilityID": "CVE-2023-53791", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53791", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1bac49c08d56fd5f62f671217887e8c47ec1d69174a5c68edf33b6e961854ac9", "Title": "kernel: md: fix warning for holder mismatch from export_rdev()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: fix warning for holder mismatch from export_rdev()\n\nCommit a1d767191096 (\"md: use mddev-\u003eexternal to select holder in\nexport_rdev()\") fix the problem that 'claim_rdev' is used for\nblkdev_get_by_dev() while 'rdev' is used for blkdev_put().\n\nHowever, if mddev-\u003eexternal is changed from 0 to 1, then 'rdev' is used\nfor blkdev_get_by_dev() while 'claim_rdev' is used for blkdev_put(). And\nthis problem can be reporduced reliably by following:\n\nNew file: mdadm/tests/23rdev-lifetime\n\ndevname=${dev0##*/}\ndevt=`cat /sys/block/$devname/dev`\npid=\"\"\nruntime=2\n\nclean_up_test() {\n pill -9 $pid\n echo clear \u003e /sys/block/md0/md/array_state\n}\n\ntrap 'clean_up_test' EXIT\n\nadd_by_sysfs() {\n while true; do\n echo $devt \u003e /sys/block/md0/md/new_dev\n done\n}\n\nremove_by_sysfs(){\n while true; do\n echo remove \u003e /sys/block/md0/md/dev-${devname}/state\n done\n}\n\necho md0 \u003e /sys/module/md_mod/parameters/new_array || die \"create md0 failed\"\n\nadd_by_sysfs \u0026\npid=\"$pid $!\"\n\nremove_by_sysfs \u0026\npid=\"$pid $!\"\n\nsleep $runtime\nexit 0\n\nTest cmd:\n\n./test --save-logs --logdir=/tmp/ --keep-going --dev=loop --tests=23rdev-lifetime\n\nTest result:\n\n------------[ cut here ]------------\nWARNING: CPU: 0 PID: 960 at block/bdev.c:618 blkdev_put+0x27c/0x330\nModules linked in: multipath md_mod loop\nCPU: 0 PID: 960 Comm: test Not tainted 6.5.0-rc2-00121-g01e55c376936-dirty #50\nRIP: 0010:blkdev_put+0x27c/0x330\nCall Trace:\n \u003cTASK\u003e\n export_rdev.isra.23+0x50/0xa0 [md_mod]\n mddev_unlock+0x19d/0x300 [md_mod]\n rdev_attr_store+0xec/0x190 [md_mod]\n sysfs_kf_write+0x52/0x70\n kernfs_fop_write_iter+0x19a/0x2a0\n vfs_write+0x3b5/0x770\n ksys_write+0x74/0x150\n __x64_sys_write+0x22/0x30\n do_syscall_64+0x40/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nFix the problem by recording if 'rdev' is used as holder.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53791", "https://git.kernel.org/linus/99892147f028d711f9d40fefad4f33632593864c (6.6-rc2)", "https://git.kernel.org/stable/c/99892147f028d711f9d40fefad4f33632593864c", "https://git.kernel.org/stable/c/99fcd427178d0f58f5520f8f01df727f8eaeb2c7", "https://lore.kernel.org/linux-cve-announce/2025120941-CVE-2023-53791-a2ea@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53791", "https://www.cve.org/CVERecord?id=CVE-2023-53791" ], "PublishedDate": "2025-12-09T01:16:50.57Z", "LastModifiedDate": "2025-12-09T18:37:13.64Z" }, { "VulnerabilityID": "CVE-2023-53794", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53794", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8010f385ddde4bbb9c752390ccec79280324f9cb8c838547b6f0bc3fe65e7c8d", "Title": "kernel: cifs: fix session state check in reconnect to avoid use-after-free issue", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix session state check in reconnect to avoid use-after-free issue\n\nDon't collect exiting session in smb2_reconnect_server(), because it\nwill be released soon.\n\nNote that the exiting session will stay in server-\u003esmb_ses_list until\nit complete the cifs_free_ipc() and logoff() and then delete itself\nfrom the list.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53794", "https://git.kernel.org/linus/99f280700b4cc02d5f141b8d15f8e9fad0418f65 (6.5-rc1)", "https://git.kernel.org/stable/c/759ffc164d95a32c09528766d74d9b4fb054e8f4", "https://git.kernel.org/stable/c/7e4f5c3f01fb0e51ca438e43262d858daf9a0a76", "https://git.kernel.org/stable/c/99f280700b4cc02d5f141b8d15f8e9fad0418f65", "https://lore.kernel.org/linux-cve-announce/2025120941-CVE-2023-53794-8912@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53794", "https://www.cve.org/CVERecord?id=CVE-2023-53794" ], "PublishedDate": "2025-12-09T01:16:50.957Z", "LastModifiedDate": "2025-12-09T18:37:13.64Z" }, { "VulnerabilityID": "CVE-2023-53806", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53806", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:20b8d11c9afaef3efa628d40451ffc4a271aaef0d0372441955e4bcdc7cd9870", "Title": "kernel: drm/amd/display: populate subvp cmd info only for the top pipe", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: populate subvp cmd info only for the top pipe\n\n[Why]\nSystem restart observed while changing the display resolution\nto 8k with extended mode. Sytem restart was caused by a page fault.\n\n[How]\nWhen the driver populates subvp info it did it for both the pipes using\nvblank which caused an outof bounds array access causing the page fault.\nadded checks to allow the top pipe only to fix this issue.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53806", "https://git.kernel.org/linus/9bb10b7aaec3b6278f9cc410c17dcaa129bbbbf0 (6.4-rc1)", "https://git.kernel.org/stable/c/375d192eb1f1d9229a6d994da7ba31f3582b106b", "https://git.kernel.org/stable/c/92e6c79acad4b96efeff261d27bdbd8089a7dd24", "https://git.kernel.org/stable/c/9bb10b7aaec3b6278f9cc410c17dcaa129bbbbf0", "https://lore.kernel.org/linux-cve-announce/2025120943-CVE-2023-53806-03cb@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53806", "https://www.cve.org/CVERecord?id=CVE-2023-53806" ], "PublishedDate": "2025-12-09T01:16:52.54Z", "LastModifiedDate": "2025-12-09T18:37:13.64Z" }, { "VulnerabilityID": "CVE-2023-53816", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53816", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e329517a115c55d0aa1b6eb7dab0be31afd74f6c7246ae1ac9e470251d054f65", "Title": "kernel: drm/amdkfd: fix potential kgd_mem UAFs", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: fix potential kgd_mem UAFs\n\nkgd_mem pointers returned by kfd_process_device_translate_handle are\nonly guaranteed to be valid while p-\u003emutex is held. As soon as the mutex\nis unlocked, another thread can free the BO.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53816", "https://git.kernel.org/linus/9da050b0d9e04439d225a2ec3044af70cdfb3933 (6.3-rc3)", "https://git.kernel.org/stable/c/5045360f3bb62ccd4f87202e33489f71f8bbc3fc", "https://git.kernel.org/stable/c/5ca14fb5552ac13a2402d306c0bd2379a71610ff", "https://git.kernel.org/stable/c/9da050b0d9e04439d225a2ec3044af70cdfb3933", "https://lore.kernel.org/linux-cve-announce/2025120945-CVE-2023-53816-e869@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53816", "https://www.cve.org/CVERecord?id=CVE-2023-53816" ], "PublishedDate": "2025-12-09T01:16:53.84Z", "LastModifiedDate": "2025-12-09T18:37:13.64Z" }, { "VulnerabilityID": "CVE-2023-53822", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53822", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e630e64cf798ed5fec6dc0210d4a07261bfb14a8dc091a5d291a4c45f0d806cc", "Title": "kernel: wifi: ath11k: Ignore frags from uninitialized peer in dp", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: Ignore frags from uninitialized peer in dp.\n\nWhen max virtual ap interfaces are configured in all the bands with\nACS and hostapd restart is done every 60s, a crash is observed at\nrandom times.\nIn this certain scenario, a fragmented packet is received for\nself peer, for which rx_tid and rx_frags are not initialized in\ndatapath. While handling this fragment, crash is observed as the\nrx_frag list is uninitialised and when we walk in\nath11k_dp_rx_h_sort_frags, skb null leads to exception.\n\nTo address this, before processing received fragments we check\ndp_setup_done flag is set to ensure that peer has completed its\ndp peer setup for fragment queue, else ignore processing the\nfragments.\n\nCall trace:\n ath11k_dp_process_rx_err+0x550/0x1084 [ath11k]\n ath11k_dp_service_srng+0x70/0x370 [ath11k]\n 0xffffffc009693a04\n __napi_poll+0x30/0xa4\n net_rx_action+0x118/0x270\n __do_softirq+0x10c/0x244\n irq_exit+0x64/0xb4\n __handle_domain_irq+0x88/0xac\n gic_handle_irq+0x74/0xbc\n el1_irq+0xf0/0x1c0\n arch_cpu_idle+0x10/0x18\n do_idle+0x104/0x248\n cpu_startup_entry+0x20/0x64\n rest_init+0xd0/0xdc\n arch_call_rest_init+0xc/0x14\n start_kernel+0x480/0x4b8\n Code: f9400281 f94066a2 91405021 b94a0023 (f9406401)\n\nTested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53822", "https://git.kernel.org/linus/a06bfb3c9f69f303692cdae87bc0899d2ae8b2a6 (6.4-rc1)", "https://git.kernel.org/stable/c/41efc47f5bc53e63461579e206adc17c4452ab6e", "https://git.kernel.org/stable/c/a06bfb3c9f69f303692cdae87bc0899d2ae8b2a6", "https://git.kernel.org/stable/c/e78526a06b53718bfc1dfff37864c7760e41f8ec", "https://lore.kernel.org/linux-cve-announce/2025120950-CVE-2023-53822-c4da@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53822", "https://www.cve.org/CVERecord?id=CVE-2023-53822" ], "PublishedDate": "2025-12-09T16:17:20.993Z", "LastModifiedDate": "2025-12-09T18:37:13.64Z" }, { "VulnerabilityID": "CVE-2023-53829", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53829", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:76e7c4ca1695836f5f9bd6cccc977df31f477cc0ab0041009e5fa1e64db9a1bc", "Title": "kernel: f2fs: flush inode if atomic file is aborted", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: flush inode if atomic file is aborted\n\nLet's flush the inode being aborted atomic operation to avoid stale dirty\ninode during eviction in this call stack:\n\n f2fs_mark_inode_dirty_sync+0x22/0x40 [f2fs]\n f2fs_abort_atomic_write+0xc4/0xf0 [f2fs]\n f2fs_evict_inode+0x3f/0x690 [f2fs]\n ? sugov_start+0x140/0x140\n evict+0xc3/0x1c0\n evict_inodes+0x17b/0x210\n generic_shutdown_super+0x32/0x120\n kill_block_super+0x21/0x50\n deactivate_locked_super+0x31/0x90\n cleanup_mnt+0x100/0x160\n task_work_run+0x59/0x90\n do_exit+0x33b/0xa50\n do_group_exit+0x2d/0x80\n __x64_sys_exit_group+0x14/0x20\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThis triggers f2fs_bug_on() in f2fs_evict_inode:\n f2fs_bug_on(sbi, is_inode_flag_set(inode, FI_DIRTY_INODE));\n\nThis fixes the syzbot report:\n\nloop0: detected capacity change from 0 to 131072\nF2FS-fs (loop0): invalid crc value\nF2FS-fs (loop0): Found nat_bits in checkpoint\nF2FS-fs (loop0): Mounted with checkpoint version = 48b305e4\n------------[ cut here ]------------\nkernel BUG at fs/f2fs/inode.c:869!\ninvalid opcode: 0000 [#1] PREEMPT SMP KASAN\nCPU: 0 PID: 5014 Comm: syz-executor220 Not tainted 6.4.0-syzkaller-11479-g6cd06ab12d1a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023\nRIP: 0010:f2fs_evict_inode+0x172d/0x1e00 fs/f2fs/inode.c:869\nCode: ff df 48 c1 ea 03 80 3c 02 00 0f 85 6a 06 00 00 8b 75 40 ba 01 00 00 00 4c 89 e7 e8 6d ce 06 00 e9 aa fc ff ff e8 63 22 e2 fd \u003c0f\u003e 0b e8 5c 22 e2 fd 48 c7 c0 a8 3a 18 8d 48 ba 00 00 00 00 00 fc\nRSP: 0018:ffffc90003a6fa00 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000\nRDX: ffff8880273b8000 RSI: ffffffff83a2bd0d RDI: 0000000000000007\nRBP: ffff888077db91b0 R08: 0000000000000007 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000001 R12: ffff888029a3c000\nR13: ffff888077db9660 R14: ffff888029a3c0b8 R15: ffff888077db9c50\nFS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f1909bb9000 CR3: 00000000276a9000 CR4: 0000000000350ef0\nCall Trace:\n \u003cTASK\u003e\n evict+0x2ed/0x6b0 fs/inode.c:665\n dispose_list+0x117/0x1e0 fs/inode.c:698\n evict_inodes+0x345/0x440 fs/inode.c:748\n generic_shutdown_super+0xaf/0x480 fs/super.c:478\n kill_block_super+0x64/0xb0 fs/super.c:1417\n kill_f2fs_super+0x2af/0x3c0 fs/f2fs/super.c:4704\n deactivate_locked_super+0x98/0x160 fs/super.c:330\n deactivate_super+0xb1/0xd0 fs/super.c:361\n cleanup_mnt+0x2ae/0x3d0 fs/namespace.c:1254\n task_work_run+0x16f/0x270 kernel/task_work.c:179\n exit_task_work include/linux/task_work.h:38 [inline]\n do_exit+0xa9a/0x29a0 kernel/exit.c:874\n do_group_exit+0xd4/0x2a0 kernel/exit.c:1024\n __do_sys_exit_group kernel/exit.c:1035 [inline]\n __se_sys_exit_group kernel/exit.c:1033 [inline]\n __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1033\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7f309be71a09\nCode: Unable to access opcode bytes at 0x7f309be719df.\nRSP: 002b:00007fff171df518 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 00007f309bef7330 RCX: 00007f309be71a09\nRDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001\nRBP: 0000000000000001 R08: ffffffffffffffc0 R09: 00007f309bef1e40\nR10: 0000000000010600 R11: 0000000000000246 R12: 00007f309bef7330\nR13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001\n \u003c/TASK\u003e\nModules linked in:\n---[ end trace 0000000000000000 ]---\nRIP: 0010:f2fs_evict_inode+0x172d/0x1e00 fs/f2fs/inode.c:869\nCode: ff df 48 c1 ea 03 80 3c 02 00 0f 85 6a 06 00 00 8b 75 40 ba 01 00 00 00 4c 89 e7 e8 6d ce 06 00 e9 aa fc ff ff e8 63 22 e2 fd \u003c0f\u003e 0b e8 5c 22 e2 fd 48 c7 c0 a8 3a 18 8d 48 ba 00 00 00 00 00 fc\nRSP: 0018:ffffc90003a6fa00 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: 0000000000\n---truncated---", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53829", "https://git.kernel.org/linus/a3ab55746612247ce3dcaac6de66f5ffc055b9df (6.6-rc1)", "https://git.kernel.org/stable/c/1c64dbe8fa3552a340bca6d7fa09468c16ed2a85", "https://git.kernel.org/stable/c/a3ab55746612247ce3dcaac6de66f5ffc055b9df", "https://git.kernel.org/stable/c/bfa7853bb47fee0c17030b377c98cf4ede47ba33", "https://lore.kernel.org/linux-cve-announce/2025120953-CVE-2023-53829-2fe9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53829", "https://www.cve.org/CVERecord?id=CVE-2023-53829" ], "PublishedDate": "2025-12-09T16:17:21.79Z", "LastModifiedDate": "2025-12-09T18:37:13.64Z" }, { "VulnerabilityID": "CVE-2023-53846", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53846", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:151d7fb34120a42816dfe9236e191fac3d62045fe9fa61f41b6dfa4ee123659d", "Title": "kernel: f2fs: fix to do sanity check on direct node in truncate_dnode()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on direct node in truncate_dnode()\n\nsyzbot reports below bug:\n\nBUG: KASAN: slab-use-after-free in f2fs_truncate_data_blocks_range+0x122a/0x14c0 fs/f2fs/file.c:574\nRead of size 4 at addr ffff88802a25c000 by task syz-executor148/5000\n\nCPU: 1 PID: 5000 Comm: syz-executor148 Not tainted 6.4.0-rc7-syzkaller-00041-ge660abd551f1 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106\n print_address_description.constprop.0+0x2c/0x3c0 mm/kasan/report.c:351\n print_report mm/kasan/report.c:462 [inline]\n kasan_report+0x11c/0x130 mm/kasan/report.c:572\n f2fs_truncate_data_blocks_range+0x122a/0x14c0 fs/f2fs/file.c:574\n truncate_dnode+0x229/0x2e0 fs/f2fs/node.c:944\n f2fs_truncate_inode_blocks+0x64b/0xde0 fs/f2fs/node.c:1154\n f2fs_do_truncate_blocks+0x4ac/0xf30 fs/f2fs/file.c:721\n f2fs_truncate_blocks+0x7b/0x300 fs/f2fs/file.c:749\n f2fs_truncate.part.0+0x4a5/0x630 fs/f2fs/file.c:799\n f2fs_truncate include/linux/fs.h:825 [inline]\n f2fs_setattr+0x1738/0x2090 fs/f2fs/file.c:1006\n notify_change+0xb2c/0x1180 fs/attr.c:483\n do_truncate+0x143/0x200 fs/open.c:66\n handle_truncate fs/namei.c:3295 [inline]\n do_open fs/namei.c:3640 [inline]\n path_openat+0x2083/0x2750 fs/namei.c:3791\n do_filp_open+0x1ba/0x410 fs/namei.c:3818\n do_sys_openat2+0x16d/0x4c0 fs/open.c:1356\n do_sys_open fs/open.c:1372 [inline]\n __do_sys_creat fs/open.c:1448 [inline]\n __se_sys_creat fs/open.c:1442 [inline]\n __x64_sys_creat+0xcd/0x120 fs/open.c:1442\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe root cause is, inodeA references inodeB via inodeB's ino, once inodeA\nis truncated, it calls truncate_dnode() to truncate data blocks in inodeB's\nnode page, it traverse mapping data from node-\u003ei.i_addr[0] to\nnode-\u003ei.i_addr[ADDRS_PER_BLOCK() - 1], result in out-of-boundary access.\n\nThis patch fixes to add sanity check on dnode page in truncate_dnode(),\nso that, it can help to avoid triggering such issue, and once it encounters\nsuch issue, it will record newly introduced ERROR_INVALID_NODE_REFERENCE\nerror into superblock, later fsck can detect such issue and try repairing.\n\nAlso, it removes f2fs_truncate_data_blocks() for cleanup due to the\nfunction has only one caller, and uses f2fs_truncate_data_blocks_range()\ninstead.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53846", "https://git.kernel.org/linus/a6ec83786ab9f13f25fb18166dee908845713a95 (6.5-rc1)", "https://git.kernel.org/stable/c/a6ec83786ab9f13f25fb18166dee908845713a95", "https://git.kernel.org/stable/c/af0f716ad3b039cab9d426da63a5ee6c88751185", "https://lore.kernel.org/linux-cve-announce/2025120959-CVE-2023-53846-70c9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53846", "https://www.cve.org/CVERecord?id=CVE-2023-53846" ], "PublishedDate": "2025-12-09T16:17:25.003Z", "LastModifiedDate": "2025-12-09T18:37:13.64Z" }, { "VulnerabilityID": "CVE-2023-53849", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53849", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:42de7e5c8db02e261527b5dd74a8bbaab298f9ae630845bd2b237daf956f5122", "Title": "kernel: drm/msm: fix workqueue leak on bind errors", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: fix workqueue leak on bind errors\n\nMake sure to destroy the workqueue also in case of early errors during\nbind (e.g. a subcomponent failing to bind).\n\nSince commit c3b790ea07a1 (\"drm: Manage drm_mode_config_init with\ndrmm_\") the mode config will be freed when the drm device is released\nalso when using the legacy interface, but add an explicit cleanup for\nconsistency and to facilitate backporting.\n\nPatchwork: https://patchwork.freedesktop.org/patch/525093/", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53849", "https://git.kernel.org/linus/a75b49db6529b2af049eafd938fae888451c3685 (6.4-rc1)", "https://git.kernel.org/stable/c/28e34db2f3e0130872e2384dd9df9f82bd89e967", "https://git.kernel.org/stable/c/6e1476225ec02eeebc4b79f793506f80bc4bca8f", "https://git.kernel.org/stable/c/8551c4b7c8ffb42f759547e5c39da5980abf2432", "https://git.kernel.org/stable/c/a75b49db6529b2af049eafd938fae888451c3685", "https://lore.kernel.org/linux-cve-announce/2025120900-CVE-2023-53849-2108@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53849", "https://www.cve.org/CVERecord?id=CVE-2023-53849" ], "PublishedDate": "2025-12-09T16:17:25.427Z", "LastModifiedDate": "2025-12-09T18:37:13.64Z" }, { "VulnerabilityID": "CVE-2023-53850", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53850", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:28484d1c07f80467dfe8e40851d0eba888d7936e803124eb403435d1b3352bc8", "Title": "kernel: iavf: use internal state to free traffic IRQs", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: use internal state to free traffic IRQs\n\nIf the system tries to close the netdev while iavf_reset_task() is\nrunning, __LINK_STATE_START will be cleared and netif_running() will\nreturn false in iavf_reinit_interrupt_scheme(). This will result in\niavf_free_traffic_irqs() not being called and a leak as follows:\n\n [7632.489326] remove_proc_entry: removing non-empty directory 'irq/999', leaking at least 'iavf-enp24s0f0v0-TxRx-0'\n [7632.490214] WARNING: CPU: 0 PID: 10 at fs/proc/generic.c:718 remove_proc_entry+0x19b/0x1b0\n\nis shown when pci_disable_msix() is later called. Fix by using the\ninternal adapter state. The traffic IRQs will always exist if\nstate == __IAVF_RUNNING.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53850", "https://git.kernel.org/linus/a77ed5c5b768e9649be240a2d864e5cd9c6a2015 (6.5-rc3)", "https://git.kernel.org/stable/c/5e9db32eec628481f5da97a5b1aedb84a5240d18", "https://git.kernel.org/stable/c/6d9d01689b82ff5cb8f8d2a82717d7997bc0bfff", "https://git.kernel.org/stable/c/a77ed5c5b768e9649be240a2d864e5cd9c6a2015", "https://lore.kernel.org/linux-cve-announce/2025120900-CVE-2023-53850-5649@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53850", "https://www.cve.org/CVERecord?id=CVE-2023-53850" ], "PublishedDate": "2025-12-09T16:17:25.547Z", "LastModifiedDate": "2025-12-09T18:37:13.64Z" }, { "VulnerabilityID": "CVE-2023-53855", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53855", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:91a7070945f9f2b2cd3e752488b41571217f8c3c43c23ee5836e2c63945b8c9b", "Title": "kernel: net: dsa: ocelot: call dsa_tag_8021q_unregister() under rtnl_lock() on driver remove", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: ocelot: call dsa_tag_8021q_unregister() under rtnl_lock() on driver remove\n\nWhen the tagging protocol in current use is \"ocelot-8021q\" and we unbind\nthe driver, we see this splat:\n\n$ echo '0000:00:00.2' \u003e /sys/bus/pci/drivers/fsl_enetc/unbind\nmscc_felix 0000:00:00.5 swp0: left promiscuous mode\nsja1105 spi2.0: Link is Down\nDSA: tree 1 torn down\nmscc_felix 0000:00:00.5 swp2: left promiscuous mode\nsja1105 spi2.2: Link is Down\nDSA: tree 3 torn down\nfsl_enetc 0000:00:00.2 eno2: left promiscuous mode\nmscc_felix 0000:00:00.5: Link is Down\n------------[ cut here ]------------\nRTNL: assertion failed at net/dsa/tag_8021q.c (409)\nWARNING: CPU: 1 PID: 329 at net/dsa/tag_8021q.c:409 dsa_tag_8021q_unregister+0x12c/0x1a0\nModules linked in:\nCPU: 1 PID: 329 Comm: bash Not tainted 6.5.0-rc3+ #771\npc : dsa_tag_8021q_unregister+0x12c/0x1a0\nlr : dsa_tag_8021q_unregister+0x12c/0x1a0\nCall trace:\n dsa_tag_8021q_unregister+0x12c/0x1a0\n felix_tag_8021q_teardown+0x130/0x150\n felix_teardown+0x3c/0xd8\n dsa_tree_teardown_switches+0xbc/0xe0\n dsa_unregister_switch+0x168/0x260\n felix_pci_remove+0x30/0x60\n pci_device_remove+0x4c/0x100\n device_release_driver_internal+0x188/0x288\n device_links_unbind_consumers+0xfc/0x138\n device_release_driver_internal+0xe0/0x288\n device_driver_detach+0x24/0x38\n unbind_store+0xd8/0x108\n drv_attr_store+0x30/0x50\n---[ end trace 0000000000000000 ]---\n------------[ cut here ]------------\nRTNL: assertion failed at net/8021q/vlan_core.c (376)\nWARNING: CPU: 1 PID: 329 at net/8021q/vlan_core.c:376 vlan_vid_del+0x1b8/0x1f0\nCPU: 1 PID: 329 Comm: bash Tainted: G W 6.5.0-rc3+ #771\npc : vlan_vid_del+0x1b8/0x1f0\nlr : vlan_vid_del+0x1b8/0x1f0\n dsa_tag_8021q_unregister+0x8c/0x1a0\n felix_tag_8021q_teardown+0x130/0x150\n felix_teardown+0x3c/0xd8\n dsa_tree_teardown_switches+0xbc/0xe0\n dsa_unregister_switch+0x168/0x260\n felix_pci_remove+0x30/0x60\n pci_device_remove+0x4c/0x100\n device_release_driver_internal+0x188/0x288\n device_links_unbind_consumers+0xfc/0x138\n device_release_driver_internal+0xe0/0x288\n device_driver_detach+0x24/0x38\n unbind_store+0xd8/0x108\n drv_attr_store+0x30/0x50\nDSA: tree 0 torn down\n\nThis was somewhat not so easy to spot, because \"ocelot-8021q\" is not the\ndefault tagging protocol, and thus, not everyone who tests the unbinding\npath may have switched to it beforehand. The default\nfelix_tag_npi_teardown() does not require rtnl_lock() to be held.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53855", "https://git.kernel.org/linus/a94c16a2fda010866b8858a386a8bfbeba4f72c5 (6.5-rc6)", "https://git.kernel.org/stable/c/758dbcfb257e1aee0a310bae789c2af6ffe35d0f", "https://git.kernel.org/stable/c/7ae8fa6b70975b6efbbef7912d09bff5a0bff491", "https://git.kernel.org/stable/c/a94c16a2fda010866b8858a386a8bfbeba4f72c5", "https://lore.kernel.org/linux-cve-announce/2025120902-CVE-2023-53855-9798@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53855", "https://www.cve.org/CVERecord?id=CVE-2023-53855" ], "PublishedDate": "2025-12-09T16:17:26.173Z", "LastModifiedDate": "2025-12-09T18:37:13.64Z" }, { "VulnerabilityID": "CVE-2023-53867", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53867", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b7e6e62ea994f680bcb2d0e5ca1dddab13de7669d117a566a4471dfd55bc8c13", "Title": "kernel: ceph: fix potential use-after-free bug when trimming caps", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: fix potential use-after-free bug when trimming caps\n\nWhen trimming the caps and just after the 'session-\u003es_cap_lock' is\nreleased in ceph_iterate_session_caps() the cap maybe removed by\nanother thread, and when using the stale cap memory in the callbacks\nit will trigger use-after-free crash.\n\nWe need to check the existence of the cap just after the 'ci-\u003ei_ceph_lock'\nbeing acquired. And do nothing if it's already removed.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53867", "https://git.kernel.org/stable/c/2b2515b8095cf2149bef44383a99d5b5677f1831", "https://git.kernel.org/stable/c/448875a73e16ba7d81dec9274ce9d33a12d092fb", "https://git.kernel.org/stable/c/aaf67de78807c59c35bafb5003d4fb457c764800", "https://git.kernel.org/stable/c/ae6e935618d99cdba11eab4714092e7e5f13cf7e", "https://lore.kernel.org/linux-cve-announce/2025122422-CVE-2023-53867-cb3e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53867", "https://www.cve.org/CVERecord?id=CVE-2023-53867" ], "PublishedDate": "2025-12-24T11:15:51.387Z", "LastModifiedDate": "2025-12-29T15:58:56.26Z" }, { "VulnerabilityID": "CVE-2023-53992", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53992", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:77e17a6bf96748ecb5c621454a42aeeeacf772fc1a12c828268cea0eb2e4f6be", "Title": "kernel: wifi: cfg80211: ocb: don't leave if not joined", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: ocb: don't leave if not joined\n\nIf there's no OCB state, don't ask the driver/mac80211 to\nleave, since that's just confusing. Since set/clear the\nchandef state, that's a simple check.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53992", "https://git.kernel.org/stable/c/94332210902967b7d63294b43428c8ed075b20e6", "https://git.kernel.org/stable/c/abc76cf552e13cfa88a204b362a86b0e08e95228", "https://git.kernel.org/stable/c/d7b0fe3487d203c04ee1bda91a63bd4dd398c350", "https://lore.kernel.org/linux-cve-announce/2025122424-CVE-2023-53992-d45e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53992", "https://www.cve.org/CVERecord?id=CVE-2023-53992" ], "PublishedDate": "2025-12-24T11:15:52.1Z", "LastModifiedDate": "2025-12-29T15:58:56.26Z" }, { "VulnerabilityID": "CVE-2023-54002", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-54002", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:10bf6ca8aa892465d19c992ff55b0136f407e957f725e018af948d7b61484fca", "Title": "kernel: btrfs: fix assertion of exclop condition when starting balance", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix assertion of exclop condition when starting balance\n\nBalance as exclusive state is compatible with paused balance and device\nadd, which makes some things more complicated. The assertion of valid\nstates when starting from paused balance needs to take into account two\nmore states, the combinations can be hit when there are several threads\nracing to start balance and device add. This won't typically happen when\nthe commands are started from command line.\n\nScenario 1: With exclusive_operation state == BTRFS_EXCLOP_NONE.\n\nConcurrently adding multiple devices to the same mount point and\nbtrfs_exclop_finish executed finishes before assertion in\nbtrfs_exclop_balance, exclusive_operation will changed to\nBTRFS_EXCLOP_NONE state which lead to assertion failed:\n\n fs_info-\u003eexclusive_operation == BTRFS_EXCLOP_BALANCE ||\n fs_info-\u003eexclusive_operation == BTRFS_EXCLOP_DEV_ADD,\n in fs/btrfs/ioctl.c:456\n Call Trace:\n \u003cTASK\u003e\n btrfs_exclop_balance+0x13c/0x310\n ? memdup_user+0xab/0xc0\n ? PTR_ERR+0x17/0x20\n btrfs_ioctl_add_dev+0x2ee/0x320\n btrfs_ioctl+0x9d5/0x10d0\n ? btrfs_ioctl_encoded_write+0xb80/0xb80\n __x64_sys_ioctl+0x197/0x210\n do_syscall_64+0x3c/0xb0\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nScenario 2: With exclusive_operation state == BTRFS_EXCLOP_BALANCE_PAUSED.\n\nConcurrently adding multiple devices to the same mount point and\nbtrfs_exclop_balance executed finish before the latter thread execute\nassertion in btrfs_exclop_balance, exclusive_operation will changed to\nBTRFS_EXCLOP_BALANCE_PAUSED state which lead to assertion failed:\n\n fs_info-\u003eexclusive_operation == BTRFS_EXCLOP_BALANCE ||\n fs_info-\u003eexclusive_operation == BTRFS_EXCLOP_DEV_ADD ||\n fs_info-\u003eexclusive_operation == BTRFS_EXCLOP_NONE,\n fs/btrfs/ioctl.c:458\n Call Trace:\n \u003cTASK\u003e\n btrfs_exclop_balance+0x240/0x410\n ? memdup_user+0xab/0xc0\n ? PTR_ERR+0x17/0x20\n btrfs_ioctl_add_dev+0x2ee/0x320\n btrfs_ioctl+0x9d5/0x10d0\n ? btrfs_ioctl_encoded_write+0xb80/0xb80\n __x64_sys_ioctl+0x197/0x210\n do_syscall_64+0x3c/0xb0\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nAn example of the failed assertion is below, which shows that the\npaused balance is also needed to be checked.\n\n root@syzkaller:/home/xsk# ./repro\n Failed to add device /dev/vda, errno 14\n Failed to add device /dev/vda, errno 14\n Failed to add device /dev/vda, errno 14\n Failed to add device /dev/vda, errno 14\n Failed to add device /dev/vda, errno 14\n Failed to add device /dev/vda, errno 14\n Failed to add device /dev/vda, errno 14\n Failed to add device /dev/vda, errno 14\n Failed to add device /dev/vda, errno 14\n [ 416.611428][ T7970] BTRFS info (device loop0): fs_info exclusive_operation: 0\n Failed to add device /dev/vda, errno 14\n [ 416.613973][ T7971] BTRFS info (device loop0): fs_info exclusive_operation: 3\n Failed to add device /dev/vda, errno 14\n [ 416.615456][ T7972] BTRFS info (device loop0): fs_info exclusive_operation: 3\n Failed to add device /dev/vda, errno 14\n [ 416.617528][ T7973] BTRFS info (device loop0): fs_info exclusive_operation: 3\n Failed to add device /dev/vda, errno 14\n [ 416.618359][ T7974] BTRFS info (device loop0): fs_info exclusive_operation: 3\n Failed to add device /dev/vda, errno 14\n [ 416.622589][ T7975] BTRFS info (device loop0): fs_info exclusive_operation: 3\n Failed to add device /dev/vda, errno 14\n [ 416.624034][ T7976] BTRFS info (device loop0): fs_info exclusive_operation: 3\n Failed to add device /dev/vda, errno 14\n [ 416.626420][ T7977] BTRFS info (device loop0): fs_info exclusive_operation: 3\n Failed to add device /dev/vda, errno 14\n [ 416.627643][ T7978] BTRFS info (device loop0): fs_info exclusive_operation: 3\n Failed to add device /dev/vda, errno 14\n [ 416.629006][ T7979] BTRFS info (device loop0): fs_info exclusive_operation: 3\n [ 416.630298][ T7980] BTRFS info (device loop0): fs_info exclusive_operation: 3\n Fai\n---truncated---", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-54002", "https://git.kernel.org/stable/c/17eaeee4c5f24946aad0298d51f32981c3161d13", "https://git.kernel.org/stable/c/6062e9e335a3bf409b5118bfe4cc10aff4b6adb1", "https://git.kernel.org/stable/c/7877dc1136ada770622d22041be306539902951b", "https://git.kernel.org/stable/c/ac868bc9d136cde6e3eb5de77019a63d57a540ff", "https://lore.kernel.org/linux-cve-announce/2025122427-CVE-2023-54002-10d8@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-54002", "https://www.cve.org/CVERecord?id=CVE-2023-54002" ], "PublishedDate": "2025-12-24T11:15:53.117Z", "LastModifiedDate": "2025-12-29T15:58:56.26Z" }, { "VulnerabilityID": "CVE-2023-54016", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-54016", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c36cae6266b7c6d2213e9a9a06991908a703c770cc9c39278c0c8075f6bda349", "Title": "kernel: Linux kernel: Memory leak in ath12k Wi-Fi driver can lead to denial of service", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Fix memory leak in rx_desc and tx_desc\n\nCurrently when ath12k_dp_cc_desc_init() is called we allocate\nmemory to rx_descs and tx_descs. In ath12k_dp_cc_cleanup(), during\ndescriptor cleanup rx_descs and tx_descs memory is not freed.\n\nThis is cause of memory leak. These allocated memory should be\nfreed in ath12k_dp_cc_cleanup.\n\nIn ath12k_dp_cc_desc_init(), we can save base address of rx_descs\nand tx_descs. In ath12k_dp_cc_cleanup(), we can free rx_descs and\ntx_descs memory using their base address.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-54016", "https://git.kernel.org/stable/c/afb522b36e76acaa9f8fc06d0a9742d841c47c16", "https://git.kernel.org/stable/c/e16be2d34883eecfe7fd888fcdb76c7a5db5d187", "https://lore.kernel.org/linux-cve-announce/2025122432-CVE-2023-54016-522e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-54016", "https://www.cve.org/CVERecord?id=CVE-2023-54016" ], "PublishedDate": "2025-12-24T11:15:54.57Z", "LastModifiedDate": "2025-12-29T15:58:56.26Z" }, { "VulnerabilityID": "CVE-2023-54019", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-54019", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:38d3d00d8fc5b5cf891282c21a97813f27269ebc2155c72d2e2af615a0204b65", "Title": "kernel: sched/psi: use kernfs polling functions for PSI trigger polling", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/psi: use kernfs polling functions for PSI trigger polling\n\nDestroying psi trigger in cgroup_file_release causes UAF issues when\na cgroup is removed from under a polling process. This is happening\nbecause cgroup removal causes a call to cgroup_file_release while the\nactual file is still alive. Destroying the trigger at this point would\nalso destroy its waitqueue head and if there is still a polling process\non that file accessing the waitqueue, it will step on the freed pointer:\n\ndo_select\n vfs_poll\n do_rmdir\n cgroup_rmdir\n kernfs_drain_open_files\n cgroup_file_release\n cgroup_pressure_release\n psi_trigger_destroy\n wake_up_pollfree(\u0026t-\u003eevent_wait)\n// vfs_poll is unblocked\n synchronize_rcu\n kfree(t)\n poll_freewait -\u003e UAF access to the trigger's waitqueue head\n\nPatch [1] fixed this issue for epoll() case using wake_up_pollfree(),\nhowever the same issue exists for synchronous poll() case.\nThe root cause of this issue is that the lifecycles of the psi trigger's\nwaitqueue and of the file associated with the trigger are different. Fix\nthis by using kernfs_generic_poll function when polling on cgroup-specific\npsi triggers. It internally uses kernfs_open_node-\u003epoll waitqueue head\nwith its lifecycle tied to the file's lifecycle. This also renders the\nfix in [1] obsolete, so revert it.\n\n[1] commit c2dbe32d5db5 (\"sched/psi: Fix use-after-free in ep_remove_wait_queue()\")", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-54019", "https://git.kernel.org/stable/c/92cc0153324b6ae8577a39f5bf2cd83c9a34ea6a", "https://git.kernel.org/stable/c/aff037078ecaecf34a7c2afab1341815f90fba5e", "https://git.kernel.org/stable/c/d124ab17024cc85a1079b7810a018a497ebc13da", "https://lore.kernel.org/linux-cve-announce/2025122433-CVE-2023-54019-95e0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-54019", "https://www.cve.org/CVERecord?id=CVE-2023-54019" ], "PublishedDate": "2025-12-24T11:15:54.903Z", "LastModifiedDate": "2025-12-29T15:58:56.26Z" }, { "VulnerabilityID": "CVE-2023-54023", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-54023", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:942baccbdb69b6ad4c7a3412e26379d26e713a72898496e1ae0d11a74c5a6512", "Title": "kernel: btrfs: fix race between balance and cancel/pause", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix race between balance and cancel/pause\n\nSyzbot reported a panic that looks like this:\n\n assertion failed: fs_info-\u003eexclusive_operation == BTRFS_EXCLOP_BALANCE_PAUSED, in fs/btrfs/ioctl.c:465\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/messages.c:259!\n RIP: 0010:btrfs_assertfail+0x2c/0x30 fs/btrfs/messages.c:259\n Call Trace:\n \u003cTASK\u003e\n btrfs_exclop_balance fs/btrfs/ioctl.c:465 [inline]\n btrfs_ioctl_balance fs/btrfs/ioctl.c:3564 [inline]\n btrfs_ioctl+0x531e/0x5b30 fs/btrfs/ioctl.c:4632\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:870 [inline]\n __se_sys_ioctl fs/ioctl.c:856 [inline]\n __x64_sys_ioctl+0x197/0x210 fs/ioctl.c:856\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe reproducer is running a balance and a cancel or pause in parallel.\nThe way balance finishes is a bit wonky, if we were paused we need to\nsave the balance_ctl in the fs_info, but clear it otherwise and cleanup.\nHowever we rely on the return values being specific errors, or having a\ncancel request or no pause request. If balance completes and returns 0,\nbut we have a pause or cancel request we won't do the appropriate\ncleanup, and then the next time we try to start a balance we'll trip\nthis ASSERT.\n\nThe error handling is just wrong here, we always want to clean up,\nunless we got -ECANCELLED and we set the appropriate pause flag in the\nexclusive op. With this patch the reproducer ran for an hour without\ntripping, previously it would trip in less than a few minutes.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-54023", "https://git.kernel.org/stable/c/72efe5d44821e38540888a5fe3ff3d0faab6acad", "https://git.kernel.org/stable/c/b19c98f237cd76981aaded52c258ce93f7daa8cb", "https://git.kernel.org/stable/c/ddf7e8984c83aee9122552529f4e77291903f8d9", "https://lore.kernel.org/linux-cve-announce/2025122434-CVE-2023-54023-1300@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-54023", "https://www.cve.org/CVERecord?id=CVE-2023-54023" ], "PublishedDate": "2025-12-24T11:15:55.307Z", "LastModifiedDate": "2025-12-29T15:58:56.26Z" }, { "VulnerabilityID": "CVE-2023-54028", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-54028", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ae09e4504fb3389899b488b08561607ea2fa8905b91296cf70c59b2e3609e8b0", "Title": "kernel: Linux kernel: Denial of Service vulnerability in RDMA/rxe component", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix the error \"trying to register non-static key in rxe_cleanup_task\"\n\nIn the function rxe_create_qp(), rxe_qp_from_init() is called to\ninitialize qp, internally things like rxe_init_task are not setup until\nrxe_qp_init_req().\n\nIf an error occurred before this point then the unwind will call\nrxe_cleanup() and eventually to rxe_qp_do_cleanup()/rxe_cleanup_task()\nwhich will oops when trying to access the uninitialized spinlock.\n\nIf rxe_init_task is not executed, rxe_cleanup_task will not be called.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-54028", "https://git.kernel.org/stable/c/0d938264fcfe4927e54f0e519da05af1d5d720b4", "https://git.kernel.org/stable/c/3236221bb8e4de8e3d0c8385f634064fb26b8e38", "https://git.kernel.org/stable/c/b2b1ddc457458fecd1c6f385baa9fbda5f0c63ad", "https://git.kernel.org/stable/c/c8473cd5b301279a41dc75e5afb26b3d5223b6c7", "https://lore.kernel.org/linux-cve-announce/2025122436-CVE-2023-54028-2399@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-54028", "https://www.cve.org/CVERecord?id=CVE-2023-54028" ], "PublishedDate": "2025-12-24T11:15:55.803Z", "LastModifiedDate": "2025-12-29T15:58:56.26Z" }, { "VulnerabilityID": "CVE-2023-54035", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-54035", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:39238e7162141426057576e7d05478f946e3356d525cdd09ba73758e3334ff4a", "Title": "kernel: netfilter: nf_tables: fix underflow in chain reference counter", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fix underflow in chain reference counter\n\nSet element addition error path decrements reference counter on chains\ntwice: once on element release and again via nft_data_release().\n\nThen, d6b478666ffa (\"netfilter: nf_tables: fix underflow in object\nreference counter\") incorrectly fixed this by removing the stateful\nobject reference count decrement.\n\nRestore the stateful object decrement as in b91d90368837 (\"netfilter:\nnf_tables: fix leaking object reference count\") and let\nnft_data_release() decrement the chain reference counter, so this is\ndone only once.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-54035", "https://git.kernel.org/stable/c/9c959671abc7d4ffdf34eed10c64492d43cb6a3c", "https://git.kernel.org/stable/c/b068314fd8ce751a7f906e55bb90f3551815f1a0", "https://git.kernel.org/stable/c/b389139f12f287b8ed2e2628b72df89a081f0b59", "https://lore.kernel.org/linux-cve-announce/2025122438-CVE-2023-54035-76a5@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-54035", "https://www.cve.org/CVERecord?id=CVE-2023-54035" ], "PublishedDate": "2025-12-24T11:15:56.49Z", "LastModifiedDate": "2025-12-29T15:58:56.26Z" }, { "VulnerabilityID": "CVE-2023-54047", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-54047", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:159b4c6ef892dc00a2b8a86ffc0546d8709caa82ccb06537c034ec25875ab0f7", "Title": "kernel: drm/rockchip: dw_hdmi: cleanup drm encoder during unbind", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/rockchip: dw_hdmi: cleanup drm encoder during unbind\n\nThis fixes a use-after-free crash during rmmod.\n\nThe DRM encoder is embedded inside the larger rockchip_hdmi,\nwhich is allocated with the component. The component memory\ngets freed before the main drm device is destroyed. Fix it\nby running encoder cleanup before tearing down its container.\n\n[moved encoder cleanup above clk_disable, similar to bind-error-path]", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-54047", "https://git.kernel.org/stable/c/110d4202522373d629d14597af9bac97eb58bd67", "https://git.kernel.org/stable/c/218fe9b624545f4bcfb16cdb35ac3d60c8b0d8c7", "https://git.kernel.org/stable/c/b5af48eedcb53491c02ded55d5991e03d6da6dbf", "https://lore.kernel.org/linux-cve-announce/2025122423-CVE-2023-54047-42ff@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-54047", "https://www.cve.org/CVERecord?id=CVE-2023-54047" ], "PublishedDate": "2025-12-24T13:16:06.357Z", "LastModifiedDate": "2025-12-29T15:58:34.503Z" }, { "VulnerabilityID": "CVE-2023-54052", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-54052", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ff01e0b4c683ea7c3af2e30788b4cf08511a05a76f18ec78b646ed5cd3f556a6", "Title": "kernel: Linux kernel Wi-Fi driver: Denial of Service due to missing transmit status", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7921: fix skb leak by txs missing in AMSDU\n\ntxs may be dropped if the frame is aggregated in AMSDU. When the problem\nshows up, some SKBs would be hold in driver to cause network stopped\ntemporarily. Even if the problem can be recovered by txs timeout handling,\nmt7921 still need to disable txs in AMSDU to avoid this issue.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-54052", "https://git.kernel.org/stable/c/1cd102aaedb277fbe81dd08cd9f5cae951de2bff", "https://git.kernel.org/stable/c/b642f4c5f3de0a8f47808d32b1ebd9c427a42a66", "https://git.kernel.org/stable/c/bf5d3fad7219b8de7d3a9cb59f0ea5243b018f07", "https://git.kernel.org/stable/c/e74778e91fedc3b2a0143264887bbb32508c5000", "https://lore.kernel.org/linux-cve-announce/2025122425-CVE-2023-54052-302d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-54052", "https://www.cve.org/CVERecord?id=CVE-2023-54052" ], "PublishedDate": "2025-12-24T13:16:06.88Z", "LastModifiedDate": "2025-12-29T15:58:34.503Z" }, { "VulnerabilityID": "CVE-2023-54059", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-54059", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f596d8e5446e1b295aef4830b3bd37d816c823470c7a539f5683ac46c88ac336", "Title": "kernel: soc: mediatek: mtk-svs: Enable the IRQ later", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: mediatek: mtk-svs: Enable the IRQ later\n\nIf the system does not come from reset (like when is booted via\nkexec()), the peripheral might triger an IRQ before the data structures\nare initialised.\n\n\n[ 0.227710] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000f08\n[ 0.227913] Call trace:\n[ 0.227918] svs_isr+0x8c/0x538", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-54059", "https://git.kernel.org/stable/c/66ea96629bbccf1b483be506f3daff754069cdd3", "https://git.kernel.org/stable/c/6b99ebd30d65ee5ab8e8dd1d378550911eff5e4f", "https://git.kernel.org/stable/c/b74952aba6c3f47e7f2c5165abaeefa44c377140", "https://lore.kernel.org/linux-cve-announce/2025122427-CVE-2023-54059-c769@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-54059", "https://www.cve.org/CVERecord?id=CVE-2023-54059" ], "PublishedDate": "2025-12-24T13:16:07.69Z", "LastModifiedDate": "2025-12-29T15:58:34.503Z" }, { "VulnerabilityID": "CVE-2023-54067", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-54067", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3bf002d9432b85ec7da52aa5bc9ccaaf77d9d9761ab1c1e92d9fd4953bdfa6cb", "Title": "kernel: btrfs: fix race when deleting free space root from the dirty cow roots list", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix race when deleting free space root from the dirty cow roots list\n\nWhen deleting the free space tree we are deleting the free space root\nfrom the list fs_info-\u003edirty_cowonly_roots without taking the lock that\nprotects it, which is struct btrfs_fs_info::trans_lock.\nThis unsynchronized list manipulation may cause chaos if there's another\nconcurrent manipulation of this list, such as when adding a root to it\nwith ctree.c:add_root_to_dirty_list().\n\nThis can result in all sorts of weird failures caused by a race, such as\nthe following crash:\n\n [337571.278245] general protection fault, probably for non-canonical address 0xdead000000000108: 0000 [#1] PREEMPT SMP PTI\n [337571.278933] CPU: 1 PID: 115447 Comm: btrfs Tainted: G W 6.4.0-rc6-btrfs-next-134+ #1\n [337571.279153] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n [337571.279572] RIP: 0010:commit_cowonly_roots+0x11f/0x250 [btrfs]\n [337571.279928] Code: 85 38 06 00 (...)\n [337571.280363] RSP: 0018:ffff9f63446efba0 EFLAGS: 00010206\n [337571.280582] RAX: ffff942d98ec2638 RBX: ffff9430b82b4c30 RCX: 0000000449e1c000\n [337571.280798] RDX: dead000000000100 RSI: ffff9430021e4900 RDI: 0000000000036070\n [337571.281015] RBP: ffff942d98ec2000 R08: ffff942d98ec2000 R09: 000000000000015b\n [337571.281254] R10: 0000000000000009 R11: 0000000000000001 R12: ffff942fe8fbf600\n [337571.281476] R13: ffff942dabe23040 R14: ffff942dabe20800 R15: ffff942d92cf3b48\n [337571.281723] FS: 00007f478adb7340(0000) GS:ffff94349fa40000(0000) knlGS:0000000000000000\n [337571.281950] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [337571.282184] CR2: 00007f478ab9a3d5 CR3: 000000001e02c001 CR4: 0000000000370ee0\n [337571.282416] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n [337571.282647] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n [337571.282874] Call Trace:\n [337571.283101] \u003cTASK\u003e\n [337571.283327] ? __die_body+0x1b/0x60\n [337571.283570] ? die_addr+0x39/0x60\n [337571.283796] ? exc_general_protection+0x22e/0x430\n [337571.284022] ? asm_exc_general_protection+0x22/0x30\n [337571.284251] ? commit_cowonly_roots+0x11f/0x250 [btrfs]\n [337571.284531] btrfs_commit_transaction+0x42e/0xf90 [btrfs]\n [337571.284803] ? _raw_spin_unlock+0x15/0x30\n [337571.285031] ? release_extent_buffer+0x103/0x130 [btrfs]\n [337571.285305] reset_balance_state+0x152/0x1b0 [btrfs]\n [337571.285578] btrfs_balance+0xa50/0x11e0 [btrfs]\n [337571.285864] ? __kmem_cache_alloc_node+0x14a/0x410\n [337571.286086] btrfs_ioctl+0x249a/0x3320 [btrfs]\n [337571.286358] ? mod_objcg_state+0xd2/0x360\n [337571.286577] ? refill_obj_stock+0xb0/0x160\n [337571.286798] ? seq_release+0x25/0x30\n [337571.287016] ? __rseq_handle_notify_resume+0x3ba/0x4b0\n [337571.287235] ? percpu_counter_add_batch+0x2e/0xa0\n [337571.287455] ? __x64_sys_ioctl+0x88/0xc0\n [337571.287675] __x64_sys_ioctl+0x88/0xc0\n [337571.287901] do_syscall_64+0x38/0x90\n [337571.288126] entry_SYSCALL_64_after_hwframe+0x72/0xdc\n [337571.288352] RIP: 0033:0x7f478aaffe9b\n\nSo fix this by locking struct btrfs_fs_info::trans_lock before deleting\nthe free space root from that list.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-54067", "https://git.kernel.org/stable/c/6f1c81886b0b56cb88b311e5d2f203625474d892", "https://git.kernel.org/stable/c/8ce9139aea5e60a247bde5af804312f54975f443", "https://git.kernel.org/stable/c/babebf023e661b90b1c78b2baa384fb03a226879", "https://lore.kernel.org/linux-cve-announce/2025122430-CVE-2023-54067-46cb@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-54067", "https://www.cve.org/CVERecord?id=CVE-2023-54067" ], "PublishedDate": "2025-12-24T13:16:08.54Z", "LastModifiedDate": "2025-12-29T15:58:34.503Z" }, { "VulnerabilityID": "CVE-2023-54071", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-54071", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:fb6a8f80a86e775987564fb9ac4c8f5b0ce85816c03128d5996d647084957839", "Title": "kernel: wifi: rtw88: use work to update rate to avoid RCU warning", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: use work to update rate to avoid RCU warning\n\nThe ieee80211_ops::sta_rc_update must be atomic, because\nieee80211_chan_bw_change() holds rcu_read lock while calling\ndrv_sta_rc_update(), so create a work to do original things.\n\n Voluntary context switch within RCU read-side critical section!\n WARNING: CPU: 0 PID: 4621 at kernel/rcu/tree_plugin.h:318\n rcu_note_context_switch+0x571/0x5d0\n CPU: 0 PID: 4621 Comm: kworker/u16:2 Tainted: G W OE\n Workqueue: phy3 ieee80211_chswitch_work [mac80211]\n RIP: 0010:rcu_note_context_switch+0x571/0x5d0\n Call Trace:\n \u003cTASK\u003e\n __schedule+0xb0/0x1460\n ? __mod_timer+0x116/0x360\n schedule+0x5a/0xc0\n schedule_timeout+0x87/0x150\n ? trace_raw_output_tick_stop+0x60/0x60\n wait_for_completion_timeout+0x7b/0x140\n usb_start_wait_urb+0x82/0x160 [usbcore\n usb_control_msg+0xe3/0x140 [usbcore\n rtw_usb_read+0x88/0xe0 [rtw_usb\n rtw_usb_read8+0xf/0x10 [rtw_usb\n rtw_fw_send_h2c_command+0xa0/0x170 [rtw_core\n rtw_fw_send_ra_info+0xc9/0xf0 [rtw_core\n drv_sta_rc_update+0x7c/0x160 [mac80211\n ieee80211_chan_bw_change+0xfb/0x110 [mac80211\n ieee80211_change_chanctx+0x38/0x130 [mac80211\n ieee80211_vif_use_reserved_switch+0x34e/0x900 [mac80211\n ieee80211_link_use_reserved_context+0x88/0xe0 [mac80211\n ieee80211_chswitch_work+0x95/0x170 [mac80211\n process_one_work+0x201/0x410\n worker_thread+0x4a/0x3b0\n ? process_one_work+0x410/0x410\n kthread+0xe1/0x110\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x1f/0x30\n \u003c/TASK\u003e", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-54071", "https://git.kernel.org/stable/c/107677a8f43521e33e4a653e50fdf55ba622a4ce", "https://git.kernel.org/stable/c/bcafcb959a57a6890e900199690c5fc47da1a304", "https://git.kernel.org/stable/c/dd3af22323e79a2ffabed366db20aab83716fe6f", "https://lore.kernel.org/linux-cve-announce/2025122431-CVE-2023-54071-b4c6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-54071", "https://www.cve.org/CVERecord?id=CVE-2023-54071" ], "PublishedDate": "2025-12-24T13:16:08.95Z", "LastModifiedDate": "2025-12-29T15:58:34.503Z" }, { "VulnerabilityID": "CVE-2023-54081", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-54081", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1624cf2d5b1f8b482cc01ec0ac81a8040b14313dc3a40877f79bfc31cf2d11b6", "Title": "kernel: Linux kernel: Denial of Service in Xen grant table reclaim via memory leak", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen: speed up grant-table reclaim\n\nWhen a grant entry is still in use by the remote domain, Linux must put\nit on a deferred list. Normally, this list is very short, because\nthe PV network and block protocols expect the backend to unmap the grant\nfirst. However, Qubes OS's GUI protocol is subject to the constraints\nof the X Window System, and as such winds up with the frontend unmapping\nthe window first. As a result, the list can grow very large, resulting\nin a massive memory leak and eventual VM freeze.\n\nTo partially solve this problem, make the number of entries that the VM\nwill attempt to free at each iteration tunable. The default is still\n10, but it can be overridden via a module parameter.\n\nThis is Cc: stable because (when combined with appropriate userspace\nchanges) it fixes a severe performance and stability problem for Qubes\nOS users.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-54081", "https://git.kernel.org/stable/c/c04e9894846c663f3278a414f34416e6e45bbe68", "https://git.kernel.org/stable/c/c76d96c555895ac602c1587b001e5cf656abc371", "https://git.kernel.org/stable/c/cd1a8952ff529adc210e62306849fd6f256608c0", "https://lore.kernel.org/linux-cve-announce/2025122403-CVE-2023-54081-3fc3@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-54081", "https://www.cve.org/CVERecord?id=CVE-2023-54081" ], "PublishedDate": "2025-12-24T13:16:09.95Z", "LastModifiedDate": "2025-12-29T15:58:34.503Z" }, { "VulnerabilityID": "CVE-2023-54088", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-54088", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e0bfada30ed8641ad505d2fde2f4e73db8af0297db820cc81406f93ffb5360dd", "Title": "kernel: blk-cgroup: hold queue_lock when removing blkg-\u003eq_node", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-cgroup: hold queue_lock when removing blkg-\u003eq_node\n\nWhen blkg is removed from q-\u003eblkg_list from blkg_free_workfn(), queue_lock\nhas to be held, otherwise, all kinds of bugs(list corruption, hard lockup,\n..) can be triggered from blkg_destroy_all().", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-54088", "https://git.kernel.org/stable/c/083b58373463a6e5ee60ecb135269348f68ad7df", "https://git.kernel.org/stable/c/b5dae1cd0d8368b4338430ff93403df67f0b8bcc", "https://git.kernel.org/stable/c/c164c7bc9775be7bcc68754bb3431fce5823822e", "https://git.kernel.org/stable/c/cd4ffdf56791eec95af01f06bee1ec7665ca75c4", "https://lore.kernel.org/linux-cve-announce/2025122406-CVE-2023-54088-f00f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-54088", "https://www.cve.org/CVERecord?id=CVE-2023-54088" ], "PublishedDate": "2025-12-24T13:16:10.667Z", "LastModifiedDate": "2025-12-29T15:58:34.503Z" }, { "VulnerabilityID": "CVE-2023-54105", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-54105", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:46bdb669bed25c518842736553c5cb37cca36c4051c5355bb21af16d338ad77b", "Title": "kernel: can: isotp: check CAN address family in isotp_bind()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: isotp: check CAN address family in isotp_bind()\n\nAdd missing check to block non-AF_CAN binds.\n\nSyzbot created some code which matched the right sockaddr struct size\nbut used AF_XDP (0x2C) instead of AF_CAN (0x1D) in the address family\nfield:\n\nbind$xdp(r2, \u0026(0x7f0000000540)={0x2c, 0x0, r4, 0x0, r2}, 0x10)\n ^^^^\nThis has no funtional impact but the userspace should be notified about\nthe wrong address family field content.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 1, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-54105", "https://git.kernel.org/stable/c/2fc6f337257f4f7c21ecff429241f7acaa6df4e8", "https://git.kernel.org/stable/c/9427584c2f153d0677ef3bad6f44028c60d728c4", "https://git.kernel.org/stable/c/c6adf659a8ba85913e16a571d5a9bcd17d3d1234", "https://git.kernel.org/stable/c/dd4faace51e41a82a8c0770ee0cc26088f9d9d06", "https://git.kernel.org/stable/c/de3c02383aa678f6799402ac47fdd89cf4bfcaa9", "https://lore.kernel.org/linux-cve-announce/2025122411-CVE-2023-54105-fbe5@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-54105", "https://www.cve.org/CVERecord?id=CVE-2023-54105" ], "PublishedDate": "2025-12-24T13:16:12.393Z", "LastModifiedDate": "2025-12-29T15:58:34.503Z" }, { "VulnerabilityID": "CVE-2023-54107", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-54107", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b73ff6961b4672031950eb048292b5fbd4455b4310816d896d767a629b9250b0", "Title": "kernel: Linux kernel blk-cgroup: Use-after-free vulnerability leading to denial of service", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-cgroup: dropping parent refcount after pd_free_fn() is done\n\nSome cgroup policies will access parent pd through child pd even\nafter pd_offline_fn() is done. If pd_free_fn() for parent is called\nbefore child, then UAF can be triggered. Hence it's better to guarantee\nthe order of pd_free_fn().\n\nCurrently refcount of parent blkg is dropped in __blkg_release(), which\nis before pd_free_fn() is called in blkg_free_work_fn() while\nblkg_free_work_fn() is called asynchronously.\n\nThis patch make sure pd_free_fn() called from removing cgroup is ordered\nby delaying dropping parent refcount after calling pd_free_fn() for\nchild.\n\nBTW, pd_free_fn() will also be called from blkcg_deactivate_policy()\nfrom deleting device, and following patches will guarantee the order.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-54107", "https://git.kernel.org/stable/c/c7241babf0855d8a6180cd1743ff0ec34de40b4e", "https://lore.kernel.org/linux-cve-announce/2025122412-CVE-2023-54107-12ef@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-54107", "https://www.cve.org/CVERecord?id=CVE-2023-54107" ], "PublishedDate": "2025-12-24T13:16:12.593Z", "LastModifiedDate": "2025-12-29T15:58:34.503Z" }, { "VulnerabilityID": "CVE-2023-54121", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-54121", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b321ac81d2e1f51ee3a69017d5e0aca4b8245bfc049ad8ae83dacb0b7e70d2af", "Title": "kernel: btrfs: fix incorrect splitting in btrfs_drop_extent_map_range", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix incorrect splitting in btrfs_drop_extent_map_range\n\nIn production we were seeing a variety of WARN_ON()'s in the extent_map\ncode, specifically in btrfs_drop_extent_map_range() when we have to call\nadd_extent_mapping() for our second split.\n\nConsider the following extent map layout\n\n\tPINNED\n\t[0 16K) [32K, 48K)\n\nand then we call btrfs_drop_extent_map_range for [0, 36K), with\nskip_pinned == true. The initial loop will have\n\n\tstart = 0\n\tend = 36K\n\tlen = 36K\n\nwe will find the [0, 16k) extent, but since we are pinned we will skip\nit, which has this code\n\n\tstart = em_end;\n\tif (end != (u64)-1)\n\t\tlen = start + len - em_end;\n\nem_end here is 16K, so now the values are\n\n\tstart = 16K\n\tlen = 16K + 36K - 16K = 36K\n\nlen should instead be 20K. This is a problem when we find the next\nextent at [32K, 48K), we need to split this extent to leave [36K, 48k),\nhowever the code for the split looks like this\n\n\tsplit-\u003estart = start + len;\n\tsplit-\u003elen = em_end - (start + len);\n\nIn this case we have\n\n\tem_end = 48K\n\tsplit-\u003estart = 16K + 36K // this should be 16K + 20K\n\tsplit-\u003elen = 48K - (16K + 36K) // this overflows as 16K + 36K is 52K\n\nand now we have an invalid extent_map in the tree that potentially\noverlaps other entries in the extent map. Even in the non-overlapping\ncase we will have split-\u003estart set improperly, which will cause problems\nwith any block related calculations.\n\nWe don't actually need len in this loop, we can simply use end as our\nend point, and only adjust start up when we find a pinned extent we need\nto skip.\n\nAdjust the logic to do this, which keeps us from inserting an invalid\nextent map.\n\nWe only skip_pinned in the relocation case, so this is relatively rare,\nexcept in the case where you are running relocation a lot, which can\nhappen with auto relocation on.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-54121", "https://git.kernel.org/stable/c/9f68e2105dd96cf0fafffffafb2337fbd0fbae1f", "https://git.kernel.org/stable/c/b43a4c99d878cf5e59040e45c96bb0a8358bfb3b", "https://git.kernel.org/stable/c/c962098ca4af146f2625ed64399926a098752c9c", "https://lore.kernel.org/linux-cve-announce/2025122416-CVE-2023-54121-691a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-54121", "https://www.cve.org/CVERecord?id=CVE-2023-54121" ], "PublishedDate": "2025-12-24T13:16:14.043Z", "LastModifiedDate": "2025-12-29T15:58:34.503Z" }, { "VulnerabilityID": "CVE-2023-54125", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-54125", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8f5d0c2fc85381772f5864583b07da7874be2d25405d39eeb83810324af689bc", "Title": "kernel: fs/ntfs3: Return error for inconsistent extended attributes", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Return error for inconsistent extended attributes\n\nntfs_read_ea is called when we want to read extended attributes. There\nare some sanity checks for the validity of the EAs. However, it fails to\nreturn a proper error code for the inconsistent attributes, which might\nlead to unpredicted memory accesses after return.\n\n[ 138.916927] BUG: KASAN: use-after-free in ntfs_set_ea+0x453/0xbf0\n[ 138.923876] Write of size 4 at addr ffff88800205cfac by task poc/199\n[ 138.931132]\n[ 138.933016] CPU: 0 PID: 199 Comm: poc Not tainted 6.2.0-rc1+ #4\n[ 138.938070] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\n[ 138.947327] Call Trace:\n[ 138.949557] \u003cTASK\u003e\n[ 138.951539] dump_stack_lvl+0x4d/0x67\n[ 138.956834] print_report+0x16f/0x4a6\n[ 138.960798] ? ntfs_set_ea+0x453/0xbf0\n[ 138.964437] ? kasan_complete_mode_report_info+0x7d/0x200\n[ 138.969793] ? ntfs_set_ea+0x453/0xbf0\n[ 138.973523] kasan_report+0xb8/0x140\n[ 138.976740] ? ntfs_set_ea+0x453/0xbf0\n[ 138.980578] __asan_store4+0x76/0xa0\n[ 138.984669] ntfs_set_ea+0x453/0xbf0\n[ 138.988115] ? __pfx_ntfs_set_ea+0x10/0x10\n[ 138.993390] ? kernel_text_address+0xd3/0xe0\n[ 138.998270] ? __kernel_text_address+0x16/0x50\n[ 139.002121] ? unwind_get_return_address+0x3e/0x60\n[ 139.005659] ? __pfx_stack_trace_consume_entry+0x10/0x10\n[ 139.010177] ? arch_stack_walk+0xa2/0x100\n[ 139.013657] ? filter_irq_stacks+0x27/0x80\n[ 139.017018] ntfs_setxattr+0x405/0x440\n[ 139.022151] ? __pfx_ntfs_setxattr+0x10/0x10\n[ 139.026569] ? kvmalloc_node+0x2d/0x120\n[ 139.030329] ? kasan_save_stack+0x41/0x60\n[ 139.033883] ? kasan_save_stack+0x2a/0x60\n[ 139.037338] ? kasan_set_track+0x29/0x40\n[ 139.040163] ? kasan_save_alloc_info+0x1f/0x30\n[ 139.043588] ? __kasan_kmalloc+0x8b/0xa0\n[ 139.047255] ? __kmalloc_node+0x68/0x150\n[ 139.051264] ? kvmalloc_node+0x2d/0x120\n[ 139.055301] ? vmemdup_user+0x2b/0xa0\n[ 139.058584] __vfs_setxattr+0x121/0x170\n[ 139.062617] ? __pfx___vfs_setxattr+0x10/0x10\n[ 139.066282] __vfs_setxattr_noperm+0x97/0x300\n[ 139.070061] __vfs_setxattr_locked+0x145/0x170\n[ 139.073580] vfs_setxattr+0x137/0x2a0\n[ 139.076641] ? __pfx_vfs_setxattr+0x10/0x10\n[ 139.080223] ? __kasan_check_write+0x18/0x20\n[ 139.084234] do_setxattr+0xce/0x150\n[ 139.087768] setxattr+0x126/0x140\n[ 139.091250] ? __pfx_setxattr+0x10/0x10\n[ 139.094948] ? __virt_addr_valid+0xcb/0x140\n[ 139.097838] ? __call_rcu_common.constprop.0+0x1c7/0x330\n[ 139.102688] ? debug_smp_processor_id+0x1b/0x30\n[ 139.105985] ? kasan_quarantine_put+0x5b/0x190\n[ 139.109980] ? putname+0x84/0xa0\n[ 139.113886] ? __kasan_slab_free+0x11e/0x1b0\n[ 139.117961] ? putname+0x84/0xa0\n[ 139.121316] ? preempt_count_sub+0x1c/0xd0\n[ 139.124427] ? __mnt_want_write+0xae/0x100\n[ 139.127836] ? mnt_want_write+0x8f/0x150\n[ 139.130954] path_setxattr+0x164/0x180\n[ 139.133998] ? __pfx_path_setxattr+0x10/0x10\n[ 139.137853] ? __pfx_ksys_pwrite64+0x10/0x10\n[ 139.141299] ? debug_smp_processor_id+0x1b/0x30\n[ 139.145714] ? fpregs_assert_state_consistent+0x6b/0x80\n[ 139.150796] __x64_sys_setxattr+0x71/0x90\n[ 139.155407] do_syscall_64+0x3f/0x90\n[ 139.159035] entry_SYSCALL_64_after_hwframe+0x72/0xdc\n[ 139.163843] RIP: 0033:0x7f108cae4469\n[ 139.166481] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 088\n[ 139.183764] RSP: 002b:00007fff87588388 EFLAGS: 00000286 ORIG_RAX: 00000000000000bc\n[ 139.190657] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f108cae4469\n[ 139.196586] RDX: 00007fff875883b0 RSI: 00007fff875883d1 RDI: 00007fff875883b6\n[ 139.201716] RBP: 00007fff8758c530 R08: 0000000000000001 R09: 00007fff8758c618\n[ 139.207940] R10: 0000000000000006 R11: 0000000000000286 R12: 00000000004004c0\n[ 139.214007] R13: 00007fff8758c610 R14: 0000000000000000 R15\n---truncated---", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-54125", "https://git.kernel.org/stable/c/1474098b590a426d90f27bb992f17c326e0b60c1", "https://git.kernel.org/stable/c/c9db0ff04649aa0b45f497183c957fe260f229f6", "https://lore.kernel.org/linux-cve-announce/2025122418-CVE-2023-54125-2085@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-54125", "https://www.cve.org/CVERecord?id=CVE-2023-54125" ], "PublishedDate": "2025-12-24T13:16:14.473Z", "LastModifiedDate": "2025-12-29T15:58:34.503Z" }, { "VulnerabilityID": "CVE-2023-54129", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-54129", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f9336188efb3211a3ffe68bf8b22025afcbc2c3f293289abe837df5d6c036196", "Title": "kernel: octeontx2-af: Add validation for lmac type", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-af: Add validation for lmac type\n\nUpon physical link change, firmware reports to the kernel about the\nchange along with the details like speed, lmac_type_id, etc.\nKernel derives lmac_type based on lmac_type_id received from firmware.\n\nIn a few scenarios, firmware returns an invalid lmac_type_id, which\nis resulting in below kernel panic. This patch adds the missing\nvalidation of the lmac_type_id field.\n\nInternal error: Oops: 96000005 [#1] PREEMPT SMP\n[ 35.321595] Modules linked in:\n[ 35.328982] CPU: 0 PID: 31 Comm: kworker/0:1 Not tainted\n5.4.210-g2e3169d8e1bc-dirty #17\n[ 35.337014] Hardware name: Marvell CN103XX board (DT)\n[ 35.344297] Workqueue: events work_for_cpu_fn\n[ 35.352730] pstate: 40400089 (nZcv daIf +PAN -UAO)\n[ 35.360267] pc : strncpy+0x10/0x30\n[ 35.366595] lr : cgx_link_change_handler+0x90/0x180", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-54129", "https://git.kernel.org/stable/c/5c0268b141ad612b6fca13d3a66cfda111716dbb", "https://git.kernel.org/stable/c/83a7f27c5b94e43f29f8216a32790751139aa61e", "https://git.kernel.org/stable/c/afd7660c766c4d317feae004e5cd829390bbc4b0", "https://git.kernel.org/stable/c/cb5edce271764524b88b1a6866b3e626686d9a33", "https://lore.kernel.org/linux-cve-announce/2025122419-CVE-2023-54129-8cb3@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-54129", "https://www.cve.org/CVERecord?id=CVE-2023-54129" ], "PublishedDate": "2025-12-24T13:16:14.887Z", "LastModifiedDate": "2025-12-29T15:58:34.503Z" }, { "VulnerabilityID": "CVE-2023-54145", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-54145", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:45bfdff3ae121c8e835be52cba5fb8f8f4d37ca8d1c59bde9bfa80e7dec109b9", "Title": "kernel: Linux kernel: BPF verifier log truncation via crafted user input", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: drop unnecessary user-triggerable WARN_ONCE in verifierl log\n\nIt's trivial for user to trigger \"verifier log line truncated\" warning,\nas verifier has a fixed-sized buffer of 1024 bytes (as of now), and there are at\nleast two pieces of user-provided information that can be output through\nthis buffer, and both can be arbitrarily sized by user:\n - BTF names;\n - BTF.ext source code lines strings.\n\nVerifier log buffer should be properly sized for typical verifier state\noutput. But it's sort-of expected that this buffer won't be long enough\nin some circumstances. So let's drop the check. In any case code will\nwork correctly, at worst truncating a part of a single line output.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "photon": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-54145", "https://git.kernel.org/stable/c/40c88c429a598006f91ad7a2b89856cd50b3a008", "https://git.kernel.org/stable/c/926a175026fed5d534f587ea4ec3ec49265cd3c5", "https://git.kernel.org/stable/c/cff36398bd4c7d322d424433db437f3c3391c491", "https://lore.kernel.org/linux-cve-announce/2025122424-CVE-2023-54145-421d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-54145", "https://www.cve.org/CVERecord?id=CVE-2023-54145" ], "PublishedDate": "2025-12-24T13:16:16.51Z", "LastModifiedDate": "2025-12-29T15:58:13.147Z" }, { "VulnerabilityID": "CVE-2023-54149", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-54149", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ce43a3c429f4a9d819be79455184bb54f4d6b0b7178ab27026a6a8d975a03fd9", "Title": "kernel: net: dsa: avoid suspicious RCU usage for synced VLAN-aware MAC addresses", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: avoid suspicious RCU usage for synced VLAN-aware MAC addresses\n\nWhen using the felix driver (the only one which supports UC filtering\nand MC filtering) as a DSA master for a random other DSA switch, one can\nsee the following stack trace when the downstream switch ports join a\nVLAN-aware bridge:\n\n=============================\nWARNING: suspicious RCU usage\n-----------------------------\nnet/8021q/vlan_core.c:238 suspicious rcu_dereference_protected() usage!\n\nstack backtrace:\nWorkqueue: dsa_ordered dsa_slave_switchdev_event_work\nCall trace:\n lockdep_rcu_suspicious+0x170/0x210\n vlan_for_each+0x8c/0x188\n dsa_slave_sync_uc+0x128/0x178\n __hw_addr_sync_dev+0x138/0x158\n dsa_slave_set_rx_mode+0x58/0x70\n __dev_set_rx_mode+0x88/0xa8\n dev_uc_add+0x74/0xa0\n dsa_port_bridge_host_fdb_add+0xec/0x180\n dsa_slave_switchdev_event_work+0x7c/0x1c8\n process_one_work+0x290/0x568\n\nWhat it's saying is that vlan_for_each() expects rtnl_lock() context and\nit's not getting it, when it's called from the DSA master's ndo_set_rx_mode().\n\nThe caller of that - dsa_slave_set_rx_mode() - is the slave DSA\ninterface's dsa_port_bridge_host_fdb_add() which comes from the deferred\ndsa_slave_switchdev_event_work().\n\nWe went to great lengths to avoid the rtnl_lock() context in that call\npath in commit 0faf890fc519 (\"net: dsa: drop rtnl_lock from\ndsa_slave_switchdev_event_work\"), and calling rtnl_lock() is simply not\nan option due to the possibility of deadlocking when calling\ndsa_flush_workqueue() from the call paths that do hold rtnl_lock() -\nbasically all of them.\n\nSo, when the DSA master calls vlan_for_each() from its ndo_set_rx_mode(),\nthe state of the 8021q driver on this device is really not protected\nfrom concurrent access by anything.\n\nLooking at net/8021q/, I don't think that vlan_info-\u003evid_list was\nparticularly designed with RCU traversal in mind, so introducing an RCU\nread-side form of vlan_for_each() - vlan_for_each_rcu() - won't be so\neasy, and it also wouldn't be exactly what we need anyway.\n\nIn general I believe that the solution isn't in net/8021q/ anyway;\nvlan_for_each() is not cut out for this task. DSA doesn't need rtnl_lock()\nto be held per se - since it's not a netdev state change that we're\nblocking, but rather, just concurrent additions/removals to a VLAN list.\nWe don't even need sleepable context - the callback of vlan_for_each()\njust schedules deferred work.\n\nThe proposed escape is to remove the dependency on vlan_for_each() and\nto open-code a non-sleepable, rtnl-free alternative to that, based on\ncopies of the VLAN list modified from .ndo_vlan_rx_add_vid() and\n.ndo_vlan_rx_kill_vid().", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-54149", "https://git.kernel.org/stable/c/3948c69b3837fec2ee5a90fbc911c343199be0ac", "https://git.kernel.org/stable/c/3f9e79f31e51b7d5bf95c617540deb6cf2816a3f", "https://git.kernel.org/stable/c/d06f925f13976ab82167c93467c70a337a0a3cda", "https://lore.kernel.org/linux-cve-announce/2025122426-CVE-2023-54149-e39f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-54149", "https://www.cve.org/CVERecord?id=CVE-2023-54149" ], "PublishedDate": "2025-12-24T13:16:16.91Z", "LastModifiedDate": "2025-12-29T15:58:13.147Z" }, { "VulnerabilityID": "CVE-2023-54151", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-54151", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d10274d8fa788b5263507f84fceea967f06e7d137913557741e1362e138477e1", "Title": "kernel: f2fs: Fix system crash due to lack of free space in LFS", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: Fix system crash due to lack of free space in LFS\n\nWhen f2fs tries to checkpoint during foreground gc in LFS mode, system\ncrash occurs due to lack of free space if the amount of dirty node and\ndentry pages generated by data migration exceeds free space.\nThe reproduction sequence is as follows.\n\n - 20GiB capacity block device (null_blk)\n - format and mount with LFS mode\n - create a file and write 20,000MiB\n - 4k random write on full range of the file\n\n RIP: 0010:new_curseg+0x48a/0x510 [f2fs]\n Code: 55 e7 f5 89 c0 48 0f af c3 48 8b 5d c0 48 c1 e8 20 83 c0 01 89 43 6c 48 83 c4 28 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc \u003c0f\u003e 0b f0 41 80 4f 48 04 45 85 f6 0f 84 ba fd ff ff e9 ef fe ff ff\n RSP: 0018:ffff977bc397b218 EFLAGS: 00010246\n RAX: 00000000000027b9 RBX: 0000000000000000 RCX: 00000000000027c0\n RDX: 0000000000000000 RSI: 00000000000027b9 RDI: ffff8c25ab4e74f8\n RBP: ffff977bc397b268 R08: 00000000000027b9 R09: ffff8c29e4a34b40\n R10: 0000000000000001 R11: ffff977bc397b0d8 R12: 0000000000000000\n R13: ffff8c25b4dd81a0 R14: 0000000000000000 R15: ffff8c2f667f9000\n FS: 0000000000000000(0000) GS:ffff8c344ec80000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000c00055d000 CR3: 0000000e30810003 CR4: 00000000003706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n allocate_segment_by_default+0x9c/0x110 [f2fs]\n f2fs_allocate_data_block+0x243/0xa30 [f2fs]\n ? __mod_lruvec_page_state+0xa0/0x150\n do_write_page+0x80/0x160 [f2fs]\n f2fs_do_write_node_page+0x32/0x50 [f2fs]\n __write_node_page+0x339/0x730 [f2fs]\n f2fs_sync_node_pages+0x5a6/0x780 [f2fs]\n block_operations+0x257/0x340 [f2fs]\n f2fs_write_checkpoint+0x102/0x1050 [f2fs]\n f2fs_gc+0x27c/0x630 [f2fs]\n ? folio_mark_dirty+0x36/0x70\n f2fs_balance_fs+0x16f/0x180 [f2fs]\n\nThis patch adds checking whether free sections are enough before checkpoint\nduring gc.\n\n[Jaegeuk Kim: code clean-up]", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-54151", "https://git.kernel.org/stable/c/ce71c61d661cfac3f097af928995abfcebd2b8c5", "https://git.kernel.org/stable/c/d11cef14f8146f3babd286c2cc8ca09c166295e2", "https://git.kernel.org/stable/c/f4631d295ae3fff9e240ab78dc17f4b83d14f7bc", "https://lore.kernel.org/linux-cve-announce/2025122426-CVE-2023-54151-854b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-54151", "https://www.cve.org/CVERecord?id=CVE-2023-54151" ], "PublishedDate": "2025-12-24T13:16:17.113Z", "LastModifiedDate": "2025-12-29T15:58:13.147Z" }, { "VulnerabilityID": "CVE-2023-54172", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-54172", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0d86f97a0091b7a6bd245e121b3701d64c5d9681041a4d6518c32f7cf9fdeca4", "Title": "kernel: x86/hyperv: Disable IBT when hypercall page lacks ENDBR instruction", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/hyperv: Disable IBT when hypercall page lacks ENDBR instruction\n\nOn hardware that supports Indirect Branch Tracking (IBT), Hyper-V VMs\nwith ConfigVersion 9.3 or later support IBT in the guest. However,\ncurrent versions of Hyper-V have a bug in that there's not an ENDBR64\ninstruction at the beginning of the hypercall page. Since hypercalls are\nmade with an indirect call to the hypercall page, all hypercall attempts\nfail with an exception and Linux panics.\n\nA Hyper-V fix is in progress to add ENDBR64. But guard against the Linux\npanic by clearing X86_FEATURE_IBT if the hypercall page doesn't start\nwith ENDBR. The VM will boot and run without IBT.\n\nIf future Linux 32-bit kernels were to support IBT, additional hypercall\npage hackery would be needed to make IBT work for such kernels in a\nHyper-V VM.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-54172", "https://git.kernel.org/linus/d5ace2a776442d80674eff9ed42e737f7dd95056 (6.5-rc5)", "https://git.kernel.org/stable/c/73626b70b361ddda7c380e52c236aa4f2487c402", "https://git.kernel.org/stable/c/98cccbd0a19a161971bc7f7feb10577adc62c400", "https://git.kernel.org/stable/c/d5ace2a776442d80674eff9ed42e737f7dd95056", "https://lore.kernel.org/linux-cve-announce/2025123021-CVE-2023-54172-bcdc@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-54172", "https://www.cve.org/CVERecord?id=CVE-2023-54172" ], "PublishedDate": "2025-12-30T13:16:05.05Z", "LastModifiedDate": "2025-12-31T20:43:05.16Z" }, { "VulnerabilityID": "CVE-2023-54180", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-54180", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6391b4dacab75abd60cbf656b02c7423d78a04c30b9ebf679da224273c89e668", "Title": "kernel: btrfs: handle case when repair happens with dev-replace", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: handle case when repair happens with dev-replace\n\n[BUG]\nThere is a bug report that a BUG_ON() in btrfs_repair_io_failure()\n(originally repair_io_failure() in v6.0 kernel) got triggered when\nreplacing a unreliable disk:\n\n BTRFS warning (device sda1): csum failed root 257 ino 2397453 off 39624704 csum 0xb0d18c75 expected csum 0x4dae9c5e mirror 3\n kernel BUG at fs/btrfs/extent_io.c:2380!\n invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 9 PID: 3614331 Comm: kworker/u257:2 Tainted: G OE 6.0.0-5-amd64 #1 Debian 6.0.10-2\n Hardware name: Micro-Star International Co., Ltd. MS-7C60/TRX40 PRO WIFI (MS-7C60), BIOS 2.70 07/01/2021\n Workqueue: btrfs-endio btrfs_end_bio_work [btrfs]\n RIP: 0010:repair_io_failure+0x24a/0x260 [btrfs]\n Call Trace:\n \u003cTASK\u003e\n clean_io_failure+0x14d/0x180 [btrfs]\n end_bio_extent_readpage+0x412/0x6e0 [btrfs]\n ? __switch_to+0x106/0x420\n process_one_work+0x1c7/0x380\n worker_thread+0x4d/0x380\n ? rescuer_thread+0x3a0/0x3a0\n kthread+0xe9/0x110\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x22/0x30\n\n[CAUSE]\n\nBefore the BUG_ON(), we got some read errors from the replace target\nfirst, note the mirror number (3, which is beyond RAID1 duplication,\nthus it's read from the replace target device).\n\nThen at the BUG_ON() location, we are trying to writeback the repaired\nsectors back the failed device.\n\nThe check looks like this:\n\n\t\tret = btrfs_map_block(fs_info, BTRFS_MAP_WRITE, logical,\n\t\t\t\t \u0026map_length, \u0026bioc, mirror_num);\n\t\tif (ret)\n\t\t\tgoto out_counter_dec;\n\t\tBUG_ON(mirror_num != bioc-\u003emirror_num);\n\nBut inside btrfs_map_block(), we can modify bioc-\u003emirror_num especially\nfor dev-replace:\n\n\tif (dev_replace_is_ongoing \u0026\u0026 mirror_num == map-\u003enum_stripes + 1 \u0026\u0026\n\t !need_full_stripe(op) \u0026\u0026 dev_replace-\u003etgtdev != NULL) {\n\t\tret = get_extra_mirror_from_replace(fs_info, logical, *length,\n\t\t\t\t\t\t dev_replace-\u003esrcdev-\u003edevid,\n\t\t\t\t\t\t \u0026mirror_num,\n\t\t\t\t\t \u0026physical_to_patch_in_first_stripe);\n\t\tpatch_the_first_stripe_for_dev_replace = 1;\n\t}\n\nThus if we're repairing the replace target device, we're going to\ntrigger that BUG_ON().\n\nBut in reality, the read failure from the replace target device may be\nthat, our replace hasn't reached the range we're reading, thus we're\nreading garbage, but with replace running, the range would be properly\nfilled later.\n\nThus in that case, we don't need to do anything but let the replace\nroutine to handle it.\n\n[FIX]\nInstead of a BUG_ON(), just skip the repair if we're repairing the\ndevice replace target device.", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-54180", "https://git.kernel.org/linus/d73a27b86fc722c28a26ec64002e3a7dc86d1c07 (6.2-rc3)", "https://git.kernel.org/stable/c/53e9d6851b56626885476a2966194ba994f8bb4b", "https://git.kernel.org/stable/c/a7018b40b49c37fb55736499f790ec0d2b381ae4", "https://git.kernel.org/stable/c/d73a27b86fc722c28a26ec64002e3a7dc86d1c07", "https://lore.kernel.org/linux-cve-announce/2025123024-CVE-2023-54180-8b91@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-54180", "https://www.cve.org/CVERecord?id=CVE-2023-54180" ], "PublishedDate": "2025-12-30T13:16:05.933Z", "LastModifiedDate": "2025-12-31T20:43:05.16Z" }, { "VulnerabilityID": "CVE-2023-54181", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-54181", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0dc0724d6ecad78bf235b8c452499c4bd05fa803dc49c139e2ba4cbfb045e10d", "Title": "kernel: bpf: Fix issue in verifying allow_ptr_leaks", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix issue in verifying allow_ptr_leaks\n\nAfter we converted the capabilities of our networking-bpf program from\ncap_sys_admin to cap_net_admin+cap_bpf, our networking-bpf program\nfailed to start. Because it failed the bpf verifier, and the error log\nis \"R3 pointer comparison prohibited\".\n\nA simple reproducer as follows,\n\nSEC(\"cls-ingress\")\nint ingress(struct __sk_buff *skb)\n{\n\tstruct iphdr *iph = (void *)(long)skb-\u003edata + sizeof(struct ethhdr);\n\n\tif ((long)(iph + 1) \u003e (long)skb-\u003edata_end)\n\t\treturn TC_ACT_STOLEN;\n\treturn TC_ACT_OK;\n}\n\nPer discussion with Yonghong and Alexei [1], comparison of two packet\npointers is not a pointer leak. This patch fixes it.\n\nOur local kernel is 6.1.y and we expect this fix to be backported to\n6.1.y, so stable is CCed.\n\n[1]. https://lore.kernel.org/bpf/CAADnVQ+Nmspr7Si+pxWn8zkE7hX-7s93ugwC+94aXSy4uQ9vBg@mail.gmail.com/", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-54181", "https://git.kernel.org/linus/d75e30dddf73449bc2d10bb8e2f1a2c446bc67a2 (6.6-rc1)", "https://git.kernel.org/stable/c/5927f0172d2809d8fc09c1ba667280b0387e9f73", "https://git.kernel.org/stable/c/acfdc8b77016c8e648aadc283177546c88083dd3", "https://git.kernel.org/stable/c/c96c67991aac6401b4c6996093bccb704bb2ea4b", "https://git.kernel.org/stable/c/d75e30dddf73449bc2d10bb8e2f1a2c446bc67a2", "https://lore.kernel.org/linux-cve-announce/2025123024-CVE-2023-54181-ef94@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-54181", "https://www.cve.org/CVERecord?id=CVE-2023-54181" ], "PublishedDate": "2025-12-30T13:16:06.037Z", "LastModifiedDate": "2025-12-31T20:43:05.16Z" }, { "VulnerabilityID": "CVE-2023-54185", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-54185", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:992136e08b74a6ea1fbed7b08de241659a112792b8ff0d3e4908d667bfecd100", "Title": "kernel: btrfs: remove BUG_ON()'s in add_new_free_space()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: remove BUG_ON()'s in add_new_free_space()\n\nAt add_new_free_space() we have these BUG_ON()'s that are there to deal\nwith any failure to add free space to the in memory free space cache.\nSuch failures are mostly -ENOMEM that should be very rare. However there's\nno need to have these BUG_ON()'s, we can just return any error to the\ncaller and all callers and their upper call chain are already dealing with\nerrors.\n\nSo just make add_new_free_space() return any errors, while removing the\nBUG_ON()'s, and returning the total amount of added free space to an\noptional u64 pointer argument.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-54185", "https://git.kernel.org/linus/d8ccbd21918fd7fa6ce3226cffc22c444228e8ad (6.5-rc4)", "https://git.kernel.org/stable/c/23e72231f8281505883514b23709076e234d4f27", "https://git.kernel.org/stable/c/d8ccbd21918fd7fa6ce3226cffc22c444228e8ad", "https://git.kernel.org/stable/c/f775ceb0cb530e4a469b718fb2a24843071087f5", "https://lore.kernel.org/linux-cve-announce/2025123025-CVE-2023-54185-3c5c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-54185", "https://www.cve.org/CVERecord?id=CVE-2023-54185" ], "PublishedDate": "2025-12-30T13:16:06.463Z", "LastModifiedDate": "2025-12-31T20:43:05.16Z" }, { "VulnerabilityID": "CVE-2023-54187", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-54187", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:22589731b5ae14bb6c5a07e572daf1ed8eedf16de9a88cf654966b10208ead64", "Title": "kernel: f2fs: fix potential corruption when moving a directory", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix potential corruption when moving a directory\n\nF2FS has the same issue in ext4_rename causing crash revealed by\nxfstests/generic/707.\n\nSee also commit 0813299c586b (\"ext4: Fix possible corruption when moving a directory\")", "Severity": "MEDIUM", "VendorSeverity": { "photon": 2, "redhat": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-54187", "https://git.kernel.org/linus/d94772154e524b329a168678836745d2773a6e02 (6.4-rc1)", "https://git.kernel.org/stable/c/0a76082a4a32a90d1ef33dee8b400efc082b4b6f", "https://git.kernel.org/stable/c/3e77036246123ff710fa2661dcaa12a45284f09b", "https://git.kernel.org/stable/c/8a0b544b7caedfbc05065b6377fd1d8bf7ef5e70", "https://git.kernel.org/stable/c/8f57f3e112cf1d16682b6ff9c31c72f40f7da9c9", "https://git.kernel.org/stable/c/957904f531fd857a92743b11fbc9c9ffdf7f3207", "https://git.kernel.org/stable/c/d94772154e524b329a168678836745d2773a6e02", "https://git.kernel.org/stable/c/f20191100952013f0916418cdaed0ab55c7b634c", "https://lore.kernel.org/linux-cve-announce/2025123026-CVE-2023-54187-4d68@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-54187", "https://www.cve.org/CVERecord?id=CVE-2023-54187" ], "PublishedDate": "2025-12-30T13:16:06.677Z", "LastModifiedDate": "2025-12-31T20:43:05.16Z" }, { "VulnerabilityID": "CVE-2023-54190", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-54190", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9b324e1c148afcf8949850d2f1b768e4f77ae6fe1ffae63b121e6d2c1b273700", "Title": "kernel: Kernel: Denial of Service via reference count leak in LED core", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nleds: led-core: Fix refcount leak in of_led_get()\n\nclass_find_device_by_of_node() calls class_find_device(), it will take\nthe reference, use the put_device() to drop the reference when not need\nanymore.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-54190", "https://git.kernel.org/linus/da1afe8e6099980fe1e2fd7436dca284af9d3f29 (6.3-rc1)", "https://git.kernel.org/stable/c/1d6101d9222e1ca8c01b3fa9ebf0dcf7bcd82564", "https://git.kernel.org/stable/c/690efcb5827c3bacbf1de90cd14907b91bf8cb7b", "https://git.kernel.org/stable/c/d880981b82223f9bf128dfdd2424abb0c658f345", "https://git.kernel.org/stable/c/da1afe8e6099980fe1e2fd7436dca284af9d3f29", "https://git.kernel.org/stable/c/ddf3e82164afd9381b1d52c9f00b3878f7b6d308", "https://lore.kernel.org/linux-cve-announce/2025123027-CVE-2023-54190-7c7d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-54190", "https://www.cve.org/CVERecord?id=CVE-2023-54190" ], "PublishedDate": "2025-12-30T13:16:06.997Z", "LastModifiedDate": "2025-12-31T20:43:05.16Z" }, { "VulnerabilityID": "CVE-2023-54201", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-54201", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7c404e4001a3553c73eeed9f8bac14d1968cf02073c77172a1fa1609f3159a19", "Title": "kernel: RDMA/efa: Fix wrong resources deallocation order", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/efa: Fix wrong resources deallocation order\n\nWhen trying to destroy QP or CQ, we first decrease the refcount and\npotentially free memory regions allocated for the object and then\nrequest the device to destroy the object. If the device fails, the\nobject isn't fully destroyed so the user/IB core can try to destroy the\nobject again which will lead to underflow when trying to decrease an\nalready zeroed refcount.\n\nDeallocate resources in reverse order of allocating them to safely free\nthem.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-54201", "https://git.kernel.org/linus/dc202c57e9a1423aed528e4b8dc949509cd32191 (6.6-rc1)", "https://git.kernel.org/stable/c/24f9884971f9b34915b67baacf7350a3f6f19ea4", "https://git.kernel.org/stable/c/cf38960386f3cc4abf395e556af915e4babcafd2", "https://git.kernel.org/stable/c/dc202c57e9a1423aed528e4b8dc949509cd32191", "https://git.kernel.org/stable/c/e79db2f51a564fd4daa3e508b987df5e81c34b20", "https://lore.kernel.org/linux-cve-announce/2025123030-CVE-2023-54201-3f26@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-54201", "https://www.cve.org/CVERecord?id=CVE-2023-54201" ], "PublishedDate": "2025-12-30T13:16:08.21Z", "LastModifiedDate": "2025-12-31T20:43:05.16Z" }, { "VulnerabilityID": "CVE-2023-54227", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-54227", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7b051e7b7f8754910ef5a722c467e2e7bee611d1699fd0e682102ca2060ba625", "Title": "kernel: blk-mq: fix tags leak when shrink nr_hw_queues", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-mq: fix tags leak when shrink nr_hw_queues\n\nAlthough we don't need to realloc set-\u003etags[] when shrink nr_hw_queues,\nwe need to free them. Or these tags will be leaked.\n\nHow to reproduce:\n1. mount -t configfs configfs /mnt\n2. modprobe null_blk nr_devices=0 submit_queues=8\n3. mkdir /mnt/nullb/nullb0\n4. echo 1 \u003e /mnt/nullb/nullb0/power\n5. echo 4 \u003e /mnt/nullb/nullb0/submit_queues\n6. rmdir /mnt/nullb/nullb0\n\nIn step 4, will alloc 9 tags (8 submit queues and 1 poll queue), then\nin step 5, new_nr_hw_queues = 5 (4 submit queues and 1 poll queue).\nAt last in step 6, only these 5 tags are freed, the other 4 tags leaked.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-54227", "https://git.kernel.org/linus/e1dd7bc93029024af5688253b0c05181d6e01f8e (6.6-rc1)", "https://git.kernel.org/stable/c/c0ef7493e68b8896806a2f598fcffbaa97333405", "https://git.kernel.org/stable/c/e1dd7bc93029024af5688253b0c05181d6e01f8e", "https://lore.kernel.org/linux-cve-announce/2025123029-CVE-2023-54227-5c6c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-54227", "https://www.cve.org/CVERecord?id=CVE-2023-54227" ], "PublishedDate": "2025-12-30T13:16:11.093Z", "LastModifiedDate": "2025-12-31T20:42:43.21Z" }, { "VulnerabilityID": "CVE-2023-54233", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-54233", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b6de58273975a1f32783054413e20410f8f6b9a38ae4e3f364749808f68afa9e", "Title": "kernel: ASoC: SOF: avoid a NULL dereference with unsupported widgets", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: avoid a NULL dereference with unsupported widgets\n\nIf an IPC4 topology contains an unsupported widget, its .module_info\nfield won't be set, then sof_ipc4_route_setup() will cause a kernel\nOops trying to dereference it. Add a check for such cases.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-54233", "https://git.kernel.org/linus/e3720f92e0237921da537e47a0b24e27899203f8 (6.3-rc6)", "https://git.kernel.org/stable/c/170818974e9732506195c6302743856cc8bdfd6f", "https://git.kernel.org/stable/c/e3720f92e0237921da537e47a0b24e27899203f8", "https://lore.kernel.org/linux-cve-announce/2025123031-CVE-2023-54233-1e82@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-54233", "https://www.cve.org/CVERecord?id=CVE-2023-54233" ], "PublishedDate": "2025-12-30T13:16:11.743Z", "LastModifiedDate": "2025-12-31T20:42:43.21Z" }, { "VulnerabilityID": "CVE-2023-54234", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-54234", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b5777ff8d41273d9227e4f3d4bc2ef2d53411a6ba791971cf10cae32033906a6", "Title": "kernel: scsi: mpi3mr: Fix missing mrioc-\u003eevtack_cmds initialization", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Fix missing mrioc-\u003eevtack_cmds initialization\n\nCommit c1af985d27da (\"scsi: mpi3mr: Add Event acknowledgment logic\")\nintroduced an array mrioc-\u003eevtack_cmds but initialization of the array\nelements was missed. They are just zero cleared. The function\nmpi3mr_complete_evt_ack() refers host_tag field of the elements. Due to the\nzero value of the host_tag field, the function calls clear_bit() for\nmrico-\u003eevtack_cmds_bitmap with wrong bit index. This results in memory\naccess to invalid address and \"BUG: KASAN: use-after-free\". This BUG was\nobserved at eHBA-9600 firmware update to version 8.3.1.0. To fix it, add\nthe missing initialization of mrioc-\u003eevtack_cmds.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-54234", "https://git.kernel.org/linus/e39ea831ebad4ab15c4748cb62a397a8abcca36e (6.3-rc1)", "https://git.kernel.org/stable/c/4e0dfdb48a824deac3dfbc67fb856ef2aee13529", "https://git.kernel.org/stable/c/67989091e11a974003ddf2ec39bc613df8eadd83", "https://git.kernel.org/stable/c/e39ea831ebad4ab15c4748cb62a397a8abcca36e", "https://lore.kernel.org/linux-cve-announce/2025123031-CVE-2023-54234-bb5c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-54234", "https://www.cve.org/CVERecord?id=CVE-2023-54234" ], "PublishedDate": "2025-12-30T13:16:11.847Z", "LastModifiedDate": "2025-12-31T20:42:43.21Z" }, { "VulnerabilityID": "CVE-2023-54237", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-54237", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5a36ffddf50193b274a555c56de2580b0a25da11699c90ee89701c15e17f9d38", "Title": "kernel: net/smc: fix potential panic dues to unprotected smc_llc_srv_add_link()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix potential panic dues to unprotected smc_llc_srv_add_link()\n\nThere is a certain chance to trigger the following panic:\n\nPID: 5900 TASK: ffff88c1c8af4100 CPU: 1 COMMAND: \"kworker/1:48\"\n #0 [ffff9456c1cc79a0] machine_kexec at ffffffff870665b7\n #1 [ffff9456c1cc79f0] __crash_kexec at ffffffff871b4c7a\n #2 [ffff9456c1cc7ab0] crash_kexec at ffffffff871b5b60\n #3 [ffff9456c1cc7ac0] oops_end at ffffffff87026ce7\n #4 [ffff9456c1cc7ae0] page_fault_oops at ffffffff87075715\n #5 [ffff9456c1cc7b58] exc_page_fault at ffffffff87ad0654\n #6 [ffff9456c1cc7b80] asm_exc_page_fault at ffffffff87c00b62\n [exception RIP: ib_alloc_mr+19]\n RIP: ffffffffc0c9cce3 RSP: ffff9456c1cc7c38 RFLAGS: 00010202\n RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000004\n RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffff88c1ea281d00 R8: 000000020a34ffff R9: ffff88c1350bbb20\n R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000\n R13: 0000000000000010 R14: ffff88c1ab040a50 R15: ffff88c1ea281d00\n ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018\n #7 [ffff9456c1cc7c60] smc_ib_get_memory_region at ffffffffc0aff6df [smc]\n #8 [ffff9456c1cc7c88] smcr_buf_map_link at ffffffffc0b0278c [smc]\n #9 [ffff9456c1cc7ce0] __smc_buf_create at ffffffffc0b03586 [smc]\n\nThe reason here is that when the server tries to create a second link,\nsmc_llc_srv_add_link() has no protection and may add a new link to\nlink group. This breaks the security environment protected by\nllc_conf_mutex.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-54237", "https://git.kernel.org/linus/e40b801b3603a8f90b46acbacdea3505c27f01c0 (6.3-rc1)", "https://git.kernel.org/stable/c/0c764cc271d3aa6528ae1b3394babf34ac01f775", "https://git.kernel.org/stable/c/e40b801b3603a8f90b46acbacdea3505c27f01c0", "https://git.kernel.org/stable/c/f2f46de98c11d41ac8d22765f47ba54ce5480a5b", "https://lore.kernel.org/linux-cve-announce/2025123032-CVE-2023-54237-c03d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-54237", "https://www.cve.org/CVERecord?id=CVE-2023-54237" ], "PublishedDate": "2025-12-30T13:16:12.193Z", "LastModifiedDate": "2025-12-31T20:42:43.21Z" }, { "VulnerabilityID": "CVE-2023-54242", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-54242", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:bbacd9d42c552740efe739e321904a30484a584010713eff8738f8b11e0a2a65", "Title": "kernel: block, bfq: Fix division by zero error on zero wsum", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock, bfq: Fix division by zero error on zero wsum\n\nWhen the weighted sum is zero the calculation of limit causes\na division by zero error. Fix this by continuing to the next level.\n\nThis was discovered by running as root:\n\nstress-ng --ioprio 0\n\nFixes divison by error oops:\n\n[ 521.450556] divide error: 0000 [#1] SMP NOPTI\n[ 521.450766] CPU: 2 PID: 2684464 Comm: stress-ng-iopri Not tainted 6.2.1-1280.native #1\n[ 521.451117] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.1-0-g3208b098f51a-prebuilt.qemu.org 04/01/2014\n[ 521.451627] RIP: 0010:bfqq_request_over_limit+0x207/0x400\n[ 521.451875] Code: 01 48 8d 0c c8 74 0b 48 8b 82 98 00 00 00 48 8d 0c c8 8b 85 34 ff ff ff 48 89 ca 41 0f af 41 50 48 d1 ea 48 98 48 01 d0 31 d2 \u003c48\u003e f7 f1 41 39 41 48 89 85 34 ff ff ff 0f 8c 7b 01 00 00 49 8b 44\n[ 521.452699] RSP: 0018:ffffb1af84eb3948 EFLAGS: 00010046\n[ 521.452938] RAX: 000000000000003c RBX: 0000000000000000 RCX: 0000000000000000\n[ 521.453262] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffb1af84eb3978\n[ 521.453584] RBP: ffffb1af84eb3a30 R08: 0000000000000001 R09: ffff8f88ab8a4ba0\n[ 521.453905] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8f88ab8a4b18\n[ 521.454224] R13: ffff8f8699093000 R14: 0000000000000001 R15: ffffb1af84eb3970\n[ 521.454549] FS: 00005640b6b0b580(0000) GS:ffff8f88b3880000(0000) knlGS:0000000000000000\n[ 521.454912] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 521.455170] CR2: 00007ffcbcae4e38 CR3: 00000002e46de001 CR4: 0000000000770ee0\n[ 521.455491] PKRU: 55555554\n[ 521.455619] Call Trace:\n[ 521.455736] \u003cTASK\u003e\n[ 521.455837] ? bfq_request_merge+0x3a/0xc0\n[ 521.456027] ? elv_merge+0x115/0x140\n[ 521.456191] bfq_limit_depth+0xc8/0x240\n[ 521.456366] __blk_mq_alloc_requests+0x21a/0x2c0\n[ 521.456577] blk_mq_submit_bio+0x23c/0x6c0\n[ 521.456766] __submit_bio+0xb8/0x140\n[ 521.457236] submit_bio_noacct_nocheck+0x212/0x300\n[ 521.457748] submit_bio_noacct+0x1a6/0x580\n[ 521.458220] submit_bio+0x43/0x80\n[ 521.458660] ext4_io_submit+0x23/0x80\n[ 521.459116] ext4_do_writepages+0x40a/0xd00\n[ 521.459596] ext4_writepages+0x65/0x100\n[ 521.460050] do_writepages+0xb7/0x1c0\n[ 521.460492] __filemap_fdatawrite_range+0xa6/0x100\n[ 521.460979] file_write_and_wait_range+0xbf/0x140\n[ 521.461452] ext4_sync_file+0x105/0x340\n[ 521.461882] __x64_sys_fsync+0x67/0x100\n[ 521.462305] ? syscall_exit_to_user_mode+0x2c/0x1c0\n[ 521.462768] do_syscall_64+0x3b/0xc0\n[ 521.463165] entry_SYSCALL_64_after_hwframe+0x5a/0xc4\n[ 521.463621] RIP: 0033:0x5640b6c56590\n[ 521.464006] Code: 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 80 3d 71 70 0e 00 00 74 17 b8 4a 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-54242", "https://git.kernel.org/linus/e53413f8deedf738a6782cc14cc00bd5852ccf18 (6.4-rc1)", "https://git.kernel.org/stable/c/1655cfc85250a224b0d9486c8136baeea33b9b5c", "https://git.kernel.org/stable/c/c0346a59d719461248c6dc6f21c9e55ef836b66f", "https://git.kernel.org/stable/c/e53413f8deedf738a6782cc14cc00bd5852ccf18", "https://lore.kernel.org/linux-cve-announce/2025123034-CVE-2023-54242-9771@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-54242", "https://www.cve.org/CVERecord?id=CVE-2023-54242" ], "PublishedDate": "2025-12-30T13:16:12.77Z", "LastModifiedDate": "2025-12-31T20:42:43.21Z" }, { "VulnerabilityID": "CVE-2023-54247", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-54247", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:fac846e59bcd08ea9613c52043a7005afa4a6cda0890ed82aa3e09f0b59325ef", "Title": "kernel: bpf: Silence a warning in btf_type_id_size()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Silence a warning in btf_type_id_size()\n\nsyzbot reported a warning in [1] with the following stacktrace:\n WARNING: CPU: 0 PID: 5005 at kernel/bpf/btf.c:1988 btf_type_id_size+0x2d9/0x9d0 kernel/bpf/btf.c:1988\n ...\n RIP: 0010:btf_type_id_size+0x2d9/0x9d0 kernel/bpf/btf.c:1988\n ...\n Call Trace:\n \u003cTASK\u003e\n map_check_btf kernel/bpf/syscall.c:1024 [inline]\n map_create+0x1157/0x1860 kernel/bpf/syscall.c:1198\n __sys_bpf+0x127f/0x5420 kernel/bpf/syscall.c:5040\n __do_sys_bpf kernel/bpf/syscall.c:5162 [inline]\n __se_sys_bpf kernel/bpf/syscall.c:5160 [inline]\n __x64_sys_bpf+0x79/0xc0 kernel/bpf/syscall.c:5160\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nWith the following btf\n [1] DECL_TAG 'a' type_id=4 component_idx=-1\n [2] PTR '(anon)' type_id=0\n [3] TYPE_TAG 'a' type_id=2\n [4] VAR 'a' type_id=3, linkage=static\nand when the bpf_attr.btf_key_type_id = 1 (DECL_TAG),\nthe following WARN_ON_ONCE in btf_type_id_size() is triggered:\n if (WARN_ON_ONCE(!btf_type_is_modifier(size_type) \u0026\u0026\n !btf_type_is_var(size_type)))\n return NULL;\n\nNote that 'return NULL' is the correct behavior as we don't want\na DECL_TAG type to be used as a btf_{key,value}_type_id even\nfor the case like 'DECL_TAG -\u003e STRUCT'. So there\nis no correctness issue here, we just want to silence warning.\n\nTo silence the warning, I added DECL_TAG as one of kinds in\nbtf_type_nosize() which will cause btf_type_id_size() returning\nNULL earlier without the warning.\n\n [1] https://lore.kernel.org/bpf/000000000000e0df8d05fc75ba86@google.com/", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-54247", "https://git.kernel.org/linus/e6c2f594ed961273479505b42040782820190305 (6.5-rc1)", "https://git.kernel.org/stable/c/61f4bd46a03a81865aca3bcbad2f7b7032fb3160", "https://git.kernel.org/stable/c/7c4f5ab63e7962812505cbd38cc765168a223acb", "https://git.kernel.org/stable/c/e6c2f594ed961273479505b42040782820190305", "https://lore.kernel.org/linux-cve-announce/2025123053-CVE-2023-54247-4cf1@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-54247", "https://www.cve.org/CVERecord?id=CVE-2023-54247" ], "PublishedDate": "2025-12-30T13:16:13.327Z", "LastModifiedDate": "2025-12-31T20:42:43.21Z" }, { "VulnerabilityID": "CVE-2023-54253", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-54253", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6d90bb5f334fc453e91057dd111a861cdf2958877bd4992e92b7af20a6a5f63d", "Title": "kernel: btrfs: set page extent mapped after read_folio in relocate_one_page", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: set page extent mapped after read_folio in relocate_one_page\n\nOne of the CI runs triggered the following panic\n\n assertion failed: PagePrivate(page) \u0026\u0026 page-\u003eprivate, in fs/btrfs/subpage.c:229\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/subpage.c:229!\n Internal error: Oops - BUG: 00000000f2000800 [#1] SMP\n CPU: 0 PID: 923660 Comm: btrfs Not tainted 6.5.0-rc3+ #1\n pstate: 61400005 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n pc : btrfs_subpage_assert+0xbc/0xf0\n lr : btrfs_subpage_assert+0xbc/0xf0\n sp : ffff800093213720\n x29: ffff800093213720 x28: ffff8000932138b4 x27: 000000000c280000\n x26: 00000001b5d00000 x25: 000000000c281000 x24: 000000000c281fff\n x23: 0000000000001000 x22: 0000000000000000 x21: ffffff42b95bf880\n x20: ffff42b9528e0000 x19: 0000000000001000 x18: ffffffffffffffff\n x17: 667274622f736620 x16: 6e69202c65746176 x15: 0000000000000028\n x14: 0000000000000003 x13: 00000000002672d7 x12: 0000000000000000\n x11: ffffcd3f0ccd9204 x10: ffffcd3f0554ae50 x9 : ffffcd3f0379528c\n x8 : ffff800093213428 x7 : 0000000000000000 x6 : ffffcd3f091771e8\n x5 : ffff42b97f333948 x4 : 0000000000000000 x3 : 0000000000000000\n x2 : 0000000000000000 x1 : ffff42b9556cde80 x0 : 000000000000004f\n Call trace:\n btrfs_subpage_assert+0xbc/0xf0\n btrfs_subpage_set_dirty+0x38/0xa0\n btrfs_page_set_dirty+0x58/0x88\n relocate_one_page+0x204/0x5f0\n relocate_file_extent_cluster+0x11c/0x180\n relocate_data_extent+0xd0/0xf8\n relocate_block_group+0x3d0/0x4e8\n btrfs_relocate_block_group+0x2d8/0x490\n btrfs_relocate_chunk+0x54/0x1a8\n btrfs_balance+0x7f4/0x1150\n btrfs_ioctl+0x10f0/0x20b8\n __arm64_sys_ioctl+0x120/0x11d8\n invoke_syscall.constprop.0+0x80/0xd8\n do_el0_svc+0x6c/0x158\n el0_svc+0x50/0x1b0\n el0t_64_sync_handler+0x120/0x130\n el0t_64_sync+0x194/0x198\n Code: 91098021 b0007fa0 91346000 97e9c6d2 (d4210000)\n\nThis is the same problem outlined in 17b17fcd6d44 (\"btrfs:\nset_page_extent_mapped after read_folio in btrfs_cont_expand\") , and the\nfix is the same. I originally looked for the same pattern elsewhere in\nour code, but mistakenly skipped over this code because I saw the page\ncache readahead before we set_page_extent_mapped, not realizing that\nthis was only in the !page case, that we can still end up with a\n!uptodate page and then do the btrfs_read_folio further down.\n\nThe fix here is the same as the above mentioned patch, move the\nset_page_extent_mapped call to after the btrfs_read_folio() block to\nmake sure that we have the subpage blocksize stuff setup properly before\nusing the page.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-54253", "https://git.kernel.org/linus/e7f1326cc24e22b38afc3acd328480a1183f9e79 (6.6-rc1)", "https://git.kernel.org/stable/c/08daa38ca212d87f77beae839bc9be71079c7abf", "https://git.kernel.org/stable/c/9d1e020ed9649cf140fcfafd052cfdcce9e9d67d", "https://git.kernel.org/stable/c/e7f1326cc24e22b38afc3acd328480a1183f9e79", "https://lore.kernel.org/linux-cve-announce/2025123055-CVE-2023-54253-18d1@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-54253", "https://www.cve.org/CVERecord?id=CVE-2023-54253" ], "PublishedDate": "2025-12-30T13:16:13.997Z", "LastModifiedDate": "2025-12-31T20:42:43.21Z" }, { "VulnerabilityID": "CVE-2023-54259", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-54259", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e208a5e7178724aecddd4bab9c3479fdff93ff78d60e9300019135bd9772f6d2", "Title": "kernel: soundwire: bus: Fix unbalanced pm_runtime_put() causing usage count underflow", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoundwire: bus: Fix unbalanced pm_runtime_put() causing usage count underflow\n\nThis reverts commit\n443a98e649b4 (\"soundwire: bus: use pm_runtime_resume_and_get()\")\n\nChange calls to pm_runtime_resume_and_get() back to pm_runtime_get_sync().\nThis fixes a usage count underrun caused by doing a pm_runtime_put() even\nthough pm_runtime_resume_and_get() returned an error.\n\nThe three affected functions ignore -EACCES error from trying to get\npm_runtime, and carry on, including a put at the end of the function.\nBut pm_runtime_resume_and_get() does not increment the usage count if it\nreturns an error. So in the -EACCES case you must not call\npm_runtime_put().\n\nThe documentation for pm_runtime_get_sync() says:\n \"Consider using pm_runtime_resume_and_get() ... as this is likely to\n result in cleaner code.\"\n\nIn this case I don't think it results in cleaner code because the\npm_runtime_put() at the end of the function would have to be conditional on\nthe return value from pm_runtime_resume_and_get() at the top of the\nfunction.\n\npm_runtime_get_sync() doesn't have this problem because it always\nincrements the count, so always needs a put. The code can just flow through\nand do the pm_runtime_put() unconditionally.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-54259", "https://git.kernel.org/linus/e9537962519e88969f5f69cd0571eb4f6984403c (6.4-rc1)", "https://git.kernel.org/stable/c/203aa4374c433159f163acde2d0bd4118f23bbaf", "https://git.kernel.org/stable/c/4e5e9da139c007dfc397a159093b4c4187ee67fa", "https://git.kernel.org/stable/c/e9537962519e88969f5f69cd0571eb4f6984403c", "https://lore.kernel.org/linux-cve-announce/2025123057-CVE-2023-54259-64ee@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-54259", "https://www.cve.org/CVERecord?id=CVE-2023-54259" ], "PublishedDate": "2025-12-30T13:16:14.67Z", "LastModifiedDate": "2025-12-31T20:42:43.21Z" }, { "VulnerabilityID": "CVE-2023-54261", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-54261", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3536df8d0f1b78060d01970b1652cf1adfdfff36642246425432e4f8c1e9ddb1", "Title": "kernel: drm/amdkfd: Add missing gfx11 MQD manager callbacks", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Add missing gfx11 MQD manager callbacks\n\nmqd_stride function was introduced in commit 2f77b9a242a2\n(\"drm/amdkfd: Update MQD management on multi XCC setup\")\nbut not assigned for gfx11. Fixes a NULL dereference in debugfs.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-54261", "https://git.kernel.org/linus/e9dca969b2426702a73719ab9207e43c6d80b581 (6.6-rc1)", "https://git.kernel.org/stable/c/399b73d6b7720a9eae68a333193b53ed4f432fe5", "https://git.kernel.org/stable/c/e9dca969b2426702a73719ab9207e43c6d80b581", "https://lore.kernel.org/linux-cve-announce/2025123057-CVE-2023-54261-0331@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-54261", "https://www.cve.org/CVERecord?id=CVE-2023-54261" ], "PublishedDate": "2025-12-30T13:16:14.89Z", "LastModifiedDate": "2025-12-31T20:42:43.21Z" }, { "VulnerabilityID": "CVE-2023-54263", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-54263", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:19bb70f9d753acb99ccf29485e96696ac60c8ffc39bef8e1128c488fc566d133", "Title": "kernel: drm/nouveau/kms/nv50-: init hpd_irq_lock for PIOR DP", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/kms/nv50-: init hpd_irq_lock for PIOR DP\n\nFixes OOPS on boards with ANX9805 DP encoders.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-54263", "https://git.kernel.org/linus/ea293f823a8805735d9e00124df81a8f448ed1ae (6.5-rc3)", "https://git.kernel.org/stable/c/92d48ce21645267c574268678131cd2b648dad0f", "https://git.kernel.org/stable/c/ea293f823a8805735d9e00124df81a8f448ed1ae", "https://lore.kernel.org/linux-cve-announce/2025123058-CVE-2023-54263-0976@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-54263", "https://www.cve.org/CVERecord?id=CVE-2023-54263" ], "PublishedDate": "2025-12-30T13:16:15.097Z", "LastModifiedDate": "2025-12-31T20:42:43.21Z" }, { "VulnerabilityID": "CVE-2023-54271", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-54271", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1c6dd40c81c20b4ad9e74a4d705763dfbcce22121ddf62e889f53b7dd52f2df3", "Title": "kernel: Linux kernel: Denial of Service via NULL pointer dereference in blk-cgroup", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init\n\nblk-iocost sometimes causes the following crash:\n\n BUG: kernel NULL pointer dereference, address: 00000000000000e0\n ...\n RIP: 0010:_raw_spin_lock+0x17/0x30\n Code: be 01 02 00 00 e8 79 38 39 ff 31 d2 89 d0 5d c3 0f 1f 00 0f 1f 44 00 00 55 48 89 e5 65 ff 05 48 d0 34 7e b9 01 00 00 00 31 c0 \u003cf0\u003e 0f b1 0f 75 02 5d c3 89 c6 e8 ea 04 00 00 5d c3 0f 1f 84 00 00\n RSP: 0018:ffffc900023b3d40 EFLAGS: 00010046\n RAX: 0000000000000000 RBX: 00000000000000e0 RCX: 0000000000000001\n RDX: ffffc900023b3d20 RSI: ffffc900023b3cf0 RDI: 00000000000000e0\n RBP: ffffc900023b3d40 R08: ffffc900023b3c10 R09: 0000000000000003\n R10: 0000000000000064 R11: 000000000000000a R12: ffff888102337000\n R13: fffffffffffffff2 R14: ffff88810af408c8 R15: ffff8881070c3600\n FS: 00007faaaf364fc0(0000) GS:ffff88842fdc0000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00000000000000e0 CR3: 00000001097b1000 CR4: 0000000000350ea0\n Call Trace:\n \u003cTASK\u003e\n ioc_weight_write+0x13d/0x410\n cgroup_file_write+0x7a/0x130\n kernfs_fop_write_iter+0xf5/0x170\n vfs_write+0x298/0x370\n ksys_write+0x5f/0xb0\n __x64_sys_write+0x1b/0x20\n do_syscall_64+0x3d/0x80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nThis happens because iocg-\u003eioc is NULL. The field is initialized by\nioc_pd_init() and never cleared. The NULL deref is caused by\nblkcg_activate_policy() installing blkg_policy_data before initializing it.\n\nblkcg_activate_policy() was doing the following:\n\n1. Allocate pd's for all existing blkg's and install them in blkg-\u003epd[].\n2. Initialize all pd's.\n3. Online all pd's.\n\nblkcg_activate_policy() only grabs the queue_lock and may release and\nre-acquire the lock as allocation may need to sleep. ioc_weight_write()\ngrabs blkcg-\u003elock and iterates all its blkg's. The two can race and if\nioc_weight_write() runs during #1 or between #1 and #2, it can encounter a\npd which is not initialized yet, leading to crash.\n\nThe crash can be reproduced with the following script:\n\n #!/bin/bash\n\n echo +io \u003e /sys/fs/cgroup/cgroup.subtree_control\n systemd-run --unit touch-sda --scope dd if=/dev/sda of=/dev/null bs=1M count=1 iflag=direct\n echo 100 \u003e /sys/fs/cgroup/system.slice/io.weight\n bash -c \"echo '8:0 enable=1' \u003e /sys/fs/cgroup/io.cost.qos\" \u0026\n sleep .2\n echo 100 \u003e /sys/fs/cgroup/system.slice/io.weight\n\nwith the following patch applied:\n\n\u003e diff --git a/block/blk-cgroup.c b/block/blk-cgroup.c\n\u003e index fc49be622e05..38d671d5e10c 100644\n\u003e --- a/block/blk-cgroup.c\n\u003e +++ b/block/blk-cgroup.c\n\u003e @@ -1553,6 +1553,12 @@ int blkcg_activate_policy(struct gendisk *disk, const struct blkcg_policy *pol)\n\u003e \t\tpd-\u003eonline = false;\n\u003e \t}\n\u003e\n\u003e + if (system_state == SYSTEM_RUNNING) {\n\u003e + spin_unlock_irq(\u0026q-\u003equeue_lock);\n\u003e + ssleep(1);\n\u003e + spin_lock_irq(\u0026q-\u003equeue_lock);\n\u003e + }\n\u003e +\n\u003e \t/* all allocated, init in the same order */\n\u003e \tif (pol-\u003epd_init_fn)\n\u003e \t\tlist_for_each_entry_reverse(blkg, \u0026q-\u003eblkg_list, q_node)\n\nI don't see a reason why all pd's should be allocated, initialized and\nonlined together. The only ordering requirement is that parent blkgs to be\ninitialized and onlined before children, which is guaranteed from the\nwalking order. Let's fix the bug by allocating, initializing and onlining pd\nfor each blkg and holding blkcg-\u003elock over initialization and onlining. This\nensures that an installed blkg is always fully initialized and onlined\nremoving the the race window.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-54271", "https://git.kernel.org/linus/ec14a87ee1999b19d8b7ed0fa95fea80644624ae (6.6-rc1)", "https://git.kernel.org/stable/c/7d63c6f9765339dcfc34b7365ced7c518012e4fe", "https://git.kernel.org/stable/c/e39ef7880d1057b2ebcdb013405f4d84a257db23", "https://git.kernel.org/stable/c/ec14a87ee1999b19d8b7ed0fa95fea80644624ae", "https://lore.kernel.org/linux-cve-announce/2025123001-CVE-2023-54271-d75a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-54271", "https://www.cve.org/CVERecord?id=CVE-2023-54271" ], "PublishedDate": "2025-12-30T13:16:16Z", "LastModifiedDate": "2025-12-31T20:42:43.21Z" }, { "VulnerabilityID": "CVE-2023-54280", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-54280", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0733c872f3d81279ecd4b91af387be7bde9531903397ccc9fa4820b2d8e8fb7f", "Title": "kernel: cifs: fix potential race when tree connecting ipc", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix potential race when tree connecting ipc\n\nProtect access of TCP_Server_Info::hostname when building the ipc tree\nname as it might get freed in cifsd thread and thus causing an\nuse-after-free bug in __tree_connect_dfs_target(). Also, while at it,\nupdate status of IPC tcon on success and then avoid any extra tree\nconnects.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-54280", "https://git.kernel.org/linus/ee20d7c6100752eaf2409d783f4f1449c29ea33d (6.4-rc1)", "https://git.kernel.org/stable/c/536ec71ba060a02fabe8e22cecb82fe7b3a8708b", "https://git.kernel.org/stable/c/553476df55a111e6a66ad9155256aec0ec1b7ad0", "https://git.kernel.org/stable/c/ee20d7c6100752eaf2409d783f4f1449c29ea33d", "https://lore.kernel.org/linux-cve-announce/2025123026-CVE-2023-54280-26ee@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-54280", "https://www.cve.org/CVERecord?id=CVE-2023-54280" ], "PublishedDate": "2025-12-30T13:16:16.97Z", "LastModifiedDate": "2025-12-31T20:42:43.21Z" }, { "VulnerabilityID": "CVE-2023-54285", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-54285", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1a2f174fc650f0624d8ac49393a43e3362fd9cc49ae2201f6a7df4f174cd9390", "Title": "kernel: iomap: Fix possible overflow condition in iomap_write_delalloc_scan", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\niomap: Fix possible overflow condition in iomap_write_delalloc_scan\n\nfolio_next_index() returns an unsigned long value which left shifted\nby PAGE_SHIFT could possibly cause an overflow on 32-bit system. Instead\nuse folio_pos(folio) + folio_size(folio), which does this correctly.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "amazon": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 2.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-54285", "https://git.kernel.org/linus/eee2d2e6ea5550118170dbd5bb1316ceb38455fb (6.6-rc1)", "https://git.kernel.org/stable/c/0c6cf409093f307ee05114f834516730c0da5b21", "https://git.kernel.org/stable/c/5c281b0c5d18c8eeb1cfd5023f4adb153e6d1240", "https://git.kernel.org/stable/c/eee2d2e6ea5550118170dbd5bb1316ceb38455fb", "https://lore.kernel.org/linux-cve-announce/2025123027-CVE-2023-54285-edc0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-54285", "https://www.cve.org/CVERecord?id=CVE-2023-54285" ], "PublishedDate": "2025-12-30T13:16:17.52Z", "LastModifiedDate": "2026-02-26T18:44:44.413Z" }, { "VulnerabilityID": "CVE-2023-54320", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-54320", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8cff0c70baa81169c14185cbf0ba6348e7b122e2c96345e7c18102de69bd9146", "Title": "kernel: platform/x86/amd: pmc: Fix memory leak in amd_pmc_stb_debugfs_open_v2()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86/amd: pmc: Fix memory leak in amd_pmc_stb_debugfs_open_v2()\n\nFunction amd_pmc_stb_debugfs_open_v2() may be called when the STB\ndebug mechanism enabled.\n\nWhen amd_pmc_send_cmd() fails, the 'buf' needs to be released.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-54320", "https://git.kernel.org/linus/f6e7ac4c35a28aef0be93b32c533ae678ad0b9e7 (6.4-rc1)", "https://git.kernel.org/stable/c/d804adef7b23b22bb82e1b3dd113e9073cea9bc1", "https://git.kernel.org/stable/c/f6e7ac4c35a28aef0be93b32c533ae678ad0b9e7", "https://lore.kernel.org/linux-cve-announce/2025123021-CVE-2023-54320-465d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-54320", "https://www.cve.org/CVERecord?id=CVE-2023-54320" ], "PublishedDate": "2025-12-30T13:16:21.307Z", "LastModifiedDate": "2025-12-31T20:42:43.21Z" }, { "VulnerabilityID": "CVE-2023-54323", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-54323", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0aa22544b0b120a40e70159e4a01feabb9599cda41f49261203f9858e4e0bb20", "Title": "kernel: cxl/pmem: Fix nvdimm registration races", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/pmem: Fix nvdimm registration races\n\nA loop of the form:\n\n while true; do modprobe cxl_pci; modprobe -r cxl_pci; done\n\n...fails with the following crash signature:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000040\n [..]\n RIP: 0010:cxl_internal_send_cmd+0x5/0xb0 [cxl_core]\n [..]\n Call Trace:\n \u003cTASK\u003e\n cxl_pmem_ctl+0x121/0x240 [cxl_pmem]\n nvdimm_get_config_data+0xd6/0x1a0 [libnvdimm]\n nd_label_data_init+0x135/0x7e0 [libnvdimm]\n nvdimm_probe+0xd6/0x1c0 [libnvdimm]\n nvdimm_bus_probe+0x7a/0x1e0 [libnvdimm]\n really_probe+0xde/0x380\n __driver_probe_device+0x78/0x170\n driver_probe_device+0x1f/0x90\n __device_attach_driver+0x85/0x110\n bus_for_each_drv+0x7d/0xc0\n __device_attach+0xb4/0x1e0\n bus_probe_device+0x9f/0xc0\n device_add+0x445/0x9c0\n nd_async_device_register+0xe/0x40 [libnvdimm]\n async_run_entry_fn+0x30/0x130\n\n...namely that the bottom half of async nvdimm device registration runs\nafter the CXL has already torn down the context that cxl_pmem_ctl()\nneeds. Unlike the ACPI NFIT case that benefits from launching multiple\nnvdimm device registrations in parallel from those listed in the table,\nCXL is already marked PROBE_PREFER_ASYNCHRONOUS. So provide for a\nsynchronous registration path to preclude this scenario.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-54323", "https://git.kernel.org/linus/f57aec443c24d2e8e1f3b5b4856aea12ddda4254 (6.3-rc1)", "https://git.kernel.org/stable/c/18c65667fa9104780eeaa0dc1bc240f0c2094772", "https://git.kernel.org/stable/c/a371788d4f4a7f59eecd22644331d599979fd283", "https://git.kernel.org/stable/c/f57aec443c24d2e8e1f3b5b4856aea12ddda4254", "https://lore.kernel.org/linux-cve-announce/2025123015-CVE-2023-54323-423a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-54323", "https://www.cve.org/CVERecord?id=CVE-2023-54323" ], "PublishedDate": "2025-12-30T13:16:21.627Z", "LastModifiedDate": "2025-12-31T20:42:43.21Z" }, { "VulnerabilityID": "CVE-2023-54324", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-54324", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b0136fde3a5b72c1390bf53c68a8d1147785ed68df6886d7cf1aafd970116109", "Title": "kernel: dm: fix a race condition in retrieve_deps", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: fix a race condition in retrieve_deps\n\nThere's a race condition in the multipath target when retrieve_deps\nraces with multipath_message calling dm_get_device and dm_put_device.\nretrieve_deps walks the list of open devices without holding any lock\nbut multipath may add or remove devices to the list while it is\nrunning. The end result may be memory corruption or use-after-free\nmemory access.\n\nSee this description of a UAF with multipath_message():\nhttps://listman.redhat.com/archives/dm-devel/2022-October/052373.html\n\nFix this bug by introducing a new rw semaphore \"devices_lock\". We grab\ndevices_lock for read in retrieve_deps and we grab it for write in\ndm_get_device and dm_put_device.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-54324", "https://git.kernel.org/linus/f6007dce0cd35d634d9be91ef3515a6385dcee16 (6.6-rc2)", "https://git.kernel.org/stable/c/38f6e5ae5d9ff4a4050ea6f7b543d5d5a4e087cf", "https://git.kernel.org/stable/c/dbf1a719850577bb51fc7512a3972994b797a17b", "https://git.kernel.org/stable/c/f6007dce0cd35d634d9be91ef3515a6385dcee16", "https://lore.kernel.org/linux-cve-announce/2025123015-CVE-2023-54324-7149@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-54324", "https://www.cve.org/CVERecord?id=CVE-2023-54324" ], "PublishedDate": "2025-12-30T13:16:21.733Z", "LastModifiedDate": "2025-12-31T20:42:43.21Z" }, { "VulnerabilityID": "CVE-2023-6610", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-6610", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e199d29886e0efa4f0eb42880a84c063c3c76b688533b3848e82b6a66eedbdfb", "Title": "kernel: OOB Access in smb2_dump_detail", "Description": "An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "alma": 3, "nvd": 3, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:0723", "https://access.redhat.com/errata/RHSA-2024:0724", "https://access.redhat.com/errata/RHSA-2024:0725", "https://access.redhat.com/errata/RHSA-2024:0881", "https://access.redhat.com/errata/RHSA-2024:0897", "https://access.redhat.com/errata/RHSA-2024:1248", "https://access.redhat.com/errata/RHSA-2024:1404", "https://access.redhat.com/errata/RHSA-2024:2094", "https://access.redhat.com/security/cve/CVE-2023-6610", "https://bugzilla.kernel.org/show_bug.cgi?id=218219", "https://bugzilla.redhat.com/2087568", "https://bugzilla.redhat.com/2144379", "https://bugzilla.redhat.com/2161310", "https://bugzilla.redhat.com/2173403", "https://bugzilla.redhat.com/2187813", "https://bugzilla.redhat.com/2187931", "https://bugzilla.redhat.com/2231800", "https://bugzilla.redhat.com/2237757", "https://bugzilla.redhat.com/2244723", "https://bugzilla.redhat.com/2245514", "https://bugzilla.redhat.com/2246944", "https://bugzilla.redhat.com/2246945", "https://bugzilla.redhat.com/2253611", "https://bugzilla.redhat.com/2253614", "https://bugzilla.redhat.com/2253908", "https://bugzilla.redhat.com/2254052", "https://bugzilla.redhat.com/2254053", "https://bugzilla.redhat.com/2254054", "https://bugzilla.redhat.com/2255139", "https://bugzilla.redhat.com/show_bug.cgi?id=2253614", "https://errata.almalinux.org/8/ALSA-2024-0897.html", "https://linux.oracle.com/cve/CVE-2023-6610.html", "https://linux.oracle.com/errata/ELSA-2024-1248.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-6610", "https://ubuntu.com/security/notices/USN-6688-1", "https://ubuntu.com/security/notices/USN-6724-1", "https://ubuntu.com/security/notices/USN-6724-2", "https://ubuntu.com/security/notices/USN-7123-1", "https://ubuntu.com/security/notices/USN-7194-1", "https://www.cve.org/CVERecord?id=CVE-2023-6610" ], "PublishedDate": "2023-12-08T17:15:07.933Z", "LastModifiedDate": "2024-11-21T08:44:11.657Z" }, { "VulnerabilityID": "CVE-2024-14027", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-14027", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e43fd54c05c777a1bdc63246d81cc06fcaad69324f6fbb3cd44e90d86eb0df29", "Title": "kernel: xattr: switch to CLASS(fd)", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/xattr: missing fdput() in fremovexattr error path\n\nIn the Linux kernel, the fremovexattr() syscall calls fdget() to acquire a\nfile reference but returns early without calling fdput() when\nstrncpy_from_user() fails on the name argument. In multi-threaded processes\nwhere fdget() takes the slow path, this permanently leaks one\nfile reference per call, pinning the struct file and associated kernel\nobjects in memory. An unprivileged local user can exploit this to cause\nkernel memory exhaustion. The issue was inadvertently fixed by commit\na71874379ec8 (\"xattr: switch to CLASS(fd)\").", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-14027", "https://git.kernel.org/linus/a71874379ec8c6e788a61d71b3ad014a8d9a5c08 (6.13-rc1)", "https://git.kernel.org/stable/c/5a1e865e51063d6c56f673ec8ad4b6604321b455", "https://git.kernel.org/stable/c/a71874379ec8c6e788a61d71b3ad014a8d9a5c08", "https://git.kernel.org/stable/c/d151b94967c8247005435b63fc60f8f4baa320da", "https://lore.kernel.org/linux-cve-announce/2026030917-CVE-2024-14027-5c00@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-14027", "https://www.cve.org/CVERecord?id=CVE-2024-14027" ], "PublishedDate": "2026-03-09T16:16:14.313Z", "LastModifiedDate": "2026-04-02T12:16:17.013Z" }, { "VulnerabilityID": "CVE-2024-26595", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26595", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d3545a03b0cbbe1a2af93f709632e030127d904c9bdd8c25042b98c78a116b4a", "Title": "kernel: mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path\n\nWhen calling mlxsw_sp_acl_tcam_region_destroy() from an error path after\nfailing to attach the region to an ACL group, we hit a NULL pointer\ndereference upon 'region-\u003egroup-\u003etcam' [1].\n\nFix by retrieving the 'tcam' pointer using mlxsw_sp_acl_to_tcam().\n\n[1]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n[...]\nRIP: 0010:mlxsw_sp_acl_tcam_region_destroy+0xa0/0xd0\n[...]\nCall Trace:\n mlxsw_sp_acl_tcam_vchunk_get+0x88b/0xa20\n mlxsw_sp_acl_tcam_ventry_add+0x25/0xe0\n mlxsw_sp_acl_rule_add+0x47/0x240\n mlxsw_sp_flower_replace+0x1a9/0x1d0\n tc_setup_cb_add+0xdc/0x1c0\n fl_hw_replace_filter+0x146/0x1f0\n fl_change+0xc17/0x1360\n tc_new_tfilter+0x472/0xb90\n rtnetlink_rcv_msg+0x313/0x3b0\n netlink_rcv_skb+0x58/0x100\n netlink_unicast+0x244/0x390\n netlink_sendmsg+0x1e4/0x440\n ____sys_sendmsg+0x164/0x260\n ___sys_sendmsg+0x9a/0xe0\n __sys_sendmsg+0x7a/0xc0\n do_syscall_64+0x40/0xe0\n entry_SYSCALL_64_after_hwframe+0x63/0x6b", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 3, "nvd": 2, "oracle-oval": 3, "redhat": 1, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:7001", "https://access.redhat.com/security/cve/CVE-2024-26595", "https://bugzilla.redhat.com/2258012", "https://bugzilla.redhat.com/2258013", "https://bugzilla.redhat.com/2260038", "https://bugzilla.redhat.com/2265799", "https://bugzilla.redhat.com/2266358", "https://bugzilla.redhat.com/2266750", "https://bugzilla.redhat.com/2267036", "https://bugzilla.redhat.com/2267041", "https://bugzilla.redhat.com/2267795", "https://bugzilla.redhat.com/2267916", "https://bugzilla.redhat.com/2267925", "https://bugzilla.redhat.com/2268295", "https://bugzilla.redhat.com/2271648", "https://bugzilla.redhat.com/2271796", "https://bugzilla.redhat.com/2272793", "https://bugzilla.redhat.com/2273141", "https://bugzilla.redhat.com/2273148", "https://bugzilla.redhat.com/2273180", "https://bugzilla.redhat.com/2275661", "https://bugzilla.redhat.com/2275690", "https://bugzilla.redhat.com/2275742", "https://bugzilla.redhat.com/2277171", "https://bugzilla.redhat.com/2278220", "https://bugzilla.redhat.com/2278270", "https://bugzilla.redhat.com/2278447", "https://bugzilla.redhat.com/2281217", "https://bugzilla.redhat.com/2281317", "https://bugzilla.redhat.com/2281704", "https://bugzilla.redhat.com/2281720", "https://bugzilla.redhat.com/2281807", "https://bugzilla.redhat.com/2281847", "https://bugzilla.redhat.com/2282324", "https://bugzilla.redhat.com/2282345", "https://bugzilla.redhat.com/2282354", "https://bugzilla.redhat.com/2282355", "https://bugzilla.redhat.com/2282356", "https://bugzilla.redhat.com/2282357", "https://bugzilla.redhat.com/2282366", "https://bugzilla.redhat.com/2282401", "https://bugzilla.redhat.com/2282422", "https://bugzilla.redhat.com/2282440", "https://bugzilla.redhat.com/2282508", "https://bugzilla.redhat.com/2282511", "https://bugzilla.redhat.com/2282676", "https://bugzilla.redhat.com/2282757", "https://bugzilla.redhat.com/2282851", "https://bugzilla.redhat.com/2282890", "https://bugzilla.redhat.com/2282903", "https://bugzilla.redhat.com/2282918", "https://bugzilla.redhat.com/2283389", "https://bugzilla.redhat.com/2283424", "https://bugzilla.redhat.com/2284271", "https://bugzilla.redhat.com/2284515", "https://bugzilla.redhat.com/2284545", "https://bugzilla.redhat.com/2284596", "https://bugzilla.redhat.com/2284628", "https://bugzilla.redhat.com/2284634", "https://bugzilla.redhat.com/2293247", "https://bugzilla.redhat.com/2293270", "https://bugzilla.redhat.com/2293273", "https://bugzilla.redhat.com/2293304", "https://bugzilla.redhat.com/2293377", "https://bugzilla.redhat.com/2293408", "https://bugzilla.redhat.com/2293423", "https://bugzilla.redhat.com/2293440", "https://bugzilla.redhat.com/2293441", "https://bugzilla.redhat.com/2293658", "https://bugzilla.redhat.com/2294313", "https://bugzilla.redhat.com/2297471", "https://bugzilla.redhat.com/2297473", "https://bugzilla.redhat.com/2297478", "https://bugzilla.redhat.com/2297488", "https://bugzilla.redhat.com/2297495", "https://bugzilla.redhat.com/2297496", "https://bugzilla.redhat.com/2297513", "https://bugzilla.redhat.com/2297515", "https://bugzilla.redhat.com/2297525", "https://bugzilla.redhat.com/2297538", "https://bugzilla.redhat.com/2297542", "https://bugzilla.redhat.com/2297543", "https://bugzilla.redhat.com/2297544", "https://bugzilla.redhat.com/2297556", "https://bugzilla.redhat.com/2297561", "https://bugzilla.redhat.com/2297562", "https://bugzilla.redhat.com/2297572", "https://bugzilla.redhat.com/2297573", "https://bugzilla.redhat.com/2297579", "https://bugzilla.redhat.com/2297581", "https://bugzilla.redhat.com/2297582", "https://bugzilla.redhat.com/2297589", "https://bugzilla.redhat.com/2297706", "https://bugzilla.redhat.com/2297909", "https://bugzilla.redhat.com/2298079", "https://bugzilla.redhat.com/2298140", "https://bugzilla.redhat.com/2298177", "https://bugzilla.redhat.com/2298640", "https://bugzilla.redhat.com/2299240", "https://bugzilla.redhat.com/2299336", "https://bugzilla.redhat.com/2299452", "https://bugzilla.redhat.com/2300296", "https://bugzilla.redhat.com/2300297", "https://bugzilla.redhat.com/2300402", "https://bugzilla.redhat.com/2300407", "https://bugzilla.redhat.com/2300408", "https://bugzilla.redhat.com/2300409", "https://bugzilla.redhat.com/2300410", "https://bugzilla.redhat.com/2300414", "https://bugzilla.redhat.com/2300429", "https://bugzilla.redhat.com/2300430", "https://bugzilla.redhat.com/2300434", "https://bugzilla.redhat.com/2300448", "https://bugzilla.redhat.com/2300453", "https://bugzilla.redhat.com/2300492", "https://bugzilla.redhat.com/2300533", "https://bugzilla.redhat.com/2300552", "https://bugzilla.redhat.com/2300713", "https://bugzilla.redhat.com/2301477", "https://bugzilla.redhat.com/2301489", "https://bugzilla.redhat.com/2301496", "https://bugzilla.redhat.com/2301519", "https://bugzilla.redhat.com/2301522", "https://bugzilla.redhat.com/2301544", "https://bugzilla.redhat.com/2303077", "https://bugzilla.redhat.com/2303505", "https://bugzilla.redhat.com/2303506", "https://bugzilla.redhat.com/2303508", "https://bugzilla.redhat.com/2303514", "https://bugzilla.redhat.com/2305467", "https://bugzilla.redhat.com/2306365", "https://bugzilla.redhat.com/show_bug.cgi?id=2258012", "https://bugzilla.redhat.com/show_bug.cgi?id=2258013", "https://bugzilla.redhat.com/show_bug.cgi?id=2260038", "https://bugzilla.redhat.com/show_bug.cgi?id=2265799", "https://bugzilla.redhat.com/show_bug.cgi?id=2265838", "https://bugzilla.redhat.com/show_bug.cgi?id=2266358", "https://bugzilla.redhat.com/show_bug.cgi?id=2266750", "https://bugzilla.redhat.com/show_bug.cgi?id=2267036", "https://bugzilla.redhat.com/show_bug.cgi?id=2267041", "https://bugzilla.redhat.com/show_bug.cgi?id=2267795", "https://bugzilla.redhat.com/show_bug.cgi?id=2267916", "https://bugzilla.redhat.com/show_bug.cgi?id=2267925", "https://bugzilla.redhat.com/show_bug.cgi?id=2268295", "https://bugzilla.redhat.com/show_bug.cgi?id=2270103", "https://bugzilla.redhat.com/show_bug.cgi?id=2271648", "https://bugzilla.redhat.com/show_bug.cgi?id=2271796", "https://bugzilla.redhat.com/show_bug.cgi?id=2272793", "https://bugzilla.redhat.com/show_bug.cgi?id=2273141", "https://bugzilla.redhat.com/show_bug.cgi?id=2273148", "https://bugzilla.redhat.com/show_bug.cgi?id=2273180", "https://bugzilla.redhat.com/show_bug.cgi?id=2275558", "https://bugzilla.redhat.com/show_bug.cgi?id=2275661", "https://bugzilla.redhat.com/show_bug.cgi?id=2275690", "https://bugzilla.redhat.com/show_bug.cgi?id=2275742", "https://bugzilla.redhat.com/show_bug.cgi?id=2277171", "https://bugzilla.redhat.com/show_bug.cgi?id=2278220", "https://bugzilla.redhat.com/show_bug.cgi?id=2278270", "https://bugzilla.redhat.com/show_bug.cgi?id=2278447", "https://bugzilla.redhat.com/show_bug.cgi?id=2281217", "https://bugzilla.redhat.com/show_bug.cgi?id=2281317", "https://bugzilla.redhat.com/show_bug.cgi?id=2281704", "https://bugzilla.redhat.com/show_bug.cgi?id=2281720", "https://bugzilla.redhat.com/show_bug.cgi?id=2281807", "https://bugzilla.redhat.com/show_bug.cgi?id=2281847", "https://bugzilla.redhat.com/show_bug.cgi?id=2282324", "https://bugzilla.redhat.com/show_bug.cgi?id=2282345", "https://bugzilla.redhat.com/show_bug.cgi?id=2282354", "https://bugzilla.redhat.com/show_bug.cgi?id=2282355", "https://bugzilla.redhat.com/show_bug.cgi?id=2282356", "https://bugzilla.redhat.com/show_bug.cgi?id=2282357", "https://bugzilla.redhat.com/show_bug.cgi?id=2282366", "https://bugzilla.redhat.com/show_bug.cgi?id=2282401", "https://bugzilla.redhat.com/show_bug.cgi?id=2282422", "https://bugzilla.redhat.com/show_bug.cgi?id=2282440", "https://bugzilla.redhat.com/show_bug.cgi?id=2282508", "https://bugzilla.redhat.com/show_bug.cgi?id=2282511", "https://bugzilla.redhat.com/show_bug.cgi?id=2282648", "https://bugzilla.redhat.com/show_bug.cgi?id=2282669", "https://bugzilla.redhat.com/show_bug.cgi?id=2282676", "https://bugzilla.redhat.com/show_bug.cgi?id=2282757", "https://bugzilla.redhat.com/show_bug.cgi?id=2282764", "https://bugzilla.redhat.com/show_bug.cgi?id=2282851", "https://bugzilla.redhat.com/show_bug.cgi?id=2282890", "https://bugzilla.redhat.com/show_bug.cgi?id=2282903", "https://bugzilla.redhat.com/show_bug.cgi?id=2282918", "https://bugzilla.redhat.com/show_bug.cgi?id=2283389", "https://bugzilla.redhat.com/show_bug.cgi?id=2283424", "https://bugzilla.redhat.com/show_bug.cgi?id=2284271", "https://bugzilla.redhat.com/show_bug.cgi?id=2284511", "https://bugzilla.redhat.com/show_bug.cgi?id=2284515", "https://bugzilla.redhat.com/show_bug.cgi?id=2284545", "https://bugzilla.redhat.com/show_bug.cgi?id=2284596", "https://bugzilla.redhat.com/show_bug.cgi?id=2284628", "https://bugzilla.redhat.com/show_bug.cgi?id=2284630", "https://bugzilla.redhat.com/show_bug.cgi?id=2284634", "https://bugzilla.redhat.com/show_bug.cgi?id=2293247", "https://bugzilla.redhat.com/show_bug.cgi?id=2293270", "https://bugzilla.redhat.com/show_bug.cgi?id=2293273", "https://bugzilla.redhat.com/show_bug.cgi?id=2293304", "https://bugzilla.redhat.com/show_bug.cgi?id=2293377", "https://bugzilla.redhat.com/show_bug.cgi?id=2293408", "https://bugzilla.redhat.com/show_bug.cgi?id=2293414", "https://bugzilla.redhat.com/show_bug.cgi?id=2293423", "https://bugzilla.redhat.com/show_bug.cgi?id=2293440", "https://bugzilla.redhat.com/show_bug.cgi?id=2293441", "https://bugzilla.redhat.com/show_bug.cgi?id=2293658", "https://bugzilla.redhat.com/show_bug.cgi?id=2294313", "https://bugzilla.redhat.com/show_bug.cgi?id=2297471", "https://bugzilla.redhat.com/show_bug.cgi?id=2297473", "https://bugzilla.redhat.com/show_bug.cgi?id=2297478", "https://bugzilla.redhat.com/show_bug.cgi?id=2297488", "https://bugzilla.redhat.com/show_bug.cgi?id=2297495", "https://bugzilla.redhat.com/show_bug.cgi?id=2297496", "https://bugzilla.redhat.com/show_bug.cgi?id=2297513", "https://bugzilla.redhat.com/show_bug.cgi?id=2297515", "https://bugzilla.redhat.com/show_bug.cgi?id=2297525", "https://bugzilla.redhat.com/show_bug.cgi?id=2297538", "https://bugzilla.redhat.com/show_bug.cgi?id=2297542", "https://bugzilla.redhat.com/show_bug.cgi?id=2297543", "https://bugzilla.redhat.com/show_bug.cgi?id=2297544", "https://bugzilla.redhat.com/show_bug.cgi?id=2297556", "https://bugzilla.redhat.com/show_bug.cgi?id=2297561", "https://bugzilla.redhat.com/show_bug.cgi?id=2297562", "https://bugzilla.redhat.com/show_bug.cgi?id=2297572", "https://bugzilla.redhat.com/show_bug.cgi?id=2297573", "https://bugzilla.redhat.com/show_bug.cgi?id=2297579", "https://bugzilla.redhat.com/show_bug.cgi?id=2297581", "https://bugzilla.redhat.com/show_bug.cgi?id=2297582", "https://bugzilla.redhat.com/show_bug.cgi?id=2297589", "https://bugzilla.redhat.com/show_bug.cgi?id=2297706", "https://bugzilla.redhat.com/show_bug.cgi?id=2297909", "https://bugzilla.redhat.com/show_bug.cgi?id=2298079", "https://bugzilla.redhat.com/show_bug.cgi?id=2298140", "https://bugzilla.redhat.com/show_bug.cgi?id=2298177", "https://bugzilla.redhat.com/show_bug.cgi?id=2298640", "https://bugzilla.redhat.com/show_bug.cgi?id=2299240", "https://bugzilla.redhat.com/show_bug.cgi?id=2299336", "https://bugzilla.redhat.com/show_bug.cgi?id=2299452", "https://bugzilla.redhat.com/show_bug.cgi?id=2300296", "https://bugzilla.redhat.com/show_bug.cgi?id=2300297", "https://bugzilla.redhat.com/show_bug.cgi?id=2300381", "https://bugzilla.redhat.com/show_bug.cgi?id=2300402", "https://bugzilla.redhat.com/show_bug.cgi?id=2300407", "https://bugzilla.redhat.com/show_bug.cgi?id=2300408", "https://bugzilla.redhat.com/show_bug.cgi?id=2300409", "https://bugzilla.redhat.com/show_bug.cgi?id=2300410", "https://bugzilla.redhat.com/show_bug.cgi?id=2300414", "https://bugzilla.redhat.com/show_bug.cgi?id=2300429", "https://bugzilla.redhat.com/show_bug.cgi?id=2300430", "https://bugzilla.redhat.com/show_bug.cgi?id=2300434", "https://bugzilla.redhat.com/show_bug.cgi?id=2300439", "https://bugzilla.redhat.com/show_bug.cgi?id=2300440", "https://bugzilla.redhat.com/show_bug.cgi?id=2300448", "https://bugzilla.redhat.com/show_bug.cgi?id=2300453", "https://bugzilla.redhat.com/show_bug.cgi?id=2300492", "https://bugzilla.redhat.com/show_bug.cgi?id=2300533", "https://bugzilla.redhat.com/show_bug.cgi?id=2300552", "https://bugzilla.redhat.com/show_bug.cgi?id=2300709", "https://bugzilla.redhat.com/show_bug.cgi?id=2300713", "https://bugzilla.redhat.com/show_bug.cgi?id=2301477", "https://bugzilla.redhat.com/show_bug.cgi?id=2301489", "https://bugzilla.redhat.com/show_bug.cgi?id=2301496", "https://bugzilla.redhat.com/show_bug.cgi?id=2301519", "https://bugzilla.redhat.com/show_bug.cgi?id=2301522", "https://bugzilla.redhat.com/show_bug.cgi?id=2301543", "https://bugzilla.redhat.com/show_bug.cgi?id=2301544", "https://bugzilla.redhat.com/show_bug.cgi?id=2303077", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46984", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47101", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47287", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47289", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47338", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47352", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47383", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47384", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47385", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47386", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47393", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47412", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47432", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47441", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47455", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47466", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47497", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47527", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47560", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47582", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47609", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48619", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48754", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48760", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48804", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48836", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48866", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49316", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52470", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52476", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52478", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52522", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52605", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52683", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52798", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52800", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52817", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52840", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6040", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23848", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26595", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26638", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26645", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26649", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26665", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26717", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26720", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26769", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26846", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26855", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26880", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26894", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26923", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26939", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27013", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27042", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35877", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35884", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35944", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36883", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36901", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36902", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36919", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36920", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36922", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36939", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36953", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37356", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38558", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38559", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38570", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38579", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38581", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38619", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39471", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39499", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39501", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39506", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40901", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40904", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40911", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40912", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40929", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40931", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40941", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40954", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40958", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40959", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40960", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40972", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40977", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40978", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40988", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40995", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40997", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40998", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41005", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41007", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41008", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41012", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41013", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41023", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41035", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41038", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41039", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41040", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41041", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41044", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41055", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41060", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41065", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41071", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41076", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41090", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41091", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42084", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42090", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42094", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42096", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42114", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42124", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42131", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42152", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42154", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42225", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42226", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42228", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42237", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42238", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42240", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42246", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42265", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43830", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43871", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45026", "https://errata.almalinux.org/8/ALSA-2024-7001.html", "https://errata.rockylinux.org/RLSA-2024:7000", "https://git.kernel.org/stable/c/75fa2d8b3c0175b519c99ace54ab8474cfd0077e", "https://git.kernel.org/stable/c/817840d125a370626895df269c50c923b79b0a39", "https://git.kernel.org/stable/c/d0a1efe417c97a1e9b914056ee6b86f1ef75fe1f", "https://git.kernel.org/stable/c/efeb7dfea8ee10cdec11b6b6ba4e405edbe75809", "https://linux.oracle.com/cve/CVE-2024-26595.html", "https://linux.oracle.com/errata/ELSA-2025-20095.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024022336-CVE-2024-26595-9a8d@gregkh/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2024-26595", "https://ubuntu.com/security/notices/USN-6818-1", "https://ubuntu.com/security/notices/USN-6818-2", "https://ubuntu.com/security/notices/USN-6818-3", "https://ubuntu.com/security/notices/USN-6818-4", "https://ubuntu.com/security/notices/USN-6819-1", "https://ubuntu.com/security/notices/USN-6819-2", "https://ubuntu.com/security/notices/USN-6819-3", "https://ubuntu.com/security/notices/USN-6819-4", "https://ubuntu.com/security/notices/USN-7233-1", "https://ubuntu.com/security/notices/USN-7233-2", "https://ubuntu.com/security/notices/USN-7233-3", "https://www.cve.org/CVERecord?id=CVE-2024-26595" ], "PublishedDate": "2024-02-23T15:15:09.443Z", "LastModifiedDate": "2025-11-03T21:16:07.867Z" }, { "VulnerabilityID": "CVE-2024-26605", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26605", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ee64910e4a9c9df0839a7a761075b6c321918bdee536207b5c14684b973370bf", "Title": "kernel: PCI/ASPM: Fix deadlock when enabling ASPM", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/ASPM: Fix deadlock when enabling ASPM\n\nA last minute revert in 6.7-final introduced a potential deadlock when\nenabling ASPM during probe of Qualcomm PCIe controllers as reported by\nlockdep:\n\n ============================================\n WARNING: possible recursive locking detected\n 6.7.0 #40 Not tainted\n --------------------------------------------\n kworker/u16:5/90 is trying to acquire lock:\n ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pcie_aspm_pm_state_change+0x58/0xdc\n\n but task is already holding lock:\n ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pci_walk_bus+0x34/0xbc\n\n other info that might help us debug this:\n Possible unsafe locking scenario:\n\n CPU0\n ----\n lock(pci_bus_sem);\n lock(pci_bus_sem);\n\n *** DEADLOCK ***\n\n Call trace:\n print_deadlock_bug+0x25c/0x348\n __lock_acquire+0x10a4/0x2064\n lock_acquire+0x1e8/0x318\n down_read+0x60/0x184\n pcie_aspm_pm_state_change+0x58/0xdc\n pci_set_full_power_state+0xa8/0x114\n pci_set_power_state+0xc4/0x120\n qcom_pcie_enable_aspm+0x1c/0x3c [pcie_qcom]\n pci_walk_bus+0x64/0xbc\n qcom_pcie_host_post_init_2_7_0+0x28/0x34 [pcie_qcom]\n\nThe deadlock can easily be reproduced on machines like the Lenovo ThinkPad\nX13s by adding a delay to increase the race window during asynchronous\nprobe where another thread can take a write lock.\n\nAdd a new pci_set_power_state_locked() and associated helper functions that\ncan be called with the PCI bus semaphore held to avoid taking the read lock\ntwice.", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-26605", "https://git.kernel.org/linus/1e560864159d002b453da42bd2c13a1805515a20 (6.8-rc3)", "https://git.kernel.org/stable/c/0f7908a016c092cfdaa16d785fa5099d867bc1a3", "https://git.kernel.org/stable/c/1e560864159d002b453da42bd2c13a1805515a20", "https://git.kernel.org/stable/c/b0f4478838be1f1d330061201898fef65bf8fd7c", "https://git.kernel.org/stable/c/ef90508574d7af48420bdc5f7b9a4f1cdd26bc70", "https://linux.oracle.com/cve/CVE-2024-26605.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/2024022419-CVE-2024-26605-7b06@gregkh/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2024-26605", "https://www.cve.org/CVERecord?id=CVE-2024-26605" ], "PublishedDate": "2024-02-26T16:28:00.207Z", "LastModifiedDate": "2024-11-21T09:02:38.697Z" }, { "VulnerabilityID": "CVE-2024-26647", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26647", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:626a9b463c2f2265360f53e9b8d7b2a8700d738729e68fb753b6403126777dbe", "Title": "kernel: drm/amd/display: Fix late dereference 'dsc' check in 'link_set_dsc_pps_packet()'", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix late derefrence 'dsc' check in 'link_set_dsc_pps_packet()'\n\nIn link_set_dsc_pps_packet(), 'struct display_stream_compressor *dsc'\nwas dereferenced in a DC_LOGGER_INIT(dsc-\u003ectx-\u003elogger); before the 'dsc'\nNULL pointer check.\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/link/link_dpms.c:905 link_set_dsc_pps_packet() warn: variable dereferenced before check 'dsc' (see line 903)", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-26647", "https://git.kernel.org/linus/3bb9b1f958c3d986ed90a3ff009f1e77e9553207 (6.8-rc1)", "https://git.kernel.org/stable/c/3bb9b1f958c3d986ed90a3ff009f1e77e9553207", "https://git.kernel.org/stable/c/6aa5ede6665122f4c8abce3c6eba06b49e54d25c", "https://git.kernel.org/stable/c/cf656fc7276e5b3709a81bc9d9639459be2b2647", "https://lore.kernel.org/linux-cve-announce/20240326175007.1388794-15-lee@kernel.org/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-26647", "https://ubuntu.com/security/notices/USN-6818-1", "https://ubuntu.com/security/notices/USN-6818-2", "https://ubuntu.com/security/notices/USN-6818-3", "https://ubuntu.com/security/notices/USN-6818-4", "https://ubuntu.com/security/notices/USN-6819-1", "https://ubuntu.com/security/notices/USN-6819-2", "https://ubuntu.com/security/notices/USN-6819-3", "https://ubuntu.com/security/notices/USN-6819-4", "https://www.cve.org/CVERecord?id=CVE-2024-26647" ], "PublishedDate": "2024-03-26T18:15:10.063Z", "LastModifiedDate": "2025-01-07T20:15:48.587Z" }, { "VulnerabilityID": "CVE-2024-26648", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26648", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:af37150f1659e5c4901e402637815e7934883e9f1a9d8e487958be055a8c8091", "Title": "kernel: NULL check in edp_setup_replay()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix variable deferencing before NULL check in edp_setup_replay()\n\nIn edp_setup_replay(), 'struct dc *dc' \u0026 'struct dmub_replay *replay'\nwas dereferenced before the pointer 'link' \u0026 'replay' NULL check.\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/link/protocols/link_edp_panel_control.c:947 edp_setup_replay() warn: variable dereferenced before check 'link' (see line 933)", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-26648", "https://git.kernel.org/linus/7073934f5d73f8b53308963cee36f0d389ea857c (6.8-rc1)", "https://git.kernel.org/stable/c/22ae604aea14756954e1c00ae653e34d2afd2935", "https://git.kernel.org/stable/c/7073934f5d73f8b53308963cee36f0d389ea857c", "https://git.kernel.org/stable/c/c02d257c654191ecda1dc1af6875d527e85310e7", "https://lore.kernel.org/linux-cve-announce/20240326175007.1388794-16-lee@kernel.org/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-26648", "https://www.cve.org/CVERecord?id=CVE-2024-26648" ], "PublishedDate": "2024-03-26T18:15:10.22Z", "LastModifiedDate": "2025-04-08T19:29:14.917Z" }, { "VulnerabilityID": "CVE-2024-26656", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26656", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6e3ceb97cbf5885fe5689eda352919eadab567f4ea5625428662f41c5a059dea", "Title": "kernel: drm/amdgpu: use-after-free vulnerability", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix use-after-free bug\n\nThe bug can be triggered by sending a single amdgpu_gem_userptr_ioctl\nto the AMDGPU DRM driver on any ASICs with an invalid address and size.\nThe bug was reported by Joonkyo Jung \u003cjoonkyoj@yonsei.ac.kr\u003e.\nFor example the following code:\n\nstatic void Syzkaller1(int fd)\n{\n\tstruct drm_amdgpu_gem_userptr arg;\n\tint ret;\n\n\targ.addr = 0xffffffffffff0000;\n\targ.size = 0x80000000; /*2 Gb*/\n\targ.flags = 0x7;\n\tret = drmIoctl(fd, 0xc1186451/*amdgpu_gem_userptr_ioctl*/, \u0026arg);\n}\n\nDue to the address and size are not valid there is a failure in\namdgpu_hmm_register-\u003emmu_interval_notifier_insert-\u003e__mmu_interval_notifier_insert-\u003e\ncheck_shl_overflow, but we even the amdgpu_hmm_register failure we still call\namdgpu_hmm_unregister into amdgpu_gem_object_free which causes access to a bad address.\nThe following stack is below when the issue is reproduced when Kazan is enabled:\n\n[ +0.000014] Hardware name: ASUS System Product Name/ROG STRIX B550-F GAMING (WI-FI), BIOS 1401 12/03/2020\n[ +0.000009] RIP: 0010:mmu_interval_notifier_remove+0x327/0x340\n[ +0.000017] Code: ff ff 49 89 44 24 08 48 b8 00 01 00 00 00 00 ad de 4c 89 f7 49 89 47 40 48 83 c0 22 49 89 47 48 e8 ce d1 2d 01 e9 32 ff ff ff \u003c0f\u003e 0b e9 16 ff ff ff 4c 89 ef e8 fa 14 b3 ff e9 36 ff ff ff e8 80\n[ +0.000014] RSP: 0018:ffffc90002657988 EFLAGS: 00010246\n[ +0.000013] RAX: 0000000000000000 RBX: 1ffff920004caf35 RCX: ffffffff8160565b\n[ +0.000011] RDX: dffffc0000000000 RSI: 0000000000000004 RDI: ffff8881a9f78260\n[ +0.000010] RBP: ffffc90002657a70 R08: 0000000000000001 R09: fffff520004caf25\n[ +0.000010] R10: 0000000000000003 R11: ffffffff8161d1d6 R12: ffff88810e988c00\n[ +0.000010] R13: ffff888126fb5a00 R14: ffff88810e988c0c R15: ffff8881a9f78260\n[ +0.000011] FS: 00007ff9ec848540(0000) GS:ffff8883cc880000(0000) knlGS:0000000000000000\n[ +0.000012] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ +0.000010] CR2: 000055b3f7e14328 CR3: 00000001b5770000 CR4: 0000000000350ef0\n[ +0.000010] Call Trace:\n[ +0.000006] \u003cTASK\u003e\n[ +0.000007] ? show_regs+0x6a/0x80\n[ +0.000018] ? __warn+0xa5/0x1b0\n[ +0.000019] ? mmu_interval_notifier_remove+0x327/0x340\n[ +0.000018] ? report_bug+0x24a/0x290\n[ +0.000022] ? handle_bug+0x46/0x90\n[ +0.000015] ? exc_invalid_op+0x19/0x50\n[ +0.000016] ? asm_exc_invalid_op+0x1b/0x20\n[ +0.000017] ? kasan_save_stack+0x26/0x50\n[ +0.000017] ? mmu_interval_notifier_remove+0x23b/0x340\n[ +0.000019] ? mmu_interval_notifier_remove+0x327/0x340\n[ +0.000019] ? mmu_interval_notifier_remove+0x23b/0x340\n[ +0.000020] ? __pfx_mmu_interval_notifier_remove+0x10/0x10\n[ +0.000017] ? kasan_save_alloc_info+0x1e/0x30\n[ +0.000018] ? srso_return_thunk+0x5/0x5f\n[ +0.000014] ? __kasan_kmalloc+0xb1/0xc0\n[ +0.000018] ? srso_return_thunk+0x5/0x5f\n[ +0.000013] ? __kasan_check_read+0x11/0x20\n[ +0.000020] amdgpu_hmm_unregister+0x34/0x50 [amdgpu]\n[ +0.004695] amdgpu_gem_object_free+0x66/0xa0 [amdgpu]\n[ +0.004534] ? __pfx_amdgpu_gem_object_free+0x10/0x10 [amdgpu]\n[ +0.004291] ? do_syscall_64+0x5f/0xe0\n[ +0.000023] ? srso_return_thunk+0x5/0x5f\n[ +0.000017] drm_gem_object_free+0x3b/0x50 [drm]\n[ +0.000489] amdgpu_gem_userptr_ioctl+0x306/0x500 [amdgpu]\n[ +0.004295] ? __pfx_amdgpu_gem_userptr_ioctl+0x10/0x10 [amdgpu]\n[ +0.004270] ? srso_return_thunk+0x5/0x5f\n[ +0.000014] ? __this_cpu_preempt_check+0x13/0x20\n[ +0.000015] ? srso_return_thunk+0x5/0x5f\n[ +0.000013] ? sysvec_apic_timer_interrupt+0x57/0xc0\n[ +0.000020] ? srso_return_thunk+0x5/0x5f\n[ +0.000014] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20\n[ +0.000022] ? drm_ioctl_kernel+0x17b/0x1f0 [drm]\n[ +0.000496] ? __pfx_amdgpu_gem_userptr_ioctl+0x10/0x10 [amdgpu]\n[ +0.004272] ? drm_ioctl_kernel+0x190/0x1f0 [drm]\n[ +0.000492] drm_ioctl_kernel+0x140/0x1f0 [drm]\n[ +0.000497] ? __pfx_amdgpu_gem_userptr_ioctl+0x10/0x10 [amdgpu]\n[ +0.004297] ? __pfx_drm_ioctl_kernel+0x10/0x10 [d\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "alma": 3, "azure": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:4352", "https://access.redhat.com/security/cve/CVE-2024-26656", "https://bugzilla.redhat.com/1918601", "https://bugzilla.redhat.com/2248122", "https://bugzilla.redhat.com/2258875", "https://bugzilla.redhat.com/2265517", "https://bugzilla.redhat.com/2265519", "https://bugzilla.redhat.com/2265520", "https://bugzilla.redhat.com/2265800", "https://bugzilla.redhat.com/2266408", "https://bugzilla.redhat.com/2266831", "https://bugzilla.redhat.com/2267513", "https://bugzilla.redhat.com/2267518", "https://bugzilla.redhat.com/2267730", "https://bugzilla.redhat.com/2270093", "https://bugzilla.redhat.com/2271680", "https://bugzilla.redhat.com/2272692", "https://bugzilla.redhat.com/2272829", "https://bugzilla.redhat.com/2273204", "https://bugzilla.redhat.com/2273278", "https://bugzilla.redhat.com/2273423", "https://bugzilla.redhat.com/2273429", "https://bugzilla.redhat.com/2275604", "https://bugzilla.redhat.com/2275633", "https://bugzilla.redhat.com/2275635", "https://bugzilla.redhat.com/2275733", "https://bugzilla.redhat.com/2278337", "https://bugzilla.redhat.com/2278354", "https://bugzilla.redhat.com/2280434", "https://bugzilla.redhat.com/2281057", "https://bugzilla.redhat.com/2281113", "https://bugzilla.redhat.com/2281157", "https://bugzilla.redhat.com/2281165", "https://bugzilla.redhat.com/2281251", "https://bugzilla.redhat.com/2281253", "https://bugzilla.redhat.com/2281255", "https://bugzilla.redhat.com/2281257", "https://bugzilla.redhat.com/2281272", "https://bugzilla.redhat.com/2281350", "https://bugzilla.redhat.com/2281689", "https://bugzilla.redhat.com/2281693", "https://bugzilla.redhat.com/2281920", "https://bugzilla.redhat.com/2281923", "https://bugzilla.redhat.com/2281925", "https://bugzilla.redhat.com/2281953", "https://bugzilla.redhat.com/2281986", "https://bugzilla.redhat.com/2282394", "https://bugzilla.redhat.com/2282400", "https://bugzilla.redhat.com/2282471", "https://bugzilla.redhat.com/2282472", "https://bugzilla.redhat.com/2282581", "https://bugzilla.redhat.com/2282609", "https://bugzilla.redhat.com/2282612", "https://bugzilla.redhat.com/2282653", "https://bugzilla.redhat.com/2282680", "https://bugzilla.redhat.com/2282698", "https://bugzilla.redhat.com/2282712", "https://bugzilla.redhat.com/2282735", "https://bugzilla.redhat.com/2282902", "https://bugzilla.redhat.com/2282920", "https://bugzilla.redhat.com/show_bug.cgi?id=1918601", "https://bugzilla.redhat.com/show_bug.cgi?id=2248122", "https://bugzilla.redhat.com/show_bug.cgi?id=2258875", "https://bugzilla.redhat.com/show_bug.cgi?id=2265517", "https://bugzilla.redhat.com/show_bug.cgi?id=2265519", "https://bugzilla.redhat.com/show_bug.cgi?id=2265520", "https://bugzilla.redhat.com/show_bug.cgi?id=2265800", "https://bugzilla.redhat.com/show_bug.cgi?id=2266408", "https://bugzilla.redhat.com/show_bug.cgi?id=2266831", "https://bugzilla.redhat.com/show_bug.cgi?id=2267513", "https://bugzilla.redhat.com/show_bug.cgi?id=2267518", "https://bugzilla.redhat.com/show_bug.cgi?id=2267730", "https://bugzilla.redhat.com/show_bug.cgi?id=2270093", "https://bugzilla.redhat.com/show_bug.cgi?id=2271680", "https://bugzilla.redhat.com/show_bug.cgi?id=2272692", "https://bugzilla.redhat.com/show_bug.cgi?id=2272829", "https://bugzilla.redhat.com/show_bug.cgi?id=2273204", "https://bugzilla.redhat.com/show_bug.cgi?id=2273278", "https://bugzilla.redhat.com/show_bug.cgi?id=2273423", "https://bugzilla.redhat.com/show_bug.cgi?id=2273429", "https://bugzilla.redhat.com/show_bug.cgi?id=2275604", "https://bugzilla.redhat.com/show_bug.cgi?id=2275633", "https://bugzilla.redhat.com/show_bug.cgi?id=2275635", "https://bugzilla.redhat.com/show_bug.cgi?id=2275733", "https://bugzilla.redhat.com/show_bug.cgi?id=2278337", "https://bugzilla.redhat.com/show_bug.cgi?id=2278354", "https://bugzilla.redhat.com/show_bug.cgi?id=2280434", "https://bugzilla.redhat.com/show_bug.cgi?id=2281057", "https://bugzilla.redhat.com/show_bug.cgi?id=2281113", "https://bugzilla.redhat.com/show_bug.cgi?id=2281157", "https://bugzilla.redhat.com/show_bug.cgi?id=2281165", "https://bugzilla.redhat.com/show_bug.cgi?id=2281251", "https://bugzilla.redhat.com/show_bug.cgi?id=2281253", "https://bugzilla.redhat.com/show_bug.cgi?id=2281255", "https://bugzilla.redhat.com/show_bug.cgi?id=2281257", "https://bugzilla.redhat.com/show_bug.cgi?id=2281272", "https://bugzilla.redhat.com/show_bug.cgi?id=2281311", "https://bugzilla.redhat.com/show_bug.cgi?id=2281334", "https://bugzilla.redhat.com/show_bug.cgi?id=2281346", "https://bugzilla.redhat.com/show_bug.cgi?id=2281350", "https://bugzilla.redhat.com/show_bug.cgi?id=2281689", "https://bugzilla.redhat.com/show_bug.cgi?id=2281693", "https://bugzilla.redhat.com/show_bug.cgi?id=2281920", "https://bugzilla.redhat.com/show_bug.cgi?id=2281923", "https://bugzilla.redhat.com/show_bug.cgi?id=2281925", "https://bugzilla.redhat.com/show_bug.cgi?id=2281953", "https://bugzilla.redhat.com/show_bug.cgi?id=2281986", "https://bugzilla.redhat.com/show_bug.cgi?id=2282394", "https://bugzilla.redhat.com/show_bug.cgi?id=2282400", "https://bugzilla.redhat.com/show_bug.cgi?id=2282471", "https://bugzilla.redhat.com/show_bug.cgi?id=2282472", "https://bugzilla.redhat.com/show_bug.cgi?id=2282581", "https://bugzilla.redhat.com/show_bug.cgi?id=2282609", "https://bugzilla.redhat.com/show_bug.cgi?id=2282612", "https://bugzilla.redhat.com/show_bug.cgi?id=2282653", "https://bugzilla.redhat.com/show_bug.cgi?id=2282680", "https://bugzilla.redhat.com/show_bug.cgi?id=2282698", "https://bugzilla.redhat.com/show_bug.cgi?id=2282712", "https://bugzilla.redhat.com/show_bug.cgi?id=2282735", "https://bugzilla.redhat.com/show_bug.cgi?id=2282902", "https://bugzilla.redhat.com/show_bug.cgi?id=2282920", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26555", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46909", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46972", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47069", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47073", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47236", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47310", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47311", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47353", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47356", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47456", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47495", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5090", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52464", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52560", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52615", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52626", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52667", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52669", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52686", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52700", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52703", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52781", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52813", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52835", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52877", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52878", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52881", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26583", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26584", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26585", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26656", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26735", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26759", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26801", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26804", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26859", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26906", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26907", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26974", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26982", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27397", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27410", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35789", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35835", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35838", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35845", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35852", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35854", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35855", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35888", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35890", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35958", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35959", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35960", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36004", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36007", "https://errata.almalinux.org/8/ALSA-2024-4352.html", "https://errata.rockylinux.org/RLSA-2024:4211", "https://git.kernel.org/linus/22207fd5c80177b860279653d017474b2812af5e (6.9-rc1)", "https://git.kernel.org/stable/c/22207fd5c80177b860279653d017474b2812af5e", "https://git.kernel.org/stable/c/22f665ecfd1225afa1309ace623157d12bb9bb0c", "https://git.kernel.org/stable/c/2e13f88e01ae7e28a7e831bf5c2409c4748e0a60", "https://git.kernel.org/stable/c/af054a5fb24a144f99895afce9519d709891894c", "https://git.kernel.org/stable/c/e87e08c94c9541b4e18c4c13f2f605935f512605", "https://linux.oracle.com/cve/CVE-2024-26656.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html", "https://lore.kernel.org/linux-cve-announce/2024040247-CVE-2024-26656-ffaa@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-26656", "https://ubuntu.com/security/notices/USN-6816-1", "https://ubuntu.com/security/notices/USN-6817-1", "https://ubuntu.com/security/notices/USN-6817-2", "https://ubuntu.com/security/notices/USN-6817-3", "https://ubuntu.com/security/notices/USN-6878-1", "https://www.cve.org/CVERecord?id=CVE-2024-26656" ], "PublishedDate": "2024-04-02T07:15:42.76Z", "LastModifiedDate": "2025-11-03T20:16:10.257Z" }, { "VulnerabilityID": "CVE-2024-26658", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26658", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7abd33842552fe63b2e3b8b1af9850a35af5868fb25706dd7f6bf6a0f53a62e8", "Title": "kernel: bcachefs: grab s_umount only if snapshotting", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbcachefs: grab s_umount only if snapshotting\n\nWhen I was testing mongodb over bcachefs with compression,\nthere is a lockdep warning when snapshotting mongodb data volume.\n\n$ cat test.sh\nprog=bcachefs\n\n$prog subvolume create /mnt/data\n$prog subvolume create /mnt/data/snapshots\n\nwhile true;do\n $prog subvolume snapshot /mnt/data /mnt/data/snapshots/$(date +%s)\n sleep 1s\ndone\n\n$ cat /etc/mongodb.conf\nsystemLog:\n destination: file\n logAppend: true\n path: /mnt/data/mongod.log\n\nstorage:\n dbPath: /mnt/data/\n\nlockdep reports:\n[ 3437.452330] ======================================================\n[ 3437.452750] WARNING: possible circular locking dependency detected\n[ 3437.453168] 6.7.0-rc7-custom+ #85 Tainted: G E\n[ 3437.453562] ------------------------------------------------------\n[ 3437.453981] bcachefs/35533 is trying to acquire lock:\n[ 3437.454325] ffffa0a02b2b1418 (sb_writers#10){.+.+}-{0:0}, at: filename_create+0x62/0x190\n[ 3437.454875]\n but task is already holding lock:\n[ 3437.455268] ffffa0a02b2b10e0 (\u0026type-\u003es_umount_key#48){.+.+}-{3:3}, at: bch2_fs_file_ioctl+0x232/0xc90 [bcachefs]\n[ 3437.456009]\n which lock already depends on the new lock.\n\n[ 3437.456553]\n the existing dependency chain (in reverse order) is:\n[ 3437.457054]\n -\u003e #3 (\u0026type-\u003es_umount_key#48){.+.+}-{3:3}:\n[ 3437.457507] down_read+0x3e/0x170\n[ 3437.457772] bch2_fs_file_ioctl+0x232/0xc90 [bcachefs]\n[ 3437.458206] __x64_sys_ioctl+0x93/0xd0\n[ 3437.458498] do_syscall_64+0x42/0xf0\n[ 3437.458779] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n[ 3437.459155]\n -\u003e #2 (\u0026c-\u003esnapshot_create_lock){++++}-{3:3}:\n[ 3437.459615] down_read+0x3e/0x170\n[ 3437.459878] bch2_truncate+0x82/0x110 [bcachefs]\n[ 3437.460276] bchfs_truncate+0x254/0x3c0 [bcachefs]\n[ 3437.460686] notify_change+0x1f1/0x4a0\n[ 3437.461283] do_truncate+0x7f/0xd0\n[ 3437.461555] path_openat+0xa57/0xce0\n[ 3437.461836] do_filp_open+0xb4/0x160\n[ 3437.462116] do_sys_openat2+0x91/0xc0\n[ 3437.462402] __x64_sys_openat+0x53/0xa0\n[ 3437.462701] do_syscall_64+0x42/0xf0\n[ 3437.462982] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n[ 3437.463359]\n -\u003e #1 (\u0026sb-\u003es_type-\u003ei_mutex_key#15){+.+.}-{3:3}:\n[ 3437.463843] down_write+0x3b/0xc0\n[ 3437.464223] bch2_write_iter+0x5b/0xcc0 [bcachefs]\n[ 3437.464493] vfs_write+0x21b/0x4c0\n[ 3437.464653] ksys_write+0x69/0xf0\n[ 3437.464839] do_syscall_64+0x42/0xf0\n[ 3437.465009] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n[ 3437.465231]\n -\u003e #0 (sb_writers#10){.+.+}-{0:0}:\n[ 3437.465471] __lock_acquire+0x1455/0x21b0\n[ 3437.465656] lock_acquire+0xc6/0x2b0\n[ 3437.465822] mnt_want_write+0x46/0x1a0\n[ 3437.465996] filename_create+0x62/0x190\n[ 3437.466175] user_path_create+0x2d/0x50\n[ 3437.466352] bch2_fs_file_ioctl+0x2ec/0xc90 [bcachefs]\n[ 3437.466617] __x64_sys_ioctl+0x93/0xd0\n[ 3437.466791] do_syscall_64+0x42/0xf0\n[ 3437.466957] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n[ 3437.467180]\n other info that might help us debug this:\n\n[ 3437.469670] 2 locks held by bcachefs/35533:\n other info that might help us debug this:\n\n[ 3437.467507] Chain exists of:\n sb_writers#10 --\u003e \u0026c-\u003esnapshot_create_lock --\u003e \u0026type-\u003es_umount_key#48\n\n[ 3437.467979] Possible unsafe locking scenario:\n\n[ 3437.468223] CPU0 CPU1\n[ 3437.468405] ---- ----\n[ 3437.468585] rlock(\u0026type-\u003es_umount_key#48);\n[ 3437.468758] lock(\u0026c-\u003esnapshot_create_lock);\n[ 3437.469030] lock(\u0026type-\u003es_umount_key#48);\n[ 3437.469291] rlock(sb_writers#10);\n[ 3437.469434]\n *** DEADLOCK ***\n\n[ 3437.469\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-26658", "https://git.kernel.org/linus/2acc59dd88d27ad69b66ded80df16c042b04eeec (6.8-rc1)", "https://git.kernel.org/stable/c/2acc59dd88d27ad69b66ded80df16c042b04eeec", "https://git.kernel.org/stable/c/5b41d3fd04c6757b9c2a60a0c5b2609cae9999df", "https://lore.kernel.org/linux-cve-announce/2024040222-CVE-2024-26658-1451@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-26658", "https://www.cve.org/CVERecord?id=CVE-2024-26658" ], "PublishedDate": "2024-04-02T07:15:42.903Z", "LastModifiedDate": "2025-02-03T16:15:21.71Z" }, { "VulnerabilityID": "CVE-2024-26662", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26662", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:748f599015c876f9f44792bc4561d5c232b47918d7d6aebbf7aaa744cf9a3b46", "Title": "kernel: drm/amd/display: 'panel_cntl' could be null in 'dcn21_set_backlight_level()'", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix 'panel_cntl' could be null in 'dcn21_set_backlight_level()'\n\n'panel_cntl' structure used to control the display panel could be null,\ndereferencing it could lead to a null pointer access.\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn21/dcn21_hwseq.c:269 dcn21_set_backlight_level() error: we previously assumed 'panel_cntl' could be null (see line 250)", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "oracle-oval": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-26662", "https://git.kernel.org/linus/e96fddb32931d007db12b1fce9b5e8e4c080401b (6.8-rc4)", "https://git.kernel.org/stable/c/0c863cab0e9173f8b6c7bc328bee3b8625f131b5", "https://git.kernel.org/stable/c/2e150ccea13129eb048679114808eb9770443e4d", "https://git.kernel.org/stable/c/e96fddb32931d007db12b1fce9b5e8e4c080401b", "https://linux.oracle.com/cve/CVE-2024-26662.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/2024040223-CVE-2024-26662-863c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-26662", "https://ubuntu.com/security/notices/USN-6895-1", "https://ubuntu.com/security/notices/USN-6895-2", "https://ubuntu.com/security/notices/USN-6895-3", "https://ubuntu.com/security/notices/USN-6895-4", "https://ubuntu.com/security/notices/USN-6900-1", "https://www.cve.org/CVERecord?id=CVE-2024-26662" ], "PublishedDate": "2024-04-02T07:15:43.213Z", "LastModifiedDate": "2025-04-08T19:25:02.407Z" }, { "VulnerabilityID": "CVE-2024-26672", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26672", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:cefe700fbee79e8c70f2ff38f1b785adddd0daefe257144344e12766b832ff16", "Title": "kernel: drm/amdgpu: variable 'mca_funcs' dereferenced before NULL check in 'amdgpu_mca_smu_get_mca_entry()'", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix variable 'mca_funcs' dereferenced before NULL check in 'amdgpu_mca_smu_get_mca_entry()'\n\nFixes the below:\n\ndrivers/gpu/drm/amd/amdgpu/amdgpu_mca.c:377 amdgpu_mca_smu_get_mca_entry() warn: variable dereferenced before check 'mca_funcs' (see line 368)\n\n357 int amdgpu_mca_smu_get_mca_entry(struct amdgpu_device *adev,\n\t\t\t\t enum amdgpu_mca_error_type type,\n358 int idx, struct mca_bank_entry *entry)\n359 {\n360 const struct amdgpu_mca_smu_funcs *mca_funcs =\n\t\t\t\t\t\tadev-\u003emca.mca_funcs;\n361 int count;\n362\n363 switch (type) {\n364 case AMDGPU_MCA_ERROR_TYPE_UE:\n365 count = mca_funcs-\u003emax_ue_count;\n\nmca_funcs is dereferenced here.\n\n366 break;\n367 case AMDGPU_MCA_ERROR_TYPE_CE:\n368 count = mca_funcs-\u003emax_ce_count;\n\nmca_funcs is dereferenced here.\n\n369 break;\n370 default:\n371 return -EINVAL;\n372 }\n373\n374 if (idx \u003e= count)\n375 return -EINVAL;\n376\n377 if (mca_funcs \u0026\u0026 mca_funcs-\u003emca_get_mca_entry)\n\t ^^^^^^^^^\n\nChecked too late!", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "oracle-oval": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-26672", "https://git.kernel.org/linus/4f32504a2f85a7b40fe149436881381f48e9c0c0 (6.8-rc1)", "https://git.kernel.org/stable/c/4f32504a2f85a7b40fe149436881381f48e9c0c0", "https://git.kernel.org/stable/c/7b5d58c07024516c0e81b95e98f37710cf402c53", "https://linux.oracle.com/cve/CVE-2024-26672.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/2024040219-CVE-2024-26672-e96e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-26672", "https://www.cve.org/CVERecord?id=CVE-2024-26672" ], "PublishedDate": "2024-04-02T07:15:43.9Z", "LastModifiedDate": "2025-04-08T19:24:08.673Z" }, { "VulnerabilityID": "CVE-2024-26691", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26691", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c1499c24ba46c8e3930c3cf0b4c22916e5f2e58b692482d84b3d50d1742416a5", "Title": "kernel: KVM: arm64: Fix circular locking dependency", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Fix circular locking dependency\n\nThe rule inside kvm enforces that the vcpu-\u003emutex is taken *inside*\nkvm-\u003elock. The rule is violated by the pkvm_create_hyp_vm() which acquires\nthe kvm-\u003elock while already holding the vcpu-\u003emutex lock from\nkvm_vcpu_ioctl(). Avoid the circular locking dependency altogether by\nprotecting the hyp vm handle with the config_lock, much like we already\ndo for other forms of VM-scoped data.", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-26691", "https://git.kernel.org/linus/10c02aad111df02088d1a81792a709f6a7eca6cc (6.8-rc5)", "https://git.kernel.org/stable/c/10c02aad111df02088d1a81792a709f6a7eca6cc", "https://git.kernel.org/stable/c/3ab1c40a1e915e350d9181a4603af393141970cc", "https://git.kernel.org/stable/c/3d16cebf01127f459dcfeb79ed77bd68b124c228", "https://linux.oracle.com/cve/CVE-2024-26691.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/2024040336-CVE-2024-26691-fff7@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-26691", "https://ubuntu.com/security/notices/USN-6895-1", "https://ubuntu.com/security/notices/USN-6895-2", "https://ubuntu.com/security/notices/USN-6895-3", "https://ubuntu.com/security/notices/USN-6895-4", "https://ubuntu.com/security/notices/USN-6900-1", "https://www.cve.org/CVERecord?id=CVE-2024-26691" ], "PublishedDate": "2024-04-03T15:15:52.55Z", "LastModifiedDate": "2025-02-27T14:42:41.257Z" }, { "VulnerabilityID": "CVE-2024-26699", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26699", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:46485f9ce88f8f9417be542ec12cdf73d78ddcbb0639d731055ee1add9f2fe48", "Title": "kernel: drm/amd/display: Fix array-index-out-of-bounds in dcn35_clkmgr", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix array-index-out-of-bounds in dcn35_clkmgr\n\n[Why]\nThere is a potential memory access violation while\niterating through array of dcn35 clks.\n\n[How]\nLimit iteration per array size.", "Severity": "MEDIUM", "CweIDs": [ "CWE-129" ], "VendorSeverity": { "nvd": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-26699", "https://git.kernel.org/linus/46806e59a87790760870d216f54951a5b4d545bc (6.8-rc5)", "https://git.kernel.org/stable/c/46806e59a87790760870d216f54951a5b4d545bc", "https://git.kernel.org/stable/c/ca400d8e0c1c9d79c08dfb6b7f966e26c8cae7fb", "https://lore.kernel.org/linux-cve-announce/2024040339-CVE-2024-26699-c700@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-26699", "https://www.cve.org/CVERecord?id=CVE-2024-26699" ], "PublishedDate": "2024-04-03T15:15:52.98Z", "LastModifiedDate": "2025-02-27T14:42:04.47Z" }, { "VulnerabilityID": "CVE-2024-26714", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26714", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:19209e41cd615fba929a98413260049efd1d22ca44c9935a7c4886f3b1fe88cb", "Title": "kernel: interconnect: qcom: sc8180x: Mark CO0 BCM keepalive", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ninterconnect: qcom: sc8180x: Mark CO0 BCM keepalive\n\nThe CO0 BCM needs to be up at all times, otherwise some hardware (like\nthe UFS controller) loses its connection to the rest of the SoC,\nresulting in a hang of the platform, accompanied by a spectacular\nlogspam.\n\nMark it as keepalive to prevent such cases.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-26714", "https://git.kernel.org/linus/85e985a4f46e462a37f1875cb74ed380e7c0c2e0 (6.8-rc5)", "https://git.kernel.org/stable/c/6616d3c4f8284a7b3ef978c916566bd240cea1c7", "https://git.kernel.org/stable/c/7a3a70dd08e4b7dffc2f86f2c68fc3812804b9d0", "https://git.kernel.org/stable/c/85e985a4f46e462a37f1875cb74ed380e7c0c2e0", "https://git.kernel.org/stable/c/d8e36ff40cf9dadb135f3a97341c02c9a7afcc43", "https://lore.kernel.org/linux-cve-announce/2024040343-CVE-2024-26714-d9a8@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-26714", "https://ubuntu.com/security/notices/USN-6895-1", "https://ubuntu.com/security/notices/USN-6895-2", "https://ubuntu.com/security/notices/USN-6895-3", "https://ubuntu.com/security/notices/USN-6895-4", "https://ubuntu.com/security/notices/USN-6900-1", "https://www.cve.org/CVERecord?id=CVE-2024-26714" ], "PublishedDate": "2024-04-03T15:15:53.7Z", "LastModifiedDate": "2025-03-17T15:36:01.447Z" }, { "VulnerabilityID": "CVE-2024-26719", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26719", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d5d778cfb71afcd2a55a02736ce016e3ea693e45c2acd4dff06300546e39c265", "Title": "kernel: nouveau: offload fence uevents work to workqueue", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnouveau: offload fence uevents work to workqueue\n\nThis should break the deadlock between the fctx lock and the irq lock.\n\nThis offloads the processing off the work from the irq into a workqueue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-26719", "https://git.kernel.org/linus/39126abc5e20611579602f03b66627d7cd1422f0 (6.8-rc3)", "https://git.kernel.org/stable/c/39126abc5e20611579602f03b66627d7cd1422f0", "https://git.kernel.org/stable/c/985d053f7633d8b539ab1531738d538efac678a9", "https://git.kernel.org/stable/c/cc0037fa592d56e4abb9c7d1c52c4d2dc25cd906", "https://linux.oracle.com/cve/CVE-2024-26719.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/2024040344-CVE-2024-26719-b66e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-26719", "https://ubuntu.com/security/notices/USN-6895-1", "https://ubuntu.com/security/notices/USN-6895-2", "https://ubuntu.com/security/notices/USN-6895-3", "https://ubuntu.com/security/notices/USN-6895-4", "https://ubuntu.com/security/notices/USN-6900-1", "https://www.cve.org/CVERecord?id=CVE-2024-26719" ], "PublishedDate": "2024-04-03T15:15:53.947Z", "LastModifiedDate": "2025-02-03T16:17:03.783Z" }, { "VulnerabilityID": "CVE-2024-26740", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26740", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:de936db898a976f2ec601583c36ce0dda03d12cbdede2f1f5859a688d33fec74", "Title": "kernel: net/sched: act_mirred: use the backlog for mirred ingress", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_mirred: use the backlog for mirred ingress\n\nThe test Davide added in commit ca22da2fbd69 (\"act_mirred: use the backlog\nfor nested calls to mirred ingress\") hangs our testing VMs every 10 or so\nruns, with the familiar tcp_v4_rcv -\u003e tcp_v4_rcv deadlock reported by\nlockdep.\n\nThe problem as previously described by Davide (see Link) is that\nif we reverse flow of traffic with the redirect (egress -\u003e ingress)\nwe may reach the same socket which generated the packet. And we may\nstill be holding its socket lock. The common solution to such deadlocks\nis to put the packet in the Rx backlog, rather than run the Rx path\ninline. Do that for all egress -\u003e ingress reversals, not just once\nwe started to nest mirred calls.\n\nIn the past there was a concern that the backlog indirection will\nlead to loss of error reporting / less accurate stats. But the current\nworkaround does not seem to address the issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "alma": 3, "nvd": 2, "oracle-oval": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:5102", "https://access.redhat.com/security/cve/CVE-2024-26740", "https://bugzilla.redhat.com/2263879", "https://bugzilla.redhat.com/2265645", "https://bugzilla.redhat.com/2265797", "https://bugzilla.redhat.com/2266341", "https://bugzilla.redhat.com/2266347", "https://bugzilla.redhat.com/2266497", "https://bugzilla.redhat.com/2267787", "https://bugzilla.redhat.com/2268118", "https://bugzilla.redhat.com/2269070", "https://bugzilla.redhat.com/2269211", "https://bugzilla.redhat.com/2270084", "https://bugzilla.redhat.com/2270100", "https://bugzilla.redhat.com/2271686", "https://bugzilla.redhat.com/2271688", "https://bugzilla.redhat.com/2272782", "https://bugzilla.redhat.com/2272795", "https://bugzilla.redhat.com/2273109", "https://bugzilla.redhat.com/2273174", "https://bugzilla.redhat.com/2273236", "https://bugzilla.redhat.com/2273242", "https://bugzilla.redhat.com/2273247", "https://bugzilla.redhat.com/2273268", "https://bugzilla.redhat.com/2273427", "https://bugzilla.redhat.com/2273654", "https://bugzilla.redhat.com/2275565", "https://bugzilla.redhat.com/2275573", "https://bugzilla.redhat.com/2275580", "https://bugzilla.redhat.com/2275694", "https://bugzilla.redhat.com/2275711", "https://bugzilla.redhat.com/2275748", "https://bugzilla.redhat.com/2275761", "https://bugzilla.redhat.com/2275928", "https://bugzilla.redhat.com/2277166", "https://bugzilla.redhat.com/2277238", "https://bugzilla.redhat.com/2277840", "https://bugzilla.redhat.com/2278176", "https://bugzilla.redhat.com/2278178", "https://bugzilla.redhat.com/2278182", "https://bugzilla.redhat.com/2278218", "https://bugzilla.redhat.com/2278256", "https://bugzilla.redhat.com/2278258", "https://bugzilla.redhat.com/2278277", "https://bugzilla.redhat.com/2278279", "https://bugzilla.redhat.com/2278380", "https://bugzilla.redhat.com/2278484", "https://bugzilla.redhat.com/2278515", "https://bugzilla.redhat.com/2278535", "https://bugzilla.redhat.com/2278539", "https://bugzilla.redhat.com/2278989", "https://bugzilla.redhat.com/2280440", "https://bugzilla.redhat.com/2281054", "https://bugzilla.redhat.com/2281133", "https://bugzilla.redhat.com/2281149", "https://bugzilla.redhat.com/2281207", "https://bugzilla.redhat.com/2281215", "https://bugzilla.redhat.com/2281221", "https://bugzilla.redhat.com/2281235", "https://bugzilla.redhat.com/2281268", "https://bugzilla.redhat.com/2281326", "https://bugzilla.redhat.com/2281360", "https://bugzilla.redhat.com/2281510", "https://bugzilla.redhat.com/2281519", "https://bugzilla.redhat.com/2281636", "https://bugzilla.redhat.com/2281641", "https://bugzilla.redhat.com/2281664", "https://bugzilla.redhat.com/2281667", "https://bugzilla.redhat.com/2281672", "https://bugzilla.redhat.com/2281675", "https://bugzilla.redhat.com/2281682", "https://bugzilla.redhat.com/2281725", "https://bugzilla.redhat.com/2281752", "https://bugzilla.redhat.com/2281758", "https://bugzilla.redhat.com/2281819", "https://bugzilla.redhat.com/2281821", "https://bugzilla.redhat.com/2281833", "https://bugzilla.redhat.com/2281938", "https://bugzilla.redhat.com/2281949", "https://bugzilla.redhat.com/2281968", "https://bugzilla.redhat.com/2281989", "https://bugzilla.redhat.com/2282328", "https://bugzilla.redhat.com/2282373", "https://bugzilla.redhat.com/2282479", "https://bugzilla.redhat.com/2282553", "https://bugzilla.redhat.com/2282615", "https://bugzilla.redhat.com/2282623", "https://bugzilla.redhat.com/2282640", "https://bugzilla.redhat.com/2282642", "https://bugzilla.redhat.com/2282645", "https://bugzilla.redhat.com/2282717", "https://bugzilla.redhat.com/2282719", "https://bugzilla.redhat.com/2282727", "https://bugzilla.redhat.com/2282742", "https://bugzilla.redhat.com/2282743", "https://bugzilla.redhat.com/2282744", "https://bugzilla.redhat.com/2282759", "https://bugzilla.redhat.com/2282763", "https://bugzilla.redhat.com/2282766", "https://bugzilla.redhat.com/2282772", "https://bugzilla.redhat.com/2282780", "https://bugzilla.redhat.com/2282887", "https://bugzilla.redhat.com/2282896", "https://bugzilla.redhat.com/2282923", "https://bugzilla.redhat.com/2282925", "https://bugzilla.redhat.com/2282950", "https://bugzilla.redhat.com/2283401", "https://bugzilla.redhat.com/2283894", "https://bugzilla.redhat.com/2284400", "https://bugzilla.redhat.com/2284417", "https://bugzilla.redhat.com/2284421", "https://bugzilla.redhat.com/2284474", "https://bugzilla.redhat.com/2284477", "https://bugzilla.redhat.com/2284488", "https://bugzilla.redhat.com/2284496", "https://bugzilla.redhat.com/2284500", "https://bugzilla.redhat.com/2284513", "https://bugzilla.redhat.com/2284519", "https://bugzilla.redhat.com/2284539", "https://bugzilla.redhat.com/2284541", "https://bugzilla.redhat.com/2284556", "https://bugzilla.redhat.com/2284571", "https://bugzilla.redhat.com/2284590", "https://bugzilla.redhat.com/2284625", "https://bugzilla.redhat.com/2290408", "https://bugzilla.redhat.com/2292331", "https://bugzilla.redhat.com/2293078", "https://bugzilla.redhat.com/2293250", "https://bugzilla.redhat.com/2293276", "https://bugzilla.redhat.com/2293312", "https://bugzilla.redhat.com/2293316", "https://bugzilla.redhat.com/2293348", "https://bugzilla.redhat.com/2293371", "https://bugzilla.redhat.com/2293383", "https://bugzilla.redhat.com/2293418", "https://bugzilla.redhat.com/2293420", "https://bugzilla.redhat.com/2293444", "https://bugzilla.redhat.com/2293461", "https://bugzilla.redhat.com/2293653", "https://bugzilla.redhat.com/2293657", "https://bugzilla.redhat.com/2293684", "https://bugzilla.redhat.com/2293687", "https://bugzilla.redhat.com/2293700", "https://bugzilla.redhat.com/2293711", "https://bugzilla.redhat.com/2294274", "https://bugzilla.redhat.com/2295914", "https://bugzilla.redhat.com/2296067", "https://bugzilla.redhat.com/2297056", "https://bugzilla.redhat.com/2297474", "https://bugzilla.redhat.com/2297511", "https://bugzilla.redhat.com/2298108", "https://bugzilla.redhat.com/show_bug.cgi?id=2263879", "https://bugzilla.redhat.com/show_bug.cgi?id=2265645", "https://bugzilla.redhat.com/show_bug.cgi?id=2265650", "https://bugzilla.redhat.com/show_bug.cgi?id=2265797", "https://bugzilla.redhat.com/show_bug.cgi?id=2266341", "https://bugzilla.redhat.com/show_bug.cgi?id=2266347", "https://bugzilla.redhat.com/show_bug.cgi?id=2266497", "https://bugzilla.redhat.com/show_bug.cgi?id=2266594", "https://bugzilla.redhat.com/show_bug.cgi?id=2267787", "https://bugzilla.redhat.com/show_bug.cgi?id=2268118", "https://bugzilla.redhat.com/show_bug.cgi?id=2269070", "https://bugzilla.redhat.com/show_bug.cgi?id=2269211", "https://bugzilla.redhat.com/show_bug.cgi?id=2270084", "https://bugzilla.redhat.com/show_bug.cgi?id=2270100", "https://bugzilla.redhat.com/show_bug.cgi?id=2270700", "https://bugzilla.redhat.com/show_bug.cgi?id=2271686", "https://bugzilla.redhat.com/show_bug.cgi?id=2271688", "https://bugzilla.redhat.com/show_bug.cgi?id=2272782", "https://bugzilla.redhat.com/show_bug.cgi?id=2272795", "https://bugzilla.redhat.com/show_bug.cgi?id=2273109", "https://bugzilla.redhat.com/show_bug.cgi?id=2273117", "https://bugzilla.redhat.com/show_bug.cgi?id=2273174", "https://bugzilla.redhat.com/show_bug.cgi?id=2273236", "https://bugzilla.redhat.com/show_bug.cgi?id=2273242", "https://bugzilla.redhat.com/show_bug.cgi?id=2273247", "https://bugzilla.redhat.com/show_bug.cgi?id=2273268", "https://bugzilla.redhat.com/show_bug.cgi?id=2273427", "https://bugzilla.redhat.com/show_bug.cgi?id=2273654", "https://bugzilla.redhat.com/show_bug.cgi?id=2275565", "https://bugzilla.redhat.com/show_bug.cgi?id=2275573", "https://bugzilla.redhat.com/show_bug.cgi?id=2275580", "https://bugzilla.redhat.com/show_bug.cgi?id=2275694", "https://bugzilla.redhat.com/show_bug.cgi?id=2275711", "https://bugzilla.redhat.com/show_bug.cgi?id=2275744", "https://bugzilla.redhat.com/show_bug.cgi?id=2275748", "https://bugzilla.redhat.com/show_bug.cgi?id=2275761", "https://bugzilla.redhat.com/show_bug.cgi?id=2275928", "https://bugzilla.redhat.com/show_bug.cgi?id=2277166", "https://bugzilla.redhat.com/show_bug.cgi?id=2277238", "https://bugzilla.redhat.com/show_bug.cgi?id=2277840", "https://bugzilla.redhat.com/show_bug.cgi?id=2278176", "https://bugzilla.redhat.com/show_bug.cgi?id=2278178", "https://bugzilla.redhat.com/show_bug.cgi?id=2278182", "https://bugzilla.redhat.com/show_bug.cgi?id=2278218", "https://bugzilla.redhat.com/show_bug.cgi?id=2278256", "https://bugzilla.redhat.com/show_bug.cgi?id=2278258", "https://bugzilla.redhat.com/show_bug.cgi?id=2278277", "https://bugzilla.redhat.com/show_bug.cgi?id=2278279", "https://bugzilla.redhat.com/show_bug.cgi?id=2278380", "https://bugzilla.redhat.com/show_bug.cgi?id=2278484", "https://bugzilla.redhat.com/show_bug.cgi?id=2278515", "https://bugzilla.redhat.com/show_bug.cgi?id=2278535", "https://bugzilla.redhat.com/show_bug.cgi?id=2278539", "https://bugzilla.redhat.com/show_bug.cgi?id=2278989", "https://bugzilla.redhat.com/show_bug.cgi?id=2280440", "https://bugzilla.redhat.com/show_bug.cgi?id=2281054", "https://bugzilla.redhat.com/show_bug.cgi?id=2281133", "https://bugzilla.redhat.com/show_bug.cgi?id=2281149", "https://bugzilla.redhat.com/show_bug.cgi?id=2281189", "https://bugzilla.redhat.com/show_bug.cgi?id=2281190", "https://bugzilla.redhat.com/show_bug.cgi?id=2281207", "https://bugzilla.redhat.com/show_bug.cgi?id=2281215", "https://bugzilla.redhat.com/show_bug.cgi?id=2281221", "https://bugzilla.redhat.com/show_bug.cgi?id=2281235", "https://bugzilla.redhat.com/show_bug.cgi?id=2281268", "https://bugzilla.redhat.com/show_bug.cgi?id=2281326", "https://bugzilla.redhat.com/show_bug.cgi?id=2281360", "https://bugzilla.redhat.com/show_bug.cgi?id=2281510", "https://bugzilla.redhat.com/show_bug.cgi?id=2281519", "https://bugzilla.redhat.com/show_bug.cgi?id=2281636", "https://bugzilla.redhat.com/show_bug.cgi?id=2281641", "https://bugzilla.redhat.com/show_bug.cgi?id=2281664", "https://bugzilla.redhat.com/show_bug.cgi?id=2281667", "https://bugzilla.redhat.com/show_bug.cgi?id=2281672", "https://bugzilla.redhat.com/show_bug.cgi?id=2281675", "https://bugzilla.redhat.com/show_bug.cgi?id=2281682", "https://bugzilla.redhat.com/show_bug.cgi?id=2281725", "https://bugzilla.redhat.com/show_bug.cgi?id=2281752", "https://bugzilla.redhat.com/show_bug.cgi?id=2281758", "https://bugzilla.redhat.com/show_bug.cgi?id=2281819", "https://bugzilla.redhat.com/show_bug.cgi?id=2281821", "https://bugzilla.redhat.com/show_bug.cgi?id=2281833", "https://bugzilla.redhat.com/show_bug.cgi?id=2281938", "https://bugzilla.redhat.com/show_bug.cgi?id=2281949", "https://bugzilla.redhat.com/show_bug.cgi?id=2281968", "https://bugzilla.redhat.com/show_bug.cgi?id=2281989", "https://bugzilla.redhat.com/show_bug.cgi?id=2282328", "https://bugzilla.redhat.com/show_bug.cgi?id=2282373", "https://bugzilla.redhat.com/show_bug.cgi?id=2282479", "https://bugzilla.redhat.com/show_bug.cgi?id=2282553", "https://bugzilla.redhat.com/show_bug.cgi?id=2282615", "https://bugzilla.redhat.com/show_bug.cgi?id=2282623", "https://bugzilla.redhat.com/show_bug.cgi?id=2282640", "https://bugzilla.redhat.com/show_bug.cgi?id=2282642", "https://bugzilla.redhat.com/show_bug.cgi?id=2282645", "https://bugzilla.redhat.com/show_bug.cgi?id=2282690", "https://bugzilla.redhat.com/show_bug.cgi?id=2282717", "https://bugzilla.redhat.com/show_bug.cgi?id=2282719", "https://bugzilla.redhat.com/show_bug.cgi?id=2282727", "https://bugzilla.redhat.com/show_bug.cgi?id=2282742", "https://bugzilla.redhat.com/show_bug.cgi?id=2282743", "https://bugzilla.redhat.com/show_bug.cgi?id=2282744", "https://bugzilla.redhat.com/show_bug.cgi?id=2282759", "https://bugzilla.redhat.com/show_bug.cgi?id=2282763", "https://bugzilla.redhat.com/show_bug.cgi?id=2282766", "https://bugzilla.redhat.com/show_bug.cgi?id=2282772", "https://bugzilla.redhat.com/show_bug.cgi?id=2282780", "https://bugzilla.redhat.com/show_bug.cgi?id=2282887", "https://bugzilla.redhat.com/show_bug.cgi?id=2282896", "https://bugzilla.redhat.com/show_bug.cgi?id=2282923", "https://bugzilla.redhat.com/show_bug.cgi?id=2282925", "https://bugzilla.redhat.com/show_bug.cgi?id=2282950", "https://bugzilla.redhat.com/show_bug.cgi?id=2283401", "https://bugzilla.redhat.com/show_bug.cgi?id=2283894", "https://bugzilla.redhat.com/show_bug.cgi?id=2284400", "https://bugzilla.redhat.com/show_bug.cgi?id=2284417", "https://bugzilla.redhat.com/show_bug.cgi?id=2284421", "https://bugzilla.redhat.com/show_bug.cgi?id=2284465", "https://bugzilla.redhat.com/show_bug.cgi?id=2284474", "https://bugzilla.redhat.com/show_bug.cgi?id=2284477", "https://bugzilla.redhat.com/show_bug.cgi?id=2284488", "https://bugzilla.redhat.com/show_bug.cgi?id=2284496", "https://bugzilla.redhat.com/show_bug.cgi?id=2284500", "https://bugzilla.redhat.com/show_bug.cgi?id=2284513", "https://bugzilla.redhat.com/show_bug.cgi?id=2284519", "https://bugzilla.redhat.com/show_bug.cgi?id=2284539", "https://bugzilla.redhat.com/show_bug.cgi?id=2284541", "https://bugzilla.redhat.com/show_bug.cgi?id=2284556", "https://bugzilla.redhat.com/show_bug.cgi?id=2284571", "https://bugzilla.redhat.com/show_bug.cgi?id=2284590", "https://bugzilla.redhat.com/show_bug.cgi?id=2284625", "https://bugzilla.redhat.com/show_bug.cgi?id=2290408", "https://bugzilla.redhat.com/show_bug.cgi?id=2292331", "https://bugzilla.redhat.com/show_bug.cgi?id=2293078", "https://bugzilla.redhat.com/show_bug.cgi?id=2293250", "https://bugzilla.redhat.com/show_bug.cgi?id=2293276", "https://bugzilla.redhat.com/show_bug.cgi?id=2293312", "https://bugzilla.redhat.com/show_bug.cgi?id=2293316", "https://bugzilla.redhat.com/show_bug.cgi?id=2293348", "https://bugzilla.redhat.com/show_bug.cgi?id=2293367", "https://bugzilla.redhat.com/show_bug.cgi?id=2293371", "https://bugzilla.redhat.com/show_bug.cgi?id=2293383", "https://bugzilla.redhat.com/show_bug.cgi?id=2293418", "https://bugzilla.redhat.com/show_bug.cgi?id=2293420", "https://bugzilla.redhat.com/show_bug.cgi?id=2293444", "https://bugzilla.redhat.com/show_bug.cgi?id=2293461", "https://bugzilla.redhat.com/show_bug.cgi?id=2293653", "https://bugzilla.redhat.com/show_bug.cgi?id=2293657", "https://bugzilla.redhat.com/show_bug.cgi?id=2293684", "https://bugzilla.redhat.com/show_bug.cgi?id=2293687", "https://bugzilla.redhat.com/show_bug.cgi?id=2293700", "https://bugzilla.redhat.com/show_bug.cgi?id=2293711", "https://bugzilla.redhat.com/show_bug.cgi?id=2294274", "https://bugzilla.redhat.com/show_bug.cgi?id=2295914", "https://bugzilla.redhat.com/show_bug.cgi?id=2296067", "https://bugzilla.redhat.com/show_bug.cgi?id=2297056", "https://bugzilla.redhat.com/show_bug.cgi?id=2297474", "https://bugzilla.redhat.com/show_bug.cgi?id=2297558", "https://bugzilla.redhat.com/show_bug.cgi?id=2298108", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974", "https://errata.almalinux.org/8/ALSA-2024-5102.html", "https://errata.rockylinux.org/RLSA-2024:5101", "https://git.kernel.org/linus/52f671db18823089a02f07efc04efdb2272ddc17 (6.8-rc6)", "https://git.kernel.org/stable/c/52f671db18823089a02f07efc04efdb2272ddc17", "https://git.kernel.org/stable/c/60ddea1600bc476e0f5e02bce0e29a460ccbf0be", "https://git.kernel.org/stable/c/7c787888d164689da8b1b115f3ef562c1e843af4", "https://linux.oracle.com/cve/CVE-2024-26740.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/2024040300-CVE-2024-26740-4d6f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-26740", "https://www.cve.org/CVERecord?id=CVE-2024-26740" ], "PublishedDate": "2024-04-03T17:15:51.41Z", "LastModifiedDate": "2025-03-17T16:03:33.7Z" }, { "VulnerabilityID": "CVE-2024-26742", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26742", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6f47b683c4cf13dcc45077afbd738578c365872a1357fa518fa50454d3d0fcbe", "Title": "kernel: scsi: smartpqi: Fix disable_managed_interrupts", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: smartpqi: Fix disable_managed_interrupts\n\nCorrect blk-mq registration issue with module parameter\ndisable_managed_interrupts enabled.\n\nWhen we turn off the default PCI_IRQ_AFFINITY flag, the driver needs to\nregister with blk-mq using blk_mq_map_queues(). The driver is currently\ncalling blk_mq_pci_map_queues() which results in a stack trace and possibly\nundefined behavior.\n\nStack Trace:\n[ 7.860089] scsi host2: smartpqi\n[ 7.871934] WARNING: CPU: 0 PID: 238 at block/blk-mq-pci.c:52 blk_mq_pci_map_queues+0xca/0xd0\n[ 7.889231] Modules linked in: sd_mod t10_pi sg uas smartpqi(+) crc32c_intel scsi_transport_sas usb_storage dm_mirror dm_region_hash dm_log dm_mod ipmi_devintf ipmi_msghandler fuse\n[ 7.924755] CPU: 0 PID: 238 Comm: kworker/0:3 Not tainted 4.18.0-372.88.1.el8_6_smartpqi_test.x86_64 #1\n[ 7.944336] Hardware name: HPE ProLiant DL380 Gen10/ProLiant DL380 Gen10, BIOS U30 03/08/2022\n[ 7.963026] Workqueue: events work_for_cpu_fn\n[ 7.978275] RIP: 0010:blk_mq_pci_map_queues+0xca/0xd0\n[ 7.978278] Code: 48 89 de 89 c7 e8 f6 0f 4f 00 3b 05 c4 b7 8e 01 72 e1 5b 31 c0 5d 41 5c 41 5d 41 5e 41 5f e9 7d df 73 00 31 c0 e9 76 df 73 00 \u003c0f\u003e 0b eb bc 90 90 0f 1f 44 00 00 41 57 49 89 ff 41 56 41 55 41 54\n[ 7.978280] RSP: 0018:ffffa95fc3707d50 EFLAGS: 00010216\n[ 7.978283] RAX: 00000000ffffffff RBX: 0000000000000000 RCX: 0000000000000010\n[ 7.978284] RDX: 0000000000000004 RSI: 0000000000000000 RDI: ffff9190c32d4310\n[ 7.978286] RBP: 0000000000000000 R08: ffffa95fc3707d38 R09: ffff91929b81ac00\n[ 7.978287] R10: 0000000000000001 R11: ffffa95fc3707ac0 R12: 0000000000000000\n[ 7.978288] R13: ffff9190c32d4000 R14: 00000000ffffffff R15: ffff9190c4c950a8\n[ 7.978290] FS: 0000000000000000(0000) GS:ffff9193efc00000(0000) knlGS:0000000000000000\n[ 7.978292] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 8.172814] CR2: 000055d11166c000 CR3: 00000002dae10002 CR4: 00000000007706f0\n[ 8.172816] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 8.172817] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 8.172818] PKRU: 55555554\n[ 8.172819] Call Trace:\n[ 8.172823] blk_mq_alloc_tag_set+0x12e/0x310\n[ 8.264339] scsi_add_host_with_dma.cold.9+0x30/0x245\n[ 8.279302] pqi_ctrl_init+0xacf/0xc8e [smartpqi]\n[ 8.294085] ? pqi_pci_probe+0x480/0x4c8 [smartpqi]\n[ 8.309015] pqi_pci_probe+0x480/0x4c8 [smartpqi]\n[ 8.323286] local_pci_probe+0x42/0x80\n[ 8.337855] work_for_cpu_fn+0x16/0x20\n[ 8.351193] process_one_work+0x1a7/0x360\n[ 8.364462] ? create_worker+0x1a0/0x1a0\n[ 8.379252] worker_thread+0x1ce/0x390\n[ 8.392623] ? create_worker+0x1a0/0x1a0\n[ 8.406295] kthread+0x10a/0x120\n[ 8.418428] ? set_kthread_struct+0x50/0x50\n[ 8.431532] ret_from_fork+0x1f/0x40\n[ 8.444137] ---[ end trace 1bf0173d39354506 ]---", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "amazon": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-26742", "https://git.kernel.org/linus/5761eb9761d2d5fe8248a9b719efc4d8baf1f24a (6.8-rc6)", "https://git.kernel.org/stable/c/3c31b18a8dd8b7bf36af1cd723d455853b8f94fe", "https://git.kernel.org/stable/c/4f5b15c15e6016efb3e14582d02cc4ddf57227df", "https://git.kernel.org/stable/c/5761eb9761d2d5fe8248a9b719efc4d8baf1f24a", "https://git.kernel.org/stable/c/b9433b25cb06c415c9cb24782599649a406c8d6d", "https://linux.oracle.com/cve/CVE-2024-26742.html", "https://linux.oracle.com/errata/ELSA-2024-12682.html", "https://lore.kernel.org/linux-cve-announce/2024040301-CVE-2024-26742-1b19@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-26742", "https://www.cve.org/CVERecord?id=CVE-2024-26742" ], "PublishedDate": "2024-04-03T17:15:51.517Z", "LastModifiedDate": "2025-03-17T16:04:16.513Z" }, { "VulnerabilityID": "CVE-2024-26756", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26756", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2cd2546b60483c6df21e44448679c826a91a490dcc94bd11d21c7eb171e9a92a", "Title": "kernel: md: Don't register sync_thread for reshape directly", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: Don't register sync_thread for reshape directly\n\nCurrently, if reshape is interrupted, then reassemble the array will\nregister sync_thread directly from pers-\u003erun(), in this case\n'MD_RECOVERY_RUNNING' is set directly, however, there is no guarantee\nthat md_do_sync() will be executed, hence stop_sync_thread() will hang\nbecause 'MD_RECOVERY_RUNNING' can't be cleared.\n\nLast patch make sure that md_do_sync() will set MD_RECOVERY_DONE,\nhowever, following hang can still be triggered by dm-raid test\nshell/lvconvert-raid-reshape.sh occasionally:\n\n[root@fedora ~]# cat /proc/1982/stack\n[\u003c0\u003e] stop_sync_thread+0x1ab/0x270 [md_mod]\n[\u003c0\u003e] md_frozen_sync_thread+0x5c/0xa0 [md_mod]\n[\u003c0\u003e] raid_presuspend+0x1e/0x70 [dm_raid]\n[\u003c0\u003e] dm_table_presuspend_targets+0x40/0xb0 [dm_mod]\n[\u003c0\u003e] __dm_destroy+0x2a5/0x310 [dm_mod]\n[\u003c0\u003e] dm_destroy+0x16/0x30 [dm_mod]\n[\u003c0\u003e] dev_remove+0x165/0x290 [dm_mod]\n[\u003c0\u003e] ctl_ioctl+0x4bb/0x7b0 [dm_mod]\n[\u003c0\u003e] dm_ctl_ioctl+0x11/0x20 [dm_mod]\n[\u003c0\u003e] vfs_ioctl+0x21/0x60\n[\u003c0\u003e] __x64_sys_ioctl+0xb9/0xe0\n[\u003c0\u003e] do_syscall_64+0xc6/0x230\n[\u003c0\u003e] entry_SYSCALL_64_after_hwframe+0x6c/0x74\n\nMeanwhile mddev-\u003erecovery is:\nMD_RECOVERY_RUNNING |\nMD_RECOVERY_INTR |\nMD_RECOVERY_RESHAPE |\nMD_RECOVERY_FROZEN\n\nFix this problem by remove the code to register sync_thread directly\nfrom raid10 and raid5. And let md_check_recovery() to register\nsync_thread.", "Severity": "MEDIUM", "CweIDs": [ "CWE-459" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-26756", "https://git.kernel.org/linus/ad39c08186f8a0f221337985036ba86731d6aafe (6.8-rc6)", "https://git.kernel.org/stable/c/13b520fb62b772e408f9b79c5fe18ad414e90417", "https://git.kernel.org/stable/c/ad39c08186f8a0f221337985036ba86731d6aafe", "https://lore.kernel.org/linux-cve-announce/2024040303-CVE-2024-26756-135f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-26756", "https://www.cve.org/CVERecord?id=CVE-2024-26756" ], "PublishedDate": "2024-04-03T17:15:52.15Z", "LastModifiedDate": "2025-03-17T16:56:57.017Z" }, { "VulnerabilityID": "CVE-2024-26757", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26757", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f3e270fa00aa85e33479bd5d22f5a804ee2202684cb74e9380132870584a036f", "Title": "kernel: md: Don't ignore read-only array in md_check_recovery()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: Don't ignore read-only array in md_check_recovery()\n\nUsually if the array is not read-write, md_check_recovery() won't\nregister new sync_thread in the first place. And if the array is\nread-write and sync_thread is registered, md_set_readonly() will\nunregister sync_thread before setting the array read-only. md/raid\nfollow this behavior hence there is no problem.\n\nAfter commit f52f5c71f3d4 (\"md: fix stopping sync thread\"), following\nhang can be triggered by test shell/integrity-caching.sh:\n\n1) array is read-only. dm-raid update super block:\nrs_update_sbs\n ro = mddev-\u003ero\n mddev-\u003ero = 0\n -\u003e set array read-write\n md_update_sb\n\n2) register new sync thread concurrently.\n\n3) dm-raid set array back to read-only:\nrs_update_sbs\n mddev-\u003ero = ro\n\n4) stop the array:\nraid_dtr\n md_stop\n stop_sync_thread\n set_bit(MD_RECOVERY_INTR, \u0026mddev-\u003erecovery);\n md_wakeup_thread_directly(mddev-\u003esync_thread);\n wait_event(..., !test_bit(MD_RECOVERY_RUNNING, \u0026mddev-\u003erecovery))\n\n5) sync thread done:\n md_do_sync\n set_bit(MD_RECOVERY_DONE, \u0026mddev-\u003erecovery);\n md_wakeup_thread(mddev-\u003ethread);\n\n6) daemon thread can't unregister sync thread:\n md_check_recovery\n if (!md_is_rdwr(mddev) \u0026\u0026\n !test_bit(MD_RECOVERY_NEEDED, \u0026mddev-\u003erecovery))\n return;\n -\u003e -\u003e MD_RECOVERY_RUNNING can't be cleared, hence step 4 hang;\n\nThe root cause is that dm-raid manipulate 'mddev-\u003ero' by itself,\nhowever, dm-raid really should stop sync thread before setting the\narray read-only. Unfortunately, I need to read more code before I\ncan refacter the handler of 'mddev-\u003ero' in dm-raid, hence let's fix\nthe problem the easy way for now to prevent dm-raid regression.", "Severity": "MEDIUM", "CweIDs": [ "CWE-404" ], "VendorSeverity": { "oracle-oval": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-26757", "https://git.kernel.org/linus/55a48ad2db64737f7ffc0407634218cc6e4c513b (6.8-rc6)", "https://git.kernel.org/stable/c/2ea169c5a0b1134d573d07fc27a16f327ad0e7d3", "https://git.kernel.org/stable/c/55a48ad2db64737f7ffc0407634218cc6e4c513b", "https://linux.oracle.com/cve/CVE-2024-26757.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/2024040304-CVE-2024-26757-7f96@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-26757", "https://www.cve.org/CVERecord?id=CVE-2024-26757" ], "PublishedDate": "2024-04-03T17:15:52.207Z", "LastModifiedDate": "2025-04-04T14:30:42.91Z" }, { "VulnerabilityID": "CVE-2024-26758", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26758", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:bc7debefc51fad3be5618ccd72a423f6525a119ec523f06995e95fe63923f772", "Title": "kernel: md: Don't ignore suspended array in md_check_recovery()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: Don't ignore suspended array in md_check_recovery()\n\nmddev_suspend() never stop sync_thread, hence it doesn't make sense to\nignore suspended array in md_check_recovery(), which might cause\nsync_thread can't be unregistered.\n\nAfter commit f52f5c71f3d4 (\"md: fix stopping sync thread\"), following\nhang can be triggered by test shell/integrity-caching.sh:\n\n1) suspend the array:\nraid_postsuspend\n mddev_suspend\n\n2) stop the array:\nraid_dtr\n md_stop\n __md_stop_writes\n stop_sync_thread\n set_bit(MD_RECOVERY_INTR, \u0026mddev-\u003erecovery);\n md_wakeup_thread_directly(mddev-\u003esync_thread);\n wait_event(..., !test_bit(MD_RECOVERY_RUNNING, \u0026mddev-\u003erecovery))\n\n3) sync thread done:\nmd_do_sync\n set_bit(MD_RECOVERY_DONE, \u0026mddev-\u003erecovery);\n md_wakeup_thread(mddev-\u003ethread);\n\n4) daemon thread can't unregister sync thread:\nmd_check_recovery\n if (mddev-\u003esuspended)\n return; -\u003e return directly\n md_read_sync_thread\n clear_bit(MD_RECOVERY_RUNNING, \u0026mddev-\u003erecovery);\n -\u003e MD_RECOVERY_RUNNING can't be cleared, hence step 2 hang;\n\nThis problem is not just related to dm-raid, fix it by ignoring\nsuspended array in md_check_recovery(). And follow up patches will\nimprove dm-raid better to frozen sync thread during suspend.", "Severity": "MEDIUM", "CweIDs": [ "CWE-129" ], "VendorSeverity": { "oracle-oval": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-26758", "https://git.kernel.org/linus/1baae052cccd08daf9a9d64c3f959d8cdb689757 (6.8-rc6)", "https://git.kernel.org/stable/c/1baae052cccd08daf9a9d64c3f959d8cdb689757", "https://git.kernel.org/stable/c/a55f0d6179a19c6b982e2dc344d58c98647a3be0", "https://linux.oracle.com/cve/CVE-2024-26758.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/2024040304-CVE-2024-26758-dcc3@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-26758", "https://www.cve.org/CVERecord?id=CVE-2024-26758" ], "PublishedDate": "2024-04-03T17:15:52.263Z", "LastModifiedDate": "2025-04-04T14:30:16.437Z" }, { "VulnerabilityID": "CVE-2024-26759", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26759", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9607a37b93265a2620a57b516eb137c70518db72890e761673332f3667387752", "Title": "kernel: mm/swap: fix race when skipping swapcache", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/swap: fix race when skipping swapcache\n\nWhen skipping swapcache for SWP_SYNCHRONOUS_IO, if two or more threads\nswapin the same entry at the same time, they get different pages (A, B). \nBefore one thread (T0) finishes the swapin and installs page (A) to the\nPTE, another thread (T1) could finish swapin of page (B), swap_free the\nentry, then swap out the possibly modified page reusing the same entry. \nIt breaks the pte_same check in (T0) because PTE value is unchanged,\ncausing ABA problem. Thread (T0) will install a stalled page (A) into the\nPTE and cause data corruption.\n\nOne possible callstack is like this:\n\nCPU0 CPU1\n---- ----\ndo_swap_page() do_swap_page() with same entry\n\u003cdirect swapin path\u003e \u003cdirect swapin path\u003e\n\u003calloc page A\u003e \u003calloc page B\u003e\nswap_read_folio() \u003c- read to page A swap_read_folio() \u003c- read to page B\n\u003cslow on later locks or interrupt\u003e \u003cfinished swapin first\u003e\n... set_pte_at()\n swap_free() \u003c- entry is free\n \u003cwrite to page B, now page A stalled\u003e\n \u003cswap out page B to same swap entry\u003e\npte_same() \u003c- Check pass, PTE seems\n unchanged, but page A\n is stalled!\nswap_free() \u003c- page B content lost!\nset_pte_at() \u003c- staled page A installed!\n\nAnd besides, for ZRAM, swap_free() allows the swap device to discard the\nentry content, so even if page (B) is not modified, if swap_read_folio()\non CPU0 happens later than swap_free() on CPU1, it may also cause data\nloss.\n\nTo fix this, reuse swapcache_prepare which will pin the swap entry using\nthe cache flag, and allow only one thread to swap it in, also prevent any\nparallel code from putting the entry in the cache. Release the pin after\nPT unlocked.\n\nRacers just loop and wait since it's a rare and very short event. A\nschedule_timeout_uninterruptible(1) call is added to avoid repeated page\nfaults wasting too much CPU, causing livelock or adding too much noise to\nperf statistics. A similar livelock issue was described in commit\n029c4628b2eb (\"mm: swap: get rid of livelock in swapin readahead\")\n\nReproducer:\n\nThis race issue can be triggered easily using a well constructed\nreproducer and patched brd (with a delay in read path) [1]:\n\nWith latest 6.8 mainline, race caused data loss can be observed easily:\n$ gcc -g -lpthread test-thread-swap-race.c \u0026\u0026 ./a.out\n Polulating 32MB of memory region...\n Keep swapping out...\n Starting round 0...\n Spawning 65536 workers...\n 32746 workers spawned, wait for done...\n Round 0: Error on 0x5aa00, expected 32746, got 32743, 3 data loss!\n Round 0: Error on 0x395200, expected 32746, got 32743, 3 data loss!\n Round 0: Error on 0x3fd000, expected 32746, got 32737, 9 data loss!\n Round 0 Failed, 15 data loss!\n\nThis reproducer spawns multiple threads sharing the same memory region\nusing a small swap device. Every two threads updates mapped pages one by\none in opposite direction trying to create a race, with one dedicated\nthread keep swapping out the data out using madvise.\n\nThe reproducer created a reproduce rate of about once every 5 minutes, so\nthe race should be totally possible in production.\n\nAfter this patch, I ran the reproducer for over a few hundred rounds and\nno data loss observed.\n\nPerformance overhead is minimal, microbenchmark swapin 10G from 32G\nzram:\n\nBefore: 10934698 us\nAfter: 11157121 us\nCached: 13155355 us (Dropping SWP_SYNCHRONOUS_IO flag)\n\n[kasong@tencent.com: v4]", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 1, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:4352", "https://access.redhat.com/security/cve/CVE-2024-26759", "https://bugzilla.redhat.com/1918601", "https://bugzilla.redhat.com/2248122", "https://bugzilla.redhat.com/2258875", "https://bugzilla.redhat.com/2265517", "https://bugzilla.redhat.com/2265519", "https://bugzilla.redhat.com/2265520", "https://bugzilla.redhat.com/2265800", "https://bugzilla.redhat.com/2266408", "https://bugzilla.redhat.com/2266831", "https://bugzilla.redhat.com/2267513", "https://bugzilla.redhat.com/2267518", "https://bugzilla.redhat.com/2267730", "https://bugzilla.redhat.com/2270093", "https://bugzilla.redhat.com/2271680", "https://bugzilla.redhat.com/2272692", "https://bugzilla.redhat.com/2272829", "https://bugzilla.redhat.com/2273204", "https://bugzilla.redhat.com/2273278", "https://bugzilla.redhat.com/2273423", "https://bugzilla.redhat.com/2273429", "https://bugzilla.redhat.com/2275604", "https://bugzilla.redhat.com/2275633", "https://bugzilla.redhat.com/2275635", "https://bugzilla.redhat.com/2275733", "https://bugzilla.redhat.com/2278337", "https://bugzilla.redhat.com/2278354", "https://bugzilla.redhat.com/2280434", "https://bugzilla.redhat.com/2281057", "https://bugzilla.redhat.com/2281113", "https://bugzilla.redhat.com/2281157", "https://bugzilla.redhat.com/2281165", "https://bugzilla.redhat.com/2281251", "https://bugzilla.redhat.com/2281253", "https://bugzilla.redhat.com/2281255", "https://bugzilla.redhat.com/2281257", "https://bugzilla.redhat.com/2281272", "https://bugzilla.redhat.com/2281350", "https://bugzilla.redhat.com/2281689", "https://bugzilla.redhat.com/2281693", "https://bugzilla.redhat.com/2281920", "https://bugzilla.redhat.com/2281923", "https://bugzilla.redhat.com/2281925", "https://bugzilla.redhat.com/2281953", "https://bugzilla.redhat.com/2281986", "https://bugzilla.redhat.com/2282394", "https://bugzilla.redhat.com/2282400", "https://bugzilla.redhat.com/2282471", "https://bugzilla.redhat.com/2282472", "https://bugzilla.redhat.com/2282581", "https://bugzilla.redhat.com/2282609", "https://bugzilla.redhat.com/2282612", "https://bugzilla.redhat.com/2282653", "https://bugzilla.redhat.com/2282680", "https://bugzilla.redhat.com/2282698", "https://bugzilla.redhat.com/2282712", "https://bugzilla.redhat.com/2282735", "https://bugzilla.redhat.com/2282902", "https://bugzilla.redhat.com/2282920", "https://bugzilla.redhat.com/show_bug.cgi?id=1918601", "https://bugzilla.redhat.com/show_bug.cgi?id=2248122", "https://bugzilla.redhat.com/show_bug.cgi?id=2258875", "https://bugzilla.redhat.com/show_bug.cgi?id=2265517", "https://bugzilla.redhat.com/show_bug.cgi?id=2265519", "https://bugzilla.redhat.com/show_bug.cgi?id=2265520", "https://bugzilla.redhat.com/show_bug.cgi?id=2265800", "https://bugzilla.redhat.com/show_bug.cgi?id=2266408", "https://bugzilla.redhat.com/show_bug.cgi?id=2266831", "https://bugzilla.redhat.com/show_bug.cgi?id=2267513", "https://bugzilla.redhat.com/show_bug.cgi?id=2267518", "https://bugzilla.redhat.com/show_bug.cgi?id=2267730", "https://bugzilla.redhat.com/show_bug.cgi?id=2270093", "https://bugzilla.redhat.com/show_bug.cgi?id=2271680", "https://bugzilla.redhat.com/show_bug.cgi?id=2272692", "https://bugzilla.redhat.com/show_bug.cgi?id=2272829", "https://bugzilla.redhat.com/show_bug.cgi?id=2273204", "https://bugzilla.redhat.com/show_bug.cgi?id=2273278", "https://bugzilla.redhat.com/show_bug.cgi?id=2273423", "https://bugzilla.redhat.com/show_bug.cgi?id=2273429", "https://bugzilla.redhat.com/show_bug.cgi?id=2275604", "https://bugzilla.redhat.com/show_bug.cgi?id=2275633", "https://bugzilla.redhat.com/show_bug.cgi?id=2275635", "https://bugzilla.redhat.com/show_bug.cgi?id=2275733", "https://bugzilla.redhat.com/show_bug.cgi?id=2278337", "https://bugzilla.redhat.com/show_bug.cgi?id=2278354", "https://bugzilla.redhat.com/show_bug.cgi?id=2280434", "https://bugzilla.redhat.com/show_bug.cgi?id=2281057", "https://bugzilla.redhat.com/show_bug.cgi?id=2281113", "https://bugzilla.redhat.com/show_bug.cgi?id=2281157", "https://bugzilla.redhat.com/show_bug.cgi?id=2281165", "https://bugzilla.redhat.com/show_bug.cgi?id=2281251", "https://bugzilla.redhat.com/show_bug.cgi?id=2281253", "https://bugzilla.redhat.com/show_bug.cgi?id=2281255", "https://bugzilla.redhat.com/show_bug.cgi?id=2281257", "https://bugzilla.redhat.com/show_bug.cgi?id=2281272", "https://bugzilla.redhat.com/show_bug.cgi?id=2281311", "https://bugzilla.redhat.com/show_bug.cgi?id=2281334", "https://bugzilla.redhat.com/show_bug.cgi?id=2281346", "https://bugzilla.redhat.com/show_bug.cgi?id=2281350", "https://bugzilla.redhat.com/show_bug.cgi?id=2281689", "https://bugzilla.redhat.com/show_bug.cgi?id=2281693", "https://bugzilla.redhat.com/show_bug.cgi?id=2281920", "https://bugzilla.redhat.com/show_bug.cgi?id=2281923", "https://bugzilla.redhat.com/show_bug.cgi?id=2281925", "https://bugzilla.redhat.com/show_bug.cgi?id=2281953", "https://bugzilla.redhat.com/show_bug.cgi?id=2281986", "https://bugzilla.redhat.com/show_bug.cgi?id=2282394", "https://bugzilla.redhat.com/show_bug.cgi?id=2282400", "https://bugzilla.redhat.com/show_bug.cgi?id=2282471", "https://bugzilla.redhat.com/show_bug.cgi?id=2282472", "https://bugzilla.redhat.com/show_bug.cgi?id=2282581", "https://bugzilla.redhat.com/show_bug.cgi?id=2282609", "https://bugzilla.redhat.com/show_bug.cgi?id=2282612", "https://bugzilla.redhat.com/show_bug.cgi?id=2282653", "https://bugzilla.redhat.com/show_bug.cgi?id=2282680", "https://bugzilla.redhat.com/show_bug.cgi?id=2282698", "https://bugzilla.redhat.com/show_bug.cgi?id=2282712", "https://bugzilla.redhat.com/show_bug.cgi?id=2282735", "https://bugzilla.redhat.com/show_bug.cgi?id=2282902", "https://bugzilla.redhat.com/show_bug.cgi?id=2282920", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26555", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46909", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46972", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47069", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47073", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47236", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47310", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47311", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47353", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47356", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47456", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47495", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5090", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52464", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52560", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52615", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52626", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52667", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52669", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52686", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52700", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52703", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52781", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52813", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52835", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52877", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52878", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52881", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26583", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26584", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26585", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26656", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26735", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26759", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26801", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26804", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26859", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26906", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26907", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26974", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26982", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27397", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27410", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35789", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35835", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35838", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35845", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35852", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35854", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35855", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35888", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35890", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35958", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35959", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35960", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36004", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36007", "https://errata.almalinux.org/8/ALSA-2024-4352.html", "https://errata.rockylinux.org/RLSA-2024:4211", "https://git.kernel.org/linus/13ddaf26be324a7f951891ecd9ccd04466d27458 (6.8-rc6)", "https://git.kernel.org/stable/c/13ddaf26be324a7f951891ecd9ccd04466d27458", "https://git.kernel.org/stable/c/2dedda77d4493f3e92e414b272bfa60f1f51ed95", "https://git.kernel.org/stable/c/305152314df82b22cf9b181f3dc5fc411002079a", "https://git.kernel.org/stable/c/d183a4631acfc7af955c02a02e739cec15f5234d", "https://linux.oracle.com/cve/CVE-2024-26759.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/2024040304-CVE-2024-26759-45f1@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-26759", "https://www.cve.org/CVERecord?id=CVE-2024-26759" ], "PublishedDate": "2024-04-03T17:15:52.32Z", "LastModifiedDate": "2025-04-16T19:15:50.92Z" }, { "VulnerabilityID": "CVE-2024-26767", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26767", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:cde61ccd72be9623cc90c25dc0bed30472bf1190297a03490b74cdbb453bf78f", "Title": "kernel: drm/amd/display: fixed integer types and null check locations", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fixed integer types and null check locations\n\n[why]:\nissues fixed:\n- comparison with wider integer type in loop condition which can cause\ninfinite loops\n- pointer dereference before null check", "Severity": "MEDIUM", "CweIDs": [ "CWE-476", "CWE-835" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-26767", "https://git.kernel.org/linus/0484e05d048b66d01d1f3c1d2306010bb57d8738 (6.8-rc5)", "https://git.kernel.org/stable/c/0484e05d048b66d01d1f3c1d2306010bb57d8738", "https://git.kernel.org/stable/c/070fda699dfdce560755379bc428d9edada7a54e", "https://git.kernel.org/stable/c/71783d1ff65204d69207fd156d4b2eb1d3882375", "https://git.kernel.org/stable/c/beea9ab9080cd2ef46296070bb327af066ee09d7", "https://linux.oracle.com/cve/CVE-2024-26767.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html", "https://lore.kernel.org/linux-cve-announce/2024040306-CVE-2024-26767-bdac@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-26767", "https://www.cve.org/CVERecord?id=CVE-2024-26767" ], "PublishedDate": "2024-04-03T17:15:52.747Z", "LastModifiedDate": "2025-11-03T20:16:10.767Z" }, { "VulnerabilityID": "CVE-2024-26770", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26770", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:10e61ee61ea2f1e73127d20aa80186e8e716ea9f3a09ac588d43d2caa07dd9f3", "Title": "kernel: HID: nvidia-shield: Add missing null pointer checks to LED initialization", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: nvidia-shield: Add missing null pointer checks to LED initialization\n\ndevm_kasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure. Ensure the allocation was successful\nby checking the pointer validity.\n\n[jkosina@suse.com: tweak changelog a bit]", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-26770", "https://git.kernel.org/linus/b6eda11c44dc89a681e1c105f0f4660e69b1e183 (6.8-rc3)", "https://git.kernel.org/stable/c/83527a13740f57b45f162e3af4c7db4b88521100", "https://git.kernel.org/stable/c/b6eda11c44dc89a681e1c105f0f4660e69b1e183", "https://git.kernel.org/stable/c/e71cc4a1e584293deafff1a7dea614b0210d0443", "https://lore.kernel.org/linux-cve-announce/2024040307-CVE-2024-26770-1c08@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-26770", "https://www.cve.org/CVERecord?id=CVE-2024-26770" ], "PublishedDate": "2024-04-03T17:15:52.91Z", "LastModifiedDate": "2025-01-27T14:58:19.13Z" }, { "VulnerabilityID": "CVE-2024-26807", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26807", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3251f276064cae05d109a323eedd934cda525d4bee1c3868ac934f08d5620384", "Title": "kernel: spi: cadence-qspi: fix pointer reference in runtime PM hooks", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBoth cadence-quadspi -\u003eruntime_suspend() and -\u003eruntime_resume()\nimplementations start with:\n\n\tstruct cqspi_st *cqspi = dev_get_drvdata(dev);\n\tstruct spi_controller *host = dev_get_drvdata(dev);\n\nThis obviously cannot be correct, unless \"struct cqspi_st\" is the\nfirst member of \" struct spi_controller\", or the other way around, but\nit is not the case. \"struct spi_controller\" is allocated by\ndevm_spi_alloc_host(), which allocates an extra amount of memory for\nprivate data, used to store \"struct cqspi_st\".\n\nThe -\u003eprobe() function of the cadence-quadspi driver then sets the\ndevice drvdata to store the address of the \"struct cqspi_st\"\nstructure. Therefore:\n\n\tstruct cqspi_st *cqspi = dev_get_drvdata(dev);\n\nis correct, but:\n\n\tstruct spi_controller *host = dev_get_drvdata(dev);\n\nis not, as it makes \"host\" point not to a \"struct spi_controller\" but\nto the same \"struct cqspi_st\" structure as above.\n\nThis obviously leads to bad things (memory corruption, kernel crashes)\ndirectly during -\u003eprobe(), as -\u003eprobe() enables the device using PM\nruntime, leading the -\u003eruntime_resume() hook being called, which in\nturns calls spi_controller_resume() with the wrong pointer.\n\nThis has at least been reported [0] to cause a kernel crash, but the\nexact behavior will depend on the memory contents.\n\n[0] https://lore.kernel.org/all/20240226121803.5a7r5wkpbbowcxgx@dhruva/\n\nThis issue potentially affects all platforms that are currently using\nthe cadence-quadspi driver.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-26807", "https://git.kernel.org/stable/c/03f1573c9587029730ca68503f5062105b122f61", "https://git.kernel.org/stable/c/2c914aac9522f6e93822c18dff233d3e92399c81", "https://git.kernel.org/stable/c/32ce3bb57b6b402de2aec1012511e7ac4e7449dc", "https://git.kernel.org/stable/c/34e1d5c4407c78de0e3473e1fbf8fb74dbe66d03", "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-26807", "https://www.cve.org/CVERecord?id=CVE-2024-26807" ], "PublishedDate": "2024-04-04T09:15:09.38Z", "LastModifiedDate": "2025-11-03T20:16:11.1Z" }, { "VulnerabilityID": "CVE-2024-26842", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26842", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5ff4a32c45e286a5c344da709573718324d98eefaf6fb1e3e2f4704fbf685b92", "Title": "kernel: scsi: ufs: core: Fix shift issue in ufshcd_clear_cmd()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix shift issue in ufshcd_clear_cmd()\n\nWhen task_tag \u003e= 32 (in MCQ mode) and sizeof(unsigned int) == 4, 1U \u003c\u003c\ntask_tag will out of bounds for a u32 mask. Fix this up to prevent\nSHIFT_ISSUE (bitwise shifts that are out of bounds for their data type).\n\n[name:debug_monitors\u0026]Unexpected kernel BRK exception at EL1\n[name:traps\u0026]Internal error: BRK handler: 00000000f2005514 [#1] PREEMPT SMP\n[name:mediatek_cpufreq_hw\u0026]cpufreq stop DVFS log done\n[name:mrdump\u0026]Kernel Offset: 0x1ba5800000 from 0xffffffc008000000\n[name:mrdump\u0026]PHYS_OFFSET: 0x80000000\n[name:mrdump\u0026]pstate: 22400005 (nzCv daif +PAN -UAO)\n[name:mrdump\u0026]pc : [0xffffffdbaf52bb2c] ufshcd_clear_cmd+0x280/0x288\n[name:mrdump\u0026]lr : [0xffffffdbaf52a774] ufshcd_wait_for_dev_cmd+0x3e4/0x82c\n[name:mrdump\u0026]sp : ffffffc0081471b0\n\u003csnip\u003e\nWorkqueue: ufs_eh_wq_0 ufshcd_err_handler\nCall trace:\n dump_backtrace+0xf8/0x144\n show_stack+0x18/0x24\n dump_stack_lvl+0x78/0x9c\n dump_stack+0x18/0x44\n mrdump_common_die+0x254/0x480 [mrdump]\n ipanic_die+0x20/0x30 [mrdump]\n notify_die+0x15c/0x204\n die+0x10c/0x5f8\n arm64_notify_die+0x74/0x13c\n do_debug_exception+0x164/0x26c\n el1_dbg+0x64/0x80\n el1h_64_sync_handler+0x3c/0x90\n el1h_64_sync+0x68/0x6c\n ufshcd_clear_cmd+0x280/0x288\n ufshcd_wait_for_dev_cmd+0x3e4/0x82c\n ufshcd_exec_dev_cmd+0x5bc/0x9ac\n ufshcd_verify_dev_init+0x84/0x1c8\n ufshcd_probe_hba+0x724/0x1ce0\n ufshcd_host_reset_and_restore+0x260/0x574\n ufshcd_reset_and_restore+0x138/0xbd0\n ufshcd_err_handler+0x1218/0x2f28\n process_one_work+0x5fc/0x1140\n worker_thread+0x7d8/0xe20\n kthread+0x25c/0x468\n ret_from_fork+0x10/0x20", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-26842", "https://git.kernel.org/linus/b513d30d59bb383a6a5d6b533afcab2cee99a8f8 (6.8-rc4)", "https://git.kernel.org/stable/c/7ac9e18f5d66087cd22751c5c5bf0090eb0038fe", "https://git.kernel.org/stable/c/a992425d18e5f7c48931121993c6c69426f2a8fb", "https://git.kernel.org/stable/c/b513d30d59bb383a6a5d6b533afcab2cee99a8f8", "https://lore.kernel.org/linux-cve-announce/2024041716-CVE-2024-26842-d556@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-26842", "https://www.cve.org/CVERecord?id=CVE-2024-26842" ], "PublishedDate": "2024-04-17T10:15:09.997Z", "LastModifiedDate": "2025-03-04T15:36:04.323Z" }, { "VulnerabilityID": "CVE-2024-26844", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26844", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f65507dee02adc603b77b79f2396e7da1e2332f084f3462aeb98b4f2a591c960", "Title": "kernel: block: Fix WARNING in _copy_from_iter", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: Fix WARNING in _copy_from_iter\n\nSyzkaller reports a warning in _copy_from_iter because an\niov_iter is supposedly used in the wrong direction. The reason\nis that syzcaller managed to generate a request with\na transfer direction of SG_DXFER_TO_FROM_DEV. This instructs\nthe kernel to copy user buffers into the kernel, read into\nthe copied buffers and then copy the data back to user space.\n\nThus the iovec is used in both directions.\n\nDetect this situation in the block layer and construct a new\niterator with the correct direction for the copy-in.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-26844", "https://git.kernel.org/linus/13f3956eb5681a4045a8dfdef48df5dc4d9f58a6 (6.8-rc2)", "https://git.kernel.org/stable/c/0f1bae071de9967602807472921829a54b2e5956", "https://git.kernel.org/stable/c/13f3956eb5681a4045a8dfdef48df5dc4d9f58a6", "https://git.kernel.org/stable/c/8fc80874103a5c20aebdc2401361aa01c817f75b", "https://git.kernel.org/stable/c/cbaf9be337f7da25742acfce325119e3395b1f1b", "https://lore.kernel.org/linux-cve-announce/2024041716-CVE-2024-26844-c534@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-26844", "https://www.cve.org/CVERecord?id=CVE-2024-26844" ], "PublishedDate": "2024-04-17T10:15:10.093Z", "LastModifiedDate": "2025-04-02T13:17:54.9Z" }, { "VulnerabilityID": "CVE-2024-26853", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26853", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:71c49a066e8cc43dd9615e89db0cf940e9ace936f2efecccd266d057de9a11bd", "Title": "kernel: igc: avoid returning frame twice in XDP_REDIRECT", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nigc: avoid returning frame twice in XDP_REDIRECT\n\nWhen a frame can not be transmitted in XDP_REDIRECT\n(e.g. due to a full queue), it is necessary to free\nit by calling xdp_return_frame_rx_napi.\n\nHowever, this is the responsibility of the caller of\nthe ndo_xdp_xmit (see for example bq_xmit_all in\nkernel/bpf/devmap.c) and thus calling it inside\nigc_xdp_xmit (which is the ndo_xdp_xmit of the igc\ndriver) as well will lead to memory corruption.\n\nIn fact, bq_xmit_all expects that it can return all\nframes after the last successfully transmitted one.\nTherefore, break for the first not transmitted frame,\nbut do not call xdp_return_frame_rx_napi in igc_xdp_xmit.\nThis is equally implemented in other Intel drivers\nsuch as the igb.\n\nThere are two alternatives to this that were rejected:\n1. Return num_frames as all the frames would have been\n transmitted and release them inside igc_xdp_xmit.\n While it might work technically, it is not what\n the return value is meant to represent (i.e. the\n number of SUCCESSFULLY transmitted packets).\n2. Rework kernel/bpf/devmap.c and all drivers to\n support non-consecutively dropped packets.\n Besides being complex, it likely has a negative\n performance impact without a significant gain\n since it is anyway unlikely that the next frame\n can be transmitted if the previous one was dropped.\n\nThe memory corruption can be reproduced with\nthe following script which leads to a kernel panic\nafter a few seconds. It basically generates more\ntraffic than a i225 NIC can transmit and pushes it\nvia XDP_REDIRECT from a virtual interface to the\nphysical interface where frames get dropped.\n\n #!/bin/bash\n INTERFACE=enp4s0\n INTERFACE_IDX=`cat /sys/class/net/$INTERFACE/ifindex`\n\n sudo ip link add dev veth1 type veth peer name veth2\n sudo ip link set up $INTERFACE\n sudo ip link set up veth1\n sudo ip link set up veth2\n\n cat \u003c\u003c EOF \u003e redirect.bpf.c\n\n SEC(\"prog\")\n int redirect(struct xdp_md *ctx)\n {\n return bpf_redirect($INTERFACE_IDX, 0);\n }\n\n char _license[] SEC(\"license\") = \"GPL\";\n EOF\n clang -O2 -g -Wall -target bpf -c redirect.bpf.c -o redirect.bpf.o\n sudo ip link set veth2 xdp obj redirect.bpf.o\n\n cat \u003c\u003c EOF \u003e pass.bpf.c\n\n SEC(\"prog\")\n int pass(struct xdp_md *ctx)\n {\n return XDP_PASS;\n }\n\n char _license[] SEC(\"license\") = \"GPL\";\n EOF\n clang -O2 -g -Wall -target bpf -c pass.bpf.c -o pass.bpf.o\n sudo ip link set $INTERFACE xdp obj pass.bpf.o\n\n cat \u003c\u003c EOF \u003e trafgen.cfg\n\n {\n /* Ethernet Header */\n 0xe8, 0x6a, 0x64, 0x41, 0xbf, 0x46,\n 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,\n const16(ETH_P_IP),\n\n /* IPv4 Header */\n 0b01000101, 0, # IPv4 version, IHL, TOS\n const16(1028), # IPv4 total length (UDP length + 20 bytes (IP header))\n const16(2), # IPv4 ident\n 0b01000000, 0, # IPv4 flags, fragmentation off\n 64, # IPv4 TTL\n 17, # Protocol UDP\n csumip(14, 33), # IPv4 checksum\n\n /* UDP Header */\n 10, 0, 1, 1, # IP Src - adapt as needed\n 10, 0, 1, 2, # IP Dest - adapt as needed\n const16(6666), # UDP Src Port\n const16(6666), # UDP Dest Port\n const16(1008), # UDP length (UDP header 8 bytes + payload length)\n csumudp(14, 34), # UDP checksum\n\n /* Payload */\n fill('W', 1000),\n }\n EOF\n\n sudo trafgen -i trafgen.cfg -b3000MB -o veth1 --cpp", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 3, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:5363", "https://access.redhat.com/security/cve/CVE-2024-26853", "https://bugzilla.redhat.com/2265838", "https://bugzilla.redhat.com/2273405", "https://bugzilla.redhat.com/2275600", "https://bugzilla.redhat.com/2275655", "https://bugzilla.redhat.com/2275715", "https://bugzilla.redhat.com/2275748", "https://bugzilla.redhat.com/2278380", "https://bugzilla.redhat.com/2278417", "https://bugzilla.redhat.com/2278429", "https://bugzilla.redhat.com/2278519", "https://bugzilla.redhat.com/2278989", "https://bugzilla.redhat.com/2281057", "https://bugzilla.redhat.com/2281097", "https://bugzilla.redhat.com/2281133", "https://bugzilla.redhat.com/2281190", "https://bugzilla.redhat.com/2281237", "https://bugzilla.redhat.com/2281257", "https://bugzilla.redhat.com/2281265", "https://bugzilla.redhat.com/2281272", "https://bugzilla.redhat.com/2281639", "https://bugzilla.redhat.com/2281667", "https://bugzilla.redhat.com/2281821", "https://bugzilla.redhat.com/2281900", "https://bugzilla.redhat.com/2281949", "https://bugzilla.redhat.com/2282719", "https://bugzilla.redhat.com/2284400", "https://bugzilla.redhat.com/2284417", "https://bugzilla.redhat.com/2284474", "https://bugzilla.redhat.com/2284496", "https://bugzilla.redhat.com/2284511", "https://bugzilla.redhat.com/2284513", "https://bugzilla.redhat.com/2284543", "https://bugzilla.redhat.com/2292331", "https://bugzilla.redhat.com/2293208", "https://bugzilla.redhat.com/2293418", "https://bugzilla.redhat.com/2293441", "https://bugzilla.redhat.com/2293657", "https://bugzilla.redhat.com/2293658", "https://bugzilla.redhat.com/2293686", "https://bugzilla.redhat.com/2293687", "https://bugzilla.redhat.com/2293688", "https://bugzilla.redhat.com/2297056", "https://bugzilla.redhat.com/2297512", "https://bugzilla.redhat.com/2297538", "https://bugzilla.redhat.com/2297542", "https://bugzilla.redhat.com/2297545", "https://bugzilla.redhat.com/show_bug.cgi?id=2265838", "https://bugzilla.redhat.com/show_bug.cgi?id=2273405", "https://bugzilla.redhat.com/show_bug.cgi?id=2275600", "https://bugzilla.redhat.com/show_bug.cgi?id=2275655", "https://bugzilla.redhat.com/show_bug.cgi?id=2275715", "https://bugzilla.redhat.com/show_bug.cgi?id=2275748", "https://bugzilla.redhat.com/show_bug.cgi?id=2278380", "https://bugzilla.redhat.com/show_bug.cgi?id=2278417", "https://bugzilla.redhat.com/show_bug.cgi?id=2278429", "https://bugzilla.redhat.com/show_bug.cgi?id=2278519", "https://bugzilla.redhat.com/show_bug.cgi?id=2278989", "https://bugzilla.redhat.com/show_bug.cgi?id=2281057", "https://bugzilla.redhat.com/show_bug.cgi?id=2281097", "https://bugzilla.redhat.com/show_bug.cgi?id=2281133", "https://bugzilla.redhat.com/show_bug.cgi?id=2281190", "https://bugzilla.redhat.com/show_bug.cgi?id=2281237", "https://bugzilla.redhat.com/show_bug.cgi?id=2281257", "https://bugzilla.redhat.com/show_bug.cgi?id=2281265", "https://bugzilla.redhat.com/show_bug.cgi?id=2281272", "https://bugzilla.redhat.com/show_bug.cgi?id=2281639", "https://bugzilla.redhat.com/show_bug.cgi?id=2281667", "https://bugzilla.redhat.com/show_bug.cgi?id=2281821", "https://bugzilla.redhat.com/show_bug.cgi?id=2281900", "https://bugzilla.redhat.com/show_bug.cgi?id=2281949", "https://bugzilla.redhat.com/show_bug.cgi?id=2282719", "https://bugzilla.redhat.com/show_bug.cgi?id=2284400", "https://bugzilla.redhat.com/show_bug.cgi?id=2284417", "https://bugzilla.redhat.com/show_bug.cgi?id=2284474", "https://bugzilla.redhat.com/show_bug.cgi?id=2284496", "https://bugzilla.redhat.com/show_bug.cgi?id=2284511", "https://bugzilla.redhat.com/show_bug.cgi?id=2284513", "https://bugzilla.redhat.com/show_bug.cgi?id=2284543", "https://bugzilla.redhat.com/show_bug.cgi?id=2292331", "https://bugzilla.redhat.com/show_bug.cgi?id=2293208", "https://bugzilla.redhat.com/show_bug.cgi?id=2293418", "https://bugzilla.redhat.com/show_bug.cgi?id=2293441", "https://bugzilla.redhat.com/show_bug.cgi?id=2293657", "https://bugzilla.redhat.com/show_bug.cgi?id=2293658", "https://bugzilla.redhat.com/show_bug.cgi?id=2293686", "https://bugzilla.redhat.com/show_bug.cgi?id=2293687", "https://bugzilla.redhat.com/show_bug.cgi?id=2293688", "https://bugzilla.redhat.com/show_bug.cgi?id=2297056", "https://bugzilla.redhat.com/show_bug.cgi?id=2297512", "https://bugzilla.redhat.com/show_bug.cgi?id=2297538", "https://bugzilla.redhat.com/show_bug.cgi?id=2297542", "https://bugzilla.redhat.com/show_bug.cgi?id=2297545", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47606", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52651", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26808", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26828", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26868", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26897", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27049", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27052", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27417", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35789", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35800", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35845", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35848", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35852", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35911", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35969", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36903", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36922", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37353", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37356", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38391", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38558", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40928", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40954", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40958", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40961", "https://errata.almalinux.org/9/ALSA-2024-5363.html", "https://errata.rockylinux.org/RLSA-2024:5363", "https://git.kernel.org/linus/ef27f655b438bed4c83680e4f01e1cde2739854b (6.8)", "https://git.kernel.org/stable/c/1b3b8231386a572bac8cd5b6fd7e944b84f9bb1f", "https://git.kernel.org/stable/c/63a3c1f3c9ecc654d851e7906d05334cd0c236e2", "https://git.kernel.org/stable/c/8df393af9e7e8dfd62e9c41dbaa4d2ff53bf794a", "https://git.kernel.org/stable/c/ef27f655b438bed4c83680e4f01e1cde2739854b", "https://linux.oracle.com/cve/CVE-2024-26853.html", "https://linux.oracle.com/errata/ELSA-2024-5363.html", "https://lore.kernel.org/linux-cve-announce/2024041723-CVE-2024-26853-b549@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-26853", "https://www.cve.org/CVERecord?id=CVE-2024-26853" ], "PublishedDate": "2024-04-17T11:15:08.583Z", "LastModifiedDate": "2025-04-02T13:17:04.977Z" }, { "VulnerabilityID": "CVE-2024-26866", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26866", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:08bf2bcedb459f08f21255777d280c1d2c53239f3f0124a318d4f9b6fcb0249d", "Title": "kernel: spi: lpspi: Avoid potential use-after-free in probe()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: lpspi: Avoid potential use-after-free in probe()\n\nfsl_lpspi_probe() is allocating/disposing memory manually with\nspi_alloc_host()/spi_alloc_target(), but uses\ndevm_spi_register_controller(). In case of error after the latter call the\nmemory will be explicitly freed in the probe function by\nspi_controller_put() call, but used afterwards by \"devm\" management outside\nprobe() (spi_unregister_controller() \u003c- devm_spi_unregister() below).\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000070\n...\nCall trace:\n kernfs_find_ns\n kernfs_find_and_get_ns\n sysfs_remove_group\n sysfs_remove_groups\n device_remove_attrs\n device_del\n spi_unregister_controller\n devm_spi_unregister\n release_nodes\n devres_release_all\n really_probe\n driver_probe_device\n __device_attach_driver\n bus_for_each_drv\n __device_attach\n device_initial_probe\n bus_probe_device\n deferred_probe_work_func\n process_one_work\n worker_thread\n kthread\n ret_from_fork", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-26866", "https://git.kernel.org/linus/2ae0ab0143fcc06190713ed81a6486ed0ad3c861 (6.9-rc1)", "https://git.kernel.org/stable/c/1543418e82789cc383cd36d41469983c64e3fc7f", "https://git.kernel.org/stable/c/2ae0ab0143fcc06190713ed81a6486ed0ad3c861", "https://git.kernel.org/stable/c/996ce839606afd0fef91355627868022aa73eb68", "https://git.kernel.org/stable/c/da83ed350e4604b976e94239b08d8e2e7eaee7ea", "https://lore.kernel.org/linux-cve-announce/2024041737-CVE-2024-26866-1e98@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-26866", "https://ubuntu.com/security/notices/USN-6816-1", "https://ubuntu.com/security/notices/USN-6817-1", "https://ubuntu.com/security/notices/USN-6817-2", "https://ubuntu.com/security/notices/USN-6817-3", "https://ubuntu.com/security/notices/USN-6878-1", "https://www.cve.org/CVERecord?id=CVE-2024-26866" ], "PublishedDate": "2024-04-17T11:15:09.253Z", "LastModifiedDate": "2025-01-27T15:08:19.563Z" }, { "VulnerabilityID": "CVE-2024-26869", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26869", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:404eb27ca35c6ca9e16014850a00edde85bc56b2b4eaf85049f730e402a2873e", "Title": "kernel: f2fs: fix to truncate meta inode pages forcely", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to truncate meta inode pages forcely\n\nBelow race case can cause data corruption:\n\nThread A\t\t\t\tGC thread\n\t\t\t\t\t- gc_data_segment\n\t\t\t\t\t - ra_data_block\n\t\t\t\t\t - locked meta_inode page\n- f2fs_inplace_write_data\n - invalidate_mapping_pages\n : fail to invalidate meta_inode page\n due to lock failure or dirty|writeback\n status\n - f2fs_submit_page_bio\n : write last dirty data to old blkaddr\n\t\t\t\t\t - move_data_block\n\t\t\t\t\t - load old data from meta_inode page\n\t\t\t\t\t - f2fs_submit_page_write\n\t\t\t\t\t : write old data to new blkaddr\n\nBecause invalidate_mapping_pages() will skip invalidating page which\nhas unclear status including locked, dirty, writeback and so on, so\nwe need to use truncate_inode_pages_range() instead of\ninvalidate_mapping_pages() to make sure meta_inode page will be dropped.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-26869", "https://git.kernel.org/linus/9f0c4a46be1fe9b97dbe66d49204c1371e3ece65 (6.9-rc1)", "https://git.kernel.org/stable/c/04226d8e3c4028dc451e9d8777356ec0f7919253", "https://git.kernel.org/stable/c/77bfdb89cc222fc7bfe198eda77bdc427d5ac189", "https://git.kernel.org/stable/c/9f0c4a46be1fe9b97dbe66d49204c1371e3ece65", "https://git.kernel.org/stable/c/c92f2927df860a60ba815d3ee610a944b92a8694", "https://lore.kernel.org/linux-cve-announce/2024041738-CVE-2024-26869-c9e2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-26869", "https://ubuntu.com/security/notices/USN-6816-1", "https://ubuntu.com/security/notices/USN-6817-1", "https://ubuntu.com/security/notices/USN-6817-2", "https://ubuntu.com/security/notices/USN-6817-3", "https://ubuntu.com/security/notices/USN-6878-1", "https://www.cve.org/CVERecord?id=CVE-2024-26869" ], "PublishedDate": "2024-04-17T11:15:09.413Z", "LastModifiedDate": "2025-05-07T17:39:20.227Z" }, { "VulnerabilityID": "CVE-2024-26876", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26876", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d27af3cdbaf040611bb7acde70b0c5949427201003006caf25bc6c84b138e6bb", "Title": "kernel: drm/bridge: adv7511: fix crash on irq during probe", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/bridge: adv7511: fix crash on irq during probe\n\nMoved IRQ registration down to end of adv7511_probe().\n\nIf an IRQ already is pending during adv7511_probe\n(before adv7511_cec_init) then cec_received_msg_ts\ncould crash using uninitialized data:\n\n Unable to handle kernel read from unreadable memory at virtual address 00000000000003d5\n Internal error: Oops: 96000004 [#1] PREEMPT_RT SMP\n Call trace:\n cec_received_msg_ts+0x48/0x990 [cec]\n adv7511_cec_irq_process+0x1cc/0x308 [adv7511]\n adv7511_irq_process+0xd8/0x120 [adv7511]\n adv7511_irq_handler+0x1c/0x30 [adv7511]\n irq_thread_fn+0x30/0xa0\n irq_thread+0x14c/0x238\n kthread+0x190/0x1a8", "Severity": "MEDIUM", "CweIDs": [ "CWE-908" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-26876", "https://git.kernel.org/linus/aeedaee5ef5468caf59e2bb1265c2116e0c9a924 (6.9-rc1)", "https://git.kernel.org/stable/c/28a94271bd50e4cf498df0381f776f8ea40a289e", "https://git.kernel.org/stable/c/50f4b57e9a9db4ede9294f39b9e75b5f26bae9b7", "https://git.kernel.org/stable/c/955c1252930677762e0db2b6b9e36938c887445c", "https://git.kernel.org/stable/c/aeedaee5ef5468caf59e2bb1265c2116e0c9a924", "https://lore.kernel.org/linux-cve-announce/2024041739-CVE-2024-26876-3948@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-26876", "https://ubuntu.com/security/notices/USN-6816-1", "https://ubuntu.com/security/notices/USN-6817-1", "https://ubuntu.com/security/notices/USN-6817-2", "https://ubuntu.com/security/notices/USN-6817-3", "https://ubuntu.com/security/notices/USN-6878-1", "https://www.cve.org/CVERecord?id=CVE-2024-26876" ], "PublishedDate": "2024-04-17T11:15:09.777Z", "LastModifiedDate": "2025-03-04T15:58:47.687Z" }, { "VulnerabilityID": "CVE-2024-26938", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26938", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:312286e903810d06d4b73a1838a1338dc99f0bf83fe9734b87ecb4a4def279a4", "Title": "kernel: drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode()\n\nIf we have no VBT, or the VBT didn't declare the encoder\nin question, we won't have the 'devdata' for the encoder.\nInstead of oopsing just bail early.\n\nWe won't be able to tell whether the port is DP++ or not,\nbut so be it.\n\n(cherry picked from commit 26410896206342c8a80d2b027923e9ee7d33b733)", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-26938", "https://git.kernel.org/linus/32e39bab59934bfd3f37097d4dd85ac5eb0fd549 (6.9-rc2)", "https://git.kernel.org/stable/c/32e39bab59934bfd3f37097d4dd85ac5eb0fd549", "https://git.kernel.org/stable/c/72e4d3fb72e9f0f016946158a7d95304832768e6", "https://git.kernel.org/stable/c/94cf2fb6feccd625e5b4e23e1b70f39a206f82ac", "https://git.kernel.org/stable/c/a891add409e3bc381f4f68c2ce9d953f1865cb1f", "https://git.kernel.org/stable/c/f4bbac954d8f9ab214ea1d4f385de4fa6bd92dd0", "https://linux.oracle.com/cve/CVE-2024-26938.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/2024050124-CVE-2024-26938-b3f9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-26938", "https://ubuntu.com/security/notices/USN-6816-1", "https://ubuntu.com/security/notices/USN-6817-1", "https://ubuntu.com/security/notices/USN-6817-2", "https://ubuntu.com/security/notices/USN-6817-3", "https://ubuntu.com/security/notices/USN-6878-1", "https://www.cve.org/CVERecord?id=CVE-2024-26938" ], "PublishedDate": "2024-05-01T06:15:09.077Z", "LastModifiedDate": "2026-01-05T11:16:32.117Z" }, { "VulnerabilityID": "CVE-2024-26948", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26948", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:846d2d41870cd2a6cb69b9755efe486bffdffaae36c7c391617a929e4468af22", "Title": "kernel: drm/amd/display: Add a dc_state NULL check in dc_state_release", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add a dc_state NULL check in dc_state_release\n\n[How]\nCheck wheather state is NULL before releasing it.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-26948", "https://git.kernel.org/linus/334b56cea5d9df5989be6cf1a5898114fa70ad98 (6.9-rc1)", "https://git.kernel.org/stable/c/334b56cea5d9df5989be6cf1a5898114fa70ad98", "https://git.kernel.org/stable/c/d37a08f840485995e3fb91dad95e441b9d28a269", "https://lore.kernel.org/linux-cve-announce/2024050126-CVE-2024-26948-43bb@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-26948", "https://ubuntu.com/security/notices/USN-6816-1", "https://ubuntu.com/security/notices/USN-6817-1", "https://ubuntu.com/security/notices/USN-6817-2", "https://ubuntu.com/security/notices/USN-6817-3", "https://ubuntu.com/security/notices/USN-6878-1", "https://www.cve.org/CVERecord?id=CVE-2024-26948" ], "PublishedDate": "2024-05-01T06:15:10.757Z", "LastModifiedDate": "2025-09-18T14:12:33.38Z" }, { "VulnerabilityID": "CVE-2024-26953", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26953", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7f2497f8f60ddaf2c26868d63328be8184c3728861e7414392e160948795729c", "Title": "kernel: net: esp: fix bad handling of pages from page_pool", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: esp: fix bad handling of pages from page_pool\n\nWhen the skb is reorganized during esp_output (!esp-\u003einline), the pages\ncoming from the original skb fragments are supposed to be released back\nto the system through put_page. But if the skb fragment pages are\noriginating from a page_pool, calling put_page on them will trigger a\npage_pool leak which will eventually result in a crash.\n\nThis leak can be easily observed when using CONFIG_DEBUG_VM and doing\nipsec + gre (non offloaded) forwarding:\n\n BUG: Bad page state in process ksoftirqd/16 pfn:1451b6\n page:00000000de2b8d32 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1451b6000 pfn:0x1451b6\n flags: 0x200000000000000(node=0|zone=2)\n page_type: 0xffffffff()\n raw: 0200000000000000 dead000000000040 ffff88810d23c000 0000000000000000\n raw: 00000001451b6000 0000000000000001 00000000ffffffff 0000000000000000\n page dumped because: page_pool leak\n Modules linked in: ip_gre gre mlx5_ib mlx5_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink iptable_nat nf_nat xt_addrtype br_netfilter rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm ib_uverbs ib_core overlay zram zsmalloc fuse [last unloaded: mlx5_core]\n CPU: 16 PID: 96 Comm: ksoftirqd/16 Not tainted 6.8.0-rc4+ #22\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x36/0x50\n bad_page+0x70/0xf0\n free_unref_page_prepare+0x27a/0x460\n free_unref_page+0x38/0x120\n esp_ssg_unref.isra.0+0x15f/0x200\n esp_output_tail+0x66d/0x780\n esp_xmit+0x2c5/0x360\n validate_xmit_xfrm+0x313/0x370\n ? validate_xmit_skb+0x1d/0x330\n validate_xmit_skb_list+0x4c/0x70\n sch_direct_xmit+0x23e/0x350\n __dev_queue_xmit+0x337/0xba0\n ? nf_hook_slow+0x3f/0xd0\n ip_finish_output2+0x25e/0x580\n iptunnel_xmit+0x19b/0x240\n ip_tunnel_xmit+0x5fb/0xb60\n ipgre_xmit+0x14d/0x280 [ip_gre]\n dev_hard_start_xmit+0xc3/0x1c0\n __dev_queue_xmit+0x208/0xba0\n ? nf_hook_slow+0x3f/0xd0\n ip_finish_output2+0x1ca/0x580\n ip_sublist_rcv_finish+0x32/0x40\n ip_sublist_rcv+0x1b2/0x1f0\n ? ip_rcv_finish_core.constprop.0+0x460/0x460\n ip_list_rcv+0x103/0x130\n __netif_receive_skb_list_core+0x181/0x1e0\n netif_receive_skb_list_internal+0x1b3/0x2c0\n napi_gro_receive+0xc8/0x200\n gro_cell_poll+0x52/0x90\n __napi_poll+0x25/0x1a0\n net_rx_action+0x28e/0x300\n __do_softirq+0xc3/0x276\n ? sort_range+0x20/0x20\n run_ksoftirqd+0x1e/0x30\n smpboot_thread_fn+0xa6/0x130\n kthread+0xcd/0x100\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x31/0x50\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e\n\nThe suggested fix is to introduce a new wrapper (skb_page_unref) that\ncovers page refcounting for page_pool pages as well.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-26953", "https://git.kernel.org/linus/c3198822c6cb9fb588e446540485669cc81c5d34 (6.9-rc1)", "https://git.kernel.org/stable/c/1abb20a5f4b02fb3020f88456fc1e6069b3cdc45", "https://git.kernel.org/stable/c/8291b4eac429c480386669444c6377573f5d8664", "https://git.kernel.org/stable/c/c3198822c6cb9fb588e446540485669cc81c5d34", "https://git.kernel.org/stable/c/f278ff9db67264715d0d50e3e75044f8b78990f4", "https://linux.oracle.com/cve/CVE-2024-26953.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/2024050128-CVE-2024-26953-8304@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-26953", "https://ubuntu.com/security/notices/USN-6816-1", "https://ubuntu.com/security/notices/USN-6817-1", "https://ubuntu.com/security/notices/USN-6817-2", "https://ubuntu.com/security/notices/USN-6817-3", "https://ubuntu.com/security/notices/USN-6878-1", "https://www.cve.org/CVERecord?id=CVE-2024-26953" ], "PublishedDate": "2024-05-01T06:15:11.457Z", "LastModifiedDate": "2025-09-18T14:12:16.61Z" }, { "VulnerabilityID": "CVE-2024-26954", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26954", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e02039b9551929c64f699d58b2f57503e3946f98947f55de3dbe9db10546688b", "Title": "kernel: ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16()\n\nIf -\u003eNameOffset of smb2_create_req is smaller than Buffer offset of\nsmb2_create_req, slab-out-of-bounds read can happen from smb2_open.\nThis patch set the minimum value of the name offset to the buffer offset\nto validate name length of smb2_create_req().", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "azure": 2, "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-26954", "https://git.kernel.org/linus/a80a486d72e20bd12c335bcd38b6e6f19356b0aa (6.9-rc1)", "https://git.kernel.org/stable/c/3b8da67191e938a63d2736dabb4ac5d337e5de57", "https://git.kernel.org/stable/c/4f97e6a9d62cb1fce82fbf4baff44b83221bc178", "https://git.kernel.org/stable/c/9e4937cbc150f9d5a9b5576e1922ef0b5ed2eb72", "https://git.kernel.org/stable/c/a80a486d72e20bd12c335bcd38b6e6f19356b0aa", "https://git.kernel.org/stable/c/d70c2e0904ab3715c5673fd45788a464a246d1db", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024050128-CVE-2024-26954-18d5@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-26954", "https://ubuntu.com/security/notices/USN-6816-1", "https://ubuntu.com/security/notices/USN-6817-1", "https://ubuntu.com/security/notices/USN-6817-2", "https://ubuntu.com/security/notices/USN-6817-3", "https://ubuntu.com/security/notices/USN-6878-1", "https://www.cve.org/CVERecord?id=CVE-2024-26954" ], "PublishedDate": "2024-05-01T06:15:11.583Z", "LastModifiedDate": "2025-11-03T22:16:48.297Z" }, { "VulnerabilityID": "CVE-2024-27002", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-27002", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6983ab3f7fccc5ab34b0b1f0afdb0f600cade2b91b67ec7b02d9764a3fbfa46a", "Title": "kernel: clk: mediatek: Do a runtime PM get on controllers during probe", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: mediatek: Do a runtime PM get on controllers during probe\n\nmt8183-mfgcfg has a mutual dependency with genpd during the probing\nstage, which leads to a deadlock in the following call stack:\n\nCPU0: genpd_lock --\u003e clk_prepare_lock\ngenpd_power_off_work_fn()\n genpd_lock()\n generic_pm_domain::power_off()\n clk_unprepare()\n clk_prepare_lock()\n\nCPU1: clk_prepare_lock --\u003e genpd_lock\nclk_register()\n __clk_core_init()\n clk_prepare_lock()\n clk_pm_runtime_get()\n genpd_lock()\n\nDo a runtime PM get at the probe function to make sure clk_register()\nwon't acquire the genpd lock. Instead of only modifying mt8183-mfgcfg,\ndo this on all mediatek clock controller probings because we don't\nbelieve this would cause any regression.\n\nVerified on MT8183 and MT8192 Chromebooks.", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "azure": 2, "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-27002", "https://git.kernel.org/linus/2f7b1d8b5505efb0057cd1ab85fca206063ea4c3 (6.9-rc5)", "https://git.kernel.org/stable/c/165d226472575b213dd90dfda19d1605dd7c19a8", "https://git.kernel.org/stable/c/2f7b1d8b5505efb0057cd1ab85fca206063ea4c3", "https://git.kernel.org/stable/c/b62ed25feb342eab052822eff0c554873799a4f5", "https://git.kernel.org/stable/c/c0dcd5c072e2a3fff886f673e6a5d9bf8090c4cc", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/", "https://lore.kernel.org/linux-cve-announce/2024050146-CVE-2024-27002-3b11@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-27002", "https://ubuntu.com/security/notices/USN-6893-1", "https://ubuntu.com/security/notices/USN-6893-2", "https://ubuntu.com/security/notices/USN-6893-3", "https://ubuntu.com/security/notices/USN-6918-1", "https://www.cve.org/CVERecord?id=CVE-2024-27002" ], "PublishedDate": "2024-05-01T06:15:18.437Z", "LastModifiedDate": "2025-11-04T18:16:09.517Z" }, { "VulnerabilityID": "CVE-2024-27005", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-27005", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:24fcf4da653d73ef588ad3c37f8d3848cb0cd7e1eac1ada41096a2545d11d79d", "Title": "kernel: interconnect: Don\u0026#39;t access req_list while it\u0026#39;s being manipulated", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ninterconnect: Don't access req_list while it's being manipulated\n\nThe icc_lock mutex was split into separate icc_lock and icc_bw_lock\nmutexes in [1] to avoid lockdep splats. However, this didn't adequately\nprotect access to icc_node::req_list.\n\nThe icc_set_bw() function will eventually iterate over req_list while\nonly holding icc_bw_lock, but req_list can be modified while only\nholding icc_lock. This causes races between icc_set_bw(), of_icc_get(),\nand icc_put().\n\nExample A:\n\n CPU0 CPU1\n ---- ----\n icc_set_bw(path_a)\n mutex_lock(\u0026icc_bw_lock);\n icc_put(path_b)\n mutex_lock(\u0026icc_lock);\n aggregate_requests()\n hlist_for_each_entry(r, ...\n hlist_del(...\n \u003cr = invalid pointer\u003e\n\nExample B:\n\n CPU0 CPU1\n ---- ----\n icc_set_bw(path_a)\n mutex_lock(\u0026icc_bw_lock);\n path_b = of_icc_get()\n of_icc_get_by_index()\n mutex_lock(\u0026icc_lock);\n path_find()\n path_init()\n aggregate_requests()\n hlist_for_each_entry(r, ...\n hlist_add_head(...\n \u003cr = invalid pointer\u003e\n\nFix this by ensuring icc_bw_lock is always held before manipulating\nicc_node::req_list. The additional places icc_bw_lock is held don't\nperform any memory allocations, so we should still be safe from the\noriginal lockdep splats that motivated the separate locks.\n\n[1] commit af42269c3523 (\"interconnect: Fix locking for runpm vs reclaim\")", "Severity": "MEDIUM", "CweIDs": [ "CWE-362", "CWE-667" ], "VendorSeverity": { "azure": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-27005", "https://git.kernel.org/linus/de1bf25b6d771abdb52d43546cf57ad775fb68a1 (6.9-rc5)", "https://git.kernel.org/stable/c/19ec82b3cad1abef2a929262b8c1528f4e0c192d", "https://git.kernel.org/stable/c/4c65507121ea8e0b47fae6d2049c8688390d46b6", "https://git.kernel.org/stable/c/d0d04efa2e367921654b5106cc5c05e3757c2b42", "https://git.kernel.org/stable/c/de1bf25b6d771abdb52d43546cf57ad775fb68a1", "https://git.kernel.org/stable/c/fe549d8e976300d0dd75bd904eb216bed8b145e0", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/", "https://lore.kernel.org/linux-cve-announce/2024050147-CVE-2024-27005-e630@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-27005", "https://ubuntu.com/security/notices/USN-6893-1", "https://ubuntu.com/security/notices/USN-6893-2", "https://ubuntu.com/security/notices/USN-6893-3", "https://ubuntu.com/security/notices/USN-6918-1", "https://www.cve.org/CVERecord?id=CVE-2024-27005" ], "PublishedDate": "2024-05-01T06:15:18.883Z", "LastModifiedDate": "2025-12-23T17:15:46.41Z" }, { "VulnerabilityID": "CVE-2024-27014", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-27014", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:133068e01325e94bc81d2002ff50fa2e599dad7efbbba0f7d85a7e10683466a7", "Title": "kernel: net/mlx5e: Prevent deadlock while disabling aRFS", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Prevent deadlock while disabling aRFS\n\nWhen disabling aRFS under the `priv-\u003estate_lock`, any scheduled\naRFS works are canceled using the `cancel_work_sync` function,\nwhich waits for the work to end if it has already started.\nHowever, while waiting for the work handler, the handler will\ntry to acquire the `state_lock` which is already acquired.\n\nThe worker acquires the lock to delete the rules if the state\nis down, which is not the worker's responsibility since\ndisabling aRFS deletes the rules.\n\nAdd an aRFS state variable, which indicates whether the aRFS is\nenabled and prevent adding rules when the aRFS is disabled.\n\nKernel log:\n\n======================================================\nWARNING: possible circular locking dependency detected\n6.7.0-rc4_net_next_mlx5_5483eb2 #1 Tainted: G I\n------------------------------------------------------\nethtool/386089 is trying to acquire lock:\nffff88810f21ce68 ((work_completion)(\u0026rule-\u003earfs_work)){+.+.}-{0:0}, at: __flush_work+0x74/0x4e0\n\nbut task is already holding lock:\nffff8884a1808cc0 (\u0026priv-\u003estate_lock){+.+.}-{3:3}, at: mlx5e_ethtool_set_channels+0x53/0x200 [mlx5_core]\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-\u003e #1 (\u0026priv-\u003estate_lock){+.+.}-{3:3}:\n __mutex_lock+0x80/0xc90\n arfs_handle_work+0x4b/0x3b0 [mlx5_core]\n process_one_work+0x1dc/0x4a0\n worker_thread+0x1bf/0x3c0\n kthread+0xd7/0x100\n ret_from_fork+0x2d/0x50\n ret_from_fork_asm+0x11/0x20\n\n-\u003e #0 ((work_completion)(\u0026rule-\u003earfs_work)){+.+.}-{0:0}:\n __lock_acquire+0x17b4/0x2c80\n lock_acquire+0xd0/0x2b0\n __flush_work+0x7a/0x4e0\n __cancel_work_timer+0x131/0x1c0\n arfs_del_rules+0x143/0x1e0 [mlx5_core]\n mlx5e_arfs_disable+0x1b/0x30 [mlx5_core]\n mlx5e_ethtool_set_channels+0xcb/0x200 [mlx5_core]\n ethnl_set_channels+0x28f/0x3b0\n ethnl_default_set_doit+0xec/0x240\n genl_family_rcv_msg_doit+0xd0/0x120\n genl_rcv_msg+0x188/0x2c0\n netlink_rcv_skb+0x54/0x100\n genl_rcv+0x24/0x40\n netlink_unicast+0x1a1/0x270\n netlink_sendmsg+0x214/0x460\n __sock_sendmsg+0x38/0x60\n __sys_sendto+0x113/0x170\n __x64_sys_sendto+0x20/0x30\n do_syscall_64+0x40/0xe0\n entry_SYSCALL_64_after_hwframe+0x46/0x4e\n\nother info that might help us debug this:\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(\u0026priv-\u003estate_lock);\n lock((work_completion)(\u0026rule-\u003earfs_work));\n lock(\u0026priv-\u003estate_lock);\n lock((work_completion)(\u0026rule-\u003earfs_work));\n\n *** DEADLOCK ***\n\n3 locks held by ethtool/386089:\n #0: ffffffff82ea7210 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40\n #1: ffffffff82e94c88 (rtnl_mutex){+.+.}-{3:3}, at: ethnl_default_set_doit+0xd3/0x240\n #2: ffff8884a1808cc0 (\u0026priv-\u003estate_lock){+.+.}-{3:3}, at: mlx5e_ethtool_set_channels+0x53/0x200 [mlx5_core]\n\nstack backtrace:\nCPU: 15 PID: 386089 Comm: ethtool Tainted: G I 6.7.0-rc4_net_next_mlx5_5483eb2 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x60/0xa0\n check_noncircular+0x144/0x160\n __lock_acquire+0x17b4/0x2c80\n lock_acquire+0xd0/0x2b0\n ? __flush_work+0x74/0x4e0\n ? save_trace+0x3e/0x360\n ? __flush_work+0x74/0x4e0\n __flush_work+0x7a/0x4e0\n ? __flush_work+0x74/0x4e0\n ? __lock_acquire+0xa78/0x2c80\n ? lock_acquire+0xd0/0x2b0\n ? mark_held_locks+0x49/0x70\n __cancel_work_timer+0x131/0x1c0\n ? mark_held_locks+0x49/0x70\n arfs_del_rules+0x143/0x1e0 [mlx5_core]\n mlx5e_arfs_disable+0x1b/0x30 [mlx5_core]\n mlx5e_ethtool_set_channels+0xcb/0x200 [mlx5_core]\n ethnl_set_channels+0x28f/0x3b0\n ethnl_default_set_doit+0xec/0x240\n genl_family_rcv_msg_doit+0xd0/0x120\n genl_rcv_msg+0x188/0x2c0\n ? ethn\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "alma": 2, "azure": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:3627", "https://access.redhat.com/security/cve/CVE-2024-27014", "https://bugzilla.redhat.com/2250843", "https://bugzilla.redhat.com/2257406", "https://bugzilla.redhat.com/2263875", "https://bugzilla.redhat.com/2265271", "https://bugzilla.redhat.com/2265646", "https://bugzilla.redhat.com/2265654", "https://bugzilla.redhat.com/2265833", "https://bugzilla.redhat.com/2266296", "https://bugzilla.redhat.com/2266446", "https://bugzilla.redhat.com/2266746", "https://bugzilla.redhat.com/2266841", "https://bugzilla.redhat.com/2267038", "https://bugzilla.redhat.com/2267185", "https://bugzilla.redhat.com/2267355", "https://bugzilla.redhat.com/2267509", "https://bugzilla.redhat.com/2267705", "https://bugzilla.redhat.com/2267724", "https://bugzilla.redhat.com/2267758", "https://bugzilla.redhat.com/2267789", "https://bugzilla.redhat.com/2267797", "https://bugzilla.redhat.com/2267804", "https://bugzilla.redhat.com/2268315", "https://bugzilla.redhat.com/2268317", "https://bugzilla.redhat.com/2269213", "https://bugzilla.redhat.com/2269856", "https://bugzilla.redhat.com/2270080", "https://bugzilla.redhat.com/2270879", "https://bugzilla.redhat.com/2270881", "https://bugzilla.redhat.com/2271469", "https://bugzilla.redhat.com/2271476", "https://bugzilla.redhat.com/2272780", "https://bugzilla.redhat.com/2272791", "https://bugzilla.redhat.com/2273092", "https://bugzilla.redhat.com/2273094", "https://bugzilla.redhat.com/2273223", "https://bugzilla.redhat.com/2273260", "https://bugzilla.redhat.com/2273262", "https://bugzilla.redhat.com/2274624", "https://bugzilla.redhat.com/2275645", "https://bugzilla.redhat.com/2275655", "https://bugzilla.redhat.com/2275666", "https://bugzilla.redhat.com/2275707", "https://bugzilla.redhat.com/2275777", "https://bugzilla.redhat.com/2278169", "https://bugzilla.redhat.com/2278237", "https://bugzilla.redhat.com/2278240", "https://bugzilla.redhat.com/2278268", "https://bugzilla.redhat.com/2278314", "https://bugzilla.redhat.com/2278356", "https://bugzilla.redhat.com/2278398", "https://bugzilla.redhat.com/2278409", "https://bugzilla.redhat.com/2278417", "https://bugzilla.redhat.com/2278431", "https://bugzilla.redhat.com/show_bug.cgi?id=2250843", "https://bugzilla.redhat.com/show_bug.cgi?id=2257406", "https://bugzilla.redhat.com/show_bug.cgi?id=2263875", "https://bugzilla.redhat.com/show_bug.cgi?id=2265271", "https://bugzilla.redhat.com/show_bug.cgi?id=2265646", "https://bugzilla.redhat.com/show_bug.cgi?id=2265654", "https://bugzilla.redhat.com/show_bug.cgi?id=2265833", "https://bugzilla.redhat.com/show_bug.cgi?id=2266296", "https://bugzilla.redhat.com/show_bug.cgi?id=2266446", "https://bugzilla.redhat.com/show_bug.cgi?id=2266746", "https://bugzilla.redhat.com/show_bug.cgi?id=2266841", "https://bugzilla.redhat.com/show_bug.cgi?id=2267038", "https://bugzilla.redhat.com/show_bug.cgi?id=2267185", "https://bugzilla.redhat.com/show_bug.cgi?id=2267355", "https://bugzilla.redhat.com/show_bug.cgi?id=2267509", "https://bugzilla.redhat.com/show_bug.cgi?id=2267705", "https://bugzilla.redhat.com/show_bug.cgi?id=2267724", "https://bugzilla.redhat.com/show_bug.cgi?id=2267758", "https://bugzilla.redhat.com/show_bug.cgi?id=2267789", "https://bugzilla.redhat.com/show_bug.cgi?id=2267797", "https://bugzilla.redhat.com/show_bug.cgi?id=2267804", "https://bugzilla.redhat.com/show_bug.cgi?id=2268291", "https://bugzilla.redhat.com/show_bug.cgi?id=2268293", "https://bugzilla.redhat.com/show_bug.cgi?id=2268309", "https://bugzilla.redhat.com/show_bug.cgi?id=2268315", "https://bugzilla.redhat.com/show_bug.cgi?id=2268317", "https://bugzilla.redhat.com/show_bug.cgi?id=2269213", "https://bugzilla.redhat.com/show_bug.cgi?id=2269856", "https://bugzilla.redhat.com/show_bug.cgi?id=2270080", "https://bugzilla.redhat.com/show_bug.cgi?id=2270879", "https://bugzilla.redhat.com/show_bug.cgi?id=2270881", "https://bugzilla.redhat.com/show_bug.cgi?id=2271469", "https://bugzilla.redhat.com/show_bug.cgi?id=2271476", "https://bugzilla.redhat.com/show_bug.cgi?id=2272780", "https://bugzilla.redhat.com/show_bug.cgi?id=2272791", "https://bugzilla.redhat.com/show_bug.cgi?id=2273092", "https://bugzilla.redhat.com/show_bug.cgi?id=2273094", "https://bugzilla.redhat.com/show_bug.cgi?id=2273223", "https://bugzilla.redhat.com/show_bug.cgi?id=2273260", "https://bugzilla.redhat.com/show_bug.cgi?id=2273262", "https://bugzilla.redhat.com/show_bug.cgi?id=2274624", "https://bugzilla.redhat.com/show_bug.cgi?id=2275645", "https://bugzilla.redhat.com/show_bug.cgi?id=2275655", "https://bugzilla.redhat.com/show_bug.cgi?id=2275666", "https://bugzilla.redhat.com/show_bug.cgi?id=2275707", "https://bugzilla.redhat.com/show_bug.cgi?id=2275777", "https://bugzilla.redhat.com/show_bug.cgi?id=2278169", "https://bugzilla.redhat.com/show_bug.cgi?id=2278237", "https://bugzilla.redhat.com/show_bug.cgi?id=2278240", "https://bugzilla.redhat.com/show_bug.cgi?id=2278268", "https://bugzilla.redhat.com/show_bug.cgi?id=2278314", "https://bugzilla.redhat.com/show_bug.cgi?id=2278356", "https://bugzilla.redhat.com/show_bug.cgi?id=2278398", "https://bugzilla.redhat.com/show_bug.cgi?id=2278409", "https://bugzilla.redhat.com/show_bug.cgi?id=2278417", "https://bugzilla.redhat.com/show_bug.cgi?id=2278431", "https://bugzilla.redhat.com/show_bug.cgi?id=2278537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25162", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36777", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46934", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47013", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47055", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47118", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47153", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47171", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47185", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48627", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48669", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52439", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52445", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52477", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52513", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52520", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52528", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52565", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52578", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52594", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52595", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52598", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52606", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52607", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52610", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6240", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0340", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23307", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25744", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26593", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26603", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26610", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26615", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26643", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26659", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26664", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26693", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26694", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26743", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26744", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26779", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26872", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26892", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26897", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26901", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26919", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26933", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26934", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26964", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26973", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26993", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27048", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27052", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27059", "https://errata.almalinux.org/8/ALSA-2024-3627.html", "https://errata.rockylinux.org/RLSA-2024:3618", "https://git.kernel.org/linus/fef965764cf562f28afb997b626fc7c3cec99693 (6.9-rc5)", "https://git.kernel.org/stable/c/0080bf99499468030248ebd25dd645e487dcecdc", "https://git.kernel.org/stable/c/46efa4d5930cf3c2af8c01f75e0a47e4fc045e3b", "https://git.kernel.org/stable/c/48c4bb81df19402d4346032353d0795260255e3b", "https://git.kernel.org/stable/c/fef965764cf562f28afb997b626fc7c3cec99693", "https://linux.oracle.com/cve/CVE-2024-27014.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/", "https://lore.kernel.org/linux-cve-announce/2024050149-CVE-2024-27014-d2dc@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-27014", "https://ubuntu.com/security/notices/USN-6893-1", "https://ubuntu.com/security/notices/USN-6893-2", "https://ubuntu.com/security/notices/USN-6893-3", "https://ubuntu.com/security/notices/USN-6918-1", "https://www.cve.org/CVERecord?id=CVE-2024-27014" ], "PublishedDate": "2024-05-01T06:15:20.063Z", "LastModifiedDate": "2025-11-04T18:16:11.173Z" }, { "VulnerabilityID": "CVE-2024-27025", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-27025", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0b0983b96f5b11a6105924236063e4a6102df8239ae12bdcbad4335bf1613cfc", "Title": "kernel: nbd: null check for nla_nest_start", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: null check for nla_nest_start\n\nnla_nest_start() may fail and return NULL. Insert a check and set errno\nbased on other call sites within the same source code.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 3, "amazon": 3, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 1, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:5102", "https://access.redhat.com/security/cve/CVE-2024-27025", "https://bugzilla.redhat.com/2263879", "https://bugzilla.redhat.com/2265645", "https://bugzilla.redhat.com/2265797", "https://bugzilla.redhat.com/2266341", "https://bugzilla.redhat.com/2266347", "https://bugzilla.redhat.com/2266497", "https://bugzilla.redhat.com/2267787", "https://bugzilla.redhat.com/2268118", "https://bugzilla.redhat.com/2269070", "https://bugzilla.redhat.com/2269211", "https://bugzilla.redhat.com/2270084", "https://bugzilla.redhat.com/2270100", "https://bugzilla.redhat.com/2271686", "https://bugzilla.redhat.com/2271688", "https://bugzilla.redhat.com/2272782", "https://bugzilla.redhat.com/2272795", "https://bugzilla.redhat.com/2273109", "https://bugzilla.redhat.com/2273174", "https://bugzilla.redhat.com/2273236", "https://bugzilla.redhat.com/2273242", "https://bugzilla.redhat.com/2273247", "https://bugzilla.redhat.com/2273268", "https://bugzilla.redhat.com/2273427", "https://bugzilla.redhat.com/2273654", "https://bugzilla.redhat.com/2275565", "https://bugzilla.redhat.com/2275573", "https://bugzilla.redhat.com/2275580", "https://bugzilla.redhat.com/2275694", "https://bugzilla.redhat.com/2275711", "https://bugzilla.redhat.com/2275748", "https://bugzilla.redhat.com/2275761", "https://bugzilla.redhat.com/2275928", "https://bugzilla.redhat.com/2277166", "https://bugzilla.redhat.com/2277238", "https://bugzilla.redhat.com/2277840", "https://bugzilla.redhat.com/2278176", "https://bugzilla.redhat.com/2278178", "https://bugzilla.redhat.com/2278182", "https://bugzilla.redhat.com/2278218", "https://bugzilla.redhat.com/2278256", "https://bugzilla.redhat.com/2278258", "https://bugzilla.redhat.com/2278277", "https://bugzilla.redhat.com/2278279", "https://bugzilla.redhat.com/2278380", "https://bugzilla.redhat.com/2278484", "https://bugzilla.redhat.com/2278515", "https://bugzilla.redhat.com/2278535", "https://bugzilla.redhat.com/2278539", "https://bugzilla.redhat.com/2278989", "https://bugzilla.redhat.com/2280440", "https://bugzilla.redhat.com/2281054", "https://bugzilla.redhat.com/2281133", "https://bugzilla.redhat.com/2281149", "https://bugzilla.redhat.com/2281207", "https://bugzilla.redhat.com/2281215", "https://bugzilla.redhat.com/2281221", "https://bugzilla.redhat.com/2281235", "https://bugzilla.redhat.com/2281268", "https://bugzilla.redhat.com/2281326", "https://bugzilla.redhat.com/2281360", "https://bugzilla.redhat.com/2281510", "https://bugzilla.redhat.com/2281519", "https://bugzilla.redhat.com/2281636", "https://bugzilla.redhat.com/2281641", "https://bugzilla.redhat.com/2281664", "https://bugzilla.redhat.com/2281667", "https://bugzilla.redhat.com/2281672", "https://bugzilla.redhat.com/2281675", "https://bugzilla.redhat.com/2281682", "https://bugzilla.redhat.com/2281725", "https://bugzilla.redhat.com/2281752", "https://bugzilla.redhat.com/2281758", "https://bugzilla.redhat.com/2281819", "https://bugzilla.redhat.com/2281821", "https://bugzilla.redhat.com/2281833", "https://bugzilla.redhat.com/2281938", "https://bugzilla.redhat.com/2281949", "https://bugzilla.redhat.com/2281968", "https://bugzilla.redhat.com/2281989", "https://bugzilla.redhat.com/2282328", "https://bugzilla.redhat.com/2282373", "https://bugzilla.redhat.com/2282479", "https://bugzilla.redhat.com/2282553", "https://bugzilla.redhat.com/2282615", "https://bugzilla.redhat.com/2282623", "https://bugzilla.redhat.com/2282640", "https://bugzilla.redhat.com/2282642", "https://bugzilla.redhat.com/2282645", "https://bugzilla.redhat.com/2282717", "https://bugzilla.redhat.com/2282719", "https://bugzilla.redhat.com/2282727", "https://bugzilla.redhat.com/2282742", "https://bugzilla.redhat.com/2282743", "https://bugzilla.redhat.com/2282744", "https://bugzilla.redhat.com/2282759", "https://bugzilla.redhat.com/2282763", "https://bugzilla.redhat.com/2282766", "https://bugzilla.redhat.com/2282772", "https://bugzilla.redhat.com/2282780", "https://bugzilla.redhat.com/2282887", "https://bugzilla.redhat.com/2282896", "https://bugzilla.redhat.com/2282923", "https://bugzilla.redhat.com/2282925", "https://bugzilla.redhat.com/2282950", "https://bugzilla.redhat.com/2283401", "https://bugzilla.redhat.com/2283894", "https://bugzilla.redhat.com/2284400", "https://bugzilla.redhat.com/2284417", "https://bugzilla.redhat.com/2284421", "https://bugzilla.redhat.com/2284474", "https://bugzilla.redhat.com/2284477", "https://bugzilla.redhat.com/2284488", "https://bugzilla.redhat.com/2284496", "https://bugzilla.redhat.com/2284500", "https://bugzilla.redhat.com/2284513", "https://bugzilla.redhat.com/2284519", "https://bugzilla.redhat.com/2284539", "https://bugzilla.redhat.com/2284541", "https://bugzilla.redhat.com/2284556", "https://bugzilla.redhat.com/2284571", "https://bugzilla.redhat.com/2284590", "https://bugzilla.redhat.com/2284625", "https://bugzilla.redhat.com/2290408", "https://bugzilla.redhat.com/2292331", "https://bugzilla.redhat.com/2293078", "https://bugzilla.redhat.com/2293250", "https://bugzilla.redhat.com/2293276", "https://bugzilla.redhat.com/2293312", "https://bugzilla.redhat.com/2293316", "https://bugzilla.redhat.com/2293348", "https://bugzilla.redhat.com/2293371", "https://bugzilla.redhat.com/2293383", "https://bugzilla.redhat.com/2293418", "https://bugzilla.redhat.com/2293420", "https://bugzilla.redhat.com/2293444", "https://bugzilla.redhat.com/2293461", "https://bugzilla.redhat.com/2293653", "https://bugzilla.redhat.com/2293657", "https://bugzilla.redhat.com/2293684", "https://bugzilla.redhat.com/2293687", "https://bugzilla.redhat.com/2293700", "https://bugzilla.redhat.com/2293711", "https://bugzilla.redhat.com/2294274", "https://bugzilla.redhat.com/2295914", "https://bugzilla.redhat.com/2296067", "https://bugzilla.redhat.com/2297056", "https://bugzilla.redhat.com/2297474", "https://bugzilla.redhat.com/2297511", "https://bugzilla.redhat.com/2298108", "https://bugzilla.redhat.com/show_bug.cgi?id=2263879", "https://bugzilla.redhat.com/show_bug.cgi?id=2265645", "https://bugzilla.redhat.com/show_bug.cgi?id=2265650", "https://bugzilla.redhat.com/show_bug.cgi?id=2265797", "https://bugzilla.redhat.com/show_bug.cgi?id=2266341", "https://bugzilla.redhat.com/show_bug.cgi?id=2266347", "https://bugzilla.redhat.com/show_bug.cgi?id=2266497", "https://bugzilla.redhat.com/show_bug.cgi?id=2266594", "https://bugzilla.redhat.com/show_bug.cgi?id=2267787", "https://bugzilla.redhat.com/show_bug.cgi?id=2268118", "https://bugzilla.redhat.com/show_bug.cgi?id=2269070", "https://bugzilla.redhat.com/show_bug.cgi?id=2269211", "https://bugzilla.redhat.com/show_bug.cgi?id=2270084", "https://bugzilla.redhat.com/show_bug.cgi?id=2270100", "https://bugzilla.redhat.com/show_bug.cgi?id=2270700", "https://bugzilla.redhat.com/show_bug.cgi?id=2271686", "https://bugzilla.redhat.com/show_bug.cgi?id=2271688", "https://bugzilla.redhat.com/show_bug.cgi?id=2272782", "https://bugzilla.redhat.com/show_bug.cgi?id=2272795", "https://bugzilla.redhat.com/show_bug.cgi?id=2273109", "https://bugzilla.redhat.com/show_bug.cgi?id=2273117", "https://bugzilla.redhat.com/show_bug.cgi?id=2273174", "https://bugzilla.redhat.com/show_bug.cgi?id=2273236", "https://bugzilla.redhat.com/show_bug.cgi?id=2273242", "https://bugzilla.redhat.com/show_bug.cgi?id=2273247", "https://bugzilla.redhat.com/show_bug.cgi?id=2273268", "https://bugzilla.redhat.com/show_bug.cgi?id=2273427", "https://bugzilla.redhat.com/show_bug.cgi?id=2273654", "https://bugzilla.redhat.com/show_bug.cgi?id=2275565", "https://bugzilla.redhat.com/show_bug.cgi?id=2275573", "https://bugzilla.redhat.com/show_bug.cgi?id=2275580", "https://bugzilla.redhat.com/show_bug.cgi?id=2275694", "https://bugzilla.redhat.com/show_bug.cgi?id=2275711", "https://bugzilla.redhat.com/show_bug.cgi?id=2275744", "https://bugzilla.redhat.com/show_bug.cgi?id=2275748", "https://bugzilla.redhat.com/show_bug.cgi?id=2275761", "https://bugzilla.redhat.com/show_bug.cgi?id=2275928", "https://bugzilla.redhat.com/show_bug.cgi?id=2277166", "https://bugzilla.redhat.com/show_bug.cgi?id=2277238", "https://bugzilla.redhat.com/show_bug.cgi?id=2277840", "https://bugzilla.redhat.com/show_bug.cgi?id=2278176", "https://bugzilla.redhat.com/show_bug.cgi?id=2278178", "https://bugzilla.redhat.com/show_bug.cgi?id=2278182", "https://bugzilla.redhat.com/show_bug.cgi?id=2278218", "https://bugzilla.redhat.com/show_bug.cgi?id=2278256", "https://bugzilla.redhat.com/show_bug.cgi?id=2278258", "https://bugzilla.redhat.com/show_bug.cgi?id=2278277", "https://bugzilla.redhat.com/show_bug.cgi?id=2278279", "https://bugzilla.redhat.com/show_bug.cgi?id=2278380", "https://bugzilla.redhat.com/show_bug.cgi?id=2278484", "https://bugzilla.redhat.com/show_bug.cgi?id=2278515", "https://bugzilla.redhat.com/show_bug.cgi?id=2278535", "https://bugzilla.redhat.com/show_bug.cgi?id=2278539", "https://bugzilla.redhat.com/show_bug.cgi?id=2278989", "https://bugzilla.redhat.com/show_bug.cgi?id=2280440", "https://bugzilla.redhat.com/show_bug.cgi?id=2281054", "https://bugzilla.redhat.com/show_bug.cgi?id=2281133", "https://bugzilla.redhat.com/show_bug.cgi?id=2281149", "https://bugzilla.redhat.com/show_bug.cgi?id=2281189", "https://bugzilla.redhat.com/show_bug.cgi?id=2281190", "https://bugzilla.redhat.com/show_bug.cgi?id=2281207", "https://bugzilla.redhat.com/show_bug.cgi?id=2281215", "https://bugzilla.redhat.com/show_bug.cgi?id=2281221", "https://bugzilla.redhat.com/show_bug.cgi?id=2281235", "https://bugzilla.redhat.com/show_bug.cgi?id=2281268", "https://bugzilla.redhat.com/show_bug.cgi?id=2281326", "https://bugzilla.redhat.com/show_bug.cgi?id=2281360", "https://bugzilla.redhat.com/show_bug.cgi?id=2281510", "https://bugzilla.redhat.com/show_bug.cgi?id=2281519", "https://bugzilla.redhat.com/show_bug.cgi?id=2281636", "https://bugzilla.redhat.com/show_bug.cgi?id=2281641", "https://bugzilla.redhat.com/show_bug.cgi?id=2281664", "https://bugzilla.redhat.com/show_bug.cgi?id=2281667", "https://bugzilla.redhat.com/show_bug.cgi?id=2281672", "https://bugzilla.redhat.com/show_bug.cgi?id=2281675", "https://bugzilla.redhat.com/show_bug.cgi?id=2281682", "https://bugzilla.redhat.com/show_bug.cgi?id=2281725", "https://bugzilla.redhat.com/show_bug.cgi?id=2281752", "https://bugzilla.redhat.com/show_bug.cgi?id=2281758", "https://bugzilla.redhat.com/show_bug.cgi?id=2281819", "https://bugzilla.redhat.com/show_bug.cgi?id=2281821", "https://bugzilla.redhat.com/show_bug.cgi?id=2281833", "https://bugzilla.redhat.com/show_bug.cgi?id=2281938", "https://bugzilla.redhat.com/show_bug.cgi?id=2281949", "https://bugzilla.redhat.com/show_bug.cgi?id=2281968", "https://bugzilla.redhat.com/show_bug.cgi?id=2281989", "https://bugzilla.redhat.com/show_bug.cgi?id=2282328", "https://bugzilla.redhat.com/show_bug.cgi?id=2282373", "https://bugzilla.redhat.com/show_bug.cgi?id=2282479", "https://bugzilla.redhat.com/show_bug.cgi?id=2282553", "https://bugzilla.redhat.com/show_bug.cgi?id=2282615", "https://bugzilla.redhat.com/show_bug.cgi?id=2282623", "https://bugzilla.redhat.com/show_bug.cgi?id=2282640", "https://bugzilla.redhat.com/show_bug.cgi?id=2282642", "https://bugzilla.redhat.com/show_bug.cgi?id=2282645", "https://bugzilla.redhat.com/show_bug.cgi?id=2282690", "https://bugzilla.redhat.com/show_bug.cgi?id=2282717", "https://bugzilla.redhat.com/show_bug.cgi?id=2282719", "https://bugzilla.redhat.com/show_bug.cgi?id=2282727", "https://bugzilla.redhat.com/show_bug.cgi?id=2282742", "https://bugzilla.redhat.com/show_bug.cgi?id=2282743", "https://bugzilla.redhat.com/show_bug.cgi?id=2282744", "https://bugzilla.redhat.com/show_bug.cgi?id=2282759", "https://bugzilla.redhat.com/show_bug.cgi?id=2282763", "https://bugzilla.redhat.com/show_bug.cgi?id=2282766", "https://bugzilla.redhat.com/show_bug.cgi?id=2282772", "https://bugzilla.redhat.com/show_bug.cgi?id=2282780", "https://bugzilla.redhat.com/show_bug.cgi?id=2282887", "https://bugzilla.redhat.com/show_bug.cgi?id=2282896", "https://bugzilla.redhat.com/show_bug.cgi?id=2282923", "https://bugzilla.redhat.com/show_bug.cgi?id=2282925", "https://bugzilla.redhat.com/show_bug.cgi?id=2282950", "https://bugzilla.redhat.com/show_bug.cgi?id=2283401", "https://bugzilla.redhat.com/show_bug.cgi?id=2283894", "https://bugzilla.redhat.com/show_bug.cgi?id=2284400", "https://bugzilla.redhat.com/show_bug.cgi?id=2284417", "https://bugzilla.redhat.com/show_bug.cgi?id=2284421", "https://bugzilla.redhat.com/show_bug.cgi?id=2284465", "https://bugzilla.redhat.com/show_bug.cgi?id=2284474", "https://bugzilla.redhat.com/show_bug.cgi?id=2284477", "https://bugzilla.redhat.com/show_bug.cgi?id=2284488", "https://bugzilla.redhat.com/show_bug.cgi?id=2284496", "https://bugzilla.redhat.com/show_bug.cgi?id=2284500", "https://bugzilla.redhat.com/show_bug.cgi?id=2284513", "https://bugzilla.redhat.com/show_bug.cgi?id=2284519", "https://bugzilla.redhat.com/show_bug.cgi?id=2284539", "https://bugzilla.redhat.com/show_bug.cgi?id=2284541", "https://bugzilla.redhat.com/show_bug.cgi?id=2284556", "https://bugzilla.redhat.com/show_bug.cgi?id=2284571", "https://bugzilla.redhat.com/show_bug.cgi?id=2284590", "https://bugzilla.redhat.com/show_bug.cgi?id=2284625", "https://bugzilla.redhat.com/show_bug.cgi?id=2290408", "https://bugzilla.redhat.com/show_bug.cgi?id=2292331", "https://bugzilla.redhat.com/show_bug.cgi?id=2293078", "https://bugzilla.redhat.com/show_bug.cgi?id=2293250", "https://bugzilla.redhat.com/show_bug.cgi?id=2293276", "https://bugzilla.redhat.com/show_bug.cgi?id=2293312", "https://bugzilla.redhat.com/show_bug.cgi?id=2293316", "https://bugzilla.redhat.com/show_bug.cgi?id=2293348", "https://bugzilla.redhat.com/show_bug.cgi?id=2293367", "https://bugzilla.redhat.com/show_bug.cgi?id=2293371", "https://bugzilla.redhat.com/show_bug.cgi?id=2293383", "https://bugzilla.redhat.com/show_bug.cgi?id=2293418", "https://bugzilla.redhat.com/show_bug.cgi?id=2293420", "https://bugzilla.redhat.com/show_bug.cgi?id=2293444", "https://bugzilla.redhat.com/show_bug.cgi?id=2293461", "https://bugzilla.redhat.com/show_bug.cgi?id=2293653", "https://bugzilla.redhat.com/show_bug.cgi?id=2293657", "https://bugzilla.redhat.com/show_bug.cgi?id=2293684", "https://bugzilla.redhat.com/show_bug.cgi?id=2293687", "https://bugzilla.redhat.com/show_bug.cgi?id=2293700", "https://bugzilla.redhat.com/show_bug.cgi?id=2293711", "https://bugzilla.redhat.com/show_bug.cgi?id=2294274", "https://bugzilla.redhat.com/show_bug.cgi?id=2295914", "https://bugzilla.redhat.com/show_bug.cgi?id=2296067", "https://bugzilla.redhat.com/show_bug.cgi?id=2297056", "https://bugzilla.redhat.com/show_bug.cgi?id=2297474", "https://bugzilla.redhat.com/show_bug.cgi?id=2297558", "https://bugzilla.redhat.com/show_bug.cgi?id=2298108", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974", "https://errata.almalinux.org/8/ALSA-2024-5102.html", "https://errata.rockylinux.org/RLSA-2024:5101", "https://git.kernel.org/linus/31edf4bbe0ba27fd03ac7d87eb2ee3d2a231af6d (6.9-rc1)", "https://git.kernel.org/stable/c/31edf4bbe0ba27fd03ac7d87eb2ee3d2a231af6d", "https://git.kernel.org/stable/c/44214d744be32a4769faebba764510888f1eb19e", "https://git.kernel.org/stable/c/4af837db0fd3679fabc7b7758397090b0c06dced", "https://git.kernel.org/stable/c/96436365e5d80d0106ea785a4f80a58e7c9edff8", "https://git.kernel.org/stable/c/98e60b538e66c90b9a856828c71d4e975ebfa797", "https://git.kernel.org/stable/c/b7f5aed55829f376e4f7e5ea5b80ccdcb023e983", "https://git.kernel.org/stable/c/ba6a9970ce9e284cbc04099361c58731e308596a", "https://git.kernel.org/stable/c/e803040b368d046434fbc8a91945c690332c4fcf", "https://linux.oracle.com/cve/CVE-2024-27025.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "https://lore.kernel.org/linux-cve-announce/2024050107-CVE-2024-27025-babd@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-27025", "https://www.cve.org/CVERecord?id=CVE-2024-27025" ], "PublishedDate": "2024-05-01T13:15:48.89Z", "LastModifiedDate": "2024-12-23T19:24:12.37Z" }, { "VulnerabilityID": "CVE-2024-27032", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-27032", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8ca5fd9e02f03e683b348b517748eb8423c20c2025a373ec044bad1f1c698203", "Title": "kernel: f2fs: fix to avoid potential panic during recovery", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid potential panic during recovery\n\nDuring recovery, if FAULT_BLOCK is on, it is possible that\nf2fs_reserve_new_block() will return -ENOSPC during recovery,\nthen it may trigger panic.\n\nAlso, if fault injection rate is 1 and only FAULT_BLOCK fault\ntype is on, it may encounter deadloop in loop of block reservation.\n\nLet's change as below to fix these issues:\n- remove bug_on() to avoid panic.\n- limit the loop count of block reservation to avoid potential\ndeadloop.", "Severity": "MEDIUM", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-27032", "https://git.kernel.org/linus/21ec68234826b1b54ab980a8df6e33c74cfbee58 (6.9-rc1)", "https://git.kernel.org/stable/c/21ec68234826b1b54ab980a8df6e33c74cfbee58", "https://git.kernel.org/stable/c/8844b2f8a3f0c428b74672f9726f9950b1a7764c", "https://git.kernel.org/stable/c/d034810d02a5af8eb74debe29877dcaf5f00fdd1", "https://git.kernel.org/stable/c/f26091a981318b5b7451d61f99bc073a6af8db67", "https://git.kernel.org/stable/c/fe4de493572a4263554903bf9c3afc5c196e15f0", "https://lore.kernel.org/linux-cve-announce/2024050111-CVE-2024-27032-97a9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-27032", "https://ubuntu.com/security/notices/USN-6816-1", "https://ubuntu.com/security/notices/USN-6817-1", "https://ubuntu.com/security/notices/USN-6817-2", "https://ubuntu.com/security/notices/USN-6817-3", "https://ubuntu.com/security/notices/USN-6878-1", "https://www.cve.org/CVERecord?id=CVE-2024-27032" ], "PublishedDate": "2024-05-01T13:15:49.23Z", "LastModifiedDate": "2025-04-08T18:41:55.58Z" }, { "VulnerabilityID": "CVE-2024-27035", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-27035", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f020069ca376ea5ec770faa1221ca2d10aa64eea607296ff63a46bf3166537d4", "Title": "kernel: f2fs: compress: fix to guarantee persisting compressed blocks by CP", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: compress: fix to guarantee persisting compressed blocks by CP\n\nIf data block in compressed cluster is not persisted with metadata\nduring checkpoint, after SPOR, the data may be corrupted, let's\nguarantee to write compressed page by checkpoint.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-27035", "https://git.kernel.org/linus/8a430dd49e9cb021372b0ad91e60aeef9c6ced00 (6.9-rc1)", "https://git.kernel.org/stable/c/57e8b17d0522c8f4daf0c4d9969b4d7358033532", "https://git.kernel.org/stable/c/82704e598d7b33c7e45526e34d3c585426319bed", "https://git.kernel.org/stable/c/8a430dd49e9cb021372b0ad91e60aeef9c6ced00", "https://git.kernel.org/stable/c/c3311694b9bcced233548574d414c91d39214684", "https://git.kernel.org/stable/c/e54cce8137258a550b49cae45d09e024821fb28d", "https://lore.kernel.org/linux-cve-announce/2024050111-CVE-2024-27035-1628@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-27035", "https://ubuntu.com/security/notices/USN-6816-1", "https://ubuntu.com/security/notices/USN-6817-1", "https://ubuntu.com/security/notices/USN-6817-2", "https://ubuntu.com/security/notices/USN-6817-3", "https://ubuntu.com/security/notices/USN-6878-1", "https://www.cve.org/CVERecord?id=CVE-2024-27035" ], "PublishedDate": "2024-05-01T13:15:49.36Z", "LastModifiedDate": "2025-09-18T14:45:10.753Z" }, { "VulnerabilityID": "CVE-2024-27041", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-27041", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7ca5d25fdccb1fd129ec1a9d4ee7b11ead705d2c864999314aab38eb54ac01e9", "Title": "kernel: drm/amd/display: fix NULL checks for adev-\u0026gt;dm.dc in amdgpu_dm_fini()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix NULL checks for adev-\u003edm.dc in amdgpu_dm_fini()\n\nSince 'adev-\u003edm.dc' in amdgpu_dm_fini() might turn out to be NULL\nbefore the call to dc_enable_dmub_notifications(), check\nbeforehand to ensure there will not be a possible NULL-ptr-deref\nthere.\n\nAlso, since commit 1e88eb1b2c25 (\"drm/amd/display: Drop\nCONFIG_DRM_AMD_DC_HDCP\") there are two separate checks for NULL in\n'adev-\u003edm.dc' before dc_deinit_callbacks() and dc_dmub_srv_destroy().\nClean up by combining them all under one 'if'.\n\nFound by Linux Verification Center (linuxtesting.org) with static\nanalysis tool SVACE.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-27041", "https://git.kernel.org/linus/2a3cfb9a24a28da9cc13d2c525a76548865e182c (6.9-rc1)", "https://git.kernel.org/stable/c/1c62697e4086de988b31124fb8c79c244ea05f2b", "https://git.kernel.org/stable/c/2a3cfb9a24a28da9cc13d2c525a76548865e182c", "https://git.kernel.org/stable/c/ca2eb375db76fd50f31afdd67d6ca4f833254957", "https://git.kernel.org/stable/c/e040f1fbe9abae91b12b074cfc3bbb5367b79811", "https://lore.kernel.org/linux-cve-announce/2024050112-CVE-2024-27041-7bf4@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-27041", "https://ubuntu.com/security/notices/USN-6816-1", "https://ubuntu.com/security/notices/USN-6817-1", "https://ubuntu.com/security/notices/USN-6817-2", "https://ubuntu.com/security/notices/USN-6817-3", "https://ubuntu.com/security/notices/USN-6878-1", "https://www.cve.org/CVERecord?id=CVE-2024-27041" ], "PublishedDate": "2024-05-01T13:15:49.647Z", "LastModifiedDate": "2025-04-08T18:38:51.473Z" }, { "VulnerabilityID": "CVE-2024-27056", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-27056", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:50a64d9c97e40e7b050da706b4b547b3ce6aa49cb2359969fe2e4f9f7034257f", "Title": "kernel: wifi: iwlwifi: mvm: ensure offloading TID queue exists", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: ensure offloading TID queue exists\n\nThe resume code path assumes that the TX queue for the offloading TID\nhas been configured. At resume time it then tries to sync the write\npointer as it may have been updated by the firmware.\n\nIn the unusual event that no packets have been send on TID 0, the queue\nwill not have been allocated and this causes a crash. Fix this by\nensuring the queue exist at suspend time.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:3627", "https://access.redhat.com/security/cve/CVE-2024-27056", "https://bugzilla.redhat.com/2250843", "https://bugzilla.redhat.com/2257406", "https://bugzilla.redhat.com/2263875", "https://bugzilla.redhat.com/2265271", "https://bugzilla.redhat.com/2265646", "https://bugzilla.redhat.com/2265654", "https://bugzilla.redhat.com/2265833", "https://bugzilla.redhat.com/2266296", "https://bugzilla.redhat.com/2266446", "https://bugzilla.redhat.com/2266746", "https://bugzilla.redhat.com/2266841", "https://bugzilla.redhat.com/2267038", "https://bugzilla.redhat.com/2267185", "https://bugzilla.redhat.com/2267355", "https://bugzilla.redhat.com/2267509", "https://bugzilla.redhat.com/2267705", "https://bugzilla.redhat.com/2267724", "https://bugzilla.redhat.com/2267758", "https://bugzilla.redhat.com/2267789", "https://bugzilla.redhat.com/2267797", "https://bugzilla.redhat.com/2267804", "https://bugzilla.redhat.com/2268315", "https://bugzilla.redhat.com/2268317", "https://bugzilla.redhat.com/2269213", "https://bugzilla.redhat.com/2269856", "https://bugzilla.redhat.com/2270080", "https://bugzilla.redhat.com/2270879", "https://bugzilla.redhat.com/2270881", "https://bugzilla.redhat.com/2271469", "https://bugzilla.redhat.com/2271476", "https://bugzilla.redhat.com/2272780", "https://bugzilla.redhat.com/2272791", "https://bugzilla.redhat.com/2273092", "https://bugzilla.redhat.com/2273094", "https://bugzilla.redhat.com/2273223", "https://bugzilla.redhat.com/2273260", "https://bugzilla.redhat.com/2273262", "https://bugzilla.redhat.com/2274624", "https://bugzilla.redhat.com/2275645", "https://bugzilla.redhat.com/2275655", "https://bugzilla.redhat.com/2275666", "https://bugzilla.redhat.com/2275707", "https://bugzilla.redhat.com/2275777", "https://bugzilla.redhat.com/2278169", "https://bugzilla.redhat.com/2278237", "https://bugzilla.redhat.com/2278240", "https://bugzilla.redhat.com/2278268", "https://bugzilla.redhat.com/2278314", "https://bugzilla.redhat.com/2278356", "https://bugzilla.redhat.com/2278398", "https://bugzilla.redhat.com/2278409", "https://bugzilla.redhat.com/2278417", "https://bugzilla.redhat.com/2278431", "https://bugzilla.redhat.com/show_bug.cgi?id=2250843", "https://bugzilla.redhat.com/show_bug.cgi?id=2257406", "https://bugzilla.redhat.com/show_bug.cgi?id=2263875", "https://bugzilla.redhat.com/show_bug.cgi?id=2265271", "https://bugzilla.redhat.com/show_bug.cgi?id=2265646", "https://bugzilla.redhat.com/show_bug.cgi?id=2265654", "https://bugzilla.redhat.com/show_bug.cgi?id=2265833", "https://bugzilla.redhat.com/show_bug.cgi?id=2266296", "https://bugzilla.redhat.com/show_bug.cgi?id=2266446", "https://bugzilla.redhat.com/show_bug.cgi?id=2266746", "https://bugzilla.redhat.com/show_bug.cgi?id=2266841", "https://bugzilla.redhat.com/show_bug.cgi?id=2267038", "https://bugzilla.redhat.com/show_bug.cgi?id=2267185", "https://bugzilla.redhat.com/show_bug.cgi?id=2267355", "https://bugzilla.redhat.com/show_bug.cgi?id=2267509", "https://bugzilla.redhat.com/show_bug.cgi?id=2267705", "https://bugzilla.redhat.com/show_bug.cgi?id=2267724", "https://bugzilla.redhat.com/show_bug.cgi?id=2267758", "https://bugzilla.redhat.com/show_bug.cgi?id=2267789", "https://bugzilla.redhat.com/show_bug.cgi?id=2267797", "https://bugzilla.redhat.com/show_bug.cgi?id=2267804", "https://bugzilla.redhat.com/show_bug.cgi?id=2268291", "https://bugzilla.redhat.com/show_bug.cgi?id=2268293", "https://bugzilla.redhat.com/show_bug.cgi?id=2268309", "https://bugzilla.redhat.com/show_bug.cgi?id=2268315", "https://bugzilla.redhat.com/show_bug.cgi?id=2268317", "https://bugzilla.redhat.com/show_bug.cgi?id=2269213", "https://bugzilla.redhat.com/show_bug.cgi?id=2269856", "https://bugzilla.redhat.com/show_bug.cgi?id=2270080", "https://bugzilla.redhat.com/show_bug.cgi?id=2270879", "https://bugzilla.redhat.com/show_bug.cgi?id=2270881", "https://bugzilla.redhat.com/show_bug.cgi?id=2271469", "https://bugzilla.redhat.com/show_bug.cgi?id=2271476", "https://bugzilla.redhat.com/show_bug.cgi?id=2272780", "https://bugzilla.redhat.com/show_bug.cgi?id=2272791", "https://bugzilla.redhat.com/show_bug.cgi?id=2273092", "https://bugzilla.redhat.com/show_bug.cgi?id=2273094", "https://bugzilla.redhat.com/show_bug.cgi?id=2273223", "https://bugzilla.redhat.com/show_bug.cgi?id=2273260", "https://bugzilla.redhat.com/show_bug.cgi?id=2273262", "https://bugzilla.redhat.com/show_bug.cgi?id=2274624", "https://bugzilla.redhat.com/show_bug.cgi?id=2275645", "https://bugzilla.redhat.com/show_bug.cgi?id=2275655", "https://bugzilla.redhat.com/show_bug.cgi?id=2275666", "https://bugzilla.redhat.com/show_bug.cgi?id=2275707", "https://bugzilla.redhat.com/show_bug.cgi?id=2275777", "https://bugzilla.redhat.com/show_bug.cgi?id=2278169", "https://bugzilla.redhat.com/show_bug.cgi?id=2278237", "https://bugzilla.redhat.com/show_bug.cgi?id=2278240", "https://bugzilla.redhat.com/show_bug.cgi?id=2278268", "https://bugzilla.redhat.com/show_bug.cgi?id=2278314", "https://bugzilla.redhat.com/show_bug.cgi?id=2278356", "https://bugzilla.redhat.com/show_bug.cgi?id=2278398", "https://bugzilla.redhat.com/show_bug.cgi?id=2278409", "https://bugzilla.redhat.com/show_bug.cgi?id=2278417", "https://bugzilla.redhat.com/show_bug.cgi?id=2278431", "https://bugzilla.redhat.com/show_bug.cgi?id=2278537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25162", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36777", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46934", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47013", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47055", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47118", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47153", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47171", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47185", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48627", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48669", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52439", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52445", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52477", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52513", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52520", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52528", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52565", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52578", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52594", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52595", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52598", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52606", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52607", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52610", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6240", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0340", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23307", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25744", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26593", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26603", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26610", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26615", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26643", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26659", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26664", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26693", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26694", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26743", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26744", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26779", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26872", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26892", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26897", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26901", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26919", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26933", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26934", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26964", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26973", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26993", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27048", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27052", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27059", "https://errata.almalinux.org/8/ALSA-2024-3627.html", "https://errata.rockylinux.org/RLSA-2024:3618", "https://git.kernel.org/linus/78f65fbf421a61894c14a1b91fe2fb4437b3fe5f (6.8-rc7)", "https://git.kernel.org/stable/c/35afffaddbe8d310dc61659da0b1a337b0d0addc", "https://git.kernel.org/stable/c/4903303f25f48b5a1e34e6324c7fae9ccd6b959a", "https://git.kernel.org/stable/c/78f65fbf421a61894c14a1b91fe2fb4437b3fe5f", "https://git.kernel.org/stable/c/ed35a509390ef4011ea2226da5dd6f62b73873b5", "https://linux.oracle.com/cve/CVE-2024-27056.html", "https://linux.oracle.com/errata/ELSA-2024-3618.html", "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html", "https://lore.kernel.org/linux-cve-announce/2024050115-CVE-2024-27056-98c0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-27056", "https://www.cve.org/CVERecord?id=CVE-2024-27056" ], "PublishedDate": "2024-05-01T13:15:50.36Z", "LastModifiedDate": "2025-11-03T20:16:11.57Z" }, { "VulnerabilityID": "CVE-2024-27057", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-27057", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e8b4d48b2cd354142239793d6e6cfb55132e6054554827906202b444d4a2f3a5", "Title": "kernel: ASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend\n\nWhen the system is suspended while audio is active, the\nsof_ipc4_pcm_hw_free() is invoked to reset the pipelines since during\nsuspend the DSP is turned off, streams will be re-started after resume.\n\nIf the firmware crashes during while audio is running (or when we reset\nthe stream before suspend) then the sof_ipc4_set_multi_pipeline_state()\nwill fail with IPC error and the state change is interrupted.\nThis will cause misalignment between the kernel and firmware state on next\nDSP boot resulting errors returned by firmware for IPC messages, eventually\nfailing the audio resume.\nOn stream close the errors are ignored so the kernel state will be\ncorrected on the next DSP boot, so the second boot after the DSP panic.\n\nIf sof_ipc4_trigger_pipelines() is called from sof_ipc4_pcm_hw_free() then\nstate parameter is SOF_IPC4_PIPE_RESET and only in this case.\n\nTreat a forced pipeline reset similarly to how we treat a pcm_free by\nignoring error on state sending to allow the kernel's state to be\nconsistent with the state the firmware will have after the next boot.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-27057", "https://git.kernel.org/linus/c40aad7c81e5fba34b70123ed7ce3397fa62a4d2 (6.8-rc5)", "https://git.kernel.org/stable/c/3cac6eebea9b4bc5f041e157e45c76e212ad6759", "https://git.kernel.org/stable/c/c40aad7c81e5fba34b70123ed7ce3397fa62a4d2", "https://git.kernel.org/stable/c/d153e8b154f9746ac969c85a4e6474760453647c", "https://linux.oracle.com/cve/CVE-2024-27057.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/2024050116-CVE-2024-27057-c0fb@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-27057", "https://www.cve.org/CVERecord?id=CVE-2024-27057" ], "PublishedDate": "2024-05-01T13:15:50.4Z", "LastModifiedDate": "2025-09-18T15:17:53.173Z" }, { "VulnerabilityID": "CVE-2024-27062", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-27062", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3c445baf05f556c2295701373acfd7196c4c52b443c74194a6f0a080db2c2d44", "Title": "kernel: nouveau: lock the client object tree.", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnouveau: lock the client object tree.\n\nIt appears the client object tree has no locking unless I've missed\nsomething else. Fix races around adding/removing client objects,\nmostly vram bar mappings.\n\n 4562.099306] general protection fault, probably for non-canonical address 0x6677ed422bceb80c: 0000 [#1] PREEMPT SMP PTI\n[ 4562.099314] CPU: 2 PID: 23171 Comm: deqp-vk Not tainted 6.8.0-rc6+ #27\n[ 4562.099324] Hardware name: Gigabyte Technology Co., Ltd. Z390 I AORUS PRO WIFI/Z390 I AORUS PRO WIFI-CF, BIOS F8 11/05/2021\n[ 4562.099330] RIP: 0010:nvkm_object_search+0x1d/0x70 [nouveau]\n[ 4562.099503] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 48 89 f8 48 85 f6 74 39 48 8b 87 a0 00 00 00 48 85 c0 74 12 \u003c48\u003e 8b 48 f8 48 39 ce 73 15 48 8b 40 10 48 85 c0 75 ee 48 c7 c0 fe\n[ 4562.099506] RSP: 0000:ffffa94cc420bbf8 EFLAGS: 00010206\n[ 4562.099512] RAX: 6677ed422bceb814 RBX: ffff98108791f400 RCX: ffff9810f26b8f58\n[ 4562.099517] RDX: 0000000000000000 RSI: ffff9810f26b9158 RDI: ffff98108791f400\n[ 4562.099519] RBP: ffff9810f26b9158 R08: 0000000000000000 R09: 0000000000000000\n[ 4562.099521] R10: ffffa94cc420bc48 R11: 0000000000000001 R12: ffff9810f02a7cc0\n[ 4562.099526] R13: 0000000000000000 R14: 00000000000000ff R15: 0000000000000007\n[ 4562.099528] FS: 00007f629c5017c0(0000) GS:ffff98142c700000(0000) knlGS:0000000000000000\n[ 4562.099534] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 4562.099536] CR2: 00007f629a882000 CR3: 000000017019e004 CR4: 00000000003706f0\n[ 4562.099541] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 4562.099542] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 4562.099544] Call Trace:\n[ 4562.099555] \u003cTASK\u003e\n[ 4562.099573] ? die_addr+0x36/0x90\n[ 4562.099583] ? exc_general_protection+0x246/0x4a0\n[ 4562.099593] ? asm_exc_general_protection+0x26/0x30\n[ 4562.099600] ? nvkm_object_search+0x1d/0x70 [nouveau]\n[ 4562.099730] nvkm_ioctl+0xa1/0x250 [nouveau]\n[ 4562.099861] nvif_object_map_handle+0xc8/0x180 [nouveau]\n[ 4562.099986] nouveau_ttm_io_mem_reserve+0x122/0x270 [nouveau]\n[ 4562.100156] ? dma_resv_test_signaled+0x26/0xb0\n[ 4562.100163] ttm_bo_vm_fault_reserved+0x97/0x3c0 [ttm]\n[ 4562.100182] ? __mutex_unlock_slowpath+0x2a/0x270\n[ 4562.100189] nouveau_ttm_fault+0x69/0xb0 [nouveau]\n[ 4562.100356] __do_fault+0x32/0x150\n[ 4562.100362] do_fault+0x7c/0x560\n[ 4562.100369] __handle_mm_fault+0x800/0xc10\n[ 4562.100382] handle_mm_fault+0x17c/0x3e0\n[ 4562.100388] do_user_addr_fault+0x208/0x860\n[ 4562.100395] exc_page_fault+0x7f/0x200\n[ 4562.100402] asm_exc_page_fault+0x26/0x30\n[ 4562.100412] RIP: 0033:0x9b9870\n[ 4562.100419] Code: 85 a8 f7 ff ff 8b 8d 80 f7 ff ff 89 08 e9 18 f2 ff ff 0f 1f 84 00 00 00 00 00 44 89 32 e9 90 fa ff ff 0f 1f 84 00 00 00 00 00 \u003c44\u003e 89 32 e9 f8 f1 ff ff 0f 1f 84 00 00 00 00 00 66 44 89 32 e9 e7\n[ 4562.100422] RSP: 002b:00007fff9ba2dc70 EFLAGS: 00010246\n[ 4562.100426] RAX: 0000000000000004 RBX: 000000000dd65e10 RCX: 000000fff0000000\n[ 4562.100428] RDX: 00007f629a882000 RSI: 00007f629a882000 RDI: 0000000000000066\n[ 4562.100432] RBP: 00007fff9ba2e570 R08: 0000000000000000 R09: 0000000123ddf000\n[ 4562.100434] R10: 0000000000000001 R11: 0000000000000246 R12: 000000007fffffff\n[ 4562.100436] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n[ 4562.100446] \u003c/TASK\u003e\n[ 4562.100448] Modules linked in: nf_conntrack_netbios_ns nf_conntrack_broadcast nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables libcrc32c nfnetlink cmac bnep sunrpc iwlmvm intel_rapl_msr intel_rapl_common snd_sof_pci_intel_cnl x86_pkg_temp_thermal intel_powerclamp snd_sof_intel_hda_common mac80211 coretemp snd_soc_acpi_intel_match kvm_intel snd_soc_acpi snd_soc_hdac_hda snd_sof_pci snd_sof_xtensa_dsp snd_sof_intel_hda_mlink \n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "alma": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:8870", "https://access.redhat.com/security/cve/CVE-2024-27062", "https://bugzilla.redhat.com/2266247", "https://bugzilla.redhat.com/2269183", "https://bugzilla.redhat.com/2275750", "https://bugzilla.redhat.com/2277168", "https://bugzilla.redhat.com/2278262", "https://bugzilla.redhat.com/2278350", "https://bugzilla.redhat.com/2278387", "https://bugzilla.redhat.com/2281284", "https://bugzilla.redhat.com/2281669", "https://bugzilla.redhat.com/2281817", "https://bugzilla.redhat.com/2293356", "https://bugzilla.redhat.com/2293402", "https://bugzilla.redhat.com/2293458", "https://bugzilla.redhat.com/2293459", "https://bugzilla.redhat.com/2297475", "https://bugzilla.redhat.com/2297508", "https://bugzilla.redhat.com/2297545", "https://bugzilla.redhat.com/2297567", "https://bugzilla.redhat.com/2297568", "https://bugzilla.redhat.com/2298109", "https://bugzilla.redhat.com/2298412", "https://bugzilla.redhat.com/2300412", "https://bugzilla.redhat.com/2300442", "https://bugzilla.redhat.com/2300487", "https://bugzilla.redhat.com/2300488", "https://bugzilla.redhat.com/2300508", "https://bugzilla.redhat.com/2300517", "https://bugzilla.redhat.com/2307862", "https://bugzilla.redhat.com/2307865", "https://bugzilla.redhat.com/2307892", "https://bugzilla.redhat.com/2309852", "https://bugzilla.redhat.com/2309853", "https://bugzilla.redhat.com/2311715", "https://bugzilla.redhat.com/2315178", "https://bugzilla.redhat.com/2317601", "https://bugzilla.redhat.com/show_bug.cgi?id=2266247", "https://bugzilla.redhat.com/show_bug.cgi?id=2269183", "https://bugzilla.redhat.com/show_bug.cgi?id=2275750", "https://bugzilla.redhat.com/show_bug.cgi?id=2277168", "https://bugzilla.redhat.com/show_bug.cgi?id=2278262", "https://bugzilla.redhat.com/show_bug.cgi?id=2278350", "https://bugzilla.redhat.com/show_bug.cgi?id=2278387", "https://bugzilla.redhat.com/show_bug.cgi?id=2281284", "https://bugzilla.redhat.com/show_bug.cgi?id=2281669", "https://bugzilla.redhat.com/show_bug.cgi?id=2281817", "https://bugzilla.redhat.com/show_bug.cgi?id=2293356", "https://bugzilla.redhat.com/show_bug.cgi?id=2293402", "https://bugzilla.redhat.com/show_bug.cgi?id=2293458", "https://bugzilla.redhat.com/show_bug.cgi?id=2293459", "https://bugzilla.redhat.com/show_bug.cgi?id=2297475", "https://bugzilla.redhat.com/show_bug.cgi?id=2297508", "https://bugzilla.redhat.com/show_bug.cgi?id=2297545", "https://bugzilla.redhat.com/show_bug.cgi?id=2297567", "https://bugzilla.redhat.com/show_bug.cgi?id=2297568", "https://bugzilla.redhat.com/show_bug.cgi?id=2298109", "https://bugzilla.redhat.com/show_bug.cgi?id=2298412", "https://bugzilla.redhat.com/show_bug.cgi?id=2300412", "https://bugzilla.redhat.com/show_bug.cgi?id=2300442", "https://bugzilla.redhat.com/show_bug.cgi?id=2300487", "https://bugzilla.redhat.com/show_bug.cgi?id=2300488", "https://bugzilla.redhat.com/show_bug.cgi?id=2300508", "https://bugzilla.redhat.com/show_bug.cgi?id=2300517", "https://bugzilla.redhat.com/show_bug.cgi?id=2307862", "https://bugzilla.redhat.com/show_bug.cgi?id=2307865", "https://bugzilla.redhat.com/show_bug.cgi?id=2307892", "https://bugzilla.redhat.com/show_bug.cgi?id=2309852", "https://bugzilla.redhat.com/show_bug.cgi?id=2309853", "https://bugzilla.redhat.com/show_bug.cgi?id=2311715", "https://bugzilla.redhat.com/show_bug.cgi?id=2315178", "https://bugzilla.redhat.com/show_bug.cgi?id=2317601", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48773", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48936", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52492", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24857", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26851", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26924", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26976", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27017", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27062", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35839", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35898", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35939", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38541", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38586", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38608", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39503", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40924", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40983", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40984", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41009", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41042", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41066", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41092", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41093", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42070", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42079", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42244", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42284", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42292", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42301", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43854", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43880", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43889", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43892", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44935", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44990", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45018", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47668", "https://errata.almalinux.org/8/ALSA-2024-8870.html", "https://errata.rockylinux.org/RLSA-2024:8856", "https://git.kernel.org/linus/b7cc4ff787a572edf2c55caeffaa88cd801eb135 (6.8)", "https://git.kernel.org/stable/c/6887314f5356389fc219b8152e951ac084a10ef7", "https://git.kernel.org/stable/c/96c8751844171af4b3898fee3857ee180586f589", "https://git.kernel.org/stable/c/b7cc4ff787a572edf2c55caeffaa88cd801eb135", "https://linux.oracle.com/cve/CVE-2024-27062.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/2024050130-CVE-2024-27062-3291@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-27062", "https://www.cve.org/CVERecord?id=CVE-2024-27062" ], "PublishedDate": "2024-05-01T13:15:50.66Z", "LastModifiedDate": "2025-04-08T19:42:41.69Z" }, { "VulnerabilityID": "CVE-2024-27389", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-27389", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f101bfe5fb1e4dcdce03a7de97de323cf33e476cd3bc9f28494595753e1c535e", "Title": "kernel: pstore: inode: Only d_invalidate() is needed", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\npstore: inode: Only d_invalidate() is needed\n\nUnloading a modular pstore backend with records in pstorefs would\ntrigger the dput() double-drop warning:\n\n WARNING: CPU: 0 PID: 2569 at fs/dcache.c:762 dput.part.0+0x3f3/0x410\n\nUsing the combo of d_drop()/dput() (as mentioned in\nDocumentation/filesystems/vfs.rst) isn't the right approach here, and\nleads to the reference counting problem seen above. Use d_invalidate()\nand update the code to not bother checking for error codes that can\nnever happen.\n\n---", "Severity": "MEDIUM", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-27389", "https://git.kernel.org/linus/a43e0fc5e9134a46515de2f2f8d4100b74e50de3 (6.9-rc1)", "https://git.kernel.org/stable/c/340682ed1932b8e3bd0bfc6c31a0c6354eb57cc6", "https://git.kernel.org/stable/c/4cdf9006fc095af71da80e9b5f48a32e991b9ed3", "https://git.kernel.org/stable/c/a43e0fc5e9134a46515de2f2f8d4100b74e50de3", "https://git.kernel.org/stable/c/cb9e802e49c24eeb3af35e9e8c04d526f35f112a", "https://git.kernel.org/stable/c/db6e5e16f1ee9e3b01d2f71c7f0ba945f4bf0f4e", "https://linux.oracle.com/cve/CVE-2024-27389.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/2024050135-CVE-2024-27389-fb3a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-27389", "https://ubuntu.com/security/notices/USN-6816-1", "https://ubuntu.com/security/notices/USN-6817-1", "https://ubuntu.com/security/notices/USN-6817-2", "https://ubuntu.com/security/notices/USN-6817-3", "https://ubuntu.com/security/notices/USN-6878-1", "https://www.cve.org/CVERecord?id=CVE-2024-27389" ], "PublishedDate": "2024-05-01T13:15:51.653Z", "LastModifiedDate": "2025-09-18T16:14:57.333Z" }, { "VulnerabilityID": "CVE-2024-27400", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-27400", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0e1941970f7cab6851b207ebdefccfcaae66ffcc2a1ef350e7411ca3d3841a0f", "Title": "kernel: drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2\n\nThis reverts drm/amdgpu: fix ftrace event amdgpu_bo_move always move\non same heap. The basic problem here is that after the move the old\nlocation is simply not available any more.\n\nSome fixes were suggested, but essentially we should call the move\nnotification before actually moving things because only this way we have\nthe correct order for DMA-buf and VM move notifications as well.\n\nAlso rework the statistic handling so that we don't update the eviction\ncounter before the move.\n\nv2: add missing NULL check", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-27400", "https://git.kernel.org/linus/d3a9331a6591e9df64791e076f6591f440af51c3 (6.9-rc7)", "https://git.kernel.org/stable/c/0c7ed3ed35eec9138b88d42217b5a6b9a62bda4d", "https://git.kernel.org/stable/c/5c25b169f9a0b34ee410891a96bc9d7b9ed6f9be", "https://git.kernel.org/stable/c/9a4f6e138720b6e9adf7b82a71d0292f3f276480", "https://git.kernel.org/stable/c/d3a9331a6591e9df64791e076f6591f440af51c3", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DW2MIOIMOFUSNLHLRYX23AFR36BMKD65/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTB4HWU2PTVW5NEYHHLOCXDKG3PYA534/", "https://lore.kernel.org/linux-cve-announce/2024051317-CVE-2024-27400-3b00@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-27400", "https://ubuntu.com/security/notices/USN-6949-1", "https://ubuntu.com/security/notices/USN-6949-2", "https://ubuntu.com/security/notices/USN-6952-1", "https://ubuntu.com/security/notices/USN-6952-2", "https://ubuntu.com/security/notices/USN-6955-1", "https://www.cve.org/CVERecord?id=CVE-2024-27400" ], "PublishedDate": "2024-05-14T15:12:29.26Z", "LastModifiedDate": "2025-12-23T19:05:59.707Z" }, { "VulnerabilityID": "CVE-2024-27408", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-27408", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e5fc02a45a9089984ce8b963bc048a36b38000b3f55fa8450d5c794438f14b9d", "Title": "kernel: dmaengine: dw-edma: eDMA: Add sync read before starting the DMA transfer in remote setup", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: dw-edma: eDMA: Add sync read before starting the DMA transfer in remote setup\n\nThe Linked list element and pointer are not stored in the same memory as\nthe eDMA controller register. If the doorbell register is toggled before\nthe full write of the linked list a race condition error will occur.\nIn remote setup we can only use a readl to the memory to assure the full\nwrite has occurred.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-27408", "https://git.kernel.org/linus/bbcc1c83f343e580c3aa1f2a8593343bf7b55bba (6.8-rc7)", "https://git.kernel.org/stable/c/bbcc1c83f343e580c3aa1f2a8593343bf7b55bba", "https://git.kernel.org/stable/c/d24fe6d5a1cfdddb7a9ef56736ec501c4d0a5fd3", "https://git.kernel.org/stable/c/f396b4df27cfe01a99f4b41f584c49e56477be3a", "https://lore.kernel.org/linux-cve-announce/2024051700-CVE-2024-27408-6911@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-27408", "https://www.cve.org/CVERecord?id=CVE-2024-27408" ], "PublishedDate": "2024-05-17T12:15:11.223Z", "LastModifiedDate": "2025-09-18T17:31:49.273Z" }, { "VulnerabilityID": "CVE-2024-27418", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-27418", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:39197562ddc8e2d77b8772480461532a4b4d4bad988fedf4e4c9349ea945e261", "Title": "kernel: net: mctp: take ownership of skb in mctp_local_output", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mctp: take ownership of skb in mctp_local_output\n\nCurrently, mctp_local_output only takes ownership of skb on success, and\nwe may leak an skb if mctp_local_output fails in specific states; the\nskb ownership isn't transferred until the actual output routing occurs.\n\nInstead, make mctp_local_output free the skb on all error paths up to\nthe route action, so it always consumes the passed skb.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "cbl-mariner": 2, "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-27418", "https://git.kernel.org/linus/3773d65ae5154ed7df404b050fd7387a36ab5ef3 (6.8-rc7)", "https://git.kernel.org/stable/c/3773d65ae5154ed7df404b050fd7387a36ab5ef3", "https://git.kernel.org/stable/c/a3c8fa54e904b0ddb52a08cc2d8ac239054f61fd", "https://git.kernel.org/stable/c/a639441c880ac479495e5ab37e3c29f21ae5771b", "https://git.kernel.org/stable/c/cbebc55ceacef1fc0651e80e0103cc184552fc68", "https://lore.kernel.org/linux-cve-announce/2024051703-CVE-2024-27418-3cda@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-27418", "https://www.cve.org/CVERecord?id=CVE-2024-27418" ], "PublishedDate": "2024-05-17T12:15:13.52Z", "LastModifiedDate": "2025-09-26T16:22:11.54Z" }, { "VulnerabilityID": "CVE-2024-27435", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-27435", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9cc7e26103c38ab7965b8dedda0e219849d46b8f6a7615cc41016f35d777d919", "Title": "kernel: nvme: fix reconnection fail due to reserved tag allocation", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: fix reconnection fail due to reserved tag allocation\n\nWe found a issue on production environment while using NVMe over RDMA,\nadmin_q reconnect failed forever while remote target and network is ok.\nAfter dig into it, we found it may caused by a ABBA deadlock due to tag\nallocation. In my case, the tag was hold by a keep alive request\nwaiting inside admin_q, as we quiesced admin_q while reset ctrl, so the\nrequest maked as idle and will not process before reset success. As\nfabric_q shares tagset with admin_q, while reconnect remote target, we\nneed a tag for connect command, but the only one reserved tag was held\nby keep alive command which waiting inside admin_q. As a result, we\nfailed to reconnect admin_q forever. In order to fix this issue, I\nthink we should keep two reserved tags for admin queue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:4583", "https://access.redhat.com/security/cve/CVE-2024-27435", "https://bugzilla.redhat.com/2267509", "https://bugzilla.redhat.com/2273082", "https://bugzilla.redhat.com/2273466", "https://bugzilla.redhat.com/2275735", "https://bugzilla.redhat.com/2277238", "https://bugzilla.redhat.com/2280434", "https://bugzilla.redhat.com/2281131", "https://bugzilla.redhat.com/2281925", "https://bugzilla.redhat.com/2283401", "https://bugzilla.redhat.com/2284541", "https://bugzilla.redhat.com/2284581", "https://bugzilla.redhat.com/2293230", "https://bugzilla.redhat.com/2293380", "https://bugzilla.redhat.com/2293402", "https://bugzilla.redhat.com/2293456", "https://bugzilla.redhat.com/2293653", "https://bugzilla.redhat.com/2294225", "https://bugzilla.redhat.com/show_bug.cgi?id=2267509", "https://bugzilla.redhat.com/show_bug.cgi?id=2273082", "https://bugzilla.redhat.com/show_bug.cgi?id=2273466", "https://bugzilla.redhat.com/show_bug.cgi?id=2275735", "https://bugzilla.redhat.com/show_bug.cgi?id=2277238", "https://bugzilla.redhat.com/show_bug.cgi?id=2280434", "https://bugzilla.redhat.com/show_bug.cgi?id=2281131", "https://bugzilla.redhat.com/show_bug.cgi?id=2281925", "https://bugzilla.redhat.com/show_bug.cgi?id=2283401", "https://bugzilla.redhat.com/show_bug.cgi?id=2284541", "https://bugzilla.redhat.com/show_bug.cgi?id=2284581", "https://bugzilla.redhat.com/show_bug.cgi?id=2293230", "https://bugzilla.redhat.com/show_bug.cgi?id=2293380", "https://bugzilla.redhat.com/show_bug.cgi?id=2293402", "https://bugzilla.redhat.com/show_bug.cgi?id=2293456", "https://bugzilla.redhat.com/show_bug.cgi?id=2293653", "https://bugzilla.redhat.com/show_bug.cgi?id=2294225", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47596", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48627", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52638", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26783", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26858", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27397", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27435", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35958", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36957", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38543", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38586", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38593", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38663", "https://errata.almalinux.org/9/ALSA-2024-4583.html", "https://errata.rockylinux.org/RLSA-2024:4583", "https://git.kernel.org/linus/de105068fead55ed5c07ade75e9c8e7f86a00d1d (6.9-rc1)", "https://git.kernel.org/stable/c/149afee5c7418ec5db9d7387b9c9a5c1eb7ea2a8", "https://git.kernel.org/stable/c/262da920896e2f2ab0e3947d9dbee0aa09045818", "https://git.kernel.org/stable/c/6851778504cdb49431809b4ba061903d5f592c96", "https://git.kernel.org/stable/c/de105068fead55ed5c07ade75e9c8e7f86a00d1d", "https://git.kernel.org/stable/c/ff2f90f88d78559802466ad1c84ac5bda4416b3a", "https://linux.oracle.com/cve/CVE-2024-27435.html", "https://linux.oracle.com/errata/ELSA-2024-4583.html", "https://lore.kernel.org/linux-cve-announce/2024051710-CVE-2024-27435-c465@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-27435", "https://ubuntu.com/security/notices/USN-6816-1", "https://ubuntu.com/security/notices/USN-6817-1", "https://ubuntu.com/security/notices/USN-6817-2", "https://ubuntu.com/security/notices/USN-6817-3", "https://ubuntu.com/security/notices/USN-6878-1", "https://www.cve.org/CVERecord?id=CVE-2024-27435" ], "PublishedDate": "2024-05-17T13:15:58.073Z", "LastModifiedDate": "2025-09-26T19:01:59.697Z" }, { "VulnerabilityID": "CVE-2024-35784", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-35784", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2bc7f6a6cf71307cf0cf4128c81a7351af8b9512e8be46ea223af40f10930dd6", "Title": "kernel: btrfs: fix deadlock with fiemap and extent locking", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix deadlock with fiemap and extent locking\n\nWhile working on the patchset to remove extent locking I got a lockdep\nsplat with fiemap and pagefaulting with my new extent lock replacement\nlock.\n\nThis deadlock exists with our normal code, we just don't have lockdep\nannotations with the extent locking so we've never noticed it.\n\nSince we're copying the fiemap extent to user space on every iteration\nwe have the chance of pagefaulting. Because we hold the extent lock for\nthe entire range we could mkwrite into a range in the file that we have\nmmap'ed. This would deadlock with the following stack trace\n\n[\u003c0\u003e] lock_extent+0x28d/0x2f0\n[\u003c0\u003e] btrfs_page_mkwrite+0x273/0x8a0\n[\u003c0\u003e] do_page_mkwrite+0x50/0xb0\n[\u003c0\u003e] do_fault+0xc1/0x7b0\n[\u003c0\u003e] __handle_mm_fault+0x2fa/0x460\n[\u003c0\u003e] handle_mm_fault+0xa4/0x330\n[\u003c0\u003e] do_user_addr_fault+0x1f4/0x800\n[\u003c0\u003e] exc_page_fault+0x7c/0x1e0\n[\u003c0\u003e] asm_exc_page_fault+0x26/0x30\n[\u003c0\u003e] rep_movs_alternative+0x33/0x70\n[\u003c0\u003e] _copy_to_user+0x49/0x70\n[\u003c0\u003e] fiemap_fill_next_extent+0xc8/0x120\n[\u003c0\u003e] emit_fiemap_extent+0x4d/0xa0\n[\u003c0\u003e] extent_fiemap+0x7f8/0xad0\n[\u003c0\u003e] btrfs_fiemap+0x49/0x80\n[\u003c0\u003e] __x64_sys_ioctl+0x3e1/0xb50\n[\u003c0\u003e] do_syscall_64+0x94/0x1a0\n[\u003c0\u003e] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\nI wrote an fstest to reproduce this deadlock without my replacement lock\nand verified that the deadlock exists with our existing locking.\n\nTo fix this simply don't take the extent lock for the entire duration of\nthe fiemap. This is safe in general because we keep track of where we\nare when we're searching the tree, so if an ordered extent updates in\nthe middle of our fiemap call we'll still emit the correct extents\nbecause we know what offset we were on before.\n\nThe only place we maintain the lock is searching delalloc. Since the\ndelalloc stuff can change during writeback we want to lock the extent\nrange so we have a consistent view of delalloc at the time we're\nchecking to see if we need to set the delalloc flag.\n\nWith this patch applied we no longer deadlock with my testcase.", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-35784", "https://git.kernel.org/linus/b0ad381fa7690244802aed119b478b4bdafc31dd (6.8-rc6)", "https://git.kernel.org/stable/c/89bca7fe6382d61e88c67a0b0e7bce315986fb8b", "https://git.kernel.org/stable/c/b0ad381fa7690244802aed119b478b4bdafc31dd", "https://git.kernel.org/stable/c/ded566b4637f1b6b4c9ba74e7d0b8493e93f19cf", "https://lore.kernel.org/linux-cve-announce/2024051704-CVE-2024-35784-6dec@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-35784", "https://www.cve.org/CVERecord?id=CVE-2024-35784" ], "PublishedDate": "2024-05-17T13:15:58.27Z", "LastModifiedDate": "2025-01-10T18:09:46.203Z" }, { "VulnerabilityID": "CVE-2024-35794", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-35794", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6b4c9c290f4ad0cd40c0ff9fce75e32d82412de9353926b995c1134aaaceb4be", "Title": "kernel: dm-raid: really frozen sync_thread during suspend", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-raid: really frozen sync_thread during suspend\n\n1) commit f52f5c71f3d4 (\"md: fix stopping sync thread\") remove\n MD_RECOVERY_FROZEN from __md_stop_writes() and doesn't realize that\n dm-raid relies on __md_stop_writes() to frozen sync_thread\n indirectly. Fix this problem by adding MD_RECOVERY_FROZEN in\n md_stop_writes(), and since stop_sync_thread() is only used for\n dm-raid in this case, also move stop_sync_thread() to\n md_stop_writes().\n2) The flag MD_RECOVERY_FROZEN doesn't mean that sync thread is frozen,\n it only prevent new sync_thread to start, and it can't stop the\n running sync thread; In order to frozen sync_thread, after seting the\n flag, stop_sync_thread() should be used.\n3) The flag MD_RECOVERY_FROZEN doesn't mean that writes are stopped, use\n it as condition for md_stop_writes() in raid_postsuspend() doesn't\n look correct. Consider that reentrant stop_sync_thread() do nothing,\n always call md_stop_writes() in raid_postsuspend().\n4) raid_message can set/clear the flag MD_RECOVERY_FROZEN at anytime,\n and if MD_RECOVERY_FROZEN is cleared while the array is suspended,\n new sync_thread can start unexpected. Fix this by disallow\n raid_message() to change sync_thread status during suspend.\n\nNote that after commit f52f5c71f3d4 (\"md: fix stopping sync thread\"), the\ntest shell/lvconvert-raid-reshape.sh start to hang in stop_sync_thread(),\nand with previous fixes, the test won't hang there anymore, however, the\ntest will still fail and complain that ext4 is corrupted. And with this\npatch, the test won't hang due to stop_sync_thread() or fail due to ext4\nis corrupted anymore. However, there is still a deadlock related to\ndm-raid456 that will be fixed in following patches.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-35794", "https://git.kernel.org/linus/16c4770c75b1223998adbeb7286f9a15c65fba73 (6.9-rc1)", "https://git.kernel.org/stable/c/16c4770c75b1223998adbeb7286f9a15c65fba73", "https://git.kernel.org/stable/c/af916cb66a80597f3523bc85812e790bcdcfd62b", "https://git.kernel.org/stable/c/eaa8fc9b092837cf2c754bde1a15d784ce9a85ab", "https://linux.oracle.com/cve/CVE-2024-35794.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/2024051709-CVE-2024-35794-f42d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-35794", "https://ubuntu.com/security/notices/USN-6816-1", "https://ubuntu.com/security/notices/USN-6817-1", "https://ubuntu.com/security/notices/USN-6817-2", "https://ubuntu.com/security/notices/USN-6817-3", "https://ubuntu.com/security/notices/USN-6878-1", "https://www.cve.org/CVERecord?id=CVE-2024-35794" ], "PublishedDate": "2024-05-17T13:15:59.097Z", "LastModifiedDate": "2025-09-26T16:20:03.953Z" }, { "VulnerabilityID": "CVE-2024-35799", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-35799", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ed40d0cc2c53249f7ace34604298e5174637414a1680d15f081e2a2a3ad87f4b", "Title": "kernel: drm/amd/display: Prevent crash when disable stream", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Prevent crash when disable stream\n\n[Why]\nDisabling stream encoder invokes a function that no longer exists.\n\n[How]\nCheck if the function declaration is NULL in disable stream encoder.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-35799", "https://git.kernel.org/linus/72d72e8fddbcd6c98e1b02d32cf6f2b04e10bd1c (6.9-rc2)", "https://git.kernel.org/stable/c/2b17133a0a2e0e111803124dad09e803718d4a48", "https://git.kernel.org/stable/c/4356a2c3f296503c8b420ae8adece053960a9f06", "https://git.kernel.org/stable/c/59772327d439874095516673b4b30c48bd83ca38", "https://git.kernel.org/stable/c/72d72e8fddbcd6c98e1b02d32cf6f2b04e10bd1c", "https://lore.kernel.org/linux-cve-announce/2024051737-CVE-2024-35799-75e5@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-35799", "https://ubuntu.com/security/notices/USN-6816-1", "https://ubuntu.com/security/notices/USN-6817-1", "https://ubuntu.com/security/notices/USN-6817-2", "https://ubuntu.com/security/notices/USN-6817-3", "https://ubuntu.com/security/notices/USN-6878-1", "https://www.cve.org/CVERecord?id=CVE-2024-35799" ], "PublishedDate": "2024-05-17T14:15:12.42Z", "LastModifiedDate": "2025-09-19T15:17:14.027Z" }, { "VulnerabilityID": "CVE-2024-35801", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-35801", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5fe5b668ccd0dfa281a9d2d4a81e3c4e495f62724674522f5dc3742a777cdb72", "Title": "kernel: x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/fpu: Keep xfd_state in sync with MSR_IA32_XFD\n\nCommit 672365477ae8 (\"x86/fpu: Update XFD state where required\") and\ncommit 8bf26758ca96 (\"x86/fpu: Add XFD state to fpstate\") introduced a\nper CPU variable xfd_state to keep the MSR_IA32_XFD value cached, in\norder to avoid unnecessary writes to the MSR.\n\nOn CPU hotplug MSR_IA32_XFD is reset to the init_fpstate.xfd, which\nwipes out any stale state. But the per CPU cached xfd value is not\nreset, which brings them out of sync.\n\nAs a consequence a subsequent xfd_update_state() might fail to update\nthe MSR which in turn can result in XRSTOR raising a #NM in kernel\nspace, which crashes the kernel.\n\nTo fix this, introduce xfd_set_state() to write xfd_state together\nwith MSR_IA32_XFD, and use it in all places that set MSR_IA32_XFD.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 1, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:5102", "https://access.redhat.com/security/cve/CVE-2024-35801", "https://bugzilla.redhat.com/2263879", "https://bugzilla.redhat.com/2265645", "https://bugzilla.redhat.com/2265797", "https://bugzilla.redhat.com/2266341", "https://bugzilla.redhat.com/2266347", "https://bugzilla.redhat.com/2266497", "https://bugzilla.redhat.com/2267787", "https://bugzilla.redhat.com/2268118", "https://bugzilla.redhat.com/2269070", "https://bugzilla.redhat.com/2269211", "https://bugzilla.redhat.com/2270084", "https://bugzilla.redhat.com/2270100", "https://bugzilla.redhat.com/2271686", "https://bugzilla.redhat.com/2271688", "https://bugzilla.redhat.com/2272782", "https://bugzilla.redhat.com/2272795", "https://bugzilla.redhat.com/2273109", "https://bugzilla.redhat.com/2273174", "https://bugzilla.redhat.com/2273236", "https://bugzilla.redhat.com/2273242", "https://bugzilla.redhat.com/2273247", "https://bugzilla.redhat.com/2273268", "https://bugzilla.redhat.com/2273427", "https://bugzilla.redhat.com/2273654", "https://bugzilla.redhat.com/2275565", "https://bugzilla.redhat.com/2275573", "https://bugzilla.redhat.com/2275580", "https://bugzilla.redhat.com/2275694", "https://bugzilla.redhat.com/2275711", "https://bugzilla.redhat.com/2275748", "https://bugzilla.redhat.com/2275761", "https://bugzilla.redhat.com/2275928", "https://bugzilla.redhat.com/2277166", "https://bugzilla.redhat.com/2277238", "https://bugzilla.redhat.com/2277840", "https://bugzilla.redhat.com/2278176", "https://bugzilla.redhat.com/2278178", "https://bugzilla.redhat.com/2278182", "https://bugzilla.redhat.com/2278218", "https://bugzilla.redhat.com/2278256", "https://bugzilla.redhat.com/2278258", "https://bugzilla.redhat.com/2278277", "https://bugzilla.redhat.com/2278279", "https://bugzilla.redhat.com/2278380", "https://bugzilla.redhat.com/2278484", "https://bugzilla.redhat.com/2278515", "https://bugzilla.redhat.com/2278535", "https://bugzilla.redhat.com/2278539", "https://bugzilla.redhat.com/2278989", "https://bugzilla.redhat.com/2280440", "https://bugzilla.redhat.com/2281054", "https://bugzilla.redhat.com/2281133", "https://bugzilla.redhat.com/2281149", "https://bugzilla.redhat.com/2281207", "https://bugzilla.redhat.com/2281215", "https://bugzilla.redhat.com/2281221", "https://bugzilla.redhat.com/2281235", "https://bugzilla.redhat.com/2281268", "https://bugzilla.redhat.com/2281326", "https://bugzilla.redhat.com/2281360", "https://bugzilla.redhat.com/2281510", "https://bugzilla.redhat.com/2281519", "https://bugzilla.redhat.com/2281636", "https://bugzilla.redhat.com/2281641", "https://bugzilla.redhat.com/2281664", "https://bugzilla.redhat.com/2281667", "https://bugzilla.redhat.com/2281672", "https://bugzilla.redhat.com/2281675", "https://bugzilla.redhat.com/2281682", "https://bugzilla.redhat.com/2281725", "https://bugzilla.redhat.com/2281752", "https://bugzilla.redhat.com/2281758", "https://bugzilla.redhat.com/2281819", "https://bugzilla.redhat.com/2281821", "https://bugzilla.redhat.com/2281833", "https://bugzilla.redhat.com/2281938", "https://bugzilla.redhat.com/2281949", "https://bugzilla.redhat.com/2281968", "https://bugzilla.redhat.com/2281989", "https://bugzilla.redhat.com/2282328", "https://bugzilla.redhat.com/2282373", "https://bugzilla.redhat.com/2282479", "https://bugzilla.redhat.com/2282553", "https://bugzilla.redhat.com/2282615", "https://bugzilla.redhat.com/2282623", "https://bugzilla.redhat.com/2282640", "https://bugzilla.redhat.com/2282642", "https://bugzilla.redhat.com/2282645", "https://bugzilla.redhat.com/2282717", "https://bugzilla.redhat.com/2282719", "https://bugzilla.redhat.com/2282727", "https://bugzilla.redhat.com/2282742", "https://bugzilla.redhat.com/2282743", "https://bugzilla.redhat.com/2282744", "https://bugzilla.redhat.com/2282759", "https://bugzilla.redhat.com/2282763", "https://bugzilla.redhat.com/2282766", "https://bugzilla.redhat.com/2282772", "https://bugzilla.redhat.com/2282780", "https://bugzilla.redhat.com/2282887", "https://bugzilla.redhat.com/2282896", "https://bugzilla.redhat.com/2282923", "https://bugzilla.redhat.com/2282925", "https://bugzilla.redhat.com/2282950", "https://bugzilla.redhat.com/2283401", "https://bugzilla.redhat.com/2283894", "https://bugzilla.redhat.com/2284400", "https://bugzilla.redhat.com/2284417", "https://bugzilla.redhat.com/2284421", "https://bugzilla.redhat.com/2284474", "https://bugzilla.redhat.com/2284477", "https://bugzilla.redhat.com/2284488", "https://bugzilla.redhat.com/2284496", "https://bugzilla.redhat.com/2284500", "https://bugzilla.redhat.com/2284513", "https://bugzilla.redhat.com/2284519", "https://bugzilla.redhat.com/2284539", "https://bugzilla.redhat.com/2284541", "https://bugzilla.redhat.com/2284556", "https://bugzilla.redhat.com/2284571", "https://bugzilla.redhat.com/2284590", "https://bugzilla.redhat.com/2284625", "https://bugzilla.redhat.com/2290408", "https://bugzilla.redhat.com/2292331", "https://bugzilla.redhat.com/2293078", "https://bugzilla.redhat.com/2293250", "https://bugzilla.redhat.com/2293276", "https://bugzilla.redhat.com/2293312", "https://bugzilla.redhat.com/2293316", "https://bugzilla.redhat.com/2293348", "https://bugzilla.redhat.com/2293371", "https://bugzilla.redhat.com/2293383", "https://bugzilla.redhat.com/2293418", "https://bugzilla.redhat.com/2293420", "https://bugzilla.redhat.com/2293444", "https://bugzilla.redhat.com/2293461", "https://bugzilla.redhat.com/2293653", "https://bugzilla.redhat.com/2293657", "https://bugzilla.redhat.com/2293684", "https://bugzilla.redhat.com/2293687", "https://bugzilla.redhat.com/2293700", "https://bugzilla.redhat.com/2293711", "https://bugzilla.redhat.com/2294274", "https://bugzilla.redhat.com/2295914", "https://bugzilla.redhat.com/2296067", "https://bugzilla.redhat.com/2297056", "https://bugzilla.redhat.com/2297474", "https://bugzilla.redhat.com/2297511", "https://bugzilla.redhat.com/2298108", "https://bugzilla.redhat.com/show_bug.cgi?id=2263879", "https://bugzilla.redhat.com/show_bug.cgi?id=2265645", "https://bugzilla.redhat.com/show_bug.cgi?id=2265650", "https://bugzilla.redhat.com/show_bug.cgi?id=2265797", "https://bugzilla.redhat.com/show_bug.cgi?id=2266341", "https://bugzilla.redhat.com/show_bug.cgi?id=2266347", "https://bugzilla.redhat.com/show_bug.cgi?id=2266497", "https://bugzilla.redhat.com/show_bug.cgi?id=2266594", "https://bugzilla.redhat.com/show_bug.cgi?id=2267787", "https://bugzilla.redhat.com/show_bug.cgi?id=2268118", "https://bugzilla.redhat.com/show_bug.cgi?id=2269070", "https://bugzilla.redhat.com/show_bug.cgi?id=2269211", "https://bugzilla.redhat.com/show_bug.cgi?id=2270084", "https://bugzilla.redhat.com/show_bug.cgi?id=2270100", "https://bugzilla.redhat.com/show_bug.cgi?id=2270700", "https://bugzilla.redhat.com/show_bug.cgi?id=2271686", "https://bugzilla.redhat.com/show_bug.cgi?id=2271688", "https://bugzilla.redhat.com/show_bug.cgi?id=2272782", "https://bugzilla.redhat.com/show_bug.cgi?id=2272795", "https://bugzilla.redhat.com/show_bug.cgi?id=2273109", "https://bugzilla.redhat.com/show_bug.cgi?id=2273117", "https://bugzilla.redhat.com/show_bug.cgi?id=2273174", "https://bugzilla.redhat.com/show_bug.cgi?id=2273236", "https://bugzilla.redhat.com/show_bug.cgi?id=2273242", "https://bugzilla.redhat.com/show_bug.cgi?id=2273247", "https://bugzilla.redhat.com/show_bug.cgi?id=2273268", "https://bugzilla.redhat.com/show_bug.cgi?id=2273427", "https://bugzilla.redhat.com/show_bug.cgi?id=2273654", "https://bugzilla.redhat.com/show_bug.cgi?id=2275565", "https://bugzilla.redhat.com/show_bug.cgi?id=2275573", "https://bugzilla.redhat.com/show_bug.cgi?id=2275580", "https://bugzilla.redhat.com/show_bug.cgi?id=2275694", "https://bugzilla.redhat.com/show_bug.cgi?id=2275711", "https://bugzilla.redhat.com/show_bug.cgi?id=2275744", "https://bugzilla.redhat.com/show_bug.cgi?id=2275748", "https://bugzilla.redhat.com/show_bug.cgi?id=2275761", "https://bugzilla.redhat.com/show_bug.cgi?id=2275928", "https://bugzilla.redhat.com/show_bug.cgi?id=2277166", "https://bugzilla.redhat.com/show_bug.cgi?id=2277238", "https://bugzilla.redhat.com/show_bug.cgi?id=2277840", "https://bugzilla.redhat.com/show_bug.cgi?id=2278176", "https://bugzilla.redhat.com/show_bug.cgi?id=2278178", "https://bugzilla.redhat.com/show_bug.cgi?id=2278182", "https://bugzilla.redhat.com/show_bug.cgi?id=2278218", "https://bugzilla.redhat.com/show_bug.cgi?id=2278256", "https://bugzilla.redhat.com/show_bug.cgi?id=2278258", "https://bugzilla.redhat.com/show_bug.cgi?id=2278277", "https://bugzilla.redhat.com/show_bug.cgi?id=2278279", "https://bugzilla.redhat.com/show_bug.cgi?id=2278380", "https://bugzilla.redhat.com/show_bug.cgi?id=2278484", "https://bugzilla.redhat.com/show_bug.cgi?id=2278515", "https://bugzilla.redhat.com/show_bug.cgi?id=2278535", "https://bugzilla.redhat.com/show_bug.cgi?id=2278539", "https://bugzilla.redhat.com/show_bug.cgi?id=2278989", "https://bugzilla.redhat.com/show_bug.cgi?id=2280440", "https://bugzilla.redhat.com/show_bug.cgi?id=2281054", "https://bugzilla.redhat.com/show_bug.cgi?id=2281133", "https://bugzilla.redhat.com/show_bug.cgi?id=2281149", "https://bugzilla.redhat.com/show_bug.cgi?id=2281189", "https://bugzilla.redhat.com/show_bug.cgi?id=2281190", "https://bugzilla.redhat.com/show_bug.cgi?id=2281207", "https://bugzilla.redhat.com/show_bug.cgi?id=2281215", "https://bugzilla.redhat.com/show_bug.cgi?id=2281221", "https://bugzilla.redhat.com/show_bug.cgi?id=2281235", "https://bugzilla.redhat.com/show_bug.cgi?id=2281268", "https://bugzilla.redhat.com/show_bug.cgi?id=2281326", "https://bugzilla.redhat.com/show_bug.cgi?id=2281360", "https://bugzilla.redhat.com/show_bug.cgi?id=2281510", "https://bugzilla.redhat.com/show_bug.cgi?id=2281519", "https://bugzilla.redhat.com/show_bug.cgi?id=2281636", "https://bugzilla.redhat.com/show_bug.cgi?id=2281641", "https://bugzilla.redhat.com/show_bug.cgi?id=2281664", "https://bugzilla.redhat.com/show_bug.cgi?id=2281667", "https://bugzilla.redhat.com/show_bug.cgi?id=2281672", "https://bugzilla.redhat.com/show_bug.cgi?id=2281675", "https://bugzilla.redhat.com/show_bug.cgi?id=2281682", "https://bugzilla.redhat.com/show_bug.cgi?id=2281725", "https://bugzilla.redhat.com/show_bug.cgi?id=2281752", "https://bugzilla.redhat.com/show_bug.cgi?id=2281758", "https://bugzilla.redhat.com/show_bug.cgi?id=2281819", "https://bugzilla.redhat.com/show_bug.cgi?id=2281821", "https://bugzilla.redhat.com/show_bug.cgi?id=2281833", "https://bugzilla.redhat.com/show_bug.cgi?id=2281938", "https://bugzilla.redhat.com/show_bug.cgi?id=2281949", "https://bugzilla.redhat.com/show_bug.cgi?id=2281968", "https://bugzilla.redhat.com/show_bug.cgi?id=2281989", "https://bugzilla.redhat.com/show_bug.cgi?id=2282328", "https://bugzilla.redhat.com/show_bug.cgi?id=2282373", "https://bugzilla.redhat.com/show_bug.cgi?id=2282479", "https://bugzilla.redhat.com/show_bug.cgi?id=2282553", "https://bugzilla.redhat.com/show_bug.cgi?id=2282615", "https://bugzilla.redhat.com/show_bug.cgi?id=2282623", "https://bugzilla.redhat.com/show_bug.cgi?id=2282640", "https://bugzilla.redhat.com/show_bug.cgi?id=2282642", "https://bugzilla.redhat.com/show_bug.cgi?id=2282645", "https://bugzilla.redhat.com/show_bug.cgi?id=2282690", "https://bugzilla.redhat.com/show_bug.cgi?id=2282717", "https://bugzilla.redhat.com/show_bug.cgi?id=2282719", "https://bugzilla.redhat.com/show_bug.cgi?id=2282727", "https://bugzilla.redhat.com/show_bug.cgi?id=2282742", "https://bugzilla.redhat.com/show_bug.cgi?id=2282743", "https://bugzilla.redhat.com/show_bug.cgi?id=2282744", "https://bugzilla.redhat.com/show_bug.cgi?id=2282759", "https://bugzilla.redhat.com/show_bug.cgi?id=2282763", "https://bugzilla.redhat.com/show_bug.cgi?id=2282766", "https://bugzilla.redhat.com/show_bug.cgi?id=2282772", "https://bugzilla.redhat.com/show_bug.cgi?id=2282780", "https://bugzilla.redhat.com/show_bug.cgi?id=2282887", "https://bugzilla.redhat.com/show_bug.cgi?id=2282896", "https://bugzilla.redhat.com/show_bug.cgi?id=2282923", "https://bugzilla.redhat.com/show_bug.cgi?id=2282925", "https://bugzilla.redhat.com/show_bug.cgi?id=2282950", "https://bugzilla.redhat.com/show_bug.cgi?id=2283401", "https://bugzilla.redhat.com/show_bug.cgi?id=2283894", "https://bugzilla.redhat.com/show_bug.cgi?id=2284400", "https://bugzilla.redhat.com/show_bug.cgi?id=2284417", "https://bugzilla.redhat.com/show_bug.cgi?id=2284421", "https://bugzilla.redhat.com/show_bug.cgi?id=2284465", "https://bugzilla.redhat.com/show_bug.cgi?id=2284474", "https://bugzilla.redhat.com/show_bug.cgi?id=2284477", "https://bugzilla.redhat.com/show_bug.cgi?id=2284488", "https://bugzilla.redhat.com/show_bug.cgi?id=2284496", "https://bugzilla.redhat.com/show_bug.cgi?id=2284500", "https://bugzilla.redhat.com/show_bug.cgi?id=2284513", "https://bugzilla.redhat.com/show_bug.cgi?id=2284519", "https://bugzilla.redhat.com/show_bug.cgi?id=2284539", "https://bugzilla.redhat.com/show_bug.cgi?id=2284541", "https://bugzilla.redhat.com/show_bug.cgi?id=2284556", "https://bugzilla.redhat.com/show_bug.cgi?id=2284571", "https://bugzilla.redhat.com/show_bug.cgi?id=2284590", "https://bugzilla.redhat.com/show_bug.cgi?id=2284625", "https://bugzilla.redhat.com/show_bug.cgi?id=2290408", "https://bugzilla.redhat.com/show_bug.cgi?id=2292331", "https://bugzilla.redhat.com/show_bug.cgi?id=2293078", "https://bugzilla.redhat.com/show_bug.cgi?id=2293250", "https://bugzilla.redhat.com/show_bug.cgi?id=2293276", "https://bugzilla.redhat.com/show_bug.cgi?id=2293312", "https://bugzilla.redhat.com/show_bug.cgi?id=2293316", "https://bugzilla.redhat.com/show_bug.cgi?id=2293348", "https://bugzilla.redhat.com/show_bug.cgi?id=2293367", "https://bugzilla.redhat.com/show_bug.cgi?id=2293371", "https://bugzilla.redhat.com/show_bug.cgi?id=2293383", "https://bugzilla.redhat.com/show_bug.cgi?id=2293418", "https://bugzilla.redhat.com/show_bug.cgi?id=2293420", "https://bugzilla.redhat.com/show_bug.cgi?id=2293444", "https://bugzilla.redhat.com/show_bug.cgi?id=2293461", "https://bugzilla.redhat.com/show_bug.cgi?id=2293653", "https://bugzilla.redhat.com/show_bug.cgi?id=2293657", "https://bugzilla.redhat.com/show_bug.cgi?id=2293684", "https://bugzilla.redhat.com/show_bug.cgi?id=2293687", "https://bugzilla.redhat.com/show_bug.cgi?id=2293700", "https://bugzilla.redhat.com/show_bug.cgi?id=2293711", "https://bugzilla.redhat.com/show_bug.cgi?id=2294274", "https://bugzilla.redhat.com/show_bug.cgi?id=2295914", "https://bugzilla.redhat.com/show_bug.cgi?id=2296067", "https://bugzilla.redhat.com/show_bug.cgi?id=2297056", "https://bugzilla.redhat.com/show_bug.cgi?id=2297474", "https://bugzilla.redhat.com/show_bug.cgi?id=2297558", "https://bugzilla.redhat.com/show_bug.cgi?id=2298108", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974", "https://errata.almalinux.org/8/ALSA-2024-5102.html", "https://errata.rockylinux.org/RLSA-2024:5101", "https://git.kernel.org/linus/10e4b5166df9ff7a2d5316138ca668b42d004422 (6.9-rc1)", "https://git.kernel.org/stable/c/10e4b5166df9ff7a2d5316138ca668b42d004422", "https://git.kernel.org/stable/c/1acbca933313aa866e39996904c9aca4d435c4cd", "https://git.kernel.org/stable/c/21c7c00dae55cb0e3810d5f9506b58f68475d41d", "https://git.kernel.org/stable/c/92b0f04e937665bde5768f3fcc622dcce44413d8", "https://git.kernel.org/stable/c/b61e3b7055ac6edee4be071c52f48c26472d2624", "https://linux.oracle.com/cve/CVE-2024-35801.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/2024051738-CVE-2024-35801-8038@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-35801", "https://ubuntu.com/security/notices/USN-6816-1", "https://ubuntu.com/security/notices/USN-6817-1", "https://ubuntu.com/security/notices/USN-6817-2", "https://ubuntu.com/security/notices/USN-6817-3", "https://ubuntu.com/security/notices/USN-6878-1", "https://www.cve.org/CVERecord?id=CVE-2024-35801" ], "PublishedDate": "2024-05-17T14:15:12.827Z", "LastModifiedDate": "2025-09-19T15:44:30.38Z" }, { "VulnerabilityID": "CVE-2024-35803", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-35803", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:191a68aec60575bd028a12a76459157b80797e181bb805420218f8a6cdefd1ba", "Title": "kernel: x86/efistub: Call mixed mode boot services on the firmware\u0026#39;s stack", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/efistub: Call mixed mode boot services on the firmware's stack\n\nNormally, the EFI stub calls into the EFI boot services using the stack\nthat was live when the stub was entered. According to the UEFI spec,\nthis stack needs to be at least 128k in size - this might seem large but\nall asynchronous processing and event handling in EFI runs from the same\nstack and so quite a lot of space may be used in practice.\n\nIn mixed mode, the situation is a bit different: the bootloader calls\nthe 32-bit EFI stub entry point, which calls the decompressor's 32-bit\nentry point, where the boot stack is set up, using a fixed allocation\nof 16k. This stack is still in use when the EFI stub is started in\n64-bit mode, and so all calls back into the EFI firmware will be using\nthe decompressor's limited boot stack.\n\nDue to the placement of the boot stack right after the boot heap, any\nstack overruns have gone unnoticed. However, commit\n\n 5c4feadb0011983b (\"x86/decompressor: Move global symbol references to C code\")\n\nmoved the definition of the boot heap into C code, and now the boot\nstack is placed right at the base of BSS, where any overruns will\ncorrupt the end of the .data section.\n\nWhile it would be possible to work around this by increasing the size of\nthe boot stack, doing so would affect all x86 systems, and mixed mode\nsystems are a tiny (and shrinking) fraction of the x86 installed base.\n\nSo instead, record the firmware stack pointer value when entering from\nthe 32-bit firmware, and switch to this stack every time a EFI boot\nservice call is made.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-35803", "https://git.kernel.org/linus/cefcd4fe2e3aaf792c14c9e56dab89e3d7a65d02 (6.9-rc1)", "https://git.kernel.org/stable/c/2149f8a56e2ed345c7a4d022a79f6b8fc53ae926", "https://git.kernel.org/stable/c/725351c036452b7db5771a7bed783564bc4b99cc", "https://git.kernel.org/stable/c/930775060ca348b8665f60eef14b204172d14f31", "https://git.kernel.org/stable/c/cefcd4fe2e3aaf792c14c9e56dab89e3d7a65d02", "https://git.kernel.org/stable/c/fba7ee7187581b5bc222003e73e2592b398bb06d", "https://lore.kernel.org/linux-cve-announce/2024051739-CVE-2024-35803-c81f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-35803", "https://ubuntu.com/security/notices/USN-6816-1", "https://ubuntu.com/security/notices/USN-6817-1", "https://ubuntu.com/security/notices/USN-6817-2", "https://ubuntu.com/security/notices/USN-6817-3", "https://ubuntu.com/security/notices/USN-6878-1", "https://www.cve.org/CVERecord?id=CVE-2024-35803" ], "PublishedDate": "2024-05-17T14:15:13.337Z", "LastModifiedDate": "2025-09-26T15:57:45.85Z" }, { "VulnerabilityID": "CVE-2024-35808", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-35808", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c5a0e02b30c4809c148e4920342c36f21507341dc23fb42ecfc5326da5244ba2", "Title": "kernel: md/dm-raid: don\u0026#39;t call md_reap_sync_thread() directly", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/dm-raid: don't call md_reap_sync_thread() directly\n\nCurrently md_reap_sync_thread() is called from raid_message() directly\nwithout holding 'reconfig_mutex', this is definitely unsafe because\nmd_reap_sync_thread() can change many fields that is protected by\n'reconfig_mutex'.\n\nHowever, hold 'reconfig_mutex' here is still problematic because this\nwill cause deadlock, for example, commit 130443d60b1b (\"md: refactor\nidle/frozen_sync_thread() to fix deadlock\").\n\nFix this problem by using stop_sync_thread() to unregister sync_thread,\nlike md/raid did.", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-35808", "https://git.kernel.org/linus/cd32b27a66db8776d8b8e82ec7d7dde97a8693b0 (6.9-rc1)", "https://git.kernel.org/stable/c/347dcdc15a1706f61aa545ae498ededdf31aeebc", "https://git.kernel.org/stable/c/9e59b8d76ff511505eb0dd1478329f09e0f04669", "https://git.kernel.org/stable/c/cd32b27a66db8776d8b8e82ec7d7dde97a8693b0", "https://linux.oracle.com/cve/CVE-2024-35808.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/2024051740-CVE-2024-35808-2bf6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-35808", "https://ubuntu.com/security/notices/USN-6816-1", "https://ubuntu.com/security/notices/USN-6817-1", "https://ubuntu.com/security/notices/USN-6817-2", "https://ubuntu.com/security/notices/USN-6817-3", "https://ubuntu.com/security/notices/USN-6878-1", "https://www.cve.org/CVERecord?id=CVE-2024-35808" ], "PublishedDate": "2024-05-17T14:15:14.503Z", "LastModifiedDate": "2025-09-19T16:02:27.983Z" }, { "VulnerabilityID": "CVE-2024-35826", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-35826", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a7338381efadba38de81f05190291bfac1bdef43dba9bbe36ca1b2b313caa24b", "Title": "kernel: block: Fix page refcounts for unaligned buffers in __bio_release_pages()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: Fix page refcounts for unaligned buffers in __bio_release_pages()\n\nFix an incorrect number of pages being released for buffers that do not\nstart at the beginning of a page.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-35826", "https://git.kernel.org/linus/38b43539d64b2fa020b3b9a752a986769f87f7a6 (6.9-rc1)", "https://git.kernel.org/stable/c/242006996d15f5ca62e22f8c7de077d9c4a8f367", "https://git.kernel.org/stable/c/38b43539d64b2fa020b3b9a752a986769f87f7a6", "https://git.kernel.org/stable/c/7d3765550374f71248c55e6206ea1d6fd4537e65", "https://git.kernel.org/stable/c/c9d3d2fbde9b8197bce88abcbe8ee8e713ffe7c2", "https://git.kernel.org/stable/c/ecbd9ced84dd655a8f4cd49d2aad0e80dbf6bf35", "https://lore.kernel.org/linux-cve-announce/2024051737-CVE-2024-35826-c17f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-35826", "https://ubuntu.com/security/notices/USN-6816-1", "https://ubuntu.com/security/notices/USN-6817-1", "https://ubuntu.com/security/notices/USN-6817-2", "https://ubuntu.com/security/notices/USN-6817-3", "https://ubuntu.com/security/notices/USN-6878-1", "https://www.cve.org/CVERecord?id=CVE-2024-35826" ], "PublishedDate": "2024-05-17T14:15:18.45Z", "LastModifiedDate": "2025-09-26T16:07:22.667Z" }, { "VulnerabilityID": "CVE-2024-35832", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-35832", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:257c25d53f14f7a060dabbf143268866b58ccba58bd5650b65f59d0eca7e8cbc", "Title": "kernel: bcachefs: kvfree bch_fs::snapshots in bch2_fs_snapshots_exit", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbcachefs: kvfree bch_fs::snapshots in bch2_fs_snapshots_exit\n\nbch_fs::snapshots is allocated by kvzalloc in __snapshot_t_mut.\nIt should be freed by kvfree not kfree.\nOr umount will triger:\n\n[ 406.829178 ] BUG: unable to handle page fault for address: ffffe7b487148008\n[ 406.830676 ] #PF: supervisor read access in kernel mode\n[ 406.831643 ] #PF: error_code(0x0000) - not-present page\n[ 406.832487 ] PGD 0 P4D 0\n[ 406.832898 ] Oops: 0000 [#1] PREEMPT SMP PTI\n[ 406.833512 ] CPU: 2 PID: 1754 Comm: umount Kdump: loaded Tainted: G OE 6.7.0-rc7-custom+ #90\n[ 406.834746 ] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\n[ 406.835796 ] RIP: 0010:kfree+0x62/0x140\n[ 406.836197 ] Code: 80 48 01 d8 0f 82 e9 00 00 00 48 c7 c2 00 00 00 80 48 2b 15 78 9f 1f 01 48 01 d0 48 c1 e8 0c 48 c1 e0 06 48 03 05 56 9f 1f 01 \u003c48\u003e 8b 50 08 48 89 c7 f6 c2 01 0f 85 b0 00 00 00 66 90 48 8b 07 f6\n[ 406.837810 ] RSP: 0018:ffffb9d641607e48 EFLAGS: 00010286\n[ 406.838213 ] RAX: ffffe7b487148000 RBX: ffffb9d645200000 RCX: ffffb9d641607dc4\n[ 406.838738 ] RDX: 000065bb00000000 RSI: ffffffffc0d88b84 RDI: ffffb9d645200000\n[ 406.839217 ] RBP: ffff9a4625d00068 R08: 0000000000000001 R09: 0000000000000001\n[ 406.839650 ] R10: 0000000000000001 R11: 000000000000001f R12: ffff9a4625d4da80\n[ 406.840055 ] R13: ffff9a4625d00000 R14: ffffffffc0e2eb20 R15: 0000000000000000\n[ 406.840451 ] FS: 00007f0a264ffb80(0000) GS:ffff9a4e2d500000(0000) knlGS:0000000000000000\n[ 406.840851 ] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 406.841125 ] CR2: ffffe7b487148008 CR3: 000000018c4d2000 CR4: 00000000000006f0\n[ 406.841464 ] Call Trace:\n[ 406.841583 ] \u003cTASK\u003e\n[ 406.841682 ] ? __die+0x1f/0x70\n[ 406.841828 ] ? page_fault_oops+0x159/0x470\n[ 406.842014 ] ? fixup_exception+0x22/0x310\n[ 406.842198 ] ? exc_page_fault+0x1ed/0x200\n[ 406.842382 ] ? asm_exc_page_fault+0x22/0x30\n[ 406.842574 ] ? bch2_fs_release+0x54/0x280 [bcachefs]\n[ 406.842842 ] ? kfree+0x62/0x140\n[ 406.842988 ] ? kfree+0x104/0x140\n[ 406.843138 ] bch2_fs_release+0x54/0x280 [bcachefs]\n[ 406.843390 ] kobject_put+0xb7/0x170\n[ 406.843552 ] deactivate_locked_super+0x2f/0xa0\n[ 406.843756 ] cleanup_mnt+0xba/0x150\n[ 406.843917 ] task_work_run+0x59/0xa0\n[ 406.844083 ] exit_to_user_mode_prepare+0x197/0x1a0\n[ 406.844302 ] syscall_exit_to_user_mode+0x16/0x40\n[ 406.844510 ] do_syscall_64+0x4e/0xf0\n[ 406.844675 ] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n[ 406.844907 ] RIP: 0033:0x7f0a2664e4fb", "Severity": "MEDIUM", "CweIDs": [ "CWE-763" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-35832", "https://git.kernel.org/linus/369acf97d6fd5da620d053d0f1878ffe32eff555 (6.8-rc1)", "https://git.kernel.org/stable/c/369acf97d6fd5da620d053d0f1878ffe32eff555", "https://git.kernel.org/stable/c/56590678791119b9a655202e49898edfb9307271", "https://lore.kernel.org/linux-cve-announce/2024051730-CVE-2024-35832-b2f8@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-35832", "https://www.cve.org/CVERecord?id=CVE-2024-35832" ], "PublishedDate": "2024-05-17T14:15:19.71Z", "LastModifiedDate": "2025-09-24T21:04:58.703Z" }, { "VulnerabilityID": "CVE-2024-35839", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-35839", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:86b3a6766aea10407a6cb0137968620fd102a1752b2bb92fe8ce701da645fafd", "Title": "kernel: netfilter: bridge: replace physindev with physinif in nf_bridge_info", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: bridge: replace physindev with physinif in nf_bridge_info\n\nAn skb can be added to a neigh-\u003earp_queue while waiting for an arp\nreply. Where original skb's skb-\u003edev can be different to neigh's\nneigh-\u003edev. For instance in case of bridging dnated skb from one veth to\nanother, the skb would be added to a neigh-\u003earp_queue of the bridge.\n\nAs skb-\u003edev can be reset back to nf_bridge-\u003ephysindev and used, and as\nthere is no explicit mechanism that prevents this physindev from been\nfreed under us (for instance neigh_flush_dev doesn't cleanup skbs from\ndifferent device's neigh queue) we can crash on e.g. this stack:\n\narp_process\n neigh_update\n skb = __skb_dequeue(\u0026neigh-\u003earp_queue)\n neigh_resolve_output(..., skb)\n ...\n br_nf_dev_xmit\n br_nf_pre_routing_finish_bridge_slow\n skb-\u003edev = nf_bridge-\u003ephysindev\n br_handle_frame_finish\n\nLet's use plain ifindex instead of net_device link. To peek into the\noriginal net_device we will use dev_get_by_index_rcu(). Thus either we\nget device and are safe to use it or we don't get it and drop skb.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 3, "amazon": 3, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:5928", "https://access.redhat.com/security/cve/CVE-2024-35839", "https://bugzilla.redhat.com/2265185", "https://bugzilla.redhat.com/2272797", "https://bugzilla.redhat.com/2273654", "https://bugzilla.redhat.com/2275742", "https://bugzilla.redhat.com/2275744", "https://bugzilla.redhat.com/2277166", "https://bugzilla.redhat.com/2278256", "https://bugzilla.redhat.com/2278258", "https://bugzilla.redhat.com/2278264", "https://bugzilla.redhat.com/2281101", "https://bugzilla.redhat.com/2281284", "https://bugzilla.redhat.com/2281669", "https://bugzilla.redhat.com/2281672", "https://bugzilla.redhat.com/2281675", "https://bugzilla.redhat.com/2281916", "https://bugzilla.redhat.com/2281958", "https://bugzilla.redhat.com/2282720", "https://bugzilla.redhat.com/2283468", "https://bugzilla.redhat.com/2284421", "https://bugzilla.redhat.com/2293356", "https://bugzilla.redhat.com/2293414", "https://bugzilla.redhat.com/2293455", "https://bugzilla.redhat.com/2293459", "https://bugzilla.redhat.com/2293461", "https://bugzilla.redhat.com/2295914", "https://bugzilla.redhat.com/2297489", "https://bugzilla.redhat.com/2297495", "https://bugzilla.redhat.com/2297496", "https://bugzilla.redhat.com/2297498", "https://bugzilla.redhat.com/2297513", "https://bugzilla.redhat.com/2297523", "https://bugzilla.redhat.com/2297525", "https://bugzilla.redhat.com/2297541", "https://bugzilla.redhat.com/2297562", "https://bugzilla.redhat.com/2297567", "https://bugzilla.redhat.com/2299240", "https://bugzilla.redhat.com/2299336", "https://bugzilla.redhat.com/2300410", "https://bugzilla.redhat.com/2300453", "https://bugzilla.redhat.com/2301473", "https://bugzilla.redhat.com/2301519", "https://bugzilla.redhat.com/show_bug.cgi?id=2266247", "https://bugzilla.redhat.com/show_bug.cgi?id=2269183", "https://bugzilla.redhat.com/show_bug.cgi?id=2275750", "https://bugzilla.redhat.com/show_bug.cgi?id=2277168", "https://bugzilla.redhat.com/show_bug.cgi?id=2278262", "https://bugzilla.redhat.com/show_bug.cgi?id=2278350", "https://bugzilla.redhat.com/show_bug.cgi?id=2278387", "https://bugzilla.redhat.com/show_bug.cgi?id=2281284", "https://bugzilla.redhat.com/show_bug.cgi?id=2281669", "https://bugzilla.redhat.com/show_bug.cgi?id=2281817", "https://bugzilla.redhat.com/show_bug.cgi?id=2293356", "https://bugzilla.redhat.com/show_bug.cgi?id=2293402", "https://bugzilla.redhat.com/show_bug.cgi?id=2293458", "https://bugzilla.redhat.com/show_bug.cgi?id=2293459", "https://bugzilla.redhat.com/show_bug.cgi?id=2297475", "https://bugzilla.redhat.com/show_bug.cgi?id=2297508", "https://bugzilla.redhat.com/show_bug.cgi?id=2297545", "https://bugzilla.redhat.com/show_bug.cgi?id=2297567", "https://bugzilla.redhat.com/show_bug.cgi?id=2297568", "https://bugzilla.redhat.com/show_bug.cgi?id=2298109", "https://bugzilla.redhat.com/show_bug.cgi?id=2298412", "https://bugzilla.redhat.com/show_bug.cgi?id=2300412", "https://bugzilla.redhat.com/show_bug.cgi?id=2300442", "https://bugzilla.redhat.com/show_bug.cgi?id=2300487", "https://bugzilla.redhat.com/show_bug.cgi?id=2300488", "https://bugzilla.redhat.com/show_bug.cgi?id=2300508", "https://bugzilla.redhat.com/show_bug.cgi?id=2300517", "https://bugzilla.redhat.com/show_bug.cgi?id=2307862", "https://bugzilla.redhat.com/show_bug.cgi?id=2307865", "https://bugzilla.redhat.com/show_bug.cgi?id=2307892", "https://bugzilla.redhat.com/show_bug.cgi?id=2309852", "https://bugzilla.redhat.com/show_bug.cgi?id=2309853", "https://bugzilla.redhat.com/show_bug.cgi?id=2311715", "https://bugzilla.redhat.com/show_bug.cgi?id=2315178", "https://bugzilla.redhat.com/show_bug.cgi?id=2317601", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48773", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48936", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52492", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24857", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26851", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26924", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26976", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27017", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27062", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35839", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35898", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35939", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38541", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38586", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38608", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39503", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40924", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40983", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40984", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41009", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41042", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41066", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41092", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41093", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42070", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42079", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42244", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42284", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42292", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42301", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43854", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43880", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43889", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43892", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44935", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44990", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45018", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47668", "https://errata.almalinux.org/9/ALSA-2024-5928.html", "https://errata.rockylinux.org/RLSA-2024:8856", "https://git.kernel.org/linus/9874808878d9eed407e3977fd11fee49de1e1d86 (6.8-rc1)", "https://git.kernel.org/stable/c/544add1f1cfb78c3dfa3e6edcf4668f6be5e730c", "https://git.kernel.org/stable/c/7ae19ee81ca56b13c50a78de6c47d5b8fdc9d97b", "https://git.kernel.org/stable/c/9325e3188a9cf3f69fc6f32af59844bbc5b90547", "https://git.kernel.org/stable/c/9874808878d9eed407e3977fd11fee49de1e1d86", "https://linux.oracle.com/cve/CVE-2024-35839.html", "https://linux.oracle.com/errata/ELSA-2024-8856.html", "https://lore.kernel.org/linux-cve-announce/2024051756-CVE-2024-35839-4194@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-35839", "https://ubuntu.com/security/notices/USN-6818-1", "https://ubuntu.com/security/notices/USN-6818-2", "https://ubuntu.com/security/notices/USN-6818-3", "https://ubuntu.com/security/notices/USN-6818-4", "https://ubuntu.com/security/notices/USN-6819-1", "https://ubuntu.com/security/notices/USN-6819-2", "https://ubuntu.com/security/notices/USN-6819-3", "https://ubuntu.com/security/notices/USN-6819-4", "https://www.cve.org/CVERecord?id=CVE-2024-35839" ], "PublishedDate": "2024-05-17T15:15:21.017Z", "LastModifiedDate": "2025-09-24T21:02:31.86Z" }, { "VulnerabilityID": "CVE-2024-35843", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-35843", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:81e0ac6362af0967d1324689cc4c88f760af00f7d57902ebda9989444bd11e9b", "Title": "kernel: iommu/vt-d: Use device rbtree in iopf reporting path", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Use device rbtree in iopf reporting path\n\nThe existing I/O page fault handler currently locates the PCI device by\ncalling pci_get_domain_bus_and_slot(). This function searches the list\nof all PCI devices until the desired device is found. To improve lookup\nefficiency, replace it with device_rbtree_find() to search the device\nwithin the probed device rbtree.\n\nThe I/O page fault is initiated by the device, which does not have any\nsynchronization mechanism with the software to ensure that the device\nstays in the probed device tree. Theoretically, a device could be released\nby the IOMMU subsystem after device_rbtree_find() and before\niopf_get_dev_fault_param(), which would cause a use-after-free problem.\n\nAdd a mutex to synchronize the I/O page fault reporting path and the IOMMU\nrelease device path. This lock doesn't introduce any performance overhead,\nas the conflict between I/O page fault reporting and device releasing is\nvery rare.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "oracle-oval": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-35843", "https://git.kernel.org/linus/def054b01a867822254e1dda13d587f5c7a99e2a (6.9-rc1)", "https://git.kernel.org/stable/c/3d39238991e745c5df85785604f037f35d9d1b15", "https://git.kernel.org/stable/c/def054b01a867822254e1dda13d587f5c7a99e2a", "https://linux.oracle.com/cve/CVE-2024-35843.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/2024051717-CVE-2024-35843-516e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-35843", "https://ubuntu.com/security/notices/USN-6816-1", "https://ubuntu.com/security/notices/USN-6817-1", "https://ubuntu.com/security/notices/USN-6817-2", "https://ubuntu.com/security/notices/USN-6817-3", "https://ubuntu.com/security/notices/USN-6878-1", "https://www.cve.org/CVERecord?id=CVE-2024-35843" ], "PublishedDate": "2024-05-17T15:15:21.313Z", "LastModifiedDate": "2025-04-07T19:05:09.4Z" }, { "VulnerabilityID": "CVE-2024-35862", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-35862", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1dc2ae76253c9fb38e10340c07252a05aab04d46533a16820249b940f6acfe2d", "Title": "kernel: smb: client: fix potential UAF in smb2_is_network_name_deleted()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF in smb2_is_network_name_deleted()\n\nSkip sessions that are being teared down (status == SES_EXITING) to\navoid UAF.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 2, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-35862", "https://git.kernel.org/linus/63981561ffd2d4987807df4126f96a11e18b0c1d (6.9-rc3)", "https://git.kernel.org/stable/c/63981561ffd2d4987807df4126f96a11e18b0c1d", "https://git.kernel.org/stable/c/aa582b33f94453fdeaff1e7d0aa252c505975e01", "https://git.kernel.org/stable/c/d919b6ea15ffa56fbafef4a1d92f47aeda9af645", "https://git.kernel.org/stable/c/f9414004798d9742c1af23a1d839fe6a9503751c", "https://linux.oracle.com/cve/CVE-2024-35862.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/2024051937-CVE-2024-35862-eda2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-35862", "https://ubuntu.com/security/notices/USN-6893-1", "https://ubuntu.com/security/notices/USN-6893-2", "https://ubuntu.com/security/notices/USN-6893-3", "https://ubuntu.com/security/notices/USN-6918-1", "https://www.cve.org/CVERecord?id=CVE-2024-35862" ], "PublishedDate": "2024-05-19T09:15:07.797Z", "LastModifiedDate": "2026-03-25T14:21:15.637Z" }, { "VulnerabilityID": "CVE-2024-35865", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-35865", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5b61630c9540a72a75e030c960991e25ebb95d7db0ba845eb69d615e944e33a1", "Title": "kernel: smb: client: fix potential UAF in smb2_is_valid_oplock_break()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF in smb2_is_valid_oplock_break()\n\nSkip sessions that are being teared down (status == SES_EXITING) to\navoid UAF.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 2, "oracle-oval": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-35865", "https://git.kernel.org/linus/22863485a4626ec6ecf297f4cc0aef709bc862e4 (6.9-rc3)", "https://git.kernel.org/stable/c/21fed37d2bdcde33453faf61d3d4d96c355f04bd", "https://git.kernel.org/stable/c/22863485a4626ec6ecf297f4cc0aef709bc862e4", "https://git.kernel.org/stable/c/3dba0e5276f131e36d6d8043191d856f49238628", "https://git.kernel.org/stable/c/84488466b7a69570bdbf76dd9576847ab97d54e7", "https://linux.oracle.com/cve/CVE-2024-35865.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/2024051939-CVE-2024-35865-c095@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-35865", "https://ubuntu.com/security/notices/USN-6893-1", "https://ubuntu.com/security/notices/USN-6893-2", "https://ubuntu.com/security/notices/USN-6893-3", "https://ubuntu.com/security/notices/USN-6918-1", "https://www.cve.org/CVERecord?id=CVE-2024-35865" ], "PublishedDate": "2024-05-19T09:15:08.033Z", "LastModifiedDate": "2025-04-07T18:57:42.18Z" }, { "VulnerabilityID": "CVE-2024-35875", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-35875", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:11a7738d29f50dc1f73be5b725adcd8b55ff5fc1d2125dc1bfa577cd31285308", "Title": "kernel: x86/coco: Require seeding RNG with RDRAND on CoCo systems", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/coco: Require seeding RNG with RDRAND on CoCo systems\n\nThere are few uses of CoCo that don't rely on working cryptography and\nhence a working RNG. Unfortunately, the CoCo threat model means that the\nVM host cannot be trusted and may actively work against guests to\nextract secrets or manipulate computation. Since a malicious host can\nmodify or observe nearly all inputs to guests, the only remaining source\nof entropy for CoCo guests is RDRAND.\n\nIf RDRAND is broken -- due to CPU hardware fault -- the RNG as a whole\nis meant to gracefully continue on gathering entropy from other sources,\nbut since there aren't other sources on CoCo, this is catastrophic.\nThis is mostly a concern at boot time when initially seeding the RNG, as\nafter that the consequences of a broken RDRAND are much more\ntheoretical.\n\nSo, try at boot to seed the RNG using 256 bits of RDRAND output. If this\nfails, panic(). This will also trigger if the system is booted without\nRDRAND, as RDRAND is essential for a safe CoCo boot.\n\nAdd this deliberately to be \"just a CoCo x86 driver feature\" and not\npart of the RNG itself. Many device drivers and platforms have some\ndesire to contribute something to the RNG, and add_device_randomness()\nis specifically meant for this purpose.\n\nAny driver can call it with seed data of any quality, or even garbage\nquality, and it can only possibly make the quality of the RNG better or\nhave no effect, but can never make it worse.\n\nRather than trying to build something into the core of the RNG, consider\nthe particular CoCo issue just a CoCo issue, and therefore separate it\nall out into driver (well, arch/platform) code.\n\n [ bp: Massage commit message. ]", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:6567", "https://access.redhat.com/security/cve/CVE-2024-35875", "https://bugzilla.redhat.com/2265797", "https://bugzilla.redhat.com/2269434", "https://bugzilla.redhat.com/2269436", "https://bugzilla.redhat.com/2273141", "https://bugzilla.redhat.com/2275678", "https://bugzilla.redhat.com/2278206", "https://bugzilla.redhat.com/2281052", "https://bugzilla.redhat.com/2281151", "https://bugzilla.redhat.com/2281727", "https://bugzilla.redhat.com/2281968", "https://bugzilla.redhat.com/2282709", "https://bugzilla.redhat.com/2284271", "https://bugzilla.redhat.com/2284402", "https://bugzilla.redhat.com/2293273", "https://bugzilla.redhat.com/2293276", "https://bugzilla.redhat.com/2293440", "https://bugzilla.redhat.com/2297511", "https://bugzilla.redhat.com/2297520", "https://bugzilla.redhat.com/2300409", "https://bugzilla.redhat.com/2300414", "https://bugzilla.redhat.com/2300429", "https://bugzilla.redhat.com/2300491", "https://bugzilla.redhat.com/2300520", "https://bugzilla.redhat.com/2300713", "https://bugzilla.redhat.com/2301465", "https://bugzilla.redhat.com/2301496", "https://bugzilla.redhat.com/2301637", "https://bugzilla.redhat.com/show_bug.cgi?id=2265797", "https://bugzilla.redhat.com/show_bug.cgi?id=2269434", "https://bugzilla.redhat.com/show_bug.cgi?id=2269436", "https://bugzilla.redhat.com/show_bug.cgi?id=2273141", "https://bugzilla.redhat.com/show_bug.cgi?id=2275678", "https://bugzilla.redhat.com/show_bug.cgi?id=2278206", "https://bugzilla.redhat.com/show_bug.cgi?id=2281052", "https://bugzilla.redhat.com/show_bug.cgi?id=2281151", "https://bugzilla.redhat.com/show_bug.cgi?id=2281727", "https://bugzilla.redhat.com/show_bug.cgi?id=2281968", "https://bugzilla.redhat.com/show_bug.cgi?id=2282709", "https://bugzilla.redhat.com/show_bug.cgi?id=2284271", "https://bugzilla.redhat.com/show_bug.cgi?id=2284402", "https://bugzilla.redhat.com/show_bug.cgi?id=2293273", "https://bugzilla.redhat.com/show_bug.cgi?id=2293276", "https://bugzilla.redhat.com/show_bug.cgi?id=2293440", "https://bugzilla.redhat.com/show_bug.cgi?id=2297511", "https://bugzilla.redhat.com/show_bug.cgi?id=2297520", "https://bugzilla.redhat.com/show_bug.cgi?id=2300409", "https://bugzilla.redhat.com/show_bug.cgi?id=2300414", "https://bugzilla.redhat.com/show_bug.cgi?id=2300429", "https://bugzilla.redhat.com/show_bug.cgi?id=2300491", "https://bugzilla.redhat.com/show_bug.cgi?id=2300520", "https://bugzilla.redhat.com/show_bug.cgi?id=2300713", "https://bugzilla.redhat.com/show_bug.cgi?id=2301465", "https://bugzilla.redhat.com/show_bug.cgi?id=2301496", "https://bugzilla.redhat.com/show_bug.cgi?id=2301637", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52801", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26629", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26630", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26720", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26886", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26946", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35797", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35875", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36019", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36883", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38559", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38619", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40936", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41040", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41044", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41055", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41073", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41096", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42082", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42096", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42102", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42131", "https://errata.almalinux.org/9/ALSA-2024-6567.html", "https://errata.rockylinux.org/RLSA-2024:6567", "https://git.kernel.org/linus/99485c4c026f024e7cb82da84c7951dbe3deb584 (6.9-rc3)", "https://git.kernel.org/stable/c/08044b08b37528b82f70a87576c692b4e4b7716e", "https://git.kernel.org/stable/c/22943e4fe4b3a2dcbadc3d38d5bf840bbdbfe374", "https://git.kernel.org/stable/c/453b5f2dec276c1bb4ea078bf8c0da57ee4627e5", "https://git.kernel.org/stable/c/99485c4c026f024e7cb82da84c7951dbe3deb584", "https://linux.oracle.com/cve/CVE-2024-35875.html", "https://linux.oracle.com/errata/ELSA-2024-6567.html", "https://lore.kernel.org/linux-cve-announce/2024051942-CVE-2024-35875-e23d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-35875", "https://ubuntu.com/security/notices/USN-6893-1", "https://ubuntu.com/security/notices/USN-6893-2", "https://ubuntu.com/security/notices/USN-6893-3", "https://ubuntu.com/security/notices/USN-6918-1", "https://www.cve.org/CVERecord?id=CVE-2024-35875" ], "PublishedDate": "2024-05-19T09:15:08.833Z", "LastModifiedDate": "2025-09-24T21:13:12.94Z" }, { "VulnerabilityID": "CVE-2024-35878", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-35878", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a861ef5a3157d5b2e0fb453974b64f9fc2e9c3f8fba8c46cafb80a0aa35c9507", "Title": "kernel: of: module: prevent NULL pointer dereference in vsnprintf()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nof: module: prevent NULL pointer dereference in vsnprintf()\n\nIn of_modalias(), we can get passed the str and len parameters which would\ncause a kernel oops in vsnprintf() since it only allows passing a NULL ptr\nwhen the length is also 0. Also, we need to filter out the negative values\nof the len parameter as these will result in a really huge buffer since\nsnprintf() takes size_t parameter while ours is ssize_t...\n\nFound by Linux Verification Center (linuxtesting.org) with the Svace static\nanalysis tool.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "oracle-oval": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-35878", "https://git.kernel.org/linus/a1aa5390cc912934fee76ce80af5f940452fa987 (6.9-rc3)", "https://git.kernel.org/stable/c/544561dc56f7e69a053c25e11e6170f48bb97898", "https://git.kernel.org/stable/c/a1aa5390cc912934fee76ce80af5f940452fa987", "https://git.kernel.org/stable/c/e4a449368a2ce6d57a775d0ead27fc07f5a86e5b", "https://linux.oracle.com/cve/CVE-2024-35878.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/2024051943-CVE-2024-35878-5af8@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-35878", "https://ubuntu.com/security/notices/USN-6893-1", "https://ubuntu.com/security/notices/USN-6893-2", "https://ubuntu.com/security/notices/USN-6893-3", "https://ubuntu.com/security/notices/USN-6918-1", "https://www.cve.org/CVERecord?id=CVE-2024-35878" ], "PublishedDate": "2024-05-19T09:15:09.09Z", "LastModifiedDate": "2025-04-07T18:57:06.917Z" }, { "VulnerabilityID": "CVE-2024-35908", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-35908", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:47b4c0ba8bf9bfd7bbd94f3394e44788f3b7241e621e67e98bfafd65020c9c96", "Title": "kernel: tls: get psock ref after taking rxlock to avoid leak", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: get psock ref after taking rxlock to avoid leak\n\nAt the start of tls_sw_recvmsg, we take a reference on the psock, and\nthen call tls_rx_reader_lock. If that fails, we return directly\nwithout releasing the reference.\n\nInstead of adding a new label, just take the reference after locking\nhas succeeded, since we don't need it before.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "amazon": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-35908", "https://git.kernel.org/linus/417e91e856099e9b8a42a2520e2255e6afe024be (6.9-rc2)", "https://git.kernel.org/stable/c/30fabe50a7ace3e9d57cf7f9288f33ea408491c8", "https://git.kernel.org/stable/c/417e91e856099e9b8a42a2520e2255e6afe024be", "https://git.kernel.org/stable/c/b565d294e3d5aa809566a4d819835da11997d8b3", "https://git.kernel.org/stable/c/f1b7f14130d782433bc98c1e1e41ce6b4d4c3096", "https://linux.oracle.com/cve/CVE-2024-35908.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/2024051955-CVE-2024-35908-e78a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-35908", "https://ubuntu.com/security/notices/USN-6893-1", "https://ubuntu.com/security/notices/USN-6893-2", "https://ubuntu.com/security/notices/USN-6893-3", "https://ubuntu.com/security/notices/USN-6918-1", "https://www.cve.org/CVERecord?id=CVE-2024-35908" ], "PublishedDate": "2024-05-19T09:15:11.477Z", "LastModifiedDate": "2025-09-24T18:52:20.163Z" }, { "VulnerabilityID": "CVE-2024-35924", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-35924", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:52dc3ff52679493bf1de0a2e6f6d915ec9c5f2e4dd1856f156a557c71c796a81", "Title": "kernel: usb: typec: ucsi: Limit read size on v1.2", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: Limit read size on v1.2\n\nBetween UCSI 1.2 and UCSI 2.0, the size of the MESSAGE_IN region was\nincreased from 16 to 256. In order to avoid overflowing reads for older\nsystems, add a mechanism to use the read UCSI version to truncate read\nsizes on UCSI v1.2.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 3, "nvd": 2, "oracle-oval": 2, "redhat": 1, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:5102", "https://access.redhat.com/security/cve/CVE-2024-35924", "https://bugzilla.redhat.com/2263879", "https://bugzilla.redhat.com/2265645", "https://bugzilla.redhat.com/2265797", "https://bugzilla.redhat.com/2266341", "https://bugzilla.redhat.com/2266347", "https://bugzilla.redhat.com/2266497", "https://bugzilla.redhat.com/2267787", "https://bugzilla.redhat.com/2268118", "https://bugzilla.redhat.com/2269070", "https://bugzilla.redhat.com/2269211", "https://bugzilla.redhat.com/2270084", "https://bugzilla.redhat.com/2270100", "https://bugzilla.redhat.com/2271686", "https://bugzilla.redhat.com/2271688", "https://bugzilla.redhat.com/2272782", "https://bugzilla.redhat.com/2272795", "https://bugzilla.redhat.com/2273109", "https://bugzilla.redhat.com/2273174", "https://bugzilla.redhat.com/2273236", "https://bugzilla.redhat.com/2273242", "https://bugzilla.redhat.com/2273247", "https://bugzilla.redhat.com/2273268", "https://bugzilla.redhat.com/2273427", "https://bugzilla.redhat.com/2273654", "https://bugzilla.redhat.com/2275565", "https://bugzilla.redhat.com/2275573", "https://bugzilla.redhat.com/2275580", "https://bugzilla.redhat.com/2275694", "https://bugzilla.redhat.com/2275711", "https://bugzilla.redhat.com/2275748", "https://bugzilla.redhat.com/2275761", "https://bugzilla.redhat.com/2275928", "https://bugzilla.redhat.com/2277166", "https://bugzilla.redhat.com/2277238", "https://bugzilla.redhat.com/2277840", "https://bugzilla.redhat.com/2278176", "https://bugzilla.redhat.com/2278178", "https://bugzilla.redhat.com/2278182", "https://bugzilla.redhat.com/2278218", "https://bugzilla.redhat.com/2278256", "https://bugzilla.redhat.com/2278258", "https://bugzilla.redhat.com/2278277", "https://bugzilla.redhat.com/2278279", "https://bugzilla.redhat.com/2278380", "https://bugzilla.redhat.com/2278484", "https://bugzilla.redhat.com/2278515", "https://bugzilla.redhat.com/2278535", "https://bugzilla.redhat.com/2278539", "https://bugzilla.redhat.com/2278989", "https://bugzilla.redhat.com/2280440", "https://bugzilla.redhat.com/2281054", "https://bugzilla.redhat.com/2281133", "https://bugzilla.redhat.com/2281149", "https://bugzilla.redhat.com/2281207", "https://bugzilla.redhat.com/2281215", "https://bugzilla.redhat.com/2281221", "https://bugzilla.redhat.com/2281235", "https://bugzilla.redhat.com/2281268", "https://bugzilla.redhat.com/2281326", "https://bugzilla.redhat.com/2281360", "https://bugzilla.redhat.com/2281510", "https://bugzilla.redhat.com/2281519", "https://bugzilla.redhat.com/2281636", "https://bugzilla.redhat.com/2281641", "https://bugzilla.redhat.com/2281664", "https://bugzilla.redhat.com/2281667", "https://bugzilla.redhat.com/2281672", "https://bugzilla.redhat.com/2281675", "https://bugzilla.redhat.com/2281682", "https://bugzilla.redhat.com/2281725", "https://bugzilla.redhat.com/2281752", "https://bugzilla.redhat.com/2281758", "https://bugzilla.redhat.com/2281819", "https://bugzilla.redhat.com/2281821", "https://bugzilla.redhat.com/2281833", "https://bugzilla.redhat.com/2281938", "https://bugzilla.redhat.com/2281949", "https://bugzilla.redhat.com/2281968", "https://bugzilla.redhat.com/2281989", "https://bugzilla.redhat.com/2282328", "https://bugzilla.redhat.com/2282373", "https://bugzilla.redhat.com/2282479", "https://bugzilla.redhat.com/2282553", "https://bugzilla.redhat.com/2282615", "https://bugzilla.redhat.com/2282623", "https://bugzilla.redhat.com/2282640", "https://bugzilla.redhat.com/2282642", "https://bugzilla.redhat.com/2282645", "https://bugzilla.redhat.com/2282717", "https://bugzilla.redhat.com/2282719", "https://bugzilla.redhat.com/2282727", "https://bugzilla.redhat.com/2282742", "https://bugzilla.redhat.com/2282743", "https://bugzilla.redhat.com/2282744", "https://bugzilla.redhat.com/2282759", "https://bugzilla.redhat.com/2282763", "https://bugzilla.redhat.com/2282766", "https://bugzilla.redhat.com/2282772", "https://bugzilla.redhat.com/2282780", "https://bugzilla.redhat.com/2282887", "https://bugzilla.redhat.com/2282896", "https://bugzilla.redhat.com/2282923", "https://bugzilla.redhat.com/2282925", "https://bugzilla.redhat.com/2282950", "https://bugzilla.redhat.com/2283401", "https://bugzilla.redhat.com/2283894", "https://bugzilla.redhat.com/2284400", "https://bugzilla.redhat.com/2284417", "https://bugzilla.redhat.com/2284421", "https://bugzilla.redhat.com/2284474", "https://bugzilla.redhat.com/2284477", "https://bugzilla.redhat.com/2284488", "https://bugzilla.redhat.com/2284496", "https://bugzilla.redhat.com/2284500", "https://bugzilla.redhat.com/2284513", "https://bugzilla.redhat.com/2284519", "https://bugzilla.redhat.com/2284539", "https://bugzilla.redhat.com/2284541", "https://bugzilla.redhat.com/2284556", "https://bugzilla.redhat.com/2284571", "https://bugzilla.redhat.com/2284590", "https://bugzilla.redhat.com/2284625", "https://bugzilla.redhat.com/2290408", "https://bugzilla.redhat.com/2292331", "https://bugzilla.redhat.com/2293078", "https://bugzilla.redhat.com/2293250", "https://bugzilla.redhat.com/2293276", "https://bugzilla.redhat.com/2293312", "https://bugzilla.redhat.com/2293316", "https://bugzilla.redhat.com/2293348", "https://bugzilla.redhat.com/2293371", "https://bugzilla.redhat.com/2293383", "https://bugzilla.redhat.com/2293418", "https://bugzilla.redhat.com/2293420", "https://bugzilla.redhat.com/2293444", "https://bugzilla.redhat.com/2293461", "https://bugzilla.redhat.com/2293653", "https://bugzilla.redhat.com/2293657", "https://bugzilla.redhat.com/2293684", "https://bugzilla.redhat.com/2293687", "https://bugzilla.redhat.com/2293700", "https://bugzilla.redhat.com/2293711", "https://bugzilla.redhat.com/2294274", "https://bugzilla.redhat.com/2295914", "https://bugzilla.redhat.com/2296067", "https://bugzilla.redhat.com/2297056", "https://bugzilla.redhat.com/2297474", "https://bugzilla.redhat.com/2297511", "https://bugzilla.redhat.com/2298108", "https://bugzilla.redhat.com/show_bug.cgi?id=2263879", "https://bugzilla.redhat.com/show_bug.cgi?id=2265645", "https://bugzilla.redhat.com/show_bug.cgi?id=2265650", "https://bugzilla.redhat.com/show_bug.cgi?id=2265797", "https://bugzilla.redhat.com/show_bug.cgi?id=2266341", "https://bugzilla.redhat.com/show_bug.cgi?id=2266347", "https://bugzilla.redhat.com/show_bug.cgi?id=2266497", "https://bugzilla.redhat.com/show_bug.cgi?id=2266594", "https://bugzilla.redhat.com/show_bug.cgi?id=2267787", "https://bugzilla.redhat.com/show_bug.cgi?id=2268118", "https://bugzilla.redhat.com/show_bug.cgi?id=2269070", "https://bugzilla.redhat.com/show_bug.cgi?id=2269211", "https://bugzilla.redhat.com/show_bug.cgi?id=2270084", "https://bugzilla.redhat.com/show_bug.cgi?id=2270100", "https://bugzilla.redhat.com/show_bug.cgi?id=2270700", "https://bugzilla.redhat.com/show_bug.cgi?id=2271686", "https://bugzilla.redhat.com/show_bug.cgi?id=2271688", "https://bugzilla.redhat.com/show_bug.cgi?id=2272782", "https://bugzilla.redhat.com/show_bug.cgi?id=2272795", "https://bugzilla.redhat.com/show_bug.cgi?id=2273109", "https://bugzilla.redhat.com/show_bug.cgi?id=2273117", "https://bugzilla.redhat.com/show_bug.cgi?id=2273174", "https://bugzilla.redhat.com/show_bug.cgi?id=2273236", "https://bugzilla.redhat.com/show_bug.cgi?id=2273242", "https://bugzilla.redhat.com/show_bug.cgi?id=2273247", "https://bugzilla.redhat.com/show_bug.cgi?id=2273268", "https://bugzilla.redhat.com/show_bug.cgi?id=2273427", "https://bugzilla.redhat.com/show_bug.cgi?id=2273654", "https://bugzilla.redhat.com/show_bug.cgi?id=2275565", "https://bugzilla.redhat.com/show_bug.cgi?id=2275573", "https://bugzilla.redhat.com/show_bug.cgi?id=2275580", "https://bugzilla.redhat.com/show_bug.cgi?id=2275694", "https://bugzilla.redhat.com/show_bug.cgi?id=2275711", "https://bugzilla.redhat.com/show_bug.cgi?id=2275744", "https://bugzilla.redhat.com/show_bug.cgi?id=2275748", "https://bugzilla.redhat.com/show_bug.cgi?id=2275761", "https://bugzilla.redhat.com/show_bug.cgi?id=2275928", "https://bugzilla.redhat.com/show_bug.cgi?id=2277166", "https://bugzilla.redhat.com/show_bug.cgi?id=2277238", "https://bugzilla.redhat.com/show_bug.cgi?id=2277840", "https://bugzilla.redhat.com/show_bug.cgi?id=2278176", "https://bugzilla.redhat.com/show_bug.cgi?id=2278178", "https://bugzilla.redhat.com/show_bug.cgi?id=2278182", "https://bugzilla.redhat.com/show_bug.cgi?id=2278218", "https://bugzilla.redhat.com/show_bug.cgi?id=2278256", "https://bugzilla.redhat.com/show_bug.cgi?id=2278258", "https://bugzilla.redhat.com/show_bug.cgi?id=2278277", "https://bugzilla.redhat.com/show_bug.cgi?id=2278279", "https://bugzilla.redhat.com/show_bug.cgi?id=2278380", "https://bugzilla.redhat.com/show_bug.cgi?id=2278484", "https://bugzilla.redhat.com/show_bug.cgi?id=2278515", "https://bugzilla.redhat.com/show_bug.cgi?id=2278535", "https://bugzilla.redhat.com/show_bug.cgi?id=2278539", "https://bugzilla.redhat.com/show_bug.cgi?id=2278989", "https://bugzilla.redhat.com/show_bug.cgi?id=2280440", "https://bugzilla.redhat.com/show_bug.cgi?id=2281054", "https://bugzilla.redhat.com/show_bug.cgi?id=2281133", "https://bugzilla.redhat.com/show_bug.cgi?id=2281149", "https://bugzilla.redhat.com/show_bug.cgi?id=2281189", "https://bugzilla.redhat.com/show_bug.cgi?id=2281190", "https://bugzilla.redhat.com/show_bug.cgi?id=2281207", "https://bugzilla.redhat.com/show_bug.cgi?id=2281215", "https://bugzilla.redhat.com/show_bug.cgi?id=2281221", "https://bugzilla.redhat.com/show_bug.cgi?id=2281235", "https://bugzilla.redhat.com/show_bug.cgi?id=2281268", "https://bugzilla.redhat.com/show_bug.cgi?id=2281326", "https://bugzilla.redhat.com/show_bug.cgi?id=2281360", "https://bugzilla.redhat.com/show_bug.cgi?id=2281510", "https://bugzilla.redhat.com/show_bug.cgi?id=2281519", "https://bugzilla.redhat.com/show_bug.cgi?id=2281636", "https://bugzilla.redhat.com/show_bug.cgi?id=2281641", "https://bugzilla.redhat.com/show_bug.cgi?id=2281664", "https://bugzilla.redhat.com/show_bug.cgi?id=2281667", "https://bugzilla.redhat.com/show_bug.cgi?id=2281672", "https://bugzilla.redhat.com/show_bug.cgi?id=2281675", "https://bugzilla.redhat.com/show_bug.cgi?id=2281682", "https://bugzilla.redhat.com/show_bug.cgi?id=2281725", "https://bugzilla.redhat.com/show_bug.cgi?id=2281752", "https://bugzilla.redhat.com/show_bug.cgi?id=2281758", "https://bugzilla.redhat.com/show_bug.cgi?id=2281819", "https://bugzilla.redhat.com/show_bug.cgi?id=2281821", "https://bugzilla.redhat.com/show_bug.cgi?id=2281833", "https://bugzilla.redhat.com/show_bug.cgi?id=2281938", "https://bugzilla.redhat.com/show_bug.cgi?id=2281949", "https://bugzilla.redhat.com/show_bug.cgi?id=2281968", "https://bugzilla.redhat.com/show_bug.cgi?id=2281989", "https://bugzilla.redhat.com/show_bug.cgi?id=2282328", "https://bugzilla.redhat.com/show_bug.cgi?id=2282373", "https://bugzilla.redhat.com/show_bug.cgi?id=2282479", "https://bugzilla.redhat.com/show_bug.cgi?id=2282553", "https://bugzilla.redhat.com/show_bug.cgi?id=2282615", "https://bugzilla.redhat.com/show_bug.cgi?id=2282623", "https://bugzilla.redhat.com/show_bug.cgi?id=2282640", "https://bugzilla.redhat.com/show_bug.cgi?id=2282642", "https://bugzilla.redhat.com/show_bug.cgi?id=2282645", "https://bugzilla.redhat.com/show_bug.cgi?id=2282690", "https://bugzilla.redhat.com/show_bug.cgi?id=2282717", "https://bugzilla.redhat.com/show_bug.cgi?id=2282719", "https://bugzilla.redhat.com/show_bug.cgi?id=2282727", "https://bugzilla.redhat.com/show_bug.cgi?id=2282742", "https://bugzilla.redhat.com/show_bug.cgi?id=2282743", "https://bugzilla.redhat.com/show_bug.cgi?id=2282744", "https://bugzilla.redhat.com/show_bug.cgi?id=2282759", "https://bugzilla.redhat.com/show_bug.cgi?id=2282763", "https://bugzilla.redhat.com/show_bug.cgi?id=2282766", "https://bugzilla.redhat.com/show_bug.cgi?id=2282772", "https://bugzilla.redhat.com/show_bug.cgi?id=2282780", "https://bugzilla.redhat.com/show_bug.cgi?id=2282887", "https://bugzilla.redhat.com/show_bug.cgi?id=2282896", "https://bugzilla.redhat.com/show_bug.cgi?id=2282923", "https://bugzilla.redhat.com/show_bug.cgi?id=2282925", "https://bugzilla.redhat.com/show_bug.cgi?id=2282950", "https://bugzilla.redhat.com/show_bug.cgi?id=2283401", "https://bugzilla.redhat.com/show_bug.cgi?id=2283894", "https://bugzilla.redhat.com/show_bug.cgi?id=2284400", "https://bugzilla.redhat.com/show_bug.cgi?id=2284417", "https://bugzilla.redhat.com/show_bug.cgi?id=2284421", "https://bugzilla.redhat.com/show_bug.cgi?id=2284465", "https://bugzilla.redhat.com/show_bug.cgi?id=2284474", "https://bugzilla.redhat.com/show_bug.cgi?id=2284477", "https://bugzilla.redhat.com/show_bug.cgi?id=2284488", "https://bugzilla.redhat.com/show_bug.cgi?id=2284496", "https://bugzilla.redhat.com/show_bug.cgi?id=2284500", "https://bugzilla.redhat.com/show_bug.cgi?id=2284513", "https://bugzilla.redhat.com/show_bug.cgi?id=2284519", "https://bugzilla.redhat.com/show_bug.cgi?id=2284539", "https://bugzilla.redhat.com/show_bug.cgi?id=2284541", "https://bugzilla.redhat.com/show_bug.cgi?id=2284556", "https://bugzilla.redhat.com/show_bug.cgi?id=2284571", "https://bugzilla.redhat.com/show_bug.cgi?id=2284590", "https://bugzilla.redhat.com/show_bug.cgi?id=2284625", "https://bugzilla.redhat.com/show_bug.cgi?id=2290408", "https://bugzilla.redhat.com/show_bug.cgi?id=2292331", "https://bugzilla.redhat.com/show_bug.cgi?id=2293078", "https://bugzilla.redhat.com/show_bug.cgi?id=2293250", "https://bugzilla.redhat.com/show_bug.cgi?id=2293276", "https://bugzilla.redhat.com/show_bug.cgi?id=2293312", "https://bugzilla.redhat.com/show_bug.cgi?id=2293316", "https://bugzilla.redhat.com/show_bug.cgi?id=2293348", "https://bugzilla.redhat.com/show_bug.cgi?id=2293367", "https://bugzilla.redhat.com/show_bug.cgi?id=2293371", "https://bugzilla.redhat.com/show_bug.cgi?id=2293383", "https://bugzilla.redhat.com/show_bug.cgi?id=2293418", "https://bugzilla.redhat.com/show_bug.cgi?id=2293420", "https://bugzilla.redhat.com/show_bug.cgi?id=2293444", "https://bugzilla.redhat.com/show_bug.cgi?id=2293461", "https://bugzilla.redhat.com/show_bug.cgi?id=2293653", "https://bugzilla.redhat.com/show_bug.cgi?id=2293657", "https://bugzilla.redhat.com/show_bug.cgi?id=2293684", "https://bugzilla.redhat.com/show_bug.cgi?id=2293687", "https://bugzilla.redhat.com/show_bug.cgi?id=2293700", "https://bugzilla.redhat.com/show_bug.cgi?id=2293711", "https://bugzilla.redhat.com/show_bug.cgi?id=2294274", "https://bugzilla.redhat.com/show_bug.cgi?id=2295914", "https://bugzilla.redhat.com/show_bug.cgi?id=2296067", "https://bugzilla.redhat.com/show_bug.cgi?id=2297056", "https://bugzilla.redhat.com/show_bug.cgi?id=2297474", "https://bugzilla.redhat.com/show_bug.cgi?id=2297558", "https://bugzilla.redhat.com/show_bug.cgi?id=2298108", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974", "https://errata.almalinux.org/8/ALSA-2024-5102.html", "https://errata.rockylinux.org/RLSA-2024:5101", "https://git.kernel.org/linus/b3db266fb031fba88c423d4bb8983a73a3db6527 (6.9-rc1)", "https://git.kernel.org/stable/c/0defcaa09d3b21e8387829ee3a652c43fa91e13f", "https://git.kernel.org/stable/c/266f403ec47573046dee4bcebda82777ce702c40", "https://git.kernel.org/stable/c/b3db266fb031fba88c423d4bb8983a73a3db6527", "https://linux.oracle.com/cve/CVE-2024-35924.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/2024051914-CVE-2024-35924-90f6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-35924", "https://ubuntu.com/security/notices/USN-6893-1", "https://ubuntu.com/security/notices/USN-6893-2", "https://ubuntu.com/security/notices/USN-6893-3", "https://ubuntu.com/security/notices/USN-6918-1", "https://www.cve.org/CVERecord?id=CVE-2024-35924" ], "PublishedDate": "2024-05-19T11:15:48.653Z", "LastModifiedDate": "2025-09-24T18:47:47.98Z" }, { "VulnerabilityID": "CVE-2024-35926", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-35926", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:12044c037169f00f3a22e80f54e9302b08d0be87b976d60b82e96c31f1456b9f", "Title": "kernel: crypto: iaa - Fix async_disable descriptor leak", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: iaa - Fix async_disable descriptor leak\n\nThe disable_async paths of iaa_compress/decompress() don't free idxd\ndescriptors in the async_disable case. Currently this only happens in\nthe testcases where req-\u003edst is set to null. Add a test to free them\nin those paths.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-35926", "https://git.kernel.org/linus/262534ddc88dfea7474ed18adfecf856e4fbe054 (6.9-rc1)", "https://git.kernel.org/stable/c/262534ddc88dfea7474ed18adfecf856e4fbe054", "https://git.kernel.org/stable/c/d994f7d77aaded05dc05af58a2720fd4f4b72a83", "https://lore.kernel.org/linux-cve-announce/2024051915-CVE-2024-35926-d677@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-35926", "https://ubuntu.com/security/notices/USN-6893-1", "https://ubuntu.com/security/notices/USN-6893-2", "https://ubuntu.com/security/notices/USN-6893-3", "https://ubuntu.com/security/notices/USN-6918-1", "https://www.cve.org/CVERecord?id=CVE-2024-35926" ], "PublishedDate": "2024-05-19T11:15:48.793Z", "LastModifiedDate": "2025-09-23T15:31:48.993Z" }, { "VulnerabilityID": "CVE-2024-35931", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-35931", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c19dc76065491fed17ee81024bdc5e2e183364d5b206943c62c5b6d1d18b037d", "Title": "kernel: drm/amdgpu: Skip do PCI error slot reset during RAS recovery", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Skip do PCI error slot reset during RAS recovery\n\nWhy:\n The PCI error slot reset maybe triggered after inject ue to UMC multi times, this\n caused system hang.\n [ 557.371857] amdgpu 0000:af:00.0: amdgpu: GPU reset succeeded, trying to resume\n [ 557.373718] [drm] PCIE GART of 512M enabled.\n [ 557.373722] [drm] PTB located at 0x0000031FED700000\n [ 557.373788] [drm] VRAM is lost due to GPU reset!\n [ 557.373789] [drm] PSP is resuming...\n [ 557.547012] mlx5_core 0000:55:00.0: mlx5_pci_err_detected Device state = 1 pci_status: 0. Exit, result = 3, need reset\n [ 557.547067] [drm] PCI error: detected callback, state(1)!!\n [ 557.547069] [drm] No support for XGMI hive yet...\n [ 557.548125] mlx5_core 0000:55:00.0: mlx5_pci_slot_reset Device state = 1 pci_status: 0. Enter\n [ 557.607763] mlx5_core 0000:55:00.0: wait vital counter value 0x16b5b after 1 iterations\n [ 557.607777] mlx5_core 0000:55:00.0: mlx5_pci_slot_reset Device state = 1 pci_status: 1. Exit, err = 0, result = 5, recovered\n [ 557.610492] [drm] PCI error: slot reset callback!!\n ...\n [ 560.689382] amdgpu 0000:3f:00.0: amdgpu: GPU reset(2) succeeded!\n [ 560.689546] amdgpu 0000:5a:00.0: amdgpu: GPU reset(2) succeeded!\n [ 560.689562] general protection fault, probably for non-canonical address 0x5f080b54534f611f: 0000 [#1] SMP NOPTI\n [ 560.701008] CPU: 16 PID: 2361 Comm: kworker/u448:9 Tainted: G OE 5.15.0-91-generic #101-Ubuntu\n [ 560.712057] Hardware name: Microsoft C278A/C278A, BIOS C2789.5.BS.1C11.AG.1 11/08/2023\n [ 560.720959] Workqueue: amdgpu-reset-hive amdgpu_ras_do_recovery [amdgpu]\n [ 560.728887] RIP: 0010:amdgpu_device_gpu_recover.cold+0xbf1/0xcf5 [amdgpu]\n [ 560.736891] Code: ff 41 89 c6 e9 1b ff ff ff 44 0f b6 45 b0 e9 4f ff ff ff be 01 00 00 00 4c 89 e7 e8 76 c9 8b ff 44 0f b6 45 b0 e9 3c fd ff ff \u003c48\u003e 83 ba 18 02 00 00 00 0f 84 6a f8 ff ff 48 8d 7a 78 be 01 00 00\n [ 560.757967] RSP: 0018:ffa0000032e53d80 EFLAGS: 00010202\n [ 560.763848] RAX: ffa00000001dfd10 RBX: ffa0000000197090 RCX: ffa0000032e53db0\n [ 560.771856] RDX: 5f080b54534f5f07 RSI: 0000000000000000 RDI: ff11000128100010\n [ 560.779867] RBP: ffa0000032e53df0 R08: 0000000000000000 R09: ffffffffffe77f08\n [ 560.787879] R10: 0000000000ffff0a R11: 0000000000000001 R12: 0000000000000000\n [ 560.795889] R13: ffa0000032e53e00 R14: 0000000000000000 R15: 0000000000000000\n [ 560.803889] FS: 0000000000000000(0000) GS:ff11007e7e800000(0000) knlGS:0000000000000000\n [ 560.812973] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [ 560.819422] CR2: 000055a04c118e68 CR3: 0000000007410005 CR4: 0000000000771ee0\n [ 560.827433] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n [ 560.835433] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\n [ 560.843444] PKRU: 55555554\n [ 560.846480] Call Trace:\n [ 560.849225] \u003cTASK\u003e\n [ 560.851580] ? show_trace_log_lvl+0x1d6/0x2ea\n [ 560.856488] ? show_trace_log_lvl+0x1d6/0x2ea\n [ 560.861379] ? amdgpu_ras_do_recovery+0x1b2/0x210 [amdgpu]\n [ 560.867778] ? show_regs.part.0+0x23/0x29\n [ 560.872293] ? __die_body.cold+0x8/0xd\n [ 560.876502] ? die_addr+0x3e/0x60\n [ 560.880238] ? exc_general_protection+0x1c5/0x410\n [ 560.885532] ? asm_exc_general_protection+0x27/0x30\n [ 560.891025] ? amdgpu_device_gpu_recover.cold+0xbf1/0xcf5 [amdgpu]\n [ 560.898323] amdgpu_ras_do_recovery+0x1b2/0x210 [amdgpu]\n [ 560.904520] process_one_work+0x228/0x3d0\nHow:\n In RAS recovery, mode-1 reset is issued from RAS fatal error handling and expected\n all the nodes in a hive to be reset. no need to issue another mode-1 during this procedure.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-35931", "https://git.kernel.org/linus/601429cca96b4af3be44172c3b64e4228515dbe1 (6.9-rc1)", "https://git.kernel.org/stable/c/395ca1031acf89d8ecb26127c544a71688d96f35", "https://git.kernel.org/stable/c/601429cca96b4af3be44172c3b64e4228515dbe1", "https://linux.oracle.com/cve/CVE-2024-35931.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/2024051916-CVE-2024-35931-430d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-35931", "https://ubuntu.com/security/notices/USN-6893-1", "https://ubuntu.com/security/notices/USN-6893-2", "https://ubuntu.com/security/notices/USN-6893-3", "https://ubuntu.com/security/notices/USN-6918-1", "https://www.cve.org/CVERecord?id=CVE-2024-35931" ], "PublishedDate": "2024-05-19T11:15:49.133Z", "LastModifiedDate": "2025-09-24T18:36:29.307Z" }, { "VulnerabilityID": "CVE-2024-35932", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-35932", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:612a1db6bb17ff04803b5ea24d39ffcdb23918d0dea7df14dadec9e106668fe4", "Title": "kernel: drm/vc4: don't check if plane-\u003estate-\u003efb == state-\u003efb", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vc4: don't check if plane-\u003estate-\u003efb == state-\u003efb\n\nCurrently, when using non-blocking commits, we can see the following\nkernel warning:\n\n[ 110.908514] ------------[ cut here ]------------\n[ 110.908529] refcount_t: underflow; use-after-free.\n[ 110.908620] WARNING: CPU: 0 PID: 1866 at lib/refcount.c:87 refcount_dec_not_one+0xb8/0xc0\n[ 110.908664] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device cmac algif_hash aes_arm64 aes_generic algif_skcipher af_alg bnep hid_logitech_hidpp vc4 brcmfmac hci_uart btbcm brcmutil bluetooth snd_soc_hdmi_codec cfg80211 cec drm_display_helper drm_dma_helper drm_kms_helper snd_soc_core snd_compress snd_pcm_dmaengine fb_sys_fops sysimgblt syscopyarea sysfillrect raspberrypi_hwmon ecdh_generic ecc rfkill libaes i2c_bcm2835 binfmt_misc joydev snd_bcm2835(C) bcm2835_codec(C) bcm2835_isp(C) v4l2_mem2mem videobuf2_dma_contig snd_pcm bcm2835_v4l2(C) raspberrypi_gpiomem bcm2835_mmal_vchiq(C) videobuf2_v4l2 snd_timer videobuf2_vmalloc videobuf2_memops videobuf2_common snd videodev vc_sm_cma(C) mc hid_logitech_dj uio_pdrv_genirq uio i2c_dev drm fuse dm_mod drm_panel_orientation_quirks backlight ip_tables x_tables ipv6\n[ 110.909086] CPU: 0 PID: 1866 Comm: kodi.bin Tainted: G C 6.1.66-v8+ #32\n[ 110.909104] Hardware name: Raspberry Pi 3 Model B Rev 1.2 (DT)\n[ 110.909114] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 110.909132] pc : refcount_dec_not_one+0xb8/0xc0\n[ 110.909152] lr : refcount_dec_not_one+0xb4/0xc0\n[ 110.909170] sp : ffffffc00913b9c0\n[ 110.909177] x29: ffffffc00913b9c0 x28: 000000556969bbb0 x27: 000000556990df60\n[ 110.909205] x26: 0000000000000002 x25: 0000000000000004 x24: ffffff8004448480\n[ 110.909230] x23: ffffff800570b500 x22: ffffff802e03a7bc x21: ffffffecfca68c78\n[ 110.909257] x20: ffffff8002b42000 x19: ffffff802e03a600 x18: 0000000000000000\n[ 110.909283] x17: 0000000000000011 x16: ffffffffffffffff x15: 0000000000000004\n[ 110.909308] x14: 0000000000000fff x13: ffffffed577e47e0 x12: 0000000000000003\n[ 110.909333] x11: 0000000000000000 x10: 0000000000000027 x9 : c912d0d083728c00\n[ 110.909359] x8 : c912d0d083728c00 x7 : 65646e75203a745f x6 : 746e756f63666572\n[ 110.909384] x5 : ffffffed579f62ee x4 : ffffffed579eb01e x3 : 0000000000000000\n[ 110.909409] x2 : 0000000000000000 x1 : ffffffc00913b750 x0 : 0000000000000001\n[ 110.909434] Call trace:\n[ 110.909441] refcount_dec_not_one+0xb8/0xc0\n[ 110.909461] vc4_bo_dec_usecnt+0x4c/0x1b0 [vc4]\n[ 110.909903] vc4_cleanup_fb+0x44/0x50 [vc4]\n[ 110.910315] drm_atomic_helper_cleanup_planes+0x88/0xa4 [drm_kms_helper]\n[ 110.910669] vc4_atomic_commit_tail+0x390/0x9dc [vc4]\n[ 110.911079] commit_tail+0xb0/0x164 [drm_kms_helper]\n[ 110.911397] drm_atomic_helper_commit+0x1d0/0x1f0 [drm_kms_helper]\n[ 110.911716] drm_atomic_commit+0xb0/0xdc [drm]\n[ 110.912569] drm_mode_atomic_ioctl+0x348/0x4b8 [drm]\n[ 110.913330] drm_ioctl_kernel+0xec/0x15c [drm]\n[ 110.914091] drm_ioctl+0x24c/0x3b0 [drm]\n[ 110.914850] __arm64_sys_ioctl+0x9c/0xd4\n[ 110.914873] invoke_syscall+0x4c/0x114\n[ 110.914897] el0_svc_common+0xd0/0x118\n[ 110.914917] do_el0_svc+0x38/0xd0\n[ 110.914936] el0_svc+0x30/0x8c\n[ 110.914958] el0t_64_sync_handler+0x84/0xf0\n[ 110.914979] el0t_64_sync+0x18c/0x190\n[ 110.914996] ---[ end trace 0000000000000000 ]---\n\nThis happens because, although `prepare_fb` and `cleanup_fb` are\nperfectly balanced, we cannot guarantee consistency in the check\nplane-\u003estate-\u003efb == state-\u003efb. This means that sometimes we can increase\nthe refcount in `prepare_fb` and don't decrease it in `cleanup_fb`. The\nopposite can also be true.\n\nIn fact, the struct drm_plane .state shouldn't be accessed directly\nbut instead, the `drm_atomic_get_new_plane_state()` helper function should\nbe used. So, we could stick to this check, but using\n`drm_atomic_get_new_plane_state()`. But actually, this check is not re\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-35932", "https://git.kernel.org/linus/5ee0d47dcf33efd8950b347dcf4d20bab12a3fa9 (6.9-rc1)", "https://git.kernel.org/stable/c/48bfb4b03c5ff6e1fa1dc73fb915e150b0968c40", "https://git.kernel.org/stable/c/5343f724c912c77541029123f47ecd3d2ea63bdd", "https://git.kernel.org/stable/c/5ee0d47dcf33efd8950b347dcf4d20bab12a3fa9", "https://git.kernel.org/stable/c/d6b2fe2db1d0927b2d7df5c763eba55d0e1def3c", "https://lore.kernel.org/linux-cve-announce/2024051916-CVE-2024-35932-b008@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-35932", "https://ubuntu.com/security/notices/USN-6893-1", "https://ubuntu.com/security/notices/USN-6893-2", "https://ubuntu.com/security/notices/USN-6893-3", "https://ubuntu.com/security/notices/USN-6918-1", "https://www.cve.org/CVERecord?id=CVE-2024-35932" ], "PublishedDate": "2024-05-19T11:15:49.203Z", "LastModifiedDate": "2025-09-23T15:46:56.617Z" }, { "VulnerabilityID": "CVE-2024-35937", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-35937", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:701cdf932727e5aaa0a24aa1f83e7fdd9f7941a7b4fa07f0c9e69d6fa0332efe", "Title": "kernel: wifi: cfg80211: check A-MSDU format more carefully", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: check A-MSDU format more carefully\n\nIf it looks like there's another subframe in the A-MSDU\nbut the header isn't fully there, we can end up reading\ndata out of bounds, only to discard later. Make this a\nbit more careful and check if the subframe header can\neven be present.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "alma": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:5363", "https://access.redhat.com/security/cve/CVE-2024-35937", "https://bugzilla.redhat.com/2265838", "https://bugzilla.redhat.com/2273405", "https://bugzilla.redhat.com/2275600", "https://bugzilla.redhat.com/2275655", "https://bugzilla.redhat.com/2275715", "https://bugzilla.redhat.com/2275748", "https://bugzilla.redhat.com/2278380", "https://bugzilla.redhat.com/2278417", "https://bugzilla.redhat.com/2278429", "https://bugzilla.redhat.com/2278519", "https://bugzilla.redhat.com/2278989", "https://bugzilla.redhat.com/2281057", "https://bugzilla.redhat.com/2281097", "https://bugzilla.redhat.com/2281133", "https://bugzilla.redhat.com/2281190", "https://bugzilla.redhat.com/2281237", "https://bugzilla.redhat.com/2281257", "https://bugzilla.redhat.com/2281265", "https://bugzilla.redhat.com/2281272", "https://bugzilla.redhat.com/2281639", "https://bugzilla.redhat.com/2281667", "https://bugzilla.redhat.com/2281821", "https://bugzilla.redhat.com/2281900", "https://bugzilla.redhat.com/2281949", "https://bugzilla.redhat.com/2282719", "https://bugzilla.redhat.com/2284400", "https://bugzilla.redhat.com/2284417", "https://bugzilla.redhat.com/2284474", "https://bugzilla.redhat.com/2284496", "https://bugzilla.redhat.com/2284511", "https://bugzilla.redhat.com/2284513", "https://bugzilla.redhat.com/2284543", "https://bugzilla.redhat.com/2292331", "https://bugzilla.redhat.com/2293208", "https://bugzilla.redhat.com/2293418", "https://bugzilla.redhat.com/2293441", "https://bugzilla.redhat.com/2293657", "https://bugzilla.redhat.com/2293658", "https://bugzilla.redhat.com/2293686", "https://bugzilla.redhat.com/2293687", "https://bugzilla.redhat.com/2293688", "https://bugzilla.redhat.com/2297056", "https://bugzilla.redhat.com/2297512", "https://bugzilla.redhat.com/2297538", "https://bugzilla.redhat.com/2297542", "https://bugzilla.redhat.com/2297545", "https://bugzilla.redhat.com/show_bug.cgi?id=2265838", "https://bugzilla.redhat.com/show_bug.cgi?id=2273405", "https://bugzilla.redhat.com/show_bug.cgi?id=2275600", "https://bugzilla.redhat.com/show_bug.cgi?id=2275655", "https://bugzilla.redhat.com/show_bug.cgi?id=2275715", "https://bugzilla.redhat.com/show_bug.cgi?id=2275748", "https://bugzilla.redhat.com/show_bug.cgi?id=2278380", "https://bugzilla.redhat.com/show_bug.cgi?id=2278417", "https://bugzilla.redhat.com/show_bug.cgi?id=2278429", "https://bugzilla.redhat.com/show_bug.cgi?id=2278519", "https://bugzilla.redhat.com/show_bug.cgi?id=2278989", "https://bugzilla.redhat.com/show_bug.cgi?id=2281057", "https://bugzilla.redhat.com/show_bug.cgi?id=2281097", "https://bugzilla.redhat.com/show_bug.cgi?id=2281133", "https://bugzilla.redhat.com/show_bug.cgi?id=2281190", "https://bugzilla.redhat.com/show_bug.cgi?id=2281237", "https://bugzilla.redhat.com/show_bug.cgi?id=2281257", "https://bugzilla.redhat.com/show_bug.cgi?id=2281265", "https://bugzilla.redhat.com/show_bug.cgi?id=2281272", "https://bugzilla.redhat.com/show_bug.cgi?id=2281639", "https://bugzilla.redhat.com/show_bug.cgi?id=2281667", "https://bugzilla.redhat.com/show_bug.cgi?id=2281821", "https://bugzilla.redhat.com/show_bug.cgi?id=2281900", "https://bugzilla.redhat.com/show_bug.cgi?id=2281949", "https://bugzilla.redhat.com/show_bug.cgi?id=2282719", "https://bugzilla.redhat.com/show_bug.cgi?id=2284400", "https://bugzilla.redhat.com/show_bug.cgi?id=2284417", "https://bugzilla.redhat.com/show_bug.cgi?id=2284474", "https://bugzilla.redhat.com/show_bug.cgi?id=2284496", "https://bugzilla.redhat.com/show_bug.cgi?id=2284511", "https://bugzilla.redhat.com/show_bug.cgi?id=2284513", "https://bugzilla.redhat.com/show_bug.cgi?id=2284543", "https://bugzilla.redhat.com/show_bug.cgi?id=2292331", "https://bugzilla.redhat.com/show_bug.cgi?id=2293208", "https://bugzilla.redhat.com/show_bug.cgi?id=2293418", "https://bugzilla.redhat.com/show_bug.cgi?id=2293441", "https://bugzilla.redhat.com/show_bug.cgi?id=2293657", "https://bugzilla.redhat.com/show_bug.cgi?id=2293658", "https://bugzilla.redhat.com/show_bug.cgi?id=2293686", "https://bugzilla.redhat.com/show_bug.cgi?id=2293687", "https://bugzilla.redhat.com/show_bug.cgi?id=2293688", "https://bugzilla.redhat.com/show_bug.cgi?id=2297056", "https://bugzilla.redhat.com/show_bug.cgi?id=2297512", "https://bugzilla.redhat.com/show_bug.cgi?id=2297538", "https://bugzilla.redhat.com/show_bug.cgi?id=2297542", "https://bugzilla.redhat.com/show_bug.cgi?id=2297545", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47606", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52651", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26808", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26828", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26868", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26897", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27049", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27052", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27417", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35789", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35800", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35845", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35848", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35852", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35911", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35969", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36903", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36922", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37353", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37356", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38391", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38558", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40928", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40954", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40958", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40961", "https://errata.almalinux.org/9/ALSA-2024-5363.html", "https://errata.rockylinux.org/RLSA-2024:5363", "https://git.kernel.org/linus/9ad7974856926129f190ffbe3beea78460b3b7cc (6.9-rc1)", "https://git.kernel.org/stable/c/16da1e1dac23be45ef6e23c41b1508c400e6c544", "https://git.kernel.org/stable/c/5d7a8585fbb31e88fb2a0f581b70667d3300d1e9", "https://git.kernel.org/stable/c/9ad7974856926129f190ffbe3beea78460b3b7cc", "https://git.kernel.org/stable/c/9eb3bc0973d084423a6df21cf2c74692ff05647e", "https://linux.oracle.com/cve/CVE-2024-35937.html", "https://linux.oracle.com/errata/ELSA-2024-5363.html", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024051918-CVE-2024-35937-0415@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-35937", "https://ubuntu.com/security/notices/USN-6893-1", "https://ubuntu.com/security/notices/USN-6893-2", "https://ubuntu.com/security/notices/USN-6893-3", "https://ubuntu.com/security/notices/USN-6918-1", "https://www.cve.org/CVERecord?id=CVE-2024-35937" ], "PublishedDate": "2024-05-19T11:15:49.553Z", "LastModifiedDate": "2025-11-03T22:16:56.643Z" }, { "VulnerabilityID": "CVE-2024-35939", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-35939", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:028e251d9654d01f16582353d5e946183870206ab84f6d2c0a8195a9c49131f9", "Title": "kernel: dma-direct: Leak pages on dma_set_decrypted() failure", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-direct: Leak pages on dma_set_decrypted() failure\n\nOn TDX it is possible for the untrusted host to cause\nset_memory_encrypted() or set_memory_decrypted() to fail such that an\nerror is returned and the resulting memory is shared. Callers need to\ntake care to handle these errors to avoid returning decrypted (shared)\nmemory to the page allocator, which could lead to functional or security\nissues.\n\nDMA could free decrypted/shared pages if dma_set_decrypted() fails. This\nshould be a rare case. Just leak the pages in this case instead of\nfreeing them.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 1, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:8870", "https://access.redhat.com/security/cve/CVE-2024-35939", "https://bugzilla.redhat.com/2266247", "https://bugzilla.redhat.com/2269183", "https://bugzilla.redhat.com/2275750", "https://bugzilla.redhat.com/2277168", "https://bugzilla.redhat.com/2278262", "https://bugzilla.redhat.com/2278350", "https://bugzilla.redhat.com/2278387", "https://bugzilla.redhat.com/2281284", "https://bugzilla.redhat.com/2281669", "https://bugzilla.redhat.com/2281817", "https://bugzilla.redhat.com/2293356", "https://bugzilla.redhat.com/2293402", "https://bugzilla.redhat.com/2293458", "https://bugzilla.redhat.com/2293459", "https://bugzilla.redhat.com/2297475", "https://bugzilla.redhat.com/2297508", "https://bugzilla.redhat.com/2297545", "https://bugzilla.redhat.com/2297567", "https://bugzilla.redhat.com/2297568", "https://bugzilla.redhat.com/2298109", "https://bugzilla.redhat.com/2298412", "https://bugzilla.redhat.com/2300412", "https://bugzilla.redhat.com/2300442", "https://bugzilla.redhat.com/2300487", "https://bugzilla.redhat.com/2300488", "https://bugzilla.redhat.com/2300508", "https://bugzilla.redhat.com/2300517", "https://bugzilla.redhat.com/2307862", "https://bugzilla.redhat.com/2307865", "https://bugzilla.redhat.com/2307892", "https://bugzilla.redhat.com/2309852", "https://bugzilla.redhat.com/2309853", "https://bugzilla.redhat.com/2311715", "https://bugzilla.redhat.com/2315178", "https://bugzilla.redhat.com/2317601", "https://bugzilla.redhat.com/show_bug.cgi?id=2266247", "https://bugzilla.redhat.com/show_bug.cgi?id=2269183", "https://bugzilla.redhat.com/show_bug.cgi?id=2275750", "https://bugzilla.redhat.com/show_bug.cgi?id=2277168", "https://bugzilla.redhat.com/show_bug.cgi?id=2278262", "https://bugzilla.redhat.com/show_bug.cgi?id=2278350", "https://bugzilla.redhat.com/show_bug.cgi?id=2278387", "https://bugzilla.redhat.com/show_bug.cgi?id=2281284", "https://bugzilla.redhat.com/show_bug.cgi?id=2281669", "https://bugzilla.redhat.com/show_bug.cgi?id=2281817", "https://bugzilla.redhat.com/show_bug.cgi?id=2293356", "https://bugzilla.redhat.com/show_bug.cgi?id=2293402", "https://bugzilla.redhat.com/show_bug.cgi?id=2293458", "https://bugzilla.redhat.com/show_bug.cgi?id=2293459", "https://bugzilla.redhat.com/show_bug.cgi?id=2297475", "https://bugzilla.redhat.com/show_bug.cgi?id=2297508", "https://bugzilla.redhat.com/show_bug.cgi?id=2297545", "https://bugzilla.redhat.com/show_bug.cgi?id=2297567", "https://bugzilla.redhat.com/show_bug.cgi?id=2297568", "https://bugzilla.redhat.com/show_bug.cgi?id=2298109", "https://bugzilla.redhat.com/show_bug.cgi?id=2298412", "https://bugzilla.redhat.com/show_bug.cgi?id=2300412", "https://bugzilla.redhat.com/show_bug.cgi?id=2300442", "https://bugzilla.redhat.com/show_bug.cgi?id=2300487", "https://bugzilla.redhat.com/show_bug.cgi?id=2300488", "https://bugzilla.redhat.com/show_bug.cgi?id=2300508", "https://bugzilla.redhat.com/show_bug.cgi?id=2300517", "https://bugzilla.redhat.com/show_bug.cgi?id=2307862", "https://bugzilla.redhat.com/show_bug.cgi?id=2307865", "https://bugzilla.redhat.com/show_bug.cgi?id=2307892", "https://bugzilla.redhat.com/show_bug.cgi?id=2309852", "https://bugzilla.redhat.com/show_bug.cgi?id=2309853", "https://bugzilla.redhat.com/show_bug.cgi?id=2311715", "https://bugzilla.redhat.com/show_bug.cgi?id=2315178", "https://bugzilla.redhat.com/show_bug.cgi?id=2317601", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48773", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48936", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52492", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24857", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26851", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26924", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26976", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27017", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27062", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35839", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35898", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35939", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38541", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38586", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38608", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39503", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40924", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40983", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40984", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41009", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41042", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41066", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41092", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41093", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42070", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42079", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42244", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42284", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42292", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42301", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43854", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43880", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43889", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43892", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44935", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44990", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45018", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47668", "https://errata.almalinux.org/8/ALSA-2024-8870.html", "https://errata.rockylinux.org/RLSA-2024:8856", "https://git.kernel.org/linus/b9fa16949d18e06bdf728a560f5c8af56d2bdcaf (6.9-rc1)", "https://git.kernel.org/stable/c/4031b72ca747a1e6e9ae4fa729e765b43363d66a", "https://git.kernel.org/stable/c/4e0cfb25d49da2e6261ad582f58ffa5b5dd8c8e9", "https://git.kernel.org/stable/c/b57326c96b7bc7638aa8c44e12afa2defe0c934c", "https://git.kernel.org/stable/c/b9fa16949d18e06bdf728a560f5c8af56d2bdcaf", "https://linux.oracle.com/cve/CVE-2024-35939.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/2024051919-CVE-2024-35939-f877@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-35939", "https://ubuntu.com/security/notices/USN-6893-1", "https://ubuntu.com/security/notices/USN-6893-2", "https://ubuntu.com/security/notices/USN-6893-3", "https://ubuntu.com/security/notices/USN-6918-1", "https://www.cve.org/CVERecord?id=CVE-2024-35939" ], "PublishedDate": "2024-05-19T11:15:49.69Z", "LastModifiedDate": "2025-09-24T20:13:12.173Z" }, { "VulnerabilityID": "CVE-2024-35942", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-35942", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:133587c9f31ba3ae20bb55085a361d78dbb33309df1cb1d5d398a6348ec4c5ab", "Title": "kernel: pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain\n\nAccording to i.MX8MP RM and HDMI ADD, the fdcc clock is part of\nhdmi rx verification IP that should not enable for HDMI TX.\nBut actually if the clock is disabled before HDMI/LCDIF probe,\nLCDIF will not get pixel clock from HDMI PHY and print the error\nlogs:\n\n[CRTC:39:crtc-2] vblank wait timed out\nWARNING: CPU: 2 PID: 9 at drivers/gpu/drm/drm_atomic_helper.c:1634 drm_atomic_helper_wait_for_vblanks.part.0+0x23c/0x260\n\nAdd fdcc clock to LCDIF and HDMI TX power domains to fix the issue.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-35942", "https://git.kernel.org/linus/697624ee8ad557ab5417f985d2c804241a7ad30d (6.9-rc1)", "https://git.kernel.org/stable/c/697624ee8ad557ab5417f985d2c804241a7ad30d", "https://git.kernel.org/stable/c/9d3f959b426635c4da50dfc7b1306afd84d23e7c", "https://git.kernel.org/stable/c/b13c0d871cd878ff53d25507ca535f59ed1f6a2a", "https://linux.oracle.com/cve/CVE-2024-35942.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/2024051919-CVE-2024-35942-af72@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-35942", "https://ubuntu.com/security/notices/USN-6893-1", "https://ubuntu.com/security/notices/USN-6893-2", "https://ubuntu.com/security/notices/USN-6893-3", "https://ubuntu.com/security/notices/USN-6918-1", "https://www.cve.org/CVERecord?id=CVE-2024-35942" ], "PublishedDate": "2024-05-19T11:15:49.89Z", "LastModifiedDate": "2025-09-24T18:57:58.623Z" }, { "VulnerabilityID": "CVE-2024-35945", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-35945", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e0acce182ea627c92629daa93b5e1616a64180f3deb2972367e44777ff5fc08e", "Title": "kernel: net: phy: phy_device: Prevent nullptr exceptions on ISR", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: phy_device: Prevent nullptr exceptions on ISR\n\nIf phydev-\u003eirq is set unconditionally, check\nfor valid interrupt handler or fall back to polling mode to prevent\nnullptr exceptions in interrupt service routine.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-35945", "https://git.kernel.org/linus/61c81872815f46006982bb80460c0c80a949b35b (6.9-rc1)", "https://git.kernel.org/stable/c/3419ee39e3d3162ab2ec9942bb537613ed5b6311", "https://git.kernel.org/stable/c/61c81872815f46006982bb80460c0c80a949b35b", "https://git.kernel.org/stable/c/7a71f61ebf95cedd3f245db6da397822971d8db5", "https://lore.kernel.org/linux-cve-announce/2024051920-CVE-2024-35945-c005@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-35945", "https://ubuntu.com/security/notices/USN-6893-1", "https://ubuntu.com/security/notices/USN-6893-2", "https://ubuntu.com/security/notices/USN-6893-3", "https://ubuntu.com/security/notices/USN-6918-1", "https://www.cve.org/CVERecord?id=CVE-2024-35945" ], "PublishedDate": "2024-05-19T11:15:50.11Z", "LastModifiedDate": "2025-01-31T15:01:01.19Z" }, { "VulnerabilityID": "CVE-2024-35946", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-35946", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:fa104a0255f23412c9a27abe102d7792bed5cb8a49f0468b017e9e8eaa89cd6c", "Title": "kernel: wifi: rtw89: fix null pointer access when abort scan", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fix null pointer access when abort scan\n\nDuring cancel scan we might use vif that weren't scanning.\nFix this by using the actual scanning vif.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 3, "nvd": 2, "oracle-oval": 2, "redhat": 1, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:5102", "https://access.redhat.com/security/cve/CVE-2024-35946", "https://bugzilla.redhat.com/2263879", "https://bugzilla.redhat.com/2265645", "https://bugzilla.redhat.com/2265797", "https://bugzilla.redhat.com/2266341", "https://bugzilla.redhat.com/2266347", "https://bugzilla.redhat.com/2266497", "https://bugzilla.redhat.com/2267787", "https://bugzilla.redhat.com/2268118", "https://bugzilla.redhat.com/2269070", "https://bugzilla.redhat.com/2269211", "https://bugzilla.redhat.com/2270084", "https://bugzilla.redhat.com/2270100", "https://bugzilla.redhat.com/2271686", "https://bugzilla.redhat.com/2271688", "https://bugzilla.redhat.com/2272782", "https://bugzilla.redhat.com/2272795", "https://bugzilla.redhat.com/2273109", "https://bugzilla.redhat.com/2273174", "https://bugzilla.redhat.com/2273236", "https://bugzilla.redhat.com/2273242", "https://bugzilla.redhat.com/2273247", "https://bugzilla.redhat.com/2273268", "https://bugzilla.redhat.com/2273427", "https://bugzilla.redhat.com/2273654", "https://bugzilla.redhat.com/2275565", "https://bugzilla.redhat.com/2275573", "https://bugzilla.redhat.com/2275580", "https://bugzilla.redhat.com/2275694", "https://bugzilla.redhat.com/2275711", "https://bugzilla.redhat.com/2275748", "https://bugzilla.redhat.com/2275761", "https://bugzilla.redhat.com/2275928", "https://bugzilla.redhat.com/2277166", "https://bugzilla.redhat.com/2277238", "https://bugzilla.redhat.com/2277840", "https://bugzilla.redhat.com/2278176", "https://bugzilla.redhat.com/2278178", "https://bugzilla.redhat.com/2278182", "https://bugzilla.redhat.com/2278218", "https://bugzilla.redhat.com/2278256", "https://bugzilla.redhat.com/2278258", "https://bugzilla.redhat.com/2278277", "https://bugzilla.redhat.com/2278279", "https://bugzilla.redhat.com/2278380", "https://bugzilla.redhat.com/2278484", "https://bugzilla.redhat.com/2278515", "https://bugzilla.redhat.com/2278535", "https://bugzilla.redhat.com/2278539", "https://bugzilla.redhat.com/2278989", "https://bugzilla.redhat.com/2280440", "https://bugzilla.redhat.com/2281054", "https://bugzilla.redhat.com/2281133", "https://bugzilla.redhat.com/2281149", "https://bugzilla.redhat.com/2281207", "https://bugzilla.redhat.com/2281215", "https://bugzilla.redhat.com/2281221", "https://bugzilla.redhat.com/2281235", "https://bugzilla.redhat.com/2281268", "https://bugzilla.redhat.com/2281326", "https://bugzilla.redhat.com/2281360", "https://bugzilla.redhat.com/2281510", "https://bugzilla.redhat.com/2281519", "https://bugzilla.redhat.com/2281636", "https://bugzilla.redhat.com/2281641", "https://bugzilla.redhat.com/2281664", "https://bugzilla.redhat.com/2281667", "https://bugzilla.redhat.com/2281672", "https://bugzilla.redhat.com/2281675", "https://bugzilla.redhat.com/2281682", "https://bugzilla.redhat.com/2281725", "https://bugzilla.redhat.com/2281752", "https://bugzilla.redhat.com/2281758", "https://bugzilla.redhat.com/2281819", "https://bugzilla.redhat.com/2281821", "https://bugzilla.redhat.com/2281833", "https://bugzilla.redhat.com/2281938", "https://bugzilla.redhat.com/2281949", "https://bugzilla.redhat.com/2281968", "https://bugzilla.redhat.com/2281989", "https://bugzilla.redhat.com/2282328", "https://bugzilla.redhat.com/2282373", "https://bugzilla.redhat.com/2282479", "https://bugzilla.redhat.com/2282553", "https://bugzilla.redhat.com/2282615", "https://bugzilla.redhat.com/2282623", "https://bugzilla.redhat.com/2282640", "https://bugzilla.redhat.com/2282642", "https://bugzilla.redhat.com/2282645", "https://bugzilla.redhat.com/2282717", "https://bugzilla.redhat.com/2282719", "https://bugzilla.redhat.com/2282727", "https://bugzilla.redhat.com/2282742", "https://bugzilla.redhat.com/2282743", "https://bugzilla.redhat.com/2282744", "https://bugzilla.redhat.com/2282759", "https://bugzilla.redhat.com/2282763", "https://bugzilla.redhat.com/2282766", "https://bugzilla.redhat.com/2282772", "https://bugzilla.redhat.com/2282780", "https://bugzilla.redhat.com/2282887", "https://bugzilla.redhat.com/2282896", "https://bugzilla.redhat.com/2282923", "https://bugzilla.redhat.com/2282925", "https://bugzilla.redhat.com/2282950", "https://bugzilla.redhat.com/2283401", "https://bugzilla.redhat.com/2283894", "https://bugzilla.redhat.com/2284400", "https://bugzilla.redhat.com/2284417", "https://bugzilla.redhat.com/2284421", "https://bugzilla.redhat.com/2284474", "https://bugzilla.redhat.com/2284477", "https://bugzilla.redhat.com/2284488", "https://bugzilla.redhat.com/2284496", "https://bugzilla.redhat.com/2284500", "https://bugzilla.redhat.com/2284513", "https://bugzilla.redhat.com/2284519", "https://bugzilla.redhat.com/2284539", "https://bugzilla.redhat.com/2284541", "https://bugzilla.redhat.com/2284556", "https://bugzilla.redhat.com/2284571", "https://bugzilla.redhat.com/2284590", "https://bugzilla.redhat.com/2284625", "https://bugzilla.redhat.com/2290408", "https://bugzilla.redhat.com/2292331", "https://bugzilla.redhat.com/2293078", "https://bugzilla.redhat.com/2293250", "https://bugzilla.redhat.com/2293276", "https://bugzilla.redhat.com/2293312", "https://bugzilla.redhat.com/2293316", "https://bugzilla.redhat.com/2293348", "https://bugzilla.redhat.com/2293371", "https://bugzilla.redhat.com/2293383", "https://bugzilla.redhat.com/2293418", "https://bugzilla.redhat.com/2293420", "https://bugzilla.redhat.com/2293444", "https://bugzilla.redhat.com/2293461", "https://bugzilla.redhat.com/2293653", "https://bugzilla.redhat.com/2293657", "https://bugzilla.redhat.com/2293684", "https://bugzilla.redhat.com/2293687", "https://bugzilla.redhat.com/2293700", "https://bugzilla.redhat.com/2293711", "https://bugzilla.redhat.com/2294274", "https://bugzilla.redhat.com/2295914", "https://bugzilla.redhat.com/2296067", "https://bugzilla.redhat.com/2297056", "https://bugzilla.redhat.com/2297474", "https://bugzilla.redhat.com/2297511", "https://bugzilla.redhat.com/2298108", "https://bugzilla.redhat.com/show_bug.cgi?id=2263879", "https://bugzilla.redhat.com/show_bug.cgi?id=2265645", "https://bugzilla.redhat.com/show_bug.cgi?id=2265650", "https://bugzilla.redhat.com/show_bug.cgi?id=2265797", "https://bugzilla.redhat.com/show_bug.cgi?id=2266341", "https://bugzilla.redhat.com/show_bug.cgi?id=2266347", "https://bugzilla.redhat.com/show_bug.cgi?id=2266497", "https://bugzilla.redhat.com/show_bug.cgi?id=2266594", "https://bugzilla.redhat.com/show_bug.cgi?id=2267787", "https://bugzilla.redhat.com/show_bug.cgi?id=2268118", "https://bugzilla.redhat.com/show_bug.cgi?id=2269070", "https://bugzilla.redhat.com/show_bug.cgi?id=2269211", "https://bugzilla.redhat.com/show_bug.cgi?id=2270084", "https://bugzilla.redhat.com/show_bug.cgi?id=2270100", "https://bugzilla.redhat.com/show_bug.cgi?id=2270700", "https://bugzilla.redhat.com/show_bug.cgi?id=2271686", "https://bugzilla.redhat.com/show_bug.cgi?id=2271688", "https://bugzilla.redhat.com/show_bug.cgi?id=2272782", "https://bugzilla.redhat.com/show_bug.cgi?id=2272795", "https://bugzilla.redhat.com/show_bug.cgi?id=2273109", "https://bugzilla.redhat.com/show_bug.cgi?id=2273117", "https://bugzilla.redhat.com/show_bug.cgi?id=2273174", "https://bugzilla.redhat.com/show_bug.cgi?id=2273236", "https://bugzilla.redhat.com/show_bug.cgi?id=2273242", "https://bugzilla.redhat.com/show_bug.cgi?id=2273247", "https://bugzilla.redhat.com/show_bug.cgi?id=2273268", "https://bugzilla.redhat.com/show_bug.cgi?id=2273427", "https://bugzilla.redhat.com/show_bug.cgi?id=2273654", "https://bugzilla.redhat.com/show_bug.cgi?id=2275565", "https://bugzilla.redhat.com/show_bug.cgi?id=2275573", "https://bugzilla.redhat.com/show_bug.cgi?id=2275580", "https://bugzilla.redhat.com/show_bug.cgi?id=2275694", "https://bugzilla.redhat.com/show_bug.cgi?id=2275711", "https://bugzilla.redhat.com/show_bug.cgi?id=2275744", "https://bugzilla.redhat.com/show_bug.cgi?id=2275748", "https://bugzilla.redhat.com/show_bug.cgi?id=2275761", "https://bugzilla.redhat.com/show_bug.cgi?id=2275928", "https://bugzilla.redhat.com/show_bug.cgi?id=2277166", "https://bugzilla.redhat.com/show_bug.cgi?id=2277238", "https://bugzilla.redhat.com/show_bug.cgi?id=2277840", "https://bugzilla.redhat.com/show_bug.cgi?id=2278176", "https://bugzilla.redhat.com/show_bug.cgi?id=2278178", "https://bugzilla.redhat.com/show_bug.cgi?id=2278182", "https://bugzilla.redhat.com/show_bug.cgi?id=2278218", "https://bugzilla.redhat.com/show_bug.cgi?id=2278256", "https://bugzilla.redhat.com/show_bug.cgi?id=2278258", "https://bugzilla.redhat.com/show_bug.cgi?id=2278277", "https://bugzilla.redhat.com/show_bug.cgi?id=2278279", "https://bugzilla.redhat.com/show_bug.cgi?id=2278380", "https://bugzilla.redhat.com/show_bug.cgi?id=2278484", "https://bugzilla.redhat.com/show_bug.cgi?id=2278515", "https://bugzilla.redhat.com/show_bug.cgi?id=2278535", "https://bugzilla.redhat.com/show_bug.cgi?id=2278539", "https://bugzilla.redhat.com/show_bug.cgi?id=2278989", "https://bugzilla.redhat.com/show_bug.cgi?id=2280440", "https://bugzilla.redhat.com/show_bug.cgi?id=2281054", "https://bugzilla.redhat.com/show_bug.cgi?id=2281133", "https://bugzilla.redhat.com/show_bug.cgi?id=2281149", "https://bugzilla.redhat.com/show_bug.cgi?id=2281189", "https://bugzilla.redhat.com/show_bug.cgi?id=2281190", "https://bugzilla.redhat.com/show_bug.cgi?id=2281207", "https://bugzilla.redhat.com/show_bug.cgi?id=2281215", "https://bugzilla.redhat.com/show_bug.cgi?id=2281221", "https://bugzilla.redhat.com/show_bug.cgi?id=2281235", "https://bugzilla.redhat.com/show_bug.cgi?id=2281268", "https://bugzilla.redhat.com/show_bug.cgi?id=2281326", "https://bugzilla.redhat.com/show_bug.cgi?id=2281360", "https://bugzilla.redhat.com/show_bug.cgi?id=2281510", "https://bugzilla.redhat.com/show_bug.cgi?id=2281519", "https://bugzilla.redhat.com/show_bug.cgi?id=2281636", "https://bugzilla.redhat.com/show_bug.cgi?id=2281641", "https://bugzilla.redhat.com/show_bug.cgi?id=2281664", "https://bugzilla.redhat.com/show_bug.cgi?id=2281667", "https://bugzilla.redhat.com/show_bug.cgi?id=2281672", "https://bugzilla.redhat.com/show_bug.cgi?id=2281675", "https://bugzilla.redhat.com/show_bug.cgi?id=2281682", "https://bugzilla.redhat.com/show_bug.cgi?id=2281725", "https://bugzilla.redhat.com/show_bug.cgi?id=2281752", "https://bugzilla.redhat.com/show_bug.cgi?id=2281758", "https://bugzilla.redhat.com/show_bug.cgi?id=2281819", "https://bugzilla.redhat.com/show_bug.cgi?id=2281821", "https://bugzilla.redhat.com/show_bug.cgi?id=2281833", "https://bugzilla.redhat.com/show_bug.cgi?id=2281938", "https://bugzilla.redhat.com/show_bug.cgi?id=2281949", "https://bugzilla.redhat.com/show_bug.cgi?id=2281968", "https://bugzilla.redhat.com/show_bug.cgi?id=2281989", "https://bugzilla.redhat.com/show_bug.cgi?id=2282328", "https://bugzilla.redhat.com/show_bug.cgi?id=2282373", "https://bugzilla.redhat.com/show_bug.cgi?id=2282479", "https://bugzilla.redhat.com/show_bug.cgi?id=2282553", "https://bugzilla.redhat.com/show_bug.cgi?id=2282615", "https://bugzilla.redhat.com/show_bug.cgi?id=2282623", "https://bugzilla.redhat.com/show_bug.cgi?id=2282640", "https://bugzilla.redhat.com/show_bug.cgi?id=2282642", "https://bugzilla.redhat.com/show_bug.cgi?id=2282645", "https://bugzilla.redhat.com/show_bug.cgi?id=2282690", "https://bugzilla.redhat.com/show_bug.cgi?id=2282717", "https://bugzilla.redhat.com/show_bug.cgi?id=2282719", "https://bugzilla.redhat.com/show_bug.cgi?id=2282727", "https://bugzilla.redhat.com/show_bug.cgi?id=2282742", "https://bugzilla.redhat.com/show_bug.cgi?id=2282743", "https://bugzilla.redhat.com/show_bug.cgi?id=2282744", "https://bugzilla.redhat.com/show_bug.cgi?id=2282759", "https://bugzilla.redhat.com/show_bug.cgi?id=2282763", "https://bugzilla.redhat.com/show_bug.cgi?id=2282766", "https://bugzilla.redhat.com/show_bug.cgi?id=2282772", "https://bugzilla.redhat.com/show_bug.cgi?id=2282780", "https://bugzilla.redhat.com/show_bug.cgi?id=2282887", "https://bugzilla.redhat.com/show_bug.cgi?id=2282896", "https://bugzilla.redhat.com/show_bug.cgi?id=2282923", "https://bugzilla.redhat.com/show_bug.cgi?id=2282925", "https://bugzilla.redhat.com/show_bug.cgi?id=2282950", "https://bugzilla.redhat.com/show_bug.cgi?id=2283401", "https://bugzilla.redhat.com/show_bug.cgi?id=2283894", "https://bugzilla.redhat.com/show_bug.cgi?id=2284400", "https://bugzilla.redhat.com/show_bug.cgi?id=2284417", "https://bugzilla.redhat.com/show_bug.cgi?id=2284421", "https://bugzilla.redhat.com/show_bug.cgi?id=2284465", "https://bugzilla.redhat.com/show_bug.cgi?id=2284474", "https://bugzilla.redhat.com/show_bug.cgi?id=2284477", "https://bugzilla.redhat.com/show_bug.cgi?id=2284488", "https://bugzilla.redhat.com/show_bug.cgi?id=2284496", "https://bugzilla.redhat.com/show_bug.cgi?id=2284500", "https://bugzilla.redhat.com/show_bug.cgi?id=2284513", "https://bugzilla.redhat.com/show_bug.cgi?id=2284519", "https://bugzilla.redhat.com/show_bug.cgi?id=2284539", "https://bugzilla.redhat.com/show_bug.cgi?id=2284541", "https://bugzilla.redhat.com/show_bug.cgi?id=2284556", "https://bugzilla.redhat.com/show_bug.cgi?id=2284571", "https://bugzilla.redhat.com/show_bug.cgi?id=2284590", "https://bugzilla.redhat.com/show_bug.cgi?id=2284625", "https://bugzilla.redhat.com/show_bug.cgi?id=2290408", "https://bugzilla.redhat.com/show_bug.cgi?id=2292331", "https://bugzilla.redhat.com/show_bug.cgi?id=2293078", "https://bugzilla.redhat.com/show_bug.cgi?id=2293250", "https://bugzilla.redhat.com/show_bug.cgi?id=2293276", "https://bugzilla.redhat.com/show_bug.cgi?id=2293312", "https://bugzilla.redhat.com/show_bug.cgi?id=2293316", "https://bugzilla.redhat.com/show_bug.cgi?id=2293348", "https://bugzilla.redhat.com/show_bug.cgi?id=2293367", "https://bugzilla.redhat.com/show_bug.cgi?id=2293371", "https://bugzilla.redhat.com/show_bug.cgi?id=2293383", "https://bugzilla.redhat.com/show_bug.cgi?id=2293418", "https://bugzilla.redhat.com/show_bug.cgi?id=2293420", "https://bugzilla.redhat.com/show_bug.cgi?id=2293444", "https://bugzilla.redhat.com/show_bug.cgi?id=2293461", "https://bugzilla.redhat.com/show_bug.cgi?id=2293653", "https://bugzilla.redhat.com/show_bug.cgi?id=2293657", "https://bugzilla.redhat.com/show_bug.cgi?id=2293684", "https://bugzilla.redhat.com/show_bug.cgi?id=2293687", "https://bugzilla.redhat.com/show_bug.cgi?id=2293700", "https://bugzilla.redhat.com/show_bug.cgi?id=2293711", "https://bugzilla.redhat.com/show_bug.cgi?id=2294274", "https://bugzilla.redhat.com/show_bug.cgi?id=2295914", "https://bugzilla.redhat.com/show_bug.cgi?id=2296067", "https://bugzilla.redhat.com/show_bug.cgi?id=2297056", "https://bugzilla.redhat.com/show_bug.cgi?id=2297474", "https://bugzilla.redhat.com/show_bug.cgi?id=2297558", "https://bugzilla.redhat.com/show_bug.cgi?id=2298108", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974", "https://errata.almalinux.org/8/ALSA-2024-5102.html", "https://errata.rockylinux.org/RLSA-2024:5101", "https://git.kernel.org/linus/7e11a2966f51695c0af0b1f976a32d64dee243b2 (6.9-rc1)", "https://git.kernel.org/stable/c/4f11c741908dab7dd48fa5a986b210d4fc74ca8d", "https://git.kernel.org/stable/c/7e11a2966f51695c0af0b1f976a32d64dee243b2", "https://git.kernel.org/stable/c/b34d64e9aa5505e3c84570aed5c757f1839573e8", "https://linux.oracle.com/cve/CVE-2024-35946.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/2024051921-CVE-2024-35946-c2c2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-35946", "https://ubuntu.com/security/notices/USN-6893-1", "https://ubuntu.com/security/notices/USN-6893-2", "https://ubuntu.com/security/notices/USN-6893-3", "https://ubuntu.com/security/notices/USN-6918-1", "https://www.cve.org/CVERecord?id=CVE-2024-35946" ], "PublishedDate": "2024-05-19T11:15:50.18Z", "LastModifiedDate": "2025-01-31T15:02:04.3Z" }, { "VulnerabilityID": "CVE-2024-35949", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-35949", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:82806f696abfc5fe34c1732000caf829b2e38b3a24af40df3379c755ca9a6bb6", "Title": "kernel: btrfs: make sure that WRITTEN is set on all metadata blocks", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: make sure that WRITTEN is set on all metadata blocks\n\nWe previously would call btrfs_check_leaf() if we had the check\nintegrity code enabled, which meant that we could only run the extended\nleaf checks if we had WRITTEN set on the header flags.\n\nThis leaves a gap in our checking, because we could end up with\ncorruption on disk where WRITTEN isn't set on the leaf, and then the\nextended leaf checks don't get run which we rely on to validate all of\nthe item pointers to make sure we don't access memory outside of the\nextent buffer.\n\nHowever, since 732fab95abe2 (\"btrfs: check-integrity: remove\nCONFIG_BTRFS_FS_CHECK_INTEGRITY option\") we no longer call\nbtrfs_check_leaf() from btrfs_mark_buffer_dirty(), which means we only\never call it on blocks that are being written out, and thus have WRITTEN\nset, or that are being read in, which should have WRITTEN set.\n\nAdd checks to make sure we have WRITTEN set appropriately, and then make\nsure __btrfs_check_leaf() always does the item checking. This will\nprotect us from file systems that have been corrupted and no longer have\nWRITTEN set on some of the blocks.\n\nThis was hit on a crafted image tweaking the WRITTEN bit and reported by\nKASAN as out-of-bound access in the eb accessors. The example is a dir\nitem at the end of an eb.\n\n [2.042] BTRFS warning (device loop1): bad eb member start: ptr 0x3fff start 30572544 member offset 16410 size 2\n [2.040] general protection fault, probably for non-canonical address 0xe0009d1000000003: 0000 [#1] PREEMPT SMP KASAN NOPTI\n [2.537] KASAN: maybe wild-memory-access in range [0x0005088000000018-0x000508800000001f]\n [2.729] CPU: 0 PID: 2587 Comm: mount Not tainted 6.8.2 #1\n [2.729] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n [2.621] RIP: 0010:btrfs_get_16+0x34b/0x6d0\n [2.621] RSP: 0018:ffff88810871fab8 EFLAGS: 00000206\n [2.621] RAX: 0000a11000000003 RBX: ffff888104ff8720 RCX: ffff88811b2288c0\n [2.621] RDX: dffffc0000000000 RSI: ffffffff81dd8aca RDI: ffff88810871f748\n [2.621] RBP: 000000000000401a R08: 0000000000000001 R09: ffffed10210e3ee9\n [2.621] R10: ffff88810871f74f R11: 205d323430333737 R12: 000000000000001a\n [2.621] R13: 000508800000001a R14: 1ffff110210e3f5d R15: ffffffff850011e8\n [2.621] FS: 00007f56ea275840(0000) GS:ffff88811b200000(0000) knlGS:0000000000000000\n [2.621] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [2.621] CR2: 00007febd13b75c0 CR3: 000000010bb50000 CR4: 00000000000006f0\n [2.621] Call Trace:\n [2.621] \u003cTASK\u003e\n [2.621] ? show_regs+0x74/0x80\n [2.621] ? die_addr+0x46/0xc0\n [2.621] ? exc_general_protection+0x161/0x2a0\n [2.621] ? asm_exc_general_protection+0x26/0x30\n [2.621] ? btrfs_get_16+0x33a/0x6d0\n [2.621] ? btrfs_get_16+0x34b/0x6d0\n [2.621] ? btrfs_get_16+0x33a/0x6d0\n [2.621] ? __pfx_btrfs_get_16+0x10/0x10\n [2.621] ? __pfx_mutex_unlock+0x10/0x10\n [2.621] btrfs_match_dir_item_name+0x101/0x1a0\n [2.621] btrfs_lookup_dir_item+0x1f3/0x280\n [2.621] ? __pfx_btrfs_lookup_dir_item+0x10/0x10\n [2.621] btrfs_get_tree+0xd25/0x1910\n\n[ copy more details from report ]", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-35949", "https://git.kernel.org/linus/e03418abde871314e1a3a550f4c8afb7b89cb273 (6.9)", "https://git.kernel.org/stable/c/9dff3e36ea89e8003516841c27c45af562b6ef44", "https://git.kernel.org/stable/c/e03418abde871314e1a3a550f4c8afb7b89cb273", "https://git.kernel.org/stable/c/ef3ba8ce8cf7075b716aa4afcefc3034215878ee", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTB4HWU2PTVW5NEYHHLOCXDKG3PYA534/", "https://lore.kernel.org/linux-cve-announce/2024052045-CVE-2024-35949-4a64@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-35949", "https://ubuntu.com/security/notices/USN-6949-1", "https://ubuntu.com/security/notices/USN-6949-2", "https://ubuntu.com/security/notices/USN-6952-1", "https://ubuntu.com/security/notices/USN-6952-2", "https://ubuntu.com/security/notices/USN-6955-1", "https://www.cve.org/CVERecord?id=CVE-2024-35949" ], "PublishedDate": "2024-05-20T10:15:10.413Z", "LastModifiedDate": "2025-12-23T19:23:52.8Z" }, { "VulnerabilityID": "CVE-2024-35956", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-35956", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c34049042da76b19e43d67f1732bdd9721b082d7ec98771ac734e0125136b846", "Title": "kernel: btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations\n\nCreate subvolume, create snapshot and delete subvolume all use\nbtrfs_subvolume_reserve_metadata() to reserve metadata for the changes\ndone to the parent subvolume's fs tree, which cannot be mediated in the\nnormal way via start_transaction. When quota groups (squota or qgroups)\nare enabled, this reserves qgroup metadata of type PREALLOC. Once the\noperation is associated to a transaction, we convert PREALLOC to\nPERTRANS, which gets cleared in bulk at the end of the transaction.\n\nHowever, the error paths of these three operations were not implementing\nthis lifecycle correctly. They unconditionally converted the PREALLOC to\nPERTRANS in a generic cleanup step regardless of errors or whether the\noperation was fully associated to a transaction or not. This resulted in\nerror paths occasionally converting this rsv to PERTRANS without calling\nrecord_root_in_trans successfully, which meant that unless that root got\nrecorded in the transaction by some other thread, the end of the\ntransaction would not free that root's PERTRANS, leaking it. Ultimately,\nthis resulted in hitting a WARN in CONFIG_BTRFS_DEBUG builds at unmount\nfor the leaked reservation.\n\nThe fix is to ensure that every qgroup PREALLOC reservation observes the\nfollowing properties:\n\n1. any failure before record_root_in_trans is called successfully\n results in freeing the PREALLOC reservation.\n2. after record_root_in_trans, we convert to PERTRANS, and now the\n transaction owns freeing the reservation.\n\nThis patch enforces those properties on the three operations. Without\nit, generic/269 with squotas enabled at mkfs time would fail in ~5-10\nruns on my system. With this patch, it ran successfully 1000 times in a\nrow.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-35956", "https://git.kernel.org/linus/74e97958121aa1f5854da6effba70143f051b0cd (6.9-rc4)", "https://git.kernel.org/stable/c/14431815a4ae4bcd7c7a68b6a64c66c7712d27c9", "https://git.kernel.org/stable/c/6c95336f5d8eb9ab79cd7306d71b6d0477363f8c", "https://git.kernel.org/stable/c/74e97958121aa1f5854da6effba70143f051b0cd", "https://git.kernel.org/stable/c/945559be6e282a812dc48f7bcd5adc60901ea4a0", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024052018-CVE-2024-35956-3c25@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-35956", "https://ubuntu.com/security/notices/USN-6893-1", "https://ubuntu.com/security/notices/USN-6893-2", "https://ubuntu.com/security/notices/USN-6893-3", "https://ubuntu.com/security/notices/USN-6918-1", "https://www.cve.org/CVERecord?id=CVE-2024-35956" ], "PublishedDate": "2024-05-20T10:15:10.92Z", "LastModifiedDate": "2025-11-03T21:16:11.953Z" }, { "VulnerabilityID": "CVE-2024-35959", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-35959", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:697a677574ff2e0f76d90dcc95fc756312fb4951419a25f9e5cf08d3e4b5229c", "Title": "kernel: net/mlx5e: Fix mlx5e_priv_init() cleanup flow", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix mlx5e_priv_init() cleanup flow\n\nWhen mlx5e_priv_init() fails, the cleanup flow calls mlx5e_selq_cleanup which\ncalls mlx5e_selq_apply() that assures that the `priv-\u003estate_lock` is held using\nlockdep_is_held().\n\nAcquire the state_lock in mlx5e_selq_cleanup().\n\nKernel log:\n=============================\nWARNING: suspicious RCU usage\n6.8.0-rc3_net_next_841a9b5 #1 Not tainted\n-----------------------------\ndrivers/net/ethernet/mellanox/mlx5/core/en/selq.c:124 suspicious rcu_dereference_protected() usage!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n2 locks held by systemd-modules/293:\n #0: ffffffffa05067b0 (devices_rwsem){++++}-{3:3}, at: ib_register_client+0x109/0x1b0 [ib_core]\n #1: ffff8881096c65c0 (\u0026device-\u003eclient_data_rwsem){++++}-{3:3}, at: add_client_context+0x104/0x1c0 [ib_core]\n\nstack backtrace:\nCPU: 4 PID: 293 Comm: systemd-modules Not tainted 6.8.0-rc3_net_next_841a9b5 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x8a/0xa0\n lockdep_rcu_suspicious+0x154/0x1a0\n mlx5e_selq_apply+0x94/0xa0 [mlx5_core]\n mlx5e_selq_cleanup+0x3a/0x60 [mlx5_core]\n mlx5e_priv_init+0x2be/0x2f0 [mlx5_core]\n mlx5_rdma_setup_rn+0x7c/0x1a0 [mlx5_core]\n rdma_init_netdev+0x4e/0x80 [ib_core]\n ? mlx5_rdma_netdev_free+0x70/0x70 [mlx5_core]\n ipoib_intf_init+0x64/0x550 [ib_ipoib]\n ipoib_intf_alloc+0x4e/0xc0 [ib_ipoib]\n ipoib_add_one+0xb0/0x360 [ib_ipoib]\n add_client_context+0x112/0x1c0 [ib_core]\n ib_register_client+0x166/0x1b0 [ib_core]\n ? 0xffffffffa0573000\n ipoib_init_module+0xeb/0x1a0 [ib_ipoib]\n do_one_initcall+0x61/0x250\n do_init_module+0x8a/0x270\n init_module_from_file+0x8b/0xd0\n idempotent_init_module+0x17d/0x230\n __x64_sys_finit_module+0x61/0xb0\n do_syscall_64+0x71/0x140\n entry_SYSCALL_64_after_hwframe+0x46/0x4e\n \u003c/TASK\u003e", "Severity": "MEDIUM", "CweIDs": [ "CWE-459" ], "VendorSeverity": { "alma": 3, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 1, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:4352", "https://access.redhat.com/security/cve/CVE-2024-35959", "https://bugzilla.redhat.com/1918601", "https://bugzilla.redhat.com/2248122", "https://bugzilla.redhat.com/2258875", "https://bugzilla.redhat.com/2265517", "https://bugzilla.redhat.com/2265519", "https://bugzilla.redhat.com/2265520", "https://bugzilla.redhat.com/2265800", "https://bugzilla.redhat.com/2266408", "https://bugzilla.redhat.com/2266831", "https://bugzilla.redhat.com/2267513", "https://bugzilla.redhat.com/2267518", "https://bugzilla.redhat.com/2267730", "https://bugzilla.redhat.com/2270093", "https://bugzilla.redhat.com/2271680", "https://bugzilla.redhat.com/2272692", "https://bugzilla.redhat.com/2272829", "https://bugzilla.redhat.com/2273204", "https://bugzilla.redhat.com/2273278", "https://bugzilla.redhat.com/2273423", "https://bugzilla.redhat.com/2273429", "https://bugzilla.redhat.com/2275604", "https://bugzilla.redhat.com/2275633", "https://bugzilla.redhat.com/2275635", "https://bugzilla.redhat.com/2275733", "https://bugzilla.redhat.com/2278337", "https://bugzilla.redhat.com/2278354", "https://bugzilla.redhat.com/2280434", "https://bugzilla.redhat.com/2281057", "https://bugzilla.redhat.com/2281113", "https://bugzilla.redhat.com/2281157", "https://bugzilla.redhat.com/2281165", "https://bugzilla.redhat.com/2281251", "https://bugzilla.redhat.com/2281253", "https://bugzilla.redhat.com/2281255", "https://bugzilla.redhat.com/2281257", "https://bugzilla.redhat.com/2281272", "https://bugzilla.redhat.com/2281350", "https://bugzilla.redhat.com/2281689", "https://bugzilla.redhat.com/2281693", "https://bugzilla.redhat.com/2281920", "https://bugzilla.redhat.com/2281923", "https://bugzilla.redhat.com/2281925", "https://bugzilla.redhat.com/2281953", "https://bugzilla.redhat.com/2281986", "https://bugzilla.redhat.com/2282394", "https://bugzilla.redhat.com/2282400", "https://bugzilla.redhat.com/2282471", "https://bugzilla.redhat.com/2282472", "https://bugzilla.redhat.com/2282581", "https://bugzilla.redhat.com/2282609", "https://bugzilla.redhat.com/2282612", "https://bugzilla.redhat.com/2282653", "https://bugzilla.redhat.com/2282680", "https://bugzilla.redhat.com/2282698", "https://bugzilla.redhat.com/2282712", "https://bugzilla.redhat.com/2282735", "https://bugzilla.redhat.com/2282902", "https://bugzilla.redhat.com/2282920", "https://bugzilla.redhat.com/show_bug.cgi?id=1918601", "https://bugzilla.redhat.com/show_bug.cgi?id=2248122", "https://bugzilla.redhat.com/show_bug.cgi?id=2258875", "https://bugzilla.redhat.com/show_bug.cgi?id=2265517", "https://bugzilla.redhat.com/show_bug.cgi?id=2265519", "https://bugzilla.redhat.com/show_bug.cgi?id=2265520", "https://bugzilla.redhat.com/show_bug.cgi?id=2265800", "https://bugzilla.redhat.com/show_bug.cgi?id=2266408", "https://bugzilla.redhat.com/show_bug.cgi?id=2266831", "https://bugzilla.redhat.com/show_bug.cgi?id=2267513", "https://bugzilla.redhat.com/show_bug.cgi?id=2267518", "https://bugzilla.redhat.com/show_bug.cgi?id=2267730", "https://bugzilla.redhat.com/show_bug.cgi?id=2270093", "https://bugzilla.redhat.com/show_bug.cgi?id=2271680", "https://bugzilla.redhat.com/show_bug.cgi?id=2272692", "https://bugzilla.redhat.com/show_bug.cgi?id=2272829", "https://bugzilla.redhat.com/show_bug.cgi?id=2273204", "https://bugzilla.redhat.com/show_bug.cgi?id=2273278", "https://bugzilla.redhat.com/show_bug.cgi?id=2273423", "https://bugzilla.redhat.com/show_bug.cgi?id=2273429", "https://bugzilla.redhat.com/show_bug.cgi?id=2275604", "https://bugzilla.redhat.com/show_bug.cgi?id=2275633", "https://bugzilla.redhat.com/show_bug.cgi?id=2275635", "https://bugzilla.redhat.com/show_bug.cgi?id=2275733", "https://bugzilla.redhat.com/show_bug.cgi?id=2278337", "https://bugzilla.redhat.com/show_bug.cgi?id=2278354", "https://bugzilla.redhat.com/show_bug.cgi?id=2280434", "https://bugzilla.redhat.com/show_bug.cgi?id=2281057", "https://bugzilla.redhat.com/show_bug.cgi?id=2281113", "https://bugzilla.redhat.com/show_bug.cgi?id=2281157", "https://bugzilla.redhat.com/show_bug.cgi?id=2281165", "https://bugzilla.redhat.com/show_bug.cgi?id=2281251", "https://bugzilla.redhat.com/show_bug.cgi?id=2281253", "https://bugzilla.redhat.com/show_bug.cgi?id=2281255", "https://bugzilla.redhat.com/show_bug.cgi?id=2281257", "https://bugzilla.redhat.com/show_bug.cgi?id=2281272", "https://bugzilla.redhat.com/show_bug.cgi?id=2281311", "https://bugzilla.redhat.com/show_bug.cgi?id=2281334", "https://bugzilla.redhat.com/show_bug.cgi?id=2281346", "https://bugzilla.redhat.com/show_bug.cgi?id=2281350", "https://bugzilla.redhat.com/show_bug.cgi?id=2281689", "https://bugzilla.redhat.com/show_bug.cgi?id=2281693", "https://bugzilla.redhat.com/show_bug.cgi?id=2281920", "https://bugzilla.redhat.com/show_bug.cgi?id=2281923", "https://bugzilla.redhat.com/show_bug.cgi?id=2281925", "https://bugzilla.redhat.com/show_bug.cgi?id=2281953", "https://bugzilla.redhat.com/show_bug.cgi?id=2281986", "https://bugzilla.redhat.com/show_bug.cgi?id=2282394", "https://bugzilla.redhat.com/show_bug.cgi?id=2282400", "https://bugzilla.redhat.com/show_bug.cgi?id=2282471", "https://bugzilla.redhat.com/show_bug.cgi?id=2282472", "https://bugzilla.redhat.com/show_bug.cgi?id=2282581", "https://bugzilla.redhat.com/show_bug.cgi?id=2282609", "https://bugzilla.redhat.com/show_bug.cgi?id=2282612", "https://bugzilla.redhat.com/show_bug.cgi?id=2282653", "https://bugzilla.redhat.com/show_bug.cgi?id=2282680", "https://bugzilla.redhat.com/show_bug.cgi?id=2282698", "https://bugzilla.redhat.com/show_bug.cgi?id=2282712", "https://bugzilla.redhat.com/show_bug.cgi?id=2282735", "https://bugzilla.redhat.com/show_bug.cgi?id=2282902", "https://bugzilla.redhat.com/show_bug.cgi?id=2282920", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26555", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46909", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46972", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47069", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47073", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47236", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47310", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47311", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47353", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47356", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47456", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47495", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5090", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52464", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52560", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52615", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52626", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52667", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52669", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52686", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52700", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52703", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52781", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52813", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52835", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52877", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52878", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52881", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26583", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26584", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26585", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26656", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26735", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26759", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26801", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26804", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26859", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26906", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26907", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26974", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26982", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27397", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27410", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35789", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35835", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35838", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35845", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35852", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35854", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35855", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35888", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35890", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35958", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35959", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35960", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36004", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36007", "https://errata.almalinux.org/8/ALSA-2024-4352.html", "https://errata.rockylinux.org/RLSA-2024:4211", "https://git.kernel.org/linus/ecb829459a841198e142f72fadab56424ae96519 (6.9-rc4)", "https://git.kernel.org/stable/c/6bd77865fda662913dcb5722a66a773840370aa7", "https://git.kernel.org/stable/c/ad26f26abd353113dea4e8d5ebadccdab9b61e76", "https://git.kernel.org/stable/c/ecb829459a841198e142f72fadab56424ae96519", "https://git.kernel.org/stable/c/f9ac93b6f3de34aa0bb983b9be4f69ca50fc70f3", "https://linux.oracle.com/cve/CVE-2024-35959.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/2024052019-CVE-2024-35959-6e06@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-35959", "https://ubuntu.com/security/notices/USN-6893-1", "https://ubuntu.com/security/notices/USN-6893-2", "https://ubuntu.com/security/notices/USN-6893-3", "https://ubuntu.com/security/notices/USN-6918-1", "https://www.cve.org/CVERecord?id=CVE-2024-35959" ], "PublishedDate": "2024-05-20T10:15:11.123Z", "LastModifiedDate": "2025-09-23T17:48:29.13Z" }, { "VulnerabilityID": "CVE-2024-35971", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-35971", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:225a6ea3246957c1c1b40bed8bf98e75fbe1242e12d7b5656c3c2d07e6ea9105", "Title": "kernel: net: ks8851: Handle softirqs at the end of IRQ thread to fix hang", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ks8851: Handle softirqs at the end of IRQ thread to fix hang\n\nThe ks8851_irq() thread may call ks8851_rx_pkts() in case there are\nany packets in the MAC FIFO, which calls netif_rx(). This netif_rx()\nimplementation is guarded by local_bh_disable() and local_bh_enable().\nThe local_bh_enable() may call do_softirq() to run softirqs in case\nany are pending. One of the softirqs is net_rx_action, which ultimately\nreaches the driver .start_xmit callback. If that happens, the system\nhangs. The entire call chain is below:\n\nks8851_start_xmit_par from netdev_start_xmit\nnetdev_start_xmit from dev_hard_start_xmit\ndev_hard_start_xmit from sch_direct_xmit\nsch_direct_xmit from __dev_queue_xmit\n__dev_queue_xmit from __neigh_update\n__neigh_update from neigh_update\nneigh_update from arp_process.constprop.0\narp_process.constprop.0 from __netif_receive_skb_one_core\n__netif_receive_skb_one_core from process_backlog\nprocess_backlog from __napi_poll.constprop.0\n__napi_poll.constprop.0 from net_rx_action\nnet_rx_action from __do_softirq\n__do_softirq from call_with_stack\ncall_with_stack from do_softirq\ndo_softirq from __local_bh_enable_ip\n__local_bh_enable_ip from netif_rx\nnetif_rx from ks8851_irq\nks8851_irq from irq_thread_fn\nirq_thread_fn from irq_thread\nirq_thread from kthread\nkthread from ret_from_fork\n\nThe hang happens because ks8851_irq() first locks a spinlock in\nks8851_par.c ks8851_lock_par() spin_lock_irqsave(\u0026ksp-\u003elock, ...)\nand with that spinlock locked, calls netif_rx(). Once the execution\nreaches ks8851_start_xmit_par(), it calls ks8851_lock_par() again\nwhich attempts to claim the already locked spinlock again, and the\nhang happens.\n\nMove the do_softirq() call outside of the spinlock protected section\nof ks8851_irq() by disabling BHs around the entire spinlock protected\nsection of ks8851_irq() handler. Place local_bh_enable() outside of\nthe spinlock protected section, so that it can trigger do_softirq()\nwithout the ks8851_par.c ks8851_lock_par() spinlock being held, and\nsafely call ks8851_start_xmit_par() without attempting to lock the\nalready locked spinlock.\n\nSince ks8851_irq() is protected by local_bh_disable()/local_bh_enable()\nnow, replace netif_rx() with __netif_rx() which is not duplicating the\nlocal_bh_disable()/local_bh_enable() calls.", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/05/30/1", "http://www.openwall.com/lists/oss-security/2024/05/30/2", "https://access.redhat.com/security/cve/CVE-2024-35971", "https://git.kernel.org/linus/be0384bf599cf1eb8d337517feeb732d71f75a6f (6.9-rc4)", "https://git.kernel.org/stable/c/492337a4fbd1421b42df684ee9b34be2a2722540", "https://git.kernel.org/stable/c/49d5d70538b6b8f2a3f8f1ac30c1f921d4a0929b", "https://git.kernel.org/stable/c/be0384bf599cf1eb8d337517feeb732d71f75a6f", "https://git.kernel.org/stable/c/cba376eb036c2c20077b41d47b317d8218fe754f", "https://lore.kernel.org/linux-cve-announce/2024052023-CVE-2024-35971-fb84@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-35971", "https://ubuntu.com/security/notices/USN-6893-1", "https://ubuntu.com/security/notices/USN-6893-2", "https://ubuntu.com/security/notices/USN-6893-3", "https://ubuntu.com/security/notices/USN-6918-1", "https://www.cve.org/CVERecord?id=CVE-2024-35971" ], "PublishedDate": "2024-05-20T10:15:11.947Z", "LastModifiedDate": "2025-09-24T18:18:07.297Z" }, { "VulnerabilityID": "CVE-2024-35995", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-35995", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c6b30f33d2c64bf248728bd8630aae7a07bfc536257c7d5a69fa3e69152ace04", "Title": "kernel: ACPI: CPPC: Use access_width over bit_width for system memory accesses", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: CPPC: Use access_width over bit_width for system memory accesses\n\nTo align with ACPI 6.3+, since bit_width can be any 8-bit value, it\ncannot be depended on to be always on a clean 8b boundary. This was\nuncovered on the Cobalt 100 platform.\n\nSError Interrupt on CPU26, code 0xbe000011 -- SError\n CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1\n Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION\n pstate: 62400009 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)\n pc : cppc_get_perf_caps+0xec/0x410\n lr : cppc_get_perf_caps+0xe8/0x410\n sp : ffff8000155ab730\n x29: ffff8000155ab730 x28: ffff0080139d0038 x27: ffff0080139d0078\n x26: 0000000000000000 x25: ffff0080139d0058 x24: 00000000ffffffff\n x23: ffff0080139d0298 x22: ffff0080139d0278 x21: 0000000000000000\n x20: ffff00802b251910 x19: ffff0080139d0000 x18: ffffffffffffffff\n x17: 0000000000000000 x16: ffffdc7e111bad04 x15: ffff00802b251008\n x14: ffffffffffffffff x13: ffff013f1fd63300 x12: 0000000000000006\n x11: ffffdc7e128f4420 x10: 0000000000000000 x9 : ffffdc7e111badec\n x8 : ffff00802b251980 x7 : 0000000000000000 x6 : ffff0080139d0028\n x5 : 0000000000000000 x4 : ffff0080139d0018 x3 : 00000000ffffffff\n x2 : 0000000000000008 x1 : ffff8000155ab7a0 x0 : 0000000000000000\n Kernel panic - not syncing: Asynchronous SError Interrupt\n CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted\n5.15.2.1-13 #1\n Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION\n Call trace:\n dump_backtrace+0x0/0x1e0\n show_stack+0x24/0x30\n dump_stack_lvl+0x8c/0xb8\n dump_stack+0x18/0x34\n panic+0x16c/0x384\n add_taint+0x0/0xc0\n arm64_serror_panic+0x7c/0x90\n arm64_is_fatal_ras_serror+0x34/0xa4\n do_serror+0x50/0x6c\n el1h_64_error_handler+0x40/0x74\n el1h_64_error+0x7c/0x80\n cppc_get_perf_caps+0xec/0x410\n cppc_cpufreq_cpu_init+0x74/0x400 [cppc_cpufreq]\n cpufreq_online+0x2dc/0xa30\n cpufreq_add_dev+0xc0/0xd4\n subsys_interface_register+0x134/0x14c\n cpufreq_register_driver+0x1b0/0x354\n cppc_cpufreq_init+0x1a8/0x1000 [cppc_cpufreq]\n do_one_initcall+0x50/0x250\n do_init_module+0x60/0x27c\n load_module+0x2300/0x2570\n __do_sys_finit_module+0xa8/0x114\n __arm64_sys_finit_module+0x2c/0x3c\n invoke_syscall+0x78/0x100\n el0_svc_common.constprop.0+0x180/0x1a0\n do_el0_svc+0x84/0xa0\n el0_svc+0x2c/0xc0\n el0t_64_sync_handler+0xa4/0x12c\n el0t_64_sync+0x1a4/0x1a8\n\nInstead, use access_width to determine the size and use the offset and\nwidth to shift and mask the bits to read/write out. Make sure to add a\ncheck for system memory since pcc redefines the access_width to\nsubspace id.\n\nIf access_width is not set, then fall back to using bit_width.\n\n[ rjw: Subject and changelog edits, comment adjustments ]", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-35995", "https://git.kernel.org/linus/2f4a4d63a193be6fd530d180bb13c3592052904c (6.9-rc1)", "https://git.kernel.org/stable/c/01fc53be672acae37e611c80cc0b4f3939584de3", "https://git.kernel.org/stable/c/1b890ae474d19800a6be1696df7fb4d9a41676e4", "https://git.kernel.org/stable/c/2f4a4d63a193be6fd530d180bb13c3592052904c", "https://git.kernel.org/stable/c/4949affd5288b867cdf115f5b08d6166b2027f87", "https://git.kernel.org/stable/c/6cb6b12b78dcd8867a3fdbb1b6d0ed1df2b208d1", "https://git.kernel.org/stable/c/6dfd79ed04c578f1d9a9a41ba5b2015cf9f03fc3", "https://git.kernel.org/stable/c/b54c4632946ae42f2b39ed38abd909bbf78cbcc2", "https://linux.oracle.com/cve/CVE-2024-35995.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/2024052021-CVE-2024-35995-abbc@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-35995", "https://www.cve.org/CVERecord?id=CVE-2024-35995" ], "PublishedDate": "2024-05-20T10:15:13.597Z", "LastModifiedDate": "2025-09-24T18:21:27.347Z" }, { "VulnerabilityID": "CVE-2024-35998", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-35998", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:70ed42b159f1fa707369a893881b90d160cd687d06e2898f8a550e767bff4f9d", "Title": "kernel: smb3: fix lock ordering potential deadlock in cifs_sync_mid_result", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb3: fix lock ordering potential deadlock in cifs_sync_mid_result\n\nCoverity spotted that the cifs_sync_mid_result function could deadlock\n\n\"Thread deadlock (ORDER_REVERSAL) lock_order: Calling spin_lock acquires\nlock TCP_Server_Info.srv_lock while holding lock TCP_Server_Info.mid_lock\"\n\nAddresses-Coverity: 1590401 (\"Thread deadlock (ORDER_REVERSAL)\")", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-35998", "https://git.kernel.org/linus/8861fd5180476f45f9e8853db154600469a0284f (6.9-rc6)", "https://git.kernel.org/stable/c/699f8958dece132709c0bff6a9700999a2a63b75", "https://git.kernel.org/stable/c/8248224ab5b8ca7559b671917c224296a4d671fc", "https://git.kernel.org/stable/c/8861fd5180476f45f9e8853db154600469a0284f", "https://git.kernel.org/stable/c/c7a4bca289e50bb4b2650f845c41bb3e453f4c66", "https://lore.kernel.org/linux-cve-announce/2024052022-CVE-2024-35998-96a4@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-35998", "https://ubuntu.com/security/notices/USN-6949-1", "https://ubuntu.com/security/notices/USN-6949-2", "https://ubuntu.com/security/notices/USN-6952-1", "https://ubuntu.com/security/notices/USN-6952-2", "https://ubuntu.com/security/notices/USN-6955-1", "https://www.cve.org/CVERecord?id=CVE-2024-35998" ], "PublishedDate": "2024-05-20T10:15:14.03Z", "LastModifiedDate": "2025-01-10T18:12:11.843Z" }, { "VulnerabilityID": "CVE-2024-35999", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-35999", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f3dd20f33bd605e11e4a6f64154b9b177e4b9fc2c73f0e653db224fe8bc95d67", "Title": "kernel: smb3: missing lock when picking channel", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb3: missing lock when picking channel\n\nCoverity spotted a place where we should have been holding the\nchannel lock when accessing the ses channel index.\n\nAddresses-Coverity: 1582039 (\"Data race condition (MISSING_LOCK)\")", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "amazon": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-35999", "https://git.kernel.org/linus/8094a600245e9b28eb36a13036f202ad67c1f887 (6.9-rc6)", "https://git.kernel.org/stable/c/0fcf7e219448e937681216353c9a58abae6d3c2e", "https://git.kernel.org/stable/c/60ab245292280905603bc0d3654f4cf8fceccb00", "https://git.kernel.org/stable/c/8094a600245e9b28eb36a13036f202ad67c1f887", "https://git.kernel.org/stable/c/98c7ed29cd754ae7475dc7cb3f33399fda902729", "https://lore.kernel.org/linux-cve-announce/2024052023-CVE-2024-35999-da29@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-35999", "https://ubuntu.com/security/notices/USN-6949-1", "https://ubuntu.com/security/notices/USN-6949-2", "https://ubuntu.com/security/notices/USN-6952-1", "https://ubuntu.com/security/notices/USN-6952-2", "https://ubuntu.com/security/notices/USN-6955-1", "https://www.cve.org/CVERecord?id=CVE-2024-35999" ], "PublishedDate": "2024-05-20T10:15:14.1Z", "LastModifiedDate": "2025-04-04T14:32:31.883Z" }, { "VulnerabilityID": "CVE-2024-36000", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-36000", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5cc384acb525e4a35dffabbf24b7a93f2f6475341c170fb6045aa02e83b4ba57", "Title": "kernel: mm/hugetlb: fix missing hugetlb_lock for resv uncharge", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: fix missing hugetlb_lock for resv uncharge\n\nThere is a recent report on UFFDIO_COPY over hugetlb:\n\nhttps://lore.kernel.org/all/000000000000ee06de0616177560@google.com/\n\n350:\tlockdep_assert_held(\u0026hugetlb_lock);\n\nShould be an issue in hugetlb but triggered in an userfault context, where\nit goes into the unlikely path where two threads modifying the resv map\ntogether. Mike has a fix in that path for resv uncharge but it looks like\nthe locking criteria was overlooked: hugetlb_cgroup_uncharge_folio_rsvd()\nwill update the cgroup pointer, so it requires to be called with the lock\nheld.", "Severity": "MEDIUM", "CweIDs": [ "CWE-617" ], "VendorSeverity": { "alma": 2, "amazon": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:6567", "https://access.redhat.com/security/cve/CVE-2024-36000", "https://bugzilla.redhat.com/2265797", "https://bugzilla.redhat.com/2269434", "https://bugzilla.redhat.com/2269436", "https://bugzilla.redhat.com/2273141", "https://bugzilla.redhat.com/2275678", "https://bugzilla.redhat.com/2278206", "https://bugzilla.redhat.com/2281052", "https://bugzilla.redhat.com/2281151", "https://bugzilla.redhat.com/2281727", "https://bugzilla.redhat.com/2281968", "https://bugzilla.redhat.com/2282709", "https://bugzilla.redhat.com/2284271", "https://bugzilla.redhat.com/2284402", "https://bugzilla.redhat.com/2293273", "https://bugzilla.redhat.com/2293276", "https://bugzilla.redhat.com/2293440", "https://bugzilla.redhat.com/2297511", "https://bugzilla.redhat.com/2297520", "https://bugzilla.redhat.com/2300409", "https://bugzilla.redhat.com/2300414", "https://bugzilla.redhat.com/2300429", "https://bugzilla.redhat.com/2300491", "https://bugzilla.redhat.com/2300520", "https://bugzilla.redhat.com/2300713", "https://bugzilla.redhat.com/2301465", "https://bugzilla.redhat.com/2301496", "https://bugzilla.redhat.com/2301637", "https://bugzilla.redhat.com/show_bug.cgi?id=2265797", "https://bugzilla.redhat.com/show_bug.cgi?id=2269434", "https://bugzilla.redhat.com/show_bug.cgi?id=2269436", "https://bugzilla.redhat.com/show_bug.cgi?id=2273141", "https://bugzilla.redhat.com/show_bug.cgi?id=2275678", "https://bugzilla.redhat.com/show_bug.cgi?id=2278206", "https://bugzilla.redhat.com/show_bug.cgi?id=2281052", "https://bugzilla.redhat.com/show_bug.cgi?id=2281151", "https://bugzilla.redhat.com/show_bug.cgi?id=2281727", "https://bugzilla.redhat.com/show_bug.cgi?id=2281968", "https://bugzilla.redhat.com/show_bug.cgi?id=2282709", "https://bugzilla.redhat.com/show_bug.cgi?id=2284271", "https://bugzilla.redhat.com/show_bug.cgi?id=2284402", "https://bugzilla.redhat.com/show_bug.cgi?id=2293273", "https://bugzilla.redhat.com/show_bug.cgi?id=2293276", "https://bugzilla.redhat.com/show_bug.cgi?id=2293440", "https://bugzilla.redhat.com/show_bug.cgi?id=2297511", "https://bugzilla.redhat.com/show_bug.cgi?id=2297520", "https://bugzilla.redhat.com/show_bug.cgi?id=2300409", "https://bugzilla.redhat.com/show_bug.cgi?id=2300414", "https://bugzilla.redhat.com/show_bug.cgi?id=2300429", "https://bugzilla.redhat.com/show_bug.cgi?id=2300491", "https://bugzilla.redhat.com/show_bug.cgi?id=2300520", "https://bugzilla.redhat.com/show_bug.cgi?id=2300713", "https://bugzilla.redhat.com/show_bug.cgi?id=2301465", "https://bugzilla.redhat.com/show_bug.cgi?id=2301496", "https://bugzilla.redhat.com/show_bug.cgi?id=2301637", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52801", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26629", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26630", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26720", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26886", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26946", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35797", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35875", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36019", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36883", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38559", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38619", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40936", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41040", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41044", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41055", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41073", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41096", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42082", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42096", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42102", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42131", "https://errata.almalinux.org/9/ALSA-2024-6567.html", "https://errata.rockylinux.org/RLSA-2024:6567", "https://git.kernel.org/linus/b76b46902c2d0395488c8412e1116c2486cdfcb2 (6.9-rc6)", "https://git.kernel.org/stable/c/4c806333efea1000a2a9620926f560ad2e1ca7cc", "https://git.kernel.org/stable/c/538faabf31e9c53d8c870d114846fda958a0de10", "https://git.kernel.org/stable/c/b76b46902c2d0395488c8412e1116c2486cdfcb2", "https://git.kernel.org/stable/c/f6c5d21db16a0910152ec8aa9d5a7aed72694505", "https://linux.oracle.com/cve/CVE-2024-36000.html", "https://linux.oracle.com/errata/ELSA-2024-6567.html", "https://lore.kernel.org/linux-cve-announce/2024052023-CVE-2024-36000-cfc4@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-36000", "https://ubuntu.com/security/notices/USN-6949-1", "https://ubuntu.com/security/notices/USN-6949-2", "https://ubuntu.com/security/notices/USN-6952-1", "https://ubuntu.com/security/notices/USN-6952-2", "https://ubuntu.com/security/notices/USN-6955-1", "https://www.cve.org/CVERecord?id=CVE-2024-36000" ], "PublishedDate": "2024-05-20T10:15:14.163Z", "LastModifiedDate": "2025-09-23T18:23:11.29Z" }, { "VulnerabilityID": "CVE-2024-36009", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-36009", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e51038331edfbaf46a80b4df86944d1b4f0c87ce6e894a7b7a72f543f442f399", "Title": "kernel: ax25: Fix netdev refcount issue", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: Fix netdev refcount issue\n\nThe dev_tracker is added to ax25_cb in ax25_bind(). When the\nax25 device is detaching, the dev_tracker of ax25_cb should be\ndeallocated in ax25_kill_by_device() instead of the dev_tracker\nof ax25_dev. The log reported by ref_tracker is shown below:\n\n[ 80.884935] ref_tracker: reference already released.\n[ 80.885150] ref_tracker: allocated in:\n[ 80.885349] ax25_dev_device_up+0x105/0x540\n[ 80.885730] ax25_device_event+0xa4/0x420\n[ 80.885730] notifier_call_chain+0xc9/0x1e0\n[ 80.885730] __dev_notify_flags+0x138/0x280\n[ 80.885730] dev_change_flags+0xd7/0x180\n[ 80.885730] dev_ifsioc+0x6a9/0xa30\n[ 80.885730] dev_ioctl+0x4d8/0xd90\n[ 80.885730] sock_do_ioctl+0x1c2/0x2d0\n[ 80.885730] sock_ioctl+0x38b/0x4f0\n[ 80.885730] __se_sys_ioctl+0xad/0xf0\n[ 80.885730] do_syscall_64+0xc4/0x1b0\n[ 80.885730] entry_SYSCALL_64_after_hwframe+0x67/0x6f\n[ 80.885730] ref_tracker: freed in:\n[ 80.885730] ax25_device_event+0x272/0x420\n[ 80.885730] notifier_call_chain+0xc9/0x1e0\n[ 80.885730] dev_close_many+0x272/0x370\n[ 80.885730] unregister_netdevice_many_notify+0x3b5/0x1180\n[ 80.885730] unregister_netdev+0xcf/0x120\n[ 80.885730] sixpack_close+0x11f/0x1b0\n[ 80.885730] tty_ldisc_kill+0xcb/0x190\n[ 80.885730] tty_ldisc_hangup+0x338/0x3d0\n[ 80.885730] __tty_hangup+0x504/0x740\n[ 80.885730] tty_release+0x46e/0xd80\n[ 80.885730] __fput+0x37f/0x770\n[ 80.885730] __x64_sys_close+0x7b/0xb0\n[ 80.885730] do_syscall_64+0xc4/0x1b0\n[ 80.885730] entry_SYSCALL_64_after_hwframe+0x67/0x6f\n[ 80.893739] ------------[ cut here ]------------\n[ 80.894030] WARNING: CPU: 2 PID: 140 at lib/ref_tracker.c:255 ref_tracker_free+0x47b/0x6b0\n[ 80.894297] Modules linked in:\n[ 80.894929] CPU: 2 PID: 140 Comm: ax25_conn_rel_6 Not tainted 6.9.0-rc4-g8cd26fd90c1a #11\n[ 80.895190] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qem4\n[ 80.895514] RIP: 0010:ref_tracker_free+0x47b/0x6b0\n[ 80.895808] Code: 83 c5 18 4c 89 eb 48 c1 eb 03 8a 04 13 84 c0 0f 85 df 01 00 00 41 83 7d 00 00 75 4b 4c 89 ff 9\n[ 80.896171] RSP: 0018:ffff888009edf8c0 EFLAGS: 00000286\n[ 80.896339] RAX: 1ffff1100141ac00 RBX: 1ffff1100149463b RCX: dffffc0000000000\n[ 80.896502] RDX: 0000000000000001 RSI: 0000000000000246 RDI: ffff88800a0d6518\n[ 80.896925] RBP: ffff888009edf9b0 R08: ffff88806d3288d3 R09: 1ffff1100da6511a\n[ 80.897212] R10: dffffc0000000000 R11: ffffed100da6511b R12: ffff88800a4a31d4\n[ 80.897859] R13: ffff88800a4a31d8 R14: dffffc0000000000 R15: ffff88800a0d6518\n[ 80.898279] FS: 00007fd88b7fe700(0000) GS:ffff88806d300000(0000) knlGS:0000000000000000\n[ 80.899436] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 80.900181] CR2: 00007fd88c001d48 CR3: 000000000993e000 CR4: 00000000000006f0\n...\n[ 80.935774] ref_tracker: sp%d@000000000bb9df3d has 1/1 users at\n[ 80.935774] ax25_bind+0x424/0x4e0\n[ 80.935774] __sys_bind+0x1d9/0x270\n[ 80.935774] __x64_sys_bind+0x75/0x80\n[ 80.935774] do_syscall_64+0xc4/0x1b0\n[ 80.935774] entry_SYSCALL_64_after_hwframe+0x67/0x6f\n\nChange ax25_dev-\u003edev_tracker to the dev_tracker of ax25_cb\nin order to mitigate the bug.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/05/30/1", "http://www.openwall.com/lists/oss-security/2024/05/30/2", "https://access.redhat.com/security/cve/CVE-2024-36009", "https://git.kernel.org/linus/467324bcfe1a31ec65d0cf4aa59421d6b7a7d52b (6.9-rc6)", "https://git.kernel.org/stable/c/0d14f104027e30720582448706c7d6b43065c851", "https://git.kernel.org/stable/c/467324bcfe1a31ec65d0cf4aa59421d6b7a7d52b", "https://git.kernel.org/stable/c/4fee8fa86a15d7790268eea458b1aec69c695530", "https://git.kernel.org/stable/c/c42b073d9af4a5329b25b17390c63ab3847f30e8", "https://lore.kernel.org/linux-cve-announce/2024052026-CVE-2024-36009-f213@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-36009", "https://ubuntu.com/security/notices/USN-6949-1", "https://ubuntu.com/security/notices/USN-6949-2", "https://ubuntu.com/security/notices/USN-6952-1", "https://ubuntu.com/security/notices/USN-6952-2", "https://ubuntu.com/security/notices/USN-6955-1", "https://www.cve.org/CVERecord?id=CVE-2024-36009" ], "PublishedDate": "2024-05-20T10:15:14.773Z", "LastModifiedDate": "2025-09-23T18:47:09.183Z" }, { "VulnerabilityID": "CVE-2024-36012", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-36012", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0d372c5905309eb12340969f7990b4312d74eec540d95448d4544ef2f3f2fe90", "Title": "kernel: Bluetooth: msft: fix slab-use-after-free in msft_do_close()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: msft: fix slab-use-after-free in msft_do_close()\n\nTying the msft-\u003edata lifetime to hdev by freeing it in\nhci_release_dev() to fix the following case:\n\n[use]\nmsft_do_close()\n msft = hdev-\u003emsft_data;\n if (!msft) ...(1) \u003c- passed.\n return;\n mutex_lock(\u0026msft-\u003efilter_lock); ...(4) \u003c- used after freed.\n\n[free]\nmsft_unregister()\n msft = hdev-\u003emsft_data;\n hdev-\u003emsft_data = NULL; ...(2)\n kfree(msft); ...(3) \u003c- msft is freed.\n\n==================================================================\nBUG: KASAN: slab-use-after-free in __mutex_lock_common\nkernel/locking/mutex.c:587 [inline]\nBUG: KASAN: slab-use-after-free in __mutex_lock+0x8f/0xc30\nkernel/locking/mutex.c:752\nRead of size 8 at addr ffff888106cbbca8 by task kworker/u5:2/309", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-36012", "https://git.kernel.org/linus/10f9f426ac6e752c8d87bf4346930ba347aaabac (6.9)", "https://git.kernel.org/stable/c/10f9f426ac6e752c8d87bf4346930ba347aaabac", "https://git.kernel.org/stable/c/4f1de02de07748da80a8178879bc7a1df37fdf56", "https://git.kernel.org/stable/c/a85a60e62355e3bf4802dead7938966824b23940", "https://git.kernel.org/stable/c/e3880b531b68f98d3941d83f2f6dd11cf4fd6b76", "https://linux.oracle.com/cve/CVE-2024-36012.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lore.kernel.org/linux-cve-announce/2024052314-CVE-2024-36012-3062@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-36012", "https://ubuntu.com/security/notices/USN-6949-1", "https://ubuntu.com/security/notices/USN-6949-2", "https://ubuntu.com/security/notices/USN-6952-1", "https://ubuntu.com/security/notices/USN-6952-2", "https://ubuntu.com/security/notices/USN-6955-1", "https://www.cve.org/CVERecord?id=CVE-2024-36012" ], "PublishedDate": "2024-05-23T07:15:08.9Z", "LastModifiedDate": "2025-01-06T22:33:55.053Z" }, { "VulnerabilityID": "CVE-2024-36013", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-36013", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:74bd42955ea701963faf182e0c74d3a3addf75a121d9f80accfd4ac1098d8a2f", "Title": "kernel: Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()\n\nExtend a critical section to prevent chan from early freeing.\nAlso make the l2cap_connect() return type void. Nothing is using the\nreturned value but it is ugly to return a potentially freed pointer.\nMaking it void will help with backports because earlier kernels did use\nthe return value. Now the compile will break for kernels where this\npatch is not a complete fix.\n\nCall stack summary:\n\n[use]\nl2cap_bredr_sig_cmd\n l2cap_connect\n ┌ mutex_lock(\u0026conn-\u003echan_lock);\n │ chan = pchan-\u003eops-\u003enew_connection(pchan); \u003c- alloc chan\n │ __l2cap_chan_add(conn, chan);\n │ l2cap_chan_hold(chan);\n │ list_add(\u0026chan-\u003elist, \u0026conn-\u003echan_l); ... (1)\n └ mutex_unlock(\u0026conn-\u003echan_lock);\n chan-\u003econf_state ... (4) \u003c- use after free\n\n[free]\nl2cap_conn_del\n┌ mutex_lock(\u0026conn-\u003echan_lock);\n│ foreach chan in conn-\u003echan_l: ... (2)\n│ l2cap_chan_put(chan);\n│ l2cap_chan_destroy\n│ kfree(chan) ... (3) \u003c- chan freed\n└ mutex_unlock(\u0026conn-\u003echan_lock);\n\n==================================================================\nBUG: KASAN: slab-use-after-free in instrument_atomic_read\ninclude/linux/instrumented.h:68 [inline]\nBUG: KASAN: slab-use-after-free in _test_bit\ninclude/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]\nBUG: KASAN: slab-use-after-free in l2cap_connect+0xa67/0x11a0\nnet/bluetooth/l2cap_core.c:4260\nRead of size 8 at addr ffff88810bf040a0 by task kworker/u3:1/311", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "oracle-oval": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "V3Score": 7.1 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/05/30/1", "http://www.openwall.com/lists/oss-security/2024/05/30/2", "https://access.redhat.com/security/cve/CVE-2024-36013", "https://git.kernel.org/linus/4d7b41c0e43995b0e992b9f8903109275744b658 (6.9)", "https://git.kernel.org/stable/c/4d7b41c0e43995b0e992b9f8903109275744b658", "https://git.kernel.org/stable/c/826af9d2f69567c646ff46d10393d47e30ad23c6", "https://git.kernel.org/stable/c/cfe560c7050bfb37b0d2491bbe7cd8b59e77fdc5", "https://linux.oracle.com/cve/CVE-2024-36013.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lore.kernel.org/linux-cve-announce/2024052314-CVE-2024-36013-0c90@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-36013", "https://ubuntu.com/security/notices/USN-6949-1", "https://ubuntu.com/security/notices/USN-6949-2", "https://ubuntu.com/security/notices/USN-6952-1", "https://ubuntu.com/security/notices/USN-6952-2", "https://ubuntu.com/security/notices/USN-6955-1", "https://www.cve.org/CVERecord?id=CVE-2024-36013" ], "PublishedDate": "2024-05-23T07:15:08.987Z", "LastModifiedDate": "2025-04-01T18:40:46.887Z" }, { "VulnerabilityID": "CVE-2024-36021", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-36021", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0385f1a4c28af7e121a10ffb6421fc60c2cb5bbe3c5f3208c992395174cfbae9", "Title": "kernel: net: hns3: fix kernel crash when devlink reload during pf initialization", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix kernel crash when devlink reload during pf initialization\n\nThe devlink reload process will access the hardware resources,\nbut the register operation is done before the hardware is initialized.\nSo, processing the devlink reload during initialization may lead to kernel\ncrash. This patch fixes this by taking devl_lock during initialization.", "Severity": "MEDIUM", "CweIDs": [ "CWE-908" ], "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-36021", "https://git.kernel.org/linus/93305b77ffcb042f1538ecc383505e87d95aa05a (6.9-rc2)", "https://git.kernel.org/stable/c/1b550dae55901c2cc9075d6a7155a71b4f516e86", "https://git.kernel.org/stable/c/50b69054f455dcdb34bd6b22764c7579b270eef3", "https://git.kernel.org/stable/c/7ca0f73e5e2da3c129935b97f3a0877cce8ebdf5", "https://git.kernel.org/stable/c/93305b77ffcb042f1538ecc383505e87d95aa05a", "https://lore.kernel.org/linux-cve-announce/2024053044-CVE-2024-36021-f196@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-36021", "https://ubuntu.com/security/notices/USN-6893-1", "https://ubuntu.com/security/notices/USN-6893-2", "https://ubuntu.com/security/notices/USN-6893-3", "https://ubuntu.com/security/notices/USN-6918-1", "https://www.cve.org/CVERecord?id=CVE-2024-36021" ], "PublishedDate": "2024-05-30T15:15:49.193Z", "LastModifiedDate": "2025-09-30T17:20:03.93Z" }, { "VulnerabilityID": "CVE-2024-36024", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-36024", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:91d9be2cb68ada7342a92fd5a5fcc6face350049d71ed060b4ee5ff40eac2ded", "Title": "kernel: drm/amd/display: Disable idle reallow as part of command/gpint execution", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Disable idle reallow as part of command/gpint execution\n\n[Why]\nWorkaroud for a race condition where DMCUB is in the process of\ncommitting to IPS1 during the handshake causing us to miss the\ntransition into IPS2 and touch the INBOX1 RPTR causing a HW hang.\n\n[How]\nDisable the reallow to ensure that we have enough of a gap between entry\nand exit and we're not seeing back-to-back wake_and_executes.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-36024", "https://git.kernel.org/linus/6226a5aa77370329e01ee8abe50a95e60618ce97 (6.9-rc1)", "https://git.kernel.org/stable/c/2aac387445610d6dfd681f5214388e86f5677ef7", "https://git.kernel.org/stable/c/6226a5aa77370329e01ee8abe50a95e60618ce97", "https://lore.kernel.org/linux-cve-announce/2024053014-CVE-2024-36024-85b6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-36024", "https://ubuntu.com/security/notices/USN-6893-1", "https://ubuntu.com/security/notices/USN-6893-2", "https://ubuntu.com/security/notices/USN-6893-3", "https://ubuntu.com/security/notices/USN-6918-1", "https://www.cve.org/CVERecord?id=CVE-2024-36024" ], "PublishedDate": "2024-05-30T15:15:49.42Z", "LastModifiedDate": "2025-09-30T17:39:31.13Z" }, { "VulnerabilityID": "CVE-2024-36026", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-36026", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:07eb603048deba4f8df99987f90068ea8c550a40ebec9b45ef47e3c5b5fd41e7", "Title": "kernel: drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11\n\nWhile doing multiple S4 stress tests, GC/RLC/PMFW get into\nan invalid state resulting into hard hangs.\n\nAdding a GFX reset as workaround just before sending the\nMP1_UNLOAD message avoids this failure.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-36026", "https://git.kernel.org/linus/31729e8c21ecfd671458e02b6511eb68c2225113 (6.9-rc4)", "https://git.kernel.org/stable/c/1e3b8874d55c0c28378beb9007494a7a9269a5f5", "https://git.kernel.org/stable/c/31729e8c21ecfd671458e02b6511eb68c2225113", "https://git.kernel.org/stable/c/7521329e54931ede9e042bbf5f4f812b5bc4a01d", "https://git.kernel.org/stable/c/bd9b94055c3deb2398ee4490c1dfdf03f53efb8f", "https://lore.kernel.org/linux-cve-announce/2024053034-CVE-2024-36026-4730@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-36026", "https://ubuntu.com/security/notices/USN-6893-1", "https://ubuntu.com/security/notices/USN-6893-2", "https://ubuntu.com/security/notices/USN-6893-3", "https://ubuntu.com/security/notices/USN-6918-1", "https://www.cve.org/CVERecord?id=CVE-2024-36026" ], "PublishedDate": "2024-05-30T15:15:49.577Z", "LastModifiedDate": "2025-09-30T17:41:33.853Z" }, { "VulnerabilityID": "CVE-2024-36244", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-36244", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2df89282c85d0fef2d51d901b0c2d10f1328f410bbbdb398191ce3108b8ad9a9", "Title": "kernel: net/sched: taprio: extend minimum interval restriction to entire cycle too", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: taprio: extend minimum interval restriction to entire cycle too\n\nIt is possible for syzbot to side-step the restriction imposed by the\nblamed commit in the Fixes: tag, because the taprio UAPI permits a\ncycle-time different from (and potentially shorter than) the sum of\nentry intervals.\n\nWe need one more restriction, which is that the cycle time itself must\nbe larger than N * ETH_ZLEN bit times, where N is the number of schedule\nentries. This restriction needs to apply regardless of whether the cycle\ntime came from the user or was the implicit, auto-calculated value, so\nwe move the existing \"cycle == 0\" check outside the \"if \"(!new-\u003ecycle_time)\"\nbranch. This way covers both conditions and scenarios.\n\nAdd a selftest which illustrates the issue triggered by syzbot.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:8617", "https://access.redhat.com/security/cve/CVE-2024-36244", "https://bugzilla.redhat.com/2268118", "https://bugzilla.redhat.com/2270100", "https://bugzilla.redhat.com/2275604", "https://bugzilla.redhat.com/2277171", "https://bugzilla.redhat.com/2278176", "https://bugzilla.redhat.com/2278235", "https://bugzilla.redhat.com/2282357", "https://bugzilla.redhat.com/2293654", "https://bugzilla.redhat.com/2296067", "https://bugzilla.redhat.com/2297476", "https://bugzilla.redhat.com/2297488", "https://bugzilla.redhat.com/2297515", "https://bugzilla.redhat.com/2297544", "https://bugzilla.redhat.com/2297556", "https://bugzilla.redhat.com/2297561", "https://bugzilla.redhat.com/2297579", "https://bugzilla.redhat.com/2297582", "https://bugzilla.redhat.com/2297589", "https://bugzilla.redhat.com/2300296", "https://bugzilla.redhat.com/2300297", "https://bugzilla.redhat.com/2311715", "https://bugzilla.redhat.com/show_bug.cgi?id=2268118", "https://bugzilla.redhat.com/show_bug.cgi?id=2270100", "https://bugzilla.redhat.com/show_bug.cgi?id=2275604", "https://bugzilla.redhat.com/show_bug.cgi?id=2277171", "https://bugzilla.redhat.com/show_bug.cgi?id=2278176", "https://bugzilla.redhat.com/show_bug.cgi?id=2278235", "https://bugzilla.redhat.com/show_bug.cgi?id=2282357", "https://bugzilla.redhat.com/show_bug.cgi?id=2293654", "https://bugzilla.redhat.com/show_bug.cgi?id=2296067", "https://bugzilla.redhat.com/show_bug.cgi?id=2297476", "https://bugzilla.redhat.com/show_bug.cgi?id=2297488", "https://bugzilla.redhat.com/show_bug.cgi?id=2297515", "https://bugzilla.redhat.com/show_bug.cgi?id=2297544", "https://bugzilla.redhat.com/show_bug.cgi?id=2297556", "https://bugzilla.redhat.com/show_bug.cgi?id=2297561", "https://bugzilla.redhat.com/show_bug.cgi?id=2297579", "https://bugzilla.redhat.com/show_bug.cgi?id=2297582", "https://bugzilla.redhat.com/show_bug.cgi?id=2297589", "https://bugzilla.redhat.com/show_bug.cgi?id=2300296", "https://bugzilla.redhat.com/show_bug.cgi?id=2300297", "https://bugzilla.redhat.com/show_bug.cgi?id=2311715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47383", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26923", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26935", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36244", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39504", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40904", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40931", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40960", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40972", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40977", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40995", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40998", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41005", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41013", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43854", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45018", "https://errata.almalinux.org/9/ALSA-2024-8617.html", "https://errata.rockylinux.org/RLSA-2024:8617", "https://git.kernel.org/linus/fb66df20a7201e60f2b13d7f95d031b31a8831d3 (6.10-rc2)", "https://git.kernel.org/stable/c/34d83c3e6e97867ae061d14eb52123404aab1cbc", "https://git.kernel.org/stable/c/91f249b01fe490fce11fbb4307952ca8cce78724", "https://git.kernel.org/stable/c/b939d1e04a90248b4cdf417b0969c270ceb992b2", "https://git.kernel.org/stable/c/fb66df20a7201e60f2b13d7f95d031b31a8831d3", "https://linux.oracle.com/cve/CVE-2024-36244.html", "https://linux.oracle.com/errata/ELSA-2024-8617.html", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024062134-CVE-2024-36244-f88f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-36244", "https://ubuntu.com/security/notices/USN-6999-1", "https://ubuntu.com/security/notices/USN-6999-2", "https://ubuntu.com/security/notices/USN-7004-1", "https://ubuntu.com/security/notices/USN-7005-1", "https://ubuntu.com/security/notices/USN-7005-2", "https://ubuntu.com/security/notices/USN-7008-1", "https://ubuntu.com/security/notices/USN-7029-1", "https://www.cve.org/CVERecord?id=CVE-2024-36244" ], "PublishedDate": "2024-06-21T11:15:09.957Z", "LastModifiedDate": "2025-11-03T22:16:57.53Z" }, { "VulnerabilityID": "CVE-2024-36331", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-36331", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e0917700acaa5be745ba35d7df163dfab9f7bd56ffe236163d455f27bbabaa40", "Title": "Improper initialization of CPU cache memory could allow a privileged a ...", "Description": "Improper initialization of CPU cache memory could allow a privileged attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity.", "Severity": "MEDIUM", "CweIDs": [ "CWE-665" ], "VendorSeverity": { "oracle-oval": 3, "ubuntu": 2 }, "References": [ "https://git.kernel.org/linus/7b306dfa326f70114312b320d083b21fa9481e1e", "https://linux.oracle.com/cve/CVE-2024-36331.html", "https://linux.oracle.com/errata/ELSA-2025-28047.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://ubuntu.com/security/notices/USN-7879-1", "https://ubuntu.com/security/notices/USN-7879-2", "https://ubuntu.com/security/notices/USN-7879-3", "https://ubuntu.com/security/notices/USN-7879-4", "https://ubuntu.com/security/notices/USN-7880-1", "https://ubuntu.com/security/notices/USN-7934-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3014.html", "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-5007.html", "https://www.cve.org/CVERecord?id=CVE-2024-36331" ], "PublishedDate": "2025-09-06T18:15:39.623Z", "LastModifiedDate": "2025-11-03T18:15:41.813Z" }, { "VulnerabilityID": "CVE-2024-36347", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-36347", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f6ce55782eaef4a9b56982abe78d2fe267f085d85ea01e67ef514ebe12bf851f", "Title": "kernel: hw:amd: Improper signature verification in AMD CPU ROM microcode patch loader", "Description": "Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged context and compromise of SMM execution environment.", "Severity": "MEDIUM", "CweIDs": [ "CWE-347" ], "VendorSeverity": { "redhat": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-36347", "https://bughunters.google.com/blog/5424842357473280/zen-and-the-art-of-microcode-hacking", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099830#26", "https://git.kernel.org/linus/bb2281fb05e50108ce95c43ab7e701ee564565c8", "https://github.com/google/security-research/security/advisories/GHSA-4xq7-4mgh-gp6w", "https://nvd.nist.gov/vuln/detail/CVE-2024-36347", "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html", "https://www.cve.org/CVERecord?id=CVE-2024-36347", "https://www.openwall.com/lists/oss-security/2025/03/05/3" ], "PublishedDate": "2025-06-27T23:15:26.037Z", "LastModifiedDate": "2025-06-30T18:38:23.493Z" }, { "VulnerabilityID": "CVE-2024-36350", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-36350", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:424ced11bd4ce1d67038e87a4e88c578db82d86077b8637141a6a19db455a1ac", "Title": "kernel: information leak via transient execution vulnerability in some AMD processors", "Description": "A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "oracle-oval": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "V3Score": 5.6 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/08/28/2", "http://xenbits.xen.org/xsa/advisory-471.html", "https://access.redhat.com/errata/RHSA-2025:20518", "https://access.redhat.com/security/cve/CVE-2024-36350", "https://aka.ms/enter-exit-leak", "https://bugzilla.redhat.com/2298169", "https://bugzilla.redhat.com/2312077", "https://bugzilla.redhat.com/2313092", "https://bugzilla.redhat.com/2320172", "https://bugzilla.redhat.com/2320259", "https://bugzilla.redhat.com/2320455", "https://bugzilla.redhat.com/2320616", "https://bugzilla.redhat.com/2320722", "https://bugzilla.redhat.com/2324549", "https://bugzilla.redhat.com/2327203", "https://bugzilla.redhat.com/2327374", "https://bugzilla.redhat.com/2327887", "https://bugzilla.redhat.com/2329918", "https://bugzilla.redhat.com/2330341", "https://bugzilla.redhat.com/2331326", "https://bugzilla.redhat.com/2334357", "https://bugzilla.redhat.com/2334396", "https://bugzilla.redhat.com/2334415", "https://bugzilla.redhat.com/2334439", "https://bugzilla.redhat.com/2334537", "https://bugzilla.redhat.com/2334547", "https://bugzilla.redhat.com/2334548", "https://bugzilla.redhat.com/2334560", "https://bugzilla.redhat.com/2334676", "https://bugzilla.redhat.com/2334795", "https://bugzilla.redhat.com/2334829", "https://bugzilla.redhat.com/2336541", "https://bugzilla.redhat.com/2337121", "https://bugzilla.redhat.com/2337124", "https://bugzilla.redhat.com/2338814", "https://bugzilla.redhat.com/2338828", "https://bugzilla.redhat.com/2338832", "https://bugzilla.redhat.com/2343172", "https://bugzilla.redhat.com/2343175", "https://bugzilla.redhat.com/2344684", "https://bugzilla.redhat.com/2344687", "https://bugzilla.redhat.com/2345240", "https://bugzilla.redhat.com/2346272", "https://bugzilla.redhat.com/2347707", "https://bugzilla.redhat.com/2347753", "https://bugzilla.redhat.com/2347759", "https://bugzilla.redhat.com/2347781", "https://bugzilla.redhat.com/2347807", "https://bugzilla.redhat.com/2347859", "https://bugzilla.redhat.com/2347919", "https://bugzilla.redhat.com/2347968", "https://bugzilla.redhat.com/2348022", "https://bugzilla.redhat.com/2348071", "https://bugzilla.redhat.com/2348238", "https://bugzilla.redhat.com/2348240", "https://bugzilla.redhat.com/2348279", "https://bugzilla.redhat.com/2348515", "https://bugzilla.redhat.com/2348523", "https://bugzilla.redhat.com/2348528", "https://bugzilla.redhat.com/2348541", "https://bugzilla.redhat.com/2348543", "https://bugzilla.redhat.com/2348547", "https://bugzilla.redhat.com/2348550", "https://bugzilla.redhat.com/2348554", "https://bugzilla.redhat.com/2348556", "https://bugzilla.redhat.com/2348566", "https://bugzilla.redhat.com/2348573", "https://bugzilla.redhat.com/2348574", "https://bugzilla.redhat.com/2348577", "https://bugzilla.redhat.com/2348578", "https://bugzilla.redhat.com/2348581", "https://bugzilla.redhat.com/2348584", "https://bugzilla.redhat.com/2348585", "https://bugzilla.redhat.com/2348587", "https://bugzilla.redhat.com/2348595", "https://bugzilla.redhat.com/2348597", "https://bugzilla.redhat.com/2348600", "https://bugzilla.redhat.com/2348601", "https://bugzilla.redhat.com/2348615", "https://bugzilla.redhat.com/2348620", "https://bugzilla.redhat.com/2348625", "https://bugzilla.redhat.com/2348634", "https://bugzilla.redhat.com/2348645", "https://bugzilla.redhat.com/2348650", "https://bugzilla.redhat.com/2348654", "https://bugzilla.redhat.com/2348901", "https://bugzilla.redhat.com/2350363", "https://bugzilla.redhat.com/2350367", "https://bugzilla.redhat.com/2350374", "https://bugzilla.redhat.com/2350375", "https://bugzilla.redhat.com/2350386", "https://bugzilla.redhat.com/2350388", "https://bugzilla.redhat.com/2350392", "https://bugzilla.redhat.com/2350396", "https://bugzilla.redhat.com/2350397", "https://bugzilla.redhat.com/2350400", "https://bugzilla.redhat.com/2350585", "https://bugzilla.redhat.com/2350589", "https://bugzilla.redhat.com/2350725", "https://bugzilla.redhat.com/2350726", "https://bugzilla.redhat.com/2351606", "https://bugzilla.redhat.com/2351608", "https://bugzilla.redhat.com/2351612", "https://bugzilla.redhat.com/2351613", "https://bugzilla.redhat.com/2351616", "https://bugzilla.redhat.com/2351618", "https://bugzilla.redhat.com/2351620", "https://bugzilla.redhat.com/2351624", "https://bugzilla.redhat.com/2351625", "https://bugzilla.redhat.com/2351629", "https://bugzilla.redhat.com/2351633", "https://bugzilla.redhat.com/2360215", "https://bugzilla.redhat.com/2363380", "https://bugzilla.redhat.com/2369184", "https://bugzilla.redhat.com/2376076", "https://bugzilla.redhat.com/2383441", "https://bugzilla.redhat.com/show_bug.cgi?id=2298169", "https://bugzilla.redhat.com/show_bug.cgi?id=2312077", "https://bugzilla.redhat.com/show_bug.cgi?id=2313092", "https://bugzilla.redhat.com/show_bug.cgi?id=2320172", "https://bugzilla.redhat.com/show_bug.cgi?id=2320259", "https://bugzilla.redhat.com/show_bug.cgi?id=2320455", "https://bugzilla.redhat.com/show_bug.cgi?id=2320616", "https://bugzilla.redhat.com/show_bug.cgi?id=2320722", "https://bugzilla.redhat.com/show_bug.cgi?id=2324549", "https://bugzilla.redhat.com/show_bug.cgi?id=2327203", "https://bugzilla.redhat.com/show_bug.cgi?id=2327374", "https://bugzilla.redhat.com/show_bug.cgi?id=2327887", "https://bugzilla.redhat.com/show_bug.cgi?id=2329918", "https://bugzilla.redhat.com/show_bug.cgi?id=2330341", "https://bugzilla.redhat.com/show_bug.cgi?id=2331326", "https://bugzilla.redhat.com/show_bug.cgi?id=2334357", "https://bugzilla.redhat.com/show_bug.cgi?id=2334396", "https://bugzilla.redhat.com/show_bug.cgi?id=2334415", "https://bugzilla.redhat.com/show_bug.cgi?id=2334439", "https://bugzilla.redhat.com/show_bug.cgi?id=2334537", "https://bugzilla.redhat.com/show_bug.cgi?id=2334547", "https://bugzilla.redhat.com/show_bug.cgi?id=2334548", "https://bugzilla.redhat.com/show_bug.cgi?id=2334560", "https://bugzilla.redhat.com/show_bug.cgi?id=2334676", "https://bugzilla.redhat.com/show_bug.cgi?id=2334795", "https://bugzilla.redhat.com/show_bug.cgi?id=2334829", "https://bugzilla.redhat.com/show_bug.cgi?id=2336541", "https://bugzilla.redhat.com/show_bug.cgi?id=2337121", "https://bugzilla.redhat.com/show_bug.cgi?id=2337124", "https://bugzilla.redhat.com/show_bug.cgi?id=2338814", "https://bugzilla.redhat.com/show_bug.cgi?id=2338828", "https://bugzilla.redhat.com/show_bug.cgi?id=2338832", "https://bugzilla.redhat.com/show_bug.cgi?id=2343172", "https://bugzilla.redhat.com/show_bug.cgi?id=2343175", "https://bugzilla.redhat.com/show_bug.cgi?id=2344684", "https://bugzilla.redhat.com/show_bug.cgi?id=2344687", "https://bugzilla.redhat.com/show_bug.cgi?id=2345240", "https://bugzilla.redhat.com/show_bug.cgi?id=2346272", "https://bugzilla.redhat.com/show_bug.cgi?id=2347707", "https://bugzilla.redhat.com/show_bug.cgi?id=2347753", "https://bugzilla.redhat.com/show_bug.cgi?id=2347759", "https://bugzilla.redhat.com/show_bug.cgi?id=2347781", "https://bugzilla.redhat.com/show_bug.cgi?id=2347807", "https://bugzilla.redhat.com/show_bug.cgi?id=2347859", "https://bugzilla.redhat.com/show_bug.cgi?id=2347919", "https://bugzilla.redhat.com/show_bug.cgi?id=2347968", "https://bugzilla.redhat.com/show_bug.cgi?id=2348022", "https://bugzilla.redhat.com/show_bug.cgi?id=2348071", "https://bugzilla.redhat.com/show_bug.cgi?id=2348238", "https://bugzilla.redhat.com/show_bug.cgi?id=2348240", "https://bugzilla.redhat.com/show_bug.cgi?id=2348279", "https://bugzilla.redhat.com/show_bug.cgi?id=2348515", "https://bugzilla.redhat.com/show_bug.cgi?id=2348523", "https://bugzilla.redhat.com/show_bug.cgi?id=2348528", "https://bugzilla.redhat.com/show_bug.cgi?id=2348541", "https://bugzilla.redhat.com/show_bug.cgi?id=2348543", "https://bugzilla.redhat.com/show_bug.cgi?id=2348547", "https://bugzilla.redhat.com/show_bug.cgi?id=2348550", "https://bugzilla.redhat.com/show_bug.cgi?id=2348554", "https://bugzilla.redhat.com/show_bug.cgi?id=2348556", "https://bugzilla.redhat.com/show_bug.cgi?id=2348566", "https://bugzilla.redhat.com/show_bug.cgi?id=2348573", "https://bugzilla.redhat.com/show_bug.cgi?id=2348574", "https://bugzilla.redhat.com/show_bug.cgi?id=2348577", "https://bugzilla.redhat.com/show_bug.cgi?id=2348578", "https://bugzilla.redhat.com/show_bug.cgi?id=2348581", "https://bugzilla.redhat.com/show_bug.cgi?id=2348584", "https://bugzilla.redhat.com/show_bug.cgi?id=2348585", "https://bugzilla.redhat.com/show_bug.cgi?id=2348587", "https://bugzilla.redhat.com/show_bug.cgi?id=2348595", "https://bugzilla.redhat.com/show_bug.cgi?id=2348597", "https://bugzilla.redhat.com/show_bug.cgi?id=2348600", "https://bugzilla.redhat.com/show_bug.cgi?id=2348601", "https://bugzilla.redhat.com/show_bug.cgi?id=2348615", "https://bugzilla.redhat.com/show_bug.cgi?id=2348620", "https://bugzilla.redhat.com/show_bug.cgi?id=2348625", "https://bugzilla.redhat.com/show_bug.cgi?id=2348634", "https://bugzilla.redhat.com/show_bug.cgi?id=2348645", "https://bugzilla.redhat.com/show_bug.cgi?id=2348650", "https://bugzilla.redhat.com/show_bug.cgi?id=2348654", "https://bugzilla.redhat.com/show_bug.cgi?id=2348901", "https://bugzilla.redhat.com/show_bug.cgi?id=2350363", "https://bugzilla.redhat.com/show_bug.cgi?id=2350367", "https://bugzilla.redhat.com/show_bug.cgi?id=2350374", "https://bugzilla.redhat.com/show_bug.cgi?id=2350375", "https://bugzilla.redhat.com/show_bug.cgi?id=2350386", "https://bugzilla.redhat.com/show_bug.cgi?id=2350388", "https://bugzilla.redhat.com/show_bug.cgi?id=2350392", "https://bugzilla.redhat.com/show_bug.cgi?id=2350396", "https://bugzilla.redhat.com/show_bug.cgi?id=2350397", "https://bugzilla.redhat.com/show_bug.cgi?id=2350400", "https://bugzilla.redhat.com/show_bug.cgi?id=2350585", "https://bugzilla.redhat.com/show_bug.cgi?id=2350589", "https://bugzilla.redhat.com/show_bug.cgi?id=2350725", "https://bugzilla.redhat.com/show_bug.cgi?id=2350726", "https://bugzilla.redhat.com/show_bug.cgi?id=2351606", "https://bugzilla.redhat.com/show_bug.cgi?id=2351608", "https://bugzilla.redhat.com/show_bug.cgi?id=2351612", "https://bugzilla.redhat.com/show_bug.cgi?id=2351613", "https://bugzilla.redhat.com/show_bug.cgi?id=2351616", "https://bugzilla.redhat.com/show_bug.cgi?id=2351618", "https://bugzilla.redhat.com/show_bug.cgi?id=2351620", "https://bugzilla.redhat.com/show_bug.cgi?id=2351624", "https://bugzilla.redhat.com/show_bug.cgi?id=2351625", "https://bugzilla.redhat.com/show_bug.cgi?id=2351629", "https://bugzilla.redhat.com/show_bug.cgi?id=2351633", "https://bugzilla.redhat.com/show_bug.cgi?id=2356647", "https://bugzilla.redhat.com/show_bug.cgi?id=2360215", "https://bugzilla.redhat.com/show_bug.cgi?id=2360223", "https://bugzilla.redhat.com/show_bug.cgi?id=2363380", "https://bugzilla.redhat.com/show_bug.cgi?id=2369184", "https://bugzilla.redhat.com/show_bug.cgi?id=2376076", "https://bugzilla.redhat.com/show_bug.cgi?id=2383441", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48830", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49024", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49269", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49353", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49432", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49437", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49443", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49623", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49627", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49643", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49657", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49670", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49845", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36350", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46744", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47679", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47727", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49570", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50060", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50195", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50294", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52332", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53052", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53090", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53119", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53135", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53170", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53229", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53241", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53680", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54456", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56603", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56645", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56662", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56690", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56709", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57981", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57986", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57987", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57988", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57990", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57993", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57995", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57998", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58012", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58015", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58057", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58062", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58068", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58072", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58075", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58077", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58083", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58088", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21647", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21671", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21693", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21696", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21702", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21714", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21728", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21738", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21745", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21746", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21765", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21787", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21806", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21828", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21829", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21837", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21839", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21844", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21846", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21848", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21851", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21855", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21861", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21863", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21902", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37994", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38116", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38396", "https://errata.almalinux.org/9/ALSA-2025-20518.html", "https://errata.rockylinux.org/RLSA-2025:20518", "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6e9128ff9d8113ef208e5ec82573b96ead100072", "https://linux.oracle.com/cve/CVE-2024-36350.html", "https://linux.oracle.com/errata/ELSA-2025-20551.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-36350", "https://ubuntu.com/security/notices/USN-7833-1", "https://ubuntu.com/security/notices/USN-7833-2", "https://ubuntu.com/security/notices/USN-7833-3", "https://ubuntu.com/security/notices/USN-7833-4", "https://ubuntu.com/security/notices/USN-7834-1", "https://ubuntu.com/security/notices/USN-7848-1", "https://ubuntu.com/security/notices/USN-7856-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.amd.com/content/dam/amd/en/documents/resources/bulletin/technical-guidance-for-mitigating-transient-scheduler-attacks.pdf", "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7029.html", "https://www.cve.org/CVERecord?id=CVE-2024-36350", "https://www.microsoft.com/en-us/research/wp-content/uploads/2025/07/Enter-Exit-SP26.pdf", "https://xenbits.xen.org/xsa/advisory-471.html" ], "PublishedDate": "2025-07-08T17:15:31.563Z", "LastModifiedDate": "2025-11-04T22:16:02.21Z" }, { "VulnerabilityID": "CVE-2024-36357", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-36357", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2c3266cf48444cf21da3f30a6247355e8d63e905f3af057bcf506c3f190b05cc", "Title": "kernel: transient execution vulnerability in some AMD processors", "Description": "A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "oracle-oval": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "V3Score": 5.6 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/08/28/2", "http://xenbits.xen.org/xsa/advisory-471.html", "https://access.redhat.com/errata/RHSA-2025:20518", "https://access.redhat.com/security/cve/CVE-2024-36357", "https://aka.ms/enter-exit-leak", "https://bugzilla.redhat.com/2298169", "https://bugzilla.redhat.com/2312077", "https://bugzilla.redhat.com/2313092", "https://bugzilla.redhat.com/2320172", "https://bugzilla.redhat.com/2320259", "https://bugzilla.redhat.com/2320455", "https://bugzilla.redhat.com/2320616", "https://bugzilla.redhat.com/2320722", "https://bugzilla.redhat.com/2324549", "https://bugzilla.redhat.com/2327203", "https://bugzilla.redhat.com/2327374", "https://bugzilla.redhat.com/2327887", "https://bugzilla.redhat.com/2329918", "https://bugzilla.redhat.com/2330341", "https://bugzilla.redhat.com/2331326", "https://bugzilla.redhat.com/2334357", "https://bugzilla.redhat.com/2334396", "https://bugzilla.redhat.com/2334415", "https://bugzilla.redhat.com/2334439", "https://bugzilla.redhat.com/2334537", "https://bugzilla.redhat.com/2334547", "https://bugzilla.redhat.com/2334548", "https://bugzilla.redhat.com/2334560", "https://bugzilla.redhat.com/2334676", "https://bugzilla.redhat.com/2334795", "https://bugzilla.redhat.com/2334829", "https://bugzilla.redhat.com/2336541", "https://bugzilla.redhat.com/2337121", "https://bugzilla.redhat.com/2337124", "https://bugzilla.redhat.com/2338814", "https://bugzilla.redhat.com/2338828", "https://bugzilla.redhat.com/2338832", "https://bugzilla.redhat.com/2343172", "https://bugzilla.redhat.com/2343175", "https://bugzilla.redhat.com/2344684", "https://bugzilla.redhat.com/2344687", "https://bugzilla.redhat.com/2345240", "https://bugzilla.redhat.com/2346272", "https://bugzilla.redhat.com/2347707", "https://bugzilla.redhat.com/2347753", "https://bugzilla.redhat.com/2347759", "https://bugzilla.redhat.com/2347781", "https://bugzilla.redhat.com/2347807", "https://bugzilla.redhat.com/2347859", "https://bugzilla.redhat.com/2347919", "https://bugzilla.redhat.com/2347968", "https://bugzilla.redhat.com/2348022", "https://bugzilla.redhat.com/2348071", "https://bugzilla.redhat.com/2348238", "https://bugzilla.redhat.com/2348240", "https://bugzilla.redhat.com/2348279", "https://bugzilla.redhat.com/2348515", "https://bugzilla.redhat.com/2348523", "https://bugzilla.redhat.com/2348528", "https://bugzilla.redhat.com/2348541", "https://bugzilla.redhat.com/2348543", "https://bugzilla.redhat.com/2348547", "https://bugzilla.redhat.com/2348550", "https://bugzilla.redhat.com/2348554", "https://bugzilla.redhat.com/2348556", "https://bugzilla.redhat.com/2348566", "https://bugzilla.redhat.com/2348573", "https://bugzilla.redhat.com/2348574", "https://bugzilla.redhat.com/2348577", "https://bugzilla.redhat.com/2348578", "https://bugzilla.redhat.com/2348581", "https://bugzilla.redhat.com/2348584", "https://bugzilla.redhat.com/2348585", "https://bugzilla.redhat.com/2348587", "https://bugzilla.redhat.com/2348595", "https://bugzilla.redhat.com/2348597", "https://bugzilla.redhat.com/2348600", "https://bugzilla.redhat.com/2348601", "https://bugzilla.redhat.com/2348615", "https://bugzilla.redhat.com/2348620", "https://bugzilla.redhat.com/2348625", "https://bugzilla.redhat.com/2348634", "https://bugzilla.redhat.com/2348645", "https://bugzilla.redhat.com/2348650", "https://bugzilla.redhat.com/2348654", "https://bugzilla.redhat.com/2348901", "https://bugzilla.redhat.com/2350363", "https://bugzilla.redhat.com/2350367", "https://bugzilla.redhat.com/2350374", "https://bugzilla.redhat.com/2350375", "https://bugzilla.redhat.com/2350386", "https://bugzilla.redhat.com/2350388", "https://bugzilla.redhat.com/2350392", "https://bugzilla.redhat.com/2350396", "https://bugzilla.redhat.com/2350397", "https://bugzilla.redhat.com/2350400", "https://bugzilla.redhat.com/2350585", "https://bugzilla.redhat.com/2350589", "https://bugzilla.redhat.com/2350725", "https://bugzilla.redhat.com/2350726", "https://bugzilla.redhat.com/2351606", "https://bugzilla.redhat.com/2351608", "https://bugzilla.redhat.com/2351612", "https://bugzilla.redhat.com/2351613", "https://bugzilla.redhat.com/2351616", "https://bugzilla.redhat.com/2351618", "https://bugzilla.redhat.com/2351620", "https://bugzilla.redhat.com/2351624", "https://bugzilla.redhat.com/2351625", "https://bugzilla.redhat.com/2351629", "https://bugzilla.redhat.com/2351633", "https://bugzilla.redhat.com/2360215", "https://bugzilla.redhat.com/2363380", "https://bugzilla.redhat.com/2369184", "https://bugzilla.redhat.com/2376076", "https://bugzilla.redhat.com/2383441", "https://bugzilla.redhat.com/show_bug.cgi?id=2298169", "https://bugzilla.redhat.com/show_bug.cgi?id=2312077", "https://bugzilla.redhat.com/show_bug.cgi?id=2313092", "https://bugzilla.redhat.com/show_bug.cgi?id=2320172", "https://bugzilla.redhat.com/show_bug.cgi?id=2320259", "https://bugzilla.redhat.com/show_bug.cgi?id=2320455", "https://bugzilla.redhat.com/show_bug.cgi?id=2320616", "https://bugzilla.redhat.com/show_bug.cgi?id=2320722", "https://bugzilla.redhat.com/show_bug.cgi?id=2324549", "https://bugzilla.redhat.com/show_bug.cgi?id=2327203", "https://bugzilla.redhat.com/show_bug.cgi?id=2327374", "https://bugzilla.redhat.com/show_bug.cgi?id=2327887", "https://bugzilla.redhat.com/show_bug.cgi?id=2329918", "https://bugzilla.redhat.com/show_bug.cgi?id=2330341", "https://bugzilla.redhat.com/show_bug.cgi?id=2331326", "https://bugzilla.redhat.com/show_bug.cgi?id=2334357", "https://bugzilla.redhat.com/show_bug.cgi?id=2334396", "https://bugzilla.redhat.com/show_bug.cgi?id=2334415", "https://bugzilla.redhat.com/show_bug.cgi?id=2334439", "https://bugzilla.redhat.com/show_bug.cgi?id=2334537", "https://bugzilla.redhat.com/show_bug.cgi?id=2334547", "https://bugzilla.redhat.com/show_bug.cgi?id=2334548", "https://bugzilla.redhat.com/show_bug.cgi?id=2334560", "https://bugzilla.redhat.com/show_bug.cgi?id=2334676", "https://bugzilla.redhat.com/show_bug.cgi?id=2334795", "https://bugzilla.redhat.com/show_bug.cgi?id=2334829", "https://bugzilla.redhat.com/show_bug.cgi?id=2336541", "https://bugzilla.redhat.com/show_bug.cgi?id=2337121", "https://bugzilla.redhat.com/show_bug.cgi?id=2337124", "https://bugzilla.redhat.com/show_bug.cgi?id=2338814", "https://bugzilla.redhat.com/show_bug.cgi?id=2338828", "https://bugzilla.redhat.com/show_bug.cgi?id=2338832", "https://bugzilla.redhat.com/show_bug.cgi?id=2343172", "https://bugzilla.redhat.com/show_bug.cgi?id=2343175", "https://bugzilla.redhat.com/show_bug.cgi?id=2344684", "https://bugzilla.redhat.com/show_bug.cgi?id=2344687", "https://bugzilla.redhat.com/show_bug.cgi?id=2345240", "https://bugzilla.redhat.com/show_bug.cgi?id=2346272", "https://bugzilla.redhat.com/show_bug.cgi?id=2347707", "https://bugzilla.redhat.com/show_bug.cgi?id=2347753", "https://bugzilla.redhat.com/show_bug.cgi?id=2347759", "https://bugzilla.redhat.com/show_bug.cgi?id=2347781", "https://bugzilla.redhat.com/show_bug.cgi?id=2347807", "https://bugzilla.redhat.com/show_bug.cgi?id=2347859", "https://bugzilla.redhat.com/show_bug.cgi?id=2347919", "https://bugzilla.redhat.com/show_bug.cgi?id=2347968", "https://bugzilla.redhat.com/show_bug.cgi?id=2348022", "https://bugzilla.redhat.com/show_bug.cgi?id=2348071", "https://bugzilla.redhat.com/show_bug.cgi?id=2348238", "https://bugzilla.redhat.com/show_bug.cgi?id=2348240", "https://bugzilla.redhat.com/show_bug.cgi?id=2348279", "https://bugzilla.redhat.com/show_bug.cgi?id=2348515", "https://bugzilla.redhat.com/show_bug.cgi?id=2348523", "https://bugzilla.redhat.com/show_bug.cgi?id=2348528", "https://bugzilla.redhat.com/show_bug.cgi?id=2348541", "https://bugzilla.redhat.com/show_bug.cgi?id=2348543", "https://bugzilla.redhat.com/show_bug.cgi?id=2348547", "https://bugzilla.redhat.com/show_bug.cgi?id=2348550", "https://bugzilla.redhat.com/show_bug.cgi?id=2348554", "https://bugzilla.redhat.com/show_bug.cgi?id=2348556", "https://bugzilla.redhat.com/show_bug.cgi?id=2348566", "https://bugzilla.redhat.com/show_bug.cgi?id=2348573", "https://bugzilla.redhat.com/show_bug.cgi?id=2348574", "https://bugzilla.redhat.com/show_bug.cgi?id=2348577", "https://bugzilla.redhat.com/show_bug.cgi?id=2348578", "https://bugzilla.redhat.com/show_bug.cgi?id=2348581", "https://bugzilla.redhat.com/show_bug.cgi?id=2348584", "https://bugzilla.redhat.com/show_bug.cgi?id=2348585", "https://bugzilla.redhat.com/show_bug.cgi?id=2348587", "https://bugzilla.redhat.com/show_bug.cgi?id=2348595", "https://bugzilla.redhat.com/show_bug.cgi?id=2348597", "https://bugzilla.redhat.com/show_bug.cgi?id=2348600", "https://bugzilla.redhat.com/show_bug.cgi?id=2348601", "https://bugzilla.redhat.com/show_bug.cgi?id=2348615", "https://bugzilla.redhat.com/show_bug.cgi?id=2348620", "https://bugzilla.redhat.com/show_bug.cgi?id=2348625", "https://bugzilla.redhat.com/show_bug.cgi?id=2348634", "https://bugzilla.redhat.com/show_bug.cgi?id=2348645", "https://bugzilla.redhat.com/show_bug.cgi?id=2348650", "https://bugzilla.redhat.com/show_bug.cgi?id=2348654", "https://bugzilla.redhat.com/show_bug.cgi?id=2348901", "https://bugzilla.redhat.com/show_bug.cgi?id=2350363", "https://bugzilla.redhat.com/show_bug.cgi?id=2350367", "https://bugzilla.redhat.com/show_bug.cgi?id=2350374", "https://bugzilla.redhat.com/show_bug.cgi?id=2350375", "https://bugzilla.redhat.com/show_bug.cgi?id=2350386", "https://bugzilla.redhat.com/show_bug.cgi?id=2350388", "https://bugzilla.redhat.com/show_bug.cgi?id=2350392", "https://bugzilla.redhat.com/show_bug.cgi?id=2350396", "https://bugzilla.redhat.com/show_bug.cgi?id=2350397", "https://bugzilla.redhat.com/show_bug.cgi?id=2350400", "https://bugzilla.redhat.com/show_bug.cgi?id=2350585", "https://bugzilla.redhat.com/show_bug.cgi?id=2350589", "https://bugzilla.redhat.com/show_bug.cgi?id=2350725", "https://bugzilla.redhat.com/show_bug.cgi?id=2350726", "https://bugzilla.redhat.com/show_bug.cgi?id=2351606", "https://bugzilla.redhat.com/show_bug.cgi?id=2351608", "https://bugzilla.redhat.com/show_bug.cgi?id=2351612", "https://bugzilla.redhat.com/show_bug.cgi?id=2351613", "https://bugzilla.redhat.com/show_bug.cgi?id=2351616", "https://bugzilla.redhat.com/show_bug.cgi?id=2351618", "https://bugzilla.redhat.com/show_bug.cgi?id=2351620", "https://bugzilla.redhat.com/show_bug.cgi?id=2351624", "https://bugzilla.redhat.com/show_bug.cgi?id=2351625", "https://bugzilla.redhat.com/show_bug.cgi?id=2351629", "https://bugzilla.redhat.com/show_bug.cgi?id=2351633", "https://bugzilla.redhat.com/show_bug.cgi?id=2356647", "https://bugzilla.redhat.com/show_bug.cgi?id=2360215", "https://bugzilla.redhat.com/show_bug.cgi?id=2360223", "https://bugzilla.redhat.com/show_bug.cgi?id=2363380", "https://bugzilla.redhat.com/show_bug.cgi?id=2369184", "https://bugzilla.redhat.com/show_bug.cgi?id=2376076", "https://bugzilla.redhat.com/show_bug.cgi?id=2383441", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48830", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49024", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49269", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49353", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49432", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49437", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49443", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49623", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49627", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49643", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49657", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49670", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49845", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36350", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46744", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47679", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47727", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49570", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50060", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50195", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50294", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52332", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53052", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53090", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53119", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53135", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53170", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53229", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53241", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53680", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54456", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56603", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56645", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56662", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56690", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56709", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57981", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57986", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57987", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57988", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57990", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57993", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57995", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57998", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58012", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58015", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58057", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58062", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58068", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58072", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58075", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58077", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58083", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58088", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21647", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21671", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21693", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21696", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21702", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21714", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21728", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21738", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21745", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21746", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21765", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21787", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21806", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21828", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21829", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21837", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21839", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21844", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21846", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21848", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21851", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21855", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21861", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21863", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21902", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37994", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38116", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38396", "https://errata.almalinux.org/9/ALSA-2025-20518.html", "https://errata.rockylinux.org/RLSA-2025:20518", "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6e9128ff9d8113ef208e5ec82573b96ead100072", "https://gitlab.com/kernel-firmware/linux-firmware/-/commit/99d64b4f788c16e81b6550ef94f43c6b91cfad2d", "https://linux.oracle.com/cve/CVE-2024-36357.html", "https://linux.oracle.com/errata/ELSA-2025-20551.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-36357", "https://ubuntu.com/security/notices/USN-7833-1", "https://ubuntu.com/security/notices/USN-7833-2", "https://ubuntu.com/security/notices/USN-7833-3", "https://ubuntu.com/security/notices/USN-7833-4", "https://ubuntu.com/security/notices/USN-7834-1", "https://ubuntu.com/security/notices/USN-7848-1", "https://ubuntu.com/security/notices/USN-7856-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.amd.com/content/dam/amd/en/documents/resources/bulletin/technical-guidance-for-mitigating-transient-scheduler-attacks.pdf", "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7029.html", "https://www.cve.org/CVERecord?id=CVE-2024-36357", "https://www.microsoft.com/en-us/research/wp-content/uploads/2025/07/Enter-Exit-SP26.pdf", "https://xenbits.xen.org/xsa/advisory-471.html" ], "PublishedDate": "2025-07-08T17:15:31.723Z", "LastModifiedDate": "2025-11-04T22:16:02.353Z" }, { "VulnerabilityID": "CVE-2024-36478", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-36478", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:179069721041bdf40ffe5e99fd67f8221b81f1f3da3cbf722ec0524ec2ca7b2f", "Title": "kernel: null_blk: fix null-ptr-dereference while configuring \u0026#39;power\u0026#39; and \u0026#39;submit_queues\u0026#39;", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnull_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues'\n\nWriting 'power' and 'submit_queues' concurrently will trigger kernel\npanic:\n\nTest script:\n\nmodprobe null_blk nr_devices=0\nmkdir -p /sys/kernel/config/nullb/nullb0\nwhile true; do echo 1 \u003e submit_queues; echo 4 \u003e submit_queues; done \u0026\nwhile true; do echo 1 \u003e power; echo 0 \u003e power; done\n\nTest result:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000148\nOops: 0000 [#1] PREEMPT SMP\nRIP: 0010:__lock_acquire+0x41d/0x28f0\nCall Trace:\n \u003cTASK\u003e\n lock_acquire+0x121/0x450\n down_write+0x5f/0x1d0\n simple_recursive_removal+0x12f/0x5c0\n blk_mq_debugfs_unregister_hctxs+0x7c/0x100\n blk_mq_update_nr_hw_queues+0x4a3/0x720\n nullb_update_nr_hw_queues+0x71/0xf0 [null_blk]\n nullb_device_submit_queues_store+0x79/0xf0 [null_blk]\n configfs_write_iter+0x119/0x1e0\n vfs_write+0x326/0x730\n ksys_write+0x74/0x150\n\nThis is because del_gendisk() can concurrent with\nblk_mq_update_nr_hw_queues():\n\nnullb_device_power_store\tnullb_apply_submit_queues\n null_del_dev\n del_gendisk\n\t\t\t\t nullb_update_nr_hw_queues\n\t\t\t\t if (!dev-\u003enullb)\n\t\t\t\t // still set while gendisk is deleted\n\t\t\t\t return 0\n\t\t\t\t blk_mq_update_nr_hw_queues\n dev-\u003enullb = NULL\n\nFix this problem by resuing the global mutex to protect\nnullb_device_power_store() and nullb_update_nr_hw_queues() from configfs.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-36478", "https://git.kernel.org/linus/a2db328b0839312c169eb42746ec46fc1ab53ed2 (6.10-rc1)", "https://git.kernel.org/stable/c/1d4c8baef435c98e8d5aa7027dc5a9f70834ba16", "https://git.kernel.org/stable/c/5d0495473ee4c1d041b5a917f10446a22c047f47", "https://git.kernel.org/stable/c/a2db328b0839312c169eb42746ec46fc1ab53ed2", "https://git.kernel.org/stable/c/aaadb755f2d684f715a6eb85cb7243aa0c67dfa9", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024062136-CVE-2024-36478-d249@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-36478", "https://ubuntu.com/security/notices/USN-6999-1", "https://ubuntu.com/security/notices/USN-6999-2", "https://ubuntu.com/security/notices/USN-7004-1", "https://ubuntu.com/security/notices/USN-7005-1", "https://ubuntu.com/security/notices/USN-7005-2", "https://ubuntu.com/security/notices/USN-7008-1", "https://ubuntu.com/security/notices/USN-7029-1", "https://www.cve.org/CVERecord?id=CVE-2024-36478" ], "PublishedDate": "2024-06-21T11:15:10.36Z", "LastModifiedDate": "2025-11-03T22:16:58.963Z" }, { "VulnerabilityID": "CVE-2024-36479", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-36479", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3d9c42728e7d87fea4fffdb4aaf17d41e15383ca80f4c40316297621147cbbba", "Title": "kernel: fpga: bridge: add owner module and take its refcount", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfpga: bridge: add owner module and take its refcount\n\nThe current implementation of the fpga bridge assumes that the low-level\nmodule registers a driver for the parent device and uses its owner pointer\nto take the module's refcount. This approach is problematic since it can\nlead to a null pointer dereference while attempting to get the bridge if\nthe parent device does not have a driver.\n\nTo address this problem, add a module owner pointer to the fpga_bridge\nstruct and use it to take the module's refcount. Modify the function for\nregistering a bridge to take an additional owner module parameter and\nrename it to avoid conflicts. Use the old function name for a helper macro\nthat automatically sets the module that registers the bridge as the owner.\nThis ensures compatibility with existing low-level control modules and\nreduces the chances of registering a bridge without setting the owner.\n\nAlso, update the documentation to keep it consistent with the new interface\nfor registering an fpga bridge.\n\nOther changes: opportunistically move put_device() from __fpga_bridge_get()\nto fpga_bridge_get() and of_fpga_bridge_get() to improve code clarity since\nthe bridge device is taken in these functions.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-36479", "https://git.kernel.org/linus/1da11f822042eb6ef4b6064dc048f157a7852529 (6.10-rc1)", "https://git.kernel.org/stable/c/18dc8366abb6cadcb77668b1a16434654e355d49", "https://git.kernel.org/stable/c/1da11f822042eb6ef4b6064dc048f157a7852529", "https://git.kernel.org/stable/c/6896b6b2e2d9ec4e1b0acb4c1698a75a4b34d125", "https://git.kernel.org/stable/c/d7c4081c54a1d4068de9440957303a76f9e5c95b", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024062459-CVE-2024-36479-ef6c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-36479", "https://ubuntu.com/security/notices/USN-6999-1", "https://ubuntu.com/security/notices/USN-6999-2", "https://ubuntu.com/security/notices/USN-7004-1", "https://ubuntu.com/security/notices/USN-7005-1", "https://ubuntu.com/security/notices/USN-7005-2", "https://ubuntu.com/security/notices/USN-7008-1", "https://ubuntu.com/security/notices/USN-7029-1", "https://www.cve.org/CVERecord?id=CVE-2024-36479" ], "PublishedDate": "2024-06-24T14:15:12.157Z", "LastModifiedDate": "2025-11-03T21:16:12.697Z" }, { "VulnerabilityID": "CVE-2024-36898", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-36898", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a1389be1e2a299c137e0aa10342823840be43a1781810b9a1279509cafabac0d", "Title": "kernel: gpiolib: cdev: fix uninitialised kfifo", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpiolib: cdev: fix uninitialised kfifo\n\nIf a line is requested with debounce, and that results in debouncing\nin software, and the line is subsequently reconfigured to enable edge\ndetection then the allocation of the kfifo to contain edge events is\noverlooked. This results in events being written to and read from an\nuninitialised kfifo. Read events are returned to userspace.\n\nInitialise the kfifo in the case where the software debounce is\nalready active.", "Severity": "MEDIUM", "CweIDs": [ "CWE-908" ], "VendorSeverity": { "amazon": 2, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-36898", "https://git.kernel.org/linus/ee0166b637a5e376118e9659e5b4148080f1d27e (6.9)", "https://git.kernel.org/stable/c/1a51e24404d77bb3307c1e39eee0d8e86febb1a5", "https://git.kernel.org/stable/c/883e4bbf06eb5fb7482679e4edb201093e9f55a2", "https://git.kernel.org/stable/c/bd7139a70ee8d8ea872b223e043730cf6f5e2b0e", "https://git.kernel.org/stable/c/ee0166b637a5e376118e9659e5b4148080f1d27e", "https://lore.kernel.org/linux-cve-announce/2024053035-CVE-2024-36898-942c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-36898", "https://ubuntu.com/security/notices/USN-6949-1", "https://ubuntu.com/security/notices/USN-6949-2", "https://ubuntu.com/security/notices/USN-6952-1", "https://ubuntu.com/security/notices/USN-6952-2", "https://ubuntu.com/security/notices/USN-6955-1", "https://www.cve.org/CVERecord?id=CVE-2024-36898" ], "PublishedDate": "2024-05-30T16:15:13.423Z", "LastModifiedDate": "2025-09-18T14:48:06.587Z" }, { "VulnerabilityID": "CVE-2024-36900", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-36900", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:61323345da9c724b8be35a98cb984cdaa8a01b3915b42806069ae1a7654527ee", "Title": "kernel: net: hns3: fix kernel crash when devlink reload during initialization", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix kernel crash when devlink reload during initialization\n\nThe devlink reload process will access the hardware resources,\nbut the register operation is done before the hardware is initialized.\nSo, processing the devlink reload during initialization may lead to kernel\ncrash.\n\nThis patch fixes this by registering the devlink after\nhardware initialization.", "Severity": "MEDIUM", "CweIDs": [ "CWE-908" ], "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-36900", "https://git.kernel.org/linus/35d92abfbad88cf947c010baf34b075e40566095 (6.9)", "https://git.kernel.org/stable/c/35d92abfbad88cf947c010baf34b075e40566095", "https://git.kernel.org/stable/c/5c623fe0534806b627054da09b6f51b7b2f7b9cd", "https://git.kernel.org/stable/c/72ede790f5a03c3957487400a1b72ebce293a2e7", "https://git.kernel.org/stable/c/c98bc78ce0909ccc92005e2cb6609ec6c7942f69", "https://nvd.nist.gov/vuln/detail/CVE-2024-36900", "https://ubuntu.com/security/notices/USN-6949-1", "https://ubuntu.com/security/notices/USN-6949-2", "https://ubuntu.com/security/notices/USN-6952-1", "https://ubuntu.com/security/notices/USN-6952-2", "https://ubuntu.com/security/notices/USN-6955-1", "https://www.cve.org/CVERecord?id=CVE-2024-36900" ], "PublishedDate": "2024-05-30T16:15:13.6Z", "LastModifiedDate": "2025-09-30T17:49:17.863Z" }, { "VulnerabilityID": "CVE-2024-36903", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-36903", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0fa0d7fbf0322df1287ad5c8d6c4e13676a85c5662729c03a3e37bfe839ccab1", "Title": "kernel: ipv6: Fix potential uninit-value access in __ip6_make_skb()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: Fix potential uninit-value access in __ip6_make_skb()\n\nAs it was done in commit fc1092f51567 (\"ipv4: Fix uninit-value access in\n__ip_make_skb()\") for IPv4, check FLOWI_FLAG_KNOWN_NH on fl6-\u003eflowi6_flags\ninstead of testing HDRINCL on the socket to avoid a race condition which\ncauses uninit-value access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-908" ], "VendorSeverity": { "alma": 3, "amazon": 3, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:5363", "https://access.redhat.com/security/cve/CVE-2024-36903", "https://bugzilla.redhat.com/2265838", "https://bugzilla.redhat.com/2273405", "https://bugzilla.redhat.com/2275600", "https://bugzilla.redhat.com/2275655", "https://bugzilla.redhat.com/2275715", "https://bugzilla.redhat.com/2275748", "https://bugzilla.redhat.com/2278380", "https://bugzilla.redhat.com/2278417", "https://bugzilla.redhat.com/2278429", "https://bugzilla.redhat.com/2278519", "https://bugzilla.redhat.com/2278989", "https://bugzilla.redhat.com/2281057", "https://bugzilla.redhat.com/2281097", "https://bugzilla.redhat.com/2281133", "https://bugzilla.redhat.com/2281190", "https://bugzilla.redhat.com/2281237", "https://bugzilla.redhat.com/2281257", "https://bugzilla.redhat.com/2281265", "https://bugzilla.redhat.com/2281272", "https://bugzilla.redhat.com/2281639", "https://bugzilla.redhat.com/2281667", "https://bugzilla.redhat.com/2281821", "https://bugzilla.redhat.com/2281900", "https://bugzilla.redhat.com/2281949", "https://bugzilla.redhat.com/2282719", "https://bugzilla.redhat.com/2284400", "https://bugzilla.redhat.com/2284417", "https://bugzilla.redhat.com/2284474", "https://bugzilla.redhat.com/2284496", "https://bugzilla.redhat.com/2284511", "https://bugzilla.redhat.com/2284513", "https://bugzilla.redhat.com/2284543", "https://bugzilla.redhat.com/2292331", "https://bugzilla.redhat.com/2293208", "https://bugzilla.redhat.com/2293418", "https://bugzilla.redhat.com/2293441", "https://bugzilla.redhat.com/2293657", "https://bugzilla.redhat.com/2293658", "https://bugzilla.redhat.com/2293686", "https://bugzilla.redhat.com/2293687", "https://bugzilla.redhat.com/2293688", "https://bugzilla.redhat.com/2297056", "https://bugzilla.redhat.com/2297512", "https://bugzilla.redhat.com/2297538", "https://bugzilla.redhat.com/2297542", "https://bugzilla.redhat.com/2297545", "https://bugzilla.redhat.com/show_bug.cgi?id=2265838", "https://bugzilla.redhat.com/show_bug.cgi?id=2273405", "https://bugzilla.redhat.com/show_bug.cgi?id=2275600", "https://bugzilla.redhat.com/show_bug.cgi?id=2275655", "https://bugzilla.redhat.com/show_bug.cgi?id=2275715", "https://bugzilla.redhat.com/show_bug.cgi?id=2275748", "https://bugzilla.redhat.com/show_bug.cgi?id=2278380", "https://bugzilla.redhat.com/show_bug.cgi?id=2278417", "https://bugzilla.redhat.com/show_bug.cgi?id=2278429", "https://bugzilla.redhat.com/show_bug.cgi?id=2278519", "https://bugzilla.redhat.com/show_bug.cgi?id=2278989", "https://bugzilla.redhat.com/show_bug.cgi?id=2281057", "https://bugzilla.redhat.com/show_bug.cgi?id=2281097", "https://bugzilla.redhat.com/show_bug.cgi?id=2281133", "https://bugzilla.redhat.com/show_bug.cgi?id=2281190", "https://bugzilla.redhat.com/show_bug.cgi?id=2281237", "https://bugzilla.redhat.com/show_bug.cgi?id=2281257", "https://bugzilla.redhat.com/show_bug.cgi?id=2281265", "https://bugzilla.redhat.com/show_bug.cgi?id=2281272", "https://bugzilla.redhat.com/show_bug.cgi?id=2281639", "https://bugzilla.redhat.com/show_bug.cgi?id=2281667", "https://bugzilla.redhat.com/show_bug.cgi?id=2281821", "https://bugzilla.redhat.com/show_bug.cgi?id=2281900", "https://bugzilla.redhat.com/show_bug.cgi?id=2281949", "https://bugzilla.redhat.com/show_bug.cgi?id=2282719", "https://bugzilla.redhat.com/show_bug.cgi?id=2284400", "https://bugzilla.redhat.com/show_bug.cgi?id=2284417", "https://bugzilla.redhat.com/show_bug.cgi?id=2284474", "https://bugzilla.redhat.com/show_bug.cgi?id=2284496", "https://bugzilla.redhat.com/show_bug.cgi?id=2284511", "https://bugzilla.redhat.com/show_bug.cgi?id=2284513", "https://bugzilla.redhat.com/show_bug.cgi?id=2284543", "https://bugzilla.redhat.com/show_bug.cgi?id=2292331", "https://bugzilla.redhat.com/show_bug.cgi?id=2293208", "https://bugzilla.redhat.com/show_bug.cgi?id=2293418", "https://bugzilla.redhat.com/show_bug.cgi?id=2293441", "https://bugzilla.redhat.com/show_bug.cgi?id=2293657", "https://bugzilla.redhat.com/show_bug.cgi?id=2293658", "https://bugzilla.redhat.com/show_bug.cgi?id=2293686", "https://bugzilla.redhat.com/show_bug.cgi?id=2293687", "https://bugzilla.redhat.com/show_bug.cgi?id=2293688", "https://bugzilla.redhat.com/show_bug.cgi?id=2297056", "https://bugzilla.redhat.com/show_bug.cgi?id=2297512", "https://bugzilla.redhat.com/show_bug.cgi?id=2297538", "https://bugzilla.redhat.com/show_bug.cgi?id=2297542", "https://bugzilla.redhat.com/show_bug.cgi?id=2297545", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47606", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52651", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26808", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26828", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26868", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26897", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27049", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27052", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27417", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35789", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35800", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35845", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35848", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35852", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35911", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35969", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36903", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36922", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37353", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37356", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38391", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38558", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40928", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40954", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40958", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40961", "https://errata.almalinux.org/9/ALSA-2024-5363.html", "https://errata.rockylinux.org/RLSA-2024:5363", "https://git.kernel.org/linus/4e13d3a9c25b7080f8a619f961e943fe08c2672c (6.9)", "https://git.kernel.org/stable/c/2367bf254f3a27ecc6e229afd7a8b0a1395f7be3", "https://git.kernel.org/stable/c/40e5444a3ac315b60e94d82226b73cd82145d09e", "https://git.kernel.org/stable/c/4e13d3a9c25b7080f8a619f961e943fe08c2672c", "https://git.kernel.org/stable/c/59d74c843ebf46264c7903726cf6f2673a93b07a", "https://git.kernel.org/stable/c/68c8ba16ab712eb709c6bab80ff151079d11d97a", "https://git.kernel.org/stable/c/a05c1ede50e9656f0752e523c7b54f3a3489e9a8", "https://linux.oracle.com/cve/CVE-2024-36903.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html", "https://lore.kernel.org/linux-cve-announce/2024053036-CVE-2024-36903-4a60@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-36903", "https://ubuntu.com/security/notices/USN-6949-1", "https://ubuntu.com/security/notices/USN-6949-2", "https://ubuntu.com/security/notices/USN-6952-1", "https://ubuntu.com/security/notices/USN-6952-2", "https://ubuntu.com/security/notices/USN-6955-1", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2024-36903" ], "PublishedDate": "2024-05-30T16:15:13.867Z", "LastModifiedDate": "2026-01-19T13:16:06.793Z" }, { "VulnerabilityID": "CVE-2024-36909", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-36909", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:59ae60efca7e1ae8b36cb941810a2224a9abd1ab9c32e4873a7c0da3e0f6c677", "Title": "kernel: Drivers: hv: vmbus: Don\u0026#39;t free ring buffers that couldn\u0026#39;t be re-encrypted", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nDrivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted\n\nIn CoCo VMs it is possible for the untrusted host to cause\nset_memory_encrypted() or set_memory_decrypted() to fail such that an\nerror is returned and the resulting memory is shared. Callers need to\ntake care to handle these errors to avoid returning decrypted (shared)\nmemory to the page allocator, which could lead to functional or security\nissues.\n\nThe VMBus ring buffer code could free decrypted/shared pages if\nset_memory_decrypted() fails. Check the decrypted field in the struct\nvmbus_gpadl for the ring buffers to decide whether to free the memory.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "amazon": 2, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-36909", "https://git.kernel.org/linus/30d18df6567be09c1433e81993e35e3da573ac48 (6.9-rc4)", "https://git.kernel.org/stable/c/2f622008bf784a9f5dd17baa19223cc2ac30a039", "https://git.kernel.org/stable/c/30d18df6567be09c1433e81993e35e3da573ac48", "https://git.kernel.org/stable/c/82f9e213b124a7d2bb5b16ea35d570260ef467e0", "https://git.kernel.org/stable/c/a9212a4e2963a7fbe3864ba33dc551d4ad8d0abb", "https://nvd.nist.gov/vuln/detail/CVE-2024-36909", "https://ubuntu.com/security/notices/USN-6949-1", "https://ubuntu.com/security/notices/USN-6949-2", "https://ubuntu.com/security/notices/USN-6952-1", "https://ubuntu.com/security/notices/USN-6952-2", "https://ubuntu.com/security/notices/USN-6955-1", "https://www.cve.org/CVERecord?id=CVE-2024-36909" ], "PublishedDate": "2024-05-30T16:15:14.38Z", "LastModifiedDate": "2025-09-30T17:54:32.43Z" }, { "VulnerabilityID": "CVE-2024-36910", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-36910", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e68f54bb3cee10a16874780c03956464847d6f4a916bd911dc0d5a22f478b141", "Title": "kernel: uio_hv_generic: Don\u0026#39;t free decrypted memory", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nuio_hv_generic: Don't free decrypted memory\n\nIn CoCo VMs it is possible for the untrusted host to cause\nset_memory_encrypted() or set_memory_decrypted() to fail such that an\nerror is returned and the resulting memory is shared. Callers need to\ntake care to handle these errors to avoid returning decrypted (shared)\nmemory to the page allocator, which could lead to functional or security\nissues.\n\nThe VMBus device UIO driver could free decrypted/shared pages if\nset_memory_decrypted() fails. Check the decrypted field in the gpadl\nto decide whether to free the memory.", "Severity": "MEDIUM", "CweIDs": [ "CWE-200" ], "VendorSeverity": { "amazon": 2, "azure": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-36910", "https://git.kernel.org/linus/3d788b2fbe6a1a1a9e3db09742b90809d51638b7 (6.9-rc4)", "https://git.kernel.org/stable/c/3d788b2fbe6a1a1a9e3db09742b90809d51638b7", "https://git.kernel.org/stable/c/6466a0f6d235c8a18c602cb587160d7e49876db9", "https://git.kernel.org/stable/c/dabf12bf994318d939f70d47cfda30e47abb2c54", "https://git.kernel.org/stable/c/fe2c58602354fbd60680dc42ac3a0b772cda7d23", "https://lore.kernel.org/linux-cve-announce/2024053037-CVE-2024-36910-6949@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-36910", "https://ubuntu.com/security/notices/USN-6949-1", "https://ubuntu.com/security/notices/USN-6949-2", "https://ubuntu.com/security/notices/USN-6952-1", "https://ubuntu.com/security/notices/USN-6952-2", "https://ubuntu.com/security/notices/USN-6955-1", "https://www.cve.org/CVERecord?id=CVE-2024-36910" ], "PublishedDate": "2024-05-30T16:15:14.457Z", "LastModifiedDate": "2025-04-01T18:35:10.14Z" }, { "VulnerabilityID": "CVE-2024-36911", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-36911", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5f5dd3ec6357b7767ffedb277b841f2f577f2237ab54b8a0eeec2d19c90ccf7d", "Title": "kernel: hv_netvsc: Don\u0026#39;t free decrypted memory", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nhv_netvsc: Don't free decrypted memory\n\nIn CoCo VMs it is possible for the untrusted host to cause\nset_memory_encrypted() or set_memory_decrypted() to fail such that an\nerror is returned and the resulting memory is shared. Callers need to\ntake care to handle these errors to avoid returning decrypted (shared)\nmemory to the page allocator, which could lead to functional or security\nissues.\n\nThe netvsc driver could free decrypted/shared pages if\nset_memory_decrypted() fails. Check the decrypted field in the gpadl\nto decide whether to free the memory.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-36911", "https://git.kernel.org/linus/bbf9ac34677b57506a13682b31a2a718934c0e31 (6.9-rc4)", "https://git.kernel.org/stable/c/4aaed9dbe8acd2b6114458f0498a617283d6275b", "https://git.kernel.org/stable/c/a56fe611326332bf6b7126e5559590c57dcebad4", "https://git.kernel.org/stable/c/bbf9ac34677b57506a13682b31a2a718934c0e31", "https://lore.kernel.org/linux-cve-announce/2024053037-CVE-2024-36911-5ef6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-36911", "https://ubuntu.com/security/notices/USN-6949-1", "https://ubuntu.com/security/notices/USN-6949-2", "https://ubuntu.com/security/notices/USN-6952-1", "https://ubuntu.com/security/notices/USN-6952-2", "https://ubuntu.com/security/notices/USN-6955-1", "https://www.cve.org/CVERecord?id=CVE-2024-36911" ], "PublishedDate": "2024-05-30T16:15:14.53Z", "LastModifiedDate": "2025-09-30T17:57:44.78Z" }, { "VulnerabilityID": "CVE-2024-36914", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-36914", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c9a715df92a02498020d2c2ac7d524b48fd1ba38f5859d0c12fe44f03be7d360", "Title": "kernel: drm/amd/display: Skip on writeback when it\u0026#39;s not applicable", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip on writeback when it's not applicable\n\n[WHY]\ndynamic memory safety error detector (KASAN) catches and generates error\nmessages \"BUG: KASAN: slab-out-of-bounds\" as writeback connector does not\nsupport certain features which are not initialized.\n\n[HOW]\nSkip them when connector type is DRM_MODE_CONNECTOR_WRITEBACK.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-36914", "https://git.kernel.org/linus/ecedd99a9369fb5cde601ae9abd58bca2739f1ae (6.9-rc4)", "https://git.kernel.org/stable/c/87de0a741ef6d93fcb99983138a0d89a546a043c", "https://git.kernel.org/stable/c/951a498fa993c5501994ec2df97c9297b02488c7", "https://git.kernel.org/stable/c/e9baa7110e9f3756bd5a812af376c288d9be894d", "https://git.kernel.org/stable/c/ecedd99a9369fb5cde601ae9abd58bca2739f1ae", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024053038-CVE-2024-36914-40cd@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-36914", "https://ubuntu.com/security/notices/USN-6949-1", "https://ubuntu.com/security/notices/USN-6949-2", "https://ubuntu.com/security/notices/USN-6952-1", "https://ubuntu.com/security/notices/USN-6952-2", "https://ubuntu.com/security/notices/USN-6955-1", "https://www.cve.org/CVERecord?id=CVE-2024-36914" ], "PublishedDate": "2024-05-30T16:15:14.79Z", "LastModifiedDate": "2025-11-03T22:16:59.967Z" }, { "VulnerabilityID": "CVE-2024-36915", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-36915", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:16d9e3c8d4e001d51f00e0a2902765872a014db0a65d58f66e8a0ff2e2652895", "Title": "kernel: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: llcp: fix nfc_llcp_setsockopt() unsafe copies\n\nsyzbot reported unsafe calls to copy_from_sockptr() [1]\n\nUse copy_safe_from_sockptr() instead.\n\n[1]\n\nBUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]\n BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline]\n BUG: KASAN: slab-out-of-bounds in nfc_llcp_setsockopt+0x6c2/0x850 net/nfc/llcp_sock.c:255\nRead of size 4 at addr ffff88801caa1ec3 by task syz-executor459/5078\n\nCPU: 0 PID: 5078 Comm: syz-executor459 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]\n copy_from_sockptr include/linux/sockptr.h:55 [inline]\n nfc_llcp_setsockopt+0x6c2/0x850 net/nfc/llcp_sock.c:255\n do_sock_setsockopt+0x3b1/0x720 net/socket.c:2311\n __sys_setsockopt+0x1ae/0x250 net/socket.c:2334\n __do_sys_setsockopt net/socket.c:2343 [inline]\n __se_sys_setsockopt net/socket.c:2340 [inline]\n __x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340\n do_syscall_64+0xfd/0x240\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\nRIP: 0033:0x7f7fac07fd89\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fff660eb788 EFLAGS: 00000246 ORIG_RAX: 0000000000000036\nRAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f7fac07fd89\nRDX: 0000000000000000 RSI: 0000000000000118 RDI: 0000000000000004\nRBP: 0000000000000000 R08: 0000000000000002 R09: 0000000000000000\nR10: 0000000020000a80 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-36915", "https://git.kernel.org/linus/7a87441c9651ba37842f4809224aca13a554a26f (6.9-rc4)", "https://git.kernel.org/stable/c/0f106133203021533cb753e80d75896f4ad222f8", "https://git.kernel.org/stable/c/298609e7069ce74542a2253a39ccc9717f1d877a", "https://git.kernel.org/stable/c/29dc0ea979d433dd3c26abc8fa971550bdc05107", "https://git.kernel.org/stable/c/7a87441c9651ba37842f4809224aca13a554a26f", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024053038-CVE-2024-36915-611e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-36915", "https://ubuntu.com/security/notices/USN-6949-1", "https://ubuntu.com/security/notices/USN-6949-2", "https://ubuntu.com/security/notices/USN-6952-1", "https://ubuntu.com/security/notices/USN-6952-2", "https://ubuntu.com/security/notices/USN-6955-1", "https://www.cve.org/CVERecord?id=CVE-2024-36915" ], "PublishedDate": "2024-05-30T16:15:14.887Z", "LastModifiedDate": "2025-11-03T22:17:00.227Z" }, { "VulnerabilityID": "CVE-2024-36917", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-36917", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7605484cc4abba3cb6f790d3264ce7e761a0823f64fdc66b44e645b0fed8536d", "Title": "kernel: block: fix overflow in blk_ioctl_discard()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix overflow in blk_ioctl_discard()\n\nThere is no check for overflow of 'start + len' in blk_ioctl_discard().\nHung task occurs if submit an discard ioctl with the following param:\n start = 0x80000000000ff000, len = 0x8000000000fff000;\nAdd the overflow validation now.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "alma": 3, "amazon": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 1, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:5102", "https://access.redhat.com/security/cve/CVE-2024-36917", "https://bugzilla.redhat.com/2263879", "https://bugzilla.redhat.com/2265645", "https://bugzilla.redhat.com/2265797", "https://bugzilla.redhat.com/2266341", "https://bugzilla.redhat.com/2266347", "https://bugzilla.redhat.com/2266497", "https://bugzilla.redhat.com/2267787", "https://bugzilla.redhat.com/2268118", "https://bugzilla.redhat.com/2269070", "https://bugzilla.redhat.com/2269211", "https://bugzilla.redhat.com/2270084", "https://bugzilla.redhat.com/2270100", "https://bugzilla.redhat.com/2271686", "https://bugzilla.redhat.com/2271688", "https://bugzilla.redhat.com/2272782", "https://bugzilla.redhat.com/2272795", "https://bugzilla.redhat.com/2273109", "https://bugzilla.redhat.com/2273174", "https://bugzilla.redhat.com/2273236", "https://bugzilla.redhat.com/2273242", "https://bugzilla.redhat.com/2273247", "https://bugzilla.redhat.com/2273268", "https://bugzilla.redhat.com/2273427", "https://bugzilla.redhat.com/2273654", "https://bugzilla.redhat.com/2275565", "https://bugzilla.redhat.com/2275573", "https://bugzilla.redhat.com/2275580", "https://bugzilla.redhat.com/2275694", "https://bugzilla.redhat.com/2275711", "https://bugzilla.redhat.com/2275748", "https://bugzilla.redhat.com/2275761", "https://bugzilla.redhat.com/2275928", "https://bugzilla.redhat.com/2277166", "https://bugzilla.redhat.com/2277238", "https://bugzilla.redhat.com/2277840", "https://bugzilla.redhat.com/2278176", "https://bugzilla.redhat.com/2278178", "https://bugzilla.redhat.com/2278182", "https://bugzilla.redhat.com/2278218", "https://bugzilla.redhat.com/2278256", "https://bugzilla.redhat.com/2278258", "https://bugzilla.redhat.com/2278277", "https://bugzilla.redhat.com/2278279", "https://bugzilla.redhat.com/2278380", "https://bugzilla.redhat.com/2278484", "https://bugzilla.redhat.com/2278515", "https://bugzilla.redhat.com/2278535", "https://bugzilla.redhat.com/2278539", "https://bugzilla.redhat.com/2278989", "https://bugzilla.redhat.com/2280440", "https://bugzilla.redhat.com/2281054", "https://bugzilla.redhat.com/2281133", "https://bugzilla.redhat.com/2281149", "https://bugzilla.redhat.com/2281207", "https://bugzilla.redhat.com/2281215", "https://bugzilla.redhat.com/2281221", "https://bugzilla.redhat.com/2281235", "https://bugzilla.redhat.com/2281268", "https://bugzilla.redhat.com/2281326", "https://bugzilla.redhat.com/2281360", "https://bugzilla.redhat.com/2281510", "https://bugzilla.redhat.com/2281519", "https://bugzilla.redhat.com/2281636", "https://bugzilla.redhat.com/2281641", "https://bugzilla.redhat.com/2281664", "https://bugzilla.redhat.com/2281667", "https://bugzilla.redhat.com/2281672", "https://bugzilla.redhat.com/2281675", "https://bugzilla.redhat.com/2281682", "https://bugzilla.redhat.com/2281725", "https://bugzilla.redhat.com/2281752", "https://bugzilla.redhat.com/2281758", "https://bugzilla.redhat.com/2281819", "https://bugzilla.redhat.com/2281821", "https://bugzilla.redhat.com/2281833", "https://bugzilla.redhat.com/2281938", "https://bugzilla.redhat.com/2281949", "https://bugzilla.redhat.com/2281968", "https://bugzilla.redhat.com/2281989", "https://bugzilla.redhat.com/2282328", "https://bugzilla.redhat.com/2282373", "https://bugzilla.redhat.com/2282479", "https://bugzilla.redhat.com/2282553", "https://bugzilla.redhat.com/2282615", "https://bugzilla.redhat.com/2282623", "https://bugzilla.redhat.com/2282640", "https://bugzilla.redhat.com/2282642", "https://bugzilla.redhat.com/2282645", "https://bugzilla.redhat.com/2282717", "https://bugzilla.redhat.com/2282719", "https://bugzilla.redhat.com/2282727", "https://bugzilla.redhat.com/2282742", "https://bugzilla.redhat.com/2282743", "https://bugzilla.redhat.com/2282744", "https://bugzilla.redhat.com/2282759", "https://bugzilla.redhat.com/2282763", "https://bugzilla.redhat.com/2282766", "https://bugzilla.redhat.com/2282772", "https://bugzilla.redhat.com/2282780", "https://bugzilla.redhat.com/2282887", "https://bugzilla.redhat.com/2282896", "https://bugzilla.redhat.com/2282923", "https://bugzilla.redhat.com/2282925", "https://bugzilla.redhat.com/2282950", "https://bugzilla.redhat.com/2283401", "https://bugzilla.redhat.com/2283894", "https://bugzilla.redhat.com/2284400", "https://bugzilla.redhat.com/2284417", "https://bugzilla.redhat.com/2284421", "https://bugzilla.redhat.com/2284474", "https://bugzilla.redhat.com/2284477", "https://bugzilla.redhat.com/2284488", "https://bugzilla.redhat.com/2284496", "https://bugzilla.redhat.com/2284500", "https://bugzilla.redhat.com/2284513", "https://bugzilla.redhat.com/2284519", "https://bugzilla.redhat.com/2284539", "https://bugzilla.redhat.com/2284541", "https://bugzilla.redhat.com/2284556", "https://bugzilla.redhat.com/2284571", "https://bugzilla.redhat.com/2284590", "https://bugzilla.redhat.com/2284625", "https://bugzilla.redhat.com/2290408", "https://bugzilla.redhat.com/2292331", "https://bugzilla.redhat.com/2293078", "https://bugzilla.redhat.com/2293250", "https://bugzilla.redhat.com/2293276", "https://bugzilla.redhat.com/2293312", "https://bugzilla.redhat.com/2293316", "https://bugzilla.redhat.com/2293348", "https://bugzilla.redhat.com/2293371", "https://bugzilla.redhat.com/2293383", "https://bugzilla.redhat.com/2293418", "https://bugzilla.redhat.com/2293420", "https://bugzilla.redhat.com/2293444", "https://bugzilla.redhat.com/2293461", "https://bugzilla.redhat.com/2293653", "https://bugzilla.redhat.com/2293657", "https://bugzilla.redhat.com/2293684", "https://bugzilla.redhat.com/2293687", "https://bugzilla.redhat.com/2293700", "https://bugzilla.redhat.com/2293711", "https://bugzilla.redhat.com/2294274", "https://bugzilla.redhat.com/2295914", "https://bugzilla.redhat.com/2296067", "https://bugzilla.redhat.com/2297056", "https://bugzilla.redhat.com/2297474", "https://bugzilla.redhat.com/2297511", "https://bugzilla.redhat.com/2298108", "https://bugzilla.redhat.com/show_bug.cgi?id=2263879", "https://bugzilla.redhat.com/show_bug.cgi?id=2265645", "https://bugzilla.redhat.com/show_bug.cgi?id=2265650", "https://bugzilla.redhat.com/show_bug.cgi?id=2265797", "https://bugzilla.redhat.com/show_bug.cgi?id=2266341", "https://bugzilla.redhat.com/show_bug.cgi?id=2266347", "https://bugzilla.redhat.com/show_bug.cgi?id=2266497", "https://bugzilla.redhat.com/show_bug.cgi?id=2266594", "https://bugzilla.redhat.com/show_bug.cgi?id=2267787", "https://bugzilla.redhat.com/show_bug.cgi?id=2268118", "https://bugzilla.redhat.com/show_bug.cgi?id=2269070", "https://bugzilla.redhat.com/show_bug.cgi?id=2269211", "https://bugzilla.redhat.com/show_bug.cgi?id=2270084", "https://bugzilla.redhat.com/show_bug.cgi?id=2270100", "https://bugzilla.redhat.com/show_bug.cgi?id=2270700", "https://bugzilla.redhat.com/show_bug.cgi?id=2271686", "https://bugzilla.redhat.com/show_bug.cgi?id=2271688", "https://bugzilla.redhat.com/show_bug.cgi?id=2272782", "https://bugzilla.redhat.com/show_bug.cgi?id=2272795", "https://bugzilla.redhat.com/show_bug.cgi?id=2273109", "https://bugzilla.redhat.com/show_bug.cgi?id=2273117", "https://bugzilla.redhat.com/show_bug.cgi?id=2273174", "https://bugzilla.redhat.com/show_bug.cgi?id=2273236", "https://bugzilla.redhat.com/show_bug.cgi?id=2273242", "https://bugzilla.redhat.com/show_bug.cgi?id=2273247", "https://bugzilla.redhat.com/show_bug.cgi?id=2273268", "https://bugzilla.redhat.com/show_bug.cgi?id=2273427", "https://bugzilla.redhat.com/show_bug.cgi?id=2273654", "https://bugzilla.redhat.com/show_bug.cgi?id=2275565", "https://bugzilla.redhat.com/show_bug.cgi?id=2275573", "https://bugzilla.redhat.com/show_bug.cgi?id=2275580", "https://bugzilla.redhat.com/show_bug.cgi?id=2275694", "https://bugzilla.redhat.com/show_bug.cgi?id=2275711", "https://bugzilla.redhat.com/show_bug.cgi?id=2275744", "https://bugzilla.redhat.com/show_bug.cgi?id=2275748", "https://bugzilla.redhat.com/show_bug.cgi?id=2275761", "https://bugzilla.redhat.com/show_bug.cgi?id=2275928", "https://bugzilla.redhat.com/show_bug.cgi?id=2277166", "https://bugzilla.redhat.com/show_bug.cgi?id=2277238", "https://bugzilla.redhat.com/show_bug.cgi?id=2277840", "https://bugzilla.redhat.com/show_bug.cgi?id=2278176", "https://bugzilla.redhat.com/show_bug.cgi?id=2278178", "https://bugzilla.redhat.com/show_bug.cgi?id=2278182", "https://bugzilla.redhat.com/show_bug.cgi?id=2278218", "https://bugzilla.redhat.com/show_bug.cgi?id=2278256", "https://bugzilla.redhat.com/show_bug.cgi?id=2278258", "https://bugzilla.redhat.com/show_bug.cgi?id=2278277", "https://bugzilla.redhat.com/show_bug.cgi?id=2278279", "https://bugzilla.redhat.com/show_bug.cgi?id=2278380", "https://bugzilla.redhat.com/show_bug.cgi?id=2278484", "https://bugzilla.redhat.com/show_bug.cgi?id=2278515", "https://bugzilla.redhat.com/show_bug.cgi?id=2278535", "https://bugzilla.redhat.com/show_bug.cgi?id=2278539", "https://bugzilla.redhat.com/show_bug.cgi?id=2278989", "https://bugzilla.redhat.com/show_bug.cgi?id=2280440", "https://bugzilla.redhat.com/show_bug.cgi?id=2281054", "https://bugzilla.redhat.com/show_bug.cgi?id=2281133", "https://bugzilla.redhat.com/show_bug.cgi?id=2281149", "https://bugzilla.redhat.com/show_bug.cgi?id=2281189", "https://bugzilla.redhat.com/show_bug.cgi?id=2281190", "https://bugzilla.redhat.com/show_bug.cgi?id=2281207", "https://bugzilla.redhat.com/show_bug.cgi?id=2281215", "https://bugzilla.redhat.com/show_bug.cgi?id=2281221", "https://bugzilla.redhat.com/show_bug.cgi?id=2281235", "https://bugzilla.redhat.com/show_bug.cgi?id=2281268", "https://bugzilla.redhat.com/show_bug.cgi?id=2281326", "https://bugzilla.redhat.com/show_bug.cgi?id=2281360", "https://bugzilla.redhat.com/show_bug.cgi?id=2281510", "https://bugzilla.redhat.com/show_bug.cgi?id=2281519", "https://bugzilla.redhat.com/show_bug.cgi?id=2281636", "https://bugzilla.redhat.com/show_bug.cgi?id=2281641", "https://bugzilla.redhat.com/show_bug.cgi?id=2281664", "https://bugzilla.redhat.com/show_bug.cgi?id=2281667", "https://bugzilla.redhat.com/show_bug.cgi?id=2281672", "https://bugzilla.redhat.com/show_bug.cgi?id=2281675", "https://bugzilla.redhat.com/show_bug.cgi?id=2281682", "https://bugzilla.redhat.com/show_bug.cgi?id=2281725", "https://bugzilla.redhat.com/show_bug.cgi?id=2281752", "https://bugzilla.redhat.com/show_bug.cgi?id=2281758", "https://bugzilla.redhat.com/show_bug.cgi?id=2281819", "https://bugzilla.redhat.com/show_bug.cgi?id=2281821", "https://bugzilla.redhat.com/show_bug.cgi?id=2281833", "https://bugzilla.redhat.com/show_bug.cgi?id=2281938", "https://bugzilla.redhat.com/show_bug.cgi?id=2281949", "https://bugzilla.redhat.com/show_bug.cgi?id=2281968", "https://bugzilla.redhat.com/show_bug.cgi?id=2281989", "https://bugzilla.redhat.com/show_bug.cgi?id=2282328", "https://bugzilla.redhat.com/show_bug.cgi?id=2282373", "https://bugzilla.redhat.com/show_bug.cgi?id=2282479", "https://bugzilla.redhat.com/show_bug.cgi?id=2282553", "https://bugzilla.redhat.com/show_bug.cgi?id=2282615", "https://bugzilla.redhat.com/show_bug.cgi?id=2282623", "https://bugzilla.redhat.com/show_bug.cgi?id=2282640", "https://bugzilla.redhat.com/show_bug.cgi?id=2282642", "https://bugzilla.redhat.com/show_bug.cgi?id=2282645", "https://bugzilla.redhat.com/show_bug.cgi?id=2282690", "https://bugzilla.redhat.com/show_bug.cgi?id=2282717", "https://bugzilla.redhat.com/show_bug.cgi?id=2282719", "https://bugzilla.redhat.com/show_bug.cgi?id=2282727", "https://bugzilla.redhat.com/show_bug.cgi?id=2282742", "https://bugzilla.redhat.com/show_bug.cgi?id=2282743", "https://bugzilla.redhat.com/show_bug.cgi?id=2282744", "https://bugzilla.redhat.com/show_bug.cgi?id=2282759", "https://bugzilla.redhat.com/show_bug.cgi?id=2282763", "https://bugzilla.redhat.com/show_bug.cgi?id=2282766", "https://bugzilla.redhat.com/show_bug.cgi?id=2282772", "https://bugzilla.redhat.com/show_bug.cgi?id=2282780", "https://bugzilla.redhat.com/show_bug.cgi?id=2282887", "https://bugzilla.redhat.com/show_bug.cgi?id=2282896", "https://bugzilla.redhat.com/show_bug.cgi?id=2282923", "https://bugzilla.redhat.com/show_bug.cgi?id=2282925", "https://bugzilla.redhat.com/show_bug.cgi?id=2282950", "https://bugzilla.redhat.com/show_bug.cgi?id=2283401", "https://bugzilla.redhat.com/show_bug.cgi?id=2283894", "https://bugzilla.redhat.com/show_bug.cgi?id=2284400", "https://bugzilla.redhat.com/show_bug.cgi?id=2284417", "https://bugzilla.redhat.com/show_bug.cgi?id=2284421", "https://bugzilla.redhat.com/show_bug.cgi?id=2284465", "https://bugzilla.redhat.com/show_bug.cgi?id=2284474", "https://bugzilla.redhat.com/show_bug.cgi?id=2284477", "https://bugzilla.redhat.com/show_bug.cgi?id=2284488", "https://bugzilla.redhat.com/show_bug.cgi?id=2284496", "https://bugzilla.redhat.com/show_bug.cgi?id=2284500", "https://bugzilla.redhat.com/show_bug.cgi?id=2284513", "https://bugzilla.redhat.com/show_bug.cgi?id=2284519", "https://bugzilla.redhat.com/show_bug.cgi?id=2284539", "https://bugzilla.redhat.com/show_bug.cgi?id=2284541", "https://bugzilla.redhat.com/show_bug.cgi?id=2284556", "https://bugzilla.redhat.com/show_bug.cgi?id=2284571", "https://bugzilla.redhat.com/show_bug.cgi?id=2284590", "https://bugzilla.redhat.com/show_bug.cgi?id=2284625", "https://bugzilla.redhat.com/show_bug.cgi?id=2290408", "https://bugzilla.redhat.com/show_bug.cgi?id=2292331", "https://bugzilla.redhat.com/show_bug.cgi?id=2293078", "https://bugzilla.redhat.com/show_bug.cgi?id=2293250", "https://bugzilla.redhat.com/show_bug.cgi?id=2293276", "https://bugzilla.redhat.com/show_bug.cgi?id=2293312", "https://bugzilla.redhat.com/show_bug.cgi?id=2293316", "https://bugzilla.redhat.com/show_bug.cgi?id=2293348", "https://bugzilla.redhat.com/show_bug.cgi?id=2293367", "https://bugzilla.redhat.com/show_bug.cgi?id=2293371", "https://bugzilla.redhat.com/show_bug.cgi?id=2293383", "https://bugzilla.redhat.com/show_bug.cgi?id=2293418", "https://bugzilla.redhat.com/show_bug.cgi?id=2293420", "https://bugzilla.redhat.com/show_bug.cgi?id=2293444", "https://bugzilla.redhat.com/show_bug.cgi?id=2293461", "https://bugzilla.redhat.com/show_bug.cgi?id=2293653", "https://bugzilla.redhat.com/show_bug.cgi?id=2293657", "https://bugzilla.redhat.com/show_bug.cgi?id=2293684", "https://bugzilla.redhat.com/show_bug.cgi?id=2293687", "https://bugzilla.redhat.com/show_bug.cgi?id=2293700", "https://bugzilla.redhat.com/show_bug.cgi?id=2293711", "https://bugzilla.redhat.com/show_bug.cgi?id=2294274", "https://bugzilla.redhat.com/show_bug.cgi?id=2295914", "https://bugzilla.redhat.com/show_bug.cgi?id=2296067", "https://bugzilla.redhat.com/show_bug.cgi?id=2297056", "https://bugzilla.redhat.com/show_bug.cgi?id=2297474", "https://bugzilla.redhat.com/show_bug.cgi?id=2297558", "https://bugzilla.redhat.com/show_bug.cgi?id=2298108", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974", "https://errata.almalinux.org/8/ALSA-2024-5102.html", "https://errata.rockylinux.org/RLSA-2024:5101", "https://git.kernel.org/linus/22d24a544b0d49bbcbd61c8c0eaf77d3c9297155 (6.9-rc3)", "https://git.kernel.org/stable/c/22d24a544b0d49bbcbd61c8c0eaf77d3c9297155", "https://git.kernel.org/stable/c/507d526a98c355e6f3fb2c47aacad44a69784bee", "https://git.kernel.org/stable/c/8a26198186e97ee5fc4b42fde82629cff8c75cd6", "https://git.kernel.org/stable/c/e1d38cde2b7b0fbd1c48082e7a98c37d750af59b", "https://linux.oracle.com/cve/CVE-2024-36917.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/2024053039-CVE-2024-36917-f9e3@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-36917", "https://ubuntu.com/security/notices/USN-6949-1", "https://ubuntu.com/security/notices/USN-6949-2", "https://ubuntu.com/security/notices/USN-6952-1", "https://ubuntu.com/security/notices/USN-6952-2", "https://ubuntu.com/security/notices/USN-6955-1", "https://www.cve.org/CVERecord?id=CVE-2024-36917" ], "PublishedDate": "2024-05-30T16:15:15.05Z", "LastModifiedDate": "2025-09-17T22:16:44.927Z" }, { "VulnerabilityID": "CVE-2024-36918", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-36918", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8ca5d1debbafc7d4334d13594558474d58ee837c5176e119c7f792514582783a", "Title": "kernel: bpf: Check bloom filter map value size", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Check bloom filter map value size\n\nThis patch adds a missing check to bloom filter creating, rejecting\nvalues above KMALLOC_MAX_SIZE. This brings the bloom map in line with\nmany other map types.\n\nThe lack of this protection can cause kernel crashes for value sizes\nthat overflow int's. Such a crash was caught by syzkaller. The next\npatch adds more guard-rails at a lower level.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "amazon": 2, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-36918", "https://git.kernel.org/linus/a8d89feba7e54e691ca7c4efc2a6264fa83f3687 (6.9-rc2)", "https://git.kernel.org/stable/c/608e13706c8b6c658a0646f09ebced74ec367f7c", "https://git.kernel.org/stable/c/a8d89feba7e54e691ca7c4efc2a6264fa83f3687", "https://git.kernel.org/stable/c/c418afb9bf23e2f2b76cb819601e4a5d9dbab42d", "https://git.kernel.org/stable/c/fa6995eeb62e74b5a1480c73fb7b420c270784d3", "https://lore.kernel.org/linux-cve-announce/2024053039-CVE-2024-36918-f8bc@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-36918", "https://ubuntu.com/security/notices/USN-6949-1", "https://ubuntu.com/security/notices/USN-6949-2", "https://ubuntu.com/security/notices/USN-6952-1", "https://ubuntu.com/security/notices/USN-6952-2", "https://ubuntu.com/security/notices/USN-6955-1", "https://www.cve.org/CVERecord?id=CVE-2024-36918" ], "PublishedDate": "2024-05-30T16:15:15.13Z", "LastModifiedDate": "2025-09-17T22:18:22.507Z" }, { "VulnerabilityID": "CVE-2024-36920", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-36920", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9e5e6bb09f64a598c3ccc1b9725057c9bc43e53465e2d536514fbfa9a010b393", "Title": "kernel: scsi: mpi3mr: Avoid memcpy field-spanning write WARNING", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Avoid memcpy field-spanning write WARNING\n\nWhen the \"storcli2 show\" command is executed for eHBA-9600, mpi3mr driver\nprints this WARNING message:\n\n memcpy: detected field-spanning write (size 128) of single field \"bsg_reply_buf-\u003ereply_buf\" at drivers/scsi/mpi3mr/mpi3mr_app.c:1658 (size 1)\n WARNING: CPU: 0 PID: 12760 at drivers/scsi/mpi3mr/mpi3mr_app.c:1658 mpi3mr_bsg_request+0x6b12/0x7f10 [mpi3mr]\n\nThe cause of the WARN is 128 bytes memcpy to the 1 byte size array \"__u8\nreplay_buf[1]\" in the struct mpi3mr_bsg_in_reply_buf. The array is intended\nto be a flexible length array, so the WARN is a false positive.\n\nTo suppress the WARN, remove the constant number '1' from the array\ndeclaration and clarify that it has flexible length. Also, adjust the\nmemory allocation size to match the change.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 3, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 1, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:7001", "https://access.redhat.com/security/cve/CVE-2024-36920", "https://bugzilla.redhat.com/2258012", "https://bugzilla.redhat.com/2258013", "https://bugzilla.redhat.com/2260038", "https://bugzilla.redhat.com/2265799", "https://bugzilla.redhat.com/2266358", "https://bugzilla.redhat.com/2266750", "https://bugzilla.redhat.com/2267036", "https://bugzilla.redhat.com/2267041", "https://bugzilla.redhat.com/2267795", "https://bugzilla.redhat.com/2267916", "https://bugzilla.redhat.com/2267925", "https://bugzilla.redhat.com/2268295", "https://bugzilla.redhat.com/2271648", "https://bugzilla.redhat.com/2271796", "https://bugzilla.redhat.com/2272793", "https://bugzilla.redhat.com/2273141", "https://bugzilla.redhat.com/2273148", "https://bugzilla.redhat.com/2273180", "https://bugzilla.redhat.com/2275661", "https://bugzilla.redhat.com/2275690", "https://bugzilla.redhat.com/2275742", "https://bugzilla.redhat.com/2277171", "https://bugzilla.redhat.com/2278220", "https://bugzilla.redhat.com/2278270", "https://bugzilla.redhat.com/2278447", "https://bugzilla.redhat.com/2281217", "https://bugzilla.redhat.com/2281317", "https://bugzilla.redhat.com/2281704", "https://bugzilla.redhat.com/2281720", "https://bugzilla.redhat.com/2281807", "https://bugzilla.redhat.com/2281847", "https://bugzilla.redhat.com/2282324", "https://bugzilla.redhat.com/2282345", "https://bugzilla.redhat.com/2282354", "https://bugzilla.redhat.com/2282355", "https://bugzilla.redhat.com/2282356", "https://bugzilla.redhat.com/2282357", "https://bugzilla.redhat.com/2282366", "https://bugzilla.redhat.com/2282401", "https://bugzilla.redhat.com/2282422", "https://bugzilla.redhat.com/2282440", "https://bugzilla.redhat.com/2282508", "https://bugzilla.redhat.com/2282511", "https://bugzilla.redhat.com/2282676", "https://bugzilla.redhat.com/2282757", "https://bugzilla.redhat.com/2282851", "https://bugzilla.redhat.com/2282890", "https://bugzilla.redhat.com/2282903", "https://bugzilla.redhat.com/2282918", "https://bugzilla.redhat.com/2283389", "https://bugzilla.redhat.com/2283424", "https://bugzilla.redhat.com/2284271", "https://bugzilla.redhat.com/2284515", "https://bugzilla.redhat.com/2284545", "https://bugzilla.redhat.com/2284596", "https://bugzilla.redhat.com/2284628", "https://bugzilla.redhat.com/2284634", "https://bugzilla.redhat.com/2293247", "https://bugzilla.redhat.com/2293270", "https://bugzilla.redhat.com/2293273", "https://bugzilla.redhat.com/2293304", "https://bugzilla.redhat.com/2293377", "https://bugzilla.redhat.com/2293408", "https://bugzilla.redhat.com/2293423", "https://bugzilla.redhat.com/2293440", "https://bugzilla.redhat.com/2293441", "https://bugzilla.redhat.com/2293658", "https://bugzilla.redhat.com/2294313", "https://bugzilla.redhat.com/2297471", "https://bugzilla.redhat.com/2297473", "https://bugzilla.redhat.com/2297478", "https://bugzilla.redhat.com/2297488", "https://bugzilla.redhat.com/2297495", "https://bugzilla.redhat.com/2297496", "https://bugzilla.redhat.com/2297513", "https://bugzilla.redhat.com/2297515", "https://bugzilla.redhat.com/2297525", "https://bugzilla.redhat.com/2297538", "https://bugzilla.redhat.com/2297542", "https://bugzilla.redhat.com/2297543", "https://bugzilla.redhat.com/2297544", "https://bugzilla.redhat.com/2297556", "https://bugzilla.redhat.com/2297561", "https://bugzilla.redhat.com/2297562", "https://bugzilla.redhat.com/2297572", "https://bugzilla.redhat.com/2297573", "https://bugzilla.redhat.com/2297579", "https://bugzilla.redhat.com/2297581", "https://bugzilla.redhat.com/2297582", "https://bugzilla.redhat.com/2297589", "https://bugzilla.redhat.com/2297706", "https://bugzilla.redhat.com/2297909", "https://bugzilla.redhat.com/2298079", "https://bugzilla.redhat.com/2298140", "https://bugzilla.redhat.com/2298177", "https://bugzilla.redhat.com/2298640", "https://bugzilla.redhat.com/2299240", "https://bugzilla.redhat.com/2299336", "https://bugzilla.redhat.com/2299452", "https://bugzilla.redhat.com/2300296", "https://bugzilla.redhat.com/2300297", "https://bugzilla.redhat.com/2300402", "https://bugzilla.redhat.com/2300407", "https://bugzilla.redhat.com/2300408", "https://bugzilla.redhat.com/2300409", "https://bugzilla.redhat.com/2300410", "https://bugzilla.redhat.com/2300414", "https://bugzilla.redhat.com/2300429", "https://bugzilla.redhat.com/2300430", "https://bugzilla.redhat.com/2300434", "https://bugzilla.redhat.com/2300448", "https://bugzilla.redhat.com/2300453", "https://bugzilla.redhat.com/2300492", "https://bugzilla.redhat.com/2300533", "https://bugzilla.redhat.com/2300552", "https://bugzilla.redhat.com/2300713", "https://bugzilla.redhat.com/2301477", "https://bugzilla.redhat.com/2301489", "https://bugzilla.redhat.com/2301496", "https://bugzilla.redhat.com/2301519", "https://bugzilla.redhat.com/2301522", "https://bugzilla.redhat.com/2301544", "https://bugzilla.redhat.com/2303077", "https://bugzilla.redhat.com/2303505", "https://bugzilla.redhat.com/2303506", "https://bugzilla.redhat.com/2303508", "https://bugzilla.redhat.com/2303514", "https://bugzilla.redhat.com/2305467", "https://bugzilla.redhat.com/2306365", "https://bugzilla.redhat.com/show_bug.cgi?id=2258012", "https://bugzilla.redhat.com/show_bug.cgi?id=2258013", "https://bugzilla.redhat.com/show_bug.cgi?id=2260038", "https://bugzilla.redhat.com/show_bug.cgi?id=2265799", "https://bugzilla.redhat.com/show_bug.cgi?id=2265838", "https://bugzilla.redhat.com/show_bug.cgi?id=2266358", "https://bugzilla.redhat.com/show_bug.cgi?id=2266750", "https://bugzilla.redhat.com/show_bug.cgi?id=2267036", "https://bugzilla.redhat.com/show_bug.cgi?id=2267041", "https://bugzilla.redhat.com/show_bug.cgi?id=2267795", "https://bugzilla.redhat.com/show_bug.cgi?id=2267916", "https://bugzilla.redhat.com/show_bug.cgi?id=2267925", "https://bugzilla.redhat.com/show_bug.cgi?id=2268295", "https://bugzilla.redhat.com/show_bug.cgi?id=2270103", "https://bugzilla.redhat.com/show_bug.cgi?id=2271648", "https://bugzilla.redhat.com/show_bug.cgi?id=2271796", "https://bugzilla.redhat.com/show_bug.cgi?id=2272793", "https://bugzilla.redhat.com/show_bug.cgi?id=2273141", "https://bugzilla.redhat.com/show_bug.cgi?id=2273148", "https://bugzilla.redhat.com/show_bug.cgi?id=2273180", "https://bugzilla.redhat.com/show_bug.cgi?id=2275558", "https://bugzilla.redhat.com/show_bug.cgi?id=2275661", "https://bugzilla.redhat.com/show_bug.cgi?id=2275690", "https://bugzilla.redhat.com/show_bug.cgi?id=2275742", "https://bugzilla.redhat.com/show_bug.cgi?id=2277171", "https://bugzilla.redhat.com/show_bug.cgi?id=2278220", "https://bugzilla.redhat.com/show_bug.cgi?id=2278270", "https://bugzilla.redhat.com/show_bug.cgi?id=2278447", "https://bugzilla.redhat.com/show_bug.cgi?id=2281217", "https://bugzilla.redhat.com/show_bug.cgi?id=2281317", "https://bugzilla.redhat.com/show_bug.cgi?id=2281704", "https://bugzilla.redhat.com/show_bug.cgi?id=2281720", "https://bugzilla.redhat.com/show_bug.cgi?id=2281807", "https://bugzilla.redhat.com/show_bug.cgi?id=2281847", "https://bugzilla.redhat.com/show_bug.cgi?id=2282324", "https://bugzilla.redhat.com/show_bug.cgi?id=2282345", "https://bugzilla.redhat.com/show_bug.cgi?id=2282354", "https://bugzilla.redhat.com/show_bug.cgi?id=2282355", "https://bugzilla.redhat.com/show_bug.cgi?id=2282356", "https://bugzilla.redhat.com/show_bug.cgi?id=2282357", "https://bugzilla.redhat.com/show_bug.cgi?id=2282366", "https://bugzilla.redhat.com/show_bug.cgi?id=2282401", "https://bugzilla.redhat.com/show_bug.cgi?id=2282422", "https://bugzilla.redhat.com/show_bug.cgi?id=2282440", "https://bugzilla.redhat.com/show_bug.cgi?id=2282508", "https://bugzilla.redhat.com/show_bug.cgi?id=2282511", "https://bugzilla.redhat.com/show_bug.cgi?id=2282648", "https://bugzilla.redhat.com/show_bug.cgi?id=2282669", "https://bugzilla.redhat.com/show_bug.cgi?id=2282676", "https://bugzilla.redhat.com/show_bug.cgi?id=2282757", "https://bugzilla.redhat.com/show_bug.cgi?id=2282764", "https://bugzilla.redhat.com/show_bug.cgi?id=2282851", "https://bugzilla.redhat.com/show_bug.cgi?id=2282890", "https://bugzilla.redhat.com/show_bug.cgi?id=2282903", "https://bugzilla.redhat.com/show_bug.cgi?id=2282918", "https://bugzilla.redhat.com/show_bug.cgi?id=2283389", "https://bugzilla.redhat.com/show_bug.cgi?id=2283424", "https://bugzilla.redhat.com/show_bug.cgi?id=2284271", "https://bugzilla.redhat.com/show_bug.cgi?id=2284511", "https://bugzilla.redhat.com/show_bug.cgi?id=2284515", "https://bugzilla.redhat.com/show_bug.cgi?id=2284545", "https://bugzilla.redhat.com/show_bug.cgi?id=2284596", "https://bugzilla.redhat.com/show_bug.cgi?id=2284628", "https://bugzilla.redhat.com/show_bug.cgi?id=2284630", "https://bugzilla.redhat.com/show_bug.cgi?id=2284634", "https://bugzilla.redhat.com/show_bug.cgi?id=2293247", "https://bugzilla.redhat.com/show_bug.cgi?id=2293270", "https://bugzilla.redhat.com/show_bug.cgi?id=2293273", "https://bugzilla.redhat.com/show_bug.cgi?id=2293304", "https://bugzilla.redhat.com/show_bug.cgi?id=2293377", "https://bugzilla.redhat.com/show_bug.cgi?id=2293408", "https://bugzilla.redhat.com/show_bug.cgi?id=2293414", "https://bugzilla.redhat.com/show_bug.cgi?id=2293423", "https://bugzilla.redhat.com/show_bug.cgi?id=2293440", "https://bugzilla.redhat.com/show_bug.cgi?id=2293441", "https://bugzilla.redhat.com/show_bug.cgi?id=2293658", "https://bugzilla.redhat.com/show_bug.cgi?id=2294313", "https://bugzilla.redhat.com/show_bug.cgi?id=2297471", "https://bugzilla.redhat.com/show_bug.cgi?id=2297473", "https://bugzilla.redhat.com/show_bug.cgi?id=2297478", "https://bugzilla.redhat.com/show_bug.cgi?id=2297488", "https://bugzilla.redhat.com/show_bug.cgi?id=2297495", "https://bugzilla.redhat.com/show_bug.cgi?id=2297496", "https://bugzilla.redhat.com/show_bug.cgi?id=2297513", "https://bugzilla.redhat.com/show_bug.cgi?id=2297515", "https://bugzilla.redhat.com/show_bug.cgi?id=2297525", "https://bugzilla.redhat.com/show_bug.cgi?id=2297538", "https://bugzilla.redhat.com/show_bug.cgi?id=2297542", "https://bugzilla.redhat.com/show_bug.cgi?id=2297543", "https://bugzilla.redhat.com/show_bug.cgi?id=2297544", "https://bugzilla.redhat.com/show_bug.cgi?id=2297556", "https://bugzilla.redhat.com/show_bug.cgi?id=2297561", "https://bugzilla.redhat.com/show_bug.cgi?id=2297562", "https://bugzilla.redhat.com/show_bug.cgi?id=2297572", "https://bugzilla.redhat.com/show_bug.cgi?id=2297573", "https://bugzilla.redhat.com/show_bug.cgi?id=2297579", "https://bugzilla.redhat.com/show_bug.cgi?id=2297581", "https://bugzilla.redhat.com/show_bug.cgi?id=2297582", "https://bugzilla.redhat.com/show_bug.cgi?id=2297589", "https://bugzilla.redhat.com/show_bug.cgi?id=2297706", "https://bugzilla.redhat.com/show_bug.cgi?id=2297909", "https://bugzilla.redhat.com/show_bug.cgi?id=2298079", "https://bugzilla.redhat.com/show_bug.cgi?id=2298140", "https://bugzilla.redhat.com/show_bug.cgi?id=2298177", "https://bugzilla.redhat.com/show_bug.cgi?id=2298640", "https://bugzilla.redhat.com/show_bug.cgi?id=2299240", "https://bugzilla.redhat.com/show_bug.cgi?id=2299336", "https://bugzilla.redhat.com/show_bug.cgi?id=2299452", "https://bugzilla.redhat.com/show_bug.cgi?id=2300296", "https://bugzilla.redhat.com/show_bug.cgi?id=2300297", "https://bugzilla.redhat.com/show_bug.cgi?id=2300381", "https://bugzilla.redhat.com/show_bug.cgi?id=2300402", "https://bugzilla.redhat.com/show_bug.cgi?id=2300407", "https://bugzilla.redhat.com/show_bug.cgi?id=2300408", "https://bugzilla.redhat.com/show_bug.cgi?id=2300409", "https://bugzilla.redhat.com/show_bug.cgi?id=2300410", "https://bugzilla.redhat.com/show_bug.cgi?id=2300414", "https://bugzilla.redhat.com/show_bug.cgi?id=2300429", "https://bugzilla.redhat.com/show_bug.cgi?id=2300430", "https://bugzilla.redhat.com/show_bug.cgi?id=2300434", "https://bugzilla.redhat.com/show_bug.cgi?id=2300439", "https://bugzilla.redhat.com/show_bug.cgi?id=2300440", "https://bugzilla.redhat.com/show_bug.cgi?id=2300448", "https://bugzilla.redhat.com/show_bug.cgi?id=2300453", "https://bugzilla.redhat.com/show_bug.cgi?id=2300492", "https://bugzilla.redhat.com/show_bug.cgi?id=2300533", "https://bugzilla.redhat.com/show_bug.cgi?id=2300552", "https://bugzilla.redhat.com/show_bug.cgi?id=2300709", "https://bugzilla.redhat.com/show_bug.cgi?id=2300713", "https://bugzilla.redhat.com/show_bug.cgi?id=2301477", "https://bugzilla.redhat.com/show_bug.cgi?id=2301489", "https://bugzilla.redhat.com/show_bug.cgi?id=2301496", "https://bugzilla.redhat.com/show_bug.cgi?id=2301519", "https://bugzilla.redhat.com/show_bug.cgi?id=2301522", "https://bugzilla.redhat.com/show_bug.cgi?id=2301543", "https://bugzilla.redhat.com/show_bug.cgi?id=2301544", "https://bugzilla.redhat.com/show_bug.cgi?id=2303077", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46984", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47101", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47287", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47289", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47338", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47352", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47383", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47384", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47385", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47386", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47393", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47412", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47432", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47441", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47455", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47466", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47497", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47527", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47560", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47582", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47609", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48619", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48754", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48760", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48804", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48836", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48866", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49316", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52470", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52476", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52478", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52522", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52605", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52683", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52798", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52800", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52817", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52840", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6040", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23848", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26595", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26638", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26645", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26649", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26665", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26717", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26720", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26769", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26846", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26855", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26880", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26894", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26923", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26939", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27013", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27042", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35877", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35884", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35944", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36883", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36901", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36902", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36919", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36920", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36922", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36939", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36953", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37356", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38558", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38559", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38570", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38579", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38581", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38619", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39471", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39499", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39501", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39506", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40901", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40904", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40911", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40912", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40929", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40931", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40941", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40954", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40958", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40959", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40960", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40972", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40977", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40978", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40988", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40995", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40997", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40998", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41005", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41007", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41008", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41012", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41013", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41023", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41035", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41038", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41039", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41040", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41041", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41044", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41055", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41060", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41065", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41071", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41076", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41090", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41091", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42084", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42090", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42094", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42096", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42114", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42124", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42131", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42152", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42154", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42225", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42226", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42228", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42237", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42238", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42240", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42246", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42265", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43830", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43871", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45026", "https://errata.almalinux.org/8/ALSA-2024-7001.html", "https://errata.rockylinux.org/RLSA-2024:7000", "https://git.kernel.org/linus/429846b4b6ce9853e0d803a2357bb2e55083adf0 (6.9-rc2)", "https://git.kernel.org/stable/c/429846b4b6ce9853e0d803a2357bb2e55083adf0", "https://git.kernel.org/stable/c/4d2772324f43cf5674ac3dbe3f74a7e656396716", "https://git.kernel.org/stable/c/5f0266044dc611563539705bff0b3e1545fbb6aa", "https://git.kernel.org/stable/c/f09318244c6cafd10aca741b9c01e0a2c362d43a", "https://linux.oracle.com/cve/CVE-2024-36920.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/2024053039-CVE-2024-36920-b4a7@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-36920", "https://ubuntu.com/security/notices/USN-6949-1", "https://ubuntu.com/security/notices/USN-6949-2", "https://ubuntu.com/security/notices/USN-6952-1", "https://ubuntu.com/security/notices/USN-6952-2", "https://ubuntu.com/security/notices/USN-6955-1", "https://www.cve.org/CVERecord?id=CVE-2024-36920" ], "PublishedDate": "2024-05-30T16:15:15.303Z", "LastModifiedDate": "2025-10-01T13:53:19.437Z" }, { "VulnerabilityID": "CVE-2024-36921", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-36921", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0ac5aa37ffdbdfe69a9d1827b5da1cc6d834d5554f3ba18c029d2c1e3d4fbdbe", "Title": "kernel: wifi: iwlwifi: mvm: guard against invalid STA ID on removal", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: guard against invalid STA ID on removal\n\nGuard against invalid station IDs in iwl_mvm_mld_rm_sta_id as that would\nresult in out-of-bounds array accesses. This prevents issues should the\ndriver get into a bad state during error handling.", "Severity": "MEDIUM", "CweIDs": [ "CWE-129" ], "VendorSeverity": { "alma": 3, "nvd": 3, "oracle-oval": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:5363", "https://access.redhat.com/security/cve/CVE-2024-36921", "https://bugzilla.redhat.com/2265838", "https://bugzilla.redhat.com/2273405", "https://bugzilla.redhat.com/2275600", "https://bugzilla.redhat.com/2275655", "https://bugzilla.redhat.com/2275715", "https://bugzilla.redhat.com/2275748", "https://bugzilla.redhat.com/2278380", "https://bugzilla.redhat.com/2278417", "https://bugzilla.redhat.com/2278429", "https://bugzilla.redhat.com/2278519", "https://bugzilla.redhat.com/2278989", "https://bugzilla.redhat.com/2281057", "https://bugzilla.redhat.com/2281097", "https://bugzilla.redhat.com/2281133", "https://bugzilla.redhat.com/2281190", "https://bugzilla.redhat.com/2281237", "https://bugzilla.redhat.com/2281257", "https://bugzilla.redhat.com/2281265", "https://bugzilla.redhat.com/2281272", "https://bugzilla.redhat.com/2281639", "https://bugzilla.redhat.com/2281667", "https://bugzilla.redhat.com/2281821", "https://bugzilla.redhat.com/2281900", "https://bugzilla.redhat.com/2281949", "https://bugzilla.redhat.com/2282719", "https://bugzilla.redhat.com/2284400", "https://bugzilla.redhat.com/2284417", "https://bugzilla.redhat.com/2284474", "https://bugzilla.redhat.com/2284496", "https://bugzilla.redhat.com/2284511", "https://bugzilla.redhat.com/2284513", "https://bugzilla.redhat.com/2284543", "https://bugzilla.redhat.com/2292331", "https://bugzilla.redhat.com/2293208", "https://bugzilla.redhat.com/2293418", "https://bugzilla.redhat.com/2293441", "https://bugzilla.redhat.com/2293657", "https://bugzilla.redhat.com/2293658", "https://bugzilla.redhat.com/2293686", "https://bugzilla.redhat.com/2293687", "https://bugzilla.redhat.com/2293688", "https://bugzilla.redhat.com/2297056", "https://bugzilla.redhat.com/2297512", "https://bugzilla.redhat.com/2297538", "https://bugzilla.redhat.com/2297542", "https://bugzilla.redhat.com/2297545", "https://bugzilla.redhat.com/show_bug.cgi?id=2265838", "https://bugzilla.redhat.com/show_bug.cgi?id=2273405", "https://bugzilla.redhat.com/show_bug.cgi?id=2275600", "https://bugzilla.redhat.com/show_bug.cgi?id=2275655", "https://bugzilla.redhat.com/show_bug.cgi?id=2275715", "https://bugzilla.redhat.com/show_bug.cgi?id=2275748", "https://bugzilla.redhat.com/show_bug.cgi?id=2278380", "https://bugzilla.redhat.com/show_bug.cgi?id=2278417", "https://bugzilla.redhat.com/show_bug.cgi?id=2278429", "https://bugzilla.redhat.com/show_bug.cgi?id=2278519", "https://bugzilla.redhat.com/show_bug.cgi?id=2278989", "https://bugzilla.redhat.com/show_bug.cgi?id=2281057", "https://bugzilla.redhat.com/show_bug.cgi?id=2281097", "https://bugzilla.redhat.com/show_bug.cgi?id=2281133", "https://bugzilla.redhat.com/show_bug.cgi?id=2281190", "https://bugzilla.redhat.com/show_bug.cgi?id=2281237", "https://bugzilla.redhat.com/show_bug.cgi?id=2281257", "https://bugzilla.redhat.com/show_bug.cgi?id=2281265", "https://bugzilla.redhat.com/show_bug.cgi?id=2281272", "https://bugzilla.redhat.com/show_bug.cgi?id=2281639", "https://bugzilla.redhat.com/show_bug.cgi?id=2281667", "https://bugzilla.redhat.com/show_bug.cgi?id=2281821", "https://bugzilla.redhat.com/show_bug.cgi?id=2281900", "https://bugzilla.redhat.com/show_bug.cgi?id=2281949", "https://bugzilla.redhat.com/show_bug.cgi?id=2282719", "https://bugzilla.redhat.com/show_bug.cgi?id=2284400", "https://bugzilla.redhat.com/show_bug.cgi?id=2284417", "https://bugzilla.redhat.com/show_bug.cgi?id=2284474", "https://bugzilla.redhat.com/show_bug.cgi?id=2284496", "https://bugzilla.redhat.com/show_bug.cgi?id=2284511", "https://bugzilla.redhat.com/show_bug.cgi?id=2284513", "https://bugzilla.redhat.com/show_bug.cgi?id=2284543", "https://bugzilla.redhat.com/show_bug.cgi?id=2292331", "https://bugzilla.redhat.com/show_bug.cgi?id=2293208", "https://bugzilla.redhat.com/show_bug.cgi?id=2293418", "https://bugzilla.redhat.com/show_bug.cgi?id=2293441", "https://bugzilla.redhat.com/show_bug.cgi?id=2293657", "https://bugzilla.redhat.com/show_bug.cgi?id=2293658", "https://bugzilla.redhat.com/show_bug.cgi?id=2293686", "https://bugzilla.redhat.com/show_bug.cgi?id=2293687", "https://bugzilla.redhat.com/show_bug.cgi?id=2293688", "https://bugzilla.redhat.com/show_bug.cgi?id=2297056", "https://bugzilla.redhat.com/show_bug.cgi?id=2297512", "https://bugzilla.redhat.com/show_bug.cgi?id=2297538", "https://bugzilla.redhat.com/show_bug.cgi?id=2297542", "https://bugzilla.redhat.com/show_bug.cgi?id=2297545", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47606", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52651", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26808", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26828", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26868", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26897", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27049", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27052", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27417", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35789", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35800", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35845", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35848", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35852", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35911", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35969", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36903", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36922", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37353", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37356", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38391", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38558", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40928", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40954", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40958", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40961", "https://errata.almalinux.org/9/ALSA-2024-5363.html", "https://errata.rockylinux.org/RLSA-2024:5363", "https://git.kernel.org/linus/17f64517bf5c26af56b6c3566273aad6646c3c4f (6.9-rc2)", "https://git.kernel.org/stable/c/17f64517bf5c26af56b6c3566273aad6646c3c4f", "https://git.kernel.org/stable/c/94f80a8ec15e238b78521f20f8afaed60521a294", "https://git.kernel.org/stable/c/fab21d220017daa5fd8a3d788ff25ccfecfaae2f", "https://linux.oracle.com/cve/CVE-2024-36921.html", "https://linux.oracle.com/errata/ELSA-2024-5363.html", "https://lore.kernel.org/linux-cve-announce/2024053039-CVE-2024-36921-9f90@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-36921", "https://ubuntu.com/security/notices/USN-6949-1", "https://ubuntu.com/security/notices/USN-6949-2", "https://ubuntu.com/security/notices/USN-6952-1", "https://ubuntu.com/security/notices/USN-6952-2", "https://ubuntu.com/security/notices/USN-6955-1", "https://www.cve.org/CVERecord?id=CVE-2024-36921" ], "PublishedDate": "2024-05-30T16:15:15.397Z", "LastModifiedDate": "2025-03-01T02:47:59.063Z" }, { "VulnerabilityID": "CVE-2024-36922", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-36922", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:888ed2b2c44238a4910b98ee048e91914df7ec0fccb9b6b6d926d15a8eaf694b", "Title": "kernel: wifi: iwlwifi: read txq-\u0026gt;read_ptr under lock", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: read txq-\u003eread_ptr under lock\n\nIf we read txq-\u003eread_ptr without lock, we can read the same\nvalue twice, then obtain the lock, and reclaim from there\nto two different places, but crucially reclaim the same\nentry twice, resulting in the WARN_ONCE() a little later.\nFix that by reading txq-\u003eread_ptr under lock.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 3, "nvd": 2, "oracle-oval": 3, "redhat": 1, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:5363", "https://access.redhat.com/security/cve/CVE-2024-36922", "https://bugzilla.redhat.com/2265838", "https://bugzilla.redhat.com/2273405", "https://bugzilla.redhat.com/2275600", "https://bugzilla.redhat.com/2275655", "https://bugzilla.redhat.com/2275715", "https://bugzilla.redhat.com/2275748", "https://bugzilla.redhat.com/2278380", "https://bugzilla.redhat.com/2278417", "https://bugzilla.redhat.com/2278429", "https://bugzilla.redhat.com/2278519", "https://bugzilla.redhat.com/2278989", "https://bugzilla.redhat.com/2281057", "https://bugzilla.redhat.com/2281097", "https://bugzilla.redhat.com/2281133", "https://bugzilla.redhat.com/2281190", "https://bugzilla.redhat.com/2281237", "https://bugzilla.redhat.com/2281257", "https://bugzilla.redhat.com/2281265", "https://bugzilla.redhat.com/2281272", "https://bugzilla.redhat.com/2281639", "https://bugzilla.redhat.com/2281667", "https://bugzilla.redhat.com/2281821", "https://bugzilla.redhat.com/2281900", "https://bugzilla.redhat.com/2281949", "https://bugzilla.redhat.com/2282719", "https://bugzilla.redhat.com/2284400", "https://bugzilla.redhat.com/2284417", "https://bugzilla.redhat.com/2284474", "https://bugzilla.redhat.com/2284496", "https://bugzilla.redhat.com/2284511", "https://bugzilla.redhat.com/2284513", "https://bugzilla.redhat.com/2284543", "https://bugzilla.redhat.com/2292331", "https://bugzilla.redhat.com/2293208", "https://bugzilla.redhat.com/2293418", "https://bugzilla.redhat.com/2293441", "https://bugzilla.redhat.com/2293657", "https://bugzilla.redhat.com/2293658", "https://bugzilla.redhat.com/2293686", "https://bugzilla.redhat.com/2293687", "https://bugzilla.redhat.com/2293688", "https://bugzilla.redhat.com/2297056", "https://bugzilla.redhat.com/2297512", "https://bugzilla.redhat.com/2297538", "https://bugzilla.redhat.com/2297542", "https://bugzilla.redhat.com/2297545", "https://bugzilla.redhat.com/show_bug.cgi?id=2265838", "https://bugzilla.redhat.com/show_bug.cgi?id=2273405", "https://bugzilla.redhat.com/show_bug.cgi?id=2275600", "https://bugzilla.redhat.com/show_bug.cgi?id=2275655", "https://bugzilla.redhat.com/show_bug.cgi?id=2275715", "https://bugzilla.redhat.com/show_bug.cgi?id=2275748", "https://bugzilla.redhat.com/show_bug.cgi?id=2278380", "https://bugzilla.redhat.com/show_bug.cgi?id=2278417", "https://bugzilla.redhat.com/show_bug.cgi?id=2278429", "https://bugzilla.redhat.com/show_bug.cgi?id=2278519", "https://bugzilla.redhat.com/show_bug.cgi?id=2278989", "https://bugzilla.redhat.com/show_bug.cgi?id=2281057", "https://bugzilla.redhat.com/show_bug.cgi?id=2281097", "https://bugzilla.redhat.com/show_bug.cgi?id=2281133", "https://bugzilla.redhat.com/show_bug.cgi?id=2281190", "https://bugzilla.redhat.com/show_bug.cgi?id=2281237", "https://bugzilla.redhat.com/show_bug.cgi?id=2281257", "https://bugzilla.redhat.com/show_bug.cgi?id=2281265", "https://bugzilla.redhat.com/show_bug.cgi?id=2281272", "https://bugzilla.redhat.com/show_bug.cgi?id=2281639", "https://bugzilla.redhat.com/show_bug.cgi?id=2281667", "https://bugzilla.redhat.com/show_bug.cgi?id=2281821", "https://bugzilla.redhat.com/show_bug.cgi?id=2281900", "https://bugzilla.redhat.com/show_bug.cgi?id=2281949", "https://bugzilla.redhat.com/show_bug.cgi?id=2282719", "https://bugzilla.redhat.com/show_bug.cgi?id=2284400", "https://bugzilla.redhat.com/show_bug.cgi?id=2284417", "https://bugzilla.redhat.com/show_bug.cgi?id=2284474", "https://bugzilla.redhat.com/show_bug.cgi?id=2284496", "https://bugzilla.redhat.com/show_bug.cgi?id=2284511", "https://bugzilla.redhat.com/show_bug.cgi?id=2284513", "https://bugzilla.redhat.com/show_bug.cgi?id=2284543", "https://bugzilla.redhat.com/show_bug.cgi?id=2292331", "https://bugzilla.redhat.com/show_bug.cgi?id=2293208", "https://bugzilla.redhat.com/show_bug.cgi?id=2293418", "https://bugzilla.redhat.com/show_bug.cgi?id=2293441", "https://bugzilla.redhat.com/show_bug.cgi?id=2293657", "https://bugzilla.redhat.com/show_bug.cgi?id=2293658", "https://bugzilla.redhat.com/show_bug.cgi?id=2293686", "https://bugzilla.redhat.com/show_bug.cgi?id=2293687", "https://bugzilla.redhat.com/show_bug.cgi?id=2293688", "https://bugzilla.redhat.com/show_bug.cgi?id=2297056", "https://bugzilla.redhat.com/show_bug.cgi?id=2297512", "https://bugzilla.redhat.com/show_bug.cgi?id=2297538", "https://bugzilla.redhat.com/show_bug.cgi?id=2297542", "https://bugzilla.redhat.com/show_bug.cgi?id=2297545", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47606", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52651", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26808", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26828", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26868", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26897", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27049", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27052", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27417", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35789", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35800", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35845", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35848", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35852", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35911", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35969", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36903", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36922", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37353", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37356", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38391", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38558", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40928", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40954", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40958", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40961", "https://errata.almalinux.org/9/ALSA-2024-5363.html", "https://errata.rockylinux.org/RLSA-2024:5363", "https://git.kernel.org/linus/c2ace6300600c634553657785dfe5ea0ed688ac2 (6.9-rc2)", "https://git.kernel.org/stable/c/43d07103df670484cdd26f9588eabef80f69db89", "https://git.kernel.org/stable/c/b83db8e756dec68a950ed2f056248b1704b3deaa", "https://git.kernel.org/stable/c/c2ace6300600c634553657785dfe5ea0ed688ac2", "https://linux.oracle.com/cve/CVE-2024-36922.html", "https://linux.oracle.com/errata/ELSA-2024-7000.html", "https://lore.kernel.org/linux-cve-announce/2024053039-CVE-2024-36922-f0df@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-36922", "https://ubuntu.com/security/notices/USN-6949-1", "https://ubuntu.com/security/notices/USN-6949-2", "https://ubuntu.com/security/notices/USN-6952-1", "https://ubuntu.com/security/notices/USN-6952-2", "https://ubuntu.com/security/notices/USN-6955-1", "https://www.cve.org/CVERecord?id=CVE-2024-36922" ], "PublishedDate": "2024-05-30T16:15:15.47Z", "LastModifiedDate": "2025-10-01T13:52:14.343Z" }, { "VulnerabilityID": "CVE-2024-36924", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-36924", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:77de075494521d6bab30eec05082688ad86d5867203504cfad293db8270a6978", "Title": "kernel: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Release hbalock before calling lpfc_worker_wake_up()\n\nlpfc_worker_wake_up() calls the lpfc_work_done() routine, which takes the\nhbalock. Thus, lpfc_worker_wake_up() should not be called while holding the\nhbalock to avoid potential deadlock.", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "alma": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:4928", "https://access.redhat.com/security/cve/CVE-2024-36924", "https://bugzilla.redhat.com/2265794", "https://bugzilla.redhat.com/2273236", "https://bugzilla.redhat.com/2273274", "https://bugzilla.redhat.com/2275690", "https://bugzilla.redhat.com/2275761", "https://bugzilla.redhat.com/2278337", "https://bugzilla.redhat.com/2278435", "https://bugzilla.redhat.com/2278473", "https://bugzilla.redhat.com/2281247", "https://bugzilla.redhat.com/2281647", "https://bugzilla.redhat.com/2281700", "https://bugzilla.redhat.com/2282669", "https://bugzilla.redhat.com/2282898", "https://bugzilla.redhat.com/2284506", "https://bugzilla.redhat.com/2284598", "https://bugzilla.redhat.com/2293316", "https://bugzilla.redhat.com/2293412", "https://bugzilla.redhat.com/show_bug.cgi?id=2265794", "https://bugzilla.redhat.com/show_bug.cgi?id=2273236", "https://bugzilla.redhat.com/show_bug.cgi?id=2273274", "https://bugzilla.redhat.com/show_bug.cgi?id=2275690", "https://bugzilla.redhat.com/show_bug.cgi?id=2275761", "https://bugzilla.redhat.com/show_bug.cgi?id=2278337", "https://bugzilla.redhat.com/show_bug.cgi?id=2278435", "https://bugzilla.redhat.com/show_bug.cgi?id=2278473", "https://bugzilla.redhat.com/show_bug.cgi?id=2281247", "https://bugzilla.redhat.com/show_bug.cgi?id=2281647", "https://bugzilla.redhat.com/show_bug.cgi?id=2281700", "https://bugzilla.redhat.com/show_bug.cgi?id=2282669", "https://bugzilla.redhat.com/show_bug.cgi?id=2282898", "https://bugzilla.redhat.com/show_bug.cgi?id=2284506", "https://bugzilla.redhat.com/show_bug.cgi?id=2284598", "https://bugzilla.redhat.com/show_bug.cgi?id=2293316", "https://bugzilla.redhat.com/show_bug.cgi?id=2293412", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47459", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52458", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26737", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26880", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26982", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27030", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27046", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35857", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35885", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35907", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36924", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36952", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38580", "https://errata.almalinux.org/9/ALSA-2024-4928.html", "https://errata.rockylinux.org/RLSA-2024:4928", "https://git.kernel.org/linus/ded20192dff31c91cef2a04f7e20e60e9bb887d3 (6.9-rc2)", "https://git.kernel.org/stable/c/6503c39398506cadda9f4c81695a9655ca5fb4fd", "https://git.kernel.org/stable/c/ded20192dff31c91cef2a04f7e20e60e9bb887d3", "https://git.kernel.org/stable/c/e8bf2c05e8ad68e90f9d5889a9e4ef3f6fe00683", "https://git.kernel.org/stable/c/ee833d7e62de2b84ed1332d501b67f12e7e5678f", "https://linux.oracle.com/cve/CVE-2024-36924.html", "https://linux.oracle.com/errata/ELSA-2024-4928.html", "https://lore.kernel.org/linux-cve-announce/2024053040-CVE-2024-36924-6326@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-36924", "https://ubuntu.com/security/notices/USN-6949-1", "https://ubuntu.com/security/notices/USN-6949-2", "https://ubuntu.com/security/notices/USN-6952-1", "https://ubuntu.com/security/notices/USN-6952-2", "https://ubuntu.com/security/notices/USN-6955-1", "https://www.cve.org/CVERecord?id=CVE-2024-36924" ], "PublishedDate": "2024-05-30T16:15:15.723Z", "LastModifiedDate": "2025-01-10T18:29:03.477Z" }, { "VulnerabilityID": "CVE-2024-36927", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-36927", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a3ec0fde00bef1bca4722364c019acfaba8af0219ad2d32e8631e30710247d96", "Title": "kernel: ipv4: Fix uninit-value access in __ip_make_skb()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: Fix uninit-value access in __ip_make_skb()\n\nKMSAN reported uninit-value access in __ip_make_skb() [1]. __ip_make_skb()\ntests HDRINCL to know if the skb has icmphdr. However, HDRINCL can cause a\nrace condition. If calling setsockopt(2) with IP_HDRINCL changes HDRINCL\nwhile __ip_make_skb() is running, the function will access icmphdr in the\nskb even if it is not included. This causes the issue reported by KMSAN.\n\nCheck FLOWI_FLAG_KNOWN_NH on fl4-\u003eflowi4_flags instead of testing HDRINCL\non the socket.\n\nAlso, fl4-\u003efl4_icmp_type and fl4-\u003efl4_icmp_code are not initialized. These\nare union in struct flowi4 and are implicitly initialized by\nflowi4_init_output(), but we should not rely on specific union layout.\n\nInitialize these explicitly in raw_sendmsg().\n\n[1]\nBUG: KMSAN: uninit-value in __ip_make_skb+0x2b74/0x2d20 net/ipv4/ip_output.c:1481\n __ip_make_skb+0x2b74/0x2d20 net/ipv4/ip_output.c:1481\n ip_finish_skb include/net/ip.h:243 [inline]\n ip_push_pending_frames+0x4c/0x5c0 net/ipv4/ip_output.c:1508\n raw_sendmsg+0x2381/0x2690 net/ipv4/raw.c:654\n inet_sendmsg+0x27b/0x2a0 net/ipv4/af_inet.c:851\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x274/0x3c0 net/socket.c:745\n __sys_sendto+0x62c/0x7b0 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x130/0x200 net/socket.c:2199\n do_syscall_64+0xd8/0x1f0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:3804 [inline]\n slab_alloc_node mm/slub.c:3845 [inline]\n kmem_cache_alloc_node+0x5f6/0xc50 mm/slub.c:3888\n kmalloc_reserve+0x13c/0x4a0 net/core/skbuff.c:577\n __alloc_skb+0x35a/0x7c0 net/core/skbuff.c:668\n alloc_skb include/linux/skbuff.h:1318 [inline]\n __ip_append_data+0x49ab/0x68c0 net/ipv4/ip_output.c:1128\n ip_append_data+0x1e7/0x260 net/ipv4/ip_output.c:1365\n raw_sendmsg+0x22b1/0x2690 net/ipv4/raw.c:648\n inet_sendmsg+0x27b/0x2a0 net/ipv4/af_inet.c:851\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x274/0x3c0 net/socket.c:745\n __sys_sendto+0x62c/0x7b0 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x130/0x200 net/socket.c:2199\n do_syscall_64+0xd8/0x1f0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nCPU: 1 PID: 15709 Comm: syz-executor.7 Not tainted 6.8.0-11567-gb3603fcb79b1 #25\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-1.fc39 04/01/2014", "Severity": "MEDIUM", "CweIDs": [ "CWE-362", "CWE-908" ], "VendorSeverity": { "alma": 3, "amazon": 3, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:5102", "https://access.redhat.com/security/cve/CVE-2024-36927", "https://bugzilla.redhat.com/2263879", "https://bugzilla.redhat.com/2265645", "https://bugzilla.redhat.com/2265797", "https://bugzilla.redhat.com/2266341", "https://bugzilla.redhat.com/2266347", "https://bugzilla.redhat.com/2266497", "https://bugzilla.redhat.com/2267787", "https://bugzilla.redhat.com/2268118", "https://bugzilla.redhat.com/2269070", "https://bugzilla.redhat.com/2269211", "https://bugzilla.redhat.com/2270084", "https://bugzilla.redhat.com/2270100", "https://bugzilla.redhat.com/2271686", "https://bugzilla.redhat.com/2271688", "https://bugzilla.redhat.com/2272782", "https://bugzilla.redhat.com/2272795", "https://bugzilla.redhat.com/2273109", "https://bugzilla.redhat.com/2273174", "https://bugzilla.redhat.com/2273236", "https://bugzilla.redhat.com/2273242", "https://bugzilla.redhat.com/2273247", "https://bugzilla.redhat.com/2273268", "https://bugzilla.redhat.com/2273427", "https://bugzilla.redhat.com/2273654", "https://bugzilla.redhat.com/2275565", "https://bugzilla.redhat.com/2275573", "https://bugzilla.redhat.com/2275580", "https://bugzilla.redhat.com/2275694", "https://bugzilla.redhat.com/2275711", "https://bugzilla.redhat.com/2275748", "https://bugzilla.redhat.com/2275761", "https://bugzilla.redhat.com/2275928", "https://bugzilla.redhat.com/2277166", "https://bugzilla.redhat.com/2277238", "https://bugzilla.redhat.com/2277840", "https://bugzilla.redhat.com/2278176", "https://bugzilla.redhat.com/2278178", "https://bugzilla.redhat.com/2278182", "https://bugzilla.redhat.com/2278218", "https://bugzilla.redhat.com/2278256", "https://bugzilla.redhat.com/2278258", "https://bugzilla.redhat.com/2278277", "https://bugzilla.redhat.com/2278279", "https://bugzilla.redhat.com/2278380", "https://bugzilla.redhat.com/2278484", "https://bugzilla.redhat.com/2278515", "https://bugzilla.redhat.com/2278535", "https://bugzilla.redhat.com/2278539", "https://bugzilla.redhat.com/2278989", "https://bugzilla.redhat.com/2280440", "https://bugzilla.redhat.com/2281054", "https://bugzilla.redhat.com/2281133", "https://bugzilla.redhat.com/2281149", "https://bugzilla.redhat.com/2281207", "https://bugzilla.redhat.com/2281215", "https://bugzilla.redhat.com/2281221", "https://bugzilla.redhat.com/2281235", "https://bugzilla.redhat.com/2281268", "https://bugzilla.redhat.com/2281326", "https://bugzilla.redhat.com/2281360", "https://bugzilla.redhat.com/2281510", "https://bugzilla.redhat.com/2281519", "https://bugzilla.redhat.com/2281636", "https://bugzilla.redhat.com/2281641", "https://bugzilla.redhat.com/2281664", "https://bugzilla.redhat.com/2281667", "https://bugzilla.redhat.com/2281672", "https://bugzilla.redhat.com/2281675", "https://bugzilla.redhat.com/2281682", "https://bugzilla.redhat.com/2281725", "https://bugzilla.redhat.com/2281752", "https://bugzilla.redhat.com/2281758", "https://bugzilla.redhat.com/2281819", "https://bugzilla.redhat.com/2281821", "https://bugzilla.redhat.com/2281833", "https://bugzilla.redhat.com/2281938", "https://bugzilla.redhat.com/2281949", "https://bugzilla.redhat.com/2281968", "https://bugzilla.redhat.com/2281989", "https://bugzilla.redhat.com/2282328", "https://bugzilla.redhat.com/2282373", "https://bugzilla.redhat.com/2282479", "https://bugzilla.redhat.com/2282553", "https://bugzilla.redhat.com/2282615", "https://bugzilla.redhat.com/2282623", "https://bugzilla.redhat.com/2282640", "https://bugzilla.redhat.com/2282642", "https://bugzilla.redhat.com/2282645", "https://bugzilla.redhat.com/2282717", "https://bugzilla.redhat.com/2282719", "https://bugzilla.redhat.com/2282727", "https://bugzilla.redhat.com/2282742", "https://bugzilla.redhat.com/2282743", "https://bugzilla.redhat.com/2282744", "https://bugzilla.redhat.com/2282759", "https://bugzilla.redhat.com/2282763", "https://bugzilla.redhat.com/2282766", "https://bugzilla.redhat.com/2282772", "https://bugzilla.redhat.com/2282780", "https://bugzilla.redhat.com/2282887", "https://bugzilla.redhat.com/2282896", "https://bugzilla.redhat.com/2282923", "https://bugzilla.redhat.com/2282925", "https://bugzilla.redhat.com/2282950", "https://bugzilla.redhat.com/2283401", "https://bugzilla.redhat.com/2283894", "https://bugzilla.redhat.com/2284400", "https://bugzilla.redhat.com/2284417", "https://bugzilla.redhat.com/2284421", "https://bugzilla.redhat.com/2284474", "https://bugzilla.redhat.com/2284477", "https://bugzilla.redhat.com/2284488", "https://bugzilla.redhat.com/2284496", "https://bugzilla.redhat.com/2284500", "https://bugzilla.redhat.com/2284513", "https://bugzilla.redhat.com/2284519", "https://bugzilla.redhat.com/2284539", "https://bugzilla.redhat.com/2284541", "https://bugzilla.redhat.com/2284556", "https://bugzilla.redhat.com/2284571", "https://bugzilla.redhat.com/2284590", "https://bugzilla.redhat.com/2284625", "https://bugzilla.redhat.com/2290408", "https://bugzilla.redhat.com/2292331", "https://bugzilla.redhat.com/2293078", "https://bugzilla.redhat.com/2293250", "https://bugzilla.redhat.com/2293276", "https://bugzilla.redhat.com/2293312", "https://bugzilla.redhat.com/2293316", "https://bugzilla.redhat.com/2293348", "https://bugzilla.redhat.com/2293371", "https://bugzilla.redhat.com/2293383", "https://bugzilla.redhat.com/2293418", "https://bugzilla.redhat.com/2293420", "https://bugzilla.redhat.com/2293444", "https://bugzilla.redhat.com/2293461", "https://bugzilla.redhat.com/2293653", "https://bugzilla.redhat.com/2293657", "https://bugzilla.redhat.com/2293684", "https://bugzilla.redhat.com/2293687", "https://bugzilla.redhat.com/2293700", "https://bugzilla.redhat.com/2293711", "https://bugzilla.redhat.com/2294274", "https://bugzilla.redhat.com/2295914", "https://bugzilla.redhat.com/2296067", "https://bugzilla.redhat.com/2297056", "https://bugzilla.redhat.com/2297474", "https://bugzilla.redhat.com/2297511", "https://bugzilla.redhat.com/2298108", "https://bugzilla.redhat.com/show_bug.cgi?id=2263879", "https://bugzilla.redhat.com/show_bug.cgi?id=2265645", "https://bugzilla.redhat.com/show_bug.cgi?id=2265650", "https://bugzilla.redhat.com/show_bug.cgi?id=2265797", "https://bugzilla.redhat.com/show_bug.cgi?id=2266341", "https://bugzilla.redhat.com/show_bug.cgi?id=2266347", "https://bugzilla.redhat.com/show_bug.cgi?id=2266497", "https://bugzilla.redhat.com/show_bug.cgi?id=2266594", "https://bugzilla.redhat.com/show_bug.cgi?id=2267787", "https://bugzilla.redhat.com/show_bug.cgi?id=2268118", "https://bugzilla.redhat.com/show_bug.cgi?id=2269070", "https://bugzilla.redhat.com/show_bug.cgi?id=2269211", "https://bugzilla.redhat.com/show_bug.cgi?id=2270084", "https://bugzilla.redhat.com/show_bug.cgi?id=2270100", "https://bugzilla.redhat.com/show_bug.cgi?id=2270700", "https://bugzilla.redhat.com/show_bug.cgi?id=2271686", "https://bugzilla.redhat.com/show_bug.cgi?id=2271688", "https://bugzilla.redhat.com/show_bug.cgi?id=2272782", "https://bugzilla.redhat.com/show_bug.cgi?id=2272795", "https://bugzilla.redhat.com/show_bug.cgi?id=2273109", "https://bugzilla.redhat.com/show_bug.cgi?id=2273117", "https://bugzilla.redhat.com/show_bug.cgi?id=2273174", "https://bugzilla.redhat.com/show_bug.cgi?id=2273236", "https://bugzilla.redhat.com/show_bug.cgi?id=2273242", "https://bugzilla.redhat.com/show_bug.cgi?id=2273247", "https://bugzilla.redhat.com/show_bug.cgi?id=2273268", "https://bugzilla.redhat.com/show_bug.cgi?id=2273427", "https://bugzilla.redhat.com/show_bug.cgi?id=2273654", "https://bugzilla.redhat.com/show_bug.cgi?id=2275565", "https://bugzilla.redhat.com/show_bug.cgi?id=2275573", "https://bugzilla.redhat.com/show_bug.cgi?id=2275580", "https://bugzilla.redhat.com/show_bug.cgi?id=2275694", "https://bugzilla.redhat.com/show_bug.cgi?id=2275711", "https://bugzilla.redhat.com/show_bug.cgi?id=2275744", "https://bugzilla.redhat.com/show_bug.cgi?id=2275748", "https://bugzilla.redhat.com/show_bug.cgi?id=2275761", "https://bugzilla.redhat.com/show_bug.cgi?id=2275928", "https://bugzilla.redhat.com/show_bug.cgi?id=2277166", "https://bugzilla.redhat.com/show_bug.cgi?id=2277238", "https://bugzilla.redhat.com/show_bug.cgi?id=2277840", "https://bugzilla.redhat.com/show_bug.cgi?id=2278176", "https://bugzilla.redhat.com/show_bug.cgi?id=2278178", "https://bugzilla.redhat.com/show_bug.cgi?id=2278182", "https://bugzilla.redhat.com/show_bug.cgi?id=2278218", "https://bugzilla.redhat.com/show_bug.cgi?id=2278256", "https://bugzilla.redhat.com/show_bug.cgi?id=2278258", "https://bugzilla.redhat.com/show_bug.cgi?id=2278277", "https://bugzilla.redhat.com/show_bug.cgi?id=2278279", "https://bugzilla.redhat.com/show_bug.cgi?id=2278380", "https://bugzilla.redhat.com/show_bug.cgi?id=2278484", "https://bugzilla.redhat.com/show_bug.cgi?id=2278515", "https://bugzilla.redhat.com/show_bug.cgi?id=2278535", "https://bugzilla.redhat.com/show_bug.cgi?id=2278539", "https://bugzilla.redhat.com/show_bug.cgi?id=2278989", "https://bugzilla.redhat.com/show_bug.cgi?id=2280440", "https://bugzilla.redhat.com/show_bug.cgi?id=2281054", "https://bugzilla.redhat.com/show_bug.cgi?id=2281133", "https://bugzilla.redhat.com/show_bug.cgi?id=2281149", "https://bugzilla.redhat.com/show_bug.cgi?id=2281189", "https://bugzilla.redhat.com/show_bug.cgi?id=2281190", "https://bugzilla.redhat.com/show_bug.cgi?id=2281207", "https://bugzilla.redhat.com/show_bug.cgi?id=2281215", "https://bugzilla.redhat.com/show_bug.cgi?id=2281221", "https://bugzilla.redhat.com/show_bug.cgi?id=2281235", "https://bugzilla.redhat.com/show_bug.cgi?id=2281268", "https://bugzilla.redhat.com/show_bug.cgi?id=2281326", "https://bugzilla.redhat.com/show_bug.cgi?id=2281360", "https://bugzilla.redhat.com/show_bug.cgi?id=2281510", "https://bugzilla.redhat.com/show_bug.cgi?id=2281519", "https://bugzilla.redhat.com/show_bug.cgi?id=2281636", "https://bugzilla.redhat.com/show_bug.cgi?id=2281641", "https://bugzilla.redhat.com/show_bug.cgi?id=2281664", "https://bugzilla.redhat.com/show_bug.cgi?id=2281667", "https://bugzilla.redhat.com/show_bug.cgi?id=2281672", "https://bugzilla.redhat.com/show_bug.cgi?id=2281675", "https://bugzilla.redhat.com/show_bug.cgi?id=2281682", "https://bugzilla.redhat.com/show_bug.cgi?id=2281725", "https://bugzilla.redhat.com/show_bug.cgi?id=2281752", "https://bugzilla.redhat.com/show_bug.cgi?id=2281758", "https://bugzilla.redhat.com/show_bug.cgi?id=2281819", "https://bugzilla.redhat.com/show_bug.cgi?id=2281821", "https://bugzilla.redhat.com/show_bug.cgi?id=2281833", "https://bugzilla.redhat.com/show_bug.cgi?id=2281938", "https://bugzilla.redhat.com/show_bug.cgi?id=2281949", "https://bugzilla.redhat.com/show_bug.cgi?id=2281968", "https://bugzilla.redhat.com/show_bug.cgi?id=2281989", "https://bugzilla.redhat.com/show_bug.cgi?id=2282328", "https://bugzilla.redhat.com/show_bug.cgi?id=2282373", "https://bugzilla.redhat.com/show_bug.cgi?id=2282479", "https://bugzilla.redhat.com/show_bug.cgi?id=2282553", "https://bugzilla.redhat.com/show_bug.cgi?id=2282615", "https://bugzilla.redhat.com/show_bug.cgi?id=2282623", "https://bugzilla.redhat.com/show_bug.cgi?id=2282640", "https://bugzilla.redhat.com/show_bug.cgi?id=2282642", "https://bugzilla.redhat.com/show_bug.cgi?id=2282645", "https://bugzilla.redhat.com/show_bug.cgi?id=2282690", "https://bugzilla.redhat.com/show_bug.cgi?id=2282717", "https://bugzilla.redhat.com/show_bug.cgi?id=2282719", "https://bugzilla.redhat.com/show_bug.cgi?id=2282727", "https://bugzilla.redhat.com/show_bug.cgi?id=2282742", "https://bugzilla.redhat.com/show_bug.cgi?id=2282743", "https://bugzilla.redhat.com/show_bug.cgi?id=2282744", "https://bugzilla.redhat.com/show_bug.cgi?id=2282759", "https://bugzilla.redhat.com/show_bug.cgi?id=2282763", "https://bugzilla.redhat.com/show_bug.cgi?id=2282766", "https://bugzilla.redhat.com/show_bug.cgi?id=2282772", "https://bugzilla.redhat.com/show_bug.cgi?id=2282780", "https://bugzilla.redhat.com/show_bug.cgi?id=2282887", "https://bugzilla.redhat.com/show_bug.cgi?id=2282896", "https://bugzilla.redhat.com/show_bug.cgi?id=2282923", "https://bugzilla.redhat.com/show_bug.cgi?id=2282925", "https://bugzilla.redhat.com/show_bug.cgi?id=2282950", "https://bugzilla.redhat.com/show_bug.cgi?id=2283401", "https://bugzilla.redhat.com/show_bug.cgi?id=2283894", "https://bugzilla.redhat.com/show_bug.cgi?id=2284400", "https://bugzilla.redhat.com/show_bug.cgi?id=2284417", "https://bugzilla.redhat.com/show_bug.cgi?id=2284421", "https://bugzilla.redhat.com/show_bug.cgi?id=2284465", "https://bugzilla.redhat.com/show_bug.cgi?id=2284474", "https://bugzilla.redhat.com/show_bug.cgi?id=2284477", "https://bugzilla.redhat.com/show_bug.cgi?id=2284488", "https://bugzilla.redhat.com/show_bug.cgi?id=2284496", "https://bugzilla.redhat.com/show_bug.cgi?id=2284500", "https://bugzilla.redhat.com/show_bug.cgi?id=2284513", "https://bugzilla.redhat.com/show_bug.cgi?id=2284519", "https://bugzilla.redhat.com/show_bug.cgi?id=2284539", "https://bugzilla.redhat.com/show_bug.cgi?id=2284541", "https://bugzilla.redhat.com/show_bug.cgi?id=2284556", "https://bugzilla.redhat.com/show_bug.cgi?id=2284571", "https://bugzilla.redhat.com/show_bug.cgi?id=2284590", "https://bugzilla.redhat.com/show_bug.cgi?id=2284625", "https://bugzilla.redhat.com/show_bug.cgi?id=2290408", "https://bugzilla.redhat.com/show_bug.cgi?id=2292331", "https://bugzilla.redhat.com/show_bug.cgi?id=2293078", "https://bugzilla.redhat.com/show_bug.cgi?id=2293250", "https://bugzilla.redhat.com/show_bug.cgi?id=2293276", "https://bugzilla.redhat.com/show_bug.cgi?id=2293312", "https://bugzilla.redhat.com/show_bug.cgi?id=2293316", "https://bugzilla.redhat.com/show_bug.cgi?id=2293348", "https://bugzilla.redhat.com/show_bug.cgi?id=2293367", "https://bugzilla.redhat.com/show_bug.cgi?id=2293371", "https://bugzilla.redhat.com/show_bug.cgi?id=2293383", "https://bugzilla.redhat.com/show_bug.cgi?id=2293418", "https://bugzilla.redhat.com/show_bug.cgi?id=2293420", "https://bugzilla.redhat.com/show_bug.cgi?id=2293444", "https://bugzilla.redhat.com/show_bug.cgi?id=2293461", "https://bugzilla.redhat.com/show_bug.cgi?id=2293653", "https://bugzilla.redhat.com/show_bug.cgi?id=2293657", "https://bugzilla.redhat.com/show_bug.cgi?id=2293684", "https://bugzilla.redhat.com/show_bug.cgi?id=2293687", "https://bugzilla.redhat.com/show_bug.cgi?id=2293700", "https://bugzilla.redhat.com/show_bug.cgi?id=2293711", "https://bugzilla.redhat.com/show_bug.cgi?id=2294274", "https://bugzilla.redhat.com/show_bug.cgi?id=2295914", "https://bugzilla.redhat.com/show_bug.cgi?id=2296067", "https://bugzilla.redhat.com/show_bug.cgi?id=2297056", "https://bugzilla.redhat.com/show_bug.cgi?id=2297474", "https://bugzilla.redhat.com/show_bug.cgi?id=2297558", "https://bugzilla.redhat.com/show_bug.cgi?id=2298108", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974", "https://errata.almalinux.org/8/ALSA-2024-5102.html", "https://errata.rockylinux.org/RLSA-2024:5101", "https://git.kernel.org/linus/fc1092f51567277509563800a3c56732070b6aa4 (6.9-rc7)", "https://git.kernel.org/stable/c/20d3eb00ab81462d554ac6d09691b8d9aa5a5741", "https://git.kernel.org/stable/c/55bf541e018b76b3750cb6c6ea18c46e1ac5562e", "https://git.kernel.org/stable/c/5db08343ddb1b239320612036c398e4e1bb52818", "https://git.kernel.org/stable/c/88c66f1879f322f11de34d37b2d3d87497afdcb6", "https://git.kernel.org/stable/c/f5c603ad4e6fcf42f84053e882ebe20184bb309e", "https://git.kernel.org/stable/c/fc1092f51567277509563800a3c56732070b6aa4", "https://linux.oracle.com/cve/CVE-2024-36927.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html", "https://lore.kernel.org/linux-cve-announce/2024053040-CVE-2024-36927-976e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-36927", "https://ubuntu.com/security/notices/USN-6949-1", "https://ubuntu.com/security/notices/USN-6949-2", "https://ubuntu.com/security/notices/USN-6952-1", "https://ubuntu.com/security/notices/USN-6952-2", "https://ubuntu.com/security/notices/USN-6955-1", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2024-36927" ], "PublishedDate": "2024-05-30T16:15:15.957Z", "LastModifiedDate": "2026-01-19T13:16:06.94Z" }, { "VulnerabilityID": "CVE-2024-36948", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-36948", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c315bac2fb654f94b7a5d51d12fb985b817c3ffb5299f48c8311ca4c1f35aff2", "Title": "kernel: drm/xe/xe_migrate: Cast to output precision before multiplying operands", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/xe_migrate: Cast to output precision before multiplying operands\n\nAddressing potential overflow in result of multiplication of two lower\nprecision (u32) operands before widening it to higher precision\n(u64).\n\n-v2\nFix commit message and description. (Rodrigo)\n\n(cherry picked from commit 34820967ae7b45411f8f4f737c2d63b0c608e0d7)", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-36948", "https://git.kernel.org/linus/9cb46b31f3d08ed3fce86349e8c12f96d7c88717 (6.9-rc4)", "https://git.kernel.org/stable/c/9cb46b31f3d08ed3fce86349e8c12f96d7c88717", "https://git.kernel.org/stable/c/e23a904dfeb5a9e3d4ec527a365e962478cccf05", "https://nvd.nist.gov/vuln/detail/CVE-2024-36948", "https://ubuntu.com/security/notices/USN-6949-1", "https://ubuntu.com/security/notices/USN-6949-2", "https://ubuntu.com/security/notices/USN-6952-1", "https://ubuntu.com/security/notices/USN-6952-2", "https://ubuntu.com/security/notices/USN-6955-1", "https://www.cve.org/CVERecord?id=CVE-2024-36948" ], "PublishedDate": "2024-05-30T16:15:17.737Z", "LastModifiedDate": "2025-10-01T14:34:11.257Z" }, { "VulnerabilityID": "CVE-2024-36949", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-36949", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:de7bbb876c06699c9e2b4efb66c719778d4ad7b7c7d08bc2947265adadf9f217", "Title": "kernel: amd/amdkfd: sync all devices to wait all processes being evicted", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\namd/amdkfd: sync all devices to wait all processes being evicted\n\nIf there are more than one device doing reset in parallel, the first\ndevice will call kfd_suspend_all_processes() to evict all processes\non all devices, this call takes time to finish. other device will\nstart reset and recover without waiting. if the process has not been\nevicted before doing recover, it will be restored, then caused page\nfault.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-36949", "https://git.kernel.org/linus/d06af584be5a769d124b7302b32a033e9559761d (6.9-rc4)", "https://git.kernel.org/stable/c/b6f6626528fe724b512c34f3fb5946c36a135f58", "https://git.kernel.org/stable/c/d06af584be5a769d124b7302b32a033e9559761d", "https://git.kernel.org/stable/c/ed28ef3840bbf93a64376ea7814ce39f86352e14", "https://nvd.nist.gov/vuln/detail/CVE-2024-36949", "https://ubuntu.com/security/notices/USN-6949-1", "https://ubuntu.com/security/notices/USN-6949-2", "https://ubuntu.com/security/notices/USN-6952-1", "https://ubuntu.com/security/notices/USN-6952-2", "https://ubuntu.com/security/notices/USN-6955-1", "https://www.cve.org/CVERecord?id=CVE-2024-36949" ], "PublishedDate": "2024-05-30T16:15:17.93Z", "LastModifiedDate": "2025-10-01T14:17:41.07Z" }, { "VulnerabilityID": "CVE-2024-36951", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-36951", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4ea79d5e426c0a1f6f604a840e1a390c66cad8d009a2e8087c77b4371fb4fdda", "Title": "kernel: drm/amdkfd: range check cp bad op exception interrupts", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: range check cp bad op exception interrupts\n\nDue to a CP interrupt bug, bad packet garbage exception codes are raised.\nDo a range check so that the debugger and runtime do not receive garbage\ncodes.\nUpdate the user api to guard exception code type checking as well.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-36951", "https://git.kernel.org/linus/0cac183b98d8a8c692c98e8dba37df15a9e9210d (6.9-rc2)", "https://git.kernel.org/stable/c/0cac183b98d8a8c692c98e8dba37df15a9e9210d", "https://git.kernel.org/stable/c/41dc6791596656dd41100b85647ed489e1d5c2f2", "https://git.kernel.org/stable/c/b6735bfe941486c5dfc9c3085d2d75d4923f9449", "https://lore.kernel.org/linux-cve-announce/2024053040-CVE-2024-36951-d3cb@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-36951", "https://ubuntu.com/security/notices/USN-6949-1", "https://ubuntu.com/security/notices/USN-6949-2", "https://ubuntu.com/security/notices/USN-6952-1", "https://ubuntu.com/security/notices/USN-6952-2", "https://ubuntu.com/security/notices/USN-6955-1", "https://www.cve.org/CVERecord?id=CVE-2024-36951" ], "PublishedDate": "2024-05-30T16:15:18.08Z", "LastModifiedDate": "2025-10-01T14:12:00.6Z" }, { "VulnerabilityID": "CVE-2024-36966", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-36966", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:141fb30b75c27b90d9bac9eb1d2f1f429fc87f2f9b3fc7dbf02d119e9a4fd2a5", "Title": "kernel: erofs: reliably distinguish block based and fscache mode", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: reliably distinguish block based and fscache mode\n\nWhen erofs_kill_sb() is called in block dev based mode, s_bdev may not\nhave been initialised yet, and if CONFIG_EROFS_FS_ONDEMAND is enabled,\nit will be mistaken for fscache mode, and then attempt to free an anon_dev\nthat has never been allocated, triggering the following warning:\n\n============================================\nida_free called for id=0 which is not allocated.\nWARNING: CPU: 14 PID: 926 at lib/idr.c:525 ida_free+0x134/0x140\nModules linked in:\nCPU: 14 PID: 926 Comm: mount Not tainted 6.9.0-rc3-dirty #630\nRIP: 0010:ida_free+0x134/0x140\nCall Trace:\n \u003cTASK\u003e\n erofs_kill_sb+0x81/0x90\n deactivate_locked_super+0x35/0x80\n get_tree_bdev+0x136/0x1e0\n vfs_get_tree+0x2c/0xf0\n do_new_mount+0x190/0x2f0\n [...]\n============================================\n\nNow when erofs_kill_sb() is called, erofs_sb_info must have been\ninitialised, so use sbi-\u003efsid to distinguish between the two modes.", "Severity": "MEDIUM", "CweIDs": [ "CWE-824" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-36966", "https://git.kernel.org/linus/7af2ae1b1531feab5d38ec9c8f472dc6cceb4606 (6.9-rc7)", "https://git.kernel.org/stable/c/7af2ae1b1531feab5d38ec9c8f472dc6cceb4606", "https://git.kernel.org/stable/c/dcdd49701e429c55b3644fd70fc58d85745f8cfe", "https://git.kernel.org/stable/c/f9b877a7ee312ec8ce17598a7ef85cb820d7c371", "https://lore.kernel.org/linux-cve-announce/2024060804-CVE-2024-36966-8bbb@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-36966", "https://ubuntu.com/security/notices/USN-6949-1", "https://ubuntu.com/security/notices/USN-6949-2", "https://ubuntu.com/security/notices/USN-6952-1", "https://ubuntu.com/security/notices/USN-6952-2", "https://ubuntu.com/security/notices/USN-6955-1", "https://www.cve.org/CVERecord?id=CVE-2024-36966" ], "PublishedDate": "2024-06-08T13:15:57.917Z", "LastModifiedDate": "2025-10-01T14:43:52.947Z" }, { "VulnerabilityID": "CVE-2024-37021", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-37021", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5cff596ce3159add76edb7b0d1d4b4e51a9ef6bd01a59c43bcb67177e7142195", "Title": "kernel: fpga: manager: add owner module and take its refcount", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfpga: manager: add owner module and take its refcount\n\nThe current implementation of the fpga manager assumes that the low-level\nmodule registers a driver for the parent device and uses its owner pointer\nto take the module's refcount. This approach is problematic since it can\nlead to a null pointer dereference while attempting to get the manager if\nthe parent device does not have a driver.\n\nTo address this problem, add a module owner pointer to the fpga_manager\nstruct and use it to take the module's refcount. Modify the functions for\nregistering the manager to take an additional owner module parameter and\nrename them to avoid conflicts. Use the old function names for helper\nmacros that automatically set the module that registers the manager as the\nowner. This ensures compatibility with existing low-level control modules\nand reduces the chances of registering a manager without setting the owner.\n\nAlso, update the documentation to keep it consistent with the new interface\nfor registering an fpga manager.\n\nOther changes: opportunistically move put_device() from __fpga_mgr_get() to\nfpga_mgr_get() and of_fpga_mgr_get() to improve code clarity since the\nmanager device is taken in these functions.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-37021", "https://git.kernel.org/linus/4d4d2d4346857bf778fafaa97d6f76bb1663e3c9 (6.10-rc1)", "https://git.kernel.org/stable/c/2da62a139a6221a345db4eb9f4f1c4b0937c89ad", "https://git.kernel.org/stable/c/304f8032d601d4f9322ca841cd0b573bd1beb158", "https://git.kernel.org/stable/c/4d4d2d4346857bf778fafaa97d6f76bb1663e3c9", "https://git.kernel.org/stable/c/62ac496a01c9337a11362cea427038ba621ca9eb", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024062459-CVE-2024-37021-13d4@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-37021", "https://ubuntu.com/security/notices/USN-6999-1", "https://ubuntu.com/security/notices/USN-6999-2", "https://ubuntu.com/security/notices/USN-7004-1", "https://ubuntu.com/security/notices/USN-7005-1", "https://ubuntu.com/security/notices/USN-7005-2", "https://ubuntu.com/security/notices/USN-7008-1", "https://ubuntu.com/security/notices/USN-7029-1", "https://www.cve.org/CVERecord?id=CVE-2024-37021" ], "PublishedDate": "2024-06-24T14:15:12.237Z", "LastModifiedDate": "2025-11-03T21:16:13.86Z" }, { "VulnerabilityID": "CVE-2024-37354", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-37354", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:363d6f8c2f5fe34d8174991afc44bcdc7c1f038c360e5280570a32249d5c4a58", "Title": "kernel: btrfs: fix crash on racing fsync and size-extending write into prealloc", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix crash on racing fsync and size-extending write into prealloc\n\nWe have been seeing crashes on duplicate keys in\nbtrfs_set_item_key_safe():\n\n BTRFS critical (device vdb): slot 4 key (450 108 8192) new key (450 108 8192)\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/ctree.c:2620!\n invalid opcode: 0000 [#1] PREEMPT SMP PTI\n CPU: 0 PID: 3139 Comm: xfs_io Kdump: loaded Not tainted 6.9.0 #6\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014\n RIP: 0010:btrfs_set_item_key_safe+0x11f/0x290 [btrfs]\n\nWith the following stack trace:\n\n #0 btrfs_set_item_key_safe (fs/btrfs/ctree.c:2620:4)\n #1 btrfs_drop_extents (fs/btrfs/file.c:411:4)\n #2 log_one_extent (fs/btrfs/tree-log.c:4732:9)\n #3 btrfs_log_changed_extents (fs/btrfs/tree-log.c:4955:9)\n #4 btrfs_log_inode (fs/btrfs/tree-log.c:6626:9)\n #5 btrfs_log_inode_parent (fs/btrfs/tree-log.c:7070:8)\n #6 btrfs_log_dentry_safe (fs/btrfs/tree-log.c:7171:8)\n #7 btrfs_sync_file (fs/btrfs/file.c:1933:8)\n #8 vfs_fsync_range (fs/sync.c:188:9)\n #9 vfs_fsync (fs/sync.c:202:9)\n #10 do_fsync (fs/sync.c:212:9)\n #11 __do_sys_fdatasync (fs/sync.c:225:9)\n #12 __se_sys_fdatasync (fs/sync.c:223:1)\n #13 __x64_sys_fdatasync (fs/sync.c:223:1)\n #14 do_syscall_x64 (arch/x86/entry/common.c:52:14)\n #15 do_syscall_64 (arch/x86/entry/common.c:83:7)\n #16 entry_SYSCALL_64+0xaf/0x14c (arch/x86/entry/entry_64.S:121)\n\nSo we're logging a changed extent from fsync, which is splitting an\nextent in the log tree. But this split part already exists in the tree,\ntriggering the BUG().\n\nThis is the state of the log tree at the time of the crash, dumped with\ndrgn (https://github.com/osandov/drgn/blob/main/contrib/btrfs_tree.py)\nto get more details than btrfs_print_leaf() gives us:\n\n \u003e\u003e\u003e print_extent_buffer(prog.crashed_thread().stack_trace()[0][\"eb\"])\n leaf 33439744 level 0 items 72 generation 9 owner 18446744073709551610\n leaf 33439744 flags 0x100000000000000\n fs uuid e5bd3946-400c-4223-8923-190ef1f18677\n chunk uuid d58cb17e-6d02-494a-829a-18b7d8a399da\n item 0 key (450 INODE_ITEM 0) itemoff 16123 itemsize 160\n generation 7 transid 9 size 8192 nbytes 8473563889606862198\n block group 0 mode 100600 links 1 uid 0 gid 0 rdev 0\n sequence 204 flags 0x10(PREALLOC)\n atime 1716417703.220000000 (2024-05-22 15:41:43)\n ctime 1716417704.983333333 (2024-05-22 15:41:44)\n mtime 1716417704.983333333 (2024-05-22 15:41:44)\n otime 17592186044416.000000000 (559444-03-08 01:40:16)\n item 1 key (450 INODE_REF 256) itemoff 16110 itemsize 13\n index 195 namelen 3 name: 193\n item 2 key (450 XATTR_ITEM 1640047104) itemoff 16073 itemsize 37\n location key (0 UNKNOWN.0 0) type XATTR\n transid 7 data_len 1 name_len 6\n name: user.a\n data a\n item 3 key (450 EXTENT_DATA 0) itemoff 16020 itemsize 53\n generation 9 type 1 (regular)\n extent data disk byte 303144960 nr 12288\n extent data offset 0 nr 4096 ram 12288\n extent compression 0 (none)\n item 4 key (450 EXTENT_DATA 4096) itemoff 15967 itemsize 53\n generation 9 type 2 (prealloc)\n prealloc data disk byte 303144960 nr 12288\n prealloc data offset 4096 nr 8192\n item 5 key (450 EXTENT_DATA 8192) itemoff 15914 itemsize 53\n generation 9 type 2 (prealloc)\n prealloc data disk byte 303144960 nr 12288\n prealloc data offset 8192 nr 4096\n ...\n\nSo the real problem happened earlier: notice that items 4 (4k-12k) and 5\n(8k-12k) overlap. Both are prealloc extents. Item 4 straddles i_size and\nitem 5 starts at i_size.\n\nHere is the state of \n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-37354", "https://git.kernel.org/linus/9d274c19a71b3a276949933859610721a453946b (6.10-rc3)", "https://git.kernel.org/stable/c/1ff2bd566fbcefcb892be85c493bdb92b911c428", "https://git.kernel.org/stable/c/3d08c52ba1887a1ff9c179d4b6a18b427bcb2097", "https://git.kernel.org/stable/c/9d274c19a71b3a276949933859610721a453946b", "https://git.kernel.org/stable/c/c993fd02ba471e296ca1996f13626fc917120158", "https://git.kernel.org/stable/c/f4e5ed974876c14d3623e04dc43d3e3281bc6011", "https://linux.oracle.com/cve/CVE-2024-37354.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2024062547-CVE-2024-37354-ccfb@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-37354", "https://ubuntu.com/security/notices/USN-6999-1", "https://ubuntu.com/security/notices/USN-6999-2", "https://ubuntu.com/security/notices/USN-7004-1", "https://ubuntu.com/security/notices/USN-7005-1", "https://ubuntu.com/security/notices/USN-7005-2", "https://ubuntu.com/security/notices/USN-7008-1", "https://ubuntu.com/security/notices/USN-7029-1", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2024-37354" ], "PublishedDate": "2024-06-25T15:15:13.177Z", "LastModifiedDate": "2025-12-06T22:15:48.35Z" }, { "VulnerabilityID": "CVE-2024-38306", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-38306", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d9db89d42603539a5b48a02d72ac59b1dc0010fedfcd4009e735338c167e38db", "Title": "kernel: btrfs: protect folio::private when attaching extent buffer folios", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: protect folio::private when attaching extent buffer folios\n\n[BUG]\nSince v6.8 there are rare kernel crashes reported by various people,\nthe common factor is bad page status error messages like this:\n\n BUG: Bad page state in process kswapd0 pfn:d6e840\n page: refcount:0 mapcount:0 mapping:000000007512f4f2 index:0x2796c2c7c\n pfn:0xd6e840\n aops:btree_aops ino:1\n flags: 0x17ffffe0000008(uptodate|node=0|zone=2|lastcpupid=0x3fffff)\n page_type: 0xffffffff()\n raw: 0017ffffe0000008 dead000000000100 dead000000000122 ffff88826d0be4c0\n raw: 00000002796c2c7c 0000000000000000 00000000ffffffff 0000000000000000\n page dumped because: non-NULL mapping\n\n[CAUSE]\nCommit 09e6cef19c9f (\"btrfs: refactor alloc_extent_buffer() to\nallocate-then-attach method\") changes the sequence when allocating a new\nextent buffer.\n\nPreviously we always called grab_extent_buffer() under\nmapping-\u003ei_private_lock, to ensure the safety on modification on\nfolio::private (which is a pointer to extent buffer for regular\nsectorsize).\n\nThis can lead to the following race:\n\nThread A is trying to allocate an extent buffer at bytenr X, with 4\n4K pages, meanwhile thread B is trying to release the page at X + 4K\n(the second page of the extent buffer at X).\n\n Thread A | Thread B\n-----------------------------------+-------------------------------------\n | btree_release_folio()\n\t\t\t\t | | This is for the page at X + 4K,\n\t\t\t\t | | Not page X.\n\t\t\t\t | |\nalloc_extent_buffer() | |- release_extent_buffer()\n|- filemap_add_folio() for the | | |- atomic_dec_and_test(eb-\u003erefs)\n| page at bytenr X (the first | | |\n| page). | | |\n| Which returned -EEXIST. | | |\n| | | |\n|- filemap_lock_folio() | | |\n| Returned the first page locked. | | |\n| | | |\n|- grab_extent_buffer() | | |\n| |- atomic_inc_not_zero() | | |\n| | Returned false | | |\n| |- folio_detach_private() | | |- folio_detach_private() for X\n| |- folio_test_private() | | |- folio_test_private()\n | Returned true | | | Returned true\n |- folio_put() | |- folio_put()\n\nNow there are two puts on the same folio at folio X, leading to refcount\nunderflow of the folio X, and eventually causing the BUG_ON() on the\npage-\u003emapping.\n\nThe condition is not that easy to hit:\n\n- The release must be triggered for the middle page of an eb\n If the release is on the same first page of an eb, page lock would kick\n in and prevent the race.\n\n- folio_detach_private() has a very small race window\n It's only between folio_test_private() and folio_clear_private().\n\nThat's exactly when mapping-\u003ei_private_lock is used to prevent such race,\nand commit 09e6cef19c9f (\"btrfs: refactor alloc_extent_buffer() to\nallocate-then-attach method\") screwed that up.\n\nAt that time, I thought the page lock would kick in as\nfilemap_release_folio() also requires the page to be locked, but forgot\nthe filemap_release_folio() only locks one page, not all pages of an\nextent buffer.\n\n[FIX]\nMove all the code requiring i_private_lock into\nattach_eb_folio_to_filemap(), so that everything is done with proper\nlock protection.\n\nFurthermore to prevent future problems, add an extra\nlockdep_assert_locked() to ensure we're holding the proper lock.\n\nTo reproducer that is able to hit the race (takes a few minutes with\ninstrumented code inserting delays to alloc_extent_buffer()):\n\n #!/bin/sh\n drop_caches () {\n\t while(true); do\n\t\t echo 3 \u003e /proc/sys/vm/drop_caches\n\t\t echo 1 \u003e /proc/sys/vm/compact_memory\n\t done\n }\n\n run_tar () {\n\t while(true); do\n\t\t for x in `seq 1 80` ; do\n\t\t\t tar cf /dev/zero /mnt \u003e /dev/null \u0026\n\t\t done\n\t\t wait\n\t done\n }\n\n mkfs.btrfs -f -d single -m single\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-362", "CWE-617" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-38306", "https://git.kernel.org/linus/f3a5367c679d31473d3fbb391675055b4792c309 (6.10-rc3)", "https://git.kernel.org/stable/c/952f048eb901881a7cc6f7c1368b53cd386ead7b", "https://git.kernel.org/stable/c/f3a5367c679d31473d3fbb391675055b4792c309", "https://nvd.nist.gov/vuln/detail/CVE-2024-38306", "https://ubuntu.com/security/notices/USN-6999-1", "https://ubuntu.com/security/notices/USN-6999-2", "https://ubuntu.com/security/notices/USN-7004-1", "https://ubuntu.com/security/notices/USN-7005-1", "https://ubuntu.com/security/notices/USN-7005-2", "https://ubuntu.com/security/notices/USN-7008-1", "https://ubuntu.com/security/notices/USN-7029-1", "https://www.cve.org/CVERecord?id=CVE-2024-38306" ], "PublishedDate": "2024-06-25T15:15:13.367Z", "LastModifiedDate": "2025-09-17T16:00:46.667Z" }, { "VulnerabilityID": "CVE-2024-38543", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-38543", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:eb051fc39023d1daf75c84f801623e2e9cbe77dec01004d1d4495f8042367136", "Title": "kernel: lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/test_hmm.c: handle src_pfns and dst_pfns allocation failure\n\nThe kcalloc() in dmirror_device_evict_chunk() will return null if the\nphysical memory has run out. As a result, if src_pfns or dst_pfns is\ndereferenced, the null pointer dereference bug will happen.\n\nMoreover, the device is going away. If the kcalloc() fails, the pages\nmapping a chunk could not be evicted. So add a __GFP_NOFAIL flag in\nkcalloc().\n\nFinally, as there is no need to have physically contiguous memory, Switch\nkcalloc() to kvcalloc() in order to avoid failing allocations.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 3, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:4583", "https://access.redhat.com/security/cve/CVE-2024-38543", "https://bugzilla.redhat.com/2267509", "https://bugzilla.redhat.com/2273082", "https://bugzilla.redhat.com/2273466", "https://bugzilla.redhat.com/2275735", "https://bugzilla.redhat.com/2277238", "https://bugzilla.redhat.com/2280434", "https://bugzilla.redhat.com/2281131", "https://bugzilla.redhat.com/2281925", "https://bugzilla.redhat.com/2283401", "https://bugzilla.redhat.com/2284541", "https://bugzilla.redhat.com/2284581", "https://bugzilla.redhat.com/2293230", "https://bugzilla.redhat.com/2293380", "https://bugzilla.redhat.com/2293402", "https://bugzilla.redhat.com/2293456", "https://bugzilla.redhat.com/2293653", "https://bugzilla.redhat.com/2294225", "https://bugzilla.redhat.com/show_bug.cgi?id=2267509", "https://bugzilla.redhat.com/show_bug.cgi?id=2273082", "https://bugzilla.redhat.com/show_bug.cgi?id=2273466", "https://bugzilla.redhat.com/show_bug.cgi?id=2275735", "https://bugzilla.redhat.com/show_bug.cgi?id=2277238", "https://bugzilla.redhat.com/show_bug.cgi?id=2280434", "https://bugzilla.redhat.com/show_bug.cgi?id=2281131", "https://bugzilla.redhat.com/show_bug.cgi?id=2281925", "https://bugzilla.redhat.com/show_bug.cgi?id=2283401", "https://bugzilla.redhat.com/show_bug.cgi?id=2284541", "https://bugzilla.redhat.com/show_bug.cgi?id=2284581", "https://bugzilla.redhat.com/show_bug.cgi?id=2293230", "https://bugzilla.redhat.com/show_bug.cgi?id=2293380", "https://bugzilla.redhat.com/show_bug.cgi?id=2293402", "https://bugzilla.redhat.com/show_bug.cgi?id=2293456", "https://bugzilla.redhat.com/show_bug.cgi?id=2293653", "https://bugzilla.redhat.com/show_bug.cgi?id=2294225", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47596", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48627", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52638", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26783", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26858", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27397", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27435", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35958", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36957", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38543", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38586", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38593", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38663", "https://errata.almalinux.org/9/ALSA-2024-4583.html", "https://errata.rockylinux.org/RLSA-2024:4583", "https://git.kernel.org/linus/c2af060d1c18beaec56351cf9c9bcbbc5af341a3 (6.10-rc1)", "https://git.kernel.org/stable/c/1a21fdeea502658e315bd939409b755974f4fb64", "https://git.kernel.org/stable/c/3b20d18f475bd17309db640dbe7d7c7ebb5bc2bc", "https://git.kernel.org/stable/c/65e528a69cb3ed4a286c45b4afba57461c8b5b33", "https://git.kernel.org/stable/c/c2af060d1c18beaec56351cf9c9bcbbc5af341a3", "https://git.kernel.org/stable/c/ce47e8ead9a72834cc68431d53f8092ce69bebb7", "https://linux.oracle.com/cve/CVE-2024-38543.html", "https://linux.oracle.com/errata/ELSA-2024-4583.html", "https://lore.kernel.org/linux-cve-announce/2024061948-CVE-2024-38543-ff2e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-38543", "https://ubuntu.com/security/notices/USN-6949-1", "https://ubuntu.com/security/notices/USN-6949-2", "https://ubuntu.com/security/notices/USN-6952-1", "https://ubuntu.com/security/notices/USN-6952-2", "https://ubuntu.com/security/notices/USN-6955-1", "https://www.cve.org/CVERecord?id=CVE-2024-38543" ], "PublishedDate": "2024-06-19T14:15:14.587Z", "LastModifiedDate": "2024-11-21T09:26:18.13Z" }, { "VulnerabilityID": "CVE-2024-38554", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-38554", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7c0522b799f1ae98094e53eb7033663e08aabdc55002ba7a41792d1399e9f0ab", "Title": "kernel: ax25: Fix reference count leak issue of net_device", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: Fix reference count leak issue of net_device\n\nThere is a reference count leak issue of the object \"net_device\" in\nax25_dev_device_down(). When the ax25 device is shutting down, the\nax25_dev_device_down() drops the reference count of net_device one\nor zero times depending on if we goto unlock_put or not, which will\ncause memory leak.\n\nIn order to solve the above issue, decrease the reference count of\nnet_device after dev-\u003eax25_ptr is set to null.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-38554", "https://git.kernel.org/linus/36e56b1b002bb26440403053f19f9e1a8bc075b2 (6.10-rc1)", "https://git.kernel.org/stable/c/36e56b1b002bb26440403053f19f9e1a8bc075b2", "https://git.kernel.org/stable/c/3ec437f9bbae68e9b38115c4c91de995f73f6bad", "https://git.kernel.org/stable/c/8bad3a20a27be8d935f2aae08d3c6e743754944a", "https://git.kernel.org/stable/c/965d940fb7414b310a22666503d2af69459c981b", "https://git.kernel.org/stable/c/eef95df9b752699bddecefa851f64858247246e9", "https://lore.kernel.org/linux-cve-announce/2024061952-CVE-2024-38554-29b0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-38554", "https://ubuntu.com/security/notices/USN-6949-1", "https://ubuntu.com/security/notices/USN-6949-2", "https://ubuntu.com/security/notices/USN-6952-1", "https://ubuntu.com/security/notices/USN-6952-2", "https://ubuntu.com/security/notices/USN-6955-1", "https://www.cve.org/CVERecord?id=CVE-2024-38554" ], "PublishedDate": "2024-06-19T14:15:15.627Z", "LastModifiedDate": "2024-11-21T09:26:19.99Z" }, { "VulnerabilityID": "CVE-2024-38556", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-38556", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:696a4f42ab1ae6453c67a530bab59e61404313f12a5ec9573dca687f84a0f7d4", "Title": "kernel: net/mlx5: Add a timeout to acquire the command queue semaphore", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Add a timeout to acquire the command queue semaphore\n\nPrevent forced completion handling on an entry that has not yet been\nassigned an index, causing an out of bounds access on idx = -22.\nInstead of waiting indefinitely for the sem, blocking flow now waits for\nindex to be allocated or a sem acquisition timeout before beginning the\ntimer for FW completion.\n\nKernel log example:\nmlx5_core 0000:06:00.0: wait_func_handle_exec_timeout:1128:(pid 185911): cmd[-22]: CREATE_UCTX(0xa04) No done completion", "Severity": "MEDIUM", "CweIDs": [ "CWE-129" ], "VendorSeverity": { "alma": 2, "amazon": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:8162", "https://access.redhat.com/security/cve/CVE-2024-38556", "https://bugzilla.redhat.com/2270700", "https://bugzilla.redhat.com/2281127", "https://bugzilla.redhat.com/2281149", "https://bugzilla.redhat.com/2281847", "https://bugzilla.redhat.com/2282355", "https://bugzilla.redhat.com/2284571", "https://bugzilla.redhat.com/2293078", "https://bugzilla.redhat.com/2293443", "https://bugzilla.redhat.com/2295921", "https://bugzilla.redhat.com/2297474", "https://bugzilla.redhat.com/2297543", "https://bugzilla.redhat.com/2300517", "https://bugzilla.redhat.com/show_bug.cgi?id=2270700", "https://bugzilla.redhat.com/show_bug.cgi?id=2281127", "https://bugzilla.redhat.com/show_bug.cgi?id=2281149", "https://bugzilla.redhat.com/show_bug.cgi?id=2281847", "https://bugzilla.redhat.com/show_bug.cgi?id=2282355", "https://bugzilla.redhat.com/show_bug.cgi?id=2284571", "https://bugzilla.redhat.com/show_bug.cgi?id=2293078", "https://bugzilla.redhat.com/show_bug.cgi?id=2293443", "https://bugzilla.redhat.com/show_bug.cgi?id=2295921", "https://bugzilla.redhat.com/show_bug.cgi?id=2297474", "https://bugzilla.redhat.com/show_bug.cgi?id=2297543", "https://bugzilla.redhat.com/show_bug.cgi?id=2300517", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47385", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27403", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38556", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39483", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40959", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42079", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42272", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42284", "https://errata.almalinux.org/9/ALSA-2024-8162.html", "https://errata.rockylinux.org/RLSA-2024:8162", "https://git.kernel.org/linus/485d65e1357123a697c591a5aeb773994b247ad7 (6.10-rc1)", "https://git.kernel.org/stable/c/2d0962d05c93de391ce85f6e764df895f47c8918", "https://git.kernel.org/stable/c/485d65e1357123a697c591a5aeb773994b247ad7", "https://git.kernel.org/stable/c/4baae687a20ef2b82fde12de3c04461e6f2521d6", "https://git.kernel.org/stable/c/94024332a129c6e4275569d85c0c1bfb2ae2d71b", "https://git.kernel.org/stable/c/f9caccdd42e999b74303c9b0643300073ed5d319", "https://linux.oracle.com/cve/CVE-2024-38556.html", "https://linux.oracle.com/errata/ELSA-2025-20095.html", "https://lore.kernel.org/linux-cve-announce/2024061952-CVE-2024-38556-8afa@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-38556", "https://ubuntu.com/security/notices/USN-6949-1", "https://ubuntu.com/security/notices/USN-6949-2", "https://ubuntu.com/security/notices/USN-6952-1", "https://ubuntu.com/security/notices/USN-6952-2", "https://ubuntu.com/security/notices/USN-6955-1", "https://www.cve.org/CVERecord?id=CVE-2024-38556" ], "PublishedDate": "2024-06-19T14:15:15.81Z", "LastModifiedDate": "2025-03-06T12:56:25.937Z" }, { "VulnerabilityID": "CVE-2024-38557", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-38557", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5f82c5a1b3958c2a2a55c3fb3290ff2a5937dededcc949e824252877f115d1f9", "Title": "kernel: net/mlx5: Reload only IB representors upon lag disable/enable", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Reload only IB representors upon lag disable/enable\n\nOn lag disable, the bond IB device along with all of its\nrepresentors are destroyed, and then the slaves' representors get reloaded.\n\nIn case the slave IB representor load fails, the eswitch error flow\nunloads all representors, including ethernet representors, where the\nnetdevs get detached and removed from lag bond. Such flow is inaccurate\nas the lag driver is not responsible for loading/unloading ethernet\nrepresentors. Furthermore, the flow described above begins by holding\nlag lock to prevent bond changes during disable flow. However, when\nreaching the ethernet representors detachment from lag, the lag lock is\nrequired again, triggering the following deadlock:\n\nCall trace:\n__switch_to+0xf4/0x148\n__schedule+0x2c8/0x7d0\nschedule+0x50/0xe0\nschedule_preempt_disabled+0x18/0x28\n__mutex_lock.isra.13+0x2b8/0x570\n__mutex_lock_slowpath+0x1c/0x28\nmutex_lock+0x4c/0x68\nmlx5_lag_remove_netdev+0x3c/0x1a0 [mlx5_core]\nmlx5e_uplink_rep_disable+0x70/0xa0 [mlx5_core]\nmlx5e_detach_netdev+0x6c/0xb0 [mlx5_core]\nmlx5e_netdev_change_profile+0x44/0x138 [mlx5_core]\nmlx5e_netdev_attach_nic_profile+0x28/0x38 [mlx5_core]\nmlx5e_vport_rep_unload+0x184/0x1b8 [mlx5_core]\nmlx5_esw_offloads_rep_load+0xd8/0xe0 [mlx5_core]\nmlx5_eswitch_reload_reps+0x74/0xd0 [mlx5_core]\nmlx5_disable_lag+0x130/0x138 [mlx5_core]\nmlx5_lag_disable_change+0x6c/0x70 [mlx5_core] // hold ldev-\u003elock\nmlx5_devlink_eswitch_mode_set+0xc0/0x410 [mlx5_core]\ndevlink_nl_cmd_eswitch_set_doit+0xdc/0x180\ngenl_family_rcv_msg_doit.isra.17+0xe8/0x138\ngenl_rcv_msg+0xe4/0x220\nnetlink_rcv_skb+0x44/0x108\ngenl_rcv+0x40/0x58\nnetlink_unicast+0x198/0x268\nnetlink_sendmsg+0x1d4/0x418\nsock_sendmsg+0x54/0x60\n__sys_sendto+0xf4/0x120\n__arm64_sys_sendto+0x30/0x40\nel0_svc_common+0x8c/0x120\ndo_el0_svc+0x30/0xa0\nel0_svc+0x20/0x30\nel0_sync_handler+0x90/0xb8\nel0_sync+0x160/0x180\n\nThus, upon lag enable/disable, load and unload only the IB representors\nof the slaves preventing the deadlock mentioned above.\n\nWhile at it, refactor the mlx5_esw_offloads_rep_load() function to have\na static helper method for its internal logic, in symmetry with the\nrepresentor unload design.", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-38557", "https://git.kernel.org/linus/0f06228d4a2dcc1fca5b3ddb0eefa09c05b102c4 (6.10-rc1)", "https://git.kernel.org/stable/c/0f06228d4a2dcc1fca5b3ddb0eefa09c05b102c4", "https://git.kernel.org/stable/c/0f320f28f54b1b269a755be2e3fb3695e0b80b07", "https://git.kernel.org/stable/c/e93fc8d959e56092e2eca1e5511c2d2f0ad6807a", "https://git.kernel.org/stable/c/f03c714a0fdd1f93101a929d0e727c28a66383fc", "https://lore.kernel.org/linux-cve-announce/2024061953-CVE-2024-38557-2cb9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-38557", "https://ubuntu.com/security/notices/USN-6949-1", "https://ubuntu.com/security/notices/USN-6949-2", "https://ubuntu.com/security/notices/USN-6952-1", "https://ubuntu.com/security/notices/USN-6952-2", "https://ubuntu.com/security/notices/USN-6955-1", "https://www.cve.org/CVERecord?id=CVE-2024-38557" ], "PublishedDate": "2024-06-19T14:15:15.9Z", "LastModifiedDate": "2024-11-21T09:26:20.41Z" }, { "VulnerabilityID": "CVE-2024-38564", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-38564", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:23c3b296a5f4324e47d4cbb7771b137d6bf97205fecbc50f594123768d99ffa8", "Title": "kernel: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE\n\nbpf_prog_attach uses attach_type_to_prog_type to enforce proper\nattach type for BPF_PROG_TYPE_CGROUP_SKB. link_create uses\nbpf_prog_get and relies on bpf_prog_attach_check_attach_type\nto properly verify prog_type \u003c\u003e attach_type association.\n\nAdd missing attach_type enforcement for the link_create case.\nOtherwise, it's currently possible to attach cgroup_skb prog\ntypes to other cgroup hooks.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 1, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:11486", "https://access.redhat.com/security/cve/CVE-2024-38564", "https://bugzilla.redhat.com/2280462", "https://bugzilla.redhat.com/2293429", "https://bugzilla.redhat.com/2311717", "https://bugzilla.redhat.com/2312085", "https://bugzilla.redhat.com/2320254", "https://bugzilla.redhat.com/2320517", "https://bugzilla.redhat.com/2323904", "https://bugzilla.redhat.com/2323930", "https://bugzilla.redhat.com/2323937", "https://bugzilla.redhat.com/2323944", "https://bugzilla.redhat.com/2323955", "https://bugzilla.redhat.com/2324315", "https://bugzilla.redhat.com/2324332", "https://bugzilla.redhat.com/2324612", "https://bugzilla.redhat.com/2324867", "https://bugzilla.redhat.com/2324868", "https://bugzilla.redhat.com/2324892", "https://bugzilla.redhat.com/show_bug.cgi?id=2278445", "https://bugzilla.redhat.com/show_bug.cgi?id=2280462", "https://bugzilla.redhat.com/show_bug.cgi?id=2293429", "https://bugzilla.redhat.com/show_bug.cgi?id=2315210", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27043", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27399", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38564", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46858", "https://errata.almalinux.org/9/ALSA-2024-11486.html", "https://errata.rockylinux.org/RLSA-2024:10281", "https://git.kernel.org/linus/543576ec15b17c0c93301ac8297333c7b6e84ac7 (6.10-rc1)", "https://git.kernel.org/stable/c/543576ec15b17c0c93301ac8297333c7b6e84ac7", "https://git.kernel.org/stable/c/6675c541f540a29487a802d3135280b69b9f568d", "https://git.kernel.org/stable/c/67929e973f5a347f05fef064fea4ae79e7cdb5fd", "https://git.kernel.org/stable/c/b34bbc76651065a5eafad8ddff1eb8d1f8473172", "https://linux.oracle.com/cve/CVE-2024-38564.html", "https://linux.oracle.com/errata/ELSA-2024-11486.html", "https://lore.kernel.org/linux-cve-announce/2024061955-CVE-2024-38564-b069@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-38564", "https://ubuntu.com/security/notices/USN-6949-1", "https://ubuntu.com/security/notices/USN-6949-2", "https://ubuntu.com/security/notices/USN-6952-1", "https://ubuntu.com/security/notices/USN-6952-2", "https://ubuntu.com/security/notices/USN-6955-1", "https://www.cve.org/CVERecord?id=CVE-2024-38564" ], "PublishedDate": "2024-06-19T14:15:16.56Z", "LastModifiedDate": "2025-10-20T22:04:02.683Z" }, { "VulnerabilityID": "CVE-2024-38594", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-38594", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d980a979a488455c13568dd3b093ffbe3294ae16c0b5b854cf871059b951a184", "Title": "kernel: net: stmmac: move the EST lock to struct stmmac_priv", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: move the EST lock to struct stmmac_priv\n\nReinitialize the whole EST structure would also reset the mutex\nlock which is embedded in the EST structure, and then trigger\nthe following warning. To address this, move the lock to struct\nstmmac_priv. We also need to reacquire the mutex lock when doing\nthis initialization.\n\nDEBUG_LOCKS_WARN_ON(lock-\u003emagic != lock)\nWARNING: CPU: 3 PID: 505 at kernel/locking/mutex.c:587 __mutex_lock+0xd84/0x1068\n Modules linked in:\n CPU: 3 PID: 505 Comm: tc Not tainted 6.9.0-rc6-00053-g0106679839f7-dirty #29\n Hardware name: NXP i.MX8MPlus EVK board (DT)\n pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : __mutex_lock+0xd84/0x1068\n lr : __mutex_lock+0xd84/0x1068\n sp : ffffffc0864e3570\n x29: ffffffc0864e3570 x28: ffffffc0817bdc78 x27: 0000000000000003\n x26: ffffff80c54f1808 x25: ffffff80c9164080 x24: ffffffc080d723ac\n x23: 0000000000000000 x22: 0000000000000002 x21: 0000000000000000\n x20: 0000000000000000 x19: ffffffc083bc3000 x18: ffffffffffffffff\n x17: ffffffc08117b080 x16: 0000000000000002 x15: ffffff80d2d40000\n x14: 00000000000002da x13: ffffff80d2d404b8 x12: ffffffc082b5a5c8\n x11: ffffffc082bca680 x10: ffffffc082bb2640 x9 : ffffffc082bb2698\n x8 : 0000000000017fe8 x7 : c0000000ffffefff x6 : 0000000000000001\n x5 : ffffff8178fe0d48 x4 : 0000000000000000 x3 : 0000000000000027\n x2 : ffffff8178fe0d50 x1 : 0000000000000000 x0 : 0000000000000000\n Call trace:\n __mutex_lock+0xd84/0x1068\n mutex_lock_nested+0x28/0x34\n tc_setup_taprio+0x118/0x68c\n stmmac_setup_tc+0x50/0xf0\n taprio_change+0x868/0xc9c", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-38594", "https://git.kernel.org/linus/36ac9e7f2e5786bd37c5cd91132e1f39c29b8197 (6.10-rc1)", "https://git.kernel.org/stable/c/36ac9e7f2e5786bd37c5cd91132e1f39c29b8197", "https://git.kernel.org/stable/c/487f9030b1ef34bab123f2df2a4ccbe01ba84416", "https://git.kernel.org/stable/c/6f476aff2d8da1a189621c4c16a76a6c534e4312", "https://git.kernel.org/stable/c/b538fefeb1026aad9dcdcbb410c42b56dff8aae9", "https://lore.kernel.org/linux-cve-announce/2024061955-CVE-2024-38594-75c8@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-38594", "https://ubuntu.com/security/notices/USN-6949-1", "https://ubuntu.com/security/notices/USN-6949-2", "https://ubuntu.com/security/notices/USN-6952-1", "https://ubuntu.com/security/notices/USN-6952-2", "https://ubuntu.com/security/notices/USN-6955-1", "https://www.cve.org/CVERecord?id=CVE-2024-38594" ], "PublishedDate": "2024-06-19T14:15:19.467Z", "LastModifiedDate": "2025-10-31T16:29:09.083Z" }, { "VulnerabilityID": "CVE-2024-38608", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-38608", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:98a6c6695540cbcf4d6fa808a24dcdab912e15ee55ef2d004543877e412e9afa", "Title": "kernel: net/mlx5e: Fix netif state handling", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix netif state handling\n\nmlx5e_suspend cleans resources only if netif_device_present() returns\ntrue. However, mlx5e_resume changes the state of netif, via\nmlx5e_nic_enable, only if reg_state == NETREG_REGISTERED.\nIn the below case, the above leads to NULL-ptr Oops[1] and memory\nleaks:\n\nmlx5e_probe\n _mlx5e_resume\n mlx5e_attach_netdev\n mlx5e_nic_enable \u003c-- netdev not reg, not calling netif_device_attach()\n register_netdev \u003c-- failed for some reason.\nERROR_FLOW:\n _mlx5e_suspend \u003c-- netif_device_present return false, resources aren't freed :(\n\nHence, clean resources in this case as well.\n\n[1]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nPGD 0 P4D 0\nOops: 0010 [#1] SMP\nCPU: 2 PID: 9345 Comm: test-ovs-ct-gen Not tainted 6.5.0_for_upstream_min_debug_2023_09_05_16_01 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:0x0\nCode: Unable to access opcode bytes at0xffffffffffffffd6.\nRSP: 0018:ffff888178aaf758 EFLAGS: 00010246\nCall Trace:\n \u003cTASK\u003e\n ? __die+0x20/0x60\n ? page_fault_oops+0x14c/0x3c0\n ? exc_page_fault+0x75/0x140\n ? asm_exc_page_fault+0x22/0x30\n notifier_call_chain+0x35/0xb0\n blocking_notifier_call_chain+0x3d/0x60\n mlx5_blocking_notifier_call_chain+0x22/0x30 [mlx5_core]\n mlx5_core_uplink_netdev_event_replay+0x3e/0x60 [mlx5_core]\n mlx5_mdev_netdev_track+0x53/0x60 [mlx5_ib]\n mlx5_ib_roce_init+0xc3/0x340 [mlx5_ib]\n __mlx5_ib_add+0x34/0xd0 [mlx5_ib]\n mlx5r_probe+0xe1/0x210 [mlx5_ib]\n ? auxiliary_match_id+0x6a/0x90\n auxiliary_bus_probe+0x38/0x80\n ? driver_sysfs_add+0x51/0x80\n really_probe+0xc9/0x3e0\n ? driver_probe_device+0x90/0x90\n __driver_probe_device+0x80/0x160\n driver_probe_device+0x1e/0x90\n __device_attach_driver+0x7d/0x100\n bus_for_each_drv+0x80/0xd0\n __device_attach+0xbc/0x1f0\n bus_probe_device+0x86/0xa0\n device_add+0x637/0x840\n __auxiliary_device_add+0x3b/0xa0\n add_adev+0xc9/0x140 [mlx5_core]\n mlx5_rescan_drivers_locked+0x22a/0x310 [mlx5_core]\n mlx5_register_device+0x53/0xa0 [mlx5_core]\n mlx5_init_one_devl_locked+0x5c4/0x9c0 [mlx5_core]\n mlx5_init_one+0x3b/0x60 [mlx5_core]\n probe_one+0x44c/0x730 [mlx5_core]\n local_pci_probe+0x3e/0x90\n pci_device_probe+0xbf/0x210\n ? kernfs_create_link+0x5d/0xa0\n ? sysfs_do_create_link_sd+0x60/0xc0\n really_probe+0xc9/0x3e0\n ? driver_probe_device+0x90/0x90\n __driver_probe_device+0x80/0x160\n driver_probe_device+0x1e/0x90\n __device_attach_driver+0x7d/0x100\n bus_for_each_drv+0x80/0xd0\n __device_attach+0xbc/0x1f0\n pci_bus_add_device+0x54/0x80\n pci_iov_add_virtfn+0x2e6/0x320\n sriov_enable+0x208/0x420\n mlx5_core_sriov_configure+0x9e/0x200 [mlx5_core]\n sriov_numvfs_store+0xae/0x1a0\n kernfs_fop_write_iter+0x10c/0x1a0\n vfs_write+0x291/0x3c0\n ksys_write+0x5f/0xe0\n do_syscall_64+0x3d/0x90\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n CR2: 0000000000000000\n ---[ end trace 0000000000000000 ]---", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 3, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 1, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:5928", "https://access.redhat.com/security/cve/CVE-2024-38608", "https://bugzilla.redhat.com/2265185", "https://bugzilla.redhat.com/2272797", "https://bugzilla.redhat.com/2273654", "https://bugzilla.redhat.com/2275742", "https://bugzilla.redhat.com/2275744", "https://bugzilla.redhat.com/2277166", "https://bugzilla.redhat.com/2278256", "https://bugzilla.redhat.com/2278258", "https://bugzilla.redhat.com/2278264", "https://bugzilla.redhat.com/2281101", "https://bugzilla.redhat.com/2281284", "https://bugzilla.redhat.com/2281669", "https://bugzilla.redhat.com/2281672", "https://bugzilla.redhat.com/2281675", "https://bugzilla.redhat.com/2281916", "https://bugzilla.redhat.com/2281958", "https://bugzilla.redhat.com/2282720", "https://bugzilla.redhat.com/2283468", "https://bugzilla.redhat.com/2284421", "https://bugzilla.redhat.com/2293356", "https://bugzilla.redhat.com/2293414", "https://bugzilla.redhat.com/2293455", "https://bugzilla.redhat.com/2293459", "https://bugzilla.redhat.com/2293461", "https://bugzilla.redhat.com/2295914", "https://bugzilla.redhat.com/2297489", "https://bugzilla.redhat.com/2297495", "https://bugzilla.redhat.com/2297496", "https://bugzilla.redhat.com/2297498", "https://bugzilla.redhat.com/2297513", "https://bugzilla.redhat.com/2297523", "https://bugzilla.redhat.com/2297525", "https://bugzilla.redhat.com/2297541", "https://bugzilla.redhat.com/2297562", "https://bugzilla.redhat.com/2297567", "https://bugzilla.redhat.com/2299240", "https://bugzilla.redhat.com/2299336", "https://bugzilla.redhat.com/2300410", "https://bugzilla.redhat.com/2300453", "https://bugzilla.redhat.com/2301473", "https://bugzilla.redhat.com/2301519", "https://bugzilla.redhat.com/show_bug.cgi?id=2266247", "https://bugzilla.redhat.com/show_bug.cgi?id=2269183", "https://bugzilla.redhat.com/show_bug.cgi?id=2275750", "https://bugzilla.redhat.com/show_bug.cgi?id=2277168", "https://bugzilla.redhat.com/show_bug.cgi?id=2278262", "https://bugzilla.redhat.com/show_bug.cgi?id=2278350", "https://bugzilla.redhat.com/show_bug.cgi?id=2278387", "https://bugzilla.redhat.com/show_bug.cgi?id=2281284", "https://bugzilla.redhat.com/show_bug.cgi?id=2281669", "https://bugzilla.redhat.com/show_bug.cgi?id=2281817", "https://bugzilla.redhat.com/show_bug.cgi?id=2293356", "https://bugzilla.redhat.com/show_bug.cgi?id=2293402", "https://bugzilla.redhat.com/show_bug.cgi?id=2293458", "https://bugzilla.redhat.com/show_bug.cgi?id=2293459", "https://bugzilla.redhat.com/show_bug.cgi?id=2297475", "https://bugzilla.redhat.com/show_bug.cgi?id=2297508", "https://bugzilla.redhat.com/show_bug.cgi?id=2297545", "https://bugzilla.redhat.com/show_bug.cgi?id=2297567", "https://bugzilla.redhat.com/show_bug.cgi?id=2297568", "https://bugzilla.redhat.com/show_bug.cgi?id=2298109", "https://bugzilla.redhat.com/show_bug.cgi?id=2298412", "https://bugzilla.redhat.com/show_bug.cgi?id=2300412", "https://bugzilla.redhat.com/show_bug.cgi?id=2300442", "https://bugzilla.redhat.com/show_bug.cgi?id=2300487", "https://bugzilla.redhat.com/show_bug.cgi?id=2300488", "https://bugzilla.redhat.com/show_bug.cgi?id=2300508", "https://bugzilla.redhat.com/show_bug.cgi?id=2300517", "https://bugzilla.redhat.com/show_bug.cgi?id=2307862", "https://bugzilla.redhat.com/show_bug.cgi?id=2307865", "https://bugzilla.redhat.com/show_bug.cgi?id=2307892", "https://bugzilla.redhat.com/show_bug.cgi?id=2309852", "https://bugzilla.redhat.com/show_bug.cgi?id=2309853", "https://bugzilla.redhat.com/show_bug.cgi?id=2311715", "https://bugzilla.redhat.com/show_bug.cgi?id=2315178", "https://bugzilla.redhat.com/show_bug.cgi?id=2317601", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48773", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48936", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52492", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24857", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26851", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26924", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26976", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27017", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27062", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35839", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35898", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35939", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38541", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38586", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38608", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39503", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40924", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40983", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40984", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41009", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41042", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41066", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41092", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41093", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42070", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42079", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42244", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42284", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42292", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42301", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43854", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43880", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43889", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43892", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44935", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44990", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45018", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47668", "https://errata.almalinux.org/9/ALSA-2024-5928.html", "https://errata.rockylinux.org/RLSA-2024:8856", "https://git.kernel.org/linus/3d5918477f94e4c2f064567875c475468e264644 (6.10-rc1)", "https://git.kernel.org/stable/c/3d5918477f94e4c2f064567875c475468e264644", "https://git.kernel.org/stable/c/f7e6cfb864a53af71c5cc904f1cc22215d68f5c6", "https://linux.oracle.com/cve/CVE-2024-38608.html", "https://linux.oracle.com/errata/ELSA-2024-8856.html", "https://lore.kernel.org/linux-cve-announce/2024061920-CVE-2024-38608-4068@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-38608", "https://ubuntu.com/security/notices/USN-7513-1", "https://ubuntu.com/security/notices/USN-7513-2", "https://ubuntu.com/security/notices/USN-7513-3", "https://ubuntu.com/security/notices/USN-7513-4", "https://ubuntu.com/security/notices/USN-7513-5", "https://ubuntu.com/security/notices/USN-7514-1", "https://ubuntu.com/security/notices/USN-7515-1", "https://ubuntu.com/security/notices/USN-7515-2", "https://ubuntu.com/security/notices/USN-7522-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-38608" ], "PublishedDate": "2024-06-19T14:15:20.737Z", "LastModifiedDate": "2024-11-21T09:26:28.4Z" }, { "VulnerabilityID": "CVE-2024-38625", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-38625", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:97f66fe49a1eaf87f64094fcfd86b7b09da7712b9fed2c20a3928d0af2e5af8f", "Title": "kernel: fs/ntfs3: Check \u0026#39;folio\u0026#39; pointer for NULL", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Check 'folio' pointer for NULL\n\nIt can be NULL if bmap is called.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-38625", "https://git.kernel.org/linus/1cd6c96219c429ebcfa8e79a865277376c563803 (6.10-rc1)", "https://git.kernel.org/stable/c/1cd6c96219c429ebcfa8e79a865277376c563803", "https://git.kernel.org/stable/c/6c8054d590668629bb2eb6fb4cbf22455d08ada8", "https://git.kernel.org/stable/c/ff1068929459347f9e47f8d14c409dcf938c2641", "https://lore.kernel.org/linux-cve-announce/2024062140-CVE-2024-38625-2694@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-38625", "https://ubuntu.com/security/notices/USN-6999-1", "https://ubuntu.com/security/notices/USN-6999-2", "https://ubuntu.com/security/notices/USN-7004-1", "https://ubuntu.com/security/notices/USN-7005-1", "https://ubuntu.com/security/notices/USN-7005-2", "https://ubuntu.com/security/notices/USN-7008-1", "https://ubuntu.com/security/notices/USN-7029-1", "https://www.cve.org/CVERecord?id=CVE-2024-38625" ], "PublishedDate": "2024-06-21T11:15:11.43Z", "LastModifiedDate": "2025-01-07T16:09:49.88Z" }, { "VulnerabilityID": "CVE-2024-38628", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-38628", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:64a53e93079120d971827a5ba7db4a4c9d4f50da7f4076d19d914b40c1f5db43", "Title": "kernel: usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind.", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind.\n\nHang on to the control IDs instead of pointers since those are correctly\nhandled with locks.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-38628", "https://git.kernel.org/linus/1b739388aa3f8dfb63a9fca777e6dfa6912d0464 (6.10-rc1)", "https://git.kernel.org/stable/c/1b739388aa3f8dfb63a9fca777e6dfa6912d0464", "https://git.kernel.org/stable/c/453d3fa9266e53f85377b911c19b9a4563fa88c0", "https://git.kernel.org/stable/c/89e66809684485590ea0b32c3178e42cba36ac09", "https://git.kernel.org/stable/c/bea73b58ab67fe581037ad9cdb93c2557590c068", "https://lore.kernel.org/linux-cve-announce/2024062140-CVE-2024-38628-e2db@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-38628", "https://ubuntu.com/security/notices/USN-6999-1", "https://ubuntu.com/security/notices/USN-6999-2", "https://ubuntu.com/security/notices/USN-7004-1", "https://ubuntu.com/security/notices/USN-7005-1", "https://ubuntu.com/security/notices/USN-7005-2", "https://ubuntu.com/security/notices/USN-7008-1", "https://ubuntu.com/security/notices/USN-7029-1", "https://www.cve.org/CVERecord?id=CVE-2024-38628" ], "PublishedDate": "2024-06-21T11:15:11.66Z", "LastModifiedDate": "2025-03-24T18:09:37.237Z" }, { "VulnerabilityID": "CVE-2024-39282", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-39282", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a60697bddf67d58b8bf7b22401dd62b9553dc2b7d541f7d14865ce6af144b383", "Title": "kernel: net: wwan: t7xx: Fix FSM command timeout issue", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: wwan: t7xx: Fix FSM command timeout issue\n\nWhen driver processes the internal state change command, it use an\nasynchronous thread to process the command operation. If the main\nthread detects that the task has timed out, the asynchronous thread\nwill panic when executing the completion notification because the\nmain thread completion object has been released.\n\nBUG: unable to handle page fault for address: fffffffffffffff8\nPGD 1f283a067 P4D 1f283a067 PUD 1f283c067 PMD 0\nOops: 0000 [#1] PREEMPT SMP NOPTI\nRIP: 0010:complete_all+0x3e/0xa0\n[...]\nCall Trace:\n \u003cTASK\u003e\n ? __die_body+0x68/0xb0\n ? page_fault_oops+0x379/0x3e0\n ? exc_page_fault+0x69/0xa0\n ? asm_exc_page_fault+0x22/0x30\n ? complete_all+0x3e/0xa0\n fsm_main_thread+0xa3/0x9c0 [mtk_t7xx (HASH:1400 5)]\n ? __pfx_autoremove_wake_function+0x10/0x10\n kthread+0xd8/0x110\n ? __pfx_fsm_main_thread+0x10/0x10 [mtk_t7xx (HASH:1400 5)]\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x38/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e\n[...]\nCR2: fffffffffffffff8\n---[ end trace 0000000000000000 ]---\n\nUse the reference counter to ensure safe release as Sergey suggests:\nhttps://lore.kernel.org/all/da90f64c-260a-4329-87bf-1f9ff20a5951@gmail.com/", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "photon": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-39282", "https://git.kernel.org/linus/4f619d518db9cd1a933c3a095a5f95d0c1584ae8 (6.13-rc6)", "https://git.kernel.org/stable/c/0cd3bde081cd3452c875fa1e5c55834c670d6e05", "https://git.kernel.org/stable/c/4f619d518db9cd1a933c3a095a5f95d0c1584ae8", "https://git.kernel.org/stable/c/b8ab9bd0c8855cd5a6f4e0265083576257ff3fc5", "https://git.kernel.org/stable/c/e6e6882a1590cbdaca77a31a02f4954327237e14", "https://linux.oracle.com/cve/CVE-2024-39282.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2025011532-CVE-2024-39282-491b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-39282", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7513-1", "https://ubuntu.com/security/notices/USN-7513-2", "https://ubuntu.com/security/notices/USN-7513-3", "https://ubuntu.com/security/notices/USN-7513-4", "https://ubuntu.com/security/notices/USN-7513-5", "https://ubuntu.com/security/notices/USN-7514-1", "https://ubuntu.com/security/notices/USN-7515-1", "https://ubuntu.com/security/notices/USN-7515-2", "https://ubuntu.com/security/notices/USN-7522-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-39282" ], "PublishedDate": "2025-01-15T13:15:09.74Z", "LastModifiedDate": "2025-11-03T21:16:15.453Z" }, { "VulnerabilityID": "CVE-2024-39293", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-39293", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a334c8b151a78e2757cb1f8c716b67aa3db4d49d98602448f5a17c8d5eeb2e80", "Title": "kernel: Revert \u0026#34;xsk: Support redirect to any socket bound to the same umem\u0026#34;", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"xsk: Support redirect to any socket bound to the same umem\"\n\nThis reverts commit 2863d665ea41282379f108e4da6c8a2366ba66db.\n\nThis patch introduced a potential kernel crash when multiple napi instances\nredirect to the same AF_XDP socket. By removing the queue_index check, it is\npossible for multiple napi instances to access the Rx ring at the same time,\nwhich will result in a corrupted ring state which can lead to a crash when\nflushing the rings in __xsk_flush(). This can happen when the linked list of\nsockets to flush gets corrupted by concurrent accesses. A quick and small fix\nis not possible, so let us revert this for now.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-39293", "https://git.kernel.org/linus/7fcf26b315bbb728036da0862de6b335da83dff2 (6.10-rc3)", "https://git.kernel.org/stable/c/19cb40b1064566ea09538289bfcf5bc7ecb9b6f5", "https://git.kernel.org/stable/c/7fcf26b315bbb728036da0862de6b335da83dff2", "https://lore.kernel.org/linux-cve-announce/2024062548-CVE-2024-39293-d42a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-39293", "https://www.cve.org/CVERecord?id=CVE-2024-39293" ], "PublishedDate": "2024-06-25T15:15:13.993Z", "LastModifiedDate": "2025-09-17T16:05:04.513Z" }, { "VulnerabilityID": "CVE-2024-39298", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-39298", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:02bdbb77c5c9d825038618cafd046cccbaf49b9d625d213f22ac8b310305f366", "Title": "kernel: mm/memory-failure: fix handling of dissolved but not taken off from buddy pages", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/memory-failure: fix handling of dissolved but not taken off from buddy pages\n\nWhen I did memory failure tests recently, below panic occurs:\n\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8cee00\nflags: 0x6fffe0000000000(node=1|zone=2|lastcpupid=0x7fff)\nraw: 06fffe0000000000 dead000000000100 dead000000000122 0000000000000000\nraw: 0000000000000000 0000000000000009 00000000ffffffff 0000000000000000\npage dumped because: VM_BUG_ON_PAGE(!PageBuddy(page))\n------------[ cut here ]------------\nkernel BUG at include/linux/page-flags.h:1009!\ninvalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nRIP: 0010:__del_page_from_free_list+0x151/0x180\nRSP: 0018:ffffa49c90437998 EFLAGS: 00000046\nRAX: 0000000000000035 RBX: 0000000000000009 RCX: ffff8dd8dfd1c9c8\nRDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff8dd8dfd1c9c0\nRBP: ffffd901233b8000 R08: ffffffffab5511f8 R09: 0000000000008c69\nR10: 0000000000003c15 R11: ffffffffab5511f8 R12: ffff8dd8fffc0c80\nR13: 0000000000000001 R14: ffff8dd8fffc0c80 R15: 0000000000000009\nFS: 00007ff916304740(0000) GS:ffff8dd8dfd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000055eae50124c8 CR3: 00000008479e0000 CR4: 00000000000006f0\nCall Trace:\n \u003cTASK\u003e\n __rmqueue_pcplist+0x23b/0x520\n get_page_from_freelist+0x26b/0xe40\n __alloc_pages_noprof+0x113/0x1120\n __folio_alloc_noprof+0x11/0xb0\n alloc_buddy_hugetlb_folio.isra.0+0x5a/0x130\n __alloc_fresh_hugetlb_folio+0xe7/0x140\n alloc_pool_huge_folio+0x68/0x100\n set_max_huge_pages+0x13d/0x340\n hugetlb_sysctl_handler_common+0xe8/0x110\n proc_sys_call_handler+0x194/0x280\n vfs_write+0x387/0x550\n ksys_write+0x64/0xe0\n do_syscall_64+0xc2/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7ff916114887\nRSP: 002b:00007ffec8a2fd78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 000055eae500e350 RCX: 00007ff916114887\nRDX: 0000000000000004 RSI: 000055eae500e390 RDI: 0000000000000003\nRBP: 000055eae50104c0 R08: 0000000000000000 R09: 000055eae50104c0\nR10: 0000000000000077 R11: 0000000000000246 R12: 0000000000000004\nR13: 0000000000000004 R14: 00007ff916216b80 R15: 00007ff916216a00\n \u003c/TASK\u003e\nModules linked in: mce_inject hwpoison_inject\n---[ end trace 0000000000000000 ]---\n\nAnd before the panic, there had an warning about bad page state:\n\nBUG: Bad page state in process page-types pfn:8cee00\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8cee00\nflags: 0x6fffe0000000000(node=1|zone=2|lastcpupid=0x7fff)\npage_type: 0xffffff7f(buddy)\nraw: 06fffe0000000000 ffffd901241c0008 ffffd901240f8008 0000000000000000\nraw: 0000000000000000 0000000000000009 00000000ffffff7f 0000000000000000\npage dumped because: nonzero mapcount\nModules linked in: mce_inject hwpoison_inject\nCPU: 8 PID: 154211 Comm: page-types Not tainted 6.9.0-rc4-00499-g5544ec3178e2-dirty #22\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x83/0xa0\n bad_page+0x63/0xf0\n free_unref_page+0x36e/0x5c0\n unpoison_memory+0x50b/0x630\n simple_attr_write_xsigned.constprop.0.isra.0+0xb3/0x110\n debugfs_attr_write+0x42/0x60\n full_proxy_write+0x5b/0x80\n vfs_write+0xcd/0x550\n ksys_write+0x64/0xe0\n do_syscall_64+0xc2/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f189a514887\nRSP: 002b:00007ffdcd899718 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f189a514887\nRDX: 0000000000000009 RSI: 00007ffdcd899730 RDI: 0000000000000003\nRBP: 00007ffdcd8997a0 R08: 0000000000000000 R09: 00007ffdcd8994b2\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdcda199a8\nR13: 0000000000404af1 R14: 000000000040ad78 R15: 00007f189a7a5040\n \u003c/TASK\u003e\n\nThe root cause should be the below race:\n\n memory_failure\n try_memory_failure_hugetlb\n me_huge_page\n __page_handle_poison\n dissolve_free_hugetlb_folio\n drain_all_pages -- Buddy page can be isolated e.g. for compaction.\n take_page_off_buddy -- Failed as page is not in the \n---truncated---", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-39298", "https://git.kernel.org/linus/8cf360b9d6a840700e06864236a01a883b34bbad (6.10-rc1)", "https://git.kernel.org/stable/c/00b0752c7f15dfdf129cacc6a27d61c54141182b", "https://git.kernel.org/stable/c/41cd2de3c95020b7f86a3cb5fab42fbf454a63bd", "https://git.kernel.org/stable/c/8cf360b9d6a840700e06864236a01a883b34bbad", "https://git.kernel.org/stable/c/bb9bb13ce64cc7cae47f5e2ab9ce93b7bfa0117e", "https://linux.oracle.com/cve/CVE-2024-39298.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024062549-CVE-2024-39298-53e8@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-39298", "https://ubuntu.com/security/notices/USN-6999-1", "https://ubuntu.com/security/notices/USN-6999-2", "https://ubuntu.com/security/notices/USN-7004-1", "https://ubuntu.com/security/notices/USN-7005-1", "https://ubuntu.com/security/notices/USN-7005-2", "https://ubuntu.com/security/notices/USN-7008-1", "https://ubuntu.com/security/notices/USN-7029-1", "https://www.cve.org/CVERecord?id=CVE-2024-39298" ], "PublishedDate": "2024-06-25T15:15:14.16Z", "LastModifiedDate": "2025-11-03T22:17:03.573Z" }, { "VulnerabilityID": "CVE-2024-39508", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-39508", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:98a139d30cd2ce86183937f2234b1ed22d33734f12b28dea0ba9059eda0827f7", "Title": "kernel: io_uring/io-wq: Use set_bit() and test_bit() at worker-\u003eflags", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/io-wq: Use set_bit() and test_bit() at worker-\u003eflags\n\nUtilize set_bit() and test_bit() on worker-\u003eflags within io_uring/io-wq\nto address potential data races.\n\nThe structure io_worker-\u003eflags may be accessed through various data\npaths, leading to concurrency issues. When KCSAN is enabled, it reveals\ndata races occurring in io_worker_handle_work and\nio_wq_activate_free_worker functions.\n\n\t BUG: KCSAN: data-race in io_worker_handle_work / io_wq_activate_free_worker\n\t write to 0xffff8885c4246404 of 4 bytes by task 49071 on cpu 28:\n\t io_worker_handle_work (io_uring/io-wq.c:434 io_uring/io-wq.c:569)\n\t io_wq_worker (io_uring/io-wq.c:?)\n\u003csnip\u003e\n\n\t read to 0xffff8885c4246404 of 4 bytes by task 49024 on cpu 5:\n\t io_wq_activate_free_worker (io_uring/io-wq.c:? io_uring/io-wq.c:285)\n\t io_wq_enqueue (io_uring/io-wq.c:947)\n\t io_queue_iowq (io_uring/io_uring.c:524)\n\t io_req_task_submit (io_uring/io_uring.c:1511)\n\t io_handle_tw_list (io_uring/io_uring.c:1198)\n\u003csnip\u003e\n\nLine numbers against commit 18daea77cca6 (\"Merge tag 'for-linus' of\ngit://git.kernel.org/pub/scm/virt/kvm/kvm\").\n\nThese races involve writes and reads to the same memory location by\ndifferent tasks running on different CPUs. To mitigate this, refactor\nthe code to use atomic operations such as set_bit(), test_bit(), and\nclear_bit() instead of basic \"and\" and \"or\" operations. This ensures\nthread-safe manipulation of worker flags.\n\nAlso, move `create_index` to avoid holes in the structure.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-39508", "https://git.kernel.org/linus/8a565304927fbd28c9f028c492b5c1714002cbab (6.10-rc1)", "https://git.kernel.org/stable/c/1cbb0affb15470a9621267fe0a8568007553a4bf", "https://git.kernel.org/stable/c/8a565304927fbd28c9f028c492b5c1714002cbab", "https://git.kernel.org/stable/c/ab702c3483db9046bab9f40306f1a28b22dbbdc0", "https://linux.oracle.com/cve/CVE-2024-39508.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/2024071206-CVE-2024-39508-20c3@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-39508", "https://ubuntu.com/security/notices/USN-6999-1", "https://ubuntu.com/security/notices/USN-6999-2", "https://ubuntu.com/security/notices/USN-7004-1", "https://ubuntu.com/security/notices/USN-7005-1", "https://ubuntu.com/security/notices/USN-7005-2", "https://ubuntu.com/security/notices/USN-7008-1", "https://ubuntu.com/security/notices/USN-7029-1", "https://www.cve.org/CVERecord?id=CVE-2024-39508" ], "PublishedDate": "2024-07-12T13:15:13.13Z", "LastModifiedDate": "2025-10-03T15:13:42.83Z" }, { "VulnerabilityID": "CVE-2024-40900", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-40900", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:32b69be331c14735c88ff624cdd6d01d10f652399b468c7e1460d3f1c4aba86d", "Title": "kernel: cachefiles: remove requests from xarray during flushing requests", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: remove requests from xarray during flushing requests\n\nEven with CACHEFILES_DEAD set, we can still read the requests, so in the\nfollowing concurrency the request may be used after it has been freed:\n\n mount | daemon_thread1 | daemon_thread2\n------------------------------------------------------------\n cachefiles_ondemand_init_object\n cachefiles_ondemand_send_req\n REQ_A = kzalloc(sizeof(*req) + data_len)\n wait_for_completion(\u0026REQ_A-\u003edone)\n cachefiles_daemon_read\n cachefiles_ondemand_daemon_read\n // close dev fd\n cachefiles_flush_reqs\n complete(\u0026REQ_A-\u003edone)\n kfree(REQ_A)\n xa_lock(\u0026cache-\u003ereqs);\n cachefiles_ondemand_select_req\n req-\u003emsg.opcode != CACHEFILES_OP_READ\n // req use-after-free !!!\n xa_unlock(\u0026cache-\u003ereqs);\n xa_destroy(\u0026cache-\u003ereqs)\n\nHence remove requests from cache-\u003ereqs when flushing them to avoid\naccessing freed requests.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-40900", "https://git.kernel.org/linus/0fc75c5940fa634d84e64c93bfc388e1274ed013 (6.10-rc4)", "https://git.kernel.org/stable/c/0fc75c5940fa634d84e64c93bfc388e1274ed013", "https://git.kernel.org/stable/c/37e19cf86a520d65de1de9cb330415c332a40d19", "https://git.kernel.org/stable/c/50d0e55356ba5b84ffb51c42704126124257e598", "https://git.kernel.org/stable/c/9f13aacdd4ee9a7644b2a3c96d67113cd083c9c7", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024071207-CVE-2024-40900-7497@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-40900", "https://ubuntu.com/security/notices/USN-6999-1", "https://ubuntu.com/security/notices/USN-6999-2", "https://ubuntu.com/security/notices/USN-7004-1", "https://ubuntu.com/security/notices/USN-7005-1", "https://ubuntu.com/security/notices/USN-7005-2", "https://ubuntu.com/security/notices/USN-7008-1", "https://ubuntu.com/security/notices/USN-7029-1", "https://www.cve.org/CVERecord?id=CVE-2024-40900" ], "PublishedDate": "2024-07-12T13:15:13.433Z", "LastModifiedDate": "2025-11-03T22:17:11.657Z" }, { "VulnerabilityID": "CVE-2024-40918", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-40918", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f45263ba1d96f71a7aaace44816b7365451459bfbeaec055fdd0774a44a7eaba", "Title": "kernel: parisc: Try to fix random segmentation faults in package builds", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nparisc: Try to fix random segmentation faults in package builds\n\nPA-RISC systems with PA8800 and PA8900 processors have had problems\nwith random segmentation faults for many years. Systems with earlier\nprocessors are much more stable.\n\nSystems with PA8800 and PA8900 processors have a large L2 cache which\nneeds per page flushing for decent performance when a large range is\nflushed. The combined cache in these systems is also more sensitive to\nnon-equivalent aliases than the caches in earlier systems.\n\nThe majority of random segmentation faults that I have looked at\nappear to be memory corruption in memory allocated using mmap and\nmalloc.\n\nMy first attempt at fixing the random faults didn't work. On\nreviewing the cache code, I realized that there were two issues\nwhich the existing code didn't handle correctly. Both relate\nto cache move-in. Another issue is that the present bit in PTEs\nis racy.\n\n1) PA-RISC caches have a mind of their own and they can speculatively\nload data and instructions for a page as long as there is a entry in\nthe TLB for the page which allows move-in. TLBs are local to each\nCPU. Thus, the TLB entry for a page must be purged before flushing\nthe page. This is particularly important on SMP systems.\n\nIn some of the flush routines, the flush routine would be called\nand then the TLB entry would be purged. This was because the flush\nroutine needed the TLB entry to do the flush.\n\n2) My initial approach to trying the fix the random faults was to\ntry and use flush_cache_page_if_present for all flush operations.\nThis actually made things worse and led to a couple of hardware\nlockups. It finally dawned on me that some lines weren't being\nflushed because the pte check code was racy. This resulted in\nrandom inequivalent mappings to physical pages.\n\nThe __flush_cache_page tmpalias flush sets up its own TLB entry\nand it doesn't need the existing TLB entry. As long as we can find\nthe pte pointer for the vm page, we can get the pfn and physical\naddress of the page. We can also purge the TLB entry for the page\nbefore doing the flush. Further, __flush_cache_page uses a special\nTLB entry that inhibits cache move-in.\n\nWhen switching page mappings, we need to ensure that lines are\nremoved from the cache. It is not sufficient to just flush the\nlines to memory as they may come back.\n\nThis made it clear that we needed to implement all the required\nflush operations using tmpalias routines. This includes flushes\nfor user and kernel pages.\n\nAfter modifying the code to use tmpalias flushes, it became clear\nthat the random segmentation faults were not fully resolved. The\nfrequency of faults was worse on systems with a 64 MB L2 (PA8900)\nand systems with more CPUs (rp4440).\n\nThe warning that I added to flush_cache_page_if_present to detect\npages that couldn't be flushed triggered frequently on some systems.\n\nHelge and I looked at the pages that couldn't be flushed and found\nthat the PTE was either cleared or for a swap page. Ignoring pages\nthat were swapped out seemed okay but pages with cleared PTEs seemed\nproblematic.\n\nI looked at routines related to pte_clear and noticed ptep_clear_flush.\nThe default implementation just flushes the TLB entry. However, it was\nobvious that on parisc we need to flush the cache page as well. If\nwe don't flush the cache page, stale lines will be left in the cache\nand cause random corruption. Once a PTE is cleared, there is no way\nto find the physical address associated with the PTE and flush the\nassociated page at a later time.\n\nI implemented an updated change with a parisc specific version of\nptep_clear_flush. It fixed the random data corruption on Helge's rp4440\nand rp3440, as well as on my c8000.\n\nAt this point, I realized that I could restore the code where we only\nflush in flush_cache_page_if_present if the page has been accessed.\nHowever, for this, we also need to flush the cache when the accessed\nbit is cleared in\n---truncated---", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H", "V3Score": 6.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-40918", "https://git.kernel.org/linus/72d95924ee35c8cd16ef52f912483ee938a34d49 (6.10-rc4)", "https://git.kernel.org/stable/c/5bf196f1936bf93df31112fbdfb78c03537c07b0", "https://git.kernel.org/stable/c/72d95924ee35c8cd16ef52f912483ee938a34d49", "https://git.kernel.org/stable/c/d66f2607d89f760cdffed88b22f309c895a2af20", "https://lore.kernel.org/linux-cve-announce/2024071212-CVE-2024-40918-1830@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-40918", "https://ubuntu.com/security/notices/USN-6999-1", "https://ubuntu.com/security/notices/USN-6999-2", "https://ubuntu.com/security/notices/USN-7004-1", "https://ubuntu.com/security/notices/USN-7005-1", "https://ubuntu.com/security/notices/USN-7005-2", "https://ubuntu.com/security/notices/USN-7008-1", "https://ubuntu.com/security/notices/USN-7029-1", "https://www.cve.org/CVERecord?id=CVE-2024-40918" ], "PublishedDate": "2024-07-12T13:15:14.863Z", "LastModifiedDate": "2025-09-17T15:37:44.19Z" }, { "VulnerabilityID": "CVE-2024-40954", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-40954", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c20e30ed3d01efd848dd53e6ce028f4c5ecec43a1da01ca964f1bb9a509d13d3", "Title": "kernel: net: do not leave a dangling sk pointer, when socket creation fails", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: do not leave a dangling sk pointer, when socket creation fails\n\nIt is possible to trigger a use-after-free by:\n * attaching an fentry probe to __sock_release() and the probe calling the\n bpf_get_socket_cookie() helper\n * running traceroute -I 1.1.1.1 on a freshly booted VM\n\nA KASAN enabled kernel will log something like below (decoded and stripped):\n==================================================================\nBUG: KASAN: slab-use-after-free in __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29)\nRead of size 8 at addr ffff888007110dd8 by task traceroute/299\n\nCPU: 2 PID: 299 Comm: traceroute Tainted: G E 6.10.0-rc2+ #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\ndump_stack_lvl (lib/dump_stack.c:117 (discriminator 1))\nprint_report (mm/kasan/report.c:378 mm/kasan/report.c:488)\n? __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29)\nkasan_report (mm/kasan/report.c:603)\n? __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29)\nkasan_check_range (mm/kasan/generic.c:183 mm/kasan/generic.c:189)\n__sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29)\nbpf_get_socket_ptr_cookie (./arch/x86/include/asm/preempt.h:94 ./include/linux/sock_diag.h:42 net/core/filter.c:5094 net/core/filter.c:5092)\nbpf_prog_875642cf11f1d139___sock_release+0x6e/0x8e\nbpf_trampoline_6442506592+0x47/0xaf\n__sock_release (net/socket.c:652)\n__sock_create (net/socket.c:1601)\n...\nAllocated by task 299 on cpu 2 at 78.328492s:\nkasan_save_stack (mm/kasan/common.c:48)\nkasan_save_track (mm/kasan/common.c:68)\n__kasan_slab_alloc (mm/kasan/common.c:312 mm/kasan/common.c:338)\nkmem_cache_alloc_noprof (mm/slub.c:3941 mm/slub.c:4000 mm/slub.c:4007)\nsk_prot_alloc (net/core/sock.c:2075)\nsk_alloc (net/core/sock.c:2134)\ninet_create (net/ipv4/af_inet.c:327 net/ipv4/af_inet.c:252)\n__sock_create (net/socket.c:1572)\n__sys_socket (net/socket.c:1660 net/socket.c:1644 net/socket.c:1706)\n__x64_sys_socket (net/socket.c:1718)\ndo_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nFreed by task 299 on cpu 2 at 78.328502s:\nkasan_save_stack (mm/kasan/common.c:48)\nkasan_save_track (mm/kasan/common.c:68)\nkasan_save_free_info (mm/kasan/generic.c:582)\npoison_slab_object (mm/kasan/common.c:242)\n__kasan_slab_free (mm/kasan/common.c:256)\nkmem_cache_free (mm/slub.c:4437 mm/slub.c:4511)\n__sk_destruct (net/core/sock.c:2117 net/core/sock.c:2208)\ninet_create (net/ipv4/af_inet.c:397 net/ipv4/af_inet.c:252)\n__sock_create (net/socket.c:1572)\n__sys_socket (net/socket.c:1660 net/socket.c:1644 net/socket.c:1706)\n__x64_sys_socket (net/socket.c:1718)\ndo_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nFix this by clearing the struct socket reference in sk_common_release() to cover\nall protocol families create functions, which may already attached the\nreference to the sk object with sock_init_data().", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "alma": 3, "amazon": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:5363", "https://access.redhat.com/security/cve/CVE-2024-40954", "https://bugzilla.redhat.com/2265838", "https://bugzilla.redhat.com/2273405", "https://bugzilla.redhat.com/2275600", "https://bugzilla.redhat.com/2275655", "https://bugzilla.redhat.com/2275715", "https://bugzilla.redhat.com/2275748", "https://bugzilla.redhat.com/2278380", "https://bugzilla.redhat.com/2278417", "https://bugzilla.redhat.com/2278429", "https://bugzilla.redhat.com/2278519", "https://bugzilla.redhat.com/2278989", "https://bugzilla.redhat.com/2281057", "https://bugzilla.redhat.com/2281097", "https://bugzilla.redhat.com/2281133", "https://bugzilla.redhat.com/2281190", "https://bugzilla.redhat.com/2281237", "https://bugzilla.redhat.com/2281257", "https://bugzilla.redhat.com/2281265", "https://bugzilla.redhat.com/2281272", "https://bugzilla.redhat.com/2281639", "https://bugzilla.redhat.com/2281667", "https://bugzilla.redhat.com/2281821", "https://bugzilla.redhat.com/2281900", "https://bugzilla.redhat.com/2281949", "https://bugzilla.redhat.com/2282719", "https://bugzilla.redhat.com/2284400", "https://bugzilla.redhat.com/2284417", "https://bugzilla.redhat.com/2284474", "https://bugzilla.redhat.com/2284496", "https://bugzilla.redhat.com/2284511", "https://bugzilla.redhat.com/2284513", "https://bugzilla.redhat.com/2284543", "https://bugzilla.redhat.com/2292331", "https://bugzilla.redhat.com/2293208", "https://bugzilla.redhat.com/2293418", "https://bugzilla.redhat.com/2293441", "https://bugzilla.redhat.com/2293657", "https://bugzilla.redhat.com/2293658", "https://bugzilla.redhat.com/2293686", "https://bugzilla.redhat.com/2293687", "https://bugzilla.redhat.com/2293688", "https://bugzilla.redhat.com/2297056", "https://bugzilla.redhat.com/2297512", "https://bugzilla.redhat.com/2297538", "https://bugzilla.redhat.com/2297542", "https://bugzilla.redhat.com/2297545", "https://bugzilla.redhat.com/show_bug.cgi?id=2265838", "https://bugzilla.redhat.com/show_bug.cgi?id=2273405", "https://bugzilla.redhat.com/show_bug.cgi?id=2275600", "https://bugzilla.redhat.com/show_bug.cgi?id=2275655", "https://bugzilla.redhat.com/show_bug.cgi?id=2275715", "https://bugzilla.redhat.com/show_bug.cgi?id=2275748", "https://bugzilla.redhat.com/show_bug.cgi?id=2278380", "https://bugzilla.redhat.com/show_bug.cgi?id=2278417", "https://bugzilla.redhat.com/show_bug.cgi?id=2278429", "https://bugzilla.redhat.com/show_bug.cgi?id=2278519", "https://bugzilla.redhat.com/show_bug.cgi?id=2278989", "https://bugzilla.redhat.com/show_bug.cgi?id=2281057", "https://bugzilla.redhat.com/show_bug.cgi?id=2281097", "https://bugzilla.redhat.com/show_bug.cgi?id=2281133", "https://bugzilla.redhat.com/show_bug.cgi?id=2281190", "https://bugzilla.redhat.com/show_bug.cgi?id=2281237", "https://bugzilla.redhat.com/show_bug.cgi?id=2281257", "https://bugzilla.redhat.com/show_bug.cgi?id=2281265", "https://bugzilla.redhat.com/show_bug.cgi?id=2281272", "https://bugzilla.redhat.com/show_bug.cgi?id=2281639", "https://bugzilla.redhat.com/show_bug.cgi?id=2281667", "https://bugzilla.redhat.com/show_bug.cgi?id=2281821", "https://bugzilla.redhat.com/show_bug.cgi?id=2281900", "https://bugzilla.redhat.com/show_bug.cgi?id=2281949", "https://bugzilla.redhat.com/show_bug.cgi?id=2282719", "https://bugzilla.redhat.com/show_bug.cgi?id=2284400", "https://bugzilla.redhat.com/show_bug.cgi?id=2284417", "https://bugzilla.redhat.com/show_bug.cgi?id=2284474", "https://bugzilla.redhat.com/show_bug.cgi?id=2284496", "https://bugzilla.redhat.com/show_bug.cgi?id=2284511", "https://bugzilla.redhat.com/show_bug.cgi?id=2284513", "https://bugzilla.redhat.com/show_bug.cgi?id=2284543", "https://bugzilla.redhat.com/show_bug.cgi?id=2292331", "https://bugzilla.redhat.com/show_bug.cgi?id=2293208", "https://bugzilla.redhat.com/show_bug.cgi?id=2293418", "https://bugzilla.redhat.com/show_bug.cgi?id=2293441", "https://bugzilla.redhat.com/show_bug.cgi?id=2293657", "https://bugzilla.redhat.com/show_bug.cgi?id=2293658", "https://bugzilla.redhat.com/show_bug.cgi?id=2293686", "https://bugzilla.redhat.com/show_bug.cgi?id=2293687", "https://bugzilla.redhat.com/show_bug.cgi?id=2293688", "https://bugzilla.redhat.com/show_bug.cgi?id=2297056", "https://bugzilla.redhat.com/show_bug.cgi?id=2297512", "https://bugzilla.redhat.com/show_bug.cgi?id=2297538", "https://bugzilla.redhat.com/show_bug.cgi?id=2297542", "https://bugzilla.redhat.com/show_bug.cgi?id=2297545", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47606", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52651", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26808", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26828", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26868", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26897", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27049", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27052", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27417", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35789", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35800", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35845", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35848", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35852", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35911", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35969", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36903", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36922", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37353", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37356", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38391", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38558", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40928", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40954", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40958", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40961", "https://errata.almalinux.org/9/ALSA-2024-5363.html", "https://errata.rockylinux.org/RLSA-2024:5363", "https://git.kernel.org/linus/6cd4a78d962bebbaf8beb7d2ead3f34120e3f7b2 (6.10-rc5)", "https://git.kernel.org/stable/c/454c454ed645fed051216b79622f7cb69c1638f5", "https://git.kernel.org/stable/c/5dfe2408fd7dc4d2e7ac38a116ff0a37b1cfd3b9", "https://git.kernel.org/stable/c/6cd4a78d962bebbaf8beb7d2ead3f34120e3f7b2", "https://git.kernel.org/stable/c/78e4aa528a7b1204219d808310524344f627d069", "https://git.kernel.org/stable/c/893eeba94c40d513cd0fe6539330ebdaea208c0e", "https://linux.oracle.com/cve/CVE-2024-40954.html", "https://linux.oracle.com/errata/ELSA-2024-7000.html", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024071223-CVE-2024-40954-093b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-40954", "https://ubuntu.com/security/notices/USN-6999-1", "https://ubuntu.com/security/notices/USN-6999-2", "https://ubuntu.com/security/notices/USN-7004-1", "https://ubuntu.com/security/notices/USN-7005-1", "https://ubuntu.com/security/notices/USN-7005-2", "https://ubuntu.com/security/notices/USN-7007-1", "https://ubuntu.com/security/notices/USN-7007-2", "https://ubuntu.com/security/notices/USN-7007-3", "https://ubuntu.com/security/notices/USN-7008-1", "https://ubuntu.com/security/notices/USN-7009-1", "https://ubuntu.com/security/notices/USN-7009-2", "https://ubuntu.com/security/notices/USN-7019-1", "https://ubuntu.com/security/notices/USN-7029-1", "https://www.cve.org/CVERecord?id=CVE-2024-40954" ], "PublishedDate": "2024-07-12T13:15:17.627Z", "LastModifiedDate": "2025-11-03T22:17:17.137Z" }, { "VulnerabilityID": "CVE-2024-40966", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-40966", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e7240b65e74cbd1ed5e0c94164f82e593e07887b99d29b6ab8d617150ebf59dd", "Title": "kernel: tty: add the option to have a tty reject a new ldisc", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: add the option to have a tty reject a new ldisc\n\n... and use it to limit the virtual terminals to just N_TTY. They are\nkind of special, and in particular, the \"con_write()\" routine violates\nthe \"writes cannot sleep\" rule that some ldiscs rely on.\n\nThis avoids the\n\n BUG: sleeping function called from invalid context at kernel/printk/printk.c:2659\n\nwhen N_GSM has been attached to a virtual console, and gsmld_write()\ncalls con_write() while holding a spinlock, and con_write() then tries\nto get the console lock.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-40966", "https://git.kernel.org/linus/6bd23e0c2bb6c65d4f5754d1456bc9a4427fc59b (6.10-rc1)", "https://git.kernel.org/stable/c/287b569a5b914903ba7c438a3c0dbc3410ebb409", "https://git.kernel.org/stable/c/3c6332f3bb1578b5b10ac2561247b1d6272ae937", "https://git.kernel.org/stable/c/5920ac19964f9e20181f63b410d9200ddbf8dc86", "https://git.kernel.org/stable/c/6bd23e0c2bb6c65d4f5754d1456bc9a4427fc59b", "https://linux.oracle.com/cve/CVE-2024-40966.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024071227-CVE-2024-40966-cea6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-40966", "https://ubuntu.com/security/notices/USN-6999-1", "https://ubuntu.com/security/notices/USN-6999-2", "https://ubuntu.com/security/notices/USN-7004-1", "https://ubuntu.com/security/notices/USN-7005-1", "https://ubuntu.com/security/notices/USN-7005-2", "https://ubuntu.com/security/notices/USN-7008-1", "https://ubuntu.com/security/notices/USN-7029-1", "https://www.cve.org/CVERecord?id=CVE-2024-40966" ], "PublishedDate": "2024-07-12T13:15:18.42Z", "LastModifiedDate": "2025-11-03T22:17:18.47Z" }, { "VulnerabilityID": "CVE-2024-40972", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-40972", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1bf6115d83d0e4f6fd8f137a8dcb61495911ffc24fcf7c7c0ff3a6ae960d523b", "Title": "kernel: ext4: do not create EA inode under buffer lock", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: do not create EA inode under buffer lock\n\next4_xattr_set_entry() creates new EA inodes while holding buffer lock\non the external xattr block. This is problematic as it nests all the\nallocation locking (which acquires locks on other buffers) under the\nbuffer lock. This can even deadlock when the filesystem is corrupted and\ne.g. quota file is setup to contain xattr block as data block. Move the\nallocation of EA inode out of ext4_xattr_set_entry() into the callers.", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "alma": 2, "amazon": 3, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:8617", "https://access.redhat.com/security/cve/CVE-2024-40972", "https://bugzilla.redhat.com/2268118", "https://bugzilla.redhat.com/2270100", "https://bugzilla.redhat.com/2275604", "https://bugzilla.redhat.com/2277171", "https://bugzilla.redhat.com/2278176", "https://bugzilla.redhat.com/2278235", "https://bugzilla.redhat.com/2282357", "https://bugzilla.redhat.com/2293654", "https://bugzilla.redhat.com/2296067", "https://bugzilla.redhat.com/2297476", "https://bugzilla.redhat.com/2297488", "https://bugzilla.redhat.com/2297515", "https://bugzilla.redhat.com/2297544", "https://bugzilla.redhat.com/2297556", "https://bugzilla.redhat.com/2297561", "https://bugzilla.redhat.com/2297579", "https://bugzilla.redhat.com/2297582", "https://bugzilla.redhat.com/2297589", "https://bugzilla.redhat.com/2300296", "https://bugzilla.redhat.com/2300297", "https://bugzilla.redhat.com/2311715", "https://bugzilla.redhat.com/show_bug.cgi?id=2268118", "https://bugzilla.redhat.com/show_bug.cgi?id=2270100", "https://bugzilla.redhat.com/show_bug.cgi?id=2275604", "https://bugzilla.redhat.com/show_bug.cgi?id=2277171", "https://bugzilla.redhat.com/show_bug.cgi?id=2278176", "https://bugzilla.redhat.com/show_bug.cgi?id=2278235", "https://bugzilla.redhat.com/show_bug.cgi?id=2282357", "https://bugzilla.redhat.com/show_bug.cgi?id=2293654", "https://bugzilla.redhat.com/show_bug.cgi?id=2296067", "https://bugzilla.redhat.com/show_bug.cgi?id=2297476", "https://bugzilla.redhat.com/show_bug.cgi?id=2297488", "https://bugzilla.redhat.com/show_bug.cgi?id=2297515", "https://bugzilla.redhat.com/show_bug.cgi?id=2297544", "https://bugzilla.redhat.com/show_bug.cgi?id=2297556", "https://bugzilla.redhat.com/show_bug.cgi?id=2297561", "https://bugzilla.redhat.com/show_bug.cgi?id=2297579", "https://bugzilla.redhat.com/show_bug.cgi?id=2297582", "https://bugzilla.redhat.com/show_bug.cgi?id=2297589", "https://bugzilla.redhat.com/show_bug.cgi?id=2300296", "https://bugzilla.redhat.com/show_bug.cgi?id=2300297", "https://bugzilla.redhat.com/show_bug.cgi?id=2311715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47383", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26923", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26935", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36244", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39504", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40904", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40931", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40960", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40972", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40977", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40995", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40998", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41005", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41013", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43854", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45018", "https://errata.almalinux.org/9/ALSA-2024-8617.html", "https://errata.rockylinux.org/RLSA-2024:8617", "https://git.kernel.org/linus/0a46ef234756dca04623b7591e8ebb3440622f0b (6.10-rc1)", "https://git.kernel.org/stable/c/0752e7fb549d90c33b4d4186f11cfd25a556d1dd", "https://git.kernel.org/stable/c/0a46ef234756dca04623b7591e8ebb3440622f0b", "https://git.kernel.org/stable/c/111103907234bffd0a34fba070ad9367de058752", "https://git.kernel.org/stable/c/737fb7853acd5bc8984f6f42e4bfba3334be8ae1", "https://linux.oracle.com/cve/CVE-2024-40972.html", "https://linux.oracle.com/errata/ELSA-2024-8617.html", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024071229-CVE-2024-40972-1569@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-40972", "https://ubuntu.com/security/notices/USN-6999-1", "https://ubuntu.com/security/notices/USN-6999-2", "https://ubuntu.com/security/notices/USN-7004-1", "https://ubuntu.com/security/notices/USN-7005-1", "https://ubuntu.com/security/notices/USN-7005-2", "https://ubuntu.com/security/notices/USN-7008-1", "https://ubuntu.com/security/notices/USN-7029-1", "https://www.cve.org/CVERecord?id=CVE-2024-40972" ], "PublishedDate": "2024-07-12T13:15:18.82Z", "LastModifiedDate": "2025-11-03T22:17:19.16Z" }, { "VulnerabilityID": "CVE-2024-40975", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-40975", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2f1391012c886246862a0a13afb15c798240d218b6b3c3dade53c2443f976894", "Title": "kernel: platform/x86: x86-android-tablets: Unregister devices in reverse order", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: x86-android-tablets: Unregister devices in reverse order\n\nNot all subsystems support a device getting removed while there are\nstill consumers of the device with a reference to the device.\n\nOne example of this is the regulator subsystem. If a regulator gets\nunregistered while there are still drivers holding a reference\na WARN() at drivers/regulator/core.c:5829 triggers, e.g.:\n\n WARNING: CPU: 1 PID: 1587 at drivers/regulator/core.c:5829 regulator_unregister\n Hardware name: Intel Corp. VALLEYVIEW C0 PLATFORM/BYT-T FFD8, BIOS BLADE_21.X64.0005.R00.1504101516 FFD8_X64_R_2015_04_10_1516 04/10/2015\n RIP: 0010:regulator_unregister\n Call Trace:\n \u003cTASK\u003e\n regulator_unregister\n devres_release_group\n i2c_device_remove\n device_release_driver_internal\n bus_remove_device\n device_del\n device_unregister\n x86_android_tablet_remove\n\nOn the Lenovo Yoga Tablet 2 series the bq24190 charger chip also provides\na 5V boost converter output for powering USB devices connected to the micro\nUSB port, the bq24190-charger driver exports this as a Vbus regulator.\n\nOn the 830 (8\") and 1050 (\"10\") models this regulator is controlled by\na platform_device and x86_android_tablet_remove() removes platform_device-s\nbefore i2c_clients so the consumer gets removed first.\n\nBut on the 1380 (13\") model there is a lc824206xa micro-USB switch\nconnected over I2C and the extcon driver for that controls the regulator.\nThe bq24190 i2c-client *must* be registered first, because that creates\nthe regulator with the lc824206xa listed as its consumer. If the regulator\nhas not been registered yet the lc824206xa driver will end up getting\na dummy regulator.\n\nSince in this case both the regulator provider and consumer are I2C\ndevices, the only way to ensure that the consumer is unregistered first\nis to unregister the I2C devices in reverse order of in which they were\ncreated.\n\nFor consistency and to avoid similar problems in the future change\nx86_android_tablet_remove() to unregister all device types in reverse\norder.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-40975", "https://git.kernel.org/linus/3de0f2627ef849735f155c1818247f58404dddfe (6.10-rc1)", "https://git.kernel.org/stable/c/36ff963c133a25ed1166a25c3ba8b357ea010fda", "https://git.kernel.org/stable/c/3de0f2627ef849735f155c1818247f58404dddfe", "https://git.kernel.org/stable/c/f0c982853d665597d17e4995ff479fbbf79a9cf6", "https://lore.kernel.org/linux-cve-announce/2024071230-CVE-2024-40975-f7d8@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-40975", "https://ubuntu.com/security/notices/USN-6999-1", "https://ubuntu.com/security/notices/USN-6999-2", "https://ubuntu.com/security/notices/USN-7004-1", "https://ubuntu.com/security/notices/USN-7005-1", "https://ubuntu.com/security/notices/USN-7005-2", "https://ubuntu.com/security/notices/USN-7008-1", "https://ubuntu.com/security/notices/USN-7029-1", "https://www.cve.org/CVERecord?id=CVE-2024-40975" ], "PublishedDate": "2024-07-12T13:15:19.007Z", "LastModifiedDate": "2025-10-06T20:43:08.51Z" }, { "VulnerabilityID": "CVE-2024-40977", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-40977", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:62c9230f65a86928cdf293f29f42ff421684ee07bcc61d494490f1ae8fc3a311", "Title": "kernel: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7921s: fix potential hung tasks during chip recovery\n\nDuring chip recovery (e.g. chip reset), there is a possible situation that\nkernel worker reset_work is holding the lock and waiting for kernel thread\nstat_worker to be parked, while stat_worker is waiting for the release of\nthe same lock.\nIt causes a deadlock resulting in the dumping of hung tasks messages and\npossible rebooting of the device.\n\nThis patch prevents the execution of stat_worker during the chip recovery.", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "alma": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:8617", "https://access.redhat.com/security/cve/CVE-2024-40977", "https://bugzilla.redhat.com/2268118", "https://bugzilla.redhat.com/2270100", "https://bugzilla.redhat.com/2275604", "https://bugzilla.redhat.com/2277171", "https://bugzilla.redhat.com/2278176", "https://bugzilla.redhat.com/2278235", "https://bugzilla.redhat.com/2282357", "https://bugzilla.redhat.com/2293654", "https://bugzilla.redhat.com/2296067", "https://bugzilla.redhat.com/2297476", "https://bugzilla.redhat.com/2297488", "https://bugzilla.redhat.com/2297515", "https://bugzilla.redhat.com/2297544", "https://bugzilla.redhat.com/2297556", "https://bugzilla.redhat.com/2297561", "https://bugzilla.redhat.com/2297579", "https://bugzilla.redhat.com/2297582", "https://bugzilla.redhat.com/2297589", "https://bugzilla.redhat.com/2300296", "https://bugzilla.redhat.com/2300297", "https://bugzilla.redhat.com/2311715", "https://bugzilla.redhat.com/show_bug.cgi?id=2268118", "https://bugzilla.redhat.com/show_bug.cgi?id=2270100", "https://bugzilla.redhat.com/show_bug.cgi?id=2275604", "https://bugzilla.redhat.com/show_bug.cgi?id=2277171", "https://bugzilla.redhat.com/show_bug.cgi?id=2278176", "https://bugzilla.redhat.com/show_bug.cgi?id=2278235", "https://bugzilla.redhat.com/show_bug.cgi?id=2282357", "https://bugzilla.redhat.com/show_bug.cgi?id=2293654", "https://bugzilla.redhat.com/show_bug.cgi?id=2296067", "https://bugzilla.redhat.com/show_bug.cgi?id=2297476", "https://bugzilla.redhat.com/show_bug.cgi?id=2297488", "https://bugzilla.redhat.com/show_bug.cgi?id=2297515", "https://bugzilla.redhat.com/show_bug.cgi?id=2297544", "https://bugzilla.redhat.com/show_bug.cgi?id=2297556", "https://bugzilla.redhat.com/show_bug.cgi?id=2297561", "https://bugzilla.redhat.com/show_bug.cgi?id=2297579", "https://bugzilla.redhat.com/show_bug.cgi?id=2297582", "https://bugzilla.redhat.com/show_bug.cgi?id=2297589", "https://bugzilla.redhat.com/show_bug.cgi?id=2300296", "https://bugzilla.redhat.com/show_bug.cgi?id=2300297", "https://bugzilla.redhat.com/show_bug.cgi?id=2311715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47383", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26923", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26935", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36244", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39504", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40904", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40931", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40960", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40972", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40977", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40995", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40998", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41005", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41013", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43854", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45018", "https://errata.almalinux.org/9/ALSA-2024-8617.html", "https://errata.rockylinux.org/RLSA-2024:8617", "https://git.kernel.org/linus/ecf0b2b8a37c8464186620bef37812a117ff6366 (6.10-rc1)", "https://git.kernel.org/stable/c/0b81faa05b0b9feb3ae2d69be1d21f0d126ecb08", "https://git.kernel.org/stable/c/85edd783f4539a994d66c4c014d5858f490b7a02", "https://git.kernel.org/stable/c/e974dd4c22a23ec3ce579fb6d31a674ac0435da9", "https://git.kernel.org/stable/c/ecf0b2b8a37c8464186620bef37812a117ff6366", "https://linux.oracle.com/cve/CVE-2024-40977.html", "https://linux.oracle.com/errata/ELSA-2024-8617.html", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024071230-CVE-2024-40977-07c8@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-40977", "https://ubuntu.com/security/notices/USN-6999-1", "https://ubuntu.com/security/notices/USN-6999-2", "https://ubuntu.com/security/notices/USN-7004-1", "https://ubuntu.com/security/notices/USN-7005-1", "https://ubuntu.com/security/notices/USN-7005-2", "https://ubuntu.com/security/notices/USN-7008-1", "https://ubuntu.com/security/notices/USN-7029-1", "https://www.cve.org/CVERecord?id=CVE-2024-40977" ], "PublishedDate": "2024-07-12T13:15:19.143Z", "LastModifiedDate": "2025-11-03T22:17:19.57Z" }, { "VulnerabilityID": "CVE-2024-40979", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-40979", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e0ad57012a1a76348219c2c005fcdddb48378022c5358b49eb3330383ffdf220", "Title": "kernel: wifi: ath12k: fix kernel crash during resume", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix kernel crash during resume\n\nCurrently during resume, QMI target memory is not properly handled, resulting\nin kernel crash in case DMA remap is not supported:\n\nBUG: Bad page state in process kworker/u16:54 pfn:36e80\npage: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36e80\npage dumped because: nonzero _refcount\nCall Trace:\n bad_page\n free_page_is_bad_report\n __free_pages_ok\n __free_pages\n dma_direct_free\n dma_free_attrs\n ath12k_qmi_free_target_mem_chunk\n ath12k_qmi_msg_mem_request_cb\n\nThe reason is:\nOnce ath12k module is loaded, firmware sends memory request to host. In case\nDMA remap not supported, ath12k refuses the first request due to failure in\nallocating with large segment size:\n\nath12k_pci 0000:04:00.0: qmi firmware request memory request\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 7077888\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 8454144\nath12k_pci 0000:04:00.0: qmi dma allocation failed (7077888 B type 1), will try later with small size\nath12k_pci 0000:04:00.0: qmi delays mem_request 2\nath12k_pci 0000:04:00.0: qmi firmware request memory request\n\nLater firmware comes back with more but small segments and allocation\nsucceeds:\n\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 262144\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 65536\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\n\nNow ath12k is working. If suspend is triggered, firmware will be reloaded\nduring resume. As same as before, firmware requests two large segments at\nfirst. In ath12k_qmi_msg_mem_request_cb() segment count and size are\nassigned:\n\n\tab-\u003eqmi.mem_seg_count == 2\n\tab-\u003eqmi.target_mem[0].size == 7077888\n\tab-\u003eqmi.target_mem[1].size == 8454144\n\nThen allocation failed like before and ath12k_qmi_free_target_mem_chunk()\nis called to free all allocated segments. Note the first segment is skipped\nbecause its v.addr is cleared due to allocation failure:\n\n\tchunk-\u003ev.addr = dma_alloc_coherent()\n\nAlso note that this leaks that segment because it has not been freed.\n\nWhile freeing the second segment, a size of 8454144 is passed to\ndma_free_coherent(). However remember that this segment is allocated at\nthe first time firmware is loaded, before suspend. So its real size is\n524288, much smaller than 8454144. As a result kernel found we are freeing\nsome memory which is in use and thus cras\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-401", "CWE-763" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-40979", "https://git.kernel.org/linus/303c017821d88ebad887814114d4e5966d320b28 (6.10-rc1)", "https://git.kernel.org/stable/c/303c017821d88ebad887814114d4e5966d320b28", "https://git.kernel.org/stable/c/bb50a4e711ff95348ad53641acb1306d89eb4c3a", "https://lore.kernel.org/linux-cve-announce/2024071231-CVE-2024-40979-4cfa@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-40979", "https://ubuntu.com/security/notices/USN-6999-1", "https://ubuntu.com/security/notices/USN-6999-2", "https://ubuntu.com/security/notices/USN-7004-1", "https://ubuntu.com/security/notices/USN-7005-1", "https://ubuntu.com/security/notices/USN-7005-2", "https://ubuntu.com/security/notices/USN-7008-1", "https://ubuntu.com/security/notices/USN-7029-1", "https://www.cve.org/CVERecord?id=CVE-2024-40979" ], "PublishedDate": "2024-07-12T13:15:19.477Z", "LastModifiedDate": "2025-09-17T14:57:57.393Z" }, { "VulnerabilityID": "CVE-2024-40989", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-40989", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:28d0a641e59e7bec7dbcc3e646d75c4d36de8ac0738247fc8c81a5cf6dc78601", "Title": "kernel: KVM: arm64: Disassociate vcpus from redistributor region on teardown", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Disassociate vcpus from redistributor region on teardown\n\nWhen tearing down a redistributor region, make sure we don't have\nany dangling pointer to that region stored in a vcpu.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "alma": 3, "amazon": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H", "V3Score": 5.6 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:7001", "https://access.redhat.com/security/cve/CVE-2024-40989", "https://bugzilla.redhat.com/2258012", "https://bugzilla.redhat.com/2258013", "https://bugzilla.redhat.com/2260038", "https://bugzilla.redhat.com/2265799", "https://bugzilla.redhat.com/2266358", "https://bugzilla.redhat.com/2266750", "https://bugzilla.redhat.com/2267036", "https://bugzilla.redhat.com/2267041", "https://bugzilla.redhat.com/2267795", "https://bugzilla.redhat.com/2267916", "https://bugzilla.redhat.com/2267925", "https://bugzilla.redhat.com/2268295", "https://bugzilla.redhat.com/2271648", "https://bugzilla.redhat.com/2271796", "https://bugzilla.redhat.com/2272793", "https://bugzilla.redhat.com/2273141", "https://bugzilla.redhat.com/2273148", "https://bugzilla.redhat.com/2273180", "https://bugzilla.redhat.com/2275661", "https://bugzilla.redhat.com/2275690", "https://bugzilla.redhat.com/2275742", "https://bugzilla.redhat.com/2277171", "https://bugzilla.redhat.com/2278220", "https://bugzilla.redhat.com/2278270", "https://bugzilla.redhat.com/2278447", "https://bugzilla.redhat.com/2281217", "https://bugzilla.redhat.com/2281317", "https://bugzilla.redhat.com/2281704", "https://bugzilla.redhat.com/2281720", "https://bugzilla.redhat.com/2281807", "https://bugzilla.redhat.com/2281847", "https://bugzilla.redhat.com/2282324", "https://bugzilla.redhat.com/2282345", "https://bugzilla.redhat.com/2282354", "https://bugzilla.redhat.com/2282355", "https://bugzilla.redhat.com/2282356", "https://bugzilla.redhat.com/2282357", "https://bugzilla.redhat.com/2282366", "https://bugzilla.redhat.com/2282401", "https://bugzilla.redhat.com/2282422", "https://bugzilla.redhat.com/2282440", "https://bugzilla.redhat.com/2282508", "https://bugzilla.redhat.com/2282511", "https://bugzilla.redhat.com/2282676", "https://bugzilla.redhat.com/2282757", "https://bugzilla.redhat.com/2282851", "https://bugzilla.redhat.com/2282890", "https://bugzilla.redhat.com/2282903", "https://bugzilla.redhat.com/2282918", "https://bugzilla.redhat.com/2283389", "https://bugzilla.redhat.com/2283424", "https://bugzilla.redhat.com/2284271", "https://bugzilla.redhat.com/2284515", "https://bugzilla.redhat.com/2284545", "https://bugzilla.redhat.com/2284596", "https://bugzilla.redhat.com/2284628", "https://bugzilla.redhat.com/2284634", "https://bugzilla.redhat.com/2293247", "https://bugzilla.redhat.com/2293270", "https://bugzilla.redhat.com/2293273", "https://bugzilla.redhat.com/2293304", "https://bugzilla.redhat.com/2293377", "https://bugzilla.redhat.com/2293408", "https://bugzilla.redhat.com/2293423", "https://bugzilla.redhat.com/2293440", "https://bugzilla.redhat.com/2293441", "https://bugzilla.redhat.com/2293658", "https://bugzilla.redhat.com/2294313", "https://bugzilla.redhat.com/2297471", "https://bugzilla.redhat.com/2297473", "https://bugzilla.redhat.com/2297478", "https://bugzilla.redhat.com/2297488", "https://bugzilla.redhat.com/2297495", "https://bugzilla.redhat.com/2297496", "https://bugzilla.redhat.com/2297513", "https://bugzilla.redhat.com/2297515", "https://bugzilla.redhat.com/2297525", "https://bugzilla.redhat.com/2297538", "https://bugzilla.redhat.com/2297542", "https://bugzilla.redhat.com/2297543", "https://bugzilla.redhat.com/2297544", "https://bugzilla.redhat.com/2297556", "https://bugzilla.redhat.com/2297561", "https://bugzilla.redhat.com/2297562", "https://bugzilla.redhat.com/2297572", "https://bugzilla.redhat.com/2297573", "https://bugzilla.redhat.com/2297579", "https://bugzilla.redhat.com/2297581", "https://bugzilla.redhat.com/2297582", "https://bugzilla.redhat.com/2297589", "https://bugzilla.redhat.com/2297706", "https://bugzilla.redhat.com/2297909", "https://bugzilla.redhat.com/2298079", "https://bugzilla.redhat.com/2298140", "https://bugzilla.redhat.com/2298177", "https://bugzilla.redhat.com/2298640", "https://bugzilla.redhat.com/2299240", "https://bugzilla.redhat.com/2299336", "https://bugzilla.redhat.com/2299452", "https://bugzilla.redhat.com/2300296", "https://bugzilla.redhat.com/2300297", "https://bugzilla.redhat.com/2300402", "https://bugzilla.redhat.com/2300407", "https://bugzilla.redhat.com/2300408", "https://bugzilla.redhat.com/2300409", "https://bugzilla.redhat.com/2300410", "https://bugzilla.redhat.com/2300414", "https://bugzilla.redhat.com/2300429", "https://bugzilla.redhat.com/2300430", "https://bugzilla.redhat.com/2300434", "https://bugzilla.redhat.com/2300448", "https://bugzilla.redhat.com/2300453", "https://bugzilla.redhat.com/2300492", "https://bugzilla.redhat.com/2300533", "https://bugzilla.redhat.com/2300552", "https://bugzilla.redhat.com/2300713", "https://bugzilla.redhat.com/2301477", "https://bugzilla.redhat.com/2301489", "https://bugzilla.redhat.com/2301496", "https://bugzilla.redhat.com/2301519", "https://bugzilla.redhat.com/2301522", "https://bugzilla.redhat.com/2301544", "https://bugzilla.redhat.com/2303077", "https://bugzilla.redhat.com/2303505", "https://bugzilla.redhat.com/2303506", "https://bugzilla.redhat.com/2303508", "https://bugzilla.redhat.com/2303514", "https://bugzilla.redhat.com/2305467", "https://bugzilla.redhat.com/2306365", "https://bugzilla.redhat.com/show_bug.cgi?id=2258012", "https://bugzilla.redhat.com/show_bug.cgi?id=2258013", "https://bugzilla.redhat.com/show_bug.cgi?id=2260038", "https://bugzilla.redhat.com/show_bug.cgi?id=2265799", "https://bugzilla.redhat.com/show_bug.cgi?id=2265838", "https://bugzilla.redhat.com/show_bug.cgi?id=2266358", "https://bugzilla.redhat.com/show_bug.cgi?id=2266750", "https://bugzilla.redhat.com/show_bug.cgi?id=2267036", "https://bugzilla.redhat.com/show_bug.cgi?id=2267041", "https://bugzilla.redhat.com/show_bug.cgi?id=2267795", "https://bugzilla.redhat.com/show_bug.cgi?id=2267916", "https://bugzilla.redhat.com/show_bug.cgi?id=2267925", "https://bugzilla.redhat.com/show_bug.cgi?id=2268295", "https://bugzilla.redhat.com/show_bug.cgi?id=2270103", "https://bugzilla.redhat.com/show_bug.cgi?id=2271648", "https://bugzilla.redhat.com/show_bug.cgi?id=2271796", "https://bugzilla.redhat.com/show_bug.cgi?id=2272793", "https://bugzilla.redhat.com/show_bug.cgi?id=2273141", "https://bugzilla.redhat.com/show_bug.cgi?id=2273148", "https://bugzilla.redhat.com/show_bug.cgi?id=2273180", "https://bugzilla.redhat.com/show_bug.cgi?id=2275558", "https://bugzilla.redhat.com/show_bug.cgi?id=2275661", "https://bugzilla.redhat.com/show_bug.cgi?id=2275690", "https://bugzilla.redhat.com/show_bug.cgi?id=2275742", "https://bugzilla.redhat.com/show_bug.cgi?id=2277171", "https://bugzilla.redhat.com/show_bug.cgi?id=2278220", "https://bugzilla.redhat.com/show_bug.cgi?id=2278270", "https://bugzilla.redhat.com/show_bug.cgi?id=2278447", "https://bugzilla.redhat.com/show_bug.cgi?id=2281217", "https://bugzilla.redhat.com/show_bug.cgi?id=2281317", "https://bugzilla.redhat.com/show_bug.cgi?id=2281704", "https://bugzilla.redhat.com/show_bug.cgi?id=2281720", "https://bugzilla.redhat.com/show_bug.cgi?id=2281807", "https://bugzilla.redhat.com/show_bug.cgi?id=2281847", "https://bugzilla.redhat.com/show_bug.cgi?id=2282324", "https://bugzilla.redhat.com/show_bug.cgi?id=2282345", "https://bugzilla.redhat.com/show_bug.cgi?id=2282354", "https://bugzilla.redhat.com/show_bug.cgi?id=2282355", "https://bugzilla.redhat.com/show_bug.cgi?id=2282356", "https://bugzilla.redhat.com/show_bug.cgi?id=2282357", "https://bugzilla.redhat.com/show_bug.cgi?id=2282366", "https://bugzilla.redhat.com/show_bug.cgi?id=2282401", "https://bugzilla.redhat.com/show_bug.cgi?id=2282422", "https://bugzilla.redhat.com/show_bug.cgi?id=2282440", "https://bugzilla.redhat.com/show_bug.cgi?id=2282508", "https://bugzilla.redhat.com/show_bug.cgi?id=2282511", "https://bugzilla.redhat.com/show_bug.cgi?id=2282648", "https://bugzilla.redhat.com/show_bug.cgi?id=2282669", "https://bugzilla.redhat.com/show_bug.cgi?id=2282676", "https://bugzilla.redhat.com/show_bug.cgi?id=2282757", "https://bugzilla.redhat.com/show_bug.cgi?id=2282764", "https://bugzilla.redhat.com/show_bug.cgi?id=2282851", "https://bugzilla.redhat.com/show_bug.cgi?id=2282890", "https://bugzilla.redhat.com/show_bug.cgi?id=2282903", "https://bugzilla.redhat.com/show_bug.cgi?id=2282918", "https://bugzilla.redhat.com/show_bug.cgi?id=2283389", "https://bugzilla.redhat.com/show_bug.cgi?id=2283424", "https://bugzilla.redhat.com/show_bug.cgi?id=2284271", "https://bugzilla.redhat.com/show_bug.cgi?id=2284511", "https://bugzilla.redhat.com/show_bug.cgi?id=2284515", "https://bugzilla.redhat.com/show_bug.cgi?id=2284545", "https://bugzilla.redhat.com/show_bug.cgi?id=2284596", "https://bugzilla.redhat.com/show_bug.cgi?id=2284628", "https://bugzilla.redhat.com/show_bug.cgi?id=2284630", "https://bugzilla.redhat.com/show_bug.cgi?id=2284634", "https://bugzilla.redhat.com/show_bug.cgi?id=2293247", "https://bugzilla.redhat.com/show_bug.cgi?id=2293270", "https://bugzilla.redhat.com/show_bug.cgi?id=2293273", "https://bugzilla.redhat.com/show_bug.cgi?id=2293304", "https://bugzilla.redhat.com/show_bug.cgi?id=2293377", "https://bugzilla.redhat.com/show_bug.cgi?id=2293408", "https://bugzilla.redhat.com/show_bug.cgi?id=2293414", "https://bugzilla.redhat.com/show_bug.cgi?id=2293423", "https://bugzilla.redhat.com/show_bug.cgi?id=2293440", "https://bugzilla.redhat.com/show_bug.cgi?id=2293441", "https://bugzilla.redhat.com/show_bug.cgi?id=2293658", "https://bugzilla.redhat.com/show_bug.cgi?id=2294313", "https://bugzilla.redhat.com/show_bug.cgi?id=2297471", "https://bugzilla.redhat.com/show_bug.cgi?id=2297473", "https://bugzilla.redhat.com/show_bug.cgi?id=2297478", "https://bugzilla.redhat.com/show_bug.cgi?id=2297488", "https://bugzilla.redhat.com/show_bug.cgi?id=2297495", "https://bugzilla.redhat.com/show_bug.cgi?id=2297496", "https://bugzilla.redhat.com/show_bug.cgi?id=2297513", "https://bugzilla.redhat.com/show_bug.cgi?id=2297515", "https://bugzilla.redhat.com/show_bug.cgi?id=2297525", "https://bugzilla.redhat.com/show_bug.cgi?id=2297538", "https://bugzilla.redhat.com/show_bug.cgi?id=2297542", "https://bugzilla.redhat.com/show_bug.cgi?id=2297543", "https://bugzilla.redhat.com/show_bug.cgi?id=2297544", "https://bugzilla.redhat.com/show_bug.cgi?id=2297556", "https://bugzilla.redhat.com/show_bug.cgi?id=2297561", "https://bugzilla.redhat.com/show_bug.cgi?id=2297562", "https://bugzilla.redhat.com/show_bug.cgi?id=2297572", "https://bugzilla.redhat.com/show_bug.cgi?id=2297573", "https://bugzilla.redhat.com/show_bug.cgi?id=2297579", "https://bugzilla.redhat.com/show_bug.cgi?id=2297581", "https://bugzilla.redhat.com/show_bug.cgi?id=2297582", "https://bugzilla.redhat.com/show_bug.cgi?id=2297589", "https://bugzilla.redhat.com/show_bug.cgi?id=2297706", "https://bugzilla.redhat.com/show_bug.cgi?id=2297909", "https://bugzilla.redhat.com/show_bug.cgi?id=2298079", "https://bugzilla.redhat.com/show_bug.cgi?id=2298140", "https://bugzilla.redhat.com/show_bug.cgi?id=2298177", "https://bugzilla.redhat.com/show_bug.cgi?id=2298640", "https://bugzilla.redhat.com/show_bug.cgi?id=2299240", "https://bugzilla.redhat.com/show_bug.cgi?id=2299336", "https://bugzilla.redhat.com/show_bug.cgi?id=2299452", "https://bugzilla.redhat.com/show_bug.cgi?id=2300296", "https://bugzilla.redhat.com/show_bug.cgi?id=2300297", "https://bugzilla.redhat.com/show_bug.cgi?id=2300381", "https://bugzilla.redhat.com/show_bug.cgi?id=2300402", "https://bugzilla.redhat.com/show_bug.cgi?id=2300407", "https://bugzilla.redhat.com/show_bug.cgi?id=2300408", "https://bugzilla.redhat.com/show_bug.cgi?id=2300409", "https://bugzilla.redhat.com/show_bug.cgi?id=2300410", "https://bugzilla.redhat.com/show_bug.cgi?id=2300414", "https://bugzilla.redhat.com/show_bug.cgi?id=2300429", "https://bugzilla.redhat.com/show_bug.cgi?id=2300430", "https://bugzilla.redhat.com/show_bug.cgi?id=2300434", "https://bugzilla.redhat.com/show_bug.cgi?id=2300439", "https://bugzilla.redhat.com/show_bug.cgi?id=2300440", "https://bugzilla.redhat.com/show_bug.cgi?id=2300448", "https://bugzilla.redhat.com/show_bug.cgi?id=2300453", "https://bugzilla.redhat.com/show_bug.cgi?id=2300492", "https://bugzilla.redhat.com/show_bug.cgi?id=2300533", "https://bugzilla.redhat.com/show_bug.cgi?id=2300552", "https://bugzilla.redhat.com/show_bug.cgi?id=2300709", "https://bugzilla.redhat.com/show_bug.cgi?id=2300713", "https://bugzilla.redhat.com/show_bug.cgi?id=2301477", "https://bugzilla.redhat.com/show_bug.cgi?id=2301489", "https://bugzilla.redhat.com/show_bug.cgi?id=2301496", "https://bugzilla.redhat.com/show_bug.cgi?id=2301519", "https://bugzilla.redhat.com/show_bug.cgi?id=2301522", "https://bugzilla.redhat.com/show_bug.cgi?id=2301543", "https://bugzilla.redhat.com/show_bug.cgi?id=2301544", "https://bugzilla.redhat.com/show_bug.cgi?id=2303077", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46984", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47101", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47287", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47289", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47338", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47352", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47383", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47384", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47385", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47386", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47393", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47412", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47432", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47441", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47455", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47466", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47497", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47527", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47560", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47582", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47609", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48619", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48754", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48760", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48804", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48836", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48866", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49316", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52470", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52476", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52478", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52522", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52605", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52683", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52798", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52800", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52817", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52840", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6040", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23848", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26595", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26638", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26645", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26649", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26665", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26717", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26720", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26769", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26846", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26855", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26880", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26894", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26923", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26939", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27013", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27042", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35877", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35884", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35944", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36883", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36901", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36902", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36919", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36920", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36922", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36939", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36953", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37356", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38558", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38559", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38570", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38579", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38581", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38619", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39471", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39499", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39501", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39506", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40901", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40904", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40911", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40912", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40929", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40931", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40941", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40954", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40958", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40959", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40960", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40972", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40977", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40978", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40988", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40995", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40997", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40998", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41005", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41007", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41008", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41012", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41013", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41023", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41035", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41038", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41039", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41040", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41041", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41044", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41055", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41060", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41065", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41071", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41076", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41090", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41091", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42084", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42090", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42094", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42096", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42114", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42124", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42131", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42152", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42154", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42225", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42226", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42228", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42237", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42238", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42240", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42246", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42265", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43830", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43871", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45026", "https://errata.almalinux.org/8/ALSA-2024-7001.html", "https://errata.rockylinux.org/RLSA-2024:7000", "https://git.kernel.org/linus/0d92e4a7ffd5c42b9fa864692f82476c0bf8bcc8 (6.10-rc5)", "https://git.kernel.org/stable/c/0d92e4a7ffd5c42b9fa864692f82476c0bf8bcc8", "https://git.kernel.org/stable/c/152b4123f21e6aff31cea01158176ad96a999c76", "https://git.kernel.org/stable/c/48bb62859d47c5c4197a8c01128d0fa4f46ee58c", "https://git.kernel.org/stable/c/68df4fc449fcc24347209e500ce26d5816705a77", "https://linux.oracle.com/cve/CVE-2024-40989.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024071249-CVE-2024-40989-c8da@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-40989", "https://ubuntu.com/security/notices/USN-6999-1", "https://ubuntu.com/security/notices/USN-6999-2", "https://ubuntu.com/security/notices/USN-7004-1", "https://ubuntu.com/security/notices/USN-7005-1", "https://ubuntu.com/security/notices/USN-7005-2", "https://ubuntu.com/security/notices/USN-7008-1", "https://ubuntu.com/security/notices/USN-7029-1", "https://www.cve.org/CVERecord?id=CVE-2024-40989" ], "PublishedDate": "2024-07-12T13:15:20.31Z", "LastModifiedDate": "2025-11-03T22:17:20.813Z" }, { "VulnerabilityID": "CVE-2024-40998", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-40998", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c03575df70ae73c35dae022b144cb26a02a362663aa431609a5b7c6455f348db", "Title": "kernel: ext4: fix uninitialized ratelimit_state-\u0026gt;lock access in __ext4_fill_super()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix uninitialized ratelimit_state-\u003elock access in __ext4_fill_super()\n\nIn the following concurrency we will access the uninitialized rs-\u003elock:\n\next4_fill_super\n ext4_register_sysfs\n // sysfs registered msg_ratelimit_interval_ms\n // Other processes modify rs-\u003einterval to\n // non-zero via msg_ratelimit_interval_ms\n ext4_orphan_cleanup\n ext4_msg(sb, KERN_INFO, \"Errors on filesystem, \"\n __ext4_msg\n ___ratelimit(\u0026(EXT4_SB(sb)-\u003es_msg_ratelimit_state)\n if (!rs-\u003einterval) // do nothing if interval is 0\n return 1;\n raw_spin_trylock_irqsave(\u0026rs-\u003elock, flags)\n raw_spin_trylock(lock)\n _raw_spin_trylock\n __raw_spin_trylock\n spin_acquire(\u0026lock-\u003edep_map, 0, 1, _RET_IP_)\n lock_acquire\n __lock_acquire\n register_lock_class\n assign_lock_key\n dump_stack();\n ratelimit_state_init(\u0026sbi-\u003es_msg_ratelimit_state, 5 * HZ, 10);\n raw_spin_lock_init(\u0026rs-\u003elock);\n // init rs-\u003elock here\n\nand get the following dump_stack:\n\n=========================================================\nINFO: trying to register non-static key.\nThe code is fine but needs lockdep annotation, or maybe\nyou didn't initialize this object before use?\nturning off the locking correctness validator.\nCPU: 12 PID: 753 Comm: mount Tainted: G E 6.7.0-rc6-next-20231222 #504\n[...]\nCall Trace:\n dump_stack_lvl+0xc5/0x170\n dump_stack+0x18/0x30\n register_lock_class+0x740/0x7c0\n __lock_acquire+0x69/0x13a0\n lock_acquire+0x120/0x450\n _raw_spin_trylock+0x98/0xd0\n ___ratelimit+0xf6/0x220\n __ext4_msg+0x7f/0x160 [ext4]\n ext4_orphan_cleanup+0x665/0x740 [ext4]\n __ext4_fill_super+0x21ea/0x2b10 [ext4]\n ext4_fill_super+0x14d/0x360 [ext4]\n[...]\n=========================================================\n\nNormally interval is 0 until s_msg_ratelimit_state is initialized, so\n___ratelimit() does nothing. But registering sysfs precedes initializing\nrs-\u003elock, so it is possible to change rs-\u003einterval to a non-zero value\nvia the msg_ratelimit_interval_ms interface of sysfs while rs-\u003elock is\nuninitialized, and then a call to ext4_msg triggers the problem by\naccessing an uninitialized rs-\u003elock. Therefore register sysfs after all\ninitializations are complete to avoid such problems.", "Severity": "MEDIUM", "CweIDs": [ "CWE-908" ], "VendorSeverity": { "alma": 2, "nvd": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:8617", "https://access.redhat.com/security/cve/CVE-2024-40998", "https://bugzilla.redhat.com/2268118", "https://bugzilla.redhat.com/2270100", "https://bugzilla.redhat.com/2275604", "https://bugzilla.redhat.com/2277171", "https://bugzilla.redhat.com/2278176", "https://bugzilla.redhat.com/2278235", "https://bugzilla.redhat.com/2282357", "https://bugzilla.redhat.com/2293654", "https://bugzilla.redhat.com/2296067", "https://bugzilla.redhat.com/2297476", "https://bugzilla.redhat.com/2297488", "https://bugzilla.redhat.com/2297515", "https://bugzilla.redhat.com/2297544", "https://bugzilla.redhat.com/2297556", "https://bugzilla.redhat.com/2297561", "https://bugzilla.redhat.com/2297579", "https://bugzilla.redhat.com/2297582", "https://bugzilla.redhat.com/2297589", "https://bugzilla.redhat.com/2300296", "https://bugzilla.redhat.com/2300297", "https://bugzilla.redhat.com/2311715", "https://bugzilla.redhat.com/show_bug.cgi?id=2268118", "https://bugzilla.redhat.com/show_bug.cgi?id=2270100", "https://bugzilla.redhat.com/show_bug.cgi?id=2275604", "https://bugzilla.redhat.com/show_bug.cgi?id=2277171", "https://bugzilla.redhat.com/show_bug.cgi?id=2278176", "https://bugzilla.redhat.com/show_bug.cgi?id=2278235", "https://bugzilla.redhat.com/show_bug.cgi?id=2282357", "https://bugzilla.redhat.com/show_bug.cgi?id=2293654", "https://bugzilla.redhat.com/show_bug.cgi?id=2296067", "https://bugzilla.redhat.com/show_bug.cgi?id=2297476", "https://bugzilla.redhat.com/show_bug.cgi?id=2297488", "https://bugzilla.redhat.com/show_bug.cgi?id=2297515", "https://bugzilla.redhat.com/show_bug.cgi?id=2297544", "https://bugzilla.redhat.com/show_bug.cgi?id=2297556", "https://bugzilla.redhat.com/show_bug.cgi?id=2297561", "https://bugzilla.redhat.com/show_bug.cgi?id=2297579", "https://bugzilla.redhat.com/show_bug.cgi?id=2297582", "https://bugzilla.redhat.com/show_bug.cgi?id=2297589", "https://bugzilla.redhat.com/show_bug.cgi?id=2300296", "https://bugzilla.redhat.com/show_bug.cgi?id=2300297", "https://bugzilla.redhat.com/show_bug.cgi?id=2311715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47383", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26923", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26935", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36244", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39504", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40904", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40931", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40960", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40972", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40977", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40995", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40998", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41005", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41013", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43854", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45018", "https://errata.almalinux.org/9/ALSA-2024-8617.html", "https://errata.rockylinux.org/RLSA-2024:8617", "https://git.kernel.org/linus/b4b4fda34e535756f9e774fb2d09c4537b7dfd1c (6.10-rc1)", "https://git.kernel.org/stable/c/23afcd52af06880c6c913a0ad99022b8937b575c", "https://git.kernel.org/stable/c/645267906944a9aeec9d5c56ee24a9096a288798", "https://git.kernel.org/stable/c/b4b4fda34e535756f9e774fb2d09c4537b7dfd1c", "https://linux.oracle.com/cve/CVE-2024-40998.html", "https://linux.oracle.com/errata/ELSA-2024-8617.html", "https://lore.kernel.org/linux-cve-announce/2024071252-CVE-2024-40998-90d6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-40998", "https://ubuntu.com/security/notices/USN-6999-1", "https://ubuntu.com/security/notices/USN-6999-2", "https://ubuntu.com/security/notices/USN-7004-1", "https://ubuntu.com/security/notices/USN-7005-1", "https://ubuntu.com/security/notices/USN-7005-2", "https://ubuntu.com/security/notices/USN-7008-1", "https://ubuntu.com/security/notices/USN-7029-1", "https://www.cve.org/CVERecord?id=CVE-2024-40998" ], "PublishedDate": "2024-07-12T13:15:20.857Z", "LastModifiedDate": "2025-09-25T19:43:21.163Z" }, { "VulnerabilityID": "CVE-2024-40999", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-40999", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:55a9d5a616f79275e1ae7d13ae0f4e623fdf7318d67ebe9a37b11a5775032c68", "Title": "kernel: net: ena: Add validation for completion descriptors consistency", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ena: Add validation for completion descriptors consistency\n\nValidate that `first` flag is set only for the first\ndescriptor in multi-buffer packets.\nIn case of an invalid descriptor, a reset will occur.\nA new reset reason for RX data corruption has been added.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-40999", "https://git.kernel.org/linus/b37b98a3a0c1198bafe8c2d9ce0bc845b4e7a9a7 (6.10-rc1)", "https://git.kernel.org/stable/c/42146ee5286f16f1674a84f7c274dcca65c6ff2e", "https://git.kernel.org/stable/c/b37b98a3a0c1198bafe8c2d9ce0bc845b4e7a9a7", "https://lore.kernel.org/linux-cve-announce/2024071252-CVE-2024-40999-8c1b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-40999", "https://ubuntu.com/security/notices/USN-6999-1", "https://ubuntu.com/security/notices/USN-6999-2", "https://ubuntu.com/security/notices/USN-7004-1", "https://ubuntu.com/security/notices/USN-7005-1", "https://ubuntu.com/security/notices/USN-7005-2", "https://ubuntu.com/security/notices/USN-7008-1", "https://ubuntu.com/security/notices/USN-7029-1", "https://www.cve.org/CVERecord?id=CVE-2024-40999" ], "PublishedDate": "2024-07-12T13:15:20.92Z", "LastModifiedDate": "2025-10-07T20:07:46.82Z" }, { "VulnerabilityID": "CVE-2024-41001", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-41001", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:30e027133ed30c201fc60e89fe821ccd41d5bdd15e9d2f6502ebd37f08c177be", "Title": "kernel: io_uring/sqpoll: work around a potential audit memory leak", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/sqpoll: work around a potential audit memory leak\n\nkmemleak complains that there's a memory leak related to connect\nhandling:\n\nunreferenced object 0xffff0001093bdf00 (size 128):\ncomm \"iou-sqp-455\", pid 457, jiffies 4294894164\nhex dump (first 32 bytes):\n02 00 fa ea 7f 00 00 01 00 00 00 00 00 00 00 00 ................\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\nbacktrace (crc 2e481b1a):\n[\u003c00000000c0a26af4\u003e] kmemleak_alloc+0x30/0x38\n[\u003c000000009c30bb45\u003e] kmalloc_trace+0x228/0x358\n[\u003c000000009da9d39f\u003e] __audit_sockaddr+0xd0/0x138\n[\u003c0000000089a93e34\u003e] move_addr_to_kernel+0x1a0/0x1f8\n[\u003c000000000b4e80e6\u003e] io_connect_prep+0x1ec/0x2d4\n[\u003c00000000abfbcd99\u003e] io_submit_sqes+0x588/0x1e48\n[\u003c00000000e7c25e07\u003e] io_sq_thread+0x8a4/0x10e4\n[\u003c00000000d999b491\u003e] ret_from_fork+0x10/0x20\n\nwhich can can happen if:\n\n1) The command type does something on the prep side that triggers an\n audit call.\n2) The thread hasn't done any operations before this that triggered\n an audit call inside -\u003eissue(), where we have audit_uring_entry()\n and audit_uring_exit().\n\nWork around this by issuing a blanket NOP operation before the SQPOLL\ndoes anything.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L", "V3Score": 5.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-41001", "https://git.kernel.org/linus/c4ce0ab27646f4206a9eb502d6fe45cb080e1cae (6.10-rc1)", "https://git.kernel.org/stable/c/55c22375cbaa24f77dd13f9ae0642915444a1227", "https://git.kernel.org/stable/c/9e810bd995823786ea30543e480e8a573e5e5667", "https://git.kernel.org/stable/c/a40e90d9304629002fb17200f7779823a81191d3", "https://git.kernel.org/stable/c/c4ce0ab27646f4206a9eb502d6fe45cb080e1cae", "https://linux.oracle.com/cve/CVE-2024-41001.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024071253-CVE-2024-41001-7879@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-41001", "https://ubuntu.com/security/notices/USN-6999-1", "https://ubuntu.com/security/notices/USN-6999-2", "https://ubuntu.com/security/notices/USN-7004-1", "https://ubuntu.com/security/notices/USN-7005-1", "https://ubuntu.com/security/notices/USN-7005-2", "https://ubuntu.com/security/notices/USN-7008-1", "https://ubuntu.com/security/notices/USN-7029-1", "https://www.cve.org/CVERecord?id=CVE-2024-41001" ], "PublishedDate": "2024-07-12T13:15:21.053Z", "LastModifiedDate": "2025-11-03T22:17:21.837Z" }, { "VulnerabilityID": "CVE-2024-41008", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-41008", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f0eb71796e8c0d6ee84598533424a02879a8e5a802ade60b82b9e98020317252", "Title": "kernel: drm/amdgpu: change vm-\u0026gt;task_info handling", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: change vm-\u003etask_info handling\n\nThis patch changes the handling and lifecycle of vm-\u003etask_info object.\nThe major changes are:\n- vm-\u003etask_info is a dynamically allocated ptr now, and its uasge is\n reference counted.\n- introducing two new helper funcs for task_info lifecycle management\n - amdgpu_vm_get_task_info: reference counts up task_info before\n returning this info\n - amdgpu_vm_put_task_info: reference counts down task_info\n- last put to task_info() frees task_info from the vm.\n\nThis patch also does logistical changes required for existing usage\nof vm-\u003etask_info.\n\nV2: Do not block all the prints when task_info not found (Felix)\n\nV3: Fixed review comments from Felix\n - Fix wrong indentation\n - No debug message for -ENOMEM\n - Add NULL check for task_info\n - Do not duplicate the debug messages (ti vs no ti)\n - Get first reference of task_info in vm_init(), put last\n in vm_fini()\n\nV4: Fixed review comments from Felix\n - fix double reference increment in create_task_info\n - change amdgpu_vm_get_task_info_pasid\n - additional changes in amdgpu_gem.c while porting", "Severity": "MEDIUM", "VendorSeverity": { "alma": 3, "nvd": 2, "oracle-oval": 2, "redhat": 1, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:7001", "https://access.redhat.com/security/cve/CVE-2024-41008", "https://bugzilla.redhat.com/2258012", "https://bugzilla.redhat.com/2258013", "https://bugzilla.redhat.com/2260038", "https://bugzilla.redhat.com/2265799", "https://bugzilla.redhat.com/2266358", "https://bugzilla.redhat.com/2266750", "https://bugzilla.redhat.com/2267036", "https://bugzilla.redhat.com/2267041", "https://bugzilla.redhat.com/2267795", "https://bugzilla.redhat.com/2267916", "https://bugzilla.redhat.com/2267925", "https://bugzilla.redhat.com/2268295", "https://bugzilla.redhat.com/2271648", "https://bugzilla.redhat.com/2271796", "https://bugzilla.redhat.com/2272793", "https://bugzilla.redhat.com/2273141", "https://bugzilla.redhat.com/2273148", "https://bugzilla.redhat.com/2273180", "https://bugzilla.redhat.com/2275661", "https://bugzilla.redhat.com/2275690", "https://bugzilla.redhat.com/2275742", "https://bugzilla.redhat.com/2277171", "https://bugzilla.redhat.com/2278220", "https://bugzilla.redhat.com/2278270", "https://bugzilla.redhat.com/2278447", "https://bugzilla.redhat.com/2281217", "https://bugzilla.redhat.com/2281317", "https://bugzilla.redhat.com/2281704", "https://bugzilla.redhat.com/2281720", "https://bugzilla.redhat.com/2281807", "https://bugzilla.redhat.com/2281847", "https://bugzilla.redhat.com/2282324", "https://bugzilla.redhat.com/2282345", "https://bugzilla.redhat.com/2282354", "https://bugzilla.redhat.com/2282355", "https://bugzilla.redhat.com/2282356", "https://bugzilla.redhat.com/2282357", "https://bugzilla.redhat.com/2282366", "https://bugzilla.redhat.com/2282401", "https://bugzilla.redhat.com/2282422", "https://bugzilla.redhat.com/2282440", "https://bugzilla.redhat.com/2282508", "https://bugzilla.redhat.com/2282511", "https://bugzilla.redhat.com/2282676", "https://bugzilla.redhat.com/2282757", "https://bugzilla.redhat.com/2282851", "https://bugzilla.redhat.com/2282890", "https://bugzilla.redhat.com/2282903", "https://bugzilla.redhat.com/2282918", "https://bugzilla.redhat.com/2283389", "https://bugzilla.redhat.com/2283424", "https://bugzilla.redhat.com/2284271", "https://bugzilla.redhat.com/2284515", "https://bugzilla.redhat.com/2284545", "https://bugzilla.redhat.com/2284596", "https://bugzilla.redhat.com/2284628", "https://bugzilla.redhat.com/2284634", "https://bugzilla.redhat.com/2293247", "https://bugzilla.redhat.com/2293270", "https://bugzilla.redhat.com/2293273", "https://bugzilla.redhat.com/2293304", "https://bugzilla.redhat.com/2293377", "https://bugzilla.redhat.com/2293408", "https://bugzilla.redhat.com/2293423", "https://bugzilla.redhat.com/2293440", "https://bugzilla.redhat.com/2293441", "https://bugzilla.redhat.com/2293658", "https://bugzilla.redhat.com/2294313", "https://bugzilla.redhat.com/2297471", "https://bugzilla.redhat.com/2297473", "https://bugzilla.redhat.com/2297478", "https://bugzilla.redhat.com/2297488", "https://bugzilla.redhat.com/2297495", "https://bugzilla.redhat.com/2297496", "https://bugzilla.redhat.com/2297513", "https://bugzilla.redhat.com/2297515", "https://bugzilla.redhat.com/2297525", "https://bugzilla.redhat.com/2297538", "https://bugzilla.redhat.com/2297542", "https://bugzilla.redhat.com/2297543", "https://bugzilla.redhat.com/2297544", "https://bugzilla.redhat.com/2297556", "https://bugzilla.redhat.com/2297561", "https://bugzilla.redhat.com/2297562", "https://bugzilla.redhat.com/2297572", "https://bugzilla.redhat.com/2297573", "https://bugzilla.redhat.com/2297579", "https://bugzilla.redhat.com/2297581", "https://bugzilla.redhat.com/2297582", "https://bugzilla.redhat.com/2297589", "https://bugzilla.redhat.com/2297706", "https://bugzilla.redhat.com/2297909", "https://bugzilla.redhat.com/2298079", "https://bugzilla.redhat.com/2298140", "https://bugzilla.redhat.com/2298177", "https://bugzilla.redhat.com/2298640", "https://bugzilla.redhat.com/2299240", "https://bugzilla.redhat.com/2299336", "https://bugzilla.redhat.com/2299452", "https://bugzilla.redhat.com/2300296", "https://bugzilla.redhat.com/2300297", "https://bugzilla.redhat.com/2300402", "https://bugzilla.redhat.com/2300407", "https://bugzilla.redhat.com/2300408", "https://bugzilla.redhat.com/2300409", "https://bugzilla.redhat.com/2300410", "https://bugzilla.redhat.com/2300414", "https://bugzilla.redhat.com/2300429", "https://bugzilla.redhat.com/2300430", "https://bugzilla.redhat.com/2300434", "https://bugzilla.redhat.com/2300448", "https://bugzilla.redhat.com/2300453", "https://bugzilla.redhat.com/2300492", "https://bugzilla.redhat.com/2300533", "https://bugzilla.redhat.com/2300552", "https://bugzilla.redhat.com/2300713", "https://bugzilla.redhat.com/2301477", "https://bugzilla.redhat.com/2301489", "https://bugzilla.redhat.com/2301496", "https://bugzilla.redhat.com/2301519", "https://bugzilla.redhat.com/2301522", "https://bugzilla.redhat.com/2301544", "https://bugzilla.redhat.com/2303077", "https://bugzilla.redhat.com/2303505", "https://bugzilla.redhat.com/2303506", "https://bugzilla.redhat.com/2303508", "https://bugzilla.redhat.com/2303514", "https://bugzilla.redhat.com/2305467", "https://bugzilla.redhat.com/2306365", "https://bugzilla.redhat.com/show_bug.cgi?id=2258012", "https://bugzilla.redhat.com/show_bug.cgi?id=2258013", "https://bugzilla.redhat.com/show_bug.cgi?id=2260038", "https://bugzilla.redhat.com/show_bug.cgi?id=2265799", "https://bugzilla.redhat.com/show_bug.cgi?id=2265838", "https://bugzilla.redhat.com/show_bug.cgi?id=2266358", "https://bugzilla.redhat.com/show_bug.cgi?id=2266750", "https://bugzilla.redhat.com/show_bug.cgi?id=2267036", "https://bugzilla.redhat.com/show_bug.cgi?id=2267041", "https://bugzilla.redhat.com/show_bug.cgi?id=2267795", "https://bugzilla.redhat.com/show_bug.cgi?id=2267916", "https://bugzilla.redhat.com/show_bug.cgi?id=2267925", "https://bugzilla.redhat.com/show_bug.cgi?id=2268295", "https://bugzilla.redhat.com/show_bug.cgi?id=2270103", "https://bugzilla.redhat.com/show_bug.cgi?id=2271648", "https://bugzilla.redhat.com/show_bug.cgi?id=2271796", "https://bugzilla.redhat.com/show_bug.cgi?id=2272793", "https://bugzilla.redhat.com/show_bug.cgi?id=2273141", "https://bugzilla.redhat.com/show_bug.cgi?id=2273148", "https://bugzilla.redhat.com/show_bug.cgi?id=2273180", "https://bugzilla.redhat.com/show_bug.cgi?id=2275558", "https://bugzilla.redhat.com/show_bug.cgi?id=2275661", "https://bugzilla.redhat.com/show_bug.cgi?id=2275690", "https://bugzilla.redhat.com/show_bug.cgi?id=2275742", "https://bugzilla.redhat.com/show_bug.cgi?id=2277171", "https://bugzilla.redhat.com/show_bug.cgi?id=2278220", "https://bugzilla.redhat.com/show_bug.cgi?id=2278270", "https://bugzilla.redhat.com/show_bug.cgi?id=2278447", "https://bugzilla.redhat.com/show_bug.cgi?id=2281217", "https://bugzilla.redhat.com/show_bug.cgi?id=2281317", "https://bugzilla.redhat.com/show_bug.cgi?id=2281704", "https://bugzilla.redhat.com/show_bug.cgi?id=2281720", "https://bugzilla.redhat.com/show_bug.cgi?id=2281807", "https://bugzilla.redhat.com/show_bug.cgi?id=2281847", "https://bugzilla.redhat.com/show_bug.cgi?id=2282324", "https://bugzilla.redhat.com/show_bug.cgi?id=2282345", "https://bugzilla.redhat.com/show_bug.cgi?id=2282354", "https://bugzilla.redhat.com/show_bug.cgi?id=2282355", "https://bugzilla.redhat.com/show_bug.cgi?id=2282356", "https://bugzilla.redhat.com/show_bug.cgi?id=2282357", "https://bugzilla.redhat.com/show_bug.cgi?id=2282366", "https://bugzilla.redhat.com/show_bug.cgi?id=2282401", "https://bugzilla.redhat.com/show_bug.cgi?id=2282422", "https://bugzilla.redhat.com/show_bug.cgi?id=2282440", "https://bugzilla.redhat.com/show_bug.cgi?id=2282508", "https://bugzilla.redhat.com/show_bug.cgi?id=2282511", "https://bugzilla.redhat.com/show_bug.cgi?id=2282648", "https://bugzilla.redhat.com/show_bug.cgi?id=2282669", "https://bugzilla.redhat.com/show_bug.cgi?id=2282676", "https://bugzilla.redhat.com/show_bug.cgi?id=2282757", "https://bugzilla.redhat.com/show_bug.cgi?id=2282764", "https://bugzilla.redhat.com/show_bug.cgi?id=2282851", "https://bugzilla.redhat.com/show_bug.cgi?id=2282890", "https://bugzilla.redhat.com/show_bug.cgi?id=2282903", "https://bugzilla.redhat.com/show_bug.cgi?id=2282918", "https://bugzilla.redhat.com/show_bug.cgi?id=2283389", "https://bugzilla.redhat.com/show_bug.cgi?id=2283424", "https://bugzilla.redhat.com/show_bug.cgi?id=2284271", "https://bugzilla.redhat.com/show_bug.cgi?id=2284511", "https://bugzilla.redhat.com/show_bug.cgi?id=2284515", "https://bugzilla.redhat.com/show_bug.cgi?id=2284545", "https://bugzilla.redhat.com/show_bug.cgi?id=2284596", "https://bugzilla.redhat.com/show_bug.cgi?id=2284628", "https://bugzilla.redhat.com/show_bug.cgi?id=2284630", "https://bugzilla.redhat.com/show_bug.cgi?id=2284634", "https://bugzilla.redhat.com/show_bug.cgi?id=2293247", "https://bugzilla.redhat.com/show_bug.cgi?id=2293270", "https://bugzilla.redhat.com/show_bug.cgi?id=2293273", "https://bugzilla.redhat.com/show_bug.cgi?id=2293304", "https://bugzilla.redhat.com/show_bug.cgi?id=2293377", "https://bugzilla.redhat.com/show_bug.cgi?id=2293408", "https://bugzilla.redhat.com/show_bug.cgi?id=2293414", "https://bugzilla.redhat.com/show_bug.cgi?id=2293423", "https://bugzilla.redhat.com/show_bug.cgi?id=2293440", "https://bugzilla.redhat.com/show_bug.cgi?id=2293441", "https://bugzilla.redhat.com/show_bug.cgi?id=2293658", "https://bugzilla.redhat.com/show_bug.cgi?id=2294313", "https://bugzilla.redhat.com/show_bug.cgi?id=2297471", "https://bugzilla.redhat.com/show_bug.cgi?id=2297473", "https://bugzilla.redhat.com/show_bug.cgi?id=2297478", "https://bugzilla.redhat.com/show_bug.cgi?id=2297488", "https://bugzilla.redhat.com/show_bug.cgi?id=2297495", "https://bugzilla.redhat.com/show_bug.cgi?id=2297496", "https://bugzilla.redhat.com/show_bug.cgi?id=2297513", "https://bugzilla.redhat.com/show_bug.cgi?id=2297515", "https://bugzilla.redhat.com/show_bug.cgi?id=2297525", "https://bugzilla.redhat.com/show_bug.cgi?id=2297538", "https://bugzilla.redhat.com/show_bug.cgi?id=2297542", "https://bugzilla.redhat.com/show_bug.cgi?id=2297543", "https://bugzilla.redhat.com/show_bug.cgi?id=2297544", "https://bugzilla.redhat.com/show_bug.cgi?id=2297556", "https://bugzilla.redhat.com/show_bug.cgi?id=2297561", "https://bugzilla.redhat.com/show_bug.cgi?id=2297562", "https://bugzilla.redhat.com/show_bug.cgi?id=2297572", "https://bugzilla.redhat.com/show_bug.cgi?id=2297573", "https://bugzilla.redhat.com/show_bug.cgi?id=2297579", "https://bugzilla.redhat.com/show_bug.cgi?id=2297581", "https://bugzilla.redhat.com/show_bug.cgi?id=2297582", "https://bugzilla.redhat.com/show_bug.cgi?id=2297589", "https://bugzilla.redhat.com/show_bug.cgi?id=2297706", "https://bugzilla.redhat.com/show_bug.cgi?id=2297909", "https://bugzilla.redhat.com/show_bug.cgi?id=2298079", "https://bugzilla.redhat.com/show_bug.cgi?id=2298140", "https://bugzilla.redhat.com/show_bug.cgi?id=2298177", "https://bugzilla.redhat.com/show_bug.cgi?id=2298640", "https://bugzilla.redhat.com/show_bug.cgi?id=2299240", "https://bugzilla.redhat.com/show_bug.cgi?id=2299336", "https://bugzilla.redhat.com/show_bug.cgi?id=2299452", "https://bugzilla.redhat.com/show_bug.cgi?id=2300296", "https://bugzilla.redhat.com/show_bug.cgi?id=2300297", "https://bugzilla.redhat.com/show_bug.cgi?id=2300381", "https://bugzilla.redhat.com/show_bug.cgi?id=2300402", "https://bugzilla.redhat.com/show_bug.cgi?id=2300407", "https://bugzilla.redhat.com/show_bug.cgi?id=2300408", "https://bugzilla.redhat.com/show_bug.cgi?id=2300409", "https://bugzilla.redhat.com/show_bug.cgi?id=2300410", "https://bugzilla.redhat.com/show_bug.cgi?id=2300414", "https://bugzilla.redhat.com/show_bug.cgi?id=2300429", "https://bugzilla.redhat.com/show_bug.cgi?id=2300430", "https://bugzilla.redhat.com/show_bug.cgi?id=2300434", "https://bugzilla.redhat.com/show_bug.cgi?id=2300439", "https://bugzilla.redhat.com/show_bug.cgi?id=2300440", "https://bugzilla.redhat.com/show_bug.cgi?id=2300448", "https://bugzilla.redhat.com/show_bug.cgi?id=2300453", "https://bugzilla.redhat.com/show_bug.cgi?id=2300492", "https://bugzilla.redhat.com/show_bug.cgi?id=2300533", "https://bugzilla.redhat.com/show_bug.cgi?id=2300552", "https://bugzilla.redhat.com/show_bug.cgi?id=2300709", "https://bugzilla.redhat.com/show_bug.cgi?id=2300713", "https://bugzilla.redhat.com/show_bug.cgi?id=2301477", "https://bugzilla.redhat.com/show_bug.cgi?id=2301489", "https://bugzilla.redhat.com/show_bug.cgi?id=2301496", "https://bugzilla.redhat.com/show_bug.cgi?id=2301519", "https://bugzilla.redhat.com/show_bug.cgi?id=2301522", "https://bugzilla.redhat.com/show_bug.cgi?id=2301543", "https://bugzilla.redhat.com/show_bug.cgi?id=2301544", "https://bugzilla.redhat.com/show_bug.cgi?id=2303077", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46984", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47101", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47287", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47289", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47338", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47352", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47383", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47384", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47385", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47386", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47393", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47412", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47432", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47441", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47455", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47466", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47497", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47527", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47560", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47582", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47609", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48619", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48754", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48760", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48804", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48836", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48866", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49316", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52470", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52476", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52478", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52522", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52605", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52683", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52798", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52800", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52817", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52840", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6040", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23848", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26595", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26638", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26645", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26649", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26665", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26717", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26720", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26769", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26846", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26855", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26880", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26894", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26923", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26939", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27013", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27042", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35877", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35884", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35944", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36883", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36901", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36902", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36919", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36920", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36922", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36939", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36953", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37356", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38558", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38559", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38570", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38579", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38581", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38619", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39471", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39499", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39501", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39506", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40901", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40904", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40911", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40912", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40929", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40931", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40941", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40954", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40958", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40959", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40960", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40972", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40977", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40978", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40988", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40995", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40997", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40998", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41005", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41007", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41008", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41012", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41013", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41023", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41035", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41038", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41039", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41040", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41041", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41044", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41055", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41060", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41065", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41071", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41076", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41090", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41091", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42084", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42090", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42094", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42096", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42114", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42124", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42131", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42152", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42154", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42225", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42226", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42228", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42237", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42238", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42240", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42246", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42265", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43830", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43871", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45026", "https://errata.almalinux.org/8/ALSA-2024-7001.html", "https://errata.rockylinux.org/RLSA-2024:7000", "https://git.kernel.org/linus/b8f67b9ddf4f8fe6dd536590712b5912ad78f99c (6.9-rc1)", "https://git.kernel.org/stable/c/b8f67b9ddf4f8fe6dd536590712b5912ad78f99c", "https://linux.oracle.com/cve/CVE-2024-41008.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/20240716080357.2696435-2-lee@kernel.org/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-41008", "https://www.cve.org/CVERecord?id=CVE-2024-41008" ], "PublishedDate": "2024-07-16T08:15:02.24Z", "LastModifiedDate": "2025-10-07T19:44:45.21Z" }, { "VulnerabilityID": "CVE-2024-41013", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-41013", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:964c6bcd3a225561e6f2fdbe3117b734b9dea4448fad03cde043da47821f1fc3", "Title": "kernel: xfs: don\u0026#39;t walk off the end of a directory data block", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: don't walk off the end of a directory data block\n\nThis adds sanity checks for xfs_dir2_data_unused and xfs_dir2_data_entry\nto make sure don't stray beyond valid memory region. Before patching, the\nloop simply checks that the start offset of the dup and dep is within the\nrange. So in a crafted image, if last entry is xfs_dir2_data_unused, we\ncan change dup-\u003elength to dup-\u003elength-1 and leave 1 byte of space. In the\nnext traversal, this space will be considered as dup or dep. We may\nencounter an out of bound read when accessing the fixed members.\n\nIn the patch, we make sure that the remaining bytes large enough to hold\nan unused entry before accessing xfs_dir2_data_unused and\nxfs_dir2_data_unused is XFS_DIR2_DATA_ALIGN byte aligned. We also make\nsure that the remaining bytes large enough to hold a dirent with a\nsingle-byte name before accessing xfs_dir2_data_entry.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "alma": 2, "amazon": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:8617", "https://access.redhat.com/security/cve/CVE-2024-41013", "https://bugzilla.redhat.com/2268118", "https://bugzilla.redhat.com/2270100", "https://bugzilla.redhat.com/2275604", "https://bugzilla.redhat.com/2277171", "https://bugzilla.redhat.com/2278176", "https://bugzilla.redhat.com/2278235", "https://bugzilla.redhat.com/2282357", "https://bugzilla.redhat.com/2293654", "https://bugzilla.redhat.com/2296067", "https://bugzilla.redhat.com/2297476", "https://bugzilla.redhat.com/2297488", "https://bugzilla.redhat.com/2297515", "https://bugzilla.redhat.com/2297544", "https://bugzilla.redhat.com/2297556", "https://bugzilla.redhat.com/2297561", "https://bugzilla.redhat.com/2297579", "https://bugzilla.redhat.com/2297582", "https://bugzilla.redhat.com/2297589", "https://bugzilla.redhat.com/2300296", "https://bugzilla.redhat.com/2300297", "https://bugzilla.redhat.com/2311715", "https://bugzilla.redhat.com/show_bug.cgi?id=2268118", "https://bugzilla.redhat.com/show_bug.cgi?id=2270100", "https://bugzilla.redhat.com/show_bug.cgi?id=2275604", "https://bugzilla.redhat.com/show_bug.cgi?id=2277171", "https://bugzilla.redhat.com/show_bug.cgi?id=2278176", "https://bugzilla.redhat.com/show_bug.cgi?id=2278235", "https://bugzilla.redhat.com/show_bug.cgi?id=2282357", "https://bugzilla.redhat.com/show_bug.cgi?id=2293654", "https://bugzilla.redhat.com/show_bug.cgi?id=2296067", "https://bugzilla.redhat.com/show_bug.cgi?id=2297476", "https://bugzilla.redhat.com/show_bug.cgi?id=2297488", "https://bugzilla.redhat.com/show_bug.cgi?id=2297515", "https://bugzilla.redhat.com/show_bug.cgi?id=2297544", "https://bugzilla.redhat.com/show_bug.cgi?id=2297556", "https://bugzilla.redhat.com/show_bug.cgi?id=2297561", "https://bugzilla.redhat.com/show_bug.cgi?id=2297579", "https://bugzilla.redhat.com/show_bug.cgi?id=2297582", "https://bugzilla.redhat.com/show_bug.cgi?id=2297589", "https://bugzilla.redhat.com/show_bug.cgi?id=2300296", "https://bugzilla.redhat.com/show_bug.cgi?id=2300297", "https://bugzilla.redhat.com/show_bug.cgi?id=2311715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47383", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26923", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26935", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36244", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39504", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40904", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40931", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40960", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40972", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40977", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40995", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40998", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41005", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41013", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43854", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45018", "https://errata.almalinux.org/9/ALSA-2024-8617.html", "https://errata.rockylinux.org/RLSA-2024:8617", "https://git.kernel.org/linus/0c7fcdb6d06cdf8b19b57c17605215b06afa864a (6.11-rc1)", "https://git.kernel.org/stable/c/0c7fcdb6d06cdf8b19b57c17605215b06afa864a", "https://git.kernel.org/stable/c/b0932e4f9da85349d1c8f2a77d2a7a7163b8511d", "https://git.kernel.org/stable/c/ca96d83c93071f95cf962ce92406621a472df31b", "https://linux.oracle.com/cve/CVE-2024-41013.html", "https://linux.oracle.com/errata/ELSA-2024-8617.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2024072908-CVE-2024-41013-2996@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-41013", "https://ubuntu.com/security/notices/USN-7513-1", "https://ubuntu.com/security/notices/USN-7513-2", "https://ubuntu.com/security/notices/USN-7513-3", "https://ubuntu.com/security/notices/USN-7513-4", "https://ubuntu.com/security/notices/USN-7513-5", "https://ubuntu.com/security/notices/USN-7514-1", "https://ubuntu.com/security/notices/USN-7515-1", "https://ubuntu.com/security/notices/USN-7515-2", "https://ubuntu.com/security/notices/USN-7522-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-41013" ], "PublishedDate": "2024-07-29T07:15:05.43Z", "LastModifiedDate": "2025-11-03T18:15:42.813Z" }, { "VulnerabilityID": "CVE-2024-41023", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-41023", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ab1eb525e3a094666275ea4cc4afb17a9f9fb32fd6261ac8eab695edcf0ce156", "Title": "kernel: sched/deadline: Fix task_struct reference leak", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/deadline: Fix task_struct reference leak\n\nDuring the execution of the following stress test with linux-rt:\n\nstress-ng --cyclic 30 --timeout 30 --minimize --quiet\n\nkmemleak frequently reported a memory leak concerning the task_struct:\n\nunreferenced object 0xffff8881305b8000 (size 16136):\n comm \"stress-ng\", pid 614, jiffies 4294883961 (age 286.412s)\n object hex dump (first 32 bytes):\n 02 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .@..............\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n debug hex dump (first 16 bytes):\n 53 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 S...............\n backtrace:\n [\u003c00000000046b6790\u003e] dup_task_struct+0x30/0x540\n [\u003c00000000c5ca0f0b\u003e] copy_process+0x3d9/0x50e0\n [\u003c00000000ced59777\u003e] kernel_clone+0xb0/0x770\n [\u003c00000000a50befdc\u003e] __do_sys_clone+0xb6/0xf0\n [\u003c000000001dbf2008\u003e] do_syscall_64+0x5d/0xf0\n [\u003c00000000552900ff\u003e] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\nThe issue occurs in start_dl_timer(), which increments the task_struct\nreference count and sets a timer. The timer callback, dl_task_timer,\nis supposed to decrement the reference count upon expiration. However,\nif enqueue_task_dl() is called before the timer expires and cancels it,\nthe reference count is not decremented, leading to the leak.\n\nThis patch fixes the reference leak by ensuring the task_struct\nreference count is properly decremented when the timer is canceled.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "alma": 3, "nvd": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:7000", "https://access.redhat.com/security/cve/CVE-2024-41023", "https://bugzilla.redhat.com/2258012", "https://bugzilla.redhat.com/2258013", "https://bugzilla.redhat.com/2260038", "https://bugzilla.redhat.com/2265799", "https://bugzilla.redhat.com/2265838", "https://bugzilla.redhat.com/2266358", "https://bugzilla.redhat.com/2266750", "https://bugzilla.redhat.com/2267036", "https://bugzilla.redhat.com/2267041", "https://bugzilla.redhat.com/2267795", "https://bugzilla.redhat.com/2267916", "https://bugzilla.redhat.com/2267925", "https://bugzilla.redhat.com/2268295", "https://bugzilla.redhat.com/2270103", "https://bugzilla.redhat.com/2271648", "https://bugzilla.redhat.com/2271796", "https://bugzilla.redhat.com/2272793", "https://bugzilla.redhat.com/2273141", "https://bugzilla.redhat.com/2273148", "https://bugzilla.redhat.com/2273180", "https://bugzilla.redhat.com/2275558", "https://bugzilla.redhat.com/2275661", "https://bugzilla.redhat.com/2275690", "https://bugzilla.redhat.com/2275742", "https://bugzilla.redhat.com/2277171", "https://bugzilla.redhat.com/2278220", "https://bugzilla.redhat.com/2278270", "https://bugzilla.redhat.com/2278447", "https://bugzilla.redhat.com/2281217", "https://bugzilla.redhat.com/2281317", "https://bugzilla.redhat.com/2281704", "https://bugzilla.redhat.com/2281720", "https://bugzilla.redhat.com/2281807", "https://bugzilla.redhat.com/2281847", "https://bugzilla.redhat.com/2282324", "https://bugzilla.redhat.com/2282345", "https://bugzilla.redhat.com/2282354", "https://bugzilla.redhat.com/2282355", "https://bugzilla.redhat.com/2282356", "https://bugzilla.redhat.com/2282357", "https://bugzilla.redhat.com/2282366", "https://bugzilla.redhat.com/2282401", "https://bugzilla.redhat.com/2282422", "https://bugzilla.redhat.com/2282440", "https://bugzilla.redhat.com/2282508", "https://bugzilla.redhat.com/2282511", "https://bugzilla.redhat.com/2282648", "https://bugzilla.redhat.com/2282669", "https://bugzilla.redhat.com/2282676", "https://bugzilla.redhat.com/2282757", "https://bugzilla.redhat.com/2282764", "https://bugzilla.redhat.com/2282851", "https://bugzilla.redhat.com/2282890", "https://bugzilla.redhat.com/2282903", "https://bugzilla.redhat.com/2282918", "https://bugzilla.redhat.com/2283389", "https://bugzilla.redhat.com/2283424", "https://bugzilla.redhat.com/2284271", "https://bugzilla.redhat.com/2284511", "https://bugzilla.redhat.com/2284515", "https://bugzilla.redhat.com/2284545", "https://bugzilla.redhat.com/2284596", "https://bugzilla.redhat.com/2284628", "https://bugzilla.redhat.com/2284630", "https://bugzilla.redhat.com/2284634", "https://bugzilla.redhat.com/2293247", "https://bugzilla.redhat.com/2293270", "https://bugzilla.redhat.com/2293273", "https://bugzilla.redhat.com/2293304", "https://bugzilla.redhat.com/2293377", "https://bugzilla.redhat.com/2293408", "https://bugzilla.redhat.com/2293414", "https://bugzilla.redhat.com/2293423", "https://bugzilla.redhat.com/2293440", "https://bugzilla.redhat.com/2293441", "https://bugzilla.redhat.com/2293658", "https://bugzilla.redhat.com/2294313", "https://bugzilla.redhat.com/2297471", "https://bugzilla.redhat.com/2297473", "https://bugzilla.redhat.com/2297478", "https://bugzilla.redhat.com/2297488", "https://bugzilla.redhat.com/2297495", "https://bugzilla.redhat.com/2297496", "https://bugzilla.redhat.com/2297513", "https://bugzilla.redhat.com/2297515", "https://bugzilla.redhat.com/2297525", "https://bugzilla.redhat.com/2297538", "https://bugzilla.redhat.com/2297542", "https://bugzilla.redhat.com/2297543", "https://bugzilla.redhat.com/2297544", "https://bugzilla.redhat.com/2297556", "https://bugzilla.redhat.com/2297561", "https://bugzilla.redhat.com/2297562", "https://bugzilla.redhat.com/2297572", "https://bugzilla.redhat.com/2297573", "https://bugzilla.redhat.com/2297579", "https://bugzilla.redhat.com/2297581", "https://bugzilla.redhat.com/2297582", "https://bugzilla.redhat.com/2297589", "https://bugzilla.redhat.com/2297706", "https://bugzilla.redhat.com/2297909", "https://bugzilla.redhat.com/2298079", "https://bugzilla.redhat.com/2298140", "https://bugzilla.redhat.com/2298177", "https://bugzilla.redhat.com/2298640", "https://bugzilla.redhat.com/2299240", "https://bugzilla.redhat.com/2299336", "https://bugzilla.redhat.com/2299452", "https://bugzilla.redhat.com/2300296", "https://bugzilla.redhat.com/2300297", "https://bugzilla.redhat.com/2300381", "https://bugzilla.redhat.com/2300402", "https://bugzilla.redhat.com/2300407", "https://bugzilla.redhat.com/2300408", "https://bugzilla.redhat.com/2300409", "https://bugzilla.redhat.com/2300410", "https://bugzilla.redhat.com/2300414", "https://bugzilla.redhat.com/2300429", "https://bugzilla.redhat.com/2300430", "https://bugzilla.redhat.com/2300434", "https://bugzilla.redhat.com/2300439", "https://bugzilla.redhat.com/2300440", "https://bugzilla.redhat.com/2300448", "https://bugzilla.redhat.com/2300453", "https://bugzilla.redhat.com/2300492", "https://bugzilla.redhat.com/2300533", "https://bugzilla.redhat.com/2300552", "https://bugzilla.redhat.com/2300709", "https://bugzilla.redhat.com/2300713", "https://bugzilla.redhat.com/2301477", "https://bugzilla.redhat.com/2301489", "https://bugzilla.redhat.com/2301496", "https://bugzilla.redhat.com/2301519", "https://bugzilla.redhat.com/2301522", "https://bugzilla.redhat.com/2301543", "https://bugzilla.redhat.com/2301544", "https://bugzilla.redhat.com/2303077", "https://bugzilla.redhat.com/2303505", "https://bugzilla.redhat.com/2303506", "https://bugzilla.redhat.com/2303508", "https://bugzilla.redhat.com/2303514", "https://bugzilla.redhat.com/2305410", "https://bugzilla.redhat.com/2305467", "https://bugzilla.redhat.com/2305488", "https://bugzilla.redhat.com/2306365", "https://bugzilla.redhat.com/show_bug.cgi?id=2258012", "https://bugzilla.redhat.com/show_bug.cgi?id=2258013", "https://bugzilla.redhat.com/show_bug.cgi?id=2260038", "https://bugzilla.redhat.com/show_bug.cgi?id=2265799", "https://bugzilla.redhat.com/show_bug.cgi?id=2265838", "https://bugzilla.redhat.com/show_bug.cgi?id=2266358", "https://bugzilla.redhat.com/show_bug.cgi?id=2266750", "https://bugzilla.redhat.com/show_bug.cgi?id=2267036", "https://bugzilla.redhat.com/show_bug.cgi?id=2267041", "https://bugzilla.redhat.com/show_bug.cgi?id=2267795", "https://bugzilla.redhat.com/show_bug.cgi?id=2267916", "https://bugzilla.redhat.com/show_bug.cgi?id=2267925", "https://bugzilla.redhat.com/show_bug.cgi?id=2268295", "https://bugzilla.redhat.com/show_bug.cgi?id=2270103", "https://bugzilla.redhat.com/show_bug.cgi?id=2271648", "https://bugzilla.redhat.com/show_bug.cgi?id=2271796", "https://bugzilla.redhat.com/show_bug.cgi?id=2272793", "https://bugzilla.redhat.com/show_bug.cgi?id=2273141", "https://bugzilla.redhat.com/show_bug.cgi?id=2273148", "https://bugzilla.redhat.com/show_bug.cgi?id=2273180", "https://bugzilla.redhat.com/show_bug.cgi?id=2275558", "https://bugzilla.redhat.com/show_bug.cgi?id=2275661", "https://bugzilla.redhat.com/show_bug.cgi?id=2275690", "https://bugzilla.redhat.com/show_bug.cgi?id=2275742", "https://bugzilla.redhat.com/show_bug.cgi?id=2277171", "https://bugzilla.redhat.com/show_bug.cgi?id=2278220", "https://bugzilla.redhat.com/show_bug.cgi?id=2278270", "https://bugzilla.redhat.com/show_bug.cgi?id=2278447", "https://bugzilla.redhat.com/show_bug.cgi?id=2281217", "https://bugzilla.redhat.com/show_bug.cgi?id=2281317", "https://bugzilla.redhat.com/show_bug.cgi?id=2281704", "https://bugzilla.redhat.com/show_bug.cgi?id=2281720", "https://bugzilla.redhat.com/show_bug.cgi?id=2281807", "https://bugzilla.redhat.com/show_bug.cgi?id=2281847", "https://bugzilla.redhat.com/show_bug.cgi?id=2282324", "https://bugzilla.redhat.com/show_bug.cgi?id=2282345", "https://bugzilla.redhat.com/show_bug.cgi?id=2282354", "https://bugzilla.redhat.com/show_bug.cgi?id=2282355", "https://bugzilla.redhat.com/show_bug.cgi?id=2282356", "https://bugzilla.redhat.com/show_bug.cgi?id=2282357", "https://bugzilla.redhat.com/show_bug.cgi?id=2282366", "https://bugzilla.redhat.com/show_bug.cgi?id=2282401", "https://bugzilla.redhat.com/show_bug.cgi?id=2282422", "https://bugzilla.redhat.com/show_bug.cgi?id=2282440", "https://bugzilla.redhat.com/show_bug.cgi?id=2282508", "https://bugzilla.redhat.com/show_bug.cgi?id=2282511", "https://bugzilla.redhat.com/show_bug.cgi?id=2282648", "https://bugzilla.redhat.com/show_bug.cgi?id=2282669", "https://bugzilla.redhat.com/show_bug.cgi?id=2282676", "https://bugzilla.redhat.com/show_bug.cgi?id=2282757", "https://bugzilla.redhat.com/show_bug.cgi?id=2282764", "https://bugzilla.redhat.com/show_bug.cgi?id=2282851", "https://bugzilla.redhat.com/show_bug.cgi?id=2282890", "https://bugzilla.redhat.com/show_bug.cgi?id=2282903", "https://bugzilla.redhat.com/show_bug.cgi?id=2282918", "https://bugzilla.redhat.com/show_bug.cgi?id=2283389", "https://bugzilla.redhat.com/show_bug.cgi?id=2283424", "https://bugzilla.redhat.com/show_bug.cgi?id=2284271", "https://bugzilla.redhat.com/show_bug.cgi?id=2284511", "https://bugzilla.redhat.com/show_bug.cgi?id=2284515", "https://bugzilla.redhat.com/show_bug.cgi?id=2284545", "https://bugzilla.redhat.com/show_bug.cgi?id=2284596", "https://bugzilla.redhat.com/show_bug.cgi?id=2284628", "https://bugzilla.redhat.com/show_bug.cgi?id=2284630", "https://bugzilla.redhat.com/show_bug.cgi?id=2284634", "https://bugzilla.redhat.com/show_bug.cgi?id=2293247", "https://bugzilla.redhat.com/show_bug.cgi?id=2293270", "https://bugzilla.redhat.com/show_bug.cgi?id=2293273", "https://bugzilla.redhat.com/show_bug.cgi?id=2293304", "https://bugzilla.redhat.com/show_bug.cgi?id=2293377", "https://bugzilla.redhat.com/show_bug.cgi?id=2293408", "https://bugzilla.redhat.com/show_bug.cgi?id=2293414", "https://bugzilla.redhat.com/show_bug.cgi?id=2293423", "https://bugzilla.redhat.com/show_bug.cgi?id=2293440", "https://bugzilla.redhat.com/show_bug.cgi?id=2293441", "https://bugzilla.redhat.com/show_bug.cgi?id=2293658", "https://bugzilla.redhat.com/show_bug.cgi?id=2294313", "https://bugzilla.redhat.com/show_bug.cgi?id=2297471", "https://bugzilla.redhat.com/show_bug.cgi?id=2297473", "https://bugzilla.redhat.com/show_bug.cgi?id=2297478", "https://bugzilla.redhat.com/show_bug.cgi?id=2297488", "https://bugzilla.redhat.com/show_bug.cgi?id=2297495", "https://bugzilla.redhat.com/show_bug.cgi?id=2297496", "https://bugzilla.redhat.com/show_bug.cgi?id=2297513", "https://bugzilla.redhat.com/show_bug.cgi?id=2297515", "https://bugzilla.redhat.com/show_bug.cgi?id=2297525", "https://bugzilla.redhat.com/show_bug.cgi?id=2297538", "https://bugzilla.redhat.com/show_bug.cgi?id=2297542", "https://bugzilla.redhat.com/show_bug.cgi?id=2297543", "https://bugzilla.redhat.com/show_bug.cgi?id=2297544", "https://bugzilla.redhat.com/show_bug.cgi?id=2297556", "https://bugzilla.redhat.com/show_bug.cgi?id=2297561", "https://bugzilla.redhat.com/show_bug.cgi?id=2297562", "https://bugzilla.redhat.com/show_bug.cgi?id=2297572", "https://bugzilla.redhat.com/show_bug.cgi?id=2297573", "https://bugzilla.redhat.com/show_bug.cgi?id=2297579", "https://bugzilla.redhat.com/show_bug.cgi?id=2297581", "https://bugzilla.redhat.com/show_bug.cgi?id=2297582", "https://bugzilla.redhat.com/show_bug.cgi?id=2297589", "https://bugzilla.redhat.com/show_bug.cgi?id=2297706", "https://bugzilla.redhat.com/show_bug.cgi?id=2297909", "https://bugzilla.redhat.com/show_bug.cgi?id=2298079", "https://bugzilla.redhat.com/show_bug.cgi?id=2298140", "https://bugzilla.redhat.com/show_bug.cgi?id=2298177", "https://bugzilla.redhat.com/show_bug.cgi?id=2298640", "https://bugzilla.redhat.com/show_bug.cgi?id=2299240", "https://bugzilla.redhat.com/show_bug.cgi?id=2299336", "https://bugzilla.redhat.com/show_bug.cgi?id=2299452", "https://bugzilla.redhat.com/show_bug.cgi?id=2300296", "https://bugzilla.redhat.com/show_bug.cgi?id=2300297", "https://bugzilla.redhat.com/show_bug.cgi?id=2300381", "https://bugzilla.redhat.com/show_bug.cgi?id=2300402", "https://bugzilla.redhat.com/show_bug.cgi?id=2300407", "https://bugzilla.redhat.com/show_bug.cgi?id=2300408", "https://bugzilla.redhat.com/show_bug.cgi?id=2300409", "https://bugzilla.redhat.com/show_bug.cgi?id=2300410", "https://bugzilla.redhat.com/show_bug.cgi?id=2300414", "https://bugzilla.redhat.com/show_bug.cgi?id=2300429", "https://bugzilla.redhat.com/show_bug.cgi?id=2300430", "https://bugzilla.redhat.com/show_bug.cgi?id=2300434", "https://bugzilla.redhat.com/show_bug.cgi?id=2300439", "https://bugzilla.redhat.com/show_bug.cgi?id=2300440", "https://bugzilla.redhat.com/show_bug.cgi?id=2300448", "https://bugzilla.redhat.com/show_bug.cgi?id=2300453", "https://bugzilla.redhat.com/show_bug.cgi?id=2300492", "https://bugzilla.redhat.com/show_bug.cgi?id=2300533", "https://bugzilla.redhat.com/show_bug.cgi?id=2300552", "https://bugzilla.redhat.com/show_bug.cgi?id=2300709", "https://bugzilla.redhat.com/show_bug.cgi?id=2300713", "https://bugzilla.redhat.com/show_bug.cgi?id=2301477", "https://bugzilla.redhat.com/show_bug.cgi?id=2301489", "https://bugzilla.redhat.com/show_bug.cgi?id=2301496", "https://bugzilla.redhat.com/show_bug.cgi?id=2301519", "https://bugzilla.redhat.com/show_bug.cgi?id=2301522", "https://bugzilla.redhat.com/show_bug.cgi?id=2301543", "https://bugzilla.redhat.com/show_bug.cgi?id=2301544", "https://bugzilla.redhat.com/show_bug.cgi?id=2303077", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46984", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47101", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47287", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47289", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47338", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47352", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47383", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47384", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47385", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47386", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47393", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47412", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47432", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47441", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47455", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47466", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47497", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47527", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47560", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47582", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47609", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48619", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48754", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48760", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48804", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48836", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48866", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49316", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52470", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52476", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52478", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52522", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52605", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52683", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52798", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52800", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52817", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52840", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6040", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23848", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26595", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26638", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26645", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26649", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26665", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26717", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26720", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26769", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26846", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26855", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26880", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26894", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26923", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26939", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27013", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27042", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35877", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35884", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35944", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36883", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36901", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36902", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36919", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36920", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36922", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36939", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36953", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37356", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38558", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38559", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38570", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38579", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38581", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38619", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39471", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39499", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39501", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39506", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40901", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40904", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40911", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40912", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40929", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40931", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40941", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40954", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40958", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40959", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40960", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40972", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40977", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40978", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40988", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40995", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40997", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40998", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41005", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41007", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41008", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41012", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41013", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41023", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41035", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41038", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41039", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41040", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41041", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41044", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41055", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41060", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41065", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41071", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41076", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41090", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41091", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42084", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42090", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42094", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42096", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42114", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42124", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42131", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42152", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42154", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42225", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42226", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42228", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42237", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42238", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42240", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42246", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42265", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43830", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43871", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45026", "https://errata.almalinux.org/8/ALSA-2024-7000.html", "https://errata.rockylinux.org/RLSA-2024:7000", "https://git.kernel.org/linus/b58652db66c910c2245f5bee7deca41c12d707b9 (6.10)", "https://git.kernel.org/stable/c/7a54d31face626f62de415ebe77b43f76c3ffaf4", "https://git.kernel.org/stable/c/b58652db66c910c2245f5bee7deca41c12d707b9", "https://linux.oracle.com/cve/CVE-2024-41023.html", "https://linux.oracle.com/errata/ELSA-2024-7000.html", "https://lore.kernel.org/linux-cve-announce/2024072917-CVE-2024-41023-32a0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-41023", "https://ubuntu.com/security/notices/USN-7089-1", "https://ubuntu.com/security/notices/USN-7089-2", "https://ubuntu.com/security/notices/USN-7089-3", "https://ubuntu.com/security/notices/USN-7089-4", "https://ubuntu.com/security/notices/USN-7089-5", "https://ubuntu.com/security/notices/USN-7089-6", "https://ubuntu.com/security/notices/USN-7089-7", "https://ubuntu.com/security/notices/USN-7090-1", "https://ubuntu.com/security/notices/USN-7095-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://www.cve.org/CVERecord?id=CVE-2024-41023" ], "PublishedDate": "2024-07-29T15:15:11.2Z", "LastModifiedDate": "2025-03-04T16:58:01.263Z" }, { "VulnerabilityID": "CVE-2024-41030", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-41030", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b8bee105569bdf00c8827bea8d786735216a24bcbc6778c785aa3e42be5400e9", "Title": "kernel: ksmbd: discard write access to the directory open", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: discard write access to the directory open\n\nmay_open() does not allow a directory to be opened with the write access.\nHowever, some writing flags set by client result in adding write access\non server, making ksmbd incompatible with FUSE file system. Simply, let's\ndiscard the write access when opening a directory.\n\nlist_add corruption. next is NULL.\n------------[ cut here ]------------\nkernel BUG at lib/list_debug.c:26!\npc : __list_add_valid+0x88/0xbc\nlr : __list_add_valid+0x88/0xbc\nCall trace:\n__list_add_valid+0x88/0xbc\nfuse_finish_open+0x11c/0x170\nfuse_open_common+0x284/0x5e8\nfuse_dir_open+0x14/0x24\ndo_dentry_open+0x2a4/0x4e0\ndentry_open+0x50/0x80\nsmb2_open+0xbe4/0x15a4\nhandle_ksmbd_work+0x478/0x5ec\nprocess_one_work+0x1b4/0x448\nworker_thread+0x25c/0x430\nkthread+0x104/0x1d4\nret_from_fork+0x10/0x20", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-41030", "https://git.kernel.org/linus/e2e33caa5dc2eae7bddf88b22ce11ec3d760e5cd (6.10)", "https://git.kernel.org/stable/c/198498b2049c0f11f7670be6974570e02b0cc035", "https://git.kernel.org/stable/c/66cf853e1c7a2407f15d9f7aaa3e47d61745e361", "https://git.kernel.org/stable/c/9e84b1ba5c98fb5c9f869c85db1d870354613baa", "https://git.kernel.org/stable/c/e2e33caa5dc2eae7bddf88b22ce11ec3d760e5cd", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024072921-CVE-2024-41030-301a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-41030", "https://ubuntu.com/security/notices/USN-7089-1", "https://ubuntu.com/security/notices/USN-7089-2", "https://ubuntu.com/security/notices/USN-7089-3", "https://ubuntu.com/security/notices/USN-7089-4", "https://ubuntu.com/security/notices/USN-7089-5", "https://ubuntu.com/security/notices/USN-7089-6", "https://ubuntu.com/security/notices/USN-7089-7", "https://ubuntu.com/security/notices/USN-7090-1", "https://ubuntu.com/security/notices/USN-7095-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://www.cve.org/CVERecord?id=CVE-2024-41030" ], "PublishedDate": "2024-07-29T15:15:11.697Z", "LastModifiedDate": "2025-11-03T22:17:24.97Z" }, { "VulnerabilityID": "CVE-2024-41031", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-41031", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:012823d79816bde7cdc7cef5cccd4a15a76322b5726ad5b94778a4cdd019582a", "Title": "kernel: mm/filemap: skip to create PMD-sized page cache if needed", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/filemap: skip to create PMD-sized page cache if needed\n\nOn ARM64, HPAGE_PMD_ORDER is 13 when the base page size is 64KB. The\nPMD-sized page cache can't be supported by xarray as the following error\nmessages indicate.\n\n------------[ cut here ]------------\nWARNING: CPU: 35 PID: 7484 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128\nModules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib \\\nnft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct \\\nnft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 \\\nip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm \\\nfuse xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 \\\nsha1_ce virtio_net net_failover virtio_console virtio_blk failover \\\ndimlib virtio_mmio\nCPU: 35 PID: 7484 Comm: test Kdump: loaded Tainted: G W 6.10.0-rc5-gavin+ #9\nHardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024\npstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\npc : xas_split_alloc+0xf8/0x128\nlr : split_huge_page_to_list_to_order+0x1c4/0x720\nsp : ffff800087a4f6c0\nx29: ffff800087a4f6c0 x28: ffff800087a4f720 x27: 000000001fffffff\nx26: 0000000000000c40 x25: 000000000000000d x24: ffff00010625b858\nx23: ffff800087a4f720 x22: ffffffdfc0780000 x21: 0000000000000000\nx20: 0000000000000000 x19: ffffffdfc0780000 x18: 000000001ff40000\nx17: 00000000ffffffff x16: 0000018000000000 x15: 51ec004000000000\nx14: 0000e00000000000 x13: 0000000000002000 x12: 0000000000000020\nx11: 51ec000000000000 x10: 51ece1c0ffff8000 x9 : ffffbeb961a44d28\nx8 : 0000000000000003 x7 : ffffffdfc0456420 x6 : ffff0000e1aa6eb8\nx5 : 20bf08b4fe778fca x4 : ffffffdfc0456420 x3 : 0000000000000c40\nx2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000\nCall trace:\n xas_split_alloc+0xf8/0x128\n split_huge_page_to_list_to_order+0x1c4/0x720\n truncate_inode_partial_folio+0xdc/0x160\n truncate_inode_pages_range+0x1b4/0x4a8\n truncate_pagecache_range+0x84/0xa0\n xfs_flush_unmap_range+0x70/0x90 [xfs]\n xfs_file_fallocate+0xfc/0x4d8 [xfs]\n vfs_fallocate+0x124/0x2e8\n ksys_fallocate+0x4c/0xa0\n __arm64_sys_fallocate+0x24/0x38\n invoke_syscall.constprop.0+0x7c/0xd8\n do_el0_svc+0xb4/0xd0\n el0_svc+0x44/0x1d8\n el0t_64_sync_handler+0x134/0x150\n el0t_64_sync+0x17c/0x180\n\nFix it by skipping to allocate PMD-sized page cache when its size is\nlarger than MAX_PAGECACHE_ORDER. For this specific case, we will fall to\nregular path where the readahead window is determined by BDI's sysfs file\n(read_ahead_kb).", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-41031", "https://git.kernel.org/linus/3390916aca7af1893ed2ebcdfee1d6fdb65bb058 (6.10)", "https://git.kernel.org/stable/c/06b5a69c27ec405a3c3f2da8520ff1ee70b94a21", "https://git.kernel.org/stable/c/1ef650d3b1b2a16473981b447f38705fe9b93972", "https://git.kernel.org/stable/c/3390916aca7af1893ed2ebcdfee1d6fdb65bb058", "https://lore.kernel.org/linux-cve-announce/2024072921-CVE-2024-41031-6286@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-41031", "https://ubuntu.com/security/notices/USN-7089-1", "https://ubuntu.com/security/notices/USN-7089-2", "https://ubuntu.com/security/notices/USN-7089-3", "https://ubuntu.com/security/notices/USN-7089-4", "https://ubuntu.com/security/notices/USN-7089-5", "https://ubuntu.com/security/notices/USN-7089-6", "https://ubuntu.com/security/notices/USN-7089-7", "https://ubuntu.com/security/notices/USN-7090-1", "https://ubuntu.com/security/notices/USN-7095-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://www.cve.org/CVERecord?id=CVE-2024-41031" ], "PublishedDate": "2024-07-29T15:15:11.77Z", "LastModifiedDate": "2025-10-07T16:26:26.09Z" }, { "VulnerabilityID": "CVE-2024-41036", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-41036", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:acc1d1273c7e74a27b5b6129600fc04378f962e22e67816eb436c41aefd4bd9b", "Title": "kernel: net: ks8851: Fix deadlock with the SPI chip variant", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ks8851: Fix deadlock with the SPI chip variant\n\nWhen SMP is enabled and spinlocks are actually functional then there is\na deadlock with the 'statelock' spinlock between ks8851_start_xmit_spi\nand ks8851_irq:\n\n watchdog: BUG: soft lockup - CPU#0 stuck for 27s!\n call trace:\n queued_spin_lock_slowpath+0x100/0x284\n do_raw_spin_lock+0x34/0x44\n ks8851_start_xmit_spi+0x30/0xb8\n ks8851_start_xmit+0x14/0x20\n netdev_start_xmit+0x40/0x6c\n dev_hard_start_xmit+0x6c/0xbc\n sch_direct_xmit+0xa4/0x22c\n __qdisc_run+0x138/0x3fc\n qdisc_run+0x24/0x3c\n net_tx_action+0xf8/0x130\n handle_softirqs+0x1ac/0x1f0\n __do_softirq+0x14/0x20\n ____do_softirq+0x10/0x1c\n call_on_irq_stack+0x3c/0x58\n do_softirq_own_stack+0x1c/0x28\n __irq_exit_rcu+0x54/0x9c\n irq_exit_rcu+0x10/0x1c\n el1_interrupt+0x38/0x50\n el1h_64_irq_handler+0x18/0x24\n el1h_64_irq+0x64/0x68\n __netif_schedule+0x6c/0x80\n netif_tx_wake_queue+0x38/0x48\n ks8851_irq+0xb8/0x2c8\n irq_thread_fn+0x2c/0x74\n irq_thread+0x10c/0x1b0\n kthread+0xc8/0xd8\n ret_from_fork+0x10/0x20\n\nThis issue has not been identified earlier because tests were done on\na device with SMP disabled and so spinlocks were actually NOPs.\n\nNow use spin_(un)lock_bh for TX queue related locking to avoid execution\nof softirq work synchronously that would lead to a deadlock.", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-41036", "https://git.kernel.org/linus/0913ec336a6c0c4a2b296bd9f74f8e41c4c83c8c (6.10)", "https://git.kernel.org/stable/c/0913ec336a6c0c4a2b296bd9f74f8e41c4c83c8c", "https://git.kernel.org/stable/c/10fec0cd0e8f56ff06c46bb24254c7d8f8f2bbf0", "https://git.kernel.org/stable/c/80ece00137300d74642f2038c8fe5440deaf9f05", "https://git.kernel.org/stable/c/a0c69c492f4a8fad52f0a97565241c926160c9a4", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024072923-CVE-2024-41036-65a8@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-41036", "https://ubuntu.com/security/notices/USN-7089-1", "https://ubuntu.com/security/notices/USN-7089-2", "https://ubuntu.com/security/notices/USN-7089-3", "https://ubuntu.com/security/notices/USN-7089-4", "https://ubuntu.com/security/notices/USN-7089-5", "https://ubuntu.com/security/notices/USN-7089-6", "https://ubuntu.com/security/notices/USN-7089-7", "https://ubuntu.com/security/notices/USN-7090-1", "https://ubuntu.com/security/notices/USN-7095-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://www.cve.org/CVERecord?id=CVE-2024-41036" ], "PublishedDate": "2024-07-29T15:15:12.17Z", "LastModifiedDate": "2025-11-03T22:17:25.807Z" }, { "VulnerabilityID": "CVE-2024-41045", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-41045", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ce921dfdc789b2484de77a7e454045f1c9847244d36d246e20e3f5d50dc8a8a4", "Title": "kernel: bpf: Defer work in bpf_timer_cancel_and_free", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Defer work in bpf_timer_cancel_and_free\n\nCurrently, the same case as previous patch (two timer callbacks trying\nto cancel each other) can be invoked through bpf_map_update_elem as\nwell, or more precisely, freeing map elements containing timers. Since\nthis relies on hrtimer_cancel as well, it is prone to the same deadlock\nsituation as the previous patch.\n\nIt would be sufficient to use hrtimer_try_to_cancel to fix this problem,\nas the timer cannot be enqueued after async_cancel_and_free. Once\nasync_cancel_and_free has been done, the timer must be reinitialized\nbefore it can be armed again. The callback running in parallel trying to\narm the timer will fail, and freeing bpf_hrtimer without waiting is\nsufficient (given kfree_rcu), and bpf_timer_cb will return\nHRTIMER_NORESTART, preventing the timer from being rearmed again.\n\nHowever, there exists a UAF scenario where the callback arms the timer\nbefore entering this function, such that if cancellation fails (due to\ntimer callback invoking this routine, or the target timer callback\nrunning concurrently). In such a case, if the timer expiration is\nsignificantly far in the future, the RCU grace period expiration\nhappening before it will free the bpf_hrtimer state and along with it\nthe struct hrtimer, that is enqueued.\n\nHence, it is clear cancellation needs to occur after\nasync_cancel_and_free, and yet it cannot be done inline due to deadlock\nissues. We thus modify bpf_timer_cancel_and_free to defer work to the\nglobal workqueue, adding a work_struct alongside rcu_head (both used at\n_different_ points of time, so can share space).\n\nUpdate existing code comments to reflect the new state of affairs.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-41045", "https://git.kernel.org/linus/a6fcd19d7eac1335eb76bc16b6a66b7f574d1d69 (6.10)", "https://git.kernel.org/stable/c/7aa5a19279c3639ae8b758b63f05d0c616a39fa1", "https://git.kernel.org/stable/c/a6fcd19d7eac1335eb76bc16b6a66b7f574d1d69", "https://lore.kernel.org/linux-cve-announce/2024072925-CVE-2024-41045-6cc1@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-41045", "https://ubuntu.com/security/notices/USN-7089-1", "https://ubuntu.com/security/notices/USN-7089-2", "https://ubuntu.com/security/notices/USN-7089-3", "https://ubuntu.com/security/notices/USN-7089-4", "https://ubuntu.com/security/notices/USN-7089-5", "https://ubuntu.com/security/notices/USN-7089-6", "https://ubuntu.com/security/notices/USN-7089-7", "https://ubuntu.com/security/notices/USN-7090-1", "https://ubuntu.com/security/notices/USN-7095-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://www.cve.org/CVERecord?id=CVE-2024-41045" ], "PublishedDate": "2024-07-29T15:15:12.873Z", "LastModifiedDate": "2025-09-25T20:03:33.567Z" }, { "VulnerabilityID": "CVE-2024-41050", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-41050", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:968107df1c6fe9892b6fb2b7d4901e5b6c38a7b86f717743bfe65a932c1c509b", "Title": "kernel: cachefiles: cyclic allocation of msg_id to avoid reuse", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: cyclic allocation of msg_id to avoid reuse\n\nReusing the msg_id after a maliciously completed reopen request may cause\na read request to remain unprocessed and result in a hung, as shown below:\n\n t1 | t2 | t3\n-------------------------------------------------\ncachefiles_ondemand_select_req\n cachefiles_ondemand_object_is_close(A)\n cachefiles_ondemand_set_object_reopening(A)\n queue_work(fscache_object_wq, \u0026info-\u003ework)\n ondemand_object_worker\n cachefiles_ondemand_init_object(A)\n cachefiles_ondemand_send_req(OPEN)\n // get msg_id 6\n wait_for_completion(\u0026req_A-\u003edone)\ncachefiles_ondemand_daemon_read\n // read msg_id 6 req_A\n cachefiles_ondemand_get_fd\n copy_to_user\n // Malicious completion msg_id 6\n copen 6,-1\n cachefiles_ondemand_copen\n complete(\u0026req_A-\u003edone)\n // will not set the object to close\n // because ondemand_id \u0026\u0026 fd is valid.\n\n // ondemand_object_worker() is done\n // but the object is still reopening.\n\n // new open req_B\n cachefiles_ondemand_init_object(B)\n cachefiles_ondemand_send_req(OPEN)\n // reuse msg_id 6\nprocess_open_req\n copen 6,A.size\n // The expected failed copen was executed successfully\n\nExpect copen to fail, and when it does, it closes fd, which sets the\nobject to close, and then close triggers reopen again. However, due to\nmsg_id reuse resulting in a successful copen, the anonymous fd is not\nclosed until the daemon exits. Therefore read requests waiting for reopen\nto complete may trigger hung task.\n\nTo avoid this issue, allocate the msg_id cyclically to avoid reusing the\nmsg_id for a very short duration of time.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-41050", "https://git.kernel.org/linus/19f4f399091478c95947f6bd7ad61622300c30d9 (6.10)", "https://git.kernel.org/stable/c/19f4f399091478c95947f6bd7ad61622300c30d9", "https://git.kernel.org/stable/c/35710c6c4a1c64478ec1b5e0e81d386c0844dec6", "https://git.kernel.org/stable/c/9d3bf4e9aa23f0d9e99ebe7a94f232ddba54ee17", "https://git.kernel.org/stable/c/de045a82e1a4e04be62718d3c2981a55150765a0", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024072927-CVE-2024-41050-f3ff@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-41050", "https://ubuntu.com/security/notices/USN-7089-1", "https://ubuntu.com/security/notices/USN-7089-2", "https://ubuntu.com/security/notices/USN-7089-3", "https://ubuntu.com/security/notices/USN-7089-4", "https://ubuntu.com/security/notices/USN-7089-5", "https://ubuntu.com/security/notices/USN-7089-6", "https://ubuntu.com/security/notices/USN-7089-7", "https://ubuntu.com/security/notices/USN-7090-1", "https://ubuntu.com/security/notices/USN-7095-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://www.cve.org/CVERecord?id=CVE-2024-41050" ], "PublishedDate": "2024-07-29T15:15:13.26Z", "LastModifiedDate": "2025-11-03T22:17:28.237Z" }, { "VulnerabilityID": "CVE-2024-41062", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-41062", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:48c49c4dfdf95312eeaa15c37867a128aa05ef843e83807d2ae63a602b1662b3", "Title": "kernel: bluetooth/l2cap: sync sock recv cb and release", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbluetooth/l2cap: sync sock recv cb and release\n\nThe problem occurs between the system call to close the sock and hci_rx_work,\nwhere the former releases the sock and the latter accesses it without lock protection.\n\n CPU0 CPU1\n ---- ----\n sock_close hci_rx_work\n\t l2cap_sock_release hci_acldata_packet\n\t l2cap_sock_kill l2cap_recv_frame\n\t sk_free l2cap_conless_channel\n\t l2cap_sock_recv_cb\n\nIf hci_rx_work processes the data that needs to be received before the sock is\nclosed, then everything is normal; Otherwise, the work thread may access the\nreleased sock when receiving data.\n\nAdd a chan mutex in the rx callback of the sock to achieve synchronization between\nthe sock release and recv cb.\n\nSock is dead, so set chan data to NULL, avoid others use invalid sock pointer.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-41062", "https://git.kernel.org/linus/89e856e124f9ae548572c56b1b70c2255705f8fe (6.10-rc7)", "https://git.kernel.org/stable/c/3b732449b78183d17178db40be3a4401cf3cd629", "https://git.kernel.org/stable/c/605572e64cd9cebb05ed609d96cff05b50d18cdf", "https://git.kernel.org/stable/c/89e856e124f9ae548572c56b1b70c2255705f8fe", "https://git.kernel.org/stable/c/b803f30ea23e0968b6c8285c42adf0d862ab2bf6", "https://linux.oracle.com/cve/CVE-2024-41062.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024072906-CVE-2024-41062-cb85@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-41062", "https://ubuntu.com/security/notices/USN-7089-1", "https://ubuntu.com/security/notices/USN-7089-2", "https://ubuntu.com/security/notices/USN-7089-3", "https://ubuntu.com/security/notices/USN-7089-4", "https://ubuntu.com/security/notices/USN-7089-5", "https://ubuntu.com/security/notices/USN-7089-6", "https://ubuntu.com/security/notices/USN-7089-7", "https://ubuntu.com/security/notices/USN-7090-1", "https://ubuntu.com/security/notices/USN-7095-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://www.cve.org/CVERecord?id=CVE-2024-41062" ], "PublishedDate": "2024-07-29T15:15:14.173Z", "LastModifiedDate": "2025-11-03T22:17:29.473Z" }, { "VulnerabilityID": "CVE-2024-41067", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-41067", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f481ed4950789a608d2737c2241d96cced4c91a9c2b4878bf61a6263376554fc", "Title": "kernel: btrfs: scrub: handle RST lookup error correctly", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: scrub: handle RST lookup error correctly\n\n[BUG]\nWhen running btrfs/060 with forced RST feature, it would crash the\nfollowing ASSERT() inside scrub_read_endio():\n\n\tASSERT(sector_nr \u003c stripe-\u003enr_sectors);\n\nBefore that, we would have tree dump from\nbtrfs_get_raid_extent_offset(), as we failed to find the RST entry for\nthe range.\n\n[CAUSE]\nInside scrub_submit_extent_sector_read() every time we allocated a new\nbbio we immediately called btrfs_map_block() to make sure there was some\nRST range covering the scrub target.\n\nBut if btrfs_map_block() fails, we immediately call endio for the bbio,\nwhile the bbio is newly allocated, it's completely empty.\n\nThen inside scrub_read_endio(), we go through the bvecs to find\nthe sector number (as bi_sector is no longer reliable if the bio is\nsubmitted to lower layers).\n\nAnd since the bio is empty, such bvecs iteration would not find any\nsector matching the sector, and return sector_nr == stripe-\u003enr_sectors,\ntriggering the ASSERT().\n\n[FIX]\nInstead of calling btrfs_map_block() after allocating a new bbio, call\nbtrfs_map_block() first.\n\nSince our only objective of calling btrfs_map_block() is only to update\nstripe_len, there is really no need to do that after btrfs_alloc_bio().\n\nThis new timing would avoid the problem of handling empty bbio\ncompletely, and in fact fixes a possible race window for the old code,\nwhere if the submission thread is the only owner of the pending_io, the\nscrub would never finish (since we didn't decrease the pending_io\ncounter).\n\nAlthough the root cause of RST lookup failure still needs to be\naddressed.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-41067", "https://git.kernel.org/linus/2c49908634a2b97b1c3abe0589be2739ac5e7fd5 (6.10-rc6)", "https://git.kernel.org/stable/c/17d1fd302a53d7e456a7412da74be74a0cf63a72", "https://git.kernel.org/stable/c/2c49908634a2b97b1c3abe0589be2739ac5e7fd5", "https://lore.kernel.org/linux-cve-announce/2024072907-CVE-2024-41067-bc18@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-41067", "https://ubuntu.com/security/notices/USN-7089-1", "https://ubuntu.com/security/notices/USN-7089-2", "https://ubuntu.com/security/notices/USN-7089-3", "https://ubuntu.com/security/notices/USN-7089-4", "https://ubuntu.com/security/notices/USN-7089-5", "https://ubuntu.com/security/notices/USN-7089-6", "https://ubuntu.com/security/notices/USN-7089-7", "https://ubuntu.com/security/notices/USN-7090-1", "https://ubuntu.com/security/notices/USN-7095-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://www.cve.org/CVERecord?id=CVE-2024-41067" ], "PublishedDate": "2024-07-29T15:15:14.56Z", "LastModifiedDate": "2025-10-09T18:06:27.28Z" }, { "VulnerabilityID": "CVE-2024-41069", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-41069", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:99966a84dff88d358181ac1c2793efda65618e9a12a7e1565f73e9c8b3bf21c9", "Title": "kernel: ASoC: topology: Fix references to freed memory", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: topology: Fix references to freed memory\n\nMost users after parsing a topology file, release memory used by it, so\nhaving pointer references directly into topology file contents is wrong.\nUse devm_kmemdup(), to allocate memory as needed.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-41069", "https://git.kernel.org/linus/97ab304ecd95c0b1703ff8c8c3956dc6e2afe8e1 (6.10-rc6)", "https://git.kernel.org/stable/c/97ab304ecd95c0b1703ff8c8c3956dc6e2afe8e1", "https://git.kernel.org/stable/c/ab5a6208b4d6872b1c6ecea1867940fc668cc76d", "https://git.kernel.org/stable/c/b188d7f3dfab10e332e3c1066e18857964a520d2", "https://git.kernel.org/stable/c/ccae5c6a1fab9494c86b7856faf05e296c617702", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024072908-CVE-2024-41069-31e3@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-41069", "https://ubuntu.com/security/notices/USN-7089-1", "https://ubuntu.com/security/notices/USN-7089-2", "https://ubuntu.com/security/notices/USN-7089-3", "https://ubuntu.com/security/notices/USN-7089-4", "https://ubuntu.com/security/notices/USN-7089-5", "https://ubuntu.com/security/notices/USN-7089-6", "https://ubuntu.com/security/notices/USN-7089-7", "https://ubuntu.com/security/notices/USN-7090-1", "https://ubuntu.com/security/notices/USN-7095-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://www.cve.org/CVERecord?id=CVE-2024-41069" ], "PublishedDate": "2024-07-29T15:15:14.713Z", "LastModifiedDate": "2025-11-03T22:17:30.28Z" }, { "VulnerabilityID": "CVE-2024-41074", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-41074", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:23be4c80a9b9c826434ced3b514bac8e08230c3940b2df89bc382752420976f3", "Title": "kernel: cachefiles: Set object to close if ondemand_id \u0026lt; 0 in copen", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: Set object to close if ondemand_id \u003c 0 in copen\n\nIf copen is maliciously called in the user mode, it may delete the request\ncorresponding to the random id. And the request may have not been read yet.\n\nNote that when the object is set to reopen, the open request will be done\nwith the still reopen state in above case. As a result, the request\ncorresponding to this object is always skipped in select_req function, so\nthe read request is never completed and blocks other process.\n\nFix this issue by simply set object to close if its id \u003c 0 in copen.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-41074", "https://git.kernel.org/linus/4f8703fb3482f92edcfd31661857b16fec89c2c0 (6.10-rc4)", "https://git.kernel.org/stable/c/0845c553db11c84ff53fccd59da11b6d6ece4a60", "https://git.kernel.org/stable/c/4f8703fb3482f92edcfd31661857b16fec89c2c0", "https://git.kernel.org/stable/c/703bea37d13e4ccdafd17ae7c4cb583752ba7663", "https://git.kernel.org/stable/c/c32ee78fbc670e6f90989a45d340748e34cad333", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024072910-CVE-2024-41074-e5d9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-41074", "https://ubuntu.com/security/notices/USN-7089-1", "https://ubuntu.com/security/notices/USN-7089-2", "https://ubuntu.com/security/notices/USN-7089-3", "https://ubuntu.com/security/notices/USN-7089-4", "https://ubuntu.com/security/notices/USN-7089-5", "https://ubuntu.com/security/notices/USN-7089-6", "https://ubuntu.com/security/notices/USN-7089-7", "https://ubuntu.com/security/notices/USN-7090-1", "https://ubuntu.com/security/notices/USN-7095-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://www.cve.org/CVERecord?id=CVE-2024-41074" ], "PublishedDate": "2024-07-29T15:15:15.097Z", "LastModifiedDate": "2025-11-03T22:17:30.933Z" }, { "VulnerabilityID": "CVE-2024-41075", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-41075", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:198f2c50b0904ade8a94202f999305a1a73af207c83d706343e81f7dc4547864", "Title": "kernel: cachefiles: add consistency check for copen/cread", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: add consistency check for copen/cread\n\nThis prevents malicious processes from completing random copen/cread\nrequests and crashing the system. Added checks are listed below:\n\n * Generic, copen can only complete open requests, and cread can only\n complete read requests.\n * For copen, ondemand_id must not be 0, because this indicates that the\n request has not been read by the daemon.\n * For cread, the object corresponding to fd and req should be the same.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-41075", "https://git.kernel.org/linus/a26dc49df37e996876f50a0210039b2d211fdd6f (6.10-rc4)", "https://git.kernel.org/stable/c/36d845ccd7bf527110a65fe953886a176c209539", "https://git.kernel.org/stable/c/3b744884c0431b5a62c92900e64bfd0ed61e8e2a", "https://git.kernel.org/stable/c/8aaa6c5dd2940ab934d6cd296175f43dbb32b34a", "https://git.kernel.org/stable/c/a26dc49df37e996876f50a0210039b2d211fdd6f", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024072910-CVE-2024-41075-7f07@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-41075", "https://ubuntu.com/security/notices/USN-7089-1", "https://ubuntu.com/security/notices/USN-7089-2", "https://ubuntu.com/security/notices/USN-7089-3", "https://ubuntu.com/security/notices/USN-7089-4", "https://ubuntu.com/security/notices/USN-7089-5", "https://ubuntu.com/security/notices/USN-7089-6", "https://ubuntu.com/security/notices/USN-7089-7", "https://ubuntu.com/security/notices/USN-7090-1", "https://ubuntu.com/security/notices/USN-7095-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://www.cve.org/CVERecord?id=CVE-2024-41075" ], "PublishedDate": "2024-07-29T15:15:15.163Z", "LastModifiedDate": "2025-11-03T22:17:31.073Z" }, { "VulnerabilityID": "CVE-2024-41079", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-41079", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c7e0da3e8b275c0d4dbe64ab58ab23c033ca2c0d8b63b8d04c0652d8bb5214c2", "Title": "kernel: nvmet: always initialize cqe.result", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: always initialize cqe.result\n\nThe spec doesn't mandate that the first two double words (aka results)\nfor the command queue entry need to be set to 0 when they are not\nused (not specified). Though, the target implemention returns 0 for TCP\nand FC but not for RDMA.\n\nLet's make RDMA behave the same and thus explicitly initializing the\nresult field. This prevents leaking any data from the stack.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-41079", "https://git.kernel.org/linus/cd0c1b8e045a8d2785342b385cb2684d9b48e426 (6.10-rc4)", "https://git.kernel.org/stable/c/0990e8a863645496b9e3f91cfcfd63cd95c80319", "https://git.kernel.org/stable/c/10967873b80742261527a071954be8b54f0f8e4d", "https://git.kernel.org/stable/c/30d35b24b7957922f81cfdaa66f2e1b1e9b9aed2", "https://git.kernel.org/stable/c/cd0c1b8e045a8d2785342b385cb2684d9b48e426", "https://linux.oracle.com/cve/CVE-2024-41079.html", "https://linux.oracle.com/errata/ELSA-2025-20270.html", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024072925-CVE-2024-41079-09c3@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-41079", "https://ubuntu.com/security/notices/USN-7089-1", "https://ubuntu.com/security/notices/USN-7089-2", "https://ubuntu.com/security/notices/USN-7089-3", "https://ubuntu.com/security/notices/USN-7089-4", "https://ubuntu.com/security/notices/USN-7089-5", "https://ubuntu.com/security/notices/USN-7089-6", "https://ubuntu.com/security/notices/USN-7089-7", "https://ubuntu.com/security/notices/USN-7090-1", "https://ubuntu.com/security/notices/USN-7095-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://www.cve.org/CVERecord?id=CVE-2024-41079" ], "PublishedDate": "2024-07-29T15:15:15.457Z", "LastModifiedDate": "2025-11-03T22:17:31.763Z" }, { "VulnerabilityID": "CVE-2024-41082", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-41082", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f1242f75913a20732c7bedc145b1a2acdcd5301d9e79834846c236ac91dd5ce7", "Title": "kernel: nvme-fabrics: use reserved tag for reg read/write command", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-fabrics: use reserved tag for reg read/write command\n\nIn some scenarios, if too many commands are issued by nvme command in\nthe same time by user tasks, this may exhaust all tags of admin_q. If\na reset (nvme reset or IO timeout) occurs before these commands finish,\nreconnect routine may fail to update nvme regs due to insufficient tags,\nwhich will cause kernel hang forever. In order to workaround this issue,\nmaybe we can let reg_read32()/reg_read64()/reg_write32() use reserved\ntags. This maybe safe for nvmf:\n\n1. For the disable ctrl path, we will not issue connect command\n2. For the enable ctrl / fw activate path, since connect and reg_xx()\n are called serially.\n\nSo the reserved tags may still be enough while reg_xx() use reserved tags.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-41082", "https://git.kernel.org/linus/7dc3bfcb4c9cc58970fff6aaa48172cb224d85aa (6.10-rc3)", "https://git.kernel.org/stable/c/165da9c67a26f08c9b956c15d701da7690f45bcb", "https://git.kernel.org/stable/c/7dc3bfcb4c9cc58970fff6aaa48172cb224d85aa", "https://linux.oracle.com/cve/CVE-2024-41082.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/2024072926-CVE-2024-41082-6e0a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-41082", "https://ubuntu.com/security/notices/USN-7089-1", "https://ubuntu.com/security/notices/USN-7089-2", "https://ubuntu.com/security/notices/USN-7089-3", "https://ubuntu.com/security/notices/USN-7089-4", "https://ubuntu.com/security/notices/USN-7089-5", "https://ubuntu.com/security/notices/USN-7089-6", "https://ubuntu.com/security/notices/USN-7089-7", "https://ubuntu.com/security/notices/USN-7090-1", "https://ubuntu.com/security/notices/USN-7095-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://www.cve.org/CVERecord?id=CVE-2024-41082" ], "PublishedDate": "2024-07-29T15:15:15.67Z", "LastModifiedDate": "2025-10-09T18:01:11.217Z" }, { "VulnerabilityID": "CVE-2024-41088", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-41088", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1839c394be114be2e7ef122c254c2c2228927cdcf35e83a3e9c8c29f2cd451da", "Title": "kernel: can: mcp251xfd: fix infinite loop when xmit fails", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcp251xfd: fix infinite loop when xmit fails\n\nWhen the mcp251xfd_start_xmit() function fails, the driver stops\nprocessing messages, and the interrupt routine does not return,\nrunning indefinitely even after killing the running application.\n\nError messages:\n[ 441.298819] mcp251xfd spi2.0 can0: ERROR in mcp251xfd_start_xmit: -16\n[ 441.306498] mcp251xfd spi2.0 can0: Transmit Event FIFO buffer not empty. (seq=0x000017c7, tef_tail=0x000017cf, tef_head=0x000017d0, tx_head=0x000017d3).\n... and repeat forever.\n\nThe issue can be triggered when multiple devices share the same SPI\ninterface. And there is concurrent access to the bus.\n\nThe problem occurs because tx_ring-\u003ehead increments even if\nmcp251xfd_start_xmit() fails. Consequently, the driver skips one TX\npackage while still expecting a response in\nmcp251xfd_handle_tefif_one().\n\nResolve the issue by starting a workqueue to write the tx obj\nsynchronously if err = -EBUSY. In case of another error, decrement\ntx_ring-\u003ehead, remove skb from the echo stack, and drop the message.\n\n[mkl: use more imperative wording in patch description]", "Severity": "MEDIUM", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "azure": 2, "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-41088", "https://git.kernel.org/linus/d8fb63e46c884c898a38f061c2330f7729e75510 (6.10-rc6)", "https://git.kernel.org/stable/c/3e72558c1711d524e3150103739ddd06650e291b", "https://git.kernel.org/stable/c/6c6b4afa59c2fb4d1759235f866d8caed2aa4729", "https://git.kernel.org/stable/c/d8fb63e46c884c898a38f061c2330f7729e75510", "https://git.kernel.org/stable/c/f926c022ebaabf7963bebf89a97201d66978a025", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024072952-CVE-2024-41088-281e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-41088", "https://ubuntu.com/security/notices/USN-7089-1", "https://ubuntu.com/security/notices/USN-7089-2", "https://ubuntu.com/security/notices/USN-7089-3", "https://ubuntu.com/security/notices/USN-7089-4", "https://ubuntu.com/security/notices/USN-7089-5", "https://ubuntu.com/security/notices/USN-7089-6", "https://ubuntu.com/security/notices/USN-7089-7", "https://ubuntu.com/security/notices/USN-7090-1", "https://ubuntu.com/security/notices/USN-7095-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://www.cve.org/CVERecord?id=CVE-2024-41088" ], "PublishedDate": "2024-07-29T16:15:04.217Z", "LastModifiedDate": "2025-11-03T22:17:32.44Z" }, { "VulnerabilityID": "CVE-2024-41935", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-41935", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d4aa7e2018913f78a3d3fb3346b31f3842f094f86d6e9f951c2420b4cbbdedfa", "Title": "kernel: f2fs: fix to shrink read extent node in batches", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to shrink read extent node in batches\n\nWe use rwlock to protect core structure data of extent tree during\nits shrink, however, if there is a huge number of extent nodes in\nextent tree, during shrink of extent tree, it may hold rwlock for\na very long time, which may trigger kernel hang issue.\n\nThis patch fixes to shrink read extent node in batches, so that,\ncritical region of the rwlock can be shrunk to avoid its extreme\nlong time hold.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "nvd": 3, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-41935", "https://git.kernel.org/linus/3fc5d5a182f6a1f8bd4dc775feb54c369dd2c343 (6.13-rc1)", "https://git.kernel.org/stable/c/295b50e95e900da31ff237e46e04525fa799b2cf", "https://git.kernel.org/stable/c/3fc5d5a182f6a1f8bd4dc775feb54c369dd2c343", "https://git.kernel.org/stable/c/924f7dd1e832e4e4530d14711db223d2803f7b61", "https://linux.oracle.com/cve/CVE-2024-41935.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025011118-CVE-2024-41935-e11d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-41935", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-41935" ], "PublishedDate": "2025-01-11T13:15:21.083Z", "LastModifiedDate": "2025-09-23T16:11:41.157Z" }, { "VulnerabilityID": "CVE-2024-42067", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-42067", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:28b02e394537edf196111967fc3b4df1495889d8c643018d7b1af3df57dc9f9d", "Title": "kernel: bpf: Take return from set_memory_rox() into account with bpf_jit_binary_lock_ro()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Take return from set_memory_rox() into account with bpf_jit_binary_lock_ro()\n\nset_memory_rox() can fail, leaving memory unprotected.\n\nCheck return and bail out when bpf_jit_binary_lock_ro() returns\nan error.", "Severity": "MEDIUM", "CweIDs": [ "CWE-252" ], "VendorSeverity": { "azure": 2, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-42067", "https://git.kernel.org/linus/e60adf513275c3a38e5cb67f7fd12387e43a3ff5 (6.10-rc1)", "https://git.kernel.org/stable/c/044da7ae7afd4ef60806d73654a2e6a79aa4ed7a", "https://git.kernel.org/stable/c/08f6c05feb1db21653e98ca84ea04ca032d014c7", "https://git.kernel.org/stable/c/9fef36cad60d4226f9d06953cd56d1d2f9119730", "https://git.kernel.org/stable/c/e60adf513275c3a38e5cb67f7fd12387e43a3ff5", "https://lore.kernel.org/linux-cve-announce/2024072951-CVE-2024-42067-c8ef@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-42067", "https://ubuntu.com/security/notices/USN-7089-1", "https://ubuntu.com/security/notices/USN-7089-2", "https://ubuntu.com/security/notices/USN-7089-3", "https://ubuntu.com/security/notices/USN-7089-4", "https://ubuntu.com/security/notices/USN-7089-5", "https://ubuntu.com/security/notices/USN-7089-6", "https://ubuntu.com/security/notices/USN-7089-7", "https://ubuntu.com/security/notices/USN-7090-1", "https://ubuntu.com/security/notices/USN-7095-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://www.cve.org/CVERecord?id=CVE-2024-42067" ], "PublishedDate": "2024-07-29T16:15:06.323Z", "LastModifiedDate": "2025-01-24T16:15:36.447Z" }, { "VulnerabilityID": "CVE-2024-42091", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-42091", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9c60f214a6da2dd407647a935b53680b47f74f5cfce91472763193ce91a05129", "Title": "kernel: drm/xe: Check pat.ops before dumping PAT settings", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Check pat.ops before dumping PAT settings\n\nWe may leave pat.ops unset when running on brand new platform or\nwhen running as a VF. While the former is unlikely, the latter\nis valid (future) use case and will cause NPD when someone will\ntry to dump PAT settings by debugfs.\n\nIt's better to check pointer to pat.ops instead of specific .dump\nhook, as we have this hook always defined for every .ops variant.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-42091", "https://git.kernel.org/linus/a918e771e6fbe1fa68932af5b0cdf473e23090cc (6.10-rc1)", "https://git.kernel.org/stable/c/583ce246c7ff9edeb0de49130cdc3d45db8545cb", "https://git.kernel.org/stable/c/a918e771e6fbe1fa68932af5b0cdf473e23090cc", "https://lore.kernel.org/linux-cve-announce/2024072904-CVE-2024-42091-597d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-42091", "https://ubuntu.com/security/notices/USN-7089-1", "https://ubuntu.com/security/notices/USN-7089-2", "https://ubuntu.com/security/notices/USN-7089-3", "https://ubuntu.com/security/notices/USN-7089-4", "https://ubuntu.com/security/notices/USN-7089-5", "https://ubuntu.com/security/notices/USN-7089-6", "https://ubuntu.com/security/notices/USN-7089-7", "https://ubuntu.com/security/notices/USN-7090-1", "https://ubuntu.com/security/notices/USN-7095-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://www.cve.org/CVERecord?id=CVE-2024-42091" ], "PublishedDate": "2024-07-29T18:15:11.657Z", "LastModifiedDate": "2025-10-07T16:47:42.78Z" }, { "VulnerabilityID": "CVE-2024-42107", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-42107", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c2a09e74ffccba32aa213bfa666d332cb6a8b476f9229651b0df72c704dba34c", "Title": "kernel: ice: Don't process extts if PTP is disabled", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Don't process extts if PTP is disabled\n\nThe ice_ptp_extts_event() function can race with ice_ptp_release() and\nresult in a NULL pointer dereference which leads to a kernel panic.\n\nPanic occurs because the ice_ptp_extts_event() function calls\nptp_clock_event() with a NULL pointer. The ice driver has already\nreleased the PTP clock by the time the interrupt for the next external\ntimestamp event occurs.\n\nTo fix this, modify the ice_ptp_extts_event() function to check the\nPTP state and bail early if PTP is not ready.", "Severity": "MEDIUM", "CweIDs": [ "CWE-367", "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-42107", "https://git.kernel.org/linus/996422e3230e41468f652d754fefd1bdbcd4604e (6.10-rc7)", "https://git.kernel.org/stable/c/1c4e524811918600683b1ea87a5e0fc2db64fa9b", "https://git.kernel.org/stable/c/996422e3230e41468f652d754fefd1bdbcd4604e", "https://lore.kernel.org/linux-cve-announce/2024073020-CVE-2024-42107-65cc@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-42107", "https://www.cve.org/CVERecord?id=CVE-2024-42107" ], "PublishedDate": "2024-07-30T08:15:03.22Z", "LastModifiedDate": "2025-01-08T21:32:03.527Z" }, { "VulnerabilityID": "CVE-2024-42110", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-42110", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:de8f1c1d7e647722a3c10b0261c63755a838728ba95cd9057cc904e2512e3861", "Title": "kernel: net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx()\n\nThe following is emitted when using idxd (DSA) dmanegine as the data\nmover for ntb_transport that ntb_netdev uses.\n\n[74412.546922] BUG: using smp_processor_id() in preemptible [00000000] code: irq/52-idxd-por/14526\n[74412.556784] caller is netif_rx_internal+0x42/0x130\n[74412.562282] CPU: 6 PID: 14526 Comm: irq/52-idxd-por Not tainted 6.9.5 #5\n[74412.569870] Hardware name: Intel Corporation ArcherCity/ArcherCity, BIOS EGSDCRB1.E9I.1752.P05.2402080856 02/08/2024\n[74412.581699] Call Trace:\n[74412.584514] \u003cTASK\u003e\n[74412.586933] dump_stack_lvl+0x55/0x70\n[74412.591129] check_preemption_disabled+0xc8/0xf0\n[74412.596374] netif_rx_internal+0x42/0x130\n[74412.600957] __netif_rx+0x20/0xd0\n[74412.604743] ntb_netdev_rx_handler+0x66/0x150 [ntb_netdev]\n[74412.610985] ntb_complete_rxc+0xed/0x140 [ntb_transport]\n[74412.617010] ntb_rx_copy_callback+0x53/0x80 [ntb_transport]\n[74412.623332] idxd_dma_complete_txd+0xe3/0x160 [idxd]\n[74412.628963] idxd_wq_thread+0x1a6/0x2b0 [idxd]\n[74412.634046] irq_thread_fn+0x21/0x60\n[74412.638134] ? irq_thread+0xa8/0x290\n[74412.642218] irq_thread+0x1a0/0x290\n[74412.646212] ? __pfx_irq_thread_fn+0x10/0x10\n[74412.651071] ? __pfx_irq_thread_dtor+0x10/0x10\n[74412.656117] ? __pfx_irq_thread+0x10/0x10\n[74412.660686] kthread+0x100/0x130\n[74412.664384] ? __pfx_kthread+0x10/0x10\n[74412.668639] ret_from_fork+0x31/0x50\n[74412.672716] ? __pfx_kthread+0x10/0x10\n[74412.676978] ret_from_fork_asm+0x1a/0x30\n[74412.681457] \u003c/TASK\u003e\n\nThe cause is due to the idxd driver interrupt completion handler uses\nthreaded interrupt and the threaded handler is not hard or soft interrupt\ncontext. However __netif_rx() can only be called from interrupt context.\nChange the call to netif_rx() in order to allow completion via normal\ncontext for dmaengine drivers that utilize threaded irq handling.\n\nWhile the following commit changed from netif_rx() to __netif_rx(),\nbaebdf48c360 (\"net: dev: Makes sure netif_rx() can be invoked in any context.\"),\nthe change should've been a noop instead. However, the code precedes this\nfix should've been using netif_rx_ni() or netif_rx_any_context().", "Severity": "MEDIUM", "VendorSeverity": { "alma": 3, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:5928", "https://access.redhat.com/security/cve/CVE-2024-42110", "https://bugzilla.redhat.com/2265185", "https://bugzilla.redhat.com/2272797", "https://bugzilla.redhat.com/2273654", "https://bugzilla.redhat.com/2275742", "https://bugzilla.redhat.com/2275744", "https://bugzilla.redhat.com/2277166", "https://bugzilla.redhat.com/2278256", "https://bugzilla.redhat.com/2278258", "https://bugzilla.redhat.com/2278264", "https://bugzilla.redhat.com/2281101", "https://bugzilla.redhat.com/2281284", "https://bugzilla.redhat.com/2281669", "https://bugzilla.redhat.com/2281672", "https://bugzilla.redhat.com/2281675", "https://bugzilla.redhat.com/2281916", "https://bugzilla.redhat.com/2281958", "https://bugzilla.redhat.com/2282720", "https://bugzilla.redhat.com/2283468", "https://bugzilla.redhat.com/2284421", "https://bugzilla.redhat.com/2293356", "https://bugzilla.redhat.com/2293414", "https://bugzilla.redhat.com/2293455", "https://bugzilla.redhat.com/2293459", "https://bugzilla.redhat.com/2293461", "https://bugzilla.redhat.com/2295914", "https://bugzilla.redhat.com/2297489", "https://bugzilla.redhat.com/2297495", "https://bugzilla.redhat.com/2297496", "https://bugzilla.redhat.com/2297498", "https://bugzilla.redhat.com/2297513", "https://bugzilla.redhat.com/2297523", "https://bugzilla.redhat.com/2297525", "https://bugzilla.redhat.com/2297541", "https://bugzilla.redhat.com/2297562", "https://bugzilla.redhat.com/2297567", "https://bugzilla.redhat.com/2299240", "https://bugzilla.redhat.com/2299336", "https://bugzilla.redhat.com/2300410", "https://bugzilla.redhat.com/2300453", "https://bugzilla.redhat.com/2301473", "https://bugzilla.redhat.com/2301519", "https://errata.almalinux.org/9/ALSA-2024-5928.html", "https://git.kernel.org/linus/e15a5d821e5192a3769d846079bc9aa380139baf (6.10-rc7)", "https://git.kernel.org/stable/c/4b3b6c7efee69f077b86ef7f088fb96768e46e1f", "https://git.kernel.org/stable/c/858ae09f03677a4ab907a15516893bc2cc79d4c3", "https://git.kernel.org/stable/c/e15a5d821e5192a3769d846079bc9aa380139baf", "https://git.kernel.org/stable/c/e3af5b14e7632bf12058533d69055393e2d126c9", "https://linux.oracle.com/cve/CVE-2024-42110.html", "https://linux.oracle.com/errata/ELSA-2024-5928.html", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024073021-CVE-2024-42110-4b28@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-42110", "https://ubuntu.com/security/notices/USN-7089-1", "https://ubuntu.com/security/notices/USN-7089-2", "https://ubuntu.com/security/notices/USN-7089-3", "https://ubuntu.com/security/notices/USN-7089-4", "https://ubuntu.com/security/notices/USN-7089-5", "https://ubuntu.com/security/notices/USN-7089-6", "https://ubuntu.com/security/notices/USN-7089-7", "https://ubuntu.com/security/notices/USN-7090-1", "https://ubuntu.com/security/notices/USN-7095-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://www.cve.org/CVERecord?id=CVE-2024-42110" ], "PublishedDate": "2024-07-30T08:15:03.487Z", "LastModifiedDate": "2025-11-03T22:17:39.51Z" }, { "VulnerabilityID": "CVE-2024-42117", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-42117", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a3b7cb4949b6008062288eea1f519034f98e041faba4c49ffdd54dd5463a79e2", "Title": "kernel: drm/amd/display: ASSERT when failing to find index by plane/stream id", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: ASSERT when failing to find index by plane/stream id\n\n[WHY]\nfind_disp_cfg_idx_by_plane_id and find_disp_cfg_idx_by_stream_id returns\nan array index and they return -1 when not found; however, -1 is not a\nvalid index number.\n\n[HOW]\nWhen this happens, call ASSERT(), and return a positive number (which is\nfewer than callers' array size) instead.\n\nThis fixes 4 OVERRUN and 2 NEGATIVE_RETURNS issues reported by Coverity.", "Severity": "MEDIUM", "CweIDs": [ "CWE-129" ], "VendorSeverity": { "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H", "V3Score": 5.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-42117", "https://git.kernel.org/linus/01eb50e53c1ce505bf449348d433181310288765 (6.10-rc1)", "https://git.kernel.org/stable/c/01eb50e53c1ce505bf449348d433181310288765", "https://git.kernel.org/stable/c/a9c047a5cf3135b8b66bd28fbe2c698b9cace0b3", "https://lore.kernel.org/linux-cve-announce/2024073023-CVE-2024-42117-25fd@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-42117", "https://ubuntu.com/security/notices/USN-7089-1", "https://ubuntu.com/security/notices/USN-7089-2", "https://ubuntu.com/security/notices/USN-7089-3", "https://ubuntu.com/security/notices/USN-7089-4", "https://ubuntu.com/security/notices/USN-7089-5", "https://ubuntu.com/security/notices/USN-7089-6", "https://ubuntu.com/security/notices/USN-7089-7", "https://ubuntu.com/security/notices/USN-7090-1", "https://ubuntu.com/security/notices/USN-7095-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://www.cve.org/CVERecord?id=CVE-2024-42117" ], "PublishedDate": "2024-07-30T08:15:04.03Z", "LastModifiedDate": "2025-09-26T15:29:52.1Z" }, { "VulnerabilityID": "CVE-2024-42118", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-42118", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:71295106e496df866254a5b1bdd124e03f2719d94f7f3beaf97a568ae44addac", "Title": "kernel: drm/amd/display: Do not return negative stream id for array", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Do not return negative stream id for array\n\n[WHY]\nresource_stream_to_stream_idx returns an array index and it return -1\nwhen not found; however, -1 is not a valid array index number.\n\n[HOW]\nWhen this happens, call ASSERT(), and return a zero instead.\n\nThis fixes an OVERRUN and an NEGATIVE_RETURNS issues reported by Coverity.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H", "V3Score": 5.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-42118", "https://git.kernel.org/linus/3ac31c9a707dd1c7c890b95333182f955e9dcb57 (6.10-rc1)", "https://git.kernel.org/stable/c/3ac31c9a707dd1c7c890b95333182f955e9dcb57", "https://git.kernel.org/stable/c/a76fa9c4f0fc0aa6f517da3fa7d7c23e8a32c7d0", "https://lore.kernel.org/linux-cve-announce/2024073024-CVE-2024-42118-537b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-42118", "https://ubuntu.com/security/notices/USN-7089-1", "https://ubuntu.com/security/notices/USN-7089-2", "https://ubuntu.com/security/notices/USN-7089-3", "https://ubuntu.com/security/notices/USN-7089-4", "https://ubuntu.com/security/notices/USN-7089-5", "https://ubuntu.com/security/notices/USN-7089-6", "https://ubuntu.com/security/notices/USN-7089-7", "https://ubuntu.com/security/notices/USN-7090-1", "https://ubuntu.com/security/notices/USN-7095-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://www.cve.org/CVERecord?id=CVE-2024-42118" ], "PublishedDate": "2024-07-30T08:15:04.097Z", "LastModifiedDate": "2025-09-29T14:57:08.527Z" }, { "VulnerabilityID": "CVE-2024-42122", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-42122", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5e25e548afc2210e5301d2c5d08f1a65e31833ad22993a43690ce2c16ec6164b", "Title": "kernel: drm/amd/display: Add NULL pointer check for kzalloc", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL pointer check for kzalloc\n\n[Why \u0026 How]\nCheck return pointer of kzalloc before using it.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-42122", "https://git.kernel.org/linus/8e65a1b7118acf6af96449e1e66b7adbc9396912 (6.10-rc1)", "https://git.kernel.org/stable/c/062edd612fcd300f0f79a36fca5b8b6a5e2fce70", "https://git.kernel.org/stable/c/552e7938b4d7fe548fbf29b9950a14c6149d0470", "https://git.kernel.org/stable/c/8e65a1b7118acf6af96449e1e66b7adbc9396912", "https://git.kernel.org/stable/c/cd1e565a5b7fa60c349ca8a16db1e61715fe8230", "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html", "https://lore.kernel.org/linux-cve-announce/2024073025-CVE-2024-42122-2f70@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-42122", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-42122" ], "PublishedDate": "2024-07-30T08:15:04.43Z", "LastModifiedDate": "2025-11-03T20:16:27.623Z" }, { "VulnerabilityID": "CVE-2024-42125", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-42125", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ebbe1eba6eca20534d3e96fbd7161340a32ee8c349bfe2db078e4028c9fdee08", "Title": "kernel: wifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband\n\nWe have some policy via BIOS to block uses of 6 GHz. In this case, 6 GHz\nsband will be NULL even if it is WiFi 7 chip. So, add NULL handling here\nto avoid crash.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-42125", "https://git.kernel.org/linus/bb38626f3f97e16e6d368a9ff6daf320f3fe31d9 (6.10-rc1)", "https://git.kernel.org/stable/c/bb38626f3f97e16e6d368a9ff6daf320f3fe31d9", "https://git.kernel.org/stable/c/ce4ba62f8bc5195a9a0d49c6235a9c99e619cadc", "https://linux.oracle.com/cve/CVE-2024-42125.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/2024073026-CVE-2024-42125-b515@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-42125", "https://www.cve.org/CVERecord?id=CVE-2024-42125" ], "PublishedDate": "2024-07-30T08:15:04.667Z", "LastModifiedDate": "2025-10-06T17:16:44.17Z" }, { "VulnerabilityID": "CVE-2024-42128", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-42128", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:66bdb464d429053481485b7ae5b1e2d1b2010486348ba72a806b8a830b532460", "Title": "kernel: leds: an30259a: Use devm_mutex_init() for mutex initialization", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nleds: an30259a: Use devm_mutex_init() for mutex initialization\n\nIn this driver LEDs are registered using devm_led_classdev_register()\nso they are automatically unregistered after module's remove() is done.\nled_classdev_unregister() calls module's led_set_brightness() to turn off\nthe LEDs and that callback uses mutex which was destroyed already\nin module's remove() so use devm API instead.", "Severity": "MEDIUM", "CweIDs": [ "CWE-908" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-42128", "https://git.kernel.org/linus/c382e2e3eccb6b7ca8c7aff5092c1668428e7de6 (6.10-rc1)", "https://git.kernel.org/stable/c/3ead19aa341de89a8c3d88a091d8093ebea622e8", "https://git.kernel.org/stable/c/9dba44460bfca657ca43f03ea9bafa4f9f7dd077", "https://git.kernel.org/stable/c/c382e2e3eccb6b7ca8c7aff5092c1668428e7de6", "https://lore.kernel.org/linux-cve-announce/2024073026-CVE-2024-42128-9ac9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-42128", "https://ubuntu.com/security/notices/USN-7089-1", "https://ubuntu.com/security/notices/USN-7089-2", "https://ubuntu.com/security/notices/USN-7089-3", "https://ubuntu.com/security/notices/USN-7089-4", "https://ubuntu.com/security/notices/USN-7089-5", "https://ubuntu.com/security/notices/USN-7089-6", "https://ubuntu.com/security/notices/USN-7089-7", "https://ubuntu.com/security/notices/USN-7090-1", "https://ubuntu.com/security/notices/USN-7095-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://www.cve.org/CVERecord?id=CVE-2024-42128" ], "PublishedDate": "2024-07-30T08:15:04.903Z", "LastModifiedDate": "2025-09-29T14:28:29.09Z" }, { "VulnerabilityID": "CVE-2024-42129", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-42129", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6b7bf38be221a3313f33a9ca3b277009c1cdc44510c32e8ec5ef1150f288d89d", "Title": "kernel: leds: mlxreg: Use devm_mutex_init() for mutex initialization", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nleds: mlxreg: Use devm_mutex_init() for mutex initialization\n\nIn this driver LEDs are registered using devm_led_classdev_register()\nso they are automatically unregistered after module's remove() is done.\nled_classdev_unregister() calls module's led_set_brightness() to turn off\nthe LEDs and that callback uses mutex which was destroyed already\nin module's remove() so use devm API instead.", "Severity": "MEDIUM", "CweIDs": [ "CWE-908" ], "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-42129", "https://git.kernel.org/linus/efc347b9efee1c2b081f5281d33be4559fa50a16 (6.10-rc1)", "https://git.kernel.org/stable/c/172ffd26a5af13e951d0e82df7cfc5a95b04fa80", "https://git.kernel.org/stable/c/3b62888307ae44b68512d3f7735c26a4c8e45b51", "https://git.kernel.org/stable/c/618c6ce83471ab4f7ac744d27b9d03af173bc141", "https://git.kernel.org/stable/c/efc347b9efee1c2b081f5281d33be4559fa50a16", "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html", "https://lore.kernel.org/linux-cve-announce/2024073027-CVE-2024-42129-576e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-42129", "https://ubuntu.com/security/notices/USN-7089-1", "https://ubuntu.com/security/notices/USN-7089-2", "https://ubuntu.com/security/notices/USN-7089-3", "https://ubuntu.com/security/notices/USN-7089-4", "https://ubuntu.com/security/notices/USN-7089-5", "https://ubuntu.com/security/notices/USN-7089-6", "https://ubuntu.com/security/notices/USN-7089-7", "https://ubuntu.com/security/notices/USN-7090-1", "https://ubuntu.com/security/notices/USN-7095-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://www.cve.org/CVERecord?id=CVE-2024-42129" ], "PublishedDate": "2024-07-30T08:15:04.977Z", "LastModifiedDate": "2025-11-03T20:16:27.77Z" }, { "VulnerabilityID": "CVE-2024-42139", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-42139", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0b71e3ce549bece78129420455ae25671971a5f4499f75415e32d78d92982f21", "Title": "kernel: ice: Fix improper extts handling", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix improper extts handling\n\nExtts events are disabled and enabled by the application ts2phc.\nHowever, in case where the driver is removed when the application is\nrunning, a specific extts event remains enabled and can cause a kernel\ncrash.\nAs a side effect, when the driver is reloaded and application is started\nagain, remaining extts event for the channel from a previous run will\nkeep firing and the message \"extts on unexpected channel\" might be\nprinted to the user.\n\nTo avoid that, extts events shall be disabled when PTP is released.", "Severity": "MEDIUM", "CweIDs": [ "CWE-754" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-42139", "https://git.kernel.org/linus/00d3b4f54582d4e4a02cda5886bb336eeab268cc (6.10-rc7)", "https://git.kernel.org/stable/c/00d3b4f54582d4e4a02cda5886bb336eeab268cc", "https://git.kernel.org/stable/c/9f69b31ae9e25dec27ad31fbc64dd99af16ee3d3", "https://lore.kernel.org/linux-cve-announce/2024073030-CVE-2024-42139-f8ef@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-42139", "https://www.cve.org/CVERecord?id=CVE-2024-42139" ], "PublishedDate": "2024-07-30T08:15:05.757Z", "LastModifiedDate": "2024-12-11T15:13:24.877Z" }, { "VulnerabilityID": "CVE-2024-42147", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-42147", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f1318f7dff021adf6f0e2ede5921674dc616bdf07c251feea5fe6b56c251d045", "Title": "kernel: crypto: hisilicon/debugfs - Fix debugfs uninit process issue", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: hisilicon/debugfs - Fix debugfs uninit process issue\n\nDuring the zip probe process, the debugfs failure does not stop\nthe probe. When debugfs initialization fails, jumping to the\nerror branch will also release regs, in addition to its own\nrollback operation.\n\nAs a result, it may be released repeatedly during the regs\nuninit process. Therefore, the null check needs to be added to\nthe regs uninit process.", "Severity": "MEDIUM", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-42147", "https://git.kernel.org/linus/8be0913389718e8d27c4f1d4537b5e1b99ed7739 (6.10-rc1)", "https://git.kernel.org/stable/c/7fc8d9a525b5c3f8dfa5ed50901e764d8ede7e1e", "https://git.kernel.org/stable/c/8be0913389718e8d27c4f1d4537b5e1b99ed7739", "https://git.kernel.org/stable/c/e0a2d2df9ba7bd6bd7e0a9b6a5e3894f7e8445b3", "https://git.kernel.org/stable/c/eda60520cfe3aba9f088c68ebd5bcbca9fc6ac3c", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024073032-CVE-2024-42147-805a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-42147", "https://ubuntu.com/security/notices/USN-7089-1", "https://ubuntu.com/security/notices/USN-7089-2", "https://ubuntu.com/security/notices/USN-7089-3", "https://ubuntu.com/security/notices/USN-7089-4", "https://ubuntu.com/security/notices/USN-7089-5", "https://ubuntu.com/security/notices/USN-7089-6", "https://ubuntu.com/security/notices/USN-7089-7", "https://ubuntu.com/security/notices/USN-7090-1", "https://ubuntu.com/security/notices/USN-7095-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://www.cve.org/CVERecord?id=CVE-2024-42147" ], "PublishedDate": "2024-07-30T08:15:06.383Z", "LastModifiedDate": "2025-11-03T22:17:42.66Z" }, { "VulnerabilityID": "CVE-2024-42155", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-42155", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:88729ce9110427490a4a6ca6eab725ee101115bb7ccf7b5379e134ad21047cdd", "Title": "kernel: s390/pkey: Wipe copies of protected- and secure-keys", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Wipe copies of protected- and secure-keys\n\nAlthough the clear-key of neither protected- nor secure-keys is\naccessible, this key material should only be visible to the calling\nprocess. So wipe all copies of protected- or secure-keys from stack,\neven in case of an error.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N", "V3Score": 1.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N", "V3Score": 1.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-42155", "https://git.kernel.org/linus/f2ebdadd85af4f4d0cae1e5d009c70eccc78c207 (6.10-rc1)", "https://git.kernel.org/stable/c/c746f7ced4ad88ee48d0b6c92710e4674403185b", "https://git.kernel.org/stable/c/f2ebdadd85af4f4d0cae1e5d009c70eccc78c207", "https://lore.kernel.org/linux-cve-announce/2024073035-CVE-2024-42155-5ccb@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-42155", "https://ubuntu.com/security/notices/USN-7089-1", "https://ubuntu.com/security/notices/USN-7089-2", "https://ubuntu.com/security/notices/USN-7089-3", "https://ubuntu.com/security/notices/USN-7089-4", "https://ubuntu.com/security/notices/USN-7089-5", "https://ubuntu.com/security/notices/USN-7089-6", "https://ubuntu.com/security/notices/USN-7089-7", "https://ubuntu.com/security/notices/USN-7090-1", "https://ubuntu.com/security/notices/USN-7095-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://www.cve.org/CVERecord?id=CVE-2024-42155" ], "PublishedDate": "2024-07-30T08:15:07.01Z", "LastModifiedDate": "2024-11-21T09:33:42.953Z" }, { "VulnerabilityID": "CVE-2024-42239", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-42239", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d2d869fa5676ea8db9be8b990d531993a00c4e5e3293e1e4c592471c0c49a171", "Title": "kernel: bpf: Fail bpf_timer_cancel when callback is being cancelled", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fail bpf_timer_cancel when callback is being cancelled\n\nGiven a schedule:\n\ntimer1 cb\t\t\ttimer2 cb\n\nbpf_timer_cancel(timer2);\tbpf_timer_cancel(timer1);\n\nBoth bpf_timer_cancel calls would wait for the other callback to finish\nexecuting, introducing a lockup.\n\nAdd an atomic_t count named 'cancelling' in bpf_hrtimer. This keeps\ntrack of all in-flight cancellation requests for a given BPF timer.\nWhenever cancelling a BPF timer, we must check if we have outstanding\ncancellation requests, and if so, we must fail the operation with an\nerror (-EDEADLK) since cancellation is synchronous and waits for the\ncallback to finish executing. This implies that we can enter a deadlock\nsituation involving two or more timer callbacks executing in parallel\nand attempting to cancel one another.\n\nNote that we avoid incrementing the cancelling counter for the target\ntimer (the one being cancelled) if bpf_timer_cancel is not invoked from\na callback, to avoid spurious errors. The whole point of detecting\ncur-\u003ecancelling and returning -EDEADLK is to not enter a busy wait loop\n(which may or may not lead to a lockup). This does not apply in case the\ncaller is in a non-callback context, the other side can continue to\ncancel as it sees fit without running into errors.\n\nBackground on prior attempts:\n\nEarlier versions of this patch used a bool 'cancelling' bit and used the\nfollowing pattern under timer-\u003elock to publish cancellation status.\n\nlock(t-\u003elock);\nt-\u003ecancelling = true;\nmb();\nif (cur-\u003ecancelling)\n\treturn -EDEADLK;\nunlock(t-\u003elock);\nhrtimer_cancel(t-\u003etimer);\nt-\u003ecancelling = false;\n\nThe store outside the critical section could overwrite a parallel\nrequests t-\u003ecancelling assignment to true, to ensure the parallely\nexecuting callback observes its cancellation status.\n\nIt would be necessary to clear this cancelling bit once hrtimer_cancel\nis done, but lack of serialization introduced races. Another option was\nexplored where bpf_timer_start would clear the bit when (re)starting the\ntimer under timer-\u003elock. This would ensure serialized access to the\ncancelling bit, but may allow it to be cleared before in-flight\nhrtimer_cancel has finished executing, such that lockups can occur\nagain.\n\nThus, we choose an atomic counter to keep track of all outstanding\ncancellation requests and use it to prevent lockups in case callbacks\nattempt to cancel each other while executing in parallel.", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "azure": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-42239", "https://git.kernel.org/linus/d4523831f07a267a943f0dde844bf8ead7495f13 (6.10)", "https://git.kernel.org/stable/c/3e4e8178a8666c56813bd167b848fca0f4c9af0a", "https://git.kernel.org/stable/c/9369830518688ecd5b08ffc08ab3302ce2b5d0f7", "https://git.kernel.org/stable/c/d4523831f07a267a943f0dde844bf8ead7495f13", "https://lore.kernel.org/linux-cve-announce/2024080740-CVE-2024-42239-a15f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-42239", "https://ubuntu.com/security/notices/USN-7089-1", "https://ubuntu.com/security/notices/USN-7089-2", "https://ubuntu.com/security/notices/USN-7089-3", "https://ubuntu.com/security/notices/USN-7089-4", "https://ubuntu.com/security/notices/USN-7089-5", "https://ubuntu.com/security/notices/USN-7089-6", "https://ubuntu.com/security/notices/USN-7089-7", "https://ubuntu.com/security/notices/USN-7090-1", "https://ubuntu.com/security/notices/USN-7095-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://www.cve.org/CVERecord?id=CVE-2024-42239" ], "PublishedDate": "2024-08-07T16:15:46.733Z", "LastModifiedDate": "2024-08-08T14:54:08.33Z" }, { "VulnerabilityID": "CVE-2024-42253", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-42253", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:57f0b26bb2c9ae56acbf0c7d6d89871403174731355a5d2dccaef0c33889a839", "Title": "kernel: gpio: pca953x: fix pca953x_irq_bus_sync_unlock race", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: pca953x: fix pca953x_irq_bus_sync_unlock race\n\nEnsure that `i2c_lock' is held when setting interrupt latch and mask in\npca953x_irq_bus_sync_unlock() in order to avoid races.\n\nThe other (non-probe) call site pca953x_gpio_set_multiple() ensures the\nlock is held before calling pca953x_write_regs().\n\nThe problem occurred when a request raced against irq_bus_sync_unlock()\napproximately once per thousand reboots on an i.MX8MP based system.\n\n * Normal case\n\n 0-0022: write register AI|3a {03,02,00,00,01} Input latch P0\n 0-0022: write register AI|49 {fc,fd,ff,ff,fe} Interrupt mask P0\n 0-0022: write register AI|08 {ff,00,00,00,00} Output P3\n 0-0022: write register AI|12 {fc,00,00,00,00} Config P3\n\n * Race case\n\n 0-0022: write register AI|08 {ff,00,00,00,00} Output P3\n 0-0022: write register AI|08 {03,02,00,00,01} *** Wrong register ***\n 0-0022: write register AI|12 {fc,00,00,00,00} Config P3\n 0-0022: write register AI|49 {fc,fd,ff,ff,fe} Interrupt mask P0", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-42253", "https://git.kernel.org/linus/bfc6444b57dc7186b6acc964705d7516cbaf3904 (6.10-rc6)", "https://git.kernel.org/stable/c/58a5c93bd1a6e949267400080f07e57ffe05ec34", "https://git.kernel.org/stable/c/bfc6444b57dc7186b6acc964705d7516cbaf3904", "https://git.kernel.org/stable/c/de7cffa53149c7b48bd1bb29b02390c9f05b7f41", "https://git.kernel.org/stable/c/e2ecdddca80dd845df42376e4b0197fe97018ba2", "https://linux.oracle.com/cve/CVE-2024-42253.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024080835-CVE-2024-42253-0c21@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-42253", "https://ubuntu.com/security/notices/USN-7089-1", "https://ubuntu.com/security/notices/USN-7089-2", "https://ubuntu.com/security/notices/USN-7089-3", "https://ubuntu.com/security/notices/USN-7089-4", "https://ubuntu.com/security/notices/USN-7089-5", "https://ubuntu.com/security/notices/USN-7089-6", "https://ubuntu.com/security/notices/USN-7089-7", "https://ubuntu.com/security/notices/USN-7090-1", "https://ubuntu.com/security/notices/USN-7095-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://www.cve.org/CVERecord?id=CVE-2024-42253" ], "PublishedDate": "2024-08-08T09:15:08.22Z", "LastModifiedDate": "2025-11-03T22:17:50.553Z" }, { "VulnerabilityID": "CVE-2024-42273", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-42273", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0884ffb60020c6e95acfc0916dff1cd1803e571b188c15af52c7dc6db49eaf45", "Title": "kernel: f2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid\n\nmkdir /mnt/test/comp\nf2fs_io setflags compression /mnt/test/comp\ndd if=/dev/zero of=/mnt/test/comp/testfile bs=16k count=1\ntruncate --size 13 /mnt/test/comp/testfile\n\nIn the above scenario, we can get a BUG_ON.\n kernel BUG at fs/f2fs/segment.c:3589!\n Call Trace:\n do_write_page+0x78/0x390 [f2fs]\n f2fs_outplace_write_data+0x62/0xb0 [f2fs]\n f2fs_do_write_data_page+0x275/0x740 [f2fs]\n f2fs_write_single_data_page+0x1dc/0x8f0 [f2fs]\n f2fs_write_multi_pages+0x1e5/0xae0 [f2fs]\n f2fs_write_cache_pages+0xab1/0xc60 [f2fs]\n f2fs_write_data_pages+0x2d8/0x330 [f2fs]\n do_writepages+0xcf/0x270\n __writeback_single_inode+0x44/0x350\n writeback_sb_inodes+0x242/0x530\n __writeback_inodes_wb+0x54/0xf0\n wb_writeback+0x192/0x310\n wb_workfn+0x30d/0x400\n\nThe reason is we gave CURSEG_ALL_DATA_ATGC to COMPR_ADDR where the\npage was set the gcing flag by set_cluster_dirty().", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-42273", "https://git.kernel.org/linus/8cb1f4080dd91c6e6b01dbea013a3f42341cb6a1 (6.11-rc1)", "https://git.kernel.org/stable/c/0cd106612396656d6f1ca17ef192c6759bb60791", "https://git.kernel.org/stable/c/4239571c5db46a42f723b8fa8394039187c34439", "https://git.kernel.org/stable/c/5fd057160ab240dd816ae09b625395d54c297de1", "https://git.kernel.org/stable/c/8cb1f4080dd91c6e6b01dbea013a3f42341cb6a1", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024081740-CVE-2024-42273-9b87@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-42273", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-42273" ], "PublishedDate": "2024-08-17T09:15:08.45Z", "LastModifiedDate": "2025-11-03T22:17:53.477Z" }, { "VulnerabilityID": "CVE-2024-42319", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-42319", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8b061f81bad241349883bedec69b4a7a9f58d2d43b34fd8c06bc32241c29ef58", "Title": "kernel: mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable()\n\nWhen mtk-cmdq unbinds, a WARN_ON message with condition\npm_runtime_get_sync() \u003c 0 occurs.\n\nAccording to the call tracei below:\n cmdq_mbox_shutdown\n mbox_free_channel\n mbox_controller_unregister\n __devm_mbox_controller_unregister\n ...\n\nThe root cause can be deduced to be calling pm_runtime_get_sync() after\ncalling pm_runtime_disable() as observed below:\n1. CMDQ driver uses devm_mbox_controller_register() in cmdq_probe()\n to bind the cmdq device to the mbox_controller, so\n devm_mbox_controller_unregister() will automatically unregister\n the device bound to the mailbox controller when the device-managed\n resource is removed. That means devm_mbox_controller_unregister()\n and cmdq_mbox_shoutdown() will be called after cmdq_remove().\n2. CMDQ driver also uses devm_pm_runtime_enable() in cmdq_probe() after\n devm_mbox_controller_register(), so that devm_pm_runtime_disable()\n will be called after cmdq_remove(), but before\n devm_mbox_controller_unregister().\n\nTo fix this problem, cmdq_probe() needs to move\ndevm_mbox_controller_register() after devm_pm_runtime_enable() to make\ndevm_pm_runtime_disable() be called after\ndevm_mbox_controller_unregister().", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-42319", "https://git.kernel.org/linus/a8bd68e4329f9a0ad1b878733e0f80be6a971649 (6.11-rc1)", "https://git.kernel.org/stable/c/11fa625b45faf0649118b9deaf2d31c86ac41911", "https://git.kernel.org/stable/c/1403991a40b94438a2acc749bf05c117abdb34f9", "https://git.kernel.org/stable/c/a8bd68e4329f9a0ad1b878733e0f80be6a971649", "https://git.kernel.org/stable/c/d00df6700ad10974a7e20646956f4ff22cdbe0ec", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024081754-CVE-2024-42319-ec7c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-42319", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-42319" ], "PublishedDate": "2024-08-17T09:15:11.767Z", "LastModifiedDate": "2025-11-03T21:16:17.95Z" }, { "VulnerabilityID": "CVE-2024-42320", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-42320", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2d1fbb661cf25d293bd923b07713b2b1ebd1752b8537e25fd408fd82a7c68ef9", "Title": "kernel: s390/dasd: fix error checks in dasd_copy_pair_store()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: fix error checks in dasd_copy_pair_store()\n\ndasd_add_busid() can return an error via ERR_PTR() if an allocation\nfails. However, two callsites in dasd_copy_pair_store() do not check\nthe result, potentially resulting in a NULL pointer dereference. Fix\nthis by checking the result with IS_ERR() and returning the error up\nthe stack.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-42320", "https://git.kernel.org/linus/8e64d2356cbc800b4cd0e3e614797f76bcf0cdb8 (6.11-rc1)", "https://git.kernel.org/stable/c/68d4c3722290ad300c295fb3435e835d200d5cb2", "https://git.kernel.org/stable/c/8e64d2356cbc800b4cd0e3e614797f76bcf0cdb8", "https://git.kernel.org/stable/c/cc8b7284d5076722e0b8062373b68d8e47c3bace", "https://git.kernel.org/stable/c/e511167e65d332d07b3c7a3d5a741ee9c19a8c27", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024081754-CVE-2024-42320-cdea@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-42320", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-42320" ], "PublishedDate": "2024-08-17T09:15:11.833Z", "LastModifiedDate": "2025-11-03T22:18:03.887Z" }, { "VulnerabilityID": "CVE-2024-42321", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-42321", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:86653cce8a01aa5080f75c897a04042b7d555711bcbd7d45d11ada9148610d01", "Title": "kernel: net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: flow_dissector: use DEBUG_NET_WARN_ON_ONCE\n\nThe following splat is easy to reproduce upstream as well as in -stable\nkernels. Florian Westphal provided the following commit:\n\n d1dab4f71d37 (\"net: add and use __skb_get_hash_symmetric_net\")\n\nbut this complementary fix has been also suggested by Willem de Bruijn\nand it can be easily backported to -stable kernel which consists in\nusing DEBUG_NET_WARN_ON_ONCE instead to silence the following splat\ngiven __skb_get_hash() is used by the nftables tracing infrastructure to\nto identify packets in traces.\n\n[69133.561393] ------------[ cut here ]------------\n[69133.561404] WARNING: CPU: 0 PID: 43576 at net/core/flow_dissector.c:1104 __skb_flow_dissect+0x134f/\n[...]\n[69133.561944] CPU: 0 PID: 43576 Comm: socat Not tainted 6.10.0-rc7+ #379\n[69133.561959] RIP: 0010:__skb_flow_dissect+0x134f/0x2ad0\n[69133.561970] Code: 83 f9 04 0f 84 b3 00 00 00 45 85 c9 0f 84 aa 00 00 00 41 83 f9 02 0f 84 81 fc ff\nff 44 0f b7 b4 24 80 00 00 00 e9 8b f9 ff ff \u003c0f\u003e 0b e9 20 f3 ff ff 41 f6 c6 20 0f 84 e4 ef ff ff 48 8d 7b 12 e8\n[69133.561979] RSP: 0018:ffffc90000006fc0 EFLAGS: 00010246\n[69133.561988] RAX: 0000000000000000 RBX: ffffffff82f33e20 RCX: ffffffff81ab7e19\n[69133.561994] RDX: dffffc0000000000 RSI: ffffc90000007388 RDI: ffff888103a1b418\n[69133.562001] RBP: ffffc90000007310 R08: 0000000000000000 R09: 0000000000000000\n[69133.562007] R10: ffffc90000007388 R11: ffffffff810cface R12: ffff888103a1b400\n[69133.562013] R13: 0000000000000000 R14: ffffffff82f33e2a R15: ffffffff82f33e28\n[69133.562020] FS: 00007f40f7131740(0000) GS:ffff888390800000(0000) knlGS:0000000000000000\n[69133.562027] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[69133.562033] CR2: 00007f40f7346ee0 CR3: 000000015d200001 CR4: 00000000001706f0\n[69133.562040] Call Trace:\n[69133.562044] \u003cIRQ\u003e\n[69133.562049] ? __warn+0x9f/0x1a0\n[ 1211.841384] ? __skb_flow_dissect+0x107e/0x2860\n[...]\n[ 1211.841496] ? bpf_flow_dissect+0x160/0x160\n[ 1211.841753] __skb_get_hash+0x97/0x280\n[ 1211.841765] ? __skb_get_hash_symmetric+0x230/0x230\n[ 1211.841776] ? mod_find+0xbf/0xe0\n[ 1211.841786] ? get_stack_info_noinstr+0x12/0xe0\n[ 1211.841798] ? bpf_ksym_find+0x56/0xe0\n[ 1211.841807] ? __rcu_read_unlock+0x2a/0x70\n[ 1211.841819] nft_trace_init+0x1b9/0x1c0 [nf_tables]\n[ 1211.841895] ? nft_trace_notify+0x830/0x830 [nf_tables]\n[ 1211.841964] ? get_stack_info+0x2b/0x80\n[ 1211.841975] ? nft_do_chain_arp+0x80/0x80 [nf_tables]\n[ 1211.842044] nft_do_chain+0x79c/0x850 [nf_tables]", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-42321", "https://git.kernel.org/linus/120f1c857a73e52132e473dee89b340440cb692b (6.11-rc1)", "https://git.kernel.org/stable/c/120f1c857a73e52132e473dee89b340440cb692b", "https://git.kernel.org/stable/c/4afbac11f2f629d1e62817c4e210bdfaa7521107", "https://git.kernel.org/stable/c/c5d21aabf1b31a79f228508af33aee83456bc1b0", "https://git.kernel.org/stable/c/eb03d9826aa646577342a952d658d4598381c035", "https://linux.oracle.com/cve/CVE-2024-42321.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024081755-CVE-2024-42321-4b46@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-42321", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-42321" ], "PublishedDate": "2024-08-17T09:15:11.917Z", "LastModifiedDate": "2025-11-03T22:18:04.077Z" }, { "VulnerabilityID": "CVE-2024-43823", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-43823", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c620f7346f3749be6f0fbf82a47184ca9101aff0febf7912fce54180391897c8", "Title": "kernel: PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs()\n\nIf IORESOURCE_MEM is not provided in Device Tree due to\nany error, resource_list_first_type() will return NULL and\npci_parse_request_of_pci_ranges() will just emit a warning.\n\nThis will cause a NULL pointer dereference. Fix this bug by adding NULL\nreturn check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-43823", "https://git.kernel.org/linus/a231707a91f323af1e5d9f1722055ec2fc1c7775 (6.11-rc1)", "https://git.kernel.org/stable/c/0a6f1b5fe8ef8268aaa069035639968ceeea0a23", "https://git.kernel.org/stable/c/a231707a91f323af1e5d9f1722055ec2fc1c7775", "https://git.kernel.org/stable/c/bbba48ad67c53feea05936ea1e029dcca8057506", "https://git.kernel.org/stable/c/dbcdd1863ba2ec9b76ec131df25d797709e05597", "https://linux.oracle.com/cve/CVE-2024-43823.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024081725-CVE-2024-43823-4bdd@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-43823", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-43823" ], "PublishedDate": "2024-08-17T10:15:08.4Z", "LastModifiedDate": "2025-11-03T22:18:08.137Z" }, { "VulnerabilityID": "CVE-2024-43824", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-43824", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2086c0599228bbb4543e0f23e806b60702600897313769d4ae20d6603fd602fe", "Title": "kernel: PCI: endpoint: pci-epf-test: Make use of cached \u0026#39;epc_features\u0026#39; in pci_epf_test_core_init()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: pci-epf-test: Make use of cached 'epc_features' in pci_epf_test_core_init()\n\nInstead of getting the epc_features from pci_epc_get_features() API, use\nthe cached pci_epf_test::epc_features value to avoid the NULL check. Since\nthe NULL check is already performed in pci_epf_test_bind(), having one more\ncheck in pci_epf_test_core_init() is redundant and it is not possible to\nhit the NULL pointer dereference.\n\nAlso with commit a01e7214bef9 (\"PCI: endpoint: Remove \"core_init_notifier\"\nflag\"), 'epc_features' got dereferenced without the NULL check, leading to\nthe following false positive Smatch warning:\n\n drivers/pci/endpoint/functions/pci-epf-test.c:784 pci_epf_test_core_init() error: we previously assumed 'epc_features' could be null (see line 747)\n\nThus, remove the redundant NULL check and also use the epc_features::\n{msix_capable/msi_capable} flags directly to avoid local variables.\n\n[kwilczynski: commit log]", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-43824", "https://git.kernel.org/linus/5a5095a8bd1bd349cce1c879e5e44407a34dda8a (6.11-rc1)", "https://git.kernel.org/stable/c/5a5095a8bd1bd349cce1c879e5e44407a34dda8a", "https://git.kernel.org/stable/c/af4ad016abb1632ff7ee598a6037952b495e5b80", "https://lore.kernel.org/linux-cve-announce/2024081725-CVE-2024-43824-fc04@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-43824", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-43824" ], "PublishedDate": "2024-08-17T10:15:08.477Z", "LastModifiedDate": "2024-09-03T17:48:39.16Z" }, { "VulnerabilityID": "CVE-2024-43831", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-43831", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:10fd6c1a29cd5a6b10006c620cc3c90626574e8ec45c729f02983b3d6f63d27d", "Title": "kernel: media: mediatek: vcodec: Handle invalid decoder vsi", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Handle invalid decoder vsi\n\nHandle an invalid decoder vsi in vpu_dec_init to ensure the decoder vsi\nis valid for future use.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-43831", "https://git.kernel.org/linus/59d438f8e02ca641c58d77e1feffa000ff809e9f (6.11-rc1)", "https://git.kernel.org/stable/c/1c109f23b271a02b9bb195c173fab41e3285a8db", "https://git.kernel.org/stable/c/59d438f8e02ca641c58d77e1feffa000ff809e9f", "https://git.kernel.org/stable/c/cdf05ae76198c513836bde4eb55f099c44773280", "https://git.kernel.org/stable/c/dbd3e4adb98e50ede74f00b3fa956fa29ef95e6c", "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html", "https://lore.kernel.org/linux-cve-announce/2024081727-CVE-2024-43831-b13e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-43831", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-43831" ], "PublishedDate": "2024-08-17T10:15:08.917Z", "LastModifiedDate": "2025-11-03T20:16:29.247Z" }, { "VulnerabilityID": "CVE-2024-43832", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-43832", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:364e2e0522231b47ec8f4253b54d4ecdd53315163cafc4825b6aa324ec6a30e1", "Title": "kernel: s390/uv: Don't call folio_wait_writeback() without a folio reference", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/uv: Don't call folio_wait_writeback() without a folio reference\n\nfolio_wait_writeback() requires that no spinlocks are held and that\na folio reference is held, as documented. After we dropped the PTL, the\nfolio could get freed concurrently. So grab a temporary reference.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-43832", "https://git.kernel.org/linus/3f29f6537f54d74e64bac0a390fb2e26da25800d (6.11-rc1)", "https://git.kernel.org/stable/c/1a1eb2f3fc453dcd52726d13e863938561489cb7", "https://git.kernel.org/stable/c/3f29f6537f54d74e64bac0a390fb2e26da25800d", "https://git.kernel.org/stable/c/8736604ef53359a718c246087cd21dcec232d2fb", "https://git.kernel.org/stable/c/b21aba72aadd94bdac275deab021fc84d6c72b16", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024081727-CVE-2024-43832-7746@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-43832", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-43832" ], "PublishedDate": "2024-08-17T10:15:08.98Z", "LastModifiedDate": "2025-11-03T22:18:08.94Z" }, { "VulnerabilityID": "CVE-2024-43842", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-43842", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9881ca5ec0998087987e6e6d04f4f9be926d6032db7f5c7f03ba45469173096c", "Title": "kernel: wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()\n\nIn rtw89_sta_info_get_iter() 'status-\u003ehe_gi' is compared to array size.\nBut then 'rate-\u003ehe_gi' is used as array index instead of 'status-\u003ehe_gi'.\nThis can lead to go beyond array boundaries in case of 'rate-\u003ehe_gi' is\nnot equal to 'status-\u003ehe_gi' and is bigger than array size. Looks like\n\"copy-paste\" mistake.\n\nFix this mistake by replacing 'rate-\u003ehe_gi' with 'status-\u003ehe_gi'.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", "Severity": "MEDIUM", "CweIDs": [ "CWE-129" ], "VendorSeverity": { "alma": 2, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "V3Score": 7.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:8247", "https://access.redhat.com/security/cve/CVE-2024-43842", "https://bugzilla.redhat.com/show_bug.cgi?id=2305500", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43842", "https://errata.almalinux.org/8/ALSA-2025-8247.html", "https://errata.rockylinux.org/RLSA-2025:8246", "https://git.kernel.org/linus/85099c7ce4f9e64c66aa397cd9a37473637ab891 (6.11-rc1)", "https://git.kernel.org/stable/c/7a0edc3d83aff3a48813d78c9cad9daf38decc74", "https://git.kernel.org/stable/c/85099c7ce4f9e64c66aa397cd9a37473637ab891", "https://git.kernel.org/stable/c/96ae4de5bc4c8ba39fd072369398f59495b73f58", "https://git.kernel.org/stable/c/a2a095c08b95372d6d0c5819b77f071af5e75366", "https://linux.oracle.com/cve/CVE-2024-43842.html", "https://linux.oracle.com/errata/ELSA-2025-8246.html", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024081730-CVE-2024-43842-31e7@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-43842", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-43842" ], "PublishedDate": "2024-08-17T10:15:09.647Z", "LastModifiedDate": "2025-11-03T22:18:10.37Z" }, { "VulnerabilityID": "CVE-2024-43844", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-43844", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:042de212c563879aec0e51cb27dbb3f2d26777a9350f8977517a93f565e8b128", "Title": "kernel: wifi rtw89 wow: fix GTK offload H2C skbuff issue", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: wow: fix GTK offload H2C skbuff issue\n\nWe mistakenly put skb too large and that may exceed skb-\u003eend.\nTherefore, we fix it.\n\nskbuff: skb_over_panic: text:ffffffffc09e9a9d len:416 put:204 head:ffff8fba04eca780 data:ffff8fba04eca7e0 tail:0x200 end:0x140 dev:\u003cNULL\u003e\n------------[ cut here ]------------\nkernel BUG at net/core/skbuff.c:192!\ninvalid opcode: 0000 [#1] PREEMPT SMP PTI\nCPU: 1 PID: 4747 Comm: kworker/u4:44 Tainted: G O 6.6.30-02659-gc18865c4dfbd #1 86547039b47e46935493f615ee31d0b2d711d35e\nHardware name: HP Meep/Meep, BIOS Google_Meep.11297.262.0 03/18/2021\nWorkqueue: events_unbound async_run_entry_fn\nRIP: 0010:skb_panic+0x5d/0x60\nCode: c6 63 8b 8f bb 4c 0f 45 f6 48 c7 c7 4d 89 8b bb 48 89 ce 44 89 d1 41 56 53 41 53 ff b0 c8 00 00 00 e8 27 5f 23 00 48 83 c4 20 \u003c0f\u003e 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44\nRSP: 0018:ffffaa700144bad0 EFLAGS: 00010282\nRAX: 0000000000000089 RBX: 0000000000000140 RCX: 14432c5aad26c900\nRDX: 0000000000000000 RSI: 00000000ffffdfff RDI: 0000000000000001\nRBP: ffffaa700144bae0 R08: 0000000000000000 R09: ffffaa700144b920\nR10: 00000000ffffdfff R11: ffffffffbc28fbc0 R12: ffff8fba4e57a010\nR13: 0000000000000000 R14: ffffffffbb8f8b63 R15: 0000000000000000\nFS: 0000000000000000(0000) GS:ffff8fba7bd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007999c4ad1000 CR3: 000000015503a000 CR4: 0000000000350ee0\nCall Trace:\n \u003cTASK\u003e\n ? __die_body+0x1f/0x70\n ? die+0x3d/0x60\n ? do_trap+0xa4/0x110\n ? skb_panic+0x5d/0x60\n ? do_error_trap+0x6d/0x90\n ? skb_panic+0x5d/0x60\n ? handle_invalid_op+0x30/0x40\n ? skb_panic+0x5d/0x60\n ? exc_invalid_op+0x3c/0x50\n ? asm_exc_invalid_op+0x16/0x20\n ? skb_panic+0x5d/0x60\n skb_put+0x49/0x50\n rtw89_fw_h2c_wow_gtk_ofld+0xbd/0x220 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5]\n rtw89_wow_resume+0x31f/0x540 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5]\n rtw89_ops_resume+0x2b/0xa0 [rtw89_core 778b32de31cd1f14df2d6721ae99ba8a83636fa5]\n ieee80211_reconfig+0x84/0x13e0 [mac80211 818a894e3b77da6298269c59ed7cdff065a4ed52]\n ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n ? dev_printk_emit+0x51/0x70\n ? _dev_info+0x6e/0x90\n ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n wiphy_resume+0x89/0x180 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 1a793119e2aeb157c4ca4091ff8e1d9ae233b59d]\n dpm_run_callback+0x3c/0x140\n device_resume+0x1f9/0x3c0\n ? __pfx_dpm_watchdog_handler+0x10/0x10\n async_resume+0x1d/0x30\n async_run_entry_fn+0x29/0xd0\n process_scheduled_works+0x1d8/0x3d0\n worker_thread+0x1fc/0x2f0\n kthread+0xed/0x110\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x38/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e\nModules linked in: ccm 8021q r8153_ecm cdc_ether usbnet r8152 mii dm_integrity async_xor xor async_tx lz4 lz4_compress zstd zstd_compress zram zsmalloc uinput rfcomm cmac algif_hash rtw89_8922ae(O) algif_skcipher rtw89_8922a(O) af_alg rtw89_pci(O) rtw89_core(O) btusb(O) snd_soc_sst_bxt_da7219_max98357a btbcm(O) snd_soc_hdac_hdmi btintel(O) snd_soc_intel_hda_dsp_common snd_sof_probes btrtl(O) btmtk(O) snd_hda_codec_hdmi snd_soc_dmic uvcvideo videobuf2_vmalloc uvc videobuf2_memops videobuf2_v4l2 videobuf2_common snd_sof_pci_intel_apl snd_sof_intel_hda_common snd_soc_hdac_hda snd_sof_intel_hda soundwire_intel soundwire_generic_allocation snd_sof_intel_hda_mlink soundwire_cadence snd_sof_pci snd_sof_xtensa_dsp mac80211 snd_soc_acpi_intel_match snd_soc_acpi snd_sof snd_sof_utils soundwire_bus snd_soc_max98357a snd_soc_avs snd_soc_hda_codec snd_hda_ext_core snd_intel_dspcfg snd_intel_sdw_acpi snd_soc_da7219 snd_hda_codec snd_hwdep snd_hda_core veth ip6table_nat xt_MASQUERADE xt_cgroup fuse bluetooth ecdh_generic\n cfg80211 ecc\ngsmi: Log Shutdown \n---truncated---", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-43844", "https://git.kernel.org/linus/dda364c345913fe03ddbe4d5ae14a2754c100296 (6.11-rc1)", "https://git.kernel.org/stable/c/dda364c345913fe03ddbe4d5ae14a2754c100296", "https://git.kernel.org/stable/c/ef0d9d2f0dc1133db3d3a1c5167190c6627146b2", "https://lore.kernel.org/linux-cve-announce/2024081731-CVE-2024-43844-97ea@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-43844", "https://www.cve.org/CVERecord?id=CVE-2024-43844" ], "PublishedDate": "2024-08-17T10:15:09.763Z", "LastModifiedDate": "2024-10-25T19:49:05.987Z" }, { "VulnerabilityID": "CVE-2024-43866", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-43866", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:458cd2262e1139742fd49d4594715ec2d534bbc142d779a2334ff98756bf34c1", "Title": "kernel: net/mlx5: Always drain health in shutdown callback", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Always drain health in shutdown callback\n\nThere is no point in recovery during device shutdown. if health\nwork started need to wait for it to avoid races and NULL pointer\naccess.\n\nHence, drain health WQ on shutdown callback.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362", "CWE-476" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-43866", "https://git.kernel.org/linus/1b75da22ed1e6171e261bc9265370162553d5393 (6.11-rc2)", "https://git.kernel.org/stable/c/1b75da22ed1e6171e261bc9265370162553d5393", "https://git.kernel.org/stable/c/5005e2e159b300c1b8c6820a1e13a62eb0127b9b", "https://git.kernel.org/stable/c/6048dec754554a1303d632be6042d3feb3295285", "https://git.kernel.org/stable/c/6b6c2ebd83f2bf97e8f221479372aaca97a4a9b2", "https://linux.oracle.com/cve/CVE-2024-43866.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024082157-CVE-2024-43866-66ed@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-43866", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-43866" ], "PublishedDate": "2024-08-21T00:15:05.023Z", "LastModifiedDate": "2025-11-03T22:18:13.75Z" }, { "VulnerabilityID": "CVE-2024-43872", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-43872", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5731e118dfa8f12ae3d353af062d8f834d5d5b9025a017acd7d1be1015a26260", "Title": "kernel: RDMA/hns: Fix soft lockup under heavy CEQE load", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix soft lockup under heavy CEQE load\n\nCEQEs are handled in interrupt handler currently. This may cause the\nCPU core staying in interrupt context too long and lead to soft lockup\nunder heavy load.\n\nHandle CEQEs in BH workqueue and set an upper limit for the number of\nCEQE handled by a single call of work handler.", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-43872", "https://git.kernel.org/linus/2fdf34038369c0a27811e7b4680662a14ada1d6b (6.11-rc1)", "https://git.kernel.org/stable/c/06580b33c183c9f98e2a2ca96a86137179032c08", "https://git.kernel.org/stable/c/2fdf34038369c0a27811e7b4680662a14ada1d6b", "https://lore.kernel.org/linux-cve-announce/2024082136-CVE-2024-43872-c87e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-43872", "https://www.cve.org/CVERecord?id=CVE-2024-43872" ], "PublishedDate": "2024-08-21T01:15:11.74Z", "LastModifiedDate": "2024-09-03T13:38:34.867Z" }, { "VulnerabilityID": "CVE-2024-43899", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-43899", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:94fea77cfd5c1ac59fd0fa1ab8546cb5fab684e70174d2410215697cfba3f417", "Title": "kernel: drm/amd/display: Fix null pointer deref in dcn20_resource.c", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix null pointer deref in dcn20_resource.c\n\nFixes a hang thats triggered when MPV is run on a DCN401 dGPU:\n\nmpv --hwdec=vaapi --vo=gpu --hwdec-codecs=all\n\nand then enabling fullscreen playback (double click on the video)\n\nThe following calltrace will be seen:\n\n[ 181.843989] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 181.843997] #PF: supervisor instruction fetch in kernel mode\n[ 181.844003] #PF: error_code(0x0010) - not-present page\n[ 181.844009] PGD 0 P4D 0\n[ 181.844020] Oops: 0010 [#1] PREEMPT SMP NOPTI\n[ 181.844028] CPU: 6 PID: 1892 Comm: gnome-shell Tainted: G W OE 6.5.0-41-generic #41~22.04.2-Ubuntu\n[ 181.844038] Hardware name: System manufacturer System Product Name/CROSSHAIR VI HERO, BIOS 6302 10/23/2018\n[ 181.844044] RIP: 0010:0x0\n[ 181.844079] Code: Unable to access opcode bytes at 0xffffffffffffffd6.\n[ 181.844084] RSP: 0018:ffffb593c2b8f7b0 EFLAGS: 00010246\n[ 181.844093] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000004\n[ 181.844099] RDX: ffffb593c2b8f804 RSI: ffffb593c2b8f7e0 RDI: ffff9e3c8e758400\n[ 181.844105] RBP: ffffb593c2b8f7b8 R08: ffffb593c2b8f9c8 R09: ffffb593c2b8f96c\n[ 181.844110] R10: 0000000000000000 R11: 0000000000000000 R12: ffffb593c2b8f9c8\n[ 181.844115] R13: 0000000000000001 R14: ffff9e3c88000000 R15: 0000000000000005\n[ 181.844121] FS: 00007c6e323bb5c0(0000) GS:ffff9e3f85f80000(0000) knlGS:0000000000000000\n[ 181.844128] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 181.844134] CR2: ffffffffffffffd6 CR3: 0000000140fbe000 CR4: 00000000003506e0\n[ 181.844141] Call Trace:\n[ 181.844146] \u003cTASK\u003e\n[ 181.844153] ? show_regs+0x6d/0x80\n[ 181.844167] ? __die+0x24/0x80\n[ 181.844179] ? page_fault_oops+0x99/0x1b0\n[ 181.844192] ? do_user_addr_fault+0x31d/0x6b0\n[ 181.844204] ? exc_page_fault+0x83/0x1b0\n[ 181.844216] ? asm_exc_page_fault+0x27/0x30\n[ 181.844237] dcn20_get_dcc_compression_cap+0x23/0x30 [amdgpu]\n[ 181.845115] amdgpu_dm_plane_validate_dcc.constprop.0+0xe5/0x180 [amdgpu]\n[ 181.845985] amdgpu_dm_plane_fill_plane_buffer_attributes+0x300/0x580 [amdgpu]\n[ 181.846848] fill_dc_plane_info_and_addr+0x258/0x350 [amdgpu]\n[ 181.847734] fill_dc_plane_attributes+0x162/0x350 [amdgpu]\n[ 181.848748] dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu]\n[ 181.849791] ? dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu]\n[ 181.850840] amdgpu_dm_atomic_check+0xdfe/0x1760 [amdgpu]", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-43899", "https://git.kernel.org/linus/ecbf60782662f0a388493685b85a645a0ba1613c (6.11-rc1)", "https://git.kernel.org/stable/c/6940c1d0c84a34d5a2038714c218238101a1db5b", "https://git.kernel.org/stable/c/974fccd61758599a9716c4b909d9226749efe37e", "https://git.kernel.org/stable/c/ecbf60782662f0a388493685b85a645a0ba1613c", "https://lore.kernel.org/linux-cve-announce/2024082614-CVE-2024-43899-2339@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-43899", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-43899" ], "PublishedDate": "2024-08-26T11:15:04.557Z", "LastModifiedDate": "2026-01-11T17:15:50.99Z" }, { "VulnerabilityID": "CVE-2024-43911", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-43911", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:53d78c1f6934929c886ffdf8135cff40712e0d02aec88c30120aed724f7afa99", "Title": "kernel: wifi: mac80211: fix NULL dereference at band check in starting tx ba session", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix NULL dereference at band check in starting tx ba session\n\nIn MLD connection, link_data/link_conf are dynamically allocated. They\ndon't point to vif-\u003ebss_conf. So, there will be no chanreq assigned to\nvif-\u003ebss_conf and then the chan will be NULL. Tweak the code to check\nht_supported/vht_supported/has_he/has_eht on sta deflink.\n\nCrash log (with rtw89 version under MLO development):\n[ 9890.526087] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 9890.526102] #PF: supervisor read access in kernel mode\n[ 9890.526105] #PF: error_code(0x0000) - not-present page\n[ 9890.526109] PGD 0 P4D 0\n[ 9890.526114] Oops: 0000 [#1] PREEMPT SMP PTI\n[ 9890.526119] CPU: 2 PID: 6367 Comm: kworker/u16:2 Kdump: loaded Tainted: G OE 6.9.0 #1\n[ 9890.526123] Hardware name: LENOVO 2356AD1/2356AD1, BIOS G7ETB3WW (2.73 ) 11/28/2018\n[ 9890.526126] Workqueue: phy2 rtw89_core_ba_work [rtw89_core]\n[ 9890.526203] RIP: 0010:ieee80211_start_tx_ba_session (net/mac80211/agg-tx.c:618 (discriminator 1)) mac80211\n[ 9890.526279] Code: f7 e8 d5 93 3e ea 48 83 c4 28 89 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 49 8b 84 24 e0 f1 ff ff 48 8b 80 90 1b 00 00 \u003c83\u003e 38 03 0f 84 37 fe ff ff bb ea ff ff ff eb cc 49 8b 84 24 10 f3\nAll code\n========\n 0:\tf7 e8 \timul %eax\n 2:\td5 \t(bad)\n 3:\t93 \txchg %eax,%ebx\n 4:\t3e ea \tds (bad)\n 6:\t48 83 c4 28 \tadd $0x28,%rsp\n a:\t89 d8 \tmov %ebx,%eax\n c:\t5b \tpop %rbx\n d:\t41 5c \tpop %r12\n f:\t41 5d \tpop %r13\n 11:\t41 5e \tpop %r14\n 13:\t41 5f \tpop %r15\n 15:\t5d \tpop %rbp\n 16:\tc3 \tretq\n 17:\tcc \tint3\n 18:\tcc \tint3\n 19:\tcc \tint3\n 1a:\tcc \tint3\n 1b:\t49 8b 84 24 e0 f1 ff \tmov -0xe20(%r12),%rax\n 22:\tff\n 23:\t48 8b 80 90 1b 00 00 \tmov 0x1b90(%rax),%rax\n 2a:*\t83 38 03 \tcmpl $0x3,(%rax)\t\t\u003c-- trapping instruction\n 2d:\t0f 84 37 fe ff ff \tje 0xfffffffffffffe6a\n 33:\tbb ea ff ff ff \tmov $0xffffffea,%ebx\n 38:\teb cc \tjmp 0x6\n 3a:\t49 \trex.WB\n 3b:\t8b \t.byte 0x8b\n 3c:\t84 24 10 \ttest %ah,(%rax,%rdx,1)\n 3f:\tf3 \trepz\n\nCode starting with the faulting instruction\n===========================================\n 0:\t83 38 03 \tcmpl $0x3,(%rax)\n 3:\t0f 84 37 fe ff ff \tje 0xfffffffffffffe40\n 9:\tbb ea ff ff ff \tmov $0xffffffea,%ebx\n e:\teb cc \tjmp 0xffffffffffffffdc\n 10:\t49 \trex.WB\n 11:\t8b \t.byte 0x8b\n 12:\t84 24 10 \ttest %ah,(%rax,%rdx,1)\n 15:\tf3 \trepz\n[ 9890.526285] RSP: 0018:ffffb8db09013d68 EFLAGS: 00010246\n[ 9890.526291] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff9308e0d656c8\n[ 9890.526295] RDX: 0000000000000000 RSI: ffffffffab99460b RDI: ffffffffab9a7685\n[ 9890.526300] RBP: ffffb8db09013db8 R08: 0000000000000000 R09: 0000000000000873\n[ 9890.526304] R10: ffff9308e0d64800 R11: 0000000000000002 R12: ffff9308e5ff6e70\n[ 9890.526308] R13: ffff930952500e20 R14: ffff9309192a8c00 R15: 0000000000000000\n[ 9890.526313] FS: 0000000000000000(0000) GS:ffff930b4e700000(0000) knlGS:0000000000000000\n[ 9890.526316] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 9890.526318] CR2: 0000000000000000 CR3: 0000000391c58005 CR4: 00000000001706f0\n[ 9890.526321] Call Trace:\n[ 9890.526324] \u003cTASK\u003e\n[ 9890.526327] ? show_regs (arch/x86/kernel/dumpstack.c:479)\n[ 9890.526335] ? __die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434)\n[ 9890.526340] ? page_fault_oops (arch/x86/mm/fault.c:713)\n[ 9890.526347] ? search_module_extables (kernel/module/main.c:3256 (discriminator\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-43911", "https://git.kernel.org/linus/021d53a3d87eeb9dbba524ac515651242a2a7e3b (6.11-rc1)", "https://git.kernel.org/stable/c/021d53a3d87eeb9dbba524ac515651242a2a7e3b", "https://git.kernel.org/stable/c/a5594c1e03b0df3908b1e1202a1ba34422eed0f6", "https://linux.oracle.com/cve/CVE-2024-43911.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024082631-CVE-2024-43911-96bb@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-43911", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-43911" ], "PublishedDate": "2024-08-26T11:15:05.227Z", "LastModifiedDate": "2025-11-03T22:18:21.95Z" }, { "VulnerabilityID": "CVE-2024-43912", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-43912", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c3cbb761c0b767d8ac918624ad85176266f3ad0ee07f8500a9b2fd64bf89888d", "Title": "kernel: wifi: nl80211: disallow setting special AP channel widths", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: disallow setting special AP channel widths\n\nSetting the AP channel width is meant for use with the normal\n20/40/... MHz channel width progression, and switching around\nin S1G or narrow channels isn't supported. Disallow that.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "V3Score": 4.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-43912", "https://git.kernel.org/linus/23daf1b4c91db9b26f8425cc7039cf96d22ccbfe (6.11-rc1)", "https://git.kernel.org/stable/c/23daf1b4c91db9b26f8425cc7039cf96d22ccbfe", "https://git.kernel.org/stable/c/3d42f2125f6c89e1e71c87b9f23412afddbba45e", "https://git.kernel.org/stable/c/ac3bf6e47fd8da9bfe8027e1acfe0282a91584fc", "https://git.kernel.org/stable/c/c6ea738e3feb407a3283197d9a25d0788f4f3cee", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024082632-CVE-2024-43912-801f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-43912", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-43912" ], "PublishedDate": "2024-08-26T11:15:05.28Z", "LastModifiedDate": "2025-11-03T22:18:22.417Z" }, { "VulnerabilityID": "CVE-2024-44950", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-44950", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0755b656c9897c3ec2dad9fa5792a9d90040539d7f9c8f41fac455cb8ae06102", "Title": "kernel: serial: sc16is7xx: fix invalid FIFO access with special register set", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: sc16is7xx: fix invalid FIFO access with special register set\n\nWhen enabling access to the special register set, Receiver time-out and\nRHR interrupts can happen. In this case, the IRQ handler will try to read\nfrom the FIFO thru the RHR register at address 0x00, but address 0x00 is\nmapped to DLL register, resulting in erroneous FIFO reading.\n\nCall graph example:\n sc16is7xx_startup(): entry\n sc16is7xx_ms_proc(): entry\n sc16is7xx_set_termios(): entry\n sc16is7xx_set_baud(): DLH/DLL = $009C --\u003e access special register set\n sc16is7xx_port_irq() entry --\u003e IIR is 0x0C\n sc16is7xx_handle_rx() entry\n sc16is7xx_fifo_read(): --\u003e unable to access FIFO (RHR) because it is\n mapped to DLL (LCR=LCR_CONF_MODE_A)\n sc16is7xx_set_baud(): exit --\u003e Restore access to general register set\n\nFix the problem by claiming the efr_lock mutex when accessing the Special\nregister set.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H", "V3Score": 5.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-44950", "https://git.kernel.org/linus/7d3b793faaab1305994ce568b59d61927235f57b (6.11-rc3)", "https://git.kernel.org/stable/c/6a6730812220a9a5ce4003eb347da1ee5abd06b0", "https://git.kernel.org/stable/c/7d3b793faaab1305994ce568b59d61927235f57b", "https://git.kernel.org/stable/c/cc6a3f35bc9b3a8da1b195420a2e8d9fdadfa831", "https://git.kernel.org/stable/c/dc5ead0e8fc5ef53b8553394d4aab60c277976b3", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024090410-CVE-2024-44950-67fb@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-44950", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-44950" ], "PublishedDate": "2024-09-04T19:15:30.1Z", "LastModifiedDate": "2025-11-03T21:16:19.88Z" }, { "VulnerabilityID": "CVE-2024-44961", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-44961", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b018ff7b88291ad13b1f3b850b10c69827546128f246ab39844d8a127a1f8422", "Title": "kernel: drm/amdgpu: Forward soft recovery errors to userspace", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Forward soft recovery errors to userspace\n\nAs we discussed before[1], soft recovery should be\nforwarded to userspace, or we can get into a really\nbad state where apps will keep submitting hanging\ncommand buffers cascading us to a hard reset.\n\n1: https://lore.kernel.org/all/bf23d5ed-9a6b-43e7-84ee-8cbfd0d60f18@froggi.es/\n(cherry picked from commit 434967aadbbbe3ad9103cc29e9a327de20fdba01)", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-44961", "https://git.kernel.org/linus/829798c789f567ef6ba4b084c15b7b5f3bd98d51 (6.11-rc3)", "https://git.kernel.org/stable/c/0da0b06165d83a8ecbb6582d9d5a135f9d38a52a", "https://git.kernel.org/stable/c/829798c789f567ef6ba4b084c15b7b5f3bd98d51", "https://git.kernel.org/stable/c/c28d207edfc5679585f4e96acb67000076ce90be", "https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44961-8666@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-44961", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-44961" ], "PublishedDate": "2024-09-04T19:15:30.77Z", "LastModifiedDate": "2024-10-04T16:39:39.3Z" }, { "VulnerabilityID": "CVE-2024-44962", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-44962", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1fc13bc2752ce7fbace08864eb23f739502d3adc682dd328ddb5c42071c5d608", "Title": "kernel: Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading\n\nWhen unload the btnxpuart driver, its associated timer will be deleted.\nIf the timer happens to be modified at this moment, it leads to the\nkernel call this timer even after the driver unloaded, resulting in\nkernel panic.\nUse timer_shutdown_sync() instead of del_timer_sync() to prevent rearming.\n\npanic log:\n Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP\n Modules linked in: algif_hash algif_skcipher af_alg moal(O) mlan(O) crct10dif_ce polyval_ce polyval_generic snd_soc_imx_card snd_soc_fsl_asoc_card snd_soc_imx_audmux mxc_jpeg_encdec v4l2_jpeg snd_soc_wm8962 snd_soc_fsl_micfil snd_soc_fsl_sai flexcan snd_soc_fsl_utils ap130x rpmsg_ctrl imx_pcm_dma can_dev rpmsg_char pwm_fan fuse [last unloaded: btnxpuart]\n CPU: 5 PID: 723 Comm: memtester Tainted: G O 6.6.23-lts-next-06207-g4aef2658ac28 #1\n Hardware name: NXP i.MX95 19X19 board (DT)\n pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : 0xffff80007a2cf464\n lr : call_timer_fn.isra.0+0x24/0x80\n...\n Call trace:\n 0xffff80007a2cf464\n __run_timers+0x234/0x280\n run_timer_softirq+0x20/0x40\n __do_softirq+0x100/0x26c\n ____do_softirq+0x10/0x1c\n call_on_irq_stack+0x24/0x4c\n do_softirq_own_stack+0x1c/0x2c\n irq_exit_rcu+0xc0/0xdc\n el0_interrupt+0x54/0xd8\n __el0_irq_handler_common+0x18/0x24\n el0t_64_irq_handler+0x10/0x1c\n el0t_64_irq+0x190/0x194\n Code: ???????? ???????? ???????? ???????? (????????)\n ---[ end trace 0000000000000000 ]---\n Kernel panic - not syncing: Oops: Fatal exception in interrupt\n SMP: stopping secondary CPUs\n Kernel Offset: disabled\n CPU features: 0x0,c0000000,40028143,1000721b\n Memory Limit: none\n ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-44962", "https://git.kernel.org/linus/0d0df1e750bac0fdaa77940e711c1625cff08d33 (6.11-rc1)", "https://git.kernel.org/stable/c/0d0df1e750bac0fdaa77940e711c1625cff08d33", "https://git.kernel.org/stable/c/28bbb5011a9723700006da67bdb57ab6a914452b", "https://git.kernel.org/stable/c/4d9adcb94d55e9be8a3e464d9f2ff7d27e2ed016", "https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44962-c329@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-44962", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-44962" ], "PublishedDate": "2024-09-04T19:15:30.827Z", "LastModifiedDate": "2024-10-04T16:20:34.55Z" }, { "VulnerabilityID": "CVE-2024-44963", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-44963", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5c34b5810d9b7d8be932fbdd3bf44c8eee350252fadeed2ff52952a50edff83f", "Title": "kernel: btrfs: do not BUG_ON() when freeing tree block after error", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not BUG_ON() when freeing tree block after error\n\nWhen freeing a tree block, at btrfs_free_tree_block(), if we fail to\ncreate a delayed reference we don't deal with the error and just do a\nBUG_ON(). The error most likely to happen is -ENOMEM, and we have a\ncomment mentioning that only -ENOMEM can happen, but that is not true,\nbecause in case qgroups are enabled any error returned from\nbtrfs_qgroup_trace_extent_post() (can be -EUCLEAN or anything returned\nfrom btrfs_search_slot() for example) can be propagated back to\nbtrfs_free_tree_block().\n\nSo stop doing a BUG_ON() and return the error to the callers and make\nthem abort the transaction to prevent leaking space. Syzbot was\ntriggering this, likely due to memory allocation failure injection.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-44963", "https://git.kernel.org/linus/bb3868033a4cccff7be57e9145f2117cbdc91c11 (6.11-rc1)", "https://git.kernel.org/stable/c/22d907bcd283d69d5e60497fc0d51969545c583b", "https://git.kernel.org/stable/c/98251cd60b4d702a8a81de442ab621e83a3fb24f", "https://git.kernel.org/stable/c/bb3868033a4cccff7be57e9145f2117cbdc91c11", "https://lore.kernel.org/linux-cve-announce/2024090414-CVE-2024-44963-2e6d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-44963", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-44963" ], "PublishedDate": "2024-09-04T19:15:30.883Z", "LastModifiedDate": "2024-12-09T13:10:03.787Z" }, { "VulnerabilityID": "CVE-2024-44970", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-44970", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:517ae2bba6ffc8150857d0e287c2247338fded93dd5764552b73a16f02e67d9b", "Title": "kernel: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: SHAMPO, Fix invalid WQ linked list unlink\n\nWhen all the strides in a WQE have been consumed, the WQE is unlinked\nfrom the WQ linked list (mlx5_wq_ll_pop()). For SHAMPO, it is possible\nto receive CQEs with 0 consumed strides for the same WQE even after the\nWQE is fully consumed and unlinked. This triggers an additional unlink\nfor the same wqe which corrupts the linked list.\n\nFix this scenario by accepting 0 sized consumed strides without\nunlinking the WQE again.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 3, "amazon": 3, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:8057", "https://access.redhat.com/security/cve/CVE-2024-44970", "https://bugzilla.redhat.com/2297490", "https://bugzilla.redhat.com/2309801", "https://bugzilla.redhat.com/2348609", "https://bugzilla.redhat.com/show_bug.cgi?id=2297490", "https://bugzilla.redhat.com/show_bug.cgi?id=2309801", "https://bugzilla.redhat.com/show_bug.cgi?id=2348609", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40906", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44970", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21756", "https://errata.almalinux.org/8/ALSA-2025-8057.html", "https://errata.rockylinux.org/RLSA-2025:8056", "https://git.kernel.org/linus/fba8334721e266f92079632598e46e5f89082f30 (6.11-rc1)", "https://git.kernel.org/stable/c/50d8009a0ac02c3311b23a0066511f8337bd88d9", "https://git.kernel.org/stable/c/650e24748e1e0a7ff91d5c72b72a2f2a452b5b76", "https://git.kernel.org/stable/c/7b379353e9144e1f7460ff15f39862012c9d0d78", "https://git.kernel.org/stable/c/fba8334721e266f92079632598e46e5f89082f30", "https://linux.oracle.com/cve/CVE-2024-44970.html", "https://linux.oracle.com/errata/ELSA-2025-8056.html", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024090456-CVE-2024-44970-f687@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-44970", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-44970" ], "PublishedDate": "2024-09-04T19:15:31.307Z", "LastModifiedDate": "2025-11-03T23:15:45.323Z" }, { "VulnerabilityID": "CVE-2024-45010", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45010", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:cb7f93b428ae1c61d0daef1844ab4a6f7a459df328688c146831bfb18dac51ef", "Title": "kernel: mptcp: pm: only mark 'subflow' endp as available", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only mark 'subflow' endp as available\n\nAdding the following warning ...\n\n WARN_ON_ONCE(msk-\u003epm.local_addr_used == 0)\n\n... before decrementing the local_addr_used counter helped to find a bug\nwhen running the \"remove single address\" subtest from the mptcp_join.sh\nselftests.\n\nRemoving a 'signal' endpoint will trigger the removal of all subflows\nlinked to this endpoint via mptcp_pm_nl_rm_addr_or_subflow() with\nrm_type == MPTCP_MIB_RMSUBFLOW. This will decrement the local_addr_used\ncounter, which is wrong in this case because this counter is linked to\n'subflow' endpoints, and here it is a 'signal' endpoint that is being\nremoved.\n\nNow, the counter is decremented, only if the ID is being used outside\nof mptcp_pm_nl_rm_addr_or_subflow(), only for 'subflow' endpoints, and\nif the ID is not 0 -- local_addr_used is not taking into account these\nones. This marking of the ID as being available, and the decrement is\ndone no matter if a subflow using this ID is currently available,\nbecause the subflow could have been closed before.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-45010", "https://git.kernel.org/linus/322ea3778965da72862cca2a0c50253aacf65fe6 (6.11-rc5)", "https://git.kernel.org/stable/c/322ea3778965da72862cca2a0c50253aacf65fe6", "https://git.kernel.org/stable/c/43cf912b0b0fc7b4fd12cbc735d1f5afb8e1322d", "https://git.kernel.org/stable/c/7fdc870d08960961408a44c569f20f50940e7d4f", "https://git.kernel.org/stable/c/9849cfc67383ceb167155186f8f8fe8a896b60b3", "https://linux.oracle.com/cve/CVE-2024-45010.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45010-33ee@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-45010", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-45010" ], "PublishedDate": "2024-09-11T16:15:06.483Z", "LastModifiedDate": "2025-11-03T23:15:49.437Z" }, { "VulnerabilityID": "CVE-2024-45015", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45015", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:58a1fb22cbba39d8e9cc9d68eee6a74564f5306e633652edacf41a340bb90171", "Title": "kernel: drm/msm/dpu: move dpu_encoder\u0026#39;s connector assignment to atomic_enable()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable()\n\nFor cases where the crtc's connectors_changed was set without enable/active\ngetting toggled , there is an atomic_enable() call followed by an\natomic_disable() but without an atomic_mode_set().\n\nThis results in a NULL ptr access for the dpu_encoder_get_drm_fmt() call in\nthe atomic_enable() as the dpu_encoder's connector was cleared in the\natomic_disable() but not re-assigned as there was no atomic_mode_set() call.\n\nFix the NULL ptr access by moving the assignment for atomic_enable() and also\nuse drm_atomic_get_new_connector_for_encoder() to get the connector from\nthe atomic_state.\n\nPatchwork: https://patchwork.freedesktop.org/patch/606729/", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-45015", "https://git.kernel.org/linus/aedf02e46eb549dac8db4821a6b9f0c6bf6e3990 (6.11-rc5)", "https://git.kernel.org/stable/c/3bacf814b6a61cc683c68465f175ebd938f09c52", "https://git.kernel.org/stable/c/3fb61718bcbe309279205d1cc275a6435611dc77", "https://git.kernel.org/stable/c/aedf02e46eb549dac8db4821a6b9f0c6bf6e3990", "https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45015-c139@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-45015", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-45015" ], "PublishedDate": "2024-09-11T16:15:06.763Z", "LastModifiedDate": "2024-09-13T16:35:58.617Z" }, { "VulnerabilityID": "CVE-2024-46678", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-46678", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:56961279bb68095f43bfcd47a04172f04443fe10c7a67b6f62a11881d4ba827e", "Title": "kernel: bonding: change ipsec_lock from spin lock to mutex", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: change ipsec_lock from spin lock to mutex\n\nIn the cited commit, bond-\u003eipsec_lock is added to protect ipsec_list,\nhence xdo_dev_state_add and xdo_dev_state_delete are called inside\nthis lock. As ipsec_lock is a spin lock and such xfrmdev ops may sleep,\n\"scheduling while atomic\" will be triggered when changing bond's\nactive slave.\n\n[ 101.055189] BUG: scheduling while atomic: bash/902/0x00000200\n[ 101.055726] Modules linked in:\n[ 101.058211] CPU: 3 PID: 902 Comm: bash Not tainted 6.9.0-rc4+ #1\n[ 101.058760] Hardware name:\n[ 101.059434] Call Trace:\n[ 101.059436] \u003cTASK\u003e\n[ 101.060873] dump_stack_lvl+0x51/0x60\n[ 101.061275] __schedule_bug+0x4e/0x60\n[ 101.061682] __schedule+0x612/0x7c0\n[ 101.062078] ? __mod_timer+0x25c/0x370\n[ 101.062486] schedule+0x25/0xd0\n[ 101.062845] schedule_timeout+0x77/0xf0\n[ 101.063265] ? asm_common_interrupt+0x22/0x40\n[ 101.063724] ? __bpf_trace_itimer_state+0x10/0x10\n[ 101.064215] __wait_for_common+0x87/0x190\n[ 101.064648] ? usleep_range_state+0x90/0x90\n[ 101.065091] cmd_exec+0x437/0xb20 [mlx5_core]\n[ 101.065569] mlx5_cmd_do+0x1e/0x40 [mlx5_core]\n[ 101.066051] mlx5_cmd_exec+0x18/0x30 [mlx5_core]\n[ 101.066552] mlx5_crypto_create_dek_key+0xea/0x120 [mlx5_core]\n[ 101.067163] ? bonding_sysfs_store_option+0x4d/0x80 [bonding]\n[ 101.067738] ? kmalloc_trace+0x4d/0x350\n[ 101.068156] mlx5_ipsec_create_sa_ctx+0x33/0x100 [mlx5_core]\n[ 101.068747] mlx5e_xfrm_add_state+0x47b/0xaa0 [mlx5_core]\n[ 101.069312] bond_change_active_slave+0x392/0x900 [bonding]\n[ 101.069868] bond_option_active_slave_set+0x1c2/0x240 [bonding]\n[ 101.070454] __bond_opt_set+0xa6/0x430 [bonding]\n[ 101.070935] __bond_opt_set_notify+0x2f/0x90 [bonding]\n[ 101.071453] bond_opt_tryset_rtnl+0x72/0xb0 [bonding]\n[ 101.071965] bonding_sysfs_store_option+0x4d/0x80 [bonding]\n[ 101.072567] kernfs_fop_write_iter+0x10c/0x1a0\n[ 101.073033] vfs_write+0x2d8/0x400\n[ 101.073416] ? alloc_fd+0x48/0x180\n[ 101.073798] ksys_write+0x5f/0xe0\n[ 101.074175] do_syscall_64+0x52/0x110\n[ 101.074576] entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nAs bond_ipsec_add_sa_all and bond_ipsec_del_sa_all are only called\nfrom bond_change_active_slave, which requires holding the RTNL lock.\nAnd bond_ipsec_add_sa and bond_ipsec_del_sa are xfrm state\nxdo_dev_state_add and xdo_dev_state_delete APIs, which are in user\ncontext. So ipsec_lock doesn't have to be spin lock, change it to\nmutex, and thus the above issue can be resolved.", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "azure": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-46678", "https://git.kernel.org/linus/2aeeef906d5a526dc60cf4af92eda69836c39b1f (6.11-rc6)", "https://git.kernel.org/stable/c/2aeeef906d5a526dc60cf4af92eda69836c39b1f", "https://git.kernel.org/stable/c/56354b0a2c24a7828eeed7de4b4dc9652d9affa3", "https://git.kernel.org/stable/c/6b598069164ac1bb60996d6ff94e7f9169dbd2d3", "https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46678-ca65@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-46678", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-46678" ], "PublishedDate": "2024-09-13T06:15:12.45Z", "LastModifiedDate": "2024-09-23T14:44:12.88Z" }, { "VulnerabilityID": "CVE-2024-46681", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-46681", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0bc73d850094c29e27416237cff2d915e36969a8a95687e1c5c5c497bd8908b4", "Title": "kernel: pktgen: use cpus_read_lock() in pg_net_init()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\npktgen: use cpus_read_lock() in pg_net_init()\n\nI have seen the WARN_ON(smp_processor_id() != cpu) firing\nin pktgen_thread_worker() during tests.\n\nWe must use cpus_read_lock()/cpus_read_unlock()\naround the for_each_online_cpu(cpu) loop.\n\nWhile we are at it use WARN_ON_ONCE() to avoid a possible syslog flood.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-46681", "https://git.kernel.org/linus/979b581e4c69257acab1af415ddad6b2d78a2fa5 (6.11-rc6)", "https://git.kernel.org/stable/c/5f5f7366dda8ae870e8305d6e7b3c0c2686cd2cf", "https://git.kernel.org/stable/c/979b581e4c69257acab1af415ddad6b2d78a2fa5", "https://lore.kernel.org/linux-cve-announce/2024091337-CVE-2024-46681-6086@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-46681", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-46681" ], "PublishedDate": "2024-09-13T06:15:12.71Z", "LastModifiedDate": "2024-09-19T18:10:49.623Z" }, { "VulnerabilityID": "CVE-2024-46705", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-46705", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e7bb767ac3c3de41e079b8f3d591fce3960a912f00f03759b52ded8f356d5ab7", "Title": "kernel: drm/xe: reset mmio mappings with devm", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: reset mmio mappings with devm\n\nSet our various mmio mappings to NULL. This should make it easier to\ncatch something rogue trying to mess with mmio after device removal. For\nexample, we might unmap everything and then start hitting some mmio\naddress which has already been unmamped by us and then remapped by\nsomething else, causing all kinds of carnage.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-46705", "https://git.kernel.org/linus/c7117419784f612d59ee565145f722e8b5541fe6 (6.11-rc1)", "https://git.kernel.org/stable/c/b1c9fbed3884d3883021d699c7cdf5253a65543a", "https://git.kernel.org/stable/c/c7117419784f612d59ee565145f722e8b5541fe6", "https://lore.kernel.org/linux-cve-announce/2024091330-CVE-2024-46705-b9c0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-46705", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-46705" ], "PublishedDate": "2024-09-13T07:15:05.477Z", "LastModifiedDate": "2024-09-19T13:30:44.133Z" }, { "VulnerabilityID": "CVE-2024-46715", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-46715", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9e13278c2fb230229a75009e60d528dc89970840a3267f8e17e78466ef6dc3ba", "Title": "kernel: driver: iio: add missing checks on iio_info\u0026#39;s callback access", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver: iio: add missing checks on iio_info's callback access\n\nSome callbacks from iio_info structure are accessed without any check, so\nif a driver doesn't implement them trying to access the corresponding\nsysfs entries produce a kernel oops such as:\n\n[ 2203.527791] Unable to handle kernel NULL pointer dereference at virtual address 00000000 when execute\n[...]\n[ 2203.783416] Call trace:\n[ 2203.783429] iio_read_channel_info_avail from dev_attr_show+0x18/0x48\n[ 2203.789807] dev_attr_show from sysfs_kf_seq_show+0x90/0x120\n[ 2203.794181] sysfs_kf_seq_show from seq_read_iter+0xd0/0x4e4\n[ 2203.798555] seq_read_iter from vfs_read+0x238/0x2a0\n[ 2203.802236] vfs_read from ksys_read+0xa4/0xd4\n[ 2203.805385] ksys_read from ret_fast_syscall+0x0/0x54\n[ 2203.809135] Exception stack(0xe0badfa8 to 0xe0badff0)\n[ 2203.812880] dfa0: 00000003 b6f10f80 00000003 b6eab000 00020000 00000000\n[ 2203.819746] dfc0: 00000003 b6f10f80 7ff00000 00000003 00000003 00000000 00020000 00000000\n[ 2203.826619] dfe0: b6e1bc88 bed80958 b6e1bc94 b6e1bcb0\n[ 2203.830363] Code: bad PC value\n[ 2203.832695] ---[ end trace 0000000000000000 ]---", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-46715", "https://git.kernel.org/linus/c4ec8dedca961db056ec85cb7ca8c9f7e2e92252 (6.11-rc1)", "https://git.kernel.org/stable/c/0cc7e0ee31e5c44904e98e2229d591e093282a70", "https://git.kernel.org/stable/c/72f022ebb9deac28663fa4c04ba315ed5d6654d1", "https://git.kernel.org/stable/c/c4ec8dedca961db056ec85cb7ca8c9f7e2e92252", "https://git.kernel.org/stable/c/dc537a72f64890d883d24ae4ac58733fc5bc523d", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46715-7e7b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-46715", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-46715" ], "PublishedDate": "2024-09-18T07:15:03.13Z", "LastModifiedDate": "2025-11-03T23:15:55.503Z" }, { "VulnerabilityID": "CVE-2024-46716", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-46716", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1749e8a6d8bf366efc08c7b41e06456deefd1697239fc458339ade37f57fe487", "Title": "kernel: dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor\n\nRemove list_del call in msgdma_chan_desc_cleanup, this should be the role\nof msgdma_free_descriptor. In consequence replace list_add_tail with\nlist_move_tail in msgdma_free_descriptor.\n\nThis fixes the path:\n msgdma_free_chan_resources -\u003e msgdma_free_descriptors -\u003e\n msgdma_free_desc_list -\u003e msgdma_free_descriptor\n\nwhich does not correctly free the descriptors as first nodes were not\nremoved from the list.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-46716", "https://git.kernel.org/linus/54e4ada1a4206f878e345ae01cf37347d803d1b1 (6.11-rc1)", "https://git.kernel.org/stable/c/20bf2920a869f9dbda0ef8c94c87d1901a64a716", "https://git.kernel.org/stable/c/54e4ada1a4206f878e345ae01cf37347d803d1b1", "https://git.kernel.org/stable/c/a3480e59fdbe5585d2d1eff0bed7671583acf725", "https://git.kernel.org/stable/c/db67686676c7becc1910bf1d6d51505876821863", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46716-f63f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-46716", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-46716" ], "PublishedDate": "2024-09-18T07:15:03.183Z", "LastModifiedDate": "2025-11-03T23:15:55.627Z" }, { "VulnerabilityID": "CVE-2024-46717", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-46717", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e2079f0f849f9fbefd57d60147bea2d8329c46fd344aa4a969603c8fc67279b0", "Title": "kernel: net/mlx5e: SHAMPO, Fix incorrect page release", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: SHAMPO, Fix incorrect page release\n\nUnder the following conditions:\n1) No skb created yet\n2) header_size == 0 (no SHAMPO header)\n3) header_index + 1 % MLX5E_SHAMPO_WQ_HEADER_PER_PAGE == 0 (this is the\n last page fragment of a SHAMPO header page)\n\na new skb is formed with a page that is NOT a SHAMPO header page (it\nis a regular data page). Further down in the same function\n(mlx5e_handle_rx_cqe_mpwrq_shampo()), a SHAMPO header page from\nheader_index is released. This is wrong and it leads to SHAMPO header\npages being released more than once.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-46717", "https://git.kernel.org/linus/70bd03b89f20b9bbe51a7f73c4950565a17a45f7 (6.11-rc1)", "https://git.kernel.org/stable/c/03924d117625ecb10ee3c9b65930bcb2c37ae629", "https://git.kernel.org/stable/c/70bd03b89f20b9bbe51a7f73c4950565a17a45f7", "https://git.kernel.org/stable/c/ae9018e3f61ba5cc1f08a6e51d3c0bef0a79f3ab", "https://git.kernel.org/stable/c/c909ab41df2b09cde919801c7a7b6bb2cc37ea22", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46717-2f30@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-46717", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-46717" ], "PublishedDate": "2024-09-18T07:15:03.237Z", "LastModifiedDate": "2025-11-03T23:15:55.74Z" }, { "VulnerabilityID": "CVE-2024-46718", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-46718", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2d566faf388abf5fd485d9075f522360227697c1eff8cc97e9486cfbe3d6b24e", "Title": "kernel: drm/xe: Don\u0026#39;t overmap identity VRAM mapping", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Don't overmap identity VRAM mapping\n\nOvermapping the identity VRAM mapping is triggering hardware bugs on\ncertain platforms. Use 2M pages for the last unaligned (to 1G) VRAM\nchunk.\n\nv2:\n - Always use 2M pages for last chunk (Fei Yang)\n - break loop when 2M pages are used\n - Add assert for usable_size being 2M aligned\nv3:\n - Fix checkpatch", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-46718", "https://git.kernel.org/linus/6d3581edffea0b3a64b0d3094d3f09222e0024f7 (6.11-rc1)", "https://git.kernel.org/stable/c/6d3581edffea0b3a64b0d3094d3f09222e0024f7", "https://git.kernel.org/stable/c/bb706e92c87beb9f2543faa1705ccc330b9e7c65", "https://lore.kernel.org/linux-cve-announce/2024091833-CVE-2024-46718-c5c7@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-46718", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-46718" ], "PublishedDate": "2024-09-18T07:15:03.303Z", "LastModifiedDate": "2025-10-08T17:08:58.943Z" }, { "VulnerabilityID": "CVE-2024-46720", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-46720", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b7c5520b6f0b4039836005ec596df80d5c679ae717ca8336b75b5eecd4a86975", "Title": "kernel: drm/amdgpu: fix dereference after null check", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix dereference after null check\n\ncheck the pointer hive before use.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-46720", "https://git.kernel.org/linus/b1f7810b05d1950350ac2e06992982974343e441 (6.11-rc1)", "https://git.kernel.org/stable/c/00b9594d6310eb33e14d3f07b54866499efe0d50", "https://git.kernel.org/stable/c/0aad97bf6d0bc7a34a19f266b0b9fb2861efe64c", "https://git.kernel.org/stable/c/1b73ea3d97cc23f9b16d10021782b48397d2b517", "https://git.kernel.org/stable/c/b1f7810b05d1950350ac2e06992982974343e441", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024091834-CVE-2024-46720-a598@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-46720", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-46720" ], "PublishedDate": "2024-09-18T07:15:03.42Z", "LastModifiedDate": "2025-11-03T23:15:56.003Z" }, { "VulnerabilityID": "CVE-2024-46726", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-46726", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:214e2b1b4694ada650e49851a360ca1617c3269ac2dd7151c0591ce404fcc47f", "Title": "kernel: drm/amd/display: Ensure index calculation will not overflow", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Ensure index calculation will not overflow\n\n[WHY \u0026 HOW]\nMake sure vmid0p72_idx, vnom0p8_idx and vmax0p9_idx calculation will\nnever overflow and exceess array size.\n\nThis fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "azure": 2, "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-46726", "https://git.kernel.org/linus/8e2734bf444767fed787305ccdcb36a2be5301a2 (6.11-rc1)", "https://git.kernel.org/stable/c/3dc6bb57dab36b38b7374af0ac916174c146b6ed", "https://git.kernel.org/stable/c/733ae185502d30bbe79575167b6178cfb6c5d6bd", "https://git.kernel.org/stable/c/8e2734bf444767fed787305ccdcb36a2be5301a2", "https://git.kernel.org/stable/c/d705b5869f6b1b46ad5ceb1bd2a08c04f7e5003b", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46726-587e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-46726", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-46726" ], "PublishedDate": "2024-09-18T07:15:03.787Z", "LastModifiedDate": "2025-11-03T23:15:57.023Z" }, { "VulnerabilityID": "CVE-2024-46727", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-46727", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:da6929a9e5ac2a2402d0289c442323c61db1b6ed37ea4a66d4873662137eadb8", "Title": "kernel: drm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update\n\n[Why]\nCoverity reports NULL_RETURN warning.\n\n[How]\nAdd otg_master NULL check.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-46727", "https://git.kernel.org/linus/871cd9d881fa791d3f82885000713de07041c0ae (6.11-rc1)", "https://git.kernel.org/stable/c/871cd9d881fa791d3f82885000713de07041c0ae", "https://git.kernel.org/stable/c/aad4d3d3d3b6a362bf5db11e1f28c4a60620900d", "https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46727-2565@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-46727", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-46727" ], "PublishedDate": "2024-09-18T07:15:03.84Z", "LastModifiedDate": "2024-09-30T12:49:43.097Z" }, { "VulnerabilityID": "CVE-2024-46728", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-46728", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2e74759792484d483b080dee1c26dbc3f5df81fb90cb33e5361019958f693e3b", "Title": "kernel: drm/amd/display: Check index for aux_rd_interval before using", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check index for aux_rd_interval before using\n\naux_rd_interval has size of 7 and should be checked.\n\nThis fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-46728", "https://git.kernel.org/linus/9ba2ea6337b4f159aecb177555a6a81da92d302e (6.11-rc1)", "https://git.kernel.org/stable/c/48e0b68e2360b16edf2a0bae05c0051c00fbb48a", "https://git.kernel.org/stable/c/6c588e9350dd7a9fb97a56fe74852c9ecc44450c", "https://git.kernel.org/stable/c/9ba2ea6337b4f159aecb177555a6a81da92d302e", "https://lore.kernel.org/linux-cve-announce/2024091835-CVE-2024-46728-edfe@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-46728", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-46728" ], "PublishedDate": "2024-09-18T07:15:03.893Z", "LastModifiedDate": "2024-09-26T13:31:34.347Z" }, { "VulnerabilityID": "CVE-2024-46729", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-46729", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b3b5360943d20b11229292c3f0aa5ddb63b8c0836fe10dbd5aaf1416f1e3b7e5", "Title": "kernel: drm/amd/display: Fix incorrect size calculation for loop", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix incorrect size calculation for loop\n\n[WHY]\nfe_clk_en has size of 5 but sizeof(fe_clk_en) has byte size 20 which is\nlager than the array size.\n\n[HOW]\nDivide byte size 20 by its element size.\n\nThis fixes 2 OVERRUN issues reported by Coverity.", "Severity": "MEDIUM", "CweIDs": [ "CWE-131", "CWE-787" ], "VendorSeverity": { "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-46729", "https://git.kernel.org/linus/3941a3aa4b653b69876d894d08f3fff1cc965267 (6.11-rc1)", "https://git.kernel.org/stable/c/3941a3aa4b653b69876d894d08f3fff1cc965267", "https://git.kernel.org/stable/c/712be65b3b372a82bff0865b9c090147764bf1c4", "https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46729-158c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-46729", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-46729" ], "PublishedDate": "2024-09-18T07:15:03.95Z", "LastModifiedDate": "2025-09-26T17:34:46.38Z" }, { "VulnerabilityID": "CVE-2024-46730", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-46730", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:45409aedcb979935eb8bf2d25747f99ba914c0919cab8f365762527cfb494eda", "Title": "kernel: drm/amd/display: Ensure array index tg_inst won\u0026#39;t be -1", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Ensure array index tg_inst won't be -1\n\n[WHY \u0026 HOW]\ntg_inst will be a negative if timing_generator_count equals 0, which\nshould be checked before used.\n\nThis fixes 2 OVERRUN issues reported by Coverity.", "Severity": "MEDIUM", "CweIDs": [ "CWE-191" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-46730", "https://git.kernel.org/linus/687fe329f18ab0ab0496b20ed2cb003d4879d931 (6.11-rc1)", "https://git.kernel.org/stable/c/687fe329f18ab0ab0496b20ed2cb003d4879d931", "https://git.kernel.org/stable/c/a64284b9e1999ad5580debced4bc6d6adb28aad4", "https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46730-b69e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-46730", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-46730" ], "PublishedDate": "2024-09-18T07:15:04.003Z", "LastModifiedDate": "2024-09-30T12:49:00.333Z" }, { "VulnerabilityID": "CVE-2024-46733", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-46733", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3315c94ef5022953369b69144ac4f373bd2c94de4a4c390ab858f5344f5fd3df", "Title": "kernel: btrfs: fix qgroup reserve leaks in cow_file_range", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix qgroup reserve leaks in cow_file_range\n\nIn the buffered write path, the dirty page owns the qgroup reserve until\nit creates an ordered_extent.\n\nTherefore, any errors that occur before the ordered_extent is created\nmust free that reservation, or else the space is leaked. The fstest\ngeneric/475 exercises various IO error paths, and is able to trigger\nerrors in cow_file_range where we fail to get to allocating the ordered\nextent. Note that because we *do* clear delalloc, we are likely to\nremove the inode from the delalloc list, so the inodes/pages to not have\ninvalidate/launder called on them in the commit abort path.\n\nThis results in failures at the unmount stage of the test that look like:\n\n BTRFS: error (device dm-8 state EA) in cleanup_transaction:2018: errno=-5 IO failure\n BTRFS: error (device dm-8 state EA) in btrfs_replace_file_extents:2416: errno=-5 IO failure\n BTRFS warning (device dm-8 state EA): qgroup 0/5 has unreleased space, type 0 rsv 28672\n ------------[ cut here ]------------\n WARNING: CPU: 3 PID: 22588 at fs/btrfs/disk-io.c:4333 close_ctree+0x222/0x4d0 [btrfs]\n Modules linked in: btrfs blake2b_generic libcrc32c xor zstd_compress raid6_pq\n CPU: 3 PID: 22588 Comm: umount Kdump: loaded Tainted: G W 6.10.0-rc7-gab56fde445b8 #21\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\n RIP: 0010:close_ctree+0x222/0x4d0 [btrfs]\n RSP: 0018:ffffb4465283be00 EFLAGS: 00010202\n RAX: 0000000000000001 RBX: ffffa1a1818e1000 RCX: 0000000000000001\n RDX: 0000000000000000 RSI: ffffb4465283bbe0 RDI: ffffa1a19374fcb8\n RBP: ffffa1a1818e13c0 R08: 0000000100028b16 R09: 0000000000000000\n R10: 0000000000000003 R11: 0000000000000003 R12: ffffa1a18ad7972c\n R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n FS: 00007f9168312b80(0000) GS:ffffa1a4afcc0000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f91683c9140 CR3: 000000010acaa000 CR4: 00000000000006f0\n Call Trace:\n \u003cTASK\u003e\n ? close_ctree+0x222/0x4d0 [btrfs]\n ? __warn.cold+0x8e/0xea\n ? close_ctree+0x222/0x4d0 [btrfs]\n ? report_bug+0xff/0x140\n ? handle_bug+0x3b/0x70\n ? exc_invalid_op+0x17/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? close_ctree+0x222/0x4d0 [btrfs]\n generic_shutdown_super+0x70/0x160\n kill_anon_super+0x11/0x40\n btrfs_kill_super+0x11/0x20 [btrfs]\n deactivate_locked_super+0x2e/0xa0\n cleanup_mnt+0xb5/0x150\n task_work_run+0x57/0x80\n syscall_exit_to_user_mode+0x121/0x130\n do_syscall_64+0xab/0x1a0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f916847a887\n ---[ end trace 0000000000000000 ]---\n BTRFS error (device dm-8 state EA): qgroup reserved space leaked\n\nCases 2 and 3 in the out_reserve path both pertain to this type of leak\nand must free the reserved qgroup data. Because it is already an error\npath, I opted not to handle the possible errors in\nbtrfs_free_qgroup_data.", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-46733", "https://git.kernel.org/linus/30479f31d44d47ed00ae0c7453d9b253537005b2 (6.11-rc3)", "https://git.kernel.org/stable/c/159f0f61b283ea71e827dd0c18c5dce197de1fa2", "https://git.kernel.org/stable/c/30479f31d44d47ed00ae0c7453d9b253537005b2", "https://git.kernel.org/stable/c/84464db2ec2a55b9313d5f264da196a37ec80994", "https://git.kernel.org/stable/c/e42ef22bc10f0309c0c65d8d6ca8b4127a674b7f", "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html", "https://lore.kernel.org/linux-cve-announce/2024091836-CVE-2024-46733-77eb@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-46733", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-46733" ], "PublishedDate": "2024-09-18T07:15:04.17Z", "LastModifiedDate": "2025-11-03T20:16:31.32Z" }, { "VulnerabilityID": "CVE-2024-46748", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-46748", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8a417b5d4ceeb456e36177424ba7fc6e778d1fba5444bd5c42c06722a7e41f88", "Title": "kernel: cachefiles: Set the max subreq size for cache writes to MAX_RW_COUNT", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: Set the max subreq size for cache writes to MAX_RW_COUNT\n\nSet the maximum size of a subrequest that writes to cachefiles to be\nMAX_RW_COUNT so that we don't overrun the maximum write we can make to the\nbacking filesystem.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-46748", "https://git.kernel.org/linus/51d37982bbac3ea0ca21b2797a9cb0044272b3aa (6.11-rc1)", "https://git.kernel.org/stable/c/51d37982bbac3ea0ca21b2797a9cb0044272b3aa", "https://git.kernel.org/stable/c/cec226f9b1fd6cf55bc157873aec61b523083e96", "https://lore.kernel.org/linux-cve-announce/2024091837-CVE-2024-46748-03e7@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-46748", "https://www.cve.org/CVERecord?id=CVE-2024-46748" ], "PublishedDate": "2024-09-18T08:15:03.847Z", "LastModifiedDate": "2025-10-08T17:08:35.993Z" }, { "VulnerabilityID": "CVE-2024-46749", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-46749", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:14801bf1c00794f199ce7d42523160319c5f4defbd99c1481d071750b9a10af0", "Title": "kernel: Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush()\n\nThis adds a check before freeing the rx-\u003eskb in flush and close\nfunctions to handle the kernel crash seen while removing driver after FW\ndownload fails or before FW download completes.\n\ndmesg log:\n[ 54.634586] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000080\n[ 54.643398] Mem abort info:\n[ 54.646204] ESR = 0x0000000096000004\n[ 54.649964] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 54.655286] SET = 0, FnV = 0\n[ 54.658348] EA = 0, S1PTW = 0\n[ 54.661498] FSC = 0x04: level 0 translation fault\n[ 54.666391] Data abort info:\n[ 54.669273] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[ 54.674768] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 54.674771] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 54.674775] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000048860000\n[ 54.674780] [0000000000000080] pgd=0000000000000000, p4d=0000000000000000\n[ 54.703880] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 54.710152] Modules linked in: btnxpuart(-) overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce polyval_generic snd_soc_imx_spdif snd_soc_imx_card snd_soc_ak5558 snd_soc_ak4458 caam secvio error snd_soc_fsl_micfil snd_soc_fsl_spdif snd_soc_fsl_sai snd_soc_fsl_utils imx_pcm_dma gpio_ir_recv rc_core sch_fq_codel fuse\n[ 54.744357] CPU: 3 PID: 72 Comm: kworker/u9:0 Not tainted 6.6.3-otbr-g128004619037 #2\n[ 54.744364] Hardware name: FSL i.MX8MM EVK board (DT)\n[ 54.744368] Workqueue: hci0 hci_power_on\n[ 54.757244] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 54.757249] pc : kfree_skb_reason+0x18/0xb0\n[ 54.772299] lr : btnxpuart_flush+0x40/0x58 [btnxpuart]\n[ 54.782921] sp : ffff8000805ebca0\n[ 54.782923] x29: ffff8000805ebca0 x28: ffffa5c6cf1869c0 x27: ffffa5c6cf186000\n[ 54.782931] x26: ffff377b84852400 x25: ffff377b848523c0 x24: ffff377b845e7230\n[ 54.782938] x23: ffffa5c6ce8dbe08 x22: ffffa5c6ceb65410 x21: 00000000ffffff92\n[ 54.782945] x20: ffffa5c6ce8dbe98 x19: ffffffffffffffac x18: ffffffffffffffff\n[ 54.807651] x17: 0000000000000000 x16: ffffa5c6ce2824ec x15: ffff8001005eb857\n[ 54.821917] x14: 0000000000000000 x13: ffffa5c6cf1a02e0 x12: 0000000000000642\n[ 54.821924] x11: 0000000000000040 x10: ffffa5c6cf19d690 x9 : ffffa5c6cf19d688\n[ 54.821931] x8 : ffff377b86000028 x7 : 0000000000000000 x6 : 0000000000000000\n[ 54.821938] x5 : ffff377b86000000 x4 : 0000000000000000 x3 : 0000000000000000\n[ 54.843331] x2 : 0000000000000000 x1 : 0000000000000002 x0 : ffffffffffffffac\n[ 54.857599] Call trace:\n[ 54.857601] kfree_skb_reason+0x18/0xb0\n[ 54.863878] btnxpuart_flush+0x40/0x58 [btnxpuart]\n[ 54.863888] hci_dev_open_sync+0x3a8/0xa04\n[ 54.872773] hci_power_on+0x54/0x2e4\n[ 54.881832] process_one_work+0x138/0x260\n[ 54.881842] worker_thread+0x32c/0x438\n[ 54.881847] kthread+0x118/0x11c\n[ 54.881853] ret_from_fork+0x10/0x20\n[ 54.896406] Code: a9be7bfd 910003fd f9000bf3 aa0003f3 (b940d400)\n[ 54.896410] ---[ end trace 0000000000000000 ]---", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-46749", "https://git.kernel.org/linus/c68bbf5e334b35b36ac5b9f0419f1f93f796bad1 (6.11-rc1)", "https://git.kernel.org/stable/c/013dae4735d2010544d1f2121bdeb8e6c9ea171e", "https://git.kernel.org/stable/c/056e0cd381d59a9124b7c43dd715e15f56a11635", "https://git.kernel.org/stable/c/c68bbf5e334b35b36ac5b9f0419f1f93f796bad1", "https://lore.kernel.org/linux-cve-announce/2024091838-CVE-2024-46749-fc9c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-46749", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-46749" ], "PublishedDate": "2024-09-18T08:15:03.893Z", "LastModifiedDate": "2024-09-20T18:45:43.483Z" }, { "VulnerabilityID": "CVE-2024-46754", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-46754", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9594b33d254f8c2dcf9c9248fb0a3bfca91bb85792167cd096eb4ba8b91aca24", "Title": "kernel: bpf: Remove tst_run from lwt_seg6local_prog_ops.", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Remove tst_run from lwt_seg6local_prog_ops.\n\nThe syzbot reported that the lwt_seg6 related BPF ops can be invoked\nvia bpf_test_run() without without entering input_action_end_bpf()\nfirst.\n\nMartin KaFai Lau said that self test for BPF_PROG_TYPE_LWT_SEG6LOCAL\nprobably didn't work since it was introduced in commit 04d4b274e2a\n(\"ipv6: sr: Add seg6local action End.BPF\"). The reason is that the\nper-CPU variable seg6_bpf_srh_states::srh is never assigned in the self\ntest case but each BPF function expects it.\n\nRemove test_run for BPF_PROG_TYPE_LWT_SEG6LOCAL.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-46754", "https://git.kernel.org/linus/c13fda93aca118b8e5cd202e339046728ee7dddb (6.11-rc1)", "https://git.kernel.org/stable/c/9cd15511de7c619bbd0f54bb3f28e6e720ded5d6", "https://git.kernel.org/stable/c/c13fda93aca118b8e5cd202e339046728ee7dddb", "https://linux.oracle.com/cve/CVE-2024-46754.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lore.kernel.org/linux-cve-announce/2024091840-CVE-2024-46754-7f04@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-46754", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-46754" ], "PublishedDate": "2024-09-18T08:15:04.153Z", "LastModifiedDate": "2025-10-08T17:07:45.747Z" }, { "VulnerabilityID": "CVE-2024-46762", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-46762", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d03170bf6512fcc0563003b8a3bf96d4c2cc6ad6df09da67ce14533510641808", "Title": "kernel: xen: privcmd: Fix possible access to a freed kirqfd instance", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen: privcmd: Fix possible access to a freed kirqfd instance\n\nNothing prevents simultaneous ioctl calls to privcmd_irqfd_assign() and\nprivcmd_irqfd_deassign(). If that happens, it is possible that a kirqfd\ncreated and added to the irqfds_list by privcmd_irqfd_assign() may get\nremoved by another thread executing privcmd_irqfd_deassign(), while the\nformer is still using it after dropping the locks.\n\nThis can lead to a situation where an already freed kirqfd instance may\nbe accessed and cause kernel oops.\n\nUse SRCU locking to prevent the same, as is done for the KVM\nimplementation for irqfds.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-46762", "https://git.kernel.org/linus/611ff1b1ae989a7bcce3e2a8e132ee30e968c557 (6.11-rc1)", "https://git.kernel.org/stable/c/112fd2f02b308564724b8e81006c254d20945c4b", "https://git.kernel.org/stable/c/611ff1b1ae989a7bcce3e2a8e132ee30e968c557", "https://git.kernel.org/stable/c/e997b357b13a7d95de31681fc54fcc34235fa527", "https://lore.kernel.org/linux-cve-announce/2024091843-CVE-2024-46762-6512@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-46762", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-46762" ], "PublishedDate": "2024-09-18T08:15:04.57Z", "LastModifiedDate": "2024-09-23T16:12:34.42Z" }, { "VulnerabilityID": "CVE-2024-46765", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-46765", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:76abdf4657e31c634116d58c38c80fdea19df767e82fd216018f965ccf0f5605", "Title": "kernel: ice: protect XDP configuration with a mutex", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: protect XDP configuration with a mutex\n\nThe main threat to data consistency in ice_xdp() is a possible asynchronous\nPF reset. It can be triggered by a user or by TX timeout handler.\n\nXDP setup and PF reset code access the same resources in the following\nsections:\n* ice_vsi_close() in ice_prepare_for_reset() - already rtnl-locked\n* ice_vsi_rebuild() for the PF VSI - not protected\n* ice_vsi_open() - already rtnl-locked\n\nWith an unfortunate timing, such accesses can result in a crash such as the\none below:\n\n[ +1.999878] ice 0000:b1:00.0: Registered XDP mem model MEM_TYPE_XSK_BUFF_POOL on Rx ring 14\n[ +2.002992] ice 0000:b1:00.0: Registered XDP mem model MEM_TYPE_XSK_BUFF_POOL on Rx ring 18\n[Mar15 18:17] ice 0000:b1:00.0 ens801f0np0: NETDEV WATCHDOG: CPU: 38: transmit queue 14 timed out 80692736 ms\n[ +0.000093] ice 0000:b1:00.0 ens801f0np0: tx_timeout: VSI_num: 6, Q 14, NTC: 0x0, HW_HEAD: 0x0, NTU: 0x0, INT: 0x4000001\n[ +0.000012] ice 0000:b1:00.0 ens801f0np0: tx_timeout recovery level 1, txqueue 14\n[ +0.394718] ice 0000:b1:00.0: PTP reset successful\n[ +0.006184] BUG: kernel NULL pointer dereference, address: 0000000000000098\n[ +0.000045] #PF: supervisor read access in kernel mode\n[ +0.000023] #PF: error_code(0x0000) - not-present page\n[ +0.000023] PGD 0 P4D 0\n[ +0.000018] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ +0.000023] CPU: 38 PID: 7540 Comm: kworker/38:1 Not tainted 6.8.0-rc7 #1\n[ +0.000031] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0014.082620210524 08/26/2021\n[ +0.000036] Workqueue: ice ice_service_task [ice]\n[ +0.000183] RIP: 0010:ice_clean_tx_ring+0xa/0xd0 [ice]\n[...]\n[ +0.000013] Call Trace:\n[ +0.000016] \u003cTASK\u003e\n[ +0.000014] ? __die+0x1f/0x70\n[ +0.000029] ? page_fault_oops+0x171/0x4f0\n[ +0.000029] ? schedule+0x3b/0xd0\n[ +0.000027] ? exc_page_fault+0x7b/0x180\n[ +0.000022] ? asm_exc_page_fault+0x22/0x30\n[ +0.000031] ? ice_clean_tx_ring+0xa/0xd0 [ice]\n[ +0.000194] ice_free_tx_ring+0xe/0x60 [ice]\n[ +0.000186] ice_destroy_xdp_rings+0x157/0x310 [ice]\n[ +0.000151] ice_vsi_decfg+0x53/0xe0 [ice]\n[ +0.000180] ice_vsi_rebuild+0x239/0x540 [ice]\n[ +0.000186] ice_vsi_rebuild_by_type+0x76/0x180 [ice]\n[ +0.000145] ice_rebuild+0x18c/0x840 [ice]\n[ +0.000145] ? delay_tsc+0x4a/0xc0\n[ +0.000022] ? delay_tsc+0x92/0xc0\n[ +0.000020] ice_do_reset+0x140/0x180 [ice]\n[ +0.000886] ice_service_task+0x404/0x1030 [ice]\n[ +0.000824] process_one_work+0x171/0x340\n[ +0.000685] worker_thread+0x277/0x3a0\n[ +0.000675] ? preempt_count_add+0x6a/0xa0\n[ +0.000677] ? _raw_spin_lock_irqsave+0x23/0x50\n[ +0.000679] ? __pfx_worker_thread+0x10/0x10\n[ +0.000653] kthread+0xf0/0x120\n[ +0.000635] ? __pfx_kthread+0x10/0x10\n[ +0.000616] ret_from_fork+0x2d/0x50\n[ +0.000612] ? __pfx_kthread+0x10/0x10\n[ +0.000604] ret_from_fork_asm+0x1b/0x30\n[ +0.000604] \u003c/TASK\u003e\n\nThe previous way of handling this through returning -EBUSY is not viable,\nparticularly when destroying AF_XDP socket, because the kernel proceeds\nwith removal anyway.\n\nThere is plenty of code between those calls and there is no need to create\na large critical section that covers all of them, same as there is no need\nto protect ice_vsi_rebuild() with rtnl_lock().\n\nAdd xdp_state_lock mutex to protect ice_vsi_rebuild() and ice_xdp().\n\nLeaving unprotected sections in between would result in two states that\nhave to be considered:\n1. when the VSI is closed, but not yet rebuild\n2. when VSI is already rebuild, but not yet open\n\nThe latter case is actually already handled through !netif_running() case,\nwe just need to adjust flag checking a little. The former one is not as\ntrivial, because between ice_vsi_close() and ice_vsi_rebuild(), a lot of\nhardware interaction happens, this can make adding/deleting rings exit\nwith an error. Luckily, VSI rebuild is pending and can apply new\nconfiguration for us in a managed fashion.\n\nTherefore, add an additional VSI state flag ICE_VSI_REBUILD_PENDING to\nindicate that ice_x\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-46765", "https://git.kernel.org/linus/2504b8405768a57a71e660dbfd5abd59f679a03f (6.11-rc7)", "https://git.kernel.org/stable/c/2504b8405768a57a71e660dbfd5abd59f679a03f", "https://git.kernel.org/stable/c/2f057db2fb29bc209c103050647562e60554d3d3", "https://git.kernel.org/stable/c/391f7dae3d836891fc6cfbde38add2d0e10c6b7f", "https://lore.kernel.org/linux-cve-announce/2024091844-CVE-2024-46765-1b8f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-46765", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-46765" ], "PublishedDate": "2024-09-18T08:15:04.71Z", "LastModifiedDate": "2024-09-26T13:24:29.697Z" }, { "VulnerabilityID": "CVE-2024-46770", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-46770", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:701e6f5b74ff702c423e2e00a3c899a5d9dfc0e8a8cb58fc67dee03059da6545", "Title": "kernel: ice: Add netif_device_attach/detach into PF reset flow", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Add netif_device_attach/detach into PF reset flow\n\nEthtool callbacks can be executed while reset is in progress and try to\naccess deleted resources, e.g. getting coalesce settings can result in a\nNULL pointer dereference seen below.\n\nReproduction steps:\nOnce the driver is fully initialized, trigger reset:\n\t# echo 1 \u003e /sys/class/net/\u003cinterface\u003e/device/reset\nwhen reset is in progress try to get coalesce settings using ethtool:\n\t# ethtool -c \u003cinterface\u003e\n\nBUG: kernel NULL pointer dereference, address: 0000000000000020\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] PREEMPT SMP PTI\nCPU: 11 PID: 19713 Comm: ethtool Tainted: G S 6.10.0-rc7+ #7\nRIP: 0010:ice_get_q_coalesce+0x2e/0xa0 [ice]\nRSP: 0018:ffffbab1e9bcf6a8 EFLAGS: 00010206\nRAX: 000000000000000c RBX: ffff94512305b028 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffff9451c3f2e588 RDI: ffff9451c3f2e588\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\nR10: ffff9451c3f2e580 R11: 000000000000001f R12: ffff945121fa9000\nR13: ffffbab1e9bcf760 R14: 0000000000000013 R15: ffffffff9e65dd40\nFS: 00007faee5fbe740(0000) GS:ffff94546fd80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000020 CR3: 0000000106c2e005 CR4: 00000000001706f0\nCall Trace:\n\u003cTASK\u003e\nice_get_coalesce+0x17/0x30 [ice]\ncoalesce_prepare_data+0x61/0x80\nethnl_default_doit+0xde/0x340\ngenl_family_rcv_msg_doit+0xf2/0x150\ngenl_rcv_msg+0x1b3/0x2c0\nnetlink_rcv_skb+0x5b/0x110\ngenl_rcv+0x28/0x40\nnetlink_unicast+0x19c/0x290\nnetlink_sendmsg+0x222/0x490\n__sys_sendto+0x1df/0x1f0\n__x64_sys_sendto+0x24/0x30\ndo_syscall_64+0x82/0x160\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7faee60d8e27\n\nCalling netif_device_detach() before reset makes the net core not call\nthe driver when ethtool command is issued, the attempt to execute an\nethtool command during reset will result in the following message:\n\n netlink error: No such device\n\ninstead of NULL pointer dereference. Once reset is done and\nice_rebuild() is executing, the netif_device_attach() is called to allow\nfor ethtool operations to occur again in a safe manner.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-46770", "https://git.kernel.org/linus/d11a67634227f9f9da51938af085fb41a733848f (6.11-rc7)", "https://git.kernel.org/stable/c/36486c9e8e01b84faaee47203eac0b7e9cc7fa4a", "https://git.kernel.org/stable/c/9e3ffb839249eca113062587659224f856fe14e5", "https://git.kernel.org/stable/c/d11a67634227f9f9da51938af085fb41a733848f", "https://git.kernel.org/stable/c/efe8effe138044a4747d1112ebb8c454d1663723", "https://linux.oracle.com/cve/CVE-2024-46770.html", "https://linux.oracle.com/errata/ELSA-2025-20018.html", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024091845-CVE-2024-46770-3a5d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-46770", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-46770" ], "PublishedDate": "2024-09-18T08:15:04.957Z", "LastModifiedDate": "2025-11-03T23:15:59.87Z" }, { "VulnerabilityID": "CVE-2024-46775", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-46775", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ef36f3af766cb732eb74c8bbda1c7a30850bea3e9f0638cac9f84b4f9fc8ab53", "Title": "kernel: drm/amd/display: Validate function returns", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Validate function returns\n\n[WHAT \u0026 HOW]\nFunction return values must be checked before data can be used\nin subsequent functions.\n\nThis fixes 4 CHECKED_RETURN issues reported by Coverity.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-46775", "https://git.kernel.org/linus/673f816b9e1e92d1f70e1bf5f21b531e0ff9ad6c (6.11-rc1)", "https://git.kernel.org/stable/c/5639a3048c7079803256374204ad55ec52cd0b49", "https://git.kernel.org/stable/c/673f816b9e1e92d1f70e1bf5f21b531e0ff9ad6c", "https://lore.kernel.org/linux-cve-announce/2024091847-CVE-2024-46775-aecc@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-46775", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-46775" ], "PublishedDate": "2024-09-18T08:15:05.24Z", "LastModifiedDate": "2024-11-20T18:17:13.75Z" }, { "VulnerabilityID": "CVE-2024-46802", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-46802", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ee503590a53a20164672079503d973aad5be4a5c57182c8df67d695127748867", "Title": "kernel: drm/amd/display: added NULL check at start of dc_validate_stream", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: added NULL check at start of dc_validate_stream\n\n[Why]\nprevent invalid memory access\n\n[How]\ncheck if dc and stream are NULL", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-46802", "https://git.kernel.org/linus/26c56049cc4f1705b498df013949427692a4b0d5 (6.11-rc1)", "https://git.kernel.org/stable/c/154a50bf4221a6a6ccf88d565b8184da7c40a2dd", "https://git.kernel.org/stable/c/26c56049cc4f1705b498df013949427692a4b0d5", "https://git.kernel.org/stable/c/356fcce9cdbfe338a275e9e1836adfdd7f5c52a9", "https://git.kernel.org/stable/c/6bf920193ba1853bad780bba565a789246d9003c", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024092706-CVE-2024-46802-c5e1@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-46802", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-46802" ], "PublishedDate": "2024-09-27T13:15:13.483Z", "LastModifiedDate": "2025-11-03T23:16:02.88Z" }, { "VulnerabilityID": "CVE-2024-46803", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-46803", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b43746123130f20ec868b31c9dad56b245995068d758d0945617dc5a37d07eaf", "Title": "kernel: drm/amdkfd: Check debug trap enable before write dbg_ev_file", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Check debug trap enable before write dbg_ev_file\n\nIn interrupt context, write dbg_ev_file will be run by work queue. It\nwill cause write dbg_ev_file execution after debug_trap_disable, which\nwill cause NULL pointer access.\nv2: cancel work \"debug_event_workarea\" before set dbg_ev_file as NULL.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-46803", "https://git.kernel.org/linus/547033b593063eb85bfdf9b25a5f1b8fd1911be2 (6.11-rc1)", "https://git.kernel.org/stable/c/547033b593063eb85bfdf9b25a5f1b8fd1911be2", "https://git.kernel.org/stable/c/820dcbd38a77bd5fdc4236d521c1c122841227d0", "https://git.kernel.org/stable/c/e6ea3b8fe398915338147fe54dd2db8155fdafd8", "https://lore.kernel.org/linux-cve-announce/2024092708-CVE-2024-46803-689b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-46803", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-46803" ], "PublishedDate": "2024-09-27T13:15:13.57Z", "LastModifiedDate": "2024-10-04T17:45:16.867Z" }, { "VulnerabilityID": "CVE-2024-46806", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-46806", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2fcf4430a145e6d47f194239666decc1e454a0d00f5b66632de34d1e226d66f1", "Title": "kernel: drm/amdgpu: Fix the warning division or modulo by zero", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix the warning division or modulo by zero\n\nChecks the partition mode and returns an error for an invalid mode.", "Severity": "MEDIUM", "CweIDs": [ "CWE-369" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-46806", "https://git.kernel.org/linus/1a00f2ac82d6bc6689388c7edcd2a4bd82664f3c (6.11-rc1)", "https://git.kernel.org/stable/c/1a00f2ac82d6bc6689388c7edcd2a4bd82664f3c", "https://git.kernel.org/stable/c/a01618adcba78c6bd6c4557a4a5e32f58b658cd1", "https://git.kernel.org/stable/c/d116bb921e8b104f45d1f30a473ea99ef4262b9a", "https://linux.oracle.com/cve/CVE-2024-46806.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46806-2cc7@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-46806", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-46806" ], "PublishedDate": "2024-09-27T13:15:13.773Z", "LastModifiedDate": "2024-10-02T13:17:04.64Z" }, { "VulnerabilityID": "CVE-2024-46808", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-46808", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:62b881679cf2dd6e8077ca83381d1940af7e723145032a2f7a7f2b1555229073", "Title": "kernel: drm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range\n\n[Why \u0026 How]\nASSERT if return NULL from kcalloc.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-46808", "https://git.kernel.org/linus/5524fa301ba649f8cf00848f91468e0ba7e4f24c (6.11-rc1)", "https://git.kernel.org/stable/c/5524fa301ba649f8cf00848f91468e0ba7e4f24c", "https://git.kernel.org/stable/c/ca0b0b0a22306f2e51105ac48f4a09c2fbbb504e", "https://lore.kernel.org/linux-cve-announce/2024092709-CVE-2024-46808-8886@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-46808", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-46808" ], "PublishedDate": "2024-09-27T13:15:13.907Z", "LastModifiedDate": "2024-10-02T14:23:39.863Z" }, { "VulnerabilityID": "CVE-2024-46811", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-46811", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b521f96f4efdf57ee0d9adf6daf2f3d664b4759ffa25bfdc65d6dbfb35673b19", "Title": "kernel: drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box\n\n[Why]\nCoverity reports OVERRUN warning. soc.num_states could\nbe 40. But array range of bw_params-\u003eclk_table.entries is 8.\n\n[How]\nAssert if soc.num_states greater than 8.", "Severity": "MEDIUM", "CweIDs": [ "CWE-129" ], "VendorSeverity": { "azure": 3, "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-46811", "https://git.kernel.org/linus/188fd1616ec43033cedbe343b6579e9921e2d898 (6.11-rc1)", "https://git.kernel.org/stable/c/188fd1616ec43033cedbe343b6579e9921e2d898", "https://git.kernel.org/stable/c/4003bac784380fed1f94f197350567eaa73a409d", "https://git.kernel.org/stable/c/aba188d6f4ebaf52acf13f204db2bd2c22072504", "https://lore.kernel.org/linux-cve-announce/2024092710-CVE-2024-46811-f01c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-46811", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-46811" ], "PublishedDate": "2024-09-27T13:15:14.107Z", "LastModifiedDate": "2024-10-07T14:24:56.86Z" }, { "VulnerabilityID": "CVE-2024-46813", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-46813", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9057e9e14de12b196c41e85b5e3822db8f2458b7af3f641120d3282cb74b9733", "Title": "kernel: drm/amd/display: Check link_index before accessing dc-\u0026gt;links[]", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check link_index before accessing dc-\u003elinks[]\n\n[WHY \u0026 HOW]\ndc-\u003elinks[] has max size of MAX_LINKS and NULL is return when trying to\naccess with out-of-bound index.\n\nThis fixes 3 OVERRUN and 1 RESOURCE_LEAK issues reported by Coverity.", "Severity": "MEDIUM", "CweIDs": [ "CWE-129" ], "VendorSeverity": { "azure": 3, "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-46813", "https://git.kernel.org/linus/8aa2864044b9d13e95fe224f32e808afbf79ecdf (6.11-rc1)", "https://git.kernel.org/stable/c/032c5407a608ac3b2a98bf4fbda27d12c20c5887", "https://git.kernel.org/stable/c/8aa2864044b9d13e95fe224f32e808afbf79ecdf", "https://git.kernel.org/stable/c/ac04759b4a002969cf0f1384f1b8bb2001cfa782", "https://lore.kernel.org/linux-cve-announce/2024092711-CVE-2024-46813-5eb9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-46813", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-46813" ], "PublishedDate": "2024-09-27T13:15:14.23Z", "LastModifiedDate": "2025-04-10T13:15:45.303Z" }, { "VulnerabilityID": "CVE-2024-46820", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-46820", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:09e2232a96b22dadbbaab72b017c4c02a215b8ef71297651d0d8207a5615f640", "Title": "kernel: drm/amdgpu/vcn: remove irq disabling in vcn 5 suspend", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/vcn: remove irq disabling in vcn 5 suspend\n\nWe do not directly enable/disable VCN IRQ in vcn 5.0.0.\nAnd we do not handle the IRQ state as well. So the calls to\ndisable IRQ and set state are removed. This effectively gets\nrid of the warining of\n \"WARN_ON(!amdgpu_irq_enabled(adev, src, type))\"\nin amdgpu_irq_put().", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 3, "oracle-oval": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-46820", "https://git.kernel.org/linus/10fe1a79cd1bff3048e13120e93c02f8ecd05e9d (6.11-rc1)", "https://git.kernel.org/stable/c/10fe1a79cd1bff3048e13120e93c02f8ecd05e9d", "https://git.kernel.org/stable/c/aa92264ba6fd4fb570002f69762634221316e7ae", "https://linux.oracle.com/cve/CVE-2024-46820.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lore.kernel.org/linux-cve-announce/2024092712-CVE-2024-46820-6405@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-46820", "https://www.cve.org/CVERecord?id=CVE-2024-46820" ], "PublishedDate": "2024-09-27T13:15:14.707Z", "LastModifiedDate": "2024-11-20T17:34:05.143Z" }, { "VulnerabilityID": "CVE-2024-46823", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-46823", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:eeb16a5c10f17c63f0e4601e60dedc703987b954cc0c9d9db3dbb6d2cec7b8f5", "Title": "kernel: kunit/overflow: Fix UB in overflow_allocation_test", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nkunit/overflow: Fix UB in overflow_allocation_test\n\nThe 'device_name' array doesn't exist out of the\n'overflow_allocation_test' function scope. However, it is being used as\na driver name when calling 'kunit_driver_create' from\n'kunit_device_register'. It produces the kernel panic with KASAN\nenabled.\n\nSince this variable is used in one place only, remove it and pass the\ndevice name into kunit_device_register directly as an ascii string.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-46823", "https://git.kernel.org/linus/92e9bac18124682c4b99ede9ee3bcdd68f121e92 (6.11-rc4)", "https://git.kernel.org/stable/c/92e9bac18124682c4b99ede9ee3bcdd68f121e92", "https://git.kernel.org/stable/c/d1207f07decc66546a7fa463d2f335a856c986ef", "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html", "https://lore.kernel.org/linux-cve-announce/2024092750-CVE-2024-46823-b19e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-46823", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-46823" ], "PublishedDate": "2024-09-27T13:15:14.897Z", "LastModifiedDate": "2026-01-05T11:17:09.31Z" }, { "VulnerabilityID": "CVE-2024-46830", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-46830", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:dc6913606adb8743639dc07ead13aced6e46ec7541f018321e9eb97d9a126079", "Title": "kernel: KVM: x86: Acquire kvm-\u0026gt;srcu when handling KVM_SET_VCPU_EVENTS", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Acquire kvm-\u003esrcu when handling KVM_SET_VCPU_EVENTS\n\nGrab kvm-\u003esrcu when processing KVM_SET_VCPU_EVENTS, as KVM will forcibly\nleave nested VMX/SVM if SMM mode is being toggled, and leaving nested VMX\nreads guest memory.\n\nNote, kvm_vcpu_ioctl_x86_set_vcpu_events() can also be called from KVM_RUN\nvia sync_regs(), which already holds SRCU. I.e. trying to precisely use\nkvm_vcpu_srcu_read_lock() around the problematic SMM code would cause\nproblems. Acquiring SRCU isn't all that expensive, so for simplicity,\ngrab it unconditionally for KVM_SET_VCPU_EVENTS.\n\n =============================\n WARNING: suspicious RCU usage\n 6.10.0-rc7-332d2c1d713e-next-vm #552 Not tainted\n -----------------------------\n include/linux/kvm_host.h:1027 suspicious rcu_dereference_check() usage!\n\n other info that might help us debug this:\n\n rcu_scheduler_active = 2, debug_locks = 1\n 1 lock held by repro/1071:\n #0: ffff88811e424430 (\u0026vcpu-\u003emutex){+.+.}-{3:3}, at: kvm_vcpu_ioctl+0x7d/0x970 [kvm]\n\n stack backtrace:\n CPU: 15 PID: 1071 Comm: repro Not tainted 6.10.0-rc7-332d2c1d713e-next-vm #552\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x7f/0x90\n lockdep_rcu_suspicious+0x13f/0x1a0\n kvm_vcpu_gfn_to_memslot+0x168/0x190 [kvm]\n kvm_vcpu_read_guest+0x3e/0x90 [kvm]\n nested_vmx_load_msr+0x6b/0x1d0 [kvm_intel]\n load_vmcs12_host_state+0x432/0xb40 [kvm_intel]\n vmx_leave_nested+0x30/0x40 [kvm_intel]\n kvm_vcpu_ioctl_x86_set_vcpu_events+0x15d/0x2b0 [kvm]\n kvm_arch_vcpu_ioctl+0x1107/0x1750 [kvm]\n ? mark_held_locks+0x49/0x70\n ? kvm_vcpu_ioctl+0x7d/0x970 [kvm]\n ? kvm_vcpu_ioctl+0x497/0x970 [kvm]\n kvm_vcpu_ioctl+0x497/0x970 [kvm]\n ? lock_acquire+0xba/0x2d0\n ? find_held_lock+0x2b/0x80\n ? do_user_addr_fault+0x40c/0x6f0\n ? lock_release+0xb7/0x270\n __x64_sys_ioctl+0x82/0xb0\n do_syscall_64+0x6c/0x170\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n RIP: 0033:0x7ff11eb1b539\n \u003c/TASK\u003e", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-46830", "https://git.kernel.org/linus/4bcdd831d9d01e0fb64faea50732b59b2ee88da1 (6.11-rc7)", "https://git.kernel.org/stable/c/4bcdd831d9d01e0fb64faea50732b59b2ee88da1", "https://git.kernel.org/stable/c/5f35099fa3d59caf10bda88b033538e90086684e", "https://git.kernel.org/stable/c/939375737b5a0b1bf9b1e75129054e11bc9ca65e", "https://git.kernel.org/stable/c/ecdbe8ac86fb5538ccc623a41f88ec96c7168ab9", "https://git.kernel.org/stable/c/fa297c33faefe51e10244e8a378837fca4963228", "https://linux.oracle.com/cve/CVE-2024-46830.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024092751-CVE-2024-46830-deac@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-46830", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2024-46830" ], "PublishedDate": "2024-09-27T13:15:15.38Z", "LastModifiedDate": "2026-01-19T13:16:07.367Z" }, { "VulnerabilityID": "CVE-2024-46833", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-46833", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0bd486fdfdc966c6a1651ec1c9c3d4eafbdd6153bf098fb5dafd9728fed40421", "Title": "kernel: net: hns3: void array out of bound when loop tnl_num", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: void array out of bound when loop tnl_num\n\nWhen query reg inf of SSU, it loops tnl_num times. However, tnl_num comes\nfrom hardware and the length of array is a fixed value. To void array out\nof bound, make sure the loop time is not greater than the length of array", "Severity": "MEDIUM", "CweIDs": [ "CWE-129" ], "VendorSeverity": { "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-46833", "https://git.kernel.org/linus/86db7bfb06704ef17340eeae71c832f21cfce35c (6.11-rc4)", "https://git.kernel.org/stable/c/86db7bfb06704ef17340eeae71c832f21cfce35c", "https://git.kernel.org/stable/c/c33a9806dc806bcb4a31dc71fb06979219181ad4", "https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46833-0fa0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-46833", "https://www.cve.org/CVERecord?id=CVE-2024-46833" ], "PublishedDate": "2024-09-27T13:15:15.593Z", "LastModifiedDate": "2024-10-09T15:54:38.123Z" }, { "VulnerabilityID": "CVE-2024-46834", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-46834", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6f89025b745aa84b01d86a44b8420e35a6bf4ab591b8d55efee9be22fdf8e456", "Title": "kernel: ethtool: fail closed if we can\u0026#39;t get max channel used in indirection tables", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: fail closed if we can't get max channel used in indirection tables\n\nCommit 0d1b7d6c9274 (\"bnxt: fix crashes when reducing ring count with\nactive RSS contexts\") proves that allowing indirection table to contain\nchannels with out of bounds IDs may lead to crashes. Currently the\nmax channel check in the core gets skipped if driver can't fetch\nthe indirection table or when we can't allocate memory.\n\nBoth of those conditions should be extremely rare but if they do\nhappen we should try to be safe and fail the channel change.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-46834", "https://git.kernel.org/linus/2899d58462ba868287d6ff3acad3675e7adf934f (6.11-rc1)", "https://git.kernel.org/stable/c/101737d8b88dbd4be6010bac398fe810f1950036", "https://git.kernel.org/stable/c/2899d58462ba868287d6ff3acad3675e7adf934f", "https://lore.kernel.org/linux-cve-announce/2024092752-CVE-2024-46834-dc7b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-46834", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-46834" ], "PublishedDate": "2024-09-27T13:15:15.66Z", "LastModifiedDate": "2024-10-09T15:57:03.037Z" }, { "VulnerabilityID": "CVE-2024-46835", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-46835", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:11e442d77fb67a97893655d78759981b0d9e65930f1b0cecb5a29caaa5e88854", "Title": "kernel: drm/amdgpu: Fix smatch static checker warning", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix smatch static checker warning\n\nadev-\u003egfx.imu.funcs could be NULL", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-46835", "https://git.kernel.org/linus/bdbdc7cecd00305dc844a361f9883d3a21022027 (6.11-rc1)", "https://git.kernel.org/stable/c/8bc7b3ce33e64c74211ed17aec823fc4e523426a", "https://git.kernel.org/stable/c/bdbdc7cecd00305dc844a361f9883d3a21022027", "https://git.kernel.org/stable/c/c2056c7a840f0dbf293bc3b0d91826d001668fb0", "https://git.kernel.org/stable/c/d40c2c3dd0395fe7fdc19bd96551e87251426d66", "https://linux.oracle.com/cve/CVE-2024-46835.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024092753-CVE-2024-46835-4f99@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-46835", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-46835" ], "PublishedDate": "2024-09-27T13:15:15.72Z", "LastModifiedDate": "2025-11-03T23:16:06.727Z" }, { "VulnerabilityID": "CVE-2024-46836", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-46836", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3fdc3cc4ff73c1f7cde664c9929612bc63840b50189111c06a27c92314a16c43", "Title": "kernel: usb: gadget: aspeed_udc: validate endpoint index for ast udc", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: aspeed_udc: validate endpoint index for ast udc\n\nWe should verify the bound of the array to assure that host\nmay not manipulate the index to point past endpoint array.\n\nFound by static analysis.", "Severity": "MEDIUM", "CweIDs": [ "CWE-129" ], "VendorSeverity": { "azure": 3, "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-46836", "https://git.kernel.org/linus/ee0d382feb44ec0f445e2ad63786cd7f3f6a8199 (6.11-rc1)", "https://git.kernel.org/stable/c/31bd4fab49c0adc6228848357c1b1df9395858af", "https://git.kernel.org/stable/c/6fe9ca2ca389114c8da66e534c18273497843e8a", "https://git.kernel.org/stable/c/b2a50ffdd1a079869a62198a8d1441355c513c7c", "https://git.kernel.org/stable/c/ee0d382feb44ec0f445e2ad63786cd7f3f6a8199", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024092753-CVE-2024-46836-acff@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-46836", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-46836" ], "PublishedDate": "2024-09-27T13:15:15.78Z", "LastModifiedDate": "2025-11-03T23:16:07.033Z" }, { "VulnerabilityID": "CVE-2024-46842", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-46842", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:712db3c001342dd09a690647256d897c0c17c8b569279693c97450669e12bec3", "Title": "kernel: scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info\n\nThe MBX_TIMEOUT return code is not handled in lpfc_get_sfp_info and the\nroutine unconditionally frees submitted mailbox commands regardless of\nreturn status. The issue is that for MBX_TIMEOUT cases, when firmware\nreturns SFP information at a later time, that same mailbox memory region\nreferences previously freed memory in its cmpl routine.\n\nFix by adding checks for the MBX_TIMEOUT return code. During mailbox\nresource cleanup, check the mbox flag to make sure that the wait did not\ntimeout. If the MBOX_WAKE flag is not set, then do not free the resources\nbecause it will be freed when firmware completes the mailbox at a later\ntime in its cmpl routine.\n\nAlso, increase the timeout from 30 to 60 seconds to accommodate boot\nscripts requiring longer timeouts.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-46842", "https://git.kernel.org/linus/ede596b1434b57c0b3fd5c02b326efe5c54f6e48 (6.11-rc1)", "https://git.kernel.org/stable/c/bba47fe3b038cca3d3ebd799665ce69d6d273b58", "https://git.kernel.org/stable/c/ede596b1434b57c0b3fd5c02b326efe5c54f6e48", "https://linux.oracle.com/cve/CVE-2024-46842.html", "https://linux.oracle.com/errata/ELSA-2025-20270.html", "https://lore.kernel.org/linux-cve-announce/2024092754-CVE-2024-46842-e52c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-46842", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-46842" ], "PublishedDate": "2024-09-27T13:15:16.19Z", "LastModifiedDate": "2024-10-08T18:22:24.997Z" }, { "VulnerabilityID": "CVE-2024-46843", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-46843", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5bb9b0964098de76ec67ba73e4784d420528143a8514af54afa9f86e4ce18a80", "Title": "kernel: scsi: ufs: core: Remove SCSI host only if added", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Remove SCSI host only if added\n\nIf host tries to remove ufshcd driver from a UFS device it would cause a\nkernel panic if ufshcd_async_scan fails during ufshcd_probe_hba before\nadding a SCSI host with scsi_add_host and MCQ is enabled since SCSI host\nhas been defered after MCQ configuration introduced by commit 0cab4023ec7b\n(\"scsi: ufs: core: Defer adding host to SCSI if MCQ is supported\").\n\nTo guarantee that SCSI host is removed only if it has been added, set the\nscsi_host_added flag to true after adding a SCSI host and check whether it\nis set or not before removing it.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-46843", "https://git.kernel.org/linus/7cbff570dbe8907e23bba06f6414899a0fbb2fcc (6.11-rc1)", "https://git.kernel.org/stable/c/2f49e05d6b58d660f035a75ff96b77071b4bd5ed", "https://git.kernel.org/stable/c/3844586e9bd9845140e1078f1e61896b576ac536", "https://git.kernel.org/stable/c/7cbff570dbe8907e23bba06f6414899a0fbb2fcc", "https://lore.kernel.org/linux-cve-announce/2024092755-CVE-2024-46843-82c5@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-46843", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-46843" ], "PublishedDate": "2024-09-27T13:15:16.25Z", "LastModifiedDate": "2024-10-08T18:23:52.423Z" }, { "VulnerabilityID": "CVE-2024-46848", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-46848", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b23618dc623951ae15134480e3c17c55631144defdbb0bba972eb277bd149044", "Title": "kernel: perf/x86/intel: Limit the period on Haswell", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/intel: Limit the period on Haswell\n\nRunning the ltp test cve-2015-3290 concurrently reports the following\nwarnings.\n\nperfevents: irq loop stuck!\n WARNING: CPU: 31 PID: 32438 at arch/x86/events/intel/core.c:3174\n intel_pmu_handle_irq+0x285/0x370\n Call Trace:\n \u003cNMI\u003e\n ? __warn+0xa4/0x220\n ? intel_pmu_handle_irq+0x285/0x370\n ? __report_bug+0x123/0x130\n ? intel_pmu_handle_irq+0x285/0x370\n ? __report_bug+0x123/0x130\n ? intel_pmu_handle_irq+0x285/0x370\n ? report_bug+0x3e/0xa0\n ? handle_bug+0x3c/0x70\n ? exc_invalid_op+0x18/0x50\n ? asm_exc_invalid_op+0x1a/0x20\n ? irq_work_claim+0x1e/0x40\n ? intel_pmu_handle_irq+0x285/0x370\n perf_event_nmi_handler+0x3d/0x60\n nmi_handle+0x104/0x330\n\nThanks to Thomas Gleixner's analysis, the issue is caused by the low\ninitial period (1) of the frequency estimation algorithm, which triggers\nthe defects of the HW, specifically erratum HSW11 and HSW143. (For the\ndetails, please refer https://lore.kernel.org/lkml/87plq9l5d2.ffs@tglx/)\n\nThe HSW11 requires a period larger than 100 for the INST_RETIRED.ALL\nevent, but the initial period in the freq mode is 1. The erratum is the\nsame as the BDM11, which has been supported in the kernel. A minimum\nperiod of 128 is enforced as well on HSW.\n\nHSW143 is regarding that the fixed counter 1 may overcount 32 with the\nHyper-Threading is enabled. However, based on the test, the hardware\nhas more issues than it tells. Besides the fixed counter 1, the message\n'interrupt took too long' can be observed on any counter which was armed\nwith a period \u003c 32 and two events expired in the same NMI. A minimum\nperiod of 32 is enforced for the rest of the events.\nThe recommended workaround code of the HSW143 is not implemented.\nBecause it only addresses the issue for the fixed counter. It brings\nextra overhead through extra MSR writing. No related overcounting issue\nhas been reported so far.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-46848", "https://git.kernel.org/linus/25dfc9e357af8aed1ca79b318a73f2c59c1f0b2b (6.11-rc7)", "https://git.kernel.org/stable/c/0eaf812aa1506704f3b78be87036860e5d0fe81d", "https://git.kernel.org/stable/c/15210b7c8caff4929f25d049ef8404557f8ae468", "https://git.kernel.org/stable/c/25dfc9e357af8aed1ca79b318a73f2c59c1f0b2b", "https://git.kernel.org/stable/c/8717dc35c0e5896f4110f4b3882f7ff787a5f73d", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024092756-CVE-2024-46848-bbd4@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-46848", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-46848" ], "PublishedDate": "2024-09-27T13:15:16.657Z", "LastModifiedDate": "2025-11-03T23:16:07.947Z" }, { "VulnerabilityID": "CVE-2024-46857", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-46857", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e2e36cfbe4afa58ce928334007368a05ab04e1ac3f7d98284b552af92ea8082e", "Title": "kernel: net/mlx5: Fix bridge mode operations when there are no VFs", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix bridge mode operations when there are no VFs\n\nCurrently, trying to set the bridge mode attribute when numvfs=0 leads to a\ncrash:\n\nbridge link set dev eth2 hwmode vepa\n\n[ 168.967392] BUG: kernel NULL pointer dereference, address: 0000000000000030\n[...]\n[ 168.969989] RIP: 0010:mlx5_add_flow_rules+0x1f/0x300 [mlx5_core]\n[...]\n[ 168.976037] Call Trace:\n[ 168.976188] \u003cTASK\u003e\n[ 168.978620] _mlx5_eswitch_set_vepa_locked+0x113/0x230 [mlx5_core]\n[ 168.979074] mlx5_eswitch_set_vepa+0x7f/0xa0 [mlx5_core]\n[ 168.979471] rtnl_bridge_setlink+0xe9/0x1f0\n[ 168.979714] rtnetlink_rcv_msg+0x159/0x400\n[ 168.980451] netlink_rcv_skb+0x54/0x100\n[ 168.980675] netlink_unicast+0x241/0x360\n[ 168.980918] netlink_sendmsg+0x1f6/0x430\n[ 168.981162] ____sys_sendmsg+0x3bb/0x3f0\n[ 168.982155] ___sys_sendmsg+0x88/0xd0\n[ 168.985036] __sys_sendmsg+0x59/0xa0\n[ 168.985477] do_syscall_64+0x79/0x150\n[ 168.987273] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 168.987773] RIP: 0033:0x7f8f7950f917\n\n(esw-\u003efdb_table.legacy.vepa_fdb is null)\n\nThe bridge mode is only relevant when there are multiple functions per\nport. Therefore, prevent setting and getting this setting when there are no\nVFs.\n\nNote that after this change, there are no settings to change on the PF\ninterface using `bridge link` when there are no VFs, so the interface no\nlonger appears in the `bridge link` output.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-46857", "https://git.kernel.org/linus/b1d305abef4640af1b4f1b4774d513cd81b10cfc (6.11)", "https://git.kernel.org/stable/c/505ae01f75f839b54329164bbfecf24cc1361b31", "https://git.kernel.org/stable/c/52c4beb79e095e0631b5cac46ed48a2aefe51985", "https://git.kernel.org/stable/c/65feee671e37f3b6eda0b6af28f204b5bcf7fa50", "https://git.kernel.org/stable/c/b1d305abef4640af1b4f1b4774d513cd81b10cfc", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024092743-CVE-2024-46857-3bc3@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-46857", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-46857" ], "PublishedDate": "2024-09-27T13:15:17.277Z", "LastModifiedDate": "2025-11-03T23:16:10.073Z" }, { "VulnerabilityID": "CVE-2024-46860", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-46860", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8b51216fbdafbed0e39e086c0b38f2d0eba75d355aea37d1db0b947254ce7c71", "Title": "kernel: wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change\n\nWhen disabling wifi mt7921_ipv6_addr_change() is called as a notifier.\nAt this point mvif-\u003ephy is already NULL so we cannot use it here.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-46860", "https://git.kernel.org/linus/479ffee68d59c599f8aed8fa2dcc8e13e7bd13c3 (6.11-rc4)", "https://git.kernel.org/stable/c/479ffee68d59c599f8aed8fa2dcc8e13e7bd13c3", "https://git.kernel.org/stable/c/4bfee9346d8c17d928ef6da2b8bffab88fa2a553", "https://git.kernel.org/stable/c/8d92bafd4c67efb692f722d73a07412b5f88c6d6", "https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46860-1dfc@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-46860", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-46860" ], "PublishedDate": "2024-09-27T13:15:17.493Z", "LastModifiedDate": "2024-10-02T14:04:38.863Z" }, { "VulnerabilityID": "CVE-2024-46861", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-46861", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ae3b3c9780346c8f376a5e26c20126ff51de018dde7f18ffb1e602863a30caf8", "Title": "kernel: usbnet: ipheth: do not stop RX on failing RX callback", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: ipheth: do not stop RX on failing RX callback\n\nRX callbacks can fail for multiple reasons:\n\n* Payload too short\n* Payload formatted incorrecly (e.g. bad NCM framing)\n* Lack of memory\n\nNone of these should cause the driver to seize up.\n\nMake such failures non-critical and continue processing further\nincoming URBs.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-46861", "https://git.kernel.org/linus/74efed51e0a4d62f998f806c307778b47fc73395 (6.11-rc4)", "https://git.kernel.org/stable/c/08ca800b0cd56d5e26722f68b18bbbf6840bf44b", "https://git.kernel.org/stable/c/4d1cfa3afb8627435744ecdc6d8b58bc72ee0f4c", "https://git.kernel.org/stable/c/74efed51e0a4d62f998f806c307778b47fc73395", "https://lore.kernel.org/linux-cve-announce/2024092744-CVE-2024-46861-f2f9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-46861", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-46861" ], "PublishedDate": "2024-09-27T13:15:17.563Z", "LastModifiedDate": "2024-10-03T15:36:06.543Z" }, { "VulnerabilityID": "CVE-2024-46870", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-46870", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a24431b8e24e46e6f241c604475d327cc629a638e17617959945d8a3b2b801f1", "Title": "kernel: drm/amd/display: Disable DMCUB timeout for DCN35", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Disable DMCUB timeout for DCN35\n\n[Why]\nDMCUB can intermittently take longer than expected to process commands.\n\nOld ASIC policy was to continue while logging a diagnostic error - which\nworks fine for ASIC without IPS, but with IPS this could lead to a race\ncondition where we attempt to access DCN state while it's inaccessible,\nleading to a system hang when the NIU port is not disabled or register\naccesses that timeout and the display configuration in an undefined\nstate.\n\n[How]\nWe need to investigate why these accesses take longer than expected, but\nfor now we should disable the timeout on DCN35 to avoid this race\ncondition. Since the waits happen only at lower interrupt levels the\nrisk of taking too long at higher IRQ and causing a system watchdog\ntimeout are minimal.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-46870", "https://git.kernel.org/stable/c/31c254c9cd4b122a10db297124f867107a696d83", "https://git.kernel.org/stable/c/7c70e60fbf4bff1123f0e8d5cb1ae71df6164d7f", "https://lore.kernel.org/linux-cve-announce/2024100958-CVE-2024-46870-f347@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-46870", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-46870" ], "PublishedDate": "2024-10-09T14:15:07.463Z", "LastModifiedDate": "2024-10-23T14:26:28.69Z" }, { "VulnerabilityID": "CVE-2024-47141", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-47141", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:56a861a532b10d2d91b82d68394bb635876fd3949b7522fc496045211e13ee45", "Title": "kernel: pinmux: Use sequential access to access desc-\u003epinmux data", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\npinmux: Use sequential access to access desc-\u003epinmux data\n\nWhen two client of the same gpio call pinctrl_select_state() for the\nsame functionality, we are seeing NULL pointer issue while accessing\ndesc-\u003emux_owner.\n\nLet's say two processes A, B executing in pin_request() for the same pin\nand process A updates the desc-\u003emux_usecount but not yet updated the\ndesc-\u003emux_owner while process B see the desc-\u003emux_usecount which got\nupdated by A path and further executes strcmp and while accessing\ndesc-\u003emux_owner it crashes with NULL pointer.\n\nSerialize the access to mux related setting with a mutex lock.\n\n\tcpu0 (process A)\t\t\tcpu1(process B)\n\npinctrl_select_state() {\t\t pinctrl_select_state() {\n pin_request() {\t\t\t\tpin_request() {\n ...\n\t\t\t\t\t\t ....\n } else {\n desc-\u003emux_usecount++;\n \t\t\t\t\t\tdesc-\u003emux_usecount \u0026\u0026 strcmp(desc-\u003emux_owner, owner)) {\n\n if (desc-\u003emux_usecount \u003e 1)\n return 0;\n desc-\u003emux_owner = owner;\n\n }\t\t\t\t\t\t}", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-47141", "https://git.kernel.org/linus/5a3e85c3c397c781393ea5fb2f45b1f60f8a4e6e (6.13-rc1)", "https://git.kernel.org/stable/c/2da32aed4a97ca1d70fb8b77926f72f30ce5fb4b", "https://git.kernel.org/stable/c/5a3e85c3c397c781393ea5fb2f45b1f60f8a4e6e", "https://git.kernel.org/stable/c/c11e2ec9a780f54982a187ee10ffd1b810715c85", "https://linux.oracle.com/cve/CVE-2024-47141.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lore.kernel.org/linux-cve-announce/2025011119-CVE-2024-47141-13f5@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-47141", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-47141" ], "PublishedDate": "2025-01-11T13:15:21.83Z", "LastModifiedDate": "2025-10-01T20:17:14.863Z" }, { "VulnerabilityID": "CVE-2024-47658", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-47658", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5e49cddb5261b32e13ecbab73316cabcbe38c262d77a51f07e4e2beab6ea89d2", "Title": "kernel: crypto: stm32/cryp - call finalize with bh disabled", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: stm32/cryp - call finalize with bh disabled\n\nThe finalize operation in interrupt mode produce a produces a spinlock\nrecursion warning. The reason is the fact that BH must be disabled\nduring this process.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-47658", "https://git.kernel.org/stable/c/56ddb9aa3b324c2d9645b5a7343e46010cf3f6ce", "https://git.kernel.org/stable/c/5d734665cd5d93270731e0ff1dd673fec677f447", "https://git.kernel.org/stable/c/d93a2f86b0a998aa1f0870c85a2a60a0771ef89a", "https://lore.kernel.org/linux-cve-announce/2024100959-CVE-2024-47658-0b23@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-47658", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-47658" ], "PublishedDate": "2024-10-09T14:15:07.603Z", "LastModifiedDate": "2024-10-23T16:14:46.213Z" }, { "VulnerabilityID": "CVE-2024-47661", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-47661", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8626e69c15802fe9d56aaf3b713199c02cd44df5249b84ece99419e994a86ada", "Title": "kernel: drm/amd/display: Avoid overflow from uint32_t to uint8_t", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid overflow from uint32_t to uint8_t\n\n[WHAT \u0026 HOW]\ndmub_rb_cmd's ramping_boundary has size of uint8_t and it is assigned\n0xFFFF. Fix it by changing it to uint8_t with value of 0xFF.\n\nThis fixes 2 INTEGER_OVERFLOW issues reported by Coverity.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-47661", "https://git.kernel.org/stable/c/30d1b783b6eeaf49d311a072c70d618d993d01ec", "https://git.kernel.org/stable/c/d6b54900c564e35989cf6813e4071504fa0a90e0", "https://lore.kernel.org/linux-cve-announce/2024100930-CVE-2024-47661-a6c1@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-47661", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-47661" ], "PublishedDate": "2024-10-09T15:15:15.02Z", "LastModifiedDate": "2024-10-15T16:03:29.26Z" }, { "VulnerabilityID": "CVE-2024-47662", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-47662", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:31b51e4b6e026d3c2ffcce75b756e39d8dae7fd7522d1dbab430e2e69f9fa87a", "Title": "kernel: drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Remove register from DCN35 DMCUB diagnostic collection\n\n[Why]\nThese registers should not be read from driver and triggering the\nsecurity violation when DMCUB work times out and diagnostics are\ncollected blocks Z8 entry.\n\n[How]\nRemove the register read from DCN35.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-47662", "https://git.kernel.org/stable/c/466423c6dd8af23ebb3a69d43434d01aed0db356", "https://git.kernel.org/stable/c/eba4b2a38ccdf074a053834509545703d6df1d57", "https://lore.kernel.org/linux-cve-announce/2024100931-CVE-2024-47662-74f4@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-47662", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-47662" ], "PublishedDate": "2024-10-09T15:15:15.08Z", "LastModifiedDate": "2024-10-23T16:53:12.973Z" }, { "VulnerabilityID": "CVE-2024-47664", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-47664", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:dd907349874cf71ad83bb6b0a7d01e156bd73e0c131cf27ca78722b47130fa12", "Title": "kernel: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware\n\nIf the value of max_speed_hz is 0, it may cause a division by zero\nerror in hisi_calc_effective_speed().\nThe value of max_speed_hz is provided by firmware.\nFirmware is generally considered as a trusted domain. However, as\ndivision by zero errors can cause system failure, for defense measure,\nthe value of max_speed is validated here. So 0 is regarded as invalid\nand an error code is returned.", "Severity": "MEDIUM", "CweIDs": [ "CWE-369" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-47664", "https://git.kernel.org/stable/c/16ccaf581da4fcf1e4d66086cf37263f9a656d43", "https://git.kernel.org/stable/c/5127c42c77de18651aa9e8e0a3ced190103b449c", "https://git.kernel.org/stable/c/ee73a15d4a8ce8fb02d7866f7cf78fcdd16f0fcc", "https://lore.kernel.org/linux-cve-announce/2024100904-CVE-2024-47664-f6bd@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-47664", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-47664" ], "PublishedDate": "2024-10-09T15:15:15.223Z", "LastModifiedDate": "2024-10-23T16:47:35.643Z" }, { "VulnerabilityID": "CVE-2024-47666", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-47666", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7fe744b57f08bcbbdef3b684cdead51734c4d9f8a243c46855c9224b7c85a99a", "Title": "kernel: scsi: pm80xx: Set phy-\u0026gt;enable_completion only when we wait for it", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm80xx: Set phy-\u003eenable_completion only when we wait for it\n\npm8001_phy_control() populates the enable_completion pointer with a stack\naddress, sends a PHY_LINK_RESET / PHY_HARD_RESET, waits 300 ms, and\nreturns. The problem arises when a phy control response comes late. After\n300 ms the pm8001_phy_control() function returns and the passed\nenable_completion stack address is no longer valid. Late phy control\nresponse invokes complete() on a dangling enable_completion pointer which\nleads to a kernel crash.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-47666", "https://git.kernel.org/stable/c/7b1d779647afaea9185fa2f150b1721e7c1aae89", "https://git.kernel.org/stable/c/a5d954802bda1aabcba49633cd94bad91c94113f", "https://git.kernel.org/stable/c/ddc501f4130f4baa787cb6cfa309af697179f475", "https://git.kernel.org/stable/c/e23ee0cc5bded07e700553aecc333bb20c768546", "https://git.kernel.org/stable/c/e4f949ef1516c0d74745ee54a0f4882c1f6c7aea", "https://git.kernel.org/stable/c/f14d3e1aa613311c744af32d75125e95fc8ffb84", "https://linux.oracle.com/cve/CVE-2024-47666.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2024100905-CVE-2024-47666-0015@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-47666", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2024-47666" ], "PublishedDate": "2024-10-09T15:15:15.353Z", "LastModifiedDate": "2025-12-06T22:15:49.303Z" }, { "VulnerabilityID": "CVE-2024-47678", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-47678", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:dc48f3a48824832dad79458246f6a648f2cf4107931b78ca1dac152efd34ce7d", "Title": "kernel: icmp: change the order of rate limits", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nicmp: change the order of rate limits\n\nICMP messages are ratelimited :\n\nAfter the blamed commits, the two rate limiters are applied in this order:\n\n1) host wide ratelimit (icmp_global_allow())\n\n2) Per destination ratelimit (inetpeer based)\n\nIn order to avoid side-channels attacks, we need to apply\nthe per destination check first.\n\nThis patch makes the following change :\n\n1) icmp_global_allow() checks if the host wide limit is reached.\n But credits are not yet consumed. This is deferred to 3)\n\n2) The per destination limit is checked/updated.\n This might add a new node in inetpeer tree.\n\n3) icmp_global_consume() consumes tokens if prior operations succeeded.\n\nThis means that host wide ratelimit is still effective\nin keeping inetpeer tree small even under DDOS.\n\nAs a bonus, I removed icmp_global.lock as the fast path\ncan use a lock-free operation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-203" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-47678", "https://git.kernel.org/linus/8c2bd38b95f75f3d2a08c93e35303e26d480d24e (6.12-rc1)", "https://git.kernel.org/stable/c/483397b4ba280813e4a9c161a0a85172ddb43d19", "https://git.kernel.org/stable/c/662ec52260cc07b9ae53ecd3925183c29d34288b", "https://git.kernel.org/stable/c/8c2bd38b95f75f3d2a08c93e35303e26d480d24e", "https://git.kernel.org/stable/c/997ba8889611891f91e8ad83583466aeab6239a3", "https://git.kernel.org/stable/c/a7722921adb046e3836eb84372241f32584bdb07", "https://linux.oracle.com/cve/CVE-2024-47678.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024102106-CVE-2024-47678-0b1b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-47678", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7301-1", "https://ubuntu.com/security/notices/USN-7303-1", "https://ubuntu.com/security/notices/USN-7303-2", "https://ubuntu.com/security/notices/USN-7303-3", "https://ubuntu.com/security/notices/USN-7304-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7311-1", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://www.cve.org/CVERecord?id=CVE-2024-47678" ], "PublishedDate": "2024-10-21T12:15:04.837Z", "LastModifiedDate": "2025-11-03T23:16:15.597Z" }, { "VulnerabilityID": "CVE-2024-47683", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-47683", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9ca4212e695da555f973d3e077da964bbe5331638a84b005bf2cb6618d6e69b2", "Title": "kernel: drm/amd/display: Skip Recompute DSC Params if no Stream on Link", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip Recompute DSC Params if no Stream on Link\n\n[why]\nEncounter NULL pointer dereference uner mst + dsc setup.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000008\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 4 PID: 917 Comm: sway Not tainted 6.3.9-arch1-1 #1 124dc55df4f5272ccb409f39ef4872fc2b3376a2\n Hardware name: LENOVO 20NKS01Y00/20NKS01Y00, BIOS R12ET61W(1.31 ) 07/28/2022\n RIP: 0010:drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper]\n Code: 01 00 00 48 8b 85 60 05 00 00 48 63 80 88 00 00 00 3b 43 28 0f 8d 2e 01 00 00 48 8b 53 30 48 8d 04 80 48 8d 04 c2 48 8b 40 18 \u003c48\u003e 8\u003e\n RSP: 0018:ffff960cc2df77d8 EFLAGS: 00010293\n RAX: 0000000000000000 RBX: ffff8afb87e81280 RCX: 0000000000000224\n RDX: ffff8afb9ee37c00 RSI: ffff8afb8da1a578 RDI: ffff8afb87e81280\n RBP: ffff8afb83d67000 R08: 0000000000000001 R09: ffff8afb9652f850\n R10: ffff960cc2df7908 R11: 0000000000000002 R12: 0000000000000000\n R13: ffff8afb8d7688a0 R14: ffff8afb8da1a578 R15: 0000000000000224\n FS: 00007f4dac35ce00(0000) GS:ffff8afe30b00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000008 CR3: 000000010ddc6000 CR4: 00000000003506e0\n Call Trace:\n\u003cTASK\u003e\n ? __die+0x23/0x70\n ? page_fault_oops+0x171/0x4e0\n ? plist_add+0xbe/0x100\n ? exc_page_fault+0x7c/0x180\n ? asm_exc_page_fault+0x26/0x30\n ? drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]\n ? drm_dp_atomic_find_time_slots+0x28/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]\n compute_mst_dsc_configs_for_link+0x2ff/0xa40 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n ? fill_plane_buffer_attributes+0x419/0x510 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n compute_mst_dsc_configs_for_state+0x1e1/0x250 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n amdgpu_dm_atomic_check+0xecd/0x1190 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n drm_atomic_check_only+0x5c5/0xa40\n drm_mode_atomic_ioctl+0x76e/0xbc0\n\n[how]\ndsc recompute should be skipped if no mode change detected on the new\nrequest. If detected, keep checking whether the stream is already on\ncurrent state or not.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-47683", "https://git.kernel.org/linus/8151a6c13111b465dbabe07c19f572f7cbd16fef (6.12-rc1)", "https://git.kernel.org/stable/c/282f0a482ee61d5e863512f3c4fcec90216c20d9", "https://git.kernel.org/stable/c/50e376f1fe3bf571d0645ddf48ad37eb58323919", "https://git.kernel.org/stable/c/6f9c39e8169384d2a5ca9bf323a0c1b81b3d0f3a", "https://git.kernel.org/stable/c/70275bb960c71d313254473d38c14e7101cee5ad", "https://git.kernel.org/stable/c/718d83f66fb07b2cab89a1fc984613a00e3db18f", "https://git.kernel.org/stable/c/7c887efda1201110211fed8921a92a713e0b6bcd", "https://git.kernel.org/stable/c/8151a6c13111b465dbabe07c19f572f7cbd16fef", "https://git.kernel.org/stable/c/a53841b074cc196c3caaa37e1f15d6bc90943b97", "https://git.kernel.org/stable/c/d45c64d933586d409d3f1e0ecaca4da494b1d9c6", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024102108-CVE-2024-47683-8cf2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-47683", "https://ubuntu.com/security/notices/USN-7154-1", "https://ubuntu.com/security/notices/USN-7154-2", "https://ubuntu.com/security/notices/USN-7155-1", "https://ubuntu.com/security/notices/USN-7156-1", "https://ubuntu.com/security/notices/USN-7196-1", "https://www.cve.org/CVERecord?id=CVE-2024-47683" ], "PublishedDate": "2024-10-21T12:15:05.21Z", "LastModifiedDate": "2025-12-29T15:15:59.52Z" }, { "VulnerabilityID": "CVE-2024-47689", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-47689", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:41f27c08e1fcb7fe8d078680ff2de77739d78c20cd5b7bc1b371a474810f19e4", "Title": "kernel: f2fs: fix to don\u0026#39;t set SB_RDONLY in f2fs_handle_critical_error()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to don't set SB_RDONLY in f2fs_handle_critical_error()\n\nsyzbot reports a f2fs bug as below:\n\n------------[ cut here ]------------\nWARNING: CPU: 1 PID: 58 at kernel/rcu/sync.c:177 rcu_sync_dtor+0xcd/0x180 kernel/rcu/sync.c:177\nCPU: 1 UID: 0 PID: 58 Comm: kworker/1:2 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0\nWorkqueue: events destroy_super_work\nRIP: 0010:rcu_sync_dtor+0xcd/0x180 kernel/rcu/sync.c:177\nCall Trace:\n percpu_free_rwsem+0x41/0x80 kernel/locking/percpu-rwsem.c:42\n destroy_super_work+0xec/0x130 fs/super.c:282\n process_one_work kernel/workqueue.c:3231 [inline]\n process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312\n worker_thread+0x86d/0xd40 kernel/workqueue.c:3390\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\nAs Christian Brauner pointed out [1]: the root cause is f2fs sets\nSB_RDONLY flag in internal function, rather than setting the flag\ncovered w/ sb-\u003es_umount semaphore via remount procedure, then below\nrace condition causes this bug:\n\n- freeze_super()\n - sb_wait_write(sb, SB_FREEZE_WRITE)\n - sb_wait_write(sb, SB_FREEZE_PAGEFAULT)\n - sb_wait_write(sb, SB_FREEZE_FS)\n\t\t\t\t\t- f2fs_handle_critical_error\n\t\t\t\t\t - sb-\u003es_flags |= SB_RDONLY\n- thaw_super\n - thaw_super_locked\n - sb_rdonly() is true, so it skips\n sb_freeze_unlock(sb, SB_FREEZE_FS)\n - deactivate_locked_super\n\nSince f2fs has almost the same logic as ext4 [2] when handling critical\nerror in filesystem if it mounts w/ errors=remount-ro option:\n- set CP_ERROR_FLAG flag which indicates filesystem is stopped\n- record errors to superblock\n- set SB_RDONLY falg\nOnce we set CP_ERROR_FLAG flag, all writable interfaces can detect the\nflag and stop any further updates on filesystem. So, it is safe to not\nset SB_RDONLY flag, let's remove the logic and keep in line w/ ext4 [3].\n\n[1] https://lore.kernel.org/all/20240729-himbeeren-funknetz-96e62f9c7aee@brauner\n[2] https://lore.kernel.org/all/20240729132721.hxih6ehigadqf7wx@quack3\n[3] https://lore.kernel.org/linux-ext4/20240805201241.27286-1-jack@suse.cz", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "azure": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-47689", "https://git.kernel.org/linus/930c6ab93492c4b15436524e704950b364b2930c (6.12-rc1)", "https://git.kernel.org/stable/c/1f63f405c1a1a64b9c310388aad7055fb86b245c", "https://git.kernel.org/stable/c/649ec8b30df113042588bd3d3cd4e98bcb1091e0", "https://git.kernel.org/stable/c/930c6ab93492c4b15436524e704950b364b2930c", "https://git.kernel.org/stable/c/de43021c72993877a8f86f9fddfa0687609da5a4", "https://lore.kernel.org/linux-cve-announce/2024102110-CVE-2024-47689-cdec@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-47689", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7301-1", "https://ubuntu.com/security/notices/USN-7303-1", "https://ubuntu.com/security/notices/USN-7303-2", "https://ubuntu.com/security/notices/USN-7303-3", "https://ubuntu.com/security/notices/USN-7304-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7311-1", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://www.cve.org/CVERecord?id=CVE-2024-47689" ], "PublishedDate": "2024-10-21T12:15:05.733Z", "LastModifiedDate": "2024-10-23T15:53:06.41Z" }, { "VulnerabilityID": "CVE-2024-47703", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-47703", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:508badf86033b1f8ec3086bf6b075c937527be29df84ef9f87cf9c42754929ff", "Title": "kernel: bpf, lsm: Add check for BPF LSM return value", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, lsm: Add check for BPF LSM return value\n\nA bpf prog returning a positive number attached to file_alloc_security\nhook makes kernel panic.\n\nThis happens because file system can not filter out the positive number\nreturned by the LSM prog using IS_ERR, and misinterprets this positive\nnumber as a file pointer.\n\nGiven that hook file_alloc_security never returned positive number\nbefore the introduction of BPF LSM, and other BPF LSM hooks may\nencounter similar issues, this patch adds LSM return value check\nin verifier, to ensure no unexpected value is returned.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-47703", "https://git.kernel.org/linus/5d99e198be279045e6ecefe220f5c52f8ce9bfd5 (6.12-rc1)", "https://git.kernel.org/stable/c/1050727d83e70449991c29dd1cf29fe936a63da3", "https://git.kernel.org/stable/c/27ca3e20fe80be85a92b10064dfeb56cb2564b1c", "https://git.kernel.org/stable/c/5d99e198be279045e6ecefe220f5c52f8ce9bfd5", "https://linux.oracle.com/cve/CVE-2024-47703.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lore.kernel.org/linux-cve-announce/2024102115-CVE-2024-47703-36ea@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-47703", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7301-1", "https://ubuntu.com/security/notices/USN-7303-1", "https://ubuntu.com/security/notices/USN-7303-2", "https://ubuntu.com/security/notices/USN-7303-3", "https://ubuntu.com/security/notices/USN-7304-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7311-1", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://www.cve.org/CVERecord?id=CVE-2024-47703" ], "PublishedDate": "2024-10-21T12:15:06.823Z", "LastModifiedDate": "2024-10-24T13:33:36.957Z" }, { "VulnerabilityID": "CVE-2024-47704", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-47704", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:25b4a580f7b7cc00b4b8cdab07a7bff59e92b2bd4ec44d4e061017c837fb15a7", "Title": "kernel: drm/amd/display: Check link_res-\u0026gt;hpo_dp_link_enc before using it", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check link_res-\u003ehpo_dp_link_enc before using it\n\n[WHAT \u0026 HOW]\nFunctions dp_enable_link_phy and dp_disable_link_phy can pass link_res\nwithout initializing hpo_dp_link_enc and it is necessary to check for\nnull before dereferencing.\n\nThis fixes 2 FORWARD_NULL issues reported by Coverity.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-47704", "https://git.kernel.org/linus/0beca868cde8742240cd0038141c30482d2b7eb8 (6.12-rc1)", "https://git.kernel.org/stable/c/0508a4e95ac1aefd851ceb97ea050d8abb93262c", "https://git.kernel.org/stable/c/0beca868cde8742240cd0038141c30482d2b7eb8", "https://git.kernel.org/stable/c/530e29452b955c30cf2102fa4d07420dc6e0c953", "https://git.kernel.org/stable/c/8c22a62288194f072eb3a51045b700fce1c18d9e", "https://git.kernel.org/stable/c/be2ca7a2c1561390d28bf2f92654d819659ba510", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2024102116-CVE-2024-47704-d937@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-47704", "https://ubuntu.com/security/notices/USN-7170-1", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7301-1", "https://ubuntu.com/security/notices/USN-7303-1", "https://ubuntu.com/security/notices/USN-7303-2", "https://ubuntu.com/security/notices/USN-7303-3", "https://ubuntu.com/security/notices/USN-7304-1", "https://ubuntu.com/security/notices/USN-7311-1", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://www.cve.org/CVERecord?id=CVE-2024-47704" ], "PublishedDate": "2024-10-21T12:15:06.923Z", "LastModifiedDate": "2025-11-03T18:15:43.47Z" }, { "VulnerabilityID": "CVE-2024-47728", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-47728", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7610cabe507b7b20ec33595dfc3c3b2fc50deb474680d144af556f421034f41b", "Title": "kernel: bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error\n\nFor all non-tracing helpers which formerly had ARG_PTR_TO_{LONG,INT} as input\narguments, zero the value for the case of an error as otherwise it could leak\nmemory. For tracing, it is not needed given CAP_PERFMON can already read all\nkernel memory anyway hence bpf_get_func_arg() and bpf_get_func_ret() is skipped\nin here.\n\nAlso, the MTU helpers mtu_len pointer value is being written but also read.\nTechnically, the MEM_UNINIT should not be there in order to always force init.\nRemoving MEM_UNINIT needs more verifier rework though: MEM_UNINIT right now\nimplies two things actually: i) write into memory, ii) memory does not have\nto be initialized. If we lift MEM_UNINIT, it then becomes: i) read into memory,\nii) memory must be initialized. This means that for bpf_*_check_mtu() we're\nreadding the issue we're trying to fix, that is, it would then be able to\nwrite back into things like .rodata BPF maps. Follow-up work will rework the\nMEM_UNINIT semantics such that the intent can be better expressed. For now\njust clear the *mtu_len on error path which can be lifted later again.", "Severity": "MEDIUM", "CweIDs": [ "CWE-459" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-47728", "https://git.kernel.org/linus/4b3786a6c5397dc220b1483d8e2f4867743e966f (6.12-rc1)", "https://git.kernel.org/stable/c/4b3786a6c5397dc220b1483d8e2f4867743e966f", "https://git.kernel.org/stable/c/594a9f5a8d2de2573a856e506f77ba7dd2cefc6a", "https://git.kernel.org/stable/c/599d15b6d03356a97bff7a76155c5604c42a2962", "https://git.kernel.org/stable/c/8397bf78988f3ae9dbebb0200189a62a57264980", "https://git.kernel.org/stable/c/a634fa8e480ac2423f86311a602f6295df2c8ed0", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024102105-CVE-2024-47728-824a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-47728", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7301-1", "https://ubuntu.com/security/notices/USN-7303-1", "https://ubuntu.com/security/notices/USN-7303-2", "https://ubuntu.com/security/notices/USN-7303-3", "https://ubuntu.com/security/notices/USN-7304-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7311-1", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://www.cve.org/CVERecord?id=CVE-2024-47728" ], "PublishedDate": "2024-10-21T13:15:02.98Z", "LastModifiedDate": "2025-11-03T23:16:19.867Z" }, { "VulnerabilityID": "CVE-2024-47736", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-47736", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:04bdb8e4f3b398fae17fffe2e82951adc3613f4301ab020e3c3d709275590535", "Title": "kernel: erofs: handle overlapped pclusters out of crafted images properly", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: handle overlapped pclusters out of crafted images properly\n\nsyzbot reported a task hang issue due to a deadlock case where it is\nwaiting for the folio lock of a cached folio that will be used for\ncache I/Os.\n\nAfter looking into the crafted fuzzed image, I found it's formed with\nseveral overlapped big pclusters as below:\n\n Ext: logical offset | length : physical offset | length\n 0: 0.. 16384 | 16384 : 151552.. 167936 | 16384\n 1: 16384.. 32768 | 16384 : 155648.. 172032 | 16384\n 2: 32768.. 49152 | 16384 : 537223168.. 537239552 | 16384\n...\n\nHere, extent 0/1 are physically overlapped although it's entirely\n_impossible_ for normal filesystem images generated by mkfs.\n\nFirst, managed folios containing compressed data will be marked as\nup-to-date and then unlocked immediately (unlike in-place folios) when\ncompressed I/Os are complete. If physical blocks are not submitted in\nthe incremental order, there should be separate BIOs to avoid dependency\nissues. However, the current code mis-arranges z_erofs_fill_bio_vec()\nand BIO submission which causes unexpected BIO waits.\n\nSecond, managed folios will be connected to their own pclusters for\nefficient inter-queries. However, this is somewhat hard to implement\neasily if overlapped big pclusters exist. Again, these only appear in\nfuzzed images so let's simply fall back to temporary short-lived pages\nfor correctness.\n\nAdditionally, it justifies that referenced managed folios cannot be\ntruncated for now and reverts part of commit 2080ca1ed3e4 (\"erofs: tidy\nup `struct z_erofs_bvec`\") for simplicity although it shouldn't be any\ndifference.", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "azure": 2, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-47736", "https://git.kernel.org/linus/9e2f9d34dd12e6e5b244ec488bcebd0c2d566c50 (6.12-rc1)", "https://git.kernel.org/stable/c/1bf7e414cac303c9aec1be67872e19be8b64980c", "https://git.kernel.org/stable/c/9cfa199bcbbbba31cbf97b2786f44f4464f3f29a", "https://git.kernel.org/stable/c/9e2f9d34dd12e6e5b244ec488bcebd0c2d566c50", "https://git.kernel.org/stable/c/b9b30af0e86ffb485301ecd83b9129c9dfb7ebf8", "https://lore.kernel.org/linux-cve-announce/2024102108-CVE-2024-47736-712a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-47736", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7513-1", "https://ubuntu.com/security/notices/USN-7513-2", "https://ubuntu.com/security/notices/USN-7513-3", "https://ubuntu.com/security/notices/USN-7513-4", "https://ubuntu.com/security/notices/USN-7513-5", "https://ubuntu.com/security/notices/USN-7514-1", "https://ubuntu.com/security/notices/USN-7515-1", "https://ubuntu.com/security/notices/USN-7515-2", "https://ubuntu.com/security/notices/USN-7522-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-47736" ], "PublishedDate": "2024-10-21T13:15:03.737Z", "LastModifiedDate": "2025-01-17T14:15:31.577Z" }, { "VulnerabilityID": "CVE-2024-47738", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-47738", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:98213de13d295fd3b657656dd8950a23106ac219e5d19f1e487af91d590fe51a", "Title": "kernel: wifi: mac80211: don\u0026#39;t use rate mask for offchannel TX either", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: don't use rate mask for offchannel TX either\n\nLike the commit ab9177d83c04 (\"wifi: mac80211: don't use rate mask for\nscanning\"), ignore incorrect settings to avoid no supported rate warning\nreported by syzbot.\n\nThe syzbot did bisect and found cause is commit 9df66d5b9f45 (\"cfg80211:\nfix default HE tx bitrate mask in 2G band\"), which however corrects\nbitmask of HE MCS and recognizes correctly settings of empty legacy rate\nplus HE MCS rate instead of returning -EINVAL.\n\nAs suggestions [1], follow the change of SCAN TX to consider this case of\noffchannel TX as well.\n\n[1] https://lore.kernel.org/linux-wireless/6ab2dc9c3afe753ca6fdcdd1421e7a1f47e87b84.camel@sipsolutions.net/T/#m2ac2a6d2be06a37c9c47a3d8a44b4f647ed4f024", "Severity": "MEDIUM", "VendorSeverity": { "azure": 1, "nvd": 1, "oracle-oval": 2, "photon": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-47738", "https://git.kernel.org/linus/e7a7ef9a0742dbd0818d5b15fba2c5313ace765b (6.12-rc1)", "https://git.kernel.org/stable/c/3565ef215101ffadb5fe5394c70b1fca51376b25", "https://git.kernel.org/stable/c/43897111481b679508711d3ca881c4c6593e9247", "https://git.kernel.org/stable/c/aafca50e71dc8f3192a5bfb325135a7908f3ef9e", "https://git.kernel.org/stable/c/d54455a3a965feb547711aff7afd2ca5deadb99c", "https://git.kernel.org/stable/c/e7a7ef9a0742dbd0818d5b15fba2c5313ace765b", "https://linux.oracle.com/cve/CVE-2024-47738.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024102108-CVE-2024-47738-3f0e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-47738", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7301-1", "https://ubuntu.com/security/notices/USN-7303-1", "https://ubuntu.com/security/notices/USN-7303-2", "https://ubuntu.com/security/notices/USN-7303-3", "https://ubuntu.com/security/notices/USN-7304-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7311-1", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://www.cve.org/CVERecord?id=CVE-2024-47738" ], "PublishedDate": "2024-10-21T13:15:03.92Z", "LastModifiedDate": "2025-11-03T23:16:20.72Z" }, { "VulnerabilityID": "CVE-2024-47745", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-47745", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9f322273858406b788c7e61fe2a87f0fd250074e300577ee1084c9227d5edda3", "Title": "kernel: mm: call the security_mmap_file() LSM hook in remap_file_pages()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: call the security_mmap_file() LSM hook in remap_file_pages()\n\nThe remap_file_pages syscall handler calls do_mmap() directly, which\ndoesn't contain the LSM security check. And if the process has called\npersonality(READ_IMPLIES_EXEC) before and remap_file_pages() is called for\nRW pages, this will actually result in remapping the pages to RWX,\nbypassing a W^X policy enforced by SELinux.\n\nSo we should check prot by security_mmap_file LSM hook in the\nremap_file_pages syscall handler before do_mmap() is called. Otherwise, it\npotentially permits an attacker to bypass a W^X policy enforced by\nSELinux.\n\nThe bypass is similar to CVE-2016-10044, which bypass the same thing via\nAIO and can be found in [1].\n\nThe PoC:\n\n$ cat \u003e test.c\n\nint main(void) {\n\tsize_t pagesz = sysconf(_SC_PAGE_SIZE);\n\tint mfd = syscall(SYS_memfd_create, \"test\", 0);\n\tconst char *buf = mmap(NULL, 4 * pagesz, PROT_READ | PROT_WRITE,\n\t\tMAP_SHARED, mfd, 0);\n\tunsigned int old = syscall(SYS_personality, 0xffffffff);\n\tsyscall(SYS_personality, READ_IMPLIES_EXEC | old);\n\tsyscall(SYS_remap_file_pages, buf, pagesz, 0, 2, 0);\n\tsyscall(SYS_personality, old);\n\t// show the RWX page exists even if W^X policy is enforced\n\tint fd = open(\"/proc/self/maps\", O_RDONLY);\n\tunsigned char buf2[1024];\n\twhile (1) {\n\t\tint ret = read(fd, buf2, 1024);\n\t\tif (ret \u003c= 0) break;\n\t\twrite(1, buf2, ret);\n\t}\n\tclose(fd);\n}\n\n$ gcc test.c -o test\n$ ./test | grep rwx\n7f1836c34000-7f1836c35000 rwxs 00002000 00:01 2050 /memfd:test (deleted)\n\n[PM: subject line tweaks]", "Severity": "MEDIUM", "CweIDs": [ "CWE-670" ], "VendorSeverity": { "amazon": 3, "azure": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-47745", "https://git.kernel.org/linus/ea7e2d5e49c05e5db1922387b09ca74aa40f46e2 (6.12-rc1)", "https://git.kernel.org/stable/c/0f910dbf2f2a4a7820ba4bac7b280f7108aa05b1", "https://git.kernel.org/stable/c/3393fddbfa947c8e1fdcc4509226905ffffd8b89", "https://git.kernel.org/stable/c/49d3a4ad57c57227c3b0fd6cd4188b2a5ebd6178", "https://git.kernel.org/stable/c/ce14f38d6ee9e88e37ec28427b4b93a7c33c70d3", "https://git.kernel.org/stable/c/ea7e2d5e49c05e5db1922387b09ca74aa40f46e2", "https://linux.oracle.com/cve/CVE-2024-47745.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024102111-CVE-2024-47745-42e6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-47745", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7301-1", "https://ubuntu.com/security/notices/USN-7303-1", "https://ubuntu.com/security/notices/USN-7303-2", "https://ubuntu.com/security/notices/USN-7303-3", "https://ubuntu.com/security/notices/USN-7304-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7311-1", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://www.cve.org/CVERecord?id=CVE-2024-47745" ], "PublishedDate": "2024-10-21T13:15:04.58Z", "LastModifiedDate": "2025-11-03T21:16:29.1Z" }, { "VulnerabilityID": "CVE-2024-47794", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-47794", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3092883dc774d7f1532c464380d155b7867a00b9ce7590d87b836a61a238e1ac", "Title": "kernel: bpf: Prevent tailcall infinite loop caused by freplace", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Prevent tailcall infinite loop caused by freplace\n\nThere is a potential infinite loop issue that can occur when using a\ncombination of tail calls and freplace.\n\nIn an upcoming selftest, the attach target for entry_freplace of\ntailcall_freplace.c is subprog_tc of tc_bpf2bpf.c, while the tail call in\nentry_freplace leads to entry_tc. This results in an infinite loop:\n\nentry_tc -\u003e subprog_tc -\u003e entry_freplace --tailcall-\u003e entry_tc.\n\nThe problem arises because the tail_call_cnt in entry_freplace resets to\nzero each time entry_freplace is executed, causing the tail call mechanism\nto never terminate, eventually leading to a kernel panic.\n\nTo fix this issue, the solution is twofold:\n\n1. Prevent updating a program extended by an freplace program to a\n prog_array map.\n2. Prevent extending a program that is already part of a prog_array map\n with an freplace program.\n\nThis ensures that:\n\n* If a program or its subprogram has been extended by an freplace program,\n it can no longer be updated to a prog_array map.\n* If a program has been added to a prog_array map, neither it nor its\n subprograms can be extended by an freplace program.\n\nMoreover, an extension program should not be tailcalled. As such, return\n-EINVAL if the program has a type of BPF_PROG_TYPE_EXT when adding it to a\nprog_array map.\n\nAdditionally, fix a minor code style issue by replacing eight spaces with a\ntab for proper formatting.", "Severity": "MEDIUM", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-47794", "https://git.kernel.org/linus/d6083f040d5d8f8d748462c77e90547097df936e (6.13-rc1)", "https://git.kernel.org/stable/c/987aa730bad3e1ef66d9f30182294daa78f6387d", "https://git.kernel.org/stable/c/d6083f040d5d8f8d748462c77e90547097df936e", "https://linux.oracle.com/cve/CVE-2024-47794.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025011120-CVE-2024-47794-09e9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-47794", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-47794" ], "PublishedDate": "2025-01-11T13:15:22.39Z", "LastModifiedDate": "2025-09-23T16:20:16.803Z" }, { "VulnerabilityID": "CVE-2024-47809", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-47809", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5229958c8efa5cc8875ebcc6ac93c1ab0c4b333fe0a6dd100861e32b74bf89fb", "Title": "kernel: dlm: fix possible lkb_resource null dereference", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndlm: fix possible lkb_resource null dereference\n\nThis patch fixes a possible null pointer dereference when this function is\ncalled from request_lock() as lkb-\u003elkb_resource is not assigned yet,\nonly after validate_lock_args() by calling attach_lkb(). Another issue\nis that a resource name could be a non printable bytearray and we cannot\nassume to be ASCII coded.\n\nThe log functionality is probably never being hit when DLM is used in\nnormal way and no debug logging is enabled. The null pointer dereference\ncan only occur on a new created lkb that does not have the resource\nassigned yet, it probably never hits the null pointer dereference but we\nshould be sure that other changes might not change this behaviour and we\nactually can hit the mentioned null pointer dereference.\n\nIn this patch we just drop the printout of the resource name, the lkb id\nis enough to make a possible connection to a resource name if this\nexists.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-47809", "https://git.kernel.org/linus/b98333c67daf887c724cd692e88e2db9418c0861 (6.13-rc1)", "https://git.kernel.org/stable/c/2db11504ef82a60c1a2063ba7431a5cd013ecfcb", "https://git.kernel.org/stable/c/6fbdc3980b70e9c1c86eccea7d5ee68108008fa7", "https://git.kernel.org/stable/c/8d55ce46dd543c6965970ce70c22c3076dd35b1e", "https://git.kernel.org/stable/c/b98333c67daf887c724cd692e88e2db9418c0861", "https://linux.oracle.com/cve/CVE-2024-47809.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025011120-CVE-2024-47809-7b40@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-47809", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-47809" ], "PublishedDate": "2025-01-11T13:15:22.583Z", "LastModifiedDate": "2026-03-25T11:16:08.19Z" }, { "VulnerabilityID": "CVE-2024-48873", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-48873", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:71314bbb50c9099faa2ddf7dfbb3fd05347992670471119e31bc7f149609ef34", "Title": "kernel: wifi: rtw89: check return value of ieee80211_probereq_get() for RNR", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: check return value of ieee80211_probereq_get() for RNR\n\nThe return value of ieee80211_probereq_get() might be NULL, so check it\nbefore using to avoid NULL pointer access.\n\nAddresses-Coverity-ID: 1529805 (\"Dereference null return value\")", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-48873", "https://git.kernel.org/linus/630d5d8f2bf6b340202b6bc2c05d794bbd8e4c1c (6.13-rc1)", "https://git.kernel.org/stable/c/1a0f54cb3fea5d087440b2bae03202c445156a8d", "https://git.kernel.org/stable/c/630d5d8f2bf6b340202b6bc2c05d794bbd8e4c1c", "https://git.kernel.org/stable/c/7296e5611adb2c619bd7bd3817ddde7ba865ef17", "https://linux.oracle.com/cve/CVE-2024-48873.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lore.kernel.org/linux-cve-announce/2025011120-CVE-2024-48873-75a9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-48873", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-48873" ], "PublishedDate": "2025-01-11T13:15:22.75Z", "LastModifiedDate": "2025-10-01T20:17:15.687Z" }, { "VulnerabilityID": "CVE-2024-48875", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-48875", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a8aebd3abeef0a00dd1a7a31ae9bc9e7b0a13faa7fef36ce8fbab163504f8bbd", "Title": "kernel: btrfs: don't take dev_replace rwsem on task already holding it", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don't take dev_replace rwsem on task already holding it\n\nRunning fstests btrfs/011 with MKFS_OPTIONS=\"-O rst\" to force the usage of\nthe RAID stripe-tree, we get the following splat from lockdep:\n\n BTRFS info (device sdd): dev_replace from /dev/sdd (devid 1) to /dev/sdb started\n\n ============================================\n WARNING: possible recursive locking detected\n 6.11.0-rc3-btrfs-for-next #599 Not tainted\n --------------------------------------------\n btrfs/2326 is trying to acquire lock:\n ffff88810f215c98 (\u0026fs_info-\u003edev_replace.rwsem){++++}-{3:3}, at: btrfs_map_block+0x39f/0x2250\n\n but task is already holding lock:\n ffff88810f215c98 (\u0026fs_info-\u003edev_replace.rwsem){++++}-{3:3}, at: btrfs_map_block+0x39f/0x2250\n\n other info that might help us debug this:\n Possible unsafe locking scenario:\n\n CPU0\n ----\n lock(\u0026fs_info-\u003edev_replace.rwsem);\n lock(\u0026fs_info-\u003edev_replace.rwsem);\n\n *** DEADLOCK ***\n\n May be due to missing lock nesting notation\n\n 1 lock held by btrfs/2326:\n #0: ffff88810f215c98 (\u0026fs_info-\u003edev_replace.rwsem){++++}-{3:3}, at: btrfs_map_block+0x39f/0x2250\n\n stack backtrace:\n CPU: 1 UID: 0 PID: 2326 Comm: btrfs Not tainted 6.11.0-rc3-btrfs-for-next #599\n Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5b/0x80\n __lock_acquire+0x2798/0x69d0\n ? __pfx___lock_acquire+0x10/0x10\n ? __pfx___lock_acquire+0x10/0x10\n lock_acquire+0x19d/0x4a0\n ? btrfs_map_block+0x39f/0x2250\n ? __pfx_lock_acquire+0x10/0x10\n ? find_held_lock+0x2d/0x110\n ? lock_is_held_type+0x8f/0x100\n down_read+0x8e/0x440\n ? btrfs_map_block+0x39f/0x2250\n ? __pfx_down_read+0x10/0x10\n ? do_raw_read_unlock+0x44/0x70\n ? _raw_read_unlock+0x23/0x40\n btrfs_map_block+0x39f/0x2250\n ? btrfs_dev_replace_by_ioctl+0xd69/0x1d00\n ? btrfs_bio_counter_inc_blocked+0xd9/0x2e0\n ? __kasan_slab_alloc+0x6e/0x70\n ? __pfx_btrfs_map_block+0x10/0x10\n ? __pfx_btrfs_bio_counter_inc_blocked+0x10/0x10\n ? kmem_cache_alloc_noprof+0x1f2/0x300\n ? mempool_alloc_noprof+0xed/0x2b0\n btrfs_submit_chunk+0x28d/0x17e0\n ? __pfx_btrfs_submit_chunk+0x10/0x10\n ? bvec_alloc+0xd7/0x1b0\n ? bio_add_folio+0x171/0x270\n ? __pfx_bio_add_folio+0x10/0x10\n ? __kasan_check_read+0x20/0x20\n btrfs_submit_bio+0x37/0x80\n read_extent_buffer_pages+0x3df/0x6c0\n btrfs_read_extent_buffer+0x13e/0x5f0\n read_tree_block+0x81/0xe0\n read_block_for_search+0x4bd/0x7a0\n ? __pfx_read_block_for_search+0x10/0x10\n btrfs_search_slot+0x78d/0x2720\n ? __pfx_btrfs_search_slot+0x10/0x10\n ? lock_is_held_type+0x8f/0x100\n ? kasan_save_track+0x14/0x30\n ? __kasan_slab_alloc+0x6e/0x70\n ? kmem_cache_alloc_noprof+0x1f2/0x300\n btrfs_get_raid_extent_offset+0x181/0x820\n ? __pfx_lock_acquire+0x10/0x10\n ? __pfx_btrfs_get_raid_extent_offset+0x10/0x10\n ? down_read+0x194/0x440\n ? __pfx_down_read+0x10/0x10\n ? do_raw_read_unlock+0x44/0x70\n ? _raw_read_unlock+0x23/0x40\n btrfs_map_block+0x5b5/0x2250\n ? __pfx_btrfs_map_block+0x10/0x10\n scrub_submit_initial_read+0x8fe/0x11b0\n ? __pfx_scrub_submit_initial_read+0x10/0x10\n submit_initial_group_read+0x161/0x3a0\n ? lock_release+0x20e/0x710\n ? __pfx_submit_initial_group_read+0x10/0x10\n ? __pfx_lock_release+0x10/0x10\n scrub_simple_mirror.isra.0+0x3eb/0x580\n scrub_stripe+0xe4d/0x1440\n ? lock_release+0x20e/0x710\n ? __pfx_scrub_stripe+0x10/0x10\n ? __pfx_lock_release+0x10/0x10\n ? do_raw_read_unlock+0x44/0x70\n ? _raw_read_unlock+0x23/0x40\n scrub_chunk+0x257/0x4a0\n scrub_enumerate_chunks+0x64c/0xf70\n ? __mutex_unlock_slowpath+0x147/0x5f0\n ? __pfx_scrub_enumerate_chunks+0x10/0x10\n ? bit_wait_timeout+0xb0/0x170\n ? __up_read+0x189/0x700\n ? scrub_workers_get+0x231/0x300\n ? up_write+0x490/0x4f0\n btrfs_scrub_dev+0x52e/0xcd0\n ? create_pending_snapshots+0x230/0x250\n ? __pfx_btrfs_scrub_dev+0x10/0x10\n btrfs_dev_replace_by_ioctl+0xd69/0x1d00\n ? lock_acquire+0x19d/0x4a0\n ? __pfx_btrfs_dev_replace_by_ioctl+0x10/0x10\n ?\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-48875", "https://git.kernel.org/linus/8cca35cb29f81eba3e96ec44dad8696c8a2f9138 (6.13-rc1)", "https://git.kernel.org/stable/c/8cca35cb29f81eba3e96ec44dad8696c8a2f9138", "https://git.kernel.org/stable/c/a2e99dcd7aafa9d474f7d9b0740b8f93c4e156c2", "https://git.kernel.org/stable/c/a5bc4e030f50fdbb1fbc69acc1e0c5f57c79d044", "https://linux.oracle.com/cve/CVE-2024-48875.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025011121-CVE-2024-48875-5b79@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-48875", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-48875" ], "PublishedDate": "2025-01-11T13:15:22.933Z", "LastModifiedDate": "2026-01-05T11:17:19.653Z" }, { "VulnerabilityID": "CVE-2024-49568", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49568", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1499ea12314175d3abc6eb4ea56b6d3f679099d5edc1e7128b5d1be4aa570d43", "Title": "kernel: net/smc: check v2_ext_offset/eid_cnt/ism_gid_cnt when receiving proposal msg", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: check v2_ext_offset/eid_cnt/ism_gid_cnt when receiving proposal msg\n\nWhen receiving proposal msg in server, the fields v2_ext_offset/\neid_cnt/ism_gid_cnt in proposal msg are from the remote client\nand can not be fully trusted. Especially the field v2_ext_offset,\nonce exceed the max value, there has the chance to access wrong\naddress, and crash may happen.\n\nThis patch checks the fields v2_ext_offset/eid_cnt/ism_gid_cnt\nbefore using them.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49568", "https://git.kernel.org/linus/7863c9f3d24ba49dbead7e03dfbe40deb5888fdf (6.13-rc4)", "https://git.kernel.org/stable/c/295a92e3df32e72aff0f4bc25c310e349d07ffbf", "https://git.kernel.org/stable/c/42f6beb2d5779429417b5f8115a4e3fa695d2a6c", "https://git.kernel.org/stable/c/7863c9f3d24ba49dbead7e03dfbe40deb5888fdf", "https://linux.oracle.com/cve/CVE-2024-49568.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025011142-CVE-2024-49568-e5f6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49568", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7513-1", "https://ubuntu.com/security/notices/USN-7513-2", "https://ubuntu.com/security/notices/USN-7513-3", "https://ubuntu.com/security/notices/USN-7513-4", "https://ubuntu.com/security/notices/USN-7513-5", "https://ubuntu.com/security/notices/USN-7514-1", "https://ubuntu.com/security/notices/USN-7515-1", "https://ubuntu.com/security/notices/USN-7515-2", "https://ubuntu.com/security/notices/USN-7522-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-49568" ], "PublishedDate": "2025-01-11T13:15:23.637Z", "LastModifiedDate": "2025-10-15T20:28:45.94Z" }, { "VulnerabilityID": "CVE-2024-49569", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49569", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1cec1b135fad53140e93cdbc4aa540341940e966a88fec09264c849fecd207f5", "Title": "kernel: nvme-rdma: unquiesce admin_q before destroy it", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-rdma: unquiesce admin_q before destroy it\n\nKernel will hang on destroy admin_q while we create ctrl failed, such\nas following calltrace:\n\nPID: 23644 TASK: ff2d52b40f439fc0 CPU: 2 COMMAND: \"nvme\"\n #0 [ff61d23de260fb78] __schedule at ffffffff8323bc15\n #1 [ff61d23de260fc08] schedule at ffffffff8323c014\n #2 [ff61d23de260fc28] blk_mq_freeze_queue_wait at ffffffff82a3dba1\n #3 [ff61d23de260fc78] blk_freeze_queue at ffffffff82a4113a\n #4 [ff61d23de260fc90] blk_cleanup_queue at ffffffff82a33006\n #5 [ff61d23de260fcb0] nvme_rdma_destroy_admin_queue at ffffffffc12686ce\n #6 [ff61d23de260fcc8] nvme_rdma_setup_ctrl at ffffffffc1268ced\n #7 [ff61d23de260fd28] nvme_rdma_create_ctrl at ffffffffc126919b\n #8 [ff61d23de260fd68] nvmf_dev_write at ffffffffc024f362\n #9 [ff61d23de260fe38] vfs_write at ffffffff827d5f25\n RIP: 00007fda7891d574 RSP: 00007ffe2ef06958 RFLAGS: 00000202\n RAX: ffffffffffffffda RBX: 000055e8122a4d90 RCX: 00007fda7891d574\n RDX: 000000000000012b RSI: 000055e8122a4d90 RDI: 0000000000000004\n RBP: 00007ffe2ef079c0 R8: 000000000000012b R9: 000055e8122a4d90\n R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000004\n R13: 000055e8122923c0 R14: 000000000000012b R15: 00007fda78a54500\n ORIG_RAX: 0000000000000001 CS: 0033 SS: 002b\n\nThis due to we have quiesced admi_q before cancel requests, but forgot\nto unquiesce before destroy it, as a result we fail to drain the\npending requests, and hang on blk_mq_freeze_queue_wait() forever. Here\ntry to reuse nvme_rdma_teardown_admin_queue() to fix this issue and\nsimplify the code.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49569", "https://git.kernel.org/linus/5858b687559809f05393af745cbadf06dee61295 (6.13-rc2)", "https://git.kernel.org/stable/c/05b436f3cf65c957eff86c5ea5ddfa2604b32c63", "https://git.kernel.org/stable/c/427036030f4d796533dcadba9b845896cb6c10a7", "https://git.kernel.org/stable/c/5858b687559809f05393af745cbadf06dee61295", "https://linux.oracle.com/cve/CVE-2024-49569.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lore.kernel.org/linux-cve-announce/2025011122-CVE-2024-49569-c532@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49569", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-49569" ], "PublishedDate": "2025-01-11T13:15:23.84Z", "LastModifiedDate": "2025-10-15T20:50:15.017Z" }, { "VulnerabilityID": "CVE-2024-49855", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49855", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e48795c54e5a3c1626b53ed29853b79b23f178e197d55ba09a510ddf6129981f", "Title": "kernel: nbd: fix race between timeout and normal completion", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: fix race between timeout and normal completion\n\nIf request timetout is handled by nbd_requeue_cmd(), normal completion\nhas to be stopped for avoiding to complete this requeued request, other\nuse-after-free can be triggered.\n\nFix the race by clearing NBD_CMD_INFLIGHT in nbd_requeue_cmd(), meantime\nmake sure that cmd-\u003elock is grabbed for clearing the flag and the\nrequeue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "azure": 3, "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49855", "https://git.kernel.org/linus/c9ea57c91f03bcad415e1a20113bdb2077bcf990 (6.12-rc1)", "https://git.kernel.org/stable/c/5236ada8ebbd9e7461f17477357582f5be4f46f7", "https://git.kernel.org/stable/c/6e73b946a379a1dfbb62626af93843bdfb53753d", "https://git.kernel.org/stable/c/9a74c3e6c0d686c26ba2aab66d15ddb89dc139cc", "https://git.kernel.org/stable/c/9c25faf72d780a9c71081710cd48759d61ff6e9b", "https://git.kernel.org/stable/c/c9ea57c91f03bcad415e1a20113bdb2077bcf990", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024102153-CVE-2024-49855-8997@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49855", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7301-1", "https://ubuntu.com/security/notices/USN-7303-1", "https://ubuntu.com/security/notices/USN-7303-2", "https://ubuntu.com/security/notices/USN-7303-3", "https://ubuntu.com/security/notices/USN-7304-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7311-1", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://www.cve.org/CVERecord?id=CVE-2024-49855" ], "PublishedDate": "2024-10-21T13:15:06.27Z", "LastModifiedDate": "2025-11-03T23:16:25.703Z" }, { "VulnerabilityID": "CVE-2024-49859", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49859", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b8700fbaae0ae2bdb3890830ccafb306248000ec51b588afb579bdefdc7bdeee", "Title": "kernel: f2fs: fix to check atomic_file in f2fs ioctl interfaces", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to check atomic_file in f2fs ioctl interfaces\n\nSome f2fs ioctl interfaces like f2fs_ioc_set_pin_file(),\nf2fs_move_file_range(), and f2fs_defragment_range() missed to\ncheck atomic_write status, which may cause potential race issue,\nfix it.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "azure": 2, "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49859", "https://git.kernel.org/linus/bfe5c02654261bfb8bd9cb174a67f3279ea99e58 (6.12-rc1)", "https://git.kernel.org/stable/c/10569b682ebe9c75ef06ddd322ae844e9be6374b", "https://git.kernel.org/stable/c/26b07bd2e1f124b0e430c8d250023f7205c549c3", "https://git.kernel.org/stable/c/7cb51731f24b216b0b87942f519f2c67a17107ee", "https://git.kernel.org/stable/c/bfe5c02654261bfb8bd9cb174a67f3279ea99e58", "https://git.kernel.org/stable/c/d6f08c88047accc6127dddb6798a3ff11321539d", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024102124-CVE-2024-49859-9917@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49859", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7301-1", "https://ubuntu.com/security/notices/USN-7303-1", "https://ubuntu.com/security/notices/USN-7303-2", "https://ubuntu.com/security/notices/USN-7303-3", "https://ubuntu.com/security/notices/USN-7304-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7311-1", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://www.cve.org/CVERecord?id=CVE-2024-49859" ], "PublishedDate": "2024-10-21T13:15:06.627Z", "LastModifiedDate": "2025-11-03T23:16:26.147Z" }, { "VulnerabilityID": "CVE-2024-49861", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49861", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:09fd361fe3cf7c60ebb44dbaea8000b685b3712353aa6a002ffb7313f590a2b5", "Title": "kernel: bpf: Fix helper writes to read-only maps", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix helper writes to read-only maps\n\nLonial found an issue that despite user- and BPF-side frozen BPF map\n(like in case of .rodata), it was still possible to write into it from\na BPF program side through specific helpers having ARG_PTR_TO_{LONG,INT}\nas arguments.\n\nIn check_func_arg() when the argument is as mentioned, the meta-\u003eraw_mode\nis never set. Later, check_helper_mem_access(), under the case of\nPTR_TO_MAP_VALUE as register base type, it assumes BPF_READ for the\nsubsequent call to check_map_access_type() and given the BPF map is\nread-only it succeeds.\n\nThe helpers really need to be annotated as ARG_PTR_TO_{LONG,INT} | MEM_UNINIT\nwhen results are written into them as opposed to read out of them. The\nlatter indicates that it's okay to pass a pointer to uninitialized memory\nas the memory is written to anyway.\n\nHowever, ARG_PTR_TO_{LONG,INT} is a special case of ARG_PTR_TO_FIXED_SIZE_MEM\njust with additional alignment requirement. So it is better to just get\nrid of the ARG_PTR_TO_{LONG,INT} special cases altogether and reuse the\nfixed size memory types. For this, add MEM_ALIGNED to additionally ensure\nalignment given these helpers write directly into the args via *\u003cptr\u003e = val.\nThe .arg*_size has been initialized reflecting the actual sizeof(*\u003cptr\u003e).\n\nMEM_ALIGNED can only be used in combination with MEM_FIXED_SIZE annotated\nargument types, since in !MEM_FIXED_SIZE cases the verifier does not know\nthe buffer size a priori and therefore cannot blindly write *\u003cptr\u003e = val.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49861", "https://git.kernel.org/linus/32556ce93bc45c730829083cb60f95a2728ea48b (6.12-rc1)", "https://git.kernel.org/stable/c/1e75d25133158b525e0456876e9bcfd6b2993fd5", "https://git.kernel.org/stable/c/2ed98ee02d1e08afee88f54baec39ea78dc8a23c", "https://git.kernel.org/stable/c/32556ce93bc45c730829083cb60f95a2728ea48b", "https://git.kernel.org/stable/c/988e55abcf7fdb8fc9a76a7cf3f4e939a4d4fb3a", "https://git.kernel.org/stable/c/a2c8dc7e21803257e762b0bf067fd13e9c995da0", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024102124-CVE-2024-49861-5288@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49861", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7301-1", "https://ubuntu.com/security/notices/USN-7303-1", "https://ubuntu.com/security/notices/USN-7303-2", "https://ubuntu.com/security/notices/USN-7303-3", "https://ubuntu.com/security/notices/USN-7304-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7311-1", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://www.cve.org/CVERecord?id=CVE-2024-49861" ], "PublishedDate": "2024-10-21T13:15:06.8Z", "LastModifiedDate": "2025-11-03T21:16:32.187Z" }, { "VulnerabilityID": "CVE-2024-49870", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49870", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d5908437ebd38c0244a632aa113807a408be1f354d9a4916eac1506fd836aa69", "Title": "kernel: cachefiles: fix dentry leak in cachefiles_open_file()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: fix dentry leak in cachefiles_open_file()\n\nA dentry leak may be caused when a lookup cookie and a cull are concurrent:\n\n P1 | P2\n-----------------------------------------------------------\ncachefiles_lookup_cookie\n cachefiles_look_up_object\n lookup_one_positive_unlocked\n // get dentry\n cachefiles_cull\n inode-\u003ei_flags |= S_KERNEL_FILE;\n cachefiles_open_file\n cachefiles_mark_inode_in_use\n __cachefiles_mark_inode_in_use\n can_use = false\n if (!(inode-\u003ei_flags \u0026 S_KERNEL_FILE))\n can_use = true\n\t return false\n return false\n // Returns an error but doesn't put dentry\n\nAfter that the following WARNING will be triggered when the backend folder\nis umounted:\n\n==================================================================\nBUG: Dentry 000000008ad87947{i=7a,n=Dx_1_1.img} still in use (1) [unmount of ext4 sda]\nWARNING: CPU: 4 PID: 359261 at fs/dcache.c:1767 umount_check+0x5d/0x70\nCPU: 4 PID: 359261 Comm: umount Not tainted 6.6.0-dirty #25\nRIP: 0010:umount_check+0x5d/0x70\nCall Trace:\n \u003cTASK\u003e\n d_walk+0xda/0x2b0\n do_one_tree+0x20/0x40\n shrink_dcache_for_umount+0x2c/0x90\n generic_shutdown_super+0x20/0x160\n kill_block_super+0x1a/0x40\n ext4_kill_sb+0x22/0x40\n deactivate_locked_super+0x35/0x80\n cleanup_mnt+0x104/0x160\n==================================================================\n\nWhether cachefiles_open_file() returns true or false, the reference count\nobtained by lookup_positive_unlocked() in cachefiles_look_up_object()\nshould be released.\n\nTherefore release that reference count in cachefiles_look_up_object() to\nfix the above issue and simplify the code.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49870", "https://git.kernel.org/linus/da6ef2dffe6056aad3435e6cf7c6471c2a62187c (6.12-rc2)", "https://git.kernel.org/stable/c/7fa2382f97421978514a419c93054eca69f5247b", "https://git.kernel.org/stable/c/c7d10fa7d7691558ff967668494672415f5fa151", "https://git.kernel.org/stable/c/d32ff64c872d7e08e893c32ba6a2374583444410", "https://git.kernel.org/stable/c/da6ef2dffe6056aad3435e6cf7c6471c2a62187c", "https://git.kernel.org/stable/c/e4a28489b310339b2b8187bec0a437709be551c1", "https://linux.oracle.com/cve/CVE-2024-49870.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024102114-CVE-2024-49870-44f0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49870", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7301-1", "https://ubuntu.com/security/notices/USN-7303-1", "https://ubuntu.com/security/notices/USN-7303-2", "https://ubuntu.com/security/notices/USN-7303-3", "https://ubuntu.com/security/notices/USN-7304-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7311-1", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://www.cve.org/CVERecord?id=CVE-2024-49870" ], "PublishedDate": "2024-10-21T18:15:08.413Z", "LastModifiedDate": "2025-11-03T23:16:27.207Z" }, { "VulnerabilityID": "CVE-2024-49880", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49880", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b4e3304673405f4ec271157c005cf717909eec17838e16eb6274661f238b98fb", "Title": "kernel: ext4: fix off by one issue in alloc_flex_gd()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix off by one issue in alloc_flex_gd()\n\nWesley reported an issue:\n\n==================================================================\nEXT4-fs (dm-5): resizing filesystem from 7168 to 786432 blocks\n------------[ cut here ]------------\nkernel BUG at fs/ext4/resize.c:324!\nCPU: 9 UID: 0 PID: 3576 Comm: resize2fs Not tainted 6.11.0+ #27\nRIP: 0010:ext4_resize_fs+0x1212/0x12d0\nCall Trace:\n __ext4_ioctl+0x4e0/0x1800\n ext4_ioctl+0x12/0x20\n __x64_sys_ioctl+0x99/0xd0\n x64_sys_call+0x1206/0x20d0\n do_syscall_64+0x72/0x110\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n==================================================================\n\nWhile reviewing the patch, Honza found that when adjusting resize_bg in\nalloc_flex_gd(), it was possible for flex_gd-\u003eresize_bg to be bigger than\nflexbg_size.\n\nThe reproduction of the problem requires the following:\n\n o_group = flexbg_size * 2 * n;\n o_size = (o_group + 1) * group_size;\n n_group: [o_group + flexbg_size, o_group + flexbg_size * 2)\n o_size = (n_group + 1) * group_size;\n\nTake n=0,flexbg_size=16 as an example:\n\n last:15\n|o---------------|--------------n-|\no_group:0 resize to n_group:30\n\nThe corresponding reproducer is:\n\nimg=test.img\nrm -f $img\ntruncate -s 600M $img\nmkfs.ext4 -F $img -b 1024 -G 16 8M\ndev=`losetup -f --show $img`\nmkdir -p /tmp/test\nmount $dev /tmp/test\nresize2fs $dev 248M\n\nDelete the problematic plus 1 to fix the issue, and add a WARN_ON_ONCE()\nto prevent the issue from happening again.\n\n[ Note: another reproucer which this commit fixes is:\n\n img=test.img\n rm -f $img\n truncate -s 25MiB $img\n mkfs.ext4 -b 4096 -E nodiscard,lazy_itable_init=0,lazy_journal_init=0 $img\n truncate -s 3GiB $img\n dev=`losetup -f --show $img`\n mkdir -p /tmp/test\n mount $dev /tmp/test\n resize2fs $dev 3G\n umount $dev\n losetup -d $dev\n\n -- TYT ]", "Severity": "MEDIUM", "CweIDs": [ "CWE-193" ], "VendorSeverity": { "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49880", "https://git.kernel.org/linus/6121258c2b33ceac3d21f6a221452692c465df88 (6.12-rc2)", "https://git.kernel.org/stable/c/0d80d2b8bf613398baf7185009e35f9d0459ecb0", "https://git.kernel.org/stable/c/6121258c2b33ceac3d21f6a221452692c465df88", "https://git.kernel.org/stable/c/acb559d6826116cc113598640d105094620c2526", "https://lore.kernel.org/linux-cve-announce/2024102116-CVE-2024-49880-11cd@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49880", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7301-1", "https://ubuntu.com/security/notices/USN-7303-1", "https://ubuntu.com/security/notices/USN-7303-2", "https://ubuntu.com/security/notices/USN-7303-3", "https://ubuntu.com/security/notices/USN-7304-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7311-1", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://www.cve.org/CVERecord?id=CVE-2024-49880" ], "PublishedDate": "2024-10-21T18:15:10.373Z", "LastModifiedDate": "2024-10-25T14:42:58.203Z" }, { "VulnerabilityID": "CVE-2024-49888", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49888", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:fe9cb15365c3c1bda42a9e7ca4a0cb215d109fee10be558dc50d1257c2b694b5", "Title": "kernel: bpf: Fix a sdiv overflow issue", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a sdiv overflow issue\n\nZac Ecob reported a problem where a bpf program may cause kernel crash due\nto the following error:\n Oops: divide error: 0000 [#1] PREEMPT SMP KASAN PTI\n\nThe failure is due to the below signed divide:\n LLONG_MIN/-1 where LLONG_MIN equals to -9,223,372,036,854,775,808.\nLLONG_MIN/-1 is supposed to give a positive number 9,223,372,036,854,775,808,\nbut it is impossible since for 64-bit system, the maximum positive\nnumber is 9,223,372,036,854,775,807. On x86_64, LLONG_MIN/-1 will\ncause a kernel exception. On arm64, the result for LLONG_MIN/-1 is\nLLONG_MIN.\n\nFurther investigation found all the following sdiv/smod cases may trigger\nan exception when bpf program is running on x86_64 platform:\n - LLONG_MIN/-1 for 64bit operation\n - INT_MIN/-1 for 32bit operation\n - LLONG_MIN%-1 for 64bit operation\n - INT_MIN%-1 for 32bit operation\nwhere -1 can be an immediate or in a register.\n\nOn arm64, there are no exceptions:\n - LLONG_MIN/-1 = LLONG_MIN\n - INT_MIN/-1 = INT_MIN\n - LLONG_MIN%-1 = 0\n - INT_MIN%-1 = 0\nwhere -1 can be an immediate or in a register.\n\nInsn patching is needed to handle the above cases and the patched codes\nproduced results aligned with above arm64 result. The below are pseudo\ncodes to handle sdiv/smod exceptions including both divisor -1 and divisor 0\nand the divisor is stored in a register.\n\nsdiv:\n tmp = rX\n tmp += 1 /* [-1, 0] -\u003e [0, 1]\n if tmp \u003e(unsigned) 1 goto L2\n if tmp == 0 goto L1\n rY = 0\n L1:\n rY = -rY;\n goto L3\n L2:\n rY /= rX\n L3:\n\nsmod:\n tmp = rX\n tmp += 1 /* [-1, 0] -\u003e [0, 1]\n if tmp \u003e(unsigned) 1 goto L1\n if tmp == 1 (is64 ? goto L2 : goto L3)\n rY = 0;\n goto L2\n L1:\n rY %= rX\n L2:\n goto L4 // only when !is64\n L3:\n wY = wY // only when !is64\n L4:\n\n [1] https://lore.kernel.org/bpf/tPJLTEh7S_DxFEqAI2Ji5MBSoZVg7_G-Py2iaZpAaWtM961fFTWtsnlzwvTbzBzaUzwQAoNATXKUlt0LZOFgnDcIyKCswAnAGdUF3LBrhGQ=@protonmail.com/", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "alma": 2, "nvd": 2, "oracle-oval": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:11486", "https://access.redhat.com/security/cve/CVE-2024-49888", "https://bugzilla.redhat.com/2280462", "https://bugzilla.redhat.com/2293429", "https://bugzilla.redhat.com/2311717", "https://bugzilla.redhat.com/2312085", "https://bugzilla.redhat.com/2320254", "https://bugzilla.redhat.com/2320517", "https://bugzilla.redhat.com/2323904", "https://bugzilla.redhat.com/2323930", "https://bugzilla.redhat.com/2323937", "https://bugzilla.redhat.com/2323944", "https://bugzilla.redhat.com/2323955", "https://bugzilla.redhat.com/2324315", "https://bugzilla.redhat.com/2324332", "https://bugzilla.redhat.com/2324612", "https://bugzilla.redhat.com/2324867", "https://bugzilla.redhat.com/2324868", "https://bugzilla.redhat.com/2324892", "https://errata.almalinux.org/9/ALSA-2024-11486.html", "https://git.kernel.org/linus/7dd34d7b7dcf9309fc6224caf4dd5b35bedddcb7 (6.12-rc1)", "https://git.kernel.org/stable/c/4902a6a0dc593c82055fc8c9ada371bafe26c9cc", "https://git.kernel.org/stable/c/7dd34d7b7dcf9309fc6224caf4dd5b35bedddcb7", "https://git.kernel.org/stable/c/d22e45a369afc7c28f11acfa5b5e8e478227ca5d", "https://linux.oracle.com/cve/CVE-2024-49888.html", "https://linux.oracle.com/errata/ELSA-2024-11486.html", "https://lore.kernel.org/linux-cve-announce/2024102117-CVE-2024-49888-027c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49888", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7301-1", "https://ubuntu.com/security/notices/USN-7303-1", "https://ubuntu.com/security/notices/USN-7303-2", "https://ubuntu.com/security/notices/USN-7303-3", "https://ubuntu.com/security/notices/USN-7304-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7311-1", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://www.cve.org/CVERecord?id=CVE-2024-49888" ], "PublishedDate": "2024-10-21T18:15:11.443Z", "LastModifiedDate": "2024-11-13T14:54:25.787Z" }, { "VulnerabilityID": "CVE-2024-49891", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49891", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d4d37c6cc54cc3357f07a7be09e1ee309929f095c76d098b44a1cabf05935034", "Title": "kernel: scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths\n\nWhen the HBA is undergoing a reset or is handling an errata event, NULL ptr\ndereference crashes may occur in routines such as\nlpfc_sli_flush_io_rings(), lpfc_dev_loss_tmo_callbk(), or\nlpfc_abort_handler().\n\nAdd NULL ptr checks before dereferencing hdwq pointers that may have been\nfreed due to operations colliding with a reset or errata event handler.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49891", "https://git.kernel.org/linus/2be1d4f11944cd6283cb97268b3e17c4424945ca (6.12-rc1)", "https://git.kernel.org/stable/c/232a138bd843d48cb2368f604646d990db7640f3", "https://git.kernel.org/stable/c/2be1d4f11944cd6283cb97268b3e17c4424945ca", "https://git.kernel.org/stable/c/5873aa7f814754085d418848b2089ef406a02dd0", "https://git.kernel.org/stable/c/99a801e2fca39a6f31e543fc3383058a8955896f", "https://git.kernel.org/stable/c/fd665c8dbdb19548965b0ae80c490de00e906366", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024102118-CVE-2024-49891-931a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49891", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7301-1", "https://ubuntu.com/security/notices/USN-7303-1", "https://ubuntu.com/security/notices/USN-7303-2", "https://ubuntu.com/security/notices/USN-7303-3", "https://ubuntu.com/security/notices/USN-7304-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7311-1", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://www.cve.org/CVERecord?id=CVE-2024-49891" ], "PublishedDate": "2024-10-21T18:15:11.657Z", "LastModifiedDate": "2025-11-03T21:16:34.527Z" }, { "VulnerabilityID": "CVE-2024-49893", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49893", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:53687e4907b085a1f019d974b641191cd4c7c4a40ae052fc7c6cd2d616e9f2b7", "Title": "kernel: drm/amd/display: Check stream_status before it is used", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check stream_status before it is used\n\n[WHAT \u0026 HOW]\ndc_state_get_stream_status can return null, and therefore null must be\nchecked before stream_status is used.\n\nThis fixes 1 NULL_RETURNS issue reported by Coverity.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49893", "https://git.kernel.org/linus/58a8ee96f84d2c21abb85ad8c22d2bbdf59bd7a9 (6.12-rc1)", "https://git.kernel.org/stable/c/4914c8bfee1843fae046a12970b6f178e6642659", "https://git.kernel.org/stable/c/58a8ee96f84d2c21abb85ad8c22d2bbdf59bd7a9", "https://lore.kernel.org/linux-cve-announce/2024102118-CVE-2024-49893-72a4@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49893", "https://ubuntu.com/security/notices/USN-7170-1", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7383-1", "https://ubuntu.com/security/notices/USN-7383-2", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-49893" ], "PublishedDate": "2024-10-21T18:15:11.85Z", "LastModifiedDate": "2024-10-25T14:32:44.987Z" }, { "VulnerabilityID": "CVE-2024-49898", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49898", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a1a7af31d0677e8aee4bc31695b78844abecf4247363a205a60a62b610ea6a43", "Title": "kernel: drm/amd/display: Check null-initialized variables", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check null-initialized variables\n\n[WHAT \u0026 HOW]\ndrr_timing and subvp_pipe are initialized to null and they are not\nalways assigned new values. It is necessary to check for null before\ndereferencing.\n\nThis fixes 2 FORWARD_NULL issues reported by Coverity.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49898", "https://git.kernel.org/linus/367cd9ceba1933b63bc1d87d967baf6d9fd241d2 (6.12-rc1)", "https://git.kernel.org/stable/c/115b1a3b0944b4d8ef0b4b0c5a625bdd9474131f", "https://git.kernel.org/stable/c/26d262b79a3587aaa84368586a55e9026c67841b", "https://git.kernel.org/stable/c/367cd9ceba1933b63bc1d87d967baf6d9fd241d2", "https://git.kernel.org/stable/c/3fc70ae048fe0936761b73b50700a810ff61e853", "https://git.kernel.org/stable/c/c3a3b6d9a9383e3c1a4a08878ba5046e68647595", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024102119-CVE-2024-49898-adff@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49898", "https://ubuntu.com/security/notices/USN-7170-1", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7301-1", "https://ubuntu.com/security/notices/USN-7303-1", "https://ubuntu.com/security/notices/USN-7303-2", "https://ubuntu.com/security/notices/USN-7303-3", "https://ubuntu.com/security/notices/USN-7304-1", "https://ubuntu.com/security/notices/USN-7311-1", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://www.cve.org/CVERecord?id=CVE-2024-49898" ], "PublishedDate": "2024-10-21T18:15:12.19Z", "LastModifiedDate": "2025-11-03T21:16:35.673Z" }, { "VulnerabilityID": "CVE-2024-49899", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49899", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:46308f53501a80e459b05185bd32bca3dcaa6f55d3d25b58e710d73963b79f75", "Title": "kernel: drm/amd/display: Initialize denominators' default to 1", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Initialize denominators' default to 1\n\n[WHAT \u0026 HOW]\nVariables used as denominators and maybe not assigned to other values,\nshould not be 0. Change their default to 1 so they are never 0.\n\nThis fixes 10 DIVIDE_BY_ZERO issues reported by Coverity.", "Severity": "MEDIUM", "CweIDs": [ "CWE-369" ], "VendorSeverity": { "azure": 2, "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49899", "https://git.kernel.org/linus/b995c0a6de6c74656a0c39cd57a0626351b13e3c (6.12-rc1)", "https://git.kernel.org/stable/c/7f8e93b862aba08d540f1e9e03e0ceb4d0cfd5fb", "https://git.kernel.org/stable/c/9be768f08b16f020da376538b08463ac3a2ce8cd", "https://git.kernel.org/stable/c/9f35cec5e4b9759b38c663d18eae4eaf30f36527", "https://git.kernel.org/stable/c/b995c0a6de6c74656a0c39cd57a0626351b13e3c", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024102119-CVE-2024-49899-3daa@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49899", "https://ubuntu.com/security/notices/USN-7170-1", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-49899" ], "PublishedDate": "2024-10-21T18:15:12.253Z", "LastModifiedDate": "2025-11-03T21:16:35.8Z" }, { "VulnerabilityID": "CVE-2024-49901", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49901", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9c44e9b2db4cef5270ef4330c73d0e29bd6babebce77f6a542a9cbd4e63d796e", "Title": "kernel: drm/msm/adreno: Assign msm_gpu-\u0026gt;pdev earlier to avoid nullptrs", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/adreno: Assign msm_gpu-\u003epdev earlier to avoid nullptrs\n\nThere are some cases, such as the one uncovered by Commit 46d4efcccc68\n(\"drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails\")\nwhere\n\nmsm_gpu_cleanup() : platform_set_drvdata(gpu-\u003epdev, NULL);\n\nis called on gpu-\u003epdev == NULL, as the GPU device has not been fully\ninitialized yet.\n\nTurns out that there's more than just the aforementioned path that\ncauses this to happen (e.g. the case when there's speedbin data in the\ncatalog, but opp-supported-hw is missing in DT).\n\nAssigning msm_gpu-\u003epdev earlier seems like the least painful solution\nto this, therefore do so.\n\nPatchwork: https://patchwork.freedesktop.org/patch/602742/", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49901", "https://git.kernel.org/linus/16007768551d5bfe53426645401435ca8d2ef54f (6.12-rc1)", "https://git.kernel.org/stable/c/16007768551d5bfe53426645401435ca8d2ef54f", "https://git.kernel.org/stable/c/9288a9676c529ad9c856096db68fad812499bc4a", "https://git.kernel.org/stable/c/9773737375b20070ea935203fd66cb9fa17c5acb", "https://git.kernel.org/stable/c/e8ac2060597a5768e4699bb61d604b4c09927b85", "https://lore.kernel.org/linux-cve-announce/2024102120-CVE-2024-49901-4522@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49901", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7301-1", "https://ubuntu.com/security/notices/USN-7303-1", "https://ubuntu.com/security/notices/USN-7303-2", "https://ubuntu.com/security/notices/USN-7303-3", "https://ubuntu.com/security/notices/USN-7304-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7311-1", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://www.cve.org/CVERecord?id=CVE-2024-49901" ], "PublishedDate": "2024-10-21T18:15:12.48Z", "LastModifiedDate": "2024-10-25T14:05:16.967Z" }, { "VulnerabilityID": "CVE-2024-49904", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49904", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:de7830119f69c17a2e2d6d60426acf813a9c3403b2001b7213b3c7b16d9b08ed", "Title": "kernel: drm/amdgpu: add list empty check to avoid null pointer issue", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: add list empty check to avoid null pointer issue\n\nAdd list empty check to avoid null pointer issues in some corner cases.\n- list_for_each_entry_safe()", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49904", "https://git.kernel.org/linus/4416377ae1fdc41a90b665943152ccd7ff61d3c5 (6.12-rc1)", "https://git.kernel.org/stable/c/4416377ae1fdc41a90b665943152ccd7ff61d3c5", "https://git.kernel.org/stable/c/5ec731ef47f1dba34daad3e51a93de793f9319ac", "https://git.kernel.org/stable/c/8e87763946f708063d7e5303339598abbb8c5aac", "https://linux.oracle.com/cve/CVE-2024-49904.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lore.kernel.org/linux-cve-announce/2024102120-CVE-2024-49904-121b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49904", "https://ubuntu.com/security/notices/USN-7170-1", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://www.cve.org/CVERecord?id=CVE-2024-49904" ], "PublishedDate": "2024-10-21T18:15:12.96Z", "LastModifiedDate": "2024-10-25T15:54:47.737Z" }, { "VulnerabilityID": "CVE-2024-49905", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49905", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c5f23ee970f6c5bb8304def2907bd059095c4072e93436778f40d2b6b93c4fc0", "Title": "kernel: drm/amd/display: Add null check for \u0026#39;afb\u0026#39; in amdgpu_dm_plane_handle_cursor_update (v2)", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check for 'afb' in amdgpu_dm_plane_handle_cursor_update (v2)\n\nThis commit adds a null check for the 'afb' variable in the\namdgpu_dm_plane_handle_cursor_update function. Previously, 'afb' was\nassumed to be null, but was used later in the code without a null check.\nThis could potentially lead to a null pointer dereference.\n\nChanges since v1:\n- Moved the null check for 'afb' to the line where 'afb' is used. (Alex)\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_plane.c:1298 amdgpu_dm_plane_handle_cursor_update() error: we previously assumed 'afb' could be null (see line 1252)", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49905", "https://git.kernel.org/linus/cd9e9e0852d501f169aa3bb34e4b413d2eb48c37 (6.12-rc1)", "https://git.kernel.org/stable/c/75839e2365b666ff4e1b9047e442cab138eac4f6", "https://git.kernel.org/stable/c/9132882eaae4d21d2fc5843b3308379a481ebdf0", "https://git.kernel.org/stable/c/bd0e24e5e608ccb9fdda300bb974496d6d8cf57d", "https://git.kernel.org/stable/c/cd9e9e0852d501f169aa3bb34e4b413d2eb48c37", "https://git.kernel.org/stable/c/e4e26cbe34d7c1c1db5fb7b3101573c29866439f", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024102121-CVE-2024-49905-7f47@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49905", "https://ubuntu.com/security/notices/USN-7170-1", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7301-1", "https://ubuntu.com/security/notices/USN-7303-1", "https://ubuntu.com/security/notices/USN-7303-2", "https://ubuntu.com/security/notices/USN-7303-3", "https://ubuntu.com/security/notices/USN-7304-1", "https://ubuntu.com/security/notices/USN-7311-1", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://www.cve.org/CVERecord?id=CVE-2024-49905" ], "PublishedDate": "2024-10-21T18:15:13.033Z", "LastModifiedDate": "2025-11-03T23:16:30.567Z" }, { "VulnerabilityID": "CVE-2024-49906", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49906", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:67c273b825354157f5bd05f0bad21cf7b1edacff018cc5115d1330a131178a3e", "Title": "kernel: drm/amd/display: Check null pointer before try to access it", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check null pointer before try to access it\n\n[why \u0026 how]\nChange the order of the pipe_ctx-\u003eplane_state check to ensure that\nplane_state is not null before accessing it.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49906", "https://git.kernel.org/linus/1b686053c06ffb9f4524b288110cf2a831ff7a25 (6.12-rc1)", "https://git.kernel.org/stable/c/1b686053c06ffb9f4524b288110cf2a831ff7a25", "https://git.kernel.org/stable/c/2002ccb93004e76a471b180560accb2c1f850f35", "https://git.kernel.org/stable/c/ebef6616219ff04abdeb39450625f85419787ee3", "https://lore.kernel.org/linux-cve-announce/2024102121-CVE-2024-49906-5cae@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49906", "https://ubuntu.com/security/notices/USN-7170-1", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-49906" ], "PublishedDate": "2024-10-21T18:15:13.12Z", "LastModifiedDate": "2024-12-09T13:10:04.64Z" }, { "VulnerabilityID": "CVE-2024-49908", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49908", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e741f39033ea8ddc46e06b2edfe33f76dbc346eacbe33c6243256a38f1892263", "Title": "kernel: drm/amd/display: Add null check for \u0026#39;afb\u0026#39; in amdgpu_dm_update_cursor (v2)", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check for 'afb' in amdgpu_dm_update_cursor (v2)\n\nThis commit adds a null check for the 'afb' variable in the\namdgpu_dm_update_cursor function. Previously, 'afb' was assumed to be\nnull at line 8388, but was used later in the code without a null check.\nThis could potentially lead to a null pointer dereference.\n\nChanges since v1:\n- Moved the null check for 'afb' to the line where 'afb' is used. (Alex)\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm.c:8433 amdgpu_dm_update_cursor()\n\terror: we previously assumed 'afb' could be null (see line 8388)", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49908", "https://git.kernel.org/linus/0fe20258b4989b9112b5e9470df33a0939403fd4 (6.12-rc1)", "https://git.kernel.org/stable/c/0fe20258b4989b9112b5e9470df33a0939403fd4", "https://git.kernel.org/stable/c/a742168b6a39ead257da53bcbe472384d6e14a1b", "https://lore.kernel.org/linux-cve-announce/2024102121-CVE-2024-49908-a7fe@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49908", "https://ubuntu.com/security/notices/USN-7170-1", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://www.cve.org/CVERecord?id=CVE-2024-49908" ], "PublishedDate": "2024-10-21T18:15:13.29Z", "LastModifiedDate": "2024-10-24T03:42:50.683Z" }, { "VulnerabilityID": "CVE-2024-49909", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49909", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:16ff317cd5c0f5ec5016a5839422db73391a04df0a5ae4e2d308c94d72627b00", "Title": "kernel: drm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func\n\nThis commit adds a null check for the set_output_gamma function pointer\nin the dcn32_set_output_transfer_func function. Previously,\nset_output_gamma was being checked for null, but then it was being\ndereferenced without any null check. This could lead to a null pointer\ndereference if set_output_gamma is null.\n\nTo fix this, we now ensure that set_output_gamma is not null before\ndereferencing it. We do this by adding a null check for set_output_gamma\nbefore the call to set_output_gamma.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49909", "https://git.kernel.org/linus/28574b08c70e56d34d6f6379326a860b96749051 (6.12-rc1)", "https://git.kernel.org/stable/c/28574b08c70e56d34d6f6379326a860b96749051", "https://git.kernel.org/stable/c/496486950c3d2aebf46a3be300296ac091da7a2d", "https://git.kernel.org/stable/c/5298270bdabe97be5b8236e544c9e936415fe1f2", "https://git.kernel.org/stable/c/e087c9738ee1cdeebde346f4dfc819e5f7057e90", "https://git.kernel.org/stable/c/f38b09ba6a335c511eb27920bb9bb4a1b2c20084", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024102121-CVE-2024-49909-5d54@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49909", "https://ubuntu.com/security/notices/USN-7170-1", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7301-1", "https://ubuntu.com/security/notices/USN-7303-1", "https://ubuntu.com/security/notices/USN-7303-2", "https://ubuntu.com/security/notices/USN-7303-3", "https://ubuntu.com/security/notices/USN-7304-1", "https://ubuntu.com/security/notices/USN-7311-1", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://www.cve.org/CVERecord?id=CVE-2024-49909" ], "PublishedDate": "2024-10-21T18:15:13.357Z", "LastModifiedDate": "2025-11-03T21:16:36.807Z" }, { "VulnerabilityID": "CVE-2024-49910", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49910", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4fd30c0ed2b143852c23dd7f945c6f06a0a72907e21797c428f847e8357a2fd4", "Title": "kernel: drm/amd/display: Add NULL check for function pointer in dcn401_set_output_transfer_func", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL check for function pointer in dcn401_set_output_transfer_func\n\nThis commit adds a null check for the set_output_gamma function pointer\nin the dcn401_set_output_transfer_func function. Previously,\nset_output_gamma was being checked for null, but then it was being\ndereferenced without any null check. This could lead to a null pointer\ndereference if set_output_gamma is null.\n\nTo fix this, we now ensure that set_output_gamma is not null before\ndereferencing it. We do this by adding a null check for set_output_gamma\nbefore the call to set_output_gamma.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49910", "https://git.kernel.org/linus/dd340acd42c24a3f28dd22fae6bf38662334264c (6.12-rc1)", "https://git.kernel.org/stable/c/d8ee900b92b6526cf84275b49a473155ad75c70e", "https://git.kernel.org/stable/c/dd340acd42c24a3f28dd22fae6bf38662334264c", "https://lore.kernel.org/linux-cve-announce/2024102122-CVE-2024-49910-b56b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49910", "https://ubuntu.com/security/notices/USN-7170-1", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://www.cve.org/CVERecord?id=CVE-2024-49910" ], "PublishedDate": "2024-10-21T18:15:13.433Z", "LastModifiedDate": "2024-10-24T02:58:00.223Z" }, { "VulnerabilityID": "CVE-2024-49911", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49911", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8616037641ce305b960a2bacc5b8e13c924c849c7ad548134af6b19c652ff46e", "Title": "kernel: drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func\n\nThis commit adds a null check for the set_output_gamma function pointer\nin the dcn20_set_output_transfer_func function. Previously,\nset_output_gamma was being checked for null at line 1030, but then it\nwas being dereferenced without any null check at line 1048. This could\npotentially lead to a null pointer dereference error if set_output_gamma\nis null.\n\nTo fix this, we now ensure that set_output_gamma is not null before\ndereferencing it. We do this by adding a null check for set_output_gamma\nbefore the call to set_output_gamma at line 1048.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49911", "https://git.kernel.org/linus/62ed6f0f198da04e884062264df308277628004f (6.12-rc1)", "https://git.kernel.org/stable/c/02411e9359297512946705b1cd8cf5e6b0806fa0", "https://git.kernel.org/stable/c/62ed6f0f198da04e884062264df308277628004f", "https://git.kernel.org/stable/c/827380b114f83c30b3e56d1a675980b6d65f7c88", "https://git.kernel.org/stable/c/8c854138b593efbbd8fa46a25f3288c121c1d1a1", "https://git.kernel.org/stable/c/e8a24767899c86f4c5f1e4d3b2608942d054900f", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024102122-CVE-2024-49911-8636@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49911", "https://ubuntu.com/security/notices/USN-7170-1", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7301-1", "https://ubuntu.com/security/notices/USN-7303-1", "https://ubuntu.com/security/notices/USN-7303-2", "https://ubuntu.com/security/notices/USN-7303-3", "https://ubuntu.com/security/notices/USN-7304-1", "https://ubuntu.com/security/notices/USN-7311-1", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://www.cve.org/CVERecord?id=CVE-2024-49911" ], "PublishedDate": "2024-10-21T18:15:13.507Z", "LastModifiedDate": "2025-11-03T21:16:36.933Z" }, { "VulnerabilityID": "CVE-2024-49912", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49912", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:871c0b8e5231bd48b23acbcc934f2337b37c7b878949472ef4f4139935ed142c", "Title": "kernel: drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream'", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream'\n\nThis commit adds a null check for 'stream_status' in the function\n'planes_changed_for_existing_stream'. Previously, the code assumed\n'stream_status' could be null, but did not handle the case where it was\nactually null. This could lead to a null pointer dereference.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_resource.c:3784 planes_changed_for_existing_stream() error: we previously assumed 'stream_status' could be null (see line 3774)", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49912", "https://git.kernel.org/linus/8141f21b941710ecebe49220b69822cab3abd23d (6.12-rc1)", "https://git.kernel.org/stable/c/0ffd9fb03bbc99ed1eb5dc989d5c7da2faac0659", "https://git.kernel.org/stable/c/4778982c73d6c9f3fdbdbc6b6c8aa18df98251af", "https://git.kernel.org/stable/c/8141f21b941710ecebe49220b69822cab3abd23d", "https://git.kernel.org/stable/c/c4b699b93496c423b0e5b584d4eb4ab849313bcf", "https://git.kernel.org/stable/c/ec6c32b58e6c4e87760e797c525e99a460c82bcb", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024102122-CVE-2024-49912-987d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49912", "https://ubuntu.com/security/notices/USN-7170-1", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7301-1", "https://ubuntu.com/security/notices/USN-7303-1", "https://ubuntu.com/security/notices/USN-7303-2", "https://ubuntu.com/security/notices/USN-7303-3", "https://ubuntu.com/security/notices/USN-7304-1", "https://ubuntu.com/security/notices/USN-7311-1", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://www.cve.org/CVERecord?id=CVE-2024-49912" ], "PublishedDate": "2024-10-21T18:15:13.593Z", "LastModifiedDate": "2025-11-03T23:16:30.837Z" }, { "VulnerabilityID": "CVE-2024-49914", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49914", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:783b9fb4e459a47d7bbf032651f19af768a7562ef4921f3e3930438c0d2db3f6", "Title": "kernel: drm/amd/display: Add null check for pipe_ctx-\u0026gt;plane_state in dcn20_program_pipe", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check for pipe_ctx-\u003eplane_state in dcn20_program_pipe\n\nThis commit addresses a null pointer dereference issue in the\n`dcn20_program_pipe` function. The issue could occur when\n`pipe_ctx-\u003eplane_state` is null.\n\nThe fix adds a check to ensure `pipe_ctx-\u003eplane_state` is not null\nbefore accessing. This prevents a null pointer dereference.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn20/dcn20_hwseq.c:1925 dcn20_program_pipe() error: we previously assumed 'pipe_ctx-\u003eplane_state' could be null (see line 1877)", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49914", "https://git.kernel.org/linus/8e4ed3cf1642df0c4456443d865cff61a9598aa8 (6.12-rc1)", "https://git.kernel.org/stable/c/65a6fee22d5cfa645cb05489892dc9cd3d142fc2", "https://git.kernel.org/stable/c/68f75e6f08aad66069a629db8d7840919156c761", "https://git.kernel.org/stable/c/8e4ed3cf1642df0c4456443d865cff61a9598aa8", "https://lore.kernel.org/linux-cve-announce/2024102122-CVE-2024-49914-477e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49914", "https://ubuntu.com/security/notices/USN-7170-1", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7383-1", "https://ubuntu.com/security/notices/USN-7383-2", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-49914" ], "PublishedDate": "2024-10-21T18:15:13.723Z", "LastModifiedDate": "2024-12-09T13:10:05.087Z" }, { "VulnerabilityID": "CVE-2024-49915", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49915", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8b0c998d4730741e7606459c66c9dea785992b3bcf2286e398a281715b573eae", "Title": "kernel: drm/amd/display: Add NULL check for clk_mgr in dcn32_init_hw", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL check for clk_mgr in dcn32_init_hw\n\nThis commit addresses a potential null pointer dereference issue in the\n`dcn32_init_hw` function. The issue could occur when `dc-\u003eclk_mgr` is\nnull.\n\nThe fix adds a check to ensure `dc-\u003eclk_mgr` is not null before\naccessing its functions. This prevents a potential null pointer\ndereference.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn32/dcn32_hwseq.c:961 dcn32_init_hw() error: we previously assumed 'dc-\u003eclk_mgr' could be null (see line 782)", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49915", "https://git.kernel.org/linus/c395fd47d1565bd67671f45cca281b3acc2c31ef (6.12-rc1)", "https://git.kernel.org/stable/c/0d94d9cbd9fec7344d230c4f7b781826f7799c60", "https://git.kernel.org/stable/c/7d1854c86d02cea8f8a0c0ca05f4ab14292baf3d", "https://git.kernel.org/stable/c/c395fd47d1565bd67671f45cca281b3acc2c31ef", "https://git.kernel.org/stable/c/ec1be3c527b4a5fc85bcc1b0be7cec08bf60c796", "https://git.kernel.org/stable/c/f0454b3cb0584a6bf275aeb49be61a760fd546a2", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024102123-CVE-2024-49915-42ec@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49915", "https://ubuntu.com/security/notices/USN-7170-1", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7301-1", "https://ubuntu.com/security/notices/USN-7303-1", "https://ubuntu.com/security/notices/USN-7303-2", "https://ubuntu.com/security/notices/USN-7303-3", "https://ubuntu.com/security/notices/USN-7304-1", "https://ubuntu.com/security/notices/USN-7311-1", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://www.cve.org/CVERecord?id=CVE-2024-49915" ], "PublishedDate": "2024-10-21T18:15:13.787Z", "LastModifiedDate": "2025-11-03T21:16:37.22Z" }, { "VulnerabilityID": "CVE-2024-49916", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49916", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:bcb5c75719fedce3e8580653abf5655c4396c33b10c20c5f4fca10d84e380e18", "Title": "kernel: drm/amd/display: Add NULL check for clk_mgr and clk_mgr-\u0026gt;funcs in dcn401_init_hw", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL check for clk_mgr and clk_mgr-\u003efuncs in dcn401_init_hw\n\nThis commit addresses a potential null pointer dereference issue in the\n`dcn401_init_hw` function. The issue could occur when `dc-\u003eclk_mgr` or\n`dc-\u003eclk_mgr-\u003efuncs` is null.\n\nThe fix adds a check to ensure `dc-\u003eclk_mgr` and `dc-\u003eclk_mgr-\u003efuncs` is\nnot null before accessing its functions. This prevents a potential null\npointer dereference.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn401/dcn401_hwseq.c:416 dcn401_init_hw() error: we previously assumed 'dc-\u003eclk_mgr' could be null (see line 225)", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49916", "https://git.kernel.org/linus/4b6377f0e96085cbec96eb7f0b282430ccdd3d75 (6.12-rc1)", "https://git.kernel.org/stable/c/4b6377f0e96085cbec96eb7f0b282430ccdd3d75", "https://git.kernel.org/stable/c/ac1c41e318074d8a9ea925787e366be15d7645e8", "https://lore.kernel.org/linux-cve-announce/2024102123-CVE-2024-49916-3384@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49916", "https://ubuntu.com/security/notices/USN-7170-1", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://www.cve.org/CVERecord?id=CVE-2024-49916" ], "PublishedDate": "2024-10-21T18:15:13.877Z", "LastModifiedDate": "2024-10-24T17:03:19.457Z" }, { "VulnerabilityID": "CVE-2024-49917", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49917", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:62bb39ea73d5a8e61359e989ec60e71d8ebf3dcd5f8683caf661ee601246958f", "Title": "kernel: drm/amd/display: Add NULL check for clk_mgr and clk_mgr-\u0026gt;funcs in dcn30_init_hw", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL check for clk_mgr and clk_mgr-\u003efuncs in dcn30_init_hw\n\nThis commit addresses a potential null pointer dereference issue in the\n`dcn30_init_hw` function. The issue could occur when `dc-\u003eclk_mgr` or\n`dc-\u003eclk_mgr-\u003efuncs` is null.\n\nThe fix adds a check to ensure `dc-\u003eclk_mgr` and `dc-\u003eclk_mgr-\u003efuncs` is\nnot null before accessing its functions. This prevents a potential null\npointer dereference.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:789 dcn30_init_hw() error: we previously assumed 'dc-\u003eclk_mgr' could be null (see line 628)", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49917", "https://git.kernel.org/linus/cba7fec864172dadd953daefdd26e01742b71a6a (6.12-rc1)", "https://git.kernel.org/stable/c/205e3b96cc9aa9211fd2c849a16245cf236b2d36", "https://git.kernel.org/stable/c/23cb6139543580dc36743586ca86fbb3f7ab2c9d", "https://git.kernel.org/stable/c/5443c83eb8fd2f88c71ced38848fbf744d6206a2", "https://git.kernel.org/stable/c/56c326577971adc3a230f29dfd3aa3abdd505f5d", "https://git.kernel.org/stable/c/cba7fec864172dadd953daefdd26e01742b71a6a", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024102123-CVE-2024-49917-f643@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49917", "https://ubuntu.com/security/notices/USN-7170-1", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7301-1", "https://ubuntu.com/security/notices/USN-7303-1", "https://ubuntu.com/security/notices/USN-7303-2", "https://ubuntu.com/security/notices/USN-7303-3", "https://ubuntu.com/security/notices/USN-7304-1", "https://ubuntu.com/security/notices/USN-7311-1", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://www.cve.org/CVERecord?id=CVE-2024-49917" ], "PublishedDate": "2024-10-21T18:15:13.937Z", "LastModifiedDate": "2025-11-03T21:16:37.36Z" }, { "VulnerabilityID": "CVE-2024-49918", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49918", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:de135842d187164cc5b6e54fffafaf0cc262a9c266fbc5c6df0dbb6e5a7295b7", "Title": "kernel: drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer\n\nThis commit addresses a potential null pointer dereference issue in the\n`dcn32_acquire_idle_pipe_for_head_pipe_in_layer` function. The issue\ncould occur when `head_pipe` is null.\n\nThe fix adds a check to ensure `head_pipe` is not null before asserting\nit. If `head_pipe` is null, the function returns NULL to prevent a\npotential null pointer dereference.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn32/dcn32_resource.c:2690 dcn32_acquire_idle_pipe_for_head_pipe_in_layer() error: we previously assumed 'head_pipe' could be null (see line 2681)", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49918", "https://git.kernel.org/linus/ac2140449184a26eac99585b7f69814bd3ba8f2d (6.12-rc1)", "https://git.kernel.org/stable/c/4f47292f488fa7041284dca1f1244116c18721f1", "https://git.kernel.org/stable/c/96d4c2ee18d732a248d053aae8c4a27cb1d68d1c", "https://git.kernel.org/stable/c/ac2140449184a26eac99585b7f69814bd3ba8f2d", "https://lore.kernel.org/linux-cve-announce/2024102123-CVE-2024-49918-4c25@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49918", "https://ubuntu.com/security/notices/USN-7170-1", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7301-1", "https://ubuntu.com/security/notices/USN-7303-1", "https://ubuntu.com/security/notices/USN-7303-2", "https://ubuntu.com/security/notices/USN-7303-3", "https://ubuntu.com/security/notices/USN-7304-1", "https://ubuntu.com/security/notices/USN-7311-1", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://www.cve.org/CVERecord?id=CVE-2024-49918" ], "PublishedDate": "2024-10-21T18:15:14.03Z", "LastModifiedDate": "2024-10-24T16:49:57.453Z" }, { "VulnerabilityID": "CVE-2024-49919", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49919", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7ba7eec801672fed88ff5281c623a9b995cee6f5d137a4e1459b3d4035af3ac4", "Title": "kernel: drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer\n\nThis commit addresses a potential null pointer dereference issue in the\n`dcn201_acquire_free_pipe_for_layer` function. The issue could occur\nwhen `head_pipe` is null.\n\nThe fix adds a check to ensure `head_pipe` is not null before asserting\nit. If `head_pipe` is null, the function returns NULL to prevent a\npotential null pointer dereference.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn201/dcn201_resource.c:1016 dcn201_acquire_free_pipe_for_layer() error: we previously assumed 'head_pipe' could be null (see line 1010)", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49919", "https://git.kernel.org/linus/f22f4754aaa47d8c59f166ba3042182859e5dff7 (6.12-rc1)", "https://git.kernel.org/stable/c/16ce8fd94da8599bb6f0496895d392a69aead1c0", "https://git.kernel.org/stable/c/390d757621f5f35d11a63ed7d9d3262ead240064", "https://git.kernel.org/stable/c/8a1b1655a490a492a5a6987254c935ecce4eb9de", "https://git.kernel.org/stable/c/f22f4754aaa47d8c59f166ba3042182859e5dff7", "https://lore.kernel.org/linux-cve-announce/2024102123-CVE-2024-49919-42fb@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49919", "https://ubuntu.com/security/notices/USN-7170-1", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7301-1", "https://ubuntu.com/security/notices/USN-7303-1", "https://ubuntu.com/security/notices/USN-7303-2", "https://ubuntu.com/security/notices/USN-7303-3", "https://ubuntu.com/security/notices/USN-7304-1", "https://ubuntu.com/security/notices/USN-7311-1", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://www.cve.org/CVERecord?id=CVE-2024-49919" ], "PublishedDate": "2024-10-21T18:15:14.117Z", "LastModifiedDate": "2025-02-21T14:15:46.8Z" }, { "VulnerabilityID": "CVE-2024-49920", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49920", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4b8c473efa18bce12cde7be90d308368af5efc7129d2967fbb1fee783dd65c53", "Title": "kernel: drm/amd/display: Check null pointers before multiple uses", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check null pointers before multiple uses\n\n[WHAT \u0026 HOW]\nPoniters, such as stream_enc and dc-\u003ebw_vbios, are null checked previously\nin the same function, so Coverity warns \"implies that stream_enc and\ndc-\u003ebw_vbios might be null\". They are used multiple times in the\nsubsequent code and need to be checked.\n\nThis fixes 10 FORWARD_NULL issues reported by Coverity.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49920", "https://git.kernel.org/linus/fdd5ecbbff751c3b9061d8ebb08e5c96119915b4 (6.12-rc1)", "https://git.kernel.org/stable/c/26787fb6c2b2ee0d1a7e1574b36f4711ae40fe27", "https://git.kernel.org/stable/c/fdd5ecbbff751c3b9061d8ebb08e5c96119915b4", "https://lore.kernel.org/linux-cve-announce/2024102124-CVE-2024-49920-038d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49920", "https://ubuntu.com/security/notices/USN-7170-1", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7383-1", "https://ubuntu.com/security/notices/USN-7383-2", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-49920" ], "PublishedDate": "2024-10-21T18:15:14.18Z", "LastModifiedDate": "2024-10-25T14:56:32.303Z" }, { "VulnerabilityID": "CVE-2024-49921", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49921", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:45aa77af68b3ee2cb0882cf3afa8a1f4cdc14e0309bc34eb6314952a60eb881a", "Title": "kernel: drm/amd/display: Check null pointers before used", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check null pointers before used\n\n[WHAT \u0026 HOW]\nPoniters, such as dc-\u003eclk_mgr, are null checked previously in the same\nfunction, so Coverity warns \"implies that \"dc-\u003eclk_mgr\" might be null\".\nAs a result, these pointers need to be checked when used again.\n\nThis fixes 10 FORWARD_NULL issues reported by Coverity.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49921", "https://git.kernel.org/linus/be1fb44389ca3038ad2430dac4234669bc177ee3 (6.12-rc1)", "https://git.kernel.org/stable/c/5b35bf1a82eb29841b67ff5643ba83762250fc24", "https://git.kernel.org/stable/c/be1fb44389ca3038ad2430dac4234669bc177ee3", "https://lore.kernel.org/linux-cve-announce/2024102124-CVE-2024-49921-621b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49921", "https://ubuntu.com/security/notices/USN-7170-1", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7383-1", "https://ubuntu.com/security/notices/USN-7383-2", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-49921" ], "PublishedDate": "2024-10-21T18:15:14.26Z", "LastModifiedDate": "2024-10-25T15:01:21.077Z" }, { "VulnerabilityID": "CVE-2024-49922", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49922", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8569a79d964119c34fecb7ae65b2f7cb471cc195bc0d6a2965714029b8f28db3", "Title": "kernel: drm/amd/display: Check null pointers before using them", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check null pointers before using them\n\n[WHAT \u0026 HOW]\nThese pointers are null checked previously in the same function,\nindicating they might be null as reported by Coverity. As a result,\nthey need to be checked when used again.\n\nThis fixes 3 FORWARD_NULL issue reported by Coverity.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49922", "https://git.kernel.org/linus/1ff12bcd7deaeed25efb5120433c6a45dd5504a8 (6.12-rc1)", "https://git.kernel.org/stable/c/1ff12bcd7deaeed25efb5120433c6a45dd5504a8", "https://git.kernel.org/stable/c/5e9386baa3033c369564d55de4bab62423e8a1d3", "https://git.kernel.org/stable/c/65e1d2c291553ef3f433a0b7109cc3002a5f40ae", "https://lore.kernel.org/linux-cve-announce/2024102124-CVE-2024-49922-5435@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49922", "https://ubuntu.com/security/notices/USN-7170-1", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7301-1", "https://ubuntu.com/security/notices/USN-7303-1", "https://ubuntu.com/security/notices/USN-7303-2", "https://ubuntu.com/security/notices/USN-7303-3", "https://ubuntu.com/security/notices/USN-7304-1", "https://ubuntu.com/security/notices/USN-7311-1", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://www.cve.org/CVERecord?id=CVE-2024-49922" ], "PublishedDate": "2024-10-21T18:15:14.327Z", "LastModifiedDate": "2024-10-25T14:56:06.057Z" }, { "VulnerabilityID": "CVE-2024-49923", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49923", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:87ab5b1900c495ca78105beede1ae12943d855517116cee3ae1e57c7452373ad", "Title": "kernel: drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags\n\n[WHAT \u0026 HOW]\n\"dcn20_validate_apply_pipe_split_flags\" dereferences merge, and thus it\ncannot be a null pointer. Let's pass a valid pointer to avoid null\ndereference.\n\nThis fixes 2 FORWARD_NULL issues reported by Coverity.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49923", "https://git.kernel.org/linus/5559598742fb4538e4c51c48ef70563c49c2af23 (6.12-rc1)", "https://git.kernel.org/stable/c/39a580cd15397e102aaec25986ae5acf492f8930", "https://git.kernel.org/stable/c/5559598742fb4538e4c51c48ef70563c49c2af23", "https://git.kernel.org/stable/c/85aa996ecfaa95d1e922867390502d23ce21b905", "https://git.kernel.org/stable/c/9a05270869f40c89f8d184fe2d37cb86e0d7e5f5", "https://lore.kernel.org/linux-cve-announce/2024102124-CVE-2024-49923-3462@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49923", "https://ubuntu.com/security/notices/USN-7170-1", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7301-1", "https://ubuntu.com/security/notices/USN-7303-1", "https://ubuntu.com/security/notices/USN-7303-2", "https://ubuntu.com/security/notices/USN-7303-3", "https://ubuntu.com/security/notices/USN-7304-1", "https://ubuntu.com/security/notices/USN-7311-1", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://www.cve.org/CVERecord?id=CVE-2024-49923" ], "PublishedDate": "2024-10-21T18:15:14.39Z", "LastModifiedDate": "2025-02-21T14:15:47.72Z" }, { "VulnerabilityID": "CVE-2024-49928", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49928", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8e3c149ec93c60d6dc7b646c8bd097b049a72b126ea32ea36a54d617e7cfa727", "Title": "kernel: wifi: rtw89: avoid reading out of bounds when loading TX power FW elements", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: avoid reading out of bounds when loading TX power FW elements\n\nBecause the loop-expression will do one more time before getting false from\ncond-expression, the original code copied one more entry size beyond valid\nregion.\n\nFix it by moving the entry copy to loop-body.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "nvd": 3, "oracle-oval": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49928", "https://git.kernel.org/linus/ed2e4bb17a4884cf29c3347353d8aabb7265b46c (6.12-rc1)", "https://git.kernel.org/stable/c/4007c3d2da31d0c755ea3fcf55e395118e5d5621", "https://git.kernel.org/stable/c/83c84cdb75572048b67d6a3916283aeac865996e", "https://git.kernel.org/stable/c/ed2e4bb17a4884cf29c3347353d8aabb7265b46c", "https://linux.oracle.com/cve/CVE-2024-49928.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lore.kernel.org/linux-cve-announce/2024102125-CVE-2024-49928-05d6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49928", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7301-1", "https://ubuntu.com/security/notices/USN-7303-1", "https://ubuntu.com/security/notices/USN-7303-2", "https://ubuntu.com/security/notices/USN-7303-3", "https://ubuntu.com/security/notices/USN-7304-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7311-1", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://www.cve.org/CVERecord?id=CVE-2024-49928" ], "PublishedDate": "2024-10-21T18:15:14.813Z", "LastModifiedDate": "2024-10-25T15:22:31.013Z" }, { "VulnerabilityID": "CVE-2024-49929", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49929", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2eedf4157b14bdc801524d6243760e569761492c10ed2b703959c16a1b3a1f61", "Title": "kernel: wifi: iwlwifi: mvm: avoid NULL pointer dereference", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: avoid NULL pointer dereference\n\niwl_mvm_tx_skb_sta() and iwl_mvm_tx_mpdu() verify that the mvmvsta\npointer is not NULL.\nIt retrieves this pointer using iwl_mvm_sta_from_mac80211, which is\ndereferencing the ieee80211_sta pointer.\nIf sta is NULL, iwl_mvm_sta_from_mac80211 will dereference a NULL\npointer.\nFix this by checking the sta pointer before retrieving the mvmsta\nfrom it. If sta is not NULL, then mvmsta isn't either.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49929", "https://git.kernel.org/linus/557a6cd847645e667f3b362560bd7e7c09aac284 (6.12-rc1)", "https://git.kernel.org/stable/c/557a6cd847645e667f3b362560bd7e7c09aac284", "https://git.kernel.org/stable/c/6dcadb2ed3b76623ab96e3e7fbeda1a374d01c28", "https://git.kernel.org/stable/c/c0b4f5d94934c290479180868a32c15ba36a6d9e", "https://git.kernel.org/stable/c/cbc6fc9cfcde151ff5eadaefdc6155f99579384f", "https://git.kernel.org/stable/c/cdbf51bfa4b0411820806777da36d93d49bc49a1", "https://linux.oracle.com/cve/CVE-2024-49929.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024102125-CVE-2024-49929-1031@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49929", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7301-1", "https://ubuntu.com/security/notices/USN-7303-1", "https://ubuntu.com/security/notices/USN-7303-2", "https://ubuntu.com/security/notices/USN-7303-3", "https://ubuntu.com/security/notices/USN-7304-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7311-1", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://www.cve.org/CVERecord?id=CVE-2024-49929" ], "PublishedDate": "2024-10-21T18:15:14.907Z", "LastModifiedDate": "2025-11-03T21:16:37.693Z" }, { "VulnerabilityID": "CVE-2024-49931", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49931", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:fd8ceae39720f03ae97efb139f7a8572b65f81f237475255b5bc221f5e695966", "Title": "kernel: wifi: ath12k: fix array out-of-bound access in SoC stats", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix array out-of-bound access in SoC stats\n\nCurrently, the ath12k_soc_dp_stats::hal_reo_error array is defined with a\nmaximum size of DP_REO_DST_RING_MAX. However, the ath12k_dp_rx_process()\nfunction access ath12k_soc_dp_stats::hal_reo_error using the REO\ndestination SRNG ring ID, which is incorrect. SRNG ring ID differ from\nnormal ring ID, and this usage leads to out-of-bounds array access. To\nfix this issue, modify ath12k_dp_rx_process() to use the normal ring ID\ndirectly instead of the SRNG ring ID to avoid out-of-bounds array access.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1", "Severity": "MEDIUM", "CweIDs": [ "CWE-129" ], "VendorSeverity": { "azure": 3, "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49931", "https://git.kernel.org/linus/e106b7ad13c1d246adaa57df73edb8f8b8acb240 (6.12-rc1)", "https://git.kernel.org/stable/c/a4aef827a41cdaf6201bbaf773c1eae4e20e967b", "https://git.kernel.org/stable/c/ad791e3ec60cb66c1e4dc121ffbf872df312427d", "https://git.kernel.org/stable/c/d0e4274d9dc9f8409d56d622cd3ecf7b6fd49e2f", "https://git.kernel.org/stable/c/e106b7ad13c1d246adaa57df73edb8f8b8acb240", "https://lore.kernel.org/linux-cve-announce/2024102126-CVE-2024-49931-f484@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49931", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7301-1", "https://ubuntu.com/security/notices/USN-7303-1", "https://ubuntu.com/security/notices/USN-7303-2", "https://ubuntu.com/security/notices/USN-7303-3", "https://ubuntu.com/security/notices/USN-7304-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7311-1", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://www.cve.org/CVERecord?id=CVE-2024-49931" ], "PublishedDate": "2024-10-21T18:15:15.08Z", "LastModifiedDate": "2024-10-25T15:16:07.98Z" }, { "VulnerabilityID": "CVE-2024-49932", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49932", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1ac8edd85c7d06f88b451ad720cdd5b1e4422b6bc872145863eb1de999f1ea46", "Title": "kernel: btrfs: don\u0026#39;t readahead the relocation inode on RST", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don't readahead the relocation inode on RST\n\nOn relocation we're doing readahead on the relocation inode, but if the\nfilesystem is backed by a RAID stripe tree we can get ENOENT (e.g. due to\npreallocated extents not being mapped in the RST) from the lookup.\n\nBut readahead doesn't handle the error and submits invalid reads to the\ndevice, causing an assertion in the scatter-gather list code:\n\n BTRFS info (device nvme1n1): balance: start -d -m -s\n BTRFS info (device nvme1n1): relocating block group 6480920576 flags data|raid0\n BTRFS error (device nvme1n1): cannot find raid-stripe for logical [6481928192, 6481969152] devid 2, profile raid0\n ------------[ cut here ]------------\n kernel BUG at include/linux/scatterlist.h:115!\n Oops: invalid opcode: 0000 [#1] PREEMPT SMP PTI\n CPU: 0 PID: 1012 Comm: btrfs Not tainted 6.10.0-rc7+ #567\n RIP: 0010:__blk_rq_map_sg+0x339/0x4a0\n RSP: 0018:ffffc90001a43820 EFLAGS: 00010202\n RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffea00045d4802\n RDX: 0000000117520000 RSI: 0000000000000000 RDI: ffff8881027d1000\n RBP: 0000000000003000 R08: ffffea00045d4902 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000001000 R12: ffff8881003d10b8\n R13: ffffc90001a438f0 R14: 0000000000000000 R15: 0000000000003000\n FS: 00007fcc048a6900(0000) GS:ffff88813bc00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000002cd11000 CR3: 00000001109ea001 CR4: 0000000000370eb0\n Call Trace:\n \u003cTASK\u003e\n ? __die_body.cold+0x14/0x25\n ? die+0x2e/0x50\n ? do_trap+0xca/0x110\n ? do_error_trap+0x65/0x80\n ? __blk_rq_map_sg+0x339/0x4a0\n ? exc_invalid_op+0x50/0x70\n ? __blk_rq_map_sg+0x339/0x4a0\n ? asm_exc_invalid_op+0x1a/0x20\n ? __blk_rq_map_sg+0x339/0x4a0\n nvme_prep_rq.part.0+0x9d/0x770\n nvme_queue_rq+0x7d/0x1e0\n __blk_mq_issue_directly+0x2a/0x90\n ? blk_mq_get_budget_and_tag+0x61/0x90\n blk_mq_try_issue_list_directly+0x56/0xf0\n blk_mq_flush_plug_list.part.0+0x52b/0x5d0\n __blk_flush_plug+0xc6/0x110\n blk_finish_plug+0x28/0x40\n read_pages+0x160/0x1c0\n page_cache_ra_unbounded+0x109/0x180\n relocate_file_extent_cluster+0x611/0x6a0\n ? btrfs_search_slot+0xba4/0xd20\n ? balance_dirty_pages_ratelimited_flags+0x26/0xb00\n relocate_data_extent.constprop.0+0x134/0x160\n relocate_block_group+0x3f2/0x500\n btrfs_relocate_block_group+0x250/0x430\n btrfs_relocate_chunk+0x3f/0x130\n btrfs_balance+0x71b/0xef0\n ? kmalloc_trace_noprof+0x13b/0x280\n btrfs_ioctl+0x2c2e/0x3030\n ? kvfree_call_rcu+0x1e6/0x340\n ? list_lru_add_obj+0x66/0x80\n ? mntput_no_expire+0x3a/0x220\n __x64_sys_ioctl+0x96/0xc0\n do_syscall_64+0x54/0x110\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7fcc04514f9b\n Code: Unable to access opcode bytes at 0x7fcc04514f71.\n RSP: 002b:00007ffeba923370 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\n RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fcc04514f9b\n RDX: 00007ffeba923460 RSI: 00000000c4009420 RDI: 0000000000000003\n RBP: 0000000000000000 R08: 0000000000000013 R09: 0000000000000001\n R10: 00007fcc043fbba8 R11: 0000000000000246 R12: 00007ffeba924fc5\n R13: 00007ffeba923460 R14: 0000000000000002 R15: 00000000004d4bb0\n \u003c/TASK\u003e\n Modules linked in:\n ---[ end trace 0000000000000000 ]---\n RIP: 0010:__blk_rq_map_sg+0x339/0x4a0\n RSP: 0018:ffffc90001a43820 EFLAGS: 00010202\n RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffea00045d4802\n RDX: 0000000117520000 RSI: 0000000000000000 RDI: ffff8881027d1000\n RBP: 0000000000003000 R08: ffffea00045d4902 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000001000 R12: ffff8881003d10b8\n R13: ffffc90001a438f0 R14: 0000000000000000 R15: 0000000000003000\n FS: 00007fcc048a6900(0000) GS:ffff88813bc00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007fcc04514f71 CR3: 00000001109ea001 CR4: 0000000000370eb0\n Kernel p\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-617" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49932", "https://git.kernel.org/linus/04915240e2c3a018e4c7f23418478d27226c8957 (6.12-rc1)", "https://git.kernel.org/stable/c/04915240e2c3a018e4c7f23418478d27226c8957", "https://git.kernel.org/stable/c/f7a1218a983ab98aba140dc20b25f60b39ee4033", "https://lore.kernel.org/linux-cve-announce/2024102126-CVE-2024-49932-e139@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49932", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://www.cve.org/CVERecord?id=CVE-2024-49932" ], "PublishedDate": "2024-10-21T18:15:15.14Z", "LastModifiedDate": "2024-11-13T15:01:49.79Z" }, { "VulnerabilityID": "CVE-2024-49939", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49939", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2188ea0a76055c6888c63f435e21ea7f623129081bace7679e3d83697db205cd", "Title": "kernel: wifi: rtw89: avoid to add interface to list twice when SER", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: avoid to add interface to list twice when SER\n\nIf SER L2 occurs during the WoWLAN resume flow, the add interface flow\nis triggered by ieee80211_reconfig(). However, due to\nrtw89_wow_resume() return failure, it will cause the add interface flow\nto be executed again, resulting in a double add list and causing a kernel\npanic. Therefore, we have added a check to prevent double adding of the\nlist.\n\nlist_add double add: new=ffff99d6992e2010, prev=ffff99d6992e2010, next=ffff99d695302628.\n------------[ cut here ]------------\nkernel BUG at lib/list_debug.c:37!\ninvalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 0 PID: 9 Comm: kworker/0:1 Tainted: G W O 6.6.30-02659-gc18865c4dfbd #1 770df2933251a0e3c888ba69d1053a817a6376a7\nHardware name: HP Grunt/Grunt, BIOS Google_Grunt.11031.169.0 06/24/2021\nWorkqueue: events_freezable ieee80211_restart_work [mac80211]\nRIP: 0010:__list_add_valid_or_report+0x5e/0xb0\nCode: c7 74 18 48 39 ce 74 13 b0 01 59 5a 5e 5f 41 58 41 59 41 5a 5d e9 e2 d6 03 00 cc 48 c7 c7 8d 4f 17 83 48 89 c2 e8 02 c0 00 00 \u003c0f\u003e 0b 48 c7 c7 aa 8c 1c 83 e8 f4 bf 00 00 0f 0b 48 c7 c7 c8 bc 12\nRSP: 0018:ffffa91b8007bc50 EFLAGS: 00010246\nRAX: 0000000000000058 RBX: ffff99d6992e0900 RCX: a014d76c70ef3900\nRDX: ffffa91b8007bae8 RSI: 00000000ffffdfff RDI: 0000000000000001\nRBP: ffffa91b8007bc88 R08: 0000000000000000 R09: ffffa91b8007bae0\nR10: 00000000ffffdfff R11: ffffffff83a79800 R12: ffff99d695302060\nR13: ffff99d695300900 R14: ffff99d6992e1be0 R15: ffff99d6992e2010\nFS: 0000000000000000(0000) GS:ffff99d6aac00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000078fbdba43480 CR3: 000000010e464000 CR4: 00000000001506f0\nCall Trace:\n \u003cTASK\u003e\n ? __die_body+0x1f/0x70\n ? die+0x3d/0x60\n ? do_trap+0xa4/0x110\n ? __list_add_valid_or_report+0x5e/0xb0\n ? do_error_trap+0x6d/0x90\n ? __list_add_valid_or_report+0x5e/0xb0\n ? handle_invalid_op+0x30/0x40\n ? __list_add_valid_or_report+0x5e/0xb0\n ? exc_invalid_op+0x3c/0x50\n ? asm_exc_invalid_op+0x16/0x20\n ? __list_add_valid_or_report+0x5e/0xb0\n rtw89_ops_add_interface+0x309/0x310 [rtw89_core 7c32b1ee6854761c0321027c8a58c5160e41f48f]\n drv_add_interface+0x5c/0x130 [mac80211 83e989e6e616bd5b4b8a2b0a9f9352a2c385a3bc]\n ieee80211_reconfig+0x241/0x13d0 [mac80211 83e989e6e616bd5b4b8a2b0a9f9352a2c385a3bc]\n ? finish_wait+0x3e/0x90\n ? synchronize_rcu_expedited+0x174/0x260\n ? sync_rcu_exp_done_unlocked+0x50/0x50\n ? wake_bit_function+0x40/0x40\n ieee80211_restart_work+0xf0/0x140 [mac80211 83e989e6e616bd5b4b8a2b0a9f9352a2c385a3bc]\n process_scheduled_works+0x1e5/0x480\n worker_thread+0xea/0x1e0\n kthread+0xdb/0x110\n ? move_linked_works+0x90/0x90\n ? kthread_associate_blkcg+0xa0/0xa0\n ret_from_fork+0x3b/0x50\n ? kthread_associate_blkcg+0xa0/0xa0\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e\nModules linked in: dm_integrity async_xor xor async_tx lz4 lz4_compress zstd zstd_compress zram zsmalloc rfcomm cmac uinput algif_hash algif_skcipher af_alg btusb btrtl iio_trig_hrtimer industrialio_sw_trigger btmtk industrialio_configfs btbcm btintel uvcvideo videobuf2_vmalloc iio_trig_sysfs videobuf2_memops videobuf2_v4l2 videobuf2_common uvc snd_hda_codec_hdmi veth snd_hda_intel snd_intel_dspcfg acpi_als snd_hda_codec industrialio_triggered_buffer kfifo_buf snd_hwdep industrialio i2c_piix4 snd_hda_core designware_i2s ip6table_nat snd_soc_max98357a xt_MASQUERADE xt_cgroup snd_soc_acp_rt5682_mach fuse rtw89_8922ae(O) rtw89_8922a(O) rtw89_pci(O) rtw89_core(O) 8021q mac80211(O) bluetooth ecdh_generic ecc cfg80211 r8152 mii joydev\ngsmi: Log Shutdown Reason 0x03\n---[ end trace 0000000000000000 ]---", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49939", "https://git.kernel.org/linus/7dd5d2514a8ea58f12096e888b0bd050d7eae20a (6.12-rc1)", "https://git.kernel.org/stable/c/37c319503023de49a4c87301c8998c8d928112cb", "https://git.kernel.org/stable/c/490eddc836b2a6ec286e5df14bed4c7cf5e1f475", "https://git.kernel.org/stable/c/7dd5d2514a8ea58f12096e888b0bd050d7eae20a", "https://git.kernel.org/stable/c/b04650b5a9990cf5c0de480e62c68199f1396a04", "https://git.kernel.org/stable/c/fdc73f2cfbe897f4733156df211d79ced649b23c", "https://linux.oracle.com/cve/CVE-2024-49939.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024102127-CVE-2024-49939-b39d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49939", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7301-1", "https://ubuntu.com/security/notices/USN-7303-1", "https://ubuntu.com/security/notices/USN-7303-2", "https://ubuntu.com/security/notices/USN-7303-3", "https://ubuntu.com/security/notices/USN-7304-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7311-1", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://www.cve.org/CVERecord?id=CVE-2024-49939" ], "PublishedDate": "2024-10-21T18:15:15.62Z", "LastModifiedDate": "2025-11-03T21:16:38.803Z" }, { "VulnerabilityID": "CVE-2024-49940", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49940", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6764e2e582412bff3cc34b72058bd9f88572440ce8cb4cd9ad6c1237875792b0", "Title": "kernel: l2tp: prevent possible tunnel refcount underflow", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nl2tp: prevent possible tunnel refcount underflow\n\nWhen a session is created, it sets a backpointer to its tunnel. When\nthe session refcount drops to 0, l2tp_session_free drops the tunnel\nrefcount if session-\u003etunnel is non-NULL. However, session-\u003etunnel is\nset in l2tp_session_create, before the tunnel refcount is incremented\nby l2tp_session_register, which leaves a small window where\nsession-\u003etunnel is non-NULL when the tunnel refcount hasn't been\nbumped.\n\nMoving the assignment to l2tp_session_register is trivial but\nl2tp_session_create calls l2tp_session_set_header_len which uses\nsession-\u003etunnel to get the tunnel's encap. Add an encap arg to\nl2tp_session_set_header_len to avoid using session-\u003etunnel.\n\nIf l2tpv3 sessions have colliding IDs, it is possible for\nl2tp_v3_session_get to race with l2tp_session_register and fetch a\nsession which doesn't yet have session-\u003etunnel set. Add a check for\nthis case.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49940", "https://git.kernel.org/linus/24256415d18695b46da06c93135f5b51c548b950 (6.12-rc1)", "https://git.kernel.org/stable/c/24256415d18695b46da06c93135f5b51c548b950", "https://git.kernel.org/stable/c/f7415e60c25a6108cd7955a20b2e66b6251ffe02", "https://lore.kernel.org/linux-cve-announce/2024102127-CVE-2024-49940-1c88@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49940", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://www.cve.org/CVERecord?id=CVE-2024-49940" ], "PublishedDate": "2024-10-21T18:15:15.703Z", "LastModifiedDate": "2024-11-13T13:26:01.343Z" }, { "VulnerabilityID": "CVE-2024-49945", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49945", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:77c74cba3e8962f7b23ff7532210b1d5962633e66c9b8d05c550813ee1eec10a", "Title": "kernel: net/ncsi: Disable the ncsi work before freeing the associated structure", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/ncsi: Disable the ncsi work before freeing the associated structure\n\nThe work function can run after the ncsi device is freed, resulting\nin use-after-free bugs or kernel panic.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49945", "https://git.kernel.org/linus/a0ffa68c70b367358b2672cdab6fa5bc4c40de2c (6.12-rc2)", "https://git.kernel.org/stable/c/a0ffa68c70b367358b2672cdab6fa5bc4c40de2c", "https://git.kernel.org/stable/c/dd41dab62f32d9e9e0669af8459d12a93834b238", "https://git.kernel.org/stable/c/f6ca58696749268181f43150b3553f2bafd71e42", "https://lore.kernel.org/linux-cve-announce/2024102128-CVE-2024-49945-d756@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49945", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7301-1", "https://ubuntu.com/security/notices/USN-7303-1", "https://ubuntu.com/security/notices/USN-7303-2", "https://ubuntu.com/security/notices/USN-7303-3", "https://ubuntu.com/security/notices/USN-7304-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7311-1", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://www.cve.org/CVERecord?id=CVE-2024-49945" ], "PublishedDate": "2024-10-21T18:15:16.073Z", "LastModifiedDate": "2024-11-01T14:52:59.24Z" }, { "VulnerabilityID": "CVE-2024-49970", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49970", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4f51e1a9f44cdcb5d7659e6a39c41da4557c8a886904d0c6c15982d947c69260", "Title": "kernel: drm/amd/display: Implement bounds check for stream encoder creation in DCN401", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Implement bounds check for stream encoder creation in DCN401\n\n'stream_enc_regs' array is an array of dcn10_stream_enc_registers\nstructures. The array is initialized with four elements, corresponding\nto the four calls to stream_enc_regs() in the array initializer. This\nmeans that valid indices for this array are 0, 1, 2, and 3.\n\nThe error message 'stream_enc_regs' 4 \u003c= 5 below, is indicating that\nthere is an attempt to access this array with an index of 5, which is\nout of bounds. This could lead to undefined behavior\n\nHere, eng_id is used as an index to access the stream_enc_regs array. If\neng_id is 5, this would result in an out-of-bounds access on the\nstream_enc_regs array.\n\nThus fixing Buffer overflow error in dcn401_stream_encoder_create\n\nFound by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn401/dcn401_resource.c:1209 dcn401_stream_encoder_create() error: buffer overflow 'stream_enc_regs' 4 \u003c= 5", "Severity": "MEDIUM", "CweIDs": [ "CWE-129" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49970", "https://git.kernel.org/linus/bdf606810210e8e07a0cdf1af3c467291363b295 (6.12-rc1)", "https://git.kernel.org/stable/c/b219b46ad42df1dea9258788bcfea37181f3ccb2", "https://git.kernel.org/stable/c/bdf606810210e8e07a0cdf1af3c467291363b295", "https://lore.kernel.org/linux-cve-announce/2024102133-CVE-2024-49970-a345@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49970", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://www.cve.org/CVERecord?id=CVE-2024-49970" ], "PublishedDate": "2024-10-21T18:15:17.973Z", "LastModifiedDate": "2024-10-29T15:57:41Z" }, { "VulnerabilityID": "CVE-2024-49978", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49978", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4b663998e09ded068ff0740cf623fde4dd5240f82843c96ee3cc7ec91da829a8", "Title": "kernel: gso: fix udp gso fraglist segmentation after pull from frag_list", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ngso: fix udp gso fraglist segmentation after pull from frag_list\n\nDetect gso fraglist skbs with corrupted geometry (see below) and\npass these to skb_segment instead of skb_segment_list, as the first\ncan segment them correctly.\n\nValid SKB_GSO_FRAGLIST skbs\n- consist of two or more segments\n- the head_skb holds the protocol headers plus first gso_size\n- one or more frag_list skbs hold exactly one segment\n- all but the last must be gso_size\n\nOptional datapath hooks such as NAT and BPF (bpf_skb_pull_data) can\nmodify these skbs, breaking these invariants.\n\nIn extreme cases they pull all data into skb linear. For UDP, this\ncauses a NULL ptr deref in __udpv4_gso_segment_list_csum at\nudp_hdr(seg-\u003enext)-\u003edest.\n\nDetect invalid geometry due to pull, by checking head_skb size.\nDon't just drop, as this may blackhole a destination. Convert to be\nable to pass to regular skb_segment.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49978", "https://git.kernel.org/linus/a1e40ac5b5e9077fe1f7ae0eb88034db0f9ae1ab (6.12-rc2)", "https://git.kernel.org/stable/c/080e6c9a3908de193a48f646c5ce1bfb15676ffc", "https://git.kernel.org/stable/c/33e28acf42ee863f332a958bfc2f1a284a3659df", "https://git.kernel.org/stable/c/3cd00d2e3655fad3bda96dc1ebf17b6495f86fea", "https://git.kernel.org/stable/c/a1e40ac5b5e9077fe1f7ae0eb88034db0f9ae1ab", "https://git.kernel.org/stable/c/af3122f5fdc0d00581d6e598a668df6bf54c9daa", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024102135-CVE-2024-49978-2bff@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49978", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7301-1", "https://ubuntu.com/security/notices/USN-7303-1", "https://ubuntu.com/security/notices/USN-7303-2", "https://ubuntu.com/security/notices/USN-7303-3", "https://ubuntu.com/security/notices/USN-7304-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7311-1", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://www.cve.org/CVERecord?id=CVE-2024-49978" ], "PublishedDate": "2024-10-21T18:15:18.483Z", "LastModifiedDate": "2025-11-03T23:16:36.45Z" }, { "VulnerabilityID": "CVE-2024-49987", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49987", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e998e80262325cc1cbb34d4acbe6be87eb297880f058db0ccd70bb840c1d4672", "Title": "kernel: bpftool: Fix undefined behavior in qsort(NULL, 0, ...)", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpftool: Fix undefined behavior in qsort(NULL, 0, ...)\n\nWhen netfilter has no entry to display, qsort is called with\nqsort(NULL, 0, ...). This results in undefined behavior, as UBSan\nreports:\n\nnet.c:827:2: runtime error: null pointer passed as argument 1, which is declared to never be null\n\nAlthough the C standard does not explicitly state whether calling qsort\nwith a NULL pointer when the size is 0 constitutes undefined behavior,\nSection 7.1.4 of the C standard (Use of library functions) mentions:\n\n\"Each of the following statements applies unless explicitly stated\notherwise in the detailed descriptions that follow: If an argument to a\nfunction has an invalid value (such as a value outside the domain of\nthe function, or a pointer outside the address space of the program, or\na null pointer, or a pointer to non-modifiable storage when the\ncorresponding parameter is not const-qualified) or a type (after\npromotion) not expected by a function with variable number of\narguments, the behavior is undefined.\"\n\nTo avoid this, add an early return when nf_link_info is NULL to prevent\ncalling qsort with a NULL pointer.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49987", "https://git.kernel.org/linus/f04e2ad394e2755d0bb2d858ecb5598718bf00d5 (6.12-rc1)", "https://git.kernel.org/stable/c/2e0f6f33f2aa87493b365a38a8fd87b8854b7734", "https://git.kernel.org/stable/c/c208b02827eb642758cef65641995fd3f38c89af", "https://git.kernel.org/stable/c/c2d9f9a7837ab29ccae0c42252f17d436bf0a501", "https://git.kernel.org/stable/c/f04e2ad394e2755d0bb2d858ecb5598718bf00d5", "https://lore.kernel.org/linux-cve-announce/2024102136-CVE-2024-49987-e897@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49987", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7301-1", "https://ubuntu.com/security/notices/USN-7303-1", "https://ubuntu.com/security/notices/USN-7303-2", "https://ubuntu.com/security/notices/USN-7303-3", "https://ubuntu.com/security/notices/USN-7304-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7311-1", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://www.cve.org/CVERecord?id=CVE-2024-49987" ], "PublishedDate": "2024-10-21T18:15:19.087Z", "LastModifiedDate": "2024-10-28T16:23:44.477Z" }, { "VulnerabilityID": "CVE-2024-49988", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49988", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:15738e4a545698058fd8531feeb791e58a40c6cfe9416a79b85d2828636c7459", "Title": "kernel: ksmbd: add refcnt to ksmbd_conn struct", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: add refcnt to ksmbd_conn struct\n\nWhen sending an oplock break request, opinfo-\u003econn is used,\nBut freed -\u003econn can be used on multichannel.\nThis patch add a reference count to the ksmbd_conn struct\nso that it can be freed when it is no longer used.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 2, "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49988", "https://git.kernel.org/linus/ee426bfb9d09b29987369b897fe9b6485ac2be27 (6.12-rc1)", "https://git.kernel.org/stable/c/18f06bacc197d4ac9b518ad1c69999bc3d83e7aa", "https://git.kernel.org/stable/c/9fd3cde4628bcd3549ab95061f2bab74d2ed4f3b", "https://git.kernel.org/stable/c/e9dac92f4482a382e8c0fe1bc243da5fc3526b0c", "https://git.kernel.org/stable/c/ee426bfb9d09b29987369b897fe9b6485ac2be27", "https://lore.kernel.org/linux-cve-announce/2024102137-CVE-2024-49988-89d5@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49988", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7301-1", "https://ubuntu.com/security/notices/USN-7303-1", "https://ubuntu.com/security/notices/USN-7303-2", "https://ubuntu.com/security/notices/USN-7303-3", "https://ubuntu.com/security/notices/USN-7304-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7311-1", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://www.cve.org/CVERecord?id=CVE-2024-49988" ], "PublishedDate": "2024-10-21T18:15:19.147Z", "LastModifiedDate": "2024-10-28T16:38:50.897Z" }, { "VulnerabilityID": "CVE-2024-49990", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49990", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:88e950ef0210c4de88885c6e71668620e00b81ff780257835e93b477365cf10d", "Title": "kernel: drm/xe/hdcp: Check GSC structure validity", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/hdcp: Check GSC structure validity\n\nSometimes xe_gsc is not initialized when checked at HDCP capability\ncheck. Add gsc structure check to avoid null pointer error.", "Severity": "MEDIUM", "CweIDs": [ "CWE-908" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49990", "https://git.kernel.org/linus/b4224f6bae3801d589f815672ec62800a1501b0d (6.12-rc1)", "https://git.kernel.org/stable/c/7266a424b1e502745170322e3c27f697d12de627", "https://git.kernel.org/stable/c/b4224f6bae3801d589f815672ec62800a1501b0d", "https://git.kernel.org/stable/c/c940627857eedca8407b84b40ceb4252b100d291", "https://lore.kernel.org/linux-cve-announce/2024102137-CVE-2024-49990-c3e9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49990", "https://www.cve.org/CVERecord?id=CVE-2024-49990" ], "PublishedDate": "2024-10-21T18:15:19.27Z", "LastModifiedDate": "2024-10-28T16:42:56.377Z" }, { "VulnerabilityID": "CVE-2024-49991", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49991", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:491c6c4cec8c35938de1ad7189d3138430a640b74fc3aaedeeb0d0ba29ccd0ca", "Title": "kernel: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer\n\nPass pointer reference to amdgpu_bo_unref to clear the correct pointer,\notherwise amdgpu_bo_unref clear the local variable, the original pointer\nnot set to NULL, this could cause use-after-free bug.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "V3Score": 6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49991", "https://git.kernel.org/linus/c86ad39140bbcb9dc75a10046c2221f657e8083b (6.12-rc1)", "https://git.kernel.org/stable/c/30ceb873cc2e97348d9da2265b2d1ddf07f682e1", "https://git.kernel.org/stable/c/6c9289806591807e4e3be9a23df8ee2069180055", "https://git.kernel.org/stable/c/71f3240f82987f0f070ea5bed559033de7d4c0e1", "https://git.kernel.org/stable/c/c86ad39140bbcb9dc75a10046c2221f657e8083b", "https://git.kernel.org/stable/c/e7831613cbbcd9058d3658fbcdc5d5884ceb2e0c", "https://linux.oracle.com/cve/CVE-2024-49991.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024102137-CVE-2024-49991-59d4@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49991", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7301-1", "https://ubuntu.com/security/notices/USN-7303-1", "https://ubuntu.com/security/notices/USN-7303-2", "https://ubuntu.com/security/notices/USN-7303-3", "https://ubuntu.com/security/notices/USN-7304-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7311-1", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://www.cve.org/CVERecord?id=CVE-2024-49991" ], "PublishedDate": "2024-10-21T18:15:19.33Z", "LastModifiedDate": "2025-11-03T23:16:37.483Z" }, { "VulnerabilityID": "CVE-2024-49992", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49992", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7f440d814c98fc0cdeb8dd8630f9c7fab8479863c718bd67b782c5059c4ff783", "Title": "kernel: drm/stm: Avoid use-after-free issues with crtc and plane", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/stm: Avoid use-after-free issues with crtc and plane\n\nltdc_load() calls functions drm_crtc_init_with_planes(),\ndrm_universal_plane_init() and drm_encoder_init(). These functions\nshould not be called with parameters allocated with devm_kzalloc()\nto avoid use-after-free issues [1].\n\nUse allocations managed by the DRM framework.\n\nFound by Linux Verification Center (linuxtesting.org).\n\n[1]\nhttps://lore.kernel.org/lkml/u366i76e3qhh3ra5oxrtngjtm2u5lterkekcz6y2jkndhuxzli@diujon4h7qwb/", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 3, "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49992", "https://git.kernel.org/linus/19dd9780b7ac673be95bf6fd6892a184c9db611f (6.12-rc1)", "https://git.kernel.org/stable/c/0a1741d10da29aa84955ef89ae9a03c4b6038657", "https://git.kernel.org/stable/c/19dd9780b7ac673be95bf6fd6892a184c9db611f", "https://git.kernel.org/stable/c/454e5d7e671946698af0f201e48469e5ddb42851", "https://git.kernel.org/stable/c/b22eec4b57d04befa90e8554ede34e6c67257606", "https://git.kernel.org/stable/c/d02611ff001454358be6910cb926799e2d818716", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024102137-CVE-2024-49992-fd66@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49992", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7301-1", "https://ubuntu.com/security/notices/USN-7303-1", "https://ubuntu.com/security/notices/USN-7303-2", "https://ubuntu.com/security/notices/USN-7303-3", "https://ubuntu.com/security/notices/USN-7304-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7311-1", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://www.cve.org/CVERecord?id=CVE-2024-49992" ], "PublishedDate": "2024-10-21T18:15:19.387Z", "LastModifiedDate": "2025-11-03T23:16:37.65Z" }, { "VulnerabilityID": "CVE-2024-49994", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49994", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:211e4dd8f64ab002e8083b0d0b33f2ea0ff854e41f0b280b30f5476d09cb69c9", "Title": "kernel: block: fix integer overflow in BLKSECDISCARD", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix integer overflow in BLKSECDISCARD\n\nI independently rediscovered\n\n\tcommit 22d24a544b0d49bbcbd61c8c0eaf77d3c9297155\n\tblock: fix overflow in blk_ioctl_discard()\n\nbut for secure erase.\n\nSame problem:\n\n\tuint64_t r[2] = {512, 18446744073709551104ULL};\n\tioctl(fd, BLKSECDISCARD, r);\n\nwill enter near infinite loop inside blkdev_issue_secure_erase():\n\n\ta.out: attempt to access beyond end of device\n\tloop0: rw=5, sector=3399043073, nr_sectors = 1024 limit=2048\n\tbio_check_eod: 3286214 callbacks suppressed", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "amazon": 2, "azure": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49994", "https://git.kernel.org/linus/697ba0b6ec4ae04afb67d3911799b5e2043b4455 (6.12-rc1)", "https://git.kernel.org/stable/c/0842ddd83939eb4db940b9af7d39e79722bc41aa", "https://git.kernel.org/stable/c/697ba0b6ec4ae04afb67d3911799b5e2043b4455", "https://git.kernel.org/stable/c/6c9915fa9410cbb9bd75ee283c03120046c56d3d", "https://git.kernel.org/stable/c/8476f8428e8b48fd7a0e4258fa2a96a8f4468239", "https://git.kernel.org/stable/c/a99bacb35c1416355eef957560e8fcac3a665549", "https://linux.oracle.com/cve/CVE-2024-49994.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024102138-CVE-2024-49994-de99@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49994", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7301-1", "https://ubuntu.com/security/notices/USN-7303-1", "https://ubuntu.com/security/notices/USN-7303-2", "https://ubuntu.com/security/notices/USN-7303-3", "https://ubuntu.com/security/notices/USN-7304-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7311-1", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://www.cve.org/CVERecord?id=CVE-2024-49994" ], "PublishedDate": "2024-10-21T18:15:19.557Z", "LastModifiedDate": "2025-11-03T21:16:44.75Z" }, { "VulnerabilityID": "CVE-2024-50012", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-50012", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:920439f07a9d0cf4174c81638a8de21be006ce02bf38391247d4417d7846b0bb", "Title": "kernel: cpufreq: Avoid a bad reference count on CPU node", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: Avoid a bad reference count on CPU node\n\nIn the parse_perf_domain function, if the call to\nof_parse_phandle_with_args returns an error, then the reference to the\nCPU device node that was acquired at the start of the function would not\nbe properly decremented.\n\nAddress this by declaring the variable with the __free(device_node)\ncleanup attribute.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-50012", "https://git.kernel.org/linus/c0f02536fffbbec71aced36d52a765f8c4493dc2 (6.12-rc2)", "https://git.kernel.org/stable/c/0f41f383b5a61a2bf6429a449ebba7fb08179d81", "https://git.kernel.org/stable/c/47cb1d9278f179df8250304ec41009e3e836a926", "https://git.kernel.org/stable/c/6c3d8387839252f1a0fc6367f314446e4a2ebd0b", "https://git.kernel.org/stable/c/77f88b17387a017416babf1e6488fa17682287e2", "https://git.kernel.org/stable/c/c0f02536fffbbec71aced36d52a765f8c4493dc2", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024102109-CVE-2024-50012-db7d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-50012", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7301-1", "https://ubuntu.com/security/notices/USN-7303-1", "https://ubuntu.com/security/notices/USN-7303-2", "https://ubuntu.com/security/notices/USN-7303-3", "https://ubuntu.com/security/notices/USN-7304-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7311-1", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://www.cve.org/CVERecord?id=CVE-2024-50012" ], "PublishedDate": "2024-10-21T19:15:04.683Z", "LastModifiedDate": "2025-11-03T23:16:40.257Z" }, { "VulnerabilityID": "CVE-2024-50014", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-50014", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2ab0e923852ba7f7f7dbde071d0ba88819697f4fd1b52216f0a6f38939bcaaa2", "Title": "kernel: ext4: fix access to uninitialised lock in fc replay path", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix access to uninitialised lock in fc replay path\n\nThe following kernel trace can be triggered with fstest generic/629 when\nexecuted against a filesystem with fast-commit feature enabled:\n\nINFO: trying to register non-static key.\nThe code is fine but needs lockdep annotation, or maybe\nyou didn't initialize this object before use?\nturning off the locking correctness validator.\nCPU: 0 PID: 866 Comm: mount Not tainted 6.10.0+ #11\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-prebuilt.qemu.org 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x66/0x90\n register_lock_class+0x759/0x7d0\n __lock_acquire+0x85/0x2630\n ? __find_get_block+0xb4/0x380\n lock_acquire+0xd1/0x2d0\n ? __ext4_journal_get_write_access+0xd5/0x160\n _raw_spin_lock+0x33/0x40\n ? __ext4_journal_get_write_access+0xd5/0x160\n __ext4_journal_get_write_access+0xd5/0x160\n ext4_reserve_inode_write+0x61/0xb0\n __ext4_mark_inode_dirty+0x79/0x270\n ? ext4_ext_replay_set_iblocks+0x2f8/0x450\n ext4_ext_replay_set_iblocks+0x330/0x450\n ext4_fc_replay+0x14c8/0x1540\n ? jread+0x88/0x2e0\n ? rcu_is_watching+0x11/0x40\n do_one_pass+0x447/0xd00\n jbd2_journal_recover+0x139/0x1b0\n jbd2_journal_load+0x96/0x390\n ext4_load_and_init_journal+0x253/0xd40\n ext4_fill_super+0x2cc6/0x3180\n...\n\nIn the replay path there's an attempt to lock sbi-\u003es_bdev_wb_lock in\nfunction ext4_check_bdev_write_error(). Unfortunately, at this point this\nspinlock has not been initialized yet. Moving it's initialization to an\nearlier point in __ext4_fill_super() fixes this splat.", "Severity": "MEDIUM", "CweIDs": [ "CWE-908" ], "VendorSeverity": { "amazon": 2, "azure": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-50014", "https://git.kernel.org/linus/23dfdb56581ad92a9967bcd720c8c23356af74c1 (6.12-rc1)", "https://git.kernel.org/stable/c/23dfdb56581ad92a9967bcd720c8c23356af74c1", "https://git.kernel.org/stable/c/6e35f560daebe40264c95e9a1ab03110d4997df6", "https://git.kernel.org/stable/c/b002031d585a14eed511117dda8c6452a804d508", "https://git.kernel.org/stable/c/d157fc20ca5239fd56965a5a8aa1a0e25919891a", "https://linux.oracle.com/cve/CVE-2024-50014.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024102110-CVE-2024-50014-d684@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-50014", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7301-1", "https://ubuntu.com/security/notices/USN-7303-1", "https://ubuntu.com/security/notices/USN-7303-2", "https://ubuntu.com/security/notices/USN-7303-3", "https://ubuntu.com/security/notices/USN-7304-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7311-1", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://www.cve.org/CVERecord?id=CVE-2024-50014" ], "PublishedDate": "2024-10-21T19:15:04.83Z", "LastModifiedDate": "2026-01-05T11:17:22.547Z" }, { "VulnerabilityID": "CVE-2024-50017", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-50017", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b3cb5a4c6a5ffdf9eabeed9fa1976f703fce26e7b959618b633131894250822e", "Title": "kernel: x86/mm/ident_map: Use gbpages only where full GB page should be mapped.", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm/ident_map: Use gbpages only where full GB page should be mapped.\n\nWhen ident_pud_init() uses only GB pages to create identity maps, large\nranges of addresses not actually requested can be included in the resulting\ntable; a 4K request will map a full GB. This can include a lot of extra\naddress space past that requested, including areas marked reserved by the\nBIOS. That allows processor speculation into reserved regions, that on UV\nsystems can cause system halts.\n\nOnly use GB pages when map creation requests include the full GB page of\nspace. Fall back to using smaller 2M pages when only portions of a GB page\nare included in the request.\n\nNo attempt is made to coalesce mapping requests. If a request requires a\nmap entry at the 2M (pmd) level, subsequent mapping requests within the\nsame 1G region will also be at the pmd level, even if adjacent or\noverlapping such requests could have been combined to map a full GB page.\nExisting usage starts with larger regions and then adds smaller regions, so\nthis should not have any great consequence.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-50017", "https://git.kernel.org/linus/cc31744a294584a36bf764a0ffa3255a8e69f036 (6.12-rc1)", "https://git.kernel.org/stable/c/a23823098ab2c277c14fc110b97d8d5c83597195", "https://git.kernel.org/stable/c/cc31744a294584a36bf764a0ffa3255a8e69f036", "https://git.kernel.org/stable/c/d113f9723f2bfd9c6feeb899b8ddbee6b8a6e01f", "https://git.kernel.org/stable/c/d80a99892f7a992d103138fa4636b2c33abd6740", "https://lore.kernel.org/linux-cve-announce/2024102110-CVE-2024-50017-f157@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-50017", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7301-1", "https://ubuntu.com/security/notices/USN-7303-1", "https://ubuntu.com/security/notices/USN-7303-2", "https://ubuntu.com/security/notices/USN-7303-3", "https://ubuntu.com/security/notices/USN-7304-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7311-1", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://www.cve.org/CVERecord?id=CVE-2024-50017" ], "PublishedDate": "2024-10-21T19:15:05.043Z", "LastModifiedDate": "2025-02-17T12:15:26.573Z" }, { "VulnerabilityID": "CVE-2024-50028", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-50028", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c34bd6fccb43aa319b152059d7376002d2f928c39a9c5045e0e1a010acf5fa48", "Title": "kernel: thermal: core: Reference count the zone in thermal_zone_get_by_id()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: core: Reference count the zone in thermal_zone_get_by_id()\n\nThere are places in the thermal netlink code where nothing prevents\nthe thermal zone object from going away while being accessed after it\nhas been returned by thermal_zone_get_by_id().\n\nTo address this, make thermal_zone_get_by_id() get a reference on the\nthermal zone device object to be returned with the help of get_device(),\nunder thermal_list_lock, and adjust all of its callers to this change\nwith the help of the cleanup.h infrastructure.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-50028", "https://git.kernel.org/linus/a42a5839f400e929c489bb1b58f54596c4535167 (6.12-rc3)", "https://git.kernel.org/stable/c/a42a5839f400e929c489bb1b58f54596c4535167", "https://git.kernel.org/stable/c/c95538b286efc6109c987e97a051bc7844ede802", "https://linux.oracle.com/cve/CVE-2024-50028.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lore.kernel.org/linux-cve-announce/2024102130-CVE-2024-50028-5655@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-50028", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7383-1", "https://ubuntu.com/security/notices/USN-7383-2", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-50028" ], "PublishedDate": "2024-10-21T20:15:16.163Z", "LastModifiedDate": "2024-10-25T15:21:23.237Z" }, { "VulnerabilityID": "CVE-2024-50034", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-50034", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5572c0de043cc71d58e722879fd667514cb9c69ff8c79e84751c8a7a0aea62d6", "Title": "kernel: net/smc: fix lacks of icsk_syn_mss with IPPROTO_SMC", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix lacks of icsk_syn_mss with IPPROTO_SMC\n\nEric report a panic on IPPROTO_SMC, and give the facts\nthat when INET_PROTOSW_ICSK was set, icsk-\u003eicsk_sync_mss must be set too.\n\nBug: Unable to handle kernel NULL pointer dereference at virtual address\n0000000000000000\nMem abort info:\nESR = 0x0000000086000005\nEC = 0x21: IABT (current EL), IL = 32 bits\nSET = 0, FnV = 0\nEA = 0, S1PTW = 0\nFSC = 0x05: level 1 translation fault\nuser pgtable: 4k pages, 48-bit VAs, pgdp=00000001195d1000\n[0000000000000000] pgd=0800000109c46003, p4d=0800000109c46003,\npud=0000000000000000\nInternal error: Oops: 0000000086000005 [#1] PREEMPT SMP\nModules linked in:\nCPU: 1 UID: 0 PID: 8037 Comm: syz.3.265 Not tainted\n6.11.0-rc7-syzkaller-g5f5673607153 #0\nHardware name: Google Google Compute Engine/Google Compute Engine,\nBIOS Google 08/06/2024\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : 0x0\nlr : cipso_v4_sock_setattr+0x2a8/0x3c0 net/ipv4/cipso_ipv4.c:1910\nsp : ffff80009b887a90\nx29: ffff80009b887aa0 x28: ffff80008db94050 x27: 0000000000000000\nx26: 1fffe0001aa6f5b3 x25: dfff800000000000 x24: ffff0000db75da00\nx23: 0000000000000000 x22: ffff0000d8b78518 x21: 0000000000000000\nx20: ffff0000d537ad80 x19: ffff0000d8b78000 x18: 1fffe000366d79ee\nx17: ffff8000800614a8 x16: ffff800080569b84 x15: 0000000000000001\nx14: 000000008b336894 x13: 00000000cd96feaa x12: 0000000000000003\nx11: 0000000000040000 x10: 00000000000020a3 x9 : 1fffe0001b16f0f1\nx8 : 0000000000000000 x7 : 0000000000000000 x6 : 000000000000003f\nx5 : 0000000000000040 x4 : 0000000000000001 x3 : 0000000000000000\nx2 : 0000000000000002 x1 : 0000000000000000 x0 : ffff0000d8b78000\nCall trace:\n0x0\nnetlbl_sock_setattr+0x2e4/0x338 net/netlabel/netlabel_kapi.c:1000\nsmack_netlbl_add+0xa4/0x154 security/smack/smack_lsm.c:2593\nsmack_socket_post_create+0xa8/0x14c security/smack/smack_lsm.c:2973\nsecurity_socket_post_create+0x94/0xd4 security/security.c:4425\n__sock_create+0x4c8/0x884 net/socket.c:1587\nsock_create net/socket.c:1622 [inline]\n__sys_socket_create net/socket.c:1659 [inline]\n__sys_socket+0x134/0x340 net/socket.c:1706\n__do_sys_socket net/socket.c:1720 [inline]\n__se_sys_socket net/socket.c:1718 [inline]\n__arm64_sys_socket+0x7c/0x94 net/socket.c:1718\n__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\ninvoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\nel0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\ndo_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\nel0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712\nel0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730\nel0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598\nCode: ???????? ???????? ???????? ???????? (????????)\n---[ end trace 0000000000000000 ]---\n\nThis patch add a toy implementation that performs a simple return to\nprevent such panic. This is because MSS can be set in sock_create_kern\nor smc_setsockopt, similar to how it's done in AF_SMC. However, for\nAF_SMC, there is currently no way to synchronize MSS within\n__sys_connect_file. This toy implementation lays the groundwork for us\nto support such feature for IPPROTO_SMC in the future.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-50034", "https://git.kernel.org/linus/6fd27ea183c208e478129a85e11d880fc70040f2 (6.12-rc3)", "https://git.kernel.org/stable/c/44dc50df15f5bd4221d8f708885a9d49cda7f57e", "https://git.kernel.org/stable/c/6fd27ea183c208e478129a85e11d880fc70040f2", "https://lore.kernel.org/linux-cve-announce/2024102131-CVE-2024-50034-46ef@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-50034", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://www.cve.org/CVERecord?id=CVE-2024-50034" ], "PublishedDate": "2024-10-21T20:15:16.553Z", "LastModifiedDate": "2024-10-24T19:56:29.17Z" }, { "VulnerabilityID": "CVE-2024-50048", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-50048", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:32026483000a999947cddc1c01087f9db230580dc3aeab60b85520c779dddcd6", "Title": "kernel: fbcon: Fix a NULL pointer dereference issue in fbcon_putcs", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbcon: Fix a NULL pointer dereference issue in fbcon_putcs\n\nsyzbot has found a NULL pointer dereference bug in fbcon.\nHere is the simplified C reproducer:\n\nstruct param {\n\tuint8_t type;\n\tstruct tiocl_selection ts;\n};\n\nint main()\n{\n\tstruct fb_con2fbmap con2fb;\n\tstruct param param;\n\n\tint fd = open(\"/dev/fb1\", 0, 0);\n\n\tcon2fb.console = 0x19;\n\tcon2fb.framebuffer = 0;\n\tioctl(fd, FBIOPUT_CON2FBMAP, \u0026con2fb);\n\n\tparam.type = 2;\n\tparam.ts.xs = 0; param.ts.ys = 0;\n\tparam.ts.xe = 0; param.ts.ye = 0;\n\tparam.ts.sel_mode = 0;\n\n\tint fd1 = open(\"/dev/tty1\", O_RDWR, 0);\n\tioctl(fd1, TIOCLINUX, \u0026param);\n\n\tcon2fb.console = 1;\n\tcon2fb.framebuffer = 0;\n\tioctl(fd, FBIOPUT_CON2FBMAP, \u0026con2fb);\n\n\treturn 0;\n}\n\nAfter calling ioctl(fd1, TIOCLINUX, \u0026param), the subsequent ioctl(fd, FBIOPUT_CON2FBMAP, \u0026con2fb)\ncauses the kernel to follow a different execution path:\n\n set_con2fb_map\n -\u003e con2fb_init_display\n -\u003e fbcon_set_disp\n -\u003e redraw_screen\n -\u003e hide_cursor\n -\u003e clear_selection\n -\u003e highlight\n -\u003e invert_screen\n -\u003e do_update_region\n -\u003e fbcon_putcs\n -\u003e ops-\u003eputcs\n\nSince ops-\u003eputcs is a NULL pointer, this leads to a kernel panic.\nTo prevent this, we need to call set_blitting_type() within set_con2fb_map()\nto properly initialize ops-\u003eputcs.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-50048", "https://git.kernel.org/linus/5b97eebcce1b4f3f07a71f635d6aa3af96c236e7 (6.12-rc1)", "https://git.kernel.org/stable/c/5b97eebcce1b4f3f07a71f635d6aa3af96c236e7", "https://git.kernel.org/stable/c/8266ae6eafdcd5a3136592445ff4038bbc7ee80e", "https://git.kernel.org/stable/c/e5c2dba62996a3a6eeb34bd248b90fc69c5a6a1b", "https://git.kernel.org/stable/c/f7fb5dda555344529ce584ff7a28b109528d2f1b", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024102134-CVE-2024-50048-f299@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-50048", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7383-1", "https://ubuntu.com/security/notices/USN-7383-2", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-50048" ], "PublishedDate": "2024-10-21T20:15:17.58Z", "LastModifiedDate": "2025-11-03T23:16:45.1Z" }, { "VulnerabilityID": "CVE-2024-50056", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-50056", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ef3c24564a743fcbbe3156b1549089823ae05fd7dba9997e8d5d2093c73adc3f", "Title": "kernel: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c\n\nFix potential dereferencing of ERR_PTR() in find_format_by_pix()\nand uvc_v4l2_enum_format().\n\nFix the following smatch errors:\n\ndrivers/usb/gadget/function/uvc_v4l2.c:124 find_format_by_pix()\nerror: 'fmtdesc' dereferencing possible ERR_PTR()\n\ndrivers/usb/gadget/function/uvc_v4l2.c:392 uvc_v4l2_enum_format()\nerror: 'fmtdesc' dereferencing possible ERR_PTR()\n\nAlso, fix similar issue in uvc_v4l2_try_format() for potential\ndereferencing of ERR_PTR().", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-50056", "https://git.kernel.org/linus/a7bb96b18864225a694e3887ac2733159489e4b0 (6.12-rc1)", "https://git.kernel.org/stable/c/03fa71e97e9bb116993ec1d51b8a6fe776db0984", "https://git.kernel.org/stable/c/72a68d2bede3284b95ee93a5ab3a81758bba95b0", "https://git.kernel.org/stable/c/a7bb96b18864225a694e3887ac2733159489e4b0", "https://git.kernel.org/stable/c/cedeb36c3ff4acd0f3d09918dfd8ed1df05efdd6", "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html", "https://lore.kernel.org/linux-cve-announce/2024102135-CVE-2024-50056-78bf@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-50056", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7383-1", "https://ubuntu.com/security/notices/USN-7383-2", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-50056" ], "PublishedDate": "2024-10-21T20:15:17.853Z", "LastModifiedDate": "2025-11-03T20:16:34.97Z" }, { "VulnerabilityID": "CVE-2024-50057", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-50057", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7d1715e60a0574c820b5b6ff0c9f55f5257f0a06c2d85c8d27c19ebdd46bb63b", "Title": "kernel: usb: typec: tipd: Free IRQ only if it was requested before", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: tipd: Free IRQ only if it was requested before\n\nIn polling mode, if no IRQ was requested there is no need to free it.\nCall devm_free_irq() only if client-\u003eirq is set. This fixes the warning\ncaused by the tps6598x module removal:\n\nWARNING: CPU: 2 PID: 333 at kernel/irq/devres.c:144 devm_free_irq+0x80/0x8c\n...\n...\nCall trace:\n devm_free_irq+0x80/0x8c\n tps6598x_remove+0x28/0x88 [tps6598x]\n i2c_device_remove+0x2c/0x9c\n device_remove+0x4c/0x80\n device_release_driver_internal+0x1cc/0x228\n driver_detach+0x50/0x98\n bus_remove_driver+0x6c/0xbc\n driver_unregister+0x30/0x60\n i2c_del_driver+0x54/0x64\n tps6598x_i2c_driver_exit+0x18/0xc3c [tps6598x]\n __arm64_sys_delete_module+0x184/0x264\n invoke_syscall+0x48/0x110\n el0_svc_common.constprop.0+0xc8/0xe8\n do_el0_svc+0x20/0x2c\n el0_svc+0x28/0x98\n el0t_64_sync_handler+0x13c/0x158\n el0t_64_sync+0x190/0x194", "Severity": "MEDIUM", "CweIDs": [ "CWE-763" ], "VendorSeverity": { "azure": 1, "nvd": 1, "oracle-oval": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-50057", "https://git.kernel.org/linus/db63d9868f7f310de44ba7bea584e2454f8b4ed0 (6.12-rc1)", "https://git.kernel.org/stable/c/4d4b23c119542fbaed2a16794d3801cb4806ea02", "https://git.kernel.org/stable/c/b72bf5cade51ba4055c8a8998d275e72e6b521ce", "https://git.kernel.org/stable/c/db63d9868f7f310de44ba7bea584e2454f8b4ed0", "https://linux.oracle.com/cve/CVE-2024-50057.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lore.kernel.org/linux-cve-announce/2024102135-CVE-2024-50057-d046@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-50057", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7383-1", "https://ubuntu.com/security/notices/USN-7383-2", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-50057" ], "PublishedDate": "2024-10-21T20:15:17.933Z", "LastModifiedDate": "2024-10-24T16:12:52.007Z" }, { "VulnerabilityID": "CVE-2024-50060", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-50060", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:523773fe08e29b49baa5691fe94205e83160ed9779b6094d36fe647b3193f72d", "Title": "kernel: io_uring: check if we need to reschedule during overflow flush", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: check if we need to reschedule during overflow flush\n\nIn terms of normal application usage, this list will always be empty.\nAnd if an application does overflow a bit, it'll have a few entries.\nHowever, nothing obviously prevents syzbot from running a test case\nthat generates a ton of overflow entries, and then flushing them can\ntake quite a while.\n\nCheck for needing to reschedule while flushing, and drop our locks and\ndo so if necessary. There's no state to maintain here as overflows\nalways prune from head-of-list, hence it's fine to drop and reacquire\nthe locks at the end of the loop.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:20518", "https://access.redhat.com/security/cve/CVE-2024-50060", "https://bugzilla.redhat.com/2298169", "https://bugzilla.redhat.com/2312077", "https://bugzilla.redhat.com/2313092", "https://bugzilla.redhat.com/2320172", "https://bugzilla.redhat.com/2320259", "https://bugzilla.redhat.com/2320455", "https://bugzilla.redhat.com/2320616", "https://bugzilla.redhat.com/2320722", "https://bugzilla.redhat.com/2324549", "https://bugzilla.redhat.com/2327203", "https://bugzilla.redhat.com/2327374", "https://bugzilla.redhat.com/2327887", "https://bugzilla.redhat.com/2329918", "https://bugzilla.redhat.com/2330341", "https://bugzilla.redhat.com/2331326", "https://bugzilla.redhat.com/2334357", "https://bugzilla.redhat.com/2334396", "https://bugzilla.redhat.com/2334415", "https://bugzilla.redhat.com/2334439", "https://bugzilla.redhat.com/2334537", "https://bugzilla.redhat.com/2334547", "https://bugzilla.redhat.com/2334548", "https://bugzilla.redhat.com/2334560", "https://bugzilla.redhat.com/2334676", "https://bugzilla.redhat.com/2334795", "https://bugzilla.redhat.com/2334829", "https://bugzilla.redhat.com/2336541", "https://bugzilla.redhat.com/2337121", "https://bugzilla.redhat.com/2337124", "https://bugzilla.redhat.com/2338814", "https://bugzilla.redhat.com/2338828", "https://bugzilla.redhat.com/2338832", "https://bugzilla.redhat.com/2343172", "https://bugzilla.redhat.com/2343175", "https://bugzilla.redhat.com/2344684", "https://bugzilla.redhat.com/2344687", "https://bugzilla.redhat.com/2345240", "https://bugzilla.redhat.com/2346272", "https://bugzilla.redhat.com/2347707", "https://bugzilla.redhat.com/2347753", "https://bugzilla.redhat.com/2347759", "https://bugzilla.redhat.com/2347781", "https://bugzilla.redhat.com/2347807", "https://bugzilla.redhat.com/2347859", "https://bugzilla.redhat.com/2347919", "https://bugzilla.redhat.com/2347968", "https://bugzilla.redhat.com/2348022", "https://bugzilla.redhat.com/2348071", "https://bugzilla.redhat.com/2348238", "https://bugzilla.redhat.com/2348240", "https://bugzilla.redhat.com/2348279", "https://bugzilla.redhat.com/2348515", "https://bugzilla.redhat.com/2348523", "https://bugzilla.redhat.com/2348528", "https://bugzilla.redhat.com/2348541", "https://bugzilla.redhat.com/2348543", "https://bugzilla.redhat.com/2348547", "https://bugzilla.redhat.com/2348550", "https://bugzilla.redhat.com/2348554", "https://bugzilla.redhat.com/2348556", "https://bugzilla.redhat.com/2348566", "https://bugzilla.redhat.com/2348573", "https://bugzilla.redhat.com/2348574", "https://bugzilla.redhat.com/2348577", "https://bugzilla.redhat.com/2348578", "https://bugzilla.redhat.com/2348581", "https://bugzilla.redhat.com/2348584", "https://bugzilla.redhat.com/2348585", "https://bugzilla.redhat.com/2348587", "https://bugzilla.redhat.com/2348595", "https://bugzilla.redhat.com/2348597", "https://bugzilla.redhat.com/2348600", "https://bugzilla.redhat.com/2348601", "https://bugzilla.redhat.com/2348615", "https://bugzilla.redhat.com/2348620", "https://bugzilla.redhat.com/2348625", "https://bugzilla.redhat.com/2348634", "https://bugzilla.redhat.com/2348645", "https://bugzilla.redhat.com/2348650", "https://bugzilla.redhat.com/2348654", "https://bugzilla.redhat.com/2348901", "https://bugzilla.redhat.com/2350363", "https://bugzilla.redhat.com/2350367", "https://bugzilla.redhat.com/2350374", "https://bugzilla.redhat.com/2350375", "https://bugzilla.redhat.com/2350386", "https://bugzilla.redhat.com/2350388", "https://bugzilla.redhat.com/2350392", "https://bugzilla.redhat.com/2350396", "https://bugzilla.redhat.com/2350397", "https://bugzilla.redhat.com/2350400", "https://bugzilla.redhat.com/2350585", "https://bugzilla.redhat.com/2350589", "https://bugzilla.redhat.com/2350725", "https://bugzilla.redhat.com/2350726", "https://bugzilla.redhat.com/2351606", "https://bugzilla.redhat.com/2351608", "https://bugzilla.redhat.com/2351612", "https://bugzilla.redhat.com/2351613", "https://bugzilla.redhat.com/2351616", "https://bugzilla.redhat.com/2351618", "https://bugzilla.redhat.com/2351620", "https://bugzilla.redhat.com/2351624", "https://bugzilla.redhat.com/2351625", "https://bugzilla.redhat.com/2351629", "https://bugzilla.redhat.com/2351633", "https://bugzilla.redhat.com/2360215", "https://bugzilla.redhat.com/2363380", "https://bugzilla.redhat.com/2369184", "https://bugzilla.redhat.com/2376076", "https://bugzilla.redhat.com/2383441", "https://bugzilla.redhat.com/show_bug.cgi?id=2298169", "https://bugzilla.redhat.com/show_bug.cgi?id=2312077", "https://bugzilla.redhat.com/show_bug.cgi?id=2313092", "https://bugzilla.redhat.com/show_bug.cgi?id=2320172", "https://bugzilla.redhat.com/show_bug.cgi?id=2320259", "https://bugzilla.redhat.com/show_bug.cgi?id=2320455", "https://bugzilla.redhat.com/show_bug.cgi?id=2320616", "https://bugzilla.redhat.com/show_bug.cgi?id=2320722", "https://bugzilla.redhat.com/show_bug.cgi?id=2324549", "https://bugzilla.redhat.com/show_bug.cgi?id=2327203", "https://bugzilla.redhat.com/show_bug.cgi?id=2327374", "https://bugzilla.redhat.com/show_bug.cgi?id=2327887", "https://bugzilla.redhat.com/show_bug.cgi?id=2329918", "https://bugzilla.redhat.com/show_bug.cgi?id=2330341", "https://bugzilla.redhat.com/show_bug.cgi?id=2331326", "https://bugzilla.redhat.com/show_bug.cgi?id=2334357", "https://bugzilla.redhat.com/show_bug.cgi?id=2334396", "https://bugzilla.redhat.com/show_bug.cgi?id=2334415", "https://bugzilla.redhat.com/show_bug.cgi?id=2334439", "https://bugzilla.redhat.com/show_bug.cgi?id=2334537", "https://bugzilla.redhat.com/show_bug.cgi?id=2334547", "https://bugzilla.redhat.com/show_bug.cgi?id=2334548", "https://bugzilla.redhat.com/show_bug.cgi?id=2334560", "https://bugzilla.redhat.com/show_bug.cgi?id=2334676", "https://bugzilla.redhat.com/show_bug.cgi?id=2334795", "https://bugzilla.redhat.com/show_bug.cgi?id=2334829", "https://bugzilla.redhat.com/show_bug.cgi?id=2336541", "https://bugzilla.redhat.com/show_bug.cgi?id=2337121", "https://bugzilla.redhat.com/show_bug.cgi?id=2337124", "https://bugzilla.redhat.com/show_bug.cgi?id=2338814", "https://bugzilla.redhat.com/show_bug.cgi?id=2338828", "https://bugzilla.redhat.com/show_bug.cgi?id=2338832", "https://bugzilla.redhat.com/show_bug.cgi?id=2343172", "https://bugzilla.redhat.com/show_bug.cgi?id=2343175", "https://bugzilla.redhat.com/show_bug.cgi?id=2344684", "https://bugzilla.redhat.com/show_bug.cgi?id=2344687", "https://bugzilla.redhat.com/show_bug.cgi?id=2345240", "https://bugzilla.redhat.com/show_bug.cgi?id=2346272", "https://bugzilla.redhat.com/show_bug.cgi?id=2347707", "https://bugzilla.redhat.com/show_bug.cgi?id=2347753", "https://bugzilla.redhat.com/show_bug.cgi?id=2347759", "https://bugzilla.redhat.com/show_bug.cgi?id=2347781", "https://bugzilla.redhat.com/show_bug.cgi?id=2347807", "https://bugzilla.redhat.com/show_bug.cgi?id=2347859", "https://bugzilla.redhat.com/show_bug.cgi?id=2347919", "https://bugzilla.redhat.com/show_bug.cgi?id=2347968", "https://bugzilla.redhat.com/show_bug.cgi?id=2348022", "https://bugzilla.redhat.com/show_bug.cgi?id=2348071", "https://bugzilla.redhat.com/show_bug.cgi?id=2348238", "https://bugzilla.redhat.com/show_bug.cgi?id=2348240", "https://bugzilla.redhat.com/show_bug.cgi?id=2348279", "https://bugzilla.redhat.com/show_bug.cgi?id=2348515", "https://bugzilla.redhat.com/show_bug.cgi?id=2348523", "https://bugzilla.redhat.com/show_bug.cgi?id=2348528", "https://bugzilla.redhat.com/show_bug.cgi?id=2348541", "https://bugzilla.redhat.com/show_bug.cgi?id=2348543", "https://bugzilla.redhat.com/show_bug.cgi?id=2348547", "https://bugzilla.redhat.com/show_bug.cgi?id=2348550", "https://bugzilla.redhat.com/show_bug.cgi?id=2348554", "https://bugzilla.redhat.com/show_bug.cgi?id=2348556", "https://bugzilla.redhat.com/show_bug.cgi?id=2348566", "https://bugzilla.redhat.com/show_bug.cgi?id=2348573", "https://bugzilla.redhat.com/show_bug.cgi?id=2348574", "https://bugzilla.redhat.com/show_bug.cgi?id=2348577", "https://bugzilla.redhat.com/show_bug.cgi?id=2348578", "https://bugzilla.redhat.com/show_bug.cgi?id=2348581", "https://bugzilla.redhat.com/show_bug.cgi?id=2348584", "https://bugzilla.redhat.com/show_bug.cgi?id=2348585", "https://bugzilla.redhat.com/show_bug.cgi?id=2348587", "https://bugzilla.redhat.com/show_bug.cgi?id=2348595", "https://bugzilla.redhat.com/show_bug.cgi?id=2348597", "https://bugzilla.redhat.com/show_bug.cgi?id=2348600", "https://bugzilla.redhat.com/show_bug.cgi?id=2348601", "https://bugzilla.redhat.com/show_bug.cgi?id=2348615", "https://bugzilla.redhat.com/show_bug.cgi?id=2348620", "https://bugzilla.redhat.com/show_bug.cgi?id=2348625", "https://bugzilla.redhat.com/show_bug.cgi?id=2348634", "https://bugzilla.redhat.com/show_bug.cgi?id=2348645", "https://bugzilla.redhat.com/show_bug.cgi?id=2348650", "https://bugzilla.redhat.com/show_bug.cgi?id=2348654", "https://bugzilla.redhat.com/show_bug.cgi?id=2348901", "https://bugzilla.redhat.com/show_bug.cgi?id=2350363", "https://bugzilla.redhat.com/show_bug.cgi?id=2350367", "https://bugzilla.redhat.com/show_bug.cgi?id=2350374", "https://bugzilla.redhat.com/show_bug.cgi?id=2350375", "https://bugzilla.redhat.com/show_bug.cgi?id=2350386", "https://bugzilla.redhat.com/show_bug.cgi?id=2350388", "https://bugzilla.redhat.com/show_bug.cgi?id=2350392", "https://bugzilla.redhat.com/show_bug.cgi?id=2350396", "https://bugzilla.redhat.com/show_bug.cgi?id=2350397", "https://bugzilla.redhat.com/show_bug.cgi?id=2350400", "https://bugzilla.redhat.com/show_bug.cgi?id=2350585", "https://bugzilla.redhat.com/show_bug.cgi?id=2350589", "https://bugzilla.redhat.com/show_bug.cgi?id=2350725", "https://bugzilla.redhat.com/show_bug.cgi?id=2350726", "https://bugzilla.redhat.com/show_bug.cgi?id=2351606", "https://bugzilla.redhat.com/show_bug.cgi?id=2351608", "https://bugzilla.redhat.com/show_bug.cgi?id=2351612", "https://bugzilla.redhat.com/show_bug.cgi?id=2351613", "https://bugzilla.redhat.com/show_bug.cgi?id=2351616", "https://bugzilla.redhat.com/show_bug.cgi?id=2351618", "https://bugzilla.redhat.com/show_bug.cgi?id=2351620", "https://bugzilla.redhat.com/show_bug.cgi?id=2351624", "https://bugzilla.redhat.com/show_bug.cgi?id=2351625", "https://bugzilla.redhat.com/show_bug.cgi?id=2351629", "https://bugzilla.redhat.com/show_bug.cgi?id=2351633", "https://bugzilla.redhat.com/show_bug.cgi?id=2356647", "https://bugzilla.redhat.com/show_bug.cgi?id=2360215", "https://bugzilla.redhat.com/show_bug.cgi?id=2360223", "https://bugzilla.redhat.com/show_bug.cgi?id=2363380", "https://bugzilla.redhat.com/show_bug.cgi?id=2369184", "https://bugzilla.redhat.com/show_bug.cgi?id=2376076", "https://bugzilla.redhat.com/show_bug.cgi?id=2383441", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48830", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49024", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49269", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49353", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49432", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49437", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49443", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49623", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49627", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49643", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49657", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49670", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49845", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36350", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46744", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47679", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47727", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49570", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50060", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50195", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50294", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52332", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53052", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53090", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53119", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53135", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53170", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53229", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53241", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53680", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54456", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56603", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56645", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56662", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56690", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56709", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57981", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57986", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57987", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57988", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57990", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57993", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57995", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57998", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58012", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58015", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58057", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58062", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58068", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58072", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58075", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58077", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58083", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58088", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21647", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21671", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21693", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21696", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21702", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21714", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21728", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21738", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21745", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21746", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21765", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21787", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21806", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21828", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21829", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21837", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21839", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21844", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21846", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21848", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21851", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21855", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21861", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21863", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21902", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37994", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38116", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38396", "https://errata.almalinux.org/9/ALSA-2025-20518.html", "https://errata.rockylinux.org/RLSA-2025:20518", "https://git.kernel.org/linus/eac2ca2d682f94f46b1973bdf5e77d85d77b8e53 (6.12-rc1)", "https://git.kernel.org/stable/c/a2493904e95ce94bbec819d8f7f03b99976eb25c", "https://git.kernel.org/stable/c/c2eadeafce2d385b3f6d26a7f31fee5aba2bbbb0", "https://git.kernel.org/stable/c/eac2ca2d682f94f46b1973bdf5e77d85d77b8e53", "https://git.kernel.org/stable/c/f4ce3b5d26ce149e77e6b8e8f2058aa80e5b034e", "https://linux.oracle.com/cve/CVE-2024-50060.html", "https://linux.oracle.com/errata/ELSA-2025-20518-0.html", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024102135-CVE-2024-50060-6994@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-50060", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7383-1", "https://ubuntu.com/security/notices/USN-7383-2", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-50060" ], "PublishedDate": "2024-10-21T20:15:18.117Z", "LastModifiedDate": "2025-11-03T23:16:45.853Z" }, { "VulnerabilityID": "CVE-2024-50063", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-50063", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:adacf16121ebf8e35b413463ed46fcec11ced3d2d0ecb8fee5c6e1925d83a612", "Title": "kernel: bpf: Prevent tail call between progs attached to different hooks", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Prevent tail call between progs attached to different hooks\n\nbpf progs can be attached to kernel functions, and the attached functions\ncan take different parameters or return different return values. If\nprog attached to one kernel function tail calls prog attached to another\nkernel function, the ctx access or return value verification could be\nbypassed.\n\nFor example, if prog1 is attached to func1 which takes only 1 parameter\nand prog2 is attached to func2 which takes two parameters. Since verifier\nassumes the bpf ctx passed to prog2 is constructed based on func2's\nprototype, verifier allows prog2 to access the second parameter from\nthe bpf ctx passed to it. The problem is that verifier does not prevent\nprog1 from passing its bpf ctx to prog2 via tail call. In this case,\nthe bpf ctx passed to prog2 is constructed from func1 instead of func2,\nthat is, the assumption for ctx access verification is bypassed.\n\nAnother example, if BPF LSM prog1 is attached to hook file_alloc_security,\nand BPF LSM prog2 is attached to hook bpf_lsm_audit_rule_known. Verifier\nknows the return value rules for these two hooks, e.g. it is legal for\nbpf_lsm_audit_rule_known to return positive number 1, and it is illegal\nfor file_alloc_security to return positive number. So verifier allows\nprog2 to return positive number 1, but does not allow prog1 to return\npositive number. The problem is that verifier does not prevent prog1\nfrom calling prog2 via tail call. In this case, prog2's return value 1\nwill be used as the return value for prog1's hook file_alloc_security.\nThat is, the return value rule is bypassed.\n\nThis patch adds restriction for tail call to prevent such bypasses.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "cbl-mariner": 3, "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-50063", "https://git.kernel.org/linus/28ead3eaabc16ecc907cfb71876da028080f6356 (6.12-rc1)", "https://git.kernel.org/stable/c/28ead3eaabc16ecc907cfb71876da028080f6356", "https://git.kernel.org/stable/c/5d5e3b4cbe8ee16b7bf96fd73a421c92a9da3ca1", "https://git.kernel.org/stable/c/88c2a10e6c176c2860cd0659f4c0e9d20b3f64d1", "https://git.kernel.org/stable/c/d9a807fb7cbfad4328824186e2e4bee28f72169b", "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html", "https://lore.kernel.org/linux-cve-announce/2024102136-CVE-2024-50063-1a59@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-50063", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7383-1", "https://ubuntu.com/security/notices/USN-7383-2", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-50063" ], "PublishedDate": "2024-10-21T20:15:18.36Z", "LastModifiedDate": "2025-11-03T20:16:35.263Z" }, { "VulnerabilityID": "CVE-2024-50067", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-164.174", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-50067", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0796e108756bc159a845b3698124be82d8fa0b177801902af782a77951f9239d", "Title": "kernel: uprobe: avoid out-of-bounds memory access of fetching args", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nuprobe: avoid out-of-bounds memory access of fetching args\n\nUprobe needs to fetch args into a percpu buffer, and then copy to ring\nbuffer to avoid non-atomic context problem.\n\nSometimes user-space strings, arrays can be very large, but the size of\npercpu buffer is only page size. And store_trace_args() won't check\nwhether these data exceeds a single page or not, caused out-of-bounds\nmemory access.\n\nIt could be reproduced by following steps:\n1. build kernel with CONFIG_KASAN enabled\n2. save follow program as test.c\n\n```\n\\#include \u003cstdio.h\u003e\n\\#include \u003cstdlib.h\u003e\n\\#include \u003cstring.h\u003e\n\n// If string length large than MAX_STRING_SIZE, the fetch_store_strlen()\n// will return 0, cause __get_data_size() return shorter size, and\n// store_trace_args() will not trigger out-of-bounds access.\n// So make string length less than 4096.\n\\#define STRLEN 4093\n\nvoid generate_string(char *str, int n)\n{\n int i;\n for (i = 0; i \u003c n; ++i)\n {\n char c = i % 26 + 'a';\n str[i] = c;\n }\n str[n-1] = '\\0';\n}\n\nvoid print_string(char *str)\n{\n printf(\"%s\\n\", str);\n}\n\nint main()\n{\n char tmp[STRLEN];\n\n generate_string(tmp, STRLEN);\n print_string(tmp);\n\n return 0;\n}\n```\n3. compile program\n`gcc -o test test.c`\n\n4. get the offset of `print_string()`\n```\nobjdump -t test | grep -w print_string\n0000000000401199 g F .text 000000000000001b print_string\n```\n\n5. configure uprobe with offset 0x1199\n```\noff=0x1199\n\ncd /sys/kernel/debug/tracing/\necho \"p /root/test:${off} arg1=+0(%di):ustring arg2=\\$comm arg3=+0(%di):ustring\"\n \u003e uprobe_events\necho 1 \u003e events/uprobes/enable\necho 1 \u003e tracing_on\n```\n\n6. run `test`, and kasan will report error.\n==================================================================\nBUG: KASAN: use-after-free in strncpy_from_user+0x1d6/0x1f0\nWrite of size 8 at addr ffff88812311c004 by task test/499CPU: 0 UID: 0 PID: 499 Comm: test Not tainted 6.12.0-rc3+ #18\nHardware name: Red Hat KVM, BIOS 1.16.0-4.al8 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x55/0x70\n print_address_description.constprop.0+0x27/0x310\n kasan_report+0x10f/0x120\n ? strncpy_from_user+0x1d6/0x1f0\n strncpy_from_user+0x1d6/0x1f0\n ? rmqueue.constprop.0+0x70d/0x2ad0\n process_fetch_insn+0xb26/0x1470\n ? __pfx_process_fetch_insn+0x10/0x10\n ? _raw_spin_lock+0x85/0xe0\n ? __pfx__raw_spin_lock+0x10/0x10\n ? __pte_offset_map+0x1f/0x2d0\n ? unwind_next_frame+0xc5f/0x1f80\n ? arch_stack_walk+0x68/0xf0\n ? is_bpf_text_address+0x23/0x30\n ? kernel_text_address.part.0+0xbb/0xd0\n ? __kernel_text_address+0x66/0xb0\n ? unwind_get_return_address+0x5e/0xa0\n ? __pfx_stack_trace_consume_entry+0x10/0x10\n ? arch_stack_walk+0xa2/0xf0\n ? _raw_spin_lock_irqsave+0x8b/0xf0\n ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n ? depot_alloc_stack+0x4c/0x1f0\n ? _raw_spin_unlock_irqrestore+0xe/0x30\n ? stack_depot_save_flags+0x35d/0x4f0\n ? kasan_save_stack+0x34/0x50\n ? kasan_save_stack+0x24/0x50\n ? mutex_lock+0x91/0xe0\n ? __pfx_mutex_lock+0x10/0x10\n prepare_uprobe_buffer.part.0+0x2cd/0x500\n uprobe_dispatcher+0x2c3/0x6a0\n ? __pfx_uprobe_dispatcher+0x10/0x10\n ? __kasan_slab_alloc+0x4d/0x90\n handler_chain+0xdd/0x3e0\n handle_swbp+0x26e/0x3d0\n ? __pfx_handle_swbp+0x10/0x10\n ? uprobe_pre_sstep_notifier+0x151/0x1b0\n irqentry_exit_to_user_mode+0xe2/0x1b0\n asm_exc_int3+0x39/0x40\nRIP: 0033:0x401199\nCode: 01 c2 0f b6 45 fb 88 02 83 45 fc 01 8b 45 fc 3b 45 e4 7c b7 8b 45 e4 48 98 48 8d 50 ff 48 8b 45 e8 48 01 d0 ce\nRSP: 002b:00007ffdf00576a8 EFLAGS: 00000206\nRAX: 00007ffdf00576b0 RBX: 0000000000000000 RCX: 0000000000000ff2\nRDX: 0000000000000ffc RSI: 0000000000000ffd RDI: 00007ffdf00576b0\nRBP: 00007ffdf00586b0 R08: 00007feb2f9c0d20 R09: 00007feb2f9c0d20\nR10: 0000000000000001 R11: 0000000000000202 R12: 0000000000401040\nR13: 00007ffdf0058780 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\n\nThis commit enforces the buffer's maxlen less than a page-size to avoid\nstore_trace_args() out-of-memory access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787", "CWE-416" ], "VendorSeverity": { "amazon": 3, "azure": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H", "V3Score": 7.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-50067", "https://git.kernel.org/linus/373b9338c9722a368925d83bc622c596896b328e (6.12-rc5)", "https://git.kernel.org/stable/c/0dc3ad9ad2188da7f090b3dbe4d2fcd9ae8ae64f", "https://git.kernel.org/stable/c/373b9338c9722a368925d83bc622c596896b328e", "https://git.kernel.org/stable/c/537ad4a431f6dddbf15d40d19f24bb9ee12b55cb", "https://git.kernel.org/stable/c/9e5f93788c9dd4309e75a56860a1ac44a8e117b9", "https://linux.oracle.com/cve/CVE-2024-50067.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024102859-CVE-2024-50067-f7c0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-50067", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://ubuntu.com/security/notices/USN-7907-1", "https://ubuntu.com/security/notices/USN-7907-2", "https://ubuntu.com/security/notices/USN-7907-3", "https://ubuntu.com/security/notices/USN-7907-4", "https://ubuntu.com/security/notices/USN-7907-5", "https://ubuntu.com/security/notices/USN-7922-1", "https://ubuntu.com/security/notices/USN-7922-2", "https://ubuntu.com/security/notices/USN-7922-3", "https://ubuntu.com/security/notices/USN-7922-4", "https://ubuntu.com/security/notices/USN-7922-5", "https://ubuntu.com/security/notices/USN-7928-1", "https://ubuntu.com/security/notices/USN-7928-2", "https://ubuntu.com/security/notices/USN-7928-3", "https://ubuntu.com/security/notices/USN-7928-4", "https://ubuntu.com/security/notices/USN-7928-5", "https://ubuntu.com/security/notices/USN-7930-1", "https://ubuntu.com/security/notices/USN-7930-2", "https://ubuntu.com/security/notices/USN-7937-1", "https://ubuntu.com/security/notices/USN-7938-1", "https://ubuntu.com/security/notices/USN-7939-1", "https://ubuntu.com/security/notices/USN-7939-2", "https://www.cve.org/CVERecord?id=CVE-2024-50067" ], "PublishedDate": "2024-10-28T01:15:02.93Z", "LastModifiedDate": "2025-11-03T23:16:46.287Z" }, { "VulnerabilityID": "CVE-2024-50098", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-50098", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:327b9bdc38d524b642953172479323e0c5f5224648cbd6d8bce7599ac361c031", "Title": "kernel: scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down\n\nThere is a history of deadlock if reboot is performed at the beginning\nof booting. SDEV_QUIESCE was set for all LU's scsi_devices by UFS\nshutdown, and at that time the audio driver was waiting on\nblk_mq_submit_bio() holding a mutex_lock while reading the fw binary.\nAfter that, a deadlock issue occurred while audio driver shutdown was\nwaiting for mutex_unlock of blk_mq_submit_bio(). To solve this, set\nSDEV_OFFLINE for all LUs except WLUN, so that any I/O that comes down\nafter a UFS shutdown will return an error.\n\n[ 31.907781]I[0: swapper/0: 0] 1 130705007 1651079834 11289729804 0 D( 2) 3 ffffff882e208000 * init [device_shutdown]\n[ 31.907793]I[0: swapper/0: 0] Mutex: 0xffffff8849a2b8b0: owner[0xffffff882e28cb00 kworker/6:0 :49]\n[ 31.907806]I[0: swapper/0: 0] Call trace:\n[ 31.907810]I[0: swapper/0: 0] __switch_to+0x174/0x338\n[ 31.907819]I[0: swapper/0: 0] __schedule+0x5ec/0x9cc\n[ 31.907826]I[0: swapper/0: 0] schedule+0x7c/0xe8\n[ 31.907834]I[0: swapper/0: 0] schedule_preempt_disabled+0x24/0x40\n[ 31.907842]I[0: swapper/0: 0] __mutex_lock+0x408/0xdac\n[ 31.907849]I[0: swapper/0: 0] __mutex_lock_slowpath+0x14/0x24\n[ 31.907858]I[0: swapper/0: 0] mutex_lock+0x40/0xec\n[ 31.907866]I[0: swapper/0: 0] device_shutdown+0x108/0x280\n[ 31.907875]I[0: swapper/0: 0] kernel_restart+0x4c/0x11c\n[ 31.907883]I[0: swapper/0: 0] __arm64_sys_reboot+0x15c/0x280\n[ 31.907890]I[0: swapper/0: 0] invoke_syscall+0x70/0x158\n[ 31.907899]I[0: swapper/0: 0] el0_svc_common+0xb4/0xf4\n[ 31.907909]I[0: swapper/0: 0] do_el0_svc+0x2c/0xb0\n[ 31.907918]I[0: swapper/0: 0] el0_svc+0x34/0xe0\n[ 31.907928]I[0: swapper/0: 0] el0t_64_sync_handler+0x68/0xb4\n[ 31.907937]I[0: swapper/0: 0] el0t_64_sync+0x1a0/0x1a4\n\n[ 31.908774]I[0: swapper/0: 0] 49 0 11960702 11236868007 0 D( 2) 6 ffffff882e28cb00 * kworker/6:0 [__bio_queue_enter]\n[ 31.908783]I[0: swapper/0: 0] Call trace:\n[ 31.908788]I[0: swapper/0: 0] __switch_to+0x174/0x338\n[ 31.908796]I[0: swapper/0: 0] __schedule+0x5ec/0x9cc\n[ 31.908803]I[0: swapper/0: 0] schedule+0x7c/0xe8\n[ 31.908811]I[0: swapper/0: 0] __bio_queue_enter+0xb8/0x178\n[ 31.908818]I[0: swapper/0: 0] blk_mq_submit_bio+0x194/0x67c\n[ 31.908827]I[0: swapper/0: 0] __submit_bio+0xb8/0x19c", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-50098", "https://git.kernel.org/linus/19a198b67767d952c8f3d0cf24eb3100522a8223 (6.12-rc4)", "https://git.kernel.org/stable/c/19a198b67767d952c8f3d0cf24eb3100522a8223", "https://git.kernel.org/stable/c/7774d23622416dbbbdb21bf342b3f0d92cf1dc0f", "https://git.kernel.org/stable/c/7bd9af254275fad7071d85f04616560deb598d7d", "https://git.kernel.org/stable/c/7de759fceacff5660abf9590d11114215a9d5f3c", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024110526-CVE-2024-50098-82f2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-50098", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7383-1", "https://ubuntu.com/security/notices/USN-7383-2", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-50098" ], "PublishedDate": "2024-11-05T18:15:13.62Z", "LastModifiedDate": "2025-11-03T23:16:50.547Z" }, { "VulnerabilityID": "CVE-2024-50106", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-50106", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:727513529d715a52d4aa8d16382888498082d9eb329ab3f14eb2a3d6fd6bab2e", "Title": "kernel: nfsd: fix race between laundromat and free_stateid", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix race between laundromat and free_stateid\n\nThere is a race between laundromat handling of revoked delegations\nand a client sending free_stateid operation. Laundromat thread\nfinds that delegation has expired and needs to be revoked so it\nmarks the delegation stid revoked and it puts it on a reaper list\nbut then it unlock the state lock and the actual delegation revocation\nhappens without the lock. Once the stid is marked revoked a racing\nfree_stateid processing thread does the following (1) it calls\nlist_del_init() which removes it from the reaper list and (2) frees\nthe delegation stid structure. The laundromat thread ends up not\ncalling the revoke_delegation() function for this particular delegation\nbut that means it will no release the lock lease that exists on\nthe file.\n\nNow, a new open for this file comes in and ends up finding that\nlease list isn't empty and calls nfsd_breaker_owns_lease() which ends\nup trying to derefence a freed delegation stateid. Leading to the\nfollowint use-after-free KASAN warning:\n\nkernel: ==================================================================\nkernel: BUG: KASAN: slab-use-after-free in nfsd_breaker_owns_lease+0x140/0x160 [nfsd]\nkernel: Read of size 8 at addr ffff0000e73cd0c8 by task nfsd/6205\nkernel:\nkernel: CPU: 2 UID: 0 PID: 6205 Comm: nfsd Kdump: loaded Not tainted 6.11.0-rc7+ #9\nkernel: Hardware name: Apple Inc. Apple Virtualization Generic Platform, BIOS 2069.0.0.0.0 08/03/2024\nkernel: Call trace:\nkernel: dump_backtrace+0x98/0x120\nkernel: show_stack+0x1c/0x30\nkernel: dump_stack_lvl+0x80/0xe8\nkernel: print_address_description.constprop.0+0x84/0x390\nkernel: print_report+0xa4/0x268\nkernel: kasan_report+0xb4/0xf8\nkernel: __asan_report_load8_noabort+0x1c/0x28\nkernel: nfsd_breaker_owns_lease+0x140/0x160 [nfsd]\nkernel: nfsd_file_do_acquire+0xb3c/0x11d0 [nfsd]\nkernel: nfsd_file_acquire_opened+0x84/0x110 [nfsd]\nkernel: nfs4_get_vfs_file+0x634/0x958 [nfsd]\nkernel: nfsd4_process_open2+0xa40/0x1a40 [nfsd]\nkernel: nfsd4_open+0xa08/0xe80 [nfsd]\nkernel: nfsd4_proc_compound+0xb8c/0x2130 [nfsd]\nkernel: nfsd_dispatch+0x22c/0x718 [nfsd]\nkernel: svc_process_common+0x8e8/0x1960 [sunrpc]\nkernel: svc_process+0x3d4/0x7e0 [sunrpc]\nkernel: svc_handle_xprt+0x828/0xe10 [sunrpc]\nkernel: svc_recv+0x2cc/0x6a8 [sunrpc]\nkernel: nfsd+0x270/0x400 [nfsd]\nkernel: kthread+0x288/0x310\nkernel: ret_from_fork+0x10/0x20\n\nThis patch proposes a fixed that's based on adding 2 new additional\nstid's sc_status values that help coordinate between the laundromat\nand other operations (nfsd4_free_stateid() and nfsd4_delegreturn()).\n\nFirst to make sure, that once the stid is marked revoked, it is not\nremoved by the nfsd4_free_stateid(), the laundromat take a reference\non the stateid. Then, coordinating whether the stid has been put\non the cl_revoked list or we are processing FREE_STATEID and need to\nmake sure to remove it from the list, each check that state and act\naccordingly. If laundromat has added to the cl_revoke list before\nthe arrival of FREE_STATEID, then nfsd4_free_stateid() knows to remove\nit from the list. If nfsd4_free_stateid() finds that operations arrived\nbefore laundromat has placed it on cl_revoke list, it marks the state\nfreed and then laundromat will no longer add it to the list.\n\nAlso, for nfsd4_delegreturn() when looking for the specified stid,\nwe need to access stid that are marked removed or freeable, it means\nthe laundromat has started processing it but hasn't finished and this\ndelegreturn needs to return nfserr_deleg_revoked and not\nnfserr_bad_stateid. The latter will not trigger a FREE_STATEID and the\nlack of it will leave this stid on the cl_revoked list indefinitely.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 3, "oracle-oval": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-50106", "https://git.kernel.org/linus/8dd91e8d31febf4d9cca3ae1bb4771d33ae7ee5a (6.12-rc5)", "https://git.kernel.org/stable/c/8dd91e8d31febf4d9cca3ae1bb4771d33ae7ee5a", "https://git.kernel.org/stable/c/967faa26f313a62e7bebc55d5b8122eaee43b929", "https://linux.oracle.com/cve/CVE-2024-50106.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lore.kernel.org/linux-cve-announce/2024110553-CVE-2024-50106-c095@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-50106", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://www.cve.org/CVERecord?id=CVE-2024-50106" ], "PublishedDate": "2024-11-05T18:15:14.12Z", "LastModifiedDate": "2024-12-11T15:15:11.693Z" }, { "VulnerabilityID": "CVE-2024-50112", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-50112", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8f6e284139b432d6391f757ba85c46b628fa2b0a30b604b673191b8ef65d710c", "Title": "kernel: x86/lam: Disable ADDRESS_MASKING in most cases", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/lam: Disable ADDRESS_MASKING in most cases\n\nLinear Address Masking (LAM) has a weakness related to transient\nexecution as described in the SLAM paper[1]. Unless Linear Address\nSpace Separation (LASS) is enabled this weakness may be exploitable.\n\nUntil kernel adds support for LASS[2], only allow LAM for COMPILE_TEST,\nor when speculation mitigations have been disabled at compile time,\notherwise keep LAM disabled.\n\nThere are no processors in market that support LAM yet, so currently\nnobody is affected by this issue.\n\n[1] SLAM: https://download.vusec.net/papers/slam_sp24.pdf\n[2] LASS: https://lore.kernel.org/lkml/20230609183632.48706-1-alexander.shishkin@linux.intel.com/\n\n[ dhansen: update SPECULATION_MITIGATIONS -\u003e CPU_MITIGATIONS ]", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "V3Score": 2.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-50112", "https://git.kernel.org/linus/3267cb6d3a174ff83d6287dcd5b0047bbd912452 (6.12-rc5)", "https://git.kernel.org/stable/c/3267cb6d3a174ff83d6287dcd5b0047bbd912452", "https://git.kernel.org/stable/c/60a5ba560f296ad8da153f6ad3f70030bfa3958f", "https://git.kernel.org/stable/c/690599066488d16db96ac0d6340f9372fc56f337", "https://lore.kernel.org/linux-cve-announce/2024110555-CVE-2024-50112-37de@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-50112", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-50112" ], "PublishedDate": "2024-11-05T18:15:14.497Z", "LastModifiedDate": "2025-10-01T21:15:48.863Z" }, { "VulnerabilityID": "CVE-2024-50135", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-50135", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4b8743caf7c6a594a7f0c5b16e35c2527fd4471bceb2e32603a5c564fca16f7e", "Title": "kernel: nvme-pci: fix race condition between reset and nvme_dev_disable()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-pci: fix race condition between reset and nvme_dev_disable()\n\nnvme_dev_disable() modifies the dev-\u003eonline_queues field, therefore\nnvme_pci_update_nr_queues() should avoid racing against it, otherwise\nwe could end up passing invalid values to blk_mq_update_nr_hw_queues().\n\n WARNING: CPU: 39 PID: 61303 at drivers/pci/msi/api.c:347\n pci_irq_get_affinity+0x187/0x210\n Workqueue: nvme-reset-wq nvme_reset_work [nvme]\n RIP: 0010:pci_irq_get_affinity+0x187/0x210\n Call Trace:\n \u003cTASK\u003e\n ? blk_mq_pci_map_queues+0x87/0x3c0\n ? pci_irq_get_affinity+0x187/0x210\n blk_mq_pci_map_queues+0x87/0x3c0\n nvme_pci_map_queues+0x189/0x460 [nvme]\n blk_mq_update_nr_hw_queues+0x2a/0x40\n nvme_reset_work+0x1be/0x2a0 [nvme]\n\nFix the bug by locking the shutdown_lock mutex before using\ndev-\u003eonline_queues. Give up if nvme_dev_disable() is running or if\nit has been executed already.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "azure": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-50135", "https://git.kernel.org/linus/26bc0a81f64ce00fc4342c38eeb2eddaad084dd2 (6.12-rc4)", "https://git.kernel.org/stable/c/26bc0a81f64ce00fc4342c38eeb2eddaad084dd2", "https://git.kernel.org/stable/c/4ed32cc0939b64e3d7b48c8c0d63ea038775f304", "https://git.kernel.org/stable/c/b33e49a5f254474b33ce98fd45dd0ffdc247a0be", "https://lore.kernel.org/linux-cve-announce/2024110559-CVE-2024-50135-d177@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-50135", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-50135" ], "PublishedDate": "2024-11-05T18:15:16.153Z", "LastModifiedDate": "2025-10-01T21:15:51.67Z" }, { "VulnerabilityID": "CVE-2024-50138", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-50138", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0214f835fdb1ffa759ff47ddcdd9a63c7a943f42945395b63ec64cdfbaf5a2d5", "Title": "kernel: bpf: Use raw_spinlock_t in ringbuf", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Use raw_spinlock_t in ringbuf\n\nThe function __bpf_ringbuf_reserve is invoked from a tracepoint, which\ndisables preemption. Using spinlock_t in this context can lead to a\n\"sleep in atomic\" warning in the RT variant. This issue is illustrated\nin the example below:\n\nBUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\nin_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 556208, name: test_progs\npreempt_count: 1, expected: 0\nRCU nest depth: 1, expected: 1\nINFO: lockdep is turned off.\nPreemption disabled at:\n[\u003cffffd33a5c88ea44\u003e] migrate_enable+0xc0/0x39c\nCPU: 7 PID: 556208 Comm: test_progs Tainted: G\nHardware name: Qualcomm SA8775P Ride (DT)\nCall trace:\n dump_backtrace+0xac/0x130\n show_stack+0x1c/0x30\n dump_stack_lvl+0xac/0xe8\n dump_stack+0x18/0x30\n __might_resched+0x3bc/0x4fc\n rt_spin_lock+0x8c/0x1a4\n __bpf_ringbuf_reserve+0xc4/0x254\n bpf_ringbuf_reserve_dynptr+0x5c/0xdc\n bpf_prog_ac3d15160d62622a_test_read_write+0x104/0x238\n trace_call_bpf+0x238/0x774\n perf_call_bpf_enter.isra.0+0x104/0x194\n perf_syscall_enter+0x2f8/0x510\n trace_sys_enter+0x39c/0x564\n syscall_trace_enter+0x220/0x3c0\n do_el0_svc+0x138/0x1dc\n el0_svc+0x54/0x130\n el0t_64_sync_handler+0x134/0x150\n el0t_64_sync+0x17c/0x180\n\nSwitch the spinlock to raw_spinlock_t to avoid this error.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-50138", "https://git.kernel.org/linus/8b62645b09f870d70c7910e7550289d444239a46 (6.12-rc4)", "https://git.kernel.org/stable/c/5eb34999d118e69a20dc0c6556f315fcb0a1f8d3", "https://git.kernel.org/stable/c/8b62645b09f870d70c7910e7550289d444239a46", "https://git.kernel.org/stable/c/ca30e682e5d6de44d12c4610767811c9a21d59ba", "https://git.kernel.org/stable/c/f9543375d9b150b2bcf16bb182e6b62309db0888", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024110559-CVE-2024-50138-a1d5@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-50138", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-50138" ], "PublishedDate": "2024-11-05T18:15:16.337Z", "LastModifiedDate": "2025-11-03T23:16:54.197Z" }, { "VulnerabilityID": "CVE-2024-50146", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-50146", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:16ed1d381af046a8e93882b7834a3d28e77ed3fe34bf866fdb5650fe3e4e7dbf", "Title": "kernel: net/mlx5e: Don't call cleanup on profile rollback failure", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Don't call cleanup on profile rollback failure\n\nWhen profile rollback fails in mlx5e_netdev_change_profile, the netdev\nprofile var is left set to NULL. Avoid a crash when unloading the driver\nby not calling profile-\u003ecleanup in such a case.\n\nThis was encountered while testing, with the original trigger that\nthe wq rescuer thread creation got interrupted (presumably due to\nCtrl+C-ing modprobe), which gets converted to ENOMEM (-12) by\nmlx5e_priv_init, the profile rollback also fails for the same reason\n(signal still active) so the profile is left as NULL, leading to a crash\nlater in _mlx5e_remove.\n\n [ 732.473932] mlx5_core 0000:08:00.1: E-Switch: Unload vfs: mode(OFFLOADS), nvfs(2), necvfs(0), active vports(2)\n [ 734.525513] workqueue: Failed to create a rescuer kthread for wq \"mlx5e\": -EINTR\n [ 734.557372] mlx5_core 0000:08:00.1: mlx5e_netdev_init_profile:6235:(pid 6086): mlx5e_priv_init failed, err=-12\n [ 734.559187] mlx5_core 0000:08:00.1 eth3: mlx5e_netdev_change_profile: new profile init failed, -12\n [ 734.560153] workqueue: Failed to create a rescuer kthread for wq \"mlx5e\": -EINTR\n [ 734.589378] mlx5_core 0000:08:00.1: mlx5e_netdev_init_profile:6235:(pid 6086): mlx5e_priv_init failed, err=-12\n [ 734.591136] mlx5_core 0000:08:00.1 eth3: mlx5e_netdev_change_profile: failed to rollback to orig profile, -12\n [ 745.537492] BUG: kernel NULL pointer dereference, address: 0000000000000008\n [ 745.538222] #PF: supervisor read access in kernel mode\n\u003csnipped\u003e\n [ 745.551290] Call Trace:\n [ 745.551590] \u003cTASK\u003e\n [ 745.551866] ? __die+0x20/0x60\n [ 745.552218] ? page_fault_oops+0x150/0x400\n [ 745.555307] ? exc_page_fault+0x79/0x240\n [ 745.555729] ? asm_exc_page_fault+0x22/0x30\n [ 745.556166] ? mlx5e_remove+0x6b/0xb0 [mlx5_core]\n [ 745.556698] auxiliary_bus_remove+0x18/0x30\n [ 745.557134] device_release_driver_internal+0x1df/0x240\n [ 745.557654] bus_remove_device+0xd7/0x140\n [ 745.558075] device_del+0x15b/0x3c0\n [ 745.558456] mlx5_rescan_drivers_locked.part.0+0xb1/0x2f0 [mlx5_core]\n [ 745.559112] mlx5_unregister_device+0x34/0x50 [mlx5_core]\n [ 745.559686] mlx5_uninit_one+0x46/0xf0 [mlx5_core]\n [ 745.560203] remove_one+0x4e/0xd0 [mlx5_core]\n [ 745.560694] pci_device_remove+0x39/0xa0\n [ 745.561112] device_release_driver_internal+0x1df/0x240\n [ 745.561631] driver_detach+0x47/0x90\n [ 745.562022] bus_remove_driver+0x84/0x100\n [ 745.562444] pci_unregister_driver+0x3b/0x90\n [ 745.562890] mlx5_cleanup+0xc/0x1b [mlx5_core]\n [ 745.563415] __x64_sys_delete_module+0x14d/0x2f0\n [ 745.563886] ? kmem_cache_free+0x1b0/0x460\n [ 745.564313] ? lockdep_hardirqs_on_prepare+0xe2/0x190\n [ 745.564825] do_syscall_64+0x6d/0x140\n [ 745.565223] entry_SYSCALL_64_after_hwframe+0x4b/0x53\n [ 745.565725] RIP: 0033:0x7f1579b1288b", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-50146", "https://git.kernel.org/linus/4dbc1d1a9f39c3711ad2a40addca04d07d9ab5d0 (6.12-rc4)", "https://git.kernel.org/stable/c/3955b77494c3c7d14873b1db67e7e00c46a714db", "https://git.kernel.org/stable/c/4dbc1d1a9f39c3711ad2a40addca04d07d9ab5d0", "https://git.kernel.org/stable/c/d6fe973c8873c998734a050f366b28facc03d32a", "https://git.kernel.org/stable/c/db84cb4c8c565e6d4de84b23c2818b63991adfdd", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024110744-CVE-2024-50146-964d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-50146", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-50146" ], "PublishedDate": "2024-11-07T10:15:06.443Z", "LastModifiedDate": "2025-11-03T21:17:02.01Z" }, { "VulnerabilityID": "CVE-2024-50164", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-50164", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:915a12c2c3e839dba31e700a3ce687b6cddf4ea5a1f9892c0d51ae3de900488c", "Title": "kernel: bpf: Fix overloading of MEM_UNINIT's meaning", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix overloading of MEM_UNINIT's meaning\n\nLonial reported an issue in the BPF verifier where check_mem_size_reg()\nhas the following code:\n\n if (!tnum_is_const(reg-\u003evar_off))\n /* For unprivileged variable accesses, disable raw\n * mode so that the program is required to\n * initialize all the memory that the helper could\n * just partially fill up.\n */\n meta = NULL;\n\nThis means that writes are not checked when the register containing the\nsize of the passed buffer has not a fixed size. Through this bug, a BPF\nprogram can write to a map which is marked as read-only, for example,\n.rodata global maps.\n\nThe problem is that MEM_UNINIT's initial meaning that \"the passed buffer\nto the BPF helper does not need to be initialized\" which was added back\nin commit 435faee1aae9 (\"bpf, verifier: add ARG_PTR_TO_RAW_STACK type\")\ngot overloaded over time with \"the passed buffer is being written to\".\n\nThe problem however is that checks such as the above which were added later\nvia 06c1c049721a (\"bpf: allow helpers access to variable memory\") set meta\nto NULL in order force the user to always initialize the passed buffer to\nthe helper. Due to the current double meaning of MEM_UNINIT, this bypasses\nverifier write checks to the memory (not boundary checks though) and only\nassumes the latter memory is read instead.\n\nFix this by reverting MEM_UNINIT back to its original meaning, and having\nMEM_WRITE as an annotation to BPF helpers in order to then trigger the\nBPF verifier checks for writing to memory.\n\nSome notes: check_arg_pair_ok() ensures that for ARG_CONST_SIZE{,_OR_ZERO}\nwe can access fn-\u003earg_type[arg - 1] since it must contain a preceding\nARG_PTR_TO_MEM. For check_mem_reg() the meta argument can be removed\naltogether since we do check both BPF_READ and BPF_WRITE. Same for the\nequivalent check_kfunc_mem_size_reg().", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 3, "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-50164", "https://git.kernel.org/linus/8ea607330a39184f51737c6ae706db7fdca7628e (6.12-rc5)", "https://git.kernel.org/stable/c/43f4df339a4d375bedcad29a61ae6f0ee7a048f8", "https://git.kernel.org/stable/c/48068ccaea957469f1adf78dfd2c1c9a7e18f0fe", "https://git.kernel.org/stable/c/54bc31682660810af1bed7ca7a19f182df8d3df8", "https://git.kernel.org/stable/c/8ea607330a39184f51737c6ae706db7fdca7628e", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024110748-CVE-2024-50164-b109@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-50164", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-50164" ], "PublishedDate": "2024-11-07T10:15:07.697Z", "LastModifiedDate": "2025-11-03T21:17:03.56Z" }, { "VulnerabilityID": "CVE-2024-50166", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-50166", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:42abc1e87c6879ce88cf4695ea1bbd21e3e53a02384fc55ffacdfce8ec17c79b", "Title": "kernel: fsl/fman: Fix refcount handling of fman-related devices", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfsl/fman: Fix refcount handling of fman-related devices\n\nIn mac_probe() there are multiple calls to of_find_device_by_node(),\nfman_bind() and fman_port_bind() which takes references to of_dev-\u003edev.\nNot all references taken by these calls are released later on error path\nin mac_probe() and in mac_remove() which lead to reference leaks.\n\nAdd references release.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-50166", "https://git.kernel.org/linus/1dec67e0d9fbb087c2ab17bf1bd17208231c3bb1 (6.12-rc5)", "https://git.kernel.org/stable/c/1dec67e0d9fbb087c2ab17bf1bd17208231c3bb1", "https://git.kernel.org/stable/c/3c2a3619d565fe16bf59b0a047bab103a2ee4490", "https://git.kernel.org/stable/c/5ed4334fc9512f934fe2ae9c4cf7f8142e451b8b", "https://lore.kernel.org/linux-cve-announce/2024110748-CVE-2024-50166-7fde@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-50166", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-50166" ], "PublishedDate": "2024-11-07T10:15:07.83Z", "LastModifiedDate": "2025-10-01T21:15:56.247Z" }, { "VulnerabilityID": "CVE-2024-50187", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-50187", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ca19ebb6c2f02c2e80eaaf67eed051c4382780c90072b98489aa16f504ef4e7e", "Title": "kernel: drm/vc4: Stop the active perfmon before being destroyed", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vc4: Stop the active perfmon before being destroyed\n\nUpon closing the file descriptor, the active performance monitor is not\nstopped. Although all perfmons are destroyed in `vc4_perfmon_close_file()`,\nthe active performance monitor's pointer (`vc4-\u003eactive_perfmon`) is still\nretained.\n\nIf we open a new file descriptor and submit a few jobs with performance\nmonitors, the driver will attempt to stop the active performance monitor\nusing the stale pointer in `vc4-\u003eactive_perfmon`. However, this pointer\nis no longer valid because the previous process has already terminated,\nand all performance monitors associated with it have been destroyed and\nfreed.\n\nTo fix this, when the active performance monitor belongs to a given\nprocess, explicitly stop it before destroying and freeing it.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-50187", "https://git.kernel.org/linus/0b2ad4f6f2bec74a5287d96cb2325a5e11706f22 (6.12-rc3)", "https://git.kernel.org/stable/c/0b2ad4f6f2bec74a5287d96cb2325a5e11706f22", "https://git.kernel.org/stable/c/75452da51e2403e14be007df80d133e1443fc967", "https://git.kernel.org/stable/c/937943c042503dc6087438bf3557f9057a588ba0", "https://git.kernel.org/stable/c/c9adba739d5f7cdc47a7754df4a17b47b1ecf513", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024110835-CVE-2024-50187-f2b0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-50187", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7383-1", "https://ubuntu.com/security/notices/USN-7383-2", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-50187" ], "PublishedDate": "2024-11-08T06:15:15.77Z", "LastModifiedDate": "2025-11-03T23:16:59.557Z" }, { "VulnerabilityID": "CVE-2024-50211", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-50211", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ae9be7a5789f28a6eff7501dddf3d9a15901da5e73672cc62741733f63d4b529", "Title": "kernel: udf: refactor inode_bmap() to handle error", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: refactor inode_bmap() to handle error\n\nRefactor inode_bmap() to handle error since udf_next_aext() can return\nerror now. On situations like ftruncate, udf_extend_file() can now\ndetect errors and bail out early without resorting to checking for\nparticular offsets and assuming internal behavior of these functions.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 1, "nvd": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-50211", "https://git.kernel.org/linus/c226964ec786f3797ed389a16392ce4357697d24 (6.12-rc2)", "https://git.kernel.org/stable/c/493447dd8336607fce426f7879e581095f6c606e", "https://git.kernel.org/stable/c/b22d9a5698abf04341f8fbc30141e0673863c3a6", "https://git.kernel.org/stable/c/c226964ec786f3797ed389a16392ce4357697d24", "https://lore.kernel.org/linux-cve-announce/2024110811-CVE-2024-50211-feda@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-50211", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-50211" ], "PublishedDate": "2024-11-08T06:15:17.41Z", "LastModifiedDate": "2025-10-01T21:16:06.33Z" }, { "VulnerabilityID": "CVE-2024-50246", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-50246", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e65b930cf8bb393c1729fff6cc622285184ed21b7d381137bb16fa7ef2d795ce", "Title": "kernel: fs/ntfs3: Add rough attr alloc_size check", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Add rough attr alloc_size check", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 3, "nvd": 3, "photon": 3, "redhat": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-50246", "https://git.kernel.org/linus/c4a8ba334262e9a5c158d618a4820e1b9c12495c (6.12-rc3)", "https://git.kernel.org/stable/c/2fcae4c2014a40c8ae0fc3d8cca3ba9e168308de", "https://git.kernel.org/stable/c/c4a8ba334262e9a5c158d618a4820e1b9c12495c", "https://git.kernel.org/stable/c/e91fbb21f248bdd8140f343dac32b77b9bc10fec", "https://git.kernel.org/stable/c/effac690913af9a6c3d6cd967281a34e47ed3e4c", "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html", "https://lore.kernel.org/linux-cve-announce/2024110935-CVE-2024-50246-5c55@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-50246", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-50246" ], "PublishedDate": "2024-11-09T11:15:10.537Z", "LastModifiedDate": "2025-11-03T20:16:35.67Z" }, { "VulnerabilityID": "CVE-2024-50271", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-50271", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f63d68f6673c47bff7059bca599601c3ad383e8603b9deaaa403b7b665c0c3ff", "Title": "kernel: signal: restore the override_rlimit logic", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsignal: restore the override_rlimit logic\n\nPrior to commit d64696905554 (\"Reimplement RLIMIT_SIGPENDING on top of\nucounts\") UCOUNT_RLIMIT_SIGPENDING rlimit was not enforced for a class of\nsignals. However now it's enforced unconditionally, even if\noverride_rlimit is set. This behavior change caused production issues. \n\nFor example, if the limit is reached and a process receives a SIGSEGV\nsignal, sigqueue_alloc fails to allocate the necessary resources for the\nsignal delivery, preventing the signal from being delivered with siginfo. \nThis prevents the process from correctly identifying the fault address and\nhandling the error. From the user-space perspective, applications are\nunaware that the limit has been reached and that the siginfo is\neffectively 'corrupted'. This can lead to unpredictable behavior and\ncrashes, as we observed with java applications.\n\nFix this by passing override_rlimit into inc_rlimit_get_ucounts() and skip\nthe comparison to max there if override_rlimit is set. This effectively\nrestores the old behavior.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-50271", "https://git.kernel.org/linus/9e05e5c7ee8758141d2db7e8fea2cab34500c6ed (6.12-rc7)", "https://git.kernel.org/stable/c/012f4d5d25e9ef92ee129bd5aa7aa60f692681e1", "https://git.kernel.org/stable/c/0208ea17a1e4456fbfe555f13ae5c28f3d671e40", "https://git.kernel.org/stable/c/4877d9b2a2ebad3ae240127aaa4cb8258b145cf7", "https://git.kernel.org/stable/c/9e05e5c7ee8758141d2db7e8fea2cab34500c6ed", "https://linux.oracle.com/cve/CVE-2024-50271.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024111929-CVE-2024-50271-9089@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-50271", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-50271" ], "PublishedDate": "2024-11-19T02:16:29.18Z", "LastModifiedDate": "2025-11-03T23:17:09.133Z" }, { "VulnerabilityID": "CVE-2024-50284", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-50284", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f0984e17d905d29434c7f69ff202707a5c484379997048381ad17528bbe354f9", "Title": "kernel: ksmbd: Fix the missing xa_store error check", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: Fix the missing xa_store error check\n\nxa_store() can fail, it return xa_err(-EINVAL) if the entry cannot\nbe stored in an XArray, or xa_err(-ENOMEM) if memory allocation failed,\nso check error for xa_store() to fix it.", "Severity": "MEDIUM", "CweIDs": [ "CWE-754" ], "VendorSeverity": { "azure": 2, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-50284", "https://git.kernel.org/linus/3abab905b14f4ba756d413f37f1fb02b708eee93 (6.12-rc7)", "https://git.kernel.org/stable/c/3abab905b14f4ba756d413f37f1fb02b708eee93", "https://git.kernel.org/stable/c/726c1568b9145fa13ee248df184b186c382a7ff8", "https://git.kernel.org/stable/c/c2a232c4f790f4bcd4d218904c56ac7a39a448f5", "https://git.kernel.org/stable/c/d8664ce789bd46290c59a00da6897252f92c237d", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024111945-CVE-2024-50284-650e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-50284", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-50284" ], "PublishedDate": "2024-11-19T02:16:30.697Z", "LastModifiedDate": "2025-11-03T23:17:11.033Z" }, { "VulnerabilityID": "CVE-2024-50285", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-50285", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1e689c732122b99ddfe31e450260ebb3cf60871707ae1ff0173fb897ccdbaf24", "Title": "kernel: ksmbd: check outstanding simultaneous SMB operations", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: check outstanding simultaneous SMB operations\n\nIf Client send simultaneous SMB operations to ksmbd, It exhausts too much\nmemory through the \"ksmbd_work_cache”. It will cause OOM issue.\nksmbd has a credit mechanism but it can't handle this problem. This patch\nadd the check if it exceeds max credits to prevent this problem by assuming\nthat one smb request consumes at least one credit.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "azure": 2, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-50285", "https://git.kernel.org/linus/0a77d947f599b1f39065015bec99390d0c0022ee (6.12-rc7)", "https://git.kernel.org/stable/c/0a77d947f599b1f39065015bec99390d0c0022ee", "https://git.kernel.org/stable/c/1f993777275cbd8f74765c4f9d9285cb907c9be5", "https://git.kernel.org/stable/c/e257ac6fe138623cf59fca8898abdf659dbc8356", "https://lore.kernel.org/linux-cve-announce/2024111946-CVE-2024-50285-6013@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-50285", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-50285" ], "PublishedDate": "2024-11-19T02:16:30.787Z", "LastModifiedDate": "2025-10-01T21:16:17.107Z" }, { "VulnerabilityID": "CVE-2024-50286", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-50286", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:fd0077f7f7601a6ef3fc1a75e59a86f6295b7d8484e677d63fc1ec17dd97351b", "Title": "kernel: ksmbd: fix slab-use-after-free in ksmbd_smb2_session_create", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix slab-use-after-free in ksmbd_smb2_session_create\n\nThere is a race condition between ksmbd_smb2_session_create and\nksmbd_expire_session. This patch add missing sessions_table_lock\nwhile adding/deleting session from global session table.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-50286", "https://git.kernel.org/linus/0a77715db22611df50b178374c51e2ba0d58866e (6.12-rc7)", "https://git.kernel.org/stable/c/0a77715db22611df50b178374c51e2ba0d58866e", "https://git.kernel.org/stable/c/e7a2ad2044377853cf8c59528dac808a08a99c72", "https://git.kernel.org/stable/c/e923503a56b3385b64ae492e3225e4623f560c5b", "https://git.kernel.org/stable/c/f56446ba5378d19e31040b548a14ee9a8f1500ea", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024111948-CVE-2024-50286-85e9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-50286", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-50286" ], "PublishedDate": "2024-11-19T02:16:30.86Z", "LastModifiedDate": "2025-11-03T23:17:11.233Z" }, { "VulnerabilityID": "CVE-2024-50289", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-50289", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ea9f5c8a8614f02588391bcc142f8e4d061938e6c09c00ecff292870bbd406a0", "Title": "kernel: media: av7110: fix a spectre vulnerability", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: av7110: fix a spectre vulnerability\n\nAs warned by smatch:\n\tdrivers/staging/media/av7110/av7110_ca.c:270 dvb_ca_ioctl() warn: potential spectre issue 'av7110-\u003eci_slot' [w] (local cap)\n\nThere is a spectre-related vulnerability at the code. Fix it.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-50289", "https://git.kernel.org/linus/458ea1c0be991573ec436aa0afa23baacfae101a (6.12-rc7)", "https://git.kernel.org/stable/c/458ea1c0be991573ec436aa0afa23baacfae101a", "https://git.kernel.org/stable/c/f3927206c478bd249c225414f7a751752a30e7b9", "https://lore.kernel.org/linux-cve-announce/2024111952-CVE-2024-50289-5a27@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-50289", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-50289" ], "PublishedDate": "2024-11-19T02:16:31.117Z", "LastModifiedDate": "2025-10-08T15:02:55.583Z" }, { "VulnerabilityID": "CVE-2024-50298", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-50298", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a08f7d36eac6a3e47f620384a054b78cee02f54c5e437b73f9e8ac648afe28a8", "Title": "kernel: net: enetc: allocate vf_state during PF probes", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: enetc: allocate vf_state during PF probes\n\nIn the previous implementation, vf_state is allocated memory only when VF\nis enabled. However, net_device_ops::ndo_set_vf_mac() may be called before\nVF is enabled to configure the MAC address of VF. If this is the case,\nenetc_pf_set_vf_mac() will access vf_state, resulting in access to a null\npointer. The simplified error log is as follows.\n\nroot@ls1028ardb:~# ip link set eno0 vf 1 mac 00:0c:e7:66:77:89\n[ 173.543315] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004\n[ 173.637254] pc : enetc_pf_set_vf_mac+0x3c/0x80 Message from sy\n[ 173.641973] lr : do_setlink+0x4a8/0xec8\n[ 173.732292] Call trace:\n[ 173.734740] enetc_pf_set_vf_mac+0x3c/0x80\n[ 173.738847] __rtnl_newlink+0x530/0x89c\n[ 173.742692] rtnl_newlink+0x50/0x7c\n[ 173.746189] rtnetlink_rcv_msg+0x128/0x390\n[ 173.750298] netlink_rcv_skb+0x60/0x130\n[ 173.754145] rtnetlink_rcv+0x18/0x24\n[ 173.757731] netlink_unicast+0x318/0x380\n[ 173.761665] netlink_sendmsg+0x17c/0x3c8", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-50298", "https://git.kernel.org/linus/e15c5506dd39885cd047f811a64240e2e8ab401b (6.12-rc7)", "https://git.kernel.org/stable/c/35668e29e979b3a1927d3959cdd87327afd8e5eb", "https://git.kernel.org/stable/c/7eb923f8d4819737c07d6a8d0daef0a4d7f99e0c", "https://git.kernel.org/stable/c/e15c5506dd39885cd047f811a64240e2e8ab401b", "https://git.kernel.org/stable/c/ef0edfbe9eeed1fccad7cb705648af5222664944", "https://lore.kernel.org/linux-cve-announce/2024111903-CVE-2024-50298-2ef7@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-50298", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-50298" ], "PublishedDate": "2024-11-19T02:16:31.97Z", "LastModifiedDate": "2026-03-25T11:16:08.85Z" }, { "VulnerabilityID": "CVE-2024-52559", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-52559", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:78e2006f2184a1b89143d7f31e397e32d684f22f1394a0cf850657f4b5b390bb", "Title": "kernel: drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit()\n\nThe \"submit-\u003ecmd[i].size\" and \"submit-\u003ecmd[i].offset\" variables are u32\nvalues that come from the user via the submit_lookup_cmds() function.\nThis addition could lead to an integer wrapping bug so use size_add()\nto prevent that.\n\nPatchwork: https://patchwork.freedesktop.org/patch/624696/", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-52559", "https://git.kernel.org/linus/3a47f4b439beb98e955d501c609dfd12b7836d61 (6.14-rc1)", "https://git.kernel.org/stable/c/2b99b2c4621d13bd4374ef384e8f1fc188d0a5df", "https://git.kernel.org/stable/c/2f1845e46c41ed500789d53dc45b383b7745c96c", "https://git.kernel.org/stable/c/3a47f4b439beb98e955d501c609dfd12b7836d61", "https://git.kernel.org/stable/c/e43a0f1327a1ee70754f8a0de6e0262cfa3e0b87", "https://linux.oracle.com/cve/CVE-2024-52559.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025022602-CVE-2024-52559-6125@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-52559", "https://ubuntu.com/security/notices/USN-7521-1", "https://ubuntu.com/security/notices/USN-7521-2", "https://ubuntu.com/security/notices/USN-7521-3", "https://ubuntu.com/security/notices/USN-7703-1", "https://ubuntu.com/security/notices/USN-7703-2", "https://ubuntu.com/security/notices/USN-7703-3", "https://ubuntu.com/security/notices/USN-7703-4", "https://ubuntu.com/security/notices/USN-7719-1", "https://ubuntu.com/security/notices/USN-7737-1", "https://www.cve.org/CVERecord?id=CVE-2024-52559" ], "PublishedDate": "2025-02-27T03:15:10.477Z", "LastModifiedDate": "2025-10-01T20:17:16.753Z" }, { "VulnerabilityID": "CVE-2024-52560", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-52560", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d324396adf3ac24f41f5b79fa86b958cf1e8e10fb2d8fef9369dee5bdf0cc278", "Title": "kernel: fs/ntfs3: Mark inode as bad as soon as error detected in mi_enum_attr()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Mark inode as bad as soon as error detected in mi_enum_attr()\n\nExtended the `mi_enum_attr()` function interface with an additional\nparameter, `struct ntfs_inode *ni`, to allow marking the inode\nas bad as soon as an error is detected.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-52560", "https://git.kernel.org/linus/2afd4d267e6dbaec8d3ccd4f5396cb84bc67aa2e (6.14-rc1)", "https://git.kernel.org/stable/c/2afd4d267e6dbaec8d3ccd4f5396cb84bc67aa2e", "https://git.kernel.org/stable/c/d9c699f2c4dc174940ffe8600b20c267897da155", "https://lore.kernel.org/linux-cve-announce/2025022602-CVE-2024-52560-8446@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-52560", "https://www.cve.org/CVERecord?id=CVE-2024-52560" ], "PublishedDate": "2025-02-27T03:15:10.573Z", "LastModifiedDate": "2025-10-23T13:05:38.517Z" }, { "VulnerabilityID": "CVE-2024-53056", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-53056", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f5bac83f396f34c058d0ff3e6535bf2b27593ed0f34fbffebf2e371efbe330c2", "Title": "kernel: drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy()\n\nIn mtk_crtc_create(), if the call to mbox_request_channel() fails then we\nset the \"mtk_crtc-\u003ecmdq_client.chan\" pointer to NULL. In that situation,\nwe do not call cmdq_pkt_create().\n\nDuring the cleanup, we need to check if the \"mtk_crtc-\u003ecmdq_client.chan\"\nis NULL first before calling cmdq_pkt_destroy(). Calling\ncmdq_pkt_destroy() is unnecessary if we didn't call cmdq_pkt_create() and\nit will result in a NULL pointer dereference.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-53056", "https://git.kernel.org/linus/4018651ba5c409034149f297d3dd3328b91561fd (6.12-rc6)", "https://git.kernel.org/stable/c/4018651ba5c409034149f297d3dd3328b91561fd", "https://git.kernel.org/stable/c/c60583a87cb4a85b69d1f448f0be5eb6ec62cbb2", "https://lore.kernel.org/linux-cve-announce/2024111928-CVE-2024-53056-ae69@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-53056", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://www.cve.org/CVERecord?id=CVE-2024-53056" ], "PublishedDate": "2024-11-19T18:15:25.627Z", "LastModifiedDate": "2025-10-01T21:16:23.087Z" }, { "VulnerabilityID": "CVE-2024-53079", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-53079", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:bfcfb48a68c131385064d5cf640a2afbb9e74b87c6df89b734625671bc3602d1", "Title": "kernel: mm/thp: fix deferred split unqueue naming and locking", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/thp: fix deferred split unqueue naming and locking\n\nRecent changes are putting more pressure on THP deferred split queues:\nunder load revealing long-standing races, causing list_del corruptions,\n\"Bad page state\"s and worse (I keep BUGs in both of those, so usually\ndon't get to see how badly they end up without). The relevant recent\nchanges being 6.8's mTHP, 6.10's mTHP swapout, and 6.12's mTHP swapin,\nimproved swap allocation, and underused THP splitting.\n\nBefore fixing locking: rename misleading folio_undo_large_rmappable(),\nwhich does not undo large_rmappable, to folio_unqueue_deferred_split(),\nwhich is what it does. But that and its out-of-line __callee are mm\ninternals of very limited usability: add comment and WARN_ON_ONCEs to\ncheck usage; and return a bool to say if a deferred split was unqueued,\nwhich can then be used in WARN_ON_ONCEs around safety checks (sparing\ncallers the arcane conditionals in __folio_unqueue_deferred_split()).\n\nJust omit the folio_unqueue_deferred_split() from free_unref_folios(), all\nof whose callers now call it beforehand (and if any forget then bad_page()\nwill tell) - except for its caller put_pages_list(), which itself no\nlonger has any callers (and will be deleted separately).\n\nSwapout: mem_cgroup_swapout() has been resetting folio-\u003ememcg_data 0\nwithout checking and unqueueing a THP folio from deferred split list;\nwhich is unfortunate, since the split_queue_lock depends on the memcg\n(when memcg is enabled); so swapout has been unqueueing such THPs later,\nwhen freeing the folio, using the pgdat's lock instead: potentially\ncorrupting the memcg's list. __remove_mapping() has frozen refcount to 0\nhere, so no problem with calling folio_unqueue_deferred_split() before\nresetting memcg_data.\n\nThat goes back to 5.4 commit 87eaceb3faa5 (\"mm: thp: make deferred split\nshrinker memcg aware\"): which included a check on swapcache before adding\nto deferred queue, but no check on deferred queue before adding THP to\nswapcache. That worked fine with the usual sequence of events in reclaim\n(though there were a couple of rare ways in which a THP on deferred queue\ncould have been swapped out), but 6.12 commit dafff3f4c850 (\"mm: split\nunderused THPs\") avoids splitting underused THPs in reclaim, which makes\nswapcache THPs on deferred queue commonplace.\n\nKeep the check on swapcache before adding to deferred queue? Yes: it is\nno longer essential, but preserves the existing behaviour, and is likely\nto be a worthwhile optimization (vmstat showed much more traffic on the\nqueue under swapping load if the check was removed); update its comment.\n\nMemcg-v1 move (deprecated): mem_cgroup_move_account() has been changing\nfolio-\u003ememcg_data without checking and unqueueing a THP folio from the\ndeferred list, sometimes corrupting \"from\" memcg's list, like swapout. \nRefcount is non-zero here, so folio_unqueue_deferred_split() can only be\nused in a WARN_ON_ONCE to validate the fix, which must be done earlier:\nmem_cgroup_move_charge_pte_range() first try to split the THP (splitting\nof course unqueues), or skip it if that fails. Not ideal, but moving\ncharge has been requested, and khugepaged should repair the THP later:\nnobody wants new custom unqueueing code just for this deprecated case.\n\nThe 87eaceb3faa5 commit did have the code to move from one deferred list\nto another (but was not conscious of its unsafety while refcount non-0);\nbut that was removed by 5.6 commit fac0516b5534 (\"mm: thp: don't need care\ndeferred split queue in memcg charge move path\"), which argued that the\nexistence of a PMD mapping guarantees that the THP cannot be on a deferred\nlist. As above, false in rare cases, and now commonly false.\n\nBackport to 6.11 should be straightforward. Earlier backports must take\ncare that other _deferred_list fixes and dependencies are included. There\nis not a strong case for backports, but they can fix cornercases.", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "azure": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-53079", "https://git.kernel.org/linus/f8f931bba0f92052cf842b7e30917b1afcc77d5a (6.12-rc7)", "https://git.kernel.org/stable/c/afb1352d06b1b6b2cfd1f901c766a430c87078b3", "https://git.kernel.org/stable/c/f8f931bba0f92052cf842b7e30917b1afcc77d5a", "https://git.kernel.org/stable/c/fc4951c3e3358dd82ea508e893695b916c813f17", "https://lore.kernel.org/linux-cve-announce/2024111901-CVE-2024-53079-7501@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-53079", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-53079" ], "PublishedDate": "2024-11-19T18:15:27.34Z", "LastModifiedDate": "2025-10-01T21:16:26.843Z" }, { "VulnerabilityID": "CVE-2024-53090", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-164.174", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-53090", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:48320f1f37fa220ce1ddbd544214fac82aefd98c2cf51b1d4528a070a55f352c", "Title": "kernel: afs: Fix lock recursion", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nafs: Fix lock recursion\n\nafs_wake_up_async_call() can incur lock recursion. The problem is that it\nis called from AF_RXRPC whilst holding the -\u003enotify_lock, but it tries to\ntake a ref on the afs_call struct in order to pass it to a work queue - but\nif the afs_call is already queued, we then have an extraneous ref that must\nbe put... calling afs_put_call() may call back down into AF_RXRPC through\nrxrpc_kernel_shutdown_call(), however, which might try taking the\n-\u003enotify_lock again.\n\nThis case isn't very common, however, so defer it to a workqueue. The oops\nlooks something like:\n\n BUG: spinlock recursion on CPU#0, krxrpcio/7001/1646\n lock: 0xffff888141399b30, .magic: dead4ead, .owner: krxrpcio/7001/1646, .owner_cpu: 0\n CPU: 0 UID: 0 PID: 1646 Comm: krxrpcio/7001 Not tainted 6.12.0-rc2-build3+ #4351\n Hardware name: ASUS All Series/H97-PLUS, BIOS 2306 10/09/2014\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x47/0x70\n do_raw_spin_lock+0x3c/0x90\n rxrpc_kernel_shutdown_call+0x83/0xb0\n afs_put_call+0xd7/0x180\n rxrpc_notify_socket+0xa0/0x190\n rxrpc_input_split_jumbo+0x198/0x1d0\n rxrpc_input_data+0x14b/0x1e0\n ? rxrpc_input_call_packet+0xc2/0x1f0\n rxrpc_input_call_event+0xad/0x6b0\n rxrpc_input_packet_on_conn+0x1e1/0x210\n rxrpc_input_packet+0x3f2/0x4d0\n rxrpc_io_thread+0x243/0x410\n ? __pfx_rxrpc_io_thread+0x10/0x10\n kthread+0xcf/0xe0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x24/0x40\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e", "Severity": "MEDIUM", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "alma": 2, "nvd": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:20518", "https://access.redhat.com/security/cve/CVE-2024-53090", "https://bugzilla.redhat.com/2298169", "https://bugzilla.redhat.com/2312077", "https://bugzilla.redhat.com/2313092", "https://bugzilla.redhat.com/2320172", "https://bugzilla.redhat.com/2320259", "https://bugzilla.redhat.com/2320455", "https://bugzilla.redhat.com/2320616", "https://bugzilla.redhat.com/2320722", "https://bugzilla.redhat.com/2324549", "https://bugzilla.redhat.com/2327203", "https://bugzilla.redhat.com/2327374", "https://bugzilla.redhat.com/2327887", "https://bugzilla.redhat.com/2329918", "https://bugzilla.redhat.com/2330341", "https://bugzilla.redhat.com/2331326", "https://bugzilla.redhat.com/2334357", "https://bugzilla.redhat.com/2334396", "https://bugzilla.redhat.com/2334415", "https://bugzilla.redhat.com/2334439", "https://bugzilla.redhat.com/2334537", "https://bugzilla.redhat.com/2334547", "https://bugzilla.redhat.com/2334548", "https://bugzilla.redhat.com/2334560", "https://bugzilla.redhat.com/2334676", "https://bugzilla.redhat.com/2334795", "https://bugzilla.redhat.com/2334829", "https://bugzilla.redhat.com/2336541", "https://bugzilla.redhat.com/2337121", "https://bugzilla.redhat.com/2337124", "https://bugzilla.redhat.com/2338814", "https://bugzilla.redhat.com/2338828", "https://bugzilla.redhat.com/2338832", "https://bugzilla.redhat.com/2343172", "https://bugzilla.redhat.com/2343175", "https://bugzilla.redhat.com/2344684", "https://bugzilla.redhat.com/2344687", "https://bugzilla.redhat.com/2345240", "https://bugzilla.redhat.com/2346272", "https://bugzilla.redhat.com/2347707", "https://bugzilla.redhat.com/2347753", "https://bugzilla.redhat.com/2347759", "https://bugzilla.redhat.com/2347781", "https://bugzilla.redhat.com/2347807", "https://bugzilla.redhat.com/2347859", "https://bugzilla.redhat.com/2347919", "https://bugzilla.redhat.com/2347968", "https://bugzilla.redhat.com/2348022", "https://bugzilla.redhat.com/2348071", "https://bugzilla.redhat.com/2348238", "https://bugzilla.redhat.com/2348240", "https://bugzilla.redhat.com/2348279", "https://bugzilla.redhat.com/2348515", "https://bugzilla.redhat.com/2348523", "https://bugzilla.redhat.com/2348528", "https://bugzilla.redhat.com/2348541", "https://bugzilla.redhat.com/2348543", "https://bugzilla.redhat.com/2348547", "https://bugzilla.redhat.com/2348550", "https://bugzilla.redhat.com/2348554", "https://bugzilla.redhat.com/2348556", "https://bugzilla.redhat.com/2348566", "https://bugzilla.redhat.com/2348573", "https://bugzilla.redhat.com/2348574", "https://bugzilla.redhat.com/2348577", "https://bugzilla.redhat.com/2348578", "https://bugzilla.redhat.com/2348581", "https://bugzilla.redhat.com/2348584", "https://bugzilla.redhat.com/2348585", "https://bugzilla.redhat.com/2348587", "https://bugzilla.redhat.com/2348595", "https://bugzilla.redhat.com/2348597", "https://bugzilla.redhat.com/2348600", "https://bugzilla.redhat.com/2348601", "https://bugzilla.redhat.com/2348615", "https://bugzilla.redhat.com/2348620", "https://bugzilla.redhat.com/2348625", "https://bugzilla.redhat.com/2348634", "https://bugzilla.redhat.com/2348645", "https://bugzilla.redhat.com/2348650", "https://bugzilla.redhat.com/2348654", "https://bugzilla.redhat.com/2348901", "https://bugzilla.redhat.com/2350363", "https://bugzilla.redhat.com/2350367", "https://bugzilla.redhat.com/2350374", "https://bugzilla.redhat.com/2350375", "https://bugzilla.redhat.com/2350386", "https://bugzilla.redhat.com/2350388", "https://bugzilla.redhat.com/2350392", "https://bugzilla.redhat.com/2350396", "https://bugzilla.redhat.com/2350397", "https://bugzilla.redhat.com/2350400", "https://bugzilla.redhat.com/2350585", "https://bugzilla.redhat.com/2350589", "https://bugzilla.redhat.com/2350725", "https://bugzilla.redhat.com/2350726", "https://bugzilla.redhat.com/2351606", "https://bugzilla.redhat.com/2351608", "https://bugzilla.redhat.com/2351612", "https://bugzilla.redhat.com/2351613", "https://bugzilla.redhat.com/2351616", "https://bugzilla.redhat.com/2351618", "https://bugzilla.redhat.com/2351620", "https://bugzilla.redhat.com/2351624", "https://bugzilla.redhat.com/2351625", "https://bugzilla.redhat.com/2351629", "https://bugzilla.redhat.com/2351633", "https://bugzilla.redhat.com/2360215", "https://bugzilla.redhat.com/2363380", "https://bugzilla.redhat.com/2369184", "https://bugzilla.redhat.com/2376076", "https://bugzilla.redhat.com/2383441", "https://bugzilla.redhat.com/show_bug.cgi?id=2298169", "https://bugzilla.redhat.com/show_bug.cgi?id=2312077", "https://bugzilla.redhat.com/show_bug.cgi?id=2313092", "https://bugzilla.redhat.com/show_bug.cgi?id=2320172", "https://bugzilla.redhat.com/show_bug.cgi?id=2320259", "https://bugzilla.redhat.com/show_bug.cgi?id=2320455", "https://bugzilla.redhat.com/show_bug.cgi?id=2320616", "https://bugzilla.redhat.com/show_bug.cgi?id=2320722", "https://bugzilla.redhat.com/show_bug.cgi?id=2324549", "https://bugzilla.redhat.com/show_bug.cgi?id=2327203", "https://bugzilla.redhat.com/show_bug.cgi?id=2327374", "https://bugzilla.redhat.com/show_bug.cgi?id=2327887", "https://bugzilla.redhat.com/show_bug.cgi?id=2329918", "https://bugzilla.redhat.com/show_bug.cgi?id=2330341", "https://bugzilla.redhat.com/show_bug.cgi?id=2331326", "https://bugzilla.redhat.com/show_bug.cgi?id=2334357", "https://bugzilla.redhat.com/show_bug.cgi?id=2334396", "https://bugzilla.redhat.com/show_bug.cgi?id=2334415", "https://bugzilla.redhat.com/show_bug.cgi?id=2334439", "https://bugzilla.redhat.com/show_bug.cgi?id=2334537", "https://bugzilla.redhat.com/show_bug.cgi?id=2334547", "https://bugzilla.redhat.com/show_bug.cgi?id=2334548", "https://bugzilla.redhat.com/show_bug.cgi?id=2334560", "https://bugzilla.redhat.com/show_bug.cgi?id=2334676", "https://bugzilla.redhat.com/show_bug.cgi?id=2334795", "https://bugzilla.redhat.com/show_bug.cgi?id=2334829", "https://bugzilla.redhat.com/show_bug.cgi?id=2336541", "https://bugzilla.redhat.com/show_bug.cgi?id=2337121", "https://bugzilla.redhat.com/show_bug.cgi?id=2337124", "https://bugzilla.redhat.com/show_bug.cgi?id=2338814", "https://bugzilla.redhat.com/show_bug.cgi?id=2338828", "https://bugzilla.redhat.com/show_bug.cgi?id=2338832", "https://bugzilla.redhat.com/show_bug.cgi?id=2343172", "https://bugzilla.redhat.com/show_bug.cgi?id=2343175", "https://bugzilla.redhat.com/show_bug.cgi?id=2344684", "https://bugzilla.redhat.com/show_bug.cgi?id=2344687", "https://bugzilla.redhat.com/show_bug.cgi?id=2345240", "https://bugzilla.redhat.com/show_bug.cgi?id=2346272", "https://bugzilla.redhat.com/show_bug.cgi?id=2347707", "https://bugzilla.redhat.com/show_bug.cgi?id=2347753", "https://bugzilla.redhat.com/show_bug.cgi?id=2347759", "https://bugzilla.redhat.com/show_bug.cgi?id=2347781", "https://bugzilla.redhat.com/show_bug.cgi?id=2347807", "https://bugzilla.redhat.com/show_bug.cgi?id=2347859", "https://bugzilla.redhat.com/show_bug.cgi?id=2347919", "https://bugzilla.redhat.com/show_bug.cgi?id=2347968", "https://bugzilla.redhat.com/show_bug.cgi?id=2348022", "https://bugzilla.redhat.com/show_bug.cgi?id=2348071", "https://bugzilla.redhat.com/show_bug.cgi?id=2348238", "https://bugzilla.redhat.com/show_bug.cgi?id=2348240", "https://bugzilla.redhat.com/show_bug.cgi?id=2348279", "https://bugzilla.redhat.com/show_bug.cgi?id=2348515", "https://bugzilla.redhat.com/show_bug.cgi?id=2348523", "https://bugzilla.redhat.com/show_bug.cgi?id=2348528", "https://bugzilla.redhat.com/show_bug.cgi?id=2348541", "https://bugzilla.redhat.com/show_bug.cgi?id=2348543", "https://bugzilla.redhat.com/show_bug.cgi?id=2348547", "https://bugzilla.redhat.com/show_bug.cgi?id=2348550", "https://bugzilla.redhat.com/show_bug.cgi?id=2348554", "https://bugzilla.redhat.com/show_bug.cgi?id=2348556", "https://bugzilla.redhat.com/show_bug.cgi?id=2348566", "https://bugzilla.redhat.com/show_bug.cgi?id=2348573", "https://bugzilla.redhat.com/show_bug.cgi?id=2348574", "https://bugzilla.redhat.com/show_bug.cgi?id=2348577", "https://bugzilla.redhat.com/show_bug.cgi?id=2348578", "https://bugzilla.redhat.com/show_bug.cgi?id=2348581", "https://bugzilla.redhat.com/show_bug.cgi?id=2348584", "https://bugzilla.redhat.com/show_bug.cgi?id=2348585", "https://bugzilla.redhat.com/show_bug.cgi?id=2348587", "https://bugzilla.redhat.com/show_bug.cgi?id=2348595", "https://bugzilla.redhat.com/show_bug.cgi?id=2348597", "https://bugzilla.redhat.com/show_bug.cgi?id=2348600", "https://bugzilla.redhat.com/show_bug.cgi?id=2348601", "https://bugzilla.redhat.com/show_bug.cgi?id=2348615", "https://bugzilla.redhat.com/show_bug.cgi?id=2348620", "https://bugzilla.redhat.com/show_bug.cgi?id=2348625", "https://bugzilla.redhat.com/show_bug.cgi?id=2348634", "https://bugzilla.redhat.com/show_bug.cgi?id=2348645", "https://bugzilla.redhat.com/show_bug.cgi?id=2348650", "https://bugzilla.redhat.com/show_bug.cgi?id=2348654", "https://bugzilla.redhat.com/show_bug.cgi?id=2348901", "https://bugzilla.redhat.com/show_bug.cgi?id=2350363", "https://bugzilla.redhat.com/show_bug.cgi?id=2350367", "https://bugzilla.redhat.com/show_bug.cgi?id=2350374", "https://bugzilla.redhat.com/show_bug.cgi?id=2350375", "https://bugzilla.redhat.com/show_bug.cgi?id=2350386", "https://bugzilla.redhat.com/show_bug.cgi?id=2350388", "https://bugzilla.redhat.com/show_bug.cgi?id=2350392", "https://bugzilla.redhat.com/show_bug.cgi?id=2350396", "https://bugzilla.redhat.com/show_bug.cgi?id=2350397", "https://bugzilla.redhat.com/show_bug.cgi?id=2350400", "https://bugzilla.redhat.com/show_bug.cgi?id=2350585", "https://bugzilla.redhat.com/show_bug.cgi?id=2350589", "https://bugzilla.redhat.com/show_bug.cgi?id=2350725", "https://bugzilla.redhat.com/show_bug.cgi?id=2350726", "https://bugzilla.redhat.com/show_bug.cgi?id=2351606", "https://bugzilla.redhat.com/show_bug.cgi?id=2351608", "https://bugzilla.redhat.com/show_bug.cgi?id=2351612", "https://bugzilla.redhat.com/show_bug.cgi?id=2351613", "https://bugzilla.redhat.com/show_bug.cgi?id=2351616", "https://bugzilla.redhat.com/show_bug.cgi?id=2351618", "https://bugzilla.redhat.com/show_bug.cgi?id=2351620", "https://bugzilla.redhat.com/show_bug.cgi?id=2351624", "https://bugzilla.redhat.com/show_bug.cgi?id=2351625", "https://bugzilla.redhat.com/show_bug.cgi?id=2351629", "https://bugzilla.redhat.com/show_bug.cgi?id=2351633", "https://bugzilla.redhat.com/show_bug.cgi?id=2356647", "https://bugzilla.redhat.com/show_bug.cgi?id=2360215", "https://bugzilla.redhat.com/show_bug.cgi?id=2360223", "https://bugzilla.redhat.com/show_bug.cgi?id=2363380", "https://bugzilla.redhat.com/show_bug.cgi?id=2369184", "https://bugzilla.redhat.com/show_bug.cgi?id=2376076", "https://bugzilla.redhat.com/show_bug.cgi?id=2383441", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48830", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49024", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49269", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49353", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49432", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49437", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49443", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49623", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49627", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49643", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49657", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49670", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49845", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36350", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46744", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47679", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47727", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49570", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50060", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50195", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50294", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52332", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53052", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53090", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53119", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53135", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53170", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53229", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53241", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53680", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54456", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56603", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56645", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56662", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56690", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56709", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57981", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57986", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57987", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57988", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57990", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57993", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57995", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57998", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58012", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58015", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58057", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58062", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58068", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58072", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58075", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58077", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58083", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58088", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21647", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21671", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21693", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21696", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21702", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21714", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21728", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21738", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21745", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21746", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21765", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21787", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21806", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21828", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21829", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21837", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21839", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21844", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21846", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21848", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21851", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21855", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21861", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21863", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21902", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37994", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38116", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38396", "https://errata.almalinux.org/9/ALSA-2025-20518.html", "https://errata.rockylinux.org/RLSA-2025:20518", "https://git.kernel.org/linus/610a79ffea02102899a1373fe226d949944a7ed6 (6.12-rc5)", "https://git.kernel.org/stable/c/610a79ffea02102899a1373fe226d949944a7ed6", "https://git.kernel.org/stable/c/d7cbf81df996b1eae2dee8deb6df08e2eba78661", "https://linux.oracle.com/cve/CVE-2024-53090.html", "https://linux.oracle.com/errata/ELSA-2025-20518-0.html", "https://lore.kernel.org/linux-cve-announce/2024112151-CVE-2024-53090-8ea9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-53090", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://ubuntu.com/security/notices/USN-7907-1", "https://ubuntu.com/security/notices/USN-7907-2", "https://ubuntu.com/security/notices/USN-7907-3", "https://ubuntu.com/security/notices/USN-7907-4", "https://ubuntu.com/security/notices/USN-7907-5", "https://ubuntu.com/security/notices/USN-7922-1", "https://ubuntu.com/security/notices/USN-7922-2", "https://ubuntu.com/security/notices/USN-7922-3", "https://ubuntu.com/security/notices/USN-7922-4", "https://ubuntu.com/security/notices/USN-7922-5", "https://ubuntu.com/security/notices/USN-7928-1", "https://ubuntu.com/security/notices/USN-7928-2", "https://ubuntu.com/security/notices/USN-7928-3", "https://ubuntu.com/security/notices/USN-7928-4", "https://ubuntu.com/security/notices/USN-7928-5", "https://ubuntu.com/security/notices/USN-7937-1", "https://ubuntu.com/security/notices/USN-7938-1", "https://ubuntu.com/security/notices/USN-7939-1", "https://ubuntu.com/security/notices/USN-7939-2", "https://www.cve.org/CVERecord?id=CVE-2024-53090" ], "PublishedDate": "2024-11-21T19:15:12.01Z", "LastModifiedDate": "2025-10-01T21:16:28.74Z" }, { "VulnerabilityID": "CVE-2024-53091", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-53091", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b551b46c27bd1a7634d3cc88c19f36d5f74d51efec4c4765c5566eaebab75728", "Title": "kernel: bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx\n\nAs the introduction of the support for vsock and unix sockets in sockmap,\ntls_sw_has_ctx_tx/rx cannot presume the socket passed in must be IS_ICSK.\nvsock and af_unix sockets have vsock_sock and unix_sock instead of\ninet_connection_sock. For these sockets, tls_get_ctx may return an invalid\npointer and cause page fault in function tls_sw_ctx_rx.\n\nBUG: unable to handle page fault for address: 0000000000040030\nWorkqueue: vsock-loopback vsock_loopback_work\nRIP: 0010:sk_psock_strp_data_ready+0x23/0x60\nCall Trace:\n ? __die+0x81/0xc3\n ? no_context+0x194/0x350\n ? do_page_fault+0x30/0x110\n ? async_page_fault+0x3e/0x50\n ? sk_psock_strp_data_ready+0x23/0x60\n virtio_transport_recv_pkt+0x750/0x800\n ? update_load_avg+0x7e/0x620\n vsock_loopback_work+0xd0/0x100\n process_one_work+0x1a7/0x360\n worker_thread+0x30/0x390\n ? create_worker+0x1a0/0x1a0\n kthread+0x112/0x130\n ? __kthread_cancel_work+0x40/0x40\n ret_from_fork+0x1f/0x40\n\nv2:\n - Add IS_ICSK check\nv3:\n - Update the commits in Fixes", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-53091", "https://git.kernel.org/linus/44d0469f79bd3d0b3433732877358df7dc6b17b1 (6.12)", "https://git.kernel.org/stable/c/44d0469f79bd3d0b3433732877358df7dc6b17b1", "https://git.kernel.org/stable/c/6781cfa93a6a1b7f5be6819a5a2dd8f30f47ca26", "https://git.kernel.org/stable/c/a078a480ff3f43d74d8a024ae10c3c7daf6db149", "https://linux.oracle.com/cve/CVE-2024-53091.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lore.kernel.org/linux-cve-announce/2024112151-CVE-2024-53091-7f61@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-53091", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-53091" ], "PublishedDate": "2024-11-21T19:15:12.177Z", "LastModifiedDate": "2025-10-01T21:16:28.93Z" }, { "VulnerabilityID": "CVE-2024-53095", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-53095", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:02f0c6738a2c7fa702a4cf9b2ce1bcb49056a336be5628a153e3a0cce3a18003", "Title": "kernel: smb: client: Fix use-after-free of network namespace.", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: Fix use-after-free of network namespace.\n\nRecently, we got a customer report that CIFS triggers oops while\nreconnecting to a server. [0]\n\nThe workload runs on Kubernetes, and some pods mount CIFS servers\nin non-root network namespaces. The problem rarely happened, but\nit was always while the pod was dying.\n\nThe root cause is wrong reference counting for network namespace.\n\nCIFS uses kernel sockets, which do not hold refcnt of the netns that\nthe socket belongs to. That means CIFS must ensure the socket is\nalways freed before its netns; otherwise, use-after-free happens.\n\nThe repro steps are roughly:\n\n 1. mount CIFS in a non-root netns\n 2. drop packets from the netns\n 3. destroy the netns\n 4. unmount CIFS\n\nWe can reproduce the issue quickly with the script [1] below and see\nthe splat [2] if CONFIG_NET_NS_REFCNT_TRACKER is enabled.\n\nWhen the socket is TCP, it is hard to guarantee the netns lifetime\nwithout holding refcnt due to async timers.\n\nLet's hold netns refcnt for each socket as done for SMC in commit\n9744d2bf1976 (\"smc: Fix use-after-free in tcp_write_timer_handler().\").\n\nNote that we need to move put_net() from cifs_put_tcp_session() to\nclean_demultiplex_info(); otherwise, __sock_create() still could touch a\nfreed netns while cifsd tries to reconnect from cifs_demultiplex_thread().\n\nAlso, maybe_get_net() cannot be put just before __sock_create() because\nthe code is not under RCU and there is a small chance that the same\naddress happened to be reallocated to another netns.\n\n[0]:\nCIFS: VFS: \\\\XXXXXXXXXXX has not responded in 15 seconds. Reconnecting...\nCIFS: Serverclose failed 4 times, giving up\nUnable to handle kernel paging request at virtual address 14de99e461f84a07\nMem abort info:\n ESR = 0x0000000096000004\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x04: level 0 translation fault\nData abort info:\n ISV = 0, ISS = 0x00000004\n CM = 0, WnR = 0\n[14de99e461f84a07] address between user and kernel address ranges\nInternal error: Oops: 0000000096000004 [#1] SMP\nModules linked in: cls_bpf sch_ingress nls_utf8 cifs cifs_arc4 cifs_md4 dns_resolver tcp_diag inet_diag veth xt_state xt_connmark nf_conntrack_netlink xt_nat xt_statistic xt_MASQUERADE xt_mark xt_addrtype ipt_REJECT nf_reject_ipv4 nft_chain_nat nf_nat xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_comment nft_compat nf_tables nfnetlink overlay nls_ascii nls_cp437 sunrpc vfat fat aes_ce_blk aes_ce_cipher ghash_ce sm4_ce_cipher sm4 sm3_ce sm3 sha3_ce sha512_ce sha512_arm64 sha1_ce ena button sch_fq_codel loop fuse configfs dmi_sysfs sha2_ce sha256_arm64 dm_mirror dm_region_hash dm_log dm_mod dax efivarfs\nCPU: 5 PID: 2690970 Comm: cifsd Not tainted 6.1.103-109.184.amzn2023.aarch64 #1\nHardware name: Amazon EC2 r7g.4xlarge/, BIOS 1.0 11/1/2018\npstate: 00400005 (nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : fib_rules_lookup+0x44/0x238\nlr : __fib_lookup+0x64/0xbc\nsp : ffff8000265db790\nx29: ffff8000265db790 x28: 0000000000000000 x27: 000000000000bd01\nx26: 0000000000000000 x25: ffff000b4baf8000 x24: ffff00047b5e4580\nx23: ffff8000265db7e0 x22: 0000000000000000 x21: ffff00047b5e4500\nx20: ffff0010e3f694f8 x19: 14de99e461f849f7 x18: 0000000000000000\nx17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\nx14: 0000000000000000 x13: 0000000000000000 x12: 3f92800abd010002\nx11: 0000000000000001 x10: ffff0010e3f69420 x9 : ffff800008a6f294\nx8 : 0000000000000000 x7 : 0000000000000006 x6 : 0000000000000000\nx5 : 0000000000000001 x4 : ffff001924354280 x3 : ffff8000265db7e0\nx2 : 0000000000000000 x1 : ffff0010e3f694f8 x0 : ffff00047b5e4500\nCall trace:\n fib_rules_lookup+0x44/0x238\n __fib_lookup+0x64/0xbc\n ip_route_output_key_hash_rcu+0x2c4/0x398\n ip_route_output_key_hash+0x60/0x8c\n tcp_v4_connect+0x290/0x488\n __inet_stream_connect+0x108/0x3d0\n inet_stream_connect+0x50/0x78\n kernel_connect+0x6c/0xac\n generic_ip_conne\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-53095", "https://git.kernel.org/linus/ef7134c7fc48e1441b398e55a862232868a6f0a7 (6.12-rc7)", "https://git.kernel.org/stable/c/c7f9282fc27fc36dbaffc8527c723de264a132f8", "https://git.kernel.org/stable/c/e8c71494181153a134c96da28766a57bd1eac8cb", "https://git.kernel.org/stable/c/ef7134c7fc48e1441b398e55a862232868a6f0a7", "https://linux.oracle.com/cve/CVE-2024-53095.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lore.kernel.org/linux-cve-announce/2024112152-CVE-2024-53095-7ffd@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-53095", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-53095" ], "PublishedDate": "2024-11-21T19:15:12.867Z", "LastModifiedDate": "2025-03-24T17:21:57.96Z" }, { "VulnerabilityID": "CVE-2024-53098", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-53098", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9e9b9ee76f8aeaf3aa50bc8f73c3b7fe0c5a92ad32bcbb346095ff02799fdef2", "Title": "kernel: drm/xe/ufence: Prefetch ufence addr to catch bogus address", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/ufence: Prefetch ufence addr to catch bogus address\n\naccess_ok() only checks for addr overflow so also try to read the addr\nto catch invalid addr sent from userspace.\n\n(cherry picked from commit 9408c4508483ffc60811e910a93d6425b8e63928)", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-53098", "https://git.kernel.org/linus/9c1813b3253480b30604c680026c7dc721ce86d1 (6.12-rc5)", "https://git.kernel.org/stable/c/5d623ffbae96b23f1fc43a3d5a267aabdb07583d", "https://git.kernel.org/stable/c/9c1813b3253480b30604c680026c7dc721ce86d1", "https://lore.kernel.org/linux-cve-announce/2024112506-CVE-2024-53098-2135@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-53098", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://www.cve.org/CVERecord?id=CVE-2024-53098" ], "PublishedDate": "2024-11-25T22:15:16.147Z", "LastModifiedDate": "2025-10-01T21:16:30.233Z" }, { "VulnerabilityID": "CVE-2024-53114", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-53114", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:058dd1f8dc17d66ac27e805c105523f26a1a521ec939bb28130a89106038969a", "Title": "kernel: x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client\n\nA number of Zen4 client SoCs advertise the ability to use virtualized\nVMLOAD/VMSAVE, but using these instructions is reported to be a cause\nof a random host reboot.\n\nThese instructions aren't intended to be advertised on Zen4 client\nso clear the capability.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-53114", "https://git.kernel.org/linus/a5ca1dc46a6b610dd4627d8b633d6c84f9724ef0 (6.12)", "https://git.kernel.org/stable/c/00c713f84f477a85e524f34aad8fbd11a1c051f0", "https://git.kernel.org/stable/c/a5ca1dc46a6b610dd4627d8b633d6c84f9724ef0", "https://lore.kernel.org/linux-cve-announce/2024120249-CVE-2024-53114-c500@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-53114", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2024-53114" ], "PublishedDate": "2024-12-02T14:15:12.197Z", "LastModifiedDate": "2025-10-01T21:16:32.847Z" }, { "VulnerabilityID": "CVE-2024-53133", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-53133", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d38eaf7a23b5408befdd617523aa674e05b301fe392f96d8972428f12650e1b6", "Title": "kernel: drm/amd/display: Handle dml allocation failure to avoid crash", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Handle dml allocation failure to avoid crash\n\n[Why]\nIn the case where a dml allocation fails for any reason, the\ncurrent state's dml contexts would no longer be valid. Then\nsubsequent calls dc_state_copy_internal would shallow copy\ninvalid memory and if the new state was released, a double\nfree would occur.\n\n[How]\nReset dml pointers in new_state to NULL and avoid invalid\npointer\n\n(cherry picked from commit bcafdc61529a48f6f06355d78eb41b3aeda5296c)", "Severity": "MEDIUM", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "nvd": 3, "redhat": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-53133", "https://git.kernel.org/linus/6825cb07b79ffeb1d90ffaa7a1227462cdca34ae (6.12)", "https://git.kernel.org/stable/c/6825cb07b79ffeb1d90ffaa7a1227462cdca34ae", "https://git.kernel.org/stable/c/874ff59cde8fc525112dda26b501a1bac17dde9f", "https://lore.kernel.org/linux-cve-announce/2024120451-CVE-2024-53133-b0b7@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-53133", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-53133" ], "PublishedDate": "2024-12-04T15:15:13.31Z", "LastModifiedDate": "2025-10-01T21:16:34.8Z" }, { "VulnerabilityID": "CVE-2024-53147", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-53147", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4bf898aec8633cf0fc55c68d71e3707b87e357352aad325e45f766cb24dff4dd", "Title": "kernel: exfat: fix out-of-bounds access of directory entries", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix out-of-bounds access of directory entries\n\nIn the case of the directory size is greater than or equal to\nthe cluster size, if start_clu becomes an EOF cluster(an invalid\ncluster) due to file system corruption, then the directory entry\nwhere ei-\u003ehint_femp.eidx hint is outside the directory, resulting\nin an out-of-bounds access, which may cause further file system\ncorruption.\n\nThis commit adds a check for start_clu, if it is an invalid cluster,\nthe file or directory will be treated as empty.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "alma": 2, "nvd": 3, "oracle-oval": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:20095", "https://access.redhat.com/security/cve/CVE-2024-53147", "https://bugzilla.redhat.com/2331326", "https://bugzilla.redhat.com/2333985", "https://bugzilla.redhat.com/2334373", "https://bugzilla.redhat.com/2334415", "https://bugzilla.redhat.com/2334547", "https://bugzilla.redhat.com/2334548", "https://bugzilla.redhat.com/2334676", "https://bugzilla.redhat.com/2337121", "https://bugzilla.redhat.com/2338185", "https://bugzilla.redhat.com/2338211", "https://bugzilla.redhat.com/2338813", "https://bugzilla.redhat.com/2338821", "https://bugzilla.redhat.com/2338828", "https://bugzilla.redhat.com/2338998", "https://bugzilla.redhat.com/2339130", "https://bugzilla.redhat.com/2339141", "https://bugzilla.redhat.com/2343172", "https://bugzilla.redhat.com/2343186", "https://bugzilla.redhat.com/2344684", "https://bugzilla.redhat.com/2344687", "https://bugzilla.redhat.com/2345240", "https://bugzilla.redhat.com/2346272", "https://bugzilla.redhat.com/2348522", "https://bugzilla.redhat.com/2348523", "https://bugzilla.redhat.com/2348541", "https://bugzilla.redhat.com/2348543", "https://bugzilla.redhat.com/2348547", "https://bugzilla.redhat.com/2348550", "https://bugzilla.redhat.com/2348556", "https://bugzilla.redhat.com/2348561", "https://bugzilla.redhat.com/2348567", "https://bugzilla.redhat.com/2348572", "https://bugzilla.redhat.com/2348574", "https://bugzilla.redhat.com/2348577", "https://bugzilla.redhat.com/2348581", "https://bugzilla.redhat.com/2348584", "https://bugzilla.redhat.com/2348587", "https://bugzilla.redhat.com/2348590", "https://bugzilla.redhat.com/2348592", "https://bugzilla.redhat.com/2348593", "https://bugzilla.redhat.com/2348595", "https://bugzilla.redhat.com/2348597", "https://bugzilla.redhat.com/2348600", "https://bugzilla.redhat.com/2348601", "https://bugzilla.redhat.com/2348602", "https://bugzilla.redhat.com/2348603", "https://bugzilla.redhat.com/2348612", "https://bugzilla.redhat.com/2348617", "https://bugzilla.redhat.com/2348620", "https://bugzilla.redhat.com/2348621", "https://bugzilla.redhat.com/2348625", "https://bugzilla.redhat.com/2348629", "https://bugzilla.redhat.com/2348630", "https://bugzilla.redhat.com/2348645", "https://bugzilla.redhat.com/2348647", "https://bugzilla.redhat.com/2348650", "https://bugzilla.redhat.com/2348656", "https://bugzilla.redhat.com/2350363", "https://bugzilla.redhat.com/2350364", "https://bugzilla.redhat.com/2350373", "https://bugzilla.redhat.com/2350375", "https://bugzilla.redhat.com/2350386", "https://bugzilla.redhat.com/2350392", "https://bugzilla.redhat.com/2350396", "https://bugzilla.redhat.com/2350397", "https://bugzilla.redhat.com/2350589", "https://bugzilla.redhat.com/2350725", "https://bugzilla.redhat.com/2350726", "https://bugzilla.redhat.com/2351605", "https://bugzilla.redhat.com/2351606", "https://bugzilla.redhat.com/2351608", "https://bugzilla.redhat.com/2351612", "https://bugzilla.redhat.com/2351613", "https://bugzilla.redhat.com/2351616", "https://bugzilla.redhat.com/2351618", "https://bugzilla.redhat.com/2351620", "https://bugzilla.redhat.com/2351624", "https://bugzilla.redhat.com/2351625", "https://bugzilla.redhat.com/2351629", "https://bugzilla.redhat.com/2356664", "https://bugzilla.redhat.com/2360215", "https://bugzilla.redhat.com/2363332", "https://bugzilla.redhat.com/2366125", "https://bugzilla.redhat.com/2369184", "https://bugzilla.redhat.com/2376076", "https://bugzilla.redhat.com/2383398", "https://bugzilla.redhat.com/2383432", "https://bugzilla.redhat.com/2383913", "https://bugzilla.redhat.com/show_bug.cgi?id=2331326", "https://bugzilla.redhat.com/show_bug.cgi?id=2333985", "https://bugzilla.redhat.com/show_bug.cgi?id=2334373", "https://bugzilla.redhat.com/show_bug.cgi?id=2334415", "https://bugzilla.redhat.com/show_bug.cgi?id=2334547", "https://bugzilla.redhat.com/show_bug.cgi?id=2334548", "https://bugzilla.redhat.com/show_bug.cgi?id=2334676", "https://bugzilla.redhat.com/show_bug.cgi?id=2337121", "https://bugzilla.redhat.com/show_bug.cgi?id=2338185", "https://bugzilla.redhat.com/show_bug.cgi?id=2338211", "https://bugzilla.redhat.com/show_bug.cgi?id=2338813", "https://bugzilla.redhat.com/show_bug.cgi?id=2338821", "https://bugzilla.redhat.com/show_bug.cgi?id=2338828", "https://bugzilla.redhat.com/show_bug.cgi?id=2338998", "https://bugzilla.redhat.com/show_bug.cgi?id=2339130", "https://bugzilla.redhat.com/show_bug.cgi?id=2339141", "https://bugzilla.redhat.com/show_bug.cgi?id=2343172", "https://bugzilla.redhat.com/show_bug.cgi?id=2343186", "https://bugzilla.redhat.com/show_bug.cgi?id=2344684", "https://bugzilla.redhat.com/show_bug.cgi?id=2344687", "https://bugzilla.redhat.com/show_bug.cgi?id=2345240", "https://bugzilla.redhat.com/show_bug.cgi?id=2346272", "https://bugzilla.redhat.com/show_bug.cgi?id=2348522", "https://bugzilla.redhat.com/show_bug.cgi?id=2348523", "https://bugzilla.redhat.com/show_bug.cgi?id=2348541", "https://bugzilla.redhat.com/show_bug.cgi?id=2348543", "https://bugzilla.redhat.com/show_bug.cgi?id=2348547", "https://bugzilla.redhat.com/show_bug.cgi?id=2348550", "https://bugzilla.redhat.com/show_bug.cgi?id=2348556", "https://bugzilla.redhat.com/show_bug.cgi?id=2348561", "https://bugzilla.redhat.com/show_bug.cgi?id=2348567", "https://bugzilla.redhat.com/show_bug.cgi?id=2348572", "https://bugzilla.redhat.com/show_bug.cgi?id=2348574", "https://bugzilla.redhat.com/show_bug.cgi?id=2348577", "https://bugzilla.redhat.com/show_bug.cgi?id=2348581", "https://bugzilla.redhat.com/show_bug.cgi?id=2348584", "https://bugzilla.redhat.com/show_bug.cgi?id=2348587", "https://bugzilla.redhat.com/show_bug.cgi?id=2348590", "https://bugzilla.redhat.com/show_bug.cgi?id=2348592", "https://bugzilla.redhat.com/show_bug.cgi?id=2348593", "https://bugzilla.redhat.com/show_bug.cgi?id=2348595", "https://bugzilla.redhat.com/show_bug.cgi?id=2348597", "https://bugzilla.redhat.com/show_bug.cgi?id=2348600", "https://bugzilla.redhat.com/show_bug.cgi?id=2348601", "https://bugzilla.redhat.com/show_bug.cgi?id=2348602", "https://bugzilla.redhat.com/show_bug.cgi?id=2348603", "https://bugzilla.redhat.com/show_bug.cgi?id=2348612", "https://bugzilla.redhat.com/show_bug.cgi?id=2348617", "https://bugzilla.redhat.com/show_bug.cgi?id=2348620", "https://bugzilla.redhat.com/show_bug.cgi?id=2348621", "https://bugzilla.redhat.com/show_bug.cgi?id=2348625", "https://bugzilla.redhat.com/show_bug.cgi?id=2348629", "https://bugzilla.redhat.com/show_bug.cgi?id=2348630", "https://bugzilla.redhat.com/show_bug.cgi?id=2348645", "https://bugzilla.redhat.com/show_bug.cgi?id=2348647", "https://bugzilla.redhat.com/show_bug.cgi?id=2348650", "https://bugzilla.redhat.com/show_bug.cgi?id=2348656", "https://bugzilla.redhat.com/show_bug.cgi?id=2350363", "https://bugzilla.redhat.com/show_bug.cgi?id=2350364", "https://bugzilla.redhat.com/show_bug.cgi?id=2350373", "https://bugzilla.redhat.com/show_bug.cgi?id=2350375", "https://bugzilla.redhat.com/show_bug.cgi?id=2350386", "https://bugzilla.redhat.com/show_bug.cgi?id=2350392", "https://bugzilla.redhat.com/show_bug.cgi?id=2350396", "https://bugzilla.redhat.com/show_bug.cgi?id=2350397", "https://bugzilla.redhat.com/show_bug.cgi?id=2350589", "https://bugzilla.redhat.com/show_bug.cgi?id=2350725", "https://bugzilla.redhat.com/show_bug.cgi?id=2350726", "https://bugzilla.redhat.com/show_bug.cgi?id=2351605", "https://bugzilla.redhat.com/show_bug.cgi?id=2351606", "https://bugzilla.redhat.com/show_bug.cgi?id=2351608", "https://bugzilla.redhat.com/show_bug.cgi?id=2351612", "https://bugzilla.redhat.com/show_bug.cgi?id=2351613", "https://bugzilla.redhat.com/show_bug.cgi?id=2351616", "https://bugzilla.redhat.com/show_bug.cgi?id=2351618", "https://bugzilla.redhat.com/show_bug.cgi?id=2351620", "https://bugzilla.redhat.com/show_bug.cgi?id=2351624", "https://bugzilla.redhat.com/show_bug.cgi?id=2351625", "https://bugzilla.redhat.com/show_bug.cgi?id=2351629", "https://bugzilla.redhat.com/show_bug.cgi?id=2356641", "https://bugzilla.redhat.com/show_bug.cgi?id=2356647", "https://bugzilla.redhat.com/show_bug.cgi?id=2356664", "https://bugzilla.redhat.com/show_bug.cgi?id=2360215", "https://bugzilla.redhat.com/show_bug.cgi?id=2363332", "https://bugzilla.redhat.com/show_bug.cgi?id=2366125", "https://bugzilla.redhat.com/show_bug.cgi?id=2369184", "https://bugzilla.redhat.com/show_bug.cgi?id=2376076", "https://bugzilla.redhat.com/show_bug.cgi?id=2383398", "https://bugzilla.redhat.com/show_bug.cgi?id=2383432", "https://bugzilla.redhat.com/show_bug.cgi?id=2383913", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28956", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36350", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49570", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52332", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53147", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53222", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53241", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54456", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56662", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56690", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57901", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57902", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57941", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57942", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57977", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57981", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57984", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57986", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57987", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57988", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57995", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58004", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58005", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58006", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58012", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58013", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58015", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58020", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58057", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58061", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58069", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58072", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58075", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58077", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58088", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21633", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21647", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21652", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21655", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21671", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21680", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21693", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21696", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21702", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21732", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21738", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21741", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21742", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21743", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21750", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21761", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21765", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21771", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21777", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21785", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21828", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21837", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21844", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21846", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21851", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21855", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21857", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21861", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21863", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21902", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21931", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21976", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37749", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37994", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38116", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38369", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38412", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38468", "https://errata.almalinux.org/10/ALSA-2025-20095.html", "https://errata.rockylinux.org/RLSA-2025:20095", "https://git.kernel.org/stable/c/184fa506e392eb78364d9283c961217ff2c0617b", "https://git.kernel.org/stable/c/3ddd1cb2b458ff6a193bc845f408dfff217db29e", "https://git.kernel.org/stable/c/a0120d6463368378539ef928cf067d02372efb8c", "https://linux.oracle.com/cve/CVE-2024-53147.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2024122426-CVE-2024-53147-bea5@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-53147", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-53147" ], "PublishedDate": "2024-12-24T12:15:22.777Z", "LastModifiedDate": "2025-10-01T21:16:36.03Z" }, { "VulnerabilityID": "CVE-2024-53175", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-53175", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5f43f2118c0f87c7d44251fce857be6afa1c25fc1f67a39b8e1fa2da7a348b66", "Title": "kernel: ipc: fix memleak if msg_init_ns failed in create_ipc_ns", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nipc: fix memleak if msg_init_ns failed in create_ipc_ns\n\nPercpu memory allocation may failed during create_ipc_ns however this\nfail is not handled properly since ipc sysctls and mq sysctls is not\nreleased properly. Fix this by release these two resource when failure.\n\nHere is the kmemleak stack when percpu failed:\n\nunreferenced object 0xffff88819de2a600 (size 512):\n comm \"shmem_2nstest\", pid 120711, jiffies 4300542254\n hex dump (first 32 bytes):\n 60 aa 9d 84 ff ff ff ff fc 18 48 b2 84 88 ff ff `.........H.....\n 04 00 00 00 a4 01 00 00 20 e4 56 81 ff ff ff ff ........ .V.....\n backtrace (crc be7cba35):\n [\u003cffffffff81b43f83\u003e] __kmalloc_node_track_caller_noprof+0x333/0x420\n [\u003cffffffff81a52e56\u003e] kmemdup_noprof+0x26/0x50\n [\u003cffffffff821b2f37\u003e] setup_mq_sysctls+0x57/0x1d0\n [\u003cffffffff821b29cc\u003e] copy_ipcs+0x29c/0x3b0\n [\u003cffffffff815d6a10\u003e] create_new_namespaces+0x1d0/0x920\n [\u003cffffffff815d7449\u003e] copy_namespaces+0x2e9/0x3e0\n [\u003cffffffff815458f3\u003e] copy_process+0x29f3/0x7ff0\n [\u003cffffffff8154b080\u003e] kernel_clone+0xc0/0x650\n [\u003cffffffff8154b6b1\u003e] __do_sys_clone+0xa1/0xe0\n [\u003cffffffff843df8ff\u003e] do_syscall_64+0xbf/0x1c0\n [\u003cffffffff846000b0\u003e] entry_SYSCALL_64_after_hwframe+0x4b/0x53", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-53175", "https://git.kernel.org/linus/bc8f5921cd69188627c08041276238de222ab466 (6.13-rc1)", "https://git.kernel.org/stable/c/10209665b5bf199f8065b2e7d2b2dc6cdf227117", "https://git.kernel.org/stable/c/3d230cfd4b9b0558c7b2039ba1def2ce6b6cd158", "https://git.kernel.org/stable/c/8fed302872e26c7bf44d855c53a1cde747172d58", "https://git.kernel.org/stable/c/928de5fcd462498b8334107035da8ab85e316d8a", "https://git.kernel.org/stable/c/bc8f5921cd69188627c08041276238de222ab466", "https://linux.oracle.com/cve/CVE-2024-53175.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024122717-CVE-2024-53175-6ebd@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-53175", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-53175" ], "PublishedDate": "2024-12-27T14:15:24.82Z", "LastModifiedDate": "2025-11-03T21:17:37.6Z" }, { "VulnerabilityID": "CVE-2024-53176", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-53176", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e2300c9e84f79bd7d505db975c10e284340302b6d9e95770b414b54a6302710b", "Title": "kernel: smb: During unmount, ensure all cached dir instances drop their dentry", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: During unmount, ensure all cached dir instances drop their dentry\n\nThe unmount process (cifs_kill_sb() calling close_all_cached_dirs()) can\nrace with various cached directory operations, which ultimately results\nin dentries not being dropped and these kernel BUGs:\n\nBUG: Dentry ffff88814f37e358{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs]\nVFS: Busy inodes after unmount of cifs (cifs)\n------------[ cut here ]------------\nkernel BUG at fs/super.c:661!\n\nThis happens when a cfid is in the process of being cleaned up when, and\nhas been removed from the cfids-\u003eentries list, including:\n\n- Receiving a lease break from the server\n- Server reconnection triggers invalidate_all_cached_dirs(), which\n removes all the cfids from the list\n- The laundromat thread decides to expire an old cfid.\n\nTo solve these problems, dropping the dentry is done in queued work done\nin a newly-added cfid_put_wq workqueue, and close_all_cached_dirs()\nflushes that workqueue after it drops all the dentries of which it's\naware. This is a global workqueue (rather than scoped to a mount), but\nthe queued work is minimal.\n\nThe final cleanup work for cleaning up a cfid is performed via work\nqueued in the serverclose_wq workqueue; this is done separate from\ndropping the dentries so that close_all_cached_dirs() doesn't block on\nany server operations.\n\nBoth of these queued works expect to invoked with a cfid reference and\na tcon reference to avoid those objects from being freed while the work\nis ongoing.\n\nWhile we're here, add proper locking to close_all_cached_dirs(), and\nlocking around the freeing of cfid-\u003edentry.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-53176", "https://git.kernel.org/linus/3fa640d035e5ae526769615c35cb9ed4be6e3662 (6.13-rc1)", "https://git.kernel.org/stable/c/3fa640d035e5ae526769615c35cb9ed4be6e3662", "https://git.kernel.org/stable/c/548812afd96982a76a93ba76c0582ea670c40d9e", "https://git.kernel.org/stable/c/73934e535cffbda1490fa97d82690a0f9aa73e94", "https://git.kernel.org/stable/c/ff4528bbc82d0d90073751f7b49e7b9e9c7e5638", "https://linux.oracle.com/cve/CVE-2024-53176.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2024122718-CVE-2024-53176-85e0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-53176", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-53176" ], "PublishedDate": "2024-12-27T14:15:24.947Z", "LastModifiedDate": "2025-10-08T14:39:14.96Z" }, { "VulnerabilityID": "CVE-2024-53177", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-53177", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:16b1362bd0a9da1c4033ed3885dcf12553dab649557acce9d5277ec6b213cb5d", "Title": "kernel: smb: prevent use-after-free due to open_cached_dir error paths", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: prevent use-after-free due to open_cached_dir error paths\n\nIf open_cached_dir() encounters an error parsing the lease from the\nserver, the error handling may race with receiving a lease break,\nresulting in open_cached_dir() freeing the cfid while the queued work is\npending.\n\nUpdate open_cached_dir() to drop refs rather than directly freeing the\ncfid.\n\nHave cached_dir_lease_break(), cfids_laundromat_worker(), and\ninvalidate_all_cached_dirs() clear has_lease immediately while still\nholding cfids-\u003ecfid_list_lock, and then use this to also simplify the\nreference counting in cfids_laundromat_worker() and\ninvalidate_all_cached_dirs().\n\nFixes this KASAN splat (which manually injects an error and lease break\nin open_cached_dir()):\n\n==================================================================\nBUG: KASAN: slab-use-after-free in smb2_cached_lease_break+0x27/0xb0\nRead of size 8 at addr ffff88811cc24c10 by task kworker/3:1/65\n\nCPU: 3 UID: 0 PID: 65 Comm: kworker/3:1 Not tainted 6.12.0-rc6-g255cf264e6e5-dirty #87\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nWorkqueue: cifsiod smb2_cached_lease_break\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x77/0xb0\n print_report+0xce/0x660\n kasan_report+0xd3/0x110\n smb2_cached_lease_break+0x27/0xb0\n process_one_work+0x50a/0xc50\n worker_thread+0x2ba/0x530\n kthread+0x17c/0x1c0\n ret_from_fork+0x34/0x60\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 2464:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0xaa/0xb0\n open_cached_dir+0xa7d/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 2464:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x51/0x70\n kfree+0x174/0x520\n open_cached_dir+0x97f/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nLast potentially related work creation:\n kasan_save_stack+0x33/0x60\n __kasan_record_aux_stack+0xad/0xc0\n insert_work+0x32/0x100\n __queue_work+0x5c9/0x870\n queue_work_on+0x82/0x90\n open_cached_dir+0x1369/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe buggy address belongs to the object at ffff88811cc24c00\n which belongs to the cache kmalloc-1k of size 1024\nThe buggy address is located 16 bytes inside of\n freed 1024-byte region [ffff88811cc24c00, ffff88811cc25000)", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-53177", "https://git.kernel.org/linus/a9685b409a03b73d2980bbfa53eb47555802d0a9 (6.13-rc1)", "https://git.kernel.org/stable/c/47655a12c6b1bca8fa230085eab2e85a076932b7", "https://git.kernel.org/stable/c/791f833053578b9fd24252ebb7162a61bc3f805b", "https://git.kernel.org/stable/c/97e2afcac0bebfef6a5360f4267ce4c44507b845", "https://git.kernel.org/stable/c/a9685b409a03b73d2980bbfa53eb47555802d0a9", "https://linux.oracle.com/cve/CVE-2024-53177.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2024122718-CVE-2024-53177-92af@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-53177", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-53177" ], "PublishedDate": "2024-12-27T14:15:25.067Z", "LastModifiedDate": "2025-03-24T17:26:30.433Z" }, { "VulnerabilityID": "CVE-2024-53178", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-53178", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:db70e527f229846d141ded984c8fb5b9edd097607878cce79d167ba022179fce", "Title": "kernel: smb: Don't leak cfid when reconnect races with open_cached_dir", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: Don't leak cfid when reconnect races with open_cached_dir\n\nopen_cached_dir() may either race with the tcon reconnection even before\ncompound_send_recv() or directly trigger a reconnection via\nSMB2_open_init() or SMB_query_info_init().\n\nThe reconnection process invokes invalidate_all_cached_dirs() via\ncifs_mark_open_files_invalid(), which removes all cfids from the\ncfids-\u003eentries list but doesn't drop a ref if has_lease isn't true. This\nresults in the currently-being-constructed cfid not being on the list,\nbut still having a refcount of 2. It leaks if returned from\nopen_cached_dir().\n\nFix this by setting cfid-\u003ehas_lease when the ref is actually taken; the\ncfid will not be used by other threads until it has a valid time.\n\nAddresses these kmemleaks:\n\nunreferenced object 0xffff8881090c4000 (size 1024):\n comm \"bash\", pid 1860, jiffies 4295126592\n hex dump (first 32 bytes):\n 00 01 00 00 00 00 ad de 22 01 00 00 00 00 ad de ........\".......\n 00 ca 45 22 81 88 ff ff f8 dc 4f 04 81 88 ff ff ..E\"......O.....\n backtrace (crc 6f58c20f):\n [\u003cffffffff8b895a1e\u003e] __kmalloc_cache_noprof+0x2be/0x350\n [\u003cffffffff8bda06e3\u003e] open_cached_dir+0x993/0x1fb0\n [\u003cffffffff8bdaa750\u003e] cifs_readdir+0x15a0/0x1d50\n [\u003cffffffff8b9a853f\u003e] iterate_dir+0x28f/0x4b0\n [\u003cffffffff8b9a9aed\u003e] __x64_sys_getdents64+0xfd/0x200\n [\u003cffffffff8cf6da05\u003e] do_syscall_64+0x95/0x1a0\n [\u003cffffffff8d00012f\u003e] entry_SYSCALL_64_after_hwframe+0x76/0x7e\nunreferenced object 0xffff8881044fdcf8 (size 8):\n comm \"bash\", pid 1860, jiffies 4295126592\n hex dump (first 8 bytes):\n 00 cc cc cc cc cc cc cc ........\n backtrace (crc 10c106a9):\n [\u003cffffffff8b89a3d3\u003e] __kmalloc_node_track_caller_noprof+0x363/0x480\n [\u003cffffffff8b7d7256\u003e] kstrdup+0x36/0x60\n [\u003cffffffff8bda0700\u003e] open_cached_dir+0x9b0/0x1fb0\n [\u003cffffffff8bdaa750\u003e] cifs_readdir+0x15a0/0x1d50\n [\u003cffffffff8b9a853f\u003e] iterate_dir+0x28f/0x4b0\n [\u003cffffffff8b9a9aed\u003e] __x64_sys_getdents64+0xfd/0x200\n [\u003cffffffff8cf6da05\u003e] do_syscall_64+0x95/0x1a0\n [\u003cffffffff8d00012f\u003e] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nAnd addresses these BUG splats when unmounting the SMB filesystem:\n\nBUG: Dentry ffff888140590ba0{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs]\nWARNING: CPU: 3 PID: 3433 at fs/dcache.c:1536 umount_check+0xd0/0x100\nModules linked in:\nCPU: 3 UID: 0 PID: 3433 Comm: bash Not tainted 6.12.0-rc4-g850925a8133c-dirty #49\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nRIP: 0010:umount_check+0xd0/0x100\nCode: 8d 7c 24 40 e8 31 5a f4 ff 49 8b 54 24 40 41 56 49 89 e9 45 89 e8 48 89 d9 41 57 48 89 de 48 c7 c7 80 e7 db ac e8 f0 72 9a ff \u003c0f\u003e 0b 58 31 c0 5a 5b 5d 41 5c 41 5d 41 5e 41 5f e9 2b e5 5d 01 41\nRSP: 0018:ffff88811cc27978 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff888140590ba0 RCX: ffffffffaaf20bae\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff8881f6fb6f40\nRBP: ffff8881462ec000 R08: 0000000000000001 R09: ffffed1023984ee3\nR10: ffff88811cc2771f R11: 00000000016cfcc0 R12: ffff888134383e08\nR13: 0000000000000002 R14: ffff8881462ec668 R15: ffffffffaceab4c0\nFS: 00007f23bfa98740(0000) GS:ffff8881f6f80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000556de4a6f808 CR3: 0000000123c80000 CR4: 0000000000350ef0\nCall Trace:\n \u003cTASK\u003e\n d_walk+0x6a/0x530\n shrink_dcache_for_umount+0x6a/0x200\n generic_shutdown_super+0x52/0x2a0\n kill_anon_super+0x22/0x40\n cifs_kill_sb+0x159/0x1e0\n deactivate_locked_super+0x66/0xe0\n cleanup_mnt+0x140/0x210\n task_work_run+0xfb/0x170\n syscall_exit_to_user_mode+0x29f/0x2b0\n do_syscall_64+0xa1/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f23bfb93ae7\nCode: ff ff ff ff c3 66 0f 1f 44 00 00 48 8b 0d 11 93 0d 00 f7 d8 64 89 01 b8 ff ff ff ff eb bf 0f 1f 44 00 00 b8 50 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d e9 92 0d 00 f7 d8 64 89 \n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 6.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-53178", "https://git.kernel.org/linus/7afb86733685c64c604d32faf00fa4a1f22c2ab1 (6.13-rc1)", "https://git.kernel.org/stable/c/1d76332d783db12684b67592f1fb2057b88af4c3", "https://git.kernel.org/stable/c/31fabf70d58388d5475e48ca8a6b7d2847b36678", "https://git.kernel.org/stable/c/73a57b25b4df23f22814fc06b7e8f9cf570be026", "https://git.kernel.org/stable/c/7afb86733685c64c604d32faf00fa4a1f22c2ab1", "https://linux.oracle.com/cve/CVE-2024-53178.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2024122718-CVE-2024-53178-07bf@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-53178", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-53178" ], "PublishedDate": "2024-12-27T14:15:25.183Z", "LastModifiedDate": "2025-10-01T20:17:16.99Z" }, { "VulnerabilityID": "CVE-2024-53187", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-53187", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:64e919b4277eb8806bab313d0c38a1d615cc08ca0e20222f6962284d3ed6b42d", "Title": "kernel: io_uring: check for overflows in io_pin_pages", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: check for overflows in io_pin_pages\n\nWARNING: CPU: 0 PID: 5834 at io_uring/memmap.c:144 io_pin_pages+0x149/0x180 io_uring/memmap.c:144\nCPU: 0 UID: 0 PID: 5834 Comm: syz-executor825 Not tainted 6.12.0-next-20241118-syzkaller #0\nCall Trace:\n \u003cTASK\u003e\n __io_uaddr_map+0xfb/0x2d0 io_uring/memmap.c:183\n io_rings_map io_uring/io_uring.c:2611 [inline]\n io_allocate_scq_urings+0x1c0/0x650 io_uring/io_uring.c:3470\n io_uring_create+0x5b5/0xc00 io_uring/io_uring.c:3692\n io_uring_setup io_uring/io_uring.c:3781 [inline]\n ...\n \u003c/TASK\u003e\n\nio_pin_pages()'s uaddr parameter came directly from the user and can be\ngarbage. Don't just add size to it as it can overflow.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-53187", "https://git.kernel.org/linus/0c0a4eae26ac78379d0c1db053de168a8febc6c9 (6.13-rc1)", "https://git.kernel.org/stable/c/0c0a4eae26ac78379d0c1db053de168a8febc6c9", "https://git.kernel.org/stable/c/29eac3eca72d4c2a71122050c37cd7d8f73ac4f3", "https://git.kernel.org/stable/c/aaa90844afd499c9142d0199dfda74439314c013", "https://linux.oracle.com/cve/CVE-2024-53187.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2024122722-CVE-2024-53187-909e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-53187", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-53187" ], "PublishedDate": "2024-12-27T14:15:26.19Z", "LastModifiedDate": "2025-10-01T20:17:17.493Z" }, { "VulnerabilityID": "CVE-2024-53190", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-53190", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2002c00b8e01c3a9ac093d1d98cf0f4829f4c9f80512d6708b4392b6713f7061", "Title": "kernel: wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of failures", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtlwifi: Drastically reduce the attempts to read efuse in case of failures\n\nSyzkaller reported a hung task with uevent_show() on stack trace. That\nspecific issue was addressed by another commit [0], but even with that\nfix applied (for example, running v6.12-rc5) we face another type of hung\ntask that comes from the same reproducer [1]. By investigating that, we\ncould narrow it to the following path:\n\n(a) Syzkaller emulates a Realtek USB WiFi adapter using raw-gadget and\ndummy_hcd infrastructure.\n\n(b) During the probe of rtl8192cu, the driver ends-up performing an efuse\nread procedure (which is related to EEPROM load IIUC), and here lies the\nissue: the function read_efuse() calls read_efuse_byte() many times, as\nloop iterations depending on the efuse size (in our example, 512 in total).\n\nThis procedure for reading efuse bytes relies in a loop that performs an\nI/O read up to *10k* times in case of failures. We measured the time of\nthe loop inside read_efuse_byte() alone, and in this reproducer (which\ninvolves the dummy_hcd emulation layer), it takes 15 seconds each. As a\nconsequence, we have the driver stuck in its probe routine for big time,\nexposing a stack trace like below if we attempt to reboot the system, for\nexample:\n\ntask:kworker/0:3 state:D stack:0 pid:662 tgid:662 ppid:2 flags:0x00004000\nWorkqueue: usb_hub_wq hub_event\nCall Trace:\n __schedule+0xe22/0xeb6\n schedule_timeout+0xe7/0x132\n __wait_for_common+0xb5/0x12e\n usb_start_wait_urb+0xc5/0x1ef\n ? usb_alloc_urb+0x95/0xa4\n usb_control_msg+0xff/0x184\n _usbctrl_vendorreq_sync+0xa0/0x161\n _usb_read_sync+0xb3/0xc5\n read_efuse_byte+0x13c/0x146\n read_efuse+0x351/0x5f0\n efuse_read_all_map+0x42/0x52\n rtl_efuse_shadow_map_update+0x60/0xef\n rtl_get_hwinfo+0x5d/0x1c2\n rtl92cu_read_eeprom_info+0x10a/0x8d5\n ? rtl92c_read_chip_version+0x14f/0x17e\n rtl_usb_probe+0x323/0x851\n usb_probe_interface+0x278/0x34b\n really_probe+0x202/0x4a4\n __driver_probe_device+0x166/0x1b2\n driver_probe_device+0x2f/0xd8\n [...]\n\nWe propose hereby to drastically reduce the attempts of doing the I/O\nreads in case of failures, restricted to USB devices (given that\nthey're inherently slower than PCIe ones). By retrying up to 10 times\n(instead of 10000), we got reponsiveness in the reproducer, while seems\nreasonable to believe that there's no sane USB device implementation in\nthe field requiring this amount of retries at every I/O read in order\nto properly work. Based on that assumption, it'd be good to have it\nbackported to stable but maybe not since driver implementation (the 10k\nnumber comes from day 0), perhaps up to 6.x series makes sense.\n\n[0] Commit 15fffc6a5624 (\"driver core: Fix uevent_show() vs driver detach race\")\n\n[1] A note about that: this syzkaller report presents multiple reproducers\nthat differs by the type of emulated USB device. For this specific case,\ncheck the entry from 2024/08/08 06:23 in the list of crashes; the C repro\nis available at https://syzkaller.appspot.com/text?tag=ReproC\u0026x=1521fc83980000.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-53190", "https://git.kernel.org/linus/5c1b544563005a00591a3aa86ecff62ed4d11be3 (6.13-rc1)", "https://git.kernel.org/stable/c/5c1b544563005a00591a3aa86ecff62ed4d11be3", "https://git.kernel.org/stable/c/8f3551f67991652c83469c7dd51d7b9b187b265f", "https://git.kernel.org/stable/c/ac064c656f105b9122bc43991a170f95f72b7a43", "https://git.kernel.org/stable/c/c386fb76f01794f1023d01a6ec5f5c93d00acd3b", "https://git.kernel.org/stable/c/eeb0b9b9e66b0b54cdad8e1c1cf0f55e8ba4211c", "https://linux.oracle.com/cve/CVE-2024-53190.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024122723-CVE-2024-53190-fdeb@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-53190", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-53190" ], "PublishedDate": "2024-12-27T14:15:26.53Z", "LastModifiedDate": "2025-11-03T21:17:39.523Z" }, { "VulnerabilityID": "CVE-2024-53195", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-53195", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:61867feca81ec3a749e52fbe3434ca5e96c7bf419b1ecf121a3de97b318f0c2a", "Title": "kernel: KVM: arm64: Get rid of userspace_irqchip_in_use", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Get rid of userspace_irqchip_in_use\n\nImproper use of userspace_irqchip_in_use led to syzbot hitting the\nfollowing WARN_ON() in kvm_timer_update_irq():\n\nWARNING: CPU: 0 PID: 3281 at arch/arm64/kvm/arch_timer.c:459\nkvm_timer_update_irq+0x21c/0x394\nCall trace:\n kvm_timer_update_irq+0x21c/0x394 arch/arm64/kvm/arch_timer.c:459\n kvm_timer_vcpu_reset+0x158/0x684 arch/arm64/kvm/arch_timer.c:968\n kvm_reset_vcpu+0x3b4/0x560 arch/arm64/kvm/reset.c:264\n kvm_vcpu_set_target arch/arm64/kvm/arm.c:1553 [inline]\n kvm_arch_vcpu_ioctl_vcpu_init arch/arm64/kvm/arm.c:1573 [inline]\n kvm_arch_vcpu_ioctl+0x112c/0x1b3c arch/arm64/kvm/arm.c:1695\n kvm_vcpu_ioctl+0x4ec/0xf74 virt/kvm/kvm_main.c:4658\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __arm64_sys_ioctl+0x108/0x184 fs/ioctl.c:893\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x78/0x1b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0xe8/0x1b0 arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x40/0x50 arch/arm64/kernel/syscall.c:151\n el0_svc+0x54/0x14c arch/arm64/kernel/entry-common.c:712\n el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730\n el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598\n\nThe following sequence led to the scenario:\n - Userspace creates a VM and a vCPU.\n - The vCPU is initialized with KVM_ARM_VCPU_PMU_V3 during\n KVM_ARM_VCPU_INIT.\n - Without any other setup, such as vGIC or vPMU, userspace issues\n KVM_RUN on the vCPU. Since the vPMU is requested, but not setup,\n kvm_arm_pmu_v3_enable() fails in kvm_arch_vcpu_run_pid_change().\n As a result, KVM_RUN returns after enabling the timer, but before\n incrementing 'userspace_irqchip_in_use':\n kvm_arch_vcpu_run_pid_change()\n ret = kvm_arm_pmu_v3_enable()\n if (!vcpu-\u003earch.pmu.created)\n return -EINVAL;\n if (ret)\n return ret;\n [...]\n if (!irqchip_in_kernel(kvm))\n static_branch_inc(\u0026userspace_irqchip_in_use);\n - Userspace ignores the error and issues KVM_ARM_VCPU_INIT again.\n Since the timer is already enabled, control moves through the\n following flow, ultimately hitting the WARN_ON():\n kvm_timer_vcpu_reset()\n if (timer-\u003eenabled)\n kvm_timer_update_irq()\n if (!userspace_irqchip())\n ret = kvm_vgic_inject_irq()\n ret = vgic_lazy_init()\n if (unlikely(!vgic_initialized(kvm)))\n if (kvm-\u003earch.vgic.vgic_model !=\n KVM_DEV_TYPE_ARM_VGIC_V2)\n return -EBUSY;\n WARN_ON(ret);\n\nTheoretically, since userspace_irqchip_in_use's functionality can be\nsimply replaced by '!irqchip_in_kernel()', get rid of the static key\nto avoid the mismanagement, which also helps with the syzbot issue.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-53195", "https://git.kernel.org/linus/38d7aacca09230fdb98a34194fec2af597e8e20d (6.13-rc1)", "https://git.kernel.org/stable/c/38d7aacca09230fdb98a34194fec2af597e8e20d", "https://git.kernel.org/stable/c/c16e2dba39ff6ae84bb8dc9c8e0fb21d9b2f6f5c", "https://git.kernel.org/stable/c/dd2f9861f27571d47998d71e7516bf7216db0b52", "https://git.kernel.org/stable/c/fe425d5239a28c21e0c83ee7a8f4cb210d29fdb4", "https://linux.oracle.com/cve/CVE-2024-53195.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2024122724-CVE-2024-53195-772a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-53195", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-53195" ], "PublishedDate": "2024-12-27T14:15:27.137Z", "LastModifiedDate": "2025-10-08T14:07:06.337Z" }, { "VulnerabilityID": "CVE-2024-53196", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-53196", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5afaf106980560e8305254554b4bd9d324e75720ae224cb0fa9fb9645f1b5ff7", "Title": "kernel: KVM: arm64: Don't retire aborted MMIO instruction", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Don't retire aborted MMIO instruction\n\nReturning an abort to the guest for an unsupported MMIO access is a\ndocumented feature of the KVM UAPI. Nevertheless, it's clear that this\nplumbing has seen limited testing, since userspace can trivially cause a\nWARN in the MMIO return:\n\n WARNING: CPU: 0 PID: 30558 at arch/arm64/include/asm/kvm_emulate.h:536 kvm_handle_mmio_return+0x46c/0x5c4 arch/arm64/include/asm/kvm_emulate.h:536\n Call trace:\n kvm_handle_mmio_return+0x46c/0x5c4 arch/arm64/include/asm/kvm_emulate.h:536\n kvm_arch_vcpu_ioctl_run+0x98/0x15b4 arch/arm64/kvm/arm.c:1133\n kvm_vcpu_ioctl+0x75c/0xa78 virt/kvm/kvm_main.c:4487\n __do_sys_ioctl fs/ioctl.c:51 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:893\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x1e0/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x38/0x68 arch/arm64/kernel/entry-common.c:712\n el0t_64_sync_handler+0x90/0xfc arch/arm64/kernel/entry-common.c:730\n el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598\n\nThe splat is complaining that KVM is advancing PC while an exception is\npending, i.e. that KVM is retiring the MMIO instruction despite a\npending synchronous external abort. Womp womp.\n\nFix the glaring UAPI bug by skipping over all the MMIO emulation in\ncase there is a pending synchronous exception. Note that while userspace\nis capable of pending an asynchronous exception (SError, IRQ, or FIQ),\nit is still safe to retire the MMIO instruction in this case as (1) they\nare by definition asynchronous, and (2) KVM relies on hardware support\nfor pending/delivering these exceptions instead of the software state\nmachine for advancing PC.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-53196", "https://git.kernel.org/linus/e735a5da64420a86be370b216c269b5dd8e830e2 (6.13-rc1)", "https://git.kernel.org/stable/c/1e46460efe1ef9a31748de7675ff8fe0d8601af2", "https://git.kernel.org/stable/c/6af853cf5f897d55f42e9166f4db50e84e404fb3", "https://git.kernel.org/stable/c/d0571c3add987bcb69c2ffd7a70c998bf8ce60fb", "https://git.kernel.org/stable/c/e735a5da64420a86be370b216c269b5dd8e830e2", "https://git.kernel.org/stable/c/ea6b5d98fea4ee8cb443ea98fda520909e90d30e", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024122725-CVE-2024-53196-758a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-53196", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-53196" ], "PublishedDate": "2024-12-27T14:15:27.267Z", "LastModifiedDate": "2025-11-03T21:17:40.327Z" }, { "VulnerabilityID": "CVE-2024-53210", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-53210", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:91df296670fd48ea0d65199cb2fb092395c6fe5700e13deb275c1fdeec27528a", "Title": "kernel: s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct()\n\nPassing MSG_PEEK flag to skb_recv_datagram() increments skb refcount\n(skb-\u003eusers) and iucv_sock_recvmsg() does not decrement skb refcount\nat exit.\nThis results in skb memory leak in skb_queue_purge() and WARN_ON in\niucv_sock_destruct() during socket close. To fix this decrease\nskb refcount by one if MSG_PEEK is set in order to prevent memory\nleak and WARN_ON.\n\nWARNING: CPU: 2 PID: 6292 at net/iucv/af_iucv.c:286 iucv_sock_destruct+0x144/0x1a0 [af_iucv]\nCPU: 2 PID: 6292 Comm: afiucv_test_msg Kdump: loaded Tainted: G W 6.10.0-rc7 #1\nHardware name: IBM 3931 A01 704 (z/VM 7.3.0)\nCall Trace:\n [\u003c001587c682c4aa98\u003e] iucv_sock_destruct+0x148/0x1a0 [af_iucv]\n [\u003c001587c682c4a9d0\u003e] iucv_sock_destruct+0x80/0x1a0 [af_iucv]\n [\u003c001587c704117a32\u003e] __sk_destruct+0x52/0x550\n [\u003c001587c704104a54\u003e] __sock_release+0xa4/0x230\n [\u003c001587c704104c0c\u003e] sock_close+0x2c/0x40\n [\u003c001587c702c5f5a8\u003e] __fput+0x2e8/0x970\n [\u003c001587c7024148c4\u003e] task_work_run+0x1c4/0x2c0\n [\u003c001587c7023b0716\u003e] do_exit+0x996/0x1050\n [\u003c001587c7023b13aa\u003e] do_group_exit+0x13a/0x360\n [\u003c001587c7023b1626\u003e] __s390x_sys_exit_group+0x56/0x60\n [\u003c001587c7022bccca\u003e] do_syscall+0x27a/0x380\n [\u003c001587c7049a6a0c\u003e] __do_syscall+0x9c/0x160\n [\u003c001587c7049ce8a8\u003e] system_call+0x70/0x98\n Last Breaking-Event-Address:\n [\u003c001587c682c4a9d4\u003e] iucv_sock_destruct+0x84/0x1a0 [af_iucv]", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-53210", "https://git.kernel.org/linus/ebaf81317e42aa990ad20b113cfe3a7b20d4e937 (6.13-rc1)", "https://git.kernel.org/stable/c/42251c2d1ef1cb0822638bebb87ad9120c759673", "https://git.kernel.org/stable/c/783c2c6e61c5a04eb8baea598753d5fa174dbe85", "https://git.kernel.org/stable/c/934326aef7ac4652f81c69d18bf44eebaefc39c3", "https://git.kernel.org/stable/c/9f603e66e1c59c1d25e60eb0636cb307d190782e", "https://git.kernel.org/stable/c/ebaf81317e42aa990ad20b113cfe3a7b20d4e937", "https://linux.oracle.com/cve/CVE-2024-53210.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024122729-CVE-2024-53210-c51c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-53210", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-53210" ], "PublishedDate": "2024-12-27T14:15:28.897Z", "LastModifiedDate": "2025-11-03T21:17:42.19Z" }, { "VulnerabilityID": "CVE-2024-53216", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-53216", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5aca34e98a37d9ba2d3018262e87811a9e8ee6bab1bd59349483c42b2d863718", "Title": "kernel: nfsd: release svc_expkey/svc_export with rcu_work", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: release svc_expkey/svc_export with rcu_work\n\nThe last reference for `cache_head` can be reduced to zero in `c_show`\nand `e_show`(using `rcu_read_lock` and `rcu_read_unlock`). Consequently,\n`svc_export_put` and `expkey_put` will be invoked, leading to two\nissues:\n\n1. The `svc_export_put` will directly free ex_uuid. However,\n `e_show`/`c_show` will access `ex_uuid` after `cache_put`, which can\n trigger a use-after-free issue, shown below.\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in svc_export_show+0x362/0x430 [nfsd]\n Read of size 1 at addr ff11000010fdc120 by task cat/870\n\n CPU: 1 UID: 0 PID: 870 Comm: cat Not tainted 6.12.0-rc3+ #1\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n 1.16.1-2.fc37 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x53/0x70\n print_address_description.constprop.0+0x2c/0x3a0\n print_report+0xb9/0x280\n kasan_report+0xae/0xe0\n svc_export_show+0x362/0x430 [nfsd]\n c_show+0x161/0x390 [sunrpc]\n seq_read_iter+0x589/0x770\n seq_read+0x1e5/0x270\n proc_reg_read+0xe1/0x140\n vfs_read+0x125/0x530\n ksys_read+0xc1/0x160\n do_syscall_64+0x5f/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n Allocated by task 830:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x8f/0xa0\n __kmalloc_node_track_caller_noprof+0x1bc/0x400\n kmemdup_noprof+0x22/0x50\n svc_export_parse+0x8a9/0xb80 [nfsd]\n cache_do_downcall+0x71/0xa0 [sunrpc]\n cache_write_procfs+0x8e/0xd0 [sunrpc]\n proc_reg_write+0xe1/0x140\n vfs_write+0x1a5/0x6d0\n ksys_write+0xc1/0x160\n do_syscall_64+0x5f/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n Freed by task 868:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x37/0x50\n kfree+0xf3/0x3e0\n svc_export_put+0x87/0xb0 [nfsd]\n cache_purge+0x17f/0x1f0 [sunrpc]\n nfsd_destroy_serv+0x226/0x2d0 [nfsd]\n nfsd_svc+0x125/0x1e0 [nfsd]\n write_threads+0x16a/0x2a0 [nfsd]\n nfsctl_transaction_write+0x74/0xa0 [nfsd]\n vfs_write+0x1a5/0x6d0\n ksys_write+0xc1/0x160\n do_syscall_64+0x5f/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n2. We cannot sleep while using `rcu_read_lock`/`rcu_read_unlock`.\n However, `svc_export_put`/`expkey_put` will call path_put, which\n subsequently triggers a sleeping operation due to the following\n `dput`.\n\n =============================\n WARNING: suspicious RCU usage\n 5.10.0-dirty #141 Not tainted\n -----------------------------\n ...\n Call Trace:\n dump_stack+0x9a/0xd0\n ___might_sleep+0x231/0x240\n dput+0x39/0x600\n path_put+0x1b/0x30\n svc_export_put+0x17/0x80\n e_show+0x1c9/0x200\n seq_read_iter+0x63f/0x7c0\n seq_read+0x226/0x2d0\n vfs_read+0x113/0x2c0\n ksys_read+0xc9/0x170\n do_syscall_64+0x33/0x40\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n\nFix these issues by using `rcu_work` to help release\n`svc_expkey`/`svc_export`. This approach allows for an asynchronous\ncontext to invoke `path_put` and also facilitates the freeing of\n`uuid/exp/key` after an RCU grace period.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "alma": 2, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:20518", "https://access.redhat.com/security/cve/CVE-2024-53216", "https://bugzilla.redhat.com/2298169", "https://bugzilla.redhat.com/2312077", "https://bugzilla.redhat.com/2313092", "https://bugzilla.redhat.com/2320172", "https://bugzilla.redhat.com/2320259", "https://bugzilla.redhat.com/2320455", "https://bugzilla.redhat.com/2320616", "https://bugzilla.redhat.com/2320722", "https://bugzilla.redhat.com/2324549", "https://bugzilla.redhat.com/2327203", "https://bugzilla.redhat.com/2327374", "https://bugzilla.redhat.com/2327887", "https://bugzilla.redhat.com/2329918", "https://bugzilla.redhat.com/2330341", "https://bugzilla.redhat.com/2331326", "https://bugzilla.redhat.com/2334357", "https://bugzilla.redhat.com/2334396", "https://bugzilla.redhat.com/2334415", "https://bugzilla.redhat.com/2334439", "https://bugzilla.redhat.com/2334537", "https://bugzilla.redhat.com/2334547", "https://bugzilla.redhat.com/2334548", "https://bugzilla.redhat.com/2334560", "https://bugzilla.redhat.com/2334676", "https://bugzilla.redhat.com/2334795", "https://bugzilla.redhat.com/2334829", "https://bugzilla.redhat.com/2336541", "https://bugzilla.redhat.com/2337121", "https://bugzilla.redhat.com/2337124", "https://bugzilla.redhat.com/2338814", "https://bugzilla.redhat.com/2338828", "https://bugzilla.redhat.com/2338832", "https://bugzilla.redhat.com/2343172", "https://bugzilla.redhat.com/2343175", "https://bugzilla.redhat.com/2344684", "https://bugzilla.redhat.com/2344687", "https://bugzilla.redhat.com/2345240", "https://bugzilla.redhat.com/2346272", "https://bugzilla.redhat.com/2347707", "https://bugzilla.redhat.com/2347753", "https://bugzilla.redhat.com/2347759", "https://bugzilla.redhat.com/2347781", "https://bugzilla.redhat.com/2347807", "https://bugzilla.redhat.com/2347859", "https://bugzilla.redhat.com/2347919", "https://bugzilla.redhat.com/2347968", "https://bugzilla.redhat.com/2348022", "https://bugzilla.redhat.com/2348071", "https://bugzilla.redhat.com/2348238", "https://bugzilla.redhat.com/2348240", "https://bugzilla.redhat.com/2348279", "https://bugzilla.redhat.com/2348515", "https://bugzilla.redhat.com/2348523", "https://bugzilla.redhat.com/2348528", "https://bugzilla.redhat.com/2348541", "https://bugzilla.redhat.com/2348543", "https://bugzilla.redhat.com/2348547", "https://bugzilla.redhat.com/2348550", "https://bugzilla.redhat.com/2348554", "https://bugzilla.redhat.com/2348556", "https://bugzilla.redhat.com/2348566", "https://bugzilla.redhat.com/2348573", "https://bugzilla.redhat.com/2348574", "https://bugzilla.redhat.com/2348577", "https://bugzilla.redhat.com/2348578", "https://bugzilla.redhat.com/2348581", "https://bugzilla.redhat.com/2348584", "https://bugzilla.redhat.com/2348585", "https://bugzilla.redhat.com/2348587", "https://bugzilla.redhat.com/2348595", "https://bugzilla.redhat.com/2348597", "https://bugzilla.redhat.com/2348600", "https://bugzilla.redhat.com/2348601", "https://bugzilla.redhat.com/2348615", "https://bugzilla.redhat.com/2348620", "https://bugzilla.redhat.com/2348625", "https://bugzilla.redhat.com/2348634", "https://bugzilla.redhat.com/2348645", "https://bugzilla.redhat.com/2348650", "https://bugzilla.redhat.com/2348654", "https://bugzilla.redhat.com/2348901", "https://bugzilla.redhat.com/2350363", "https://bugzilla.redhat.com/2350367", "https://bugzilla.redhat.com/2350374", "https://bugzilla.redhat.com/2350375", "https://bugzilla.redhat.com/2350386", "https://bugzilla.redhat.com/2350388", "https://bugzilla.redhat.com/2350392", "https://bugzilla.redhat.com/2350396", "https://bugzilla.redhat.com/2350397", "https://bugzilla.redhat.com/2350400", "https://bugzilla.redhat.com/2350585", "https://bugzilla.redhat.com/2350589", "https://bugzilla.redhat.com/2350725", "https://bugzilla.redhat.com/2350726", "https://bugzilla.redhat.com/2351606", "https://bugzilla.redhat.com/2351608", "https://bugzilla.redhat.com/2351612", "https://bugzilla.redhat.com/2351613", "https://bugzilla.redhat.com/2351616", "https://bugzilla.redhat.com/2351618", "https://bugzilla.redhat.com/2351620", "https://bugzilla.redhat.com/2351624", "https://bugzilla.redhat.com/2351625", "https://bugzilla.redhat.com/2351629", "https://bugzilla.redhat.com/2351633", "https://bugzilla.redhat.com/2360215", "https://bugzilla.redhat.com/2363380", "https://bugzilla.redhat.com/2369184", "https://bugzilla.redhat.com/2376076", "https://bugzilla.redhat.com/2383441", "https://bugzilla.redhat.com/show_bug.cgi?id=2298169", "https://bugzilla.redhat.com/show_bug.cgi?id=2312077", "https://bugzilla.redhat.com/show_bug.cgi?id=2313092", "https://bugzilla.redhat.com/show_bug.cgi?id=2320172", "https://bugzilla.redhat.com/show_bug.cgi?id=2320259", "https://bugzilla.redhat.com/show_bug.cgi?id=2320455", "https://bugzilla.redhat.com/show_bug.cgi?id=2320616", "https://bugzilla.redhat.com/show_bug.cgi?id=2320722", "https://bugzilla.redhat.com/show_bug.cgi?id=2324549", "https://bugzilla.redhat.com/show_bug.cgi?id=2327203", "https://bugzilla.redhat.com/show_bug.cgi?id=2327374", "https://bugzilla.redhat.com/show_bug.cgi?id=2327887", "https://bugzilla.redhat.com/show_bug.cgi?id=2329918", "https://bugzilla.redhat.com/show_bug.cgi?id=2330341", "https://bugzilla.redhat.com/show_bug.cgi?id=2331326", "https://bugzilla.redhat.com/show_bug.cgi?id=2334357", "https://bugzilla.redhat.com/show_bug.cgi?id=2334396", "https://bugzilla.redhat.com/show_bug.cgi?id=2334415", "https://bugzilla.redhat.com/show_bug.cgi?id=2334439", "https://bugzilla.redhat.com/show_bug.cgi?id=2334537", "https://bugzilla.redhat.com/show_bug.cgi?id=2334547", "https://bugzilla.redhat.com/show_bug.cgi?id=2334548", "https://bugzilla.redhat.com/show_bug.cgi?id=2334560", "https://bugzilla.redhat.com/show_bug.cgi?id=2334676", "https://bugzilla.redhat.com/show_bug.cgi?id=2334795", "https://bugzilla.redhat.com/show_bug.cgi?id=2334829", "https://bugzilla.redhat.com/show_bug.cgi?id=2336541", "https://bugzilla.redhat.com/show_bug.cgi?id=2337121", "https://bugzilla.redhat.com/show_bug.cgi?id=2337124", "https://bugzilla.redhat.com/show_bug.cgi?id=2338814", "https://bugzilla.redhat.com/show_bug.cgi?id=2338828", "https://bugzilla.redhat.com/show_bug.cgi?id=2338832", "https://bugzilla.redhat.com/show_bug.cgi?id=2343172", "https://bugzilla.redhat.com/show_bug.cgi?id=2343175", "https://bugzilla.redhat.com/show_bug.cgi?id=2344684", "https://bugzilla.redhat.com/show_bug.cgi?id=2344687", "https://bugzilla.redhat.com/show_bug.cgi?id=2345240", "https://bugzilla.redhat.com/show_bug.cgi?id=2346272", "https://bugzilla.redhat.com/show_bug.cgi?id=2347707", "https://bugzilla.redhat.com/show_bug.cgi?id=2347753", "https://bugzilla.redhat.com/show_bug.cgi?id=2347759", "https://bugzilla.redhat.com/show_bug.cgi?id=2347781", "https://bugzilla.redhat.com/show_bug.cgi?id=2347807", "https://bugzilla.redhat.com/show_bug.cgi?id=2347859", "https://bugzilla.redhat.com/show_bug.cgi?id=2347919", "https://bugzilla.redhat.com/show_bug.cgi?id=2347968", "https://bugzilla.redhat.com/show_bug.cgi?id=2348022", "https://bugzilla.redhat.com/show_bug.cgi?id=2348071", "https://bugzilla.redhat.com/show_bug.cgi?id=2348238", "https://bugzilla.redhat.com/show_bug.cgi?id=2348240", "https://bugzilla.redhat.com/show_bug.cgi?id=2348279", "https://bugzilla.redhat.com/show_bug.cgi?id=2348515", "https://bugzilla.redhat.com/show_bug.cgi?id=2348523", "https://bugzilla.redhat.com/show_bug.cgi?id=2348528", "https://bugzilla.redhat.com/show_bug.cgi?id=2348541", "https://bugzilla.redhat.com/show_bug.cgi?id=2348543", "https://bugzilla.redhat.com/show_bug.cgi?id=2348547", "https://bugzilla.redhat.com/show_bug.cgi?id=2348550", "https://bugzilla.redhat.com/show_bug.cgi?id=2348554", "https://bugzilla.redhat.com/show_bug.cgi?id=2348556", "https://bugzilla.redhat.com/show_bug.cgi?id=2348566", "https://bugzilla.redhat.com/show_bug.cgi?id=2348573", "https://bugzilla.redhat.com/show_bug.cgi?id=2348574", "https://bugzilla.redhat.com/show_bug.cgi?id=2348577", "https://bugzilla.redhat.com/show_bug.cgi?id=2348578", "https://bugzilla.redhat.com/show_bug.cgi?id=2348581", "https://bugzilla.redhat.com/show_bug.cgi?id=2348584", "https://bugzilla.redhat.com/show_bug.cgi?id=2348585", "https://bugzilla.redhat.com/show_bug.cgi?id=2348587", "https://bugzilla.redhat.com/show_bug.cgi?id=2348595", "https://bugzilla.redhat.com/show_bug.cgi?id=2348597", "https://bugzilla.redhat.com/show_bug.cgi?id=2348600", "https://bugzilla.redhat.com/show_bug.cgi?id=2348601", "https://bugzilla.redhat.com/show_bug.cgi?id=2348615", "https://bugzilla.redhat.com/show_bug.cgi?id=2348620", "https://bugzilla.redhat.com/show_bug.cgi?id=2348625", "https://bugzilla.redhat.com/show_bug.cgi?id=2348634", "https://bugzilla.redhat.com/show_bug.cgi?id=2348645", "https://bugzilla.redhat.com/show_bug.cgi?id=2348650", "https://bugzilla.redhat.com/show_bug.cgi?id=2348654", "https://bugzilla.redhat.com/show_bug.cgi?id=2348901", "https://bugzilla.redhat.com/show_bug.cgi?id=2350363", "https://bugzilla.redhat.com/show_bug.cgi?id=2350367", "https://bugzilla.redhat.com/show_bug.cgi?id=2350374", "https://bugzilla.redhat.com/show_bug.cgi?id=2350375", "https://bugzilla.redhat.com/show_bug.cgi?id=2350386", "https://bugzilla.redhat.com/show_bug.cgi?id=2350388", "https://bugzilla.redhat.com/show_bug.cgi?id=2350392", "https://bugzilla.redhat.com/show_bug.cgi?id=2350396", "https://bugzilla.redhat.com/show_bug.cgi?id=2350397", "https://bugzilla.redhat.com/show_bug.cgi?id=2350400", "https://bugzilla.redhat.com/show_bug.cgi?id=2350585", "https://bugzilla.redhat.com/show_bug.cgi?id=2350589", "https://bugzilla.redhat.com/show_bug.cgi?id=2350725", "https://bugzilla.redhat.com/show_bug.cgi?id=2350726", "https://bugzilla.redhat.com/show_bug.cgi?id=2351606", "https://bugzilla.redhat.com/show_bug.cgi?id=2351608", "https://bugzilla.redhat.com/show_bug.cgi?id=2351612", "https://bugzilla.redhat.com/show_bug.cgi?id=2351613", "https://bugzilla.redhat.com/show_bug.cgi?id=2351616", "https://bugzilla.redhat.com/show_bug.cgi?id=2351618", "https://bugzilla.redhat.com/show_bug.cgi?id=2351620", "https://bugzilla.redhat.com/show_bug.cgi?id=2351624", "https://bugzilla.redhat.com/show_bug.cgi?id=2351625", "https://bugzilla.redhat.com/show_bug.cgi?id=2351629", "https://bugzilla.redhat.com/show_bug.cgi?id=2351633", "https://bugzilla.redhat.com/show_bug.cgi?id=2356647", "https://bugzilla.redhat.com/show_bug.cgi?id=2360215", "https://bugzilla.redhat.com/show_bug.cgi?id=2360223", "https://bugzilla.redhat.com/show_bug.cgi?id=2363380", "https://bugzilla.redhat.com/show_bug.cgi?id=2369184", "https://bugzilla.redhat.com/show_bug.cgi?id=2376076", "https://bugzilla.redhat.com/show_bug.cgi?id=2383441", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48830", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49024", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49269", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49353", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49432", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49437", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49443", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49623", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49627", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49643", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49657", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49670", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49845", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36350", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46744", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47679", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47727", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49570", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50060", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50195", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50294", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52332", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53052", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53090", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53119", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53135", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53170", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53229", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53241", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53680", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54456", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56603", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56645", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56662", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56690", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56709", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57981", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57986", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57987", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57988", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57990", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57993", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57995", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57998", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58012", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58015", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58057", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58062", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58068", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58072", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58075", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58077", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58083", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58088", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21647", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21671", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21693", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21696", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21702", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21714", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21728", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21738", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21745", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21746", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21765", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21787", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21806", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21828", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21829", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21837", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21839", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21844", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21846", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21848", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21851", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21855", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21861", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21863", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21902", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37994", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38116", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38396", "https://errata.almalinux.org/9/ALSA-2025-20518.html", "https://errata.rockylinux.org/RLSA-2025:20518", "https://git.kernel.org/linus/f8c989a0c89a75d30f899a7cabdc14d72522bb8d (6.13-rc1)", "https://git.kernel.org/stable/c/2e4854599200f4d021df8ae17e69221d7c149f3e", "https://git.kernel.org/stable/c/ad4363a24a5746b257c0beb5d8cc68f9b62c173f", "https://git.kernel.org/stable/c/bd8524148dd8c123334b066faa90590ba2ef8e6f", "https://git.kernel.org/stable/c/f8c989a0c89a75d30f899a7cabdc14d72522bb8d", "https://linux.oracle.com/cve/CVE-2024-53216.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2024122732-CVE-2024-53216-ba8b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-53216", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://www.cve.org/CVERecord?id=CVE-2024-53216" ], "PublishedDate": "2024-12-27T14:15:29.587Z", "LastModifiedDate": "2025-03-24T17:33:56.54Z" }, { "VulnerabilityID": "CVE-2024-53219", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-53219", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:19c63bb16e405c64b7ba54eefb5ce0f40f87a62a03158d4813aa4711aaeffa64", "Title": "kernel: virtiofs: use pages instead of pointer for kernel direct IO", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtiofs: use pages instead of pointer for kernel direct IO\n\nWhen trying to insert a 10MB kernel module kept in a virtio-fs with cache\ndisabled, the following warning was reported:\n\n ------------[ cut here ]------------\n WARNING: CPU: 1 PID: 404 at mm/page_alloc.c:4551 ......\n Modules linked in:\n CPU: 1 PID: 404 Comm: insmod Not tainted 6.9.0-rc5+ #123\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) ......\n RIP: 0010:__alloc_pages+0x2bf/0x380\n ......\n Call Trace:\n \u003cTASK\u003e\n ? __warn+0x8e/0x150\n ? __alloc_pages+0x2bf/0x380\n __kmalloc_large_node+0x86/0x160\n __kmalloc+0x33c/0x480\n virtio_fs_enqueue_req+0x240/0x6d0\n virtio_fs_wake_pending_and_unlock+0x7f/0x190\n queue_request_and_unlock+0x55/0x60\n fuse_simple_request+0x152/0x2b0\n fuse_direct_io+0x5d2/0x8c0\n fuse_file_read_iter+0x121/0x160\n __kernel_read+0x151/0x2d0\n kernel_read+0x45/0x50\n kernel_read_file+0x1a9/0x2a0\n init_module_from_file+0x6a/0xe0\n idempotent_init_module+0x175/0x230\n __x64_sys_finit_module+0x5d/0xb0\n x64_sys_call+0x1c3/0x9e0\n do_syscall_64+0x3d/0xc0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n ......\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---\n\nThe warning is triggered as follows:\n\n1) syscall finit_module() handles the module insertion and it invokes\nkernel_read_file() to read the content of the module first.\n\n2) kernel_read_file() allocates a 10MB buffer by using vmalloc() and\npasses it to kernel_read(). kernel_read() constructs a kvec iter by\nusing iov_iter_kvec() and passes it to fuse_file_read_iter().\n\n3) virtio-fs disables the cache, so fuse_file_read_iter() invokes\nfuse_direct_io(). As for now, the maximal read size for kvec iter is\nonly limited by fc-\u003emax_read. For virtio-fs, max_read is UINT_MAX, so\nfuse_direct_io() doesn't split the 10MB buffer. It saves the address and\nthe size of the 10MB-sized buffer in out_args[0] of a fuse request and\npasses the fuse request to virtio_fs_wake_pending_and_unlock().\n\n4) virtio_fs_wake_pending_and_unlock() uses virtio_fs_enqueue_req() to\nqueue the request. Because virtiofs need DMA-able address, so\nvirtio_fs_enqueue_req() uses kmalloc() to allocate a bounce buffer for\nall fuse args, copies these args into the bounce buffer and passed the\nphysical address of the bounce buffer to virtiofsd. The total length of\nthese fuse args for the passed fuse request is about 10MB, so\ncopy_args_to_argbuf() invokes kmalloc() with a 10MB size parameter and\nit triggers the warning in __alloc_pages():\n\n\tif (WARN_ON_ONCE_GFP(order \u003e MAX_PAGE_ORDER, gfp))\n\t\treturn NULL;\n\n5) virtio_fs_enqueue_req() will retry the memory allocation in a\nkworker, but it won't help, because kmalloc() will always return NULL\ndue to the abnormal size and finit_module() will hang forever.\n\nA feasible solution is to limit the value of max_read for virtio-fs, so\nthe length passed to kmalloc() will be limited. However it will affect\nthe maximal read size for normal read. And for virtio-fs write initiated\nfrom kernel, it has the similar problem but now there is no way to limit\nfc-\u003emax_write in kernel.\n\nSo instead of limiting both the values of max_read and max_write in\nkernel, introducing use_pages_for_kvec_io in fuse_conn and setting it as\ntrue in virtiofs. When use_pages_for_kvec_io is enabled, fuse will use\npages instead of pointer to pass the KVEC_IO data.\n\nAfter switching to pages for KVEC_IO data, these pages will be used for\nDMA through virtio-fs. If these pages are backed by vmalloc(),\n{flush|invalidate}_kernel_vmap_range() are necessary to flush or\ninvalidate the cache before the DMA operation. So add two new fields in\nfuse_args_pages to record the base address of vmalloc area and the\ncondition indicating whether invalidation is needed. Perform the flush\nin fuse_get_user_pages() for write operations and the invalidation in\nfuse_release_user_pages() for read operations.\n\nIt may seem necessary to introduce another fie\n---truncated---", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-53219", "https://git.kernel.org/linus/41748675c0bf252b3c5f600a95830f0936d366c1 (6.13-rc1)", "https://git.kernel.org/stable/c/2bc07714dc955a91d2923a440ea02c3cb3376b10", "https://git.kernel.org/stable/c/41748675c0bf252b3c5f600a95830f0936d366c1", "https://git.kernel.org/stable/c/9a8fde56d4b6d51930936ed50f6370a9097328d1", "https://linux.oracle.com/cve/CVE-2024-53219.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2024122733-CVE-2024-53219-1a04@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-53219", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-53219" ], "PublishedDate": "2024-12-27T14:15:29.963Z", "LastModifiedDate": "2025-10-01T20:17:21.777Z" }, { "VulnerabilityID": "CVE-2024-53220", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-53220", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b98aadea21d1cd64d8db7b731ee0b673cd97f356ee85e893e2e06c0a19625066", "Title": "kernel: f2fs: fix to account dirty data in __get_secs_required()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to account dirty data in __get_secs_required()\n\nIt will trigger system panic w/ testcase in [1]:\n\n------------[ cut here ]------------\nkernel BUG at fs/f2fs/segment.c:2752!\nRIP: 0010:new_curseg+0xc81/0x2110\nCall Trace:\n f2fs_allocate_data_block+0x1c91/0x4540\n do_write_page+0x163/0xdf0\n f2fs_outplace_write_data+0x1aa/0x340\n f2fs_do_write_data_page+0x797/0x2280\n f2fs_write_single_data_page+0x16cd/0x2190\n f2fs_write_cache_pages+0x994/0x1c80\n f2fs_write_data_pages+0x9cc/0xea0\n do_writepages+0x194/0x7a0\n filemap_fdatawrite_wbc+0x12b/0x1a0\n __filemap_fdatawrite_range+0xbb/0xf0\n file_write_and_wait_range+0xa1/0x110\n f2fs_do_sync_file+0x26f/0x1c50\n f2fs_sync_file+0x12b/0x1d0\n vfs_fsync_range+0xfa/0x230\n do_fsync+0x3d/0x80\n __x64_sys_fsync+0x37/0x50\n x64_sys_call+0x1e88/0x20d0\n do_syscall_64+0x4b/0x110\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe root cause is if checkpoint_disabling and lfs_mode are both on,\nit will trigger OPU for all overwritten data, it may cost more free\nsegment than expected, so f2fs must account those data correctly to\ncalculate cosumed free segments later, and return ENOSPC earlier to\navoid run out of free segment during block allocation.\n\n[1] https://lore.kernel.org/fstests/20241015025106.3203676-1-chao@kernel.org/", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "photon": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-53220", "https://git.kernel.org/linus/1acd73edbbfef2c3c5b43cba4006a7797eca7050 (6.13-rc1)", "https://git.kernel.org/stable/c/1acd73edbbfef2c3c5b43cba4006a7797eca7050", "https://git.kernel.org/stable/c/6e58b2987960efcd917bc42da781cee256213618", "https://git.kernel.org/stable/c/9313b85ddc120e2d2f0efaf86d0204d4c98d60b1", "https://git.kernel.org/stable/c/e812871c068cc0f91ff9f5cee87d00df1c44aae4", "https://git.kernel.org/stable/c/f1b8bfe8d2f2fdf905d37c174d5bc1cd2b6910c5", "https://linux.oracle.com/cve/CVE-2024-53220.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024122733-CVE-2024-53220-3664@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-53220", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-53220" ], "PublishedDate": "2024-12-27T14:15:30.077Z", "LastModifiedDate": "2025-11-03T21:17:43.623Z" }, { "VulnerabilityID": "CVE-2024-53221", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-53221", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f7f9d78780a7637aa9bb92c75a4b5ac298131f742fed9674eb837a76beb62064", "Title": "kernel: f2fs: fix null-ptr-deref in f2fs_submit_page_bio()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix null-ptr-deref in f2fs_submit_page_bio()\n\nThere's issue as follows when concurrently installing the f2fs.ko\nmodule and mounting the f2fs file system:\nKASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027]\nRIP: 0010:__bio_alloc+0x2fb/0x6c0 [f2fs]\nCall Trace:\n \u003cTASK\u003e\n f2fs_submit_page_bio+0x126/0x8b0 [f2fs]\n __get_meta_page+0x1d4/0x920 [f2fs]\n get_checkpoint_version.constprop.0+0x2b/0x3c0 [f2fs]\n validate_checkpoint+0xac/0x290 [f2fs]\n f2fs_get_valid_checkpoint+0x207/0x950 [f2fs]\n f2fs_fill_super+0x1007/0x39b0 [f2fs]\n mount_bdev+0x183/0x250\n legacy_get_tree+0xf4/0x1e0\n vfs_get_tree+0x88/0x340\n do_new_mount+0x283/0x5e0\n path_mount+0x2b2/0x15b0\n __x64_sys_mount+0x1fe/0x270\n do_syscall_64+0x5f/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nAbove issue happens as the biset of the f2fs file system is not\ninitialized before register \"f2fs_fs_type\".\nTo address above issue just register \"f2fs_fs_type\" at the last in\ninit_f2fs_fs(). Ensure that all f2fs file system resources are\ninitialized.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-53221", "https://git.kernel.org/linus/b7d0a97b28083084ebdd8e5c6bccd12e6ec18faa (6.13-rc1)", "https://git.kernel.org/stable/c/32f5e291b7677495f98246eec573767430321c08", "https://git.kernel.org/stable/c/8dddc12d03248755d9f709bc1eb9e3ea2bf1b322", "https://git.kernel.org/stable/c/9e11b1d5fda972f6be60ab732976a7c8e064cd56", "https://git.kernel.org/stable/c/b7d0a97b28083084ebdd8e5c6bccd12e6ec18faa", "https://linux.oracle.com/cve/CVE-2024-53221.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2024122733-CVE-2024-53221-d8b2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-53221", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-53221" ], "PublishedDate": "2024-12-27T14:15:30.19Z", "LastModifiedDate": "2025-01-17T14:15:32Z" }, { "VulnerabilityID": "CVE-2024-53224", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-53224", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d1130db7b6ed52fbc9acbd818a3f46a639beb5e88b9fa9e93d32692116a2a59e", "Title": "kernel: RDMA/mlx5: Move events notifier registration to be after device registration", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Move events notifier registration to be after device registration\n\nMove pkey change work initialization and cleanup from device resources\nstage to notifier stage, since this is the stage which handles this work\nevents.\n\nFix a race between the device deregistration and pkey change work by moving\nMLX5_IB_STAGE_DEVICE_NOTIFIER to be after MLX5_IB_STAGE_IB_REG in order to\nensure that the notifier is deregistered before the device during cleanup.\nWhich ensures there are no works that are being executed after the\ndevice has already unregistered which can cause the panic below.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP PTI\nCPU: 1 PID: 630071 Comm: kworker/1:2 Kdump: loaded Tainted: G W OE --------- --- 5.14.0-162.6.1.el9_1.x86_64 #1\nHardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS 090008 02/27/2023\nWorkqueue: events pkey_change_handler [mlx5_ib]\nRIP: 0010:setup_qp+0x38/0x1f0 [mlx5_ib]\nCode: ee 41 54 45 31 e4 55 89 f5 53 48 89 fb 48 83 ec 20 8b 77 08 65 48 8b 04 25 28 00 00 00 48 89 44 24 18 48 8b 07 48 8d 4c 24 16 \u003c4c\u003e 8b 38 49 8b 87 80 0b 00 00 4c 89 ff 48 8b 80 08 05 00 00 8b 40\nRSP: 0018:ffffbcc54068be20 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffff954054494128 RCX: ffffbcc54068be36\nRDX: ffff954004934000 RSI: 0000000000000001 RDI: ffff954054494128\nRBP: 0000000000000023 R08: ffff954001be2c20 R09: 0000000000000001\nR10: ffff954001be2c20 R11: ffff9540260133c0 R12: 0000000000000000\nR13: 0000000000000023 R14: 0000000000000000 R15: ffff9540ffcb0905\nFS: 0000000000000000(0000) GS:ffff9540ffc80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000000 CR3: 000000010625c001 CR4: 00000000003706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\nmlx5_ib_gsi_pkey_change+0x20/0x40 [mlx5_ib]\nprocess_one_work+0x1e8/0x3c0\nworker_thread+0x50/0x3b0\n? rescuer_thread+0x380/0x380\nkthread+0x149/0x170\n? set_kthread_struct+0x50/0x50\nret_from_fork+0x22/0x30\nModules linked in: rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) mlx5_fwctl(OE) fwctl(OE) ib_uverbs(OE) mlx5_core(OE) mlxdevm(OE) ib_core(OE) mlx_compat(OE) psample mlxfw(OE) tls knem(OE) netconsole nfsv3 nfs_acl nfs lockd grace fscache netfs qrtr rfkill sunrpc intel_rapl_msr intel_rapl_common rapl hv_balloon hv_utils i2c_piix4 pcspkr joydev fuse ext4 mbcache jbd2 sr_mod sd_mod cdrom t10_pi sg ata_generic pci_hyperv pci_hyperv_intf hyperv_drm drm_shmem_helper drm_kms_helper hv_storvsc syscopyarea hv_netvsc sysfillrect sysimgblt hid_hyperv fb_sys_fops scsi_transport_fc hyperv_keyboard drm ata_piix crct10dif_pclmul crc32_pclmul crc32c_intel libata ghash_clmulni_intel hv_vmbus serio_raw [last unloaded: ib_core]\nCR2: 0000000000000000\n---[ end trace f6f8be4eae12f7bc ]---", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-53224", "https://git.kernel.org/linus/ede132a5cf559f3ab35a4c28bac4f4a6c20334d8 (6.13-rc1)", "https://git.kernel.org/stable/c/542bd62b7a7f37182c9ef192c2bd25d118c144e4", "https://git.kernel.org/stable/c/6b0acf6a94c31efa43fce4edc22413a3390f9c05", "https://git.kernel.org/stable/c/921fcf2971a1e8d3b904ba2c2905b96f4ec3d4ad", "https://git.kernel.org/stable/c/ede132a5cf559f3ab35a4c28bac4f4a6c20334d8", "https://linux.oracle.com/cve/CVE-2024-53224.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lore.kernel.org/linux-cve-announce/2024122734-CVE-2024-53224-2509@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-53224", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-53224" ], "PublishedDate": "2024-12-27T14:15:30.583Z", "LastModifiedDate": "2025-10-01T20:17:21.977Z" }, { "VulnerabilityID": "CVE-2024-53234", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-53234", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:42ffde7ecdfb38c1bed4a845564fe23202de8e2460d92efda7df8dbce78904c5", "Title": "kernel: erofs: handle NONHEAD !delta[1] lclusters gracefully", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: handle NONHEAD !delta[1] lclusters gracefully\n\nsyzbot reported a WARNING in iomap_iter_done:\n iomap_fiemap+0x73b/0x9b0 fs/iomap/fiemap.c:80\n ioctl_fiemap fs/ioctl.c:220 [inline]\n\nGenerally, NONHEAD lclusters won't have delta[1]==0, except for crafted\nimages and filesystems created by pre-1.0 mkfs versions.\n\nPreviously, it would immediately bail out if delta[1]==0, which led to\ninadequate decompressed lengths (thus FIEMAP is impacted). Treat it as\ndelta[1]=1 to work around these legacy mkfs versions.\n\n`lclusterbits \u003e 14` is illegal for compact indexes, error out too.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "photon": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-53234", "https://git.kernel.org/linus/0bc8061ffc733a0a246b8689b2d32a3e9204f43c (6.13-rc1)", "https://git.kernel.org/stable/c/0bc8061ffc733a0a246b8689b2d32a3e9204f43c", "https://git.kernel.org/stable/c/480c6c7b55aeacac800bc2a0d321ff53273045e5", "https://git.kernel.org/stable/c/75a0a6dde803e7a3af700da8da9a361b49f69eba", "https://git.kernel.org/stable/c/daaf68fef4b2ff97928227630021d37b27a96655", "https://git.kernel.org/stable/c/f466641debcbea8bdf78d1b63a6270aadf9301bf", "https://linux.oracle.com/cve/CVE-2024-53234.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024122738-CVE-2024-53234-4ee6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-53234", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-53234" ], "PublishedDate": "2024-12-27T14:15:31.783Z", "LastModifiedDate": "2025-11-03T21:17:45.283Z" }, { "VulnerabilityID": "CVE-2024-53687", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-53687", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6fc2c254560100bea79e384ac72597245d42629fda896fc3ae69361b108e6201", "Title": "kernel: riscv: Fix IPIs usage in kfence_protect_page()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Fix IPIs usage in kfence_protect_page()\n\nflush_tlb_kernel_range() may use IPIs to flush the TLBs of all the\ncores, which triggers the following warning when the irqs are disabled:\n\n[ 3.455330] WARNING: CPU: 1 PID: 0 at kernel/smp.c:815 smp_call_function_many_cond+0x452/0x520\n[ 3.456647] Modules linked in:\n[ 3.457218] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.12.0-rc7-00010-g91d3de7240b8 #1\n[ 3.457416] Hardware name: QEMU QEMU Virtual Machine, BIOS\n[ 3.457633] epc : smp_call_function_many_cond+0x452/0x520\n[ 3.457736] ra : on_each_cpu_cond_mask+0x1e/0x30\n[ 3.457786] epc : ffffffff800b669a ra : ffffffff800b67c2 sp : ff2000000000bb50\n[ 3.457824] gp : ffffffff815212b8 tp : ff6000008014f080 t0 : 000000000000003f\n[ 3.457859] t1 : ffffffff815221e0 t2 : 000000000000000f s0 : ff2000000000bc10\n[ 3.457920] s1 : 0000000000000040 a0 : ffffffff815221e0 a1 : 0000000000000001\n[ 3.457953] a2 : 0000000000010000 a3 : 0000000000000003 a4 : 0000000000000000\n[ 3.458006] a5 : 0000000000000000 a6 : ffffffffffffffff a7 : 0000000000000000\n[ 3.458042] s2 : ffffffff815223be s3 : 00fffffffffff000 s4 : ff600001ffe38fc0\n[ 3.458076] s5 : ff600001ff950d00 s6 : 0000000200000120 s7 : 0000000000000001\n[ 3.458109] s8 : 0000000000000001 s9 : ff60000080841ef0 s10: 0000000000000001\n[ 3.458141] s11: ffffffff81524812 t3 : 0000000000000001 t4 : ff60000080092bc0\n[ 3.458172] t5 : 0000000000000000 t6 : ff200000000236d0\n[ 3.458203] status: 0000000200000100 badaddr: ffffffff800b669a cause: 0000000000000003\n[ 3.458373] [\u003cffffffff800b669a\u003e] smp_call_function_many_cond+0x452/0x520\n[ 3.458593] [\u003cffffffff800b67c2\u003e] on_each_cpu_cond_mask+0x1e/0x30\n[ 3.458625] [\u003cffffffff8000e4ca\u003e] __flush_tlb_range+0x118/0x1ca\n[ 3.458656] [\u003cffffffff8000e6b2\u003e] flush_tlb_kernel_range+0x1e/0x26\n[ 3.458683] [\u003cffffffff801ea56a\u003e] kfence_protect+0xc0/0xce\n[ 3.458717] [\u003cffffffff801e9456\u003e] kfence_guarded_free+0xc6/0x1c0\n[ 3.458742] [\u003cffffffff801e9d6c\u003e] __kfence_free+0x62/0xc6\n[ 3.458764] [\u003cffffffff801c57d8\u003e] kfree+0x106/0x32c\n[ 3.458786] [\u003cffffffff80588cf2\u003e] detach_buf_split+0x188/0x1a8\n[ 3.458816] [\u003cffffffff8058708c\u003e] virtqueue_get_buf_ctx+0xb6/0x1f6\n[ 3.458839] [\u003cffffffff805871da\u003e] virtqueue_get_buf+0xe/0x16\n[ 3.458880] [\u003cffffffff80613d6a\u003e] virtblk_done+0x5c/0xe2\n[ 3.458908] [\u003cffffffff8058766e\u003e] vring_interrupt+0x6a/0x74\n[ 3.458930] [\u003cffffffff800747d8\u003e] __handle_irq_event_percpu+0x7c/0xe2\n[ 3.458956] [\u003cffffffff800748f0\u003e] handle_irq_event+0x3c/0x86\n[ 3.458978] [\u003cffffffff800786cc\u003e] handle_simple_irq+0x9e/0xbe\n[ 3.459004] [\u003cffffffff80073934\u003e] generic_handle_domain_irq+0x1c/0x2a\n[ 3.459027] [\u003cffffffff804bf87c\u003e] imsic_handle_irq+0xba/0x120\n[ 3.459056] [\u003cffffffff80073934\u003e] generic_handle_domain_irq+0x1c/0x2a\n[ 3.459080] [\u003cffffffff804bdb76\u003e] riscv_intc_aia_irq+0x24/0x34\n[ 3.459103] [\u003cffffffff809d0452\u003e] handle_riscv_irq+0x2e/0x4c\n[ 3.459133] [\u003cffffffff809d923e\u003e] call_on_irq_stack+0x32/0x40\n\nSo only flush the local TLB and let the lazy kfence page fault handling\ndeal with the faults which could happen when a core has an old protected\npte version cached in its TLB. That leads to potential inaccuracies which\ncan be tolerated when using kfence.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-53687", "https://git.kernel.org/linus/b3431a8bb336cece8adc452437befa7d4534b2fd (6.13-rc3)", "https://git.kernel.org/stable/c/3abfc4130c4222099c69d023fed97f1180a8ad7b", "https://git.kernel.org/stable/c/6f796a6a396d6f963f2cc8f5edd7dfba2cca097f", "https://git.kernel.org/stable/c/b3431a8bb336cece8adc452437befa7d4534b2fd", "https://linux.oracle.com/cve/CVE-2024-53687.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025011157-CVE-2024-53687-5f05@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-53687", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7513-1", "https://ubuntu.com/security/notices/USN-7513-2", "https://ubuntu.com/security/notices/USN-7513-3", "https://ubuntu.com/security/notices/USN-7513-4", "https://ubuntu.com/security/notices/USN-7513-5", "https://ubuntu.com/security/notices/USN-7514-1", "https://ubuntu.com/security/notices/USN-7515-1", "https://ubuntu.com/security/notices/USN-7515-2", "https://ubuntu.com/security/notices/USN-7522-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-53687" ], "PublishedDate": "2025-01-11T13:15:26.12Z", "LastModifiedDate": "2025-10-15T20:46:50.773Z" }, { "VulnerabilityID": "CVE-2024-54456", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-54456", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0274f16cc6d3c75aa7ce7bf3adb015b0b1a8b434dabacae52e4777bd346e4350", "Title": "kernel: NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client()\n\nname is char[64] where the size of clnt-\u003ecl_program-\u003ename remains\nunknown. Invoking strcat() directly will also lead to potential buffer\noverflow. Change them to strscpy() and strncat() to fix potential\nissues.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 2, "nvd": 3, "oracle-oval": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:20518", "https://access.redhat.com/security/cve/CVE-2024-54456", "https://bugzilla.redhat.com/2298169", "https://bugzilla.redhat.com/2312077", "https://bugzilla.redhat.com/2313092", "https://bugzilla.redhat.com/2320172", "https://bugzilla.redhat.com/2320259", "https://bugzilla.redhat.com/2320455", "https://bugzilla.redhat.com/2320616", "https://bugzilla.redhat.com/2320722", "https://bugzilla.redhat.com/2324549", "https://bugzilla.redhat.com/2327203", "https://bugzilla.redhat.com/2327374", "https://bugzilla.redhat.com/2327887", "https://bugzilla.redhat.com/2329918", "https://bugzilla.redhat.com/2330341", "https://bugzilla.redhat.com/2331326", "https://bugzilla.redhat.com/2334357", "https://bugzilla.redhat.com/2334396", "https://bugzilla.redhat.com/2334415", "https://bugzilla.redhat.com/2334439", "https://bugzilla.redhat.com/2334537", "https://bugzilla.redhat.com/2334547", "https://bugzilla.redhat.com/2334548", "https://bugzilla.redhat.com/2334560", "https://bugzilla.redhat.com/2334676", "https://bugzilla.redhat.com/2334795", "https://bugzilla.redhat.com/2334829", "https://bugzilla.redhat.com/2336541", "https://bugzilla.redhat.com/2337121", "https://bugzilla.redhat.com/2337124", "https://bugzilla.redhat.com/2338814", "https://bugzilla.redhat.com/2338828", "https://bugzilla.redhat.com/2338832", "https://bugzilla.redhat.com/2343172", "https://bugzilla.redhat.com/2343175", "https://bugzilla.redhat.com/2344684", "https://bugzilla.redhat.com/2344687", "https://bugzilla.redhat.com/2345240", "https://bugzilla.redhat.com/2346272", "https://bugzilla.redhat.com/2347707", "https://bugzilla.redhat.com/2347753", "https://bugzilla.redhat.com/2347759", "https://bugzilla.redhat.com/2347781", "https://bugzilla.redhat.com/2347807", "https://bugzilla.redhat.com/2347859", "https://bugzilla.redhat.com/2347919", "https://bugzilla.redhat.com/2347968", "https://bugzilla.redhat.com/2348022", "https://bugzilla.redhat.com/2348071", "https://bugzilla.redhat.com/2348238", "https://bugzilla.redhat.com/2348240", "https://bugzilla.redhat.com/2348279", "https://bugzilla.redhat.com/2348515", "https://bugzilla.redhat.com/2348523", "https://bugzilla.redhat.com/2348528", "https://bugzilla.redhat.com/2348541", "https://bugzilla.redhat.com/2348543", "https://bugzilla.redhat.com/2348547", "https://bugzilla.redhat.com/2348550", "https://bugzilla.redhat.com/2348554", "https://bugzilla.redhat.com/2348556", "https://bugzilla.redhat.com/2348566", "https://bugzilla.redhat.com/2348573", "https://bugzilla.redhat.com/2348574", "https://bugzilla.redhat.com/2348577", "https://bugzilla.redhat.com/2348578", "https://bugzilla.redhat.com/2348581", "https://bugzilla.redhat.com/2348584", "https://bugzilla.redhat.com/2348585", "https://bugzilla.redhat.com/2348587", "https://bugzilla.redhat.com/2348595", "https://bugzilla.redhat.com/2348597", "https://bugzilla.redhat.com/2348600", "https://bugzilla.redhat.com/2348601", "https://bugzilla.redhat.com/2348615", "https://bugzilla.redhat.com/2348620", "https://bugzilla.redhat.com/2348625", "https://bugzilla.redhat.com/2348634", "https://bugzilla.redhat.com/2348645", "https://bugzilla.redhat.com/2348650", "https://bugzilla.redhat.com/2348654", "https://bugzilla.redhat.com/2348901", "https://bugzilla.redhat.com/2350363", "https://bugzilla.redhat.com/2350367", "https://bugzilla.redhat.com/2350374", "https://bugzilla.redhat.com/2350375", "https://bugzilla.redhat.com/2350386", "https://bugzilla.redhat.com/2350388", "https://bugzilla.redhat.com/2350392", "https://bugzilla.redhat.com/2350396", "https://bugzilla.redhat.com/2350397", "https://bugzilla.redhat.com/2350400", "https://bugzilla.redhat.com/2350585", "https://bugzilla.redhat.com/2350589", "https://bugzilla.redhat.com/2350725", "https://bugzilla.redhat.com/2350726", "https://bugzilla.redhat.com/2351606", "https://bugzilla.redhat.com/2351608", "https://bugzilla.redhat.com/2351612", "https://bugzilla.redhat.com/2351613", "https://bugzilla.redhat.com/2351616", "https://bugzilla.redhat.com/2351618", "https://bugzilla.redhat.com/2351620", "https://bugzilla.redhat.com/2351624", "https://bugzilla.redhat.com/2351625", "https://bugzilla.redhat.com/2351629", "https://bugzilla.redhat.com/2351633", "https://bugzilla.redhat.com/2360215", "https://bugzilla.redhat.com/2363380", "https://bugzilla.redhat.com/2369184", "https://bugzilla.redhat.com/2376076", "https://bugzilla.redhat.com/2383441", "https://bugzilla.redhat.com/show_bug.cgi?id=2298169", "https://bugzilla.redhat.com/show_bug.cgi?id=2312077", "https://bugzilla.redhat.com/show_bug.cgi?id=2313092", "https://bugzilla.redhat.com/show_bug.cgi?id=2320172", "https://bugzilla.redhat.com/show_bug.cgi?id=2320259", "https://bugzilla.redhat.com/show_bug.cgi?id=2320455", "https://bugzilla.redhat.com/show_bug.cgi?id=2320616", "https://bugzilla.redhat.com/show_bug.cgi?id=2320722", "https://bugzilla.redhat.com/show_bug.cgi?id=2324549", "https://bugzilla.redhat.com/show_bug.cgi?id=2327203", "https://bugzilla.redhat.com/show_bug.cgi?id=2327374", "https://bugzilla.redhat.com/show_bug.cgi?id=2327887", "https://bugzilla.redhat.com/show_bug.cgi?id=2329918", "https://bugzilla.redhat.com/show_bug.cgi?id=2330341", "https://bugzilla.redhat.com/show_bug.cgi?id=2331326", "https://bugzilla.redhat.com/show_bug.cgi?id=2334357", "https://bugzilla.redhat.com/show_bug.cgi?id=2334396", "https://bugzilla.redhat.com/show_bug.cgi?id=2334415", "https://bugzilla.redhat.com/show_bug.cgi?id=2334439", "https://bugzilla.redhat.com/show_bug.cgi?id=2334537", "https://bugzilla.redhat.com/show_bug.cgi?id=2334547", "https://bugzilla.redhat.com/show_bug.cgi?id=2334548", "https://bugzilla.redhat.com/show_bug.cgi?id=2334560", "https://bugzilla.redhat.com/show_bug.cgi?id=2334676", "https://bugzilla.redhat.com/show_bug.cgi?id=2334795", "https://bugzilla.redhat.com/show_bug.cgi?id=2334829", "https://bugzilla.redhat.com/show_bug.cgi?id=2336541", "https://bugzilla.redhat.com/show_bug.cgi?id=2337121", "https://bugzilla.redhat.com/show_bug.cgi?id=2337124", "https://bugzilla.redhat.com/show_bug.cgi?id=2338814", "https://bugzilla.redhat.com/show_bug.cgi?id=2338828", "https://bugzilla.redhat.com/show_bug.cgi?id=2338832", "https://bugzilla.redhat.com/show_bug.cgi?id=2343172", "https://bugzilla.redhat.com/show_bug.cgi?id=2343175", "https://bugzilla.redhat.com/show_bug.cgi?id=2344684", "https://bugzilla.redhat.com/show_bug.cgi?id=2344687", "https://bugzilla.redhat.com/show_bug.cgi?id=2345240", "https://bugzilla.redhat.com/show_bug.cgi?id=2346272", "https://bugzilla.redhat.com/show_bug.cgi?id=2347707", "https://bugzilla.redhat.com/show_bug.cgi?id=2347753", "https://bugzilla.redhat.com/show_bug.cgi?id=2347759", "https://bugzilla.redhat.com/show_bug.cgi?id=2347781", "https://bugzilla.redhat.com/show_bug.cgi?id=2347807", "https://bugzilla.redhat.com/show_bug.cgi?id=2347859", "https://bugzilla.redhat.com/show_bug.cgi?id=2347919", "https://bugzilla.redhat.com/show_bug.cgi?id=2347968", "https://bugzilla.redhat.com/show_bug.cgi?id=2348022", "https://bugzilla.redhat.com/show_bug.cgi?id=2348071", "https://bugzilla.redhat.com/show_bug.cgi?id=2348238", "https://bugzilla.redhat.com/show_bug.cgi?id=2348240", "https://bugzilla.redhat.com/show_bug.cgi?id=2348279", "https://bugzilla.redhat.com/show_bug.cgi?id=2348515", "https://bugzilla.redhat.com/show_bug.cgi?id=2348523", "https://bugzilla.redhat.com/show_bug.cgi?id=2348528", "https://bugzilla.redhat.com/show_bug.cgi?id=2348541", "https://bugzilla.redhat.com/show_bug.cgi?id=2348543", "https://bugzilla.redhat.com/show_bug.cgi?id=2348547", "https://bugzilla.redhat.com/show_bug.cgi?id=2348550", "https://bugzilla.redhat.com/show_bug.cgi?id=2348554", "https://bugzilla.redhat.com/show_bug.cgi?id=2348556", "https://bugzilla.redhat.com/show_bug.cgi?id=2348566", "https://bugzilla.redhat.com/show_bug.cgi?id=2348573", "https://bugzilla.redhat.com/show_bug.cgi?id=2348574", "https://bugzilla.redhat.com/show_bug.cgi?id=2348577", "https://bugzilla.redhat.com/show_bug.cgi?id=2348578", "https://bugzilla.redhat.com/show_bug.cgi?id=2348581", "https://bugzilla.redhat.com/show_bug.cgi?id=2348584", "https://bugzilla.redhat.com/show_bug.cgi?id=2348585", "https://bugzilla.redhat.com/show_bug.cgi?id=2348587", "https://bugzilla.redhat.com/show_bug.cgi?id=2348595", "https://bugzilla.redhat.com/show_bug.cgi?id=2348597", "https://bugzilla.redhat.com/show_bug.cgi?id=2348600", "https://bugzilla.redhat.com/show_bug.cgi?id=2348601", "https://bugzilla.redhat.com/show_bug.cgi?id=2348615", "https://bugzilla.redhat.com/show_bug.cgi?id=2348620", "https://bugzilla.redhat.com/show_bug.cgi?id=2348625", "https://bugzilla.redhat.com/show_bug.cgi?id=2348634", "https://bugzilla.redhat.com/show_bug.cgi?id=2348645", "https://bugzilla.redhat.com/show_bug.cgi?id=2348650", "https://bugzilla.redhat.com/show_bug.cgi?id=2348654", "https://bugzilla.redhat.com/show_bug.cgi?id=2348901", "https://bugzilla.redhat.com/show_bug.cgi?id=2350363", "https://bugzilla.redhat.com/show_bug.cgi?id=2350367", "https://bugzilla.redhat.com/show_bug.cgi?id=2350374", "https://bugzilla.redhat.com/show_bug.cgi?id=2350375", "https://bugzilla.redhat.com/show_bug.cgi?id=2350386", "https://bugzilla.redhat.com/show_bug.cgi?id=2350388", "https://bugzilla.redhat.com/show_bug.cgi?id=2350392", "https://bugzilla.redhat.com/show_bug.cgi?id=2350396", "https://bugzilla.redhat.com/show_bug.cgi?id=2350397", "https://bugzilla.redhat.com/show_bug.cgi?id=2350400", "https://bugzilla.redhat.com/show_bug.cgi?id=2350585", "https://bugzilla.redhat.com/show_bug.cgi?id=2350589", "https://bugzilla.redhat.com/show_bug.cgi?id=2350725", "https://bugzilla.redhat.com/show_bug.cgi?id=2350726", "https://bugzilla.redhat.com/show_bug.cgi?id=2351606", "https://bugzilla.redhat.com/show_bug.cgi?id=2351608", "https://bugzilla.redhat.com/show_bug.cgi?id=2351612", "https://bugzilla.redhat.com/show_bug.cgi?id=2351613", "https://bugzilla.redhat.com/show_bug.cgi?id=2351616", "https://bugzilla.redhat.com/show_bug.cgi?id=2351618", "https://bugzilla.redhat.com/show_bug.cgi?id=2351620", "https://bugzilla.redhat.com/show_bug.cgi?id=2351624", "https://bugzilla.redhat.com/show_bug.cgi?id=2351625", "https://bugzilla.redhat.com/show_bug.cgi?id=2351629", "https://bugzilla.redhat.com/show_bug.cgi?id=2351633", "https://bugzilla.redhat.com/show_bug.cgi?id=2356647", "https://bugzilla.redhat.com/show_bug.cgi?id=2360215", "https://bugzilla.redhat.com/show_bug.cgi?id=2360223", "https://bugzilla.redhat.com/show_bug.cgi?id=2363380", "https://bugzilla.redhat.com/show_bug.cgi?id=2369184", "https://bugzilla.redhat.com/show_bug.cgi?id=2376076", "https://bugzilla.redhat.com/show_bug.cgi?id=2383441", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48830", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49024", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49269", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49353", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49432", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49437", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49443", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49623", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49627", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49643", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49657", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49670", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49845", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36350", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46744", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47679", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47727", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49570", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50060", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50195", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50294", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52332", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53052", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53090", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53119", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53135", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53170", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53229", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53241", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53680", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54456", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56603", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56645", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56662", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56690", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56709", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57981", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57986", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57987", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57988", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57990", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57993", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57995", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57998", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58012", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58015", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58057", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58062", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58068", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58072", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58075", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58077", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58083", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58088", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21647", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21671", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21693", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21696", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21702", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21714", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21728", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21738", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21745", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21746", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21765", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21787", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21806", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21828", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21829", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21837", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21839", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21844", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21846", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21848", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21851", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21855", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21861", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21863", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21902", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37994", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38116", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38396", "https://errata.almalinux.org/9/ALSA-2025-20518.html", "https://errata.rockylinux.org/RLSA-2025:20518", "https://git.kernel.org/linus/49fd4e34751e90e6df009b70cd0659dc839e7ca8 (6.14-rc1)", "https://git.kernel.org/stable/c/19b3ca651b4b473878c73539febe477905041442", "https://git.kernel.org/stable/c/49fd4e34751e90e6df009b70cd0659dc839e7ca8", "https://git.kernel.org/stable/c/dd8830779b77f4d1206d28d02ad56a03fc0e78f7", "https://git.kernel.org/stable/c/e8e0eb5601d4a6c74c336e3710afe3a0348c469d", "https://linux.oracle.com/cve/CVE-2024-54456.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025022602-CVE-2024-54456-e8a9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-54456", "https://ubuntu.com/security/notices/USN-7521-1", "https://ubuntu.com/security/notices/USN-7521-2", "https://ubuntu.com/security/notices/USN-7521-3", "https://ubuntu.com/security/notices/USN-7703-1", "https://ubuntu.com/security/notices/USN-7703-2", "https://ubuntu.com/security/notices/USN-7703-3", "https://ubuntu.com/security/notices/USN-7703-4", "https://ubuntu.com/security/notices/USN-7719-1", "https://ubuntu.com/security/notices/USN-7737-1", "https://www.cve.org/CVERecord?id=CVE-2024-54456" ], "PublishedDate": "2025-02-27T03:15:10.667Z", "LastModifiedDate": "2025-10-23T13:05:11.067Z" }, { "VulnerabilityID": "CVE-2024-54683", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-54683", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:44562ec7b072cb47f5248d8174e86f8694536fc3f4d535bdbe9249273ff70041", "Title": "kernel: netfilter: IDLETIMER: Fix for possible ABBA deadlock", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: IDLETIMER: Fix for possible ABBA deadlock\n\nDeletion of the last rule referencing a given idletimer may happen at\nthe same time as a read of its file in sysfs:\n\n| ======================================================\n| WARNING: possible circular locking dependency detected\n| 6.12.0-rc7-01692-g5e9a28f41134-dirty #594 Not tainted\n| ------------------------------------------------------\n| iptables/3303 is trying to acquire lock:\n| ffff8881057e04b8 (kn-\u003eactive#48){++++}-{0:0}, at: __kernfs_remove+0x20\n|\n| but task is already holding lock:\n| ffffffffa0249068 (list_mutex){+.+.}-{3:3}, at: idletimer_tg_destroy_v]\n|\n| which lock already depends on the new lock.\n\nA simple reproducer is:\n\n| #!/bin/bash\n|\n| while true; do\n| iptables -A INPUT -i foo -j IDLETIMER --timeout 10 --label \"testme\"\n| iptables -D INPUT -i foo -j IDLETIMER --timeout 10 --label \"testme\"\n| done \u0026\n| while true; do\n| cat /sys/class/xt_idletimer/timers/testme \u003e/dev/null\n| done\n\nAvoid this by freeing list_mutex right after deleting the element from\nthe list, then continuing with the teardown.", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-54683", "https://git.kernel.org/linus/f36b01994d68ffc253c8296e2228dfe6e6431c03 (6.13-rc3)", "https://git.kernel.org/stable/c/45fe76573a2557f632e248cc141342233f422b9a", "https://git.kernel.org/stable/c/8c2c8445cda8f59c38dec7dc10509bcb23ae26a0", "https://git.kernel.org/stable/c/f36b01994d68ffc253c8296e2228dfe6e6431c03", "https://linux.oracle.com/cve/CVE-2024-54683.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025011159-CVE-2024-54683-042e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-54683", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7513-1", "https://ubuntu.com/security/notices/USN-7513-2", "https://ubuntu.com/security/notices/USN-7513-3", "https://ubuntu.com/security/notices/USN-7513-4", "https://ubuntu.com/security/notices/USN-7513-5", "https://ubuntu.com/security/notices/USN-7514-1", "https://ubuntu.com/security/notices/USN-7515-1", "https://ubuntu.com/security/notices/USN-7515-2", "https://ubuntu.com/security/notices/USN-7522-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-54683" ], "PublishedDate": "2025-01-11T13:15:27.49Z", "LastModifiedDate": "2025-10-01T20:17:24.357Z" }, { "VulnerabilityID": "CVE-2024-56368", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56368", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:eee5effe879c5d497dc8d20d5749b73b83a64038039e47db881c6bd385f18cc7", "Title": "kernel: ring-buffer: Fix overflow in __rb_map_vma", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Fix overflow in __rb_map_vma\n\nAn overflow occurred when performing the following calculation:\n\n nr_pages = ((nr_subbufs + 1) \u003c\u003c subbuf_order) - pgoff;\n\nAdd a check before the calculation to avoid this problem.\n\nsyzbot reported this as a slab-out-of-bounds in __rb_map_vma:\n\nBUG: KASAN: slab-out-of-bounds in __rb_map_vma+0x9ab/0xae0 kernel/trace/ring_buffer.c:7058\nRead of size 8 at addr ffff8880767dd2b8 by task syz-executor187/5836\n\nCPU: 0 UID: 0 PID: 5836 Comm: syz-executor187 Not tainted 6.13.0-rc2-syzkaller-00159-gf932fb9b4074 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:489\n kasan_report+0xd9/0x110 mm/kasan/report.c:602\n __rb_map_vma+0x9ab/0xae0 kernel/trace/ring_buffer.c:7058\n ring_buffer_map+0x56e/0x9b0 kernel/trace/ring_buffer.c:7138\n tracing_buffers_mmap+0xa6/0x120 kernel/trace/trace.c:8482\n call_mmap include/linux/fs.h:2183 [inline]\n mmap_file mm/internal.h:124 [inline]\n __mmap_new_file_vma mm/vma.c:2291 [inline]\n __mmap_new_vma mm/vma.c:2355 [inline]\n __mmap_region+0x1786/0x2670 mm/vma.c:2456\n mmap_region+0x127/0x320 mm/mmap.c:1348\n do_mmap+0xc00/0xfc0 mm/mmap.c:496\n vm_mmap_pgoff+0x1ba/0x360 mm/util.c:580\n ksys_mmap_pgoff+0x32c/0x5c0 mm/mmap.c:542\n __do_sys_mmap arch/x86/kernel/sys_x86_64.c:89 [inline]\n __se_sys_mmap arch/x86/kernel/sys_x86_64.c:82 [inline]\n __x64_sys_mmap+0x125/0x190 arch/x86/kernel/sys_x86_64.c:82\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nThe reproducer for this bug is:\n\n------------------------8\u003c-------------------------\n #include \u003cfcntl.h\u003e\n #include \u003cstdlib.h\u003e\n #include \u003cunistd.h\u003e\n #include \u003casm/types.h\u003e\n #include \u003csys/mman.h\u003e\n\n int main(int argc, char **argv)\n {\n\tint page_size = getpagesize();\n\tint fd;\n\tvoid *meta;\n\n\tsystem(\"echo 1 \u003e /sys/kernel/tracing/buffer_size_kb\");\n\tfd = open(\"/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\", O_RDONLY);\n\n\tmeta = mmap(NULL, page_size, PROT_READ, MAP_SHARED, fd, page_size * 5);\n }\n------------------------\u003e8-------------------------", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "V3Score": 6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-56368", "https://git.kernel.org/linus/c58a812c8e49ad688f94f4b050ad5c5b388fc5d2 (6.13-rc4)", "https://git.kernel.org/stable/c/c58a812c8e49ad688f94f4b050ad5c5b388fc5d2", "https://git.kernel.org/stable/c/ec12f30fe54234dd40ffee50dda8d2df10bd0871", "https://linux.oracle.com/cve/CVE-2024-56368.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025011146-CVE-2024-56368-e3cd@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-56368", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://www.cve.org/CVERecord?id=CVE-2024-56368" ], "PublishedDate": "2025-01-11T13:15:28.53Z", "LastModifiedDate": "2025-09-23T14:46:17.57Z" }, { "VulnerabilityID": "CVE-2024-56538", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56538", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:19ad910b57cb093999dbdbf462184b0bfd60957b3dd65054e534ecd1e4531711", "Title": "kernel: drm: zynqmp_kms: Unplug DRM device before removal", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: zynqmp_kms: Unplug DRM device before removal\n\nPrevent userspace accesses to the DRM device from causing\nuse-after-frees by unplugging the device before we remove it. This\ncauses any further userspace accesses to result in an error without\nfurther calls into this driver's internals.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 3, "nvd": 3, "oracle-oval": 3, "redhat": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-56538", "https://git.kernel.org/linus/2e07c88914fc5289c21820b1aa94f058feb38197 (6.13-rc1)", "https://git.kernel.org/stable/c/2e07c88914fc5289c21820b1aa94f058feb38197", "https://git.kernel.org/stable/c/4fb97432e28a7e136b2d76135d50e988ada8e1af", "https://git.kernel.org/stable/c/692f52aedccbf79b212a1e14e3735192b4c24a7d", "https://git.kernel.org/stable/c/a17b9afe58c474657449cf87e238b1788200576b", "https://linux.oracle.com/cve/CVE-2024-56538.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2024122726-CVE-2024-56538-379d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-56538", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2024-56538" ], "PublishedDate": "2024-12-27T14:15:33.4Z", "LastModifiedDate": "2025-02-11T16:15:43.107Z" }, { "VulnerabilityID": "CVE-2024-56544", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56544", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0952c1dcb7e5f66bf6b8c50d32d472b5184bd87756d395e493cc4dcbf6ebd1bc", "Title": "kernel: udmabuf: change folios array from kmalloc to kvmalloc", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nudmabuf: change folios array from kmalloc to kvmalloc\n\nWhen PAGE_SIZE 4096, MAX_PAGE_ORDER 10, 64bit machine,\npage_alloc only support 4MB.\nIf above this, trigger this warn and return NULL.\n\nudmabuf can change size limit, if change it to 3072(3GB), and then alloc\n3GB udmabuf, will fail create.\n\n[ 4080.876581] ------------[ cut here ]------------\n[ 4080.876843] WARNING: CPU: 3 PID: 2015 at mm/page_alloc.c:4556 __alloc_pages+0x2c8/0x350\n[ 4080.878839] RIP: 0010:__alloc_pages+0x2c8/0x350\n[ 4080.879470] Call Trace:\n[ 4080.879473] \u003cTASK\u003e\n[ 4080.879473] ? __alloc_pages+0x2c8/0x350\n[ 4080.879475] ? __warn.cold+0x8e/0xe8\n[ 4080.880647] ? __alloc_pages+0x2c8/0x350\n[ 4080.880909] ? report_bug+0xff/0x140\n[ 4080.881175] ? handle_bug+0x3c/0x80\n[ 4080.881556] ? exc_invalid_op+0x17/0x70\n[ 4080.881559] ? asm_exc_invalid_op+0x1a/0x20\n[ 4080.882077] ? udmabuf_create+0x131/0x400\n\nBecause MAX_PAGE_ORDER, kmalloc can max alloc 4096 * (1 \u003c\u003c 10), 4MB\nmemory, each array entry is pointer(8byte), so can save 524288 pages(2GB).\n\nFurther more, costly order(order 3) may not be guaranteed that it can be\napplied for, due to fragmentation.\n\nThis patch change udmabuf array use kvmalloc_array, this can fallback\nalloc into vmalloc, which can guarantee allocation for any size and does\nnot affect the performance of kmalloc allocations.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-56544", "https://git.kernel.org/linus/1c0844c6184e658064e14c4335885785ad3bf84b (6.13-rc1)", "https://git.kernel.org/stable/c/1c0844c6184e658064e14c4335885785ad3bf84b", "https://git.kernel.org/stable/c/2acc6192aa8570661ed37868c02c03002b1dc290", "https://git.kernel.org/stable/c/85bb72397cb63649fe493c96e27e1d0e4ed2ff63", "https://linux.oracle.com/cve/CVE-2024-56544.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2024122728-CVE-2024-56544-42cf@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-56544", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://www.cve.org/CVERecord?id=CVE-2024-56544" ], "PublishedDate": "2024-12-27T14:15:34.153Z", "LastModifiedDate": "2025-10-01T20:17:26.91Z" }, { "VulnerabilityID": "CVE-2024-56557", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56557", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:54fc439be4c41d88405625596fbc9f71fcf47ecb759e5e982fb5b7bac0485b42", "Title": "kernel: iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer\n\nThe AD7923 was updated to support devices with 8 channels, but the size\nof tx_buf and ring_xfer was not increased accordingly, leading to a\npotential buffer overflow in ad7923_update_scan_mode().", "Severity": "MEDIUM", "CweIDs": [ "CWE-120" ], "VendorSeverity": { "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-56557", "https://git.kernel.org/linus/3a4187ec454e19903fd15f6e1825a4b84e59a4cd (6.13-rc1)", "https://git.kernel.org/stable/c/00663d3e000c31d0d49ef86a809f5c107c2d09cd", "https://git.kernel.org/stable/c/218ecc35949129171ca39bcc0d407c8dc4cd0bbc", "https://git.kernel.org/stable/c/3a4187ec454e19903fd15f6e1825a4b84e59a4cd", "https://git.kernel.org/stable/c/e5cac32721997cb8bcb208a29f4598b3faf46338", "https://linux.oracle.com/cve/CVE-2024-56557.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024122711-CVE-2024-56557-7440@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-56557", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-56557" ], "PublishedDate": "2024-12-27T15:15:14.52Z", "LastModifiedDate": "2025-11-03T21:17:53.907Z" }, { "VulnerabilityID": "CVE-2024-56565", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56565", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:64c52e9a75a450f9ed5034f97330e73eae2a02c4d9027d3fe8afdcde0b6bde19", "Title": "kernel: f2fs: fix to drop all discards after creating snapshot on lvm device", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to drop all discards after creating snapshot on lvm device\n\nPiergiorgio reported a bug in bugzilla as below:\n\n------------[ cut here ]------------\nWARNING: CPU: 2 PID: 969 at fs/f2fs/segment.c:1330\nRIP: 0010:__submit_discard_cmd+0x27d/0x400 [f2fs]\nCall Trace:\n __issue_discard_cmd+0x1ca/0x350 [f2fs]\n issue_discard_thread+0x191/0x480 [f2fs]\n kthread+0xcf/0x100\n ret_from_fork+0x31/0x50\n ret_from_fork_asm+0x1a/0x30\n\nw/ below testcase, it can reproduce this bug quickly:\n- pvcreate /dev/vdb\n- vgcreate myvg1 /dev/vdb\n- lvcreate -L 1024m -n mylv1 myvg1\n- mount /dev/myvg1/mylv1 /mnt/f2fs\n- dd if=/dev/zero of=/mnt/f2fs/file bs=1M count=20\n- sync\n- rm /mnt/f2fs/file\n- sync\n- lvcreate -L 1024m -s -n mylv1-snapshot /dev/myvg1/mylv1\n- umount /mnt/f2fs\n\nThe root cause is: it will update discard_max_bytes of mounted lvm\ndevice to zero after creating snapshot on this lvm device, then,\n__submit_discard_cmd() will pass parameter @nr_sects w/ zero value\nto __blkdev_issue_discard(), it returns a NULL bio pointer, result\nin panic.\n\nThis patch changes as below for fixing:\n1. Let's drop all remained discards in f2fs_unfreeze() if snapshot\nof lvm device is created.\n2. Checking discard_max_bytes before submitting discard during\n__submit_discard_cmd().", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-56565", "https://git.kernel.org/linus/bc8aeb04fd80cb8cfae3058445c84410fd0beb5e (6.13-rc1)", "https://git.kernel.org/stable/c/15136c3861a3341db261ebdbb6ae4ae1765635e2", "https://git.kernel.org/stable/c/bc8aeb04fd80cb8cfae3058445c84410fd0beb5e", "https://git.kernel.org/stable/c/ed24ab98242f8d22b66fbe0452c97751b5ea4e22", "https://linux.oracle.com/cve/CVE-2024-56565.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2024122714-CVE-2024-56565-1a08@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-56565", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-56565" ], "PublishedDate": "2024-12-27T15:15:15.4Z", "LastModifiedDate": "2025-10-07T18:34:52.57Z" }, { "VulnerabilityID": "CVE-2024-56566", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56566", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c82421ef3efafe6b7aa4b7bbcff2ee7ff875e0036e9be8e27caa0b15408fdb34", "Title": "kernel: mm/slub: Avoid list corruption when removing a slab from the full list", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/slub: Avoid list corruption when removing a slab from the full list\n\nBoot with slub_debug=UFPZ.\n\nIf allocated object failed in alloc_consistency_checks, all objects of\nthe slab will be marked as used, and then the slab will be removed from\nthe partial list.\n\nWhen an object belonging to the slab got freed later, the remove_full()\nfunction is called. Because the slab is neither on the partial list nor\non the full list, it eventually lead to a list corruption (actually a\nlist poison being detected).\n\nSo we need to mark and isolate the slab page with metadata corruption,\ndo not put it back in circulation.\n\nBecause the debug caches avoid all the fastpaths, reusing the frozen bit\nto mark slab page with metadata corruption seems to be fine.\n\n[ 4277.385669] list_del corruption, ffffea00044b3e50-\u003enext is LIST_POISON1 (dead000000000100)\n[ 4277.387023] ------------[ cut here ]------------\n[ 4277.387880] kernel BUG at lib/list_debug.c:56!\n[ 4277.388680] invalid opcode: 0000 [#1] PREEMPT SMP PTI\n[ 4277.389562] CPU: 5 PID: 90 Comm: kworker/5:1 Kdump: loaded Tainted: G OE 6.6.1-1 #1\n[ 4277.392113] Workqueue: xfs-inodegc/vda1 xfs_inodegc_worker [xfs]\n[ 4277.393551] RIP: 0010:__list_del_entry_valid_or_report+0x7b/0xc0\n[ 4277.394518] Code: 48 91 82 e8 37 f9 9a ff 0f 0b 48 89 fe 48 c7 c7 28 49 91 82 e8 26 f9 9a ff 0f 0b 48 89 fe 48 c7 c7 58 49 91\n[ 4277.397292] RSP: 0018:ffffc90000333b38 EFLAGS: 00010082\n[ 4277.398202] RAX: 000000000000004e RBX: ffffea00044b3e50 RCX: 0000000000000000\n[ 4277.399340] RDX: 0000000000000002 RSI: ffffffff828f8715 RDI: 00000000ffffffff\n[ 4277.400545] RBP: ffffea00044b3e40 R08: 0000000000000000 R09: ffffc900003339f0\n[ 4277.401710] R10: 0000000000000003 R11: ffffffff82d44088 R12: ffff888112cf9910\n[ 4277.402887] R13: 0000000000000001 R14: 0000000000000001 R15: ffff8881000424c0\n[ 4277.404049] FS: 0000000000000000(0000) GS:ffff88842fd40000(0000) knlGS:0000000000000000\n[ 4277.405357] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 4277.406389] CR2: 00007f2ad0b24000 CR3: 0000000102a3a006 CR4: 00000000007706e0\n[ 4277.407589] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 4277.408780] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 4277.410000] PKRU: 55555554\n[ 4277.410645] Call Trace:\n[ 4277.411234] \u003cTASK\u003e\n[ 4277.411777] ? die+0x32/0x80\n[ 4277.412439] ? do_trap+0xd6/0x100\n[ 4277.413150] ? __list_del_entry_valid_or_report+0x7b/0xc0\n[ 4277.414158] ? do_error_trap+0x6a/0x90\n[ 4277.414948] ? __list_del_entry_valid_or_report+0x7b/0xc0\n[ 4277.415915] ? exc_invalid_op+0x4c/0x60\n[ 4277.416710] ? __list_del_entry_valid_or_report+0x7b/0xc0\n[ 4277.417675] ? asm_exc_invalid_op+0x16/0x20\n[ 4277.418482] ? __list_del_entry_valid_or_report+0x7b/0xc0\n[ 4277.419466] ? __list_del_entry_valid_or_report+0x7b/0xc0\n[ 4277.420410] free_to_partial_list+0x515/0x5e0\n[ 4277.421242] ? xfs_iext_remove+0x41a/0xa10 [xfs]\n[ 4277.422298] xfs_iext_remove+0x41a/0xa10 [xfs]\n[ 4277.423316] ? xfs_inodegc_worker+0xb4/0x1a0 [xfs]\n[ 4277.424383] xfs_bmap_del_extent_delay+0x4fe/0x7d0 [xfs]\n[ 4277.425490] __xfs_bunmapi+0x50d/0x840 [xfs]\n[ 4277.426445] xfs_itruncate_extents_flags+0x13a/0x490 [xfs]\n[ 4277.427553] xfs_inactive_truncate+0xa3/0x120 [xfs]\n[ 4277.428567] xfs_inactive+0x22d/0x290 [xfs]\n[ 4277.429500] xfs_inodegc_worker+0xb4/0x1a0 [xfs]\n[ 4277.430479] process_one_work+0x171/0x340\n[ 4277.431227] worker_thread+0x277/0x390\n[ 4277.431962] ? __pfx_worker_thread+0x10/0x10\n[ 4277.432752] kthread+0xf0/0x120\n[ 4277.433382] ? __pfx_kthread+0x10/0x10\n[ 4277.434134] ret_from_fork+0x2d/0x50\n[ 4277.434837] ? __pfx_kthread+0x10/0x10\n[ 4277.435566] ret_from_fork_asm+0x1b/0x30\n[ 4277.436280] \u003c/TASK\u003e", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-56566", "https://git.kernel.org/linus/dbc16915279a548a204154368da23d402c141c81 (6.13-rc1)", "https://git.kernel.org/stable/c/33a213c04faff6c3a7fe77e947db81bc7270fe32", "https://git.kernel.org/stable/c/943c0f601cd28c1073b92b5f944c6c6c2643e709", "https://git.kernel.org/stable/c/dbc16915279a548a204154368da23d402c141c81", "https://linux.oracle.com/cve/CVE-2024-56566.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lore.kernel.org/linux-cve-announce/2024122715-CVE-2024-56566-0a7e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-56566", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-56566" ], "PublishedDate": "2024-12-27T15:15:15.517Z", "LastModifiedDate": "2025-09-23T17:55:46.427Z" }, { "VulnerabilityID": "CVE-2024-56583", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56583", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:341e8d36208f89d44e79807b3fd48f5bbcbe1a4c900571617f7f85ca46465d74", "Title": "kernel: sched/deadline: Fix warning in migrate_enable for boosted tasks", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/deadline: Fix warning in migrate_enable for boosted tasks\n\nWhen running the following command:\n\nwhile true; do\n stress-ng --cyclic 30 --timeout 30s --minimize --quiet\ndone\n\na warning is eventually triggered:\n\nWARNING: CPU: 43 PID: 2848 at kernel/sched/deadline.c:794\nsetup_new_dl_entity+0x13e/0x180\n...\nCall Trace:\n \u003cTASK\u003e\n ? show_trace_log_lvl+0x1c4/0x2df\n ? enqueue_dl_entity+0x631/0x6e0\n ? setup_new_dl_entity+0x13e/0x180\n ? __warn+0x7e/0xd0\n ? report_bug+0x11a/0x1a0\n ? handle_bug+0x3c/0x70\n ? exc_invalid_op+0x14/0x70\n ? asm_exc_invalid_op+0x16/0x20\n enqueue_dl_entity+0x631/0x6e0\n enqueue_task_dl+0x7d/0x120\n __do_set_cpus_allowed+0xe3/0x280\n __set_cpus_allowed_ptr_locked+0x140/0x1d0\n __set_cpus_allowed_ptr+0x54/0xa0\n migrate_enable+0x7e/0x150\n rt_spin_unlock+0x1c/0x90\n group_send_sig_info+0xf7/0x1a0\n ? kill_pid_info+0x1f/0x1d0\n kill_pid_info+0x78/0x1d0\n kill_proc_info+0x5b/0x110\n __x64_sys_kill+0x93/0xc0\n do_syscall_64+0x5c/0xf0\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n RIP: 0033:0x7f0dab31f92b\n\nThis warning occurs because set_cpus_allowed dequeues and enqueues tasks\nwith the ENQUEUE_RESTORE flag set. If the task is boosted, the warning\nis triggered. A boosted task already had its parameters set by\nrt_mutex_setprio, and a new call to setup_new_dl_entity is unnecessary,\nhence the WARN_ON call.\n\nCheck if we are requeueing a boosted task and avoid calling\nsetup_new_dl_entity if that's the case.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-56583", "https://git.kernel.org/linus/0664e2c311b9fa43b33e3e81429cd0c2d7f9c638 (6.13-rc3)", "https://git.kernel.org/stable/c/0664e2c311b9fa43b33e3e81429cd0c2d7f9c638", "https://git.kernel.org/stable/c/b600d30402854415aa57548a6b53dc6478f65517", "https://git.kernel.org/stable/c/e41074904d9ed3fe582d6e544c77b40c22043c82", "https://linux.oracle.com/cve/CVE-2024-56583.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2024122754-CVE-2024-56583-b1dc@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-56583", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-56583" ], "PublishedDate": "2024-12-27T15:15:17.453Z", "LastModifiedDate": "2025-10-07T17:24:51.603Z" }, { "VulnerabilityID": "CVE-2024-56584", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56584", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8321a02565b89bbc5700fdd3b8e6e3526cc0cee9083462865313ca0b85b80b13", "Title": "kernel: io_uring/tctx: work around xa_store() allocation error issue", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/tctx: work around xa_store() allocation error issue\n\nsyzbot triggered the following WARN_ON:\n\nWARNING: CPU: 0 PID: 16 at io_uring/tctx.c:51 __io_uring_free+0xfa/0x140 io_uring/tctx.c:51\n\nwhich is the\n\nWARN_ON_ONCE(!xa_empty(\u0026tctx-\u003exa));\n\nsanity check in __io_uring_free() when a io_uring_task is going through\nits final put. The syzbot test case includes injecting memory allocation\nfailures, and it very much looks like xa_store() can fail one of its\nmemory allocations and end up with -\u003ehead being non-NULL even though no\nentries exist in the xarray.\n\nUntil this issue gets sorted out, work around it by attempting to\niterate entries in our xarray, and WARN_ON_ONCE() if one is found.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-56584", "https://git.kernel.org/linus/7eb75ce7527129d7f1fee6951566af409a37a1c4 (6.13-rc1)", "https://git.kernel.org/stable/c/42882b583095dcf747da6e3af1daeff40e27033e", "https://git.kernel.org/stable/c/7eb75ce7527129d7f1fee6951566af409a37a1c4", "https://git.kernel.org/stable/c/94ad56f61b873ffeebcc620d451eacfbdf9d40f0", "https://git.kernel.org/stable/c/d5b2ddf1f90c7248eff9630b95895c8950f2f36d", "https://linux.oracle.com/cve/CVE-2024-56584.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024122757-CVE-2024-56584-dad9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-56584", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-56584" ], "PublishedDate": "2024-12-27T15:15:17.567Z", "LastModifiedDate": "2025-11-03T21:17:59.71Z" }, { "VulnerabilityID": "CVE-2024-56588", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56588", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:31c66d83c0959c26c48a0da1173b668ef4b61d2156eac90956f2119c5a76ae09", "Title": "kernel: scsi: hisi_sas: Create all dump files during debugfs initialization", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: hisi_sas: Create all dump files during debugfs initialization\n\nFor the current debugfs of hisi_sas, after user triggers dump, the\ndriver allocate memory space to save the register information and create\ndebugfs files to display the saved information. In this process, the\ndebugfs files created after each dump.\n\nTherefore, when the dump is triggered while the driver is unbind, the\nfollowing hang occurs:\n\n[67840.853907] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a0\n[67840.862947] Mem abort info:\n[67840.865855] ESR = 0x0000000096000004\n[67840.869713] EC = 0x25: DABT (current EL), IL = 32 bits\n[67840.875125] SET = 0, FnV = 0\n[67840.878291] EA = 0, S1PTW = 0\n[67840.881545] FSC = 0x04: level 0 translation fault\n[67840.886528] Data abort info:\n[67840.889524] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[67840.895117] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[67840.900284] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[67840.905709] user pgtable: 4k pages, 48-bit VAs, pgdp=0000002803a1f000\n[67840.912263] [00000000000000a0] pgd=0000000000000000, p4d=0000000000000000\n[67840.919177] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[67840.996435] pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[67841.003628] pc : down_write+0x30/0x98\n[67841.007546] lr : start_creating.part.0+0x60/0x198\n[67841.012495] sp : ffff8000b979ba20\n[67841.016046] x29: ffff8000b979ba20 x28: 0000000000000010 x27: 0000000000024b40\n[67841.023412] x26: 0000000000000012 x25: ffff20202b355ae8 x24: ffff20202b35a8c8\n[67841.030779] x23: ffffa36877928208 x22: ffffa368b4972240 x21: ffff8000b979bb18\n[67841.038147] x20: ffff00281dc1e3c0 x19: fffffffffffffffe x18: 0000000000000020\n[67841.045515] x17: 0000000000000000 x16: ffffa368b128a530 x15: ffffffffffffffff\n[67841.052888] x14: ffff8000b979bc18 x13: ffffffffffffffff x12: ffff8000b979bb18\n[67841.060263] x11: 0000000000000000 x10: 0000000000000000 x9 : ffffa368b1289b18\n[67841.067640] x8 : 0000000000000012 x7 : 0000000000000000 x6 : 00000000000003a9\n[67841.075014] x5 : 0000000000000000 x4 : ffff002818c5cb00 x3 : 0000000000000001\n[67841.082388] x2 : 0000000000000000 x1 : ffff002818c5cb00 x0 : 00000000000000a0\n[67841.089759] Call trace:\n[67841.092456] down_write+0x30/0x98\n[67841.096017] start_creating.part.0+0x60/0x198\n[67841.100613] debugfs_create_dir+0x48/0x1f8\n[67841.104950] debugfs_create_files_v3_hw+0x88/0x348 [hisi_sas_v3_hw]\n[67841.111447] debugfs_snapshot_regs_v3_hw+0x708/0x798 [hisi_sas_v3_hw]\n[67841.118111] debugfs_trigger_dump_v3_hw_write+0x9c/0x120 [hisi_sas_v3_hw]\n[67841.125115] full_proxy_write+0x68/0xc8\n[67841.129175] vfs_write+0xd8/0x3f0\n[67841.132708] ksys_write+0x70/0x108\n[67841.136317] __arm64_sys_write+0x24/0x38\n[67841.140440] invoke_syscall+0x50/0x128\n[67841.144385] el0_svc_common.constprop.0+0xc8/0xf0\n[67841.149273] do_el0_svc+0x24/0x38\n[67841.152773] el0_svc+0x38/0xd8\n[67841.156009] el0t_64_sync_handler+0xc0/0xc8\n[67841.160361] el0t_64_sync+0x1a4/0x1a8\n[67841.164189] Code: b9000882 d2800002 d2800023 f9800011 (c85ffc05)\n[67841.170443] ---[ end trace 0000000000000000 ]---\n\nTo fix this issue, create all directories and files during debugfs\ninitialization. In this way, the driver only needs to allocate memory\nspace to save information each time the user triggers dumping.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-56588", "https://git.kernel.org/linus/9f564f15f88490b484e02442dc4c4b11640ea172 (6.13-rc1)", "https://git.kernel.org/stable/c/6c55f99123075e5429850b41b06f7dfffcb708eb", "https://git.kernel.org/stable/c/7c8c50c9855a9e1b0d1e3680e5ad839002a9deb5", "https://git.kernel.org/stable/c/9f564f15f88490b484e02442dc4c4b11640ea172", "https://linux.oracle.com/cve/CVE-2024-56588.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2024122758-CVE-2024-56588-87ae@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-56588", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-56588" ], "PublishedDate": "2024-12-27T15:15:18.04Z", "LastModifiedDate": "2025-01-09T16:16:22.04Z" }, { "VulnerabilityID": "CVE-2024-56591", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56591", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e7a115bbd3360aa801f560a52190358a6d22441cd96658cb8a2549e6da6c515b", "Title": "kernel: Bluetooth: hci_conn: Use disable_delayed_work_sync", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_conn: Use disable_delayed_work_sync\n\nThis makes use of disable_delayed_work_sync instead\ncancel_delayed_work_sync as it not only cancel the ongoing work but also\ndisables new submit which is disarable since the object holding the work\nis about to be freed.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-56591", "https://git.kernel.org/linus/2b0f2fc9ed62e73c95df1fa8ed2ba3dac54699df (6.13-rc1)", "https://git.kernel.org/stable/c/2b0f2fc9ed62e73c95df1fa8ed2ba3dac54699df", "https://git.kernel.org/stable/c/c55a4c5a04bae40dcdc1e1c19d8eb79a06fb3397", "https://linux.oracle.com/cve/CVE-2024-56591.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lore.kernel.org/linux-cve-announce/2024122759-CVE-2024-56591-eaf9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-56591", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://www.cve.org/CVERecord?id=CVE-2024-56591" ], "PublishedDate": "2024-12-27T15:15:18.383Z", "LastModifiedDate": "2025-10-07T17:45:56.737Z" }, { "VulnerabilityID": "CVE-2024-56592", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56592", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:39007aaa2f85deac4b5d4120e4df80e961d8a4d80c80c02763e04f230b7871ef", "Title": "kernel: bpf: Call free_htab_elem() after htab_unlock_bucket()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Call free_htab_elem() after htab_unlock_bucket()\n\nFor htab of maps, when the map is removed from the htab, it may hold the\nlast reference of the map. bpf_map_fd_put_ptr() will invoke\nbpf_map_free_id() to free the id of the removed map element. However,\nbpf_map_fd_put_ptr() is invoked while holding a bucket lock\n(raw_spin_lock_t), and bpf_map_free_id() attempts to acquire map_idr_lock\n(spinlock_t), triggering the following lockdep warning:\n\n =============================\n [ BUG: Invalid wait context ]\n 6.11.0-rc4+ #49 Not tainted\n -----------------------------\n test_maps/4881 is trying to lock:\n ffffffff84884578 (map_idr_lock){+...}-{3:3}, at: bpf_map_free_id.part.0+0x21/0x70\n other info that might help us debug this:\n context-{5:5}\n 2 locks held by test_maps/4881:\n #0: ffffffff846caf60 (rcu_read_lock){....}-{1:3}, at: bpf_fd_htab_map_update_elem+0xf9/0x270\n #1: ffff888149ced148 (\u0026htab-\u003elockdep_key#2){....}-{2:2}, at: htab_map_update_elem+0x178/0xa80\n stack backtrace:\n CPU: 0 UID: 0 PID: 4881 Comm: test_maps Not tainted 6.11.0-rc4+ #49\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), ...\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x6e/0xb0\n dump_stack+0x10/0x20\n __lock_acquire+0x73e/0x36c0\n lock_acquire+0x182/0x450\n _raw_spin_lock_irqsave+0x43/0x70\n bpf_map_free_id.part.0+0x21/0x70\n bpf_map_put+0xcf/0x110\n bpf_map_fd_put_ptr+0x9a/0xb0\n free_htab_elem+0x69/0xe0\n htab_map_update_elem+0x50f/0xa80\n bpf_fd_htab_map_update_elem+0x131/0x270\n htab_map_update_elem+0x50f/0xa80\n bpf_fd_htab_map_update_elem+0x131/0x270\n bpf_map_update_value+0x266/0x380\n __sys_bpf+0x21bb/0x36b0\n __x64_sys_bpf+0x45/0x60\n x64_sys_call+0x1b2a/0x20d0\n do_syscall_64+0x5d/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nOne way to fix the lockdep warning is using raw_spinlock_t for\nmap_idr_lock as well. However, bpf_map_alloc_id() invokes\nidr_alloc_cyclic() after acquiring map_idr_lock, it will trigger a\nsimilar lockdep warning because the slab's lock (s-\u003ecpu_slab-\u003elock) is\nstill a spinlock.\n\nInstead of changing map_idr_lock's type, fix the issue by invoking\nhtab_put_fd_value() after htab_unlock_bucket(). However, only deferring\nthe invocation of htab_put_fd_value() is not enough, because the old map\npointers in htab of maps can not be saved during batched deletion.\nTherefore, also defer the invocation of free_htab_elem(), so these\nto-be-freed elements could be linked together similar to lru map.\n\nThere are four callers for -\u003emap_fd_put_ptr:\n\n(1) alloc_htab_elem() (through htab_put_fd_value())\nIt invokes -\u003emap_fd_put_ptr() under a raw_spinlock_t. The invocation of\nhtab_put_fd_value() can not simply move after htab_unlock_bucket(),\nbecause the old element has already been stashed in htab-\u003eextra_elems.\nIt may be reused immediately after htab_unlock_bucket() and the\ninvocation of htab_put_fd_value() after htab_unlock_bucket() may release\nthe newly-added element incorrectly. Therefore, saving the map pointer\nof the old element for htab of maps before unlocking the bucket and\nreleasing the map_ptr after unlock. Beside the map pointer in the old\nelement, should do the same thing for the special fields in the old\nelement as well.\n\n(2) free_htab_elem() (through htab_put_fd_value())\nIts caller includes __htab_map_lookup_and_delete_elem(),\nhtab_map_delete_elem() and __htab_map_lookup_and_delete_batch().\n\nFor htab_map_delete_elem(), simply invoke free_htab_elem() after\nhtab_unlock_bucket(). For __htab_map_lookup_and_delete_batch(), just\nlike lru map, linking the to-be-freed element into node_to_free list\nand invoking free_htab_elem() for these element after unlock. It is safe\nto reuse batch_flink as the link for node_to_free, because these\nelements have been removed from the hash llist.\n\nBecause htab of maps doesn't support lookup_and_delete operation,\n__htab_map_lookup_and_delete_elem() doesn't have the problem, so kept\nit as\n---truncated---", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-56592", "https://git.kernel.org/linus/b9e9ed90b10c82a4e9d4d70a2890f06bfcdd3b78 (6.13-rc1)", "https://git.kernel.org/stable/c/10e8a2dec9ff1b81de8e892b0850924038adbc6d", "https://git.kernel.org/stable/c/a50b4aa3007e63a590d501341f304676ebc74b3b", "https://git.kernel.org/stable/c/b9e9ed90b10c82a4e9d4d70a2890f06bfcdd3b78", "https://linux.oracle.com/cve/CVE-2024-56592.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2024122700-CVE-2024-56592-d4b2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-56592", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-56592" ], "PublishedDate": "2024-12-27T15:15:18.5Z", "LastModifiedDate": "2025-10-08T13:38:51.28Z" }, { "VulnerabilityID": "CVE-2024-56604", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56604", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:fc2634f50dd00794ca1358affdc6bcc722f66f91c9c9222dbdb9d5843a291cd1", "Title": "kernel: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc()\n\nbt_sock_alloc() attaches allocated sk object to the provided sock object.\nIf rfcomm_dlc_alloc() fails, we release the sk object, but leave the\ndangling pointer in the sock object, which may cause use-after-free.\n\nFix this by swapping calls to bt_sock_alloc() and rfcomm_dlc_alloc().", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-56604", "https://git.kernel.org/linus/3945c799f12b8d1f49a3b48369ca494d981ac465 (6.13-rc1)", "https://git.kernel.org/stable/c/32df687e129ef0f9afcbcc914f7c32deb28fd481", "https://git.kernel.org/stable/c/3945c799f12b8d1f49a3b48369ca494d981ac465", "https://git.kernel.org/stable/c/6021ccc2471b7b95e29b7cfc7938e042bf56e281", "https://git.kernel.org/stable/c/ac3eaac4cf142a15fe67be747a682b1416efeb6e", "https://linux.oracle.com/cve/CVE-2024-56604.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024122704-CVE-2024-56604-8494@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-56604", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-56604" ], "PublishedDate": "2024-12-27T15:15:19.887Z", "LastModifiedDate": "2025-11-03T21:18:06.44Z" }, { "VulnerabilityID": "CVE-2024-56607", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56607", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:32f82a452c6eef864bc4260a98c0c6aebae8d459c91ffdbdc2d1c5a2999cc9e9", "Title": "kernel: wifi: ath12k: fix atomic calls in ath12k_mac_op_set_bitrate_mask()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix atomic calls in ath12k_mac_op_set_bitrate_mask()\n\nWhen I try to manually set bitrates:\n\niw wlan0 set bitrates legacy-2.4 1\n\nI get sleeping from invalid context error, see below. Fix that by switching to\nuse recently introduced ieee80211_iterate_stations_mtx().\n\nDo note that WCN6855 firmware is still crashing, I'm not sure if that firmware\neven supports bitrate WMI commands and should we consider disabling\nath12k_mac_op_set_bitrate_mask() for WCN6855? But that's for another patch.\n\nBUG: sleeping function called from invalid context at drivers/net/wireless/ath/ath12k/wmi.c:420\nin_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 2236, name: iw\npreempt_count: 0, expected: 0\nRCU nest depth: 1, expected: 0\n3 locks held by iw/2236:\n #0: ffffffffabc6f1d8 (cb_lock){++++}-{3:3}, at: genl_rcv+0x14/0x40\n #1: ffff888138410810 (\u0026rdev-\u003ewiphy.mtx){+.+.}-{3:3}, at: nl80211_pre_doit+0x54d/0x800 [cfg80211]\n #2: ffffffffab2cfaa0 (rcu_read_lock){....}-{1:2}, at: ieee80211_iterate_stations_atomic+0x2f/0x200 [mac80211]\nCPU: 3 UID: 0 PID: 2236 Comm: iw Not tainted 6.11.0-rc7-wt-ath+ #1772\nHardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0067.2021.0528.1339 05/28/2021\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xa4/0xe0\n dump_stack+0x10/0x20\n __might_resched+0x363/0x5a0\n ? __alloc_skb+0x165/0x340\n __might_sleep+0xad/0x160\n ath12k_wmi_cmd_send+0xb1/0x3d0 [ath12k]\n ? ath12k_wmi_init_wcn7850+0xa40/0xa40 [ath12k]\n ? __netdev_alloc_skb+0x45/0x7b0\n ? __asan_memset+0x39/0x40\n ? ath12k_wmi_alloc_skb+0xf0/0x150 [ath12k]\n ? reacquire_held_locks+0x4d0/0x4d0\n ath12k_wmi_set_peer_param+0x340/0x5b0 [ath12k]\n ath12k_mac_disable_peer_fixed_rate+0xa3/0x110 [ath12k]\n ? ath12k_mac_vdev_stop+0x4f0/0x4f0 [ath12k]\n ieee80211_iterate_stations_atomic+0xd4/0x200 [mac80211]\n ath12k_mac_op_set_bitrate_mask+0x5d2/0x1080 [ath12k]\n ? ath12k_mac_vif_chan+0x320/0x320 [ath12k]\n drv_set_bitrate_mask+0x267/0x470 [mac80211]\n ieee80211_set_bitrate_mask+0x4cc/0x8a0 [mac80211]\n ? __this_cpu_preempt_check+0x13/0x20\n nl80211_set_tx_bitrate_mask+0x2bc/0x530 [cfg80211]\n ? nl80211_parse_tx_bitrate_mask+0x2320/0x2320 [cfg80211]\n ? trace_contention_end+0xef/0x140\n ? rtnl_unlock+0x9/0x10\n ? nl80211_pre_doit+0x557/0x800 [cfg80211]\n genl_family_rcv_msg_doit+0x1f0/0x2e0\n ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250\n ? ns_capable+0x57/0xd0\n genl_family_rcv_msg+0x34c/0x600\n ? genl_family_rcv_msg_dumpit+0x310/0x310\n ? __lock_acquire+0xc62/0x1de0\n ? he_set_mcs_mask.isra.0+0x8d0/0x8d0 [cfg80211]\n ? nl80211_parse_tx_bitrate_mask+0x2320/0x2320 [cfg80211]\n ? cfg80211_external_auth_request+0x690/0x690 [cfg80211]\n genl_rcv_msg+0xa0/0x130\n netlink_rcv_skb+0x14c/0x400\n ? genl_family_rcv_msg+0x600/0x600\n ? netlink_ack+0xd70/0xd70\n ? rwsem_optimistic_spin+0x4f0/0x4f0\n ? genl_rcv+0x14/0x40\n ? down_read_killable+0x580/0x580\n ? netlink_deliver_tap+0x13e/0x350\n ? __this_cpu_preempt_check+0x13/0x20\n genl_rcv+0x23/0x40\n netlink_unicast+0x45e/0x790\n ? netlink_attachskb+0x7f0/0x7f0\n netlink_sendmsg+0x7eb/0xdb0\n ? netlink_unicast+0x790/0x790\n ? __this_cpu_preempt_check+0x13/0x20\n ? selinux_socket_sendmsg+0x31/0x40\n ? netlink_unicast+0x790/0x790\n __sock_sendmsg+0xc9/0x160\n ____sys_sendmsg+0x620/0x990\n ? kernel_sendmsg+0x30/0x30\n ? __copy_msghdr+0x410/0x410\n ? __kasan_check_read+0x11/0x20\n ? mark_lock+0xe6/0x1470\n ___sys_sendmsg+0xe9/0x170\n ? copy_msghdr_from_user+0x120/0x120\n ? __lock_acquire+0xc62/0x1de0\n ? do_fault_around+0x2c6/0x4e0\n ? do_user_addr_fault+0x8c1/0xde0\n ? reacquire_held_locks+0x220/0x4d0\n ? do_user_addr_fault+0x8c1/0xde0\n ? __kasan_check_read+0x11/0x20\n ? __fdget+0x4e/0x1d0\n ? sockfd_lookup_light+0x1a/0x170\n __sys_sendmsg+0xd2/0x180\n ? __sys_sendmsg_sock+0x20/0x20\n ? reacquire_held_locks+0x4d0/0x4d0\n ? debug_smp_processor_id+0x17/0x20\n __x64_sys_sendmsg+0x72/0xb0\n ? lockdep_hardirqs_on+0x7d/0x100\n x64_sys_call+0x894/0x9f0\n do_syscall_64+0x64/0x130\n entry_SYSCALL_64_after_\n---truncated---", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-56607", "https://git.kernel.org/linus/8fac3266c68a8e647240b8ac8d0b82f1821edf85 (6.13-rc1)", "https://git.kernel.org/stable/c/2093f062b26805789b73f2af214691475d9baa29", "https://git.kernel.org/stable/c/3ed6b2daa4e9029987885f86835ffbc003d11c01", "https://git.kernel.org/stable/c/8fac3266c68a8e647240b8ac8d0b82f1821edf85", "https://linux.oracle.com/cve/CVE-2024-56607.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2024122705-CVE-2024-56607-031e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-56607", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-56607" ], "PublishedDate": "2024-12-27T15:15:20.18Z", "LastModifiedDate": "2025-10-08T13:41:58.503Z" }, { "VulnerabilityID": "CVE-2024-56609", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56609", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:fa46d90e8b5f3d4482054d2f0bd33c0df9b69eff0cf122fb39b66aef290dab19", "Title": "kernel: wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb\n\nWhen removing kernel modules by:\n rmmod rtw88_8723cs rtw88_8703b rtw88_8723x rtw88_sdio rtw88_core\n\nDriver uses skb_queue_purge() to purge TX skb, but not report tx status\ncausing \"Have pending ack frames!\" warning. Use ieee80211_purge_tx_queue()\nto correct this.\n\nSince ieee80211_purge_tx_queue() doesn't take locks, to prevent racing\nbetween TX work and purge TX queue, flush and destroy TX work in advance.\n\n wlan0: deauthenticating from aa:f5:fd:60:4c:a8 by local\n choice (Reason: 3=DEAUTH_LEAVING)\n ------------[ cut here ]------------\n Have pending ack frames!\n WARNING: CPU: 3 PID: 9232 at net/mac80211/main.c:1691\n ieee80211_free_ack_frame+0x5c/0x90 [mac80211]\n CPU: 3 PID: 9232 Comm: rmmod Tainted: G C\n 6.10.1-200.fc40.aarch64 #1\n Hardware name: pine64 Pine64 PinePhone Braveheart\n (1.1)/Pine64 PinePhone Braveheart (1.1), BIOS 2024.01 01/01/2024\n pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : ieee80211_free_ack_frame+0x5c/0x90 [mac80211]\n lr : ieee80211_free_ack_frame+0x5c/0x90 [mac80211]\n sp : ffff80008c1b37b0\n x29: ffff80008c1b37b0 x28: ffff000003be8000 x27: 0000000000000000\n x26: 0000000000000000 x25: ffff000003dc14b8 x24: ffff80008c1b37d0\n x23: ffff000000ff9f80 x22: 0000000000000000 x21: 000000007fffffff\n x20: ffff80007c7e93d8 x19: ffff00006e66f400 x18: 0000000000000000\n x17: ffff7ffffd2b3000 x16: ffff800083fc0000 x15: 0000000000000000\n x14: 0000000000000000 x13: 2173656d61726620 x12: 6b636120676e6964\n x11: 0000000000000000 x10: 000000000000005d x9 : ffff8000802af2b0\n x8 : ffff80008c1b3430 x7 : 0000000000000001 x6 : 0000000000000001\n x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000\n x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff000003be8000\n Call trace:\n ieee80211_free_ack_frame+0x5c/0x90 [mac80211]\n idr_for_each+0x74/0x110\n ieee80211_free_hw+0x44/0xe8 [mac80211]\n rtw_sdio_remove+0x9c/0xc0 [rtw88_sdio]\n sdio_bus_remove+0x44/0x180\n device_remove+0x54/0x90\n device_release_driver_internal+0x1d4/0x238\n driver_detach+0x54/0xc0\n bus_remove_driver+0x78/0x108\n driver_unregister+0x38/0x78\n sdio_unregister_driver+0x2c/0x40\n rtw_8723cs_driver_exit+0x18/0x1000 [rtw88_8723cs]\n __do_sys_delete_module.isra.0+0x190/0x338\n __arm64_sys_delete_module+0x1c/0x30\n invoke_syscall+0x74/0x100\n el0_svc_common.constprop.0+0x48/0xf0\n do_el0_svc+0x24/0x38\n el0_svc+0x3c/0x158\n el0t_64_sync_handler+0x120/0x138\n el0t_64_sync+0x194/0x198\n ---[ end trace 0000000000000000 ]---", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-56609", "https://git.kernel.org/linus/3e5e4a801aaf4283390cc34959c6c48f910ca5ea (6.13-rc1)", "https://git.kernel.org/stable/c/3d94c4b21966b49c3e26ceeefacaa11ff7ee6d68", "https://git.kernel.org/stable/c/3e5e4a801aaf4283390cc34959c6c48f910ca5ea", "https://git.kernel.org/stable/c/4e8ce3978d704cb28678355d294e10a008b6230a", "https://git.kernel.org/stable/c/9bca6528f20325d30c22236b23116f161d418f6d", "https://linux.oracle.com/cve/CVE-2024-56609.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html", "https://lore.kernel.org/linux-cve-announce/2024122706-CVE-2024-56609-7fe3@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-56609", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-56609" ], "PublishedDate": "2024-12-27T15:15:20.387Z", "LastModifiedDate": "2025-11-03T20:16:53.96Z" }, { "VulnerabilityID": "CVE-2024-56611", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56611", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5e859d0fba0d5287487be4285bef5ae6722b72720ddf9d0b6a2d3ef2c4bb956f", "Title": "kernel: mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM\n\nWe currently assume that there is at least one VMA in a MM, which isn't\ntrue.\n\nSo we might end up having find_vma() return NULL, to then de-reference\nNULL. So properly handle find_vma() returning NULL.\n\nThis fixes the report:\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nCPU: 1 UID: 0 PID: 6021 Comm: syz-executor284 Not tainted 6.12.0-rc7-syzkaller-00187-gf868cd251776 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024\nRIP: 0010:migrate_to_node mm/mempolicy.c:1090 [inline]\nRIP: 0010:do_migrate_pages+0x403/0x6f0 mm/mempolicy.c:1194\nCode: ...\nRSP: 0018:ffffc9000375fd08 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffffc9000375fd78 RCX: 0000000000000000\nRDX: ffff88807e171300 RSI: dffffc0000000000 RDI: ffff88803390c044\nRBP: ffff88807e171428 R08: 0000000000000014 R09: fffffbfff2039ef1\nR10: ffffffff901cf78f R11: 0000000000000000 R12: 0000000000000003\nR13: ffffc9000375fe90 R14: ffffc9000375fe98 R15: ffffc9000375fdf8\nFS: 00005555919e1380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00005555919e1ca8 CR3: 000000007f12a000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n kernel_migrate_pages+0x5b2/0x750 mm/mempolicy.c:1709\n __do_sys_migrate_pages mm/mempolicy.c:1727 [inline]\n __se_sys_migrate_pages mm/mempolicy.c:1723 [inline]\n __x64_sys_migrate_pages+0x96/0x100 mm/mempolicy.c:1723\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n[akpm@linux-foundation.org: add unlikely()]", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-56611", "https://git.kernel.org/linus/091c1dd2d4df6edd1beebe0e5863d4034ade9572 (6.13-rc2)", "https://git.kernel.org/stable/c/091c1dd2d4df6edd1beebe0e5863d4034ade9572", "https://git.kernel.org/stable/c/42d9fe2adf8613f9eea1f0c2619c9e2611eae0ea", "https://git.kernel.org/stable/c/a13b2b9b0b0b04612c7d81e3b3dfb485c5f7abc3", "https://linux.oracle.com/cve/CVE-2024-56611.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lore.kernel.org/linux-cve-announce/2024122706-CVE-2024-56611-262a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-56611", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-56611" ], "PublishedDate": "2024-12-27T15:15:20.587Z", "LastModifiedDate": "2025-10-01T20:17:30.673Z" }, { "VulnerabilityID": "CVE-2024-56639", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56639", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d2b8bac7a40fb8dd248bbac1eab589b23a563d2f0109b7735c474cfeb97ddd8c", "Title": "kernel: net: hsr: must allocate more bytes for RedBox support", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hsr: must allocate more bytes for RedBox support\n\nBlamed commit forgot to change hsr_init_skb() to allocate\nlarger skb for RedBox case.\n\nIndeed, send_hsr_supervision_frame() will add\ntwo additional components (struct hsr_sup_tlv\nand struct hsr_sup_payload)\n\nsyzbot reported the following crash:\nskbuff: skb_over_panic: text:ffffffff8afd4b0a len:34 put:6 head:ffff88802ad29e00 data:ffff88802ad29f22 tail:0x144 end:0x140 dev:gretap0\n------------[ cut here ]------------\n kernel BUG at net/core/skbuff.c:206 !\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 2 UID: 0 PID: 7611 Comm: syz-executor Not tainted 6.12.0-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n RIP: 0010:skb_panic+0x157/0x1d0 net/core/skbuff.c:206\nCode: b6 04 01 84 c0 74 04 3c 03 7e 21 8b 4b 70 41 56 45 89 e8 48 c7 c7 a0 7d 9b 8c 41 57 56 48 89 ee 52 4c 89 e2 e8 9a 76 79 f8 90 \u003c0f\u003e 0b 4c 89 4c 24 10 48 89 54 24 08 48 89 34 24 e8 94 76 fb f8 4c\nRSP: 0018:ffffc90000858ab8 EFLAGS: 00010282\nRAX: 0000000000000087 RBX: ffff8880598c08c0 RCX: ffffffff816d3e69\nRDX: 0000000000000000 RSI: ffffffff816de786 RDI: 0000000000000005\nRBP: ffffffff8c9b91c0 R08: 0000000000000005 R09: 0000000000000000\nR10: 0000000000000302 R11: ffffffff961cc1d0 R12: ffffffff8afd4b0a\nR13: 0000000000000006 R14: ffff88804b938130 R15: 0000000000000140\nFS: 000055558a3d6500(0000) GS:ffff88806a800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f1295974ff8 CR3: 000000002ab6e000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cIRQ\u003e\n skb_over_panic net/core/skbuff.c:211 [inline]\n skb_put+0x174/0x1b0 net/core/skbuff.c:2617\n send_hsr_supervision_frame+0x6fa/0x9e0 net/hsr/hsr_device.c:342\n hsr_proxy_announce+0x1a3/0x4a0 net/hsr/hsr_device.c:436\n call_timer_fn+0x1a0/0x610 kernel/time/timer.c:1794\n expire_timers kernel/time/timer.c:1845 [inline]\n __run_timers+0x6e8/0x930 kernel/time/timer.c:2419\n __run_timer_base kernel/time/timer.c:2430 [inline]\n __run_timer_base kernel/time/timer.c:2423 [inline]\n run_timer_base+0x111/0x190 kernel/time/timer.c:2439\n run_timer_softirq+0x1a/0x40 kernel/time/timer.c:2449\n handle_softirqs+0x213/0x8f0 kernel/softirq.c:554\n __do_softirq kernel/softirq.c:588 [inline]\n invoke_softirq kernel/softirq.c:428 [inline]\n __irq_exit_rcu kernel/softirq.c:637 [inline]\n irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049\n \u003c/IRQ\u003e", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-56639", "https://git.kernel.org/linus/af8edaeddbc52e53207d859c912b017fd9a77629 (6.13-rc2)", "https://git.kernel.org/stable/c/688842f47ee9fb392d1c3a1ced1d21d505b14968", "https://git.kernel.org/stable/c/af8edaeddbc52e53207d859c912b017fd9a77629", "https://linux.oracle.com/cve/CVE-2024-56639.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2024122736-CVE-2024-56639-809a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-56639", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://www.cve.org/CVERecord?id=CVE-2024-56639" ], "PublishedDate": "2024-12-27T15:15:23.633Z", "LastModifiedDate": "2025-10-07T20:13:09.77Z" }, { "VulnerabilityID": "CVE-2024-56641", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56641", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9256f921aaa988733e9791271054f39fb8b6df77f344c625ec01735637126f46", "Title": "kernel: net/smc: initialize close_work early to avoid warning", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: initialize close_work early to avoid warning\n\nWe encountered a warning that close_work was canceled before\ninitialization.\n\n WARNING: CPU: 7 PID: 111103 at kernel/workqueue.c:3047 __flush_work+0x19e/0x1b0\n Workqueue: events smc_lgr_terminate_work [smc]\n RIP: 0010:__flush_work+0x19e/0x1b0\n Call Trace:\n ? __wake_up_common+0x7a/0x190\n ? work_busy+0x80/0x80\n __cancel_work_timer+0xe3/0x160\n smc_close_cancel_work+0x1a/0x70 [smc]\n smc_close_active_abort+0x207/0x360 [smc]\n __smc_lgr_terminate.part.38+0xc8/0x180 [smc]\n process_one_work+0x19e/0x340\n worker_thread+0x30/0x370\n ? process_one_work+0x340/0x340\n kthread+0x117/0x130\n ? __kthread_cancel_work+0x50/0x50\n ret_from_fork+0x22/0x30\n\nThis is because when smc_close_cancel_work is triggered, e.g. the RDMA\ndriver is rmmod and the LGR is terminated, the conn-\u003eclose_work is\nflushed before initialization, resulting in WARN_ON(!work-\u003efunc).\n\n__smc_lgr_terminate | smc_connect_{rdma|ism}\n-------------------------------------------------------------\n | smc_conn_create\n\t\t\t\t| \\- smc_lgr_register_conn\nfor conn in lgr-\u003econns_all |\n\\- smc_conn_kill |\n \\- smc_close_active_abort |\n \\- smc_close_cancel_work |\n \\- cancel_work_sync |\n \\- __flush_work |\n\t (close_work) |\n\t | smc_close_init\n\t | \\- INIT_WORK(\u0026close_work)\n\nSo fix this by initializing close_work before establishing the\nconnection.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-56641", "https://git.kernel.org/linus/0541db8ee32c09463a72d0987382b3a3336b0043 (6.13-rc2)", "https://git.kernel.org/stable/c/0541db8ee32c09463a72d0987382b3a3336b0043", "https://git.kernel.org/stable/c/6638e52dcfafaf1b9cbc34544f0c832db0069ea1", "https://git.kernel.org/stable/c/f0c37002210aaede10dae849d1a78efc2243add2", "https://linux.oracle.com/cve/CVE-2024-56641.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2024122736-CVE-2024-56641-5492@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-56641", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-56641" ], "PublishedDate": "2024-12-27T15:15:23.83Z", "LastModifiedDate": "2025-10-06T17:38:15.09Z" }, { "VulnerabilityID": "CVE-2024-56647", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56647", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7237a2f87fe6af21a72dd427a67f542a1138aa28730c112445308695515d97f7", "Title": "kernel: net: Fix icmp host relookup triggering ip_rt_bug", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix icmp host relookup triggering ip_rt_bug\n\narp link failure may trigger ip_rt_bug while xfrm enabled, call trace is:\n\nWARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 ip_rt_bug+0x14/0x20\nModules linked in:\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc6-00077-g2e1b3cc9d7f7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:ip_rt_bug+0x14/0x20\nCall Trace:\n \u003cIRQ\u003e\n ip_send_skb+0x14/0x40\n __icmp_send+0x42d/0x6a0\n ipv4_link_failure+0xe2/0x1d0\n arp_error_report+0x3c/0x50\n neigh_invalidate+0x8d/0x100\n neigh_timer_handler+0x2e1/0x330\n call_timer_fn+0x21/0x120\n __run_timer_base.part.0+0x1c9/0x270\n run_timer_softirq+0x4c/0x80\n handle_softirqs+0xac/0x280\n irq_exit_rcu+0x62/0x80\n sysvec_apic_timer_interrupt+0x77/0x90\n\nThe script below reproduces this scenario:\nip xfrm policy add src 0.0.0.0/0 dst 0.0.0.0/0 \\\n\tdir out priority 0 ptype main flag localok icmp\nip l a veth1 type veth\nip a a 192.168.141.111/24 dev veth0\nip l s veth0 up\nping 192.168.141.155 -c 1\n\nicmp_route_lookup() create input routes for locally generated packets\nwhile xfrm relookup ICMP traffic.Then it will set input route\n(dst-\u003eout = ip_rt_bug) to skb for DESTUNREACH.\n\nFor ICMP err triggered by locally generated packets, dst-\u003edev of output\nroute is loopback. Generally, xfrm relookup verification is not required\non loopback interfaces (net.ipv4.conf.lo.disable_xfrm = 1).\n\nSkip icmp relookup for locally generated packets to fix it.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-56647", "https://git.kernel.org/linus/c44daa7e3c73229f7ac74985acb8c7fb909c4e0a (6.13-rc2)", "https://git.kernel.org/stable/c/9545011e7b2a8fc0cbd6e387a09f12cd41d7d82f", "https://git.kernel.org/stable/c/c44daa7e3c73229f7ac74985acb8c7fb909c4e0a", "https://linux.oracle.com/cve/CVE-2024-56647.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lore.kernel.org/linux-cve-announce/2024122738-CVE-2024-56647-d71f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-56647", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-56647" ], "PublishedDate": "2024-12-27T15:15:24.467Z", "LastModifiedDate": "2025-10-01T20:17:35.96Z" }, { "VulnerabilityID": "CVE-2024-56657", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56657", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:80098c84cea88a36d32bf40ce2d54b7094d5c61a27913d023b6982c5ba267981", "Title": "kernel: ALSA: control: Avoid WARN() for symlink errors", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: control: Avoid WARN() for symlink errors\n\nUsing WARN() for showing the error of symlink creations don't give\nmore information than telling that something goes wrong, since the\nusual code path is a lregister callback from each control element\ncreation. More badly, the use of WARN() rather confuses fuzzer as if\nit were serious issues.\n\nThis patch downgrades the warning messages to use the normal dev_err()\ninstead of WARN(). For making it clearer, add the function name to\nthe prefix, too.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-56657", "https://git.kernel.org/linus/b2e538a9827dd04ab5273bf4be8eb2edb84357b0 (6.13-rc3)", "https://git.kernel.org/stable/c/36c0764474b637bbee498806485bed524cad486b", "https://git.kernel.org/stable/c/b2e538a9827dd04ab5273bf4be8eb2edb84357b0", "https://git.kernel.org/stable/c/d5a1ca7b59804d6779644001a878ed925a4688ca", "https://linux.oracle.com/cve/CVE-2024-56657.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2024122750-CVE-2024-56657-4f33@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-56657", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7513-1", "https://ubuntu.com/security/notices/USN-7513-2", "https://ubuntu.com/security/notices/USN-7513-3", "https://ubuntu.com/security/notices/USN-7513-4", "https://ubuntu.com/security/notices/USN-7513-5", "https://ubuntu.com/security/notices/USN-7514-1", "https://ubuntu.com/security/notices/USN-7515-1", "https://ubuntu.com/security/notices/USN-7515-2", "https://ubuntu.com/security/notices/USN-7522-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-56657" ], "PublishedDate": "2024-12-27T15:15:25.543Z", "LastModifiedDate": "2025-10-01T20:17:37.157Z" }, { "VulnerabilityID": "CVE-2024-56660", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56660", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0203a1bf6b50953d9d799abdf7250c53478e140d0fb2bbf730928f7126e3e3d7", "Title": "kernel: net/mlx5: DR, prevent potential error pointer dereference", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: DR, prevent potential error pointer dereference\n\nThe dr_domain_add_vport_cap() function generally returns NULL on error\nbut sometimes we want it to return ERR_PTR(-EBUSY) so the caller can\nretry. The problem here is that \"ret\" can be either -EBUSY or -ENOMEM\nand if it's and -ENOMEM then the error pointer is propogated back and\neventually dereferenced in dr_ste_v0_build_src_gvmi_qpn_tag().", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-56660", "https://git.kernel.org/linus/11776cff0b563c8b8a4fa76cab620bfb633a8cb8 (6.13-rc3)", "https://git.kernel.org/stable/c/11776cff0b563c8b8a4fa76cab620bfb633a8cb8", "https://git.kernel.org/stable/c/325cf73a1b449fea3158ab99d03a7a717aad1618", "https://git.kernel.org/stable/c/61f720e801443d4e2a3c0261eda4ad8431458dca", "https://git.kernel.org/stable/c/a59c61a1869ceefc65ef02886f91e8cd0062211f", "https://linux.oracle.com/cve/CVE-2024-56660.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024122751-CVE-2024-56660-fb9d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-56660", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7513-1", "https://ubuntu.com/security/notices/USN-7513-2", "https://ubuntu.com/security/notices/USN-7513-3", "https://ubuntu.com/security/notices/USN-7513-4", "https://ubuntu.com/security/notices/USN-7513-5", "https://ubuntu.com/security/notices/USN-7514-1", "https://ubuntu.com/security/notices/USN-7515-1", "https://ubuntu.com/security/notices/USN-7515-2", "https://ubuntu.com/security/notices/USN-7522-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-56660" ], "PublishedDate": "2024-12-27T15:15:25.857Z", "LastModifiedDate": "2025-11-03T21:18:15.75Z" }, { "VulnerabilityID": "CVE-2024-56665", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56665", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4730b129c2d9d0682470bb8237f08e489eb7adbc8e75768d3cade5d8bec5234d", "Title": "kernel: bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog\n\nSyzbot reported [1] crash that happens for following tracing scenario:\n\n - create tracepoint perf event with attr.inherit=1, attach it to the\n process and set bpf program to it\n - attached process forks -\u003e chid creates inherited event\n\n the new child event shares the parent's bpf program and tp_event\n (hence prog_array) which is global for tracepoint\n\n - exit both process and its child -\u003e release both events\n - first perf_event_detach_bpf_prog call will release tp_event-\u003eprog_array\n and second perf_event_detach_bpf_prog will crash, because\n tp_event-\u003eprog_array is NULL\n\nThe fix makes sure the perf_event_detach_bpf_prog checks prog_array\nis valid before it tries to remove the bpf program from it.\n\n[1] https://lore.kernel.org/bpf/Z1MR6dCIKajNS6nU@krava/T/#m91dbf0688221ec7a7fc95e896a7ef9ff93b0b8ad", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-56665", "https://git.kernel.org/linus/978c4486cca5c7b9253d3ab98a88c8e769cb9bbd (6.13-rc3)", "https://git.kernel.org/stable/c/842e5af282453983586e2eae3c8eaf252de5f22f", "https://git.kernel.org/stable/c/978c4486cca5c7b9253d3ab98a88c8e769cb9bbd", "https://git.kernel.org/stable/c/c2b6b47662d5f2dfce92e5ffbdcac8229f321d9d", "https://git.kernel.org/stable/c/dfb15ddf3b65e0df2129f9756d1b4fa78055cdb3", "https://linux.oracle.com/cve/CVE-2024-56665.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024122753-CVE-2024-56665-5df3@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-56665", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7513-1", "https://ubuntu.com/security/notices/USN-7513-2", "https://ubuntu.com/security/notices/USN-7513-3", "https://ubuntu.com/security/notices/USN-7513-4", "https://ubuntu.com/security/notices/USN-7513-5", "https://ubuntu.com/security/notices/USN-7514-1", "https://ubuntu.com/security/notices/USN-7515-1", "https://ubuntu.com/security/notices/USN-7515-2", "https://ubuntu.com/security/notices/USN-7522-1", "https://www.cve.org/CVERecord?id=CVE-2024-56665" ], "PublishedDate": "2024-12-27T15:15:26.4Z", "LastModifiedDate": "2025-11-03T21:18:17.16Z" }, { "VulnerabilityID": "CVE-2024-56671", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56671", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2bb39df105b9012ca84254211c45960aee0ef382beef0ebf2a2fddfcd420d878", "Title": "kernel: gpio: graniterapids: Fix vGPIO driver crash", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: graniterapids: Fix vGPIO driver crash\n\nMove setting irq_chip.name from probe() function to the initialization\nof \"irq_chip\" struct in order to fix vGPIO driver crash during bootup.\n\nCrash was caused by unauthorized modification of irq_chip.name field\nwhere irq_chip struct was initialized as const.\n\nThis behavior is a consequence of suboptimal implementation of\ngpio_irq_chip_set_chip(), which should be changed to avoid\ncasting away const qualifier.\n\nCrash log:\nBUG: unable to handle page fault for address: ffffffffc0ba81c0\n/#PF: supervisor write access in kernel mode\n/#PF: error_code(0x0003) - permissions violation\nCPU: 33 UID: 0 PID: 1075 Comm: systemd-udevd Not tainted 6.12.0-rc6-00077-g2e1b3cc9d7f7 #1\nHardware name: Intel Corporation Kaseyville RP/Kaseyville RP, BIOS KVLDCRB1.PGS.0026.D73.2410081258 10/08/2024\nRIP: 0010:gnr_gpio_probe+0x171/0x220 [gpio_graniterapids]", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-56671", "https://git.kernel.org/linus/eb9640fd1ce666610b77f5997596e9570a36378f (6.13-rc3)", "https://git.kernel.org/stable/c/e631cab10c6b287a33c35953e6dbda1f7f89bc1f", "https://git.kernel.org/stable/c/eb9640fd1ce666610b77f5997596e9570a36378f", "https://linux.oracle.com/cve/CVE-2024-56671.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2024122755-CVE-2024-56671-89d8@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-56671", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://www.cve.org/CVERecord?id=CVE-2024-56671" ], "PublishedDate": "2024-12-27T15:15:26.993Z", "LastModifiedDate": "2025-10-01T20:17:39.55Z" }, { "VulnerabilityID": "CVE-2024-56674", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56674", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d42f0097bd3b5bba9c1e0ee33582aa17ad74ea7f440aa4e47ee022c854ea29d4", "Title": "kernel: virtio_net: correct netdev_tx_reset_queue() invocation point", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio_net: correct netdev_tx_reset_queue() invocation point\n\nWhen virtnet_close is followed by virtnet_open, some TX completions can\npossibly remain unconsumed, until they are finally processed during the\nfirst NAPI poll after the netdev_tx_reset_queue(), resulting in a crash\n[1]. Commit b96ed2c97c79 (\"virtio_net: move netdev_tx_reset_queue() call\nbefore RX napi enable\") was not sufficient to eliminate all BQL crash\ncases for virtio-net.\n\nThis issue can be reproduced with the latest net-next master by running:\n`while :; do ip l set DEV down; ip l set DEV up; done` under heavy network\nTX load from inside the machine.\n\nnetdev_tx_reset_queue() can actually be dropped from virtnet_open path;\nthe device is not stopped in any case. For BQL core part, it's just like\ntraffic nearly ceases to exist for some period. For stall detector added\nto BQL, even if virtnet_close could somehow lead to some TX completions\ndelayed for long, followed by virtnet_open, we can just take it as stall\nas mentioned in commit 6025b9135f7a (\"net: dqs: add NIC stall detector\nbased on BQL\"). Note also that users can still reset stall_max via sysfs.\n\nSo, drop netdev_tx_reset_queue() from virtnet_enable_queue_pair(). This\neliminates the BQL crashes. As a result, netdev_tx_reset_queue() is now\nexplicitly required in freeze/restore path. This patch adds it to\nimmediately after free_unused_bufs(), following the rule of thumb:\nnetdev_tx_reset_queue() should follow any SKB freeing not followed by\nnetdev_tx_completed_queue(). This seems the most consistent and\nstreamlined approach, and now netdev_tx_reset_queue() runs whenever\nfree_unused_bufs() is done.\n\n[1]:\n------------[ cut here ]------------\nkernel BUG at lib/dynamic_queue_limits.c:99!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 7 UID: 0 PID: 1598 Comm: ip Tainted: G N 6.12.0net-next_main+ #2\nTainted: [N]=TEST\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), \\\nBIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nRIP: 0010:dql_completed+0x26b/0x290\nCode: b7 c2 49 89 e9 44 89 da 89 c6 4c 89 d7 e8 ed 17 47 00 58 65 ff 0d\n4d 27 90 7e 0f 85 fd fe ff ff e8 ea 53 8d ff e9 f3 fe ff ff \u003c0f\u003e 0b 01\nd2 44 89 d1 29 d1 ba 00 00 00 00 0f 48 ca e9 28 ff ff ff\nRSP: 0018:ffffc900002b0d08 EFLAGS: 00010297\nRAX: 0000000000000000 RBX: ffff888102398c80 RCX: 0000000080190009\nRDX: 0000000000000000 RSI: 000000000000006a RDI: 0000000000000000\nRBP: ffff888102398c00 R08: 0000000000000000 R09: 0000000000000000\nR10: 00000000000000ca R11: 0000000000015681 R12: 0000000000000001\nR13: ffffc900002b0d68 R14: ffff88811115e000 R15: ffff8881107aca40\nFS: 00007f41ded69500(0000) GS:ffff888667dc0000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000556ccc2dc1a0 CR3: 0000000104fd8003 CR4: 0000000000772ef0\nPKRU: 55555554\nCall Trace:\n \u003cIRQ\u003e\n ? die+0x32/0x80\n ? do_trap+0xd9/0x100\n ? dql_completed+0x26b/0x290\n ? dql_completed+0x26b/0x290\n ? do_error_trap+0x6d/0xb0\n ? dql_completed+0x26b/0x290\n ? exc_invalid_op+0x4c/0x60\n ? dql_completed+0x26b/0x290\n ? asm_exc_invalid_op+0x16/0x20\n ? dql_completed+0x26b/0x290\n __free_old_xmit+0xff/0x170 [virtio_net]\n free_old_xmit+0x54/0xc0 [virtio_net]\n virtnet_poll+0xf4/0xe30 [virtio_net]\n ? __update_load_avg_cfs_rq+0x264/0x2d0\n ? update_curr+0x35/0x260\n ? reweight_entity+0x1be/0x260\n __napi_poll.constprop.0+0x28/0x1c0\n net_rx_action+0x329/0x420\n ? enqueue_hrtimer+0x35/0x90\n ? trace_hardirqs_on+0x1d/0x80\n ? kvm_sched_clock_read+0xd/0x20\n ? sched_clock+0xc/0x30\n ? kvm_sched_clock_read+0xd/0x20\n ? sched_clock+0xc/0x30\n ? sched_clock_cpu+0xd/0x1a0\n handle_softirqs+0x138/0x3e0\n do_softirq.part.0+0x89/0xc0\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n __local_bh_enable_ip+0xa7/0xb0\n virtnet_open+0xc8/0x310 [virtio_net]\n __dev_open+0xfa/0x1b0\n __dev_change_flags+0x1de/0x250\n dev_change_flags+0x22/0x60\n do_setlink.isra.0+0x2df/0x10b0\n ? rtnetlink_rcv_msg+0x34f/0x3f0\n ? netlink_rcv_skb+0x54/0x100\n ? netlink_unicas\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-672" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-56674", "https://git.kernel.org/linus/3ddccbefebdbe0c4c72a248676e4d39ac66a8e26 (6.13-rc3)", "https://git.kernel.org/stable/c/3ddccbefebdbe0c4c72a248676e4d39ac66a8e26", "https://git.kernel.org/stable/c/b4294d4ac61fbb382811a1d64eaf81f446ce2af4", "https://linux.oracle.com/cve/CVE-2024-56674.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2024122756-CVE-2024-56674-8005@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-56674", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://www.cve.org/CVERecord?id=CVE-2024-56674" ], "PublishedDate": "2024-12-27T15:15:27.313Z", "LastModifiedDate": "2025-10-01T20:17:39.95Z" }, { "VulnerabilityID": "CVE-2024-56677", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56677", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e25826c5684bef66b1b64c9062121b884e764cfbfa7e4db8bcab4d5ace41b418", "Title": "kernel: powerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init()\n\nDuring early init CMA_MIN_ALIGNMENT_BYTES can be PAGE_SIZE,\nsince pageblock_order is still zero and it gets initialized\nlater during initmem_init() e.g.\nsetup_arch() -\u003e initmem_init() -\u003e sparse_init() -\u003e set_pageblock_order()\n\nOne such use case where this causes issue is -\nearly_setup() -\u003e early_init_devtree() -\u003e fadump_reserve_mem() -\u003e fadump_cma_init()\n\nThis causes CMA memory alignment check to be bypassed in\ncma_init_reserved_mem(). Then later cma_activate_area() can hit\na VM_BUG_ON_PAGE(pfn \u0026 ((1 \u003c\u003c order) - 1)) if the reserved memory\narea was not pageblock_order aligned.\n\nFix it by moving the fadump_cma_init() after initmem_init(),\nwhere other such cma reservations also gets called.\n\n\u003cstack trace\u003e\n==============\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10010\nflags: 0x13ffff800000000(node=1|zone=0|lastcpupid=0x7ffff) CMA\nraw: 013ffff800000000 5deadbeef0000100 5deadbeef0000122 0000000000000000\nraw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000\npage dumped because: VM_BUG_ON_PAGE(pfn \u0026 ((1 \u003c\u003c order) - 1))\n------------[ cut here ]------------\nkernel BUG at mm/page_alloc.c:778!\n\nCall Trace:\n__free_one_page+0x57c/0x7b0 (unreliable)\nfree_pcppages_bulk+0x1a8/0x2c8\nfree_unref_page_commit+0x3d4/0x4e4\nfree_unref_page+0x458/0x6d0\ninit_cma_reserved_pageblock+0x114/0x198\ncma_init_reserved_areas+0x270/0x3e0\ndo_one_initcall+0x80/0x2f8\nkernel_init_freeable+0x33c/0x530\nkernel_init+0x34/0x26c\nret_from_kernel_user_thread+0x14/0x1c", "Severity": "MEDIUM", "CweIDs": [ "CWE-908" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-56677", "https://git.kernel.org/linus/05b94cae1c47f94588c3e7096963c1007c4d9c1d (6.13-rc1)", "https://git.kernel.org/stable/c/05b94cae1c47f94588c3e7096963c1007c4d9c1d", "https://git.kernel.org/stable/c/7351c5a6507b4401aeecadb5959131410a339520", "https://git.kernel.org/stable/c/aabef6301dcf410dfd2b8759cd413b2a003c7e3f", "https://git.kernel.org/stable/c/c5c1d1ef70834013fc3bd12b6a0f4664c6d75a74", "https://git.kernel.org/stable/c/f551637fe9bf863386309e03f9d148d97f535ad1", "https://linux.oracle.com/cve/CVE-2024-56677.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024122831-CVE-2024-56677-f922@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-56677", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-56677" ], "PublishedDate": "2024-12-28T10:15:08.277Z", "LastModifiedDate": "2025-11-03T21:18:18.237Z" }, { "VulnerabilityID": "CVE-2024-56692", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56692", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:36ab4f44bf0a1a5be577f96959356abe52402c1d01cdd1a20336c8fec307c538", "Title": "kernel: f2fs: fix to do sanity check on node blkaddr in truncate_node()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on node blkaddr in truncate_node()\n\nsyzbot reports a f2fs bug as below:\n\n------------[ cut here ]------------\nkernel BUG at fs/f2fs/segment.c:2534!\nRIP: 0010:f2fs_invalidate_blocks+0x35f/0x370 fs/f2fs/segment.c:2534\nCall Trace:\n truncate_node+0x1ae/0x8c0 fs/f2fs/node.c:909\n f2fs_remove_inode_page+0x5c2/0x870 fs/f2fs/node.c:1288\n f2fs_evict_inode+0x879/0x15c0 fs/f2fs/inode.c:856\n evict+0x4e8/0x9b0 fs/inode.c:723\n f2fs_handle_failed_inode+0x271/0x2e0 fs/f2fs/inode.c:986\n f2fs_create+0x357/0x530 fs/f2fs/namei.c:394\n lookup_open fs/namei.c:3595 [inline]\n open_last_lookups fs/namei.c:3694 [inline]\n path_openat+0x1c03/0x3590 fs/namei.c:3930\n do_filp_open+0x235/0x490 fs/namei.c:3960\n do_sys_openat2+0x13e/0x1d0 fs/open.c:1415\n do_sys_open fs/open.c:1430 [inline]\n __do_sys_openat fs/open.c:1446 [inline]\n __se_sys_openat fs/open.c:1441 [inline]\n __x64_sys_openat+0x247/0x2a0 fs/open.c:1441\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0010:f2fs_invalidate_blocks+0x35f/0x370 fs/f2fs/segment.c:2534\n\nThe root cause is: on a fuzzed image, blkaddr in nat entry may be\ncorrupted, then it will cause system panic when using it in\nf2fs_invalidate_blocks(), to avoid this, let's add sanity check on\nnat blkaddr in truncate_node().", "Severity": "MEDIUM", "CweIDs": [ "CWE-754" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-56692", "https://git.kernel.org/linus/6babe00ccd34fc65b78ef8b99754e32b4385f23d (6.13-rc1)", "https://git.kernel.org/stable/c/0a5c8b3fbf6200f1c66062d307c9a52084917788", "https://git.kernel.org/stable/c/27d6e7eff07f8cce8e83b162d8f21a07458c860d", "https://git.kernel.org/stable/c/6babe00ccd34fc65b78ef8b99754e32b4385f23d", "https://git.kernel.org/stable/c/c1077078ce4589b5e5387f6b0aaa0d4534b9eb57", "https://linux.oracle.com/cve/CVE-2024-56692.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2024122835-CVE-2024-56692-e6ad@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-56692", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-56692" ], "PublishedDate": "2024-12-28T10:15:14.49Z", "LastModifiedDate": "2025-10-01T20:17:40.847Z" }, { "VulnerabilityID": "CVE-2024-56703", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56703", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d855a385b0039c8eed4ac7ef7ab1117bdfe0fb66e8d707401d1ad050bda8fb07", "Title": "kernel: ipv6: Fix soft lockups in fib6_select_path under high next hop churn", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: Fix soft lockups in fib6_select_path under high next hop churn\n\nSoft lockups have been observed on a cluster of Linux-based edge routers\nlocated in a highly dynamic environment. Using the `bird` service, these\nrouters continuously update BGP-advertised routes due to frequently\nchanging nexthop destinations, while also managing significant IPv6\ntraffic. The lockups occur during the traversal of the multipath\ncircular linked-list in the `fib6_select_path` function, particularly\nwhile iterating through the siblings in the list. The issue typically\narises when the nodes of the linked list are unexpectedly deleted\nconcurrently on a different core—indicated by their 'next' and\n'previous' elements pointing back to the node itself and their reference\ncount dropping to zero. This results in an infinite loop, leading to a\nsoft lockup that triggers a system panic via the watchdog timer.\n\nApply RCU primitives in the problematic code sections to resolve the\nissue. Where necessary, update the references to fib6_siblings to\nannotate or use the RCU APIs.\n\nInclude a test script that reproduces the issue. The script\nperiodically updates the routing table while generating a heavy load\nof outgoing IPv6 traffic through multiple iperf3 clients. It\nconsistently induces infinite soft lockups within a couple of minutes.\n\nKernel log:\n\n 0 [ffffbd13003e8d30] machine_kexec at ffffffff8ceaf3eb\n 1 [ffffbd13003e8d90] __crash_kexec at ffffffff8d0120e3\n 2 [ffffbd13003e8e58] panic at ffffffff8cef65d4\n 3 [ffffbd13003e8ed8] watchdog_timer_fn at ffffffff8d05cb03\n 4 [ffffbd13003e8f08] __hrtimer_run_queues at ffffffff8cfec62f\n 5 [ffffbd13003e8f70] hrtimer_interrupt at ffffffff8cfed756\n 6 [ffffbd13003e8fd0] __sysvec_apic_timer_interrupt at ffffffff8cea01af\n 7 [ffffbd13003e8ff0] sysvec_apic_timer_interrupt at ffffffff8df1b83d\n-- \u003cIRQ stack\u003e --\n 8 [ffffbd13003d3708] asm_sysvec_apic_timer_interrupt at ffffffff8e000ecb\n [exception RIP: fib6_select_path+299]\n RIP: ffffffff8ddafe7b RSP: ffffbd13003d37b8 RFLAGS: 00000287\n RAX: ffff975850b43600 RBX: ffff975850b40200 RCX: 0000000000000000\n RDX: 000000003fffffff RSI: 0000000051d383e4 RDI: ffff975850b43618\n RBP: ffffbd13003d3800 R8: 0000000000000000 R9: ffff975850b40200\n R10: 0000000000000000 R11: 0000000000000000 R12: ffffbd13003d3830\n R13: ffff975850b436a8 R14: ffff975850b43600 R15: 0000000000000007\n ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018\n 9 [ffffbd13003d3808] ip6_pol_route at ffffffff8ddb030c\n10 [ffffbd13003d3888] ip6_pol_route_input at ffffffff8ddb068c\n11 [ffffbd13003d3898] fib6_rule_lookup at ffffffff8ddf02b5\n12 [ffffbd13003d3928] ip6_route_input at ffffffff8ddb0f47\n13 [ffffbd13003d3a18] ip6_rcv_finish_core.constprop.0 at ffffffff8dd950d0\n14 [ffffbd13003d3a30] ip6_list_rcv_finish.constprop.0 at ffffffff8dd96274\n15 [ffffbd13003d3a98] ip6_sublist_rcv at ffffffff8dd96474\n16 [ffffbd13003d3af8] ipv6_list_rcv at ffffffff8dd96615\n17 [ffffbd13003d3b60] __netif_receive_skb_list_core at ffffffff8dc16fec\n18 [ffffbd13003d3be0] netif_receive_skb_list_internal at ffffffff8dc176b3\n19 [ffffbd13003d3c50] napi_gro_receive at ffffffff8dc565b9\n20 [ffffbd13003d3c80] ice_receive_skb at ffffffffc087e4f5 [ice]\n21 [ffffbd13003d3c90] ice_clean_rx_irq at ffffffffc0881b80 [ice]\n22 [ffffbd13003d3d20] ice_napi_poll at ffffffffc088232f [ice]\n23 [ffffbd13003d3d80] __napi_poll at ffffffff8dc18000\n24 [ffffbd13003d3db8] net_rx_action at ffffffff8dc18581\n25 [ffffbd13003d3e40] __do_softirq at ffffffff8df352e9\n26 [ffffbd13003d3eb0] run_ksoftirqd at ffffffff8ceffe47\n27 [ffffbd13003d3ec0] smpboot_thread_fn at ffffffff8cf36a30\n28 [ffffbd13003d3ee8] kthread at ffffffff8cf2b39f\n29 [ffffbd13003d3f28] ret_from_fork at ffffffff8ce5fa64\n30 [ffffbd13003d3f50] ret_from_fork_asm at ffffffff8ce03cbb", "Severity": "MEDIUM", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "amazon": 2, "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-56703", "https://git.kernel.org/linus/d9ccb18f83ea2bb654289b6ecf014fd267cc988b (6.13-rc1)", "https://git.kernel.org/stable/c/11edcd026012ac18acee0f1514db3ed1b160fc6f", "https://git.kernel.org/stable/c/34a949e7a0869dfa31a40416d2a56973fae1807b", "https://git.kernel.org/stable/c/52da02521ede55fb86546c3fffd9377b3261b91f", "https://git.kernel.org/stable/c/d0ec61c9f3583b76aebdbb271f5c0d3fcccd48b2", "https://git.kernel.org/stable/c/d9ccb18f83ea2bb654289b6ecf014fd267cc988b", "https://linux.oracle.com/cve/CVE-2024-56703.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024122837-CVE-2024-56703-683a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-56703", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-56703" ], "PublishedDate": "2024-12-28T10:15:18.433Z", "LastModifiedDate": "2025-11-03T21:18:21.33Z" }, { "VulnerabilityID": "CVE-2024-56707", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56707", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d3bd8ee004c53f32781f647a7547553e8216359d5883d26157968111cd4d9983", "Title": "kernel: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c\n\nAdd error pointer checks after calling otx2_mbox_get_rsp().", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-56707", "https://git.kernel.org/linus/f5b942e6c54b13246ee49d42dcfb71b7f29e3c64 (6.13-rc1)", "https://git.kernel.org/stable/c/1611b1ea7cf8d07dff091a45389b10401bb6d5b3", "https://git.kernel.org/stable/c/20e06a5137a1174214bae3a29ce623e69455ee0f", "https://git.kernel.org/stable/c/3ccbc7a518868eff1d5a198b9e454e182b651e00", "https://git.kernel.org/stable/c/f5b942e6c54b13246ee49d42dcfb71b7f29e3c64", "https://git.kernel.org/stable/c/fc595472fbad96533ccbb7b9ebb82b743ec26829", "https://linux.oracle.com/cve/CVE-2024-56707.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024122838-CVE-2024-56707-783f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-56707", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-56707" ], "PublishedDate": "2024-12-28T10:15:19.66Z", "LastModifiedDate": "2025-11-03T21:18:22.13Z" }, { "VulnerabilityID": "CVE-2024-56709", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56709", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d663d97b14c1836800a8fbba7236fe8dbecad2771ff5e4659d7085be5c572afc", "Title": "kernel: io_uring: check if iowq is killed before queuing", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: check if iowq is killed before queuing\n\ntask work can be executed after the task has gone through io_uring\ntermination, whether it's the final task_work run or the fallback path.\nIn this case, task work will find -\u003eio_wq being already killed and\nnull'ed, which is a problem if it then tries to forward the request to\nio_queue_iowq(). Make io_queue_iowq() fail requests in this case.\n\nNote that it also checks PF_KTHREAD, because the user can first close\na DEFER_TASKRUN ring and shortly after kill the task, in which case\n-\u003eiowq check would race.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:20518", "https://access.redhat.com/security/cve/CVE-2024-56709", "https://bugzilla.redhat.com/2298169", "https://bugzilla.redhat.com/2312077", "https://bugzilla.redhat.com/2313092", "https://bugzilla.redhat.com/2320172", "https://bugzilla.redhat.com/2320259", "https://bugzilla.redhat.com/2320455", "https://bugzilla.redhat.com/2320616", "https://bugzilla.redhat.com/2320722", "https://bugzilla.redhat.com/2324549", "https://bugzilla.redhat.com/2327203", "https://bugzilla.redhat.com/2327374", "https://bugzilla.redhat.com/2327887", "https://bugzilla.redhat.com/2329918", "https://bugzilla.redhat.com/2330341", "https://bugzilla.redhat.com/2331326", "https://bugzilla.redhat.com/2334357", "https://bugzilla.redhat.com/2334396", "https://bugzilla.redhat.com/2334415", "https://bugzilla.redhat.com/2334439", "https://bugzilla.redhat.com/2334537", "https://bugzilla.redhat.com/2334547", "https://bugzilla.redhat.com/2334548", "https://bugzilla.redhat.com/2334560", "https://bugzilla.redhat.com/2334676", "https://bugzilla.redhat.com/2334795", "https://bugzilla.redhat.com/2334829", "https://bugzilla.redhat.com/2336541", "https://bugzilla.redhat.com/2337121", "https://bugzilla.redhat.com/2337124", "https://bugzilla.redhat.com/2338814", "https://bugzilla.redhat.com/2338828", "https://bugzilla.redhat.com/2338832", "https://bugzilla.redhat.com/2343172", "https://bugzilla.redhat.com/2343175", "https://bugzilla.redhat.com/2344684", "https://bugzilla.redhat.com/2344687", "https://bugzilla.redhat.com/2345240", "https://bugzilla.redhat.com/2346272", "https://bugzilla.redhat.com/2347707", "https://bugzilla.redhat.com/2347753", "https://bugzilla.redhat.com/2347759", "https://bugzilla.redhat.com/2347781", "https://bugzilla.redhat.com/2347807", "https://bugzilla.redhat.com/2347859", "https://bugzilla.redhat.com/2347919", "https://bugzilla.redhat.com/2347968", "https://bugzilla.redhat.com/2348022", "https://bugzilla.redhat.com/2348071", "https://bugzilla.redhat.com/2348238", "https://bugzilla.redhat.com/2348240", "https://bugzilla.redhat.com/2348279", "https://bugzilla.redhat.com/2348515", "https://bugzilla.redhat.com/2348523", "https://bugzilla.redhat.com/2348528", "https://bugzilla.redhat.com/2348541", "https://bugzilla.redhat.com/2348543", "https://bugzilla.redhat.com/2348547", "https://bugzilla.redhat.com/2348550", "https://bugzilla.redhat.com/2348554", "https://bugzilla.redhat.com/2348556", "https://bugzilla.redhat.com/2348566", "https://bugzilla.redhat.com/2348573", "https://bugzilla.redhat.com/2348574", "https://bugzilla.redhat.com/2348577", "https://bugzilla.redhat.com/2348578", "https://bugzilla.redhat.com/2348581", "https://bugzilla.redhat.com/2348584", "https://bugzilla.redhat.com/2348585", "https://bugzilla.redhat.com/2348587", "https://bugzilla.redhat.com/2348595", "https://bugzilla.redhat.com/2348597", "https://bugzilla.redhat.com/2348600", "https://bugzilla.redhat.com/2348601", "https://bugzilla.redhat.com/2348615", "https://bugzilla.redhat.com/2348620", "https://bugzilla.redhat.com/2348625", "https://bugzilla.redhat.com/2348634", "https://bugzilla.redhat.com/2348645", "https://bugzilla.redhat.com/2348650", "https://bugzilla.redhat.com/2348654", "https://bugzilla.redhat.com/2348901", "https://bugzilla.redhat.com/2350363", "https://bugzilla.redhat.com/2350367", "https://bugzilla.redhat.com/2350374", "https://bugzilla.redhat.com/2350375", "https://bugzilla.redhat.com/2350386", "https://bugzilla.redhat.com/2350388", "https://bugzilla.redhat.com/2350392", "https://bugzilla.redhat.com/2350396", "https://bugzilla.redhat.com/2350397", "https://bugzilla.redhat.com/2350400", "https://bugzilla.redhat.com/2350585", "https://bugzilla.redhat.com/2350589", "https://bugzilla.redhat.com/2350725", "https://bugzilla.redhat.com/2350726", "https://bugzilla.redhat.com/2351606", "https://bugzilla.redhat.com/2351608", "https://bugzilla.redhat.com/2351612", "https://bugzilla.redhat.com/2351613", "https://bugzilla.redhat.com/2351616", "https://bugzilla.redhat.com/2351618", "https://bugzilla.redhat.com/2351620", "https://bugzilla.redhat.com/2351624", "https://bugzilla.redhat.com/2351625", "https://bugzilla.redhat.com/2351629", "https://bugzilla.redhat.com/2351633", "https://bugzilla.redhat.com/2360215", "https://bugzilla.redhat.com/2363380", "https://bugzilla.redhat.com/2369184", "https://bugzilla.redhat.com/2376076", "https://bugzilla.redhat.com/2383441", "https://bugzilla.redhat.com/show_bug.cgi?id=2298169", "https://bugzilla.redhat.com/show_bug.cgi?id=2312077", "https://bugzilla.redhat.com/show_bug.cgi?id=2313092", "https://bugzilla.redhat.com/show_bug.cgi?id=2320172", "https://bugzilla.redhat.com/show_bug.cgi?id=2320259", "https://bugzilla.redhat.com/show_bug.cgi?id=2320455", "https://bugzilla.redhat.com/show_bug.cgi?id=2320616", "https://bugzilla.redhat.com/show_bug.cgi?id=2320722", "https://bugzilla.redhat.com/show_bug.cgi?id=2324549", "https://bugzilla.redhat.com/show_bug.cgi?id=2327203", "https://bugzilla.redhat.com/show_bug.cgi?id=2327374", "https://bugzilla.redhat.com/show_bug.cgi?id=2327887", "https://bugzilla.redhat.com/show_bug.cgi?id=2329918", "https://bugzilla.redhat.com/show_bug.cgi?id=2330341", "https://bugzilla.redhat.com/show_bug.cgi?id=2331326", "https://bugzilla.redhat.com/show_bug.cgi?id=2334357", "https://bugzilla.redhat.com/show_bug.cgi?id=2334396", "https://bugzilla.redhat.com/show_bug.cgi?id=2334415", "https://bugzilla.redhat.com/show_bug.cgi?id=2334439", "https://bugzilla.redhat.com/show_bug.cgi?id=2334537", "https://bugzilla.redhat.com/show_bug.cgi?id=2334547", "https://bugzilla.redhat.com/show_bug.cgi?id=2334548", "https://bugzilla.redhat.com/show_bug.cgi?id=2334560", "https://bugzilla.redhat.com/show_bug.cgi?id=2334676", "https://bugzilla.redhat.com/show_bug.cgi?id=2334795", "https://bugzilla.redhat.com/show_bug.cgi?id=2334829", "https://bugzilla.redhat.com/show_bug.cgi?id=2336541", "https://bugzilla.redhat.com/show_bug.cgi?id=2337121", "https://bugzilla.redhat.com/show_bug.cgi?id=2337124", "https://bugzilla.redhat.com/show_bug.cgi?id=2338814", "https://bugzilla.redhat.com/show_bug.cgi?id=2338828", "https://bugzilla.redhat.com/show_bug.cgi?id=2338832", "https://bugzilla.redhat.com/show_bug.cgi?id=2343172", "https://bugzilla.redhat.com/show_bug.cgi?id=2343175", "https://bugzilla.redhat.com/show_bug.cgi?id=2344684", "https://bugzilla.redhat.com/show_bug.cgi?id=2344687", "https://bugzilla.redhat.com/show_bug.cgi?id=2345240", "https://bugzilla.redhat.com/show_bug.cgi?id=2346272", "https://bugzilla.redhat.com/show_bug.cgi?id=2347707", "https://bugzilla.redhat.com/show_bug.cgi?id=2347753", "https://bugzilla.redhat.com/show_bug.cgi?id=2347759", "https://bugzilla.redhat.com/show_bug.cgi?id=2347781", "https://bugzilla.redhat.com/show_bug.cgi?id=2347807", "https://bugzilla.redhat.com/show_bug.cgi?id=2347859", "https://bugzilla.redhat.com/show_bug.cgi?id=2347919", "https://bugzilla.redhat.com/show_bug.cgi?id=2347968", "https://bugzilla.redhat.com/show_bug.cgi?id=2348022", "https://bugzilla.redhat.com/show_bug.cgi?id=2348071", "https://bugzilla.redhat.com/show_bug.cgi?id=2348238", "https://bugzilla.redhat.com/show_bug.cgi?id=2348240", "https://bugzilla.redhat.com/show_bug.cgi?id=2348279", "https://bugzilla.redhat.com/show_bug.cgi?id=2348515", "https://bugzilla.redhat.com/show_bug.cgi?id=2348523", "https://bugzilla.redhat.com/show_bug.cgi?id=2348528", "https://bugzilla.redhat.com/show_bug.cgi?id=2348541", "https://bugzilla.redhat.com/show_bug.cgi?id=2348543", "https://bugzilla.redhat.com/show_bug.cgi?id=2348547", "https://bugzilla.redhat.com/show_bug.cgi?id=2348550", "https://bugzilla.redhat.com/show_bug.cgi?id=2348554", "https://bugzilla.redhat.com/show_bug.cgi?id=2348556", "https://bugzilla.redhat.com/show_bug.cgi?id=2348566", "https://bugzilla.redhat.com/show_bug.cgi?id=2348573", "https://bugzilla.redhat.com/show_bug.cgi?id=2348574", "https://bugzilla.redhat.com/show_bug.cgi?id=2348577", "https://bugzilla.redhat.com/show_bug.cgi?id=2348578", "https://bugzilla.redhat.com/show_bug.cgi?id=2348581", "https://bugzilla.redhat.com/show_bug.cgi?id=2348584", "https://bugzilla.redhat.com/show_bug.cgi?id=2348585", "https://bugzilla.redhat.com/show_bug.cgi?id=2348587", "https://bugzilla.redhat.com/show_bug.cgi?id=2348595", "https://bugzilla.redhat.com/show_bug.cgi?id=2348597", "https://bugzilla.redhat.com/show_bug.cgi?id=2348600", "https://bugzilla.redhat.com/show_bug.cgi?id=2348601", "https://bugzilla.redhat.com/show_bug.cgi?id=2348615", "https://bugzilla.redhat.com/show_bug.cgi?id=2348620", "https://bugzilla.redhat.com/show_bug.cgi?id=2348625", "https://bugzilla.redhat.com/show_bug.cgi?id=2348634", "https://bugzilla.redhat.com/show_bug.cgi?id=2348645", "https://bugzilla.redhat.com/show_bug.cgi?id=2348650", "https://bugzilla.redhat.com/show_bug.cgi?id=2348654", "https://bugzilla.redhat.com/show_bug.cgi?id=2348901", "https://bugzilla.redhat.com/show_bug.cgi?id=2350363", "https://bugzilla.redhat.com/show_bug.cgi?id=2350367", "https://bugzilla.redhat.com/show_bug.cgi?id=2350374", "https://bugzilla.redhat.com/show_bug.cgi?id=2350375", "https://bugzilla.redhat.com/show_bug.cgi?id=2350386", "https://bugzilla.redhat.com/show_bug.cgi?id=2350388", "https://bugzilla.redhat.com/show_bug.cgi?id=2350392", "https://bugzilla.redhat.com/show_bug.cgi?id=2350396", "https://bugzilla.redhat.com/show_bug.cgi?id=2350397", "https://bugzilla.redhat.com/show_bug.cgi?id=2350400", "https://bugzilla.redhat.com/show_bug.cgi?id=2350585", "https://bugzilla.redhat.com/show_bug.cgi?id=2350589", "https://bugzilla.redhat.com/show_bug.cgi?id=2350725", "https://bugzilla.redhat.com/show_bug.cgi?id=2350726", "https://bugzilla.redhat.com/show_bug.cgi?id=2351606", "https://bugzilla.redhat.com/show_bug.cgi?id=2351608", "https://bugzilla.redhat.com/show_bug.cgi?id=2351612", "https://bugzilla.redhat.com/show_bug.cgi?id=2351613", "https://bugzilla.redhat.com/show_bug.cgi?id=2351616", "https://bugzilla.redhat.com/show_bug.cgi?id=2351618", "https://bugzilla.redhat.com/show_bug.cgi?id=2351620", "https://bugzilla.redhat.com/show_bug.cgi?id=2351624", "https://bugzilla.redhat.com/show_bug.cgi?id=2351625", "https://bugzilla.redhat.com/show_bug.cgi?id=2351629", "https://bugzilla.redhat.com/show_bug.cgi?id=2351633", "https://bugzilla.redhat.com/show_bug.cgi?id=2356647", "https://bugzilla.redhat.com/show_bug.cgi?id=2360215", "https://bugzilla.redhat.com/show_bug.cgi?id=2360223", "https://bugzilla.redhat.com/show_bug.cgi?id=2363380", "https://bugzilla.redhat.com/show_bug.cgi?id=2369184", "https://bugzilla.redhat.com/show_bug.cgi?id=2376076", "https://bugzilla.redhat.com/show_bug.cgi?id=2383441", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48830", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49024", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49269", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49353", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49432", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49437", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49443", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49623", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49627", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49643", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49657", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49670", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49845", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36350", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46744", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47679", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47727", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49570", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50060", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50195", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50294", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52332", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53052", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53090", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53119", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53135", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53170", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53229", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53241", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53680", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54456", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56603", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56645", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56662", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56690", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56709", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57981", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57986", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57987", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57988", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57990", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57993", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57995", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57998", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58012", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58015", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58057", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58062", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58068", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58072", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58075", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58077", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58083", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58088", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21647", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21671", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21693", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21696", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21702", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21714", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21728", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21738", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21745", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21746", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21765", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21787", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21806", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21828", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21829", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21837", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21839", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21844", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21846", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21848", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21851", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21855", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21861", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21863", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21902", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37994", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38116", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38396", "https://errata.almalinux.org/9/ALSA-2025-20518.html", "https://errata.rockylinux.org/RLSA-2025:20518", "https://git.kernel.org/linus/dbd2ca9367eb19bc5e269b8c58b0b1514ada9156 (6.13-rc4)", "https://git.kernel.org/stable/c/2ca94c8de36091067b9ce7527ae8db3812d38781", "https://git.kernel.org/stable/c/4f95a2186b7f2af09331e1e8069bcaf34fe019cf", "https://git.kernel.org/stable/c/534d59ab38010aada88390db65985e65d0de7d9e", "https://git.kernel.org/stable/c/dbd2ca9367eb19bc5e269b8c58b0b1514ada9156", "https://linux.oracle.com/cve/CVE-2024-56709.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024122918-CVE-2024-56709-655c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-56709", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7513-1", "https://ubuntu.com/security/notices/USN-7513-2", "https://ubuntu.com/security/notices/USN-7513-3", "https://ubuntu.com/security/notices/USN-7513-4", "https://ubuntu.com/security/notices/USN-7513-5", "https://ubuntu.com/security/notices/USN-7514-1", "https://ubuntu.com/security/notices/USN-7515-1", "https://ubuntu.com/security/notices/USN-7515-2", "https://ubuntu.com/security/notices/USN-7522-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-56709" ], "PublishedDate": "2024-12-29T09:15:05.82Z", "LastModifiedDate": "2025-11-03T21:18:22.467Z" }, { "VulnerabilityID": "CVE-2024-56712", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56712", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5ce287047b56f5d7a41d2476942fbcfb1c6a1dd1ed40e10cec2bf93296f80078", "Title": "kernel: udmabuf: fix memory leak on last export_udmabuf() error path", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nudmabuf: fix memory leak on last export_udmabuf() error path\n\nIn export_udmabuf(), if dma_buf_fd() fails because the FD table is full, a\ndma_buf owning the udmabuf has already been created; but the error handling\nin udmabuf_create() will tear down the udmabuf without doing anything about\nthe containing dma_buf.\n\nThis leaves a dma_buf in memory that contains a dangling pointer; though\nthat doesn't seem to lead to anything bad except a memory leak.\n\nFix it by moving the dma_buf_fd() call out of export_udmabuf() so that we\ncan give it different error handling.\n\nNote that the shape of this code changed a lot in commit 5e72b2b41a21\n(\"udmabuf: convert udmabuf driver to use folios\"); but the memory leak\nseems to have existed since the introduction of udmabuf.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-56712", "https://git.kernel.org/linus/f49856f525acd5bef52ae28b7da2e001bbe7439e (6.13-rc4)", "https://git.kernel.org/stable/c/c9fc8428d4255c2128da9c4d5cd92e554d0150cf", "https://git.kernel.org/stable/c/f49856f525acd5bef52ae28b7da2e001bbe7439e", "https://linux.oracle.com/cve/CVE-2024-56712.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2024122914-CVE-2024-56712-d62a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-56712", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://www.cve.org/CVERecord?id=CVE-2024-56712" ], "PublishedDate": "2024-12-29T09:15:06.25Z", "LastModifiedDate": "2025-04-17T21:15:49.417Z" }, { "VulnerabilityID": "CVE-2024-56717", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56717", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:374fe863d0e025e58888aa266a2dc766f68a9ef2291917e69d5af9fe0a14cd98", "Title": "kernel: net: mscc: ocelot: fix incorrect IFH SRC_PORT field in ocelot_ifh_set_basic()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mscc: ocelot: fix incorrect IFH SRC_PORT field in ocelot_ifh_set_basic()\n\nPackets injected by the CPU should have a SRC_PORT field equal to the\nCPU port module index in the Analyzer block (ocelot-\u003enum_phys_ports).\n\nThe blamed commit copied the ocelot_ifh_set_basic() call incorrectly\nfrom ocelot_xmit_common() in net/dsa/tag_ocelot.c. Instead of calling\nwith \"x\", it calls with BIT_ULL(x), but the field is not a port mask,\nbut rather a single port index.\n\n[ side note: this is the technical debt of code duplication :( ]\n\nThe error used to be silent and doesn't appear to have other\nuser-visible manifestations, but with new changes in the packing\nlibrary, it now fails loudly as follows:\n\n------------[ cut here ]------------\nCannot store 0x40 inside bits 46-43 - will truncate\nsja1105 spi2.0: xmit timed out\nWARNING: CPU: 1 PID: 102 at lib/packing.c:98 __pack+0x90/0x198\nsja1105 spi2.0: timed out polling for tstamp\nCPU: 1 UID: 0 PID: 102 Comm: felix_xmit\nTainted: G W N 6.13.0-rc1-00372-gf706b85d972d-dirty #2605\nCall trace:\n __pack+0x90/0x198 (P)\n __pack+0x90/0x198 (L)\n packing+0x78/0x98\n ocelot_ifh_set_basic+0x260/0x368\n ocelot_port_inject_frame+0xa8/0x250\n felix_port_deferred_xmit+0x14c/0x258\n kthread_worker_fn+0x134/0x350\n kthread+0x114/0x138\n\nThe code path pertains to the ocelot switchdev driver and to the felix\nsecondary DSA tag protocol, ocelot-8021q. Here seen with ocelot-8021q.\n\nThe messenger (packing) is not really to blame, so fix the original\ncommit instead.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-56717", "https://git.kernel.org/linus/2d5df3a680ffdaf606baa10636bdb1daf757832e (6.13-rc4)", "https://git.kernel.org/stable/c/2d5df3a680ffdaf606baa10636bdb1daf757832e", "https://git.kernel.org/stable/c/2f3c62ffe88116cd2a39cd73e01103535599970f", "https://git.kernel.org/stable/c/59c4ca8d8d7918eb6e2df91d2c254827264be309", "https://git.kernel.org/stable/c/a8836eae3288c351acd3b2743d2fad2a4ee2bd56", "https://linux.oracle.com/cve/CVE-2024-56717.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024122915-CVE-2024-56717-546c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-56717", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7513-1", "https://ubuntu.com/security/notices/USN-7513-2", "https://ubuntu.com/security/notices/USN-7513-3", "https://ubuntu.com/security/notices/USN-7513-4", "https://ubuntu.com/security/notices/USN-7513-5", "https://ubuntu.com/security/notices/USN-7514-1", "https://ubuntu.com/security/notices/USN-7515-1", "https://ubuntu.com/security/notices/USN-7515-2", "https://ubuntu.com/security/notices/USN-7522-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-56717" ], "PublishedDate": "2024-12-29T09:15:06.907Z", "LastModifiedDate": "2025-11-03T21:18:23.06Z" }, { "VulnerabilityID": "CVE-2024-56718", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56718", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a4d81c8f78b613e599b558d8fa7e50bca508202837150414a4d8b1981cc2097e", "Title": "kernel: net/smc: protect link down work from execute after lgr freed", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: protect link down work from execute after lgr freed\n\nlink down work may be scheduled before lgr freed but execute\nafter lgr freed, which may result in crash. So it is need to\nhold a reference before shedule link down work, and put the\nreference after work executed or canceled.\n\nThe relevant crash call stack as follows:\n list_del corruption. prev-\u003enext should be ffffb638c9c0fe20,\n but was 0000000000000000\n ------------[ cut here ]------------\n kernel BUG at lib/list_debug.c:51!\n invalid opcode: 0000 [#1] SMP NOPTI\n CPU: 6 PID: 978112 Comm: kworker/6:119 Kdump: loaded Tainted: G #1\n Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 2221b89 04/01/2014\n Workqueue: events smc_link_down_work [smc]\n RIP: 0010:__list_del_entry_valid.cold+0x31/0x47\n RSP: 0018:ffffb638c9c0fdd8 EFLAGS: 00010086\n RAX: 0000000000000054 RBX: ffff942fb75e5128 RCX: 0000000000000000\n RDX: ffff943520930aa0 RSI: ffff94352091fc80 RDI: ffff94352091fc80\n RBP: 0000000000000000 R08: 0000000000000000 R09: ffffb638c9c0fc38\n R10: ffffb638c9c0fc30 R11: ffffffffa015eb28 R12: 0000000000000002\n R13: ffffb638c9c0fe20 R14: 0000000000000001 R15: ffff942f9cd051c0\n FS: 0000000000000000(0000) GS:ffff943520900000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f4f25214000 CR3: 000000025fbae004 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n rwsem_down_write_slowpath+0x17e/0x470\n smc_link_down_work+0x3c/0x60 [smc]\n process_one_work+0x1ac/0x350\n worker_thread+0x49/0x2f0\n ? rescuer_thread+0x360/0x360\n kthread+0x118/0x140\n ? __kthread_bind_mask+0x60/0x60\n ret_from_fork+0x1f/0x30", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-56718", "https://git.kernel.org/linus/2b33eb8f1b3e8c2f87cfdbc8cc117f6bdfabc6ec (6.13-rc4)", "https://git.kernel.org/stable/c/2627c3e8646932dfc7b9722c88c2e1ffcf7a9fb2", "https://git.kernel.org/stable/c/2b33eb8f1b3e8c2f87cfdbc8cc117f6bdfabc6ec", "https://git.kernel.org/stable/c/841b1824750d3b8d1dc0a96b14db4418b952abbc", "https://git.kernel.org/stable/c/bec2f52866d511e94c1c37cd962e4382b1b1a299", "https://linux.oracle.com/cve/CVE-2024-56718.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024122915-CVE-2024-56718-be98@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-56718", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7513-1", "https://ubuntu.com/security/notices/USN-7513-2", "https://ubuntu.com/security/notices/USN-7513-3", "https://ubuntu.com/security/notices/USN-7513-4", "https://ubuntu.com/security/notices/USN-7513-5", "https://ubuntu.com/security/notices/USN-7514-1", "https://ubuntu.com/security/notices/USN-7515-1", "https://ubuntu.com/security/notices/USN-7515-2", "https://ubuntu.com/security/notices/USN-7522-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-56718" ], "PublishedDate": "2024-12-29T09:15:07.04Z", "LastModifiedDate": "2025-11-03T21:18:23.26Z" }, { "VulnerabilityID": "CVE-2024-56719", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56719", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d9207cc71f93861875f4a087cb649565c0dfba04396f04aa7e8fcfd7131afb18", "Title": "kernel: net: stmmac: fix TSO DMA API usage causing oops", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: fix TSO DMA API usage causing oops\n\nCommit 66600fac7a98 (\"net: stmmac: TSO: Fix unbalanced DMA map/unmap\nfor non-paged SKB data\") moved the assignment of tx_skbuff_dma[]'s\nmembers to be later in stmmac_tso_xmit().\n\nThe buf (dma cookie) and len stored in this structure are passed to\ndma_unmap_single() by stmmac_tx_clean(). The DMA API requires that\nthe dma cookie passed to dma_unmap_single() is the same as the value\nreturned from dma_map_single(). However, by moving the assignment\nlater, this is not the case when priv-\u003edma_cap.addr64 \u003e 32 as \"des\"\nis offset by proto_hdr_len.\n\nThis causes problems such as:\n\n dwc-eth-dwmac 2490000.ethernet eth0: Tx DMA map failed\n\nand with DMA_API_DEBUG enabled:\n\n DMA-API: dwc-eth-dwmac 2490000.ethernet: device driver tries to +free DMA memory it has not allocated [device address=0x000000ffffcf65c0] [size=66 bytes]\n\nFix this by maintaining \"des\" as the original DMA cookie, and use\ntso_des to pass the offset DMA cookie to stmmac_tso_allocator().\n\nFull details of the crashes can be found at:\nhttps://lore.kernel.org/all/d8112193-0386-4e14-b516-37c2d838171a@nvidia.com/\nhttps://lore.kernel.org/all/klkzp5yn5kq5efgtrow6wbvnc46bcqfxs65nz3qy77ujr5turc@bwwhelz2l4dw/", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-56719", "https://git.kernel.org/linus/4c49f38e20a57f8abaebdf95b369295b153d1f8e (6.13-rc3)", "https://git.kernel.org/stable/c/4c49f38e20a57f8abaebdf95b369295b153d1f8e", "https://git.kernel.org/stable/c/6abcdc9a73274052a9e96a1926994ecf9aedad82", "https://git.kernel.org/stable/c/9d5dd7ccea1b46a9a7c6b3c2b9e5ed8864e185e2", "https://git.kernel.org/stable/c/db3667c9bbfbbf5de98e6c9542f7e03fb5243286", "https://linux.oracle.com/cve/CVE-2024-56719.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2024122916-CVE-2024-56719-609b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-56719", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://www.cve.org/CVERecord?id=CVE-2024-56719" ], "PublishedDate": "2024-12-29T09:15:07.187Z", "LastModifiedDate": "2026-03-25T11:16:09.097Z" }, { "VulnerabilityID": "CVE-2024-56722", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56722", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a503961b63514590becc8613c0dc9ffd2d5c23d6ff12fcbeced66c61e4b113d1", "Title": "kernel: RDMA/hns: Fix cpu stuck caused by printings during reset", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix cpu stuck caused by printings during reset\n\nDuring reset, cmd to destroy resources such as qp, cq, and mr may fail,\nand error logs will be printed. When a large number of resources are\ndestroyed, there will be lots of printings, and it may lead to a cpu\nstuck.\n\nDelete some unnecessary printings and replace other printing functions\nin these paths with the ratelimited version.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-56722", "https://git.kernel.org/linus/323275ac2ff15b2b7b3eac391ae5d8c5a3c3a999 (6.13-rc1)", "https://git.kernel.org/stable/c/31c6fe9b79ed42440094f2367897aea0c0ce96ec", "https://git.kernel.org/stable/c/323275ac2ff15b2b7b3eac391ae5d8c5a3c3a999", "https://git.kernel.org/stable/c/a0e4c78770faa0d56d47391476fe1d827e72eded", "https://git.kernel.org/stable/c/b4ba31e5aaffbda9b22d9a35c40b16dc39e475a6", "https://git.kernel.org/stable/c/e2e64f9c42c717beb459ab209ec1c4baa73d3760", "https://linux.oracle.com/cve/CVE-2024-56722.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024122923-CVE-2024-56722-5594@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-56722", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-56722" ], "PublishedDate": "2024-12-29T12:15:06.283Z", "LastModifiedDate": "2025-11-03T21:18:23.68Z" }, { "VulnerabilityID": "CVE-2024-56727", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56727", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:39f2560b54dff9b2fdd780b8f63e5c2ef4ced0e64a26522ad33302736646f901", "Title": "kernel: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c\n\nAdding error pointer check after calling otx2_mbox_get_rsp().", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-56727", "https://git.kernel.org/linus/bd3110bc102ab6292656b8118be819faa0de8dd0 (6.13-rc1)", "https://git.kernel.org/stable/c/8c9f8b35dc3d4ad8053a72bc0c5a7843591f6b75", "https://git.kernel.org/stable/c/a479b3d7586e6f77f8337bbcac980eaf2d0a4029", "https://git.kernel.org/stable/c/bd3110bc102ab6292656b8118be819faa0de8dd0", "https://git.kernel.org/stable/c/c4eae7bac880edd88aaed6a8ec2997fa85e259c7", "https://git.kernel.org/stable/c/e5e60f17d2462ef5c13db4d1a54eef5778fd2295", "https://linux.oracle.com/cve/CVE-2024-56727.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024122924-CVE-2024-56727-41d8@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-56727", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-56727" ], "PublishedDate": "2024-12-29T12:15:06.813Z", "LastModifiedDate": "2025-11-03T21:18:24.987Z" }, { "VulnerabilityID": "CVE-2024-56744", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56744", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7bfacbee45ae12081ddd506c7a67cd41d39a44397aa32adb1c049102c9f5a505", "Title": "kernel: f2fs: fix to avoid potential deadlock in f2fs_record_stop_reason()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid potential deadlock in f2fs_record_stop_reason()\n\nsyzbot reports deadlock issue of f2fs as below:\n\n======================================================\nWARNING: possible circular locking dependency detected\n6.12.0-rc3-syzkaller-00087-gc964ced77262 #0 Not tainted\n------------------------------------------------------\nkswapd0/79 is trying to acquire lock:\nffff888011824088 (\u0026sbi-\u003esb_lock){++++}-{3:3}, at: f2fs_down_write fs/f2fs/f2fs.h:2199 [inline]\nffff888011824088 (\u0026sbi-\u003esb_lock){++++}-{3:3}, at: f2fs_record_stop_reason+0x52/0x1d0 fs/f2fs/super.c:4068\n\nbut task is already holding lock:\nffff88804bd92610 (sb_internal#2){.+.+}-{0:0}, at: f2fs_evict_inode+0x662/0x15c0 fs/f2fs/inode.c:842\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-\u003e #2 (sb_internal#2){.+.+}-{0:0}:\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825\n percpu_down_read include/linux/percpu-rwsem.h:51 [inline]\n __sb_start_write include/linux/fs.h:1716 [inline]\n sb_start_intwrite+0x4d/0x1c0 include/linux/fs.h:1899\n f2fs_evict_inode+0x662/0x15c0 fs/f2fs/inode.c:842\n evict+0x4e8/0x9b0 fs/inode.c:725\n f2fs_evict_inode+0x1a4/0x15c0 fs/f2fs/inode.c:807\n evict+0x4e8/0x9b0 fs/inode.c:725\n dispose_list fs/inode.c:774 [inline]\n prune_icache_sb+0x239/0x2f0 fs/inode.c:963\n super_cache_scan+0x38c/0x4b0 fs/super.c:223\n do_shrink_slab+0x701/0x1160 mm/shrinker.c:435\n shrink_slab+0x1093/0x14d0 mm/shrinker.c:662\n shrink_one+0x43b/0x850 mm/vmscan.c:4818\n shrink_many mm/vmscan.c:4879 [inline]\n lru_gen_shrink_node mm/vmscan.c:4957 [inline]\n shrink_node+0x3799/0x3de0 mm/vmscan.c:5937\n kswapd_shrink_node mm/vmscan.c:6765 [inline]\n balance_pgdat mm/vmscan.c:6957 [inline]\n kswapd+0x1ca3/0x3700 mm/vmscan.c:7226\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\n-\u003e #1 (fs_reclaim){+.+.}-{0:0}:\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825\n __fs_reclaim_acquire mm/page_alloc.c:3834 [inline]\n fs_reclaim_acquire+0x88/0x130 mm/page_alloc.c:3848\n might_alloc include/linux/sched/mm.h:318 [inline]\n prepare_alloc_pages+0x147/0x5b0 mm/page_alloc.c:4493\n __alloc_pages_noprof+0x16f/0x710 mm/page_alloc.c:4722\n alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265\n alloc_pages_noprof mm/mempolicy.c:2345 [inline]\n folio_alloc_noprof+0x128/0x180 mm/mempolicy.c:2352\n filemap_alloc_folio_noprof+0xdf/0x500 mm/filemap.c:1010\n do_read_cache_folio+0x2eb/0x850 mm/filemap.c:3787\n read_mapping_folio include/linux/pagemap.h:1011 [inline]\n f2fs_commit_super+0x3c0/0x7d0 fs/f2fs/super.c:4032\n f2fs_record_stop_reason+0x13b/0x1d0 fs/f2fs/super.c:4079\n f2fs_handle_critical_error+0x2ac/0x5c0 fs/f2fs/super.c:4174\n f2fs_write_inode+0x35f/0x4d0 fs/f2fs/inode.c:785\n write_inode fs/fs-writeback.c:1503 [inline]\n __writeback_single_inode+0x711/0x10d0 fs/fs-writeback.c:1723\n writeback_single_inode+0x1f3/0x660 fs/fs-writeback.c:1779\n sync_inode_metadata+0xc4/0x120 fs/fs-writeback.c:2849\n f2fs_release_file+0xa8/0x100 fs/f2fs/file.c:1941\n __fput+0x23f/0x880 fs/file_table.c:431\n task_work_run+0x24f/0x310 kernel/task_work.c:228\n resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]\n exit_to_user_mode_loop kernel/entry/common.c:114 [inline]\n exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]\n __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]\n syscall_exit_to_user_mode+0x168/0x370 kernel/entry/common.c:218\n do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-56744", "https://git.kernel.org/linus/f10a890308a7cd8794e21f646f09827c6cb4bf5d (6.13-rc1)", "https://git.kernel.org/stable/c/1539a088b108996bcdaddb7775070b5163b14233", "https://git.kernel.org/stable/c/801092a2c9c251ef6a8678fcb8fcc1220474a697", "https://git.kernel.org/stable/c/ecf4e6782b01fd578b565b3dd2be7bb0ac91082e", "https://git.kernel.org/stable/c/f10a890308a7cd8794e21f646f09827c6cb4bf5d", "https://linux.oracle.com/cve/CVE-2024-56744.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2024122926-CVE-2024-56744-fc8b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-56744", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-56744" ], "PublishedDate": "2024-12-29T12:15:07.817Z", "LastModifiedDate": "2025-04-16T19:15:52.783Z" }, { "VulnerabilityID": "CVE-2024-56782", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56782", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:55380d62cbb814ffb5d0fe098cf15166f578021143c958c8664eedf0badd6734", "Title": "kernel: ACPI: x86: Add adev NULL check to acpi_quirk_skip_serdev_enumeration()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: x86: Add adev NULL check to acpi_quirk_skip_serdev_enumeration()\n\nacpi_dev_hid_match() does not check for adev == NULL, dereferencing\nit unconditional.\n\nAdd a check for adev being NULL before calling acpi_dev_hid_match().\n\nAt the moment acpi_quirk_skip_serdev_enumeration() is never called with\na controller_parent without an ACPI companion, but better safe than sorry.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-56782", "https://git.kernel.org/linus/4a49194f587a62d972b602e3e1a2c3cfe6567966 (6.13-rc1)", "https://git.kernel.org/stable/c/4a49194f587a62d972b602e3e1a2c3cfe6567966", "https://git.kernel.org/stable/c/e173bce05f7032a8b4964cfef82a4b7668f5f3af", "https://linux.oracle.com/cve/CVE-2024-56782.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025010807-CVE-2024-56782-d049@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-56782", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-56782" ], "PublishedDate": "2025-01-08T18:15:19.147Z", "LastModifiedDate": "2025-10-01T20:17:54.36Z" }, { "VulnerabilityID": "CVE-2024-56788", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56788", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:24c079fc17b3a3ac168ce31c54fd9702584ea2d7b3a32bc131a8c693f2d41f06", "Title": "kernel: net: ethernet: oa_tc6: fix tx skb race condition between reference pointers", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: oa_tc6: fix tx skb race condition between reference pointers\n\nThere are two skb pointers to manage tx skb's enqueued from n/w stack.\nwaiting_tx_skb pointer points to the tx skb which needs to be processed\nand ongoing_tx_skb pointer points to the tx skb which is being processed.\n\nSPI thread prepares the tx data chunks from the tx skb pointed by the\nongoing_tx_skb pointer. When the tx skb pointed by the ongoing_tx_skb is\nprocessed, the tx skb pointed by the waiting_tx_skb is assigned to\nongoing_tx_skb and the waiting_tx_skb pointer is assigned with NULL.\nWhenever there is a new tx skb from n/w stack, it will be assigned to\nwaiting_tx_skb pointer if it is NULL. Enqueuing and processing of a tx skb\nhandled in two different threads.\n\nConsider a scenario where the SPI thread processed an ongoing_tx_skb and\nit moves next tx skb from waiting_tx_skb pointer to ongoing_tx_skb pointer\nwithout doing any NULL check. At this time, if the waiting_tx_skb pointer\nis NULL then ongoing_tx_skb pointer is also assigned with NULL. After\nthat, if a new tx skb is assigned to waiting_tx_skb pointer by the n/w\nstack and there is a chance to overwrite the tx skb pointer with NULL in\nthe SPI thread. Finally one of the tx skb will be left as unhandled,\nresulting packet missing and memory leak.\n\n- Consider the below scenario where the TXC reported from the previous\ntransfer is 10 and ongoing_tx_skb holds an tx ethernet frame which can be\ntransported in 20 TXCs and waiting_tx_skb is still NULL.\n\ttx_credits = 10; /* 21 are filled in the previous transfer */\n\tongoing_tx_skb = 20;\n\twaiting_tx_skb = NULL; /* Still NULL */\n- So, (tc6-\u003eongoing_tx_skb || tc6-\u003ewaiting_tx_skb) becomes true.\n- After oa_tc6_prepare_spi_tx_buf_for_tx_skbs()\n\tongoing_tx_skb = 10;\n\twaiting_tx_skb = NULL; /* Still NULL */\n- Perform SPI transfer.\n- Process SPI rx buffer to get the TXC from footers.\n- Now let's assume previously filled 21 TXCs are freed so we are good to\ntransport the next remaining 10 tx chunks from ongoing_tx_skb.\n\ttx_credits = 21;\n\tongoing_tx_skb = 10;\n\twaiting_tx_skb = NULL;\n- So, (tc6-\u003eongoing_tx_skb || tc6-\u003ewaiting_tx_skb) becomes true again.\n- In the oa_tc6_prepare_spi_tx_buf_for_tx_skbs()\n\tongoing_tx_skb = NULL;\n\twaiting_tx_skb = NULL;\n\n- Now the below bad case might happen,\n\nThread1 (oa_tc6_start_xmit)\tThread2 (oa_tc6_spi_thread_handler)\n---------------------------\t-----------------------------------\n- if waiting_tx_skb is NULL\n\t\t\t\t- if ongoing_tx_skb is NULL\n\t\t\t\t- ongoing_tx_skb = waiting_tx_skb\n- waiting_tx_skb = skb\n\t\t\t\t- waiting_tx_skb = NULL\n\t\t\t\t...\n\t\t\t\t- ongoing_tx_skb = NULL\n- if waiting_tx_skb is NULL\n- waiting_tx_skb = skb\n\nTo overcome the above issue, protect the moving of tx skb reference from\nwaiting_tx_skb pointer to ongoing_tx_skb pointer and assigning new tx skb\nto waiting_tx_skb pointer, so that the other thread can't access the\nwaiting_tx_skb pointer until the current thread completes moving the tx\nskb reference safely.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-56788", "https://git.kernel.org/linus/e592b5110b3e9393881b0a019d86832bbf71a47f (6.13-rc4)", "https://git.kernel.org/stable/c/1f2eb6c32bae04b375bb7a0aedbeefb6dbbcb775", "https://git.kernel.org/stable/c/e592b5110b3e9393881b0a019d86832bbf71a47f", "https://linux.oracle.com/cve/CVE-2024-56788.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025011147-CVE-2024-56788-7a74@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-56788", "https://www.cve.org/CVERecord?id=CVE-2024-56788" ], "PublishedDate": "2025-01-11T13:15:29.09Z", "LastModifiedDate": "2025-09-24T18:58:20.277Z" }, { "VulnerabilityID": "CVE-2024-57795", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-57795", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:fc0c143303f63ff1456d8a91d8eabc307832b5ad7826d63da6c982d3fb86890a", "Title": "kernel: RDMA/rxe: Remove the direct link to net_device", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Remove the direct link to net_device\n\nThe similar patch in siw is in the link:\nhttps://git.kernel.org/rdma/rdma/c/16b87037b48889\n\nThis problem also occurred in RXE. The following analyze this problem.\nIn the following Call Traces:\n\"\nBUG: KASAN: slab-use-after-free in dev_get_flags+0x188/0x1d0 net/core/dev.c:8782\nRead of size 4 at addr ffff8880554640b0 by task kworker/1:4/5295\n\nCPU: 1 UID: 0 PID: 5295 Comm: kworker/1:4 Not tainted\n6.12.0-rc3-syzkaller-00399-g9197b73fd7bb #0\nHardware name: Google Compute Engine/Google Compute Engine,\nBIOS Google 09/13/2024\nWorkqueue: infiniband ib_cache_event_task\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n dev_get_flags+0x188/0x1d0 net/core/dev.c:8782\n rxe_query_port+0x12d/0x260 drivers/infiniband/sw/rxe/rxe_verbs.c:60\n __ib_query_port drivers/infiniband/core/device.c:2111 [inline]\n ib_query_port+0x168/0x7d0 drivers/infiniband/core/device.c:2143\n ib_cache_update+0x1a9/0xb80 drivers/infiniband/core/cache.c:1494\n ib_cache_event_task+0xf3/0x1e0 drivers/infiniband/core/cache.c:1568\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa65/0x1850 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f2/0x390 kernel/kthread.c:389\n ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\"\n\n1). In the link [1],\n\n\"\n infiniband syz2: set down\n\"\n\nThis means that on 839.350575, the event ib_cache_event_task was sent andi\nqueued in ib_wq.\n\n2). In the link [1],\n\n\"\n team0 (unregistering): Port device team_slave_0 removed\n\"\n\nIt indicates that before 843.251853, the net device should be freed.\n\n3). In the link [1],\n\n\"\n BUG: KASAN: slab-use-after-free in dev_get_flags+0x188/0x1d0\n\"\n\nThis means that on 850.559070, this slab-use-after-free problem occurred.\n\nIn all, on 839.350575, the event ib_cache_event_task was sent and queued\nin ib_wq,\n\nbefore 843.251853, the net device veth was freed.\n\non 850.559070, this event was executed, and the mentioned freed net device\nwas called. Thus, the above call trace occurred.\n\n[1] https://syzkaller.appspot.com/x/log.txt?x=12e7025f980000", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-57795", "https://git.kernel.org/linus/2ac5415022d16d63d912a39a06f32f1f51140261 (6.13-rc6)", "https://git.kernel.org/stable/c/2ac5415022d16d63d912a39a06f32f1f51140261", "https://git.kernel.org/stable/c/32ca3557d968e662957131374a5f81c9c9cdbba8", "https://git.kernel.org/stable/c/9f6f54e6a6863131442b40e14d1792b090c7ce21", "https://linux.oracle.com/cve/CVE-2024-57795.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025011533-CVE-2024-57795-e560@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-57795", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://www.cve.org/CVERecord?id=CVE-2024-57795" ], "PublishedDate": "2025-01-15T13:15:11.563Z", "LastModifiedDate": "2026-01-11T17:15:51.717Z" }, { "VulnerabilityID": "CVE-2024-57804", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-57804", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2acf582b997023dadf6dbf4633bef176d9c16fa6143a42eb66f36183ea4134e8", "Title": "kernel: scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs\n\nThe driver, through the SAS transport, exposes a sysfs interface to\nenable/disable PHYs in a controller/expander setup. When multiple PHYs\nare disabled and enabled in rapid succession, the persistent and current\nconfig pages related to SAS IO unit/SAS Expander pages could get\ncorrupted.\n\nUse separate memory for each config request.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-57804", "https://git.kernel.org/linus/711201a8b8334a397440ac0b859df0054e174bc9 (6.13-rc2)", "https://git.kernel.org/stable/c/711201a8b8334a397440ac0b859df0054e174bc9", "https://git.kernel.org/stable/c/869fdc6f0606060301aef648231e186c7c542f5a", "https://linux.oracle.com/cve/CVE-2024-57804.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025011152-CVE-2024-57804-4bad@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-57804", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7513-1", "https://ubuntu.com/security/notices/USN-7513-2", "https://ubuntu.com/security/notices/USN-7513-3", "https://ubuntu.com/security/notices/USN-7513-4", "https://ubuntu.com/security/notices/USN-7513-5", "https://ubuntu.com/security/notices/USN-7514-1", "https://ubuntu.com/security/notices/USN-7515-1", "https://ubuntu.com/security/notices/USN-7515-2", "https://ubuntu.com/security/notices/USN-7522-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-57804" ], "PublishedDate": "2025-01-11T13:15:30.233Z", "LastModifiedDate": "2025-10-17T15:08:04.35Z" }, { "VulnerabilityID": "CVE-2024-57809", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-57809", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:88843bfabd29eb5ef0df68ce2b171ac578bda711cc9483d652d61640e4b8ad80", "Title": "kernel: PCI: imx6: Fix suspend/resume support on i.MX6QDL", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: imx6: Fix suspend/resume support on i.MX6QDL\n\nThe suspend/resume functionality is currently broken on the i.MX6QDL\nplatform, as documented in the NXP errata (ERR005723):\n\n https://www.nxp.com/docs/en/errata/IMX6DQCE.pdf\n\nThis patch addresses the issue by sharing most of the suspend/resume\nsequences used by other i.MX devices, while avoiding modifications to\ncritical registers that disrupt the PCIe functionality. It targets the\nsame problem as the following downstream commit:\n\n https://github.com/nxp-imx/linux-imx/commit/4e92355e1f79d225ea842511fcfd42b343b32995\n\nUnlike the downstream commit, this patch also resets the connected PCIe\ndevice if possible. Without this reset, certain drivers, such as ath10k\nor iwlwifi, will crash on resume. The device reset is also done by the\ndriver on other i.MX platforms, making this patch consistent with\nexisting practices.\n\nUpon resuming, the kernel will hang and display an error. Here's an\nexample of the error encountered with the ath10k driver:\n\n ath10k_pci 0000:01:00.0: Unable to change power state from D3hot to D0, device inaccessible\n Unhandled fault: imprecise external abort (0x1406) at 0x0106f944\n\nWithout this patch, suspend/resume will fail on i.MX6QDL devices if a\nPCIe device is connected.\n\n[kwilczynski: commit log, added tag for stable releases]", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-57809", "https://git.kernel.org/linus/0a726f542d7c8cc0f9c5ed7df5a4bd4b59ac21b3 (6.13-rc1)", "https://git.kernel.org/stable/c/0a726f542d7c8cc0f9c5ed7df5a4bd4b59ac21b3", "https://git.kernel.org/stable/c/ac43ea3d27a8f9beadf3af66c9ea4a566ebfff1f", "https://linux.oracle.com/cve/CVE-2024-57809.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lore.kernel.org/linux-cve-announce/2025011103-CVE-2024-57809-a6be@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-57809", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://www.cve.org/CVERecord?id=CVE-2024-57809" ], "PublishedDate": "2025-01-11T14:15:25.08Z", "LastModifiedDate": "2025-10-17T15:24:25.58Z" }, { "VulnerabilityID": "CVE-2024-57843", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-57843", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:57a4728a27190ff69ce7cb508e0c2b5554cfb4ab960a23d7984844cd1297dc0f", "Title": "kernel: virtio-net: fix overflow inside virtnet_rq_alloc", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-net: fix overflow inside virtnet_rq_alloc\n\nWhen the frag just got a page, then may lead to regression on VM.\nSpecially if the sysctl net.core.high_order_alloc_disable value is 1,\nthen the frag always get a page when do refill.\n\nWhich could see reliable crashes or scp failure (scp a file 100M in size\nto VM).\n\nThe issue is that the virtnet_rq_dma takes up 16 bytes at the beginning\nof a new frag. When the frag size is larger than PAGE_SIZE,\neverything is fine. However, if the frag is only one page and the\ntotal size of the buffer and virtnet_rq_dma is larger than one page, an\noverflow may occur.\n\nThe commit f9dac92ba908 (\"virtio_ring: enable premapped mode whatever\nuse_dma_api\") introduced this problem. And we reverted some commits to\nfix this in last linux version. Now we try to enable it and fix this\nbug directly.\n\nHere, when the frag size is not enough, we reduce the buffer len to fix\nthis problem.", "Severity": "MEDIUM", "CweIDs": [ "CWE-191" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-57843", "https://git.kernel.org/linus/6aacd1484468361d1d04badfe75f264fa5314864 (6.13-rc1)", "https://git.kernel.org/stable/c/67a11de8965c2ab19e215fb6651d44847e068614", "https://git.kernel.org/stable/c/6aacd1484468361d1d04badfe75f264fa5314864", "https://git.kernel.org/stable/c/a8f7d6963768b114ec9644ff0148dde4c104e84b", "https://linux.oracle.com/cve/CVE-2024-57843.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lore.kernel.org/linux-cve-announce/2025011103-CVE-2024-57843-1c15@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-57843", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-57843" ], "PublishedDate": "2025-01-11T15:15:07.17Z", "LastModifiedDate": "2025-09-24T18:41:29.5Z" }, { "VulnerabilityID": "CVE-2024-57852", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-57852", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3bb083b8835ec0369e97fa5e26e5d622a685b98e1530502bb57fd5dbd4a32b71", "Title": "kernel: firmware: qcom: scm: smc: Handle missing SCM device", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: qcom: scm: smc: Handle missing SCM device\n\nCommit ca61d6836e6f (\"firmware: qcom: scm: fix a NULL-pointer\ndereference\") makes it explicit that qcom_scm_get_tzmem_pool() can\nreturn NULL, therefore its users should handle this.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-57852", "https://git.kernel.org/linus/94f48ecf0a538019ca2025e0b0da391f8e7cc58c (6.14-rc1)", "https://git.kernel.org/stable/c/57a811c0886f3f3677bb4619502b35b5bb917f2e", "https://git.kernel.org/stable/c/94f48ecf0a538019ca2025e0b0da391f8e7cc58c", "https://git.kernel.org/stable/c/cd955b75849b58b650ca3f87b83bd78cde1da8bc", "https://linux.oracle.com/cve/CVE-2024-57852.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025022603-CVE-2024-57852-f942@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-57852", "https://ubuntu.com/security/notices/USN-7521-1", "https://ubuntu.com/security/notices/USN-7521-2", "https://ubuntu.com/security/notices/USN-7521-3", "https://www.cve.org/CVERecord?id=CVE-2024-57852" ], "PublishedDate": "2025-02-27T03:15:10.977Z", "LastModifiedDate": "2025-10-23T13:04:42.31Z" }, { "VulnerabilityID": "CVE-2024-57857", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-57857", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2bc56f5cbe5a7354064815abae52aa2905e2836f22562d29a5bca1519bb053d1", "Title": "kernel: RDMA/siw: Remove direct link to net_device", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/siw: Remove direct link to net_device\n\nDo not manage a per device direct link to net_device. Rely\non associated ib_devices net_device management, not doubling\nthe effort locally. A badly managed local link to net_device\nwas causing a 'KASAN: slab-use-after-free' exception during\nsiw_query_port() call.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-57857", "https://git.kernel.org/linus/16b87037b48889d21854c8e97aec8a1baf2642b3 (6.13-rc6)", "https://git.kernel.org/stable/c/16b87037b48889d21854c8e97aec8a1baf2642b3", "https://git.kernel.org/stable/c/4eafeb4f021c50d13f199239d913b37de3c83135", "https://linux.oracle.com/cve/CVE-2024-57857.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025011534-CVE-2024-57857-29db@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-57857", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://www.cve.org/CVERecord?id=CVE-2024-57857" ], "PublishedDate": "2025-01-15T13:15:12.403Z", "LastModifiedDate": "2025-03-24T17:30:34.487Z" }, { "VulnerabilityID": "CVE-2024-57872", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-57872", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:550e764e0a04a948836528dada454030024371e454360afe4edf49e24910fef3", "Title": "kernel: scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove()\n\nThis will ensure that the scsi host is cleaned up properly using\nscsi_host_dev_release(). Otherwise, it may lead to memory leaks.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-57872", "https://git.kernel.org/linus/897df60c16d54ad515a3d0887edab5c63da06d1f (6.13-rc2)", "https://git.kernel.org/stable/c/897df60c16d54ad515a3d0887edab5c63da06d1f", "https://git.kernel.org/stable/c/cd188519d2467ab4c2141587b0551ba030abff0e", "https://linux.oracle.com/cve/CVE-2024-57872.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025011104-CVE-2024-57872-28ee@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-57872", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-57872" ], "PublishedDate": "2025-01-11T15:15:07.56Z", "LastModifiedDate": "2025-10-01T20:17:58.12Z" }, { "VulnerabilityID": "CVE-2024-57875", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-57875", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:dace0693f0d9e64fe48596c0bbde49cc987f14d77448b22b6d0c3ba88d57d10b", "Title": "kernel: block: RCU protect disk-\u003econv_zones_bitmap", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: RCU protect disk-\u003econv_zones_bitmap\n\nEnsure that a disk revalidation changing the conventional zones bitmap\nof a disk does not cause invalid memory references when using the\ndisk_zone_is_conv() helper by RCU protecting the disk-\u003econv_zones_bitmap\npointer.\n\ndisk_zone_is_conv() is modified to operate under the RCU read lock and\nthe function disk_set_conv_zones_bitmap() is added to update a disk\nconv_zones_bitmap pointer using rcu_replace_pointer() with the disk\nzone_wplugs_lock spinlock held.\n\ndisk_free_zone_resources() is modified to call\ndisk_update_zone_resources() with a NULL bitmap pointer to free the disk\nconv_zones_bitmap. disk_set_conv_zones_bitmap() is also used in\ndisk_update_zone_resources() to set the new (revalidated) bitmap and\nfree the old one.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-57875", "https://git.kernel.org/linus/d7cb6d7414ea1b33536fa6d11805cb8dceec1f97 (6.13-rc1)", "https://git.kernel.org/stable/c/493326c4f10cc71a42c27fdc97ce112182ee4cbc", "https://git.kernel.org/stable/c/d7cb6d7414ea1b33536fa6d11805cb8dceec1f97", "https://linux.oracle.com/cve/CVE-2024-57875.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025011107-CVE-2024-57875-7902@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-57875", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://www.cve.org/CVERecord?id=CVE-2024-57875" ], "PublishedDate": "2025-01-11T15:15:07.803Z", "LastModifiedDate": "2025-10-17T15:27:09.94Z" }, { "VulnerabilityID": "CVE-2024-57876", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-57876", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:458a2c3ae15c435a6258bf11243493d972d8c2b026c76d3b554b49314401f3b2", "Title": "kernel: drm/dp_mst: Fix resetting msg rx state after topology removal", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/dp_mst: Fix resetting msg rx state after topology removal\n\nIf the MST topology is removed during the reception of an MST down reply\nor MST up request sideband message, the\ndrm_dp_mst_topology_mgr::up_req_recv/down_rep_recv states could be reset\nfrom one thread via drm_dp_mst_topology_mgr_set_mst(false), racing with\nthe reading/parsing of the message from another thread via\ndrm_dp_mst_handle_down_rep() or drm_dp_mst_handle_up_req(). The race is\npossible since the reader/parser doesn't hold any lock while accessing\nthe reception state. This in turn can lead to a memory corruption in the\nreader/parser as described by commit bd2fccac61b4 (\"drm/dp_mst: Fix MST\nsideband message body length check\").\n\nFix the above by resetting the message reception state if needed before\nreading/parsing a message. Another solution would be to hold the\ndrm_dp_mst_topology_mgr::lock for the whole duration of the message\nreception/parsing in drm_dp_mst_handle_down_rep() and\ndrm_dp_mst_handle_up_req(), however this would require a bigger change.\nSince the fix is also needed for stable, opting for the simpler solution\nin this patch.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362", "CWE-787" ], "VendorSeverity": { "amazon": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "V3Score": 4.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-57876", "https://git.kernel.org/linus/a6fa67d26de385c3c7a23c1e109a0e23bfda4ec7 (6.13-rc2)", "https://git.kernel.org/stable/c/94b33b2d7640e807869451384eb88321dd0ffbd4", "https://git.kernel.org/stable/c/a6fa67d26de385c3c7a23c1e109a0e23bfda4ec7", "https://git.kernel.org/stable/c/be826b4451fd187a7c0b04be4f8243d5df6e0450", "https://git.kernel.org/stable/c/d834d20d2e86c52ed5cab41763fa61e6071680ef", "https://linux.oracle.com/cve/CVE-2024-57876.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2025011107-CVE-2024-57876-1d02@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-57876", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-57876" ], "PublishedDate": "2025-01-11T15:15:07.93Z", "LastModifiedDate": "2025-11-03T21:18:37.043Z" }, { "VulnerabilityID": "CVE-2024-57887", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-57887", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:59f27a3fd2b764511691564263ddc97afd118358b7849919545f4abe4f71bf1c", "Title": "kernel: drm: adv7511: Fix use-after-free in adv7533_attach_dsi()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: adv7511: Fix use-after-free in adv7533_attach_dsi()\n\nThe host_node pointer was assigned and freed in adv7533_parse_dt(), and\nlater, adv7533_attach_dsi() uses the same. Fix this use-after-free issue\nby dropping of_node_put() in adv7533_parse_dt() and calling of_node_put()\nin error path of probe() and also in the remove().", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-57887", "https://git.kernel.org/linus/81adbd3ff21c1182e06aa02c6be0bfd9ea02d8e8 (6.13-rc6)", "https://git.kernel.org/stable/c/1f49aaf55652580ae63ab83d67211fe6a55d83dc", "https://git.kernel.org/stable/c/81adbd3ff21c1182e06aa02c6be0bfd9ea02d8e8", "https://git.kernel.org/stable/c/acec80d9f126cd3fa764bbe3d96bc0cb5cd2b087", "https://git.kernel.org/stable/c/ca9d077350fa21897de8bf64cba23b198740aab5", "https://git.kernel.org/stable/c/d208571943ffddc438a7ce533d5d0b9219806242", "https://linux.oracle.com/cve/CVE-2024-57887.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html", "https://lore.kernel.org/linux-cve-announce/2025011511-CVE-2024-57887-db31@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-57887", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7513-1", "https://ubuntu.com/security/notices/USN-7513-2", "https://ubuntu.com/security/notices/USN-7513-3", "https://ubuntu.com/security/notices/USN-7513-4", "https://ubuntu.com/security/notices/USN-7513-5", "https://ubuntu.com/security/notices/USN-7514-1", "https://ubuntu.com/security/notices/USN-7515-1", "https://ubuntu.com/security/notices/USN-7515-2", "https://ubuntu.com/security/notices/USN-7522-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-57887" ], "PublishedDate": "2025-01-15T13:15:13.13Z", "LastModifiedDate": "2025-11-03T21:18:37.55Z" }, { "VulnerabilityID": "CVE-2024-57888", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-57888", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:28b0814d3e86d772bb7673665b6419b25e8cc782bd27f12bea924fd244f8a501", "Title": "kernel: workqueue: Do not warn when cancelling WQ_MEM_RECLAIM work from !WQ_MEM_RECLAIM worker", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nworkqueue: Do not warn when cancelling WQ_MEM_RECLAIM work from !WQ_MEM_RECLAIM worker\n\nAfter commit\n746ae46c1113 (\"drm/sched: Mark scheduler work queues with WQ_MEM_RECLAIM\")\namdgpu started seeing the following warning:\n\n [ ] workqueue: WQ_MEM_RECLAIM sdma0:drm_sched_run_job_work [gpu_sched] is flushing !WQ_MEM_RECLAIM events:amdgpu_device_delay_enable_gfx_off [amdgpu]\n...\n [ ] Workqueue: sdma0 drm_sched_run_job_work [gpu_sched]\n...\n [ ] Call Trace:\n [ ] \u003cTASK\u003e\n...\n [ ] ? check_flush_dependency+0xf5/0x110\n...\n [ ] cancel_delayed_work_sync+0x6e/0x80\n [ ] amdgpu_gfx_off_ctrl+0xab/0x140 [amdgpu]\n [ ] amdgpu_ring_alloc+0x40/0x50 [amdgpu]\n [ ] amdgpu_ib_schedule+0xf4/0x810 [amdgpu]\n [ ] ? drm_sched_run_job_work+0x22c/0x430 [gpu_sched]\n [ ] amdgpu_job_run+0xaa/0x1f0 [amdgpu]\n [ ] drm_sched_run_job_work+0x257/0x430 [gpu_sched]\n [ ] process_one_work+0x217/0x720\n...\n [ ] \u003c/TASK\u003e\n\nThe intent of the verifcation done in check_flush_depedency is to ensure\nforward progress during memory reclaim, by flagging cases when either a\nmemory reclaim process, or a memory reclaim work item is flushed from a\ncontext not marked as memory reclaim safe.\n\nThis is correct when flushing, but when called from the\ncancel(_delayed)_work_sync() paths it is a false positive because work is\neither already running, or will not be running at all. Therefore\ncancelling it is safe and we can relax the warning criteria by letting the\nhelper know of the calling context.\n\nReferences: 746ae46c1113 (\"drm/sched: Mark scheduler work queues with WQ_MEM_RECLAIM\")", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-57888", "https://git.kernel.org/linus/de35994ecd2dd6148ab5a6c5050a1670a04dec77 (6.13-rc6)", "https://git.kernel.org/stable/c/1fd2a57dcb4de3cb40844a29c71b5d7b46a84334", "https://git.kernel.org/stable/c/de35994ecd2dd6148ab5a6c5050a1670a04dec77", "https://git.kernel.org/stable/c/ffb231471a407c96e114070bf828cd2378fdf431", "https://linux.oracle.com/cve/CVE-2024-57888.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lore.kernel.org/linux-cve-announce/2025011511-CVE-2024-57888-0b38@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-57888", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7513-1", "https://ubuntu.com/security/notices/USN-7513-2", "https://ubuntu.com/security/notices/USN-7513-3", "https://ubuntu.com/security/notices/USN-7513-4", "https://ubuntu.com/security/notices/USN-7513-5", "https://ubuntu.com/security/notices/USN-7514-1", "https://ubuntu.com/security/notices/USN-7515-1", "https://ubuntu.com/security/notices/USN-7515-2", "https://ubuntu.com/security/notices/USN-7522-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-57888" ], "PublishedDate": "2025-01-15T13:15:13.24Z", "LastModifiedDate": "2025-10-21T11:41:58.687Z" }, { "VulnerabilityID": "CVE-2024-57893", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-57893", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6989e63b6637205538b97961dab965c7acc14a1f743acb56c436ab47ae8cf9dd", "Title": "kernel: ALSA: seq: oss: Fix races at processing SysEx messages", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: seq: oss: Fix races at processing SysEx messages\n\nOSS sequencer handles the SysEx messages split in 6 bytes packets, and\nALSA sequencer OSS layer tries to combine those. It stores the data\nin the internal buffer and this access is racy as of now, which may\nlead to the out-of-bounds access.\n\nAs a temporary band-aid fix, introduce a mutex for serializing the\nprocess of the SysEx message packets.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 6.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 6.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-57893", "https://git.kernel.org/linus/0179488ca992d79908b8e26b9213f1554fc5bacc (6.13-rc6)", "https://git.kernel.org/stable/c/0179488ca992d79908b8e26b9213f1554fc5bacc", "https://git.kernel.org/stable/c/9d382112b36382aa65aad765f189ebde9926c101", "https://git.kernel.org/stable/c/cff1de87ed14fc0f2332213d2367100e7ad0753a", "https://git.kernel.org/stable/c/d2392b79d8af3714ea8878b71c66dc49d3110f44", "https://linux.oracle.com/cve/CVE-2024-57893.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2025011513-CVE-2024-57893-b263@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-57893", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7513-1", "https://ubuntu.com/security/notices/USN-7513-2", "https://ubuntu.com/security/notices/USN-7513-3", "https://ubuntu.com/security/notices/USN-7513-4", "https://ubuntu.com/security/notices/USN-7513-5", "https://ubuntu.com/security/notices/USN-7514-1", "https://ubuntu.com/security/notices/USN-7515-1", "https://ubuntu.com/security/notices/USN-7515-2", "https://ubuntu.com/security/notices/USN-7522-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-57893" ], "PublishedDate": "2025-01-15T13:15:13.82Z", "LastModifiedDate": "2025-11-03T21:18:38.89Z" }, { "VulnerabilityID": "CVE-2024-57895", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-57895", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8766e7853f1e226d76f51f79046625d7fdd5f8658a0e74281e95e6d716accbe6", "Title": "kernel: ksmbd: set ATTR_CTIME flags when setting mtime", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: set ATTR_CTIME flags when setting mtime\n\nDavid reported that the new warning from setattr_copy_mgtime is coming\nlike the following.\n\n[ 113.215316] ------------[ cut here ]------------\n[ 113.215974] WARNING: CPU: 1 PID: 31 at fs/attr.c:300 setattr_copy+0x1ee/0x200\n[ 113.219192] CPU: 1 UID: 0 PID: 31 Comm: kworker/1:1 Not tainted 6.13.0-rc1+ #234\n[ 113.220127] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014\n[ 113.221530] Workqueue: ksmbd-io handle_ksmbd_work [ksmbd]\n[ 113.222220] RIP: 0010:setattr_copy+0x1ee/0x200\n[ 113.222833] Code: 24 28 49 8b 44 24 30 48 89 53 58 89 43 6c 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 48 89 df e8 77 d6 ff ff e9 cd fe ff ff \u003c0f\u003e 0b e9 be fe ff ff 66 0\n[ 113.225110] RSP: 0018:ffffaf218010fb68 EFLAGS: 00010202\n[ 113.225765] RAX: 0000000000000120 RBX: ffffa446815f8568 RCX: 0000000000000003\n[ 113.226667] RDX: ffffaf218010fd38 RSI: ffffa446815f8568 RDI: ffffffff94eb03a0\n[ 113.227531] RBP: ffffaf218010fb90 R08: 0000001a251e217d R09: 00000000675259fa\n[ 113.228426] R10: 0000000002ba8a6d R11: ffffa4468196c7a8 R12: ffffaf218010fd38\n[ 113.229304] R13: 0000000000000120 R14: ffffffff94eb03a0 R15: 0000000000000000\n[ 113.230210] FS: 0000000000000000(0000) GS:ffffa44739d00000(0000) knlGS:0000000000000000\n[ 113.231215] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 113.232055] CR2: 00007efe0053d27e CR3: 000000000331a000 CR4: 00000000000006b0\n[ 113.232926] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 113.233812] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 113.234797] Call Trace:\n[ 113.235116] \u003cTASK\u003e\n[ 113.235393] ? __warn+0x73/0xd0\n[ 113.235802] ? setattr_copy+0x1ee/0x200\n[ 113.236299] ? report_bug+0xf3/0x1e0\n[ 113.236757] ? handle_bug+0x4d/0x90\n[ 113.237202] ? exc_invalid_op+0x13/0x60\n[ 113.237689] ? asm_exc_invalid_op+0x16/0x20\n[ 113.238185] ? setattr_copy+0x1ee/0x200\n[ 113.238692] btrfs_setattr+0x80/0x820 [btrfs]\n[ 113.239285] ? get_stack_info_noinstr+0x12/0xf0\n[ 113.239857] ? __module_address+0x22/0xa0\n[ 113.240368] ? handle_ksmbd_work+0x6e/0x460 [ksmbd]\n[ 113.240993] ? __module_text_address+0x9/0x50\n[ 113.241545] ? __module_address+0x22/0xa0\n[ 113.242033] ? unwind_next_frame+0x10e/0x920\n[ 113.242600] ? __pfx_stack_trace_consume_entry+0x10/0x10\n[ 113.243268] notify_change+0x2c2/0x4e0\n[ 113.243746] ? stack_depot_save_flags+0x27/0x730\n[ 113.244339] ? set_file_basic_info+0x130/0x2b0 [ksmbd]\n[ 113.244993] set_file_basic_info+0x130/0x2b0 [ksmbd]\n[ 113.245613] ? process_scheduled_works+0xbe/0x310\n[ 113.246181] ? worker_thread+0x100/0x240\n[ 113.246696] ? kthread+0xc8/0x100\n[ 113.247126] ? ret_from_fork+0x2b/0x40\n[ 113.247606] ? ret_from_fork_asm+0x1a/0x30\n[ 113.248132] smb2_set_info+0x63f/0xa70 [ksmbd]\n\nksmbd is trying to set the atime and mtime via notify_change without also\nsetting the ctime. so This patch add ATTR_CTIME flags when setting mtime\nto avoid a warning.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-57895", "https://git.kernel.org/linus/21e46a79bbe6c4e1aa73b3ed998130f2ff07b128 (6.13-rc3)", "https://git.kernel.org/stable/c/1d7ee876b8b96efc14e177a7fe8d45ac25d68849", "https://git.kernel.org/stable/c/21e46a79bbe6c4e1aa73b3ed998130f2ff07b128", "https://git.kernel.org/stable/c/52cefcff6a4a814f4f8e357422fcfb71fd2ebf75", "https://git.kernel.org/stable/c/c7ab587bd33ce45e2aa6b6d2d36be7ef0bd16614", "https://linux.oracle.com/cve/CVE-2024-57895.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025011514-CVE-2024-57895-9034@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-57895", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7513-1", "https://ubuntu.com/security/notices/USN-7513-2", "https://ubuntu.com/security/notices/USN-7513-3", "https://ubuntu.com/security/notices/USN-7513-4", "https://ubuntu.com/security/notices/USN-7513-5", "https://ubuntu.com/security/notices/USN-7514-1", "https://ubuntu.com/security/notices/USN-7515-1", "https://ubuntu.com/security/notices/USN-7515-2", "https://ubuntu.com/security/notices/USN-7522-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-57895" ], "PublishedDate": "2025-01-15T13:15:14.06Z", "LastModifiedDate": "2026-02-19T16:27:08.647Z" }, { "VulnerabilityID": "CVE-2024-57898", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-57898", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3ff912a03edf9956eef2189061e21a96edaf964eba764eb0351015bf0e821a4a", "Title": "kernel: wifi: cfg80211: clear link ID from bitmap during link delete after clean up", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: clear link ID from bitmap during link delete after clean up\n\nCurrently, during link deletion, the link ID is first removed from the\nvalid_links bitmap before performing any clean-up operations. However, some\nfunctions require the link ID to remain in the valid_links bitmap. One\nsuch example is cfg80211_cac_event(). The flow is -\n\nnl80211_remove_link()\n cfg80211_remove_link()\n ieee80211_del_intf_link()\n ieee80211_vif_set_links()\n ieee80211_vif_update_links()\n ieee80211_link_stop()\n cfg80211_cac_event()\n\ncfg80211_cac_event() requires link ID to be present but it is cleared\nalready in cfg80211_remove_link(). Ultimately, WARN_ON() is hit.\n\nTherefore, clear the link ID from the bitmap only after completing the link\nclean-up.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 1, "oracle-oval": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-57898", "https://git.kernel.org/linus/b5c32ff6a3a38c74facdd1fe34c0d709a55527fd (6.13-rc3)", "https://git.kernel.org/stable/c/ae07daf440d3220d0986e676317a5da66e4f9dfd", "https://git.kernel.org/stable/c/b5c32ff6a3a38c74facdd1fe34c0d709a55527fd", "https://linux.oracle.com/cve/CVE-2024-57898.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lore.kernel.org/linux-cve-announce/2025011515-CVE-2024-57898-bfde@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-57898", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7513-1", "https://ubuntu.com/security/notices/USN-7513-2", "https://ubuntu.com/security/notices/USN-7513-3", "https://ubuntu.com/security/notices/USN-7513-4", "https://ubuntu.com/security/notices/USN-7513-5", "https://ubuntu.com/security/notices/USN-7514-1", "https://ubuntu.com/security/notices/USN-7515-1", "https://ubuntu.com/security/notices/USN-7515-2", "https://ubuntu.com/security/notices/USN-7522-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-57898" ], "PublishedDate": "2025-01-15T13:15:14.427Z", "LastModifiedDate": "2025-10-17T16:11:24.317Z" }, { "VulnerabilityID": "CVE-2024-57899", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-57899", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a04bd0ab5cc58fad8c1ae041d479a69557370f1c161bd7c529b4c7053e395b69", "Title": "kernel: wifi: mac80211: fix mbss changed flags corruption on 32 bit systems", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix mbss changed flags corruption on 32 bit systems\n\nOn 32-bit systems, the size of an unsigned long is 4 bytes,\nwhile a u64 is 8 bytes. Therefore, when using\nor_each_set_bit(bit, \u0026bits, sizeof(changed) * BITS_PER_BYTE),\nthe code is incorrectly searching for a bit in a 32-bit\nvariable that is expected to be 64 bits in size,\nleading to incorrect bit finding.\n\nSolution: Ensure that the size of the bits variable is correctly\nadjusted for each architecture.\n\n Call Trace:\n ? show_regs+0x54/0x58\n ? __warn+0x6b/0xd4\n ? ieee80211_link_info_change_notify+0xcc/0xd4 [mac80211]\n ? report_bug+0x113/0x150\n ? exc_overflow+0x30/0x30\n ? handle_bug+0x27/0x44\n ? exc_invalid_op+0x18/0x50\n ? handle_exception+0xf6/0xf6\n ? exc_overflow+0x30/0x30\n ? ieee80211_link_info_change_notify+0xcc/0xd4 [mac80211]\n ? exc_overflow+0x30/0x30\n ? ieee80211_link_info_change_notify+0xcc/0xd4 [mac80211]\n ? ieee80211_mesh_work+0xff/0x260 [mac80211]\n ? cfg80211_wiphy_work+0x72/0x98 [cfg80211]\n ? process_one_work+0xf1/0x1fc\n ? worker_thread+0x2c0/0x3b4\n ? kthread+0xc7/0xf0\n ? mod_delayed_work_on+0x4c/0x4c\n ? kthread_complete_and_exit+0x14/0x14\n ? ret_from_fork+0x24/0x38\n ? kthread_complete_and_exit+0x14/0x14\n ? ret_from_fork_asm+0xf/0x14\n ? entry_INT80_32+0xf0/0xf0\n\n[restore no-op path for no changes]", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 3, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-57899", "https://git.kernel.org/linus/49dba1ded8dd5a6a12748631403240b2ab245c34 (6.13-rc3)", "https://git.kernel.org/stable/c/36b739637d7042843f9df57212ecee6ed6e0d4b2", "https://git.kernel.org/stable/c/49dba1ded8dd5a6a12748631403240b2ab245c34", "https://git.kernel.org/stable/c/86772872f9f5097cd03d0e1c6813238bd38c250b", "https://linux.oracle.com/cve/CVE-2024-57899.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025011515-CVE-2024-57899-0b1c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-57899", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7513-1", "https://ubuntu.com/security/notices/USN-7513-2", "https://ubuntu.com/security/notices/USN-7513-3", "https://ubuntu.com/security/notices/USN-7513-4", "https://ubuntu.com/security/notices/USN-7513-5", "https://ubuntu.com/security/notices/USN-7514-1", "https://ubuntu.com/security/notices/USN-7515-1", "https://ubuntu.com/security/notices/USN-7515-2", "https://ubuntu.com/security/notices/USN-7522-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-57899" ], "PublishedDate": "2025-01-15T13:15:14.54Z", "LastModifiedDate": "2025-10-17T16:09:44.617Z" }, { "VulnerabilityID": "CVE-2024-57924", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-57924", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:50eec114f07da9edde2cad7524e674190db356e4a63d5038b8704763ef10ce60", "Title": "kernel: fs: relax assertions on failure to encode file handles", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: relax assertions on failure to encode file handles\n\nEncoding file handles is usually performed by a filesystem \u003eencode_fh()\nmethod that may fail for various reasons.\n\nThe legacy users of exportfs_encode_fh(), namely, nfsd and\nname_to_handle_at(2) syscall are ready to cope with the possibility\nof failure to encode a file handle.\n\nThere are a few other users of exportfs_encode_{fh,fid}() that\ncurrently have a WARN_ON() assertion when -\u003eencode_fh() fails.\nRelax those assertions because they are wrong.\n\nThe second linked bug report states commit 16aac5ad1fa9 (\"ovl: support\nencoding non-decodable file handles\") in v6.6 as the regressing commit,\nbut this is not accurate.\n\nThe aforementioned commit only increases the chances of the assertion\nand allows triggering the assertion with the reproducer using overlayfs,\ninotify and drop_caches.\n\nTriggering this assertion was always possible with other filesystems and\nother reasons of -\u003eencode_fh() failures and more particularly, it was\nalso possible with the exact same reproducer using overlayfs that is\nmounted with options index=on,nfs_export=on also on kernels \u003c v6.6.\nTherefore, I am not listing the aforementioned commit as a Fixes commit.\n\nBackport hint: this patch will have a trivial conflict applying to\nv6.6.y, and other trivial conflicts applying to stable kernels \u003c v6.6.", "Severity": "MEDIUM", "CweIDs": [ "CWE-617" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-57924", "https://git.kernel.org/linus/974e3fe0ac61de85015bbe5a4990cf4127b304b2 (6.13-rc7)", "https://git.kernel.org/stable/c/73697928c806fe4689939722184a86fc1c1957b4", "https://git.kernel.org/stable/c/974e3fe0ac61de85015bbe5a4990cf4127b304b2", "https://git.kernel.org/stable/c/adcde2872f8fc399b249758ae1990dcd53b694ea", "https://git.kernel.org/stable/c/f47c834a9131ae64bee3c462f4e610c67b0a000f", "https://linux.oracle.com/cve/CVE-2024-57924.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025011943-CVE-2024-57924-954a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-57924", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7595-1", "https://ubuntu.com/security/notices/USN-7595-2", "https://ubuntu.com/security/notices/USN-7595-3", "https://ubuntu.com/security/notices/USN-7595-4", "https://ubuntu.com/security/notices/USN-7595-5", "https://ubuntu.com/security/notices/USN-7596-1", "https://ubuntu.com/security/notices/USN-7596-2", "https://ubuntu.com/security/notices/USN-7653-1", "https://www.cve.org/CVERecord?id=CVE-2024-57924" ], "PublishedDate": "2025-01-19T12:15:26.53Z", "LastModifiedDate": "2025-11-03T18:15:45.04Z" }, { "VulnerabilityID": "CVE-2024-57945", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-57945", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:190d1f6288250c3e7ff4d7f7db960bbea5a7d743ca625716116f68f59a1f3c89", "Title": "kernel: riscv: mm: Fix the out of bound issue of vmemmap address", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: mm: Fix the out of bound issue of vmemmap address\n\nIn sparse vmemmap model, the virtual address of vmemmap is calculated as:\n((struct page *)VMEMMAP_START - (phys_ram_base \u003e\u003e PAGE_SHIFT)).\nAnd the struct page's va can be calculated with an offset:\n(vmemmap + (pfn)).\n\nHowever, when initializing struct pages, kernel actually starts from the\nfirst page from the same section that phys_ram_base belongs to. If the\nfirst page's physical address is not (phys_ram_base \u003e\u003e PAGE_SHIFT), then\nwe get an va below VMEMMAP_START when calculating va for it's struct page.\n\nFor example, if phys_ram_base starts from 0x82000000 with pfn 0x82000, the\nfirst page in the same section is actually pfn 0x80000. During\ninit_unavailable_range(), we will initialize struct page for pfn 0x80000\nwith virtual address ((struct page *)VMEMMAP_START - 0x2000), which is\nbelow VMEMMAP_START as well as PCI_IO_END.\n\nThis commit fixes this bug by introducing a new variable\n'vmemmap_start_pfn' which is aligned with memory section size and using\nit to calculate vmemmap address instead of phys_ram_base.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "nvd": 3, "oracle-oval": 3, "photon": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-57945", "https://git.kernel.org/linus/f754f27e98f88428aaf6be6e00f5cbce97f62d4b (6.13-rc7)", "https://git.kernel.org/stable/c/92f08673d3f1893191323572f60e3c62f2e57c2f", "https://git.kernel.org/stable/c/a4a7ac3d266008018f05fae53060fcb331151a14", "https://git.kernel.org/stable/c/d2bd51954ac8377c2f1eb1813e694788998add66", "https://git.kernel.org/stable/c/f754f27e98f88428aaf6be6e00f5cbce97f62d4b", "https://linux.oracle.com/cve/CVE-2024-57945.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html", "https://lore.kernel.org/linux-cve-announce/2025012130-CVE-2024-57945-248b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-57945", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7513-1", "https://ubuntu.com/security/notices/USN-7513-2", "https://ubuntu.com/security/notices/USN-7513-3", "https://ubuntu.com/security/notices/USN-7513-4", "https://ubuntu.com/security/notices/USN-7513-5", "https://ubuntu.com/security/notices/USN-7514-1", "https://ubuntu.com/security/notices/USN-7515-1", "https://ubuntu.com/security/notices/USN-7515-2", "https://ubuntu.com/security/notices/USN-7522-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-57945" ], "PublishedDate": "2025-01-21T13:15:09.033Z", "LastModifiedDate": "2025-11-03T20:16:55.583Z" }, { "VulnerabilityID": "CVE-2024-57950", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-57950", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5f88f2e4d583a4d773760930a9bf319080aae69f214dbb91468cbd61f9359671", "Title": "kernel: drm/amd/display: Initialize denominator defaults to 1", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Initialize denominator defaults to 1\n\n[WHAT \u0026 HOW]\nVariables, used as denominators and maybe not assigned to other values,\nshould be initialized to non-zero to avoid DIVIDE_BY_ZERO, as reported\nby Coverity.\n\n(cherry picked from commit e2c4c6c10542ccfe4a0830bb6c9fd5b177b7bbb7)", "Severity": "MEDIUM", "CweIDs": [ "CWE-369" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-57950", "https://git.kernel.org/linus/36b23e3baf9129d5b6c3a3a85b6b7ffb75ae287c (6.13)", "https://git.kernel.org/stable/c/36b23e3baf9129d5b6c3a3a85b6b7ffb75ae287c", "https://git.kernel.org/stable/c/c9d6afb4f9c338049662d27d169fba7dd60e337d", "https://linux.oracle.com/cve/CVE-2024-57950.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025021052-CVE-2024-57950-ec91@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-57950", "https://ubuntu.com/security/notices/USN-7445-1", "https://ubuntu.com/security/notices/USN-7448-1", "https://www.cve.org/CVERecord?id=CVE-2024-57950" ], "PublishedDate": "2025-02-10T16:15:37.913Z", "LastModifiedDate": "2025-10-01T20:18:07.233Z" }, { "VulnerabilityID": "CVE-2024-57952", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-57952", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b227d773a5e3ffe406fa9fb5b7522713b371da2aa91043cfdf13a0573cab352c", "Title": "kernel: Revert \"libfs: fix infinite directory reads for offset dir\"", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"libfs: fix infinite directory reads for offset dir\"\n\nThe current directory offset allocator (based on mtree_alloc_cyclic)\nstores the next offset value to return in octx-\u003enext_offset. This\nmechanism typically returns values that increase monotonically over\ntime. Eventually, though, the newly allocated offset value wraps\nback to a low number (say, 2) which is smaller than other already-\nallocated offset values.\n\nYu Kuai \u003cyukuai3@huawei.com\u003e reports that, after commit 64a7ce76fb90\n(\"libfs: fix infinite directory reads for offset dir\"), if a\ndirectory's offset allocator wraps, existing entries are no longer\nvisible via readdir/getdents because offset_readdir() stops listing\nentries once an entry's offset is larger than octx-\u003enext_offset.\nThese entries vanish persistently -- they can be looked up, but will\nnever again appear in readdir(3) output.\n\nThe reason for this is that the commit treats directory offsets as\nmonotonically increasing integer values rather than opaque cookies,\nand introduces this comparison:\n\n\tif (dentry2offset(dentry) \u003e= last_index) {\n\nOn 64-bit platforms, the directory offset value upper bound is\n2^63 - 1. Directory offsets will monotonically increase for millions\nof years without wrapping.\n\nOn 32-bit platforms, however, LONG_MAX is 2^31 - 1. The allocator\ncan wrap after only a few weeks (at worst).\n\nRevert commit 64a7ce76fb90 (\"libfs: fix infinite directory reads for\noffset dir\") to prepare for a fix that can work properly on 32-bit\nsystems and might apply to recent LTS kernels where shmem employs\nthe simple_offset mechanism.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-57952", "https://git.kernel.org/linus/b662d858131da9a8a14e68661656989b14dbf113 (6.14-rc1)", "https://git.kernel.org/stable/c/3f250b82040a72b0059ae00855a74d8570ad2147", "https://git.kernel.org/stable/c/9e9e710f68bac49bd9b587823c077d06363440e0", "https://git.kernel.org/stable/c/b662d858131da9a8a14e68661656989b14dbf113", "https://linux.oracle.com/cve/CVE-2024-57952.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025021259-CVE-2024-57952-c0fe@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-57952", "https://ubuntu.com/security/notices/USN-7445-1", "https://ubuntu.com/security/notices/USN-7448-1", "https://ubuntu.com/security/notices/USN-7595-1", "https://ubuntu.com/security/notices/USN-7595-2", "https://ubuntu.com/security/notices/USN-7595-3", "https://ubuntu.com/security/notices/USN-7595-4", "https://ubuntu.com/security/notices/USN-7595-5", "https://ubuntu.com/security/notices/USN-7596-1", "https://ubuntu.com/security/notices/USN-7596-2", "https://ubuntu.com/security/notices/USN-7653-1", "https://www.cve.org/CVERecord?id=CVE-2024-57952" ], "PublishedDate": "2025-02-12T14:15:31.54Z", "LastModifiedDate": "2025-10-01T20:18:07.677Z" }, { "VulnerabilityID": "CVE-2024-57974", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-57974", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:bf4a58a728f3c4368dec749bbfa1ace9dab6175b495678e0ca170a9ac9c93540", "Title": "kernel: udp: Deal with race between UDP socket address change and rehash", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nudp: Deal with race between UDP socket address change and rehash\n\nIf a UDP socket changes its local address while it's receiving\ndatagrams, as a result of connect(), there is a period during which\na lookup operation might fail to find it, after the address is changed\nbut before the secondary hash (port and address) and the four-tuple\nhash (local and remote ports and addresses) are updated.\n\nSecondary hash chains were introduced by commit 30fff9231fad (\"udp:\nbind() optimisation\") and, as a result, a rehash operation became\nneeded to make a bound socket reachable again after a connect().\n\nThis operation was introduced by commit 719f835853a9 (\"udp: add\nrehash on connect()\") which isn't however a complete fix: the\nsocket will be found once the rehashing completes, but not while\nit's pending.\n\nThis is noticeable with a socat(1) server in UDP4-LISTEN mode, and a\nclient sending datagrams to it. After the server receives the first\ndatagram (cf. _xioopen_ipdgram_listen()), it issues a connect() to\nthe address of the sender, in order to set up a directed flow.\n\nNow, if the client, running on a different CPU thread, happens to\nsend a (subsequent) datagram while the server's socket changes its\naddress, but is not rehashed yet, this will result in a failed\nlookup and a port unreachable error delivered to the client, as\napparent from the following reproducer:\n\n LEN=$(($(cat /proc/sys/net/core/wmem_default) / 4))\n dd if=/dev/urandom bs=1 count=${LEN} of=tmp.in\n\n while :; do\n \ttaskset -c 1 socat UDP4-LISTEN:1337,null-eof OPEN:tmp.out,create,trunc \u0026\n \tsleep 0.1 || sleep 1\n \ttaskset -c 2 socat OPEN:tmp.in UDP4:localhost:1337,shut-null\n \twait\n done\n\nwhere the client will eventually get ECONNREFUSED on a write()\n(typically the second or third one of a given iteration):\n\n 2024/11/13 21:28:23 socat[46901] E write(6, 0x556db2e3c000, 8192): Connection refused\n\nThis issue was first observed as a seldom failure in Podman's tests\nchecking UDP functionality while using pasta(1) to connect the\ncontainer's network namespace, which leads us to a reproducer with\nthe lookup error resulting in an ICMP packet on a tap device:\n\n LOCAL_ADDR=\"$(ip -j -4 addr show|jq -rM '.[] | .addr_info[0] | select(.scope == \"global\").local')\"\n\n while :; do\n \t./pasta --config-net -p pasta.pcap -u 1337 socat UDP4-LISTEN:1337,null-eof OPEN:tmp.out,create,trunc \u0026\n \tsleep 0.2 || sleep 1\n \tsocat OPEN:tmp.in UDP4:${LOCAL_ADDR}:1337,shut-null\n \twait\n \tcmp tmp.in tmp.out\n done\n\nOnce this fails:\n\n tmp.in tmp.out differ: char 8193, line 29\n\nwe can finally have a look at what's going on:\n\n $ tshark -r pasta.pcap\n 1 0.000000 :: ? ff02::16 ICMPv6 110 Multicast Listener Report Message v2\n 2 0.168690 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 3 0.168767 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 4 0.168806 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 5 0.168827 c6:47:05:8d:dc:04 ? Broadcast ARP 42 Who has 88.198.0.161? Tell 88.198.0.164\n 6 0.168851 9a:55:9a:55:9a:55 ? c6:47:05:8d:dc:04 ARP 42 88.198.0.161 is at 9a:55:9a:55:9a:55\n 7 0.168875 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 8 0.168896 88.198.0.164 ? 88.198.0.161 ICMP 590 Destination unreachable (Port unreachable)\n 9 0.168926 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 10 0.168959 88.198.0.161 ? 88.198.0.164 UDP 8234 60260 ? 1337 Len=8192\n 11 0.168989 88.198.0.161 ? 88.198.0.164 UDP 4138 60260 ? 1337 Len=4096\n 12 0.169010 88.198.0.161 ? 88.198.0.164 UDP 42 60260 ? 1337 Len=0\n\nOn the third datagram received, the network namespace of the container\ninitiates an ARP lookup to deliver the ICMP message.\n\nIn another variant of this reproducer, starting the client with:\n\n strace -f pasta --config-net -u 1337 socat UDP4-LISTEN:1337,null-eof OPEN:tmp.out,create,tru\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-57974", "https://git.kernel.org/linus/a502ea6fa94b1f7be72a24bcf9e3f5f6b7e6e90c (6.14-rc1)", "https://git.kernel.org/stable/c/4f8344fce91c5766d368edb0ad80142eacd805c7", "https://git.kernel.org/stable/c/a502ea6fa94b1f7be72a24bcf9e3f5f6b7e6e90c", "https://git.kernel.org/stable/c/d65d3bf309b2649d27b24efd0d8784da2d81f2a6", "https://linux.oracle.com/cve/CVE-2024-57974.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025022632-CVE-2024-57974-189e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-57974", "https://ubuntu.com/security/notices/USN-7521-1", "https://ubuntu.com/security/notices/USN-7521-2", "https://ubuntu.com/security/notices/USN-7521-3", "https://ubuntu.com/security/notices/USN-7651-1", "https://ubuntu.com/security/notices/USN-7651-2", "https://ubuntu.com/security/notices/USN-7651-3", "https://ubuntu.com/security/notices/USN-7651-4", "https://ubuntu.com/security/notices/USN-7651-5", "https://ubuntu.com/security/notices/USN-7651-6", "https://ubuntu.com/security/notices/USN-7652-1", "https://ubuntu.com/security/notices/USN-7653-1", "https://ubuntu.com/security/notices/USN-7737-1", "https://www.cve.org/CVERecord?id=CVE-2024-57974" ], "PublishedDate": "2025-02-27T02:15:10.59Z", "LastModifiedDate": "2025-10-23T18:00:26.13Z" }, { "VulnerabilityID": "CVE-2024-57975", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-57975", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2e04cb680e475e2e8d3d25db886a495788f1b74ca6b545507bdabcd979c971b6", "Title": "kernel: btrfs: do proper folio cleanup when run_delalloc_nocow() failed", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do proper folio cleanup when run_delalloc_nocow() failed\n\n[BUG]\nWith CONFIG_DEBUG_VM set, test case generic/476 has some chance to crash\nwith the following VM_BUG_ON_FOLIO():\n\n BTRFS error (device dm-3): cow_file_range failed, start 1146880 end 1253375 len 106496 ret -28\n BTRFS error (device dm-3): run_delalloc_nocow failed, start 1146880 end 1253375 len 106496 ret -28\n page: refcount:4 mapcount:0 mapping:00000000592787cc index:0x12 pfn:0x10664\n aops:btrfs_aops [btrfs] ino:101 dentry name(?):\"f1774\"\n flags: 0x2fffff80004028(uptodate|lru|private|node=0|zone=2|lastcpupid=0xfffff)\n page dumped because: VM_BUG_ON_FOLIO(!folio_test_locked(folio))\n ------------[ cut here ]------------\n kernel BUG at mm/page-writeback.c:2992!\n Internal error: Oops - BUG: 00000000f2000800 [#1] SMP\n CPU: 2 UID: 0 PID: 3943513 Comm: kworker/u24:15 Tainted: G OE 6.12.0-rc7-custom+ #87\n Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022\n Workqueue: events_unbound btrfs_async_reclaim_data_space [btrfs]\n pc : folio_clear_dirty_for_io+0x128/0x258\n lr : folio_clear_dirty_for_io+0x128/0x258\n Call trace:\n folio_clear_dirty_for_io+0x128/0x258\n btrfs_folio_clamp_clear_dirty+0x80/0xd0 [btrfs]\n __process_folios_contig+0x154/0x268 [btrfs]\n extent_clear_unlock_delalloc+0x5c/0x80 [btrfs]\n run_delalloc_nocow+0x5f8/0x760 [btrfs]\n btrfs_run_delalloc_range+0xa8/0x220 [btrfs]\n writepage_delalloc+0x230/0x4c8 [btrfs]\n extent_writepage+0xb8/0x358 [btrfs]\n extent_write_cache_pages+0x21c/0x4e8 [btrfs]\n btrfs_writepages+0x94/0x150 [btrfs]\n do_writepages+0x74/0x190\n filemap_fdatawrite_wbc+0x88/0xc8\n start_delalloc_inodes+0x178/0x3a8 [btrfs]\n btrfs_start_delalloc_roots+0x174/0x280 [btrfs]\n shrink_delalloc+0x114/0x280 [btrfs]\n flush_space+0x250/0x2f8 [btrfs]\n btrfs_async_reclaim_data_space+0x180/0x228 [btrfs]\n process_one_work+0x164/0x408\n worker_thread+0x25c/0x388\n kthread+0x100/0x118\n ret_from_fork+0x10/0x20\n Code: 910a8021 a90363f7 a9046bf9 94012379 (d4210000)\n ---[ end trace 0000000000000000 ]---\n\n[CAUSE]\nThe first two lines of extra debug messages show the problem is caused\nby the error handling of run_delalloc_nocow().\n\nE.g. we have the following dirtied range (4K blocksize 4K page size):\n\n 0 16K 32K\n |//////////////////////////////////////|\n | Pre-allocated |\n\nAnd the range [0, 16K) has a preallocated extent.\n\n- Enter run_delalloc_nocow() for range [0, 16K)\n Which found range [0, 16K) is preallocated, can do the proper NOCOW\n write.\n\n- Enter fallback_to_fow() for range [16K, 32K)\n Since the range [16K, 32K) is not backed by preallocated extent, we\n have to go COW.\n\n- cow_file_range() failed for range [16K, 32K)\n So cow_file_range() will do the clean up by clearing folio dirty,\n unlock the folios.\n\n Now the folios in range [16K, 32K) is unlocked.\n\n- Enter extent_clear_unlock_delalloc() from run_delalloc_nocow()\n Which is called with PAGE_START_WRITEBACK to start page writeback.\n But folios can only be marked writeback when it's properly locked,\n thus this triggered the VM_BUG_ON_FOLIO().\n\nFurthermore there is another hidden but common bug that\nrun_delalloc_nocow() is not clearing the folio dirty flags in its error\nhandling path.\nThis is the common bug shared between run_delalloc_nocow() and\ncow_file_range().\n\n[FIX]\n- Clear folio dirty for range [@start, @cur_offset)\n Introduce a helper, cleanup_dirty_folios(), which\n will find and lock the folio in the range, clear the dirty flag and\n start/end the writeback, with the extra handling for the\n @locked_folio.\n\n- Introduce a helper to clear folio dirty, start and end writeback\n\n- Introduce a helper to record the last failed COW range end\n This is to trace which range we should skip, to avoid double\n unlocking.\n\n- Skip the failed COW range for the e\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-459" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-57975", "https://git.kernel.org/linus/c2b47df81c8e20a8e8cd94f0d7df211137ae94ed (6.14-rc1)", "https://git.kernel.org/stable/c/2434533f1c963e7317c45880c98287e5bed98325", "https://git.kernel.org/stable/c/5ae72abbf91eb172ce3a838a4dc34be3c9707296", "https://git.kernel.org/stable/c/c2b47df81c8e20a8e8cd94f0d7df211137ae94ed", "https://linux.oracle.com/cve/CVE-2024-57975.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025022633-CVE-2024-57975-e1c7@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-57975", "https://ubuntu.com/security/notices/USN-7651-1", "https://ubuntu.com/security/notices/USN-7651-2", "https://ubuntu.com/security/notices/USN-7651-3", "https://ubuntu.com/security/notices/USN-7651-4", "https://ubuntu.com/security/notices/USN-7651-5", "https://ubuntu.com/security/notices/USN-7651-6", "https://ubuntu.com/security/notices/USN-7652-1", "https://ubuntu.com/security/notices/USN-7653-1", "https://ubuntu.com/security/notices/USN-7737-1", "https://www.cve.org/CVERecord?id=CVE-2024-57975" ], "PublishedDate": "2025-02-27T02:15:10.687Z", "LastModifiedDate": "2025-10-23T17:59:01.493Z" }, { "VulnerabilityID": "CVE-2024-57976", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-57976", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1ce899b714bc01f0909bcc7cd6a5810c0cd16366432caa72bb360374b57b6486", "Title": "kernel: btrfs: do proper folio cleanup when cow_file_range() failed", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do proper folio cleanup when cow_file_range() failed\n\n[BUG]\nWhen testing with COW fixup marked as BUG_ON() (this is involved with the\nnew pin_user_pages*() change, which should not result new out-of-band\ndirty pages), I hit a crash triggered by the BUG_ON() from hitting COW\nfixup path.\n\nThis BUG_ON() happens just after a failed btrfs_run_delalloc_range():\n\n BTRFS error (device dm-2): failed to run delalloc range, root 348 ino 405 folio 65536 submit_bitmap 6-15 start 90112 len 106496: -28\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/extent_io.c:1444!\n Internal error: Oops - BUG: 00000000f2000800 [#1] SMP\n CPU: 0 UID: 0 PID: 434621 Comm: kworker/u24:8 Tainted: G OE 6.12.0-rc7-custom+ #86\n Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022\n Workqueue: events_unbound btrfs_async_reclaim_data_space [btrfs]\n pc : extent_writepage_io+0x2d4/0x308 [btrfs]\n lr : extent_writepage_io+0x2d4/0x308 [btrfs]\n Call trace:\n extent_writepage_io+0x2d4/0x308 [btrfs]\n extent_writepage+0x218/0x330 [btrfs]\n extent_write_cache_pages+0x1d4/0x4b0 [btrfs]\n btrfs_writepages+0x94/0x150 [btrfs]\n do_writepages+0x74/0x190\n filemap_fdatawrite_wbc+0x88/0xc8\n start_delalloc_inodes+0x180/0x3b0 [btrfs]\n btrfs_start_delalloc_roots+0x174/0x280 [btrfs]\n shrink_delalloc+0x114/0x280 [btrfs]\n flush_space+0x250/0x2f8 [btrfs]\n btrfs_async_reclaim_data_space+0x180/0x228 [btrfs]\n process_one_work+0x164/0x408\n worker_thread+0x25c/0x388\n kthread+0x100/0x118\n ret_from_fork+0x10/0x20\n Code: aa1403e1 9402f3ef aa1403e0 9402f36f (d4210000)\n ---[ end trace 0000000000000000 ]---\n\n[CAUSE]\nThat failure is mostly from cow_file_range(), where we can hit -ENOSPC.\n\nAlthough the -ENOSPC is already a bug related to our space reservation\ncode, let's just focus on the error handling.\n\nFor example, we have the following dirty range [0, 64K) of an inode,\nwith 4K sector size and 4K page size:\n\n 0 16K 32K 48K 64K\n |///////////////////////////////////////|\n |#######################################|\n\nWhere |///| means page are still dirty, and |###| means the extent io\ntree has EXTENT_DELALLOC flag.\n\n- Enter extent_writepage() for page 0\n\n- Enter btrfs_run_delalloc_range() for range [0, 64K)\n\n- Enter cow_file_range() for range [0, 64K)\n\n- Function btrfs_reserve_extent() only reserved one 16K extent\n So we created extent map and ordered extent for range [0, 16K)\n\n 0 16K 32K 48K 64K\n |////////|//////////////////////////////|\n |\u003c- OE -\u003e|##############################|\n\n And range [0, 16K) has its delalloc flag cleared.\n But since we haven't yet submit any bio, involved 4 pages are still\n dirty.\n\n- Function btrfs_reserve_extent() returns with -ENOSPC\n Now we have to run error cleanup, which will clear all\n EXTENT_DELALLOC* flags and clear the dirty flags for the remaining\n ranges:\n\n 0 16K 32K 48K 64K\n |////////| |\n | | |\n\n Note that range [0, 16K) still has its pages dirty.\n\n- Some time later, writeback is triggered again for the range [0, 16K)\n since the page range still has dirty flags.\n\n- btrfs_run_delalloc_range() will do nothing because there is no\n EXTENT_DELALLOC flag.\n\n- extent_writepage_io() finds page 0 has no ordered flag\n Which falls into the COW fixup path, triggering the BUG_ON().\n\nUnfortunately this error handling bug dates back to the introduction of\nbtrfs. Thankfully with the abuse of COW fixup, at least it won't crash\nthe kernel.\n\n[FIX]\nInstead of immediately unlocking the extent and folios, we keep the extent\nand folios locked until either erroring out or the whole delalloc range\nfinished.\n\nWhen the whole delalloc range finished without error, we just unlock the\nwhole range with PAGE_SET_ORDERED (and PAGE_UNLOCK for !keep_locked\ncases)\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-459" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-57976", "https://git.kernel.org/linus/06f364284794f149d2abc167c11d556cf20c954b (6.14-rc1)", "https://git.kernel.org/stable/c/06f364284794f149d2abc167c11d556cf20c954b", "https://git.kernel.org/stable/c/10b3772292bf1be45604ba83fd9650eb94382e78", "https://git.kernel.org/stable/c/692cf71173bb41395c855acbbbe197d3aedfa5d4", "https://linux.oracle.com/cve/CVE-2024-57976.html", "https://linux.oracle.com/errata/ELSA-2025-20551.html", "https://lore.kernel.org/linux-cve-announce/2025022633-CVE-2024-57976-10f5@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-57976", "https://www.cve.org/CVERecord?id=CVE-2024-57976" ], "PublishedDate": "2025-02-27T02:15:10.79Z", "LastModifiedDate": "2025-10-23T17:58:15.043Z" }, { "VulnerabilityID": "CVE-2024-57982", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-57982", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:408d21d0d171ad48b0cfe0485ff8db5922f700e78e12304f5f4d5a69438583fa", "Title": "kernel: xfrm: state: fix out-of-bounds read during lookup", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: state: fix out-of-bounds read during lookup\n\nlookup and resize can run in parallel.\n\nThe xfrm_state_hash_generation seqlock ensures a retry, but the hash\nfunctions can observe a hmask value that is too large for the new hlist\narray.\n\nrehash does:\n rcu_assign_pointer(net-\u003exfrm.state_bydst, ndst) [..]\n net-\u003exfrm.state_hmask = nhashmask;\n\nWhile state lookup does:\n h = xfrm_dst_hash(net, daddr, saddr, tmpl-\u003ereqid, encap_family);\n hlist_for_each_entry_rcu(x, net-\u003exfrm.state_bydst + h, bydst) {\n\nThis is only safe in case the update to state_bydst is larger than\nnet-\u003exfrm.xfrm_state_hmask (or if the lookup function gets\nserialized via state spinlock again).\n\nFix this by prefetching state_hmask and the associated pointers.\nThe xfrm_state_hash_generation seqlock retry will ensure that the pointer\nand the hmask will be consistent.\n\nThe existing helpers, like xfrm_dst_hash(), are now unsafe for RCU side,\nadd lockdep assertions to document that they are only safe for insert\nside.\n\nxfrm_state_lookup_byaddr() uses the spinlock rather than RCU.\nAFAICS this is an oversight from back when state lookup was converted to\nRCU, this lock should be replaced with RCU in a future patch.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "azure": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-57982", "https://git.kernel.org/linus/e952837f3ddb0ff726d5b582aa1aad9aa38d024d (6.14-rc1)", "https://git.kernel.org/stable/c/a16871c7832ea6435abb6e0b58289ae7dcb7e4fc", "https://git.kernel.org/stable/c/b86dc510308d7a8955f3f47a4fea4bef887653e4", "https://git.kernel.org/stable/c/dd4c2a174994238d55ab54da2545543d36f4e0d0", "https://git.kernel.org/stable/c/e952837f3ddb0ff726d5b582aa1aad9aa38d024d", "https://linux.oracle.com/cve/CVE-2024-57982.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025022635-CVE-2024-57982-c76a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-57982", "https://ubuntu.com/security/notices/USN-7521-1", "https://ubuntu.com/security/notices/USN-7521-2", "https://ubuntu.com/security/notices/USN-7521-3", "https://ubuntu.com/security/notices/USN-7651-1", "https://ubuntu.com/security/notices/USN-7651-2", "https://ubuntu.com/security/notices/USN-7651-3", "https://ubuntu.com/security/notices/USN-7651-4", "https://ubuntu.com/security/notices/USN-7651-5", "https://ubuntu.com/security/notices/USN-7651-6", "https://ubuntu.com/security/notices/USN-7652-1", "https://ubuntu.com/security/notices/USN-7653-1", "https://ubuntu.com/security/notices/USN-7737-1", "https://www.cve.org/CVERecord?id=CVE-2024-57982" ], "PublishedDate": "2025-02-27T02:15:11.397Z", "LastModifiedDate": "2026-01-11T17:15:51.883Z" }, { "VulnerabilityID": "CVE-2024-57993", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-57993", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6be1517991bce0654ba68ef80d66ecfe7f122d409280597cce83417c524319da", "Title": "kernel: HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check\n\nsyzbot has found a type mismatch between a USB pipe and the transfer\nendpoint, which is triggered by the hid-thrustmaster driver[1].\nThere is a number of similar, already fixed issues [2].\nIn this case as in others, implementing check for endpoint type fixes the issue.\n\n[1] https://syzkaller.appspot.com/bug?extid=040e8b3db6a96908d470\n[2] https://syzkaller.appspot.com/bug?extid=348331f63b034f89b622", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:20518", "https://access.redhat.com/security/cve/CVE-2024-57993", "https://bugzilla.redhat.com/2298169", "https://bugzilla.redhat.com/2312077", "https://bugzilla.redhat.com/2313092", "https://bugzilla.redhat.com/2320172", "https://bugzilla.redhat.com/2320259", "https://bugzilla.redhat.com/2320455", "https://bugzilla.redhat.com/2320616", "https://bugzilla.redhat.com/2320722", "https://bugzilla.redhat.com/2324549", "https://bugzilla.redhat.com/2327203", "https://bugzilla.redhat.com/2327374", "https://bugzilla.redhat.com/2327887", "https://bugzilla.redhat.com/2329918", "https://bugzilla.redhat.com/2330341", "https://bugzilla.redhat.com/2331326", "https://bugzilla.redhat.com/2334357", "https://bugzilla.redhat.com/2334396", "https://bugzilla.redhat.com/2334415", "https://bugzilla.redhat.com/2334439", "https://bugzilla.redhat.com/2334537", "https://bugzilla.redhat.com/2334547", "https://bugzilla.redhat.com/2334548", "https://bugzilla.redhat.com/2334560", "https://bugzilla.redhat.com/2334676", "https://bugzilla.redhat.com/2334795", "https://bugzilla.redhat.com/2334829", "https://bugzilla.redhat.com/2336541", "https://bugzilla.redhat.com/2337121", "https://bugzilla.redhat.com/2337124", "https://bugzilla.redhat.com/2338814", "https://bugzilla.redhat.com/2338828", "https://bugzilla.redhat.com/2338832", "https://bugzilla.redhat.com/2343172", "https://bugzilla.redhat.com/2343175", "https://bugzilla.redhat.com/2344684", "https://bugzilla.redhat.com/2344687", "https://bugzilla.redhat.com/2345240", "https://bugzilla.redhat.com/2346272", "https://bugzilla.redhat.com/2347707", "https://bugzilla.redhat.com/2347753", "https://bugzilla.redhat.com/2347759", "https://bugzilla.redhat.com/2347781", "https://bugzilla.redhat.com/2347807", "https://bugzilla.redhat.com/2347859", "https://bugzilla.redhat.com/2347919", "https://bugzilla.redhat.com/2347968", "https://bugzilla.redhat.com/2348022", "https://bugzilla.redhat.com/2348071", "https://bugzilla.redhat.com/2348238", "https://bugzilla.redhat.com/2348240", "https://bugzilla.redhat.com/2348279", "https://bugzilla.redhat.com/2348515", "https://bugzilla.redhat.com/2348523", "https://bugzilla.redhat.com/2348528", "https://bugzilla.redhat.com/2348541", "https://bugzilla.redhat.com/2348543", "https://bugzilla.redhat.com/2348547", "https://bugzilla.redhat.com/2348550", "https://bugzilla.redhat.com/2348554", "https://bugzilla.redhat.com/2348556", "https://bugzilla.redhat.com/2348566", "https://bugzilla.redhat.com/2348573", "https://bugzilla.redhat.com/2348574", "https://bugzilla.redhat.com/2348577", "https://bugzilla.redhat.com/2348578", "https://bugzilla.redhat.com/2348581", "https://bugzilla.redhat.com/2348584", "https://bugzilla.redhat.com/2348585", "https://bugzilla.redhat.com/2348587", "https://bugzilla.redhat.com/2348595", "https://bugzilla.redhat.com/2348597", "https://bugzilla.redhat.com/2348600", "https://bugzilla.redhat.com/2348601", "https://bugzilla.redhat.com/2348615", "https://bugzilla.redhat.com/2348620", "https://bugzilla.redhat.com/2348625", "https://bugzilla.redhat.com/2348634", "https://bugzilla.redhat.com/2348645", "https://bugzilla.redhat.com/2348650", "https://bugzilla.redhat.com/2348654", "https://bugzilla.redhat.com/2348901", "https://bugzilla.redhat.com/2350363", "https://bugzilla.redhat.com/2350367", "https://bugzilla.redhat.com/2350374", "https://bugzilla.redhat.com/2350375", "https://bugzilla.redhat.com/2350386", "https://bugzilla.redhat.com/2350388", "https://bugzilla.redhat.com/2350392", "https://bugzilla.redhat.com/2350396", "https://bugzilla.redhat.com/2350397", "https://bugzilla.redhat.com/2350400", "https://bugzilla.redhat.com/2350585", "https://bugzilla.redhat.com/2350589", "https://bugzilla.redhat.com/2350725", "https://bugzilla.redhat.com/2350726", "https://bugzilla.redhat.com/2351606", "https://bugzilla.redhat.com/2351608", "https://bugzilla.redhat.com/2351612", "https://bugzilla.redhat.com/2351613", "https://bugzilla.redhat.com/2351616", "https://bugzilla.redhat.com/2351618", "https://bugzilla.redhat.com/2351620", "https://bugzilla.redhat.com/2351624", "https://bugzilla.redhat.com/2351625", "https://bugzilla.redhat.com/2351629", "https://bugzilla.redhat.com/2351633", "https://bugzilla.redhat.com/2360215", "https://bugzilla.redhat.com/2363380", "https://bugzilla.redhat.com/2369184", "https://bugzilla.redhat.com/2376076", "https://bugzilla.redhat.com/2383441", "https://bugzilla.redhat.com/show_bug.cgi?id=2298169", "https://bugzilla.redhat.com/show_bug.cgi?id=2312077", "https://bugzilla.redhat.com/show_bug.cgi?id=2313092", "https://bugzilla.redhat.com/show_bug.cgi?id=2320172", "https://bugzilla.redhat.com/show_bug.cgi?id=2320259", "https://bugzilla.redhat.com/show_bug.cgi?id=2320455", "https://bugzilla.redhat.com/show_bug.cgi?id=2320616", "https://bugzilla.redhat.com/show_bug.cgi?id=2320722", "https://bugzilla.redhat.com/show_bug.cgi?id=2324549", "https://bugzilla.redhat.com/show_bug.cgi?id=2327203", "https://bugzilla.redhat.com/show_bug.cgi?id=2327374", "https://bugzilla.redhat.com/show_bug.cgi?id=2327887", "https://bugzilla.redhat.com/show_bug.cgi?id=2329918", "https://bugzilla.redhat.com/show_bug.cgi?id=2330341", "https://bugzilla.redhat.com/show_bug.cgi?id=2331326", "https://bugzilla.redhat.com/show_bug.cgi?id=2334357", "https://bugzilla.redhat.com/show_bug.cgi?id=2334396", "https://bugzilla.redhat.com/show_bug.cgi?id=2334415", "https://bugzilla.redhat.com/show_bug.cgi?id=2334439", "https://bugzilla.redhat.com/show_bug.cgi?id=2334537", "https://bugzilla.redhat.com/show_bug.cgi?id=2334547", "https://bugzilla.redhat.com/show_bug.cgi?id=2334548", "https://bugzilla.redhat.com/show_bug.cgi?id=2334560", "https://bugzilla.redhat.com/show_bug.cgi?id=2334676", "https://bugzilla.redhat.com/show_bug.cgi?id=2334795", "https://bugzilla.redhat.com/show_bug.cgi?id=2334829", "https://bugzilla.redhat.com/show_bug.cgi?id=2336541", "https://bugzilla.redhat.com/show_bug.cgi?id=2337121", "https://bugzilla.redhat.com/show_bug.cgi?id=2337124", "https://bugzilla.redhat.com/show_bug.cgi?id=2338814", "https://bugzilla.redhat.com/show_bug.cgi?id=2338828", "https://bugzilla.redhat.com/show_bug.cgi?id=2338832", "https://bugzilla.redhat.com/show_bug.cgi?id=2343172", "https://bugzilla.redhat.com/show_bug.cgi?id=2343175", "https://bugzilla.redhat.com/show_bug.cgi?id=2344684", "https://bugzilla.redhat.com/show_bug.cgi?id=2344687", "https://bugzilla.redhat.com/show_bug.cgi?id=2345240", "https://bugzilla.redhat.com/show_bug.cgi?id=2346272", "https://bugzilla.redhat.com/show_bug.cgi?id=2347707", "https://bugzilla.redhat.com/show_bug.cgi?id=2347753", "https://bugzilla.redhat.com/show_bug.cgi?id=2347759", "https://bugzilla.redhat.com/show_bug.cgi?id=2347781", "https://bugzilla.redhat.com/show_bug.cgi?id=2347807", "https://bugzilla.redhat.com/show_bug.cgi?id=2347859", "https://bugzilla.redhat.com/show_bug.cgi?id=2347919", "https://bugzilla.redhat.com/show_bug.cgi?id=2347968", "https://bugzilla.redhat.com/show_bug.cgi?id=2348022", "https://bugzilla.redhat.com/show_bug.cgi?id=2348071", "https://bugzilla.redhat.com/show_bug.cgi?id=2348238", "https://bugzilla.redhat.com/show_bug.cgi?id=2348240", "https://bugzilla.redhat.com/show_bug.cgi?id=2348279", "https://bugzilla.redhat.com/show_bug.cgi?id=2348515", "https://bugzilla.redhat.com/show_bug.cgi?id=2348523", "https://bugzilla.redhat.com/show_bug.cgi?id=2348528", "https://bugzilla.redhat.com/show_bug.cgi?id=2348541", "https://bugzilla.redhat.com/show_bug.cgi?id=2348543", "https://bugzilla.redhat.com/show_bug.cgi?id=2348547", "https://bugzilla.redhat.com/show_bug.cgi?id=2348550", "https://bugzilla.redhat.com/show_bug.cgi?id=2348554", "https://bugzilla.redhat.com/show_bug.cgi?id=2348556", "https://bugzilla.redhat.com/show_bug.cgi?id=2348566", "https://bugzilla.redhat.com/show_bug.cgi?id=2348573", "https://bugzilla.redhat.com/show_bug.cgi?id=2348574", "https://bugzilla.redhat.com/show_bug.cgi?id=2348577", "https://bugzilla.redhat.com/show_bug.cgi?id=2348578", "https://bugzilla.redhat.com/show_bug.cgi?id=2348581", "https://bugzilla.redhat.com/show_bug.cgi?id=2348584", "https://bugzilla.redhat.com/show_bug.cgi?id=2348585", "https://bugzilla.redhat.com/show_bug.cgi?id=2348587", "https://bugzilla.redhat.com/show_bug.cgi?id=2348595", "https://bugzilla.redhat.com/show_bug.cgi?id=2348597", "https://bugzilla.redhat.com/show_bug.cgi?id=2348600", "https://bugzilla.redhat.com/show_bug.cgi?id=2348601", "https://bugzilla.redhat.com/show_bug.cgi?id=2348615", "https://bugzilla.redhat.com/show_bug.cgi?id=2348620", "https://bugzilla.redhat.com/show_bug.cgi?id=2348625", "https://bugzilla.redhat.com/show_bug.cgi?id=2348634", "https://bugzilla.redhat.com/show_bug.cgi?id=2348645", "https://bugzilla.redhat.com/show_bug.cgi?id=2348650", "https://bugzilla.redhat.com/show_bug.cgi?id=2348654", "https://bugzilla.redhat.com/show_bug.cgi?id=2348901", "https://bugzilla.redhat.com/show_bug.cgi?id=2350363", "https://bugzilla.redhat.com/show_bug.cgi?id=2350367", "https://bugzilla.redhat.com/show_bug.cgi?id=2350374", "https://bugzilla.redhat.com/show_bug.cgi?id=2350375", "https://bugzilla.redhat.com/show_bug.cgi?id=2350386", "https://bugzilla.redhat.com/show_bug.cgi?id=2350388", "https://bugzilla.redhat.com/show_bug.cgi?id=2350392", "https://bugzilla.redhat.com/show_bug.cgi?id=2350396", "https://bugzilla.redhat.com/show_bug.cgi?id=2350397", "https://bugzilla.redhat.com/show_bug.cgi?id=2350400", "https://bugzilla.redhat.com/show_bug.cgi?id=2350585", "https://bugzilla.redhat.com/show_bug.cgi?id=2350589", "https://bugzilla.redhat.com/show_bug.cgi?id=2350725", "https://bugzilla.redhat.com/show_bug.cgi?id=2350726", "https://bugzilla.redhat.com/show_bug.cgi?id=2351606", "https://bugzilla.redhat.com/show_bug.cgi?id=2351608", "https://bugzilla.redhat.com/show_bug.cgi?id=2351612", "https://bugzilla.redhat.com/show_bug.cgi?id=2351613", "https://bugzilla.redhat.com/show_bug.cgi?id=2351616", "https://bugzilla.redhat.com/show_bug.cgi?id=2351618", "https://bugzilla.redhat.com/show_bug.cgi?id=2351620", "https://bugzilla.redhat.com/show_bug.cgi?id=2351624", "https://bugzilla.redhat.com/show_bug.cgi?id=2351625", "https://bugzilla.redhat.com/show_bug.cgi?id=2351629", "https://bugzilla.redhat.com/show_bug.cgi?id=2351633", "https://bugzilla.redhat.com/show_bug.cgi?id=2356647", "https://bugzilla.redhat.com/show_bug.cgi?id=2360215", "https://bugzilla.redhat.com/show_bug.cgi?id=2360223", "https://bugzilla.redhat.com/show_bug.cgi?id=2363380", "https://bugzilla.redhat.com/show_bug.cgi?id=2369184", "https://bugzilla.redhat.com/show_bug.cgi?id=2376076", "https://bugzilla.redhat.com/show_bug.cgi?id=2383441", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48830", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49024", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49269", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49353", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49432", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49437", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49443", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49623", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49627", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49643", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49657", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49670", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49845", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36350", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46744", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47679", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47727", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49570", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50060", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50195", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50294", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52332", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53052", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53090", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53119", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53135", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53170", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53229", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53241", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53680", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54456", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56603", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56645", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56662", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56690", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56709", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57981", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57986", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57987", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57988", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57990", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57993", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57995", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57998", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58012", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58015", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58057", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58062", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58068", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58072", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58075", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58077", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58083", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58088", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21647", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21671", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21693", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21696", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21702", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21714", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21728", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21738", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21745", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21746", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21765", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21787", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21806", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21828", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21829", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21837", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21839", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21844", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21846", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21848", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21851", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21855", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21861", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21863", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21902", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37994", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38116", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38396", "https://errata.almalinux.org/9/ALSA-2025-20518.html", "https://errata.rockylinux.org/RLSA-2025:20518", "https://git.kernel.org/linus/50420d7c79c37a3efe4010ff9b1bb14bc61ebccf (6.14-rc1)", "https://git.kernel.org/stable/c/220883fba32549a34f0734e4859d07f4dcd56992", "https://git.kernel.org/stable/c/50420d7c79c37a3efe4010ff9b1bb14bc61ebccf", "https://git.kernel.org/stable/c/816e84602900f7f951458d743fa12769635ebfd5", "https://git.kernel.org/stable/c/ae730deded66150204c494282969bfa98dc3ae67", "https://git.kernel.org/stable/c/e5bcae4212a6a4b4204f46a1b8bcba08909d2007", "https://linux.oracle.com/cve/CVE-2024-57993.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html", "https://lore.kernel.org/linux-cve-announce/2025022639-CVE-2024-57993-e136@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-57993", "https://ubuntu.com/security/notices/USN-7521-1", "https://ubuntu.com/security/notices/USN-7521-2", "https://ubuntu.com/security/notices/USN-7521-3", "https://ubuntu.com/security/notices/USN-7651-1", "https://ubuntu.com/security/notices/USN-7651-2", "https://ubuntu.com/security/notices/USN-7651-3", "https://ubuntu.com/security/notices/USN-7651-4", "https://ubuntu.com/security/notices/USN-7651-5", "https://ubuntu.com/security/notices/USN-7651-6", "https://ubuntu.com/security/notices/USN-7652-1", "https://ubuntu.com/security/notices/USN-7653-1", "https://ubuntu.com/security/notices/USN-7737-1", "https://www.cve.org/CVERecord?id=CVE-2024-57993" ], "PublishedDate": "2025-02-27T02:15:13.31Z", "LastModifiedDate": "2025-11-03T20:16:56.693Z" }, { "VulnerabilityID": "CVE-2024-57999", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-57999", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c29a7da9832c9eb3666809026fa8f2b739bce6352fa01a1c9522b456206ec22e", "Title": "kernel: powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW\n\nPower Hypervisor can possibily allocate MMIO window intersecting with\nDynamic DMA Window (DDW) range, which is over 32-bit addressing.\n\nThese MMIO pages needs to be marked as reserved so that IOMMU doesn't map\nDMA buffers in this range.\n\nThe current code is not marking these pages correctly which is resulting\nin LPAR to OOPS while booting. The stack is at below\n\nBUG: Unable to handle kernel data access on read at 0xc00800005cd40000\nFaulting instruction address: 0xc00000000005cdac\nOops: Kernel access of bad area, sig: 11 [#1]\nLE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries\nModules linked in: af_packet rfkill ibmveth(X) lpfc(+) nvmet_fc nvmet nvme_keyring crct10dif_vpmsum nvme_fc nvme_fabrics nvme_core be2net(+) nvme_auth rtc_generic nfsd auth_rpcgss nfs_acl lockd grace sunrpc fuse configfs ip_tables x_tables xfs libcrc32c dm_service_time ibmvfc(X) scsi_transport_fc vmx_crypto gf128mul crc32c_vpmsum dm_mirror dm_region_hash dm_log dm_multipath dm_mod sd_mod scsi_dh_emc scsi_dh_rdac scsi_dh_alua t10_pi crc64_rocksoft_generic crc64_rocksoft sg crc64 scsi_mod\nSupported: Yes, External\nCPU: 8 PID: 241 Comm: kworker/8:1 Kdump: loaded Not tainted 6.4.0-150600.23.14-default #1 SLE15-SP6 b44ee71c81261b9e4bab5e0cde1f2ed891d5359b\nHardware name: IBM,9080-M9S POWER9 (raw) 0x4e2103 0xf000005 of:IBM,FW950.B0 (VH950_149) hv:phyp pSeries\nWorkqueue: events work_for_cpu_fn\nNIP: c00000000005cdac LR: c00000000005e830 CTR: 0000000000000000\nREGS: c00001400c9ff770 TRAP: 0300 Not tainted (6.4.0-150600.23.14-default)\nMSR: 800000000280b033 \u003cSF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE\u003e CR: 24228448 XER: 00000001\nCFAR: c00000000005cdd4 DAR: c00800005cd40000 DSISR: 40000000 IRQMASK: 0\nGPR00: c00000000005e830 c00001400c9ffa10 c000000001987d00 c00001400c4fe800\nGPR04: 0000080000000000 0000000000000001 0000000004000000 0000000000800000\nGPR08: 0000000004000000 0000000000000001 c00800005cd40000 ffffffffffffffff\nGPR12: 0000000084228882 c00000000a4c4f00 0000000000000010 0000080000000000\nGPR16: c00001400c4fe800 0000000004000000 0800000000000000 c00000006088b800\nGPR20: c00001401a7be980 c00001400eff3800 c000000002a2da68 000000000000002b\nGPR24: c0000000026793a8 c000000002679368 000000000000002a c0000000026793c8\nGPR28: 000008007effffff 0000080000000000 0000000000800000 c00001400c4fe800\nNIP [c00000000005cdac] iommu_table_reserve_pages+0xac/0x100\nLR [c00000000005e830] iommu_init_table+0x80/0x1e0\nCall Trace:\n[c00001400c9ffa10] [c00000000005e810] iommu_init_table+0x60/0x1e0 (unreliable)\n[c00001400c9ffa90] [c00000000010356c] iommu_bypass_supported_pSeriesLP+0x9cc/0xe40\n[c00001400c9ffc30] [c00000000005c300] dma_iommu_dma_supported+0xf0/0x230\n[c00001400c9ffcb0] [c00000000024b0c4] dma_supported+0x44/0x90\n[c00001400c9ffcd0] [c00000000024b14c] dma_set_mask+0x3c/0x80\n[c00001400c9ffd00] [c0080000555b715c] be_probe+0xc4/0xb90 [be2net]\n[c00001400c9ffdc0] [c000000000986f3c] local_pci_probe+0x6c/0x110\n[c00001400c9ffe40] [c000000000188f28] work_for_cpu_fn+0x38/0x60\n[c00001400c9ffe70] [c00000000018e454] process_one_work+0x314/0x620\n[c00001400c9fff10] [c00000000018f280] worker_thread+0x2b0/0x620\n[c00001400c9fff90] [c00000000019bb18] kthread+0x148/0x150\n[c00001400c9fffe0] [c00000000000ded8] start_kernel_thread+0x14/0x18\n\nThere are 2 issues in the code\n\n1. The index is \"int\" while the address is \"unsigned long\". This results in\n negative value when setting the bitmap.\n\n2. The DMA offset is page shifted but the MMIO range is used as-is (64-bit\n address). MMIO address needs to be page shifted as well.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-57999", "https://git.kernel.org/linus/8f70caad82e9c088ed93b4fea48d941ab6441886 (6.14-rc1)", "https://git.kernel.org/stable/c/7043d58ecd1381674f5b2c894deb6986a1a4896b", "https://git.kernel.org/stable/c/8f70caad82e9c088ed93b4fea48d941ab6441886", "https://git.kernel.org/stable/c/d8cc20a8cceb3b5e8ad2e11365e3100ba36a27e9", "https://linux.oracle.com/cve/CVE-2024-57999.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025022641-CVE-2024-57999-1029@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-57999", "https://ubuntu.com/security/notices/USN-7521-1", "https://ubuntu.com/security/notices/USN-7521-2", "https://ubuntu.com/security/notices/USN-7521-3", "https://ubuntu.com/security/notices/USN-7651-1", "https://ubuntu.com/security/notices/USN-7651-2", "https://ubuntu.com/security/notices/USN-7651-3", "https://ubuntu.com/security/notices/USN-7651-4", "https://ubuntu.com/security/notices/USN-7651-5", "https://ubuntu.com/security/notices/USN-7651-6", "https://ubuntu.com/security/notices/USN-7652-1", "https://ubuntu.com/security/notices/USN-7653-1", "https://ubuntu.com/security/notices/USN-7737-1", "https://www.cve.org/CVERecord?id=CVE-2024-57999" ], "PublishedDate": "2025-02-27T02:15:13.93Z", "LastModifiedDate": "2025-10-23T17:49:44.447Z" }, { "VulnerabilityID": "CVE-2024-58011", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58011", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:bd4625ad299bf04fe025ebdfde9595c064ac37380f27c940e49dfd8d044be43e", "Title": "kernel: platform/x86: int3472: Check for adev == NULL", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: int3472: Check for adev == NULL\n\nNot all devices have an ACPI companion fwnode, so adev might be NULL. This\ncan e.g. (theoretically) happen when a user manually binds one of\nthe int3472 drivers to another i2c/platform device through sysfs.\n\nAdd a check for adev not being set and return -ENODEV in that case to\navoid a possible NULL pointer deref in skl_int3472_get_acpi_buffer().", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-58011", "https://git.kernel.org/linus/cd2fd6eab480dfc247b737cf7a3d6b009c4d0f1c (6.14-rc1)", "https://git.kernel.org/stable/c/0a30353beca2693d30bde477024d755ffecea514", "https://git.kernel.org/stable/c/46263a0b687a044e645387a9c7692ccd693f09f1", "https://git.kernel.org/stable/c/4f8b210823cc2d1f9d967f089a6c00d025bb237f", "https://git.kernel.org/stable/c/a808ecf878ad646ebc9c83d9fc4ce72fd9c49d3d", "https://git.kernel.org/stable/c/cd2fd6eab480dfc247b737cf7a3d6b009c4d0f1c", "https://git.kernel.org/stable/c/f9c7cc44758f4930b41285a6d54afa8cbd9762b4", "https://linux.oracle.com/cve/CVE-2024-58011.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html", "https://lore.kernel.org/linux-cve-announce/2025022656-CVE-2024-58011-5ed8@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-58011", "https://ubuntu.com/security/notices/USN-7521-1", "https://ubuntu.com/security/notices/USN-7521-2", "https://ubuntu.com/security/notices/USN-7521-3", "https://ubuntu.com/security/notices/USN-7651-1", "https://ubuntu.com/security/notices/USN-7651-2", "https://ubuntu.com/security/notices/USN-7651-3", "https://ubuntu.com/security/notices/USN-7651-4", "https://ubuntu.com/security/notices/USN-7651-5", "https://ubuntu.com/security/notices/USN-7651-6", "https://ubuntu.com/security/notices/USN-7652-1", "https://ubuntu.com/security/notices/USN-7653-1", "https://ubuntu.com/security/notices/USN-7737-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2024-58011" ], "PublishedDate": "2025-02-27T03:15:12.087Z", "LastModifiedDate": "2025-11-03T20:16:58.183Z" }, { "VulnerabilityID": "CVE-2024-58012", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58012", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7a7369a51010f45190332ebd667cdd7f6c7675042f39d193b6b30b7262dce12e", "Title": "kernel: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params\n\nEach cpu DAI should associate with a widget. However, the topology might\nnot create the right number of DAI widgets for aggregated amps. And it\nwill cause NULL pointer deference.\nCheck that the DAI widget associated with the CPU DAI is valid to prevent\nNULL pointer deference due to missing DAI widgets in topologies with\naggregated amps.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 2, "nvd": 2, "oracle-oval": 3, "redhat": 1, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:20518", "https://access.redhat.com/security/cve/CVE-2024-58012", "https://bugzilla.redhat.com/2298169", "https://bugzilla.redhat.com/2312077", "https://bugzilla.redhat.com/2313092", "https://bugzilla.redhat.com/2320172", "https://bugzilla.redhat.com/2320259", "https://bugzilla.redhat.com/2320455", "https://bugzilla.redhat.com/2320616", "https://bugzilla.redhat.com/2320722", "https://bugzilla.redhat.com/2324549", "https://bugzilla.redhat.com/2327203", "https://bugzilla.redhat.com/2327374", "https://bugzilla.redhat.com/2327887", "https://bugzilla.redhat.com/2329918", "https://bugzilla.redhat.com/2330341", "https://bugzilla.redhat.com/2331326", "https://bugzilla.redhat.com/2334357", "https://bugzilla.redhat.com/2334396", "https://bugzilla.redhat.com/2334415", "https://bugzilla.redhat.com/2334439", "https://bugzilla.redhat.com/2334537", "https://bugzilla.redhat.com/2334547", "https://bugzilla.redhat.com/2334548", "https://bugzilla.redhat.com/2334560", "https://bugzilla.redhat.com/2334676", "https://bugzilla.redhat.com/2334795", "https://bugzilla.redhat.com/2334829", "https://bugzilla.redhat.com/2336541", "https://bugzilla.redhat.com/2337121", "https://bugzilla.redhat.com/2337124", "https://bugzilla.redhat.com/2338814", "https://bugzilla.redhat.com/2338828", "https://bugzilla.redhat.com/2338832", "https://bugzilla.redhat.com/2343172", "https://bugzilla.redhat.com/2343175", "https://bugzilla.redhat.com/2344684", "https://bugzilla.redhat.com/2344687", "https://bugzilla.redhat.com/2345240", "https://bugzilla.redhat.com/2346272", "https://bugzilla.redhat.com/2347707", "https://bugzilla.redhat.com/2347753", "https://bugzilla.redhat.com/2347759", "https://bugzilla.redhat.com/2347781", "https://bugzilla.redhat.com/2347807", "https://bugzilla.redhat.com/2347859", "https://bugzilla.redhat.com/2347919", "https://bugzilla.redhat.com/2347968", "https://bugzilla.redhat.com/2348022", "https://bugzilla.redhat.com/2348071", "https://bugzilla.redhat.com/2348238", "https://bugzilla.redhat.com/2348240", "https://bugzilla.redhat.com/2348279", "https://bugzilla.redhat.com/2348515", "https://bugzilla.redhat.com/2348523", "https://bugzilla.redhat.com/2348528", "https://bugzilla.redhat.com/2348541", "https://bugzilla.redhat.com/2348543", "https://bugzilla.redhat.com/2348547", "https://bugzilla.redhat.com/2348550", "https://bugzilla.redhat.com/2348554", "https://bugzilla.redhat.com/2348556", "https://bugzilla.redhat.com/2348566", "https://bugzilla.redhat.com/2348573", "https://bugzilla.redhat.com/2348574", "https://bugzilla.redhat.com/2348577", "https://bugzilla.redhat.com/2348578", "https://bugzilla.redhat.com/2348581", "https://bugzilla.redhat.com/2348584", "https://bugzilla.redhat.com/2348585", "https://bugzilla.redhat.com/2348587", "https://bugzilla.redhat.com/2348595", "https://bugzilla.redhat.com/2348597", "https://bugzilla.redhat.com/2348600", "https://bugzilla.redhat.com/2348601", "https://bugzilla.redhat.com/2348615", "https://bugzilla.redhat.com/2348620", "https://bugzilla.redhat.com/2348625", "https://bugzilla.redhat.com/2348634", "https://bugzilla.redhat.com/2348645", "https://bugzilla.redhat.com/2348650", "https://bugzilla.redhat.com/2348654", "https://bugzilla.redhat.com/2348901", "https://bugzilla.redhat.com/2350363", "https://bugzilla.redhat.com/2350367", "https://bugzilla.redhat.com/2350374", "https://bugzilla.redhat.com/2350375", "https://bugzilla.redhat.com/2350386", "https://bugzilla.redhat.com/2350388", "https://bugzilla.redhat.com/2350392", "https://bugzilla.redhat.com/2350396", "https://bugzilla.redhat.com/2350397", "https://bugzilla.redhat.com/2350400", "https://bugzilla.redhat.com/2350585", "https://bugzilla.redhat.com/2350589", "https://bugzilla.redhat.com/2350725", "https://bugzilla.redhat.com/2350726", "https://bugzilla.redhat.com/2351606", "https://bugzilla.redhat.com/2351608", "https://bugzilla.redhat.com/2351612", "https://bugzilla.redhat.com/2351613", "https://bugzilla.redhat.com/2351616", "https://bugzilla.redhat.com/2351618", "https://bugzilla.redhat.com/2351620", "https://bugzilla.redhat.com/2351624", "https://bugzilla.redhat.com/2351625", "https://bugzilla.redhat.com/2351629", "https://bugzilla.redhat.com/2351633", "https://bugzilla.redhat.com/2360215", "https://bugzilla.redhat.com/2363380", "https://bugzilla.redhat.com/2369184", "https://bugzilla.redhat.com/2376076", "https://bugzilla.redhat.com/2383441", "https://bugzilla.redhat.com/show_bug.cgi?id=2298169", "https://bugzilla.redhat.com/show_bug.cgi?id=2312077", "https://bugzilla.redhat.com/show_bug.cgi?id=2313092", "https://bugzilla.redhat.com/show_bug.cgi?id=2320172", "https://bugzilla.redhat.com/show_bug.cgi?id=2320259", "https://bugzilla.redhat.com/show_bug.cgi?id=2320455", "https://bugzilla.redhat.com/show_bug.cgi?id=2320616", "https://bugzilla.redhat.com/show_bug.cgi?id=2320722", "https://bugzilla.redhat.com/show_bug.cgi?id=2324549", "https://bugzilla.redhat.com/show_bug.cgi?id=2327203", "https://bugzilla.redhat.com/show_bug.cgi?id=2327374", "https://bugzilla.redhat.com/show_bug.cgi?id=2327887", "https://bugzilla.redhat.com/show_bug.cgi?id=2329918", "https://bugzilla.redhat.com/show_bug.cgi?id=2330341", "https://bugzilla.redhat.com/show_bug.cgi?id=2331326", "https://bugzilla.redhat.com/show_bug.cgi?id=2334357", "https://bugzilla.redhat.com/show_bug.cgi?id=2334396", "https://bugzilla.redhat.com/show_bug.cgi?id=2334415", "https://bugzilla.redhat.com/show_bug.cgi?id=2334439", "https://bugzilla.redhat.com/show_bug.cgi?id=2334537", "https://bugzilla.redhat.com/show_bug.cgi?id=2334547", "https://bugzilla.redhat.com/show_bug.cgi?id=2334548", "https://bugzilla.redhat.com/show_bug.cgi?id=2334560", "https://bugzilla.redhat.com/show_bug.cgi?id=2334676", "https://bugzilla.redhat.com/show_bug.cgi?id=2334795", "https://bugzilla.redhat.com/show_bug.cgi?id=2334829", "https://bugzilla.redhat.com/show_bug.cgi?id=2336541", "https://bugzilla.redhat.com/show_bug.cgi?id=2337121", "https://bugzilla.redhat.com/show_bug.cgi?id=2337124", "https://bugzilla.redhat.com/show_bug.cgi?id=2338814", "https://bugzilla.redhat.com/show_bug.cgi?id=2338828", "https://bugzilla.redhat.com/show_bug.cgi?id=2338832", "https://bugzilla.redhat.com/show_bug.cgi?id=2343172", "https://bugzilla.redhat.com/show_bug.cgi?id=2343175", "https://bugzilla.redhat.com/show_bug.cgi?id=2344684", "https://bugzilla.redhat.com/show_bug.cgi?id=2344687", "https://bugzilla.redhat.com/show_bug.cgi?id=2345240", "https://bugzilla.redhat.com/show_bug.cgi?id=2346272", "https://bugzilla.redhat.com/show_bug.cgi?id=2347707", "https://bugzilla.redhat.com/show_bug.cgi?id=2347753", "https://bugzilla.redhat.com/show_bug.cgi?id=2347759", "https://bugzilla.redhat.com/show_bug.cgi?id=2347781", "https://bugzilla.redhat.com/show_bug.cgi?id=2347807", "https://bugzilla.redhat.com/show_bug.cgi?id=2347859", "https://bugzilla.redhat.com/show_bug.cgi?id=2347919", "https://bugzilla.redhat.com/show_bug.cgi?id=2347968", "https://bugzilla.redhat.com/show_bug.cgi?id=2348022", "https://bugzilla.redhat.com/show_bug.cgi?id=2348071", "https://bugzilla.redhat.com/show_bug.cgi?id=2348238", "https://bugzilla.redhat.com/show_bug.cgi?id=2348240", "https://bugzilla.redhat.com/show_bug.cgi?id=2348279", "https://bugzilla.redhat.com/show_bug.cgi?id=2348515", "https://bugzilla.redhat.com/show_bug.cgi?id=2348523", "https://bugzilla.redhat.com/show_bug.cgi?id=2348528", "https://bugzilla.redhat.com/show_bug.cgi?id=2348541", "https://bugzilla.redhat.com/show_bug.cgi?id=2348543", "https://bugzilla.redhat.com/show_bug.cgi?id=2348547", "https://bugzilla.redhat.com/show_bug.cgi?id=2348550", "https://bugzilla.redhat.com/show_bug.cgi?id=2348554", "https://bugzilla.redhat.com/show_bug.cgi?id=2348556", "https://bugzilla.redhat.com/show_bug.cgi?id=2348566", "https://bugzilla.redhat.com/show_bug.cgi?id=2348573", "https://bugzilla.redhat.com/show_bug.cgi?id=2348574", "https://bugzilla.redhat.com/show_bug.cgi?id=2348577", "https://bugzilla.redhat.com/show_bug.cgi?id=2348578", "https://bugzilla.redhat.com/show_bug.cgi?id=2348581", "https://bugzilla.redhat.com/show_bug.cgi?id=2348584", "https://bugzilla.redhat.com/show_bug.cgi?id=2348585", "https://bugzilla.redhat.com/show_bug.cgi?id=2348587", "https://bugzilla.redhat.com/show_bug.cgi?id=2348595", "https://bugzilla.redhat.com/show_bug.cgi?id=2348597", "https://bugzilla.redhat.com/show_bug.cgi?id=2348600", "https://bugzilla.redhat.com/show_bug.cgi?id=2348601", "https://bugzilla.redhat.com/show_bug.cgi?id=2348615", "https://bugzilla.redhat.com/show_bug.cgi?id=2348620", "https://bugzilla.redhat.com/show_bug.cgi?id=2348625", "https://bugzilla.redhat.com/show_bug.cgi?id=2348634", "https://bugzilla.redhat.com/show_bug.cgi?id=2348645", "https://bugzilla.redhat.com/show_bug.cgi?id=2348650", "https://bugzilla.redhat.com/show_bug.cgi?id=2348654", "https://bugzilla.redhat.com/show_bug.cgi?id=2348901", "https://bugzilla.redhat.com/show_bug.cgi?id=2350363", "https://bugzilla.redhat.com/show_bug.cgi?id=2350367", "https://bugzilla.redhat.com/show_bug.cgi?id=2350374", "https://bugzilla.redhat.com/show_bug.cgi?id=2350375", "https://bugzilla.redhat.com/show_bug.cgi?id=2350386", "https://bugzilla.redhat.com/show_bug.cgi?id=2350388", "https://bugzilla.redhat.com/show_bug.cgi?id=2350392", "https://bugzilla.redhat.com/show_bug.cgi?id=2350396", "https://bugzilla.redhat.com/show_bug.cgi?id=2350397", "https://bugzilla.redhat.com/show_bug.cgi?id=2350400", "https://bugzilla.redhat.com/show_bug.cgi?id=2350585", "https://bugzilla.redhat.com/show_bug.cgi?id=2350589", "https://bugzilla.redhat.com/show_bug.cgi?id=2350725", "https://bugzilla.redhat.com/show_bug.cgi?id=2350726", "https://bugzilla.redhat.com/show_bug.cgi?id=2351606", "https://bugzilla.redhat.com/show_bug.cgi?id=2351608", "https://bugzilla.redhat.com/show_bug.cgi?id=2351612", "https://bugzilla.redhat.com/show_bug.cgi?id=2351613", "https://bugzilla.redhat.com/show_bug.cgi?id=2351616", "https://bugzilla.redhat.com/show_bug.cgi?id=2351618", "https://bugzilla.redhat.com/show_bug.cgi?id=2351620", "https://bugzilla.redhat.com/show_bug.cgi?id=2351624", "https://bugzilla.redhat.com/show_bug.cgi?id=2351625", "https://bugzilla.redhat.com/show_bug.cgi?id=2351629", "https://bugzilla.redhat.com/show_bug.cgi?id=2351633", "https://bugzilla.redhat.com/show_bug.cgi?id=2356647", "https://bugzilla.redhat.com/show_bug.cgi?id=2360215", "https://bugzilla.redhat.com/show_bug.cgi?id=2360223", "https://bugzilla.redhat.com/show_bug.cgi?id=2363380", "https://bugzilla.redhat.com/show_bug.cgi?id=2369184", "https://bugzilla.redhat.com/show_bug.cgi?id=2376076", "https://bugzilla.redhat.com/show_bug.cgi?id=2383441", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48830", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49024", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49269", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49353", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49432", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49437", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49443", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49623", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49627", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49643", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49657", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49670", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49845", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36350", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46744", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47679", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47727", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49570", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50060", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50195", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50294", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52332", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53052", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53090", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53119", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53135", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53170", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53229", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53241", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53680", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54456", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56603", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56645", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56662", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56690", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56709", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57981", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57986", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57987", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57988", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57990", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57993", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57995", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57998", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58012", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58015", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58057", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58062", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58068", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58072", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58075", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58077", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58083", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58088", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21647", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21671", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21693", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21696", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21702", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21714", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21728", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21738", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21745", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21746", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21765", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21787", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21806", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21828", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21829", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21837", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21839", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21844", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21846", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21848", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21851", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21855", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21861", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21863", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21902", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37994", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38116", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38396", "https://errata.almalinux.org/9/ALSA-2025-20518.html", "https://errata.rockylinux.org/RLSA-2025:20518", "https://git.kernel.org/linus/569922b82ca660f8b24e705f6cf674e6b1f99cc7 (6.14-rc1)", "https://git.kernel.org/stable/c/569922b82ca660f8b24e705f6cf674e6b1f99cc7", "https://git.kernel.org/stable/c/789a2fbf0900982788408d3b0034e0e3f914fb3b", "https://git.kernel.org/stable/c/e012a77e4d7632cf615ba9625b1600ed8985c3b5", "https://linux.oracle.com/cve/CVE-2024-58012.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025022656-CVE-2024-58012-90ce@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-58012", "https://ubuntu.com/security/notices/USN-7521-1", "https://ubuntu.com/security/notices/USN-7521-2", "https://ubuntu.com/security/notices/USN-7521-3", "https://www.cve.org/CVERecord?id=CVE-2024-58012" ], "PublishedDate": "2025-02-27T03:15:12.187Z", "LastModifiedDate": "2025-10-01T21:16:40.417Z" }, { "VulnerabilityID": "CVE-2024-58013", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58013", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:265d5f97823d457e24f8ff6c07c684dd247aff7bcd477079ab40b54d2b53b6c7", "Title": "kernel: Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync\n\nThis fixes the following crash:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in mgmt_remove_adv_monitor_sync+0x3a/0xd0 net/bluetooth/mgmt.c:5543\nRead of size 8 at addr ffff88814128f898 by task kworker/u9:4/5961\n\nCPU: 1 UID: 0 PID: 5961 Comm: kworker/u9:4 Not tainted 6.12.0-syzkaller-10684-gf1cd565ce577 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n mgmt_remove_adv_monitor_sync+0x3a/0xd0 net/bluetooth/mgmt.c:5543\n hci_cmd_sync_work+0x22b/0x400 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\n\nAllocated by task 16026:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4314\n kmalloc_noprof include/linux/slab.h:901 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n mgmt_pending_new+0x65/0x250 net/bluetooth/mgmt_util.c:269\n mgmt_pending_add+0x36/0x120 net/bluetooth/mgmt_util.c:296\n remove_adv_monitor+0x102/0x1b0 net/bluetooth/mgmt.c:5568\n hci_mgmt_cmd+0xc47/0x11d0 net/bluetooth/hci_sock.c:1712\n hci_sock_sendmsg+0x7b8/0x11c0 net/bluetooth/hci_sock.c:1832\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:726\n sock_write_iter+0x2d7/0x3f0 net/socket.c:1147\n new_sync_write fs/read_write.c:586 [inline]\n vfs_write+0xaeb/0xd30 fs/read_write.c:679\n ksys_write+0x18f/0x2b0 fs/read_write.c:731\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 16022:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2338 [inline]\n slab_free mm/slub.c:4598 [inline]\n kfree+0x196/0x420 mm/slub.c:4746\n mgmt_pending_foreach+0xd1/0x130 net/bluetooth/mgmt_util.c:259\n __mgmt_power_off+0x183/0x430 net/bluetooth/mgmt.c:9550\n hci_dev_close_sync+0x6c4/0x11c0 net/bluetooth/hci_sync.c:5208\n hci_dev_do_close net/bluetooth/hci_core.c:483 [inline]\n hci_dev_close+0x112/0x210 net/bluetooth/hci_core.c:508\n sock_do_ioctl+0x158/0x460 net/socket.c:1209\n sock_ioctl+0x626/0x8e0 net/socket.c:1328\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:906 [inline]\n __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "alma": 2, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:20095", "https://access.redhat.com/security/cve/CVE-2024-58013", "https://bugzilla.redhat.com/2331326", "https://bugzilla.redhat.com/2333985", "https://bugzilla.redhat.com/2334373", "https://bugzilla.redhat.com/2334415", "https://bugzilla.redhat.com/2334547", "https://bugzilla.redhat.com/2334548", "https://bugzilla.redhat.com/2334676", "https://bugzilla.redhat.com/2337121", "https://bugzilla.redhat.com/2338185", "https://bugzilla.redhat.com/2338211", "https://bugzilla.redhat.com/2338813", "https://bugzilla.redhat.com/2338821", "https://bugzilla.redhat.com/2338828", "https://bugzilla.redhat.com/2338998", "https://bugzilla.redhat.com/2339130", "https://bugzilla.redhat.com/2339141", "https://bugzilla.redhat.com/2343172", "https://bugzilla.redhat.com/2343186", "https://bugzilla.redhat.com/2344684", "https://bugzilla.redhat.com/2344687", "https://bugzilla.redhat.com/2345240", "https://bugzilla.redhat.com/2346272", "https://bugzilla.redhat.com/2348522", "https://bugzilla.redhat.com/2348523", "https://bugzilla.redhat.com/2348541", "https://bugzilla.redhat.com/2348543", "https://bugzilla.redhat.com/2348547", "https://bugzilla.redhat.com/2348550", "https://bugzilla.redhat.com/2348556", "https://bugzilla.redhat.com/2348561", "https://bugzilla.redhat.com/2348567", "https://bugzilla.redhat.com/2348572", "https://bugzilla.redhat.com/2348574", "https://bugzilla.redhat.com/2348577", "https://bugzilla.redhat.com/2348581", "https://bugzilla.redhat.com/2348584", "https://bugzilla.redhat.com/2348587", "https://bugzilla.redhat.com/2348590", "https://bugzilla.redhat.com/2348592", "https://bugzilla.redhat.com/2348593", "https://bugzilla.redhat.com/2348595", "https://bugzilla.redhat.com/2348597", "https://bugzilla.redhat.com/2348600", "https://bugzilla.redhat.com/2348601", "https://bugzilla.redhat.com/2348602", "https://bugzilla.redhat.com/2348603", "https://bugzilla.redhat.com/2348612", "https://bugzilla.redhat.com/2348617", "https://bugzilla.redhat.com/2348620", "https://bugzilla.redhat.com/2348621", "https://bugzilla.redhat.com/2348625", "https://bugzilla.redhat.com/2348629", "https://bugzilla.redhat.com/2348630", "https://bugzilla.redhat.com/2348645", "https://bugzilla.redhat.com/2348647", "https://bugzilla.redhat.com/2348650", "https://bugzilla.redhat.com/2348656", "https://bugzilla.redhat.com/2350363", "https://bugzilla.redhat.com/2350364", "https://bugzilla.redhat.com/2350373", "https://bugzilla.redhat.com/2350375", "https://bugzilla.redhat.com/2350386", "https://bugzilla.redhat.com/2350392", "https://bugzilla.redhat.com/2350396", "https://bugzilla.redhat.com/2350397", "https://bugzilla.redhat.com/2350589", "https://bugzilla.redhat.com/2350725", "https://bugzilla.redhat.com/2350726", "https://bugzilla.redhat.com/2351605", "https://bugzilla.redhat.com/2351606", "https://bugzilla.redhat.com/2351608", "https://bugzilla.redhat.com/2351612", "https://bugzilla.redhat.com/2351613", "https://bugzilla.redhat.com/2351616", "https://bugzilla.redhat.com/2351618", "https://bugzilla.redhat.com/2351620", "https://bugzilla.redhat.com/2351624", "https://bugzilla.redhat.com/2351625", "https://bugzilla.redhat.com/2351629", "https://bugzilla.redhat.com/2356664", "https://bugzilla.redhat.com/2360215", "https://bugzilla.redhat.com/2363332", "https://bugzilla.redhat.com/2366125", "https://bugzilla.redhat.com/2369184", "https://bugzilla.redhat.com/2376076", "https://bugzilla.redhat.com/2383398", "https://bugzilla.redhat.com/2383432", "https://bugzilla.redhat.com/2383913", "https://bugzilla.redhat.com/show_bug.cgi?id=2331326", "https://bugzilla.redhat.com/show_bug.cgi?id=2333985", "https://bugzilla.redhat.com/show_bug.cgi?id=2334373", "https://bugzilla.redhat.com/show_bug.cgi?id=2334415", "https://bugzilla.redhat.com/show_bug.cgi?id=2334547", "https://bugzilla.redhat.com/show_bug.cgi?id=2334548", "https://bugzilla.redhat.com/show_bug.cgi?id=2334676", "https://bugzilla.redhat.com/show_bug.cgi?id=2337121", "https://bugzilla.redhat.com/show_bug.cgi?id=2338185", "https://bugzilla.redhat.com/show_bug.cgi?id=2338211", "https://bugzilla.redhat.com/show_bug.cgi?id=2338813", "https://bugzilla.redhat.com/show_bug.cgi?id=2338821", "https://bugzilla.redhat.com/show_bug.cgi?id=2338828", "https://bugzilla.redhat.com/show_bug.cgi?id=2338998", "https://bugzilla.redhat.com/show_bug.cgi?id=2339130", "https://bugzilla.redhat.com/show_bug.cgi?id=2339141", "https://bugzilla.redhat.com/show_bug.cgi?id=2343172", "https://bugzilla.redhat.com/show_bug.cgi?id=2343186", "https://bugzilla.redhat.com/show_bug.cgi?id=2344684", "https://bugzilla.redhat.com/show_bug.cgi?id=2344687", "https://bugzilla.redhat.com/show_bug.cgi?id=2345240", "https://bugzilla.redhat.com/show_bug.cgi?id=2346272", "https://bugzilla.redhat.com/show_bug.cgi?id=2348522", "https://bugzilla.redhat.com/show_bug.cgi?id=2348523", "https://bugzilla.redhat.com/show_bug.cgi?id=2348541", "https://bugzilla.redhat.com/show_bug.cgi?id=2348543", "https://bugzilla.redhat.com/show_bug.cgi?id=2348547", "https://bugzilla.redhat.com/show_bug.cgi?id=2348550", "https://bugzilla.redhat.com/show_bug.cgi?id=2348556", "https://bugzilla.redhat.com/show_bug.cgi?id=2348561", "https://bugzilla.redhat.com/show_bug.cgi?id=2348567", "https://bugzilla.redhat.com/show_bug.cgi?id=2348572", "https://bugzilla.redhat.com/show_bug.cgi?id=2348574", "https://bugzilla.redhat.com/show_bug.cgi?id=2348577", "https://bugzilla.redhat.com/show_bug.cgi?id=2348581", "https://bugzilla.redhat.com/show_bug.cgi?id=2348584", "https://bugzilla.redhat.com/show_bug.cgi?id=2348587", "https://bugzilla.redhat.com/show_bug.cgi?id=2348590", "https://bugzilla.redhat.com/show_bug.cgi?id=2348592", "https://bugzilla.redhat.com/show_bug.cgi?id=2348593", "https://bugzilla.redhat.com/show_bug.cgi?id=2348595", "https://bugzilla.redhat.com/show_bug.cgi?id=2348597", "https://bugzilla.redhat.com/show_bug.cgi?id=2348600", "https://bugzilla.redhat.com/show_bug.cgi?id=2348601", "https://bugzilla.redhat.com/show_bug.cgi?id=2348602", "https://bugzilla.redhat.com/show_bug.cgi?id=2348603", "https://bugzilla.redhat.com/show_bug.cgi?id=2348612", "https://bugzilla.redhat.com/show_bug.cgi?id=2348617", "https://bugzilla.redhat.com/show_bug.cgi?id=2348620", "https://bugzilla.redhat.com/show_bug.cgi?id=2348621", "https://bugzilla.redhat.com/show_bug.cgi?id=2348625", "https://bugzilla.redhat.com/show_bug.cgi?id=2348629", "https://bugzilla.redhat.com/show_bug.cgi?id=2348630", "https://bugzilla.redhat.com/show_bug.cgi?id=2348645", "https://bugzilla.redhat.com/show_bug.cgi?id=2348647", "https://bugzilla.redhat.com/show_bug.cgi?id=2348650", "https://bugzilla.redhat.com/show_bug.cgi?id=2348656", "https://bugzilla.redhat.com/show_bug.cgi?id=2350363", "https://bugzilla.redhat.com/show_bug.cgi?id=2350364", "https://bugzilla.redhat.com/show_bug.cgi?id=2350373", "https://bugzilla.redhat.com/show_bug.cgi?id=2350375", "https://bugzilla.redhat.com/show_bug.cgi?id=2350386", "https://bugzilla.redhat.com/show_bug.cgi?id=2350392", "https://bugzilla.redhat.com/show_bug.cgi?id=2350396", "https://bugzilla.redhat.com/show_bug.cgi?id=2350397", "https://bugzilla.redhat.com/show_bug.cgi?id=2350589", "https://bugzilla.redhat.com/show_bug.cgi?id=2350725", "https://bugzilla.redhat.com/show_bug.cgi?id=2350726", "https://bugzilla.redhat.com/show_bug.cgi?id=2351605", "https://bugzilla.redhat.com/show_bug.cgi?id=2351606", "https://bugzilla.redhat.com/show_bug.cgi?id=2351608", "https://bugzilla.redhat.com/show_bug.cgi?id=2351612", "https://bugzilla.redhat.com/show_bug.cgi?id=2351613", "https://bugzilla.redhat.com/show_bug.cgi?id=2351616", "https://bugzilla.redhat.com/show_bug.cgi?id=2351618", "https://bugzilla.redhat.com/show_bug.cgi?id=2351620", "https://bugzilla.redhat.com/show_bug.cgi?id=2351624", "https://bugzilla.redhat.com/show_bug.cgi?id=2351625", "https://bugzilla.redhat.com/show_bug.cgi?id=2351629", "https://bugzilla.redhat.com/show_bug.cgi?id=2356641", "https://bugzilla.redhat.com/show_bug.cgi?id=2356647", "https://bugzilla.redhat.com/show_bug.cgi?id=2356664", "https://bugzilla.redhat.com/show_bug.cgi?id=2360215", "https://bugzilla.redhat.com/show_bug.cgi?id=2363332", "https://bugzilla.redhat.com/show_bug.cgi?id=2366125", "https://bugzilla.redhat.com/show_bug.cgi?id=2369184", "https://bugzilla.redhat.com/show_bug.cgi?id=2376076", "https://bugzilla.redhat.com/show_bug.cgi?id=2383398", "https://bugzilla.redhat.com/show_bug.cgi?id=2383432", "https://bugzilla.redhat.com/show_bug.cgi?id=2383913", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28956", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36350", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49570", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52332", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53147", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53222", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53241", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54456", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56662", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56690", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57901", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57902", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57941", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57942", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57977", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57981", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57984", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57986", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57987", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57988", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57995", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58004", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58005", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58006", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58012", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58013", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58015", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58020", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58057", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58061", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58069", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58072", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58075", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58077", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58088", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21633", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21647", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21652", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21655", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21671", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21680", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21693", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21696", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21702", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21732", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21738", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21741", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21742", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21743", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21750", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21761", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21765", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21771", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21777", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21785", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21828", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21837", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21844", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21846", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21851", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21855", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21857", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21861", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21863", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21902", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21931", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21976", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37749", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37994", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38116", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38369", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38412", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38468", "https://errata.almalinux.org/10/ALSA-2025-20095.html", "https://errata.rockylinux.org/RLSA-2025:20095", "https://git.kernel.org/linus/26fbd3494a7dd26269cb0817c289267dbcfdec06 (6.14-rc1)", "https://git.kernel.org/stable/c/0f3d05aacbfcf3584bbd9caaee34cb02508dab68", "https://git.kernel.org/stable/c/26fbd3494a7dd26269cb0817c289267dbcfdec06", "https://git.kernel.org/stable/c/4ebbcb9bc794e5be647ee28fdf14eb1ae0659405", "https://git.kernel.org/stable/c/75e65b983c5e2ee51962bfada98a79d805f28827", "https://git.kernel.org/stable/c/ebb90f23f0ac21044aacf4c61cc5d7841fe99987", "https://linux.oracle.com/cve/CVE-2024-58013.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html", "https://lore.kernel.org/linux-cve-announce/2025022656-CVE-2024-58013-55de@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-58013", "https://ubuntu.com/security/notices/USN-7521-1", "https://ubuntu.com/security/notices/USN-7521-2", "https://ubuntu.com/security/notices/USN-7521-3", "https://ubuntu.com/security/notices/USN-7651-1", "https://ubuntu.com/security/notices/USN-7651-2", "https://ubuntu.com/security/notices/USN-7651-3", "https://ubuntu.com/security/notices/USN-7651-4", "https://ubuntu.com/security/notices/USN-7651-5", "https://ubuntu.com/security/notices/USN-7651-6", "https://ubuntu.com/security/notices/USN-7652-1", "https://ubuntu.com/security/notices/USN-7653-1", "https://ubuntu.com/security/notices/USN-7737-1", "https://www.cve.org/CVERecord?id=CVE-2024-58013" ], "PublishedDate": "2025-02-27T03:15:12.287Z", "LastModifiedDate": "2025-11-03T20:16:58.36Z" }, { "VulnerabilityID": "CVE-2024-58015", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58015", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:be16dc8baf54d9825e5154971880a8d54c0e35840c1b181e276226a6a41d5570", "Title": "kernel: wifi: ath12k: Fix for out-of bound access error", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Fix for out-of bound access error\n\nSelfgen stats are placed in a buffer using print_array_to_buf_index() function.\nArray length parameter passed to the function is too big, resulting in possible\nout-of bound memory error.\nDecreasing buffer size by one fixes faulty upper bound of passed array.\n\nDiscovered in coverity scan, CID 1600742 and CID 1600758", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "alma": 2, "nvd": 3, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "V3Score": 6 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:20518", "https://access.redhat.com/security/cve/CVE-2024-58015", "https://bugzilla.redhat.com/2298169", "https://bugzilla.redhat.com/2312077", "https://bugzilla.redhat.com/2313092", "https://bugzilla.redhat.com/2320172", "https://bugzilla.redhat.com/2320259", "https://bugzilla.redhat.com/2320455", "https://bugzilla.redhat.com/2320616", "https://bugzilla.redhat.com/2320722", "https://bugzilla.redhat.com/2324549", "https://bugzilla.redhat.com/2327203", "https://bugzilla.redhat.com/2327374", "https://bugzilla.redhat.com/2327887", "https://bugzilla.redhat.com/2329918", "https://bugzilla.redhat.com/2330341", "https://bugzilla.redhat.com/2331326", "https://bugzilla.redhat.com/2334357", "https://bugzilla.redhat.com/2334396", "https://bugzilla.redhat.com/2334415", "https://bugzilla.redhat.com/2334439", "https://bugzilla.redhat.com/2334537", "https://bugzilla.redhat.com/2334547", "https://bugzilla.redhat.com/2334548", "https://bugzilla.redhat.com/2334560", "https://bugzilla.redhat.com/2334676", "https://bugzilla.redhat.com/2334795", "https://bugzilla.redhat.com/2334829", "https://bugzilla.redhat.com/2336541", "https://bugzilla.redhat.com/2337121", "https://bugzilla.redhat.com/2337124", "https://bugzilla.redhat.com/2338814", "https://bugzilla.redhat.com/2338828", "https://bugzilla.redhat.com/2338832", "https://bugzilla.redhat.com/2343172", "https://bugzilla.redhat.com/2343175", "https://bugzilla.redhat.com/2344684", "https://bugzilla.redhat.com/2344687", "https://bugzilla.redhat.com/2345240", "https://bugzilla.redhat.com/2346272", "https://bugzilla.redhat.com/2347707", "https://bugzilla.redhat.com/2347753", "https://bugzilla.redhat.com/2347759", "https://bugzilla.redhat.com/2347781", "https://bugzilla.redhat.com/2347807", "https://bugzilla.redhat.com/2347859", "https://bugzilla.redhat.com/2347919", "https://bugzilla.redhat.com/2347968", "https://bugzilla.redhat.com/2348022", "https://bugzilla.redhat.com/2348071", "https://bugzilla.redhat.com/2348238", "https://bugzilla.redhat.com/2348240", "https://bugzilla.redhat.com/2348279", "https://bugzilla.redhat.com/2348515", "https://bugzilla.redhat.com/2348523", "https://bugzilla.redhat.com/2348528", "https://bugzilla.redhat.com/2348541", "https://bugzilla.redhat.com/2348543", "https://bugzilla.redhat.com/2348547", "https://bugzilla.redhat.com/2348550", "https://bugzilla.redhat.com/2348554", "https://bugzilla.redhat.com/2348556", "https://bugzilla.redhat.com/2348566", "https://bugzilla.redhat.com/2348573", "https://bugzilla.redhat.com/2348574", "https://bugzilla.redhat.com/2348577", "https://bugzilla.redhat.com/2348578", "https://bugzilla.redhat.com/2348581", "https://bugzilla.redhat.com/2348584", "https://bugzilla.redhat.com/2348585", "https://bugzilla.redhat.com/2348587", "https://bugzilla.redhat.com/2348595", "https://bugzilla.redhat.com/2348597", "https://bugzilla.redhat.com/2348600", "https://bugzilla.redhat.com/2348601", "https://bugzilla.redhat.com/2348615", "https://bugzilla.redhat.com/2348620", "https://bugzilla.redhat.com/2348625", "https://bugzilla.redhat.com/2348634", "https://bugzilla.redhat.com/2348645", "https://bugzilla.redhat.com/2348650", "https://bugzilla.redhat.com/2348654", "https://bugzilla.redhat.com/2348901", "https://bugzilla.redhat.com/2350363", "https://bugzilla.redhat.com/2350367", "https://bugzilla.redhat.com/2350374", "https://bugzilla.redhat.com/2350375", "https://bugzilla.redhat.com/2350386", "https://bugzilla.redhat.com/2350388", "https://bugzilla.redhat.com/2350392", "https://bugzilla.redhat.com/2350396", "https://bugzilla.redhat.com/2350397", "https://bugzilla.redhat.com/2350400", "https://bugzilla.redhat.com/2350585", "https://bugzilla.redhat.com/2350589", "https://bugzilla.redhat.com/2350725", "https://bugzilla.redhat.com/2350726", "https://bugzilla.redhat.com/2351606", "https://bugzilla.redhat.com/2351608", "https://bugzilla.redhat.com/2351612", "https://bugzilla.redhat.com/2351613", "https://bugzilla.redhat.com/2351616", "https://bugzilla.redhat.com/2351618", "https://bugzilla.redhat.com/2351620", "https://bugzilla.redhat.com/2351624", "https://bugzilla.redhat.com/2351625", "https://bugzilla.redhat.com/2351629", "https://bugzilla.redhat.com/2351633", "https://bugzilla.redhat.com/2360215", "https://bugzilla.redhat.com/2363380", "https://bugzilla.redhat.com/2369184", "https://bugzilla.redhat.com/2376076", "https://bugzilla.redhat.com/2383441", "https://bugzilla.redhat.com/show_bug.cgi?id=2298169", "https://bugzilla.redhat.com/show_bug.cgi?id=2312077", "https://bugzilla.redhat.com/show_bug.cgi?id=2313092", "https://bugzilla.redhat.com/show_bug.cgi?id=2320172", "https://bugzilla.redhat.com/show_bug.cgi?id=2320259", "https://bugzilla.redhat.com/show_bug.cgi?id=2320455", "https://bugzilla.redhat.com/show_bug.cgi?id=2320616", "https://bugzilla.redhat.com/show_bug.cgi?id=2320722", "https://bugzilla.redhat.com/show_bug.cgi?id=2324549", "https://bugzilla.redhat.com/show_bug.cgi?id=2327203", "https://bugzilla.redhat.com/show_bug.cgi?id=2327374", "https://bugzilla.redhat.com/show_bug.cgi?id=2327887", "https://bugzilla.redhat.com/show_bug.cgi?id=2329918", "https://bugzilla.redhat.com/show_bug.cgi?id=2330341", "https://bugzilla.redhat.com/show_bug.cgi?id=2331326", "https://bugzilla.redhat.com/show_bug.cgi?id=2334357", "https://bugzilla.redhat.com/show_bug.cgi?id=2334396", "https://bugzilla.redhat.com/show_bug.cgi?id=2334415", "https://bugzilla.redhat.com/show_bug.cgi?id=2334439", "https://bugzilla.redhat.com/show_bug.cgi?id=2334537", "https://bugzilla.redhat.com/show_bug.cgi?id=2334547", "https://bugzilla.redhat.com/show_bug.cgi?id=2334548", "https://bugzilla.redhat.com/show_bug.cgi?id=2334560", "https://bugzilla.redhat.com/show_bug.cgi?id=2334676", "https://bugzilla.redhat.com/show_bug.cgi?id=2334795", "https://bugzilla.redhat.com/show_bug.cgi?id=2334829", "https://bugzilla.redhat.com/show_bug.cgi?id=2336541", "https://bugzilla.redhat.com/show_bug.cgi?id=2337121", "https://bugzilla.redhat.com/show_bug.cgi?id=2337124", "https://bugzilla.redhat.com/show_bug.cgi?id=2338814", "https://bugzilla.redhat.com/show_bug.cgi?id=2338828", "https://bugzilla.redhat.com/show_bug.cgi?id=2338832", "https://bugzilla.redhat.com/show_bug.cgi?id=2343172", "https://bugzilla.redhat.com/show_bug.cgi?id=2343175", "https://bugzilla.redhat.com/show_bug.cgi?id=2344684", "https://bugzilla.redhat.com/show_bug.cgi?id=2344687", "https://bugzilla.redhat.com/show_bug.cgi?id=2345240", "https://bugzilla.redhat.com/show_bug.cgi?id=2346272", "https://bugzilla.redhat.com/show_bug.cgi?id=2347707", "https://bugzilla.redhat.com/show_bug.cgi?id=2347753", "https://bugzilla.redhat.com/show_bug.cgi?id=2347759", "https://bugzilla.redhat.com/show_bug.cgi?id=2347781", "https://bugzilla.redhat.com/show_bug.cgi?id=2347807", "https://bugzilla.redhat.com/show_bug.cgi?id=2347859", "https://bugzilla.redhat.com/show_bug.cgi?id=2347919", "https://bugzilla.redhat.com/show_bug.cgi?id=2347968", "https://bugzilla.redhat.com/show_bug.cgi?id=2348022", "https://bugzilla.redhat.com/show_bug.cgi?id=2348071", "https://bugzilla.redhat.com/show_bug.cgi?id=2348238", "https://bugzilla.redhat.com/show_bug.cgi?id=2348240", "https://bugzilla.redhat.com/show_bug.cgi?id=2348279", "https://bugzilla.redhat.com/show_bug.cgi?id=2348515", "https://bugzilla.redhat.com/show_bug.cgi?id=2348523", "https://bugzilla.redhat.com/show_bug.cgi?id=2348528", "https://bugzilla.redhat.com/show_bug.cgi?id=2348541", "https://bugzilla.redhat.com/show_bug.cgi?id=2348543", "https://bugzilla.redhat.com/show_bug.cgi?id=2348547", "https://bugzilla.redhat.com/show_bug.cgi?id=2348550", "https://bugzilla.redhat.com/show_bug.cgi?id=2348554", "https://bugzilla.redhat.com/show_bug.cgi?id=2348556", "https://bugzilla.redhat.com/show_bug.cgi?id=2348566", "https://bugzilla.redhat.com/show_bug.cgi?id=2348573", "https://bugzilla.redhat.com/show_bug.cgi?id=2348574", "https://bugzilla.redhat.com/show_bug.cgi?id=2348577", "https://bugzilla.redhat.com/show_bug.cgi?id=2348578", "https://bugzilla.redhat.com/show_bug.cgi?id=2348581", "https://bugzilla.redhat.com/show_bug.cgi?id=2348584", "https://bugzilla.redhat.com/show_bug.cgi?id=2348585", "https://bugzilla.redhat.com/show_bug.cgi?id=2348587", "https://bugzilla.redhat.com/show_bug.cgi?id=2348595", "https://bugzilla.redhat.com/show_bug.cgi?id=2348597", "https://bugzilla.redhat.com/show_bug.cgi?id=2348600", "https://bugzilla.redhat.com/show_bug.cgi?id=2348601", "https://bugzilla.redhat.com/show_bug.cgi?id=2348615", "https://bugzilla.redhat.com/show_bug.cgi?id=2348620", "https://bugzilla.redhat.com/show_bug.cgi?id=2348625", "https://bugzilla.redhat.com/show_bug.cgi?id=2348634", "https://bugzilla.redhat.com/show_bug.cgi?id=2348645", "https://bugzilla.redhat.com/show_bug.cgi?id=2348650", "https://bugzilla.redhat.com/show_bug.cgi?id=2348654", "https://bugzilla.redhat.com/show_bug.cgi?id=2348901", "https://bugzilla.redhat.com/show_bug.cgi?id=2350363", "https://bugzilla.redhat.com/show_bug.cgi?id=2350367", "https://bugzilla.redhat.com/show_bug.cgi?id=2350374", "https://bugzilla.redhat.com/show_bug.cgi?id=2350375", "https://bugzilla.redhat.com/show_bug.cgi?id=2350386", "https://bugzilla.redhat.com/show_bug.cgi?id=2350388", "https://bugzilla.redhat.com/show_bug.cgi?id=2350392", "https://bugzilla.redhat.com/show_bug.cgi?id=2350396", "https://bugzilla.redhat.com/show_bug.cgi?id=2350397", "https://bugzilla.redhat.com/show_bug.cgi?id=2350400", "https://bugzilla.redhat.com/show_bug.cgi?id=2350585", "https://bugzilla.redhat.com/show_bug.cgi?id=2350589", "https://bugzilla.redhat.com/show_bug.cgi?id=2350725", "https://bugzilla.redhat.com/show_bug.cgi?id=2350726", "https://bugzilla.redhat.com/show_bug.cgi?id=2351606", "https://bugzilla.redhat.com/show_bug.cgi?id=2351608", "https://bugzilla.redhat.com/show_bug.cgi?id=2351612", "https://bugzilla.redhat.com/show_bug.cgi?id=2351613", "https://bugzilla.redhat.com/show_bug.cgi?id=2351616", "https://bugzilla.redhat.com/show_bug.cgi?id=2351618", "https://bugzilla.redhat.com/show_bug.cgi?id=2351620", "https://bugzilla.redhat.com/show_bug.cgi?id=2351624", "https://bugzilla.redhat.com/show_bug.cgi?id=2351625", "https://bugzilla.redhat.com/show_bug.cgi?id=2351629", "https://bugzilla.redhat.com/show_bug.cgi?id=2351633", "https://bugzilla.redhat.com/show_bug.cgi?id=2356647", "https://bugzilla.redhat.com/show_bug.cgi?id=2360215", "https://bugzilla.redhat.com/show_bug.cgi?id=2360223", "https://bugzilla.redhat.com/show_bug.cgi?id=2363380", "https://bugzilla.redhat.com/show_bug.cgi?id=2369184", "https://bugzilla.redhat.com/show_bug.cgi?id=2376076", "https://bugzilla.redhat.com/show_bug.cgi?id=2383441", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48830", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49024", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49269", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49353", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49432", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49437", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49443", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49623", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49627", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49643", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49657", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49670", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49845", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36350", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46744", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47679", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47727", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49570", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50060", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50195", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50294", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52332", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53052", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53090", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53119", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53135", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53170", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53229", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53241", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53680", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54456", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56603", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56645", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56662", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56690", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56709", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57981", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57986", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57987", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57988", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57990", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57993", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57995", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57998", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58012", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58015", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58057", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58062", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58068", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58072", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58075", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58077", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58083", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58088", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21647", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21671", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21693", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21696", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21702", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21714", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21728", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21738", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21745", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21746", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21765", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21787", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21806", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21828", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21829", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21837", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21839", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21844", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21846", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21848", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21851", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21855", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21861", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21863", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21902", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37994", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38116", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38396", "https://errata.almalinux.org/9/ALSA-2025-20518.html", "https://errata.rockylinux.org/RLSA-2025:20518", "https://git.kernel.org/linus/eb8c0534713865d190856f10bfc97cf0b88475b1 (6.14-rc1)", "https://git.kernel.org/stable/c/8700c4bf8b7ed98037d2acf1eaf770ad6dd431d4", "https://git.kernel.org/stable/c/eb8c0534713865d190856f10bfc97cf0b88475b1", "https://linux.oracle.com/cve/CVE-2024-58015.html", "https://linux.oracle.com/errata/ELSA-2025-20518-0.html", "https://lore.kernel.org/linux-cve-announce/2025022657-CVE-2024-58015-f72e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-58015", "https://www.cve.org/CVERecord?id=CVE-2024-58015" ], "PublishedDate": "2025-02-27T03:15:12.493Z", "LastModifiedDate": "2025-10-22T19:37:21.427Z" }, { "VulnerabilityID": "CVE-2024-58018", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58018", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c4940ab9312ff70b118ad5829c8665cc72ed92bcbe668b4da702309bcf6c164b", "Title": "kernel: nvkm: correctly calculate the available space of the GSP cmdq buffer", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvkm: correctly calculate the available space of the GSP cmdq buffer\n\nr535_gsp_cmdq_push() waits for the available page in the GSP cmdq\nbuffer when handling a large RPC request. When it sees at least one\navailable page in the cmdq, it quits the waiting with the amount of\nfree buffer pages in the queue.\n\nUnfortunately, it always takes the [write pointer, buf_size) as\navailable buffer pages before rolling back and wrongly calculates the\nsize of the data should be copied. Thus, it can overwrite the RPC\nrequest that GSP is currently reading, which causes GSP hang due\nto corrupted RPC request:\n\n[ 549.209389] ------------[ cut here ]------------\n[ 549.214010] WARNING: CPU: 8 PID: 6314 at drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c:116 r535_gsp_msgq_wait+0xd0/0x190 [nvkm]\n[ 549.225678] Modules linked in: nvkm(E+) gsp_log(E) snd_seq_dummy(E) snd_hrtimer(E) snd_seq(E) snd_timer(E) snd_seq_device(E) snd(E) soundcore(E) rfkill(E) qrtr(E) vfat(E) fat(E) ipmi_ssif(E) amd_atl(E) intel_rapl_msr(E) intel_rapl_common(E) mlx5_ib(E) amd64_edac(E) edac_mce_amd(E) kvm_amd(E) ib_uverbs(E) kvm(E) ib_core(E) acpi_ipmi(E) ipmi_si(E) mxm_wmi(E) ipmi_devintf(E) rapl(E) i2c_piix4(E) wmi_bmof(E) joydev(E) ptdma(E) acpi_cpufreq(E) k10temp(E) pcspkr(E) ipmi_msghandler(E) xfs(E) libcrc32c(E) ast(E) i2c_algo_bit(E) crct10dif_pclmul(E) drm_shmem_helper(E) nvme_tcp(E) crc32_pclmul(E) ahci(E) drm_kms_helper(E) libahci(E) nvme_fabrics(E) crc32c_intel(E) nvme(E) cdc_ether(E) mlx5_core(E) nvme_core(E) usbnet(E) drm(E) libata(E) ccp(E) ghash_clmulni_intel(E) mii(E) t10_pi(E) mlxfw(E) sp5100_tco(E) psample(E) pci_hyperv_intf(E) wmi(E) dm_multipath(E) sunrpc(E) dm_mirror(E) dm_region_hash(E) dm_log(E) dm_mod(E) be2iscsi(E) bnx2i(E) cnic(E) uio(E) cxgb4i(E) cxgb4(E) tls(E) libcxgbi(E) libcxgb(E) qla4xxx(E)\n[ 549.225752] iscsi_boot_sysfs(E) iscsi_tcp(E) libiscsi_tcp(E) libiscsi(E) scsi_transport_iscsi(E) fuse(E) [last unloaded: gsp_log(E)]\n[ 549.326293] CPU: 8 PID: 6314 Comm: insmod Tainted: G E 6.9.0-rc6+ #1\n[ 549.334039] Hardware name: ASRockRack 1U1G-MILAN/N/ROMED8-NL, BIOS L3.12E 09/06/2022\n[ 549.341781] RIP: 0010:r535_gsp_msgq_wait+0xd0/0x190 [nvkm]\n[ 549.347343] Code: 08 00 00 89 da c1 e2 0c 48 8d ac 11 00 10 00 00 48 8b 0c 24 48 85 c9 74 1f c1 e0 0c 4c 8d 6d 30 83 e8 30 89 01 e9 68 ff ff ff \u003c0f\u003e 0b 49 c7 c5 92 ff ff ff e9 5a ff ff ff ba ff ff ff ff be c0 0c\n[ 549.366090] RSP: 0018:ffffacbccaaeb7d0 EFLAGS: 00010246\n[ 549.371315] RAX: 0000000000000000 RBX: 0000000000000012 RCX: 0000000000923e28\n[ 549.378451] RDX: 0000000000000000 RSI: 0000000055555554 RDI: ffffacbccaaeb730\n[ 549.385590] RBP: 0000000000000001 R08: ffff8bd14d235f70 R09: ffff8bd14d235f70\n[ 549.392721] R10: 0000000000000002 R11: ffff8bd14d233864 R12: 0000000000000020\n[ 549.399854] R13: ffffacbccaaeb818 R14: 0000000000000020 R15: ffff8bb298c67000\n[ 549.406988] FS: 00007f5179244740(0000) GS:ffff8bd14d200000(0000) knlGS:0000000000000000\n[ 549.415076] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 549.420829] CR2: 00007fa844000010 CR3: 00000001567dc005 CR4: 0000000000770ef0\n[ 549.427963] PKRU: 55555554\n[ 549.430672] Call Trace:\n[ 549.433126] \u003cTASK\u003e\n[ 549.435233] ? __warn+0x7f/0x130\n[ 549.438473] ? r535_gsp_msgq_wait+0xd0/0x190 [nvkm]\n[ 549.443426] ? report_bug+0x18a/0x1a0\n[ 549.447098] ? handle_bug+0x3c/0x70\n[ 549.450589] ? exc_invalid_op+0x14/0x70\n[ 549.454430] ? asm_exc_invalid_op+0x16/0x20\n[ 549.458619] ? r535_gsp_msgq_wait+0xd0/0x190 [nvkm]\n[ 549.463565] r535_gsp_msg_recv+0x46/0x230 [nvkm]\n[ 549.468257] r535_gsp_rpc_push+0x106/0x160 [nvkm]\n[ 549.473033] r535_gsp_rpc_rm_ctrl_push+0x40/0x130 [nvkm]\n[ 549.478422] nvidia_grid_init_vgpu_types+0xbc/0xe0 [nvkm]\n[ 549.483899] nvidia_grid_init+0xb1/0xd0 [nvkm]\n[ 549.488420] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 549.493213] nvkm_device_pci_probe+0x305/0x420 [nvkm]\n[ 549.498338] local_pci_probe+0x46/\n---truncated---", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-58018", "https://git.kernel.org/linus/01ed662bdd6fce4f59c1804b334610d710d79fa0 (6.14-rc1)", "https://git.kernel.org/stable/c/01ed662bdd6fce4f59c1804b334610d710d79fa0", "https://git.kernel.org/stable/c/56e6c7f6d2a6b4e0aae0528c502e56825bb40598", "https://git.kernel.org/stable/c/6b6b75728c86f60c1fc596f0d4542427d0e6065b", "https://linux.oracle.com/cve/CVE-2024-58018.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025022657-CVE-2024-58018-605c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-58018", "https://ubuntu.com/security/notices/USN-7521-1", "https://ubuntu.com/security/notices/USN-7521-2", "https://ubuntu.com/security/notices/USN-7521-3", "https://ubuntu.com/security/notices/USN-7651-1", "https://ubuntu.com/security/notices/USN-7651-2", "https://ubuntu.com/security/notices/USN-7651-3", "https://ubuntu.com/security/notices/USN-7651-4", "https://ubuntu.com/security/notices/USN-7651-5", "https://ubuntu.com/security/notices/USN-7651-6", "https://ubuntu.com/security/notices/USN-7652-1", "https://ubuntu.com/security/notices/USN-7653-1", "https://ubuntu.com/security/notices/USN-7737-1", "https://www.cve.org/CVERecord?id=CVE-2024-58018" ], "PublishedDate": "2025-02-27T03:15:12.797Z", "LastModifiedDate": "2025-10-22T19:36:06.507Z" }, { "VulnerabilityID": "CVE-2024-58019", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58019", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3927fc6181f1aaa538bd77f8b1e4af554d874bd43979ada1c64da9665feaefff", "Title": "kernel: nvkm/gsp: correctly advance the read pointer of GSP message queue", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvkm/gsp: correctly advance the read pointer of GSP message queue\n\nA GSP event message consists three parts: message header, RPC header,\nmessage body. GSP calculates the number of pages to write from the\ntotal size of a GSP message. This behavior can be observed from the\nmovement of the write pointer.\n\nHowever, nvkm takes only the size of RPC header and message body as\nthe message size when advancing the read pointer. When handling a\ntwo-page GSP message in the non rollback case, It wrongly takes the\nmessage body of the previous message as the message header of the next\nmessage. As the \"message length\" tends to be zero, in the calculation of\nsize needs to be copied (0 - size of (message header)), the size needs to\nbe copied will be \"0xffffffxx\". It also triggers a kernel panic due to a\nNULL pointer error.\n\n[ 547.614102] msg: 00000f90: ff ff ff ff ff ff ff ff 40 d7 18 fb 8b 00 00 00 ........@.......\n[ 547.622533] msg: 00000fa0: 00 00 00 00 ff ff ff ff ff ff ff ff 00 00 00 00 ................\n[ 547.630965] msg: 00000fb0: ff ff ff ff ff ff ff ff 00 00 00 00 ff ff ff ff ................\n[ 547.639397] msg: 00000fc0: ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ................\n[ 547.647832] nvkm 0000:c1:00.0: gsp: peek msg rpc fn:0 len:0x0/0xffffffffffffffe0\n[ 547.655225] nvkm 0000:c1:00.0: gsp: get msg rpc fn:0 len:0x0/0xffffffffffffffe0\n[ 547.662532] BUG: kernel NULL pointer dereference, address: 0000000000000020\n[ 547.669485] #PF: supervisor read access in kernel mode\n[ 547.674624] #PF: error_code(0x0000) - not-present page\n[ 547.679755] PGD 0 P4D 0\n[ 547.682294] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ 547.686643] CPU: 22 PID: 322 Comm: kworker/22:1 Tainted: G E 6.9.0-rc6+ #1\n[ 547.694893] Hardware name: ASRockRack 1U1G-MILAN/N/ROMED8-NL, BIOS L3.12E 09/06/2022\n[ 547.702626] Workqueue: events r535_gsp_msgq_work [nvkm]\n[ 547.707921] RIP: 0010:r535_gsp_msg_recv+0x87/0x230 [nvkm]\n[ 547.713375] Code: 00 8b 70 08 48 89 e1 31 d2 4c 89 f7 e8 12 f5 ff ff 48 89 c5 48 85 c0 0f 84 cf 00 00 00 48 81 fd 00 f0 ff ff 0f 87 c4 00 00 00 \u003c8b\u003e 55 10 41 8b 46 30 85 d2 0f 85 f6 00 00 00 83 f8 04 76 10 ba 05\n[ 547.732119] RSP: 0018:ffffabe440f87e10 EFLAGS: 00010203\n[ 547.737335] RAX: 0000000000000010 RBX: 0000000000000008 RCX: 000000000000003f\n[ 547.744461] RDX: 0000000000000000 RSI: ffffabe4480a8030 RDI: 0000000000000010\n[ 547.751585] RBP: 0000000000000010 R08: 0000000000000000 R09: ffffabe440f87bb0\n[ 547.758707] R10: ffffabe440f87dc8 R11: 0000000000000010 R12: 0000000000000000\n[ 547.765834] R13: 0000000000000000 R14: ffff9351df1e5000 R15: 0000000000000000\n[ 547.772958] FS: 0000000000000000(0000) GS:ffff93708eb00000(0000) knlGS:0000000000000000\n[ 547.781035] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 547.786771] CR2: 0000000000000020 CR3: 00000003cc220002 CR4: 0000000000770ef0\n[ 547.793896] PKRU: 55555554\n[ 547.796600] Call Trace:\n[ 547.799046] \u003cTASK\u003e\n[ 547.801152] ? __die+0x20/0x70\n[ 547.804211] ? page_fault_oops+0x75/0x170\n[ 547.808221] ? print_hex_dump+0x100/0x160\n[ 547.812226] ? exc_page_fault+0x64/0x150\n[ 547.816152] ? asm_exc_page_fault+0x22/0x30\n[ 547.820341] ? r535_gsp_msg_recv+0x87/0x230 [nvkm]\n[ 547.825184] r535_gsp_msgq_work+0x42/0x50 [nvkm]\n[ 547.829845] process_one_work+0x196/0x3d0\n[ 547.833861] worker_thread+0x2fc/0x410\n[ 547.837613] ? __pfx_worker_thread+0x10/0x10\n[ 547.841885] kthread+0xdf/0x110\n[ 547.845031] ? __pfx_kthread+0x10/0x10\n[ 547.848775] ret_from_fork+0x30/0x50\n[ 547.852354] ? __pfx_kthread+0x10/0x10\n[ 547.856097] ret_from_fork_asm+0x1a/0x30\n[ 547.860019] \u003c/TASK\u003e\n[ 547.862208] Modules linked in: nvkm(E) gsp_log(E) snd_seq_dummy(E) snd_hrtimer(E) snd_seq(E) snd_timer(E) snd_seq_device(E) snd(E) soundcore(E) rfkill(E) qrtr(E) vfat(E) fat(E) ipmi_ssif(E) amd_atl(E) intel_rapl_msr(E) intel_rapl_common(E) amd64_edac(E) mlx5_ib(E) edac_mce_amd(E) kvm_amd\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-58019", "https://git.kernel.org/linus/8d9beb4aebc02c4bd09e1d39c9c5f1c68c786dbc (6.14-rc1)", "https://git.kernel.org/stable/c/5185e63b45ea39339ed83f269e2ddfafb07e70d9", "https://git.kernel.org/stable/c/67c9cf82f50236d9c000333b26b4f95eb2c3e1b2", "https://git.kernel.org/stable/c/8d9beb4aebc02c4bd09e1d39c9c5f1c68c786dbc", "https://linux.oracle.com/cve/CVE-2024-58019.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025022658-CVE-2024-58019-64da@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-58019", "https://ubuntu.com/security/notices/USN-7521-1", "https://ubuntu.com/security/notices/USN-7521-2", "https://ubuntu.com/security/notices/USN-7521-3", "https://ubuntu.com/security/notices/USN-7651-1", "https://ubuntu.com/security/notices/USN-7651-2", "https://ubuntu.com/security/notices/USN-7651-3", "https://ubuntu.com/security/notices/USN-7651-4", "https://ubuntu.com/security/notices/USN-7651-5", "https://ubuntu.com/security/notices/USN-7651-6", "https://ubuntu.com/security/notices/USN-7652-1", "https://ubuntu.com/security/notices/USN-7653-1", "https://ubuntu.com/security/notices/USN-7737-1", "https://www.cve.org/CVERecord?id=CVE-2024-58019" ], "PublishedDate": "2025-02-27T03:15:12.897Z", "LastModifiedDate": "2025-10-28T20:41:36.903Z" }, { "VulnerabilityID": "CVE-2024-58053", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58053", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d84d3d11f34f2d0875833ff25b6a20758c8b8afd2d2aeb9a7de086d8aa0a74c6", "Title": "kernel: rxrpc: Fix handling of received connection abort", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix handling of received connection abort\n\nFix the handling of a connection abort that we've received. Though the\nabort is at the connection level, it needs propagating to the calls on that\nconnection. Whilst the propagation bit is performed, the calls aren't then\nwoken up to go and process their termination, and as no further input is\nforthcoming, they just hang.\n\nAlso add some tracing for the logging of connection aborts.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-58053", "https://git.kernel.org/linus/0e56ebde245e4799ce74d38419426f2a80d39950 (6.14-rc1)", "https://git.kernel.org/stable/c/0e56ebde245e4799ce74d38419426f2a80d39950", "https://git.kernel.org/stable/c/5842ce7b120c65624052a8da04460d35b26caac0", "https://git.kernel.org/stable/c/96d1d927c4d03ee9dcee7640bca70b74e63504fc", "https://git.kernel.org/stable/c/9c6702260557c0183d8417c79a37777a3d3e58e8", "https://linux.oracle.com/cve/CVE-2024-58053.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025030605-CVE-2024-58053-3c8d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-58053", "https://ubuntu.com/security/notices/USN-7521-1", "https://ubuntu.com/security/notices/USN-7521-2", "https://ubuntu.com/security/notices/USN-7521-3", "https://ubuntu.com/security/notices/USN-7651-1", "https://ubuntu.com/security/notices/USN-7651-2", "https://ubuntu.com/security/notices/USN-7651-3", "https://ubuntu.com/security/notices/USN-7651-4", "https://ubuntu.com/security/notices/USN-7651-5", "https://ubuntu.com/security/notices/USN-7651-6", "https://ubuntu.com/security/notices/USN-7652-1", "https://ubuntu.com/security/notices/USN-7653-1", "https://ubuntu.com/security/notices/USN-7737-1", "https://www.cve.org/CVERecord?id=CVE-2024-58053" ], "PublishedDate": "2025-03-06T16:15:51.49Z", "LastModifiedDate": "2025-10-28T02:48:49.883Z" }, { "VulnerabilityID": "CVE-2024-58054", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58054", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a4e517c5985fcd8f749cae7b96ef9de617b0ae0895a099e22d73a9f6b30b1f43", "Title": "kernel: staging: media: max96712: fix kernel oops when removing module", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: media: max96712: fix kernel oops when removing module\n\nThe following kernel oops is thrown when trying to remove the max96712\nmodule:\n\nUnable to handle kernel paging request at virtual address 00007375746174db\nMem abort info:\n ESR = 0x0000000096000004\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x04: level 0 translation fault\nData abort info:\n ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\nuser pgtable: 4k pages, 48-bit VAs, pgdp=000000010af89000\n[00007375746174db] pgd=0000000000000000, p4d=0000000000000000\nInternal error: Oops: 0000000096000004 [#1] PREEMPT SMP\nModules linked in: crct10dif_ce polyval_ce mxc_jpeg_encdec flexcan\n snd_soc_fsl_sai snd_soc_fsl_asoc_card snd_soc_fsl_micfil dwc_mipi_csi2\n imx_csi_formatter polyval_generic v4l2_jpeg imx_pcm_dma can_dev\n snd_soc_imx_audmux snd_soc_wm8962 snd_soc_imx_card snd_soc_fsl_utils\n max96712(C-) rpmsg_ctrl rpmsg_char pwm_fan fuse\n [last unloaded: imx8_isi]\nCPU: 0 UID: 0 PID: 754 Comm: rmmod\n\t Tainted: G C 6.12.0-rc6-06364-g327fec852c31 #17\nTainted: [C]=CRAP\nHardware name: NXP i.MX95 19X19 board (DT)\npstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : led_put+0x1c/0x40\nlr : v4l2_subdev_put_privacy_led+0x48/0x58\nsp : ffff80008699bbb0\nx29: ffff80008699bbb0 x28: ffff00008ac233c0 x27: 0000000000000000\nx26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\nx23: ffff000080cf1170 x22: ffff00008b53bd00 x21: ffff8000822ad1c8\nx20: ffff000080ff5c00 x19: ffff00008b53be40 x18: 0000000000000000\nx17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\nx14: 0000000000000004 x13: ffff0000800f8010 x12: 0000000000000000\nx11: ffff000082acf5c0 x10: ffff000082acf478 x9 : ffff0000800f8010\nx8 : 0101010101010101 x7 : 7f7f7f7f7f7f7f7f x6 : fefefeff6364626d\nx5 : 8080808000000000 x4 : 0000000000000020 x3 : 00000000553a3dc1\nx2 : ffff00008ac233c0 x1 : ffff00008ac233c0 x0 : ff00737574617473\nCall trace:\n led_put+0x1c/0x40\n v4l2_subdev_put_privacy_led+0x48/0x58\n v4l2_async_unregister_subdev+0x2c/0x1a4\n max96712_remove+0x1c/0x38 [max96712]\n i2c_device_remove+0x2c/0x9c\n device_remove+0x4c/0x80\n device_release_driver_internal+0x1cc/0x228\n driver_detach+0x4c/0x98\n bus_remove_driver+0x6c/0xbc\n driver_unregister+0x30/0x60\n i2c_del_driver+0x54/0x64\n max96712_i2c_driver_exit+0x18/0x1d0 [max96712]\n __arm64_sys_delete_module+0x1a4/0x290\n invoke_syscall+0x48/0x10c\n el0_svc_common.constprop.0+0xc0/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x34/0xd8\n el0t_64_sync_handler+0x120/0x12c\n el0t_64_sync+0x190/0x194\nCode: f9000bf3 aa0003f3 f9402800 f9402000 (f9403400)\n---[ end trace 0000000000000000 ]---\n\nThis happens because in v4l2_i2c_subdev_init(), the i2c_set_cliendata()\nis called again and the data is overwritten to point to sd, instead of\npriv. So, in remove(), the wrong pointer is passed to\nv4l2_async_unregister_subdev(), leading to a crash.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 3, "oracle-oval": 3, "photon": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-58054", "https://git.kernel.org/linus/ee1b5046d5cd892a0754ab982aeaaad3702083a5 (6.14-rc1)", "https://git.kernel.org/stable/c/1556b9149b81cc549c13f5e56e81e89404d8a666", "https://git.kernel.org/stable/c/278a98f6d8a7bbe1110433b057333536e4490edf", "https://git.kernel.org/stable/c/3311c5395e7322298b659b8addc704b39fb3a59c", "https://git.kernel.org/stable/c/dfde3d63afbaae664c4d36e53cfb4045d5374561", "https://git.kernel.org/stable/c/ee1b5046d5cd892a0754ab982aeaaad3702083a5", "https://linux.oracle.com/cve/CVE-2024-58054.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html", "https://lore.kernel.org/linux-cve-announce/2025030606-CVE-2024-58054-cdfe@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-58054", "https://ubuntu.com/security/notices/USN-7521-1", "https://ubuntu.com/security/notices/USN-7521-2", "https://ubuntu.com/security/notices/USN-7521-3", "https://ubuntu.com/security/notices/USN-7651-1", "https://ubuntu.com/security/notices/USN-7651-2", "https://ubuntu.com/security/notices/USN-7651-3", "https://ubuntu.com/security/notices/USN-7651-4", "https://ubuntu.com/security/notices/USN-7651-5", "https://ubuntu.com/security/notices/USN-7651-6", "https://ubuntu.com/security/notices/USN-7652-1", "https://ubuntu.com/security/notices/USN-7653-1", "https://ubuntu.com/security/notices/USN-7737-1", "https://www.cve.org/CVERecord?id=CVE-2024-58054" ], "PublishedDate": "2025-03-06T16:15:51.6Z", "LastModifiedDate": "2026-01-22T20:55:53.09Z" }, { "VulnerabilityID": "CVE-2024-58077", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58077", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:920801474b8916625e5549d1915d764e5f99a1c53ca772d3ba3ca271bb32e93c", "Title": "kernel: ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback\n\ncommit 1f5664351410 (\"ASoC: lower \"no backend DAIs enabled for ... Port\"\nlog severity\") ignores -EINVAL error message on common soc_pcm_ret().\nIt is used from many functions, ignoring -EINVAL is over-kill.\n\nThe reason why -EINVAL was ignored was it really should only be used\nupon invalid parameters coming from userspace and in that case we don't\nwant to log an error since we do not want to give userspace a way to do\na denial-of-service attack on the syslog / diskspace.\n\nSo don't use soc_pcm_ret() on .prepare callback is better idea.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:20518", "https://access.redhat.com/security/cve/CVE-2024-58077", "https://bugzilla.redhat.com/2298169", "https://bugzilla.redhat.com/2312077", "https://bugzilla.redhat.com/2313092", "https://bugzilla.redhat.com/2320172", "https://bugzilla.redhat.com/2320259", "https://bugzilla.redhat.com/2320455", "https://bugzilla.redhat.com/2320616", "https://bugzilla.redhat.com/2320722", "https://bugzilla.redhat.com/2324549", "https://bugzilla.redhat.com/2327203", "https://bugzilla.redhat.com/2327374", "https://bugzilla.redhat.com/2327887", "https://bugzilla.redhat.com/2329918", "https://bugzilla.redhat.com/2330341", "https://bugzilla.redhat.com/2331326", "https://bugzilla.redhat.com/2334357", "https://bugzilla.redhat.com/2334396", "https://bugzilla.redhat.com/2334415", "https://bugzilla.redhat.com/2334439", "https://bugzilla.redhat.com/2334537", "https://bugzilla.redhat.com/2334547", "https://bugzilla.redhat.com/2334548", "https://bugzilla.redhat.com/2334560", "https://bugzilla.redhat.com/2334676", "https://bugzilla.redhat.com/2334795", "https://bugzilla.redhat.com/2334829", "https://bugzilla.redhat.com/2336541", "https://bugzilla.redhat.com/2337121", "https://bugzilla.redhat.com/2337124", "https://bugzilla.redhat.com/2338814", "https://bugzilla.redhat.com/2338828", "https://bugzilla.redhat.com/2338832", "https://bugzilla.redhat.com/2343172", "https://bugzilla.redhat.com/2343175", "https://bugzilla.redhat.com/2344684", "https://bugzilla.redhat.com/2344687", "https://bugzilla.redhat.com/2345240", "https://bugzilla.redhat.com/2346272", "https://bugzilla.redhat.com/2347707", "https://bugzilla.redhat.com/2347753", "https://bugzilla.redhat.com/2347759", "https://bugzilla.redhat.com/2347781", "https://bugzilla.redhat.com/2347807", "https://bugzilla.redhat.com/2347859", "https://bugzilla.redhat.com/2347919", "https://bugzilla.redhat.com/2347968", "https://bugzilla.redhat.com/2348022", "https://bugzilla.redhat.com/2348071", "https://bugzilla.redhat.com/2348238", "https://bugzilla.redhat.com/2348240", "https://bugzilla.redhat.com/2348279", "https://bugzilla.redhat.com/2348515", "https://bugzilla.redhat.com/2348523", "https://bugzilla.redhat.com/2348528", "https://bugzilla.redhat.com/2348541", "https://bugzilla.redhat.com/2348543", "https://bugzilla.redhat.com/2348547", "https://bugzilla.redhat.com/2348550", "https://bugzilla.redhat.com/2348554", "https://bugzilla.redhat.com/2348556", "https://bugzilla.redhat.com/2348566", "https://bugzilla.redhat.com/2348573", "https://bugzilla.redhat.com/2348574", "https://bugzilla.redhat.com/2348577", "https://bugzilla.redhat.com/2348578", "https://bugzilla.redhat.com/2348581", "https://bugzilla.redhat.com/2348584", "https://bugzilla.redhat.com/2348585", "https://bugzilla.redhat.com/2348587", "https://bugzilla.redhat.com/2348595", "https://bugzilla.redhat.com/2348597", "https://bugzilla.redhat.com/2348600", "https://bugzilla.redhat.com/2348601", "https://bugzilla.redhat.com/2348615", "https://bugzilla.redhat.com/2348620", "https://bugzilla.redhat.com/2348625", "https://bugzilla.redhat.com/2348634", "https://bugzilla.redhat.com/2348645", "https://bugzilla.redhat.com/2348650", "https://bugzilla.redhat.com/2348654", "https://bugzilla.redhat.com/2348901", "https://bugzilla.redhat.com/2350363", "https://bugzilla.redhat.com/2350367", "https://bugzilla.redhat.com/2350374", "https://bugzilla.redhat.com/2350375", "https://bugzilla.redhat.com/2350386", "https://bugzilla.redhat.com/2350388", "https://bugzilla.redhat.com/2350392", "https://bugzilla.redhat.com/2350396", "https://bugzilla.redhat.com/2350397", "https://bugzilla.redhat.com/2350400", "https://bugzilla.redhat.com/2350585", "https://bugzilla.redhat.com/2350589", "https://bugzilla.redhat.com/2350725", "https://bugzilla.redhat.com/2350726", "https://bugzilla.redhat.com/2351606", "https://bugzilla.redhat.com/2351608", "https://bugzilla.redhat.com/2351612", "https://bugzilla.redhat.com/2351613", "https://bugzilla.redhat.com/2351616", "https://bugzilla.redhat.com/2351618", "https://bugzilla.redhat.com/2351620", "https://bugzilla.redhat.com/2351624", "https://bugzilla.redhat.com/2351625", "https://bugzilla.redhat.com/2351629", "https://bugzilla.redhat.com/2351633", "https://bugzilla.redhat.com/2360215", "https://bugzilla.redhat.com/2363380", "https://bugzilla.redhat.com/2369184", "https://bugzilla.redhat.com/2376076", "https://bugzilla.redhat.com/2383441", "https://bugzilla.redhat.com/show_bug.cgi?id=2298169", "https://bugzilla.redhat.com/show_bug.cgi?id=2312077", "https://bugzilla.redhat.com/show_bug.cgi?id=2313092", "https://bugzilla.redhat.com/show_bug.cgi?id=2320172", "https://bugzilla.redhat.com/show_bug.cgi?id=2320259", "https://bugzilla.redhat.com/show_bug.cgi?id=2320455", "https://bugzilla.redhat.com/show_bug.cgi?id=2320616", "https://bugzilla.redhat.com/show_bug.cgi?id=2320722", "https://bugzilla.redhat.com/show_bug.cgi?id=2324549", "https://bugzilla.redhat.com/show_bug.cgi?id=2327203", "https://bugzilla.redhat.com/show_bug.cgi?id=2327374", "https://bugzilla.redhat.com/show_bug.cgi?id=2327887", "https://bugzilla.redhat.com/show_bug.cgi?id=2329918", "https://bugzilla.redhat.com/show_bug.cgi?id=2330341", "https://bugzilla.redhat.com/show_bug.cgi?id=2331326", "https://bugzilla.redhat.com/show_bug.cgi?id=2334357", "https://bugzilla.redhat.com/show_bug.cgi?id=2334396", "https://bugzilla.redhat.com/show_bug.cgi?id=2334415", "https://bugzilla.redhat.com/show_bug.cgi?id=2334439", "https://bugzilla.redhat.com/show_bug.cgi?id=2334537", "https://bugzilla.redhat.com/show_bug.cgi?id=2334547", "https://bugzilla.redhat.com/show_bug.cgi?id=2334548", "https://bugzilla.redhat.com/show_bug.cgi?id=2334560", "https://bugzilla.redhat.com/show_bug.cgi?id=2334676", "https://bugzilla.redhat.com/show_bug.cgi?id=2334795", "https://bugzilla.redhat.com/show_bug.cgi?id=2334829", "https://bugzilla.redhat.com/show_bug.cgi?id=2336541", "https://bugzilla.redhat.com/show_bug.cgi?id=2337121", "https://bugzilla.redhat.com/show_bug.cgi?id=2337124", "https://bugzilla.redhat.com/show_bug.cgi?id=2338814", "https://bugzilla.redhat.com/show_bug.cgi?id=2338828", "https://bugzilla.redhat.com/show_bug.cgi?id=2338832", "https://bugzilla.redhat.com/show_bug.cgi?id=2343172", "https://bugzilla.redhat.com/show_bug.cgi?id=2343175", "https://bugzilla.redhat.com/show_bug.cgi?id=2344684", "https://bugzilla.redhat.com/show_bug.cgi?id=2344687", "https://bugzilla.redhat.com/show_bug.cgi?id=2345240", "https://bugzilla.redhat.com/show_bug.cgi?id=2346272", "https://bugzilla.redhat.com/show_bug.cgi?id=2347707", "https://bugzilla.redhat.com/show_bug.cgi?id=2347753", "https://bugzilla.redhat.com/show_bug.cgi?id=2347759", "https://bugzilla.redhat.com/show_bug.cgi?id=2347781", "https://bugzilla.redhat.com/show_bug.cgi?id=2347807", "https://bugzilla.redhat.com/show_bug.cgi?id=2347859", "https://bugzilla.redhat.com/show_bug.cgi?id=2347919", "https://bugzilla.redhat.com/show_bug.cgi?id=2347968", "https://bugzilla.redhat.com/show_bug.cgi?id=2348022", "https://bugzilla.redhat.com/show_bug.cgi?id=2348071", "https://bugzilla.redhat.com/show_bug.cgi?id=2348238", "https://bugzilla.redhat.com/show_bug.cgi?id=2348240", "https://bugzilla.redhat.com/show_bug.cgi?id=2348279", "https://bugzilla.redhat.com/show_bug.cgi?id=2348515", "https://bugzilla.redhat.com/show_bug.cgi?id=2348523", "https://bugzilla.redhat.com/show_bug.cgi?id=2348528", "https://bugzilla.redhat.com/show_bug.cgi?id=2348541", "https://bugzilla.redhat.com/show_bug.cgi?id=2348543", "https://bugzilla.redhat.com/show_bug.cgi?id=2348547", "https://bugzilla.redhat.com/show_bug.cgi?id=2348550", "https://bugzilla.redhat.com/show_bug.cgi?id=2348554", "https://bugzilla.redhat.com/show_bug.cgi?id=2348556", "https://bugzilla.redhat.com/show_bug.cgi?id=2348566", "https://bugzilla.redhat.com/show_bug.cgi?id=2348573", "https://bugzilla.redhat.com/show_bug.cgi?id=2348574", "https://bugzilla.redhat.com/show_bug.cgi?id=2348577", "https://bugzilla.redhat.com/show_bug.cgi?id=2348578", "https://bugzilla.redhat.com/show_bug.cgi?id=2348581", "https://bugzilla.redhat.com/show_bug.cgi?id=2348584", "https://bugzilla.redhat.com/show_bug.cgi?id=2348585", "https://bugzilla.redhat.com/show_bug.cgi?id=2348587", "https://bugzilla.redhat.com/show_bug.cgi?id=2348595", "https://bugzilla.redhat.com/show_bug.cgi?id=2348597", "https://bugzilla.redhat.com/show_bug.cgi?id=2348600", "https://bugzilla.redhat.com/show_bug.cgi?id=2348601", "https://bugzilla.redhat.com/show_bug.cgi?id=2348615", "https://bugzilla.redhat.com/show_bug.cgi?id=2348620", "https://bugzilla.redhat.com/show_bug.cgi?id=2348625", "https://bugzilla.redhat.com/show_bug.cgi?id=2348634", "https://bugzilla.redhat.com/show_bug.cgi?id=2348645", "https://bugzilla.redhat.com/show_bug.cgi?id=2348650", "https://bugzilla.redhat.com/show_bug.cgi?id=2348654", "https://bugzilla.redhat.com/show_bug.cgi?id=2348901", "https://bugzilla.redhat.com/show_bug.cgi?id=2350363", "https://bugzilla.redhat.com/show_bug.cgi?id=2350367", "https://bugzilla.redhat.com/show_bug.cgi?id=2350374", "https://bugzilla.redhat.com/show_bug.cgi?id=2350375", "https://bugzilla.redhat.com/show_bug.cgi?id=2350386", "https://bugzilla.redhat.com/show_bug.cgi?id=2350388", "https://bugzilla.redhat.com/show_bug.cgi?id=2350392", "https://bugzilla.redhat.com/show_bug.cgi?id=2350396", "https://bugzilla.redhat.com/show_bug.cgi?id=2350397", "https://bugzilla.redhat.com/show_bug.cgi?id=2350400", "https://bugzilla.redhat.com/show_bug.cgi?id=2350585", "https://bugzilla.redhat.com/show_bug.cgi?id=2350589", "https://bugzilla.redhat.com/show_bug.cgi?id=2350725", "https://bugzilla.redhat.com/show_bug.cgi?id=2350726", "https://bugzilla.redhat.com/show_bug.cgi?id=2351606", "https://bugzilla.redhat.com/show_bug.cgi?id=2351608", "https://bugzilla.redhat.com/show_bug.cgi?id=2351612", "https://bugzilla.redhat.com/show_bug.cgi?id=2351613", "https://bugzilla.redhat.com/show_bug.cgi?id=2351616", "https://bugzilla.redhat.com/show_bug.cgi?id=2351618", "https://bugzilla.redhat.com/show_bug.cgi?id=2351620", "https://bugzilla.redhat.com/show_bug.cgi?id=2351624", "https://bugzilla.redhat.com/show_bug.cgi?id=2351625", "https://bugzilla.redhat.com/show_bug.cgi?id=2351629", "https://bugzilla.redhat.com/show_bug.cgi?id=2351633", "https://bugzilla.redhat.com/show_bug.cgi?id=2356647", "https://bugzilla.redhat.com/show_bug.cgi?id=2360215", "https://bugzilla.redhat.com/show_bug.cgi?id=2360223", "https://bugzilla.redhat.com/show_bug.cgi?id=2363380", "https://bugzilla.redhat.com/show_bug.cgi?id=2369184", "https://bugzilla.redhat.com/show_bug.cgi?id=2376076", "https://bugzilla.redhat.com/show_bug.cgi?id=2383441", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48830", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49024", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49269", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49353", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49432", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49437", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49443", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49623", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49627", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49643", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49657", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49670", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49845", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36350", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46744", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47679", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47727", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49570", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50060", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50195", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50294", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52332", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53052", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53090", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53119", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53135", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53170", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53229", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53241", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53680", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54456", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56603", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56645", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56662", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56690", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56709", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57981", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57986", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57987", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57988", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57990", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57993", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57995", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57998", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58012", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58015", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58057", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58062", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58068", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58072", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58075", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58077", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58083", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58088", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21647", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21671", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21693", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21696", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21702", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21714", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21728", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21738", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21745", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21746", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21765", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21787", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21806", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21828", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21829", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21837", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21839", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21844", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21846", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21848", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21851", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21855", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21861", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21863", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21902", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37994", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38116", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38396", "https://errata.almalinux.org/9/ALSA-2025-20518.html", "https://errata.rockylinux.org/RLSA-2025:20518", "https://git.kernel.org/linus/301c26a018acb94dd537a4418cefa0f654500c6f (6.14-rc1)", "https://git.kernel.org/stable/c/301c26a018acb94dd537a4418cefa0f654500c6f", "https://git.kernel.org/stable/c/79b8c7c93beb4f5882c9ee5b9ba73354fa4bc9ee", "https://git.kernel.org/stable/c/8ec4e8c8e142933eaa8e1ed87168831069250e4e", "https://git.kernel.org/stable/c/90778f31efdf44622065ebbe8d228284104bd26f", "https://git.kernel.org/stable/c/b65ba768302adc7ddc70811116cef80ca089af59", "https://linux.oracle.com/cve/CVE-2024-58077.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html", "https://lore.kernel.org/linux-cve-announce/2025030608-CVE-2024-58077-d4e3@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-58077", "https://ubuntu.com/security/notices/USN-7521-1", "https://ubuntu.com/security/notices/USN-7521-2", "https://ubuntu.com/security/notices/USN-7521-3", "https://ubuntu.com/security/notices/USN-7651-1", "https://ubuntu.com/security/notices/USN-7651-2", "https://ubuntu.com/security/notices/USN-7651-3", "https://ubuntu.com/security/notices/USN-7651-4", "https://ubuntu.com/security/notices/USN-7651-5", "https://ubuntu.com/security/notices/USN-7651-6", "https://ubuntu.com/security/notices/USN-7652-1", "https://ubuntu.com/security/notices/USN-7653-1", "https://ubuntu.com/security/notices/USN-7737-1", "https://www.cve.org/CVERecord?id=CVE-2024-58077" ], "PublishedDate": "2025-03-06T17:15:21.123Z", "LastModifiedDate": "2025-11-03T20:17:01.857Z" }, { "VulnerabilityID": "CVE-2024-58089", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58089", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e1362abde51c8a26d074e4e2160d1de9364d7b2be153bfad075c26b7b9d5dbb7", "Title": "kernel: btrfs: fix double accounting race when btrfs_run_delalloc_range() failed", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix double accounting race when btrfs_run_delalloc_range() failed\n\n[BUG]\nWhen running btrfs with block size (4K) smaller than page size (64K,\naarch64), there is a very high chance to crash the kernel at\ngeneric/750, with the following messages:\n(before the call traces, there are 3 extra debug messages added)\n\n BTRFS warning (device dm-3): read-write for sector size 4096 with page size 65536 is experimental\n BTRFS info (device dm-3): checking UUID tree\n hrtimer: interrupt took 5451385 ns\n BTRFS error (device dm-3): cow_file_range failed, root=4957 inode=257 start=1605632 len=69632: -28\n BTRFS error (device dm-3): run_delalloc_nocow failed, root=4957 inode=257 start=1605632 len=69632: -28\n BTRFS error (device dm-3): failed to run delalloc range, root=4957 ino=257 folio=1572864 submit_bitmap=8-15 start=1605632 len=69632: -28\n ------------[ cut here ]------------\n WARNING: CPU: 2 PID: 3020984 at ordered-data.c:360 can_finish_ordered_extent+0x370/0x3b8 [btrfs]\n CPU: 2 UID: 0 PID: 3020984 Comm: kworker/u24:1 Tainted: G OE 6.13.0-rc1-custom+ #89\n Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022\n Workqueue: events_unbound btrfs_async_reclaim_data_space [btrfs]\n pc : can_finish_ordered_extent+0x370/0x3b8 [btrfs]\n lr : can_finish_ordered_extent+0x1ec/0x3b8 [btrfs]\n Call trace:\n can_finish_ordered_extent+0x370/0x3b8 [btrfs] (P)\n can_finish_ordered_extent+0x1ec/0x3b8 [btrfs] (L)\n btrfs_mark_ordered_io_finished+0x130/0x2b8 [btrfs]\n extent_writepage+0x10c/0x3b8 [btrfs]\n extent_write_cache_pages+0x21c/0x4e8 [btrfs]\n btrfs_writepages+0x94/0x160 [btrfs]\n do_writepages+0x74/0x190\n filemap_fdatawrite_wbc+0x74/0xa0\n start_delalloc_inodes+0x17c/0x3b0 [btrfs]\n btrfs_start_delalloc_roots+0x17c/0x288 [btrfs]\n shrink_delalloc+0x11c/0x280 [btrfs]\n flush_space+0x288/0x328 [btrfs]\n btrfs_async_reclaim_data_space+0x180/0x228 [btrfs]\n process_one_work+0x228/0x680\n worker_thread+0x1bc/0x360\n kthread+0x100/0x118\n ret_from_fork+0x10/0x20\n ---[ end trace 0000000000000000 ]---\n BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1605632 OE len=16384 to_dec=16384 left=0\n BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1622016 OE len=12288 to_dec=12288 left=0\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008\n BTRFS critical (device dm-3): bad ordered extent accounting, root=4957 ino=257 OE offset=1634304 OE len=8192 to_dec=4096 left=0\n CPU: 1 UID: 0 PID: 3286940 Comm: kworker/u24:3 Tainted: G W OE 6.13.0-rc1-custom+ #89\n Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022\n Workqueue: btrfs_work_helper [btrfs] (btrfs-endio-write)\n pstate: 404000c5 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : process_one_work+0x110/0x680\n lr : worker_thread+0x1bc/0x360\n Call trace:\n process_one_work+0x110/0x680 (P)\n worker_thread+0x1bc/0x360 (L)\n worker_thread+0x1bc/0x360\n kthread+0x100/0x118\n ret_from_fork+0x10/0x20\n Code: f84086a1 f9000fe1 53041c21 b9003361 (f9400661)\n ---[ end trace 0000000000000000 ]---\n Kernel panic - not syncing: Oops: Fatal exception\n SMP: stopping secondary CPUs\n SMP: failed to stop secondary CPUs 2-3\n Dumping ftrace buffer:\n (ftrace buffer empty)\n Kernel Offset: 0x275bb9540000 from 0xffff800080000000\n PHYS_OFFSET: 0xffff8fbba0000000\n CPU features: 0x100,00000070,00801250,8201720b\n\n[CAUSE]\nThe above warning is triggered immediately after the delalloc range\nfailure, this happens in the following sequence:\n\n- Range [1568K, 1636K) is dirty\n\n 1536K 1568K 1600K 1636K 1664K\n | |/////////|////////| |\n\n Where 1536K, 1600K and 1664K are page boundaries (64K page size)\n\n- Enter extent_writepage() for page 1536K\n\n- Enter run_delalloc_nocow() with locke\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-58089", "https://git.kernel.org/linus/72dad8e377afa50435940adfb697e070d3556670 (6.14-rc1)", "https://git.kernel.org/stable/c/0283ee1912c8e243c931f4ee5b3672e954fe0384", "https://git.kernel.org/stable/c/21333148b5c9e52f41fafcedec3810b56a5e0e40", "https://git.kernel.org/stable/c/72dad8e377afa50435940adfb697e070d3556670", "https://linux.oracle.com/cve/CVE-2024-58089.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025031210-CVE-2024-58089-8e03@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-58089", "https://www.cve.org/CVERecord?id=CVE-2024-58089" ], "PublishedDate": "2025-03-12T10:15:16.44Z", "LastModifiedDate": "2025-10-01T20:18:14.73Z" }, { "VulnerabilityID": "CVE-2024-58094", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58094", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4c43a020f59d08af8d11344f64e1ca25e03055707f3dfe4638bbdc0b7ff5954e", "Title": "kernel: jfs: add check read-only before truncation in jfs_truncate_nolock()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: add check read-only before truncation in jfs_truncate_nolock()\n\nAdded a check for \"read-only\" mode in the `jfs_truncate_nolock`\nfunction to avoid errors related to writing to a read-only\nfilesystem.\n\nCall stack:\n\nblock_write_begin() {\n jfs_write_failed() {\n jfs_truncate() {\n jfs_truncate_nolock() {\n txEnd() {\n ...\n log = JFS_SBI(tblk-\u003esb)-\u003elog;\n // (log == NULL)\n\nIf the `isReadOnly(ip)` condition is triggered in\n`jfs_truncate_nolock`, the function execution will stop, and no\nfurther data modification will occur. Instead, the `xtTruncate`\nfunction will be called with the \"COMMIT_WMAP\" flag, preventing\nmodifications in \"read-only\" mode.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-58094", "https://git.kernel.org/linus/b5799dd77054c1ec49b0088b006c9908e256843b (6.15-rc1)", "https://git.kernel.org/stable/c/b5799dd77054c1ec49b0088b006c9908e256843b", "https://git.kernel.org/stable/c/f605bc3e162f5c6faa9bd3602ce496053d06a4bb", "https://lore.kernel.org/linux-cve-announce/2025041652-CVE-2024-58094-b87b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-58094", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2024-58094" ], "PublishedDate": "2025-04-16T15:15:53.33Z", "LastModifiedDate": "2025-10-28T18:54:50.797Z" }, { "VulnerabilityID": "CVE-2024-58095", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58095", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f76abc450a35d25628fc8fb31b8ed6e33ce3930578968cfc925bcfe6983ab838", "Title": "kernel: jfs: add check read-only before txBeginAnon() call", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: add check read-only before txBeginAnon() call\n\nAdded a read-only check before calling `txBeginAnon` in `extAlloc`\nand `extRecord`. This prevents modification attempts on a read-only\nmounted filesystem, avoiding potential errors or crashes.\n\nCall trace:\n txBeginAnon+0xac/0x154\n extAlloc+0xe8/0xdec fs/jfs/jfs_extent.c:78\n jfs_get_block+0x340/0xb98 fs/jfs/inode.c:248\n __block_write_begin_int+0x580/0x166c fs/buffer.c:2128\n __block_write_begin fs/buffer.c:2177 [inline]\n block_write_begin+0x98/0x11c fs/buffer.c:2236\n jfs_write_begin+0x44/0x88 fs/jfs/inode.c:299", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-58095", "https://git.kernel.org/linus/0176e69743ecc02961f2ae1ea42439cd2bf9ed58 (6.15-rc1)", "https://git.kernel.org/stable/c/0176e69743ecc02961f2ae1ea42439cd2bf9ed58", "https://git.kernel.org/stable/c/15469c408af2d7a52fb186a92f2f091b0f13b1fb", "https://lore.kernel.org/linux-cve-announce/2025041653-CVE-2024-58095-9a41@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-58095", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2024-58095" ], "PublishedDate": "2025-04-16T15:15:53.467Z", "LastModifiedDate": "2025-10-28T18:55:30.84Z" }, { "VulnerabilityID": "CVE-2024-58096", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58096", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:20ce0ce97823aef47ddb58083c3d808a500465b069fc0c8c1d30dad77bbae819", "Title": "kernel: wifi: ath11k: add srng-\u003elock for ath11k_hal_srng_* in monitor mode", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: add srng-\u003elock for ath11k_hal_srng_* in monitor mode\n\nath11k_hal_srng_* should be used with srng-\u003elock to protect srng data.\n\nFor ath11k_dp_rx_mon_dest_process() and ath11k_dp_full_mon_process_rx(),\nthey use ath11k_hal_srng_* for many times but never call srng-\u003elock.\n\nSo when running (full) monitor mode, warning will occur:\nRIP: 0010:ath11k_hal_srng_dst_peek+0x18/0x30 [ath11k]\nCall Trace:\n ? ath11k_hal_srng_dst_peek+0x18/0x30 [ath11k]\n ath11k_dp_rx_process_mon_status+0xc45/0x1190 [ath11k]\n ? idr_alloc_u32+0x97/0xd0\n ath11k_dp_rx_process_mon_rings+0x32a/0x550 [ath11k]\n ath11k_dp_service_srng+0x289/0x5a0 [ath11k]\n ath11k_pcic_ext_grp_napi_poll+0x30/0xd0 [ath11k]\n __napi_poll+0x30/0x1f0\n net_rx_action+0x198/0x320\n __do_softirq+0xdd/0x319\n\nSo add srng-\u003elock for them to avoid such warnings.\n\nInorder to fetch the srng-\u003elock, should change srng's definition from\n'void' to 'struct hal_srng'. And initialize them elsewhere to prevent\none line of code from being too long. This is consistent with other ring\nprocess functions, such as ath11k_dp_process_rx().\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30\nTested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-58096", "https://git.kernel.org/linus/63b7af49496d0e32f7a748b6af3361ec138b1bd3 (6.15-rc1)", "https://git.kernel.org/stable/c/1d2178918efc928e11bed9631469ef79ff0a862a", "https://git.kernel.org/stable/c/27ca8004ba93a0665faa6d477eaeb551e03de6c8", "https://git.kernel.org/stable/c/63b7af49496d0e32f7a748b6af3361ec138b1bd3", "https://git.kernel.org/stable/c/b85758e76b6452740fc2a08ced6759af64c0d59a", "https://linux.oracle.com/cve/CVE-2024-58096.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2025041653-CVE-2024-58096-2320@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-58096", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2024-58096" ], "PublishedDate": "2025-04-16T15:15:53.587Z", "LastModifiedDate": "2026-02-06T17:16:14.537Z" }, { "VulnerabilityID": "CVE-2024-58097", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58097", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4d24290304deb902485a890d5a66e0bdf3055a0ca0f25256755c54d5fc8a7e29", "Title": "kernel: wifi: ath11k: fix RCU stall while reaping monitor destination ring", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix RCU stall while reaping monitor destination ring\n\nWhile processing the monitor destination ring, MSDUs are reaped from the\nlink descriptor based on the corresponding buf_id.\n\nHowever, sometimes the driver cannot obtain a valid buffer corresponding\nto the buf_id received from the hardware. This causes an infinite loop\nin the destination processing, resulting in a kernel crash.\n\nkernel log:\nath11k_pci 0000:58:00.0: data msdu_pop: invalid buf_id 309\nath11k_pci 0000:58:00.0: data dp_rx_monitor_link_desc_return failed\nath11k_pci 0000:58:00.0: data msdu_pop: invalid buf_id 309\nath11k_pci 0000:58:00.0: data dp_rx_monitor_link_desc_return failed\n\nFix this by skipping the problematic buf_id and reaping the next entry,\nreplacing the break with the next MSDU processing.\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30\nTested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1", "Severity": "MEDIUM", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-58097", "https://git.kernel.org/linus/16c6c35c03ea73054a1f6d3302a4ce4a331b427d (6.15-rc1)", "https://git.kernel.org/stable/c/16c6c35c03ea73054a1f6d3302a4ce4a331b427d", "https://git.kernel.org/stable/c/8db5de0cf02fccf4c759aa58edbe65659daf607c", "https://git.kernel.org/stable/c/9f1a002f0171d27f3554e529f3c70df438f05dfe", "https://git.kernel.org/stable/c/b4991fc41745645f8050506f5a8578bd11e6b378", "https://linux.oracle.com/cve/CVE-2024-58097.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2025041653-CVE-2024-58097-3fcb@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-58097", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2024-58097" ], "PublishedDate": "2025-04-16T15:15:53.683Z", "LastModifiedDate": "2026-01-30T10:15:54.143Z" }, { "VulnerabilityID": "CVE-2024-58098", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58098", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:39c7f68af3b1d164697f827b16b78f0ec5b0173744dccacecdd6238821e0ce98", "Title": "kernel: bpf: track changes_pkt_data property for global functions", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: track changes_pkt_data property for global functions\n\nWhen processing calls to certain helpers, verifier invalidates all\npacket pointers in a current state. For example, consider the\nfollowing program:\n\n __attribute__((__noinline__))\n long skb_pull_data(struct __sk_buff *sk, __u32 len)\n {\n return bpf_skb_pull_data(sk, len);\n }\n\n SEC(\"tc\")\n int test_invalidate_checks(struct __sk_buff *sk)\n {\n int *p = (void *)(long)sk-\u003edata;\n if ((void *)(p + 1) \u003e (void *)(long)sk-\u003edata_end) return TCX_DROP;\n skb_pull_data(sk, 0);\n *p = 42;\n return TCX_PASS;\n }\n\nAfter a call to bpf_skb_pull_data() the pointer 'p' can't be used\nsafely. See function filter.c:bpf_helper_changes_pkt_data() for a list\nof such helpers.\n\nAt the moment verifier invalidates packet pointers when processing\nhelper function calls, and does not traverse global sub-programs when\nprocessing calls to global sub-programs. This means that calls to\nhelpers done from global sub-programs do not invalidate pointers in\nthe caller state. E.g. the program above is unsafe, but is not\nrejected by verifier.\n\nThis commit fixes the omission by computing field\nbpf_subprog_info-\u003echanges_pkt_data for each sub-program before main\nverification pass.\nchanges_pkt_data should be set if:\n- subprogram calls helper for which bpf_helper_changes_pkt_data\n returns true;\n- subprogram calls a global function,\n for which bpf_subprog_info-\u003echanges_pkt_data should be set.\n\nThe verifier.c:check_cfg() pass is modified to compute this\ninformation. The commit relies on depth first instruction traversal\ndone by check_cfg() and absence of recursive function calls:\n- check_cfg() would eventually visit every call to subprogram S in a\n state when S is fully explored;\n- when S is fully explored:\n - every direct helper call within S is explored\n (and thus changes_pkt_data is set if needed);\n - every call to subprogram S1 called by S was visited with S1 fully\n explored (and thus S inherits changes_pkt_data from S1).\n\nThe downside of such approach is that dead code elimination is not\ntaken into account: if a helper call inside global function is dead\nbecause of current configuration, verifier would conservatively assume\nthat the call occurs for the purpose of the changes_pkt_data\ncomputation.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "V3Score": 6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-58098", "https://git.kernel.org/linus/51081a3f25c742da5a659d7fc6fd77ebfdd555be (6.13-rc3)", "https://git.kernel.org/stable/c/1d572c60488b52882b719ed273767ee3b280413d", "https://git.kernel.org/stable/c/51081a3f25c742da5a659d7fc6fd77ebfdd555be", "https://git.kernel.org/stable/c/79751e9227a5910c0e5a2c7186877d91821d957d", "https://linux.oracle.com/cve/CVE-2024-58098.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025050539-CVE-2024-58098-5a0c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-58098", "https://www.cve.org/CVERecord?id=CVE-2024-58098" ], "PublishedDate": "2025-05-05T15:15:53.81Z", "LastModifiedDate": "2025-11-10T17:35:57.7Z" }, { "VulnerabilityID": "CVE-2024-58100", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58100", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4a19a549de830eb669309777016bec9e6fa23a6d0193fa62865119d2bbddafe5", "Title": "kernel: bpf: check changes_pkt_data property for extension programs", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: check changes_pkt_data property for extension programs\n\nWhen processing calls to global sub-programs, verifier decides whether\nto invalidate all packet pointers in current state depending on the\nchanges_pkt_data property of the global sub-program.\n\nBecause of this, an extension program replacing a global sub-program\nmust be compatible with changes_pkt_data property of the sub-program\nbeing replaced.\n\nThis commit:\n- adds changes_pkt_data flag to struct bpf_prog_aux:\n - this flag is set in check_cfg() for main sub-program;\n - in jit_subprogs() for other sub-programs;\n- modifies bpf_check_attach_btf_id() to check changes_pkt_data flag;\n- moves call to check_attach_btf_id() after the call to check_cfg(),\n because it needs changes_pkt_data flag to be set:\n\n bpf_check:\n ... ...\n - check_attach_btf_id resolve_pseudo_ldimm64\n resolve_pseudo_ldimm64 --\u003e bpf_prog_is_offloaded\n bpf_prog_is_offloaded check_cfg\n check_cfg + check_attach_btf_id\n ... ...\n\nThe following fields are set by check_attach_btf_id():\n- env-\u003eops\n- prog-\u003eaux-\u003eattach_btf_trace\n- prog-\u003eaux-\u003eattach_func_name\n- prog-\u003eaux-\u003eattach_func_proto\n- prog-\u003eaux-\u003edst_trampoline\n- prog-\u003eaux-\u003emod\n- prog-\u003eaux-\u003esaved_dst_attach_type\n- prog-\u003eaux-\u003esaved_dst_prog_type\n- prog-\u003eexpected_attach_type\n\nNeither of these fields are used by resolve_pseudo_ldimm64() or\nbpf_prog_offload_verifier_prep() (for netronome and netdevsim\ndrivers), so the reordering is safe.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "V3Score": 6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-58100", "https://git.kernel.org/linus/81f6d0530ba031b5f038a091619bf2ff29568852 (6.13-rc3)", "https://git.kernel.org/stable/c/3846e2bea565ee1c5195dcc625fda9868fb0e3b3", "https://git.kernel.org/stable/c/7197fc4acdf238ec8ad06de5a8235df0c1f9c7d7", "https://git.kernel.org/stable/c/81f6d0530ba031b5f038a091619bf2ff29568852", "https://linux.oracle.com/cve/CVE-2024-58100.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025050540-CVE-2024-58100-c7e4@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-58100", "https://www.cve.org/CVERecord?id=CVE-2024-58100" ], "PublishedDate": "2025-05-05T15:15:53.913Z", "LastModifiedDate": "2025-11-10T17:35:41.117Z" }, { "VulnerabilityID": "CVE-2024-58238", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58238", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2667447c40a01551a33355e488d8de5faff39d0551e2af87721d02c18784bb67", "Title": "kernel: Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Resolve TX timeout error in power save stress test\n\nThis fixes the tx timeout issue seen while running a stress test on\nbtnxpuart for couple of hours, such that the interval between two HCI\ncommands coincide with the power save timeout value of 2 seconds.\n\nTest procedure using bash script:\n\u003cload btnxpuart.ko\u003e\nhciconfig hci0 up\n//Enable Power Save feature\nhcitool -i hci0 cmd 3f 23 02 00 00\nwhile (true)\ndo\n hciconfig hci0 leadv\n sleep 2\n hciconfig hci0 noleadv\n sleep 2\ndone\n\nError log, after adding few more debug prints:\nBluetooth: btnxpuart_queue_skb(): 01 0A 20 01 00\nBluetooth: hci0: Set UART break: on, status=0\nBluetooth: hci0: btnxpuart_tx_wakeup() tx_work scheduled\nBluetooth: hci0: btnxpuart_tx_work() dequeue: 01 0A 20 01 00\nCan't set advertise mode on hci0: Connection timed out (110)\nBluetooth: hci0: command 0x200a tx timeout\n\nWhen the power save mechanism turns on UART break, and btnxpuart_tx_work()\nis scheduled simultaneously, psdata-\u003eps_state is read as PS_STATE_AWAKE,\nwhich prevents the psdata-\u003ework from being scheduled, which is responsible\nto turn OFF UART break.\n\nThis issue is fixed by adding a ps_lock mutex around UART break on/off as\nwell as around ps_state read/write.\nbtnxpuart_tx_wakeup() will now read updated ps_state value. If ps_state is\nPS_STATE_SLEEP, it will first schedule psdata-\u003ework, and then it will\nreschedule itself once UART break has been turned off and ps_state is\nPS_STATE_AWAKE.\n\nTested above script for 50,000 iterations and TX timeout error was not\nobserved anymore.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-58238", "https://git.kernel.org/linus/e4db90e4eb8d5487098712ffb1048f3fa6d25e98 (6.9-rc1)", "https://git.kernel.org/stable/c/9d5df94ce0e213d5b549633f528f96114c736190", "https://git.kernel.org/stable/c/e4db90e4eb8d5487098712ffb1048f3fa6d25e98", "https://lore.kernel.org/linux-cve-announce/2025080948-CVE-2024-58238-fd48@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-58238", "https://www.cve.org/CVERecord?id=CVE-2024-58238" ], "PublishedDate": "2025-08-09T15:15:27.893Z", "LastModifiedDate": "2025-11-19T17:20:58.21Z" }, { "VulnerabilityID": "CVE-2024-58241", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58241", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:aa11ea2fc1ad6742b2c00a6163665c49818328682d2d6535ae7513ffc5c2be19", "Title": "kernel: Kernel: Bluetooth HCI local DoS", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_core: Disable works on hci_unregister_dev\n\nThis make use of disable_work_* on hci_unregister_dev since the hci_dev is\nabout to be freed new submissions are not disarable.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-58241", "https://git.kernel.org/linus/989fa5171f005ecf63440057218d8aeb1795287d (6.12-rc5)", "https://git.kernel.org/stable/c/989fa5171f005ecf63440057218d8aeb1795287d", "https://git.kernel.org/stable/c/cfdb13a54e05eb98d9940cb6d1a13e7f994d811f", "https://lore.kernel.org/linux-cve-announce/2025092457-CVE-2024-58241-4eb3@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-58241", "https://www.cve.org/CVERecord?id=CVE-2024-58241" ], "PublishedDate": "2025-09-24T11:15:31.877Z", "LastModifiedDate": "2026-01-14T20:16:06.653Z" }, { "VulnerabilityID": "CVE-2025-21629", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21629", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8187dd3866349ac35cf4df06caf6d2e2f66d7a43a15b4559960a97c3474305eb", "Title": "kernel: net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets\n\nThe blamed commit disabled hardware offoad of IPv6 packets with\nextension headers on devices that advertise NETIF_F_IPV6_CSUM,\nbased on the definition of that feature in skbuff.h:\n\n * * - %NETIF_F_IPV6_CSUM\n * - Driver (device) is only able to checksum plain\n * TCP or UDP packets over IPv6. These are specifically\n * unencapsulated packets of the form IPv6|TCP or\n * IPv6|UDP where the Next Header field in the IPv6\n * header is either TCP or UDP. IPv6 extension headers\n * are not supported with this feature. This feature\n * cannot be set in features for a device with\n * NETIF_F_HW_CSUM also set. This feature is being\n * DEPRECATED (see below).\n\nThe change causes skb_warn_bad_offload to fire for BIG TCP\npackets.\n\n[ 496.310233] WARNING: CPU: 13 PID: 23472 at net/core/dev.c:3129 skb_warn_bad_offload+0xc4/0xe0\n\n[ 496.310297] ? skb_warn_bad_offload+0xc4/0xe0\n[ 496.310300] skb_checksum_help+0x129/0x1f0\n[ 496.310303] skb_csum_hwoffload_help+0x150/0x1b0\n[ 496.310306] validate_xmit_skb+0x159/0x270\n[ 496.310309] validate_xmit_skb_list+0x41/0x70\n[ 496.310312] sch_direct_xmit+0x5c/0x250\n[ 496.310317] __qdisc_run+0x388/0x620\n\nBIG TCP introduced an IPV6_TLV_JUMBO IPv6 extension header to\ncommunicate packet length, as this is an IPv6 jumbogram. But, the\nfeature is only enabled on devices that support BIG TCP TSO. The\nheader is only present for PF_PACKET taps like tcpdump, and not\ntransmitted by physical devices.\n\nFor this specific case of extension headers that are not\ntransmitted, return to the situation before the blamed commit\nand support hardware offload.\n\nipv6_has_hopopt_jumbo() tests not only whether this header is present,\nbut also that it is the only extension header before a terminal (L4)\nheader.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21629", "https://git.kernel.org/linus/68e068cabd2c6c533ef934c2e5151609cf6ecc6d (6.13-rc6)", "https://git.kernel.org/stable/c/68e068cabd2c6c533ef934c2e5151609cf6ecc6d", "https://git.kernel.org/stable/c/95ccf006bbc8b59044313b8c309dcf29c546abd4", "https://git.kernel.org/stable/c/ac9cfef69565021c9e1022a493a9c40b03e2caf9", "https://git.kernel.org/stable/c/d3b7a9c7597b779039a51d7b34116fbe424bf2b7", "https://linux.oracle.com/cve/CVE-2025-21629.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2025011517-CVE-2025-21629-e230@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21629", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://www.cve.org/CVERecord?id=CVE-2025-21629" ], "PublishedDate": "2025-01-15T13:15:15.22Z", "LastModifiedDate": "2025-11-03T21:18:58.92Z" }, { "VulnerabilityID": "CVE-2025-21634", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21634", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1fe88a94966eedbc51652b11b35402948a4050015ffa983af4a2d56c8d963a04", "Title": "kernel: cgroup/cpuset: remove kernfs active break", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup/cpuset: remove kernfs active break\n\nA warning was found:\n\nWARNING: CPU: 10 PID: 3486953 at fs/kernfs/file.c:828\nCPU: 10 PID: 3486953 Comm: rmdir Kdump: loaded Tainted: G\nRIP: 0010:kernfs_should_drain_open_files+0x1a1/0x1b0\nRSP: 0018:ffff8881107ef9e0 EFLAGS: 00010202\nRAX: 0000000080000002 RBX: ffff888154738c00 RCX: dffffc0000000000\nRDX: 0000000000000007 RSI: 0000000000000004 RDI: ffff888154738c04\nRBP: ffff888154738c04 R08: ffffffffaf27fa15 R09: ffffed102a8e7180\nR10: ffff888154738c07 R11: 0000000000000000 R12: ffff888154738c08\nR13: ffff888750f8c000 R14: ffff888750f8c0e8 R15: ffff888154738ca0\nFS: 00007f84cd0be740(0000) GS:ffff8887ddc00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000555f9fbe00c8 CR3: 0000000153eec001 CR4: 0000000000370ee0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n kernfs_drain+0x15e/0x2f0\n __kernfs_remove+0x165/0x300\n kernfs_remove_by_name_ns+0x7b/0xc0\n cgroup_rm_file+0x154/0x1c0\n cgroup_addrm_files+0x1c2/0x1f0\n css_clear_dir+0x77/0x110\n kill_css+0x4c/0x1b0\n cgroup_destroy_locked+0x194/0x380\n cgroup_rmdir+0x2a/0x140\n\nIt can be explained by:\nrmdir \t\t\t\techo 1 \u003e cpuset.cpus\n\t\t\t\tkernfs_fop_write_iter // active=0\ncgroup_rm_file\nkernfs_remove_by_name_ns\tkernfs_get_active // active=1\n__kernfs_remove\t\t\t\t\t // active=0x80000002\nkernfs_drain\t\t\tcpuset_write_resmask\nwait_event\n//waiting (active == 0x80000001)\n\t\t\t\tkernfs_break_active_protection\n\t\t\t\t// active = 0x80000001\n// continue\n\t\t\t\tkernfs_unbreak_active_protection\n\t\t\t\t// active = 0x80000002\n...\nkernfs_should_drain_open_files\n// warning occurs\n\t\t\t\tkernfs_put_active\n\nThis warning is caused by 'kernfs_break_active_protection' when it is\nwriting to cpuset.cpus, and the cgroup is removed concurrently.\n\nThe commit 3a5a6d0c2b03 (\"cpuset: don't nest cgroup_mutex inside\nget_online_cpus()\") made cpuset_hotplug_workfn asynchronous, This change\ninvolves calling flush_work(), which can create a multiple processes\ncircular locking dependency that involve cgroup_mutex, potentially leading\nto a deadlock. To avoid deadlock. the commit 76bb5ab8f6e3 (\"cpuset: break\nkernfs active protection in cpuset_write_resmask()\") added\n'kernfs_break_active_protection' in the cpuset_write_resmask. This could\nlead to this warning.\n\nAfter the commit 2125c0034c5d (\"cgroup/cpuset: Make cpuset hotplug\nprocessing synchronous\"), the cpuset_write_resmask no longer needs to\nwait the hotplug to finish, which means that concurrent hotplug and cpuset\noperations are no longer possible. Therefore, the deadlock doesn't exist\nanymore and it does not have to 'break active protection' now. To fix this\nwarning, just remove kernfs_break_active_protection operation in the\n'cpuset_write_resmask'.", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21634", "https://git.kernel.org/linus/3cb97a927fffe443e1e7e8eddbfebfdb062e86ed (6.13-rc7)", "https://git.kernel.org/stable/c/11cb1d643a74665a4e14749414f48f82cbc15c64", "https://git.kernel.org/stable/c/3cb97a927fffe443e1e7e8eddbfebfdb062e86ed", "https://linux.oracle.com/cve/CVE-2025-21634.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025011942-CVE-2025-21634-011f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21634", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7513-1", "https://ubuntu.com/security/notices/USN-7513-2", "https://ubuntu.com/security/notices/USN-7513-3", "https://ubuntu.com/security/notices/USN-7513-4", "https://ubuntu.com/security/notices/USN-7513-5", "https://ubuntu.com/security/notices/USN-7514-1", "https://ubuntu.com/security/notices/USN-7515-1", "https://ubuntu.com/security/notices/USN-7515-2", "https://ubuntu.com/security/notices/USN-7522-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2025-21634" ], "PublishedDate": "2025-01-19T11:15:08.89Z", "LastModifiedDate": "2025-10-01T20:18:14.983Z" }, { "VulnerabilityID": "CVE-2025-21635", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21635", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ea173a8e1102ce25c5a8f750b82452feba6b044b61e1978b1941ce3ec688c50f", "Title": "kernel: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current-\u003ensproxy", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current-\u003ensproxy\n\nAs mentioned in a previous commit of this series, using the 'net'\nstructure via 'current' is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader's/writer's netns vs only\n from the opener's netns.\n\n- current-\u003ensproxy can be NULL in some cases, resulting in an 'Oops'\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe per-netns structure can be obtained from the table-\u003edata using\ncontainer_of(), then the 'net' one can be retrieved from the listen\nsocket (if available).", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21635", "https://git.kernel.org/linus/7f5611cbc4871c7fb1ad36c2e5a9edad63dca95c (6.13-rc7)", "https://git.kernel.org/stable/c/7f5611cbc4871c7fb1ad36c2e5a9edad63dca95c", "https://git.kernel.org/stable/c/de8d6de0ee27be4b2b1e5b06f04aeacbabbba492", "https://lore.kernel.org/linux-cve-announce/2025011943-CVE-2025-21635-12e7@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21635", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7513-1", "https://ubuntu.com/security/notices/USN-7513-2", "https://ubuntu.com/security/notices/USN-7513-3", "https://ubuntu.com/security/notices/USN-7513-4", "https://ubuntu.com/security/notices/USN-7513-5", "https://ubuntu.com/security/notices/USN-7514-1", "https://ubuntu.com/security/notices/USN-7515-1", "https://ubuntu.com/security/notices/USN-7515-2", "https://ubuntu.com/security/notices/USN-7522-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2025-21635" ], "PublishedDate": "2025-01-19T11:15:09Z", "LastModifiedDate": "2025-10-01T20:18:15.213Z" }, { "VulnerabilityID": "CVE-2025-21649", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21649", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8e65252c6572a3c3e6b60d630221544cc3d15c9ff96231b5d06cfe424db8b301", "Title": "kernel: net: hns3: fix kernel crash when 1588 is sent on HIP08 devices", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix kernel crash when 1588 is sent on HIP08 devices\n\nCurrently, HIP08 devices does not register the ptp devices, so the\nhdev-\u003eptp is NULL. But the tx process would still try to set hardware time\nstamp info with SKBTX_HW_TSTAMP flag and cause a kernel crash.\n\n[ 128.087798] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000018\n...\n[ 128.280251] pc : hclge_ptp_set_tx_info+0x2c/0x140 [hclge]\n[ 128.286600] lr : hclge_ptp_set_tx_info+0x20/0x140 [hclge]\n[ 128.292938] sp : ffff800059b93140\n[ 128.297200] x29: ffff800059b93140 x28: 0000000000003280\n[ 128.303455] x27: ffff800020d48280 x26: ffff0cb9dc814080\n[ 128.309715] x25: ffff0cb9cde93fa0 x24: 0000000000000001\n[ 128.315969] x23: 0000000000000000 x22: 0000000000000194\n[ 128.322219] x21: ffff0cd94f986000 x20: 0000000000000000\n[ 128.328462] x19: ffff0cb9d2a166c0 x18: 0000000000000000\n[ 128.334698] x17: 0000000000000000 x16: ffffcf1fc523ed24\n[ 128.340934] x15: 0000ffffd530a518 x14: 0000000000000000\n[ 128.347162] x13: ffff0cd6bdb31310 x12: 0000000000000368\n[ 128.353388] x11: ffff0cb9cfbc7070 x10: ffff2cf55dd11e02\n[ 128.359606] x9 : ffffcf1f85a212b4 x8 : ffff0cd7cf27dab0\n[ 128.365831] x7 : 0000000000000a20 x6 : ffff0cd7cf27d000\n[ 128.372040] x5 : 0000000000000000 x4 : 000000000000ffff\n[ 128.378243] x3 : 0000000000000400 x2 : ffffcf1f85a21294\n[ 128.384437] x1 : ffff0cb9db520080 x0 : ffff0cb9db500080\n[ 128.390626] Call trace:\n[ 128.393964] hclge_ptp_set_tx_info+0x2c/0x140 [hclge]\n[ 128.399893] hns3_nic_net_xmit+0x39c/0x4c4 [hns3]\n[ 128.405468] xmit_one.constprop.0+0xc4/0x200\n[ 128.410600] dev_hard_start_xmit+0x54/0xf0\n[ 128.415556] sch_direct_xmit+0xe8/0x634\n[ 128.420246] __dev_queue_xmit+0x224/0xc70\n[ 128.425101] dev_queue_xmit+0x1c/0x40\n[ 128.429608] ovs_vport_send+0xac/0x1a0 [openvswitch]\n[ 128.435409] do_output+0x60/0x17c [openvswitch]\n[ 128.440770] do_execute_actions+0x898/0x8c4 [openvswitch]\n[ 128.446993] ovs_execute_actions+0x64/0xf0 [openvswitch]\n[ 128.453129] ovs_dp_process_packet+0xa0/0x224 [openvswitch]\n[ 128.459530] ovs_vport_receive+0x7c/0xfc [openvswitch]\n[ 128.465497] internal_dev_xmit+0x34/0xb0 [openvswitch]\n[ 128.471460] xmit_one.constprop.0+0xc4/0x200\n[ 128.476561] dev_hard_start_xmit+0x54/0xf0\n[ 128.481489] __dev_queue_xmit+0x968/0xc70\n[ 128.486330] dev_queue_xmit+0x1c/0x40\n[ 128.490856] ip_finish_output2+0x250/0x570\n[ 128.495810] __ip_finish_output+0x170/0x1e0\n[ 128.500832] ip_finish_output+0x3c/0xf0\n[ 128.505504] ip_output+0xbc/0x160\n[ 128.509654] ip_send_skb+0x58/0xd4\n[ 128.513892] udp_send_skb+0x12c/0x354\n[ 128.518387] udp_sendmsg+0x7a8/0x9c0\n[ 128.522793] inet_sendmsg+0x4c/0x8c\n[ 128.527116] __sock_sendmsg+0x48/0x80\n[ 128.531609] __sys_sendto+0x124/0x164\n[ 128.536099] __arm64_sys_sendto+0x30/0x5c\n[ 128.540935] invoke_syscall+0x50/0x130\n[ 128.545508] el0_svc_common.constprop.0+0x10c/0x124\n[ 128.551205] do_el0_svc+0x34/0xdc\n[ 128.555347] el0_svc+0x20/0x30\n[ 128.559227] el0_sync_handler+0xb8/0xc0\n[ 128.563883] el0_sync+0x160/0x180", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21649", "https://git.kernel.org/linus/9741e72b2286de8b38de9db685588ac421a95c87 (6.13-rc7)", "https://git.kernel.org/stable/c/9741e72b2286de8b38de9db685588ac421a95c87", "https://git.kernel.org/stable/c/f19ab3ef96d9626e5f1bdc56d3574c355e83d623", "https://linux.oracle.com/cve/CVE-2025-21649.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025011946-CVE-2025-21649-f7ac@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21649", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7513-1", "https://ubuntu.com/security/notices/USN-7513-2", "https://ubuntu.com/security/notices/USN-7513-3", "https://ubuntu.com/security/notices/USN-7513-4", "https://ubuntu.com/security/notices/USN-7513-5", "https://ubuntu.com/security/notices/USN-7514-1", "https://ubuntu.com/security/notices/USN-7515-1", "https://ubuntu.com/security/notices/USN-7515-2", "https://ubuntu.com/security/notices/USN-7522-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2025-21649" ], "PublishedDate": "2025-01-19T11:15:10.517Z", "LastModifiedDate": "2025-10-01T20:18:16.693Z" }, { "VulnerabilityID": "CVE-2025-21651", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21651", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1375cb80dc2f4f882dc8185bd364bbef98361b1866d9725bca8b6ca693eb3ffe", "Title": "kernel: net: hns3: don't auto enable misc vector", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: don't auto enable misc vector\n\nCurrently, there is a time window between misc irq enabled\nand service task inited. If an interrupte is reported at\nthis time, it will cause warning like below:\n\n[ 16.324639] Call trace:\n[ 16.324641] __queue_delayed_work+0xb8/0xe0\n[ 16.324643] mod_delayed_work_on+0x78/0xd0\n[ 16.324655] hclge_errhand_task_schedule+0x58/0x90 [hclge]\n[ 16.324662] hclge_misc_irq_handle+0x168/0x240 [hclge]\n[ 16.324666] __handle_irq_event_percpu+0x64/0x1e0\n[ 16.324667] handle_irq_event+0x80/0x170\n[ 16.324670] handle_fasteoi_edge_irq+0x110/0x2bc\n[ 16.324671] __handle_domain_irq+0x84/0xfc\n[ 16.324673] gic_handle_irq+0x88/0x2c0\n[ 16.324674] el1_irq+0xb8/0x140\n[ 16.324677] arch_cpu_idle+0x18/0x40\n[ 16.324679] default_idle_call+0x5c/0x1bc\n[ 16.324682] cpuidle_idle_call+0x18c/0x1c4\n[ 16.324684] do_idle+0x174/0x17c\n[ 16.324685] cpu_startup_entry+0x30/0x6c\n[ 16.324687] secondary_start_kernel+0x1a4/0x280\n[ 16.324688] ---[ end trace 6aa0bff672a964aa ]---\n\nSo don't auto enable misc vector when request irq..", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21651", "https://git.kernel.org/linus/98b1e3b27734139c76295754b6c317aa4df6d32e (6.13-rc7)", "https://git.kernel.org/stable/c/98b1e3b27734139c76295754b6c317aa4df6d32e", "https://git.kernel.org/stable/c/bcf430d3bb5525fc89a92a0c451c725ba1aa4306", "https://lore.kernel.org/linux-cve-announce/2025011946-CVE-2025-21651-fbe8@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21651", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7513-1", "https://ubuntu.com/security/notices/USN-7513-2", "https://ubuntu.com/security/notices/USN-7513-3", "https://ubuntu.com/security/notices/USN-7513-4", "https://ubuntu.com/security/notices/USN-7513-5", "https://ubuntu.com/security/notices/USN-7514-1", "https://ubuntu.com/security/notices/USN-7515-1", "https://ubuntu.com/security/notices/USN-7515-2", "https://ubuntu.com/security/notices/USN-7522-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2025-21651" ], "PublishedDate": "2025-01-19T11:15:10.733Z", "LastModifiedDate": "2025-10-16T19:22:28.293Z" }, { "VulnerabilityID": "CVE-2025-21656", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21656", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3ba7cf846f847152b3a0fdf24505bfa289d1d6b8b5a665651c50bf9ef6a8fbaa", "Title": "kernel: hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur\n\nscsi_execute_cmd() function can return both negative (linux codes) and\npositive (scsi_cmnd result field) error codes.\n\nCurrently the driver just passes error codes of scsi_execute_cmd() to\nhwmon core, which is incorrect because hwmon only checks for negative\nerror codes. This leads to hwmon reporting uninitialized data to\nuserspace in case of SCSI errors (for example if the disk drive was\ndisconnected).\n\nThis patch checks scsi_execute_cmd() output and returns -EIO if it's\nerror code is positive.\n\n[groeck: Avoid inline variable declaration for portability]", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21656", "https://git.kernel.org/linus/82163d63ae7a4c36142cd252388737205bb7e4b9 (6.13-rc7)", "https://git.kernel.org/stable/c/42268d885e44af875a6474f7bba519cc6cea6a9d", "https://git.kernel.org/stable/c/53e25b10a28edaf8c2a1d3916fd8929501a50dfc", "https://git.kernel.org/stable/c/82163d63ae7a4c36142cd252388737205bb7e4b9", "https://linux.oracle.com/cve/CVE-2025-21656.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025012131-CVE-2025-21656-b967@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21656", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7513-1", "https://ubuntu.com/security/notices/USN-7513-2", "https://ubuntu.com/security/notices/USN-7513-3", "https://ubuntu.com/security/notices/USN-7513-4", "https://ubuntu.com/security/notices/USN-7513-5", "https://ubuntu.com/security/notices/USN-7514-1", "https://ubuntu.com/security/notices/USN-7515-1", "https://ubuntu.com/security/notices/USN-7515-2", "https://ubuntu.com/security/notices/USN-7522-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2025-21656" ], "PublishedDate": "2025-01-21T13:15:09.24Z", "LastModifiedDate": "2025-09-26T16:21:34.017Z" }, { "VulnerabilityID": "CVE-2025-21658", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21658", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2242e761b54778a4d3419f9e0041c7937d6272652696267cfc588d6fd53bfc31", "Title": "kernel: btrfs: avoid NULL pointer dereference if no valid extent tree", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: avoid NULL pointer dereference if no valid extent tree\n\n[BUG]\nSyzbot reported a crash with the following call trace:\n\n BTRFS info (device loop0): scrub: started on devid 1\n BUG: kernel NULL pointer dereference, address: 0000000000000208\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 106e70067 P4D 106e70067 PUD 107143067 PMD 0\n Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 1 UID: 0 PID: 689 Comm: repro Kdump: loaded Tainted: G O 6.13.0-rc4-custom+ #206\n Tainted: [O]=OOT_MODULE\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS unknown 02/02/2022\n RIP: 0010:find_first_extent_item+0x26/0x1f0 [btrfs]\n Call Trace:\n \u003cTASK\u003e\n scrub_find_fill_first_stripe+0x13d/0x3b0 [btrfs]\n scrub_simple_mirror+0x175/0x260 [btrfs]\n scrub_stripe+0x5d4/0x6c0 [btrfs]\n scrub_chunk+0xbb/0x170 [btrfs]\n scrub_enumerate_chunks+0x2f4/0x5f0 [btrfs]\n btrfs_scrub_dev+0x240/0x600 [btrfs]\n btrfs_ioctl+0x1dc8/0x2fa0 [btrfs]\n ? do_sys_openat2+0xa5/0xf0\n __x64_sys_ioctl+0x97/0xc0\n do_syscall_64+0x4f/0x120\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n \u003c/TASK\u003e\n\n[CAUSE]\nThe reproducer is using a corrupted image where extent tree root is\ncorrupted, thus forcing to use \"rescue=all,ro\" mount option to mount the\nimage.\n\nThen it triggered a scrub, but since scrub relies on extent tree to find\nwhere the data/metadata extents are, scrub_find_fill_first_stripe()\nrelies on an non-empty extent root.\n\nBut unfortunately scrub_find_fill_first_stripe() doesn't really expect\nan NULL pointer for extent root, it use extent_root to grab fs_info and\ntriggered a NULL pointer dereference.\n\n[FIX]\nAdd an extra check for a valid extent root at the beginning of\nscrub_find_fill_first_stripe().\n\nThe new error path is introduced by 42437a6386ff (\"btrfs: introduce\nmount option rescue=ignorebadroots\"), but that's pretty old, and later\ncommit b979547513ff (\"btrfs: scrub: introduce helper to find and fill\nsector info for a scrub_stripe\") changed how we do scrub.\n\nSo for kernels older than 6.6, the fix will need manual backport.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21658", "https://git.kernel.org/linus/6aecd91a5c5b68939cf4169e32bc49f3cd2dd329 (6.13-rc7)", "https://git.kernel.org/stable/c/24b85a8b0310e0144da9ab30be42e87e6476638a", "https://git.kernel.org/stable/c/6aecd91a5c5b68939cf4169e32bc49f3cd2dd329", "https://git.kernel.org/stable/c/aee5f69f3e6cd82bfefaca1b70b40b6cd8f3f784", "https://linux.oracle.com/cve/CVE-2025-21658.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025012132-CVE-2025-21658-78d9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21658", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7513-1", "https://ubuntu.com/security/notices/USN-7513-2", "https://ubuntu.com/security/notices/USN-7513-3", "https://ubuntu.com/security/notices/USN-7513-4", "https://ubuntu.com/security/notices/USN-7513-5", "https://ubuntu.com/security/notices/USN-7514-1", "https://ubuntu.com/security/notices/USN-7515-1", "https://ubuntu.com/security/notices/USN-7515-2", "https://ubuntu.com/security/notices/USN-7522-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2025-21658" ], "PublishedDate": "2025-01-21T13:15:09.437Z", "LastModifiedDate": "2025-10-01T20:18:17.093Z" }, { "VulnerabilityID": "CVE-2025-21667", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21667", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:af578ac9e8de1556e9af9ea50297f70b595dda0cc36cd0289963a79492e24ca0", "Title": "kernel: iomap: avoid avoid truncating 64-bit offset to 32 bits", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\niomap: avoid avoid truncating 64-bit offset to 32 bits\n\non 32-bit kernels, iomap_write_delalloc_scan() was inadvertently using a\n32-bit position due to folio_next_index() returning an unsigned long.\nThis could lead to an infinite loop when writing to an xfs filesystem.", "Severity": "MEDIUM", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21667", "https://git.kernel.org/linus/c13094b894de289514d84b8db56d1f2931a0bade (6.13-rc7)", "https://git.kernel.org/stable/c/402ce16421477e27f30b57d6d1a6dc248fa3a4e4", "https://git.kernel.org/stable/c/7ca4bd6b754913910151acce00be093f03642725", "https://git.kernel.org/stable/c/91371922704c8d82049ef7c2ad974d0a2cd1174d", "https://git.kernel.org/stable/c/c13094b894de289514d84b8db56d1f2931a0bade", "https://linux.oracle.com/cve/CVE-2025-21667.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2025013158-CVE-2025-21667-a644@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21667", "https://ubuntu.com/security/notices/USN-7445-1", "https://ubuntu.com/security/notices/USN-7448-1", "https://ubuntu.com/security/notices/USN-7595-1", "https://ubuntu.com/security/notices/USN-7595-2", "https://ubuntu.com/security/notices/USN-7595-3", "https://ubuntu.com/security/notices/USN-7595-4", "https://ubuntu.com/security/notices/USN-7595-5", "https://ubuntu.com/security/notices/USN-7596-1", "https://ubuntu.com/security/notices/USN-7596-2", "https://ubuntu.com/security/notices/USN-7653-1", "https://www.cve.org/CVERecord?id=CVE-2025-21667" ], "PublishedDate": "2025-01-31T12:15:27.863Z", "LastModifiedDate": "2025-11-03T21:19:04.133Z" }, { "VulnerabilityID": "CVE-2025-21672", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21672", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:314ae72cce3f491141f846462421a075ef929e83d58af6f02e7e3bc1895e2700", "Title": "kernel: afs: Fix merge preference rule failure condition", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nafs: Fix merge preference rule failure condition\n\nsyzbot reported a lock held when returning to userspace[1]. This is\nbecause if argc is less than 0 and the function returns directly, the held\ninode lock is not released.\n\nFix this by store the error in ret and jump to done to clean up instead of\nreturning directly.\n\n[dh: Modified Lizhi Xu's original patch to make it honour the error code\nfrom afs_split_string()]\n\n[1]\nWARNING: lock held when returning to user space!\n6.13.0-rc3-syzkaller-00209-g499551201b5f #0 Not tainted\n------------------------------------------------\nsyz-executor133/5823 is leaving the kernel with locks still held!\n1 lock held by syz-executor133/5823:\n #0: ffff888071cffc00 (\u0026sb-\u003es_type-\u003ei_mutex_key#9){++++}-{4:4}, at: inode_lock include/linux/fs.h:818 [inline]\n #0: ffff888071cffc00 (\u0026sb-\u003es_type-\u003ei_mutex_key#9){++++}-{4:4}, at: afs_proc_addr_prefs_write+0x2bb/0x14e0 fs/afs/addr_prefs.c:388", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "alma": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:20518", "https://access.redhat.com/security/cve/CVE-2025-21672", "https://bugzilla.redhat.com/2298169", "https://bugzilla.redhat.com/2312077", "https://bugzilla.redhat.com/2313092", "https://bugzilla.redhat.com/2320172", "https://bugzilla.redhat.com/2320259", "https://bugzilla.redhat.com/2320455", "https://bugzilla.redhat.com/2320616", "https://bugzilla.redhat.com/2320722", "https://bugzilla.redhat.com/2324549", "https://bugzilla.redhat.com/2327203", "https://bugzilla.redhat.com/2327374", "https://bugzilla.redhat.com/2327887", "https://bugzilla.redhat.com/2329918", "https://bugzilla.redhat.com/2330341", "https://bugzilla.redhat.com/2331326", "https://bugzilla.redhat.com/2334357", "https://bugzilla.redhat.com/2334396", "https://bugzilla.redhat.com/2334415", "https://bugzilla.redhat.com/2334439", "https://bugzilla.redhat.com/2334537", "https://bugzilla.redhat.com/2334547", "https://bugzilla.redhat.com/2334548", "https://bugzilla.redhat.com/2334560", "https://bugzilla.redhat.com/2334676", "https://bugzilla.redhat.com/2334795", "https://bugzilla.redhat.com/2334829", "https://bugzilla.redhat.com/2336541", "https://bugzilla.redhat.com/2337121", "https://bugzilla.redhat.com/2337124", "https://bugzilla.redhat.com/2338814", "https://bugzilla.redhat.com/2338828", "https://bugzilla.redhat.com/2338832", "https://bugzilla.redhat.com/2343172", "https://bugzilla.redhat.com/2343175", "https://bugzilla.redhat.com/2344684", "https://bugzilla.redhat.com/2344687", "https://bugzilla.redhat.com/2345240", "https://bugzilla.redhat.com/2346272", "https://bugzilla.redhat.com/2347707", "https://bugzilla.redhat.com/2347753", "https://bugzilla.redhat.com/2347759", "https://bugzilla.redhat.com/2347781", "https://bugzilla.redhat.com/2347807", "https://bugzilla.redhat.com/2347859", "https://bugzilla.redhat.com/2347919", "https://bugzilla.redhat.com/2347968", "https://bugzilla.redhat.com/2348022", "https://bugzilla.redhat.com/2348071", "https://bugzilla.redhat.com/2348238", "https://bugzilla.redhat.com/2348240", "https://bugzilla.redhat.com/2348279", "https://bugzilla.redhat.com/2348515", "https://bugzilla.redhat.com/2348523", "https://bugzilla.redhat.com/2348528", "https://bugzilla.redhat.com/2348541", "https://bugzilla.redhat.com/2348543", "https://bugzilla.redhat.com/2348547", "https://bugzilla.redhat.com/2348550", "https://bugzilla.redhat.com/2348554", "https://bugzilla.redhat.com/2348556", "https://bugzilla.redhat.com/2348566", "https://bugzilla.redhat.com/2348573", "https://bugzilla.redhat.com/2348574", "https://bugzilla.redhat.com/2348577", "https://bugzilla.redhat.com/2348578", "https://bugzilla.redhat.com/2348581", "https://bugzilla.redhat.com/2348584", "https://bugzilla.redhat.com/2348585", "https://bugzilla.redhat.com/2348587", "https://bugzilla.redhat.com/2348595", "https://bugzilla.redhat.com/2348597", "https://bugzilla.redhat.com/2348600", "https://bugzilla.redhat.com/2348601", "https://bugzilla.redhat.com/2348615", "https://bugzilla.redhat.com/2348620", "https://bugzilla.redhat.com/2348625", "https://bugzilla.redhat.com/2348634", "https://bugzilla.redhat.com/2348645", "https://bugzilla.redhat.com/2348650", "https://bugzilla.redhat.com/2348654", "https://bugzilla.redhat.com/2348901", "https://bugzilla.redhat.com/2350363", "https://bugzilla.redhat.com/2350367", "https://bugzilla.redhat.com/2350374", "https://bugzilla.redhat.com/2350375", "https://bugzilla.redhat.com/2350386", "https://bugzilla.redhat.com/2350388", "https://bugzilla.redhat.com/2350392", "https://bugzilla.redhat.com/2350396", "https://bugzilla.redhat.com/2350397", "https://bugzilla.redhat.com/2350400", "https://bugzilla.redhat.com/2350585", "https://bugzilla.redhat.com/2350589", "https://bugzilla.redhat.com/2350725", "https://bugzilla.redhat.com/2350726", "https://bugzilla.redhat.com/2351606", "https://bugzilla.redhat.com/2351608", "https://bugzilla.redhat.com/2351612", "https://bugzilla.redhat.com/2351613", "https://bugzilla.redhat.com/2351616", "https://bugzilla.redhat.com/2351618", "https://bugzilla.redhat.com/2351620", "https://bugzilla.redhat.com/2351624", "https://bugzilla.redhat.com/2351625", "https://bugzilla.redhat.com/2351629", "https://bugzilla.redhat.com/2351633", "https://bugzilla.redhat.com/2360215", "https://bugzilla.redhat.com/2363380", "https://bugzilla.redhat.com/2369184", "https://bugzilla.redhat.com/2376076", "https://bugzilla.redhat.com/2383441", "https://bugzilla.redhat.com/show_bug.cgi?id=2298169", "https://bugzilla.redhat.com/show_bug.cgi?id=2312077", "https://bugzilla.redhat.com/show_bug.cgi?id=2313092", "https://bugzilla.redhat.com/show_bug.cgi?id=2320172", "https://bugzilla.redhat.com/show_bug.cgi?id=2320259", "https://bugzilla.redhat.com/show_bug.cgi?id=2320455", "https://bugzilla.redhat.com/show_bug.cgi?id=2320616", "https://bugzilla.redhat.com/show_bug.cgi?id=2320722", "https://bugzilla.redhat.com/show_bug.cgi?id=2324549", "https://bugzilla.redhat.com/show_bug.cgi?id=2327203", "https://bugzilla.redhat.com/show_bug.cgi?id=2327374", "https://bugzilla.redhat.com/show_bug.cgi?id=2327887", "https://bugzilla.redhat.com/show_bug.cgi?id=2329918", "https://bugzilla.redhat.com/show_bug.cgi?id=2330341", "https://bugzilla.redhat.com/show_bug.cgi?id=2331326", "https://bugzilla.redhat.com/show_bug.cgi?id=2334357", "https://bugzilla.redhat.com/show_bug.cgi?id=2334396", "https://bugzilla.redhat.com/show_bug.cgi?id=2334415", "https://bugzilla.redhat.com/show_bug.cgi?id=2334439", "https://bugzilla.redhat.com/show_bug.cgi?id=2334537", "https://bugzilla.redhat.com/show_bug.cgi?id=2334547", "https://bugzilla.redhat.com/show_bug.cgi?id=2334548", "https://bugzilla.redhat.com/show_bug.cgi?id=2334560", "https://bugzilla.redhat.com/show_bug.cgi?id=2334676", "https://bugzilla.redhat.com/show_bug.cgi?id=2334795", "https://bugzilla.redhat.com/show_bug.cgi?id=2334829", "https://bugzilla.redhat.com/show_bug.cgi?id=2336541", "https://bugzilla.redhat.com/show_bug.cgi?id=2337121", "https://bugzilla.redhat.com/show_bug.cgi?id=2337124", "https://bugzilla.redhat.com/show_bug.cgi?id=2338814", "https://bugzilla.redhat.com/show_bug.cgi?id=2338828", "https://bugzilla.redhat.com/show_bug.cgi?id=2338832", "https://bugzilla.redhat.com/show_bug.cgi?id=2343172", "https://bugzilla.redhat.com/show_bug.cgi?id=2343175", "https://bugzilla.redhat.com/show_bug.cgi?id=2344684", "https://bugzilla.redhat.com/show_bug.cgi?id=2344687", "https://bugzilla.redhat.com/show_bug.cgi?id=2345240", "https://bugzilla.redhat.com/show_bug.cgi?id=2346272", "https://bugzilla.redhat.com/show_bug.cgi?id=2347707", "https://bugzilla.redhat.com/show_bug.cgi?id=2347753", "https://bugzilla.redhat.com/show_bug.cgi?id=2347759", "https://bugzilla.redhat.com/show_bug.cgi?id=2347781", "https://bugzilla.redhat.com/show_bug.cgi?id=2347807", "https://bugzilla.redhat.com/show_bug.cgi?id=2347859", "https://bugzilla.redhat.com/show_bug.cgi?id=2347919", "https://bugzilla.redhat.com/show_bug.cgi?id=2347968", "https://bugzilla.redhat.com/show_bug.cgi?id=2348022", "https://bugzilla.redhat.com/show_bug.cgi?id=2348071", "https://bugzilla.redhat.com/show_bug.cgi?id=2348238", "https://bugzilla.redhat.com/show_bug.cgi?id=2348240", "https://bugzilla.redhat.com/show_bug.cgi?id=2348279", "https://bugzilla.redhat.com/show_bug.cgi?id=2348515", "https://bugzilla.redhat.com/show_bug.cgi?id=2348523", "https://bugzilla.redhat.com/show_bug.cgi?id=2348528", "https://bugzilla.redhat.com/show_bug.cgi?id=2348541", "https://bugzilla.redhat.com/show_bug.cgi?id=2348543", "https://bugzilla.redhat.com/show_bug.cgi?id=2348547", "https://bugzilla.redhat.com/show_bug.cgi?id=2348550", "https://bugzilla.redhat.com/show_bug.cgi?id=2348554", "https://bugzilla.redhat.com/show_bug.cgi?id=2348556", "https://bugzilla.redhat.com/show_bug.cgi?id=2348566", "https://bugzilla.redhat.com/show_bug.cgi?id=2348573", "https://bugzilla.redhat.com/show_bug.cgi?id=2348574", "https://bugzilla.redhat.com/show_bug.cgi?id=2348577", "https://bugzilla.redhat.com/show_bug.cgi?id=2348578", "https://bugzilla.redhat.com/show_bug.cgi?id=2348581", "https://bugzilla.redhat.com/show_bug.cgi?id=2348584", "https://bugzilla.redhat.com/show_bug.cgi?id=2348585", "https://bugzilla.redhat.com/show_bug.cgi?id=2348587", "https://bugzilla.redhat.com/show_bug.cgi?id=2348595", "https://bugzilla.redhat.com/show_bug.cgi?id=2348597", "https://bugzilla.redhat.com/show_bug.cgi?id=2348600", "https://bugzilla.redhat.com/show_bug.cgi?id=2348601", "https://bugzilla.redhat.com/show_bug.cgi?id=2348615", "https://bugzilla.redhat.com/show_bug.cgi?id=2348620", "https://bugzilla.redhat.com/show_bug.cgi?id=2348625", "https://bugzilla.redhat.com/show_bug.cgi?id=2348634", "https://bugzilla.redhat.com/show_bug.cgi?id=2348645", "https://bugzilla.redhat.com/show_bug.cgi?id=2348650", "https://bugzilla.redhat.com/show_bug.cgi?id=2348654", "https://bugzilla.redhat.com/show_bug.cgi?id=2348901", "https://bugzilla.redhat.com/show_bug.cgi?id=2350363", "https://bugzilla.redhat.com/show_bug.cgi?id=2350367", "https://bugzilla.redhat.com/show_bug.cgi?id=2350374", "https://bugzilla.redhat.com/show_bug.cgi?id=2350375", "https://bugzilla.redhat.com/show_bug.cgi?id=2350386", "https://bugzilla.redhat.com/show_bug.cgi?id=2350388", "https://bugzilla.redhat.com/show_bug.cgi?id=2350392", "https://bugzilla.redhat.com/show_bug.cgi?id=2350396", "https://bugzilla.redhat.com/show_bug.cgi?id=2350397", "https://bugzilla.redhat.com/show_bug.cgi?id=2350400", "https://bugzilla.redhat.com/show_bug.cgi?id=2350585", "https://bugzilla.redhat.com/show_bug.cgi?id=2350589", "https://bugzilla.redhat.com/show_bug.cgi?id=2350725", "https://bugzilla.redhat.com/show_bug.cgi?id=2350726", "https://bugzilla.redhat.com/show_bug.cgi?id=2351606", "https://bugzilla.redhat.com/show_bug.cgi?id=2351608", "https://bugzilla.redhat.com/show_bug.cgi?id=2351612", "https://bugzilla.redhat.com/show_bug.cgi?id=2351613", "https://bugzilla.redhat.com/show_bug.cgi?id=2351616", "https://bugzilla.redhat.com/show_bug.cgi?id=2351618", "https://bugzilla.redhat.com/show_bug.cgi?id=2351620", "https://bugzilla.redhat.com/show_bug.cgi?id=2351624", "https://bugzilla.redhat.com/show_bug.cgi?id=2351625", "https://bugzilla.redhat.com/show_bug.cgi?id=2351629", "https://bugzilla.redhat.com/show_bug.cgi?id=2351633", "https://bugzilla.redhat.com/show_bug.cgi?id=2356647", "https://bugzilla.redhat.com/show_bug.cgi?id=2360215", "https://bugzilla.redhat.com/show_bug.cgi?id=2360223", "https://bugzilla.redhat.com/show_bug.cgi?id=2363380", "https://bugzilla.redhat.com/show_bug.cgi?id=2369184", "https://bugzilla.redhat.com/show_bug.cgi?id=2376076", "https://bugzilla.redhat.com/show_bug.cgi?id=2383441", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48830", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49024", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49269", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49353", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49432", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49437", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49443", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49623", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49627", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49643", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49657", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49670", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49845", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36350", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46744", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47679", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47727", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49570", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50060", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50195", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50294", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52332", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53052", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53090", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53119", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53135", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53170", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53229", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53241", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53680", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54456", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56603", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56645", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56662", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56690", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56709", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57981", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57986", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57987", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57988", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57990", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57993", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57995", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57998", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58012", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58015", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58057", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58062", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58068", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58072", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58075", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58077", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58083", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58088", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21647", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21671", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21693", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21696", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21702", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21714", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21728", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21738", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21745", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21746", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21765", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21787", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21806", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21828", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21829", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21837", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21839", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21844", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21846", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21848", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21851", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21855", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21861", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21863", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21902", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37994", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38116", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38396", "https://errata.almalinux.org/9/ALSA-2025-20518.html", "https://errata.rockylinux.org/RLSA-2025:20518", "https://git.kernel.org/linus/17a4fde81d3a7478d97d15304a6d61094a10c2e3 (6.13-rc7)", "https://git.kernel.org/stable/c/17a4fde81d3a7478d97d15304a6d61094a10c2e3", "https://git.kernel.org/stable/c/22be1d90a6211c88dd093b25d1f3aa974d0d9f9d", "https://linux.oracle.com/cve/CVE-2025-21672.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025013100-CVE-2025-21672-cd35@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21672", "https://ubuntu.com/security/notices/USN-7445-1", "https://ubuntu.com/security/notices/USN-7448-1", "https://ubuntu.com/security/notices/USN-7595-1", "https://ubuntu.com/security/notices/USN-7595-2", "https://ubuntu.com/security/notices/USN-7595-3", "https://ubuntu.com/security/notices/USN-7595-4", "https://ubuntu.com/security/notices/USN-7595-5", "https://ubuntu.com/security/notices/USN-7596-1", "https://ubuntu.com/security/notices/USN-7596-2", "https://ubuntu.com/security/notices/USN-7653-1", "https://www.cve.org/CVERecord?id=CVE-2025-21672" ], "PublishedDate": "2025-01-31T12:15:28.36Z", "LastModifiedDate": "2025-10-01T20:18:18.587Z" }, { "VulnerabilityID": "CVE-2025-21673", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21673", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d21e6da920b95949cd81af8317e564c7eaf2f111d42b4d597c4a3a4a993397d6", "Title": "kernel: smb: client: fix double free of TCP_Server_Info::hostname", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix double free of TCP_Server_Info::hostname\n\nWhen shutting down the server in cifs_put_tcp_session(), cifsd thread\nmight be reconnecting to multiple DFS targets before it realizes it\nshould exit the loop, so @server-\u003ehostname can't be freed as long as\ncifsd thread isn't done. Otherwise the following can happen:\n\n RIP: 0010:__slab_free+0x223/0x3c0\n Code: 5e 41 5f c3 cc cc cc cc 4c 89 de 4c 89 cf 44 89 44 24 08 4c 89\n 1c 24 e8 fb cf 8e 00 44 8b 44 24 08 4c 8b 1c 24 e9 5f fe ff ff \u003c0f\u003e\n 0b 41 f7 45 08 00 0d 21 00 0f 85 2d ff ff ff e9 1f ff ff ff 80\n RSP: 0018:ffffb26180dbfd08 EFLAGS: 00010246\n RAX: ffff8ea34728e510 RBX: ffff8ea34728e500 RCX: 0000000000800068\n RDX: 0000000000800068 RSI: 0000000000000000 RDI: ffff8ea340042400\n RBP: ffffe112041ca380 R08: 0000000000000001 R09: 0000000000000000\n R10: 6170732e31303000 R11: 70726f632e786563 R12: ffff8ea34728e500\n R13: ffff8ea340042400 R14: ffff8ea34728e500 R15: 0000000000800068\n FS: 0000000000000000(0000) GS:ffff8ea66fd80000(0000)\n 000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007ffc25376080 CR3: 000000012a2ba001 CR4:\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? show_trace_log_lvl+0x1c4/0x2df\n ? show_trace_log_lvl+0x1c4/0x2df\n ? __reconnect_target_unlocked+0x3e/0x160 [cifs]\n ? __die_body.cold+0x8/0xd\n ? die+0x2b/0x50\n ? do_trap+0xce/0x120\n ? __slab_free+0x223/0x3c0\n ? do_error_trap+0x65/0x80\n ? __slab_free+0x223/0x3c0\n ? exc_invalid_op+0x4e/0x70\n ? __slab_free+0x223/0x3c0\n ? asm_exc_invalid_op+0x16/0x20\n ? __slab_free+0x223/0x3c0\n ? extract_hostname+0x5c/0xa0 [cifs]\n ? extract_hostname+0x5c/0xa0 [cifs]\n ? __kmalloc+0x4b/0x140\n __reconnect_target_unlocked+0x3e/0x160 [cifs]\n reconnect_dfs_server+0x145/0x430 [cifs]\n cifs_handle_standard+0x1ad/0x1d0 [cifs]\n cifs_demultiplex_thread+0x592/0x730 [cifs]\n ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs]\n kthread+0xdd/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x29/0x50\n \u003c/TASK\u003e", "Severity": "MEDIUM", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21673", "https://git.kernel.org/linus/fa2f9906a7b333ba757a7dbae0713d8a5396186e (6.13)", "https://git.kernel.org/stable/c/1ea68070338518a1d31ce71e6abfe1b30001b27a", "https://git.kernel.org/stable/c/a2be5f2ba34d0c6d5ef2624b24e3d852561fcd6a", "https://git.kernel.org/stable/c/fa2f9906a7b333ba757a7dbae0713d8a5396186e", "https://linux.oracle.com/cve/CVE-2025-21673.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025013100-CVE-2025-21673-4465@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21673", "https://ubuntu.com/security/notices/USN-7445-1", "https://ubuntu.com/security/notices/USN-7448-1", "https://ubuntu.com/security/notices/USN-7595-1", "https://ubuntu.com/security/notices/USN-7595-2", "https://ubuntu.com/security/notices/USN-7595-3", "https://ubuntu.com/security/notices/USN-7595-4", "https://ubuntu.com/security/notices/USN-7595-5", "https://ubuntu.com/security/notices/USN-7596-1", "https://ubuntu.com/security/notices/USN-7596-2", "https://ubuntu.com/security/notices/USN-7653-1", "https://www.cve.org/CVERecord?id=CVE-2025-21673" ], "PublishedDate": "2025-01-31T12:15:28.463Z", "LastModifiedDate": "2025-10-01T20:18:18.777Z" }, { "VulnerabilityID": "CVE-2025-21682", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21682", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:84e26c0ffad9bbe73ab871eb9aad5b43304b7fb3bbb59fd02a1af4ec4f3e95de", "Title": "kernel: eth: bnxt: always recalculate features after XDP clearing, fix null-deref", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\neth: bnxt: always recalculate features after XDP clearing, fix null-deref\n\nRecalculate features when XDP is detached.\n\nBefore:\n # ip li set dev eth0 xdp obj xdp_dummy.bpf.o sec xdp\n # ip li set dev eth0 xdp off\n # ethtool -k eth0 | grep gro\n rx-gro-hw: off [requested on]\n\nAfter:\n # ip li set dev eth0 xdp obj xdp_dummy.bpf.o sec xdp\n # ip li set dev eth0 xdp off\n # ethtool -k eth0 | grep gro\n rx-gro-hw: on\n\nThe fact that HW-GRO doesn't get re-enabled automatically is just\na minor annoyance. The real issue is that the features will randomly\ncome back during another reconfiguration which just happens to invoke\nnetdev_update_features(). The driver doesn't handle reconfiguring\ntwo things at a time very robustly.\n\nStarting with commit 98ba1d931f61 (\"bnxt_en: Fix RSS logic in\n__bnxt_reserve_rings()\") we only reconfigure the RSS hash table\nif the \"effective\" number of Rx rings has changed. If HW-GRO is\nenabled \"effective\" number of rings is 2x what user sees.\nSo if we are in the bad state, with HW-GRO re-enablement \"pending\"\nafter XDP off, and we lower the rings by / 2 - the HW-GRO rings\ndoing 2x and the ethtool -L doing / 2 may cancel each other out,\nand the:\n\n if (old_rx_rings != bp-\u003ehw_resc.resv_rx_rings \u0026\u0026\n\ncondition in __bnxt_reserve_rings() will be false.\nThe RSS map won't get updated, and we'll crash with:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000168\n RIP: 0010:__bnxt_hwrm_vnic_set_rss+0x13a/0x1a0\n bnxt_hwrm_vnic_rss_cfg_p5+0x47/0x180\n __bnxt_setup_vnic_p5+0x58/0x110\n bnxt_init_nic+0xb72/0xf50\n __bnxt_open_nic+0x40d/0xab0\n bnxt_open_nic+0x2b/0x60\n ethtool_set_channels+0x18c/0x1d0\n\nAs we try to access a freed ring.\n\nThe issue is present since XDP support was added, really, but\nprior to commit 98ba1d931f61 (\"bnxt_en: Fix RSS logic in\n__bnxt_reserve_rings()\") it wasn't causing major issues.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21682", "https://git.kernel.org/linus/f0aa6a37a3dbb40b272df5fc6db93c114688adcd (6.13)", "https://git.kernel.org/stable/c/076a694a42ae3f0466bc6e4126050eeb7b7d299a", "https://git.kernel.org/stable/c/08831a894d18abfaabb5bbde7c2069a7fb41dd93", "https://git.kernel.org/stable/c/90336fc3d6f5e716ac39a9ddbbde453e23a5aa65", "https://git.kernel.org/stable/c/f0aa6a37a3dbb40b272df5fc6db93c114688adcd", "https://linux.oracle.com/cve/CVE-2025-21682.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025013103-CVE-2025-21682-ccfd@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21682", "https://ubuntu.com/security/notices/USN-7445-1", "https://ubuntu.com/security/notices/USN-7448-1", "https://ubuntu.com/security/notices/USN-7595-1", "https://ubuntu.com/security/notices/USN-7595-2", "https://ubuntu.com/security/notices/USN-7595-3", "https://ubuntu.com/security/notices/USN-7595-4", "https://ubuntu.com/security/notices/USN-7595-5", "https://ubuntu.com/security/notices/USN-7596-1", "https://ubuntu.com/security/notices/USN-7596-2", "https://ubuntu.com/security/notices/USN-7653-1", "https://www.cve.org/CVERecord?id=CVE-2025-21682" ], "PublishedDate": "2025-01-31T12:15:29.363Z", "LastModifiedDate": "2026-03-25T11:16:09.6Z" }, { "VulnerabilityID": "CVE-2025-21693", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21693", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e93ad79417c45820ddff0dc0d5fa93b5a91551610a450f610e456989dcd146b0", "Title": "kernel: mm: zswap: properly synchronize freeing resources during CPU hotunplug", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: zswap: properly synchronize freeing resources during CPU hotunplug\n\nIn zswap_compress() and zswap_decompress(), the per-CPU acomp_ctx of the\ncurrent CPU at the beginning of the operation is retrieved and used\nthroughout. However, since neither preemption nor migration are disabled,\nit is possible that the operation continues on a different CPU.\n\nIf the original CPU is hotunplugged while the acomp_ctx is still in use,\nwe run into a UAF bug as some of the resources attached to the acomp_ctx\nare freed during hotunplug in zswap_cpu_comp_dead() (i.e. \nacomp_ctx.buffer, acomp_ctx.req, or acomp_ctx.acomp).\n\nThe problem was introduced in commit 1ec3b5fe6eec (\"mm/zswap: move to use\ncrypto_acomp API for hardware acceleration\") when the switch to the\ncrypto_acomp API was made. Prior to that, the per-CPU crypto_comp was\nretrieved using get_cpu_ptr() which disables preemption and makes sure the\nCPU cannot go away from under us. Preemption cannot be disabled with the\ncrypto_acomp API as a sleepable context is needed.\n\nUse the acomp_ctx.mutex to synchronize CPU hotplug callbacks allocating\nand freeing resources with compression/decompression paths. Make sure\nthat acomp_ctx.req is NULL when the resources are freed. In the\ncompression/decompression paths, check if acomp_ctx.req is NULL after\nacquiring the mutex (meaning the CPU was offlined) and retry on the new\nCPU.\n\nThe initialization of acomp_ctx.mutex is moved from the CPU hotplug\ncallback to the pool initialization where it belongs (where the mutex is\nallocated). In addition to adding clarity, this makes sure that CPU\nhotplug cannot reinitialize a mutex that is already locked by\ncompression/decompression.\n\nPreviously a fix was attempted by holding cpus_read_lock() [1]. This\nwould have caused a potential deadlock as it is possible for code already\nholding the lock to fall into reclaim and enter zswap (causing a\ndeadlock). A fix was also attempted using SRCU for synchronization, but\nJohannes pointed out that synchronize_srcu() cannot be used in CPU hotplug\nnotifiers [2].\n\nAlternative fixes that were considered/attempted and could have worked:\n- Refcounting the per-CPU acomp_ctx. This involves complexity in\n handling the race between the refcount dropping to zero in\n zswap_[de]compress() and the refcount being re-initialized when the\n CPU is onlined.\n- Disabling migration before getting the per-CPU acomp_ctx [3], but\n that's discouraged and is a much bigger hammer than needed, and could\n result in subtle performance issues.\n\n[1]https://lkml.kernel.org/20241219212437.2714151-1-yosryahmed@google.com/\n[2]https://lkml.kernel.org/20250107074724.1756696-2-yosryahmed@google.com/\n[3]https://lkml.kernel.org/20250107222236.2715883-2-yosryahmed@google.com/\n\n[yosryahmed@google.com: remove comment]", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "alma": 2, "oracle-oval": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:20518", "https://access.redhat.com/security/cve/CVE-2025-21693", "https://bugzilla.redhat.com/2298169", "https://bugzilla.redhat.com/2312077", "https://bugzilla.redhat.com/2313092", "https://bugzilla.redhat.com/2320172", "https://bugzilla.redhat.com/2320259", "https://bugzilla.redhat.com/2320455", "https://bugzilla.redhat.com/2320616", "https://bugzilla.redhat.com/2320722", "https://bugzilla.redhat.com/2324549", "https://bugzilla.redhat.com/2327203", "https://bugzilla.redhat.com/2327374", "https://bugzilla.redhat.com/2327887", "https://bugzilla.redhat.com/2329918", "https://bugzilla.redhat.com/2330341", "https://bugzilla.redhat.com/2331326", "https://bugzilla.redhat.com/2334357", "https://bugzilla.redhat.com/2334396", "https://bugzilla.redhat.com/2334415", "https://bugzilla.redhat.com/2334439", "https://bugzilla.redhat.com/2334537", "https://bugzilla.redhat.com/2334547", "https://bugzilla.redhat.com/2334548", "https://bugzilla.redhat.com/2334560", "https://bugzilla.redhat.com/2334676", "https://bugzilla.redhat.com/2334795", "https://bugzilla.redhat.com/2334829", "https://bugzilla.redhat.com/2336541", "https://bugzilla.redhat.com/2337121", "https://bugzilla.redhat.com/2337124", "https://bugzilla.redhat.com/2338814", "https://bugzilla.redhat.com/2338828", "https://bugzilla.redhat.com/2338832", "https://bugzilla.redhat.com/2343172", "https://bugzilla.redhat.com/2343175", "https://bugzilla.redhat.com/2344684", "https://bugzilla.redhat.com/2344687", "https://bugzilla.redhat.com/2345240", "https://bugzilla.redhat.com/2346272", "https://bugzilla.redhat.com/2347707", "https://bugzilla.redhat.com/2347753", "https://bugzilla.redhat.com/2347759", "https://bugzilla.redhat.com/2347781", "https://bugzilla.redhat.com/2347807", "https://bugzilla.redhat.com/2347859", "https://bugzilla.redhat.com/2347919", "https://bugzilla.redhat.com/2347968", "https://bugzilla.redhat.com/2348022", "https://bugzilla.redhat.com/2348071", "https://bugzilla.redhat.com/2348238", "https://bugzilla.redhat.com/2348240", "https://bugzilla.redhat.com/2348279", "https://bugzilla.redhat.com/2348515", "https://bugzilla.redhat.com/2348523", "https://bugzilla.redhat.com/2348528", "https://bugzilla.redhat.com/2348541", "https://bugzilla.redhat.com/2348543", "https://bugzilla.redhat.com/2348547", "https://bugzilla.redhat.com/2348550", "https://bugzilla.redhat.com/2348554", "https://bugzilla.redhat.com/2348556", "https://bugzilla.redhat.com/2348566", "https://bugzilla.redhat.com/2348573", "https://bugzilla.redhat.com/2348574", "https://bugzilla.redhat.com/2348577", "https://bugzilla.redhat.com/2348578", "https://bugzilla.redhat.com/2348581", "https://bugzilla.redhat.com/2348584", "https://bugzilla.redhat.com/2348585", "https://bugzilla.redhat.com/2348587", "https://bugzilla.redhat.com/2348595", "https://bugzilla.redhat.com/2348597", "https://bugzilla.redhat.com/2348600", "https://bugzilla.redhat.com/2348601", "https://bugzilla.redhat.com/2348615", "https://bugzilla.redhat.com/2348620", "https://bugzilla.redhat.com/2348625", "https://bugzilla.redhat.com/2348634", "https://bugzilla.redhat.com/2348645", "https://bugzilla.redhat.com/2348650", "https://bugzilla.redhat.com/2348654", "https://bugzilla.redhat.com/2348901", "https://bugzilla.redhat.com/2350363", "https://bugzilla.redhat.com/2350367", "https://bugzilla.redhat.com/2350374", "https://bugzilla.redhat.com/2350375", "https://bugzilla.redhat.com/2350386", "https://bugzilla.redhat.com/2350388", "https://bugzilla.redhat.com/2350392", "https://bugzilla.redhat.com/2350396", "https://bugzilla.redhat.com/2350397", "https://bugzilla.redhat.com/2350400", "https://bugzilla.redhat.com/2350585", "https://bugzilla.redhat.com/2350589", "https://bugzilla.redhat.com/2350725", "https://bugzilla.redhat.com/2350726", "https://bugzilla.redhat.com/2351606", "https://bugzilla.redhat.com/2351608", "https://bugzilla.redhat.com/2351612", "https://bugzilla.redhat.com/2351613", "https://bugzilla.redhat.com/2351616", "https://bugzilla.redhat.com/2351618", "https://bugzilla.redhat.com/2351620", "https://bugzilla.redhat.com/2351624", "https://bugzilla.redhat.com/2351625", "https://bugzilla.redhat.com/2351629", "https://bugzilla.redhat.com/2351633", "https://bugzilla.redhat.com/2360215", "https://bugzilla.redhat.com/2363380", "https://bugzilla.redhat.com/2369184", "https://bugzilla.redhat.com/2376076", "https://bugzilla.redhat.com/2383441", "https://bugzilla.redhat.com/show_bug.cgi?id=2298169", "https://bugzilla.redhat.com/show_bug.cgi?id=2312077", "https://bugzilla.redhat.com/show_bug.cgi?id=2313092", "https://bugzilla.redhat.com/show_bug.cgi?id=2320172", "https://bugzilla.redhat.com/show_bug.cgi?id=2320259", "https://bugzilla.redhat.com/show_bug.cgi?id=2320455", "https://bugzilla.redhat.com/show_bug.cgi?id=2320616", "https://bugzilla.redhat.com/show_bug.cgi?id=2320722", "https://bugzilla.redhat.com/show_bug.cgi?id=2324549", "https://bugzilla.redhat.com/show_bug.cgi?id=2327203", "https://bugzilla.redhat.com/show_bug.cgi?id=2327374", "https://bugzilla.redhat.com/show_bug.cgi?id=2327887", "https://bugzilla.redhat.com/show_bug.cgi?id=2329918", "https://bugzilla.redhat.com/show_bug.cgi?id=2330341", "https://bugzilla.redhat.com/show_bug.cgi?id=2331326", "https://bugzilla.redhat.com/show_bug.cgi?id=2334357", "https://bugzilla.redhat.com/show_bug.cgi?id=2334396", "https://bugzilla.redhat.com/show_bug.cgi?id=2334415", "https://bugzilla.redhat.com/show_bug.cgi?id=2334439", "https://bugzilla.redhat.com/show_bug.cgi?id=2334537", "https://bugzilla.redhat.com/show_bug.cgi?id=2334547", "https://bugzilla.redhat.com/show_bug.cgi?id=2334548", "https://bugzilla.redhat.com/show_bug.cgi?id=2334560", "https://bugzilla.redhat.com/show_bug.cgi?id=2334676", "https://bugzilla.redhat.com/show_bug.cgi?id=2334795", "https://bugzilla.redhat.com/show_bug.cgi?id=2334829", "https://bugzilla.redhat.com/show_bug.cgi?id=2336541", "https://bugzilla.redhat.com/show_bug.cgi?id=2337121", "https://bugzilla.redhat.com/show_bug.cgi?id=2337124", "https://bugzilla.redhat.com/show_bug.cgi?id=2338814", "https://bugzilla.redhat.com/show_bug.cgi?id=2338828", "https://bugzilla.redhat.com/show_bug.cgi?id=2338832", "https://bugzilla.redhat.com/show_bug.cgi?id=2343172", "https://bugzilla.redhat.com/show_bug.cgi?id=2343175", "https://bugzilla.redhat.com/show_bug.cgi?id=2344684", "https://bugzilla.redhat.com/show_bug.cgi?id=2344687", "https://bugzilla.redhat.com/show_bug.cgi?id=2345240", "https://bugzilla.redhat.com/show_bug.cgi?id=2346272", "https://bugzilla.redhat.com/show_bug.cgi?id=2347707", "https://bugzilla.redhat.com/show_bug.cgi?id=2347753", "https://bugzilla.redhat.com/show_bug.cgi?id=2347759", "https://bugzilla.redhat.com/show_bug.cgi?id=2347781", "https://bugzilla.redhat.com/show_bug.cgi?id=2347807", "https://bugzilla.redhat.com/show_bug.cgi?id=2347859", "https://bugzilla.redhat.com/show_bug.cgi?id=2347919", "https://bugzilla.redhat.com/show_bug.cgi?id=2347968", "https://bugzilla.redhat.com/show_bug.cgi?id=2348022", "https://bugzilla.redhat.com/show_bug.cgi?id=2348071", "https://bugzilla.redhat.com/show_bug.cgi?id=2348238", "https://bugzilla.redhat.com/show_bug.cgi?id=2348240", "https://bugzilla.redhat.com/show_bug.cgi?id=2348279", "https://bugzilla.redhat.com/show_bug.cgi?id=2348515", "https://bugzilla.redhat.com/show_bug.cgi?id=2348523", "https://bugzilla.redhat.com/show_bug.cgi?id=2348528", "https://bugzilla.redhat.com/show_bug.cgi?id=2348541", "https://bugzilla.redhat.com/show_bug.cgi?id=2348543", "https://bugzilla.redhat.com/show_bug.cgi?id=2348547", "https://bugzilla.redhat.com/show_bug.cgi?id=2348550", "https://bugzilla.redhat.com/show_bug.cgi?id=2348554", "https://bugzilla.redhat.com/show_bug.cgi?id=2348556", "https://bugzilla.redhat.com/show_bug.cgi?id=2348566", "https://bugzilla.redhat.com/show_bug.cgi?id=2348573", "https://bugzilla.redhat.com/show_bug.cgi?id=2348574", "https://bugzilla.redhat.com/show_bug.cgi?id=2348577", "https://bugzilla.redhat.com/show_bug.cgi?id=2348578", "https://bugzilla.redhat.com/show_bug.cgi?id=2348581", "https://bugzilla.redhat.com/show_bug.cgi?id=2348584", "https://bugzilla.redhat.com/show_bug.cgi?id=2348585", "https://bugzilla.redhat.com/show_bug.cgi?id=2348587", "https://bugzilla.redhat.com/show_bug.cgi?id=2348595", "https://bugzilla.redhat.com/show_bug.cgi?id=2348597", "https://bugzilla.redhat.com/show_bug.cgi?id=2348600", "https://bugzilla.redhat.com/show_bug.cgi?id=2348601", "https://bugzilla.redhat.com/show_bug.cgi?id=2348615", "https://bugzilla.redhat.com/show_bug.cgi?id=2348620", "https://bugzilla.redhat.com/show_bug.cgi?id=2348625", "https://bugzilla.redhat.com/show_bug.cgi?id=2348634", "https://bugzilla.redhat.com/show_bug.cgi?id=2348645", "https://bugzilla.redhat.com/show_bug.cgi?id=2348650", "https://bugzilla.redhat.com/show_bug.cgi?id=2348654", "https://bugzilla.redhat.com/show_bug.cgi?id=2348901", "https://bugzilla.redhat.com/show_bug.cgi?id=2350363", "https://bugzilla.redhat.com/show_bug.cgi?id=2350367", "https://bugzilla.redhat.com/show_bug.cgi?id=2350374", "https://bugzilla.redhat.com/show_bug.cgi?id=2350375", "https://bugzilla.redhat.com/show_bug.cgi?id=2350386", "https://bugzilla.redhat.com/show_bug.cgi?id=2350388", "https://bugzilla.redhat.com/show_bug.cgi?id=2350392", "https://bugzilla.redhat.com/show_bug.cgi?id=2350396", "https://bugzilla.redhat.com/show_bug.cgi?id=2350397", "https://bugzilla.redhat.com/show_bug.cgi?id=2350400", "https://bugzilla.redhat.com/show_bug.cgi?id=2350585", "https://bugzilla.redhat.com/show_bug.cgi?id=2350589", "https://bugzilla.redhat.com/show_bug.cgi?id=2350725", "https://bugzilla.redhat.com/show_bug.cgi?id=2350726", "https://bugzilla.redhat.com/show_bug.cgi?id=2351606", "https://bugzilla.redhat.com/show_bug.cgi?id=2351608", "https://bugzilla.redhat.com/show_bug.cgi?id=2351612", "https://bugzilla.redhat.com/show_bug.cgi?id=2351613", "https://bugzilla.redhat.com/show_bug.cgi?id=2351616", "https://bugzilla.redhat.com/show_bug.cgi?id=2351618", "https://bugzilla.redhat.com/show_bug.cgi?id=2351620", "https://bugzilla.redhat.com/show_bug.cgi?id=2351624", "https://bugzilla.redhat.com/show_bug.cgi?id=2351625", "https://bugzilla.redhat.com/show_bug.cgi?id=2351629", "https://bugzilla.redhat.com/show_bug.cgi?id=2351633", "https://bugzilla.redhat.com/show_bug.cgi?id=2356647", "https://bugzilla.redhat.com/show_bug.cgi?id=2360215", "https://bugzilla.redhat.com/show_bug.cgi?id=2360223", "https://bugzilla.redhat.com/show_bug.cgi?id=2363380", "https://bugzilla.redhat.com/show_bug.cgi?id=2369184", "https://bugzilla.redhat.com/show_bug.cgi?id=2376076", "https://bugzilla.redhat.com/show_bug.cgi?id=2383441", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48830", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49024", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49269", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49353", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49432", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49437", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49443", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49623", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49627", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49643", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49657", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49670", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49845", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36350", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46744", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47679", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47727", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49570", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50060", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50195", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50294", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52332", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53052", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53090", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53119", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53135", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53170", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53229", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53241", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53680", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54456", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56603", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56645", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56662", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56690", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56709", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57981", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57986", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57987", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57988", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57990", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57993", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57995", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57998", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58012", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58015", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58057", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58062", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58068", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58072", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58075", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58077", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58083", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58088", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21647", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21671", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21693", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21696", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21702", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21714", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21728", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21738", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21745", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21746", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21765", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21787", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21806", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21828", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21829", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21837", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21839", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21844", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21846", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21848", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21851", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21855", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21861", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21863", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21902", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37994", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38116", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38396", "https://errata.almalinux.org/9/ALSA-2025-20518.html", "https://errata.rockylinux.org/RLSA-2025:20518", "https://git.kernel.org/linus/12dcb0ef540629a281533f9dedc1b6b8e14cfb65 (6.13)", "https://git.kernel.org/stable/c/12dcb0ef540629a281533f9dedc1b6b8e14cfb65", "https://git.kernel.org/stable/c/8d29ff5d50304daa41dc3cfdda4a9d1e46cf5be1", "https://linux.oracle.com/cve/CVE-2025-21693.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025021056-CVE-2025-21693-b6d1@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21693", "https://ubuntu.com/security/notices/USN-7445-1", "https://ubuntu.com/security/notices/USN-7448-1", "https://www.cve.org/CVERecord?id=CVE-2025-21693" ], "PublishedDate": "2025-02-10T16:15:38.883Z", "LastModifiedDate": "2025-04-16T19:15:52.933Z" }, { "VulnerabilityID": "CVE-2025-21696", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21696", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:00cbe03bfbfcf09ae90e3cd4746dce3f743eecb8e436924810cb58ec8839e45a", "Title": "kernel: mm: clear uffd-wp PTE/PMD state on mremap()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: clear uffd-wp PTE/PMD state on mremap()\n\nWhen mremap()ing a memory region previously registered with userfaultfd as\nwrite-protected but without UFFD_FEATURE_EVENT_REMAP, an inconsistency in\nflag clearing leads to a mismatch between the vma flags (which have\nuffd-wp cleared) and the pte/pmd flags (which do not have uffd-wp\ncleared). This mismatch causes a subsequent mprotect(PROT_WRITE) to\ntrigger a warning in page_table_check_pte_flags() due to setting the pte\nto writable while uffd-wp is still set.\n\nFix this by always explicitly clearing the uffd-wp pte/pmd flags on any\nsuch mremap() so that the values are consistent with the existing clearing\nof VM_UFFD_WP. Be careful to clear the logical flag regardless of its\nphysical form; a PTE bit, a swap PTE bit, or a PTE marker. Cover PTE,\nhuge PMD and hugetlb paths.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:20518", "https://access.redhat.com/security/cve/CVE-2025-21696", "https://bugzilla.redhat.com/2298169", "https://bugzilla.redhat.com/2312077", "https://bugzilla.redhat.com/2313092", "https://bugzilla.redhat.com/2320172", "https://bugzilla.redhat.com/2320259", "https://bugzilla.redhat.com/2320455", "https://bugzilla.redhat.com/2320616", "https://bugzilla.redhat.com/2320722", "https://bugzilla.redhat.com/2324549", "https://bugzilla.redhat.com/2327203", "https://bugzilla.redhat.com/2327374", "https://bugzilla.redhat.com/2327887", "https://bugzilla.redhat.com/2329918", "https://bugzilla.redhat.com/2330341", "https://bugzilla.redhat.com/2331326", "https://bugzilla.redhat.com/2334357", "https://bugzilla.redhat.com/2334396", "https://bugzilla.redhat.com/2334415", "https://bugzilla.redhat.com/2334439", "https://bugzilla.redhat.com/2334537", "https://bugzilla.redhat.com/2334547", "https://bugzilla.redhat.com/2334548", "https://bugzilla.redhat.com/2334560", "https://bugzilla.redhat.com/2334676", "https://bugzilla.redhat.com/2334795", "https://bugzilla.redhat.com/2334829", "https://bugzilla.redhat.com/2336541", "https://bugzilla.redhat.com/2337121", "https://bugzilla.redhat.com/2337124", "https://bugzilla.redhat.com/2338814", "https://bugzilla.redhat.com/2338828", "https://bugzilla.redhat.com/2338832", "https://bugzilla.redhat.com/2343172", "https://bugzilla.redhat.com/2343175", "https://bugzilla.redhat.com/2344684", "https://bugzilla.redhat.com/2344687", "https://bugzilla.redhat.com/2345240", "https://bugzilla.redhat.com/2346272", "https://bugzilla.redhat.com/2347707", "https://bugzilla.redhat.com/2347753", "https://bugzilla.redhat.com/2347759", "https://bugzilla.redhat.com/2347781", "https://bugzilla.redhat.com/2347807", "https://bugzilla.redhat.com/2347859", "https://bugzilla.redhat.com/2347919", "https://bugzilla.redhat.com/2347968", "https://bugzilla.redhat.com/2348022", "https://bugzilla.redhat.com/2348071", "https://bugzilla.redhat.com/2348238", "https://bugzilla.redhat.com/2348240", "https://bugzilla.redhat.com/2348279", "https://bugzilla.redhat.com/2348515", "https://bugzilla.redhat.com/2348523", "https://bugzilla.redhat.com/2348528", "https://bugzilla.redhat.com/2348541", "https://bugzilla.redhat.com/2348543", "https://bugzilla.redhat.com/2348547", "https://bugzilla.redhat.com/2348550", "https://bugzilla.redhat.com/2348554", "https://bugzilla.redhat.com/2348556", "https://bugzilla.redhat.com/2348566", "https://bugzilla.redhat.com/2348573", "https://bugzilla.redhat.com/2348574", "https://bugzilla.redhat.com/2348577", "https://bugzilla.redhat.com/2348578", "https://bugzilla.redhat.com/2348581", "https://bugzilla.redhat.com/2348584", "https://bugzilla.redhat.com/2348585", "https://bugzilla.redhat.com/2348587", "https://bugzilla.redhat.com/2348595", "https://bugzilla.redhat.com/2348597", "https://bugzilla.redhat.com/2348600", "https://bugzilla.redhat.com/2348601", "https://bugzilla.redhat.com/2348615", "https://bugzilla.redhat.com/2348620", "https://bugzilla.redhat.com/2348625", "https://bugzilla.redhat.com/2348634", "https://bugzilla.redhat.com/2348645", "https://bugzilla.redhat.com/2348650", "https://bugzilla.redhat.com/2348654", "https://bugzilla.redhat.com/2348901", "https://bugzilla.redhat.com/2350363", "https://bugzilla.redhat.com/2350367", "https://bugzilla.redhat.com/2350374", "https://bugzilla.redhat.com/2350375", "https://bugzilla.redhat.com/2350386", "https://bugzilla.redhat.com/2350388", "https://bugzilla.redhat.com/2350392", "https://bugzilla.redhat.com/2350396", "https://bugzilla.redhat.com/2350397", "https://bugzilla.redhat.com/2350400", "https://bugzilla.redhat.com/2350585", "https://bugzilla.redhat.com/2350589", "https://bugzilla.redhat.com/2350725", "https://bugzilla.redhat.com/2350726", "https://bugzilla.redhat.com/2351606", "https://bugzilla.redhat.com/2351608", "https://bugzilla.redhat.com/2351612", "https://bugzilla.redhat.com/2351613", "https://bugzilla.redhat.com/2351616", "https://bugzilla.redhat.com/2351618", "https://bugzilla.redhat.com/2351620", "https://bugzilla.redhat.com/2351624", "https://bugzilla.redhat.com/2351625", "https://bugzilla.redhat.com/2351629", "https://bugzilla.redhat.com/2351633", "https://bugzilla.redhat.com/2360215", "https://bugzilla.redhat.com/2363380", "https://bugzilla.redhat.com/2369184", "https://bugzilla.redhat.com/2376076", "https://bugzilla.redhat.com/2383441", "https://bugzilla.redhat.com/show_bug.cgi?id=2298169", "https://bugzilla.redhat.com/show_bug.cgi?id=2312077", "https://bugzilla.redhat.com/show_bug.cgi?id=2313092", "https://bugzilla.redhat.com/show_bug.cgi?id=2320172", "https://bugzilla.redhat.com/show_bug.cgi?id=2320259", "https://bugzilla.redhat.com/show_bug.cgi?id=2320455", "https://bugzilla.redhat.com/show_bug.cgi?id=2320616", "https://bugzilla.redhat.com/show_bug.cgi?id=2320722", "https://bugzilla.redhat.com/show_bug.cgi?id=2324549", "https://bugzilla.redhat.com/show_bug.cgi?id=2327203", "https://bugzilla.redhat.com/show_bug.cgi?id=2327374", "https://bugzilla.redhat.com/show_bug.cgi?id=2327887", "https://bugzilla.redhat.com/show_bug.cgi?id=2329918", "https://bugzilla.redhat.com/show_bug.cgi?id=2330341", "https://bugzilla.redhat.com/show_bug.cgi?id=2331326", "https://bugzilla.redhat.com/show_bug.cgi?id=2334357", "https://bugzilla.redhat.com/show_bug.cgi?id=2334396", "https://bugzilla.redhat.com/show_bug.cgi?id=2334415", "https://bugzilla.redhat.com/show_bug.cgi?id=2334439", "https://bugzilla.redhat.com/show_bug.cgi?id=2334537", "https://bugzilla.redhat.com/show_bug.cgi?id=2334547", "https://bugzilla.redhat.com/show_bug.cgi?id=2334548", "https://bugzilla.redhat.com/show_bug.cgi?id=2334560", "https://bugzilla.redhat.com/show_bug.cgi?id=2334676", "https://bugzilla.redhat.com/show_bug.cgi?id=2334795", "https://bugzilla.redhat.com/show_bug.cgi?id=2334829", "https://bugzilla.redhat.com/show_bug.cgi?id=2336541", "https://bugzilla.redhat.com/show_bug.cgi?id=2337121", "https://bugzilla.redhat.com/show_bug.cgi?id=2337124", "https://bugzilla.redhat.com/show_bug.cgi?id=2338814", "https://bugzilla.redhat.com/show_bug.cgi?id=2338828", "https://bugzilla.redhat.com/show_bug.cgi?id=2338832", "https://bugzilla.redhat.com/show_bug.cgi?id=2343172", "https://bugzilla.redhat.com/show_bug.cgi?id=2343175", "https://bugzilla.redhat.com/show_bug.cgi?id=2344684", "https://bugzilla.redhat.com/show_bug.cgi?id=2344687", "https://bugzilla.redhat.com/show_bug.cgi?id=2345240", "https://bugzilla.redhat.com/show_bug.cgi?id=2346272", "https://bugzilla.redhat.com/show_bug.cgi?id=2347707", "https://bugzilla.redhat.com/show_bug.cgi?id=2347753", "https://bugzilla.redhat.com/show_bug.cgi?id=2347759", "https://bugzilla.redhat.com/show_bug.cgi?id=2347781", "https://bugzilla.redhat.com/show_bug.cgi?id=2347807", "https://bugzilla.redhat.com/show_bug.cgi?id=2347859", "https://bugzilla.redhat.com/show_bug.cgi?id=2347919", "https://bugzilla.redhat.com/show_bug.cgi?id=2347968", "https://bugzilla.redhat.com/show_bug.cgi?id=2348022", "https://bugzilla.redhat.com/show_bug.cgi?id=2348071", "https://bugzilla.redhat.com/show_bug.cgi?id=2348238", "https://bugzilla.redhat.com/show_bug.cgi?id=2348240", "https://bugzilla.redhat.com/show_bug.cgi?id=2348279", "https://bugzilla.redhat.com/show_bug.cgi?id=2348515", "https://bugzilla.redhat.com/show_bug.cgi?id=2348523", "https://bugzilla.redhat.com/show_bug.cgi?id=2348528", "https://bugzilla.redhat.com/show_bug.cgi?id=2348541", "https://bugzilla.redhat.com/show_bug.cgi?id=2348543", "https://bugzilla.redhat.com/show_bug.cgi?id=2348547", "https://bugzilla.redhat.com/show_bug.cgi?id=2348550", "https://bugzilla.redhat.com/show_bug.cgi?id=2348554", "https://bugzilla.redhat.com/show_bug.cgi?id=2348556", "https://bugzilla.redhat.com/show_bug.cgi?id=2348566", "https://bugzilla.redhat.com/show_bug.cgi?id=2348573", "https://bugzilla.redhat.com/show_bug.cgi?id=2348574", "https://bugzilla.redhat.com/show_bug.cgi?id=2348577", "https://bugzilla.redhat.com/show_bug.cgi?id=2348578", "https://bugzilla.redhat.com/show_bug.cgi?id=2348581", "https://bugzilla.redhat.com/show_bug.cgi?id=2348584", "https://bugzilla.redhat.com/show_bug.cgi?id=2348585", "https://bugzilla.redhat.com/show_bug.cgi?id=2348587", "https://bugzilla.redhat.com/show_bug.cgi?id=2348595", "https://bugzilla.redhat.com/show_bug.cgi?id=2348597", "https://bugzilla.redhat.com/show_bug.cgi?id=2348600", "https://bugzilla.redhat.com/show_bug.cgi?id=2348601", "https://bugzilla.redhat.com/show_bug.cgi?id=2348615", "https://bugzilla.redhat.com/show_bug.cgi?id=2348620", "https://bugzilla.redhat.com/show_bug.cgi?id=2348625", "https://bugzilla.redhat.com/show_bug.cgi?id=2348634", "https://bugzilla.redhat.com/show_bug.cgi?id=2348645", "https://bugzilla.redhat.com/show_bug.cgi?id=2348650", "https://bugzilla.redhat.com/show_bug.cgi?id=2348654", "https://bugzilla.redhat.com/show_bug.cgi?id=2348901", "https://bugzilla.redhat.com/show_bug.cgi?id=2350363", "https://bugzilla.redhat.com/show_bug.cgi?id=2350367", "https://bugzilla.redhat.com/show_bug.cgi?id=2350374", "https://bugzilla.redhat.com/show_bug.cgi?id=2350375", "https://bugzilla.redhat.com/show_bug.cgi?id=2350386", "https://bugzilla.redhat.com/show_bug.cgi?id=2350388", "https://bugzilla.redhat.com/show_bug.cgi?id=2350392", "https://bugzilla.redhat.com/show_bug.cgi?id=2350396", "https://bugzilla.redhat.com/show_bug.cgi?id=2350397", "https://bugzilla.redhat.com/show_bug.cgi?id=2350400", "https://bugzilla.redhat.com/show_bug.cgi?id=2350585", "https://bugzilla.redhat.com/show_bug.cgi?id=2350589", "https://bugzilla.redhat.com/show_bug.cgi?id=2350725", "https://bugzilla.redhat.com/show_bug.cgi?id=2350726", "https://bugzilla.redhat.com/show_bug.cgi?id=2351606", "https://bugzilla.redhat.com/show_bug.cgi?id=2351608", "https://bugzilla.redhat.com/show_bug.cgi?id=2351612", "https://bugzilla.redhat.com/show_bug.cgi?id=2351613", "https://bugzilla.redhat.com/show_bug.cgi?id=2351616", "https://bugzilla.redhat.com/show_bug.cgi?id=2351618", "https://bugzilla.redhat.com/show_bug.cgi?id=2351620", "https://bugzilla.redhat.com/show_bug.cgi?id=2351624", "https://bugzilla.redhat.com/show_bug.cgi?id=2351625", "https://bugzilla.redhat.com/show_bug.cgi?id=2351629", "https://bugzilla.redhat.com/show_bug.cgi?id=2351633", "https://bugzilla.redhat.com/show_bug.cgi?id=2356647", "https://bugzilla.redhat.com/show_bug.cgi?id=2360215", "https://bugzilla.redhat.com/show_bug.cgi?id=2360223", "https://bugzilla.redhat.com/show_bug.cgi?id=2363380", "https://bugzilla.redhat.com/show_bug.cgi?id=2369184", "https://bugzilla.redhat.com/show_bug.cgi?id=2376076", "https://bugzilla.redhat.com/show_bug.cgi?id=2383441", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48830", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49024", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49269", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49353", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49432", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49437", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49443", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49623", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49627", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49643", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49657", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49670", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49845", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36350", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46744", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47679", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47727", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49570", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50060", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50195", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50294", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52332", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53052", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53090", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53119", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53135", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53170", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53229", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53241", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53680", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54456", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56603", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56645", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56662", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56690", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56709", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57981", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57986", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57987", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57988", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57990", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57993", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57995", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57998", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58012", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58015", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58057", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58062", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58068", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58072", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58075", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58077", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58083", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58088", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21647", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21671", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21693", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21696", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21702", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21714", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21728", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21738", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21745", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21746", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21765", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21787", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21806", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21828", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21829", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21837", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21839", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21844", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21846", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21848", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21851", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21855", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21861", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21863", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21902", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37994", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38116", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38396", "https://errata.almalinux.org/9/ALSA-2025-20518.html", "https://errata.rockylinux.org/RLSA-2025:20518", "https://git.kernel.org/linus/0cef0bb836e3cfe00f08f9606c72abd72fe78ca3 (6.13)", "https://git.kernel.org/stable/c/0cef0bb836e3cfe00f08f9606c72abd72fe78ca3", "https://git.kernel.org/stable/c/310ac886d68de661c3a334198d8604b722d7fdf8", "https://linux.oracle.com/cve/CVE-2025-21696.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025021259-CVE-2025-21696-2482@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21696", "https://ubuntu.com/security/notices/USN-7445-1", "https://ubuntu.com/security/notices/USN-7448-1", "https://www.cve.org/CVERecord?id=CVE-2025-21696" ], "PublishedDate": "2025-02-12T14:15:32.677Z", "LastModifiedDate": "2025-10-01T20:18:21.5Z" }, { "VulnerabilityID": "CVE-2025-21712", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21712", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8536effd533f89b498cea6a34011fc23f6ae4c93ee8e1210a2b2326f40092a1d", "Title": "kernel: md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime\n\nAfter commit ec6bb299c7c3 (\"md/md-bitmap: add 'sync_size' into struct\nmd_bitmap_stats\"), following panic is reported:\n\nOops: general protection fault, probably for non-canonical address\nRIP: 0010:bitmap_get_stats+0x2b/0xa0\nCall Trace:\n \u003cTASK\u003e\n md_seq_show+0x2d2/0x5b0\n seq_read_iter+0x2b9/0x470\n seq_read+0x12f/0x180\n proc_reg_read+0x57/0xb0\n vfs_read+0xf6/0x380\n ksys_read+0x6c/0xf0\n do_syscall_64+0x82/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nRoot cause is that bitmap_get_stats() can be called at anytime if mddev\nis still there, even if bitmap is destroyed, or not fully initialized.\nDeferenceing bitmap in this case can crash the kernel. Meanwhile, the\nabove commit start to deferencing bitmap-\u003estorage, make the problem\neasier to trigger.\n\nFix the problem by protecting bitmap_get_stats() with bitmap_info.mutex.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21712", "https://git.kernel.org/linus/8d28d0ddb986f56920ac97ae704cc3340a699a30 (6.14-rc1)", "https://git.kernel.org/stable/c/032fa54f486eac5507976e7e31f079a767bc13a8", "https://git.kernel.org/stable/c/237e19519c8ff6949f0ef57c4a0243f5b2b0fa18", "https://git.kernel.org/stable/c/4e9316eee3885bfb311b4759513f2ccf37891c09", "https://git.kernel.org/stable/c/52848a095b55a302af92f52ca0de5b3112059bb8", "https://git.kernel.org/stable/c/8d28d0ddb986f56920ac97ae704cc3340a699a30", "https://linux.oracle.com/cve/CVE-2025-21712.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html", "https://lore.kernel.org/linux-cve-announce/2025022644-CVE-2025-21712-8345@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21712", "https://ubuntu.com/security/notices/USN-7521-1", "https://ubuntu.com/security/notices/USN-7521-2", "https://ubuntu.com/security/notices/USN-7521-3", "https://ubuntu.com/security/notices/USN-7703-1", "https://ubuntu.com/security/notices/USN-7703-2", "https://ubuntu.com/security/notices/USN-7703-3", "https://ubuntu.com/security/notices/USN-7703-4", "https://ubuntu.com/security/notices/USN-7719-1", "https://ubuntu.com/security/notices/USN-7737-1", "https://www.cve.org/CVERecord?id=CVE-2025-21712" ], "PublishedDate": "2025-02-27T02:15:14.863Z", "LastModifiedDate": "2025-11-03T20:17:11.147Z" }, { "VulnerabilityID": "CVE-2025-21723", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21723", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1834ac4e8caff6ce58a966d9fc639aaf12d5307085028985e36ba19bb9ea841d", "Title": "kernel: scsi: mpi3mr: Fix possible crash when setting up bsg fails", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Fix possible crash when setting up bsg fails\n\nIf bsg_setup_queue() fails, the bsg_queue is assigned a non-NULL value.\nConsequently, in mpi3mr_bsg_exit(), the condition \"if(!mrioc-\u003ebsg_queue)\"\nwill not be satisfied, preventing execution from entering\nbsg_remove_queue(), which could lead to the following crash:\n\nBUG: kernel NULL pointer dereference, address: 000000000000041c\nCall Trace:\n \u003cTASK\u003e\n mpi3mr_bsg_exit+0x1f/0x50 [mpi3mr]\n mpi3mr_remove+0x6f/0x340 [mpi3mr]\n pci_device_remove+0x3f/0xb0\n device_release_driver_internal+0x19d/0x220\n unbind_store+0xa4/0xb0\n kernfs_fop_write_iter+0x11f/0x200\n vfs_write+0x1fc/0x3e0\n ksys_write+0x67/0xe0\n do_syscall_64+0x38/0x80\n entry_SYSCALL_64_after_hwframe+0x78/0xe2", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21723", "https://git.kernel.org/linus/295006f6e8c17212d3098811166e29627d19e05c (6.14-rc1)", "https://git.kernel.org/stable/c/19b248069d1b1424982723a2bf3941ad864d5204", "https://git.kernel.org/stable/c/295006f6e8c17212d3098811166e29627d19e05c", "https://git.kernel.org/stable/c/832b8f95a2832321b8200ae478ed988b25faaef4", "https://linux.oracle.com/cve/CVE-2025-21723.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025022647-CVE-2025-21723-9f05@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21723", "https://ubuntu.com/security/notices/USN-7521-1", "https://ubuntu.com/security/notices/USN-7521-2", "https://ubuntu.com/security/notices/USN-7521-3", "https://ubuntu.com/security/notices/USN-7651-1", "https://ubuntu.com/security/notices/USN-7651-2", "https://ubuntu.com/security/notices/USN-7651-3", "https://ubuntu.com/security/notices/USN-7651-4", "https://ubuntu.com/security/notices/USN-7651-5", "https://ubuntu.com/security/notices/USN-7651-6", "https://ubuntu.com/security/notices/USN-7652-1", "https://ubuntu.com/security/notices/USN-7653-1", "https://ubuntu.com/security/notices/USN-7737-1", "https://www.cve.org/CVERecord?id=CVE-2025-21723" ], "PublishedDate": "2025-02-27T02:15:15.993Z", "LastModifiedDate": "2025-10-01T21:16:41.11Z" }, { "VulnerabilityID": "CVE-2025-21730", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21730", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f7b4a7ca9b7d55a438e46a40026a896f6f14a540f27e97e6e55af6bd37ba38bb", "Title": "kernel: wifi: rtw89: avoid to init mgnt_entry list twice when WoWLAN failed", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: avoid to init mgnt_entry list twice when WoWLAN failed\n\nIf WoWLAN failed in resume flow, the rtw89_ops_add_interface() triggered\nwithout removing the interface first. Then the mgnt_entry list init again,\ncausing the list_empty() check in rtw89_chanctx_ops_assign_vif()\nuseless, and list_add_tail() again. Therefore, we have added a check to\nprevent double adding of the list.\n\nrtw89_8852ce 0000:01:00.0: failed to check wow status disabled\nrtw89_8852ce 0000:01:00.0: wow: failed to check disable fw ready\nrtw89_8852ce 0000:01:00.0: wow: failed to swap to normal fw\nrtw89_8852ce 0000:01:00.0: failed to disable wow\nrtw89_8852ce 0000:01:00.0: failed to resume for wow -110\nrtw89_8852ce 0000:01:00.0: MAC has already powered on\ni2c_hid_acpi i2c-ILTK0001:00: PM: acpi_subsys_resume+0x0/0x60 returned 0 after 284705 usecs\nlist_add corruption. prev-\u003enext should be next (ffff9d9719d82228), but was ffff9d9719f96030. (prev=ffff9d9719f96030).\n------------[ cut here ]------------\nkernel BUG at lib/list_debug.c:34!\ninvalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 2 PID: 6918 Comm: kworker/u8:19 Tainted: G U O\nHardware name: Google Anraggar/Anraggar, BIOS Google_Anraggar.15217.514.0 03/25/2024\nWorkqueue: events_unbound async_run_entry_fn\nRIP: 0010:__list_add_valid_or_report+0x9f/0xb0\nCode: e8 56 89 ff ff 0f 0b 48 c7 c7 3e fc e0 96 48 89 c6 e8 45 89 ff ...\nRSP: 0018:ffffa51b42bbbaf0 EFLAGS: 00010246\nRAX: 0000000000000075 RBX: ffff9d9719d82ab0 RCX: 13acb86e047a4400\nRDX: 3fffffffffffffff RSI: 0000000000000000 RDI: 00000000ffffdfff\nRBP: ffffa51b42bbbb28 R08: ffffffff9768e250 R09: 0000000000001fff\nR10: ffffffff9765e250 R11: 0000000000005ffd R12: ffff9d9719f95c40\nR13: ffff9d9719f95be8 R14: ffff9d97081bfd78 R15: ffff9d9719d82060\nFS: 0000000000000000(0000) GS:ffff9d9a6fb00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007e7d029a4060 CR3: 0000000345e38000 CR4: 0000000000750ee0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __die_body+0x68/0xb0\n ? die+0xaa/0xd0\n ? do_trap+0x9f/0x170\n ? __list_add_valid_or_report+0x9f/0xb0\n ? __list_add_valid_or_report+0x9f/0xb0\n ? handle_invalid_op+0x69/0x90\n ? __list_add_valid_or_report+0x9f/0xb0\n ? exc_invalid_op+0x3c/0x50\n ? asm_exc_invalid_op+0x16/0x20\n ? __list_add_valid_or_report+0x9f/0xb0\n rtw89_chanctx_ops_assign_vif+0x1f9/0x210 [rtw89_core cbb375c44bf28564ce479002bff66617a25d9ac1]\n ? __mutex_unlock_slowpath+0xa0/0xf0\n rtw89_ops_assign_vif_chanctx+0x4b/0x90 [rtw89_core cbb375c44bf28564ce479002bff66617a25d9ac1]\n drv_assign_vif_chanctx+0xa7/0x1f0 [mac80211 6efaad16237edaaea0868b132d4f93ecf918a8b6]\n ieee80211_reconfig+0x9cb/0x17b0 [mac80211 6efaad16237edaaea0868b132d4f93ecf918a8b6]\n ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 572d03acaaa933fe38251be7fce3b3675284b8ed]\n ? dev_printk_emit+0x51/0x70\n ? _dev_info+0x6e/0x90\n wiphy_resume+0x89/0x180 [cfg80211 572d03acaaa933fe38251be7fce3b3675284b8ed]\n ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 572d03acaaa933fe38251be7fce3b3675284b8ed]\n dpm_run_callback+0x37/0x1e0\n device_resume+0x26d/0x4b0\n ? __pfx_dpm_watchdog_handler+0x10/0x10\n async_resume+0x1d/0x30\n async_run_entry_fn+0x29/0xd0\n worker_thread+0x397/0x970\n kthread+0xed/0x110\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x38/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21730", "https://git.kernel.org/linus/2f7667675df1b40b73ecc53b4b8c3189b1e5f2c1 (6.14-rc1)", "https://git.kernel.org/stable/c/2f7667675df1b40b73ecc53b4b8c3189b1e5f2c1", "https://git.kernel.org/stable/c/4ed5bf49819757303e657f3900725febf2f3926f", "https://git.kernel.org/stable/c/7fc295fdd3992a9a07d12fd3f2e84dface23aedc", "https://linux.oracle.com/cve/CVE-2025-21730.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025022648-CVE-2025-21730-5bfb@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21730", "https://www.cve.org/CVERecord?id=CVE-2025-21730" ], "PublishedDate": "2025-02-27T02:15:16.733Z", "LastModifiedDate": "2025-10-23T13:05:24.863Z" }, { "VulnerabilityID": "CVE-2025-21732", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21732", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8acecafe68168ca5e155d167289140ee67ca2048ef675a130e39055cd2d9555b", "Title": "kernel: RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error\n\nThis patch addresses a race condition for an ODP MR that can result in a\nCQE with an error on the UMR QP.\n\nDuring the __mlx5_ib_dereg_mr() flow, the following sequence of calls\noccurs:\n\nmlx5_revoke_mr()\n mlx5r_umr_revoke_mr()\n mlx5r_umr_post_send_wait()\n\nAt this point, the lkey is freed from the hardware's perspective.\n\nHowever, concurrently, mlx5_ib_invalidate_range() might be triggered by\nanother task attempting to invalidate a range for the same freed lkey.\n\nThis task will:\n - Acquire the umem_odp-\u003eumem_mutex lock.\n - Call mlx5r_umr_update_xlt() on the UMR QP.\n - Since the lkey has already been freed, this can lead to a CQE error,\n causing the UMR QP to enter an error state [1].\n\nTo resolve this race condition, the umem_odp-\u003eumem_mutex lock is now also\nacquired as part of the mlx5_revoke_mr() scope. Upon successful revoke,\nwe set umem_odp-\u003eprivate which points to that MR to NULL, preventing any\nfurther invalidation attempts on its lkey.\n\n[1] From dmesg:\n\n infiniband rocep8s0f0: dump_cqe:277:(pid 0): WC error: 6, Message: memory bind operation error\n cqe_dump: 00000000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n cqe_dump: 00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n cqe_dump: 00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n cqe_dump: 00000030: 00 00 00 00 08 00 78 06 25 00 11 b9 00 0e dd d2\n\n WARNING: CPU: 15 PID: 1506 at drivers/infiniband/hw/mlx5/umr.c:394 mlx5r_umr_post_send_wait+0x15a/0x2b0 [mlx5_ib]\n Modules linked in: ip6table_mangle ip6table_natip6table_filter ip6_tables iptable_mangle xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_umad ib_ipoib ib_cm mlx5_ib ib_uverbs ib_core fuse mlx5_core\n CPU: 15 UID: 0 PID: 1506 Comm: ibv_rc_pingpong Not tainted 6.12.0-rc7+ #1626\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n RIP: 0010:mlx5r_umr_post_send_wait+0x15a/0x2b0 [mlx5_ib]\n [..]\n Call Trace:\n \u003cTASK\u003e\n mlx5r_umr_update_xlt+0x23c/0x3e0 [mlx5_ib]\n mlx5_ib_invalidate_range+0x2e1/0x330 [mlx5_ib]\n __mmu_notifier_invalidate_range_start+0x1e1/0x240\n zap_page_range_single+0xf1/0x1a0\n madvise_vma_behavior+0x677/0x6e0\n do_madvise+0x1a2/0x4b0\n __x64_sys_madvise+0x25/0x30\n do_syscall_64+0x6b/0x140\n entry_SYSCALL_64_after_hwframe+0x76/0x7e", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "alma": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:20095", "https://access.redhat.com/security/cve/CVE-2025-21732", "https://bugzilla.redhat.com/2331326", "https://bugzilla.redhat.com/2333985", "https://bugzilla.redhat.com/2334373", "https://bugzilla.redhat.com/2334415", "https://bugzilla.redhat.com/2334547", "https://bugzilla.redhat.com/2334548", "https://bugzilla.redhat.com/2334676", "https://bugzilla.redhat.com/2337121", "https://bugzilla.redhat.com/2338185", "https://bugzilla.redhat.com/2338211", "https://bugzilla.redhat.com/2338813", "https://bugzilla.redhat.com/2338821", "https://bugzilla.redhat.com/2338828", "https://bugzilla.redhat.com/2338998", "https://bugzilla.redhat.com/2339130", "https://bugzilla.redhat.com/2339141", "https://bugzilla.redhat.com/2343172", "https://bugzilla.redhat.com/2343186", "https://bugzilla.redhat.com/2344684", "https://bugzilla.redhat.com/2344687", "https://bugzilla.redhat.com/2345240", "https://bugzilla.redhat.com/2346272", "https://bugzilla.redhat.com/2348522", "https://bugzilla.redhat.com/2348523", "https://bugzilla.redhat.com/2348541", "https://bugzilla.redhat.com/2348543", "https://bugzilla.redhat.com/2348547", "https://bugzilla.redhat.com/2348550", "https://bugzilla.redhat.com/2348556", "https://bugzilla.redhat.com/2348561", "https://bugzilla.redhat.com/2348567", "https://bugzilla.redhat.com/2348572", "https://bugzilla.redhat.com/2348574", "https://bugzilla.redhat.com/2348577", "https://bugzilla.redhat.com/2348581", "https://bugzilla.redhat.com/2348584", "https://bugzilla.redhat.com/2348587", "https://bugzilla.redhat.com/2348590", "https://bugzilla.redhat.com/2348592", "https://bugzilla.redhat.com/2348593", "https://bugzilla.redhat.com/2348595", "https://bugzilla.redhat.com/2348597", "https://bugzilla.redhat.com/2348600", "https://bugzilla.redhat.com/2348601", "https://bugzilla.redhat.com/2348602", "https://bugzilla.redhat.com/2348603", "https://bugzilla.redhat.com/2348612", "https://bugzilla.redhat.com/2348617", "https://bugzilla.redhat.com/2348620", "https://bugzilla.redhat.com/2348621", "https://bugzilla.redhat.com/2348625", "https://bugzilla.redhat.com/2348629", "https://bugzilla.redhat.com/2348630", "https://bugzilla.redhat.com/2348645", "https://bugzilla.redhat.com/2348647", "https://bugzilla.redhat.com/2348650", "https://bugzilla.redhat.com/2348656", "https://bugzilla.redhat.com/2350363", "https://bugzilla.redhat.com/2350364", "https://bugzilla.redhat.com/2350373", "https://bugzilla.redhat.com/2350375", "https://bugzilla.redhat.com/2350386", "https://bugzilla.redhat.com/2350392", "https://bugzilla.redhat.com/2350396", "https://bugzilla.redhat.com/2350397", "https://bugzilla.redhat.com/2350589", "https://bugzilla.redhat.com/2350725", "https://bugzilla.redhat.com/2350726", "https://bugzilla.redhat.com/2351605", "https://bugzilla.redhat.com/2351606", "https://bugzilla.redhat.com/2351608", "https://bugzilla.redhat.com/2351612", "https://bugzilla.redhat.com/2351613", "https://bugzilla.redhat.com/2351616", "https://bugzilla.redhat.com/2351618", "https://bugzilla.redhat.com/2351620", "https://bugzilla.redhat.com/2351624", "https://bugzilla.redhat.com/2351625", "https://bugzilla.redhat.com/2351629", "https://bugzilla.redhat.com/2356664", "https://bugzilla.redhat.com/2360215", "https://bugzilla.redhat.com/2363332", "https://bugzilla.redhat.com/2366125", "https://bugzilla.redhat.com/2369184", "https://bugzilla.redhat.com/2376076", "https://bugzilla.redhat.com/2383398", "https://bugzilla.redhat.com/2383432", "https://bugzilla.redhat.com/2383913", "https://bugzilla.redhat.com/show_bug.cgi?id=2331326", "https://bugzilla.redhat.com/show_bug.cgi?id=2333985", "https://bugzilla.redhat.com/show_bug.cgi?id=2334373", "https://bugzilla.redhat.com/show_bug.cgi?id=2334415", "https://bugzilla.redhat.com/show_bug.cgi?id=2334547", "https://bugzilla.redhat.com/show_bug.cgi?id=2334548", "https://bugzilla.redhat.com/show_bug.cgi?id=2334676", "https://bugzilla.redhat.com/show_bug.cgi?id=2337121", "https://bugzilla.redhat.com/show_bug.cgi?id=2338185", "https://bugzilla.redhat.com/show_bug.cgi?id=2338211", "https://bugzilla.redhat.com/show_bug.cgi?id=2338813", "https://bugzilla.redhat.com/show_bug.cgi?id=2338821", "https://bugzilla.redhat.com/show_bug.cgi?id=2338828", "https://bugzilla.redhat.com/show_bug.cgi?id=2338998", "https://bugzilla.redhat.com/show_bug.cgi?id=2339130", "https://bugzilla.redhat.com/show_bug.cgi?id=2339141", "https://bugzilla.redhat.com/show_bug.cgi?id=2343172", "https://bugzilla.redhat.com/show_bug.cgi?id=2343186", "https://bugzilla.redhat.com/show_bug.cgi?id=2344684", "https://bugzilla.redhat.com/show_bug.cgi?id=2344687", "https://bugzilla.redhat.com/show_bug.cgi?id=2345240", "https://bugzilla.redhat.com/show_bug.cgi?id=2346272", "https://bugzilla.redhat.com/show_bug.cgi?id=2348522", "https://bugzilla.redhat.com/show_bug.cgi?id=2348523", "https://bugzilla.redhat.com/show_bug.cgi?id=2348541", "https://bugzilla.redhat.com/show_bug.cgi?id=2348543", "https://bugzilla.redhat.com/show_bug.cgi?id=2348547", "https://bugzilla.redhat.com/show_bug.cgi?id=2348550", "https://bugzilla.redhat.com/show_bug.cgi?id=2348556", "https://bugzilla.redhat.com/show_bug.cgi?id=2348561", "https://bugzilla.redhat.com/show_bug.cgi?id=2348567", "https://bugzilla.redhat.com/show_bug.cgi?id=2348572", "https://bugzilla.redhat.com/show_bug.cgi?id=2348574", "https://bugzilla.redhat.com/show_bug.cgi?id=2348577", "https://bugzilla.redhat.com/show_bug.cgi?id=2348581", "https://bugzilla.redhat.com/show_bug.cgi?id=2348584", "https://bugzilla.redhat.com/show_bug.cgi?id=2348587", "https://bugzilla.redhat.com/show_bug.cgi?id=2348590", "https://bugzilla.redhat.com/show_bug.cgi?id=2348592", "https://bugzilla.redhat.com/show_bug.cgi?id=2348593", "https://bugzilla.redhat.com/show_bug.cgi?id=2348595", "https://bugzilla.redhat.com/show_bug.cgi?id=2348597", "https://bugzilla.redhat.com/show_bug.cgi?id=2348600", "https://bugzilla.redhat.com/show_bug.cgi?id=2348601", "https://bugzilla.redhat.com/show_bug.cgi?id=2348602", "https://bugzilla.redhat.com/show_bug.cgi?id=2348603", "https://bugzilla.redhat.com/show_bug.cgi?id=2348612", "https://bugzilla.redhat.com/show_bug.cgi?id=2348617", "https://bugzilla.redhat.com/show_bug.cgi?id=2348620", "https://bugzilla.redhat.com/show_bug.cgi?id=2348621", "https://bugzilla.redhat.com/show_bug.cgi?id=2348625", "https://bugzilla.redhat.com/show_bug.cgi?id=2348629", "https://bugzilla.redhat.com/show_bug.cgi?id=2348630", "https://bugzilla.redhat.com/show_bug.cgi?id=2348645", "https://bugzilla.redhat.com/show_bug.cgi?id=2348647", "https://bugzilla.redhat.com/show_bug.cgi?id=2348650", "https://bugzilla.redhat.com/show_bug.cgi?id=2348656", "https://bugzilla.redhat.com/show_bug.cgi?id=2350363", "https://bugzilla.redhat.com/show_bug.cgi?id=2350364", "https://bugzilla.redhat.com/show_bug.cgi?id=2350373", "https://bugzilla.redhat.com/show_bug.cgi?id=2350375", "https://bugzilla.redhat.com/show_bug.cgi?id=2350386", "https://bugzilla.redhat.com/show_bug.cgi?id=2350392", "https://bugzilla.redhat.com/show_bug.cgi?id=2350396", "https://bugzilla.redhat.com/show_bug.cgi?id=2350397", "https://bugzilla.redhat.com/show_bug.cgi?id=2350589", "https://bugzilla.redhat.com/show_bug.cgi?id=2350725", "https://bugzilla.redhat.com/show_bug.cgi?id=2350726", "https://bugzilla.redhat.com/show_bug.cgi?id=2351605", "https://bugzilla.redhat.com/show_bug.cgi?id=2351606", "https://bugzilla.redhat.com/show_bug.cgi?id=2351608", "https://bugzilla.redhat.com/show_bug.cgi?id=2351612", "https://bugzilla.redhat.com/show_bug.cgi?id=2351613", "https://bugzilla.redhat.com/show_bug.cgi?id=2351616", "https://bugzilla.redhat.com/show_bug.cgi?id=2351618", "https://bugzilla.redhat.com/show_bug.cgi?id=2351620", "https://bugzilla.redhat.com/show_bug.cgi?id=2351624", "https://bugzilla.redhat.com/show_bug.cgi?id=2351625", "https://bugzilla.redhat.com/show_bug.cgi?id=2351629", "https://bugzilla.redhat.com/show_bug.cgi?id=2356641", "https://bugzilla.redhat.com/show_bug.cgi?id=2356647", "https://bugzilla.redhat.com/show_bug.cgi?id=2356664", "https://bugzilla.redhat.com/show_bug.cgi?id=2360215", "https://bugzilla.redhat.com/show_bug.cgi?id=2363332", "https://bugzilla.redhat.com/show_bug.cgi?id=2366125", "https://bugzilla.redhat.com/show_bug.cgi?id=2369184", "https://bugzilla.redhat.com/show_bug.cgi?id=2376076", "https://bugzilla.redhat.com/show_bug.cgi?id=2383398", "https://bugzilla.redhat.com/show_bug.cgi?id=2383432", "https://bugzilla.redhat.com/show_bug.cgi?id=2383913", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28956", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36350", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49570", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52332", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53147", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53222", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53241", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54456", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56662", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56690", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57901", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57902", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57941", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57942", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57977", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57981", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57984", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57986", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57987", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57988", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57995", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58004", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58005", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58006", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58012", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58013", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58015", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58020", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58057", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58061", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58069", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58072", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58075", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58077", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58088", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21633", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21647", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21652", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21655", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21671", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21680", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21693", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21696", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21702", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21732", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21738", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21741", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21742", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21743", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21750", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21761", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21765", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21771", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21777", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21785", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21828", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21837", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21844", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21846", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21851", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21855", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21857", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21861", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21863", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21902", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21931", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21976", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37749", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37994", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38116", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38369", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38412", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38468", "https://errata.almalinux.org/10/ALSA-2025-20095.html", "https://errata.rockylinux.org/RLSA-2025:20095", "https://git.kernel.org/linus/abb604a1a9c87255c7a6f3b784410a9707baf467 (6.14-rc1)", "https://git.kernel.org/stable/c/5297f5ddffef47b94172ab0d3d62270002a3dcc1", "https://git.kernel.org/stable/c/abb604a1a9c87255c7a6f3b784410a9707baf467", "https://git.kernel.org/stable/c/b13d32786acabf70a7b04ed24b7468fc3c82977c", "https://linux.oracle.com/cve/CVE-2025-21732.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025022658-CVE-2025-21732-e800@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21732", "https://ubuntu.com/security/notices/USN-7521-1", "https://ubuntu.com/security/notices/USN-7521-2", "https://ubuntu.com/security/notices/USN-7521-3", "https://ubuntu.com/security/notices/USN-7651-1", "https://ubuntu.com/security/notices/USN-7651-2", "https://ubuntu.com/security/notices/USN-7651-3", "https://ubuntu.com/security/notices/USN-7651-4", "https://ubuntu.com/security/notices/USN-7651-5", "https://ubuntu.com/security/notices/USN-7651-6", "https://ubuntu.com/security/notices/USN-7652-1", "https://ubuntu.com/security/notices/USN-7653-1", "https://ubuntu.com/security/notices/USN-7737-1", "https://www.cve.org/CVERecord?id=CVE-2025-21732" ], "PublishedDate": "2025-02-27T03:15:13.82Z", "LastModifiedDate": "2025-10-28T20:41:47.56Z" }, { "VulnerabilityID": "CVE-2025-21734", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21734", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a2f15e18481e76651f207eb657a498568dd71cf12edf13d179a7ed3458dd329e", "Title": "kernel: misc: fastrpc: Fix copy buffer page size", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: Fix copy buffer page size\n\nFor non-registered buffer, fastrpc driver copies the buffer and\npass it to the remote subsystem. There is a problem with current\nimplementation of page size calculation which is not considering\nthe offset in the calculation. This might lead to passing of\nimproper and out-of-bounds page size which could result in\nmemory issue. Calculate page start and page end using the offset\nadjusted address instead of absolute address.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "nvd": 3, "oracle-oval": 3, "photon": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21734", "https://git.kernel.org/linus/e966eae72762ecfdbdb82627e2cda48845b9dd66 (6.14-rc1)", "https://git.kernel.org/stable/c/24a79c6bc8de763f7c50f4f84f8b0c183bc25a51", "https://git.kernel.org/stable/c/c0464bad0e85fcd5d47e4297d1e410097c979e55", "https://git.kernel.org/stable/c/c3f7161123fcbdc64e90119ccce292d8b66281c4", "https://git.kernel.org/stable/c/c56ba3ea8e3c9a69a992aad18f7a65e43e51d623", "https://git.kernel.org/stable/c/e966eae72762ecfdbdb82627e2cda48845b9dd66", "https://linux.oracle.com/cve/CVE-2025-21734.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html", "https://lore.kernel.org/linux-cve-announce/2025022658-CVE-2025-21734-ac40@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21734", "https://ubuntu.com/security/notices/USN-7521-1", "https://ubuntu.com/security/notices/USN-7521-2", "https://ubuntu.com/security/notices/USN-7521-3", "https://ubuntu.com/security/notices/USN-7651-1", "https://ubuntu.com/security/notices/USN-7651-2", "https://ubuntu.com/security/notices/USN-7651-3", "https://ubuntu.com/security/notices/USN-7651-4", "https://ubuntu.com/security/notices/USN-7651-5", "https://ubuntu.com/security/notices/USN-7651-6", "https://ubuntu.com/security/notices/USN-7652-1", "https://ubuntu.com/security/notices/USN-7653-1", "https://ubuntu.com/security/notices/USN-7737-1", "https://www.cve.org/CVERecord?id=CVE-2025-21734" ], "PublishedDate": "2025-02-27T03:15:14.03Z", "LastModifiedDate": "2025-11-03T20:17:13.363Z" }, { "VulnerabilityID": "CVE-2025-21738", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21738", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d11e1e51c004afc2dafa6ea69e37465aabbbfb4d5df85c2b5eebc860c768a2bd", "Title": "kernel: ata: libata-sff: Ensure that we cannot write outside the allocated buffer", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: libata-sff: Ensure that we cannot write outside the allocated buffer\n\nreveliofuzzing reported that a SCSI_IOCTL_SEND_COMMAND ioctl with out_len\nset to 0xd42, SCSI command set to ATA_16 PASS-THROUGH, ATA command set to\nATA_NOP, and protocol set to ATA_PROT_PIO, can cause ata_pio_sector() to\nwrite outside the allocated buffer, overwriting random memory.\n\nWhile a ATA device is supposed to abort a ATA_NOP command, there does seem\nto be a bug either in libata-sff or QEMU, where either this status is not\nset, or the status is cleared before read by ata_sff_hsm_move().\nAnyway, that is most likely a separate bug.\n\nLooking at __atapi_pio_bytes(), it already has a safety check to ensure\nthat __atapi_pio_bytes() cannot write outside the allocated buffer.\n\nAdd a similar check to ata_pio_sector(), such that also ata_pio_sector()\ncannot write outside the allocated buffer.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:20518", "https://access.redhat.com/security/cve/CVE-2025-21738", "https://bugzilla.redhat.com/2298169", "https://bugzilla.redhat.com/2312077", "https://bugzilla.redhat.com/2313092", "https://bugzilla.redhat.com/2320172", "https://bugzilla.redhat.com/2320259", "https://bugzilla.redhat.com/2320455", "https://bugzilla.redhat.com/2320616", "https://bugzilla.redhat.com/2320722", "https://bugzilla.redhat.com/2324549", "https://bugzilla.redhat.com/2327203", "https://bugzilla.redhat.com/2327374", "https://bugzilla.redhat.com/2327887", "https://bugzilla.redhat.com/2329918", "https://bugzilla.redhat.com/2330341", "https://bugzilla.redhat.com/2331326", "https://bugzilla.redhat.com/2334357", "https://bugzilla.redhat.com/2334396", "https://bugzilla.redhat.com/2334415", "https://bugzilla.redhat.com/2334439", "https://bugzilla.redhat.com/2334537", "https://bugzilla.redhat.com/2334547", "https://bugzilla.redhat.com/2334548", "https://bugzilla.redhat.com/2334560", "https://bugzilla.redhat.com/2334676", "https://bugzilla.redhat.com/2334795", "https://bugzilla.redhat.com/2334829", "https://bugzilla.redhat.com/2336541", "https://bugzilla.redhat.com/2337121", "https://bugzilla.redhat.com/2337124", "https://bugzilla.redhat.com/2338814", "https://bugzilla.redhat.com/2338828", "https://bugzilla.redhat.com/2338832", "https://bugzilla.redhat.com/2343172", "https://bugzilla.redhat.com/2343175", "https://bugzilla.redhat.com/2344684", "https://bugzilla.redhat.com/2344687", "https://bugzilla.redhat.com/2345240", "https://bugzilla.redhat.com/2346272", "https://bugzilla.redhat.com/2347707", "https://bugzilla.redhat.com/2347753", "https://bugzilla.redhat.com/2347759", "https://bugzilla.redhat.com/2347781", "https://bugzilla.redhat.com/2347807", "https://bugzilla.redhat.com/2347859", "https://bugzilla.redhat.com/2347919", "https://bugzilla.redhat.com/2347968", "https://bugzilla.redhat.com/2348022", "https://bugzilla.redhat.com/2348071", "https://bugzilla.redhat.com/2348238", "https://bugzilla.redhat.com/2348240", "https://bugzilla.redhat.com/2348279", "https://bugzilla.redhat.com/2348515", "https://bugzilla.redhat.com/2348523", "https://bugzilla.redhat.com/2348528", "https://bugzilla.redhat.com/2348541", "https://bugzilla.redhat.com/2348543", "https://bugzilla.redhat.com/2348547", "https://bugzilla.redhat.com/2348550", "https://bugzilla.redhat.com/2348554", "https://bugzilla.redhat.com/2348556", "https://bugzilla.redhat.com/2348566", "https://bugzilla.redhat.com/2348573", "https://bugzilla.redhat.com/2348574", "https://bugzilla.redhat.com/2348577", "https://bugzilla.redhat.com/2348578", "https://bugzilla.redhat.com/2348581", "https://bugzilla.redhat.com/2348584", "https://bugzilla.redhat.com/2348585", "https://bugzilla.redhat.com/2348587", "https://bugzilla.redhat.com/2348595", "https://bugzilla.redhat.com/2348597", "https://bugzilla.redhat.com/2348600", "https://bugzilla.redhat.com/2348601", "https://bugzilla.redhat.com/2348615", "https://bugzilla.redhat.com/2348620", "https://bugzilla.redhat.com/2348625", "https://bugzilla.redhat.com/2348634", "https://bugzilla.redhat.com/2348645", "https://bugzilla.redhat.com/2348650", "https://bugzilla.redhat.com/2348654", "https://bugzilla.redhat.com/2348901", "https://bugzilla.redhat.com/2350363", "https://bugzilla.redhat.com/2350367", "https://bugzilla.redhat.com/2350374", "https://bugzilla.redhat.com/2350375", "https://bugzilla.redhat.com/2350386", "https://bugzilla.redhat.com/2350388", "https://bugzilla.redhat.com/2350392", "https://bugzilla.redhat.com/2350396", "https://bugzilla.redhat.com/2350397", "https://bugzilla.redhat.com/2350400", "https://bugzilla.redhat.com/2350585", "https://bugzilla.redhat.com/2350589", "https://bugzilla.redhat.com/2350725", "https://bugzilla.redhat.com/2350726", "https://bugzilla.redhat.com/2351606", "https://bugzilla.redhat.com/2351608", "https://bugzilla.redhat.com/2351612", "https://bugzilla.redhat.com/2351613", "https://bugzilla.redhat.com/2351616", "https://bugzilla.redhat.com/2351618", "https://bugzilla.redhat.com/2351620", "https://bugzilla.redhat.com/2351624", "https://bugzilla.redhat.com/2351625", "https://bugzilla.redhat.com/2351629", "https://bugzilla.redhat.com/2351633", "https://bugzilla.redhat.com/2360215", "https://bugzilla.redhat.com/2363380", "https://bugzilla.redhat.com/2369184", "https://bugzilla.redhat.com/2376076", "https://bugzilla.redhat.com/2383441", "https://bugzilla.redhat.com/show_bug.cgi?id=2298169", "https://bugzilla.redhat.com/show_bug.cgi?id=2312077", "https://bugzilla.redhat.com/show_bug.cgi?id=2313092", "https://bugzilla.redhat.com/show_bug.cgi?id=2320172", "https://bugzilla.redhat.com/show_bug.cgi?id=2320259", "https://bugzilla.redhat.com/show_bug.cgi?id=2320455", "https://bugzilla.redhat.com/show_bug.cgi?id=2320616", "https://bugzilla.redhat.com/show_bug.cgi?id=2320722", "https://bugzilla.redhat.com/show_bug.cgi?id=2324549", "https://bugzilla.redhat.com/show_bug.cgi?id=2327203", "https://bugzilla.redhat.com/show_bug.cgi?id=2327374", "https://bugzilla.redhat.com/show_bug.cgi?id=2327887", "https://bugzilla.redhat.com/show_bug.cgi?id=2329918", "https://bugzilla.redhat.com/show_bug.cgi?id=2330341", "https://bugzilla.redhat.com/show_bug.cgi?id=2331326", "https://bugzilla.redhat.com/show_bug.cgi?id=2334357", "https://bugzilla.redhat.com/show_bug.cgi?id=2334396", "https://bugzilla.redhat.com/show_bug.cgi?id=2334415", "https://bugzilla.redhat.com/show_bug.cgi?id=2334439", "https://bugzilla.redhat.com/show_bug.cgi?id=2334537", "https://bugzilla.redhat.com/show_bug.cgi?id=2334547", "https://bugzilla.redhat.com/show_bug.cgi?id=2334548", "https://bugzilla.redhat.com/show_bug.cgi?id=2334560", "https://bugzilla.redhat.com/show_bug.cgi?id=2334676", "https://bugzilla.redhat.com/show_bug.cgi?id=2334795", "https://bugzilla.redhat.com/show_bug.cgi?id=2334829", "https://bugzilla.redhat.com/show_bug.cgi?id=2336541", "https://bugzilla.redhat.com/show_bug.cgi?id=2337121", "https://bugzilla.redhat.com/show_bug.cgi?id=2337124", "https://bugzilla.redhat.com/show_bug.cgi?id=2338814", "https://bugzilla.redhat.com/show_bug.cgi?id=2338828", "https://bugzilla.redhat.com/show_bug.cgi?id=2338832", "https://bugzilla.redhat.com/show_bug.cgi?id=2343172", "https://bugzilla.redhat.com/show_bug.cgi?id=2343175", "https://bugzilla.redhat.com/show_bug.cgi?id=2344684", "https://bugzilla.redhat.com/show_bug.cgi?id=2344687", "https://bugzilla.redhat.com/show_bug.cgi?id=2345240", "https://bugzilla.redhat.com/show_bug.cgi?id=2346272", "https://bugzilla.redhat.com/show_bug.cgi?id=2347707", "https://bugzilla.redhat.com/show_bug.cgi?id=2347753", "https://bugzilla.redhat.com/show_bug.cgi?id=2347759", "https://bugzilla.redhat.com/show_bug.cgi?id=2347781", "https://bugzilla.redhat.com/show_bug.cgi?id=2347807", "https://bugzilla.redhat.com/show_bug.cgi?id=2347859", "https://bugzilla.redhat.com/show_bug.cgi?id=2347919", "https://bugzilla.redhat.com/show_bug.cgi?id=2347968", "https://bugzilla.redhat.com/show_bug.cgi?id=2348022", "https://bugzilla.redhat.com/show_bug.cgi?id=2348071", "https://bugzilla.redhat.com/show_bug.cgi?id=2348238", "https://bugzilla.redhat.com/show_bug.cgi?id=2348240", "https://bugzilla.redhat.com/show_bug.cgi?id=2348279", "https://bugzilla.redhat.com/show_bug.cgi?id=2348515", "https://bugzilla.redhat.com/show_bug.cgi?id=2348523", "https://bugzilla.redhat.com/show_bug.cgi?id=2348528", "https://bugzilla.redhat.com/show_bug.cgi?id=2348541", "https://bugzilla.redhat.com/show_bug.cgi?id=2348543", "https://bugzilla.redhat.com/show_bug.cgi?id=2348547", "https://bugzilla.redhat.com/show_bug.cgi?id=2348550", "https://bugzilla.redhat.com/show_bug.cgi?id=2348554", "https://bugzilla.redhat.com/show_bug.cgi?id=2348556", "https://bugzilla.redhat.com/show_bug.cgi?id=2348566", "https://bugzilla.redhat.com/show_bug.cgi?id=2348573", "https://bugzilla.redhat.com/show_bug.cgi?id=2348574", "https://bugzilla.redhat.com/show_bug.cgi?id=2348577", "https://bugzilla.redhat.com/show_bug.cgi?id=2348578", "https://bugzilla.redhat.com/show_bug.cgi?id=2348581", "https://bugzilla.redhat.com/show_bug.cgi?id=2348584", "https://bugzilla.redhat.com/show_bug.cgi?id=2348585", "https://bugzilla.redhat.com/show_bug.cgi?id=2348587", "https://bugzilla.redhat.com/show_bug.cgi?id=2348595", "https://bugzilla.redhat.com/show_bug.cgi?id=2348597", "https://bugzilla.redhat.com/show_bug.cgi?id=2348600", "https://bugzilla.redhat.com/show_bug.cgi?id=2348601", "https://bugzilla.redhat.com/show_bug.cgi?id=2348615", "https://bugzilla.redhat.com/show_bug.cgi?id=2348620", "https://bugzilla.redhat.com/show_bug.cgi?id=2348625", "https://bugzilla.redhat.com/show_bug.cgi?id=2348634", "https://bugzilla.redhat.com/show_bug.cgi?id=2348645", "https://bugzilla.redhat.com/show_bug.cgi?id=2348650", "https://bugzilla.redhat.com/show_bug.cgi?id=2348654", "https://bugzilla.redhat.com/show_bug.cgi?id=2348901", "https://bugzilla.redhat.com/show_bug.cgi?id=2350363", "https://bugzilla.redhat.com/show_bug.cgi?id=2350367", "https://bugzilla.redhat.com/show_bug.cgi?id=2350374", "https://bugzilla.redhat.com/show_bug.cgi?id=2350375", "https://bugzilla.redhat.com/show_bug.cgi?id=2350386", "https://bugzilla.redhat.com/show_bug.cgi?id=2350388", "https://bugzilla.redhat.com/show_bug.cgi?id=2350392", "https://bugzilla.redhat.com/show_bug.cgi?id=2350396", "https://bugzilla.redhat.com/show_bug.cgi?id=2350397", "https://bugzilla.redhat.com/show_bug.cgi?id=2350400", "https://bugzilla.redhat.com/show_bug.cgi?id=2350585", "https://bugzilla.redhat.com/show_bug.cgi?id=2350589", "https://bugzilla.redhat.com/show_bug.cgi?id=2350725", "https://bugzilla.redhat.com/show_bug.cgi?id=2350726", "https://bugzilla.redhat.com/show_bug.cgi?id=2351606", "https://bugzilla.redhat.com/show_bug.cgi?id=2351608", "https://bugzilla.redhat.com/show_bug.cgi?id=2351612", "https://bugzilla.redhat.com/show_bug.cgi?id=2351613", "https://bugzilla.redhat.com/show_bug.cgi?id=2351616", "https://bugzilla.redhat.com/show_bug.cgi?id=2351618", "https://bugzilla.redhat.com/show_bug.cgi?id=2351620", "https://bugzilla.redhat.com/show_bug.cgi?id=2351624", "https://bugzilla.redhat.com/show_bug.cgi?id=2351625", "https://bugzilla.redhat.com/show_bug.cgi?id=2351629", "https://bugzilla.redhat.com/show_bug.cgi?id=2351633", "https://bugzilla.redhat.com/show_bug.cgi?id=2356647", "https://bugzilla.redhat.com/show_bug.cgi?id=2360215", "https://bugzilla.redhat.com/show_bug.cgi?id=2360223", "https://bugzilla.redhat.com/show_bug.cgi?id=2363380", "https://bugzilla.redhat.com/show_bug.cgi?id=2369184", "https://bugzilla.redhat.com/show_bug.cgi?id=2376076", "https://bugzilla.redhat.com/show_bug.cgi?id=2383441", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48830", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49024", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49269", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49353", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49432", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49437", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49443", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49623", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49627", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49643", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49657", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49670", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49845", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36350", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46744", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47679", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47727", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49570", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50060", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50195", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50294", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52332", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53052", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53090", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53119", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53135", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53170", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53229", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53241", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53680", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54456", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56603", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56645", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56662", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56690", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56709", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57981", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57986", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57987", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57988", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57990", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57993", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57995", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57998", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58012", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58015", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58057", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58062", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58068", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58072", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58075", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58077", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58083", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58088", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21647", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21671", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21693", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21696", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21702", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21714", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21728", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21738", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21745", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21746", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21765", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21787", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21806", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21828", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21829", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21837", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21839", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21844", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21846", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21848", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21851", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21855", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21861", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21863", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21902", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37994", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38116", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38396", "https://errata.almalinux.org/9/ALSA-2025-20518.html", "https://errata.rockylinux.org/RLSA-2025:20518", "https://git.kernel.org/linus/6e74e53b34b6dec5a50e1404e2680852ec6768d2 (6.14-rc1)", "https://git.kernel.org/stable/c/0a17a9944b8d89ef03946121241870ac53ddaf45", "https://git.kernel.org/stable/c/0dd5aade301a10f4b329fa7454fdcc2518741902", "https://git.kernel.org/stable/c/6e74e53b34b6dec5a50e1404e2680852ec6768d2", "https://git.kernel.org/stable/c/a8f8cf87059ed1905c2a5c72f8b39a4f57b11b4c", "https://git.kernel.org/stable/c/d5e6e3000309359eae2a17117aa6e3c44897bf6c", "https://linux.oracle.com/cve/CVE-2025-21738.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html", "https://lore.kernel.org/linux-cve-announce/2025022659-CVE-2025-21738-f502@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21738", "https://ubuntu.com/security/notices/USN-7521-1", "https://ubuntu.com/security/notices/USN-7521-2", "https://ubuntu.com/security/notices/USN-7521-3", "https://ubuntu.com/security/notices/USN-7651-1", "https://ubuntu.com/security/notices/USN-7651-2", "https://ubuntu.com/security/notices/USN-7651-3", "https://ubuntu.com/security/notices/USN-7651-4", "https://ubuntu.com/security/notices/USN-7651-5", "https://ubuntu.com/security/notices/USN-7651-6", "https://ubuntu.com/security/notices/USN-7652-1", "https://ubuntu.com/security/notices/USN-7653-1", "https://ubuntu.com/security/notices/USN-7737-1", "https://www.cve.org/CVERecord?id=CVE-2025-21738" ], "PublishedDate": "2025-02-27T03:15:14.427Z", "LastModifiedDate": "2025-11-03T20:17:13.75Z" }, { "VulnerabilityID": "CVE-2025-21739", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21739", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c3f6e9ecb5fdb7e6f03a7326df02485b845a80a42889cc1ceb9c1c3c5619aecd", "Title": "kernel: scsi: ufs: core: Fix use-after free in init error and remove paths", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix use-after free in init error and remove paths\n\ndevm_blk_crypto_profile_init() registers a cleanup handler to run when\nthe associated (platform-) device is being released. For UFS, the\ncrypto private data and pointers are stored as part of the ufs_hba's\ndata structure 'struct ufs_hba::crypto_profile'. This structure is\nallocated as part of the underlying ufshcd and therefore Scsi_host\nallocation.\n\nDuring driver release or during error handling in ufshcd_pltfrm_init(),\nthis structure is released as part of ufshcd_dealloc_host() before the\n(platform-) device associated with the crypto call above is released.\nOnce this device is released, the crypto cleanup code will run, using\nthe just-released 'struct ufs_hba::crypto_profile'. This causes a\nuse-after-free situation:\n\n Call trace:\n kfree+0x60/0x2d8 (P)\n kvfree+0x44/0x60\n blk_crypto_profile_destroy_callback+0x28/0x70\n devm_action_release+0x1c/0x30\n release_nodes+0x6c/0x108\n devres_release_all+0x98/0x100\n device_unbind_cleanup+0x20/0x70\n really_probe+0x218/0x2d0\n\nIn other words, the initialisation code flow is:\n\n platform-device probe\n ufshcd_pltfrm_init()\n ufshcd_alloc_host()\n scsi_host_alloc()\n allocation of struct ufs_hba\n creation of scsi-host devices\n devm_blk_crypto_profile_init()\n devm registration of cleanup handler using platform-device\n\nand during error handling of ufshcd_pltfrm_init() or during driver\nremoval:\n\n ufshcd_dealloc_host()\n scsi_host_put()\n put_device(scsi-host)\n release of struct ufs_hba\n put_device(platform-device)\n crypto cleanup handler\n\nTo fix this use-after free, change ufshcd_alloc_host() to register a\ndevres action to automatically cleanup the underlying SCSI device on\nufshcd destruction, without requiring explicit calls to\nufshcd_dealloc_host(). This way:\n\n * the crypto profile and all other ufs_hba-owned resources are\n destroyed before SCSI (as they've been registered after)\n * a memleak is plugged in tc-dwc-g210-pci.c remove() as a\n side-effect\n * EXPORT_SYMBOL_GPL(ufshcd_dealloc_host) can be removed fully as\n it's not needed anymore\n * no future drivers using ufshcd_alloc_host() could ever forget\n adding the cleanup", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "alma": 2, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:20518", "https://access.redhat.com/security/cve/CVE-2025-21739", "https://bugzilla.redhat.com/2298169", "https://bugzilla.redhat.com/2312077", "https://bugzilla.redhat.com/2313092", "https://bugzilla.redhat.com/2320172", "https://bugzilla.redhat.com/2320259", "https://bugzilla.redhat.com/2320455", "https://bugzilla.redhat.com/2320616", "https://bugzilla.redhat.com/2320722", "https://bugzilla.redhat.com/2324549", "https://bugzilla.redhat.com/2327203", "https://bugzilla.redhat.com/2327374", "https://bugzilla.redhat.com/2327887", "https://bugzilla.redhat.com/2329918", "https://bugzilla.redhat.com/2330341", "https://bugzilla.redhat.com/2331326", "https://bugzilla.redhat.com/2334357", "https://bugzilla.redhat.com/2334396", "https://bugzilla.redhat.com/2334415", "https://bugzilla.redhat.com/2334439", "https://bugzilla.redhat.com/2334537", "https://bugzilla.redhat.com/2334547", "https://bugzilla.redhat.com/2334548", "https://bugzilla.redhat.com/2334560", "https://bugzilla.redhat.com/2334676", "https://bugzilla.redhat.com/2334795", "https://bugzilla.redhat.com/2334829", "https://bugzilla.redhat.com/2336541", "https://bugzilla.redhat.com/2337121", "https://bugzilla.redhat.com/2337124", "https://bugzilla.redhat.com/2338814", "https://bugzilla.redhat.com/2338828", "https://bugzilla.redhat.com/2338832", "https://bugzilla.redhat.com/2343172", "https://bugzilla.redhat.com/2343175", "https://bugzilla.redhat.com/2344684", "https://bugzilla.redhat.com/2344687", "https://bugzilla.redhat.com/2345240", "https://bugzilla.redhat.com/2346272", "https://bugzilla.redhat.com/2347707", "https://bugzilla.redhat.com/2347753", "https://bugzilla.redhat.com/2347759", "https://bugzilla.redhat.com/2347781", "https://bugzilla.redhat.com/2347807", "https://bugzilla.redhat.com/2347859", "https://bugzilla.redhat.com/2347919", "https://bugzilla.redhat.com/2347968", "https://bugzilla.redhat.com/2348022", "https://bugzilla.redhat.com/2348071", "https://bugzilla.redhat.com/2348238", "https://bugzilla.redhat.com/2348240", "https://bugzilla.redhat.com/2348279", "https://bugzilla.redhat.com/2348515", "https://bugzilla.redhat.com/2348523", "https://bugzilla.redhat.com/2348528", "https://bugzilla.redhat.com/2348541", "https://bugzilla.redhat.com/2348543", "https://bugzilla.redhat.com/2348547", "https://bugzilla.redhat.com/2348550", "https://bugzilla.redhat.com/2348554", "https://bugzilla.redhat.com/2348556", "https://bugzilla.redhat.com/2348566", "https://bugzilla.redhat.com/2348573", "https://bugzilla.redhat.com/2348574", "https://bugzilla.redhat.com/2348577", "https://bugzilla.redhat.com/2348578", "https://bugzilla.redhat.com/2348581", "https://bugzilla.redhat.com/2348584", "https://bugzilla.redhat.com/2348585", "https://bugzilla.redhat.com/2348587", "https://bugzilla.redhat.com/2348595", "https://bugzilla.redhat.com/2348597", "https://bugzilla.redhat.com/2348600", "https://bugzilla.redhat.com/2348601", "https://bugzilla.redhat.com/2348615", "https://bugzilla.redhat.com/2348620", "https://bugzilla.redhat.com/2348625", "https://bugzilla.redhat.com/2348634", "https://bugzilla.redhat.com/2348645", "https://bugzilla.redhat.com/2348650", "https://bugzilla.redhat.com/2348654", "https://bugzilla.redhat.com/2348901", "https://bugzilla.redhat.com/2350363", "https://bugzilla.redhat.com/2350367", "https://bugzilla.redhat.com/2350374", "https://bugzilla.redhat.com/2350375", "https://bugzilla.redhat.com/2350386", "https://bugzilla.redhat.com/2350388", "https://bugzilla.redhat.com/2350392", "https://bugzilla.redhat.com/2350396", "https://bugzilla.redhat.com/2350397", "https://bugzilla.redhat.com/2350400", "https://bugzilla.redhat.com/2350585", "https://bugzilla.redhat.com/2350589", "https://bugzilla.redhat.com/2350725", "https://bugzilla.redhat.com/2350726", "https://bugzilla.redhat.com/2351606", "https://bugzilla.redhat.com/2351608", "https://bugzilla.redhat.com/2351612", "https://bugzilla.redhat.com/2351613", "https://bugzilla.redhat.com/2351616", "https://bugzilla.redhat.com/2351618", "https://bugzilla.redhat.com/2351620", "https://bugzilla.redhat.com/2351624", "https://bugzilla.redhat.com/2351625", "https://bugzilla.redhat.com/2351629", "https://bugzilla.redhat.com/2351633", "https://bugzilla.redhat.com/2360215", "https://bugzilla.redhat.com/2363380", "https://bugzilla.redhat.com/2369184", "https://bugzilla.redhat.com/2376076", "https://bugzilla.redhat.com/2383441", "https://bugzilla.redhat.com/show_bug.cgi?id=2298169", "https://bugzilla.redhat.com/show_bug.cgi?id=2312077", "https://bugzilla.redhat.com/show_bug.cgi?id=2313092", "https://bugzilla.redhat.com/show_bug.cgi?id=2320172", "https://bugzilla.redhat.com/show_bug.cgi?id=2320259", "https://bugzilla.redhat.com/show_bug.cgi?id=2320455", "https://bugzilla.redhat.com/show_bug.cgi?id=2320616", "https://bugzilla.redhat.com/show_bug.cgi?id=2320722", "https://bugzilla.redhat.com/show_bug.cgi?id=2324549", "https://bugzilla.redhat.com/show_bug.cgi?id=2327203", "https://bugzilla.redhat.com/show_bug.cgi?id=2327374", "https://bugzilla.redhat.com/show_bug.cgi?id=2327887", "https://bugzilla.redhat.com/show_bug.cgi?id=2329918", "https://bugzilla.redhat.com/show_bug.cgi?id=2330341", "https://bugzilla.redhat.com/show_bug.cgi?id=2331326", "https://bugzilla.redhat.com/show_bug.cgi?id=2334357", "https://bugzilla.redhat.com/show_bug.cgi?id=2334396", "https://bugzilla.redhat.com/show_bug.cgi?id=2334415", "https://bugzilla.redhat.com/show_bug.cgi?id=2334439", "https://bugzilla.redhat.com/show_bug.cgi?id=2334537", "https://bugzilla.redhat.com/show_bug.cgi?id=2334547", "https://bugzilla.redhat.com/show_bug.cgi?id=2334548", "https://bugzilla.redhat.com/show_bug.cgi?id=2334560", "https://bugzilla.redhat.com/show_bug.cgi?id=2334676", "https://bugzilla.redhat.com/show_bug.cgi?id=2334795", "https://bugzilla.redhat.com/show_bug.cgi?id=2334829", "https://bugzilla.redhat.com/show_bug.cgi?id=2336541", "https://bugzilla.redhat.com/show_bug.cgi?id=2337121", "https://bugzilla.redhat.com/show_bug.cgi?id=2337124", "https://bugzilla.redhat.com/show_bug.cgi?id=2338814", "https://bugzilla.redhat.com/show_bug.cgi?id=2338828", "https://bugzilla.redhat.com/show_bug.cgi?id=2338832", "https://bugzilla.redhat.com/show_bug.cgi?id=2343172", "https://bugzilla.redhat.com/show_bug.cgi?id=2343175", "https://bugzilla.redhat.com/show_bug.cgi?id=2344684", "https://bugzilla.redhat.com/show_bug.cgi?id=2344687", "https://bugzilla.redhat.com/show_bug.cgi?id=2345240", "https://bugzilla.redhat.com/show_bug.cgi?id=2346272", "https://bugzilla.redhat.com/show_bug.cgi?id=2347707", "https://bugzilla.redhat.com/show_bug.cgi?id=2347753", "https://bugzilla.redhat.com/show_bug.cgi?id=2347759", "https://bugzilla.redhat.com/show_bug.cgi?id=2347781", "https://bugzilla.redhat.com/show_bug.cgi?id=2347807", "https://bugzilla.redhat.com/show_bug.cgi?id=2347859", "https://bugzilla.redhat.com/show_bug.cgi?id=2347919", "https://bugzilla.redhat.com/show_bug.cgi?id=2347968", "https://bugzilla.redhat.com/show_bug.cgi?id=2348022", "https://bugzilla.redhat.com/show_bug.cgi?id=2348071", "https://bugzilla.redhat.com/show_bug.cgi?id=2348238", "https://bugzilla.redhat.com/show_bug.cgi?id=2348240", "https://bugzilla.redhat.com/show_bug.cgi?id=2348279", "https://bugzilla.redhat.com/show_bug.cgi?id=2348515", "https://bugzilla.redhat.com/show_bug.cgi?id=2348523", "https://bugzilla.redhat.com/show_bug.cgi?id=2348528", "https://bugzilla.redhat.com/show_bug.cgi?id=2348541", "https://bugzilla.redhat.com/show_bug.cgi?id=2348543", "https://bugzilla.redhat.com/show_bug.cgi?id=2348547", "https://bugzilla.redhat.com/show_bug.cgi?id=2348550", "https://bugzilla.redhat.com/show_bug.cgi?id=2348554", "https://bugzilla.redhat.com/show_bug.cgi?id=2348556", "https://bugzilla.redhat.com/show_bug.cgi?id=2348566", "https://bugzilla.redhat.com/show_bug.cgi?id=2348573", "https://bugzilla.redhat.com/show_bug.cgi?id=2348574", "https://bugzilla.redhat.com/show_bug.cgi?id=2348577", "https://bugzilla.redhat.com/show_bug.cgi?id=2348578", "https://bugzilla.redhat.com/show_bug.cgi?id=2348581", "https://bugzilla.redhat.com/show_bug.cgi?id=2348584", "https://bugzilla.redhat.com/show_bug.cgi?id=2348585", "https://bugzilla.redhat.com/show_bug.cgi?id=2348587", "https://bugzilla.redhat.com/show_bug.cgi?id=2348595", "https://bugzilla.redhat.com/show_bug.cgi?id=2348597", "https://bugzilla.redhat.com/show_bug.cgi?id=2348600", "https://bugzilla.redhat.com/show_bug.cgi?id=2348601", "https://bugzilla.redhat.com/show_bug.cgi?id=2348615", "https://bugzilla.redhat.com/show_bug.cgi?id=2348620", "https://bugzilla.redhat.com/show_bug.cgi?id=2348625", "https://bugzilla.redhat.com/show_bug.cgi?id=2348634", "https://bugzilla.redhat.com/show_bug.cgi?id=2348645", "https://bugzilla.redhat.com/show_bug.cgi?id=2348650", "https://bugzilla.redhat.com/show_bug.cgi?id=2348654", "https://bugzilla.redhat.com/show_bug.cgi?id=2348901", "https://bugzilla.redhat.com/show_bug.cgi?id=2350363", "https://bugzilla.redhat.com/show_bug.cgi?id=2350367", "https://bugzilla.redhat.com/show_bug.cgi?id=2350374", "https://bugzilla.redhat.com/show_bug.cgi?id=2350375", "https://bugzilla.redhat.com/show_bug.cgi?id=2350386", "https://bugzilla.redhat.com/show_bug.cgi?id=2350388", "https://bugzilla.redhat.com/show_bug.cgi?id=2350392", "https://bugzilla.redhat.com/show_bug.cgi?id=2350396", "https://bugzilla.redhat.com/show_bug.cgi?id=2350397", "https://bugzilla.redhat.com/show_bug.cgi?id=2350400", "https://bugzilla.redhat.com/show_bug.cgi?id=2350585", "https://bugzilla.redhat.com/show_bug.cgi?id=2350589", "https://bugzilla.redhat.com/show_bug.cgi?id=2350725", "https://bugzilla.redhat.com/show_bug.cgi?id=2350726", "https://bugzilla.redhat.com/show_bug.cgi?id=2351606", "https://bugzilla.redhat.com/show_bug.cgi?id=2351608", "https://bugzilla.redhat.com/show_bug.cgi?id=2351612", "https://bugzilla.redhat.com/show_bug.cgi?id=2351613", "https://bugzilla.redhat.com/show_bug.cgi?id=2351616", "https://bugzilla.redhat.com/show_bug.cgi?id=2351618", "https://bugzilla.redhat.com/show_bug.cgi?id=2351620", "https://bugzilla.redhat.com/show_bug.cgi?id=2351624", "https://bugzilla.redhat.com/show_bug.cgi?id=2351625", "https://bugzilla.redhat.com/show_bug.cgi?id=2351629", "https://bugzilla.redhat.com/show_bug.cgi?id=2351633", "https://bugzilla.redhat.com/show_bug.cgi?id=2356647", "https://bugzilla.redhat.com/show_bug.cgi?id=2360215", "https://bugzilla.redhat.com/show_bug.cgi?id=2360223", "https://bugzilla.redhat.com/show_bug.cgi?id=2363380", "https://bugzilla.redhat.com/show_bug.cgi?id=2369184", "https://bugzilla.redhat.com/show_bug.cgi?id=2376076", "https://bugzilla.redhat.com/show_bug.cgi?id=2383441", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48830", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49024", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49269", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49353", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49432", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49437", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49443", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49623", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49627", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49643", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49657", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49670", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49845", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36350", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46744", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47679", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47727", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49570", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50060", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50195", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50294", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52332", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53052", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53090", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53119", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53135", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53170", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53229", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53241", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53680", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54456", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56603", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56645", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56662", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56690", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56709", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57981", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57986", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57987", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57988", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57990", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57993", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57995", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57998", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58012", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58015", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58057", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58062", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58068", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58072", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58075", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58077", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58083", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58088", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21647", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21671", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21693", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21696", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21702", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21714", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21728", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21738", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21745", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21746", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21765", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21787", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21806", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21828", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21829", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21837", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21839", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21844", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21846", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21848", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21851", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21855", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21861", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21863", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21902", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37994", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38116", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38396", "https://errata.almalinux.org/9/ALSA-2025-20518.html", "https://errata.rockylinux.org/RLSA-2025:20518", "https://git.kernel.org/linus/f8fb2403ddebb5eea0033d90d9daae4c88749ada (6.14-rc2)", "https://git.kernel.org/stable/c/0c77c0d754fe83cb154715fcfec6c3faef94f207", "https://git.kernel.org/stable/c/9c185beae09a3eb85f54777edafa227f7e03075d", "https://git.kernel.org/stable/c/f8fb2403ddebb5eea0033d90d9daae4c88749ada", "https://linux.oracle.com/cve/CVE-2025-21739.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025022659-CVE-2025-21739-5578@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21739", "https://ubuntu.com/security/notices/USN-7521-1", "https://ubuntu.com/security/notices/USN-7521-2", "https://ubuntu.com/security/notices/USN-7521-3", "https://ubuntu.com/security/notices/USN-7651-1", "https://ubuntu.com/security/notices/USN-7651-2", "https://ubuntu.com/security/notices/USN-7651-3", "https://ubuntu.com/security/notices/USN-7651-4", "https://ubuntu.com/security/notices/USN-7651-5", "https://ubuntu.com/security/notices/USN-7651-6", "https://ubuntu.com/security/notices/USN-7652-1", "https://ubuntu.com/security/notices/USN-7653-1", "https://ubuntu.com/security/notices/USN-7737-1", "https://www.cve.org/CVERecord?id=CVE-2025-21739" ], "PublishedDate": "2025-02-27T03:15:14.53Z", "LastModifiedDate": "2025-03-24T17:12:42.593Z" }, { "VulnerabilityID": "CVE-2025-21750", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21750", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:13f678e25b57920fa92d4b11257ec60239df7fa01e9344950d8c7d6f5a24db95", "Title": "kernel: wifi: brcmfmac: Check the return value of of_property_read_string_index()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: Check the return value of of_property_read_string_index()\n\nSomewhen between 6.10 and 6.11 the driver started to crash on my\nMacBookPro14,3. The property doesn't exist and 'tmp' remains\nuninitialized, so we pass a random pointer to devm_kstrdup().\n\nThe crash I am getting looks like this:\n\nBUG: unable to handle page fault for address: 00007f033c669379\nPF: supervisor read access in kernel mode\nPF: error_code(0x0001) - permissions violation\nPGD 8000000101341067 P4D 8000000101341067 PUD 101340067 PMD 1013bb067 PTE 800000010aee9025\nOops: Oops: 0001 [#1] SMP PTI\nCPU: 4 UID: 0 PID: 827 Comm: (udev-worker) Not tainted 6.11.8-gentoo #1\nHardware name: Apple Inc. MacBookPro14,3/Mac-551B86E5744E2388, BIOS 529.140.2.0.0 06/23/2024\nRIP: 0010:strlen+0x4/0x30\nCode: f7 75 ec 31 c0 c3 cc cc cc cc 48 89 f8 c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa \u003c80\u003e 3f 00 74 14 48 89 f8 48 83 c0 01 80 38 00 75 f7 48 29 f8 c3 cc\nRSP: 0018:ffffb4aac0683ad8 EFLAGS: 00010202\nRAX: 00000000ffffffea RBX: 00007f033c669379 RCX: 0000000000000001\nRDX: 0000000000000cc0 RSI: 00007f033c669379 RDI: 00007f033c669379\nRBP: 00000000ffffffea R08: 0000000000000000 R09: 00000000c0ba916a\nR10: ffffffffffffffff R11: ffffffffb61ea260 R12: ffff91f7815b50c8\nR13: 0000000000000cc0 R14: ffff91fafefffe30 R15: ffffb4aac0683b30\nFS: 00007f033ccbe8c0(0000) GS:ffff91faeed00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f033c669379 CR3: 0000000107b1e004 CR4: 00000000003706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? __die+0x23/0x70\n ? page_fault_oops+0x149/0x4c0\n ? raw_spin_rq_lock_nested+0xe/0x20\n ? sched_balance_newidle+0x22b/0x3c0\n ? update_load_avg+0x78/0x770\n ? exc_page_fault+0x6f/0x150\n ? asm_exc_page_fault+0x26/0x30\n ? __pfx_pci_conf1_write+0x10/0x10\n ? strlen+0x4/0x30\n devm_kstrdup+0x25/0x70\n brcmf_of_probe+0x273/0x350 [brcmfmac]", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:20095", "https://access.redhat.com/security/cve/CVE-2025-21750", "https://bugzilla.redhat.com/2331326", "https://bugzilla.redhat.com/2333985", "https://bugzilla.redhat.com/2334373", "https://bugzilla.redhat.com/2334415", "https://bugzilla.redhat.com/2334547", "https://bugzilla.redhat.com/2334548", "https://bugzilla.redhat.com/2334676", "https://bugzilla.redhat.com/2337121", "https://bugzilla.redhat.com/2338185", "https://bugzilla.redhat.com/2338211", "https://bugzilla.redhat.com/2338813", "https://bugzilla.redhat.com/2338821", "https://bugzilla.redhat.com/2338828", "https://bugzilla.redhat.com/2338998", "https://bugzilla.redhat.com/2339130", "https://bugzilla.redhat.com/2339141", "https://bugzilla.redhat.com/2343172", "https://bugzilla.redhat.com/2343186", "https://bugzilla.redhat.com/2344684", "https://bugzilla.redhat.com/2344687", "https://bugzilla.redhat.com/2345240", "https://bugzilla.redhat.com/2346272", "https://bugzilla.redhat.com/2348522", "https://bugzilla.redhat.com/2348523", "https://bugzilla.redhat.com/2348541", "https://bugzilla.redhat.com/2348543", "https://bugzilla.redhat.com/2348547", "https://bugzilla.redhat.com/2348550", "https://bugzilla.redhat.com/2348556", "https://bugzilla.redhat.com/2348561", "https://bugzilla.redhat.com/2348567", "https://bugzilla.redhat.com/2348572", "https://bugzilla.redhat.com/2348574", "https://bugzilla.redhat.com/2348577", "https://bugzilla.redhat.com/2348581", "https://bugzilla.redhat.com/2348584", "https://bugzilla.redhat.com/2348587", "https://bugzilla.redhat.com/2348590", "https://bugzilla.redhat.com/2348592", "https://bugzilla.redhat.com/2348593", "https://bugzilla.redhat.com/2348595", "https://bugzilla.redhat.com/2348597", "https://bugzilla.redhat.com/2348600", "https://bugzilla.redhat.com/2348601", "https://bugzilla.redhat.com/2348602", "https://bugzilla.redhat.com/2348603", "https://bugzilla.redhat.com/2348612", "https://bugzilla.redhat.com/2348617", "https://bugzilla.redhat.com/2348620", "https://bugzilla.redhat.com/2348621", "https://bugzilla.redhat.com/2348625", "https://bugzilla.redhat.com/2348629", "https://bugzilla.redhat.com/2348630", "https://bugzilla.redhat.com/2348645", "https://bugzilla.redhat.com/2348647", "https://bugzilla.redhat.com/2348650", "https://bugzilla.redhat.com/2348656", "https://bugzilla.redhat.com/2350363", "https://bugzilla.redhat.com/2350364", "https://bugzilla.redhat.com/2350373", "https://bugzilla.redhat.com/2350375", "https://bugzilla.redhat.com/2350386", "https://bugzilla.redhat.com/2350392", "https://bugzilla.redhat.com/2350396", "https://bugzilla.redhat.com/2350397", "https://bugzilla.redhat.com/2350589", "https://bugzilla.redhat.com/2350725", "https://bugzilla.redhat.com/2350726", "https://bugzilla.redhat.com/2351605", "https://bugzilla.redhat.com/2351606", "https://bugzilla.redhat.com/2351608", "https://bugzilla.redhat.com/2351612", "https://bugzilla.redhat.com/2351613", "https://bugzilla.redhat.com/2351616", "https://bugzilla.redhat.com/2351618", "https://bugzilla.redhat.com/2351620", "https://bugzilla.redhat.com/2351624", "https://bugzilla.redhat.com/2351625", "https://bugzilla.redhat.com/2351629", "https://bugzilla.redhat.com/2356664", "https://bugzilla.redhat.com/2360215", "https://bugzilla.redhat.com/2363332", "https://bugzilla.redhat.com/2366125", "https://bugzilla.redhat.com/2369184", "https://bugzilla.redhat.com/2376076", "https://bugzilla.redhat.com/2383398", "https://bugzilla.redhat.com/2383432", "https://bugzilla.redhat.com/2383913", "https://bugzilla.redhat.com/show_bug.cgi?id=2331326", "https://bugzilla.redhat.com/show_bug.cgi?id=2333985", "https://bugzilla.redhat.com/show_bug.cgi?id=2334373", "https://bugzilla.redhat.com/show_bug.cgi?id=2334415", "https://bugzilla.redhat.com/show_bug.cgi?id=2334547", "https://bugzilla.redhat.com/show_bug.cgi?id=2334548", "https://bugzilla.redhat.com/show_bug.cgi?id=2334676", "https://bugzilla.redhat.com/show_bug.cgi?id=2337121", "https://bugzilla.redhat.com/show_bug.cgi?id=2338185", "https://bugzilla.redhat.com/show_bug.cgi?id=2338211", "https://bugzilla.redhat.com/show_bug.cgi?id=2338813", "https://bugzilla.redhat.com/show_bug.cgi?id=2338821", "https://bugzilla.redhat.com/show_bug.cgi?id=2338828", "https://bugzilla.redhat.com/show_bug.cgi?id=2338998", "https://bugzilla.redhat.com/show_bug.cgi?id=2339130", "https://bugzilla.redhat.com/show_bug.cgi?id=2339141", "https://bugzilla.redhat.com/show_bug.cgi?id=2343172", "https://bugzilla.redhat.com/show_bug.cgi?id=2343186", "https://bugzilla.redhat.com/show_bug.cgi?id=2344684", "https://bugzilla.redhat.com/show_bug.cgi?id=2344687", "https://bugzilla.redhat.com/show_bug.cgi?id=2345240", "https://bugzilla.redhat.com/show_bug.cgi?id=2346272", "https://bugzilla.redhat.com/show_bug.cgi?id=2348522", "https://bugzilla.redhat.com/show_bug.cgi?id=2348523", "https://bugzilla.redhat.com/show_bug.cgi?id=2348541", "https://bugzilla.redhat.com/show_bug.cgi?id=2348543", "https://bugzilla.redhat.com/show_bug.cgi?id=2348547", "https://bugzilla.redhat.com/show_bug.cgi?id=2348550", "https://bugzilla.redhat.com/show_bug.cgi?id=2348556", "https://bugzilla.redhat.com/show_bug.cgi?id=2348561", "https://bugzilla.redhat.com/show_bug.cgi?id=2348567", "https://bugzilla.redhat.com/show_bug.cgi?id=2348572", "https://bugzilla.redhat.com/show_bug.cgi?id=2348574", "https://bugzilla.redhat.com/show_bug.cgi?id=2348577", "https://bugzilla.redhat.com/show_bug.cgi?id=2348581", "https://bugzilla.redhat.com/show_bug.cgi?id=2348584", "https://bugzilla.redhat.com/show_bug.cgi?id=2348587", "https://bugzilla.redhat.com/show_bug.cgi?id=2348590", "https://bugzilla.redhat.com/show_bug.cgi?id=2348592", "https://bugzilla.redhat.com/show_bug.cgi?id=2348593", "https://bugzilla.redhat.com/show_bug.cgi?id=2348595", "https://bugzilla.redhat.com/show_bug.cgi?id=2348597", "https://bugzilla.redhat.com/show_bug.cgi?id=2348600", "https://bugzilla.redhat.com/show_bug.cgi?id=2348601", "https://bugzilla.redhat.com/show_bug.cgi?id=2348602", "https://bugzilla.redhat.com/show_bug.cgi?id=2348603", "https://bugzilla.redhat.com/show_bug.cgi?id=2348612", "https://bugzilla.redhat.com/show_bug.cgi?id=2348617", "https://bugzilla.redhat.com/show_bug.cgi?id=2348620", "https://bugzilla.redhat.com/show_bug.cgi?id=2348621", "https://bugzilla.redhat.com/show_bug.cgi?id=2348625", "https://bugzilla.redhat.com/show_bug.cgi?id=2348629", "https://bugzilla.redhat.com/show_bug.cgi?id=2348630", "https://bugzilla.redhat.com/show_bug.cgi?id=2348645", "https://bugzilla.redhat.com/show_bug.cgi?id=2348647", "https://bugzilla.redhat.com/show_bug.cgi?id=2348650", "https://bugzilla.redhat.com/show_bug.cgi?id=2348656", "https://bugzilla.redhat.com/show_bug.cgi?id=2350363", "https://bugzilla.redhat.com/show_bug.cgi?id=2350364", "https://bugzilla.redhat.com/show_bug.cgi?id=2350373", "https://bugzilla.redhat.com/show_bug.cgi?id=2350375", "https://bugzilla.redhat.com/show_bug.cgi?id=2350386", "https://bugzilla.redhat.com/show_bug.cgi?id=2350392", "https://bugzilla.redhat.com/show_bug.cgi?id=2350396", "https://bugzilla.redhat.com/show_bug.cgi?id=2350397", "https://bugzilla.redhat.com/show_bug.cgi?id=2350589", "https://bugzilla.redhat.com/show_bug.cgi?id=2350725", "https://bugzilla.redhat.com/show_bug.cgi?id=2350726", "https://bugzilla.redhat.com/show_bug.cgi?id=2351605", "https://bugzilla.redhat.com/show_bug.cgi?id=2351606", "https://bugzilla.redhat.com/show_bug.cgi?id=2351608", "https://bugzilla.redhat.com/show_bug.cgi?id=2351612", "https://bugzilla.redhat.com/show_bug.cgi?id=2351613", "https://bugzilla.redhat.com/show_bug.cgi?id=2351616", "https://bugzilla.redhat.com/show_bug.cgi?id=2351618", "https://bugzilla.redhat.com/show_bug.cgi?id=2351620", "https://bugzilla.redhat.com/show_bug.cgi?id=2351624", "https://bugzilla.redhat.com/show_bug.cgi?id=2351625", "https://bugzilla.redhat.com/show_bug.cgi?id=2351629", "https://bugzilla.redhat.com/show_bug.cgi?id=2356641", "https://bugzilla.redhat.com/show_bug.cgi?id=2356647", "https://bugzilla.redhat.com/show_bug.cgi?id=2356664", "https://bugzilla.redhat.com/show_bug.cgi?id=2360215", "https://bugzilla.redhat.com/show_bug.cgi?id=2363332", "https://bugzilla.redhat.com/show_bug.cgi?id=2366125", "https://bugzilla.redhat.com/show_bug.cgi?id=2369184", "https://bugzilla.redhat.com/show_bug.cgi?id=2376076", "https://bugzilla.redhat.com/show_bug.cgi?id=2383398", "https://bugzilla.redhat.com/show_bug.cgi?id=2383432", "https://bugzilla.redhat.com/show_bug.cgi?id=2383913", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28956", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36350", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49570", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52332", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53147", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53222", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53241", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54456", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56662", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56690", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57901", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57902", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57941", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57942", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57977", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57981", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57984", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57986", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57987", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57988", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57995", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58004", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58005", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58006", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58012", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58013", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58015", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58020", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58057", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58061", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58069", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58072", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58075", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58077", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58088", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21633", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21647", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21652", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21655", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21671", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21680", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21693", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21696", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21702", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21732", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21738", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21741", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21742", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21743", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21750", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21761", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21765", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21771", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21777", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21785", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21828", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21837", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21844", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21846", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21851", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21855", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21857", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21861", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21863", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21902", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21931", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21976", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37749", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37994", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38116", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38369", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38412", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38468", "https://errata.almalinux.org/10/ALSA-2025-20095.html", "https://errata.rockylinux.org/RLSA-2025:20095", "https://git.kernel.org/linus/082d9e263af8de68f0c34f67b251818205160f6e (6.14-rc1)", "https://git.kernel.org/stable/c/082d9e263af8de68f0c34f67b251818205160f6e", "https://git.kernel.org/stable/c/7ef2ea1429684d5cef207519bdf6ce45e50e8ac5", "https://git.kernel.org/stable/c/af525a8b2ab85291617e79a5bb18bcdcb529e80c", "https://git.kernel.org/stable/c/bb8e35e33e79eb8e44396adbc8cb6c8c5f16b731", "https://git.kernel.org/stable/c/c9480e9f2d10135476101619bcbd1c49c15d595f", "https://linux.oracle.com/cve/CVE-2025-21750.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html", "https://lore.kernel.org/linux-cve-announce/2025022601-CVE-2025-21750-d10d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21750", "https://ubuntu.com/security/notices/USN-7521-1", "https://ubuntu.com/security/notices/USN-7521-2", "https://ubuntu.com/security/notices/USN-7521-3", "https://ubuntu.com/security/notices/USN-7651-1", "https://ubuntu.com/security/notices/USN-7651-2", "https://ubuntu.com/security/notices/USN-7651-3", "https://ubuntu.com/security/notices/USN-7651-4", "https://ubuntu.com/security/notices/USN-7651-5", "https://ubuntu.com/security/notices/USN-7651-6", "https://ubuntu.com/security/notices/USN-7652-1", "https://ubuntu.com/security/notices/USN-7653-1", "https://ubuntu.com/security/notices/USN-7737-1", "https://www.cve.org/CVERecord?id=CVE-2025-21750" ], "PublishedDate": "2025-02-27T03:15:15.647Z", "LastModifiedDate": "2025-11-03T20:17:14.437Z" }, { "VulnerabilityID": "CVE-2025-21751", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21751", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5f35db2c8d0c79884b1884a32e0a86ef54d0fbb3a3364bf9ee9f0e1cc097a383", "Title": "kernel: net/mlx5: HWS, change error flow on matcher disconnect", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: HWS, change error flow on matcher disconnect\n\nCurrently, when firmware failure occurs during matcher disconnect flow,\nthe error flow of the function reconnects the matcher back and returns\nan error, which continues running the calling function and eventually\nfrees the matcher that is being disconnected.\nThis leads to a case where we have a freed matcher on the matchers list,\nwhich in turn leads to use-after-free and eventual crash.\n\nThis patch fixes that by not trying to reconnect the matcher back when\nsome FW command fails during disconnect.\n\nNote that we're dealing here with FW error. We can't overcome this\nproblem. This might lead to bad steering state (e.g. wrong connection\nbetween matchers), and will also lead to resource leakage, as it is\nthe case with any other error handling during resource destruction.\n\nHowever, the goal here is to allow the driver to continue and not crash\nthe machine with use-after-free error.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21751", "https://git.kernel.org/linus/1ce840c7a659aa53a31ef49f0271b4fd0dc10296 (6.14-rc1)", "https://git.kernel.org/stable/c/1ce840c7a659aa53a31ef49f0271b4fd0dc10296", "https://git.kernel.org/stable/c/23a86c76a1a197e8fbbbd0ce3e826eb58c471624", "https://git.kernel.org/stable/c/5682aad0276ff9b9b0eff3188eb6a1f504d6b436", "https://lore.kernel.org/linux-cve-announce/2025022601-CVE-2025-21751-101c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21751", "https://www.cve.org/CVERecord?id=CVE-2025-21751" ], "PublishedDate": "2025-02-27T03:15:15.76Z", "LastModifiedDate": "2025-09-19T15:15:48.233Z" }, { "VulnerabilityID": "CVE-2025-21752", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21752", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5d60f1388bf787515997400a337531209ed4cf23f0b5655b671a357e967e9198", "Title": "kernel: btrfs: don't use btrfs_set_item_key_safe on RAID stripe-extents", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don't use btrfs_set_item_key_safe on RAID stripe-extents\n\nDon't use btrfs_set_item_key_safe() to modify the keys in the RAID\nstripe-tree, as this can lead to corruption of the tree, which is caught\nby the checks in btrfs_set_item_key_safe():\n\n BTRFS info (device nvme1n1): leaf 49168384 gen 15 total ptrs 194 free space 8329 owner 12\n BTRFS info (device nvme1n1): refs 2 lock_owner 1030 current 1030\n [ snip ]\n item 105 key (354549760 230 20480) itemoff 14587 itemsize 16\n stride 0 devid 5 physical 67502080\n item 106 key (354631680 230 4096) itemoff 14571 itemsize 16\n stride 0 devid 1 physical 88559616\n item 107 key (354631680 230 32768) itemoff 14555 itemsize 16\n stride 0 devid 1 physical 88555520\n item 108 key (354717696 230 28672) itemoff 14539 itemsize 16\n stride 0 devid 2 physical 67604480\n [ snip ]\n BTRFS critical (device nvme1n1): slot 106 key (354631680 230 32768) new key (354635776 230 4096)\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/ctree.c:2602!\n Oops: invalid opcode: 0000 [#1] PREEMPT SMP PTI\n CPU: 1 UID: 0 PID: 1055 Comm: fsstress Not tainted 6.13.0-rc1+ #1464\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014\n RIP: 0010:btrfs_set_item_key_safe+0xf7/0x270\n Code: \u003csnip\u003e\n RSP: 0018:ffffc90001337ab0 EFLAGS: 00010287\n RAX: 0000000000000000 RBX: ffff8881115fd000 RCX: 0000000000000000\n RDX: 0000000000000001 RSI: 0000000000000001 RDI: 00000000ffffffff\n RBP: ffff888110ed6f50 R08: 00000000ffffefff R09: ffffffff8244c500\n R10: 00000000ffffefff R11: 00000000ffffffff R12: ffff888100586000\n R13: 00000000000000c9 R14: ffffc90001337b1f R15: ffff888110f23b58\n FS: 00007f7d75c72740(0000) GS:ffff88813bd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007fa811652c60 CR3: 0000000111398001 CR4: 0000000000370eb0\n Call Trace:\n \u003cTASK\u003e\n ? __die_body.cold+0x14/0x1a\n ? die+0x2e/0x50\n ? do_trap+0xca/0x110\n ? do_error_trap+0x65/0x80\n ? btrfs_set_item_key_safe+0xf7/0x270\n ? exc_invalid_op+0x50/0x70\n ? btrfs_set_item_key_safe+0xf7/0x270\n ? asm_exc_invalid_op+0x1a/0x20\n ? btrfs_set_item_key_safe+0xf7/0x270\n btrfs_partially_delete_raid_extent+0xc4/0xe0\n btrfs_delete_raid_extent+0x227/0x240\n __btrfs_free_extent.isra.0+0x57f/0x9c0\n ? exc_coproc_segment_overrun+0x40/0x40\n __btrfs_run_delayed_refs+0x2fa/0xe80\n btrfs_run_delayed_refs+0x81/0xe0\n btrfs_commit_transaction+0x2dd/0xbe0\n ? preempt_count_add+0x52/0xb0\n btrfs_sync_file+0x375/0x4c0\n do_fsync+0x39/0x70\n __x64_sys_fsync+0x13/0x20\n do_syscall_64+0x54/0x110\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7f7d7550ef90\n Code: \u003csnip\u003e\n RSP: 002b:00007ffd70237248 EFLAGS: 00000202 ORIG_RAX: 000000000000004a\n RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f7d7550ef90\n RDX: 000000000000013a RSI: 000000000040eb28 RDI: 0000000000000004\n RBP: 000000000000001b R08: 0000000000000078 R09: 00007ffd7023725c\n R10: 00007f7d75400390 R11: 0000000000000202 R12: 028f5c28f5c28f5c\n R13: 8f5c28f5c28f5c29 R14: 000000000040b520 R15: 00007f7d75c726c8\n \u003c/TASK\u003e\n\nWhile the root cause of the tree order corruption isn't clear, using\nbtrfs_duplicate_item() to copy the item and then adjusting both the key\nand the per-device physical addresses is a safe way to counter this\nproblem.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21752", "https://git.kernel.org/linus/dc14ba10781bd2629835696b7cc1febf914768e9 (6.14-rc1)", "https://git.kernel.org/stable/c/1c25eff52ee5a02a2c4be659a44ae972d9989742", "https://git.kernel.org/stable/c/dc14ba10781bd2629835696b7cc1febf914768e9", "https://lore.kernel.org/linux-cve-announce/2025022602-CVE-2025-21752-5815@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21752", "https://www.cve.org/CVERecord?id=CVE-2025-21752" ], "PublishedDate": "2025-02-27T03:15:15.853Z", "LastModifiedDate": "2025-10-28T21:03:53.33Z" }, { "VulnerabilityID": "CVE-2025-21759", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21759", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4038e4cae719d9f4b82bd1ce6456a652a442eb9363c309ba056d577d97c7aa91", "Title": "kernel: ipv6: mcast: extend RCU protection in igmp6_send()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: mcast: extend RCU protection in igmp6_send()\n\nigmp6_send() can be called without RTNL or RCU being held.\n\nExtend RCU protection so that we can safely fetch the net pointer\nand avoid a potential UAF.\n\nNote that we no longer can use sock_alloc_send_skb() because\nipv6.igmp_sk uses GFP_KERNEL allocations which can sleep.\n\nInstead use alloc_skb() and charge the net-\u003eipv6.igmp_sk\nsocket under RCU protection.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 6.6 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:10379", "https://access.redhat.com/security/cve/CVE-2025-21759", "https://bugzilla.redhat.com/2348596", "https://bugzilla.redhat.com/2355405", "https://bugzilla.redhat.com/2357142", "https://bugzilla.redhat.com/2363432", "https://bugzilla.redhat.com/2363876", "https://bugzilla.redhat.com/show_bug.cgi?id=2348596", "https://bugzilla.redhat.com/show_bug.cgi?id=2355405", "https://bugzilla.redhat.com/show_bug.cgi?id=2357142", "https://bugzilla.redhat.com/show_bug.cgi?id=2363432", "https://bugzilla.redhat.com/show_bug.cgi?id=2363876", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49846", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21759", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21887", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22004", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37799", "https://errata.almalinux.org/9/ALSA-2025-10379.html", "https://errata.rockylinux.org/RLSA-2025:10379", "https://git.kernel.org/linus/087c1faa594fa07a66933d750c0b2610aa1a2946 (6.14-rc3)", "https://git.kernel.org/stable/c/087c1faa594fa07a66933d750c0b2610aa1a2946", "https://git.kernel.org/stable/c/0bf8e2f3768629d437a32cb824149e6e98254381", "https://git.kernel.org/stable/c/81b25a07ebf53f9ef4ca8f3d96a8ddb94561dd5a", "https://git.kernel.org/stable/c/8e92d6a413feaf968a33f0b439ecf27404407458", "https://linux.oracle.com/cve/CVE-2025-21759.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025022604-CVE-2025-21759-ad7c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21759", "https://ubuntu.com/security/notices/USN-7521-1", "https://ubuntu.com/security/notices/USN-7521-2", "https://ubuntu.com/security/notices/USN-7521-3", "https://ubuntu.com/security/notices/USN-7703-1", "https://ubuntu.com/security/notices/USN-7703-2", "https://ubuntu.com/security/notices/USN-7703-3", "https://ubuntu.com/security/notices/USN-7703-4", "https://ubuntu.com/security/notices/USN-7719-1", "https://ubuntu.com/security/notices/USN-7737-1", "https://www.cve.org/CVERecord?id=CVE-2025-21759" ], "PublishedDate": "2025-02-27T03:15:16.55Z", "LastModifiedDate": "2025-03-24T17:33:09.887Z" }, { "VulnerabilityID": "CVE-2025-21768", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21768", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:466d8c74f92475f28020a88a8f2c07612a2502ed4bfeba832a85b116a38feb12", "Title": "kernel: net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels\n\nSome lwtunnels have a dst cache for post-transformation dst.\nIf the packet destination did not change we may end up recording\na reference to the lwtunnel in its own cache, and the lwtunnel\nstate will never be freed.\n\nDiscovered by the ioam6.sh test, kmemleak was recently fixed\nto catch per-cpu memory leaks. I'm not sure if rpl and seg6\ncan actually hit this, but in principle I don't see why not.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21768", "https://git.kernel.org/linus/92191dd1073088753821b862b791dcc83e558e07 (6.14-rc2)", "https://git.kernel.org/stable/c/4c0f200c7d06fedddde82209c099014d63f4a6c0", "https://git.kernel.org/stable/c/5ab11a4e219e93b8b31a27f8ec98d42afadd8b7a", "https://git.kernel.org/stable/c/92191dd1073088753821b862b791dcc83e558e07", "https://linux.oracle.com/cve/CVE-2025-21768.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025022605-CVE-2025-21768-512b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21768", "https://ubuntu.com/security/notices/USN-7521-1", "https://ubuntu.com/security/notices/USN-7521-2", "https://ubuntu.com/security/notices/USN-7521-3", "https://ubuntu.com/security/notices/USN-7703-1", "https://ubuntu.com/security/notices/USN-7703-2", "https://ubuntu.com/security/notices/USN-7703-3", "https://ubuntu.com/security/notices/USN-7703-4", "https://ubuntu.com/security/notices/USN-7719-1", "https://ubuntu.com/security/notices/USN-7737-1", "https://www.cve.org/CVERecord?id=CVE-2025-21768" ], "PublishedDate": "2025-02-27T03:15:17.48Z", "LastModifiedDate": "2025-10-28T20:28:41.98Z" }, { "VulnerabilityID": "CVE-2025-21786", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21786", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6c6943727aedf9d3240d1fe05d1c1e038cff8ee8754cd017533e195811826c6b", "Title": "kernel: workqueue: Put the pwq after detaching the rescuer from the pool", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nworkqueue: Put the pwq after detaching the rescuer from the pool\n\nThe commit 68f83057b913(\"workqueue: Reap workers via kthread_stop() and\nremove detach_completion\") adds code to reap the normal workers but\nmistakenly does not handle the rescuer and also removes the code waiting\nfor the rescuer in put_unbound_pool(), which caused a use-after-free bug\nreported by Cheung Wall.\n\nTo avoid the use-after-free bug, the pool’s reference must be held until\nthe detachment is complete. Therefore, move the code that puts the pwq\nafter detaching the rescuer from the pool.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "alma": 2, "oracle-oval": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:20518", "https://access.redhat.com/security/cve/CVE-2025-21786", "https://bugzilla.redhat.com/2298169", "https://bugzilla.redhat.com/2312077", "https://bugzilla.redhat.com/2313092", "https://bugzilla.redhat.com/2320172", "https://bugzilla.redhat.com/2320259", "https://bugzilla.redhat.com/2320455", "https://bugzilla.redhat.com/2320616", "https://bugzilla.redhat.com/2320722", "https://bugzilla.redhat.com/2324549", "https://bugzilla.redhat.com/2327203", "https://bugzilla.redhat.com/2327374", "https://bugzilla.redhat.com/2327887", "https://bugzilla.redhat.com/2329918", "https://bugzilla.redhat.com/2330341", "https://bugzilla.redhat.com/2331326", "https://bugzilla.redhat.com/2334357", "https://bugzilla.redhat.com/2334396", "https://bugzilla.redhat.com/2334415", "https://bugzilla.redhat.com/2334439", "https://bugzilla.redhat.com/2334537", "https://bugzilla.redhat.com/2334547", "https://bugzilla.redhat.com/2334548", "https://bugzilla.redhat.com/2334560", "https://bugzilla.redhat.com/2334676", "https://bugzilla.redhat.com/2334795", "https://bugzilla.redhat.com/2334829", "https://bugzilla.redhat.com/2336541", "https://bugzilla.redhat.com/2337121", "https://bugzilla.redhat.com/2337124", "https://bugzilla.redhat.com/2338814", "https://bugzilla.redhat.com/2338828", "https://bugzilla.redhat.com/2338832", "https://bugzilla.redhat.com/2343172", "https://bugzilla.redhat.com/2343175", "https://bugzilla.redhat.com/2344684", "https://bugzilla.redhat.com/2344687", "https://bugzilla.redhat.com/2345240", "https://bugzilla.redhat.com/2346272", "https://bugzilla.redhat.com/2347707", "https://bugzilla.redhat.com/2347753", "https://bugzilla.redhat.com/2347759", "https://bugzilla.redhat.com/2347781", "https://bugzilla.redhat.com/2347807", "https://bugzilla.redhat.com/2347859", "https://bugzilla.redhat.com/2347919", "https://bugzilla.redhat.com/2347968", "https://bugzilla.redhat.com/2348022", "https://bugzilla.redhat.com/2348071", "https://bugzilla.redhat.com/2348238", "https://bugzilla.redhat.com/2348240", "https://bugzilla.redhat.com/2348279", "https://bugzilla.redhat.com/2348515", "https://bugzilla.redhat.com/2348523", "https://bugzilla.redhat.com/2348528", "https://bugzilla.redhat.com/2348541", "https://bugzilla.redhat.com/2348543", "https://bugzilla.redhat.com/2348547", "https://bugzilla.redhat.com/2348550", "https://bugzilla.redhat.com/2348554", "https://bugzilla.redhat.com/2348556", "https://bugzilla.redhat.com/2348566", "https://bugzilla.redhat.com/2348573", "https://bugzilla.redhat.com/2348574", "https://bugzilla.redhat.com/2348577", "https://bugzilla.redhat.com/2348578", "https://bugzilla.redhat.com/2348581", "https://bugzilla.redhat.com/2348584", "https://bugzilla.redhat.com/2348585", "https://bugzilla.redhat.com/2348587", "https://bugzilla.redhat.com/2348595", "https://bugzilla.redhat.com/2348597", "https://bugzilla.redhat.com/2348600", "https://bugzilla.redhat.com/2348601", "https://bugzilla.redhat.com/2348615", "https://bugzilla.redhat.com/2348620", "https://bugzilla.redhat.com/2348625", "https://bugzilla.redhat.com/2348634", "https://bugzilla.redhat.com/2348645", "https://bugzilla.redhat.com/2348650", "https://bugzilla.redhat.com/2348654", "https://bugzilla.redhat.com/2348901", "https://bugzilla.redhat.com/2350363", "https://bugzilla.redhat.com/2350367", "https://bugzilla.redhat.com/2350374", "https://bugzilla.redhat.com/2350375", "https://bugzilla.redhat.com/2350386", "https://bugzilla.redhat.com/2350388", "https://bugzilla.redhat.com/2350392", "https://bugzilla.redhat.com/2350396", "https://bugzilla.redhat.com/2350397", "https://bugzilla.redhat.com/2350400", "https://bugzilla.redhat.com/2350585", "https://bugzilla.redhat.com/2350589", "https://bugzilla.redhat.com/2350725", "https://bugzilla.redhat.com/2350726", "https://bugzilla.redhat.com/2351606", "https://bugzilla.redhat.com/2351608", "https://bugzilla.redhat.com/2351612", "https://bugzilla.redhat.com/2351613", "https://bugzilla.redhat.com/2351616", "https://bugzilla.redhat.com/2351618", "https://bugzilla.redhat.com/2351620", "https://bugzilla.redhat.com/2351624", "https://bugzilla.redhat.com/2351625", "https://bugzilla.redhat.com/2351629", "https://bugzilla.redhat.com/2351633", "https://bugzilla.redhat.com/2360215", "https://bugzilla.redhat.com/2363380", "https://bugzilla.redhat.com/2369184", "https://bugzilla.redhat.com/2376076", "https://bugzilla.redhat.com/2383441", "https://bugzilla.redhat.com/show_bug.cgi?id=2298169", "https://bugzilla.redhat.com/show_bug.cgi?id=2312077", "https://bugzilla.redhat.com/show_bug.cgi?id=2313092", "https://bugzilla.redhat.com/show_bug.cgi?id=2320172", "https://bugzilla.redhat.com/show_bug.cgi?id=2320259", "https://bugzilla.redhat.com/show_bug.cgi?id=2320455", "https://bugzilla.redhat.com/show_bug.cgi?id=2320616", "https://bugzilla.redhat.com/show_bug.cgi?id=2320722", "https://bugzilla.redhat.com/show_bug.cgi?id=2324549", "https://bugzilla.redhat.com/show_bug.cgi?id=2327203", "https://bugzilla.redhat.com/show_bug.cgi?id=2327374", "https://bugzilla.redhat.com/show_bug.cgi?id=2327887", "https://bugzilla.redhat.com/show_bug.cgi?id=2329918", "https://bugzilla.redhat.com/show_bug.cgi?id=2330341", "https://bugzilla.redhat.com/show_bug.cgi?id=2331326", "https://bugzilla.redhat.com/show_bug.cgi?id=2334357", "https://bugzilla.redhat.com/show_bug.cgi?id=2334396", "https://bugzilla.redhat.com/show_bug.cgi?id=2334415", "https://bugzilla.redhat.com/show_bug.cgi?id=2334439", "https://bugzilla.redhat.com/show_bug.cgi?id=2334537", "https://bugzilla.redhat.com/show_bug.cgi?id=2334547", "https://bugzilla.redhat.com/show_bug.cgi?id=2334548", "https://bugzilla.redhat.com/show_bug.cgi?id=2334560", "https://bugzilla.redhat.com/show_bug.cgi?id=2334676", "https://bugzilla.redhat.com/show_bug.cgi?id=2334795", "https://bugzilla.redhat.com/show_bug.cgi?id=2334829", "https://bugzilla.redhat.com/show_bug.cgi?id=2336541", "https://bugzilla.redhat.com/show_bug.cgi?id=2337121", "https://bugzilla.redhat.com/show_bug.cgi?id=2337124", "https://bugzilla.redhat.com/show_bug.cgi?id=2338814", "https://bugzilla.redhat.com/show_bug.cgi?id=2338828", "https://bugzilla.redhat.com/show_bug.cgi?id=2338832", "https://bugzilla.redhat.com/show_bug.cgi?id=2343172", "https://bugzilla.redhat.com/show_bug.cgi?id=2343175", "https://bugzilla.redhat.com/show_bug.cgi?id=2344684", "https://bugzilla.redhat.com/show_bug.cgi?id=2344687", "https://bugzilla.redhat.com/show_bug.cgi?id=2345240", "https://bugzilla.redhat.com/show_bug.cgi?id=2346272", "https://bugzilla.redhat.com/show_bug.cgi?id=2347707", "https://bugzilla.redhat.com/show_bug.cgi?id=2347753", "https://bugzilla.redhat.com/show_bug.cgi?id=2347759", "https://bugzilla.redhat.com/show_bug.cgi?id=2347781", "https://bugzilla.redhat.com/show_bug.cgi?id=2347807", "https://bugzilla.redhat.com/show_bug.cgi?id=2347859", "https://bugzilla.redhat.com/show_bug.cgi?id=2347919", "https://bugzilla.redhat.com/show_bug.cgi?id=2347968", "https://bugzilla.redhat.com/show_bug.cgi?id=2348022", "https://bugzilla.redhat.com/show_bug.cgi?id=2348071", "https://bugzilla.redhat.com/show_bug.cgi?id=2348238", "https://bugzilla.redhat.com/show_bug.cgi?id=2348240", "https://bugzilla.redhat.com/show_bug.cgi?id=2348279", "https://bugzilla.redhat.com/show_bug.cgi?id=2348515", "https://bugzilla.redhat.com/show_bug.cgi?id=2348523", "https://bugzilla.redhat.com/show_bug.cgi?id=2348528", "https://bugzilla.redhat.com/show_bug.cgi?id=2348541", "https://bugzilla.redhat.com/show_bug.cgi?id=2348543", "https://bugzilla.redhat.com/show_bug.cgi?id=2348547", "https://bugzilla.redhat.com/show_bug.cgi?id=2348550", "https://bugzilla.redhat.com/show_bug.cgi?id=2348554", "https://bugzilla.redhat.com/show_bug.cgi?id=2348556", "https://bugzilla.redhat.com/show_bug.cgi?id=2348566", "https://bugzilla.redhat.com/show_bug.cgi?id=2348573", "https://bugzilla.redhat.com/show_bug.cgi?id=2348574", "https://bugzilla.redhat.com/show_bug.cgi?id=2348577", "https://bugzilla.redhat.com/show_bug.cgi?id=2348578", "https://bugzilla.redhat.com/show_bug.cgi?id=2348581", "https://bugzilla.redhat.com/show_bug.cgi?id=2348584", "https://bugzilla.redhat.com/show_bug.cgi?id=2348585", "https://bugzilla.redhat.com/show_bug.cgi?id=2348587", "https://bugzilla.redhat.com/show_bug.cgi?id=2348595", "https://bugzilla.redhat.com/show_bug.cgi?id=2348597", "https://bugzilla.redhat.com/show_bug.cgi?id=2348600", "https://bugzilla.redhat.com/show_bug.cgi?id=2348601", "https://bugzilla.redhat.com/show_bug.cgi?id=2348615", "https://bugzilla.redhat.com/show_bug.cgi?id=2348620", "https://bugzilla.redhat.com/show_bug.cgi?id=2348625", "https://bugzilla.redhat.com/show_bug.cgi?id=2348634", "https://bugzilla.redhat.com/show_bug.cgi?id=2348645", "https://bugzilla.redhat.com/show_bug.cgi?id=2348650", "https://bugzilla.redhat.com/show_bug.cgi?id=2348654", "https://bugzilla.redhat.com/show_bug.cgi?id=2348901", "https://bugzilla.redhat.com/show_bug.cgi?id=2350363", "https://bugzilla.redhat.com/show_bug.cgi?id=2350367", "https://bugzilla.redhat.com/show_bug.cgi?id=2350374", "https://bugzilla.redhat.com/show_bug.cgi?id=2350375", "https://bugzilla.redhat.com/show_bug.cgi?id=2350386", "https://bugzilla.redhat.com/show_bug.cgi?id=2350388", "https://bugzilla.redhat.com/show_bug.cgi?id=2350392", "https://bugzilla.redhat.com/show_bug.cgi?id=2350396", "https://bugzilla.redhat.com/show_bug.cgi?id=2350397", "https://bugzilla.redhat.com/show_bug.cgi?id=2350400", "https://bugzilla.redhat.com/show_bug.cgi?id=2350585", "https://bugzilla.redhat.com/show_bug.cgi?id=2350589", "https://bugzilla.redhat.com/show_bug.cgi?id=2350725", "https://bugzilla.redhat.com/show_bug.cgi?id=2350726", "https://bugzilla.redhat.com/show_bug.cgi?id=2351606", "https://bugzilla.redhat.com/show_bug.cgi?id=2351608", "https://bugzilla.redhat.com/show_bug.cgi?id=2351612", "https://bugzilla.redhat.com/show_bug.cgi?id=2351613", "https://bugzilla.redhat.com/show_bug.cgi?id=2351616", "https://bugzilla.redhat.com/show_bug.cgi?id=2351618", "https://bugzilla.redhat.com/show_bug.cgi?id=2351620", "https://bugzilla.redhat.com/show_bug.cgi?id=2351624", "https://bugzilla.redhat.com/show_bug.cgi?id=2351625", "https://bugzilla.redhat.com/show_bug.cgi?id=2351629", "https://bugzilla.redhat.com/show_bug.cgi?id=2351633", "https://bugzilla.redhat.com/show_bug.cgi?id=2356647", "https://bugzilla.redhat.com/show_bug.cgi?id=2360215", "https://bugzilla.redhat.com/show_bug.cgi?id=2360223", "https://bugzilla.redhat.com/show_bug.cgi?id=2363380", "https://bugzilla.redhat.com/show_bug.cgi?id=2369184", "https://bugzilla.redhat.com/show_bug.cgi?id=2376076", "https://bugzilla.redhat.com/show_bug.cgi?id=2383441", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48830", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49024", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49269", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49353", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49432", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49437", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49443", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49623", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49627", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49643", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49657", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49670", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49845", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36350", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46744", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47679", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47727", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49570", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50060", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50195", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50294", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52332", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53052", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53090", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53119", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53135", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53170", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53229", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53241", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53680", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54456", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56603", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56645", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56662", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56690", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56709", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57981", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57986", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57987", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57988", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57990", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57993", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57995", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57998", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58012", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58015", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58057", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58062", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58068", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58072", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58075", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58077", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58083", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58088", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21647", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21671", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21693", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21696", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21702", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21714", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21728", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21738", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21745", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21746", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21765", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21787", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21806", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21828", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21829", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21837", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21839", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21844", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21846", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21848", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21851", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21855", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21861", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21863", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21902", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37994", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38116", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38396", "https://errata.almalinux.org/9/ALSA-2025-20518.html", "https://errata.rockylinux.org/RLSA-2025:20518", "https://git.kernel.org/linus/e76946110137703c16423baf6ee177b751a34b7e (6.14-rc3)", "https://git.kernel.org/stable/c/835b69c868f53f959d4986bbecd561ba6f38e492", "https://git.kernel.org/stable/c/e76946110137703c16423baf6ee177b751a34b7e", "https://git.kernel.org/stable/c/e7c16028a424dd35be1064a68fa318be4359310f", "https://linux.oracle.com/cve/CVE-2025-21786.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025022608-CVE-2025-21786-f31d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21786", "https://ubuntu.com/security/notices/USN-7521-1", "https://ubuntu.com/security/notices/USN-7521-2", "https://ubuntu.com/security/notices/USN-7521-3", "https://ubuntu.com/security/notices/USN-7703-1", "https://ubuntu.com/security/notices/USN-7703-2", "https://ubuntu.com/security/notices/USN-7703-3", "https://ubuntu.com/security/notices/USN-7703-4", "https://ubuntu.com/security/notices/USN-7719-1", "https://ubuntu.com/security/notices/USN-7737-1", "https://www.cve.org/CVERecord?id=CVE-2025-21786" ], "PublishedDate": "2025-02-27T03:15:19.45Z", "LastModifiedDate": "2025-03-21T15:43:17.48Z" }, { "VulnerabilityID": "CVE-2025-21792", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21792", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4c271225dc6a64cef2f8ac46f744923399092c49dc9bf7806c555e47c79d2746", "Title": "kernel: ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt\n\nIf an AX25 device is bound to a socket by setting the SO_BINDTODEVICE\nsocket option, a refcount leak will occur in ax25_release().\n\nCommit 9fd75b66b8f6 (\"ax25: Fix refcount leaks caused by ax25_cb_del()\")\nadded decrement of device refcounts in ax25_release(). In order for that\nto work correctly the refcounts must already be incremented when the\ndevice is bound to the socket. An AX25 device can be bound to a socket\nby either calling ax25_bind() or setting SO_BINDTODEVICE socket option.\nIn both cases the refcounts should be incremented, but in fact it is done\nonly in ax25_bind().\n\nThis bug leads to the following issue reported by Syzkaller:\n\n================================================================\nrefcount_t: decrement hit 0; leaking memory.\nWARNING: CPU: 1 PID: 5932 at lib/refcount.c:31 refcount_warn_saturate+0x1ed/0x210 lib/refcount.c:31\nModules linked in:\nCPU: 1 UID: 0 PID: 5932 Comm: syz-executor424 Not tainted 6.13.0-rc4-syzkaller-00110-g4099a71718b0 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nRIP: 0010:refcount_warn_saturate+0x1ed/0x210 lib/refcount.c:31\nCall Trace:\n \u003cTASK\u003e\n __refcount_dec include/linux/refcount.h:336 [inline]\n refcount_dec include/linux/refcount.h:351 [inline]\n ref_tracker_free+0x710/0x820 lib/ref_tracker.c:236\n netdev_tracker_free include/linux/netdevice.h:4156 [inline]\n netdev_put include/linux/netdevice.h:4173 [inline]\n netdev_put include/linux/netdevice.h:4169 [inline]\n ax25_release+0x33f/0xa10 net/ax25/af_ax25.c:1069\n __sock_release+0xb0/0x270 net/socket.c:640\n sock_close+0x1c/0x30 net/socket.c:1408\n ...\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n ...\n \u003c/TASK\u003e\n================================================================\n\nFix the implementation of ax25_setsockopt() by adding increment of\nrefcounts for the new device bound, and decrement of refcounts for\nthe old unbound device.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21792", "https://git.kernel.org/linus/bca0902e61731a75fc4860c8720168d9f1bae3b6 (6.14-rc3)", "https://git.kernel.org/stable/c/470bda72fda0fcf54300466d70ce2de62f7835d2", "https://git.kernel.org/stable/c/90056ece99966182dc0e367f3fd2afab46ada847", "https://git.kernel.org/stable/c/94a0de224ed52eb2ecd4f4cb1b937b674c9fb955", "https://git.kernel.org/stable/c/b58f7ca86a7b8e480c06e30c5163c5d2f4e24023", "https://git.kernel.org/stable/c/bca0902e61731a75fc4860c8720168d9f1bae3b6", "https://linux.oracle.com/cve/CVE-2025-21792.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html", "https://lore.kernel.org/linux-cve-announce/2025022609-CVE-2025-21792-d8e8@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21792", "https://ubuntu.com/security/notices/USN-7521-1", "https://ubuntu.com/security/notices/USN-7521-2", "https://ubuntu.com/security/notices/USN-7521-3", "https://ubuntu.com/security/notices/USN-7703-1", "https://ubuntu.com/security/notices/USN-7703-2", "https://ubuntu.com/security/notices/USN-7703-3", "https://ubuntu.com/security/notices/USN-7703-4", "https://ubuntu.com/security/notices/USN-7719-1", "https://ubuntu.com/security/notices/USN-7737-1", "https://www.cve.org/CVERecord?id=CVE-2025-21792" ], "PublishedDate": "2025-02-27T03:15:20.08Z", "LastModifiedDate": "2025-11-03T21:19:10.457Z" }, { "VulnerabilityID": "CVE-2025-21801", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21801", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:299947bae127c0ad2a08d16f397d91906d81358a7cdc3c76a560e0ef08c45bfe", "Title": "kernel: net: ravb: Fix missing rtnl lock in suspend/resume path", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ravb: Fix missing rtnl lock in suspend/resume path\n\nFix the suspend/resume path by ensuring the rtnl lock is held where\nrequired. Calls to ravb_open, ravb_close and wol operations must be\nperformed under the rtnl lock to prevent conflicts with ongoing ndo\noperations.\n\nWithout this fix, the following warning is triggered:\n[ 39.032969] =============================\n[ 39.032983] WARNING: suspicious RCU usage\n[ 39.033019] -----------------------------\n[ 39.033033] drivers/net/phy/phy_device.c:2004 suspicious\nrcu_dereference_protected() usage!\n...\n[ 39.033597] stack backtrace:\n[ 39.033613] CPU: 0 UID: 0 PID: 174 Comm: python3 Not tainted\n6.13.0-rc7-next-20250116-arm64-renesas-00002-g35245dfdc62c #7\n[ 39.033623] Hardware name: Renesas SMARC EVK version 2 based on\nr9a08g045s33 (DT)\n[ 39.033628] Call trace:\n[ 39.033633] show_stack+0x14/0x1c (C)\n[ 39.033652] dump_stack_lvl+0xb4/0xc4\n[ 39.033664] dump_stack+0x14/0x1c\n[ 39.033671] lockdep_rcu_suspicious+0x16c/0x22c\n[ 39.033682] phy_detach+0x160/0x190\n[ 39.033694] phy_disconnect+0x40/0x54\n[ 39.033703] ravb_close+0x6c/0x1cc\n[ 39.033714] ravb_suspend+0x48/0x120\n[ 39.033721] dpm_run_callback+0x4c/0x14c\n[ 39.033731] device_suspend+0x11c/0x4dc\n[ 39.033740] dpm_suspend+0xdc/0x214\n[ 39.033748] dpm_suspend_start+0x48/0x60\n[ 39.033758] suspend_devices_and_enter+0x124/0x574\n[ 39.033769] pm_suspend+0x1ac/0x274\n[ 39.033778] state_store+0x88/0x124\n[ 39.033788] kobj_attr_store+0x14/0x24\n[ 39.033798] sysfs_kf_write+0x48/0x6c\n[ 39.033808] kernfs_fop_write_iter+0x118/0x1a8\n[ 39.033817] vfs_write+0x27c/0x378\n[ 39.033825] ksys_write+0x64/0xf4\n[ 39.033833] __arm64_sys_write+0x18/0x20\n[ 39.033841] invoke_syscall+0x44/0x104\n[ 39.033852] el0_svc_common.constprop.0+0xb4/0xd4\n[ 39.033862] do_el0_svc+0x18/0x20\n[ 39.033870] el0_svc+0x3c/0xf0\n[ 39.033880] el0t_64_sync_handler+0xc0/0xc4\n[ 39.033888] el0t_64_sync+0x154/0x158\n[ 39.041274] ravb 11c30000.ethernet eth0: Link is Down", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21801", "https://git.kernel.org/linus/2c2ebb2b49573e5f8726112ad06b1dffc3c9ea03 (6.14-rc1)", "https://git.kernel.org/stable/c/0296981941cf291edfbc318d3255a93439f368e4", "https://git.kernel.org/stable/c/2c2ebb2b49573e5f8726112ad06b1dffc3c9ea03", "https://git.kernel.org/stable/c/ad19522c007bb24ed874468f8baa1503c4662cf4", "https://linux.oracle.com/cve/CVE-2025-21801.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025022752-CVE-2025-21801-5496@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21801", "https://ubuntu.com/security/notices/USN-7521-1", "https://ubuntu.com/security/notices/USN-7521-2", "https://ubuntu.com/security/notices/USN-7521-3", "https://ubuntu.com/security/notices/USN-7651-1", "https://ubuntu.com/security/notices/USN-7651-2", "https://ubuntu.com/security/notices/USN-7651-3", "https://ubuntu.com/security/notices/USN-7651-4", "https://ubuntu.com/security/notices/USN-7651-5", "https://ubuntu.com/security/notices/USN-7651-6", "https://ubuntu.com/security/notices/USN-7652-1", "https://ubuntu.com/security/notices/USN-7653-1", "https://ubuntu.com/security/notices/USN-7737-1", "https://www.cve.org/CVERecord?id=CVE-2025-21801" ], "PublishedDate": "2025-02-27T20:16:02.753Z", "LastModifiedDate": "2025-10-30T21:35:12.517Z" }, { "VulnerabilityID": "CVE-2025-21812", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21812", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b070e5d06b6e603d889fb3f3615b4a52ab3659778ddeef8513ddf51ab954b659", "Title": "kernel: ax25: rcu protect dev-\u003eax25_ptr", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: rcu protect dev-\u003eax25_ptr\n\nsyzbot found a lockdep issue [1].\n\nWe should remove ax25 RTNL dependency in ax25_setsockopt()\n\nThis should also fix a variety of possible UAF in ax25.\n\n[1]\n\nWARNING: possible circular locking dependency detected\n6.13.0-rc3-syzkaller-00762-g9268abe611b0 #0 Not tainted\n------------------------------------------------------\nsyz.5.1818/12806 is trying to acquire lock:\n ffffffff8fcb3988 (rtnl_mutex){+.+.}-{4:4}, at: ax25_setsockopt+0xa55/0xe90 net/ax25/af_ax25.c:680\n\nbut task is already holding lock:\n ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1618 [inline]\n ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: ax25_setsockopt+0x209/0xe90 net/ax25/af_ax25.c:574\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-\u003e #1 (sk_lock-AF_AX25){+.+.}-{0:0}:\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849\n lock_sock_nested+0x48/0x100 net/core/sock.c:3642\n lock_sock include/net/sock.h:1618 [inline]\n ax25_kill_by_device net/ax25/af_ax25.c:101 [inline]\n ax25_device_event+0x24d/0x580 net/ax25/af_ax25.c:146\n notifier_call_chain+0x1a5/0x3f0 kernel/notifier.c:85\n __dev_notify_flags+0x207/0x400\n dev_change_flags+0xf0/0x1a0 net/core/dev.c:9026\n dev_ifsioc+0x7c8/0xe70 net/core/dev_ioctl.c:563\n dev_ioctl+0x719/0x1340 net/core/dev_ioctl.c:820\n sock_do_ioctl+0x240/0x460 net/socket.c:1234\n sock_ioctl+0x626/0x8e0 net/socket.c:1339\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:906 [inline]\n __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n-\u003e #0 (rtnl_mutex){+.+.}-{4:4}:\n check_prev_add kernel/locking/lockdep.c:3161 [inline]\n check_prevs_add kernel/locking/lockdep.c:3280 [inline]\n validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3904\n __lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5226\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849\n __mutex_lock_common kernel/locking/mutex.c:585 [inline]\n __mutex_lock+0x1ac/0xee0 kernel/locking/mutex.c:735\n ax25_setsockopt+0xa55/0xe90 net/ax25/af_ax25.c:680\n do_sock_setsockopt+0x3af/0x720 net/socket.c:2324\n __sys_setsockopt net/socket.c:2349 [inline]\n __do_sys_setsockopt net/socket.c:2355 [inline]\n __se_sys_setsockopt net/socket.c:2352 [inline]\n __x64_sys_setsockopt+0x1ee/0x280 net/socket.c:2352\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nother info that might help us debug this:\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(sk_lock-AF_AX25);\n lock(rtnl_mutex);\n lock(sk_lock-AF_AX25);\n lock(rtnl_mutex);\n\n *** DEADLOCK ***\n\n1 lock held by syz.5.1818/12806:\n #0: ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1618 [inline]\n #0: ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: ax25_setsockopt+0x209/0xe90 net/ax25/af_ax25.c:574\n\nstack backtrace:\nCPU: 1 UID: 0 PID: 12806 Comm: syz.5.1818 Not tainted 6.13.0-rc3-syzkaller-00762-g9268abe611b0 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_circular_bug+0x13a/0x1b0 kernel/locking/lockdep.c:2074\n check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2206\n check_prev_add kernel/locking/lockdep.c:3161 [inline]\n check_prevs_add kernel/lockin\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "oracle-oval": 3, "redhat": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21812", "https://git.kernel.org/linus/95fc45d1dea8e1253f8ec58abc5befb71553d666 (6.14-rc1)", "https://git.kernel.org/stable/c/2802ed4ced27ebd474828fc67ffd7d66f11e3605", "https://git.kernel.org/stable/c/7705d8a7f2c26c80973c81093db07c6022b2b30e", "https://git.kernel.org/stable/c/8937f5e38a218531dce2a89fae60e3adcc2311e1", "https://git.kernel.org/stable/c/95fc45d1dea8e1253f8ec58abc5befb71553d666", "https://git.kernel.org/stable/c/c2531db6de3c95551be58878f859c6a053b7eb2e", "https://linux.oracle.com/cve/CVE-2025-21812.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html", "https://lore.kernel.org/linux-cve-announce/2025022754-CVE-2025-21812-9b17@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21812", "https://ubuntu.com/security/notices/USN-7521-1", "https://ubuntu.com/security/notices/USN-7521-2", "https://ubuntu.com/security/notices/USN-7521-3", "https://ubuntu.com/security/notices/USN-7651-1", "https://ubuntu.com/security/notices/USN-7651-2", "https://ubuntu.com/security/notices/USN-7651-3", "https://ubuntu.com/security/notices/USN-7651-4", "https://ubuntu.com/security/notices/USN-7651-5", "https://ubuntu.com/security/notices/USN-7651-6", "https://ubuntu.com/security/notices/USN-7652-1", "https://ubuntu.com/security/notices/USN-7653-1", "https://ubuntu.com/security/notices/USN-7737-1", "https://www.cve.org/CVERecord?id=CVE-2025-21812" ], "PublishedDate": "2025-02-27T20:16:03.783Z", "LastModifiedDate": "2025-11-03T21:19:12.06Z" }, { "VulnerabilityID": "CVE-2025-21816", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21816", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4c0140d1dcac220bb41afe8845f45783613c0b6e13566cb3177bea749928153f", "Title": "kernel: hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nhrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING\n\nhrtimers are migrated away from the dying CPU to any online target at\nthe CPUHP_AP_HRTIMERS_DYING stage in order not to delay bandwidth timers\nhandling tasks involved in the CPU hotplug forward progress.\n\nHowever wakeups can still be performed by the outgoing CPU after\nCPUHP_AP_HRTIMERS_DYING. Those can result again in bandwidth timers being\narmed. Depending on several considerations (crystal ball power management\nbased election, earliest timer already enqueued, timer migration enabled or\nnot), the target may eventually be the current CPU even if offline. If that\nhappens, the timer is eventually ignored.\n\nThe most notable example is RCU which had to deal with each and every of\nthose wake-ups by deferring them to an online CPU, along with related\nworkarounds:\n\n_ e787644caf76 (rcu: Defer RCU kthreads wakeup when CPU is dying)\n_ 9139f93209d1 (rcu/nocb: Fix RT throttling hrtimer armed from offline CPU)\n_ f7345ccc62a4 (rcu/nocb: Fix rcuog wake-up from offline softirq)\n\nThe problem isn't confined to RCU though as the stop machine kthread\n(which runs CPUHP_AP_HRTIMERS_DYING) reports its completion at the end\nof its work through cpu_stop_signal_done() and performs a wake up that\neventually arms the deadline server timer:\n\n WARNING: CPU: 94 PID: 588 at kernel/time/hrtimer.c:1086 hrtimer_start_range_ns+0x289/0x2d0\n CPU: 94 UID: 0 PID: 588 Comm: migration/94 Not tainted\n Stopper: multi_cpu_stop+0x0/0x120 \u003c- stop_machine_cpuslocked+0x66/0xc0\n RIP: 0010:hrtimer_start_range_ns+0x289/0x2d0\n Call Trace:\n \u003cTASK\u003e\n start_dl_timer\n enqueue_dl_entity\n dl_server_start\n enqueue_task_fair\n enqueue_task\n ttwu_do_activate\n try_to_wake_up\n complete\n cpu_stopper_thread\n\nInstead of providing yet another bandaid to work around the situation, fix\nit in the hrtimers infrastructure instead: always migrate away a timer to\nan online target whenever it is enqueued from an offline CPU.\n\nThis will also allow to revert all the above RCU disgraceful hacks.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21816", "https://git.kernel.org/linus/53dac345395c0d2493cbc2f4c85fe38aef5b63f5 (6.14-rc2)", "https://git.kernel.org/stable/c/2aecec58e9040ce3d2694707889f9914a2374955", "https://git.kernel.org/stable/c/53dac345395c0d2493cbc2f4c85fe38aef5b63f5", "https://git.kernel.org/stable/c/63815bef47ec25f5a125019ca480882481ee1553", "https://git.kernel.org/stable/c/82ac6adbbb2aad14548a71d5e2e37f4964a15e38", "https://git.kernel.org/stable/c/e456a88bddae4030ba962447bb84be6669f2a0c1", "https://linux.oracle.com/cve/CVE-2025-21816.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025022709-CVE-2025-21816-bbd4@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21816", "https://ubuntu.com/security/notices/USN-7521-1", "https://ubuntu.com/security/notices/USN-7521-2", "https://ubuntu.com/security/notices/USN-7521-3", "https://ubuntu.com/security/notices/USN-7651-1", "https://ubuntu.com/security/notices/USN-7651-2", "https://ubuntu.com/security/notices/USN-7651-3", "https://ubuntu.com/security/notices/USN-7651-4", "https://ubuntu.com/security/notices/USN-7651-5", "https://ubuntu.com/security/notices/USN-7651-6", "https://ubuntu.com/security/notices/USN-7652-1", "https://ubuntu.com/security/notices/USN-7653-1", "https://ubuntu.com/security/notices/USN-7737-1", "https://www.cve.org/CVERecord?id=CVE-2025-21816" ], "PublishedDate": "2025-02-27T20:16:04.15Z", "LastModifiedDate": "2025-11-03T18:15:49.47Z" }, { "VulnerabilityID": "CVE-2025-21817", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21817", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ae61075e02e0f6eb1c235075da68d4e94f31a3667ad29970f48090674805bc63", "Title": "kernel: block: mark GFP_NOIO around sysfs -\u003estore()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: mark GFP_NOIO around sysfs -\u003estore()\n\nsysfs -\u003estore is called with queue freezed, meantime we have several\n-\u003estore() callbacks(update_nr_requests, wbt, scheduler) to allocate\nmemory with GFP_KERNEL which may run into direct reclaim code path,\nthen potential deadlock can be caused.\n\nFix the issue by marking NOIO around sysfs -\u003estore()", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21817", "https://git.kernel.org/linus/7c0be4ead1f8f5f8be0803f347de0de81e3b8e1c (6.14-rc1)", "https://git.kernel.org/stable/c/2566ce907e5d5db8a039647208e029ce559baa31", "https://git.kernel.org/stable/c/7c0be4ead1f8f5f8be0803f347de0de81e3b8e1c", "https://lore.kernel.org/linux-cve-announce/2025022710-CVE-2025-21817-2fc8@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21817", "https://www.cve.org/CVERecord?id=CVE-2025-21817" ], "PublishedDate": "2025-02-27T20:16:04.243Z", "LastModifiedDate": "2025-10-28T02:53:28.03Z" }, { "VulnerabilityID": "CVE-2025-21819", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21819", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:766813e2a3ab9a87ce28db29ed394edd31e7618446d3829ac70fe7a49019bda9", "Title": "kernel: Revert \"drm/amd/display: Use HW lock mgr for PSR1\"", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"drm/amd/display: Use HW lock mgr for PSR1\"\n\nThis reverts commit\na2b5a9956269 (\"drm/amd/display: Use HW lock mgr for PSR1\")\n\nBecause it may cause system hang while connect with two edp panel.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "photon": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21819", "https://git.kernel.org/linus/f245b400a223a71d6d5f4c72a2cb9b573a7fc2b6 (6.14-rc2)", "https://git.kernel.org/stable/c/915697c2e69ac8d14dad498e6d6f43dbb7de3787", "https://git.kernel.org/stable/c/95c75578c420110c43791295985abb961d6dc033", "https://git.kernel.org/stable/c/a978864653e45d2671f99b09afcc1110e45d3dd9", "https://git.kernel.org/stable/c/dcc3f2c06d80da39eee742b51ddf0781affb260c", "https://git.kernel.org/stable/c/f245b400a223a71d6d5f4c72a2cb9b573a7fc2b6", "https://linux.oracle.com/cve/CVE-2025-21819.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html", "https://lore.kernel.org/linux-cve-announce/2025022710-CVE-2025-21819-5549@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21819", "https://www.cve.org/CVERecord?id=CVE-2025-21819" ], "PublishedDate": "2025-02-27T20:16:04.43Z", "LastModifiedDate": "2025-11-03T21:19:12.45Z" }, { "VulnerabilityID": "CVE-2025-21821", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21821", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f86decb8422e4e5778ab5d359cb1567a8ce64faf824146414a9b6fe9bb5402e3", "Title": "kernel: fbdev: omap: use threaded IRQ for LCD DMA", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: omap: use threaded IRQ for LCD DMA\n\nWhen using touchscreen and framebuffer, Nokia 770 crashes easily with:\n\n BUG: scheduling while atomic: irq/144-ads7846/82/0x00010000\n Modules linked in: usb_f_ecm g_ether usb_f_rndis u_ether libcomposite configfs omap_udc ohci_omap ohci_hcd\n CPU: 0 UID: 0 PID: 82 Comm: irq/144-ads7846 Not tainted 6.12.7-770 #2\n Hardware name: Nokia 770\n Call trace:\n unwind_backtrace from show_stack+0x10/0x14\n show_stack from dump_stack_lvl+0x54/0x5c\n dump_stack_lvl from __schedule_bug+0x50/0x70\n __schedule_bug from __schedule+0x4d4/0x5bc\n __schedule from schedule+0x34/0xa0\n schedule from schedule_preempt_disabled+0xc/0x10\n schedule_preempt_disabled from __mutex_lock.constprop.0+0x218/0x3b4\n __mutex_lock.constprop.0 from clk_prepare_lock+0x38/0xe4\n clk_prepare_lock from clk_set_rate+0x18/0x154\n clk_set_rate from sossi_read_data+0x4c/0x168\n sossi_read_data from hwa742_read_reg+0x5c/0x8c\n hwa742_read_reg from send_frame_handler+0xfc/0x300\n send_frame_handler from process_pending_requests+0x74/0xd0\n process_pending_requests from lcd_dma_irq_handler+0x50/0x74\n lcd_dma_irq_handler from __handle_irq_event_percpu+0x44/0x130\n __handle_irq_event_percpu from handle_irq_event+0x28/0x68\n handle_irq_event from handle_level_irq+0x9c/0x170\n handle_level_irq from generic_handle_domain_irq+0x2c/0x3c\n generic_handle_domain_irq from omap1_handle_irq+0x40/0x8c\n omap1_handle_irq from generic_handle_arch_irq+0x28/0x3c\n generic_handle_arch_irq from call_with_stack+0x1c/0x24\n call_with_stack from __irq_svc+0x94/0xa8\n Exception stack(0xc5255da0 to 0xc5255de8)\n 5da0: 00000001 c22fc620 00000000 00000000 c08384a8 c106fc00 00000000 c240c248\n 5dc0: c113a600 c3f6ec30 00000001 00000000 c22fc620 c5255df0 c22fc620 c0279a94\n 5de0: 60000013 ffffffff\n __irq_svc from clk_prepare_lock+0x4c/0xe4\n clk_prepare_lock from clk_get_rate+0x10/0x74\n clk_get_rate from uwire_setup_transfer+0x40/0x180\n uwire_setup_transfer from spi_bitbang_transfer_one+0x2c/0x9c\n spi_bitbang_transfer_one from spi_transfer_one_message+0x2d0/0x664\n spi_transfer_one_message from __spi_pump_transfer_message+0x29c/0x498\n __spi_pump_transfer_message from __spi_sync+0x1f8/0x2e8\n __spi_sync from spi_sync+0x24/0x40\n spi_sync from ads7846_halfd_read_state+0x5c/0x1c0\n ads7846_halfd_read_state from ads7846_irq+0x58/0x348\n ads7846_irq from irq_thread_fn+0x1c/0x78\n irq_thread_fn from irq_thread+0x120/0x228\n irq_thread from kthread+0xc8/0xe8\n kthread from ret_from_fork+0x14/0x28\n\nAs a quick fix, switch to a threaded IRQ which provides a stable system.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21821", "https://git.kernel.org/linus/e4b6b665df815b4841e71b72f06446884e8aad40 (6.14-rc1)", "https://git.kernel.org/stable/c/7bbbd311dd503653a2cc86d9226740883051dc92", "https://git.kernel.org/stable/c/8392ea100f0b86c234c739c6662f39f0ccc0cefd", "https://git.kernel.org/stable/c/aa8e22cbedeb626f2a6bda0aea362353d627cd0a", "https://git.kernel.org/stable/c/e4b6b665df815b4841e71b72f06446884e8aad40", "https://git.kernel.org/stable/c/fb6a5edb60921887d7d10619fcdcbee9759552cb", "https://linux.oracle.com/cve/CVE-2025-21821.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html", "https://lore.kernel.org/linux-cve-announce/2025022707-CVE-2025-21821-ae41@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21821", "https://ubuntu.com/security/notices/USN-7521-1", "https://ubuntu.com/security/notices/USN-7521-2", "https://ubuntu.com/security/notices/USN-7521-3", "https://ubuntu.com/security/notices/USN-7703-1", "https://ubuntu.com/security/notices/USN-7703-2", "https://ubuntu.com/security/notices/USN-7703-3", "https://ubuntu.com/security/notices/USN-7703-4", "https://ubuntu.com/security/notices/USN-7719-1", "https://ubuntu.com/security/notices/USN-7737-1", "https://www.cve.org/CVERecord?id=CVE-2025-21821" ], "PublishedDate": "2025-02-27T20:16:04.613Z", "LastModifiedDate": "2025-11-03T21:19:12.743Z" }, { "VulnerabilityID": "CVE-2025-21825", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21825", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:60cfe86211304fe6b98882895db477d8e3c6078033a185a33c2ec5ad4aca1758", "Title": "kernel: bpf: Cancel the running bpf_timer through kworker for PREEMPT_RT", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Cancel the running bpf_timer through kworker for PREEMPT_RT\n\nDuring the update procedure, when overwrite element in a pre-allocated\nhtab, the freeing of old_element is protected by the bucket lock. The\nreason why the bucket lock is necessary is that the old_element has\nalready been stashed in htab-\u003eextra_elems after alloc_htab_elem()\nreturns. If freeing the old_element after the bucket lock is unlocked,\nthe stashed element may be reused by concurrent update procedure and the\nfreeing of old_element will run concurrently with the reuse of the\nold_element. However, the invocation of check_and_free_fields() may\nacquire a spin-lock which violates the lockdep rule because its caller\nhas already held a raw-spin-lock (bucket lock). The following warning\nwill be reported when such race happens:\n\n BUG: scheduling while atomic: test_progs/676/0x00000003\n 3 locks held by test_progs/676:\n #0: ffffffff864b0240 (rcu_read_lock_trace){....}-{0:0}, at: bpf_prog_test_run_syscall+0x2c0/0x830\n #1: ffff88810e961188 (\u0026htab-\u003elockdep_key){....}-{2:2}, at: htab_map_update_elem+0x306/0x1500\n #2: ffff8881f4eac1b8 (\u0026base-\u003esoftirq_expiry_lock){....}-{2:2}, at: hrtimer_cancel_wait_running+0xe9/0x1b0\n Modules linked in: bpf_testmod(O)\n Preemption disabled at:\n [\u003cffffffff817837a3\u003e] htab_map_update_elem+0x293/0x1500\n CPU: 0 UID: 0 PID: 676 Comm: test_progs Tainted: G ... 6.12.0+ #11\n Tainted: [W]=WARN, [O]=OOT_MODULE\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)...\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x57/0x70\n dump_stack+0x10/0x20\n __schedule_bug+0x120/0x170\n __schedule+0x300c/0x4800\n schedule_rtlock+0x37/0x60\n rtlock_slowlock_locked+0x6d9/0x54c0\n rt_spin_lock+0x168/0x230\n hrtimer_cancel_wait_running+0xe9/0x1b0\n hrtimer_cancel+0x24/0x30\n bpf_timer_delete_work+0x1d/0x40\n bpf_timer_cancel_and_free+0x5e/0x80\n bpf_obj_free_fields+0x262/0x4a0\n check_and_free_fields+0x1d0/0x280\n htab_map_update_elem+0x7fc/0x1500\n bpf_prog_9f90bc20768e0cb9_overwrite_cb+0x3f/0x43\n bpf_prog_ea601c4649694dbd_overwrite_timer+0x5d/0x7e\n bpf_prog_test_run_syscall+0x322/0x830\n __sys_bpf+0x135d/0x3ca0\n __x64_sys_bpf+0x75/0xb0\n x64_sys_call+0x1b5/0xa10\n do_syscall_64+0x3b/0xc0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n ...\n \u003c/TASK\u003e\n\nIt seems feasible to break the reuse and refill of per-cpu extra_elems\ninto two independent parts: reuse the per-cpu extra_elems with bucket\nlock being held and refill the old_element as per-cpu extra_elems after\nthe bucket lock is unlocked. However, it will make the concurrent\noverwrite procedures on the same CPU return unexpected -E2BIG error when\nthe map is full.\n\nTherefore, the patch fixes the lock problem by breaking the cancelling\nof bpf_timer into two steps for PREEMPT_RT:\n1) use hrtimer_try_to_cancel() and check its return value\n2) if the timer is running, use hrtimer_cancel() through a kworker to\n cancel it again\nConsidering that the current implementation of hrtimer_cancel() will try\nto acquire a being held softirq_expiry_lock when the current timer is\nrunning, these steps above are reasonable. However, it also has\ndownside. When the timer is running, the cancelling of the timer is\ndelayed when releasing the last map uref. The delay is also fixable\n(e.g., break the cancelling of bpf timer into two parts: one part in\nlocked scope, another one in unlocked scope), it can be revised later if\nnecessary.\n\nIt is a bit hard to decide the right fix tag. One reason is that the\nproblem depends on PREEMPT_RT which is enabled in v6.12. Considering the\nsoftirq_expiry_lock lock exists since v5.4 and bpf_timer is introduced\nin v5.15, the bpf_timer commit is used in the fixes tag and an extra\ndepends-on tag is added to state the dependency on PREEMPT_RT.\n\nDepends-on: v6.12+ with PREEMPT_RT enabled", "Severity": "MEDIUM", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21825", "https://git.kernel.org/linus/58f038e6d209d2dd862fcf5de55407855856794d (6.14-rc1)", "https://git.kernel.org/stable/c/33e47d9573075342a41783a55c8c67bc71246fc1", "https://git.kernel.org/stable/c/58f038e6d209d2dd862fcf5de55407855856794d", "https://git.kernel.org/stable/c/fbeda3d939ca10063aafa7a77cc0f409d82cda88", "https://linux.oracle.com/cve/CVE-2025-21825.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025030629-CVE-2025-21825-b3bd@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21825", "https://ubuntu.com/security/notices/USN-7521-1", "https://ubuntu.com/security/notices/USN-7521-2", "https://ubuntu.com/security/notices/USN-7521-3", "https://ubuntu.com/security/notices/USN-7651-1", "https://ubuntu.com/security/notices/USN-7651-2", "https://ubuntu.com/security/notices/USN-7651-3", "https://ubuntu.com/security/notices/USN-7651-4", "https://ubuntu.com/security/notices/USN-7651-5", "https://ubuntu.com/security/notices/USN-7651-6", "https://ubuntu.com/security/notices/USN-7652-1", "https://ubuntu.com/security/notices/USN-7653-1", "https://ubuntu.com/security/notices/USN-7737-1", "https://www.cve.org/CVERecord?id=CVE-2025-21825" ], "PublishedDate": "2025-03-06T16:15:54.753Z", "LastModifiedDate": "2025-10-30T18:49:46.183Z" }, { "VulnerabilityID": "CVE-2025-21831", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21831", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2c3b9aaefde6da0d42c4b85ce9238c420b015c69579160f2e2a6ac06e2b2b0aa", "Title": "kernel: PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1\n\ncommit 9d26d3a8f1b0 (\"PCI: Put PCIe ports into D3 during suspend\") sets the\npolicy that all PCIe ports are allowed to use D3. When the system is\nsuspended if the port is not power manageable by the platform and won't be\nused for wakeup via a PME this sets up the policy for these ports to go\ninto D3hot.\n\nThis policy generally makes sense from an OSPM perspective but it leads to\nproblems with wakeup from suspend on the TUXEDO Sirius 16 Gen 1 with a\nspecific old BIOS. This manifests as a system hang.\n\nOn the affected Device + BIOS combination, add a quirk for the root port of\nthe problematic controller to ensure that these root ports are not put into\nD3hot at suspend.\n\nThis patch is based on\n\n https://lore.kernel.org/linux-pci/20230708214457.1229-2-mario.limonciello@amd.com\n\nbut with the added condition both in the documentation and in the code to\napply only to the TUXEDO Sirius 16 Gen 1 with a specific old BIOS and only\nthe affected root ports.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21831", "https://git.kernel.org/linus/b1049f2d68693c80a576c4578d96774a68df2bad (6.14-rc1)", "https://git.kernel.org/stable/c/5ee3dd6e59b834e4d66e8b16fc684749ee40a257", "https://git.kernel.org/stable/c/8852e056e297df1d8635ee7504e780d3184e45d0", "https://git.kernel.org/stable/c/a78dfe50fffe6058afed2bb04c50c2c9a16664ee", "https://git.kernel.org/stable/c/b1049f2d68693c80a576c4578d96774a68df2bad", "https://linux.oracle.com/cve/CVE-2025-21831.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025030634-CVE-2025-21831-3ada@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21831", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7521-1", "https://ubuntu.com/security/notices/USN-7521-2", "https://ubuntu.com/security/notices/USN-7521-3", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2025-21831" ], "PublishedDate": "2025-03-06T17:15:23.06Z", "LastModifiedDate": "2025-10-29T20:58:57.053Z" }, { "VulnerabilityID": "CVE-2025-21832", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21832", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:40eae177ddc26d57890fd1f21880bb587aab0a8b12760fcf3b1d7da18edfa9e4", "Title": "kernel: block: don't revert iter for -EIOCBQUEUED", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: don't revert iter for -EIOCBQUEUED\n\nblkdev_read_iter() has a few odd checks, like gating the position and\ncount adjustment on whether or not the result is bigger-than-or-equal to\nzero (where bigger than makes more sense), and not checking the return\nvalue of blkdev_direct_IO() before doing an iov_iter_revert(). The\nlatter can lead to attempting to revert with a negative value, which\nwhen passed to iov_iter_revert() as an unsigned value will lead to\nthrowing a WARN_ON() because unroll is bigger than MAX_RW_COUNT.\n\nBe sane and don't revert for -EIOCBQUEUED, like what is done in other\nspots.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21832", "https://git.kernel.org/linus/b13ee668e8280ca5b07f8ce2846b9957a8a10853 (6.14-rc1)", "https://git.kernel.org/stable/c/68f16d3034a06661245ecd22f0d586a8b4e7c473", "https://git.kernel.org/stable/c/6c26619effb1b4cb7d20b4e666ab8f71f6a53ccb", "https://git.kernel.org/stable/c/84671b0630ccb46ae9f1f99a45c7d63ffcd6a474", "https://git.kernel.org/stable/c/a58f136bad29f9ae721a29d98c042fddbee22f77", "https://git.kernel.org/stable/c/b13ee668e8280ca5b07f8ce2846b9957a8a10853", "https://linux.oracle.com/cve/CVE-2025-21832.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html", "https://lore.kernel.org/linux-cve-announce/2025030635-CVE-2025-21832-943e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21832", "https://ubuntu.com/security/notices/USN-7521-1", "https://ubuntu.com/security/notices/USN-7521-2", "https://ubuntu.com/security/notices/USN-7521-3", "https://ubuntu.com/security/notices/USN-7651-1", "https://ubuntu.com/security/notices/USN-7651-2", "https://ubuntu.com/security/notices/USN-7651-3", "https://ubuntu.com/security/notices/USN-7651-4", "https://ubuntu.com/security/notices/USN-7651-5", "https://ubuntu.com/security/notices/USN-7651-6", "https://ubuntu.com/security/notices/USN-7652-1", "https://ubuntu.com/security/notices/USN-7653-1", "https://ubuntu.com/security/notices/USN-7737-1", "https://www.cve.org/CVERecord?id=CVE-2025-21832" ], "PublishedDate": "2025-03-06T17:15:23.177Z", "LastModifiedDate": "2025-11-03T21:19:13.457Z" }, { "VulnerabilityID": "CVE-2025-21833", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21833", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3f78dc85b26d5a20520fd5858f01347b05de573ad0327ec79bb667925750b88d", "Title": "kernel: iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Avoid use of NULL after WARN_ON_ONCE\n\nThere is a WARN_ON_ONCE to catch an unlikely situation when\ndomain_remove_dev_pasid can't find the `pasid`. In case it nevertheless\nhappens we must avoid using a NULL pointer.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21833", "https://git.kernel.org/linus/60f030f7418d3f1d94f2fb207fe3080e1844630b (6.14-rc1)", "https://git.kernel.org/stable/c/60f030f7418d3f1d94f2fb207fe3080e1844630b", "https://git.kernel.org/stable/c/68ec78beb4a3fb0877cbaaf49758c85410c05977", "https://git.kernel.org/stable/c/df96876be3b064aefc493f760e0639765d13ed0d", "https://lore.kernel.org/linux-cve-announce/2025030635-CVE-2025-21833-dd2d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21833", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-21833" ], "PublishedDate": "2025-03-06T17:15:23.293Z", "LastModifiedDate": "2025-11-02T14:15:34.873Z" }, { "VulnerabilityID": "CVE-2025-21838", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21838", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:cfbabede9a5501cf0822f06664b51f4d5d96e083371709220e650b3388455fc1", "Title": "kernel: usb: gadget: core: flush gadget workqueue after device removal", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: core: flush gadget workqueue after device removal\n\ndevice_del() can lead to new work being scheduled in gadget-\u003ework\nworkqueue. This is observed, for example, with the dwc3 driver with the\nfollowing call stack:\n device_del()\n gadget_unbind_driver()\n usb_gadget_disconnect_locked()\n dwc3_gadget_pullup()\n\t dwc3_gadget_soft_disconnect()\n\t usb_gadget_set_state()\n\t schedule_work(\u0026gadget-\u003ework)\n\nMove flush_work() after device_del() to ensure the workqueue is cleaned\nup.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "V3Score": 6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21838", "https://git.kernel.org/linus/399a45e5237ca14037120b1b895bd38a3b4492ea (6.14-rc3)", "https://git.kernel.org/stable/c/399a45e5237ca14037120b1b895bd38a3b4492ea", "https://git.kernel.org/stable/c/859cb45aefa6de823b2fa7f229fe6d9562c9f3b7", "https://git.kernel.org/stable/c/97695b5a1b5467a4f91194db12160f56da445dfe", "https://git.kernel.org/stable/c/e3bc1a9a67ce33a2e761e6e7b7c2afc6cb9b7266", "https://git.kernel.org/stable/c/f894448f3904d7ad66fecef8f01fe0172629e091", "https://linux.oracle.com/cve/CVE-2025-21838.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html", "https://lore.kernel.org/linux-cve-announce/2025030706-CVE-2025-21838-5ade@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21838", "https://ubuntu.com/security/notices/USN-7521-1", "https://ubuntu.com/security/notices/USN-7521-2", "https://ubuntu.com/security/notices/USN-7521-3", "https://ubuntu.com/security/notices/USN-7703-1", "https://ubuntu.com/security/notices/USN-7703-2", "https://ubuntu.com/security/notices/USN-7703-3", "https://ubuntu.com/security/notices/USN-7703-4", "https://ubuntu.com/security/notices/USN-7719-1", "https://ubuntu.com/security/notices/USN-7737-1", "https://www.cve.org/CVERecord?id=CVE-2025-21838" ], "PublishedDate": "2025-03-07T09:15:16.81Z", "LastModifiedDate": "2025-11-03T20:17:21.257Z" }, { "VulnerabilityID": "CVE-2025-21855", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-164.174", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21855", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:53b73c5aab056094d075f446f9a2d6e348bdd24d8a8f9e99797ffc05db4a8824", "Title": "kernel: ibmvnic: Don't reference skb after sending to VIOS", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: Don't reference skb after sending to VIOS\n\nPreviously, after successfully flushing the xmit buffer to VIOS,\nthe tx_bytes stat was incremented by the length of the skb.\n\nIt is invalid to access the skb memory after sending the buffer to\nthe VIOS because, at any point after sending, the VIOS can trigger\nan interrupt to free this memory. A race between reading skb-\u003elen\nand freeing the skb is possible (especially during LPM) and will\nresult in use-after-free:\n ==================================================================\n BUG: KASAN: slab-use-after-free in ibmvnic_xmit+0x75c/0x1808 [ibmvnic]\n Read of size 4 at addr c00000024eb48a70 by task hxecom/14495\n \u003c...\u003e\n Call Trace:\n [c000000118f66cf0] [c0000000018cba6c] dump_stack_lvl+0x84/0xe8 (unreliable)\n [c000000118f66d20] [c0000000006f0080] print_report+0x1a8/0x7f0\n [c000000118f66df0] [c0000000006f08f0] kasan_report+0x128/0x1f8\n [c000000118f66f00] [c0000000006f2868] __asan_load4+0xac/0xe0\n [c000000118f66f20] [c0080000046eac84] ibmvnic_xmit+0x75c/0x1808 [ibmvnic]\n [c000000118f67340] [c0000000014be168] dev_hard_start_xmit+0x150/0x358\n \u003c...\u003e\n Freed by task 0:\n kasan_save_stack+0x34/0x68\n kasan_save_track+0x2c/0x50\n kasan_save_free_info+0x64/0x108\n __kasan_mempool_poison_object+0x148/0x2d4\n napi_skb_cache_put+0x5c/0x194\n net_tx_action+0x154/0x5b8\n handle_softirqs+0x20c/0x60c\n do_softirq_own_stack+0x6c/0x88\n \u003c...\u003e\n The buggy address belongs to the object at c00000024eb48a00 which\n belongs to the cache skbuff_head_cache of size 224\n==================================================================", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "alma": 2, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:20518", "https://access.redhat.com/security/cve/CVE-2025-21855", "https://bugzilla.redhat.com/2298169", "https://bugzilla.redhat.com/2312077", "https://bugzilla.redhat.com/2313092", "https://bugzilla.redhat.com/2320172", "https://bugzilla.redhat.com/2320259", "https://bugzilla.redhat.com/2320455", "https://bugzilla.redhat.com/2320616", "https://bugzilla.redhat.com/2320722", "https://bugzilla.redhat.com/2324549", "https://bugzilla.redhat.com/2327203", "https://bugzilla.redhat.com/2327374", "https://bugzilla.redhat.com/2327887", "https://bugzilla.redhat.com/2329918", "https://bugzilla.redhat.com/2330341", "https://bugzilla.redhat.com/2331326", "https://bugzilla.redhat.com/2334357", "https://bugzilla.redhat.com/2334396", "https://bugzilla.redhat.com/2334415", "https://bugzilla.redhat.com/2334439", "https://bugzilla.redhat.com/2334537", "https://bugzilla.redhat.com/2334547", "https://bugzilla.redhat.com/2334548", "https://bugzilla.redhat.com/2334560", "https://bugzilla.redhat.com/2334676", "https://bugzilla.redhat.com/2334795", "https://bugzilla.redhat.com/2334829", "https://bugzilla.redhat.com/2336541", "https://bugzilla.redhat.com/2337121", "https://bugzilla.redhat.com/2337124", "https://bugzilla.redhat.com/2338814", "https://bugzilla.redhat.com/2338828", "https://bugzilla.redhat.com/2338832", "https://bugzilla.redhat.com/2343172", "https://bugzilla.redhat.com/2343175", "https://bugzilla.redhat.com/2344684", "https://bugzilla.redhat.com/2344687", "https://bugzilla.redhat.com/2345240", "https://bugzilla.redhat.com/2346272", "https://bugzilla.redhat.com/2347707", "https://bugzilla.redhat.com/2347753", "https://bugzilla.redhat.com/2347759", "https://bugzilla.redhat.com/2347781", "https://bugzilla.redhat.com/2347807", "https://bugzilla.redhat.com/2347859", "https://bugzilla.redhat.com/2347919", "https://bugzilla.redhat.com/2347968", "https://bugzilla.redhat.com/2348022", "https://bugzilla.redhat.com/2348071", "https://bugzilla.redhat.com/2348238", "https://bugzilla.redhat.com/2348240", "https://bugzilla.redhat.com/2348279", "https://bugzilla.redhat.com/2348515", "https://bugzilla.redhat.com/2348523", "https://bugzilla.redhat.com/2348528", "https://bugzilla.redhat.com/2348541", "https://bugzilla.redhat.com/2348543", "https://bugzilla.redhat.com/2348547", "https://bugzilla.redhat.com/2348550", "https://bugzilla.redhat.com/2348554", "https://bugzilla.redhat.com/2348556", "https://bugzilla.redhat.com/2348566", "https://bugzilla.redhat.com/2348573", "https://bugzilla.redhat.com/2348574", "https://bugzilla.redhat.com/2348577", "https://bugzilla.redhat.com/2348578", "https://bugzilla.redhat.com/2348581", "https://bugzilla.redhat.com/2348584", "https://bugzilla.redhat.com/2348585", "https://bugzilla.redhat.com/2348587", "https://bugzilla.redhat.com/2348595", "https://bugzilla.redhat.com/2348597", "https://bugzilla.redhat.com/2348600", "https://bugzilla.redhat.com/2348601", "https://bugzilla.redhat.com/2348615", "https://bugzilla.redhat.com/2348620", "https://bugzilla.redhat.com/2348625", "https://bugzilla.redhat.com/2348634", "https://bugzilla.redhat.com/2348645", "https://bugzilla.redhat.com/2348650", "https://bugzilla.redhat.com/2348654", "https://bugzilla.redhat.com/2348901", "https://bugzilla.redhat.com/2350363", "https://bugzilla.redhat.com/2350367", "https://bugzilla.redhat.com/2350374", "https://bugzilla.redhat.com/2350375", "https://bugzilla.redhat.com/2350386", "https://bugzilla.redhat.com/2350388", "https://bugzilla.redhat.com/2350392", "https://bugzilla.redhat.com/2350396", "https://bugzilla.redhat.com/2350397", "https://bugzilla.redhat.com/2350400", "https://bugzilla.redhat.com/2350585", "https://bugzilla.redhat.com/2350589", "https://bugzilla.redhat.com/2350725", "https://bugzilla.redhat.com/2350726", "https://bugzilla.redhat.com/2351606", "https://bugzilla.redhat.com/2351608", "https://bugzilla.redhat.com/2351612", "https://bugzilla.redhat.com/2351613", "https://bugzilla.redhat.com/2351616", "https://bugzilla.redhat.com/2351618", "https://bugzilla.redhat.com/2351620", "https://bugzilla.redhat.com/2351624", "https://bugzilla.redhat.com/2351625", "https://bugzilla.redhat.com/2351629", "https://bugzilla.redhat.com/2351633", "https://bugzilla.redhat.com/2360215", "https://bugzilla.redhat.com/2363380", "https://bugzilla.redhat.com/2369184", "https://bugzilla.redhat.com/2376076", "https://bugzilla.redhat.com/2383441", "https://bugzilla.redhat.com/show_bug.cgi?id=2298169", "https://bugzilla.redhat.com/show_bug.cgi?id=2312077", "https://bugzilla.redhat.com/show_bug.cgi?id=2313092", "https://bugzilla.redhat.com/show_bug.cgi?id=2320172", "https://bugzilla.redhat.com/show_bug.cgi?id=2320259", "https://bugzilla.redhat.com/show_bug.cgi?id=2320455", "https://bugzilla.redhat.com/show_bug.cgi?id=2320616", "https://bugzilla.redhat.com/show_bug.cgi?id=2320722", "https://bugzilla.redhat.com/show_bug.cgi?id=2324549", "https://bugzilla.redhat.com/show_bug.cgi?id=2327203", "https://bugzilla.redhat.com/show_bug.cgi?id=2327374", "https://bugzilla.redhat.com/show_bug.cgi?id=2327887", "https://bugzilla.redhat.com/show_bug.cgi?id=2329918", "https://bugzilla.redhat.com/show_bug.cgi?id=2330341", "https://bugzilla.redhat.com/show_bug.cgi?id=2331326", "https://bugzilla.redhat.com/show_bug.cgi?id=2334357", "https://bugzilla.redhat.com/show_bug.cgi?id=2334396", "https://bugzilla.redhat.com/show_bug.cgi?id=2334415", "https://bugzilla.redhat.com/show_bug.cgi?id=2334439", "https://bugzilla.redhat.com/show_bug.cgi?id=2334537", "https://bugzilla.redhat.com/show_bug.cgi?id=2334547", "https://bugzilla.redhat.com/show_bug.cgi?id=2334548", "https://bugzilla.redhat.com/show_bug.cgi?id=2334560", "https://bugzilla.redhat.com/show_bug.cgi?id=2334676", "https://bugzilla.redhat.com/show_bug.cgi?id=2334795", "https://bugzilla.redhat.com/show_bug.cgi?id=2334829", "https://bugzilla.redhat.com/show_bug.cgi?id=2336541", "https://bugzilla.redhat.com/show_bug.cgi?id=2337121", "https://bugzilla.redhat.com/show_bug.cgi?id=2337124", "https://bugzilla.redhat.com/show_bug.cgi?id=2338814", "https://bugzilla.redhat.com/show_bug.cgi?id=2338828", "https://bugzilla.redhat.com/show_bug.cgi?id=2338832", "https://bugzilla.redhat.com/show_bug.cgi?id=2343172", "https://bugzilla.redhat.com/show_bug.cgi?id=2343175", "https://bugzilla.redhat.com/show_bug.cgi?id=2344684", "https://bugzilla.redhat.com/show_bug.cgi?id=2344687", "https://bugzilla.redhat.com/show_bug.cgi?id=2345240", "https://bugzilla.redhat.com/show_bug.cgi?id=2346272", "https://bugzilla.redhat.com/show_bug.cgi?id=2347707", "https://bugzilla.redhat.com/show_bug.cgi?id=2347753", "https://bugzilla.redhat.com/show_bug.cgi?id=2347759", "https://bugzilla.redhat.com/show_bug.cgi?id=2347781", "https://bugzilla.redhat.com/show_bug.cgi?id=2347807", "https://bugzilla.redhat.com/show_bug.cgi?id=2347859", "https://bugzilla.redhat.com/show_bug.cgi?id=2347919", "https://bugzilla.redhat.com/show_bug.cgi?id=2347968", "https://bugzilla.redhat.com/show_bug.cgi?id=2348022", "https://bugzilla.redhat.com/show_bug.cgi?id=2348071", "https://bugzilla.redhat.com/show_bug.cgi?id=2348238", "https://bugzilla.redhat.com/show_bug.cgi?id=2348240", "https://bugzilla.redhat.com/show_bug.cgi?id=2348279", "https://bugzilla.redhat.com/show_bug.cgi?id=2348515", "https://bugzilla.redhat.com/show_bug.cgi?id=2348523", "https://bugzilla.redhat.com/show_bug.cgi?id=2348528", "https://bugzilla.redhat.com/show_bug.cgi?id=2348541", "https://bugzilla.redhat.com/show_bug.cgi?id=2348543", "https://bugzilla.redhat.com/show_bug.cgi?id=2348547", "https://bugzilla.redhat.com/show_bug.cgi?id=2348550", "https://bugzilla.redhat.com/show_bug.cgi?id=2348554", "https://bugzilla.redhat.com/show_bug.cgi?id=2348556", "https://bugzilla.redhat.com/show_bug.cgi?id=2348566", "https://bugzilla.redhat.com/show_bug.cgi?id=2348573", "https://bugzilla.redhat.com/show_bug.cgi?id=2348574", "https://bugzilla.redhat.com/show_bug.cgi?id=2348577", "https://bugzilla.redhat.com/show_bug.cgi?id=2348578", "https://bugzilla.redhat.com/show_bug.cgi?id=2348581", "https://bugzilla.redhat.com/show_bug.cgi?id=2348584", "https://bugzilla.redhat.com/show_bug.cgi?id=2348585", "https://bugzilla.redhat.com/show_bug.cgi?id=2348587", "https://bugzilla.redhat.com/show_bug.cgi?id=2348595", "https://bugzilla.redhat.com/show_bug.cgi?id=2348597", "https://bugzilla.redhat.com/show_bug.cgi?id=2348600", "https://bugzilla.redhat.com/show_bug.cgi?id=2348601", "https://bugzilla.redhat.com/show_bug.cgi?id=2348615", "https://bugzilla.redhat.com/show_bug.cgi?id=2348620", "https://bugzilla.redhat.com/show_bug.cgi?id=2348625", "https://bugzilla.redhat.com/show_bug.cgi?id=2348634", "https://bugzilla.redhat.com/show_bug.cgi?id=2348645", "https://bugzilla.redhat.com/show_bug.cgi?id=2348650", "https://bugzilla.redhat.com/show_bug.cgi?id=2348654", "https://bugzilla.redhat.com/show_bug.cgi?id=2348901", "https://bugzilla.redhat.com/show_bug.cgi?id=2350363", "https://bugzilla.redhat.com/show_bug.cgi?id=2350367", "https://bugzilla.redhat.com/show_bug.cgi?id=2350374", "https://bugzilla.redhat.com/show_bug.cgi?id=2350375", "https://bugzilla.redhat.com/show_bug.cgi?id=2350386", "https://bugzilla.redhat.com/show_bug.cgi?id=2350388", "https://bugzilla.redhat.com/show_bug.cgi?id=2350392", "https://bugzilla.redhat.com/show_bug.cgi?id=2350396", "https://bugzilla.redhat.com/show_bug.cgi?id=2350397", "https://bugzilla.redhat.com/show_bug.cgi?id=2350400", "https://bugzilla.redhat.com/show_bug.cgi?id=2350585", "https://bugzilla.redhat.com/show_bug.cgi?id=2350589", "https://bugzilla.redhat.com/show_bug.cgi?id=2350725", "https://bugzilla.redhat.com/show_bug.cgi?id=2350726", "https://bugzilla.redhat.com/show_bug.cgi?id=2351606", "https://bugzilla.redhat.com/show_bug.cgi?id=2351608", "https://bugzilla.redhat.com/show_bug.cgi?id=2351612", "https://bugzilla.redhat.com/show_bug.cgi?id=2351613", "https://bugzilla.redhat.com/show_bug.cgi?id=2351616", "https://bugzilla.redhat.com/show_bug.cgi?id=2351618", "https://bugzilla.redhat.com/show_bug.cgi?id=2351620", "https://bugzilla.redhat.com/show_bug.cgi?id=2351624", "https://bugzilla.redhat.com/show_bug.cgi?id=2351625", "https://bugzilla.redhat.com/show_bug.cgi?id=2351629", "https://bugzilla.redhat.com/show_bug.cgi?id=2351633", "https://bugzilla.redhat.com/show_bug.cgi?id=2356647", "https://bugzilla.redhat.com/show_bug.cgi?id=2360215", "https://bugzilla.redhat.com/show_bug.cgi?id=2360223", "https://bugzilla.redhat.com/show_bug.cgi?id=2363380", "https://bugzilla.redhat.com/show_bug.cgi?id=2369184", "https://bugzilla.redhat.com/show_bug.cgi?id=2376076", "https://bugzilla.redhat.com/show_bug.cgi?id=2383441", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48830", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49024", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49269", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49353", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49432", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49437", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49443", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49623", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49627", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49643", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49657", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49670", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49845", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36350", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46744", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47679", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47727", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49570", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50060", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50195", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50294", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52332", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53052", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53090", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53119", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53135", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53170", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53229", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53241", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53680", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54456", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56603", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56645", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56662", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56690", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56709", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57981", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57986", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57987", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57988", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57990", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57993", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57995", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57998", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58012", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58015", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58057", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58062", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58068", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58072", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58075", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58077", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58083", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58088", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21647", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21671", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21693", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21696", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21702", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21714", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21728", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21738", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21745", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21746", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21765", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21787", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21806", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21828", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21829", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21837", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21839", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21844", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21846", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21848", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21851", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21855", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21861", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21863", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21902", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37994", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38116", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38396", "https://errata.almalinux.org/9/ALSA-2025-20518.html", "https://errata.rockylinux.org/RLSA-2025:20518", "https://git.kernel.org/linus/bdf5d13aa05ec314d4385b31ac974d6c7e0997c9 (6.14-rc4)", "https://git.kernel.org/stable/c/093b0e5c90592773863f300b908b741622eef597", "https://git.kernel.org/stable/c/25dddd01dcc8ef3acff964dbb32eeb0d89f098e9", "https://git.kernel.org/stable/c/501ac6a7e21b82e05207c6b4449812d82820f306", "https://git.kernel.org/stable/c/abaff2717470e4b5b7c0c3a90e128b211a23da09", "https://git.kernel.org/stable/c/bdf5d13aa05ec314d4385b31ac974d6c7e0997c9", "https://linux.oracle.com/cve/CVE-2025-21855.html", "https://linux.oracle.com/errata/ELSA-2025-20518-0.html", "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html", "https://lore.kernel.org/linux-cve-announce/2025031214-CVE-2025-21855-2d67@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21855", "https://ubuntu.com/security/notices/USN-7521-1", "https://ubuntu.com/security/notices/USN-7521-2", "https://ubuntu.com/security/notices/USN-7521-3", "https://ubuntu.com/security/notices/USN-7703-1", "https://ubuntu.com/security/notices/USN-7703-2", "https://ubuntu.com/security/notices/USN-7703-3", "https://ubuntu.com/security/notices/USN-7703-4", "https://ubuntu.com/security/notices/USN-7719-1", "https://ubuntu.com/security/notices/USN-7737-1", "https://ubuntu.com/security/notices/USN-7907-1", "https://ubuntu.com/security/notices/USN-7907-2", "https://ubuntu.com/security/notices/USN-7907-3", "https://ubuntu.com/security/notices/USN-7907-4", "https://ubuntu.com/security/notices/USN-7907-5", "https://ubuntu.com/security/notices/USN-7922-1", "https://ubuntu.com/security/notices/USN-7922-2", "https://ubuntu.com/security/notices/USN-7922-3", "https://ubuntu.com/security/notices/USN-7922-4", "https://ubuntu.com/security/notices/USN-7922-5", "https://ubuntu.com/security/notices/USN-7928-1", "https://ubuntu.com/security/notices/USN-7928-2", "https://ubuntu.com/security/notices/USN-7928-3", "https://ubuntu.com/security/notices/USN-7928-4", "https://ubuntu.com/security/notices/USN-7928-5", "https://ubuntu.com/security/notices/USN-7930-1", "https://ubuntu.com/security/notices/USN-7930-2", "https://ubuntu.com/security/notices/USN-7937-1", "https://ubuntu.com/security/notices/USN-7938-1", "https://ubuntu.com/security/notices/USN-7939-1", "https://ubuntu.com/security/notices/USN-7939-2", "https://www.cve.org/CVERecord?id=CVE-2025-21855" ], "PublishedDate": "2025-03-12T10:15:18.32Z", "LastModifiedDate": "2025-11-03T20:17:22.35Z" }, { "VulnerabilityID": "CVE-2025-21861", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21861", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c518cbf393fcfbf884e0c63a3c46c23eb51f4cb5ae72c5d908a4eefb63d99ac1", "Title": "kernel: mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize()\n\nIf migration succeeded, we called\nfolio_migrate_flags()-\u003emem_cgroup_migrate() to migrate the memcg from the\nold to the new folio. This will set memcg_data of the old folio to 0.\n\nSimilarly, if migration failed, memcg_data of the dst folio is left unset.\n\nIf we call folio_putback_lru() on such folios (memcg_data == 0), we will\nadd the folio to be freed to the LRU, making memcg code unhappy. Running\nthe hmm selftests:\n\n # ./hmm-tests\n ...\n # RUN hmm.hmm_device_private.migrate ...\n [ 102.078007][T14893] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x7ff27d200 pfn:0x13cc00\n [ 102.079974][T14893] anon flags: 0x17ff00000020018(uptodate|dirty|swapbacked|node=0|zone=2|lastcpupid=0x7ff)\n [ 102.082037][T14893] raw: 017ff00000020018 dead000000000100 dead000000000122 ffff8881353896c9\n [ 102.083687][T14893] raw: 00000007ff27d200 0000000000000000 00000001ffffffff 0000000000000000\n [ 102.085331][T14893] page dumped because: VM_WARN_ON_ONCE_FOLIO(!memcg \u0026\u0026 !mem_cgroup_disabled())\n [ 102.087230][T14893] ------------[ cut here ]------------\n [ 102.088279][T14893] WARNING: CPU: 0 PID: 14893 at ./include/linux/memcontrol.h:726 folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.090478][T14893] Modules linked in:\n [ 102.091244][T14893] CPU: 0 UID: 0 PID: 14893 Comm: hmm-tests Not tainted 6.13.0-09623-g6c216bc522fd #151\n [ 102.093089][T14893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\n [ 102.094848][T14893] RIP: 0010:folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.096104][T14893] Code: ...\n [ 102.099908][T14893] RSP: 0018:ffffc900236c37b0 EFLAGS: 00010293\n [ 102.101152][T14893] RAX: 0000000000000000 RBX: ffffea0004f30000 RCX: ffffffff8183f426\n [ 102.102684][T14893] RDX: ffff8881063cb880 RSI: ffffffff81b8117f RDI: ffff8881063cb880\n [ 102.104227][T14893] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000\n [ 102.105757][T14893] R10: 0000000000000001 R11: 0000000000000002 R12: ffffc900236c37d8\n [ 102.107296][T14893] R13: ffff888277a2bcb0 R14: 000000000000001f R15: 0000000000000000\n [ 102.108830][T14893] FS: 00007ff27dbdd740(0000) GS:ffff888277a00000(0000) knlGS:0000000000000000\n [ 102.110643][T14893] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [ 102.111924][T14893] CR2: 00007ff27d400000 CR3: 000000010866e000 CR4: 0000000000750ef0\n [ 102.113478][T14893] PKRU: 55555554\n [ 102.114172][T14893] Call Trace:\n [ 102.114805][T14893] \u003cTASK\u003e\n [ 102.115397][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.116547][T14893] ? __warn.cold+0x110/0x210\n [ 102.117461][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.118667][T14893] ? report_bug+0x1b9/0x320\n [ 102.119571][T14893] ? handle_bug+0x54/0x90\n [ 102.120494][T14893] ? exc_invalid_op+0x17/0x50\n [ 102.121433][T14893] ? asm_exc_invalid_op+0x1a/0x20\n [ 102.122435][T14893] ? __wake_up_klogd.part.0+0x76/0xd0\n [ 102.123506][T14893] ? dump_page+0x4f/0x60\n [ 102.124352][T14893] ? folio_lruvec_lock_irqsave+0x10e/0x170\n [ 102.125500][T14893] folio_batch_move_lru+0xd4/0x200\n [ 102.126577][T14893] ? __pfx_lru_add+0x10/0x10\n [ 102.127505][T14893] __folio_batch_add_and_move+0x391/0x720\n [ 102.128633][T14893] ? __pfx_lru_add+0x10/0x10\n [ 102.129550][T14893] folio_putback_lru+0x16/0x80\n [ 102.130564][T14893] migrate_device_finalize+0x9b/0x530\n [ 102.131640][T14893] dmirror_migrate_to_device.constprop.0+0x7c5/0xad0\n [ 102.133047][T14893] dmirror_fops_unlocked_ioctl+0x89b/0xc80\n\nLikely, nothing else goes wrong: putting the last folio reference will\nremove the folio from the LRU again. So besides memcg complaining, adding\nthe folio to be freed to the LRU is just an unnecessary step.\n\nThe new flow resembles what we have in migrate_folio_move(): add the dst\nto the lru, rem\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "alma": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:20518", "https://access.redhat.com/security/cve/CVE-2025-21861", "https://bugzilla.redhat.com/2298169", "https://bugzilla.redhat.com/2312077", "https://bugzilla.redhat.com/2313092", "https://bugzilla.redhat.com/2320172", "https://bugzilla.redhat.com/2320259", "https://bugzilla.redhat.com/2320455", "https://bugzilla.redhat.com/2320616", "https://bugzilla.redhat.com/2320722", "https://bugzilla.redhat.com/2324549", "https://bugzilla.redhat.com/2327203", "https://bugzilla.redhat.com/2327374", "https://bugzilla.redhat.com/2327887", "https://bugzilla.redhat.com/2329918", "https://bugzilla.redhat.com/2330341", "https://bugzilla.redhat.com/2331326", "https://bugzilla.redhat.com/2334357", "https://bugzilla.redhat.com/2334396", "https://bugzilla.redhat.com/2334415", "https://bugzilla.redhat.com/2334439", "https://bugzilla.redhat.com/2334537", "https://bugzilla.redhat.com/2334547", "https://bugzilla.redhat.com/2334548", "https://bugzilla.redhat.com/2334560", "https://bugzilla.redhat.com/2334676", "https://bugzilla.redhat.com/2334795", "https://bugzilla.redhat.com/2334829", "https://bugzilla.redhat.com/2336541", "https://bugzilla.redhat.com/2337121", "https://bugzilla.redhat.com/2337124", "https://bugzilla.redhat.com/2338814", "https://bugzilla.redhat.com/2338828", "https://bugzilla.redhat.com/2338832", "https://bugzilla.redhat.com/2343172", "https://bugzilla.redhat.com/2343175", "https://bugzilla.redhat.com/2344684", "https://bugzilla.redhat.com/2344687", "https://bugzilla.redhat.com/2345240", "https://bugzilla.redhat.com/2346272", "https://bugzilla.redhat.com/2347707", "https://bugzilla.redhat.com/2347753", "https://bugzilla.redhat.com/2347759", "https://bugzilla.redhat.com/2347781", "https://bugzilla.redhat.com/2347807", "https://bugzilla.redhat.com/2347859", "https://bugzilla.redhat.com/2347919", "https://bugzilla.redhat.com/2347968", "https://bugzilla.redhat.com/2348022", "https://bugzilla.redhat.com/2348071", "https://bugzilla.redhat.com/2348238", "https://bugzilla.redhat.com/2348240", "https://bugzilla.redhat.com/2348279", "https://bugzilla.redhat.com/2348515", "https://bugzilla.redhat.com/2348523", "https://bugzilla.redhat.com/2348528", "https://bugzilla.redhat.com/2348541", "https://bugzilla.redhat.com/2348543", "https://bugzilla.redhat.com/2348547", "https://bugzilla.redhat.com/2348550", "https://bugzilla.redhat.com/2348554", "https://bugzilla.redhat.com/2348556", "https://bugzilla.redhat.com/2348566", "https://bugzilla.redhat.com/2348573", "https://bugzilla.redhat.com/2348574", "https://bugzilla.redhat.com/2348577", "https://bugzilla.redhat.com/2348578", "https://bugzilla.redhat.com/2348581", "https://bugzilla.redhat.com/2348584", "https://bugzilla.redhat.com/2348585", "https://bugzilla.redhat.com/2348587", "https://bugzilla.redhat.com/2348595", "https://bugzilla.redhat.com/2348597", "https://bugzilla.redhat.com/2348600", "https://bugzilla.redhat.com/2348601", "https://bugzilla.redhat.com/2348615", "https://bugzilla.redhat.com/2348620", "https://bugzilla.redhat.com/2348625", "https://bugzilla.redhat.com/2348634", "https://bugzilla.redhat.com/2348645", "https://bugzilla.redhat.com/2348650", "https://bugzilla.redhat.com/2348654", "https://bugzilla.redhat.com/2348901", "https://bugzilla.redhat.com/2350363", "https://bugzilla.redhat.com/2350367", "https://bugzilla.redhat.com/2350374", "https://bugzilla.redhat.com/2350375", "https://bugzilla.redhat.com/2350386", "https://bugzilla.redhat.com/2350388", "https://bugzilla.redhat.com/2350392", "https://bugzilla.redhat.com/2350396", "https://bugzilla.redhat.com/2350397", "https://bugzilla.redhat.com/2350400", "https://bugzilla.redhat.com/2350585", "https://bugzilla.redhat.com/2350589", "https://bugzilla.redhat.com/2350725", "https://bugzilla.redhat.com/2350726", "https://bugzilla.redhat.com/2351606", "https://bugzilla.redhat.com/2351608", "https://bugzilla.redhat.com/2351612", "https://bugzilla.redhat.com/2351613", "https://bugzilla.redhat.com/2351616", "https://bugzilla.redhat.com/2351618", "https://bugzilla.redhat.com/2351620", "https://bugzilla.redhat.com/2351624", "https://bugzilla.redhat.com/2351625", "https://bugzilla.redhat.com/2351629", "https://bugzilla.redhat.com/2351633", "https://bugzilla.redhat.com/2360215", "https://bugzilla.redhat.com/2363380", "https://bugzilla.redhat.com/2369184", "https://bugzilla.redhat.com/2376076", "https://bugzilla.redhat.com/2383441", "https://bugzilla.redhat.com/show_bug.cgi?id=2298169", "https://bugzilla.redhat.com/show_bug.cgi?id=2312077", "https://bugzilla.redhat.com/show_bug.cgi?id=2313092", "https://bugzilla.redhat.com/show_bug.cgi?id=2320172", "https://bugzilla.redhat.com/show_bug.cgi?id=2320259", "https://bugzilla.redhat.com/show_bug.cgi?id=2320455", "https://bugzilla.redhat.com/show_bug.cgi?id=2320616", "https://bugzilla.redhat.com/show_bug.cgi?id=2320722", "https://bugzilla.redhat.com/show_bug.cgi?id=2324549", "https://bugzilla.redhat.com/show_bug.cgi?id=2327203", "https://bugzilla.redhat.com/show_bug.cgi?id=2327374", "https://bugzilla.redhat.com/show_bug.cgi?id=2327887", "https://bugzilla.redhat.com/show_bug.cgi?id=2329918", "https://bugzilla.redhat.com/show_bug.cgi?id=2330341", "https://bugzilla.redhat.com/show_bug.cgi?id=2331326", "https://bugzilla.redhat.com/show_bug.cgi?id=2334357", "https://bugzilla.redhat.com/show_bug.cgi?id=2334396", "https://bugzilla.redhat.com/show_bug.cgi?id=2334415", "https://bugzilla.redhat.com/show_bug.cgi?id=2334439", "https://bugzilla.redhat.com/show_bug.cgi?id=2334537", "https://bugzilla.redhat.com/show_bug.cgi?id=2334547", "https://bugzilla.redhat.com/show_bug.cgi?id=2334548", "https://bugzilla.redhat.com/show_bug.cgi?id=2334560", "https://bugzilla.redhat.com/show_bug.cgi?id=2334676", "https://bugzilla.redhat.com/show_bug.cgi?id=2334795", "https://bugzilla.redhat.com/show_bug.cgi?id=2334829", "https://bugzilla.redhat.com/show_bug.cgi?id=2336541", "https://bugzilla.redhat.com/show_bug.cgi?id=2337121", "https://bugzilla.redhat.com/show_bug.cgi?id=2337124", "https://bugzilla.redhat.com/show_bug.cgi?id=2338814", "https://bugzilla.redhat.com/show_bug.cgi?id=2338828", "https://bugzilla.redhat.com/show_bug.cgi?id=2338832", "https://bugzilla.redhat.com/show_bug.cgi?id=2343172", "https://bugzilla.redhat.com/show_bug.cgi?id=2343175", "https://bugzilla.redhat.com/show_bug.cgi?id=2344684", "https://bugzilla.redhat.com/show_bug.cgi?id=2344687", "https://bugzilla.redhat.com/show_bug.cgi?id=2345240", "https://bugzilla.redhat.com/show_bug.cgi?id=2346272", "https://bugzilla.redhat.com/show_bug.cgi?id=2347707", "https://bugzilla.redhat.com/show_bug.cgi?id=2347753", "https://bugzilla.redhat.com/show_bug.cgi?id=2347759", "https://bugzilla.redhat.com/show_bug.cgi?id=2347781", "https://bugzilla.redhat.com/show_bug.cgi?id=2347807", "https://bugzilla.redhat.com/show_bug.cgi?id=2347859", "https://bugzilla.redhat.com/show_bug.cgi?id=2347919", "https://bugzilla.redhat.com/show_bug.cgi?id=2347968", "https://bugzilla.redhat.com/show_bug.cgi?id=2348022", "https://bugzilla.redhat.com/show_bug.cgi?id=2348071", "https://bugzilla.redhat.com/show_bug.cgi?id=2348238", "https://bugzilla.redhat.com/show_bug.cgi?id=2348240", "https://bugzilla.redhat.com/show_bug.cgi?id=2348279", "https://bugzilla.redhat.com/show_bug.cgi?id=2348515", "https://bugzilla.redhat.com/show_bug.cgi?id=2348523", "https://bugzilla.redhat.com/show_bug.cgi?id=2348528", "https://bugzilla.redhat.com/show_bug.cgi?id=2348541", "https://bugzilla.redhat.com/show_bug.cgi?id=2348543", "https://bugzilla.redhat.com/show_bug.cgi?id=2348547", "https://bugzilla.redhat.com/show_bug.cgi?id=2348550", "https://bugzilla.redhat.com/show_bug.cgi?id=2348554", "https://bugzilla.redhat.com/show_bug.cgi?id=2348556", "https://bugzilla.redhat.com/show_bug.cgi?id=2348566", "https://bugzilla.redhat.com/show_bug.cgi?id=2348573", "https://bugzilla.redhat.com/show_bug.cgi?id=2348574", "https://bugzilla.redhat.com/show_bug.cgi?id=2348577", "https://bugzilla.redhat.com/show_bug.cgi?id=2348578", "https://bugzilla.redhat.com/show_bug.cgi?id=2348581", "https://bugzilla.redhat.com/show_bug.cgi?id=2348584", "https://bugzilla.redhat.com/show_bug.cgi?id=2348585", "https://bugzilla.redhat.com/show_bug.cgi?id=2348587", "https://bugzilla.redhat.com/show_bug.cgi?id=2348595", "https://bugzilla.redhat.com/show_bug.cgi?id=2348597", "https://bugzilla.redhat.com/show_bug.cgi?id=2348600", "https://bugzilla.redhat.com/show_bug.cgi?id=2348601", "https://bugzilla.redhat.com/show_bug.cgi?id=2348615", "https://bugzilla.redhat.com/show_bug.cgi?id=2348620", "https://bugzilla.redhat.com/show_bug.cgi?id=2348625", "https://bugzilla.redhat.com/show_bug.cgi?id=2348634", "https://bugzilla.redhat.com/show_bug.cgi?id=2348645", "https://bugzilla.redhat.com/show_bug.cgi?id=2348650", "https://bugzilla.redhat.com/show_bug.cgi?id=2348654", "https://bugzilla.redhat.com/show_bug.cgi?id=2348901", "https://bugzilla.redhat.com/show_bug.cgi?id=2350363", "https://bugzilla.redhat.com/show_bug.cgi?id=2350367", "https://bugzilla.redhat.com/show_bug.cgi?id=2350374", "https://bugzilla.redhat.com/show_bug.cgi?id=2350375", "https://bugzilla.redhat.com/show_bug.cgi?id=2350386", "https://bugzilla.redhat.com/show_bug.cgi?id=2350388", "https://bugzilla.redhat.com/show_bug.cgi?id=2350392", "https://bugzilla.redhat.com/show_bug.cgi?id=2350396", "https://bugzilla.redhat.com/show_bug.cgi?id=2350397", "https://bugzilla.redhat.com/show_bug.cgi?id=2350400", "https://bugzilla.redhat.com/show_bug.cgi?id=2350585", "https://bugzilla.redhat.com/show_bug.cgi?id=2350589", "https://bugzilla.redhat.com/show_bug.cgi?id=2350725", "https://bugzilla.redhat.com/show_bug.cgi?id=2350726", "https://bugzilla.redhat.com/show_bug.cgi?id=2351606", "https://bugzilla.redhat.com/show_bug.cgi?id=2351608", "https://bugzilla.redhat.com/show_bug.cgi?id=2351612", "https://bugzilla.redhat.com/show_bug.cgi?id=2351613", "https://bugzilla.redhat.com/show_bug.cgi?id=2351616", "https://bugzilla.redhat.com/show_bug.cgi?id=2351618", "https://bugzilla.redhat.com/show_bug.cgi?id=2351620", "https://bugzilla.redhat.com/show_bug.cgi?id=2351624", "https://bugzilla.redhat.com/show_bug.cgi?id=2351625", "https://bugzilla.redhat.com/show_bug.cgi?id=2351629", "https://bugzilla.redhat.com/show_bug.cgi?id=2351633", "https://bugzilla.redhat.com/show_bug.cgi?id=2356647", "https://bugzilla.redhat.com/show_bug.cgi?id=2360215", "https://bugzilla.redhat.com/show_bug.cgi?id=2360223", "https://bugzilla.redhat.com/show_bug.cgi?id=2363380", "https://bugzilla.redhat.com/show_bug.cgi?id=2369184", "https://bugzilla.redhat.com/show_bug.cgi?id=2376076", "https://bugzilla.redhat.com/show_bug.cgi?id=2383441", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48830", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49024", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49269", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49353", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49432", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49437", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49443", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49623", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49627", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49643", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49657", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49670", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49845", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36350", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46744", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47679", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47727", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49570", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50060", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50195", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50294", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52332", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53052", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53090", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53119", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53135", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53170", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53229", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53241", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53680", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54456", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56603", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56645", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56662", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56690", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56709", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57981", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57986", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57987", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57988", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57990", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57993", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57995", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57998", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58012", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58015", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58057", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58062", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58068", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58072", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58075", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58077", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58083", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58088", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21647", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21671", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21693", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21696", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21702", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21714", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21728", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21738", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21745", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21746", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21765", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21787", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21806", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21828", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21829", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21837", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21839", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21844", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21846", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21848", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21851", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21855", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21861", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21863", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21902", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37994", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38116", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38396", "https://errata.almalinux.org/9/ALSA-2025-20518.html", "https://errata.rockylinux.org/RLSA-2025:20518", "https://git.kernel.org/linus/41cddf83d8b00f29fd105e7a0777366edc69a5cf (6.14-rc4)", "https://git.kernel.org/stable/c/069dd21ea8262204f94737878389c2815a054a9e", "https://git.kernel.org/stable/c/20fb6fc51863fbff7868de8b5f6d249d2094df1f", "https://git.kernel.org/stable/c/3f9240d59e9a95d19f06120bfd1d0e681c6c0ac7", "https://git.kernel.org/stable/c/41cddf83d8b00f29fd105e7a0777366edc69a5cf", "https://git.kernel.org/stable/c/4f52f7c50f5b6f5eeb06823e21fe546d90f9c595", "https://git.kernel.org/stable/c/61fa824e304ed162fe965f64999068e6fcff2059", "https://git.kernel.org/stable/c/64397b0cb7c09e3ef3f9f5c7c17299c4eebd3875", "https://git.kernel.org/stable/c/78f579cb7d825134e071a1714d8d0c4fd0ffe459", "https://linux.oracle.com/cve/CVE-2025-21861.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025031216-CVE-2025-21861-c775@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21861", "https://ubuntu.com/security/notices/USN-7703-1", "https://ubuntu.com/security/notices/USN-7703-2", "https://ubuntu.com/security/notices/USN-7703-3", "https://ubuntu.com/security/notices/USN-7703-4", "https://ubuntu.com/security/notices/USN-7719-1", "https://ubuntu.com/security/notices/USN-7737-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-21861" ], "PublishedDate": "2025-03-12T10:15:19.117Z", "LastModifiedDate": "2025-10-02T14:15:43.133Z" }, { "VulnerabilityID": "CVE-2025-21863", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21863", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:fc3cd0ab493a756e88d99ad318e4d6d0c30e19ab281c55b67d352db281dbda2d", "Title": "kernel: io_uring: prevent opcode speculation", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: prevent opcode speculation\n\nsqe-\u003eopcode is used for different tables, make sure we santitise it\nagainst speculations.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "azure": 2, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:20518", "https://access.redhat.com/security/cve/CVE-2025-21863", "https://bugzilla.redhat.com/2298169", "https://bugzilla.redhat.com/2312077", "https://bugzilla.redhat.com/2313092", "https://bugzilla.redhat.com/2320172", "https://bugzilla.redhat.com/2320259", "https://bugzilla.redhat.com/2320455", "https://bugzilla.redhat.com/2320616", "https://bugzilla.redhat.com/2320722", "https://bugzilla.redhat.com/2324549", "https://bugzilla.redhat.com/2327203", "https://bugzilla.redhat.com/2327374", "https://bugzilla.redhat.com/2327887", "https://bugzilla.redhat.com/2329918", "https://bugzilla.redhat.com/2330341", "https://bugzilla.redhat.com/2331326", "https://bugzilla.redhat.com/2334357", "https://bugzilla.redhat.com/2334396", "https://bugzilla.redhat.com/2334415", "https://bugzilla.redhat.com/2334439", "https://bugzilla.redhat.com/2334537", "https://bugzilla.redhat.com/2334547", "https://bugzilla.redhat.com/2334548", "https://bugzilla.redhat.com/2334560", "https://bugzilla.redhat.com/2334676", "https://bugzilla.redhat.com/2334795", "https://bugzilla.redhat.com/2334829", "https://bugzilla.redhat.com/2336541", "https://bugzilla.redhat.com/2337121", "https://bugzilla.redhat.com/2337124", "https://bugzilla.redhat.com/2338814", "https://bugzilla.redhat.com/2338828", "https://bugzilla.redhat.com/2338832", "https://bugzilla.redhat.com/2343172", "https://bugzilla.redhat.com/2343175", "https://bugzilla.redhat.com/2344684", "https://bugzilla.redhat.com/2344687", "https://bugzilla.redhat.com/2345240", "https://bugzilla.redhat.com/2346272", "https://bugzilla.redhat.com/2347707", "https://bugzilla.redhat.com/2347753", "https://bugzilla.redhat.com/2347759", "https://bugzilla.redhat.com/2347781", "https://bugzilla.redhat.com/2347807", "https://bugzilla.redhat.com/2347859", "https://bugzilla.redhat.com/2347919", "https://bugzilla.redhat.com/2347968", "https://bugzilla.redhat.com/2348022", "https://bugzilla.redhat.com/2348071", "https://bugzilla.redhat.com/2348238", "https://bugzilla.redhat.com/2348240", "https://bugzilla.redhat.com/2348279", "https://bugzilla.redhat.com/2348515", "https://bugzilla.redhat.com/2348523", "https://bugzilla.redhat.com/2348528", "https://bugzilla.redhat.com/2348541", "https://bugzilla.redhat.com/2348543", "https://bugzilla.redhat.com/2348547", "https://bugzilla.redhat.com/2348550", "https://bugzilla.redhat.com/2348554", "https://bugzilla.redhat.com/2348556", "https://bugzilla.redhat.com/2348566", "https://bugzilla.redhat.com/2348573", "https://bugzilla.redhat.com/2348574", "https://bugzilla.redhat.com/2348577", "https://bugzilla.redhat.com/2348578", "https://bugzilla.redhat.com/2348581", "https://bugzilla.redhat.com/2348584", "https://bugzilla.redhat.com/2348585", "https://bugzilla.redhat.com/2348587", "https://bugzilla.redhat.com/2348595", "https://bugzilla.redhat.com/2348597", "https://bugzilla.redhat.com/2348600", "https://bugzilla.redhat.com/2348601", "https://bugzilla.redhat.com/2348615", "https://bugzilla.redhat.com/2348620", "https://bugzilla.redhat.com/2348625", "https://bugzilla.redhat.com/2348634", "https://bugzilla.redhat.com/2348645", "https://bugzilla.redhat.com/2348650", "https://bugzilla.redhat.com/2348654", "https://bugzilla.redhat.com/2348901", "https://bugzilla.redhat.com/2350363", "https://bugzilla.redhat.com/2350367", "https://bugzilla.redhat.com/2350374", "https://bugzilla.redhat.com/2350375", "https://bugzilla.redhat.com/2350386", "https://bugzilla.redhat.com/2350388", "https://bugzilla.redhat.com/2350392", "https://bugzilla.redhat.com/2350396", "https://bugzilla.redhat.com/2350397", "https://bugzilla.redhat.com/2350400", "https://bugzilla.redhat.com/2350585", "https://bugzilla.redhat.com/2350589", "https://bugzilla.redhat.com/2350725", "https://bugzilla.redhat.com/2350726", "https://bugzilla.redhat.com/2351606", "https://bugzilla.redhat.com/2351608", "https://bugzilla.redhat.com/2351612", "https://bugzilla.redhat.com/2351613", "https://bugzilla.redhat.com/2351616", "https://bugzilla.redhat.com/2351618", "https://bugzilla.redhat.com/2351620", "https://bugzilla.redhat.com/2351624", "https://bugzilla.redhat.com/2351625", "https://bugzilla.redhat.com/2351629", "https://bugzilla.redhat.com/2351633", "https://bugzilla.redhat.com/2360215", "https://bugzilla.redhat.com/2363380", "https://bugzilla.redhat.com/2369184", "https://bugzilla.redhat.com/2376076", "https://bugzilla.redhat.com/2383441", "https://bugzilla.redhat.com/show_bug.cgi?id=2298169", "https://bugzilla.redhat.com/show_bug.cgi?id=2312077", "https://bugzilla.redhat.com/show_bug.cgi?id=2313092", "https://bugzilla.redhat.com/show_bug.cgi?id=2320172", "https://bugzilla.redhat.com/show_bug.cgi?id=2320259", "https://bugzilla.redhat.com/show_bug.cgi?id=2320455", "https://bugzilla.redhat.com/show_bug.cgi?id=2320616", "https://bugzilla.redhat.com/show_bug.cgi?id=2320722", "https://bugzilla.redhat.com/show_bug.cgi?id=2324549", "https://bugzilla.redhat.com/show_bug.cgi?id=2327203", "https://bugzilla.redhat.com/show_bug.cgi?id=2327374", "https://bugzilla.redhat.com/show_bug.cgi?id=2327887", "https://bugzilla.redhat.com/show_bug.cgi?id=2329918", "https://bugzilla.redhat.com/show_bug.cgi?id=2330341", "https://bugzilla.redhat.com/show_bug.cgi?id=2331326", "https://bugzilla.redhat.com/show_bug.cgi?id=2334357", "https://bugzilla.redhat.com/show_bug.cgi?id=2334396", "https://bugzilla.redhat.com/show_bug.cgi?id=2334415", "https://bugzilla.redhat.com/show_bug.cgi?id=2334439", "https://bugzilla.redhat.com/show_bug.cgi?id=2334537", "https://bugzilla.redhat.com/show_bug.cgi?id=2334547", "https://bugzilla.redhat.com/show_bug.cgi?id=2334548", "https://bugzilla.redhat.com/show_bug.cgi?id=2334560", "https://bugzilla.redhat.com/show_bug.cgi?id=2334676", "https://bugzilla.redhat.com/show_bug.cgi?id=2334795", "https://bugzilla.redhat.com/show_bug.cgi?id=2334829", "https://bugzilla.redhat.com/show_bug.cgi?id=2336541", "https://bugzilla.redhat.com/show_bug.cgi?id=2337121", "https://bugzilla.redhat.com/show_bug.cgi?id=2337124", "https://bugzilla.redhat.com/show_bug.cgi?id=2338814", "https://bugzilla.redhat.com/show_bug.cgi?id=2338828", "https://bugzilla.redhat.com/show_bug.cgi?id=2338832", "https://bugzilla.redhat.com/show_bug.cgi?id=2343172", "https://bugzilla.redhat.com/show_bug.cgi?id=2343175", "https://bugzilla.redhat.com/show_bug.cgi?id=2344684", "https://bugzilla.redhat.com/show_bug.cgi?id=2344687", "https://bugzilla.redhat.com/show_bug.cgi?id=2345240", "https://bugzilla.redhat.com/show_bug.cgi?id=2346272", "https://bugzilla.redhat.com/show_bug.cgi?id=2347707", "https://bugzilla.redhat.com/show_bug.cgi?id=2347753", "https://bugzilla.redhat.com/show_bug.cgi?id=2347759", "https://bugzilla.redhat.com/show_bug.cgi?id=2347781", "https://bugzilla.redhat.com/show_bug.cgi?id=2347807", "https://bugzilla.redhat.com/show_bug.cgi?id=2347859", "https://bugzilla.redhat.com/show_bug.cgi?id=2347919", "https://bugzilla.redhat.com/show_bug.cgi?id=2347968", "https://bugzilla.redhat.com/show_bug.cgi?id=2348022", "https://bugzilla.redhat.com/show_bug.cgi?id=2348071", "https://bugzilla.redhat.com/show_bug.cgi?id=2348238", "https://bugzilla.redhat.com/show_bug.cgi?id=2348240", "https://bugzilla.redhat.com/show_bug.cgi?id=2348279", "https://bugzilla.redhat.com/show_bug.cgi?id=2348515", "https://bugzilla.redhat.com/show_bug.cgi?id=2348523", "https://bugzilla.redhat.com/show_bug.cgi?id=2348528", "https://bugzilla.redhat.com/show_bug.cgi?id=2348541", "https://bugzilla.redhat.com/show_bug.cgi?id=2348543", "https://bugzilla.redhat.com/show_bug.cgi?id=2348547", "https://bugzilla.redhat.com/show_bug.cgi?id=2348550", "https://bugzilla.redhat.com/show_bug.cgi?id=2348554", "https://bugzilla.redhat.com/show_bug.cgi?id=2348556", "https://bugzilla.redhat.com/show_bug.cgi?id=2348566", "https://bugzilla.redhat.com/show_bug.cgi?id=2348573", "https://bugzilla.redhat.com/show_bug.cgi?id=2348574", "https://bugzilla.redhat.com/show_bug.cgi?id=2348577", "https://bugzilla.redhat.com/show_bug.cgi?id=2348578", "https://bugzilla.redhat.com/show_bug.cgi?id=2348581", "https://bugzilla.redhat.com/show_bug.cgi?id=2348584", "https://bugzilla.redhat.com/show_bug.cgi?id=2348585", "https://bugzilla.redhat.com/show_bug.cgi?id=2348587", "https://bugzilla.redhat.com/show_bug.cgi?id=2348595", "https://bugzilla.redhat.com/show_bug.cgi?id=2348597", "https://bugzilla.redhat.com/show_bug.cgi?id=2348600", "https://bugzilla.redhat.com/show_bug.cgi?id=2348601", "https://bugzilla.redhat.com/show_bug.cgi?id=2348615", "https://bugzilla.redhat.com/show_bug.cgi?id=2348620", "https://bugzilla.redhat.com/show_bug.cgi?id=2348625", "https://bugzilla.redhat.com/show_bug.cgi?id=2348634", "https://bugzilla.redhat.com/show_bug.cgi?id=2348645", "https://bugzilla.redhat.com/show_bug.cgi?id=2348650", "https://bugzilla.redhat.com/show_bug.cgi?id=2348654", "https://bugzilla.redhat.com/show_bug.cgi?id=2348901", "https://bugzilla.redhat.com/show_bug.cgi?id=2350363", "https://bugzilla.redhat.com/show_bug.cgi?id=2350367", "https://bugzilla.redhat.com/show_bug.cgi?id=2350374", "https://bugzilla.redhat.com/show_bug.cgi?id=2350375", "https://bugzilla.redhat.com/show_bug.cgi?id=2350386", "https://bugzilla.redhat.com/show_bug.cgi?id=2350388", "https://bugzilla.redhat.com/show_bug.cgi?id=2350392", "https://bugzilla.redhat.com/show_bug.cgi?id=2350396", "https://bugzilla.redhat.com/show_bug.cgi?id=2350397", "https://bugzilla.redhat.com/show_bug.cgi?id=2350400", "https://bugzilla.redhat.com/show_bug.cgi?id=2350585", "https://bugzilla.redhat.com/show_bug.cgi?id=2350589", "https://bugzilla.redhat.com/show_bug.cgi?id=2350725", "https://bugzilla.redhat.com/show_bug.cgi?id=2350726", "https://bugzilla.redhat.com/show_bug.cgi?id=2351606", "https://bugzilla.redhat.com/show_bug.cgi?id=2351608", "https://bugzilla.redhat.com/show_bug.cgi?id=2351612", "https://bugzilla.redhat.com/show_bug.cgi?id=2351613", "https://bugzilla.redhat.com/show_bug.cgi?id=2351616", "https://bugzilla.redhat.com/show_bug.cgi?id=2351618", "https://bugzilla.redhat.com/show_bug.cgi?id=2351620", "https://bugzilla.redhat.com/show_bug.cgi?id=2351624", "https://bugzilla.redhat.com/show_bug.cgi?id=2351625", "https://bugzilla.redhat.com/show_bug.cgi?id=2351629", "https://bugzilla.redhat.com/show_bug.cgi?id=2351633", "https://bugzilla.redhat.com/show_bug.cgi?id=2356647", "https://bugzilla.redhat.com/show_bug.cgi?id=2360215", "https://bugzilla.redhat.com/show_bug.cgi?id=2360223", "https://bugzilla.redhat.com/show_bug.cgi?id=2363380", "https://bugzilla.redhat.com/show_bug.cgi?id=2369184", "https://bugzilla.redhat.com/show_bug.cgi?id=2376076", "https://bugzilla.redhat.com/show_bug.cgi?id=2383441", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48830", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49024", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49269", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49353", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49432", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49437", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49443", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49623", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49627", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49643", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49657", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49670", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49845", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36350", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46744", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47679", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47727", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49570", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50060", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50195", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50294", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52332", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53052", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53090", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53119", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53135", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53170", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53229", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53241", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53680", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54456", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56603", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56645", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56662", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56690", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56709", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57981", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57986", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57987", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57988", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57990", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57993", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57995", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57998", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58012", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58015", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58057", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58062", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58068", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58072", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58075", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58077", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58083", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58088", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21647", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21671", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21693", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21696", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21702", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21714", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21728", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21738", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21745", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21746", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21765", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21787", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21806", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21828", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21829", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21837", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21839", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21844", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21846", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21848", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21851", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21855", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21861", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21863", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21902", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37994", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38116", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38396", "https://errata.almalinux.org/9/ALSA-2025-20518.html", "https://errata.rockylinux.org/RLSA-2025:20518", "https://git.kernel.org/linus/1e988c3fe1264708f4f92109203ac5b1d65de50b (6.14-rc4)", "https://git.kernel.org/stable/c/1e988c3fe1264708f4f92109203ac5b1d65de50b", "https://git.kernel.org/stable/c/506b9b5e8c2d2a411ea8fe361333f5081c56d23a", "https://git.kernel.org/stable/c/b9826e3b26ec031e9063f64a7c735449c43955e4", "https://git.kernel.org/stable/c/fdbfd52bd8b85ed6783365ff54c82ab7067bd61b", "https://linux.oracle.com/cve/CVE-2025-21863.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025031217-CVE-2025-21863-a73a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21863", "https://ubuntu.com/security/notices/USN-7521-1", "https://ubuntu.com/security/notices/USN-7521-2", "https://ubuntu.com/security/notices/USN-7521-3", "https://ubuntu.com/security/notices/USN-7703-1", "https://ubuntu.com/security/notices/USN-7703-2", "https://ubuntu.com/security/notices/USN-7703-3", "https://ubuntu.com/security/notices/USN-7703-4", "https://ubuntu.com/security/notices/USN-7719-1", "https://ubuntu.com/security/notices/USN-7737-1", "https://www.cve.org/CVERecord?id=CVE-2025-21863" ], "PublishedDate": "2025-03-12T10:15:19.387Z", "LastModifiedDate": "2025-10-01T20:18:30.813Z" }, { "VulnerabilityID": "CVE-2025-21872", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21872", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c6f07c2797fdb7a8679e3192b4417dcfad57304f7a7469882b55cc0ee64fd6e3", "Title": "kernel: efi: Don't map the entire mokvar table to determine its size", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi: Don't map the entire mokvar table to determine its size\n\nCurrently, when validating the mokvar table, we (re)map the entire table\non each iteration of the loop, adding space as we discover new entries.\nIf the table grows over a certain size, this fails due to limitations of\nearly_memmap(), and we get a failure and traceback:\n\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 0 at mm/early_ioremap.c:139 __early_ioremap+0xef/0x220\n ...\n Call Trace:\n \u003cTASK\u003e\n ? __early_ioremap+0xef/0x220\n ? __warn.cold+0x93/0xfa\n ? __early_ioremap+0xef/0x220\n ? report_bug+0xff/0x140\n ? early_fixup_exception+0x5d/0xb0\n ? early_idt_handler_common+0x2f/0x3a\n ? __early_ioremap+0xef/0x220\n ? efi_mokvar_table_init+0xce/0x1d0\n ? setup_arch+0x864/0xc10\n ? start_kernel+0x6b/0xa10\n ? x86_64_start_reservations+0x24/0x30\n ? x86_64_start_kernel+0xed/0xf0\n ? common_startup_64+0x13e/0x141\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---\n mokvar: Failed to map EFI MOKvar config table pa=0x7c4c3000, size=265187.\n\nMapping the entire structure isn't actually necessary, as we don't ever\nneed more than one entry header mapped at once.\n\nChanges efi_mokvar_table_init() to only map each entry header, not the\nentire table, when determining the table size. Since we're not mapping\nany data past the variable name, it also changes the code to enforce\nthat each variable name is NUL terminated, rather than attempting to\nverify it in place.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21872", "https://git.kernel.org/linus/2b90e7ace79774a3540ce569e000388f8d22c9e0 (6.14-rc5)", "https://git.kernel.org/stable/c/2b90e7ace79774a3540ce569e000388f8d22c9e0", "https://git.kernel.org/stable/c/46c0454ffb78ce9d3355a3cccac86383ea8ddd55", "https://git.kernel.org/stable/c/65f4aebb8127708ba668dd938e83b8558abfc5cd", "https://git.kernel.org/stable/c/97bd560b6cc4c26386a53b4881bf03e96f9ba03a", "https://git.kernel.org/stable/c/ea3f0b362dfe4ef885ef812bfaf4088176422c91", "https://linux.oracle.com/cve/CVE-2025-21872.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html", "https://lore.kernel.org/linux-cve-announce/2025032709-CVE-2025-21872-574e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21872", "https://ubuntu.com/security/notices/USN-7521-1", "https://ubuntu.com/security/notices/USN-7521-2", "https://ubuntu.com/security/notices/USN-7521-3", "https://ubuntu.com/security/notices/USN-7764-1", "https://ubuntu.com/security/notices/USN-7764-2", "https://ubuntu.com/security/notices/USN-7765-1", "https://ubuntu.com/security/notices/USN-7766-1", "https://ubuntu.com/security/notices/USN-7767-1", "https://ubuntu.com/security/notices/USN-7767-2", "https://ubuntu.com/security/notices/USN-7779-1", "https://ubuntu.com/security/notices/USN-7790-1", "https://ubuntu.com/security/notices/USN-7800-1", "https://ubuntu.com/security/notices/USN-7801-1", "https://ubuntu.com/security/notices/USN-7801-2", "https://ubuntu.com/security/notices/USN-7801-3", "https://ubuntu.com/security/notices/USN-7802-1", "https://ubuntu.com/security/notices/USN-7809-1", "https://www.cve.org/CVERecord?id=CVE-2025-21872" ], "PublishedDate": "2025-03-27T15:15:54.973Z", "LastModifiedDate": "2025-11-03T20:17:24.493Z" }, { "VulnerabilityID": "CVE-2025-21881", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21881", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:853e0ffa8630d1626878cb558d0ee9e0f21d7f45ecfbab9eff299c38aaa52c02", "Title": "kernel: uprobes: Reject the shared zeropage in uprobe_write_opcode()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nuprobes: Reject the shared zeropage in uprobe_write_opcode()\n\nWe triggered the following crash in syzkaller tests:\n\n BUG: Bad page state in process syz.7.38 pfn:1eff3\n page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1eff3\n flags: 0x3fffff00004004(referenced|reserved|node=0|zone=1|lastcpupid=0x1fffff)\n raw: 003fffff00004004 ffffe6c6c07bfcc8 ffffe6c6c07bfcc8 0000000000000000\n raw: 0000000000000000 0000000000000000 00000000fffffffe 0000000000000000\n page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x32/0x50\n bad_page+0x69/0xf0\n free_unref_page_prepare+0x401/0x500\n free_unref_page+0x6d/0x1b0\n uprobe_write_opcode+0x460/0x8e0\n install_breakpoint.part.0+0x51/0x80\n register_for_each_vma+0x1d9/0x2b0\n __uprobe_register+0x245/0x300\n bpf_uprobe_multi_link_attach+0x29b/0x4f0\n link_create+0x1e2/0x280\n __sys_bpf+0x75f/0xac0\n __x64_sys_bpf+0x1a/0x30\n do_syscall_64+0x56/0x100\n entry_SYSCALL_64_after_hwframe+0x78/0xe2\n\n BUG: Bad rss-counter state mm:00000000452453e0 type:MM_FILEPAGES val:-1\n\nThe following syzkaller test case can be used to reproduce:\n\n r2 = creat(\u0026(0x7f0000000000)='./file0\\x00', 0x8)\n write$nbd(r2, \u0026(0x7f0000000580)=ANY=[], 0x10)\n r4 = openat(0xffffffffffffff9c, \u0026(0x7f0000000040)='./file0\\x00', 0x42, 0x0)\n mmap$IORING_OFF_SQ_RING(\u0026(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r4, 0x0)\n r5 = userfaultfd(0x80801)\n ioctl$UFFDIO_API(r5, 0xc018aa3f, \u0026(0x7f0000000040)={0xaa, 0x20})\n r6 = userfaultfd(0x80801)\n ioctl$UFFDIO_API(r6, 0xc018aa3f, \u0026(0x7f0000000140))\n ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, \u0026(0x7f0000000100)={{\u0026(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x2})\n ioctl$UFFDIO_ZEROPAGE(r5, 0xc020aa04, \u0026(0x7f0000000000)={{\u0026(0x7f0000ffd000/0x1000)=nil, 0x1000}})\n r7 = bpf$PROG_LOAD(0x5, \u0026(0x7f0000000140)={0x2, 0x3, \u0026(0x7f0000000200)=ANY=[@ANYBLOB=\"1800000000120000000000000000000095\"], \u0026(0x7f0000000000)='GPL\\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)\n bpf$BPF_LINK_CREATE_XDP(0x1c, \u0026(0x7f0000000040)={r7, 0x0, 0x30, 0x1e, @val=@uprobe_multi={\u0026(0x7f0000000080)='./file0\\x00', \u0026(0x7f0000000100)=[0x2], 0x0, 0x0, 0x1}}, 0x40)\n\nThe cause is that zero pfn is set to the PTE without increasing the RSS\ncount in mfill_atomic_pte_zeropage() and the refcount of zero folio does\nnot increase accordingly. Then, the operation on the same pfn is performed\nin uprobe_write_opcode()-\u003e__replace_page() to unconditional decrease the\nRSS count and old_folio's refcount.\n\nTherefore, two bugs are introduced:\n\n 1. The RSS count is incorrect, when process exit, the check_mm() report\n error \"Bad rss-count\".\n\n 2. The reserved folio (zero folio) is freed when folio-\u003erefcount is zero,\n then free_pages_prepare-\u003efree_page_is_bad() report error\n \"Bad page state\".\n\nThere is more, the following warning could also theoretically be triggered:\n\n __replace_page()\n -\u003e ...\n -\u003e folio_remove_rmap_pte()\n -\u003e VM_WARN_ON_FOLIO(is_zero_folio(folio), folio)\n\nConsidering that uprobe hit on the zero folio is a very rare case, just\nreject zero old folio immediately after get_user_page_vma_remote().\n\n[ mingo: Cleaned up the changelog ]", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21881", "https://git.kernel.org/linus/bddf10d26e6e5114e7415a0e442ec6f51a559468 (6.14-rc5)", "https://git.kernel.org/stable/c/0b6f19714588cf2366b0364234f97ba963688f63", "https://git.kernel.org/stable/c/13cca2b73e2b0ec3ea6d6615d615395621d22752", "https://git.kernel.org/stable/c/54011fc94422f094eaf47555284de70a4bc32bb9", "https://git.kernel.org/stable/c/bddf10d26e6e5114e7415a0e442ec6f51a559468", "https://git.kernel.org/stable/c/c4cb2bfa99513311886c1eb5c1c2ac26f3338a6e", "https://linux.oracle.com/cve/CVE-2025-21881.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html", "https://lore.kernel.org/linux-cve-announce/2025032712-CVE-2025-21881-7a0f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21881", "https://ubuntu.com/security/notices/USN-7521-1", "https://ubuntu.com/security/notices/USN-7521-2", "https://ubuntu.com/security/notices/USN-7521-3", "https://ubuntu.com/security/notices/USN-7764-1", "https://ubuntu.com/security/notices/USN-7764-2", "https://ubuntu.com/security/notices/USN-7765-1", "https://ubuntu.com/security/notices/USN-7766-1", "https://ubuntu.com/security/notices/USN-7767-1", "https://ubuntu.com/security/notices/USN-7767-2", "https://ubuntu.com/security/notices/USN-7779-1", "https://ubuntu.com/security/notices/USN-7790-1", "https://ubuntu.com/security/notices/USN-7800-1", "https://ubuntu.com/security/notices/USN-7801-1", "https://ubuntu.com/security/notices/USN-7801-2", "https://ubuntu.com/security/notices/USN-7801-3", "https://ubuntu.com/security/notices/USN-7802-1", "https://ubuntu.com/security/notices/USN-7809-1", "https://www.cve.org/CVERecord?id=CVE-2025-21881" ], "PublishedDate": "2025-03-27T15:15:56Z", "LastModifiedDate": "2025-11-03T20:17:25.1Z" }, { "VulnerabilityID": "CVE-2025-21885", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21885", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:75939c1420029b85728729caeb57978800fdadf60d5af41d21c585a5baa7efeb", "Title": "kernel: RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: Fix the page details for the srq created by kernel consumers\n\nWhile using nvme target with use_srq on, below kernel panic is noticed.\n\n[ 549.698111] bnxt_en 0000:41:00.0 enp65s0np0: FEC autoneg off encoding: Clause 91 RS(544,514)\n[ 566.393619] Oops: divide error: 0000 [#1] PREEMPT SMP NOPTI\n..\n[ 566.393799] \u003cTASK\u003e\n[ 566.393807] ? __die_body+0x1a/0x60\n[ 566.393823] ? die+0x38/0x60\n[ 566.393835] ? do_trap+0xe4/0x110\n[ 566.393847] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393867] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393881] ? do_error_trap+0x7c/0x120\n[ 566.393890] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393911] ? exc_divide_error+0x34/0x50\n[ 566.393923] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393939] ? asm_exc_divide_error+0x16/0x20\n[ 566.393966] ? bnxt_qplib_alloc_init_hwq+0x1d4/0x580 [bnxt_re]\n[ 566.393997] bnxt_qplib_create_srq+0xc9/0x340 [bnxt_re]\n[ 566.394040] bnxt_re_create_srq+0x335/0x3b0 [bnxt_re]\n[ 566.394057] ? srso_return_thunk+0x5/0x5f\n[ 566.394068] ? __init_swait_queue_head+0x4a/0x60\n[ 566.394090] ib_create_srq_user+0xa7/0x150 [ib_core]\n[ 566.394147] nvmet_rdma_queue_connect+0x7d0/0xbe0 [nvmet_rdma]\n[ 566.394174] ? lock_release+0x22c/0x3f0\n[ 566.394187] ? srso_return_thunk+0x5/0x5f\n\nPage size and shift info is set only for the user space SRQs.\nSet page size and page shift for kernel space SRQs also.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21885", "https://git.kernel.org/linus/b66535356a4834a234f99e16a97eb51f2c6c5a7d (6.14-rc5)", "https://git.kernel.org/stable/c/2cf8e6b52aecb8fbb71c41fe5add3212814031a2", "https://git.kernel.org/stable/c/722c3db62bf60cd23acbdc8c4f445bfedae4498e", "https://git.kernel.org/stable/c/b66535356a4834a234f99e16a97eb51f2c6c5a7d", "https://linux.oracle.com/cve/CVE-2025-21885.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025032713-CVE-2025-21885-be9d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21885", "https://ubuntu.com/security/notices/USN-7521-1", "https://ubuntu.com/security/notices/USN-7521-2", "https://ubuntu.com/security/notices/USN-7521-3", "https://ubuntu.com/security/notices/USN-7764-1", "https://ubuntu.com/security/notices/USN-7764-2", "https://ubuntu.com/security/notices/USN-7765-1", "https://ubuntu.com/security/notices/USN-7766-1", "https://ubuntu.com/security/notices/USN-7767-1", "https://ubuntu.com/security/notices/USN-7767-2", "https://ubuntu.com/security/notices/USN-7779-1", "https://ubuntu.com/security/notices/USN-7790-1", "https://ubuntu.com/security/notices/USN-7800-1", "https://ubuntu.com/security/notices/USN-7801-1", "https://ubuntu.com/security/notices/USN-7801-2", "https://ubuntu.com/security/notices/USN-7801-3", "https://ubuntu.com/security/notices/USN-7802-1", "https://ubuntu.com/security/notices/USN-7809-1", "https://www.cve.org/CVERecord?id=CVE-2025-21885" ], "PublishedDate": "2025-03-27T15:15:56.41Z", "LastModifiedDate": "2025-10-29T16:52:18.617Z" }, { "VulnerabilityID": "CVE-2025-21891", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21891", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c816d49788cf2a81e13ae0fc0f4387a48964e300faa35ee1a29f3bea0607c703", "Title": "kernel: ipvlan: ensure network headers are in skb linear part", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvlan: ensure network headers are in skb linear part\n\nsyzbot found that ipvlan_process_v6_outbound() was assuming\nthe IPv6 network header isis present in skb-\u003ehead [1]\n\nAdd the needed pskb_network_may_pull() calls for both\nIPv4 and IPv6 handlers.\n\n[1]\nBUG: KMSAN: uninit-value in __ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47\n __ipv6_addr_type+0xa2/0x490 net/ipv6/addrconf_core.c:47\n ipv6_addr_type include/net/ipv6.h:555 [inline]\n ip6_route_output_flags_noref net/ipv6/route.c:2616 [inline]\n ip6_route_output_flags+0x51/0x720 net/ipv6/route.c:2651\n ip6_route_output include/net/ip6_route.h:93 [inline]\n ipvlan_route_v6_outbound+0x24e/0x520 drivers/net/ipvlan/ipvlan_core.c:476\n ipvlan_process_v6_outbound drivers/net/ipvlan/ipvlan_core.c:491 [inline]\n ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:541 [inline]\n ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:605 [inline]\n ipvlan_queue_xmit+0xd72/0x1780 drivers/net/ipvlan/ipvlan_core.c:671\n ipvlan_start_xmit+0x5b/0x210 drivers/net/ipvlan/ipvlan_main.c:223\n __netdev_start_xmit include/linux/netdevice.h:5150 [inline]\n netdev_start_xmit include/linux/netdevice.h:5159 [inline]\n xmit_one net/core/dev.c:3735 [inline]\n dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3751\n sch_direct_xmit+0x399/0xd40 net/sched/sch_generic.c:343\n qdisc_restart net/sched/sch_generic.c:408 [inline]\n __qdisc_run+0x14da/0x35d0 net/sched/sch_generic.c:416\n qdisc_run+0x141/0x4d0 include/net/pkt_sched.h:127\n net_tx_action+0x78b/0x940 net/core/dev.c:5484\n handle_softirqs+0x1a0/0x7c0 kernel/softirq.c:561\n __do_softirq+0x14/0x1a kernel/softirq.c:595\n do_softirq+0x9a/0x100 kernel/softirq.c:462\n __local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:389\n local_bh_enable include/linux/bottom_half.h:33 [inline]\n rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline]\n __dev_queue_xmit+0x2758/0x57d0 net/core/dev.c:4611\n dev_queue_xmit include/linux/netdevice.h:3311 [inline]\n packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3132 [inline]\n packet_sendmsg+0x93e0/0xa7e0 net/packet/af_packet.c:3164\n sock_sendmsg_nosec net/socket.c:718 [inline]", "Severity": "MEDIUM", "CweIDs": [ "CWE-908" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21891", "https://git.kernel.org/linus/27843ce6ba3d3122b65066550fe33fb8839f8aef (6.14-rc5)", "https://git.kernel.org/stable/c/27843ce6ba3d3122b65066550fe33fb8839f8aef", "https://git.kernel.org/stable/c/4ec48f812804f370f622e0874e6dd8fcc58241cd", "https://git.kernel.org/stable/c/5353fd89663c48f56bdff975c562cfe78b1a2e4c", "https://git.kernel.org/stable/c/5b8dea8d1612dc7151d2457d7d2e6a69820309bf", "https://git.kernel.org/stable/c/e2a4f76a2d8a44816ecd25bcbdb47b786d621974", "https://linux.oracle.com/cve/CVE-2025-21891.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html", "https://lore.kernel.org/linux-cve-announce/2025032715-CVE-2025-21891-8717@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21891", "https://ubuntu.com/security/notices/USN-7521-1", "https://ubuntu.com/security/notices/USN-7521-2", "https://ubuntu.com/security/notices/USN-7521-3", "https://ubuntu.com/security/notices/USN-7764-1", "https://ubuntu.com/security/notices/USN-7764-2", "https://ubuntu.com/security/notices/USN-7765-1", "https://ubuntu.com/security/notices/USN-7766-1", "https://ubuntu.com/security/notices/USN-7767-1", "https://ubuntu.com/security/notices/USN-7767-2", "https://ubuntu.com/security/notices/USN-7779-1", "https://ubuntu.com/security/notices/USN-7790-1", "https://ubuntu.com/security/notices/USN-7800-1", "https://ubuntu.com/security/notices/USN-7801-1", "https://ubuntu.com/security/notices/USN-7801-2", "https://ubuntu.com/security/notices/USN-7801-3", "https://ubuntu.com/security/notices/USN-7802-1", "https://ubuntu.com/security/notices/USN-7809-1", "https://www.cve.org/CVERecord?id=CVE-2025-21891" ], "PublishedDate": "2025-03-27T15:15:57.027Z", "LastModifiedDate": "2025-11-03T20:17:25.43Z" }, { "VulnerabilityID": "CVE-2025-21894", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21894", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c464edc117fe6339c565d065c6465d3a7932c698cab3a4fce837f621b90e6ffc", "Title": "kernel: net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC\n\nActually ENETC VFs do not support HWTSTAMP_TX_ONESTEP_SYNC because only\nENETC PF can access PMa_SINGLE_STEP registers. And there will be a crash\nif VFs are used to test one-step timestamp, the crash log as follows.\n\n[ 129.110909] Unable to handle kernel paging request at virtual address 00000000000080c0\n[ 129.287769] Call trace:\n[ 129.290219] enetc_port_mac_wr+0x30/0xec (P)\n[ 129.294504] enetc_start_xmit+0xda4/0xe74\n[ 129.298525] enetc_xmit+0x70/0xec\n[ 129.301848] dev_hard_start_xmit+0x98/0x118", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21894", "https://git.kernel.org/linus/a562d0c4a893eae3ea51d512c4d90ab858a6b7ec (6.14-rc5)", "https://git.kernel.org/stable/c/1748531839298ab7be682155f6cd98ae04773e6a", "https://git.kernel.org/stable/c/3d9634211121700568d0e3635ebdd5df06d20440", "https://git.kernel.org/stable/c/8c393efd7420cc994864d059fcc6219bfd7cb840", "https://git.kernel.org/stable/c/a562d0c4a893eae3ea51d512c4d90ab858a6b7ec", "https://linux.oracle.com/cve/CVE-2025-21894.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025040130-CVE-2025-21894-60f0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21894", "https://ubuntu.com/security/notices/USN-7605-1", "https://ubuntu.com/security/notices/USN-7605-2", "https://ubuntu.com/security/notices/USN-7606-1", "https://ubuntu.com/security/notices/USN-7628-1", "https://ubuntu.com/security/notices/USN-7764-1", "https://ubuntu.com/security/notices/USN-7764-2", "https://ubuntu.com/security/notices/USN-7765-1", "https://ubuntu.com/security/notices/USN-7766-1", "https://ubuntu.com/security/notices/USN-7767-1", "https://ubuntu.com/security/notices/USN-7767-2", "https://ubuntu.com/security/notices/USN-7779-1", "https://ubuntu.com/security/notices/USN-7790-1", "https://ubuntu.com/security/notices/USN-7800-1", "https://ubuntu.com/security/notices/USN-7801-1", "https://ubuntu.com/security/notices/USN-7801-2", "https://ubuntu.com/security/notices/USN-7801-3", "https://ubuntu.com/security/notices/USN-7802-1", "https://ubuntu.com/security/notices/USN-7809-1", "https://www.cve.org/CVERecord?id=CVE-2025-21894" ], "PublishedDate": "2025-04-01T16:15:19.777Z", "LastModifiedDate": "2025-10-31T18:50:01.95Z" }, { "VulnerabilityID": "CVE-2025-21899", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21899", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0b6ee0840b12fdafb0e6f98a240f00eaf717442afbc2dedf4910bbd83ed1cdf3", "Title": "kernel: tracing: Fix bad hist from corrupting named_triggers list", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix bad hist from corrupting named_triggers list\n\nThe following commands causes a crash:\n\n ~# cd /sys/kernel/tracing/events/rcu/rcu_callback\n ~# echo 'hist:name=bad:keys=common_pid:onmax(bogus).save(common_pid)' \u003e trigger\n bash: echo: write error: Invalid argument\n ~# echo 'hist:name=bad:keys=common_pid' \u003e trigger\n\nBecause the following occurs:\n\nevent_trigger_write() {\n trigger_process_regex() {\n event_hist_trigger_parse() {\n\n data = event_trigger_alloc(..);\n\n event_trigger_register(.., data) {\n cmd_ops-\u003ereg(.., data, ..) [hist_register_trigger()] {\n data-\u003eops-\u003einit() [event_hist_trigger_init()] {\n save_named_trigger(name, data) {\n list_add(\u0026data-\u003enamed_list, \u0026named_triggers);\n }\n }\n }\n }\n\n ret = create_actions(); (return -EINVAL)\n if (ret)\n goto out_unreg;\n[..]\n ret = hist_trigger_enable(data, ...) {\n list_add_tail_rcu(\u0026data-\u003elist, \u0026file-\u003etriggers); \u003c\u003c\u003c---- SKIPPED!!! (this is important!)\n[..]\n out_unreg:\n event_hist_unregister(.., data) {\n cmd_ops-\u003eunreg(.., data, ..) [hist_unregister_trigger()] {\n list_for_each_entry(iter, \u0026file-\u003etriggers, list) {\n if (!hist_trigger_match(data, iter, named_data, false)) \u003c- never matches\n continue;\n [..]\n test = iter;\n }\n if (test \u0026\u0026 test-\u003eops-\u003efree) \u003c\u003c\u003c-- test is NULL\n\n test-\u003eops-\u003efree(test) [event_hist_trigger_free()] {\n [..]\n if (data-\u003ename)\n del_named_trigger(data) {\n list_del(\u0026data-\u003enamed_list); \u003c\u003c\u003c\u003c-- NEVER gets removed!\n }\n }\n }\n }\n\n [..]\n kfree(data); \u003c\u003c\u003c-- frees item but it is still on list\n\nThe next time a hist with name is registered, it causes an u-a-f bug and\nthe kernel can crash.\n\nMove the code around such that if event_trigger_register() succeeds, the\nnext thing called is hist_trigger_enable() which adds it to the list.\n\nA bunch of actions is called if get_named_trigger_data() returns false.\nBut that doesn't need to be called after event_trigger_register(), so it\ncan be moved up, allowing event_trigger_register() to be called just\nbefore hist_trigger_enable() keeping them together and allowing the\nfile-\u003etriggers to be properly populated.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "V3Score": 6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21899", "https://git.kernel.org/linus/6f86bdeab633a56d5c6dccf1a2c5989b6a5e323e (6.14-rc5)", "https://git.kernel.org/stable/c/435d2964af815aae456db554c62963b4515f19d0", "https://git.kernel.org/stable/c/43b254d46c740bf9dbe65709afa021dd726dfa99", "https://git.kernel.org/stable/c/5ae1b18f05ee2b849dc03b6c15d7da0c1c6efa77", "https://git.kernel.org/stable/c/6f86bdeab633a56d5c6dccf1a2c5989b6a5e323e", "https://git.kernel.org/stable/c/f1ae50cfb818ce1ac7a674406dfadb7653e2552d", "https://linux.oracle.com/cve/CVE-2025-21899.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html", "https://lore.kernel.org/linux-cve-announce/2025040132-CVE-2025-21899-bf75@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21899", "https://ubuntu.com/security/notices/USN-7521-1", "https://ubuntu.com/security/notices/USN-7521-2", "https://ubuntu.com/security/notices/USN-7521-3", "https://ubuntu.com/security/notices/USN-7764-1", "https://ubuntu.com/security/notices/USN-7764-2", "https://ubuntu.com/security/notices/USN-7765-1", "https://ubuntu.com/security/notices/USN-7766-1", "https://ubuntu.com/security/notices/USN-7767-1", "https://ubuntu.com/security/notices/USN-7767-2", "https://ubuntu.com/security/notices/USN-7779-1", "https://ubuntu.com/security/notices/USN-7790-1", "https://ubuntu.com/security/notices/USN-7800-1", "https://ubuntu.com/security/notices/USN-7801-1", "https://ubuntu.com/security/notices/USN-7801-2", "https://ubuntu.com/security/notices/USN-7801-3", "https://ubuntu.com/security/notices/USN-7802-1", "https://ubuntu.com/security/notices/USN-7809-1", "https://www.cve.org/CVERecord?id=CVE-2025-21899" ], "PublishedDate": "2025-04-01T16:15:20.327Z", "LastModifiedDate": "2025-11-03T20:17:25.817Z" }, { "VulnerabilityID": "CVE-2025-21908", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21908", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:627f4ca8e91fd262b609ad2c323c70439e2ac2c338f847a0946111afc548093e", "Title": "kernel: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: fix nfs_release_folio() to not deadlock via kcompactd writeback\n\nAdd PF_KCOMPACTD flag and current_is_kcompactd() helper to check for it so\nnfs_release_folio() can skip calling nfs_wb_folio() from kcompactd.\n\nOtherwise NFS can deadlock waiting for kcompactd enduced writeback which\nrecurses back to NFS (which triggers writeback to NFSD via NFS loopback\nmount on the same host, NFSD blocks waiting for XFS's call to\n__filemap_get_folio):\n\n6070.550357] INFO: task kcompactd0:58 blocked for more than 4435 seconds.\n\n{---\n[58] \"kcompactd0\"\n[\u003c0\u003e] folio_wait_bit+0xe8/0x200\n[\u003c0\u003e] folio_wait_writeback+0x2b/0x80\n[\u003c0\u003e] nfs_wb_folio+0x80/0x1b0 [nfs]\n[\u003c0\u003e] nfs_release_folio+0x68/0x130 [nfs]\n[\u003c0\u003e] split_huge_page_to_list_to_order+0x362/0x840\n[\u003c0\u003e] migrate_pages_batch+0x43d/0xb90\n[\u003c0\u003e] migrate_pages_sync+0x9a/0x240\n[\u003c0\u003e] migrate_pages+0x93c/0x9f0\n[\u003c0\u003e] compact_zone+0x8e2/0x1030\n[\u003c0\u003e] compact_node+0xdb/0x120\n[\u003c0\u003e] kcompactd+0x121/0x2e0\n[\u003c0\u003e] kthread+0xcf/0x100\n[\u003c0\u003e] ret_from_fork+0x31/0x40\n[\u003c0\u003e] ret_from_fork_asm+0x1a/0x30\n---}\n\n[akpm@linux-foundation.org: fix build]", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21908", "https://git.kernel.org/linus/ce6d9c1c2b5cc785016faa11b48b6cd317eb367e (6.14-rc6)", "https://git.kernel.org/stable/c/5ae31c54cff745832b9bd5b32e71f3d1b607cd1e", "https://git.kernel.org/stable/c/8253ff29edcb429a9a6c75710941c6a16a9a34b1", "https://git.kernel.org/stable/c/ab0727d6e2196682351c25c1dd112136f6991f11", "https://git.kernel.org/stable/c/ce6d9c1c2b5cc785016faa11b48b6cd317eb367e", "https://linux.oracle.com/cve/CVE-2025-21908.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025040129-CVE-2025-21908-b8ce@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21908", "https://ubuntu.com/security/notices/USN-7605-1", "https://ubuntu.com/security/notices/USN-7605-2", "https://ubuntu.com/security/notices/USN-7606-1", "https://ubuntu.com/security/notices/USN-7628-1", "https://ubuntu.com/security/notices/USN-7764-1", "https://ubuntu.com/security/notices/USN-7764-2", "https://ubuntu.com/security/notices/USN-7765-1", "https://ubuntu.com/security/notices/USN-7766-1", "https://ubuntu.com/security/notices/USN-7767-1", "https://ubuntu.com/security/notices/USN-7767-2", "https://ubuntu.com/security/notices/USN-7779-1", "https://ubuntu.com/security/notices/USN-7790-1", "https://ubuntu.com/security/notices/USN-7800-1", "https://ubuntu.com/security/notices/USN-7801-1", "https://ubuntu.com/security/notices/USN-7801-2", "https://ubuntu.com/security/notices/USN-7801-3", "https://ubuntu.com/security/notices/USN-7802-1", "https://ubuntu.com/security/notices/USN-7809-1", "https://www.cve.org/CVERecord?id=CVE-2025-21908" ], "PublishedDate": "2025-04-01T16:15:21.323Z", "LastModifiedDate": "2025-10-01T20:18:32.74Z" }, { "VulnerabilityID": "CVE-2025-21915", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21915", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b683e938bfe1aa589ea6b2f35fdbfd00269bdf8c4360cf5f18cbe44ca80a2ebb", "Title": "kernel: cdx: Fix possible UAF error in driver_override_show()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncdx: Fix possible UAF error in driver_override_show()\n\nFixed a possible UAF problem in driver_override_show() in drivers/cdx/cdx.c\n\nThis function driver_override_show() is part of DEVICE_ATTR_RW, which\nincludes both driver_override_show() and driver_override_store().\nThese functions can be executed concurrently in sysfs.\n\nThe driver_override_store() function uses driver_set_override() to\nupdate the driver_override value, and driver_set_override() internally\nlocks the device (device_lock(dev)). If driver_override_show() reads\ncdx_dev-\u003edriver_override without locking, it could potentially access\na freed pointer if driver_override_store() frees the string\nconcurrently. This could lead to printing a kernel address, which is a\nsecurity risk since DEVICE_ATTR can be read by all users.\n\nAdditionally, a similar pattern is used in drivers/amba/bus.c, as well\nas many other bus drivers, where device_lock() is taken in the show\nfunction, and it has been working without issues.\n\nThis potential bug was detected by our experimental static analysis\ntool, which analyzes locking APIs and paired functions to identify\ndata races and atomicity violations.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 3, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21915", "https://git.kernel.org/linus/91d44c1afc61a2fec37a9c7a3485368309391e0b (6.14-rc6)", "https://git.kernel.org/stable/c/0439d541aa8d3444ad41c39e39eb71acb57acde3", "https://git.kernel.org/stable/c/8473135f89c0949436a22adb05b8cece2fb3da91", "https://git.kernel.org/stable/c/91d44c1afc61a2fec37a9c7a3485368309391e0b", "https://git.kernel.org/stable/c/d7b339bbc887bcfc1a5b620bfc70c6fbb8f733bf", "https://linux.oracle.com/cve/CVE-2025-21915.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025040130-CVE-2025-21915-b56c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21915", "https://ubuntu.com/security/notices/USN-7605-1", "https://ubuntu.com/security/notices/USN-7605-2", "https://ubuntu.com/security/notices/USN-7606-1", "https://ubuntu.com/security/notices/USN-7628-1", "https://ubuntu.com/security/notices/USN-7764-1", "https://ubuntu.com/security/notices/USN-7764-2", "https://ubuntu.com/security/notices/USN-7765-1", "https://ubuntu.com/security/notices/USN-7766-1", "https://ubuntu.com/security/notices/USN-7767-1", "https://ubuntu.com/security/notices/USN-7767-2", "https://ubuntu.com/security/notices/USN-7779-1", "https://ubuntu.com/security/notices/USN-7790-1", "https://ubuntu.com/security/notices/USN-7800-1", "https://ubuntu.com/security/notices/USN-7801-1", "https://ubuntu.com/security/notices/USN-7801-2", "https://ubuntu.com/security/notices/USN-7801-3", "https://ubuntu.com/security/notices/USN-7802-1", "https://ubuntu.com/security/notices/USN-7809-1", "https://www.cve.org/CVERecord?id=CVE-2025-21915" ], "PublishedDate": "2025-04-01T16:15:22.117Z", "LastModifiedDate": "2025-08-19T14:40:04.7Z" }, { "VulnerabilityID": "CVE-2025-21918", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21918", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4914cc9c57a945f452df8bfb16de323fcedad3c692837095170d18b7b6a4f41d", "Title": "kernel: usb: typec: ucsi: Fix NULL pointer access", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: Fix NULL pointer access\n\nResources should be released only after all threads that utilize them\nhave been destroyed.\nThis commit ensures that resources are not released prematurely by waiting\nfor the associated workqueue to complete before deallocating them.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21918", "https://git.kernel.org/linus/b13abcb7ddd8d38de769486db5bd917537b32ab1 (6.14-rc6)", "https://git.kernel.org/stable/c/079a3e52f3e751bb8f5937195bdf25c5d14fdff0", "https://git.kernel.org/stable/c/46fba7be161bb89068958138ea64ec33c0b446d4", "https://git.kernel.org/stable/c/592a0327d026a122e97e8e8bb7c60cbbe7697344", "https://git.kernel.org/stable/c/7a735a8a46f6ebf898bbefd96659ca5da798bce0", "https://git.kernel.org/stable/c/b13abcb7ddd8d38de769486db5bd917537b32ab1", "https://linux.oracle.com/cve/CVE-2025-21918.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html", "https://lore.kernel.org/linux-cve-announce/2025040131-CVE-2025-21918-dc4c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21918", "https://ubuntu.com/security/notices/USN-7605-1", "https://ubuntu.com/security/notices/USN-7605-2", "https://ubuntu.com/security/notices/USN-7606-1", "https://ubuntu.com/security/notices/USN-7628-1", "https://ubuntu.com/security/notices/USN-7764-1", "https://ubuntu.com/security/notices/USN-7764-2", "https://ubuntu.com/security/notices/USN-7765-1", "https://ubuntu.com/security/notices/USN-7766-1", "https://ubuntu.com/security/notices/USN-7767-1", "https://ubuntu.com/security/notices/USN-7767-2", "https://ubuntu.com/security/notices/USN-7779-1", "https://ubuntu.com/security/notices/USN-7790-1", "https://ubuntu.com/security/notices/USN-7800-1", "https://ubuntu.com/security/notices/USN-7801-1", "https://ubuntu.com/security/notices/USN-7801-2", "https://ubuntu.com/security/notices/USN-7801-3", "https://ubuntu.com/security/notices/USN-7802-1", "https://ubuntu.com/security/notices/USN-7809-1", "https://www.cve.org/CVERecord?id=CVE-2025-21918" ], "PublishedDate": "2025-04-01T16:15:22.457Z", "LastModifiedDate": "2025-11-03T20:17:27.783Z" }, { "VulnerabilityID": "CVE-2025-21927", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21927", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:aef77501b351a4c1977bc64ae2fc25247fc53d082c42f97103851375ab9d7c79", "Title": "kernel: nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()\n\nnvme_tcp_recv_pdu() doesn't check the validity of the header length.\nWhen header digests are enabled, a target might send a packet with an\ninvalid header length (e.g. 255), causing nvme_tcp_verify_hdgst()\nto access memory outside the allocated area and cause memory corruptions\nby overwriting it with the calculated digest.\n\nFix this by rejecting packets with an unexpected header length.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 3, "nvd": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:7423", "https://access.redhat.com/security/cve/CVE-2025-21927", "https://bugzilla.redhat.com/2338813", "https://bugzilla.redhat.com/2348565", "https://bugzilla.redhat.com/2348590", "https://bugzilla.redhat.com/2350364", "https://bugzilla.redhat.com/2356593", "https://bugzilla.redhat.com/2356908", "https://bugzilla.redhat.com/show_bug.cgi?id=2305437", "https://bugzilla.redhat.com/show_bug.cgi?id=2305467", "https://bugzilla.redhat.com/show_bug.cgi?id=2309853", "https://bugzilla.redhat.com/show_bug.cgi?id=2315178", "https://bugzilla.redhat.com/show_bug.cgi?id=2356593", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42292", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44990", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21927", "https://errata.almalinux.org/9/ALSA-2025-7423.html", "https://errata.rockylinux.org/RLSA-2025:4341", "https://git.kernel.org/linus/ad95bab0cd28ed77c2c0d0b6e76e03e031391064 (6.14-rc6)", "https://git.kernel.org/stable/c/22b06c89aa6b2d1ecb8aea72edfb9d53af8d5126", "https://git.kernel.org/stable/c/9fbc953d6b38bc824392e01850f0aeee3b348722", "https://git.kernel.org/stable/c/ad95bab0cd28ed77c2c0d0b6e76e03e031391064", "https://linux.oracle.com/cve/CVE-2025-21927.html", "https://linux.oracle.com/errata/ELSA-2025-7501.html", "https://lore.kernel.org/linux-cve-announce/2025040133-CVE-2025-21927-36d6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21927", "https://ubuntu.com/security/notices/USN-7605-1", "https://ubuntu.com/security/notices/USN-7605-2", "https://ubuntu.com/security/notices/USN-7606-1", "https://ubuntu.com/security/notices/USN-7628-1", "https://ubuntu.com/security/notices/USN-7764-1", "https://ubuntu.com/security/notices/USN-7764-2", "https://ubuntu.com/security/notices/USN-7765-1", "https://ubuntu.com/security/notices/USN-7766-1", "https://ubuntu.com/security/notices/USN-7767-1", "https://ubuntu.com/security/notices/USN-7767-2", "https://ubuntu.com/security/notices/USN-7779-1", "https://ubuntu.com/security/notices/USN-7790-1", "https://ubuntu.com/security/notices/USN-7800-1", "https://ubuntu.com/security/notices/USN-7801-1", "https://ubuntu.com/security/notices/USN-7801-2", "https://ubuntu.com/security/notices/USN-7801-3", "https://ubuntu.com/security/notices/USN-7802-1", "https://ubuntu.com/security/notices/USN-7809-1", "https://www.cve.org/CVERecord?id=CVE-2025-21927" ], "PublishedDate": "2025-04-01T16:15:23.47Z", "LastModifiedDate": "2025-10-01T20:18:33.74Z" }, { "VulnerabilityID": "CVE-2025-21931", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21931", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4dd51f733544410ed79da6056d4cf43fb2984d15e69c6edb2d97dd0719f4c516", "Title": "kernel: hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio\n\nCommit b15c87263a69 (\"hwpoison, memory_hotplug: allow hwpoisoned pages to\nbe offlined) add page poison checks in do_migrate_range in order to make\noffline hwpoisoned page possible by introducing isolate_lru_page and\ntry_to_unmap for hwpoisoned page. However folio lock must be held before\ncalling try_to_unmap. Add it to fix this problem.\n\nWarning will be produced if folio is not locked during unmap:\n\n ------------[ cut here ]------------\n kernel BUG at ./include/linux/swapops.h:400!\n Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\n Modules linked in:\n CPU: 4 UID: 0 PID: 411 Comm: bash Tainted: G W 6.13.0-rc1-00016-g3c434c7ee82a-dirty #41\n Tainted: [W]=WARN\n Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015\n pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : try_to_unmap_one+0xb08/0xd3c\n lr : try_to_unmap_one+0x3dc/0xd3c\n Call trace:\n try_to_unmap_one+0xb08/0xd3c (P)\n try_to_unmap_one+0x3dc/0xd3c (L)\n rmap_walk_anon+0xdc/0x1f8\n rmap_walk+0x3c/0x58\n try_to_unmap+0x88/0x90\n unmap_poisoned_folio+0x30/0xa8\n do_migrate_range+0x4a0/0x568\n offline_pages+0x5a4/0x670\n memory_block_action+0x17c/0x374\n memory_subsys_offline+0x3c/0x78\n device_offline+0xa4/0xd0\n state_store+0x8c/0xf0\n dev_attr_store+0x18/0x2c\n sysfs_kf_write+0x44/0x54\n kernfs_fop_write_iter+0x118/0x1a8\n vfs_write+0x3a8/0x4bc\n ksys_write+0x6c/0xf8\n __arm64_sys_write+0x1c/0x28\n invoke_syscall+0x44/0x100\n el0_svc_common.constprop.0+0x40/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x30/0xd0\n el0t_64_sync_handler+0xc8/0xcc\n el0t_64_sync+0x198/0x19c\n Code: f9407be0 b5fff320 d4210000 17ffff97 (d4210000)\n ---[ end trace 0000000000000000 ]---", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21931", "https://bugzilla.redhat.com/show_bug.cgi?id=2331326", "https://bugzilla.redhat.com/show_bug.cgi?id=2333985", "https://bugzilla.redhat.com/show_bug.cgi?id=2334373", "https://bugzilla.redhat.com/show_bug.cgi?id=2334415", "https://bugzilla.redhat.com/show_bug.cgi?id=2334547", "https://bugzilla.redhat.com/show_bug.cgi?id=2334548", "https://bugzilla.redhat.com/show_bug.cgi?id=2334676", "https://bugzilla.redhat.com/show_bug.cgi?id=2337121", "https://bugzilla.redhat.com/show_bug.cgi?id=2338185", "https://bugzilla.redhat.com/show_bug.cgi?id=2338211", "https://bugzilla.redhat.com/show_bug.cgi?id=2338813", "https://bugzilla.redhat.com/show_bug.cgi?id=2338821", "https://bugzilla.redhat.com/show_bug.cgi?id=2338828", "https://bugzilla.redhat.com/show_bug.cgi?id=2338998", "https://bugzilla.redhat.com/show_bug.cgi?id=2339130", "https://bugzilla.redhat.com/show_bug.cgi?id=2339141", "https://bugzilla.redhat.com/show_bug.cgi?id=2343172", "https://bugzilla.redhat.com/show_bug.cgi?id=2343186", "https://bugzilla.redhat.com/show_bug.cgi?id=2344684", "https://bugzilla.redhat.com/show_bug.cgi?id=2344687", "https://bugzilla.redhat.com/show_bug.cgi?id=2345240", "https://bugzilla.redhat.com/show_bug.cgi?id=2346272", "https://bugzilla.redhat.com/show_bug.cgi?id=2348522", "https://bugzilla.redhat.com/show_bug.cgi?id=2348523", "https://bugzilla.redhat.com/show_bug.cgi?id=2348541", "https://bugzilla.redhat.com/show_bug.cgi?id=2348543", "https://bugzilla.redhat.com/show_bug.cgi?id=2348547", "https://bugzilla.redhat.com/show_bug.cgi?id=2348550", "https://bugzilla.redhat.com/show_bug.cgi?id=2348556", "https://bugzilla.redhat.com/show_bug.cgi?id=2348561", "https://bugzilla.redhat.com/show_bug.cgi?id=2348567", "https://bugzilla.redhat.com/show_bug.cgi?id=2348572", "https://bugzilla.redhat.com/show_bug.cgi?id=2348574", "https://bugzilla.redhat.com/show_bug.cgi?id=2348577", "https://bugzilla.redhat.com/show_bug.cgi?id=2348581", "https://bugzilla.redhat.com/show_bug.cgi?id=2348584", "https://bugzilla.redhat.com/show_bug.cgi?id=2348587", "https://bugzilla.redhat.com/show_bug.cgi?id=2348590", "https://bugzilla.redhat.com/show_bug.cgi?id=2348592", "https://bugzilla.redhat.com/show_bug.cgi?id=2348593", "https://bugzilla.redhat.com/show_bug.cgi?id=2348595", "https://bugzilla.redhat.com/show_bug.cgi?id=2348597", "https://bugzilla.redhat.com/show_bug.cgi?id=2348600", "https://bugzilla.redhat.com/show_bug.cgi?id=2348601", "https://bugzilla.redhat.com/show_bug.cgi?id=2348602", "https://bugzilla.redhat.com/show_bug.cgi?id=2348603", "https://bugzilla.redhat.com/show_bug.cgi?id=2348612", "https://bugzilla.redhat.com/show_bug.cgi?id=2348617", "https://bugzilla.redhat.com/show_bug.cgi?id=2348620", "https://bugzilla.redhat.com/show_bug.cgi?id=2348621", "https://bugzilla.redhat.com/show_bug.cgi?id=2348625", "https://bugzilla.redhat.com/show_bug.cgi?id=2348629", "https://bugzilla.redhat.com/show_bug.cgi?id=2348630", "https://bugzilla.redhat.com/show_bug.cgi?id=2348645", "https://bugzilla.redhat.com/show_bug.cgi?id=2348647", "https://bugzilla.redhat.com/show_bug.cgi?id=2348650", "https://bugzilla.redhat.com/show_bug.cgi?id=2348656", "https://bugzilla.redhat.com/show_bug.cgi?id=2350363", "https://bugzilla.redhat.com/show_bug.cgi?id=2350364", "https://bugzilla.redhat.com/show_bug.cgi?id=2350373", "https://bugzilla.redhat.com/show_bug.cgi?id=2350375", "https://bugzilla.redhat.com/show_bug.cgi?id=2350386", "https://bugzilla.redhat.com/show_bug.cgi?id=2350392", "https://bugzilla.redhat.com/show_bug.cgi?id=2350396", "https://bugzilla.redhat.com/show_bug.cgi?id=2350397", "https://bugzilla.redhat.com/show_bug.cgi?id=2350589", "https://bugzilla.redhat.com/show_bug.cgi?id=2350725", "https://bugzilla.redhat.com/show_bug.cgi?id=2350726", "https://bugzilla.redhat.com/show_bug.cgi?id=2351605", "https://bugzilla.redhat.com/show_bug.cgi?id=2351606", "https://bugzilla.redhat.com/show_bug.cgi?id=2351608", "https://bugzilla.redhat.com/show_bug.cgi?id=2351612", "https://bugzilla.redhat.com/show_bug.cgi?id=2351613", "https://bugzilla.redhat.com/show_bug.cgi?id=2351616", "https://bugzilla.redhat.com/show_bug.cgi?id=2351618", "https://bugzilla.redhat.com/show_bug.cgi?id=2351620", "https://bugzilla.redhat.com/show_bug.cgi?id=2351624", "https://bugzilla.redhat.com/show_bug.cgi?id=2351625", "https://bugzilla.redhat.com/show_bug.cgi?id=2351629", "https://bugzilla.redhat.com/show_bug.cgi?id=2356641", "https://bugzilla.redhat.com/show_bug.cgi?id=2356647", "https://bugzilla.redhat.com/show_bug.cgi?id=2356664", "https://bugzilla.redhat.com/show_bug.cgi?id=2360215", "https://bugzilla.redhat.com/show_bug.cgi?id=2363332", "https://bugzilla.redhat.com/show_bug.cgi?id=2366125", "https://bugzilla.redhat.com/show_bug.cgi?id=2369184", "https://bugzilla.redhat.com/show_bug.cgi?id=2376076", "https://bugzilla.redhat.com/show_bug.cgi?id=2383398", "https://bugzilla.redhat.com/show_bug.cgi?id=2383432", "https://bugzilla.redhat.com/show_bug.cgi?id=2383913", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28956", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36350", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49570", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52332", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53147", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53222", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53241", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54456", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56662", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56690", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57901", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57902", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57941", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57942", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57977", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57981", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57984", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57986", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57987", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57988", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57995", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58004", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58005", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58006", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58012", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58013", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58015", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58020", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58057", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58061", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58069", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58072", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58075", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58077", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58088", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21633", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21647", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21652", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21655", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21671", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21680", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21693", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21696", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21702", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21732", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21738", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21741", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21742", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21743", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21750", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21761", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21765", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21771", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21777", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21785", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21828", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21837", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21844", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21846", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21851", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21855", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21857", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21861", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21863", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21902", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21931", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21976", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37749", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37994", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38116", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38369", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38412", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38468", "https://errata.rockylinux.org/RLSA-2025:20095", "https://git.kernel.org/linus/af288a426c3e3552b62595c6138ec6371a17dbba (6.14-rc6)", "https://git.kernel.org/stable/c/3926b572fd073491bde13ec42ee08ac1b337bf4d", "https://git.kernel.org/stable/c/576a2f4c437c19bec7d05d05b5990f178d2b0f40", "https://git.kernel.org/stable/c/629dfc6ba5431056701d4e44830f3409b989955a", "https://git.kernel.org/stable/c/93df6da64b004f75d307ed08d3f0f1020280d339", "https://git.kernel.org/stable/c/af288a426c3e3552b62595c6138ec6371a17dbba", "https://linux.oracle.com/cve/CVE-2025-21931.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html", "https://lore.kernel.org/linux-cve-announce/2025040133-CVE-2025-21931-3d56@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21931", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-21931" ], "PublishedDate": "2025-04-01T16:15:23.933Z", "LastModifiedDate": "2025-11-03T20:17:29.303Z" }, { "VulnerabilityID": "CVE-2025-21944", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21944", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:60c02833cad50e2d75d5db0c883ac39eea07e795b56955bff66d00b9f58cb0d6", "Title": "kernel: ksmbd: fix bug on trap in smb2_lock", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix bug on trap in smb2_lock\n\nIf lock count is greater than 1, flags could be old value.\nIt should be checked with flags of smb_lock, not flags.\nIt will cause bug-on trap from locks_free_lock in error handling\nroutine.", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "photon": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21944", "https://git.kernel.org/linus/e26e2d2e15daf1ab33e0135caf2304a0cfa2744b (6.14-rc6)", "https://git.kernel.org/stable/c/11e0e74e14f1832a95092f2c98ed3b99f57797ee", "https://git.kernel.org/stable/c/2b70e3ac79eacbdf32571f7af48dd81cdd957ca8", "https://git.kernel.org/stable/c/8994f0ce8259f812b4f4a681d8298c6ff682efaa", "https://git.kernel.org/stable/c/dbcd7fdd86f77529210fe8978154a81cd479844c", "https://git.kernel.org/stable/c/e26e2d2e15daf1ab33e0135caf2304a0cfa2744b", "https://linux.oracle.com/cve/CVE-2025-21944.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html", "https://lore.kernel.org/linux-cve-announce/2025040135-CVE-2025-21944-d6eb@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21944", "https://ubuntu.com/security/notices/USN-7605-1", "https://ubuntu.com/security/notices/USN-7605-2", "https://ubuntu.com/security/notices/USN-7606-1", "https://ubuntu.com/security/notices/USN-7628-1", "https://ubuntu.com/security/notices/USN-7764-1", "https://ubuntu.com/security/notices/USN-7764-2", "https://ubuntu.com/security/notices/USN-7765-1", "https://ubuntu.com/security/notices/USN-7766-1", "https://ubuntu.com/security/notices/USN-7767-1", "https://ubuntu.com/security/notices/USN-7767-2", "https://ubuntu.com/security/notices/USN-7779-1", "https://ubuntu.com/security/notices/USN-7790-1", "https://ubuntu.com/security/notices/USN-7800-1", "https://ubuntu.com/security/notices/USN-7801-1", "https://ubuntu.com/security/notices/USN-7801-2", "https://ubuntu.com/security/notices/USN-7801-3", "https://ubuntu.com/security/notices/USN-7802-1", "https://ubuntu.com/security/notices/USN-7809-1", "https://www.cve.org/CVERecord?id=CVE-2025-21944" ], "PublishedDate": "2025-04-01T16:15:25.513Z", "LastModifiedDate": "2025-11-03T20:17:31.29Z" }, { "VulnerabilityID": "CVE-2025-21945", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21945", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5a01dbf940d888e190e73204f1a377ca1ee4a5b974f40f289acd5827784ffc0e", "Title": "kernel: ksmbd: fix use-after-free in smb2_lock", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix use-after-free in smb2_lock\n\nIf smb_lock-\u003ezero_len has value, -\u003ellist of smb_lock is not delete and\nflock is old one. It will cause use-after-free on error handling\nroutine.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21945", "https://git.kernel.org/linus/84d2d1641b71dec326e8736a749b7ee76a9599fc (6.14-rc6)", "https://git.kernel.org/stable/c/410ce35a2ed6d0e114132bba29af49b69880c8c7", "https://git.kernel.org/stable/c/636e021646cf9b52ddfea7c809b018e91f2188cb", "https://git.kernel.org/stable/c/84d2d1641b71dec326e8736a749b7ee76a9599fc", "https://git.kernel.org/stable/c/8573571060ca466cbef2c6f03306b2cc7b883506", "https://git.kernel.org/stable/c/a0609097fd10d618aed4864038393dd75131289e", "https://linux.oracle.com/cve/CVE-2025-21945.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html", "https://lore.kernel.org/linux-cve-announce/2025040136-CVE-2025-21945-d791@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21945", "https://ubuntu.com/security/notices/USN-7605-1", "https://ubuntu.com/security/notices/USN-7605-2", "https://ubuntu.com/security/notices/USN-7606-1", "https://ubuntu.com/security/notices/USN-7628-1", "https://ubuntu.com/security/notices/USN-7764-1", "https://ubuntu.com/security/notices/USN-7764-2", "https://ubuntu.com/security/notices/USN-7765-1", "https://ubuntu.com/security/notices/USN-7766-1", "https://ubuntu.com/security/notices/USN-7767-1", "https://ubuntu.com/security/notices/USN-7767-2", "https://ubuntu.com/security/notices/USN-7779-1", "https://ubuntu.com/security/notices/USN-7790-1", "https://ubuntu.com/security/notices/USN-7800-1", "https://ubuntu.com/security/notices/USN-7801-1", "https://ubuntu.com/security/notices/USN-7801-2", "https://ubuntu.com/security/notices/USN-7801-3", "https://ubuntu.com/security/notices/USN-7802-1", "https://ubuntu.com/security/notices/USN-7809-1", "https://www.cve.org/CVERecord?id=CVE-2025-21945" ], "PublishedDate": "2025-04-01T16:15:25.633Z", "LastModifiedDate": "2025-11-03T20:17:31.417Z" }, { "VulnerabilityID": "CVE-2025-21946", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21946", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b15b6d75b14667410c684364e6f3300d0ec1e3d3377efade7c11d1d7a67aba4f", "Title": "kernel: ksmbd: fix out-of-bounds in parse_sec_desc()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix out-of-bounds in parse_sec_desc()\n\nIf osidoffset, gsidoffset and dacloffset could be greater than smb_ntsd\nstruct size. If it is smaller, It could cause slab-out-of-bounds.\nAnd when validating sid, It need to check it included subauth array size.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "nvd": 3, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21946", "https://git.kernel.org/linus/d6e13e19063db24f94b690159d0633aaf72a0f03 (6.14-rc6)", "https://git.kernel.org/stable/c/159d059cbcb0e6d0e7a7b34af3862ba09a6b22d1", "https://git.kernel.org/stable/c/6a9831180d0b23b5c97e2bd841aefc8f82900172", "https://git.kernel.org/stable/c/c1569dbbe2d43041be9f3fef7ca08bec3b66ad1b", "https://git.kernel.org/stable/c/d6e13e19063db24f94b690159d0633aaf72a0f03", "https://git.kernel.org/stable/c/f4ee19528664777af8b842f8f001be98345aa973", "https://linux.oracle.com/cve/CVE-2025-21946.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025040136-CVE-2025-21946-63a2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21946", "https://ubuntu.com/security/notices/USN-7605-1", "https://ubuntu.com/security/notices/USN-7605-2", "https://ubuntu.com/security/notices/USN-7606-1", "https://ubuntu.com/security/notices/USN-7628-1", "https://ubuntu.com/security/notices/USN-7764-1", "https://ubuntu.com/security/notices/USN-7764-2", "https://ubuntu.com/security/notices/USN-7765-1", "https://ubuntu.com/security/notices/USN-7766-1", "https://ubuntu.com/security/notices/USN-7767-1", "https://ubuntu.com/security/notices/USN-7767-2", "https://ubuntu.com/security/notices/USN-7779-1", "https://ubuntu.com/security/notices/USN-7790-1", "https://ubuntu.com/security/notices/USN-7800-1", "https://ubuntu.com/security/notices/USN-7801-1", "https://ubuntu.com/security/notices/USN-7801-2", "https://ubuntu.com/security/notices/USN-7801-3", "https://ubuntu.com/security/notices/USN-7802-1", "https://ubuntu.com/security/notices/USN-7809-1", "https://www.cve.org/CVERecord?id=CVE-2025-21946" ], "PublishedDate": "2025-04-01T16:15:25.73Z", "LastModifiedDate": "2026-01-11T17:15:52.057Z" }, { "VulnerabilityID": "CVE-2025-21947", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21947", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e1b247639726152610e64c7022a075c2db74eb501b3c4b300741967faee66c2b", "Title": "kernel: ksmbd: fix type confusion via race condition when using ipc_msg_send_request", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix type confusion via race condition when using ipc_msg_send_request\n\nreq-\u003ehandle is allocated using ksmbd_acquire_id(\u0026ipc_ida), based on\nida_alloc. req-\u003ehandle from ksmbd_ipc_login_request and\nFSCTL_PIPE_TRANSCEIVE ioctl can be same and it could lead to type confusion\nbetween messages, resulting in access to unexpected parts of memory after\nan incorrect delivery. ksmbd check type of ipc response but missing add\ncontinue to check next ipc reponse.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21947", "https://git.kernel.org/linus/e2ff19f0b7a30e03516e6eb73b948e27a55bc9d2 (6.14-rc6)", "https://git.kernel.org/stable/c/1e8833c03a38e1d5d5df6484e3f670a2fd38fb76", "https://git.kernel.org/stable/c/3cb2b2e41541fe6f9cc55ca22d4c0bd260498aea", "https://git.kernel.org/stable/c/6321bbda4244b93802d61cfe0887883aae322f4b", "https://git.kernel.org/stable/c/76861630b29e51373e73e7b00ad0d467b6941162", "https://git.kernel.org/stable/c/e2ff19f0b7a30e03516e6eb73b948e27a55bc9d2", "https://linux.oracle.com/cve/CVE-2025-21947.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html", "https://lore.kernel.org/linux-cve-announce/2025040136-CVE-2025-21947-fcc5@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21947", "https://ubuntu.com/security/notices/USN-7605-1", "https://ubuntu.com/security/notices/USN-7605-2", "https://ubuntu.com/security/notices/USN-7606-1", "https://ubuntu.com/security/notices/USN-7628-1", "https://ubuntu.com/security/notices/USN-7764-1", "https://ubuntu.com/security/notices/USN-7764-2", "https://ubuntu.com/security/notices/USN-7765-1", "https://ubuntu.com/security/notices/USN-7766-1", "https://ubuntu.com/security/notices/USN-7767-1", "https://ubuntu.com/security/notices/USN-7767-2", "https://ubuntu.com/security/notices/USN-7779-1", "https://ubuntu.com/security/notices/USN-7790-1", "https://ubuntu.com/security/notices/USN-7800-1", "https://ubuntu.com/security/notices/USN-7801-1", "https://ubuntu.com/security/notices/USN-7801-2", "https://ubuntu.com/security/notices/USN-7801-3", "https://ubuntu.com/security/notices/USN-7802-1", "https://ubuntu.com/security/notices/USN-7809-1", "https://www.cve.org/CVERecord?id=CVE-2025-21947" ], "PublishedDate": "2025-04-01T16:15:25.83Z", "LastModifiedDate": "2026-04-02T09:16:17.997Z" }, { "VulnerabilityID": "CVE-2025-21955", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21955", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:bae8d7559b1a6f6e8b3a3e87ba80123d1be2e2f57c095e7ee08b6931f3be5b7c", "Title": "kernel: ksmbd: prevent connection release during oplock break notification", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: prevent connection release during oplock break notification\n\nksmbd_work could be freed when after connection release.\nIncrement r_count of ksmbd_conn to indicate that requests\nare not finished yet and to not release the connection.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21955", "https://git.kernel.org/linus/3aa660c059240e0c795217182cf7df32909dd917 (6.14-rc7)", "https://git.kernel.org/stable/c/09aeab68033161cb54f194da93e51a11aee6144b", "https://git.kernel.org/stable/c/3aa660c059240e0c795217182cf7df32909dd917", "https://git.kernel.org/stable/c/a4261bbc33fbf99b99c80aa3a2c5097611802980", "https://git.kernel.org/stable/c/f17d1c63a76b0fe8e9c78023a86507a3a6d62cfa", "https://linux.oracle.com/cve/CVE-2025-21955.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025040143-CVE-2025-21955-c393@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21955", "https://ubuntu.com/security/notices/USN-7605-1", "https://ubuntu.com/security/notices/USN-7605-2", "https://ubuntu.com/security/notices/USN-7606-1", "https://ubuntu.com/security/notices/USN-7628-1", "https://ubuntu.com/security/notices/USN-7764-1", "https://ubuntu.com/security/notices/USN-7764-2", "https://ubuntu.com/security/notices/USN-7765-1", "https://ubuntu.com/security/notices/USN-7766-1", "https://ubuntu.com/security/notices/USN-7767-1", "https://ubuntu.com/security/notices/USN-7767-2", "https://ubuntu.com/security/notices/USN-7779-1", "https://ubuntu.com/security/notices/USN-7790-1", "https://ubuntu.com/security/notices/USN-7800-1", "https://ubuntu.com/security/notices/USN-7801-1", "https://ubuntu.com/security/notices/USN-7801-2", "https://ubuntu.com/security/notices/USN-7801-3", "https://ubuntu.com/security/notices/USN-7802-1", "https://ubuntu.com/security/notices/USN-7809-1", "https://www.cve.org/CVERecord?id=CVE-2025-21955" ], "PublishedDate": "2025-04-01T16:15:26.71Z", "LastModifiedDate": "2025-10-31T18:20:19.96Z" }, { "VulnerabilityID": "CVE-2025-21967", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21967", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:65f02b525d70a09f0a87c9d0e78764ef201e0301e9387ed806b9f88d7e262fc3", "Title": "kernel: ksmbd: fix use-after-free in ksmbd_free_work_struct", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix use-after-free in ksmbd_free_work_struct\n\n-\u003einterim_entry of ksmbd_work could be deleted after oplock is freed.\nWe don't need to manage it with linked list. The interim request could be\nimmediately sent whenever a oplock break wait is needed.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 3, "oracle-oval": 3, "redhat": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21967", "https://git.kernel.org/linus/bb39ed47065455604729404729d9116868638d31 (6.14-rc7)", "https://git.kernel.org/stable/c/62746ae3f5414244a96293e3b017be637b641280", "https://git.kernel.org/stable/c/bb39ed47065455604729404729d9116868638d31", "https://git.kernel.org/stable/c/eb51f6f59d19b92f6fe84d3873f958495ab32f0a", "https://git.kernel.org/stable/c/fb776765bfc21d5e4ed03bb3d4406c2b86ff1ac3", "https://linux.oracle.com/cve/CVE-2025-21967.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025040146-CVE-2025-21967-114e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21967", "https://ubuntu.com/security/notices/USN-7605-1", "https://ubuntu.com/security/notices/USN-7605-2", "https://ubuntu.com/security/notices/USN-7606-1", "https://ubuntu.com/security/notices/USN-7628-1", "https://ubuntu.com/security/notices/USN-7764-1", "https://ubuntu.com/security/notices/USN-7764-2", "https://ubuntu.com/security/notices/USN-7765-1", "https://ubuntu.com/security/notices/USN-7766-1", "https://ubuntu.com/security/notices/USN-7767-1", "https://ubuntu.com/security/notices/USN-7767-2", "https://ubuntu.com/security/notices/USN-7779-1", "https://ubuntu.com/security/notices/USN-7790-1", "https://ubuntu.com/security/notices/USN-7800-1", "https://ubuntu.com/security/notices/USN-7801-1", "https://ubuntu.com/security/notices/USN-7801-2", "https://ubuntu.com/security/notices/USN-7801-3", "https://ubuntu.com/security/notices/USN-7802-1", "https://ubuntu.com/security/notices/USN-7809-1", "https://www.cve.org/CVERecord?id=CVE-2025-21967" ], "PublishedDate": "2025-04-01T16:15:27.983Z", "LastModifiedDate": "2025-04-16T14:15:24.073Z" }, { "VulnerabilityID": "CVE-2025-21972", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21972", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:91fc6b98f25dc4a12be3db8d88f2680324bcb468143524bb59f267abc642ef3a", "Title": "kernel: net: mctp: unshare packets when reassembling", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mctp: unshare packets when reassembling\n\nEnsure that the frag_list used for reassembly isn't shared with other\npackets. This avoids incorrect reassembly when packets are cloned, and\nprevents a memory leak due to circular references between fragments and\ntheir skb_shared_info.\n\nThe upcoming MCTP-over-USB driver uses skb_clone which can trigger the\nproblem - other MCTP drivers don't share SKBs.\n\nA kunit test is added to reproduce the issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21972", "https://git.kernel.org/linus/f5d83cf0eeb90fade4d5c4d17d24b8bee9ceeecc (6.14-rc7)", "https://git.kernel.org/stable/c/5c47d5bfa7b096cf8890afac32141c578583f8e0", "https://git.kernel.org/stable/c/f44fff3d3c6cd67b6f348b821d73c4d6888c7a6e", "https://git.kernel.org/stable/c/f5d83cf0eeb90fade4d5c4d17d24b8bee9ceeecc", "https://linux.oracle.com/cve/CVE-2025-21972.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025040146-CVE-2025-21972-1415@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21972", "https://ubuntu.com/security/notices/USN-7605-1", "https://ubuntu.com/security/notices/USN-7605-2", "https://ubuntu.com/security/notices/USN-7606-1", "https://ubuntu.com/security/notices/USN-7628-1", "https://ubuntu.com/security/notices/USN-7764-1", "https://ubuntu.com/security/notices/USN-7764-2", "https://ubuntu.com/security/notices/USN-7765-1", "https://ubuntu.com/security/notices/USN-7766-1", "https://ubuntu.com/security/notices/USN-7767-1", "https://ubuntu.com/security/notices/USN-7767-2", "https://ubuntu.com/security/notices/USN-7779-1", "https://ubuntu.com/security/notices/USN-7790-1", "https://ubuntu.com/security/notices/USN-7800-1", "https://ubuntu.com/security/notices/USN-7801-1", "https://ubuntu.com/security/notices/USN-7801-2", "https://ubuntu.com/security/notices/USN-7801-3", "https://ubuntu.com/security/notices/USN-7802-1", "https://ubuntu.com/security/notices/USN-7809-1", "https://www.cve.org/CVERecord?id=CVE-2025-21972" ], "PublishedDate": "2025-04-01T16:15:28.54Z", "LastModifiedDate": "2025-10-31T19:16:02.18Z" }, { "VulnerabilityID": "CVE-2025-21976", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21976", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:903467a8c88932af76a20a70463ae8a44f8dcfd7a008482acf389e01b88d4a36", "Title": "kernel: fbdev: hyperv_fb: Allow graceful removal of framebuffer", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: hyperv_fb: Allow graceful removal of framebuffer\n\nWhen a Hyper-V framebuffer device is unbind, hyperv_fb driver tries to\nrelease the framebuffer forcefully. If this framebuffer is in use it\nproduce the following WARN and hence this framebuffer is never released.\n\n[ 44.111220] WARNING: CPU: 35 PID: 1882 at drivers/video/fbdev/core/fb_info.c:70 framebuffer_release+0x2c/0x40\n\u003c snip \u003e\n[ 44.111289] Call Trace:\n[ 44.111290] \u003cTASK\u003e\n[ 44.111291] ? show_regs+0x6c/0x80\n[ 44.111295] ? __warn+0x8d/0x150\n[ 44.111298] ? framebuffer_release+0x2c/0x40\n[ 44.111300] ? report_bug+0x182/0x1b0\n[ 44.111303] ? handle_bug+0x6e/0xb0\n[ 44.111306] ? exc_invalid_op+0x18/0x80\n[ 44.111308] ? asm_exc_invalid_op+0x1b/0x20\n[ 44.111311] ? framebuffer_release+0x2c/0x40\n[ 44.111313] ? hvfb_remove+0x86/0xa0 [hyperv_fb]\n[ 44.111315] vmbus_remove+0x24/0x40 [hv_vmbus]\n[ 44.111323] device_remove+0x40/0x80\n[ 44.111325] device_release_driver_internal+0x20b/0x270\n[ 44.111327] ? bus_find_device+0xb3/0xf0\n\nFix this by moving the release of framebuffer and assosiated memory\nto fb_ops.fb_destroy function, so that framebuffer framework handles\nit gracefully.\n\nWhile we fix this, also replace manual registrations/unregistration of\nframebuffer with devm_register_framebuffer.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "nvd": 2, "oracle-oval": 3, "redhat": 1, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:20095", "https://access.redhat.com/security/cve/CVE-2025-21976", "https://bugzilla.redhat.com/2331326", "https://bugzilla.redhat.com/2333985", "https://bugzilla.redhat.com/2334373", "https://bugzilla.redhat.com/2334415", "https://bugzilla.redhat.com/2334547", "https://bugzilla.redhat.com/2334548", "https://bugzilla.redhat.com/2334676", "https://bugzilla.redhat.com/2337121", "https://bugzilla.redhat.com/2338185", "https://bugzilla.redhat.com/2338211", "https://bugzilla.redhat.com/2338813", "https://bugzilla.redhat.com/2338821", "https://bugzilla.redhat.com/2338828", "https://bugzilla.redhat.com/2338998", "https://bugzilla.redhat.com/2339130", "https://bugzilla.redhat.com/2339141", "https://bugzilla.redhat.com/2343172", "https://bugzilla.redhat.com/2343186", "https://bugzilla.redhat.com/2344684", "https://bugzilla.redhat.com/2344687", "https://bugzilla.redhat.com/2345240", "https://bugzilla.redhat.com/2346272", "https://bugzilla.redhat.com/2348522", "https://bugzilla.redhat.com/2348523", "https://bugzilla.redhat.com/2348541", "https://bugzilla.redhat.com/2348543", "https://bugzilla.redhat.com/2348547", "https://bugzilla.redhat.com/2348550", "https://bugzilla.redhat.com/2348556", "https://bugzilla.redhat.com/2348561", "https://bugzilla.redhat.com/2348567", "https://bugzilla.redhat.com/2348572", "https://bugzilla.redhat.com/2348574", "https://bugzilla.redhat.com/2348577", "https://bugzilla.redhat.com/2348581", "https://bugzilla.redhat.com/2348584", "https://bugzilla.redhat.com/2348587", "https://bugzilla.redhat.com/2348590", "https://bugzilla.redhat.com/2348592", "https://bugzilla.redhat.com/2348593", "https://bugzilla.redhat.com/2348595", "https://bugzilla.redhat.com/2348597", "https://bugzilla.redhat.com/2348600", "https://bugzilla.redhat.com/2348601", "https://bugzilla.redhat.com/2348602", "https://bugzilla.redhat.com/2348603", "https://bugzilla.redhat.com/2348612", "https://bugzilla.redhat.com/2348617", "https://bugzilla.redhat.com/2348620", "https://bugzilla.redhat.com/2348621", "https://bugzilla.redhat.com/2348625", "https://bugzilla.redhat.com/2348629", "https://bugzilla.redhat.com/2348630", "https://bugzilla.redhat.com/2348645", "https://bugzilla.redhat.com/2348647", "https://bugzilla.redhat.com/2348650", "https://bugzilla.redhat.com/2348656", "https://bugzilla.redhat.com/2350363", "https://bugzilla.redhat.com/2350364", "https://bugzilla.redhat.com/2350373", "https://bugzilla.redhat.com/2350375", "https://bugzilla.redhat.com/2350386", "https://bugzilla.redhat.com/2350392", "https://bugzilla.redhat.com/2350396", "https://bugzilla.redhat.com/2350397", "https://bugzilla.redhat.com/2350589", "https://bugzilla.redhat.com/2350725", "https://bugzilla.redhat.com/2350726", "https://bugzilla.redhat.com/2351605", "https://bugzilla.redhat.com/2351606", "https://bugzilla.redhat.com/2351608", "https://bugzilla.redhat.com/2351612", "https://bugzilla.redhat.com/2351613", "https://bugzilla.redhat.com/2351616", "https://bugzilla.redhat.com/2351618", "https://bugzilla.redhat.com/2351620", "https://bugzilla.redhat.com/2351624", "https://bugzilla.redhat.com/2351625", "https://bugzilla.redhat.com/2351629", "https://bugzilla.redhat.com/2356664", "https://bugzilla.redhat.com/2360215", "https://bugzilla.redhat.com/2363332", "https://bugzilla.redhat.com/2366125", "https://bugzilla.redhat.com/2369184", "https://bugzilla.redhat.com/2376076", "https://bugzilla.redhat.com/2383398", "https://bugzilla.redhat.com/2383432", "https://bugzilla.redhat.com/2383913", "https://bugzilla.redhat.com/show_bug.cgi?id=2331326", "https://bugzilla.redhat.com/show_bug.cgi?id=2333985", "https://bugzilla.redhat.com/show_bug.cgi?id=2334373", "https://bugzilla.redhat.com/show_bug.cgi?id=2334415", "https://bugzilla.redhat.com/show_bug.cgi?id=2334547", "https://bugzilla.redhat.com/show_bug.cgi?id=2334548", "https://bugzilla.redhat.com/show_bug.cgi?id=2334676", "https://bugzilla.redhat.com/show_bug.cgi?id=2337121", "https://bugzilla.redhat.com/show_bug.cgi?id=2338185", "https://bugzilla.redhat.com/show_bug.cgi?id=2338211", "https://bugzilla.redhat.com/show_bug.cgi?id=2338813", "https://bugzilla.redhat.com/show_bug.cgi?id=2338821", "https://bugzilla.redhat.com/show_bug.cgi?id=2338828", "https://bugzilla.redhat.com/show_bug.cgi?id=2338998", "https://bugzilla.redhat.com/show_bug.cgi?id=2339130", "https://bugzilla.redhat.com/show_bug.cgi?id=2339141", "https://bugzilla.redhat.com/show_bug.cgi?id=2343172", "https://bugzilla.redhat.com/show_bug.cgi?id=2343186", "https://bugzilla.redhat.com/show_bug.cgi?id=2344684", "https://bugzilla.redhat.com/show_bug.cgi?id=2344687", "https://bugzilla.redhat.com/show_bug.cgi?id=2345240", "https://bugzilla.redhat.com/show_bug.cgi?id=2346272", "https://bugzilla.redhat.com/show_bug.cgi?id=2348522", "https://bugzilla.redhat.com/show_bug.cgi?id=2348523", "https://bugzilla.redhat.com/show_bug.cgi?id=2348541", "https://bugzilla.redhat.com/show_bug.cgi?id=2348543", "https://bugzilla.redhat.com/show_bug.cgi?id=2348547", "https://bugzilla.redhat.com/show_bug.cgi?id=2348550", "https://bugzilla.redhat.com/show_bug.cgi?id=2348556", "https://bugzilla.redhat.com/show_bug.cgi?id=2348561", "https://bugzilla.redhat.com/show_bug.cgi?id=2348567", "https://bugzilla.redhat.com/show_bug.cgi?id=2348572", "https://bugzilla.redhat.com/show_bug.cgi?id=2348574", "https://bugzilla.redhat.com/show_bug.cgi?id=2348577", "https://bugzilla.redhat.com/show_bug.cgi?id=2348581", "https://bugzilla.redhat.com/show_bug.cgi?id=2348584", "https://bugzilla.redhat.com/show_bug.cgi?id=2348587", "https://bugzilla.redhat.com/show_bug.cgi?id=2348590", "https://bugzilla.redhat.com/show_bug.cgi?id=2348592", "https://bugzilla.redhat.com/show_bug.cgi?id=2348593", "https://bugzilla.redhat.com/show_bug.cgi?id=2348595", "https://bugzilla.redhat.com/show_bug.cgi?id=2348597", "https://bugzilla.redhat.com/show_bug.cgi?id=2348600", "https://bugzilla.redhat.com/show_bug.cgi?id=2348601", "https://bugzilla.redhat.com/show_bug.cgi?id=2348602", "https://bugzilla.redhat.com/show_bug.cgi?id=2348603", "https://bugzilla.redhat.com/show_bug.cgi?id=2348612", "https://bugzilla.redhat.com/show_bug.cgi?id=2348617", "https://bugzilla.redhat.com/show_bug.cgi?id=2348620", "https://bugzilla.redhat.com/show_bug.cgi?id=2348621", "https://bugzilla.redhat.com/show_bug.cgi?id=2348625", "https://bugzilla.redhat.com/show_bug.cgi?id=2348629", "https://bugzilla.redhat.com/show_bug.cgi?id=2348630", "https://bugzilla.redhat.com/show_bug.cgi?id=2348645", "https://bugzilla.redhat.com/show_bug.cgi?id=2348647", "https://bugzilla.redhat.com/show_bug.cgi?id=2348650", "https://bugzilla.redhat.com/show_bug.cgi?id=2348656", "https://bugzilla.redhat.com/show_bug.cgi?id=2350363", "https://bugzilla.redhat.com/show_bug.cgi?id=2350364", "https://bugzilla.redhat.com/show_bug.cgi?id=2350373", "https://bugzilla.redhat.com/show_bug.cgi?id=2350375", "https://bugzilla.redhat.com/show_bug.cgi?id=2350386", "https://bugzilla.redhat.com/show_bug.cgi?id=2350392", "https://bugzilla.redhat.com/show_bug.cgi?id=2350396", "https://bugzilla.redhat.com/show_bug.cgi?id=2350397", "https://bugzilla.redhat.com/show_bug.cgi?id=2350589", "https://bugzilla.redhat.com/show_bug.cgi?id=2350725", "https://bugzilla.redhat.com/show_bug.cgi?id=2350726", "https://bugzilla.redhat.com/show_bug.cgi?id=2351605", "https://bugzilla.redhat.com/show_bug.cgi?id=2351606", "https://bugzilla.redhat.com/show_bug.cgi?id=2351608", "https://bugzilla.redhat.com/show_bug.cgi?id=2351612", "https://bugzilla.redhat.com/show_bug.cgi?id=2351613", "https://bugzilla.redhat.com/show_bug.cgi?id=2351616", "https://bugzilla.redhat.com/show_bug.cgi?id=2351618", "https://bugzilla.redhat.com/show_bug.cgi?id=2351620", "https://bugzilla.redhat.com/show_bug.cgi?id=2351624", "https://bugzilla.redhat.com/show_bug.cgi?id=2351625", "https://bugzilla.redhat.com/show_bug.cgi?id=2351629", "https://bugzilla.redhat.com/show_bug.cgi?id=2356641", "https://bugzilla.redhat.com/show_bug.cgi?id=2356647", "https://bugzilla.redhat.com/show_bug.cgi?id=2356664", "https://bugzilla.redhat.com/show_bug.cgi?id=2360215", "https://bugzilla.redhat.com/show_bug.cgi?id=2363332", "https://bugzilla.redhat.com/show_bug.cgi?id=2366125", "https://bugzilla.redhat.com/show_bug.cgi?id=2369184", "https://bugzilla.redhat.com/show_bug.cgi?id=2376076", "https://bugzilla.redhat.com/show_bug.cgi?id=2383398", "https://bugzilla.redhat.com/show_bug.cgi?id=2383432", "https://bugzilla.redhat.com/show_bug.cgi?id=2383913", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28956", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36350", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49570", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52332", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53147", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53222", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53241", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54456", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56662", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56690", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57901", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57902", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57941", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57942", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57977", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57981", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57984", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57986", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57987", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57988", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57995", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58004", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58005", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58006", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58012", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58013", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58015", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58020", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58057", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58061", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58069", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58072", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58075", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58077", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58088", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21633", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21647", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21652", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21655", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21671", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21680", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21693", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21696", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21702", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21732", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21738", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21741", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21742", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21743", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21750", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21761", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21765", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21771", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21777", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21785", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21828", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21837", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21844", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21846", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21851", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21855", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21857", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21861", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21863", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21902", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21931", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21976", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37749", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37994", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38116", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38369", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38412", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38468", "https://errata.almalinux.org/10/ALSA-2025-20095.html", "https://errata.rockylinux.org/RLSA-2025:20095", "https://git.kernel.org/linus/ea2f45ab0e53b255f72c85ccd99e2b394fc5fceb (6.14-rc7)", "https://git.kernel.org/stable/c/4545e2aa121aea304d33903099c03e29ed4fe50a", "https://git.kernel.org/stable/c/a7b583dc99c6cf4a96877017be1d08247e1ef2c7", "https://git.kernel.org/stable/c/ea2f45ab0e53b255f72c85ccd99e2b394fc5fceb", "https://linux.oracle.com/cve/CVE-2025-21976.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025040147-CVE-2025-21976-340d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21976", "https://ubuntu.com/security/notices/USN-7764-1", "https://ubuntu.com/security/notices/USN-7764-2", "https://ubuntu.com/security/notices/USN-7765-1", "https://ubuntu.com/security/notices/USN-7766-1", "https://ubuntu.com/security/notices/USN-7767-1", "https://ubuntu.com/security/notices/USN-7767-2", "https://ubuntu.com/security/notices/USN-7779-1", "https://ubuntu.com/security/notices/USN-7790-1", "https://ubuntu.com/security/notices/USN-7800-1", "https://ubuntu.com/security/notices/USN-7801-1", "https://ubuntu.com/security/notices/USN-7801-2", "https://ubuntu.com/security/notices/USN-7801-3", "https://ubuntu.com/security/notices/USN-7802-1", "https://ubuntu.com/security/notices/USN-7809-1", "https://www.cve.org/CVERecord?id=CVE-2025-21976" ], "PublishedDate": "2025-04-01T16:15:28.973Z", "LastModifiedDate": "2025-10-30T21:00:33.783Z" }, { "VulnerabilityID": "CVE-2025-21985", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21985", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e4efab0efa8aa7adaa80dc827ef9ffe26a9f96342d1da1bf5e74e43fd610d91d", "Title": "kernel: drm/amd/display: Fix out-of-bound accesses", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix out-of-bound accesses\n\n[WHAT \u0026 HOW]\nhpo_stream_to_link_encoder_mapping has size MAX_HPO_DP2_ENCODERS(=4),\nbut location can have size up to 6. As a result, it is necessary to\ncheck location against MAX_HPO_DP2_ENCODERS.\n\nSimiliarly, disp_cfg_stream_location can be used as an array index which\nshould be 0..5, so the ASSERT's conditions should be less without equal.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "nvd": 3, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21985", "https://git.kernel.org/linus/8adbb2a98b00926315fd513b5fe2596b5716b82d (6.14-rc2)", "https://git.kernel.org/stable/c/36793d90d76f667d26c6dd025571481ee0c96abc", "https://git.kernel.org/stable/c/8adbb2a98b00926315fd513b5fe2596b5716b82d", "https://git.kernel.org/stable/c/9aedc776b11038f04f4641241bb7e877781e4aa4", "https://linux.oracle.com/cve/CVE-2025-21985.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025040149-CVE-2025-21985-435c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21985", "https://www.cve.org/CVERecord?id=CVE-2025-21985" ], "PublishedDate": "2025-04-01T16:15:29.91Z", "LastModifiedDate": "2025-10-30T19:17:14.153Z" }, { "VulnerabilityID": "CVE-2025-21986", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21986", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8eecb4d1f0140b3b39ef458b5949dfd23ac7e0d38d6cd797bd60bf8b76d878e2", "Title": "kernel: net: switchdev: Convert blocking notification chain to a raw one", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: switchdev: Convert blocking notification chain to a raw one\n\nA blocking notification chain uses a read-write semaphore to protect the\nintegrity of the chain. The semaphore is acquired for writing when\nadding / removing notifiers to / from the chain and acquired for reading\nwhen traversing the chain and informing notifiers about an event.\n\nIn case of the blocking switchdev notification chain, recursive\nnotifications are possible which leads to the semaphore being acquired\ntwice for reading and to lockdep warnings being generated [1].\n\nSpecifically, this can happen when the bridge driver processes a\nSWITCHDEV_BRPORT_UNOFFLOADED event which causes it to emit notifications\nabout deferred events when calling switchdev_deferred_process().\n\nFix this by converting the notification chain to a raw notification\nchain in a similar fashion to the netdev notification chain. Protect\nthe chain using the RTNL mutex by acquiring it when modifying the chain.\nEvents are always informed under the RTNL mutex, but add an assertion in\ncall_switchdev_blocking_notifiers() to make sure this is not violated in\nthe future.\n\nMaintain the \"blocking\" prefix as events are always emitted from process\ncontext and listeners are allowed to block.\n\n[1]:\nWARNING: possible recursive locking detected\n6.14.0-rc4-custom-g079270089484 #1 Not tainted\n--------------------------------------------\nip/52731 is trying to acquire lock:\nffffffff850918d8 ((switchdev_blocking_notif_chain).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain+0x58/0xa0\n\nbut task is already holding lock:\nffffffff850918d8 ((switchdev_blocking_notif_chain).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain+0x58/0xa0\n\nother info that might help us debug this:\nPossible unsafe locking scenario:\nCPU0\n----\nlock((switchdev_blocking_notif_chain).rwsem);\nlock((switchdev_blocking_notif_chain).rwsem);\n\n*** DEADLOCK ***\nMay be due to missing lock nesting notation\n3 locks held by ip/52731:\n #0: ffffffff84f795b0 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x727/0x1dc0\n #1: ffffffff8731f628 (\u0026net-\u003ertnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x790/0x1dc0\n #2: ffffffff850918d8 ((switchdev_blocking_notif_chain).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain+0x58/0xa0\n\nstack backtrace:\n...\n? __pfx_down_read+0x10/0x10\n? __pfx_mark_lock+0x10/0x10\n? __pfx_switchdev_port_attr_set_deferred+0x10/0x10\nblocking_notifier_call_chain+0x58/0xa0\nswitchdev_port_attr_notify.constprop.0+0xb3/0x1b0\n? __pfx_switchdev_port_attr_notify.constprop.0+0x10/0x10\n? mark_held_locks+0x94/0xe0\n? switchdev_deferred_process+0x11a/0x340\nswitchdev_port_attr_set_deferred+0x27/0xd0\nswitchdev_deferred_process+0x164/0x340\nbr_switchdev_port_unoffload+0xc8/0x100 [bridge]\nbr_switchdev_blocking_event+0x29f/0x580 [bridge]\nnotifier_call_chain+0xa2/0x440\nblocking_notifier_call_chain+0x6e/0xa0\nswitchdev_bridge_port_unoffload+0xde/0x1a0\n...", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21986", "https://git.kernel.org/linus/62531a1effa87bdab12d5104015af72e60d926ff (6.14-rc7)", "https://git.kernel.org/stable/c/1f7d051814e7a0cb1f0717ed5527c1059992129d", "https://git.kernel.org/stable/c/62531a1effa87bdab12d5104015af72e60d926ff", "https://git.kernel.org/stable/c/a597d4b75669ec82c72cbee9fe75a15d04b35b2b", "https://git.kernel.org/stable/c/af757f5ee3f754c5dceefb05c12ff37cb46fc682", "https://git.kernel.org/stable/c/f9ed3fb50b872bd78bcb01f25087f9e4e25085d8", "https://linux.oracle.com/cve/CVE-2025-21986.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html", "https://lore.kernel.org/linux-cve-announce/2025040149-CVE-2025-21986-6729@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21986", "https://ubuntu.com/security/notices/USN-7605-1", "https://ubuntu.com/security/notices/USN-7605-2", "https://ubuntu.com/security/notices/USN-7606-1", "https://ubuntu.com/security/notices/USN-7628-1", "https://ubuntu.com/security/notices/USN-7764-1", "https://ubuntu.com/security/notices/USN-7764-2", "https://ubuntu.com/security/notices/USN-7765-1", "https://ubuntu.com/security/notices/USN-7766-1", "https://ubuntu.com/security/notices/USN-7767-1", "https://ubuntu.com/security/notices/USN-7767-2", "https://ubuntu.com/security/notices/USN-7779-1", "https://ubuntu.com/security/notices/USN-7790-1", "https://ubuntu.com/security/notices/USN-7800-1", "https://ubuntu.com/security/notices/USN-7801-1", "https://ubuntu.com/security/notices/USN-7801-2", "https://ubuntu.com/security/notices/USN-7801-3", "https://ubuntu.com/security/notices/USN-7802-1", "https://ubuntu.com/security/notices/USN-7809-1", "https://www.cve.org/CVERecord?id=CVE-2025-21986" ], "PublishedDate": "2025-04-01T16:15:30.01Z", "LastModifiedDate": "2025-11-03T20:17:34.713Z" }, { "VulnerabilityID": "CVE-2025-22019", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22019", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ce839e7365b903fd6ea572b84939a7dab689153138a70ec07497d28c29f1d274", "Title": "kernel: bcachefs: bch2_ioctl_subvolume_destroy() fixes", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbcachefs: bch2_ioctl_subvolume_destroy() fixes\n\nbch2_evict_subvolume_inodes() was getting stuck - due to incorrectly\npruning the dcache.\n\nAlso, fix missing permissions checks.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22019", "https://git.kernel.org/linus/707549600c4a012ed71c0204a7992a679880bf33 (6.15-rc1)", "https://git.kernel.org/stable/c/558317a5c61045d460a37372181e7b43c0c002bb", "https://git.kernel.org/stable/c/707549600c4a012ed71c0204a7992a679880bf33", "https://git.kernel.org/stable/c/82383abd39abd635511b8956284a5cc8134c4dc1", "https://git.kernel.org/stable/c/9e6e83e1e2d01b99e70cd7812d7f758a8def9fc8", "https://linux.oracle.com/cve/CVE-2025-22019.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025041640-CVE-2025-22019-e865@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22019", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-7605-1", "https://ubuntu.com/security/notices/USN-7605-2", "https://ubuntu.com/security/notices/USN-7606-1", "https://ubuntu.com/security/notices/USN-7628-1", "https://ubuntu.com/security/notices/USN-7835-1", "https://ubuntu.com/security/notices/USN-7835-2", "https://ubuntu.com/security/notices/USN-7835-3", "https://ubuntu.com/security/notices/USN-7835-4", "https://ubuntu.com/security/notices/USN-7835-5", "https://ubuntu.com/security/notices/USN-7835-6", "https://ubuntu.com/security/notices/USN-7887-1", "https://ubuntu.com/security/notices/USN-7887-2", "https://ubuntu.com/security/notices/USN-7940-1", "https://ubuntu.com/security/notices/USN-7940-2", "https://www.cve.org/CVERecord?id=CVE-2025-22019" ], "PublishedDate": "2025-04-16T11:15:42.537Z", "LastModifiedDate": "2025-10-28T19:12:34.8Z" }, { "VulnerabilityID": "CVE-2025-22022", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22022", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:199e6e2d680d5882554fbeec68cf8b23ae83bd21ba3ce36670b207e8665049ab", "Title": "kernel: usb: xhci: Apply the link chain quirk on NEC isoc endpoints", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci: Apply the link chain quirk on NEC isoc endpoints\n\nTwo clearly different specimens of NEC uPD720200 (one with start/stop\nbug, one without) were seen to cause IOMMU faults after some Missed\nService Errors. Faulting address is immediately after a transfer ring\nsegment and patched dynamic debug messages revealed that the MSE was\nreceived when waiting for a TD near the end of that segment:\n\n[ 1.041954] xhci_hcd: Miss service interval error for slot 1 ep 2 expected TD DMA ffa08fe0\n[ 1.042120] xhci_hcd: AMD-Vi: Event logged [IO_PAGE_FAULT domain=0x0005 address=0xffa09000 flags=0x0000]\n[ 1.042146] xhci_hcd: AMD-Vi: Event logged [IO_PAGE_FAULT domain=0x0005 address=0xffa09040 flags=0x0000]\n\nIt gets even funnier if the next page is a ring segment accessible to\nthe HC. Below, it reports MSE in segment at ff1e8000, plows through a\nzero-filled page at ff1e9000 and starts reporting events for TRBs in\npage at ff1ea000 every microframe, instead of jumping to seg ff1e6000.\n\n[ 7.041671] xhci_hcd: Miss service interval error for slot 1 ep 2 expected TD DMA ff1e8fe0\n[ 7.041999] xhci_hcd: Miss service interval error for slot 1 ep 2 expected TD DMA ff1e8fe0\n[ 7.042011] xhci_hcd: WARN: buffer overrun event for slot 1 ep 2 on endpoint\n[ 7.042028] xhci_hcd: All TDs skipped for slot 1 ep 2. Clear skip flag.\n[ 7.042134] xhci_hcd: WARN: buffer overrun event for slot 1 ep 2 on endpoint\n[ 7.042138] xhci_hcd: ERROR Transfer event TRB DMA ptr not part of current TD ep_index 2 comp_code 31\n[ 7.042144] xhci_hcd: Looking for event-dma 00000000ff1ea040 trb-start 00000000ff1e6820 trb-end 00000000ff1e6820\n[ 7.042259] xhci_hcd: WARN: buffer overrun event for slot 1 ep 2 on endpoint\n[ 7.042262] xhci_hcd: ERROR Transfer event TRB DMA ptr not part of current TD ep_index 2 comp_code 31\n[ 7.042266] xhci_hcd: Looking for event-dma 00000000ff1ea050 trb-start 00000000ff1e6820 trb-end 00000000ff1e6820\n\nAt some point completion events change from Isoch Buffer Overrun to\nShort Packet and the HC finally finds cycle bit mismatch in ff1ec000.\n\n[ 7.098130] xhci_hcd: ERROR Transfer event TRB DMA ptr not part of current TD ep_index 2 comp_code 13\n[ 7.098132] xhci_hcd: Looking for event-dma 00000000ff1ecc50 trb-start 00000000ff1e6820 trb-end 00000000ff1e6820\n[ 7.098254] xhci_hcd: ERROR Transfer event TRB DMA ptr not part of current TD ep_index 2 comp_code 13\n[ 7.098256] xhci_hcd: Looking for event-dma 00000000ff1ecc60 trb-start 00000000ff1e6820 trb-end 00000000ff1e6820\n[ 7.098379] xhci_hcd: Overrun event on slot 1 ep 2\n\nIt's possible that data from the isochronous device were written to\nrandom buffers of pending TDs on other endpoints (either IN or OUT),\nother devices or even other HCs in the same IOMMU domain.\n\nLastly, an error from a different USB device on another HC. Was it\ncaused by the above? I don't know, but it may have been. The disk\nwas working without any other issues and generated PCIe traffic to\nstarve the NEC of upstream BW and trigger those MSEs. The two HCs\nshared one x1 slot by means of a commercial \"PCIe splitter\" board.\n\n[ 7.162604] usb 10-2: reset SuperSpeed USB device number 3 using xhci_hcd\n[ 7.178990] sd 9:0:0:0: [sdb] tag#0 UNKNOWN(0x2003) Result: hostbyte=0x07 driverbyte=DRIVER_OK cmd_age=0s\n[ 7.179001] sd 9:0:0:0: [sdb] tag#0 CDB: opcode=0x28 28 00 04 02 ae 00 00 02 00 00\n[ 7.179004] I/O error, dev sdb, sector 67284480 op 0x0:(READ) flags 0x80700 phys_seg 5 prio class 0\n\nFortunately, it appears that this ridiculous bug is avoided by setting\nthe chain bit of Link TRBs on isochronous rings. Other ancient HCs are\nknown which also expect the bit to be set and they ignore Link TRBs if\nit's not. Reportedly, 0.95 spec guaranteed that the bit is set.\n\nThe bandwidth-starved NEC HC running a 32KB/uframe UVC endpoint reports\ntens of MSEs per second and runs into the bug within seconds. Chaining\nLink TRBs allows the same workload to run for many minutes, many times.\n\nNo ne\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 3, "oracle-oval": 3, "photon": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22022", "https://git.kernel.org/linus/bb0ba4cb1065e87f9cc75db1fa454e56d0894d01 (6.15-rc1)", "https://git.kernel.org/stable/c/061a1683bae6ef56ab8fa392725ba7495515cd1d", "https://git.kernel.org/stable/c/1143f790a6316201dc8f067eba4c94ea97ecb6ca", "https://git.kernel.org/stable/c/43a18225150ce874d23b37761c302a5dffee1595", "https://git.kernel.org/stable/c/8b586de6f03c850ff48d42e539b4708d1f3f8f1a", "https://git.kernel.org/stable/c/a4931d9fb99eb5462f3eaa231999d279c40afb21", "https://git.kernel.org/stable/c/abf2df229b6a9172cc1827749c1a446d28e00a2e", "https://git.kernel.org/stable/c/bb0ba4cb1065e87f9cc75db1fa454e56d0894d01", "https://git.kernel.org/stable/c/dbf427663ce272070d3004b5fca63a4a537d781c", "https://linux.oracle.com/cve/CVE-2025-22022.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2025041631-CVE-2025-22022-59f4@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22022", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-7605-1", "https://ubuntu.com/security/notices/USN-7605-2", "https://ubuntu.com/security/notices/USN-7606-1", "https://ubuntu.com/security/notices/USN-7628-1", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-22022" ], "PublishedDate": "2025-04-16T11:15:42.883Z", "LastModifiedDate": "2026-01-19T13:16:07.63Z" }, { "VulnerabilityID": "CVE-2025-22026", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22026", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:bdc86f0c31da77d444017a955447ed7c23277698398bb010b2e9edd1ed4f1f44", "Title": "kernel: nfsd: don't ignore the return code of svc_proc_register()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: don't ignore the return code of svc_proc_register()\n\nCurrently, nfsd_proc_stat_init() ignores the return value of\nsvc_proc_register(). If the procfile creation fails, then the kernel\nwill WARN when it tries to remove the entry later.\n\nFix nfsd_proc_stat_init() to return the same type of pointer as\nsvc_proc_register(), and fix up nfsd_net_init() to check that and fail\nthe nfsd_net construction if it occurs.\n\nsvc_proc_register() can fail if the dentry can't be allocated, or if an\nidentical dentry already exists. The second case is pretty unlikely in\nthe nfsd_net construction codepath, so if this happens, return -ENOMEM.", "Severity": "MEDIUM", "CweIDs": [ "CWE-252" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:18281", "https://access.redhat.com/security/cve/CVE-2025-22026", "https://bugzilla.redhat.com/2360224", "https://bugzilla.redhat.com/2373539", "https://bugzilla.redhat.com/2389480", "https://bugzilla.redhat.com/2389487", "https://bugzilla.redhat.com/2395805", "https://bugzilla.redhat.com/2396928", "https://bugzilla.redhat.com/2396944", "https://bugzilla.redhat.com/show_bug.cgi?id=2360224", "https://bugzilla.redhat.com/show_bug.cgi?id=2363672", "https://bugzilla.redhat.com/show_bug.cgi?id=2373539", "https://bugzilla.redhat.com/show_bug.cgi?id=2393166", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-50087", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22026", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37797", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38718", "https://errata.almalinux.org/9/ALSA-2025-18281.html", "https://errata.rockylinux.org/RLSA-2025:16919", "https://git.kernel.org/linus/930b64ca0c511521f0abdd1d57ce52b2a6e3476b (6.15-rc1)", "https://git.kernel.org/stable/c/30405b23b4d5e2a596fb756d48119d7293194e75", "https://git.kernel.org/stable/c/51da899c209a9624e48be416bd30e7ed5cd6c3d8", "https://git.kernel.org/stable/c/6a59b70fe71ec66c0dd19e2c279c71846a3fb2f0", "https://git.kernel.org/stable/c/930b64ca0c511521f0abdd1d57ce52b2a6e3476b", "https://git.kernel.org/stable/c/9d9456185fd5f1891c74354ee297f19538141ead", "https://git.kernel.org/stable/c/e31957a819e60cf0bc9a49408765e6095fd3d046", "https://linux.oracle.com/cve/CVE-2025-22026.html", "https://linux.oracle.com/errata/ELSA-2025-21063.html", "https://lore.kernel.org/linux-cve-announce/2025041654-CVE-2025-22026-f6be@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22026", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-22026" ], "PublishedDate": "2025-04-16T15:15:55.237Z", "LastModifiedDate": "2026-02-19T16:27:08.923Z" }, { "VulnerabilityID": "CVE-2025-22028", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22028", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8618084562d87bbb9ee160ffbd38dc8b62c980d3c07728ae6af358294af68e0e", "Title": "kernel: media: vimc: skip .s_stream() for stopped entities", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: vimc: skip .s_stream() for stopped entities\n\nSyzbot reported [1] a warning prompted by a check in call_s_stream()\nthat checks whether .s_stream() operation is warranted for unstarted\nor stopped subdevs.\n\nAdd a simple fix in vimc_streamer_pipeline_terminate() ensuring that\nentities skip a call to .s_stream() unless they have been previously\nproperly started.\n\n[1] Syzbot report:\n------------[ cut here ]------------\nWARNING: CPU: 0 PID: 5933 at drivers/media/v4l2-core/v4l2-subdev.c:460 call_s_stream+0x2df/0x350 drivers/media/v4l2-core/v4l2-subdev.c:460\nModules linked in:\nCPU: 0 UID: 0 PID: 5933 Comm: syz-executor330 Not tainted 6.13.0-rc2-syzkaller-00362-g2d8308bf5b67 #0\n...\nCall Trace:\n \u003cTASK\u003e\n vimc_streamer_pipeline_terminate+0x218/0x320 drivers/media/test-drivers/vimc/vimc-streamer.c:62\n vimc_streamer_pipeline_init drivers/media/test-drivers/vimc/vimc-streamer.c:101 [inline]\n vimc_streamer_s_stream+0x650/0x9a0 drivers/media/test-drivers/vimc/vimc-streamer.c:203\n vimc_capture_start_streaming+0xa1/0x130 drivers/media/test-drivers/vimc/vimc-capture.c:256\n vb2_start_streaming+0x15f/0x5a0 drivers/media/common/videobuf2/videobuf2-core.c:1789\n vb2_core_streamon+0x2a7/0x450 drivers/media/common/videobuf2/videobuf2-core.c:2348\n vb2_streamon drivers/media/common/videobuf2/videobuf2-v4l2.c:875 [inline]\n vb2_ioctl_streamon+0xf4/0x170 drivers/media/common/videobuf2/videobuf2-v4l2.c:1118\n __video_do_ioctl+0xaf0/0xf00 drivers/media/v4l2-core/v4l2-ioctl.c:3122\n video_usercopy+0x4d2/0x1620 drivers/media/v4l2-core/v4l2-ioctl.c:3463\n v4l2_ioctl+0x1ba/0x250 drivers/media/v4l2-core/v4l2-dev.c:366\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:906 [inline]\n __se_sys_ioctl fs/ioctl.c:892 [inline]\n __x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f2b85c01b19\n...", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22028", "https://git.kernel.org/linus/36cef585e2a31e4ddf33a004b0584a7a572246de (6.15-rc1)", "https://git.kernel.org/stable/c/36cef585e2a31e4ddf33a004b0584a7a572246de", "https://git.kernel.org/stable/c/6f6064dab4dcfb7e34a395040a0c9dc22cc8765d", "https://git.kernel.org/stable/c/7a58d4c4cf8ff60ab1f93399deefaf6057da91c7", "https://git.kernel.org/stable/c/845e9286ff99ee88cfdeb2b748f730003a512190", "https://git.kernel.org/stable/c/a505075730d23ccc19fc4ac382a0ed73b630c057", "https://linux.oracle.com/cve/CVE-2025-22028.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025041655-CVE-2025-22028-2ab5@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22028", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-7605-1", "https://ubuntu.com/security/notices/USN-7605-2", "https://ubuntu.com/security/notices/USN-7606-1", "https://ubuntu.com/security/notices/USN-7628-1", "https://ubuntu.com/security/notices/USN-7835-1", "https://ubuntu.com/security/notices/USN-7835-2", "https://ubuntu.com/security/notices/USN-7835-3", "https://ubuntu.com/security/notices/USN-7835-4", "https://ubuntu.com/security/notices/USN-7835-5", "https://ubuntu.com/security/notices/USN-7835-6", "https://ubuntu.com/security/notices/USN-7887-1", "https://ubuntu.com/security/notices/USN-7887-2", "https://ubuntu.com/security/notices/USN-7940-1", "https://ubuntu.com/security/notices/USN-7940-2", "https://www.cve.org/CVERecord?id=CVE-2025-22028" ], "PublishedDate": "2025-04-16T15:15:55.417Z", "LastModifiedDate": "2025-10-28T19:05:26.27Z" }, { "VulnerabilityID": "CVE-2025-22037", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22037", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2fb81d0d9749737a6f391b8cbfc4d83d32f2bafae36c4912483a574360ac8947", "Title": "kernel: ksmbd: fix null pointer dereference in alloc_preauth_hash()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix null pointer dereference in alloc_preauth_hash()\n\nThe Client send malformed smb2 negotiate request. ksmbd return error\nresponse. Subsequently, the client can send smb2 session setup even\nthought conn-\u003epreauth_info is not allocated.\nThis patch add KSMBD_SESS_NEED_SETUP status of connection to ignore\nsession setup request if smb2 negotiate phase is not complete.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22037", "https://git.kernel.org/linus/c8b5b7c5da7d0c31c9b7190b4a7bba5281fc4780 (6.15-rc1)", "https://git.kernel.org/stable/c/8f216b33a5e1b3489c073b1ea1b3d7cb63c8dc4d", "https://git.kernel.org/stable/c/b8eb243e670ecf30e91524dd12f7260dac07d335", "https://git.kernel.org/stable/c/c8b5b7c5da7d0c31c9b7190b4a7bba5281fc4780", "https://git.kernel.org/stable/c/ca8bed31edf728a662ef9d6f39f50e7a7dc2b5ad", "https://git.kernel.org/stable/c/cce57cd8c5dead24127cf2308fdd60fcad2d6ba6", "https://linux.oracle.com/cve/CVE-2025-22037.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025041658-CVE-2025-22037-d1bb@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22037", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-7605-1", "https://ubuntu.com/security/notices/USN-7605-2", "https://ubuntu.com/security/notices/USN-7606-1", "https://ubuntu.com/security/notices/USN-7628-1", "https://ubuntu.com/security/notices/USN-8059-1", "https://ubuntu.com/security/notices/USN-8059-2", "https://ubuntu.com/security/notices/USN-8059-3", "https://ubuntu.com/security/notices/USN-8059-4", "https://ubuntu.com/security/notices/USN-8059-5", "https://ubuntu.com/security/notices/USN-8059-6", "https://ubuntu.com/security/notices/USN-8059-7", "https://ubuntu.com/security/notices/USN-8059-8", "https://ubuntu.com/security/notices/USN-8059-9", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-22037", "https://www.zerodayinitiative.com/advisories/ZDI-25-310/" ], "PublishedDate": "2025-04-16T15:15:56.31Z", "LastModifiedDate": "2025-09-19T15:15:48.433Z" }, { "VulnerabilityID": "CVE-2025-22038", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22038", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:df19395024a2214a3c06ce2e31d51cc8d4e46b8e800687beb1f84440ccdc4010", "Title": "kernel: ksmbd: validate zero num_subauth before sub_auth is accessed", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: validate zero num_subauth before sub_auth is accessed\n\nAccess psid-\u003esub_auth[psid-\u003enum_subauth - 1] without checking\nif num_subauth is non-zero leads to an out-of-bounds read.\nThis patch adds a validation step to ensure num_subauth != 0\nbefore sub_auth is accessed.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22038", "https://git.kernel.org/linus/bf21e29d78cd2c2371023953d9c82dfef82ebb36 (6.15-rc1)", "https://git.kernel.org/stable/c/0e36a3e080d6d8bd7a34e089345d043da4ac8283", "https://git.kernel.org/stable/c/3ac65de111c686c95316ade660f8ba7aea3cd3cc", "https://git.kernel.org/stable/c/56de7778a48560278c334077ace7b9ac4bfb2fd1", "https://git.kernel.org/stable/c/68c6c3142bfcdb049839d40a9a59ebe8ea865002", "https://git.kernel.org/stable/c/bf21e29d78cd2c2371023953d9c82dfef82ebb36", "https://git.kernel.org/stable/c/c8bfe1954a0b89e7b29b3a3e7f4c5e0ebd295e20", "https://linux.oracle.com/cve/CVE-2025-22038.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html", "https://lore.kernel.org/linux-cve-announce/2025041659-CVE-2025-22038-1b5a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22038", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-7605-1", "https://ubuntu.com/security/notices/USN-7605-2", "https://ubuntu.com/security/notices/USN-7606-1", "https://ubuntu.com/security/notices/USN-7628-1", "https://ubuntu.com/security/notices/USN-7835-1", "https://ubuntu.com/security/notices/USN-7835-2", "https://ubuntu.com/security/notices/USN-7835-3", "https://ubuntu.com/security/notices/USN-7835-4", "https://ubuntu.com/security/notices/USN-7835-5", "https://ubuntu.com/security/notices/USN-7835-6", "https://ubuntu.com/security/notices/USN-7887-1", "https://ubuntu.com/security/notices/USN-7887-2", "https://ubuntu.com/security/notices/USN-7940-1", "https://ubuntu.com/security/notices/USN-7940-2", "https://www.cve.org/CVERecord?id=CVE-2025-22038" ], "PublishedDate": "2025-04-16T15:15:56.4Z", "LastModifiedDate": "2025-11-03T20:17:38.867Z" }, { "VulnerabilityID": "CVE-2025-22039", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22039", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:419d9b918d26d46e561125aa62758faa10713f6762ba2ae3f50538a9050f8bad", "Title": "kernel: ksmbd: fix overflow in dacloffset bounds check", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix overflow in dacloffset bounds check\n\nThe dacloffset field was originally typed as int and used in an\nunchecked addition, which could overflow and bypass the existing\nbounds check in both smb_check_perm_dacl() and smb_inherit_dacl().\n\nThis could result in out-of-bounds memory access and a kernel crash\nwhen dereferencing the DACL pointer.\n\nThis patch converts dacloffset to unsigned int and uses\ncheck_add_overflow() to validate access to the DACL.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125", "CWE-190" ], "VendorSeverity": { "nvd": 3, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22039", "https://git.kernel.org/linus/beff0bc9d69bc8e733f9bca28e2d3df5b3e10e42 (6.15-rc1)", "https://git.kernel.org/stable/c/443b373a4df5a2cb9f7b8c4658b2afedeb16397f", "https://git.kernel.org/stable/c/6a9cd9ff0fa2bcc30b2bfb8bdb161eb20e44b9dc", "https://git.kernel.org/stable/c/6b8d379048b168a0dff5ab1acb975b933f368514", "https://git.kernel.org/stable/c/beff0bc9d69bc8e733f9bca28e2d3df5b3e10e42", "https://linux.oracle.com/cve/CVE-2025-22039.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025041659-CVE-2025-22039-2a63@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22039", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-7605-1", "https://ubuntu.com/security/notices/USN-7605-2", "https://ubuntu.com/security/notices/USN-7606-1", "https://ubuntu.com/security/notices/USN-7628-1", "https://ubuntu.com/security/notices/USN-7835-1", "https://ubuntu.com/security/notices/USN-7835-2", "https://ubuntu.com/security/notices/USN-7835-3", "https://ubuntu.com/security/notices/USN-7835-4", "https://ubuntu.com/security/notices/USN-7835-5", "https://ubuntu.com/security/notices/USN-7835-6", "https://ubuntu.com/security/notices/USN-7887-1", "https://ubuntu.com/security/notices/USN-7887-2", "https://ubuntu.com/security/notices/USN-7940-1", "https://ubuntu.com/security/notices/USN-7940-2", "https://www.cve.org/CVERecord?id=CVE-2025-22039" ], "PublishedDate": "2025-04-16T15:15:56.5Z", "LastModifiedDate": "2025-11-14T16:51:45.377Z" }, { "VulnerabilityID": "CVE-2025-22040", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22040", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b24e678990ace9ea6a8e7b115629d34bba27667ad94dd60db25d0adcd34aa860", "Title": "kernel: ksmbd: fix session use-after-free in multichannel connection", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix session use-after-free in multichannel connection\n\nThere is a race condition between session setup and\nksmbd_sessions_deregister. The session can be freed before the connection\nis added to channel list of session.\nThis patch check reference count of session before freeing it.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "oracle-oval": 3, "photon": 3, "redhat": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22040", "https://git.kernel.org/linus/fa4cdb8cbca7d6cb6aa13e4d8d83d1103f6345db (6.15-rc1)", "https://git.kernel.org/stable/c/3980770cb1470054e6400fd97668665975726737", "https://git.kernel.org/stable/c/596407adb9af1ee75fe7c7529607783d31b66e7f", "https://git.kernel.org/stable/c/7dfbd4c43eed91dd2548a95236908025707a8dfd", "https://git.kernel.org/stable/c/9069939d762138e232a6f79e3e1462682ed6a17d", "https://git.kernel.org/stable/c/94c281721d4ed2d972232414b91d98a6f5bdb16b", "https://git.kernel.org/stable/c/fa4cdb8cbca7d6cb6aa13e4d8d83d1103f6345db", "https://linux.oracle.com/cve/CVE-2025-22040.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html", "https://lore.kernel.org/linux-cve-announce/2025041659-CVE-2025-22040-27ed@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22040", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-7605-1", "https://ubuntu.com/security/notices/USN-7605-2", "https://ubuntu.com/security/notices/USN-7606-1", "https://ubuntu.com/security/notices/USN-7628-1", "https://ubuntu.com/security/notices/USN-7835-1", "https://ubuntu.com/security/notices/USN-7835-2", "https://ubuntu.com/security/notices/USN-7835-3", "https://ubuntu.com/security/notices/USN-7835-4", "https://ubuntu.com/security/notices/USN-7835-5", "https://ubuntu.com/security/notices/USN-7835-6", "https://ubuntu.com/security/notices/USN-7887-1", "https://ubuntu.com/security/notices/USN-7887-2", "https://ubuntu.com/security/notices/USN-7940-1", "https://ubuntu.com/security/notices/USN-7940-2", "https://www.cve.org/CVERecord?id=CVE-2025-22040" ], "PublishedDate": "2025-04-16T15:15:56.59Z", "LastModifiedDate": "2026-04-02T09:16:18.33Z" }, { "VulnerabilityID": "CVE-2025-22041", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22041", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:86cd057be8be283e0e2e58a46398f97f4ede83afb02880ad8572c38c739076e1", "Title": "kernel: ksmbd: fix use-after-free in ksmbd_sessions_deregister()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix use-after-free in ksmbd_sessions_deregister()\n\nIn multichannel mode, UAF issue can occur in session_deregister\nwhen the second channel sets up a session through the connection of\nthe first channel. session that is freed through the global session\ntable can be accessed again through -\u003esessions of connection.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "oracle-oval": 3, "photon": 3, "redhat": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22041", "https://git.kernel.org/linus/15a9605f8d69dc85005b1a00c31a050b8625e1aa (6.15-rc1)", "https://git.kernel.org/stable/c/15a9605f8d69dc85005b1a00c31a050b8625e1aa", "https://git.kernel.org/stable/c/33cc29e221df7a3085ae413e8c26c4e81a151153", "https://git.kernel.org/stable/c/8ed0e9d2f410f63525afb8351181eea36c80bcf1", "https://git.kernel.org/stable/c/a8a8ae303a8395cbac270b5b404d85df6ec788f8", "https://git.kernel.org/stable/c/ca042cc0e4f9e0d2c8f86dd67e4b22f30a516a9b", "https://git.kernel.org/stable/c/f0eb3f575138b816da74697bd506682574742fcd", "https://linux.oracle.com/cve/CVE-2025-22041.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html", "https://lore.kernel.org/linux-cve-announce/2025041600-CVE-2025-22041-6dbd@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22041", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-7605-1", "https://ubuntu.com/security/notices/USN-7605-2", "https://ubuntu.com/security/notices/USN-7606-1", "https://ubuntu.com/security/notices/USN-7628-1", "https://ubuntu.com/security/notices/USN-7835-1", "https://ubuntu.com/security/notices/USN-7835-2", "https://ubuntu.com/security/notices/USN-7835-3", "https://ubuntu.com/security/notices/USN-7835-4", "https://ubuntu.com/security/notices/USN-7835-5", "https://ubuntu.com/security/notices/USN-7835-6", "https://ubuntu.com/security/notices/USN-7887-1", "https://ubuntu.com/security/notices/USN-7887-2", "https://ubuntu.com/security/notices/USN-7940-1", "https://ubuntu.com/security/notices/USN-7940-2", "https://www.cve.org/CVERecord?id=CVE-2025-22041" ], "PublishedDate": "2025-04-16T15:15:56.693Z", "LastModifiedDate": "2026-04-02T09:16:18.66Z" }, { "VulnerabilityID": "CVE-2025-22042", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22042", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2d080dbc1196718e635d04cc2b75c18bb000b4b00376ca02885730d5626fd45a", "Title": "kernel: ksmbd: add bounds check for create lease context", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: add bounds check for create lease context\n\nAdd missing bounds check for create lease context.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22042", "https://git.kernel.org/linus/bab703ed8472aa9d109c5f8c1863921533363dae (6.15-rc1)", "https://git.kernel.org/stable/c/60b7207893a8a06c78441934931a08fdad63f18e", "https://git.kernel.org/stable/c/629dd37acc336ad778979361c351e782053ea284", "https://git.kernel.org/stable/c/800c482c9ef5910f05e3a713943c67cc6c1d4939", "https://git.kernel.org/stable/c/9a1b6ea955e6c7b29939a6d98701202f9d9644ec", "https://git.kernel.org/stable/c/a41cd52f00907a040ca22c73d4805bb79b0d0972", "https://git.kernel.org/stable/c/bab703ed8472aa9d109c5f8c1863921533363dae", "https://linux.oracle.com/cve/CVE-2025-22042.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html", "https://lore.kernel.org/linux-cve-announce/2025041600-CVE-2025-22042-2acc@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22042", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-7605-1", "https://ubuntu.com/security/notices/USN-7605-2", "https://ubuntu.com/security/notices/USN-7606-1", "https://ubuntu.com/security/notices/USN-7628-1", "https://ubuntu.com/security/notices/USN-7835-1", "https://ubuntu.com/security/notices/USN-7835-2", "https://ubuntu.com/security/notices/USN-7835-3", "https://ubuntu.com/security/notices/USN-7835-4", "https://ubuntu.com/security/notices/USN-7835-5", "https://ubuntu.com/security/notices/USN-7835-6", "https://ubuntu.com/security/notices/USN-7887-1", "https://ubuntu.com/security/notices/USN-7887-2", "https://ubuntu.com/security/notices/USN-7940-1", "https://ubuntu.com/security/notices/USN-7940-2", "https://www.cve.org/CVERecord?id=CVE-2025-22042" ], "PublishedDate": "2025-04-16T15:15:57.593Z", "LastModifiedDate": "2026-02-13T15:58:50.887Z" }, { "VulnerabilityID": "CVE-2025-22043", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22043", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:37fdd8d0b75cbc6b4deffe6d2564f460ef6395204c945d196af24417453488aa", "Title": "kernel: ksmbd: add bounds check for durable handle context", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: add bounds check for durable handle context\n\nAdd missing bounds check for durable handle context.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22043", "https://git.kernel.org/linus/542027e123fc0bfd61dd59e21ae0ee4ef2101b29 (6.15-rc1)", "https://git.kernel.org/stable/c/1107b9ed92194603593c51829a3887812ae9e806", "https://git.kernel.org/stable/c/29b946714d6aa77de54c71243bba39469ac43ef2", "https://git.kernel.org/stable/c/542027e123fc0bfd61dd59e21ae0ee4ef2101b29", "https://git.kernel.org/stable/c/8d4848c45943c9cf5e86142fd7347efa97f497db", "https://git.kernel.org/stable/c/f0db3d9d416e332a0d6f045a1509539d3a4cd898", "https://linux.oracle.com/cve/CVE-2025-22043.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025041600-CVE-2025-22043-a8b9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22043", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-7605-1", "https://ubuntu.com/security/notices/USN-7605-2", "https://ubuntu.com/security/notices/USN-7606-1", "https://ubuntu.com/security/notices/USN-7628-1", "https://www.cve.org/CVERecord?id=CVE-2025-22043" ], "PublishedDate": "2025-04-16T15:15:57.707Z", "LastModifiedDate": "2025-11-14T16:50:00.83Z" }, { "VulnerabilityID": "CVE-2025-22053", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22053", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1f5bfc910c5045e1a50d1c896299f6f8ba680aeaffcd03b4e010f3bec379feda", "Title": "kernel: net: ibmveth: make veth_pool_store stop hanging", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ibmveth: make veth_pool_store stop hanging\n\nv2:\n- Created a single error handling unlock and exit in veth_pool_store\n- Greatly expanded commit message with previous explanatory-only text\n\nSummary: Use rtnl_mutex to synchronize veth_pool_store with itself,\nibmveth_close and ibmveth_open, preventing multiple calls in a row to\nnapi_disable.\n\nBackground: Two (or more) threads could call veth_pool_store through\nwriting to /sys/devices/vio/30000002/pool*/*. You can do this easily\nwith a little shell script. This causes a hang.\n\nI configured LOCKDEP, compiled ibmveth.c with DEBUG, and built a new\nkernel. I ran this test again and saw:\n\n Setting pool0/active to 0\n Setting pool1/active to 1\n [ 73.911067][ T4365] ibmveth 30000002 eth0: close starting\n Setting pool1/active to 1\n Setting pool1/active to 0\n [ 73.911367][ T4366] ibmveth 30000002 eth0: close starting\n [ 73.916056][ T4365] ibmveth 30000002 eth0: close complete\n [ 73.916064][ T4365] ibmveth 30000002 eth0: open starting\n [ 110.808564][ T712] systemd-journald[712]: Sent WATCHDOG=1 notification.\n [ 230.808495][ T712] systemd-journald[712]: Sent WATCHDOG=1 notification.\n [ 243.683786][ T123] INFO: task stress.sh:4365 blocked for more than 122 seconds.\n [ 243.683827][ T123] Not tainted 6.14.0-01103-g2df0c02dab82-dirty #8\n [ 243.683833][ T123] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n [ 243.683838][ T123] task:stress.sh state:D stack:28096 pid:4365 tgid:4365 ppid:4364 task_flags:0x400040 flags:0x00042000\n [ 243.683852][ T123] Call Trace:\n [ 243.683857][ T123] [c00000000c38f690] [0000000000000001] 0x1 (unreliable)\n [ 243.683868][ T123] [c00000000c38f840] [c00000000001f908] __switch_to+0x318/0x4e0\n [ 243.683878][ T123] [c00000000c38f8a0] [c000000001549a70] __schedule+0x500/0x12a0\n [ 243.683888][ T123] [c00000000c38f9a0] [c00000000154a878] schedule+0x68/0x210\n [ 243.683896][ T123] [c00000000c38f9d0] [c00000000154ac80] schedule_preempt_disabled+0x30/0x50\n [ 243.683904][ T123] [c00000000c38fa00] [c00000000154dbb0] __mutex_lock+0x730/0x10f0\n [ 243.683913][ T123] [c00000000c38fb10] [c000000001154d40] napi_enable+0x30/0x60\n [ 243.683921][ T123] [c00000000c38fb40] [c000000000f4ae94] ibmveth_open+0x68/0x5dc\n [ 243.683928][ T123] [c00000000c38fbe0] [c000000000f4aa20] veth_pool_store+0x220/0x270\n [ 243.683936][ T123] [c00000000c38fc70] [c000000000826278] sysfs_kf_write+0x68/0xb0\n [ 243.683944][ T123] [c00000000c38fcb0] [c0000000008240b8] kernfs_fop_write_iter+0x198/0x2d0\n [ 243.683951][ T123] [c00000000c38fd00] [c00000000071b9ac] vfs_write+0x34c/0x650\n [ 243.683958][ T123] [c00000000c38fdc0] [c00000000071bea8] ksys_write+0x88/0x150\n [ 243.683966][ T123] [c00000000c38fe10] [c0000000000317f4] system_call_exception+0x124/0x340\n [ 243.683973][ T123] [c00000000c38fe50] [c00000000000d05c] system_call_vectored_common+0x15c/0x2ec\n ...\n [ 243.684087][ T123] Showing all locks held in the system:\n [ 243.684095][ T123] 1 lock held by khungtaskd/123:\n [ 243.684099][ T123] #0: c00000000278e370 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x50/0x248\n [ 243.684114][ T123] 4 locks held by stress.sh/4365:\n [ 243.684119][ T123] #0: c00000003a4cd3f8 (sb_writers#3){.+.+}-{0:0}, at: ksys_write+0x88/0x150\n [ 243.684132][ T123] #1: c000000041aea888 (\u0026of-\u003emutex#2){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x154/0x2d0\n [ 243.684143][ T123] #2: c0000000366fb9a8 (kn-\u003eactive#64){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x160/0x2d0\n [ 243.684155][ T123] #3: c000000035ff4cb8 (\u0026dev-\u003elock){+.+.}-{3:3}, at: napi_enable+0x30/0x60\n [ 243.684166][ T123] 5 locks held by stress.sh/4366:\n [ 243.684170][ T123] #0: c00000003a4cd3f8 (sb_writers#3){.+.+}-{0:0}, at: ksys_write+0x88/0x150\n [ 243.\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22053", "https://git.kernel.org/linus/053f3ff67d7feefc75797863f3d84b47ad47086f (6.15-rc1)", "https://git.kernel.org/stable/c/053f3ff67d7feefc75797863f3d84b47ad47086f", "https://git.kernel.org/stable/c/0a2470e3ecde64fc7e3781dc474923193621ae67", "https://git.kernel.org/stable/c/1e458c292f4c687dcf5aad32dd4836d03cd2191f", "https://git.kernel.org/stable/c/86cc70f5c85dc09bf7f3e1eee380eefe73c90765", "https://git.kernel.org/stable/c/8a88bb092f4208355880b9fdcc69d491aa297595", "https://linux.oracle.com/cve/CVE-2025-22053.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025041604-CVE-2025-22053-c65c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22053", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-7605-1", "https://ubuntu.com/security/notices/USN-7605-2", "https://ubuntu.com/security/notices/USN-7606-1", "https://ubuntu.com/security/notices/USN-7628-1", "https://ubuntu.com/security/notices/USN-7835-1", "https://ubuntu.com/security/notices/USN-7835-2", "https://ubuntu.com/security/notices/USN-7835-3", "https://ubuntu.com/security/notices/USN-7835-4", "https://ubuntu.com/security/notices/USN-7835-5", "https://ubuntu.com/security/notices/USN-7835-6", "https://ubuntu.com/security/notices/USN-7887-1", "https://ubuntu.com/security/notices/USN-7887-2", "https://ubuntu.com/security/notices/USN-7940-1", "https://ubuntu.com/security/notices/USN-7940-2", "https://www.cve.org/CVERecord?id=CVE-2025-22053" ], "PublishedDate": "2025-04-16T15:15:58.77Z", "LastModifiedDate": "2025-10-31T20:18:11.927Z" }, { "VulnerabilityID": "CVE-2025-22057", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22057", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1cc34b852ce61088d4dae85edd4fbd641799aa6bb0a9454d74a1318f0bea6aec", "Title": "kernel: net: decrease cached dst counters in dst_release", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: decrease cached dst counters in dst_release\n\nUpstream fix ac888d58869b (\"net: do not delay dst_entries_add() in\ndst_release()\") moved decrementing the dst count from dst_destroy to\ndst_release to avoid accessing already freed data in case of netns\ndismantle. However in case CONFIG_DST_CACHE is enabled and OvS+tunnels\nare used, this fix is incomplete as the same issue will be seen for\ncached dsts:\n\n Unable to handle kernel paging request at virtual address ffff5aabf6b5c000\n Call trace:\n percpu_counter_add_batch+0x3c/0x160 (P)\n dst_release+0xec/0x108\n dst_cache_destroy+0x68/0xd8\n dst_destroy+0x13c/0x168\n dst_destroy_rcu+0x1c/0xb0\n rcu_do_batch+0x18c/0x7d0\n rcu_core+0x174/0x378\n rcu_core_si+0x18/0x30\n\nFix this by invalidating the cache, and thus decrementing cached dst\ncounters, in dst_release too.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22057", "https://git.kernel.org/linus/3a0a3ff6593d670af2451ec363ccb7b18aec0c0a (6.15-rc1)", "https://git.kernel.org/stable/c/3a0a3ff6593d670af2451ec363ccb7b18aec0c0a", "https://git.kernel.org/stable/c/836415a8405c9665ae55352fc5ba865c242f5e4f", "https://git.kernel.org/stable/c/92a5c18513117be69bc00419dd1724c1940f8fcd", "https://git.kernel.org/stable/c/ccc331fd5bcae131d2627d5ef099d4a1f6540aea", "https://git.kernel.org/stable/c/e833e7ad64eb2f63867f65303be49ca30ee8819e", "https://linux.oracle.com/cve/CVE-2025-22057.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025041605-CVE-2025-22057-fb12@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22057", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-7605-1", "https://ubuntu.com/security/notices/USN-7605-2", "https://ubuntu.com/security/notices/USN-7606-1", "https://ubuntu.com/security/notices/USN-7628-1", "https://ubuntu.com/security/notices/USN-7835-1", "https://ubuntu.com/security/notices/USN-7835-2", "https://ubuntu.com/security/notices/USN-7835-3", "https://ubuntu.com/security/notices/USN-7835-4", "https://ubuntu.com/security/notices/USN-7835-5", "https://ubuntu.com/security/notices/USN-7835-6", "https://ubuntu.com/security/notices/USN-7887-1", "https://ubuntu.com/security/notices/USN-7887-2", "https://ubuntu.com/security/notices/USN-7940-1", "https://ubuntu.com/security/notices/USN-7940-2", "https://www.cve.org/CVERecord?id=CVE-2025-22057" ], "PublishedDate": "2025-04-16T15:15:59.183Z", "LastModifiedDate": "2025-10-31T20:17:44.043Z" }, { "VulnerabilityID": "CVE-2025-22058", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22058", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ecb05497299ce9035a72d3f3430b2b3762a575cc6ec2affdfbf42cfe801660bc", "Title": "kernel: udp: Fix memory accounting leak.", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nudp: Fix memory accounting leak.\n\nMatt Dowling reported a weird UDP memory usage issue.\n\nUnder normal operation, the UDP memory usage reported in /proc/net/sockstat\nremains close to zero. However, it occasionally spiked to 524,288 pages\nand never dropped. Moreover, the value doubled when the application was\nterminated. Finally, it caused intermittent packet drops.\n\nWe can reproduce the issue with the script below [0]:\n\n 1. /proc/net/sockstat reports 0 pages\n\n # cat /proc/net/sockstat | grep UDP:\n UDP: inuse 1 mem 0\n\n 2. Run the script till the report reaches 524,288\n\n # python3 test.py \u0026 sleep 5\n # cat /proc/net/sockstat | grep UDP:\n UDP: inuse 3 mem 524288 \u003c-- (INT_MAX + 1) \u003e\u003e PAGE_SHIFT\n\n 3. Kill the socket and confirm the number never drops\n\n # pkill python3 \u0026\u0026 sleep 5\n # cat /proc/net/sockstat | grep UDP:\n UDP: inuse 1 mem 524288\n\n 4. (necessary since v6.0) Trigger proto_memory_pcpu_drain()\n\n # python3 test.py \u0026 sleep 1 \u0026\u0026 pkill python3\n\n 5. The number doubles\n\n # cat /proc/net/sockstat | grep UDP:\n UDP: inuse 1 mem 1048577\n\nThe application set INT_MAX to SO_RCVBUF, which triggered an integer\noverflow in udp_rmem_release().\n\nWhen a socket is close()d, udp_destruct_common() purges its receive\nqueue and sums up skb-\u003etruesize in the queue. This total is calculated\nand stored in a local unsigned integer variable.\n\nThe total size is then passed to udp_rmem_release() to adjust memory\naccounting. However, because the function takes a signed integer\nargument, the total size can wrap around, causing an overflow.\n\nThen, the released amount is calculated as follows:\n\n 1) Add size to sk-\u003esk_forward_alloc.\n 2) Round down sk-\u003esk_forward_alloc to the nearest lower multiple of\n PAGE_SIZE and assign it to amount.\n 3) Subtract amount from sk-\u003esk_forward_alloc.\n 4) Pass amount \u003e\u003e PAGE_SHIFT to __sk_mem_reduce_allocated().\n\nWhen the issue occurred, the total in udp_destruct_common() was 2147484480\n(INT_MAX + 833), which was cast to -2147482816 in udp_rmem_release().\n\nAt 1) sk-\u003esk_forward_alloc is changed from 3264 to -2147479552, and\n2) sets -2147479552 to amount. 3) reverts the wraparound, so we don't\nsee a warning in inet_sock_destruct(). However, udp_memory_allocated\nends up doubling at 4).\n\nSince commit 3cd3399dd7a8 (\"net: implement per-cpu reserves for\nmemory_allocated\"), memory usage no longer doubles immediately after\na socket is close()d because __sk_mem_reduce_allocated() caches the\namount in udp_memory_per_cpu_fw_alloc. However, the next time a UDP\nsocket receives a packet, the subtraction takes effect, causing UDP\nmemory usage to double.\n\nThis issue makes further memory allocation fail once the socket's\nsk-\u003esk_rmem_alloc exceeds net.ipv4.udp_rmem_min, resulting in packet\ndrops.\n\nTo prevent this issue, let's use unsigned int for the calculation and\ncall sk_forward_alloc_add() only once for the small delta.\n\nNote that first_packet_length() also potentially has the same problem.\n\n[0]:\nfrom socket import *\n\nSO_RCVBUFFORCE = 33\nINT_MAX = (2 ** 31) - 1\n\ns = socket(AF_INET, SOCK_DGRAM)\ns.bind(('', 0))\ns.setsockopt(SOL_SOCKET, SO_RCVBUFFORCE, INT_MAX)\n\nc = socket(AF_INET, SOCK_DGRAM)\nc.connect(s.getsockname())\n\ndata = b'a' * 100\n\nwhile True:\n c.send(data)", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:14420", "https://access.redhat.com/security/cve/CVE-2025-22058", "https://bugzilla.redhat.com/2360276", "https://bugzilla.redhat.com/2367500", "https://bugzilla.redhat.com/2383463", "https://bugzilla.redhat.com/show_bug.cgi?id=2360276", "https://bugzilla.redhat.com/show_bug.cgi?id=2367500", "https://bugzilla.redhat.com/show_bug.cgi?id=2383463", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22058", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37914", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38417", "https://errata.almalinux.org/9/ALSA-2025-14420.html", "https://errata.rockylinux.org/RLSA-2025:14420", "https://git.kernel.org/linus/df207de9d9e7a4d92f8567e2c539d9c8c12fd99d (6.15-rc1)", "https://git.kernel.org/stable/c/13550273171f5108b1ac572d8f72f4256ab92854", "https://git.kernel.org/stable/c/3836029448e76c1e6f77cc5fe0adc09b018b5fa8", "https://git.kernel.org/stable/c/9122fec396950cc866137af7154b1d0d989be52e", "https://git.kernel.org/stable/c/a116b271bf3cb72c8155b6b7f39083c1b80dcd00", "https://git.kernel.org/stable/c/aeef6456692c6f11ae53d278df64f1316a2a405a", "https://git.kernel.org/stable/c/c3ad8c30b6b109283d2643e925f8e65f2e7ab34e", "https://git.kernel.org/stable/c/c4bac6c398118fba79e32b1cd01db22dbfe29fbf", "https://git.kernel.org/stable/c/d9c8266ce536e8314d84370e983afcaa36fb19cf", "https://git.kernel.org/stable/c/df207de9d9e7a4d92f8567e2c539d9c8c12fd99d", "https://linux.oracle.com/cve/CVE-2025-22058.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html", "https://lore.kernel.org/linux-cve-announce/2025041606-CVE-2025-22058-045a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22058", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-7605-1", "https://ubuntu.com/security/notices/USN-7605-2", "https://ubuntu.com/security/notices/USN-7606-1", "https://ubuntu.com/security/notices/USN-7628-1", "https://ubuntu.com/security/notices/USN-7835-1", "https://ubuntu.com/security/notices/USN-7835-2", "https://ubuntu.com/security/notices/USN-7835-3", "https://ubuntu.com/security/notices/USN-7835-4", "https://ubuntu.com/security/notices/USN-7835-5", "https://ubuntu.com/security/notices/USN-7835-6", "https://ubuntu.com/security/notices/USN-7887-1", "https://ubuntu.com/security/notices/USN-7887-2", "https://ubuntu.com/security/notices/USN-7940-1", "https://ubuntu.com/security/notices/USN-7940-2", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-22058" ], "PublishedDate": "2025-04-16T15:15:59.277Z", "LastModifiedDate": "2025-11-03T20:17:40.797Z" }, { "VulnerabilityID": "CVE-2025-22072", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22072", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c27c542b73800447be6faff725294784740de4fa48b95eb71a32b24024e61748", "Title": "kernel: spufs: fix gang directory lifetimes", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nspufs: fix gang directory lifetimes\n\nprior to \"[POWERPC] spufs: Fix gang destroy leaks\" we used to have\na problem with gang lifetimes - creation of a gang returns opened\ngang directory, which normally gets removed when that gets closed,\nbut if somebody has created a context belonging to that gang and\nkept it alive until the gang got closed, removal failed and we\nended up with a leak.\n\nUnfortunately, it had been fixed the wrong way. Dentry of gang\ndirectory was no longer pinned, and rmdir on close was gone.\nOne problem was that failure of open kept calling simple_rmdir()\nas cleanup, which meant an unbalanced dput(). Another bug was\nin the success case - gang creation incremented link count on\nroot directory, but that was no longer undone when gang got\ndestroyed.\n\nFix consists of\n\t* reverting the commit in question\n\t* adding a counter to gang, protected by -\u003ei_rwsem\nof gang directory inode.\n\t* having it set to 1 at creation time, dropped\nin both spufs_dir_close() and spufs_gang_close() and bumped\nin spufs_create_context(), provided that it's not 0.\n\t* using simple_recursive_removal() to take the gang\ndirectory out when counter reaches zero.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22072", "https://git.kernel.org/linus/c134deabf4784e155d360744d4a6a835b9de4dd4 (6.15-rc1)", "https://git.kernel.org/stable/c/029d8c711f5e5fe8cf63e8a4a1a140a06e224e45", "https://git.kernel.org/stable/c/324f280806aab28ef757aecc18df419676c10ef8", "https://git.kernel.org/stable/c/880e7b3da2e765c1f90c94c0539be039e96c7062", "https://git.kernel.org/stable/c/903733782f3ae28a2f7fe4dfb47c7fe3e079a528", "https://git.kernel.org/stable/c/c134deabf4784e155d360744d4a6a835b9de4dd4", "https://git.kernel.org/stable/c/fc646a6c6d14b5d581f162a7e32999f789e3a3ac", "https://linux.oracle.com/cve/CVE-2025-22072.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html", "https://lore.kernel.org/linux-cve-announce/2025041610-CVE-2025-22072-83bd@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22072", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-7605-1", "https://ubuntu.com/security/notices/USN-7605-2", "https://ubuntu.com/security/notices/USN-7606-1", "https://ubuntu.com/security/notices/USN-7628-1", "https://ubuntu.com/security/notices/USN-7835-1", "https://ubuntu.com/security/notices/USN-7835-2", "https://ubuntu.com/security/notices/USN-7835-3", "https://ubuntu.com/security/notices/USN-7835-4", "https://ubuntu.com/security/notices/USN-7835-5", "https://ubuntu.com/security/notices/USN-7835-6", "https://ubuntu.com/security/notices/USN-7887-1", "https://ubuntu.com/security/notices/USN-7887-2", "https://ubuntu.com/security/notices/USN-7940-1", "https://ubuntu.com/security/notices/USN-7940-2", "https://www.cve.org/CVERecord?id=CVE-2025-22072" ], "PublishedDate": "2025-04-16T15:16:01.39Z", "LastModifiedDate": "2025-11-03T20:17:42.153Z" }, { "VulnerabilityID": "CVE-2025-22083", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22083", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:619cb419cde62ae0e4b8828a71a1f7a27f8381a669d812acb1ea324275277ae1", "Title": "kernel: vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint\n\nIf vhost_scsi_set_endpoint is called multiple times without a\nvhost_scsi_clear_endpoint between them, we can hit multiple bugs\nfound by Haoran Zhang:\n\n1. Use-after-free when no tpgs are found:\n\nThis fixes a use after free that occurs when vhost_scsi_set_endpoint is\ncalled more than once and calls after the first call do not find any\ntpgs to add to the vs_tpg. When vhost_scsi_set_endpoint first finds\ntpgs to add to the vs_tpg array match=true, so we will do:\n\nvhost_vq_set_backend(vq, vs_tpg);\n...\n\nkfree(vs-\u003evs_tpg);\nvs-\u003evs_tpg = vs_tpg;\n\nIf vhost_scsi_set_endpoint is called again and no tpgs are found\nmatch=false so we skip the vhost_vq_set_backend call leaving the\npointer to the vs_tpg we then free via:\n\nkfree(vs-\u003evs_tpg);\nvs-\u003evs_tpg = vs_tpg;\n\nIf a scsi request is then sent we do:\n\nvhost_scsi_handle_vq -\u003e vhost_scsi_get_req -\u003e vhost_vq_get_backend\n\nwhich sees the vs_tpg we just did a kfree on.\n\n2. Tpg dir removal hang:\n\nThis patch fixes an issue where we cannot remove a LIO/target layer\ntpg (and structs above it like the target) dir due to the refcount\ndropping to -1.\n\nThe problem is that if vhost_scsi_set_endpoint detects a tpg is already\nin the vs-\u003evs_tpg array or if the tpg has been removed so\ntarget_depend_item fails, the undepend goto handler will do\ntarget_undepend_item on all tpgs in the vs_tpg array dropping their\nrefcount to 0. At this time vs_tpg contains both the tpgs we have added\nin the current vhost_scsi_set_endpoint call as well as tpgs we added in\nprevious calls which are also in vs-\u003evs_tpg.\n\nLater, when vhost_scsi_clear_endpoint runs it will do\ntarget_undepend_item on all the tpgs in the vs-\u003evs_tpg which will drop\ntheir refcount to -1. Userspace will then not be able to remove the tpg\nand will hang when it tries to do rmdir on the tpg dir.\n\n3. Tpg leak:\n\nThis fixes a bug where we can leak tpgs and cause them to be\nun-removable because the target name is overwritten when\nvhost_scsi_set_endpoint is called multiple times but with different\ntarget names.\n\nThe bug occurs if a user has called VHOST_SCSI_SET_ENDPOINT and setup\na vhost-scsi device to target/tpg mapping, then calls\nVHOST_SCSI_SET_ENDPOINT again with a new target name that has tpgs we\nhaven't seen before (target1 has tpg1 but target2 has tpg2). When this\nhappens we don't teardown the old target tpg mapping and just overwrite\nthe target name and the vs-\u003evs_tpg array. Later when we do\nvhost_scsi_clear_endpoint, we are passed in either target1 or target2's\nname and we will only match that target's tpgs when we loop over the\nvs-\u003evs_tpg. We will then return from the function without doing\ntarget_undepend_item on the tpgs.\n\nBecause of all these bugs, it looks like being able to call\nvhost_scsi_set_endpoint multiple times was never supported. The major\nuser, QEMU, already has checks to prevent this use case. So to fix the\nissues, this patch prevents vhost_scsi_set_endpoint from being called\nif it's already successfully added tpgs. To add, remove or change the\ntpg config or target name, you must do a vhost_scsi_clear_endpoint\nfirst.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 2, "nvd": 3, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22083", "https://git.kernel.org/linus/5dd639a1646ef5fe8f4bf270fad47c5c3755b9b6 (6.15-rc1)", "https://git.kernel.org/stable/c/2b34bdc42df047794542f3e220fe989124e4499a", "https://git.kernel.org/stable/c/3a19eb3d9818e28f14c818a18dc913344a52ca92", "https://git.kernel.org/stable/c/3fd054baf382a426bbf5135ede0fc5673db74d3e", "https://git.kernel.org/stable/c/451c72f5e7cf5d339a6410a635cee0825687c3dc", "https://git.kernel.org/stable/c/5dd639a1646ef5fe8f4bf270fad47c5c3755b9b6", "https://git.kernel.org/stable/c/63b449f73ab0dcc0ba11ceaa4c5c70bc86ccf03c", "https://linux.oracle.com/cve/CVE-2025-22083.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025041614-CVE-2025-22083-8012@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22083", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-7605-1", "https://ubuntu.com/security/notices/USN-7605-2", "https://ubuntu.com/security/notices/USN-7606-1", "https://ubuntu.com/security/notices/USN-7628-1", "https://ubuntu.com/security/notices/USN-7835-1", "https://ubuntu.com/security/notices/USN-7835-2", "https://ubuntu.com/security/notices/USN-7835-3", "https://ubuntu.com/security/notices/USN-7835-4", "https://ubuntu.com/security/notices/USN-7835-5", "https://ubuntu.com/security/notices/USN-7835-6", "https://ubuntu.com/security/notices/USN-7887-1", "https://ubuntu.com/security/notices/USN-7887-2", "https://ubuntu.com/security/notices/USN-7940-1", "https://ubuntu.com/security/notices/USN-7940-2", "https://www.cve.org/CVERecord?id=CVE-2025-22083" ], "PublishedDate": "2025-04-16T15:16:02.51Z", "LastModifiedDate": "2026-02-06T17:16:14.983Z" }, { "VulnerabilityID": "CVE-2025-22090", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22090", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:31efe3c382b73a808677224aa55abc9e7536f7f1d0b5d30a8f2129a4a92ca571", "Title": "kernel: x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range()\n\nIf track_pfn_copy() fails, we already added the dst VMA to the maple\ntree. As fork() fails, we'll cleanup the maple tree, and stumble over\nthe dst VMA for which we neither performed any reservation nor copied\nany page tables.\n\nConsequently untrack_pfn() will see VM_PAT and try obtaining the\nPAT information from the page table -- which fails because the page\ntable was not copied.\n\nThe easiest fix would be to simply clear the VM_PAT flag of the dst VMA\nif track_pfn_copy() fails. However, the whole thing is about \"simply\"\nclearing the VM_PAT flag is shaky as well: if we passed track_pfn_copy()\nand performed a reservation, but copying the page tables fails, we'll\nsimply clear the VM_PAT flag, not properly undoing the reservation ...\nwhich is also wrong.\n\nSo let's fix it properly: set the VM_PAT flag only if the reservation\nsucceeded (leaving it clear initially), and undo the reservation if\nanything goes wrong while copying the page tables: clearing the VM_PAT\nflag after undoing the reservation.\n\nNote that any copied page table entries will get zapped when the VMA will\nget removed later, after copy_page_range() succeeded; as VM_PAT is not set\nthen, we won't try cleaning VM_PAT up once more and untrack_pfn() will be\nhappy. Note that leaving these page tables in place without a reservation\nis not a problem, as we are aborting fork(); this process will never run.\n\nA reproducer can trigger this usually at the first try:\n\n https://gitlab.com/davidhildenbrand/scratchspace/-/raw/main/reproducers/pat_fork.c\n\n WARNING: CPU: 26 PID: 11650 at arch/x86/mm/pat/memtype.c:983 get_pat_info+0xf6/0x110\n Modules linked in: ...\n CPU: 26 UID: 0 PID: 11650 Comm: repro3 Not tainted 6.12.0-rc5+ #92\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\n RIP: 0010:get_pat_info+0xf6/0x110\n ...\n Call Trace:\n \u003cTASK\u003e\n ...\n untrack_pfn+0x52/0x110\n unmap_single_vma+0xa6/0xe0\n unmap_vmas+0x105/0x1f0\n exit_mmap+0xf6/0x460\n __mmput+0x4b/0x120\n copy_process+0x1bf6/0x2aa0\n kernel_clone+0xab/0x440\n __do_sys_clone+0x66/0x90\n do_syscall_64+0x95/0x180\n\nLikely this case was missed in:\n\n d155df53f310 (\"x86/mm/pat: clear VM_PAT if copy_p4d_range failed\")\n\n... and instead of undoing the reservation we simply cleared the VM_PAT flag.\n\nKeep the documentation of these functions in include/linux/pgtable.h,\none place is more than sufficient -- we should clean that up for the other\nfunctions like track_pfn_remap/untrack_pfn separately.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22090", "https://git.kernel.org/linus/dc84bc2aba85a1508f04a936f9f9a15f64ebfb31 (6.15-rc1)", "https://git.kernel.org/stable/c/8d6373f83f367dbed316ddeb178130a3a64b5b67", "https://git.kernel.org/stable/c/a6623712ba8449876f0b3de9462831523fb851e4", "https://git.kernel.org/stable/c/b07398e8a5da517083f5c3f2daa8f6681b48ab28", "https://git.kernel.org/stable/c/da381c33f3aa6406406c9fdf07b8b0b63e0ce722", "https://git.kernel.org/stable/c/dc84bc2aba85a1508f04a936f9f9a15f64ebfb31", "https://git.kernel.org/stable/c/de6185b8892d88142ef69768fe4077cbf40109c0", "https://linux.oracle.com/cve/CVE-2025-22090.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025041617-CVE-2025-22090-f2fa@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22090", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-7605-1", "https://ubuntu.com/security/notices/USN-7605-2", "https://ubuntu.com/security/notices/USN-7606-1", "https://ubuntu.com/security/notices/USN-7628-1", "https://ubuntu.com/security/notices/USN-7835-1", "https://ubuntu.com/security/notices/USN-7835-2", "https://ubuntu.com/security/notices/USN-7835-3", "https://ubuntu.com/security/notices/USN-7835-4", "https://ubuntu.com/security/notices/USN-7835-5", "https://ubuntu.com/security/notices/USN-7835-6", "https://ubuntu.com/security/notices/USN-7887-1", "https://ubuntu.com/security/notices/USN-7887-2", "https://ubuntu.com/security/notices/USN-7940-1", "https://ubuntu.com/security/notices/USN-7940-2", "https://www.cve.org/CVERecord?id=CVE-2025-22090" ], "PublishedDate": "2025-04-16T15:16:03.213Z", "LastModifiedDate": "2026-01-11T17:15:52.31Z" }, { "VulnerabilityID": "CVE-2025-22103", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22103", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:da9d381162942d7dcaa49ae0a749de235ef798729e5626de7626155a11fcaaae", "Title": "kernel: net: fix NULL pointer dereference in l3mdev_l3_rcv", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix NULL pointer dereference in l3mdev_l3_rcv\n\nWhen delete l3s ipvlan:\n\n ip link del link eth0 ipvlan1 type ipvlan mode l3s\n\nThis may cause a null pointer dereference:\n\n Call trace:\n ip_rcv_finish+0x48/0xd0\n ip_rcv+0x5c/0x100\n __netif_receive_skb_one_core+0x64/0xb0\n __netif_receive_skb+0x20/0x80\n process_backlog+0xb4/0x204\n napi_poll+0xe8/0x294\n net_rx_action+0xd8/0x22c\n __do_softirq+0x12c/0x354\n\nThis is because l3mdev_l3_rcv() visit dev-\u003el3mdev_ops after\nipvlan_l3s_unregister() assign the dev-\u003el3mdev_ops to NULL. The process\nlike this:\n\n (CPU1) | (CPU2)\n l3mdev_l3_rcv() |\n check dev-\u003epriv_flags: |\n master = skb-\u003edev; |\n |\n | ipvlan_l3s_unregister()\n | set dev-\u003epriv_flags\n | dev-\u003el3mdev_ops = NULL;\n |\n visit master-\u003el3mdev_ops |\n\nTo avoid this by do not set dev-\u003el3mdev_ops when unregister l3s ipvlan.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22103", "https://git.kernel.org/linus/0032c99e83b9ce6d5995d65900aa4b6ffb501cce (6.15-rc1)", "https://git.kernel.org/stable/c/0032c99e83b9ce6d5995d65900aa4b6ffb501cce", "https://git.kernel.org/stable/c/52b44d8c653459c658b733d13658afdde45f6836", "https://git.kernel.org/stable/c/59599bce44af3df7a215ebc81cb166426e1c9204", "https://git.kernel.org/stable/c/f9dff65140efc289f01bcf39c3ca66a8806b6132", "https://linux.oracle.com/cve/CVE-2025-22103.html", "https://linux.oracle.com/errata/ELSA-2025-25754.html", "https://lore.kernel.org/linux-cve-announce/2025041621-CVE-2025-22103-b3a2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22103", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-22103" ], "PublishedDate": "2025-04-16T15:16:04.65Z", "LastModifiedDate": "2025-11-24T10:15:59.93Z" }, { "VulnerabilityID": "CVE-2025-22104", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22104", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:39f13ca65e11867dea7fe5e049a13c409b1f96732f3951159b0e4a17f4af23b4", "Title": "kernel: ibmvnic: Use kernel helpers for hex dumps", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: Use kernel helpers for hex dumps\n\nPreviously, when the driver was printing hex dumps, the buffer was cast\nto an 8 byte long and printed using string formatters. If the buffer\nsize was not a multiple of 8 then a read buffer overflow was possible.\n\nTherefore, create a new ibmvnic function that loops over a buffer and\ncalls hex_dump_to_buffer instead.\n\nThis patch address KASAN reports like the one below:\n ibmvnic 30000003 env3: Login Buffer:\n ibmvnic 30000003 env3: 01000000af000000\n \u003c...\u003e\n ibmvnic 30000003 env3: 2e6d62692e736261\n ibmvnic 30000003 env3: 65050003006d6f63\n ==================================================================\n BUG: KASAN: slab-out-of-bounds in ibmvnic_login+0xacc/0xffc [ibmvnic]\n Read of size 8 at addr c0000001331a9aa8 by task ip/17681\n \u003c...\u003e\n Allocated by task 17681:\n \u003c...\u003e\n ibmvnic_login+0x2f0/0xffc [ibmvnic]\n ibmvnic_open+0x148/0x308 [ibmvnic]\n __dev_open+0x1ac/0x304\n \u003c...\u003e\n The buggy address is located 168 bytes inside of\n allocated 175-byte region [c0000001331a9a00, c0000001331a9aaf)\n \u003c...\u003e\n =================================================================\n ibmvnic 30000003 env3: 000000000033766e", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "alma": 2, "nvd": 3, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:9302", "https://access.redhat.com/security/cve/CVE-2025-22104", "https://bugzilla.redhat.com/2355415", "https://bugzilla.redhat.com/2356618", "https://bugzilla.redhat.com/2360265", "https://bugzilla.redhat.com/2363268", "https://bugzilla.redhat.com/2363305", "https://bugzilla.redhat.com/show_bug.cgi?id=2355415", "https://bugzilla.redhat.com/show_bug.cgi?id=2356618", "https://bugzilla.redhat.com/show_bug.cgi?id=2360265", "https://bugzilla.redhat.com/show_bug.cgi?id=2363268", "https://bugzilla.redhat.com/show_bug.cgi?id=2363305", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21883", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21919", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22104", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23150", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37738", "https://errata.almalinux.org/9/ALSA-2025-9302.html", "https://errata.rockylinux.org/RLSA-2025:9302", "https://git.kernel.org/linus/d93a6caab5d7d9b5ce034d75b1e1e993338e3852 (6.15-rc1)", "https://git.kernel.org/stable/c/ae6b1d6c1acee3a2000394d83ec9f1028321e207", "https://git.kernel.org/stable/c/d93a6caab5d7d9b5ce034d75b1e1e993338e3852", "https://linux.oracle.com/cve/CVE-2025-22104.html", "https://linux.oracle.com/errata/ELSA-2025-9896.html", "https://lore.kernel.org/linux-cve-announce/2025041622-CVE-2025-22104-0a82@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22104", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-22104" ], "PublishedDate": "2025-04-16T15:16:04.733Z", "LastModifiedDate": "2025-11-03T18:44:21.607Z" }, { "VulnerabilityID": "CVE-2025-22105", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22105", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e06ee951f2d9fc0a6c8656dd3948573d3f0dbd4e91caaa32f868b4082bb3fd98", "Title": "kernel: bonding: check xdp prog when set bond mode", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: check xdp prog when set bond mode\n\nFollowing operations can trigger a warning[1]:\n\n ip netns add ns1\n ip netns exec ns1 ip link add bond0 type bond mode balance-rr\n ip netns exec ns1 ip link set dev bond0 xdp obj af_xdp_kern.o sec xdp\n ip netns exec ns1 ip link set bond0 type bond mode broadcast\n ip netns del ns1\n\nWhen delete the namespace, dev_xdp_uninstall() is called to remove xdp\nprogram on bond dev, and bond_xdp_set() will check the bond mode. If bond\nmode is changed after attaching xdp program, the warning may occur.\n\nSome bond modes (broadcast, etc.) do not support native xdp. Set bond mode\nwith xdp program attached is not good. Add check for xdp program when set\nbond mode.\n\n [1]\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 11 at net/core/dev.c:9912 unregister_netdevice_many_notify+0x8d9/0x930\n Modules linked in:\n CPU: 0 UID: 0 PID: 11 Comm: kworker/u4:0 Not tainted 6.14.0-rc4 #107\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014\n Workqueue: netns cleanup_net\n RIP: 0010:unregister_netdevice_many_notify+0x8d9/0x930\n Code: 00 00 48 c7 c6 6f e3 a2 82 48 c7 c7 d0 b3 96 82 e8 9c 10 3e ...\n RSP: 0018:ffffc90000063d80 EFLAGS: 00000282\n RAX: 00000000ffffffa1 RBX: ffff888004959000 RCX: 00000000ffffdfff\n RDX: 0000000000000000 RSI: 00000000ffffffea RDI: ffffc90000063b48\n RBP: ffffc90000063e28 R08: ffffffff82d39b28 R09: 0000000000009ffb\n R10: 0000000000000175 R11: ffffffff82d09b40 R12: ffff8880049598e8\n R13: 0000000000000001 R14: dead000000000100 R15: ffffc90000045000\n FS: 0000000000000000(0000) GS:ffff888007a00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000000d406b60 CR3: 000000000483e000 CR4: 00000000000006f0\n Call Trace:\n \u003cTASK\u003e\n ? __warn+0x83/0x130\n ? unregister_netdevice_many_notify+0x8d9/0x930\n ? report_bug+0x18e/0x1a0\n ? handle_bug+0x54/0x90\n ? exc_invalid_op+0x18/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? unregister_netdevice_many_notify+0x8d9/0x930\n ? bond_net_exit_batch_rtnl+0x5c/0x90\n cleanup_net+0x237/0x3d0\n process_one_work+0x163/0x390\n worker_thread+0x293/0x3b0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0xec/0x1e0\n ? __pfx_kthread+0x10/0x10\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2f/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22105", "https://git.kernel.org/linus/094ee6017ea09c11d6af187935a949df32803ce0 (6.15-rc1)", "https://git.kernel.org/stable/c/094ee6017ea09c11d6af187935a949df32803ce0", "https://git.kernel.org/stable/c/0dd4fac43bdea23cfe4bb2a3eabb76d752ac32fb", "https://git.kernel.org/stable/c/5106da73b01668a1aa5d0f352b95d2b832b5caa7", "https://git.kernel.org/stable/c/6f3af8055ee7ab69d1451f056fcd890df99c167e", "https://lore.kernel.org/linux-cve-announce/2025041622-CVE-2025-22105-afef@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22105", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-22105" ], "PublishedDate": "2025-04-16T15:16:04.827Z", "LastModifiedDate": "2025-12-06T22:15:50.077Z" }, { "VulnerabilityID": "CVE-2025-22107", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22107", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d2ca68814f5b3bd9b31fd7960d5c107e7c7818df901ff05fb96cf61bac68fad9", "Title": "kernel: net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry()\n\nThere are actually 2 problems:\n- deleting the last element doesn't require the memmove of elements\n [i + 1, end) over it. Actually, element i+1 is out of bounds.\n- The memmove itself should move size - i - 1 elements, because the last\n element is out of bounds.\n\nThe out-of-bounds element still remains out of bounds after being\naccessed, so the problem is only that we touch it, not that it becomes\nin active use. But I suppose it can lead to issues if the out-of-bounds\nelement is part of an unmapped page.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "azure": 2, "nvd": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22107", "https://git.kernel.org/linus/5f2b28b79d2d1946ee36ad8b3dc0066f73c90481 (6.15-rc1)", "https://git.kernel.org/stable/c/031e00249e9e6bee72ba66701c8f83b45fc4b8a2", "https://git.kernel.org/stable/c/4584486cfcca24b7b586da3377eb3cffd48669ec", "https://git.kernel.org/stable/c/59b97641de03c081f26b3a8876628c765b5faa25", "https://git.kernel.org/stable/c/5f2b28b79d2d1946ee36ad8b3dc0066f73c90481", "https://git.kernel.org/stable/c/b52153da1f42e2f4d6259257a7ba027331671a93", "https://lore.kernel.org/linux-cve-announce/2025041623-CVE-2025-22107-1266@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22107", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-22107" ], "PublishedDate": "2025-04-16T15:16:04.997Z", "LastModifiedDate": "2026-01-11T17:15:52.427Z" }, { "VulnerabilityID": "CVE-2025-22109", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22109", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:cfd6befd58d366c5e953b9a45fc21d6424ae1158f5a330879cffe70b88ad7f2e", "Title": "kernel: ax25: Remove broken autobind", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: Remove broken autobind\n\nBinding AX25 socket by using the autobind feature leads to memory leaks\nin ax25_connect() and also refcount leaks in ax25_release(). Memory\nleak was detected with kmemleak:\n\n================================================================\nunreferenced object 0xffff8880253cd680 (size 96):\nbacktrace:\n__kmalloc_node_track_caller_noprof (./include/linux/kmemleak.h:43)\nkmemdup_noprof (mm/util.c:136)\nax25_rt_autobind (net/ax25/ax25_route.c:428)\nax25_connect (net/ax25/af_ax25.c:1282)\n__sys_connect_file (net/socket.c:2045)\n__sys_connect (net/socket.c:2064)\n__x64_sys_connect (net/socket.c:2067)\ndo_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n================================================================\n\nWhen socket is bound, refcounts must be incremented the way it is done\nin ax25_bind() and ax25_setsockopt() (SO_BINDTODEVICE). In case of\nautobind, the refcounts are not incremented.\n\nThis bug leads to the following issue reported by Syzkaller:\n\n================================================================\nax25_connect(): syz-executor318 uses autobind, please contact jreuter@yaina.de\n------------[ cut here ]------------\nrefcount_t: decrement hit 0; leaking memory.\nWARNING: CPU: 0 PID: 5317 at lib/refcount.c:31 refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:31\nModules linked in:\nCPU: 0 UID: 0 PID: 5317 Comm: syz-executor318 Not tainted 6.14.0-rc4-syzkaller-00278-gece144f151ac #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nRIP: 0010:refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:31\n...\nCall Trace:\n \u003cTASK\u003e\n __refcount_dec include/linux/refcount.h:336 [inline]\n refcount_dec include/linux/refcount.h:351 [inline]\n ref_tracker_free+0x6af/0x7e0 lib/ref_tracker.c:236\n netdev_tracker_free include/linux/netdevice.h:4302 [inline]\n netdev_put include/linux/netdevice.h:4319 [inline]\n ax25_release+0x368/0x960 net/ax25/af_ax25.c:1080\n __sock_release net/socket.c:647 [inline]\n sock_close+0xbc/0x240 net/socket.c:1398\n __fput+0x3e9/0x9f0 fs/file_table.c:464\n __do_sys_close fs/open.c:1580 [inline]\n __se_sys_close fs/open.c:1565 [inline]\n __x64_sys_close+0x7f/0x110 fs/open.c:1565\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n ...\n \u003c/TASK\u003e\n================================================================\n\nConsidering the issues above and the comments left in the code that say:\n\"check if we can remove this feature. It is broken.\"; \"autobinding in this\nmay or may not work\"; - it is better to completely remove this feature than\nto fix it because it is broken and leads to various kinds of memory bugs.\n\nNow calling connect() without first binding socket will result in an\nerror (-EINVAL). Userspace software that relies on the autobind feature\nmight get broken. However, this feature does not seem widely used with\nthis specific driver as it was not reliable at any point of time, and it\nis already broken anyway. E.g. ax25-tools and ax25-apps packages for\npopular distributions do not use the autobind feature for AF_AX25.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22109", "https://git.kernel.org/linus/2f6efbabceb6b2914ee9bafb86d9a51feae9cce8 (6.15-rc1)", "https://git.kernel.org/stable/c/2f6efbabceb6b2914ee9bafb86d9a51feae9cce8", "https://git.kernel.org/stable/c/61203fdd3e35519db9a98b6ff8983c620ffc4696", "https://lore.kernel.org/linux-cve-announce/2025041623-CVE-2025-22109-f8e7@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22109", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-22109" ], "PublishedDate": "2025-04-16T15:16:05.167Z", "LastModifiedDate": "2025-11-03T18:42:15.69Z" }, { "VulnerabilityID": "CVE-2025-22111", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22111", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:acd65d930dc30e4aa87d8389a681c8cb508406216f93d6c76e01ee87e70cf3c7", "Title": "kernel: net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF.", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF.\n\nSIOCBRDELIF is passed to dev_ioctl() first and later forwarded to\nbr_ioctl_call(), which causes unnecessary RTNL dance and the splat\nbelow [0] under RTNL pressure.\n\nLet's say Thread A is trying to detach a device from a bridge and\nThread B is trying to remove the bridge.\n\nIn dev_ioctl(), Thread A bumps the bridge device's refcnt by\nnetdev_hold() and releases RTNL because the following br_ioctl_call()\nalso re-acquires RTNL.\n\nIn the race window, Thread B could acquire RTNL and try to remove\nthe bridge device. Then, rtnl_unlock() by Thread B will release RTNL\nand wait for netdev_put() by Thread A.\n\nThread A, however, must hold RTNL after the unlock in dev_ifsioc(),\nwhich may take long under RTNL pressure, resulting in the splat by\nThread B.\n\n Thread A (SIOCBRDELIF) Thread B (SIOCBRDELBR)\n ---------------------- ----------------------\n sock_ioctl sock_ioctl\n `- sock_do_ioctl `- br_ioctl_call\n `- dev_ioctl `- br_ioctl_stub\n |- rtnl_lock |\n |- dev_ifsioc '\n ' |- dev = __dev_get_by_name(...)\n |- netdev_hold(dev, ...) .\n / |- rtnl_unlock ------. |\n | |- br_ioctl_call `---\u003e |- rtnl_lock\n Race | | `- br_ioctl_stub |- br_del_bridge\n Window | | | |- dev = __dev_get_by_name(...)\n | | | May take long | `- br_dev_delete(dev, ...)\n | | | under RTNL pressure | `- unregister_netdevice_queue(dev, ...)\n | | | | `- rtnl_unlock\n \\ | |- rtnl_lock \u003c-' `- netdev_run_todo\n | |- ... `- netdev_run_todo\n | `- rtnl_unlock |- __rtnl_unlock\n | |- netdev_wait_allrefs_any\n |- netdev_put(dev, ...) \u003c----------------'\n Wait refcnt decrement\n and log splat below\n\nTo avoid blocking SIOCBRDELBR unnecessarily, let's not call\ndev_ioctl() for SIOCBRADDIF and SIOCBRDELIF.\n\nIn the dev_ioctl() path, we do the following:\n\n 1. Copy struct ifreq by get_user_ifreq in sock_do_ioctl()\n 2. Check CAP_NET_ADMIN in dev_ioctl()\n 3. Call dev_load() in dev_ioctl()\n 4. Fetch the master dev from ifr.ifr_name in dev_ifsioc()\n\n3. can be done by request_module() in br_ioctl_call(), so we move\n1., 2., and 4. to br_ioctl_stub().\n\nNote that 2. is also checked later in add_del_if(), but it's better\nperformed before RTNL.\n\nSIOCBRADDIF and SIOCBRDELIF have been processed in dev_ioctl() since\nthe pre-git era, and there seems to be no specific reason to process\nthem there.\n\n[0]:\nunregister_netdevice: waiting for wpan3 to become free. Usage count = 2\nref_tracker: wpan3@ffff8880662d8608 has 1/1 users at\n __netdev_tracker_alloc include/linux/netdevice.h:4282 [inline]\n netdev_hold include/linux/netdevice.h:4311 [inline]\n dev_ifsioc+0xc6a/0x1160 net/core/dev_ioctl.c:624\n dev_ioctl+0x255/0x10c0 net/core/dev_ioctl.c:826\n sock_do_ioctl+0x1ca/0x260 net/socket.c:1213\n sock_ioctl+0x23a/0x6c0 net/socket.c:1318\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:906 [inline]\n __se_sys_ioctl fs/ioctl.c:892 [inline]\n __x64_sys_ioctl+0x1a4/0x210 fs/ioctl.c:892\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcb/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22111", "https://git.kernel.org/linus/ed3ba9b6e280e14cc3148c1b226ba453f02fa76c (6.15-rc1)", "https://git.kernel.org/stable/c/00fe0ac64efd1f5373b3dd9f1f84b19235371e39", "https://git.kernel.org/stable/c/338a0f3c66aef4ee13052880d02200aae8f2d8a8", "https://git.kernel.org/stable/c/4888e1dcc341e9a132ef7b8516234b3c3296de56", "https://git.kernel.org/stable/c/d767ce15045df510f55cdd2af5df0eee71f928d0", "https://git.kernel.org/stable/c/ed3ba9b6e280e14cc3148c1b226ba453f02fa76c", "https://git.kernel.org/stable/c/f51e471cb1577d510c3096e126678e1ea20d2efd", "https://linux.oracle.com/cve/CVE-2025-22111.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2025041624-CVE-2025-22111-8bec@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22111", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-22111" ], "PublishedDate": "2025-04-16T15:16:05.347Z", "LastModifiedDate": "2026-01-19T13:16:07.75Z" }, { "VulnerabilityID": "CVE-2025-22113", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22113", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:12a90294b5fa5add69bb696a43301a504408f5c513dc0518d9c11979c3f31db8", "Title": "kernel: ext4: avoid journaling sb update on error if journal is destroying", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid journaling sb update on error if journal is destroying\n\nPresently we always BUG_ON if trying to start a transaction on a journal marked\nwith JBD2_UNMOUNT, since this should never happen. However, while ltp running\nstress tests, it was observed that in case of some error handling paths, it is\npossible for update_super_work to start a transaction after the journal is\ndestroyed eg:\n\n(umount)\next4_kill_sb\n kill_block_super\n generic_shutdown_super\n sync_filesystem /* commits all txns */\n evict_inodes\n /* might start a new txn */\n ext4_put_super\n\tflush_work(\u0026sbi-\u003es_sb_upd_work) /* flush the workqueue */\n jbd2_journal_destroy\n journal_kill_thread\n journal-\u003ej_flags |= JBD2_UNMOUNT;\n jbd2_journal_commit_transaction\n jbd2_journal_get_descriptor_buffer\n jbd2_journal_bmap\n ext4_journal_bmap\n ext4_map_blocks\n ...\n ext4_inode_error\n ext4_handle_error\n schedule_work(\u0026sbi-\u003es_sb_upd_work)\n\n /* work queue kicks in */\n update_super_work\n jbd2_journal_start\n start_this_handle\n BUG_ON(journal-\u003ej_flags \u0026\n JBD2_UNMOUNT)\n\nHence, introduce a new mount flag to indicate journal is destroying and only do\na journaled (and deferred) update of sb if this flag is not set. Otherwise, just\nfallback to an un-journaled commit.\n\nFurther, in the journal destroy path, we have the following sequence:\n\n 1. Set mount flag indicating journal is destroying\n 2. force a commit and wait for it\n 3. flush pending sb updates\n\nThis sequence is important as it ensures that, after this point, there is no sb\nupdate that might be journaled so it is safe to update the sb outside the\njournal. (To avoid race discussed in 2d01ddc86606)\n\nAlso, we don't need a similar check in ext4_grp_locked_error since it is only\ncalled from mballoc and AFAICT it would be always valid to schedule work here.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "nvd": 2, "oracle-oval": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:11861", "https://access.redhat.com/security/cve/CVE-2025-22113", "https://bugzilla.redhat.com/2348599", "https://bugzilla.redhat.com/2356613", "https://bugzilla.redhat.com/2360186", "https://bugzilla.redhat.com/2360199", "https://bugzilla.redhat.com/2360212", "https://bugzilla.redhat.com/2360219", "https://bugzilla.redhat.com/2363672", "https://bugzilla.redhat.com/2367572", "https://bugzilla.redhat.com/2375305", "https://bugzilla.redhat.com/2376035", "https://bugzilla.redhat.com/show_bug.cgi?id=2348599", "https://bugzilla.redhat.com/show_bug.cgi?id=2356613", "https://bugzilla.redhat.com/show_bug.cgi?id=2360186", "https://bugzilla.redhat.com/show_bug.cgi?id=2360199", "https://bugzilla.redhat.com/show_bug.cgi?id=2360212", "https://bugzilla.redhat.com/show_bug.cgi?id=2360219", "https://bugzilla.redhat.com/show_bug.cgi?id=2363672", "https://bugzilla.redhat.com/show_bug.cgi?id=2367572", "https://bugzilla.redhat.com/show_bug.cgi?id=2375305", "https://bugzilla.redhat.com/show_bug.cgi?id=2376035", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57980", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21905", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22085", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22091", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22113", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22121", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37797", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37958", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38086", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38110", "https://errata.almalinux.org/9/ALSA-2025-11861.html", "https://errata.rockylinux.org/RLSA-2025:11861", "https://git.kernel.org/linus/ce2f26e73783b4a7c46a86e3af5b5c8de0971790 (6.15-rc1)", "https://git.kernel.org/stable/c/ce2f26e73783b4a7c46a86e3af5b5c8de0971790", "https://git.kernel.org/stable/c/db05767b5bc307143d99fe2afd8c43af58d2ebef", "https://git.kernel.org/stable/c/eddca44ddf810e27f0c96913aa3cc92ebd679ddb", "https://linux.oracle.com/cve/CVE-2025-22113.html", "https://linux.oracle.com/errata/ELSA-2025-25754.html", "https://lore.kernel.org/linux-cve-announce/2025041625-CVE-2025-22113-34cd@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22113", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-22113" ], "PublishedDate": "2025-04-16T15:16:05.523Z", "LastModifiedDate": "2025-11-03T18:38:15.473Z" }, { "VulnerabilityID": "CVE-2025-22121", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22121", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:da069370fa190c5097e1dfbd82c9a6733f850cc791b12e585d0b88cf588fc966", "Title": "kernel: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all()\n\nThere's issue as follows:\nBUG: KASAN: use-after-free in ext4_xattr_inode_dec_ref_all+0x6ff/0x790\nRead of size 4 at addr ffff88807b003000 by task syz-executor.0/15172\n\nCPU: 3 PID: 15172 Comm: syz-executor.0\nCall Trace:\n __dump_stack lib/dump_stack.c:82 [inline]\n dump_stack+0xbe/0xfd lib/dump_stack.c:123\n print_address_description.constprop.0+0x1e/0x280 mm/kasan/report.c:400\n __kasan_report.cold+0x6c/0x84 mm/kasan/report.c:560\n kasan_report+0x3a/0x50 mm/kasan/report.c:585\n ext4_xattr_inode_dec_ref_all+0x6ff/0x790 fs/ext4/xattr.c:1137\n ext4_xattr_delete_inode+0x4c7/0xda0 fs/ext4/xattr.c:2896\n ext4_evict_inode+0xb3b/0x1670 fs/ext4/inode.c:323\n evict+0x39f/0x880 fs/inode.c:622\n iput_final fs/inode.c:1746 [inline]\n iput fs/inode.c:1772 [inline]\n iput+0x525/0x6c0 fs/inode.c:1758\n ext4_orphan_cleanup fs/ext4/super.c:3298 [inline]\n ext4_fill_super+0x8c57/0xba40 fs/ext4/super.c:5300\n mount_bdev+0x355/0x410 fs/super.c:1446\n legacy_get_tree+0xfe/0x220 fs/fs_context.c:611\n vfs_get_tree+0x8d/0x2f0 fs/super.c:1576\n do_new_mount fs/namespace.c:2983 [inline]\n path_mount+0x119a/0x1ad0 fs/namespace.c:3316\n do_mount+0xfc/0x110 fs/namespace.c:3329\n __do_sys_mount fs/namespace.c:3540 [inline]\n __se_sys_mount+0x219/0x2e0 fs/namespace.c:3514\n do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n\nMemory state around the buggy address:\n ffff88807b002f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n ffff88807b002f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n\u003effff88807b003000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n ^\n ffff88807b003080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n ffff88807b003100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n\nAbove issue happens as ext4_xattr_delete_inode() isn't check xattr\nis valid if xattr is in inode.\nTo solve above issue call xattr_check_inode() check if xattr if valid\nin inode. In fact, we can directly verify in ext4_iget_extra_inode(),\nso that there is no divergent verification.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "alma": 2, "azure": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:11861", "https://access.redhat.com/security/cve/CVE-2025-22121", "https://bugzilla.redhat.com/2348599", "https://bugzilla.redhat.com/2356613", "https://bugzilla.redhat.com/2360186", "https://bugzilla.redhat.com/2360199", "https://bugzilla.redhat.com/2360212", "https://bugzilla.redhat.com/2360219", "https://bugzilla.redhat.com/2363672", "https://bugzilla.redhat.com/2367572", "https://bugzilla.redhat.com/2375305", "https://bugzilla.redhat.com/2376035", "https://bugzilla.redhat.com/show_bug.cgi?id=2348599", "https://bugzilla.redhat.com/show_bug.cgi?id=2356613", "https://bugzilla.redhat.com/show_bug.cgi?id=2360186", "https://bugzilla.redhat.com/show_bug.cgi?id=2360199", "https://bugzilla.redhat.com/show_bug.cgi?id=2360212", "https://bugzilla.redhat.com/show_bug.cgi?id=2360219", "https://bugzilla.redhat.com/show_bug.cgi?id=2363672", "https://bugzilla.redhat.com/show_bug.cgi?id=2367572", "https://bugzilla.redhat.com/show_bug.cgi?id=2375305", "https://bugzilla.redhat.com/show_bug.cgi?id=2376035", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57980", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21905", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22085", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22091", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22113", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22121", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37797", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37958", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38086", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38110", "https://errata.almalinux.org/9/ALSA-2025-11861.html", "https://errata.rockylinux.org/RLSA-2025:11861", "https://git.kernel.org/linus/5701875f9609b000d91351eaa6bfd97fe2f157f4 (6.15-rc1)", "https://git.kernel.org/stable/c/098927a13fd918bd7c64c2de905350a1ad7b4a3a", "https://git.kernel.org/stable/c/0c8fbb6ffb3c8f5164572ca88e4ccb6cd6a41ca8", "https://git.kernel.org/stable/c/27202452b0bc942fdc3db72a44c4dcdab96d5b56", "https://git.kernel.org/stable/c/3c591353956ffcace2cc74d09930774afed60619", "https://git.kernel.org/stable/c/5701875f9609b000d91351eaa6bfd97fe2f157f4", "https://git.kernel.org/stable/c/b374e9ecc92aaa7fb2ab221ee3ff5451118ab566", "https://git.kernel.org/stable/c/c000a8a9b5343a5ef867df173c6349672dacbd0f", "https://linux.oracle.com/cve/CVE-2025-22121.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2025041628-CVE-2025-22121-52fd@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22121", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-22121" ], "PublishedDate": "2025-04-16T15:16:06.277Z", "LastModifiedDate": "2026-01-19T13:16:07.867Z" }, { "VulnerabilityID": "CVE-2025-22124", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22124", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e78166a13a3e03cf7b82c6c38b794c57366b63f0ec8a07476852c154f34db4de", "Title": "kernel: md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/md-bitmap: fix wrong bitmap_limit for clustermd when write sb\n\nIn clustermd, separate write-intent-bitmaps are used for each cluster\nnode:\n\n0 4k 8k 12k\n-------------------------------------------------------------------\n| idle | md super | bm super [0] + bits |\n| bm bits[0, contd] | bm super[1] + bits | bm bits[1, contd] |\n| bm super[2] + bits | bm bits [2, contd] | bm super[3] + bits |\n| bm bits [3, contd] | | |\n\nSo in node 1, pg_index in __write_sb_page() could equal to\nbitmap-\u003estorage.file_pages. Then bitmap_limit will be calculated to\n0. md_super_write() will be called with 0 size.\nThat means the first 4k sb area of node 1 will never be updated\nthrough filemap_write_page().\nThis bug causes hang of mdadm/clustermd_tests/01r1_Grow_resize.\n\nHere use (pg_index % bitmap-\u003estorage.file_pages) to make calculation\nof bitmap_limit correct.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "V3Score": 6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22124", "https://git.kernel.org/linus/6130825f34d41718c98a9b1504a79a23e379701e (6.15-rc1)", "https://git.kernel.org/stable/c/60196f92bbc7901eb5cfa5d456651b87ea50a4a3", "https://git.kernel.org/stable/c/6130825f34d41718c98a9b1504a79a23e379701e", "https://git.kernel.org/stable/c/bc3a9788961631359527763d7e1fcf26554c7cb1", "https://linux.oracle.com/cve/CVE-2025-22124.html", "https://linux.oracle.com/errata/ELSA-2025-25754.html", "https://lore.kernel.org/linux-cve-announce/2025041629-CVE-2025-22124-4561@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22124", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-22124" ], "PublishedDate": "2025-04-16T15:16:06.54Z", "LastModifiedDate": "2025-11-03T18:27:37.333Z" }, { "VulnerabilityID": "CVE-2025-22125", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22125", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5bc8292e3cf103e072ad2b0693e6b269e89c0e9d944df58cad7c85fbe34826d9", "Title": "kernel: md/raid1,raid10: don't ignore IO flags", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid1,raid10: don't ignore IO flags\n\nIf blk-wbt is enabled by default, it's found that raid write performance\nis quite bad because all IO are throttled by wbt of underlying disks,\ndue to flag REQ_IDLE is ignored. And turns out this behaviour exist since\nblk-wbt is introduced.\n\nOther than REQ_IDLE, other flags should not be ignored as well, for\nexample REQ_META can be set for filesystems, clearing it can cause priority\nreverse problems; And REQ_NOWAIT should not be cleared as well, because\nio will wait instead of failing directly in underlying disks.\n\nFix those problems by keep IO flags from master bio.\n\nFises: f51d46d0e7cb (\"md: add support for REQ_NOWAIT\")", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22125", "https://git.kernel.org/linus/e879a0d9cb086c8e52ce6c04e5bfa63825a6213c (6.15-rc1)", "https://git.kernel.org/stable/c/73506e581c0b1814cdfd2229d589f30751d7de26", "https://git.kernel.org/stable/c/8a0adf3d778c4a0893c6d34a9e1b0082a6f1c495", "https://git.kernel.org/stable/c/e879a0d9cb086c8e52ce6c04e5bfa63825a6213c", "https://lore.kernel.org/linux-cve-announce/2025041629-CVE-2025-22125-ba0f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22125", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-22125" ], "PublishedDate": "2025-04-16T15:16:06.63Z", "LastModifiedDate": "2025-11-03T18:27:01.98Z" }, { "VulnerabilityID": "CVE-2025-22127", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22127", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:746d274aa485e82210ff72dc5e732eb6ac0f92745f53d3bb5b9c78f3ef85a1fc", "Title": "kernel: f2fs: fix potential deadloop in prepare_compress_overwrite()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix potential deadloop in prepare_compress_overwrite()\n\nJan Prusakowski reported a kernel hang issue as below:\n\nWhen running xfstests on linux-next kernel (6.14.0-rc3, 6.12) I\nencountered a problem in generic/475 test where fsstress process\ngets blocked in __f2fs_write_data_pages() and the test hangs.\nThe options I used are:\n\nMKFS_OPTIONS -- -O compression -O extra_attr -O project_quota -O quota /dev/vdc\nMOUNT_OPTIONS -- -o acl,user_xattr -o discard,compress_extension=* /dev/vdc /vdc\n\nINFO: task kworker/u8:0:11 blocked for more than 122 seconds.\n Not tainted 6.14.0-rc3-xfstests-lockdep #1\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:kworker/u8:0 state:D stack:0 pid:11 tgid:11 ppid:2 task_flags:0x4208160 flags:0x00004000\nWorkqueue: writeback wb_workfn (flush-253:0)\nCall Trace:\n \u003cTASK\u003e\n __schedule+0x309/0x8e0\n schedule+0x3a/0x100\n schedule_preempt_disabled+0x15/0x30\n __mutex_lock+0x59a/0xdb0\n __f2fs_write_data_pages+0x3ac/0x400\n do_writepages+0xe8/0x290\n __writeback_single_inode+0x5c/0x360\n writeback_sb_inodes+0x22f/0x570\n wb_writeback+0xb0/0x410\n wb_do_writeback+0x47/0x2f0\n wb_workfn+0x5a/0x1c0\n process_one_work+0x223/0x5b0\n worker_thread+0x1d5/0x3c0\n kthread+0xfd/0x230\n ret_from_fork+0x31/0x50\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nThe root cause is: once generic/475 starts toload error table to dm\ndevice, f2fs_prepare_compress_overwrite() will loop reading compressed\ncluster pages due to IO error, meanwhile it has held .writepages lock,\nit can block all other writeback tasks.\n\nLet's fix this issue w/ below changes:\n- add f2fs_handle_page_eio() in prepare_compress_overwrite() to\ndetect IO error.\n- detect cp_error earler in f2fs_read_multi_pages().", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22127", "https://git.kernel.org/linus/3147ee567dd9004a49826ddeaf0a4b12865d4409 (6.15-rc1)", "https://git.kernel.org/stable/c/3147ee567dd9004a49826ddeaf0a4b12865d4409", "https://git.kernel.org/stable/c/7215cf8ef54bdc9082dffac4662416d54961e258", "https://lore.kernel.org/linux-cve-announce/2025041630-CVE-2025-22127-81a6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-22127", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-22127" ], "PublishedDate": "2025-04-16T15:16:06.813Z", "LastModifiedDate": "2025-11-03T18:25:48.783Z" }, { "VulnerabilityID": "CVE-2025-23130", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-23130", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8d9a68c868c85499fdb1efcb27f3e2cc5132cac44ee2674edf5646c2c9c59890", "Title": "kernel: f2fs: fix to avoid panic once fallocation fails for pinfile", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid panic once fallocation fails for pinfile\n\nsyzbot reports a f2fs bug as below:\n\n------------[ cut here ]------------\nkernel BUG at fs/f2fs/segment.c:2746!\nCPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted 6.13.0-rc2-syzkaller-00018-g7cb1b4663150 #0\nRIP: 0010:get_new_segment fs/f2fs/segment.c:2746 [inline]\nRIP: 0010:new_curseg+0x1f52/0x1f70 fs/f2fs/segment.c:2876\nCall Trace:\n \u003cTASK\u003e\n __allocate_new_segment+0x1ce/0x940 fs/f2fs/segment.c:3210\n f2fs_allocate_new_section fs/f2fs/segment.c:3224 [inline]\n f2fs_allocate_pinning_section+0xfa/0x4e0 fs/f2fs/segment.c:3238\n f2fs_expand_inode_data+0x696/0xca0 fs/f2fs/file.c:1830\n f2fs_fallocate+0x537/0xa10 fs/f2fs/file.c:1940\n vfs_fallocate+0x569/0x6e0 fs/open.c:327\n do_vfs_ioctl+0x258c/0x2e40 fs/ioctl.c:885\n __do_sys_ioctl fs/ioctl.c:904 [inline]\n __se_sys_ioctl+0x80/0x170 fs/ioctl.c:892\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nConcurrent pinfile allocation may run out of free section, result in\npanic in get_new_segment(), let's expand pin_sem lock coverage to\ninclude f2fs_gc(), so that we can make sure to reclaim enough free\nspace for following allocation.\n\nIn addition, do below changes to enhance error path handling:\n- call f2fs_bug_on() only in non-pinfile allocation path in\nget_new_segment().\n- call reset_curseg_fields() to reset all fields of curseg in\nnew_curseg()", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-23130", "https://git.kernel.org/linus/48ea8b200414ac69ea96f4c231f5c7ef1fbeffef (6.15-rc1)", "https://git.kernel.org/stable/c/2dda0930fb79b847b4bfceb737577d0f6bc24d7d", "https://git.kernel.org/stable/c/48ea8b200414ac69ea96f4c231f5c7ef1fbeffef", "https://git.kernel.org/stable/c/9392862608d081a8346a3b841f862d732fce954b", "https://lore.kernel.org/linux-cve-announce/2025041631-CVE-2025-23130-438d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-23130", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-23130" ], "PublishedDate": "2025-04-16T15:16:07.457Z", "LastModifiedDate": "2025-11-04T17:04:06.633Z" }, { "VulnerabilityID": "CVE-2025-23131", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-23131", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7825676bb679c1489657aa84f8f631cb355c6745f7894d7e2c1d2b96ab5343a6", "Title": "kernel: dlm: prevent NPD when writing a positive value to event_done", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndlm: prevent NPD when writing a positive value to event_done\n\ndo_uevent returns the value written to event_done. In case it is a\npositive value, new_lockspace would undo all the work, and lockspace\nwould not be set. __dlm_new_lockspace, however, would treat that\npositive value as a success due to commit 8511a2728ab8 (\"dlm: fix use\ncount with multiple joins\").\n\nDown the line, device_create_lockspace would pass that NULL lockspace to\ndlm_find_lockspace_local, leading to a NULL pointer dereference.\n\nTreating such positive values as successes prevents the problem. Given\nthis has been broken for so long, this is unlikely to break userspace\nexpectations.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-23131", "https://git.kernel.org/linus/8e2bad543eca5c25cd02cbc63d72557934d45f13 (6.15-rc1)", "https://git.kernel.org/stable/c/8e2bad543eca5c25cd02cbc63d72557934d45f13", "https://git.kernel.org/stable/c/b73c4ad4d387fe5bc988145bd9f1bc0de76afd5c", "https://lore.kernel.org/linux-cve-announce/2025041631-CVE-2025-23131-1a88@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-23131", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-23131" ], "PublishedDate": "2025-04-16T15:16:07.547Z", "LastModifiedDate": "2025-11-04T17:01:32.31Z" }, { "VulnerabilityID": "CVE-2025-23132", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-23132", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2f55b8422eafa70b181c3f583522ce18df3a052b0dadc660139abf45fb363553", "Title": "kernel: f2fs: quota: fix to avoid warning in dquot_writeback_dquots()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: quota: fix to avoid warning in dquot_writeback_dquots()\n\nF2FS-fs (dm-59): checkpoint=enable has some unwritten data.\n\n------------[ cut here ]------------\nWARNING: CPU: 6 PID: 8013 at fs/quota/dquot.c:691 dquot_writeback_dquots+0x2fc/0x308\npc : dquot_writeback_dquots+0x2fc/0x308\nlr : f2fs_quota_sync+0xcc/0x1c4\nCall trace:\ndquot_writeback_dquots+0x2fc/0x308\nf2fs_quota_sync+0xcc/0x1c4\nf2fs_write_checkpoint+0x3d4/0x9b0\nf2fs_issue_checkpoint+0x1bc/0x2c0\nf2fs_sync_fs+0x54/0x150\nf2fs_do_sync_file+0x2f8/0x814\n__f2fs_ioctl+0x1960/0x3244\nf2fs_ioctl+0x54/0xe0\n__arm64_sys_ioctl+0xa8/0xe4\ninvoke_syscall+0x58/0x114\n\ncheckpoint and f2fs_remount may race as below, resulting triggering warning\nin dquot_writeback_dquots().\n\natomic write remount\n - do_remount\n - down_write(\u0026sb-\u003es_umount);\n - f2fs_remount\n- ioctl\n - f2fs_do_sync_file\n - f2fs_sync_fs\n - f2fs_write_checkpoint\n - block_operations\n - locked = down_read_trylock(\u0026sbi-\u003esb-\u003es_umount)\n : fail to lock due to the write lock was held by remount\n - up_write(\u0026sb-\u003es_umount);\n - f2fs_quota_sync\n - dquot_writeback_dquots\n - WARN_ON_ONCE(!rwsem_is_locked(\u0026sb-\u003es_umount))\n : trigger warning because s_umount lock was unlocked by remount\n\nIf checkpoint comes from mount/umount/remount/freeze/quotactl, caller of\ncheckpoint has already held s_umount lock, calling dquot_writeback_dquots()\nin the context should be safe.\n\nSo let's record task to sbi-\u003eumount_lock_holder, so that checkpoint can\nknow whether the lock has held in the context or not by checking current\nw/ it.\n\nIn addition, in order to not misrepresent caller of checkpoint, we should\nnot allow to trigger async checkpoint for those callers: mount/umount/remount/\nfreeze/quotactl.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-23132", "https://git.kernel.org/linus/eb85c2410d6f581e957cd03a644ff6ddbe592af9 (6.15-rc1)", "https://git.kernel.org/stable/c/d7acf0a6c87aa282c86a36dbaa2f92fda88c5884", "https://git.kernel.org/stable/c/eb85c2410d6f581e957cd03a644ff6ddbe592af9", "https://lore.kernel.org/linux-cve-announce/2025041631-CVE-2025-23132-cbf9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-23132", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-23132" ], "PublishedDate": "2025-04-16T15:16:07.63Z", "LastModifiedDate": "2025-11-04T17:01:21.487Z" }, { "VulnerabilityID": "CVE-2025-23133", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-23133", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e2918ebc0d7c00211000a3b3b1f1acaefc5fb55e60a5c790d13c0f93bfc005f8", "Title": "kernel: wifi: ath11k: update channel list in reg notifier instead reg worker", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: update channel list in reg notifier instead reg worker\n\nCurrently when ath11k gets a new channel list, it will be processed\naccording to the following steps:\n1. update new channel list to cfg80211 and queue reg_work.\n2. cfg80211 handles new channel list during reg_work.\n3. update cfg80211's handled channel list to firmware by\nath11k_reg_update_chan_list().\n\nBut ath11k will immediately execute step 3 after reg_work is just\nqueued. Since step 2 is asynchronous, cfg80211 may not have completed\nhandling the new channel list, which may leading to an out-of-bounds\nwrite error:\nBUG: KASAN: slab-out-of-bounds in ath11k_reg_update_chan_list\nCall Trace:\n ath11k_reg_update_chan_list+0xbfe/0xfe0 [ath11k]\n kfree+0x109/0x3a0\n ath11k_regd_update+0x1cf/0x350 [ath11k]\n ath11k_regd_update_work+0x14/0x20 [ath11k]\n process_one_work+0xe35/0x14c0\n\nShould ensure step 2 is completely done before executing step 3. Thus\nWen raised patch[1]. When flag NL80211_REGDOM_SET_BY_DRIVER is set,\ncfg80211 will notify ath11k after step 2 is done.\n\nSo enable the flag NL80211_REGDOM_SET_BY_DRIVER then cfg80211 will\nnotify ath11k after step 2 is done. At this time, there will be no\nKASAN bug during the execution of the step 3.\n\n[1] https://patchwork.kernel.org/project/linux-wireless/patch/20230201065313.27203-1-quic_wgong@quicinc.com/\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "nvd": 3, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "V3Score": 6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-23133", "https://git.kernel.org/linus/933ab187e679e6fbdeea1835ae39efcc59c022d2 (6.15-rc1)", "https://git.kernel.org/stable/c/26618c039b78a76c373d4e02c5fbd52e3a73aead", "https://git.kernel.org/stable/c/933ab187e679e6fbdeea1835ae39efcc59c022d2", "https://git.kernel.org/stable/c/f952fb83c9c6f908d27500764c4aee1df04b9d3f", "https://linux.oracle.com/cve/CVE-2025-23133.html", "https://linux.oracle.com/errata/ELSA-2025-25754.html", "https://lore.kernel.org/linux-cve-announce/2025041632-CVE-2025-23133-c1c5@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-23133", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-23133" ], "PublishedDate": "2025-04-16T15:16:07.717Z", "LastModifiedDate": "2025-11-04T17:01:03.44Z" }, { "VulnerabilityID": "CVE-2025-23141", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-23141", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:037b69a9623c6f4a2ec4caea5237a698dccde2a6a571a65c18b355c2193ae07b", "Title": "kernel: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses\n\nAcquire a lock on kvm-\u003esrcu when userspace is getting MP state to handle a\nrather extreme edge case where \"accepting\" APIC events, i.e. processing\npending INIT or SIPI, can trigger accesses to guest memory. If the vCPU\nis in L2 with INIT *and* a TRIPLE_FAULT request pending, then getting MP\nstate will trigger a nested VM-Exit by way of -\u003echeck_nested_events(), and\nemuating the nested VM-Exit can access guest memory.\n\nThe splat was originally hit by syzkaller on a Google-internal kernel, and\nreproduced on an upstream kernel by hacking the triple_fault_event_test\nselftest to stuff a pending INIT, store an MSR on VM-Exit (to generate a\nmemory access on VMX), and do vcpu_mp_state_get() to trigger the scenario.\n\n =============================\n WARNING: suspicious RCU usage\n 6.14.0-rc3-b112d356288b-vmx/pi_lockdep_false_pos-lock #3 Not tainted\n -----------------------------\n include/linux/kvm_host.h:1058 suspicious rcu_dereference_check() usage!\n\n other info that might help us debug this:\n\n rcu_scheduler_active = 2, debug_locks = 1\n 1 lock held by triple_fault_ev/1256:\n #0: ffff88810df5a330 (\u0026vcpu-\u003emutex){+.+.}-{4:4}, at: kvm_vcpu_ioctl+0x8b/0x9a0 [kvm]\n\n stack backtrace:\n CPU: 11 UID: 1000 PID: 1256 Comm: triple_fault_ev Not tainted 6.14.0-rc3-b112d356288b-vmx #3\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x7f/0x90\n lockdep_rcu_suspicious+0x144/0x190\n kvm_vcpu_gfn_to_memslot+0x156/0x180 [kvm]\n kvm_vcpu_read_guest+0x3e/0x90 [kvm]\n read_and_check_msr_entry+0x2e/0x180 [kvm_intel]\n __nested_vmx_vmexit+0x550/0xde0 [kvm_intel]\n kvm_check_nested_events+0x1b/0x30 [kvm]\n kvm_apic_accept_events+0x33/0x100 [kvm]\n kvm_arch_vcpu_ioctl_get_mpstate+0x30/0x1d0 [kvm]\n kvm_vcpu_ioctl+0x33e/0x9a0 [kvm]\n __x64_sys_ioctl+0x8b/0xb0\n do_syscall_64+0x6c/0x170\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n \u003c/TASK\u003e", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-23141", "https://git.kernel.org/linus/ef01cac401f18647d62720cf773d7bb0541827da (6.15-rc2)", "https://git.kernel.org/stable/c/0357c8406dfa09430dd9858ebe813feb65524b6e", "https://git.kernel.org/stable/c/592e040572f216d916f465047c8ce4a308fcca44", "https://git.kernel.org/stable/c/7bc5c360375d28ba5ef6298b0d53e735c81d66a1", "https://git.kernel.org/stable/c/8a3df0aa1087a89f5ce55f4aba816bfcb1ecf1be", "https://git.kernel.org/stable/c/ef01cac401f18647d62720cf773d7bb0541827da", "https://git.kernel.org/stable/c/f5cbe725b7477b4cd677be1b86b4e08f90572997", "https://linux.oracle.com/cve/CVE-2025-23141.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html", "https://lore.kernel.org/linux-cve-announce/2025050124-CVE-2025-23141-12d8@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-23141", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-23141" ], "PublishedDate": "2025-05-01T13:15:49.91Z", "LastModifiedDate": "2025-11-05T21:50:50.907Z" }, { "VulnerabilityID": "CVE-2025-23143", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-23143", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:17f74e501ac2f1774ee63cadcf21ed4322817d0ca7e3c360e18a25ca47e93e35", "Title": "kernel: net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod.", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod.\n\nWhen I ran the repro [0] and waited a few seconds, I observed two\nLOCKDEP splats: a warning immediately followed by a null-ptr-deref. [1]\n\nReproduction Steps:\n\n 1) Mount CIFS\n 2) Add an iptables rule to drop incoming FIN packets for CIFS\n 3) Unmount CIFS\n 4) Unload the CIFS module\n 5) Remove the iptables rule\n\nAt step 3), the CIFS module calls sock_release() for the underlying\nTCP socket, and it returns quickly. However, the socket remains in\nFIN_WAIT_1 because incoming FIN packets are dropped.\n\nAt this point, the module's refcnt is 0 while the socket is still\nalive, so the following rmmod command succeeds.\n\n # ss -tan\n State Recv-Q Send-Q Local Address:Port Peer Address:Port\n FIN-WAIT-1 0 477 10.0.2.15:51062 10.0.0.137:445\n\n # lsmod | grep cifs\n cifs 1159168 0\n\nThis highlights a discrepancy between the lifetime of the CIFS module\nand the underlying TCP socket. Even after CIFS calls sock_release()\nand it returns, the TCP socket does not die immediately in order to\nclose the connection gracefully.\n\nWhile this is generally fine, it causes an issue with LOCKDEP because\nCIFS assigns a different lock class to the TCP socket's sk-\u003esk_lock\nusing sock_lock_init_class_and_name().\n\nOnce an incoming packet is processed for the socket or a timer fires,\nsk-\u003esk_lock is acquired.\n\nThen, LOCKDEP checks the lock context in check_wait_context(), where\nhlock_class() is called to retrieve the lock class. However, since\nthe module has already been unloaded, hlock_class() logs a warning\nand returns NULL, triggering the null-ptr-deref.\n\nIf LOCKDEP is enabled, we must ensure that a module calling\nsock_lock_init_class_and_name() (CIFS, NFS, etc) cannot be unloaded\nwhile such a socket is still alive to prevent this issue.\n\nLet's hold the module reference in sock_lock_init_class_and_name()\nand release it when the socket is freed in sk_prot_free().\n\nNote that sock_lock_init() clears sk-\u003esk_owner for svc_create_socket()\nthat calls sock_lock_init_class_and_name() for a listening socket,\nwhich clones a socket by sk_clone_lock() without GFP_ZERO.\n\n[0]:\nCIFS_SERVER=\"10.0.0.137\"\nCIFS_PATH=\"//${CIFS_SERVER}/Users/Administrator/Desktop/CIFS_TEST\"\nDEV=\"enp0s3\"\nCRED=\"/root/WindowsCredential.txt\"\n\nMNT=$(mktemp -d /tmp/XXXXXX)\nmount -t cifs ${CIFS_PATH} ${MNT} -o vers=3.0,credentials=${CRED},cache=none,echo_interval=1\n\niptables -A INPUT -s ${CIFS_SERVER} -j DROP\n\nfor i in $(seq 10);\ndo\n umount ${MNT}\n rmmod cifs\n sleep 1\ndone\n\nrm -r ${MNT}\n\niptables -D INPUT -s ${CIFS_SERVER} -j DROP\n\n[1]:\nDEBUG_LOCKS_WARN_ON(1)\nWARNING: CPU: 10 PID: 0 at kernel/locking/lockdep.c:234 hlock_class (kernel/locking/lockdep.c:234 kernel/locking/lockdep.c:223)\nModules linked in: cifs_arc4 nls_ucs2_utils cifs_md4 [last unloaded: cifs]\nCPU: 10 UID: 0 PID: 0 Comm: swapper/10 Not tainted 6.14.0 #36\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nRIP: 0010:hlock_class (kernel/locking/lockdep.c:234 kernel/locking/lockdep.c:223)\n...\nCall Trace:\n \u003cIRQ\u003e\n __lock_acquire (kernel/locking/lockdep.c:4853 kernel/locking/lockdep.c:5178)\n lock_acquire (kernel/locking/lockdep.c:469 kernel/locking/lockdep.c:5853 kernel/locking/lockdep.c:5816)\n _raw_spin_lock_nested (kernel/locking/spinlock.c:379)\n tcp_v4_rcv (./include/linux/skbuff.h:1678 ./include/net/tcp.h:2547 net/ipv4/tcp_ipv4.c:2350)\n...\n\nBUG: kernel NULL pointer dereference, address: 00000000000000c4\n PF: supervisor read access in kernel mode\n PF: error_code(0x0000) - not-present page\nPGD 0\nOops: Oops: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 10 UID: 0 PID: 0 Comm: swapper/10 Tainted: G W 6.14.0 #36\nTainted: [W]=WARN\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nRIP: 0010:__lock_acquire (kernel/\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-23143", "https://git.kernel.org/linus/0bb2f7a1ad1f11d861f58e5ee5051c8974ff9569 (6.15-rc2)", "https://git.kernel.org/stable/c/0bb2f7a1ad1f11d861f58e5ee5051c8974ff9569", "https://git.kernel.org/stable/c/2155802d3313d7b8365935c6b8d6edc0ddd7eb94", "https://git.kernel.org/stable/c/5f7f6abd92b6c8dc8f19625ef93c3a18549ede04", "https://git.kernel.org/stable/c/83083c5fc7cf9b0f136a42f26aba60da380f3601", "https://git.kernel.org/stable/c/905d43b8ad2436c240f844acb3ebcc7a99b8ebf1", "https://git.kernel.org/stable/c/b7489b753667bc9245958a4896c9419743083c27", "https://git.kernel.org/stable/c/c11247a21aab4b50a23c8b696727d7483de2f1e1", "https://git.kernel.org/stable/c/d51e47e2ab6ef10a317d576075cf625cdbf96426", "https://git.kernel.org/stable/c/feda73ad44a5cc80f6bf796bb1099a3fe71576d4", "https://linux.oracle.com/cve/CVE-2025-23143.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025050125-CVE-2025-23143-6019@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-23143", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-23143" ], "PublishedDate": "2025-05-01T13:15:50.127Z", "LastModifiedDate": "2025-11-05T22:05:40.233Z" }, { "VulnerabilityID": "CVE-2025-23155", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-23155", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f697867b55f158355f377a02f40dd86c14aff0e2b16ea533f352c751f1c48a46", "Title": "kernel: net: stmmac: Fix accessing freed irq affinity_hint", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: Fix accessing freed irq affinity_hint\n\nIn stmmac_request_irq_multi_msi(), a pointer to the stack variable\ncpu_mask is passed to irq_set_affinity_hint(). This value is stored in\nirq_desc-\u003eaffinity_hint, but once stmmac_request_irq_multi_msi()\nreturns, the pointer becomes dangling.\n\nThe affinity_hint is exposed via procfs with S_IRUGO permissions,\nallowing any unprivileged process to read it. Accessing this stale\npointer can lead to:\n\n- a kernel oops or panic if the referenced memory has been released and\n unmapped, or\n- leakage of kernel data into userspace if the memory is re-used for\n other purposes.\n\nAll platforms that use stmmac with PCI MSI (Intel, Loongson, etc) are\naffected.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-23155", "https://git.kernel.org/linus/c60d101a226f18e9a8f01bb4c6ca2b47dfcb15ef (6.15-rc1)", "https://git.kernel.org/stable/c/2fbf67ddb8a0d0efc00d2df496a9843ec318d48b", "https://git.kernel.org/stable/c/442312c2a90d60c7a5197246583fa91d9e579985", "https://git.kernel.org/stable/c/960dab23f6d405740c537d095f90a4ee9ddd9285", "https://git.kernel.org/stable/c/9e51a6a44e2c4de780a26e8fe110d708e806a8cd", "https://git.kernel.org/stable/c/c60d101a226f18e9a8f01bb4c6ca2b47dfcb15ef", "https://git.kernel.org/stable/c/e148266e104fce396ad624079a6812ac3a9982ef", "https://linux.oracle.com/cve/CVE-2025-23155.html", "https://linux.oracle.com/errata/ELSA-2025-20551.html", "https://lore.kernel.org/linux-cve-announce/2025050129-CVE-2025-23155-a9c4@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-23155", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-23155" ], "PublishedDate": "2025-05-01T13:15:51.413Z", "LastModifiedDate": "2026-03-17T14:41:48.43Z" }, { "VulnerabilityID": "CVE-2025-23160", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-23160", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5e7114cb3e13cba1bdc0f6bb2eaa2e18fa0a023f5f2245dffcfe6be89771caf7", "Title": "kernel: media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization\n\nOn Mediatek devices with a system companion processor (SCP) the mtk_scp\nstructure has to be removed explicitly to avoid a resource leak.\nFree the structure in case the allocation of the firmware structure fails\nduring the firmware initialization.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-23160", "https://git.kernel.org/linus/4936cd5817af35d23e4d283f48fa59a18ef481e4 (6.15-rc1)", "https://git.kernel.org/stable/c/4936cd5817af35d23e4d283f48fa59a18ef481e4", "https://git.kernel.org/stable/c/69dd5bbdd79c65445bb17c3c53510783bc1d756c", "https://git.kernel.org/stable/c/9f009fa823c54ca0857c81f7525ea5a5d32de29c", "https://git.kernel.org/stable/c/ac94e1db4b2053059779472eb58a64d504964240", "https://git.kernel.org/stable/c/d6cb086aa52bd51378a4c9e2b25d2def97770205", "https://git.kernel.org/stable/c/fd7bb97ede487b9f075707b7408a9073e0d474b1", "https://linux.oracle.com/cve/CVE-2025-23160.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025050131-CVE-2025-23160-b246@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-23160", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-23160" ], "PublishedDate": "2025-05-01T13:15:51.957Z", "LastModifiedDate": "2025-11-06T21:32:32.97Z" }, { "VulnerabilityID": "CVE-2025-23162", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-23162", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4245ada4bb8f787b53ff68da21460454e200c4da803037066b948050dfb4503e", "Title": "kernel: drm/xe/vf: Don't try to trigger a full GT reset if VF", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/vf: Don't try to trigger a full GT reset if VF\n\nVFs don't have access to the GDRST(0x941c) register that driver\nuses to reset a GT. Attempt to trigger a reset using debugfs:\n\n $ cat /sys/kernel/debug/dri/0000:00:02.1/gt0/force_reset\n\nor due to a hang condition detected by the driver leads to:\n\n [ ] xe 0000:00:02.1: [drm] GT0: trying reset from force_reset [xe]\n [ ] xe 0000:00:02.1: [drm] GT0: reset queued\n [ ] xe 0000:00:02.1: [drm] GT0: reset started\n [ ] ------------[ cut here ]------------\n [ ] xe 0000:00:02.1: [drm] GT0: VF is trying to write 0x1 to an inaccessible register 0x941c+0x0\n [ ] WARNING: CPU: 3 PID: 3069 at drivers/gpu/drm/xe/xe_gt_sriov_vf.c:996 xe_gt_sriov_vf_write32+0xc6/0x580 [xe]\n [ ] RIP: 0010:xe_gt_sriov_vf_write32+0xc6/0x580 [xe]\n [ ] Call Trace:\n [ ] \u003cTASK\u003e\n [ ] ? show_regs+0x6c/0x80\n [ ] ? __warn+0x93/0x1c0\n [ ] ? xe_gt_sriov_vf_write32+0xc6/0x580 [xe]\n [ ] ? report_bug+0x182/0x1b0\n [ ] ? handle_bug+0x6e/0xb0\n [ ] ? exc_invalid_op+0x18/0x80\n [ ] ? asm_exc_invalid_op+0x1b/0x20\n [ ] ? xe_gt_sriov_vf_write32+0xc6/0x580 [xe]\n [ ] ? xe_gt_sriov_vf_write32+0xc6/0x580 [xe]\n [ ] ? xe_gt_tlb_invalidation_reset+0xef/0x110 [xe]\n [ ] ? __mutex_unlock_slowpath+0x41/0x2e0\n [ ] xe_mmio_write32+0x64/0x150 [xe]\n [ ] do_gt_reset+0x2f/0xa0 [xe]\n [ ] gt_reset_worker+0x14e/0x1e0 [xe]\n [ ] process_one_work+0x21c/0x740\n [ ] worker_thread+0x1db/0x3c0\n\nFix that by sending H2G VF_RESET(0x5507) action instead.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-23162", "https://git.kernel.org/linus/459777724d306315070d24608fcd89aea85516d6 (6.15-rc1)", "https://git.kernel.org/stable/c/2eec2fa8666dcecebae33a565a818c9de9af8b50", "https://git.kernel.org/stable/c/459777724d306315070d24608fcd89aea85516d6", "https://git.kernel.org/stable/c/90b16edb3213e4ae4a3138bb20703ae367e88a01", "https://git.kernel.org/stable/c/a9bc61a61372897886f58fdaa5582e3f7bf9a50b", "https://lore.kernel.org/linux-cve-announce/2025050132-CVE-2025-23162-fe44@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-23162", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-23162" ], "PublishedDate": "2025-05-01T13:15:52.167Z", "LastModifiedDate": "2025-11-05T15:32:30.347Z" }, { "VulnerabilityID": "CVE-2025-27558", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-27558", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:99c99893be44057a50711ce2c38eb1ec56a4305c8ac3afdee4557ce5fc50fe63", "Title": "IEEE P802.11-REVme D1.1 through D7.0 allows FragAttacks against mesh n ...", "Description": "IEEE P802.11-REVme D1.1 through D7.0 allows FragAttacks against mesh networks. In mesh networks using Wi-Fi Protected Access (WPA, WPA2, or WPA3) or Wired Equivalent Privacy (WEP), an adversary can exploit this vulnerability to inject arbitrary frames towards devices that support receiving non-SSP A-MSDU frames. NOTE: this issue exists because of an incorrect fix for CVE-2020-24588. P802.11-REVme, as of early 2025, is a planned release of the 802.11 standard.", "Severity": "MEDIUM", "CweIDs": [ "CWE-345" ], "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://github.com/vanhoefm/fragattacks-survey-public/blob/main/README.md", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://papers.mathyvanhoef.com/wisec2025.pdf", "https://www.cve.org/CVERecord?id=CVE-2025-27558" ], "PublishedDate": "2025-05-21T19:16:08.2Z", "LastModifiedDate": "2025-11-03T18:15:52.22Z" }, { "VulnerabilityID": "CVE-2025-37743", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37743", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:54c932af4db7b57cc1ccd5d1db4b032ac162aab7f0dd3800e3922b7c674a4631", "Title": "kernel: wifi: ath12k: Avoid memory leak while enabling statistics", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Avoid memory leak while enabling statistics\n\nDriver uses monitor destination rings for extended statistics mode and\nstandalone monitor mode. In extended statistics mode, TLVs are parsed from\nthe buffer received from the monitor destination ring and assigned to the\nppdu_info structure to update per-packet statistics. In standalone monitor\nmode, along with per-packet statistics, the packet data (payload) is\ncaptured, and the driver updates per MSDU to mac80211.\n\nWhen the AP interface is enabled, only extended statistics mode is\nactivated. As part of enabling monitor rings for collecting statistics,\nthe driver subscribes to HAL_RX_MPDU_START TLV in the filter\nconfiguration. This TLV is received from the monitor destination ring, and\nkzalloc for the mon_mpdu object occurs, which is not freed, leading to a\nmemory leak. The kzalloc for the mon_mpdu object is only required while\nenabling the standalone monitor interface. This causes a memory leak while\nenabling extended statistics mode in the driver.\n\nFix this memory leak by removing the kzalloc for the mon_mpdu object in\nthe HAL_RX_MPDU_START TLV handling. Additionally, remove the standalone\nmonitor mode handlings in the HAL_MON_BUF_ADDR and HAL_RX_MSDU_END TLVs.\nThese TLV tags will be handled properly when enabling standalone monitor\nmode in the future.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37743", "https://git.kernel.org/linus/ecfc131389923405be8e7a6f4408fd9321e4d19b (6.15-rc1)", "https://git.kernel.org/stable/c/286bab0fc7b9db728dab8c63cadf6be9b3facf8c", "https://git.kernel.org/stable/c/ecfc131389923405be8e7a6f4408fd9321e4d19b", "https://lore.kernel.org/linux-cve-announce/2025050134-CVE-2025-37743-35a7@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37743", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-37743" ], "PublishedDate": "2025-05-01T13:15:53Z", "LastModifiedDate": "2025-11-05T16:05:28.993Z" }, { "VulnerabilityID": "CVE-2025-37744", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37744", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:af7b898e257d538a18a4690490f7132b5459da02477a3fd6806fce4d25fd94ac", "Title": "kernel: wifi: ath12k: fix memory leak in ath12k_pci_remove()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix memory leak in ath12k_pci_remove()\n\nKmemleak reported this error:\n\n unreferenced object 0xffff1c165cec3060 (size 32):\n comm \"insmod\", pid 560, jiffies 4296964570 (age 235.596s)\n backtrace:\n [\u003c000000005434db68\u003e] __kmem_cache_alloc_node+0x1f4/0x2c0\n [\u003c000000001203b155\u003e] kmalloc_trace+0x40/0x88\n [\u003c0000000028adc9c8\u003e] _request_firmware+0xb8/0x608\n [\u003c00000000cad1aef7\u003e] firmware_request_nowarn+0x50/0x80\n [\u003c000000005011a682\u003e] local_pci_probe+0x48/0xd0\n [\u003c00000000077cd295\u003e] pci_device_probe+0xb4/0x200\n [\u003c0000000087184c94\u003e] really_probe+0x150/0x2c0\n\nThe firmware memory was allocated in ath12k_pci_probe(), but not\nfreed in ath12k_pci_remove() in case ATH12K_FLAG_QMI_FAIL bit is\nset. So call ath12k_fw_unmap() to free the memory.\n\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.2.0-02280-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37744", "https://git.kernel.org/linus/1b24394ed5c8a8d8f7b9e3aa9044c31495d46f2e (6.15-rc1)", "https://git.kernel.org/stable/c/1b24394ed5c8a8d8f7b9e3aa9044c31495d46f2e", "https://git.kernel.org/stable/c/3cb47b50926a5b9eef8c06506a14cdc0f3d95c53", "https://git.kernel.org/stable/c/52e3132e62c31b5ade43dc4495fa81175e6e8398", "https://git.kernel.org/stable/c/cb8f4c5f9c487d82a566672b5ed0c9f05e40659b", "https://linux.oracle.com/cve/CVE-2025-37744.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025050134-CVE-2025-37744-e540@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37744", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-37744" ], "PublishedDate": "2025-05-01T13:15:53.1Z", "LastModifiedDate": "2025-11-05T16:05:59.89Z" }, { "VulnerabilityID": "CVE-2025-37745", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37745", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ae614a619db089628b366bb18f4ef9c156b569ba2730f5ee8f98faccb86aa765", "Title": "kernel: PM: hibernate: Avoid deadlock in hibernate_compressor_param_set()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nPM: hibernate: Avoid deadlock in hibernate_compressor_param_set()\n\nsyzbot reported a deadlock in lock_system_sleep() (see below).\n\nThe write operation to \"/sys/module/hibernate/parameters/compressor\"\nconflicts with the registration of ieee80211 device, resulting in a deadlock\nwhen attempting to acquire system_transition_mutex under param_lock.\n\nTo avoid this deadlock, change hibernate_compressor_param_set() to use\nmutex_trylock() for attempting to acquire system_transition_mutex and\nreturn -EBUSY when it fails.\n\nTask flags need not be saved or adjusted before calling\nmutex_trylock(\u0026system_transition_mutex) because the caller is not going\nto end up waiting for this mutex and if it runs concurrently with system\nsuspend in progress, it will be frozen properly when it returns to user\nspace.\n\nsyzbot report:\n\nsyz-executor895/5833 is trying to acquire lock:\nffffffff8e0828c8 (system_transition_mutex){+.+.}-{4:4}, at: lock_system_sleep+0x87/0xa0 kernel/power/main.c:56\n\nbut task is already holding lock:\nffffffff8e07dc68 (param_lock){+.+.}-{4:4}, at: kernel_param_lock kernel/params.c:607 [inline]\nffffffff8e07dc68 (param_lock){+.+.}-{4:4}, at: param_attr_store+0xe6/0x300 kernel/params.c:586\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-\u003e #3 (param_lock){+.+.}-{4:4}:\n __mutex_lock_common kernel/locking/mutex.c:585 [inline]\n __mutex_lock+0x19b/0xb10 kernel/locking/mutex.c:730\n ieee80211_rate_control_ops_get net/mac80211/rate.c:220 [inline]\n rate_control_alloc net/mac80211/rate.c:266 [inline]\n ieee80211_init_rate_ctrl_alg+0x18d/0x6b0 net/mac80211/rate.c:1015\n ieee80211_register_hw+0x20cd/0x4060 net/mac80211/main.c:1531\n mac80211_hwsim_new_radio+0x304e/0x54e0 drivers/net/wireless/virtual/mac80211_hwsim.c:5558\n init_mac80211_hwsim+0x432/0x8c0 drivers/net/wireless/virtual/mac80211_hwsim.c:6910\n do_one_initcall+0x128/0x700 init/main.c:1257\n do_initcall_level init/main.c:1319 [inline]\n do_initcalls init/main.c:1335 [inline]\n do_basic_setup init/main.c:1354 [inline]\n kernel_init_freeable+0x5c7/0x900 init/main.c:1568\n kernel_init+0x1c/0x2b0 init/main.c:1457\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\n-\u003e #2 (rtnl_mutex){+.+.}-{4:4}:\n __mutex_lock_common kernel/locking/mutex.c:585 [inline]\n __mutex_lock+0x19b/0xb10 kernel/locking/mutex.c:730\n wg_pm_notification drivers/net/wireguard/device.c:80 [inline]\n wg_pm_notification+0x49/0x180 drivers/net/wireguard/device.c:64\n notifier_call_chain+0xb7/0x410 kernel/notifier.c:85\n notifier_call_chain_robust kernel/notifier.c:120 [inline]\n blocking_notifier_call_chain_robust kernel/notifier.c:345 [inline]\n blocking_notifier_call_chain_robust+0xc9/0x170 kernel/notifier.c:333\n pm_notifier_call_chain_robust+0x27/0x60 kernel/power/main.c:102\n snapshot_open+0x189/0x2b0 kernel/power/user.c:77\n misc_open+0x35a/0x420 drivers/char/misc.c:179\n chrdev_open+0x237/0x6a0 fs/char_dev.c:414\n do_dentry_open+0x735/0x1c40 fs/open.c:956\n vfs_open+0x82/0x3f0 fs/open.c:1086\n do_open fs/namei.c:3830 [inline]\n path_openat+0x1e88/0x2d80 fs/namei.c:3989\n do_filp_open+0x20c/0x470 fs/namei.c:4016\n do_sys_openat2+0x17a/0x1e0 fs/open.c:1428\n do_sys_open fs/open.c:1443 [inline]\n __do_sys_openat fs/open.c:1459 [inline]\n __se_sys_openat fs/open.c:1454 [inline]\n __x64_sys_openat+0x175/0x210 fs/open.c:1454\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n-\u003e #1 ((pm_chain_head).rwsem){++++}-{4:4}:\n down_read+0x9a/0x330 kernel/locking/rwsem.c:1524\n blocking_notifier_call_chain_robust kerne\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37745", "https://git.kernel.org/linus/52323ed1444ea5c2a5f1754ea0a2d9c8c216ccdf (6.15-rc1)", "https://git.kernel.org/stable/c/11ae4fec1f4b4ee06770a572c37d89cbaecbf66e", "https://git.kernel.org/stable/c/3b2c3806ef4253595dfcb8b58352cfab55c9bfb0", "https://git.kernel.org/stable/c/52323ed1444ea5c2a5f1754ea0a2d9c8c216ccdf", "https://git.kernel.org/stable/c/6dbaa8583af74814a5aae03a337cb1722c414808", "https://linux.oracle.com/cve/CVE-2025-37745.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025050135-CVE-2025-37745-0aaf@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37745", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-37745" ], "PublishedDate": "2025-05-01T13:15:53.207Z", "LastModifiedDate": "2025-11-05T16:06:30.743Z" }, { "VulnerabilityID": "CVE-2025-37746", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37746", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1cfc1e6661fa01705929b063bb439cc527a183cf1e854ad1f5e98771bec7bbd1", "Title": "kernel: perf/dwc_pcie: fix duplicate pci_dev devices", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/dwc_pcie: fix duplicate pci_dev devices\n\nDuring platform_device_register, wrongly using struct device\npci_dev as platform_data caused a kmemdup copy of pci_dev. Worse\nstill, accessing the duplicated device leads to list corruption as its\nmutex content (e.g., list, magic) remains the same as the original.", "Severity": "MEDIUM", "CweIDs": [ "CWE-704" ], "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37746", "https://git.kernel.org/linus/7f35b429802a8065aa61e2a3f567089649f4d98e (6.15-rc1)", "https://git.kernel.org/stable/c/7f35b429802a8065aa61e2a3f567089649f4d98e", "https://git.kernel.org/stable/c/a71c6fc87b2b9905dc2e38887fe4122287216be9", "https://lore.kernel.org/linux-cve-announce/2025050135-CVE-2025-37746-2d53@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37746", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-37746" ], "PublishedDate": "2025-05-01T13:15:53.313Z", "LastModifiedDate": "2025-11-05T16:07:01.87Z" }, { "VulnerabilityID": "CVE-2025-37747", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37747", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:cffd33a61a9a7b3038205d3c718ef9355b4eac962db752160662a75d3bdaff28", "Title": "kernel: perf: Fix hang while freeing sigtrap event", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix hang while freeing sigtrap event\n\nPerf can hang while freeing a sigtrap event if a related deferred\nsignal hadn't managed to be sent before the file got closed:\n\nperf_event_overflow()\n task_work_add(perf_pending_task)\n\nfput()\n task_work_add(____fput())\n\ntask_work_run()\n ____fput()\n perf_release()\n perf_event_release_kernel()\n _free_event()\n perf_pending_task_sync()\n task_work_cancel() -\u003e FAILED\n rcuwait_wait_event()\n\nOnce task_work_run() is running, the list of pending callbacks is\nremoved from the task_struct and from this point on task_work_cancel()\ncan't remove any pending and not yet started work items, hence the\ntask_work_cancel() failure and the hang on rcuwait_wait_event().\n\nTask work could be changed to remove one work at a time, so a work\nrunning on the current task can always cancel a pending one, however\nthe wait / wake design is still subject to inverted dependencies when\nremote targets are involved, as pictured by Oleg:\n\nT1 T2\n\nfd = perf_event_open(pid =\u003e T2-\u003epid); fd = perf_event_open(pid =\u003e T1-\u003epid);\nclose(fd) close(fd)\n \u003cIRQ\u003e \u003cIRQ\u003e\n perf_event_overflow() perf_event_overflow()\n task_work_add(perf_pending_task) task_work_add(perf_pending_task)\n \u003c/IRQ\u003e \u003c/IRQ\u003e\n fput() fput()\n task_work_add(____fput()) task_work_add(____fput())\n\n task_work_run() task_work_run()\n ____fput() ____fput()\n perf_release() perf_release()\n perf_event_release_kernel() perf_event_release_kernel()\n _free_event() _free_event()\n perf_pending_task_sync() perf_pending_task_sync()\n rcuwait_wait_event() rcuwait_wait_event()\n\nTherefore the only option left is to acquire the event reference count\nupon queueing the perf task work and release it from the task work, just\nlike it was done before 3a5465418f5f (\"perf: Fix event leak upon exec and file release\")\nbut without the leaks it fixed.\n\nSome adjustments are necessary to make it work:\n\n* A child event might dereference its parent upon freeing. Care must be\n taken to release the parent last.\n\n* Some places assuming the event doesn't have any reference held and\n therefore can be freed right away must instead put the reference and\n let the reference counting to its job.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37747", "https://git.kernel.org/linus/56799bc035658738f362acec3e7647bb84e68933 (6.15-rc2)", "https://git.kernel.org/stable/c/1267bd38f161c1a27d9b722de017027167a225a0", "https://git.kernel.org/stable/c/56799bc035658738f362acec3e7647bb84e68933", "https://git.kernel.org/stable/c/665b87b8f8b3aeb49083ef3b65c4953e7753fc12", "https://git.kernel.org/stable/c/fa1827fa968c0674e9b6fca223fa9fb4da4493eb", "https://lore.kernel.org/linux-cve-announce/2025050135-CVE-2025-37747-6e35@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37747", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-37747" ], "PublishedDate": "2025-05-01T13:15:53.417Z", "LastModifiedDate": "2025-11-05T16:16:27.297Z" }, { "VulnerabilityID": "CVE-2025-37775", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37775", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:89a8e5f700636d026c72ba4991b3d24fc78fcd3dc139c318e3ea94de6642f0d5", "Title": "kernel: ksmbd: fix the warning from __kernel_write_iter", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix the warning from __kernel_write_iter\n\n[ 2110.972290] ------------[ cut here ]------------\n[ 2110.972301] WARNING: CPU: 3 PID: 735 at fs/read_write.c:599 __kernel_write_iter+0x21b/0x280\n\nThis patch doesn't allow writing to directory.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37775", "https://git.kernel.org/linus/b37f2f332b40ad1c27f18682a495850f2f04db0a (6.15-rc3)", "https://git.kernel.org/stable/c/1ed343481ba6911178bc5ca7a51be319eafcc747", "https://git.kernel.org/stable/c/2a879da5c34a1e5d971e815d5b30f27eb6d69efc", "https://git.kernel.org/stable/c/44079e544c9f6e3e9fb43a16ddf8b08cf686d657", "https://git.kernel.org/stable/c/b37f2f332b40ad1c27f18682a495850f2f04db0a", "https://git.kernel.org/stable/c/b7ce8db490286c2e009758fa1416d66aeb333614", "https://linux.oracle.com/cve/CVE-2025-37775.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html", "https://lore.kernel.org/linux-cve-announce/2025050115-CVE-2025-37775-296d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37775", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-37775" ], "PublishedDate": "2025-05-01T14:15:41.197Z", "LastModifiedDate": "2026-03-17T14:41:10.593Z" }, { "VulnerabilityID": "CVE-2025-37776", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37776", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:772884a43b3c0ba91561e21e615012e42ef445a451ba823556c8fbda93f34ad3", "Title": "kernel: ksmbd: fix use-after-free in smb_break_all_levII_oplock()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix use-after-free in smb_break_all_levII_oplock()\n\nThere is a room in smb_break_all_levII_oplock that can cause racy issues\nwhen unlocking in the middle of the loop. This patch use read lock\nto protect whole loop.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 2, "nvd": 3, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37776", "https://git.kernel.org/linus/18b4fac5ef17f77fed9417d22210ceafd6525fc7 (6.15-rc3)", "https://git.kernel.org/stable/c/18b4fac5ef17f77fed9417d22210ceafd6525fc7", "https://git.kernel.org/stable/c/296cb5457cc6f4a754c4ae29855f8a253d52bcc6", "https://git.kernel.org/stable/c/d54ab1520d43e95f9b2e22d7a05fc9614192e5a5", "https://git.kernel.org/stable/c/d73686367ad68534257cd88a36ca3c52cb8b81d8", "https://linux.oracle.com/cve/CVE-2025-37776.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025050115-CVE-2025-37776-9bfb@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37776", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-37776" ], "PublishedDate": "2025-05-01T14:15:41.373Z", "LastModifiedDate": "2025-11-14T16:45:45.34Z" }, { "VulnerabilityID": "CVE-2025-37777", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37777", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:017aadf46be64d0f53b32733dfb94a38af0aba48fbc8df8cacb42f0e880ff697", "Title": "kernel: ksmbd: fix use-after-free in __smb2_lease_break_noti()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix use-after-free in __smb2_lease_break_noti()\n\nMove tcp_transport free to ksmbd_conn_free. If ksmbd connection is\nreferenced when ksmbd server thread terminates, It will not be freed,\nbut conn-\u003etcp_transport is freed. __smb2_lease_break_noti can be performed\nasynchronously when the connection is disconnected. __smb2_lease_break_noti\ncalls ksmbd_conn_write, which can cause use-after-free\nwhen conn-\u003eksmbd_transport is already freed.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 3, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37777", "https://git.kernel.org/linus/21a4e47578d44c6b37c4fc4aba8ed7cc8dbb13de (6.15-rc3)", "https://git.kernel.org/stable/c/1aec4d14cf81b7b3e7b69eb1cfa94144eed7138e", "https://git.kernel.org/stable/c/1da8bd9a10ecd718692732294d15fd801c0eabb5", "https://git.kernel.org/stable/c/21a4e47578d44c6b37c4fc4aba8ed7cc8dbb13de", "https://git.kernel.org/stable/c/e59796fc80603bcd8569d4d2e10b213c1918edb4", "https://linux.oracle.com/cve/CVE-2025-37777.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025050115-CVE-2025-37777-886d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37777", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-37777" ], "PublishedDate": "2025-05-01T14:15:41.493Z", "LastModifiedDate": "2025-11-14T16:45:29.777Z" }, { "VulnerabilityID": "CVE-2025-37778", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37778", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:04fd9415a90da1662f0a93920d0fd9ab5125c3728c2d2e15ede518bf9cb79948", "Title": "kernel: ksmbd: Fix dangling pointer in krb_authenticate", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: Fix dangling pointer in krb_authenticate\n\nkrb_authenticate frees sess-\u003euser and does not set the pointer\nto NULL. It calls ksmbd_krb5_authenticate to reinitialise\nsess-\u003euser but that function may return without doing so. If\nthat happens then smb2_sess_setup, which calls krb_authenticate,\nwill be accessing free'd memory when it later uses sess-\u003euser.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 2, "nvd": 3, "oracle-oval": 3, "photon": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37778", "https://git.kernel.org/linus/1e440d5b25b7efccb3defe542a73c51005799a5f (6.15-rc3)", "https://git.kernel.org/stable/c/1db2451de23e98bc864c6a6e52aa0d82c91cb325", "https://git.kernel.org/stable/c/1e440d5b25b7efccb3defe542a73c51005799a5f", "https://git.kernel.org/stable/c/6e30c0e10210c714f3d4453dc258d4abcc70364e", "https://git.kernel.org/stable/c/d5b554bc8d554ed6ddf443d3db2fad9f665cec10", "https://git.kernel.org/stable/c/e83e39a5f6a01a81411a4558a59a10f87aa88dd6", "https://linux.oracle.com/cve/CVE-2025-37778.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html", "https://lore.kernel.org/linux-cve-announce/2025050116-CVE-2025-37778-7202@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37778", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-37778" ], "PublishedDate": "2025-05-01T14:15:41.617Z", "LastModifiedDate": "2026-03-17T14:49:44.677Z" }, { "VulnerabilityID": "CVE-2025-37786", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37786", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1f5d67571eb16a3f576b3e2de60bb57305eb3bd7135a171a08381b43a78f96db", "Title": "kernel: net: dsa: free routing table on probe failure", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: free routing table on probe failure\n\nIf complete = true in dsa_tree_setup(), it means that we are the last\nswitch of the tree which is successfully probing, and we should be\nsetting up all switches from our probe path.\n\nAfter \"complete\" becomes true, dsa_tree_setup_cpu_ports() or any\nsubsequent function may fail. If that happens, the entire tree setup is\nin limbo: the first N-1 switches have successfully finished probing\n(doing nothing but having allocated persistent memory in the tree's\ndst-\u003eports, and maybe dst-\u003ertable), and switch N failed to probe, ending\nthe tree setup process before anything is tangible from the user's PoV.\n\nIf switch N fails to probe, its memory (ports) will be freed and removed\nfrom dst-\u003eports. However, the dst-\u003ertable elements pointing to its ports,\nas created by dsa_link_touch(), will remain there, and will lead to\nuse-after-free if dereferenced.\n\nIf dsa_tree_setup_switches() returns -EPROBE_DEFER, which is entirely\npossible because that is where ds-\u003eops-\u003esetup() is, we get a kasan\nreport like this:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in mv88e6xxx_setup_upstream_port+0x240/0x568\nRead of size 8 at addr ffff000004f56020 by task kworker/u8:3/42\n\nCall trace:\n __asan_report_load8_noabort+0x20/0x30\n mv88e6xxx_setup_upstream_port+0x240/0x568\n mv88e6xxx_setup+0xebc/0x1eb0\n dsa_register_switch+0x1af4/0x2ae0\n mv88e6xxx_register_switch+0x1b8/0x2a8\n mv88e6xxx_probe+0xc4c/0xf60\n mdio_probe+0x78/0xb8\n really_probe+0x2b8/0x5a8\n __driver_probe_device+0x164/0x298\n driver_probe_device+0x78/0x258\n __device_attach_driver+0x274/0x350\n\nAllocated by task 42:\n __kasan_kmalloc+0x84/0xa0\n __kmalloc_cache_noprof+0x298/0x490\n dsa_switch_touch_ports+0x174/0x3d8\n dsa_register_switch+0x800/0x2ae0\n mv88e6xxx_register_switch+0x1b8/0x2a8\n mv88e6xxx_probe+0xc4c/0xf60\n mdio_probe+0x78/0xb8\n really_probe+0x2b8/0x5a8\n __driver_probe_device+0x164/0x298\n driver_probe_device+0x78/0x258\n __device_attach_driver+0x274/0x350\n\nFreed by task 42:\n __kasan_slab_free+0x48/0x68\n kfree+0x138/0x418\n dsa_register_switch+0x2694/0x2ae0\n mv88e6xxx_register_switch+0x1b8/0x2a8\n mv88e6xxx_probe+0xc4c/0xf60\n mdio_probe+0x78/0xb8\n really_probe+0x2b8/0x5a8\n __driver_probe_device+0x164/0x298\n driver_probe_device+0x78/0x258\n __device_attach_driver+0x274/0x350\n\nThe simplest way to fix the bug is to delete the routing table in its\nentirety. dsa_tree_setup_routing_table() has no problem in regenerating\nit even if we deleted links between ports other than those of switch N,\nbecause dsa_link_touch() first checks whether the port pair already\nexists in dst-\u003ertable, allocating if not.\n\nThe deletion of the routing table in its entirety already exists in\ndsa_tree_teardown(), so refactor that into a function that can also be\ncalled from the tree setup error path.\n\nIn my analysis of the commit to blame, it is the one which added\ndsa_link elements to dst-\u003ertable. Prior to that, each switch had its own\nds-\u003ertable which is freed when the switch fails to probe. But the tree\nis potentially persistent memory.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 3, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "V3Score": 6.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37786", "https://git.kernel.org/linus/8bf108d7161ffc6880ad13a0cc109de3cf631727 (6.15-rc3)", "https://git.kernel.org/stable/c/51df5513cca6349d0bea01bab95cd96cf869976e", "https://git.kernel.org/stable/c/5c8066fbdb9653c6e9a224bdcd8f9c91a484f0de", "https://git.kernel.org/stable/c/6c20894d21600ca1e8549086dfbb986e277bf8a6", "https://git.kernel.org/stable/c/8bf108d7161ffc6880ad13a0cc109de3cf631727", "https://git.kernel.org/stable/c/a038f5f15af455dfe35bc68549e02b950978700a", "https://git.kernel.org/stable/c/fb12b460ec46c9efad98de6d9ba349691db51dc7", "https://linux.oracle.com/cve/CVE-2025-37786.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025050118-CVE-2025-37786-cbe7@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37786", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-37786" ], "PublishedDate": "2025-05-01T14:15:42.89Z", "LastModifiedDate": "2026-03-17T14:55:53.073Z" }, { "VulnerabilityID": "CVE-2025-37806", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37806", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:35445e0417ddd699dd0dbecc9a9aa8fae0511cd3772a7db52892e2b9e35158cf", "Title": "kernel: fs/ntfs3: Keep write operations atomic", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Keep write operations atomic\n\nsyzbot reported a NULL pointer dereference in __generic_file_write_iter. [1]\n\nBefore the write operation is completed, the user executes ioctl[2] to clear\nthe compress flag of the file, which causes the is_compressed() judgment to\nreturn 0, further causing the program to enter the wrong process and call the\nwrong ops ntfs_aops_cmpr, which triggers the null pointer dereference of\nwrite_begin.\n\nUse inode lock to synchronize ioctl and write to avoid this case.\n\n[1]\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000000\nMem abort info:\n ESR = 0x0000000086000006\n EC = 0x21: IABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x06: level 2 translation fault\nuser pgtable: 4k pages, 48-bit VAs, pgdp=000000011896d000\n[0000000000000000] pgd=0800000118b44403, p4d=0800000118b44403, pud=0800000117517403, pmd=0000000000000000\nInternal error: Oops: 0000000086000006 [#1] PREEMPT SMP\nModules linked in:\nCPU: 0 UID: 0 PID: 6427 Comm: syz-executor347 Not tainted 6.13.0-rc3-syzkaller-g573067a5a685 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : 0x0\nlr : generic_perform_write+0x29c/0x868 mm/filemap.c:4055\nsp : ffff80009d4978a0\nx29: ffff80009d4979c0 x28: dfff800000000000 x27: ffff80009d497bc8\nx26: 0000000000000000 x25: ffff80009d497960 x24: ffff80008ba71c68\nx23: 0000000000000000 x22: ffff0000c655dac0 x21: 0000000000001000\nx20: 000000000000000c x19: 1ffff00013a92f2c x18: ffff0000e183aa1c\nx17: 0004060000000014 x16: ffff800083275834 x15: 0000000000000001\nx14: 0000000000000000 x13: 0000000000000001 x12: ffff0000c655dac0\nx11: 0000000000ff0100 x10: 0000000000ff0100 x9 : 0000000000000000\nx8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : ffff80009d497980 x4 : ffff80009d497960 x3 : 0000000000001000\nx2 : 0000000000000000 x1 : ffff0000e183a928 x0 : ffff0000d60b0fc0\nCall trace:\n 0x0 (P)\n __generic_file_write_iter+0xfc/0x204 mm/filemap.c:4156\n ntfs_file_write_iter+0x54c/0x630 fs/ntfs3/file.c:1267\n new_sync_write fs/read_write.c:586 [inline]\n vfs_write+0x920/0xcf4 fs/read_write.c:679\n ksys_write+0x15c/0x26c fs/read_write.c:731\n __do_sys_write fs/read_write.c:742 [inline]\n __se_sys_write fs/read_write.c:739 [inline]\n __arm64_sys_write+0x7c/0x90 fs/read_write.c:739\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744\n el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762\n\n[2]\nioctl$FS_IOC_SETFLAGS(r0, 0x40086602, \u0026(0x7f00000000c0)=0x20)", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37806", "https://git.kernel.org/linus/285cec318bf5a7a6c8ba999b2b6ec96f9a20590f (6.15-rc1)", "https://git.kernel.org/stable/c/285cec318bf5a7a6c8ba999b2b6ec96f9a20590f", "https://git.kernel.org/stable/c/464139e18f619aa14fb921a61721862f43421c54", "https://git.kernel.org/stable/c/8db49e89a7f8b48ee59fa9ad32b6ed0879747df8", "https://linux.oracle.com/cve/CVE-2025-37806.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025050815-CVE-2025-37806-a6a5@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37806", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-37806" ], "PublishedDate": "2025-05-08T07:15:51.773Z", "LastModifiedDate": "2025-11-10T17:32:50.763Z" }, { "VulnerabilityID": "CVE-2025-37807", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37807", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:54b3ea74a034a34c8259b5a846267044c93913fcdf099b04b5f83dd499fbd74f", "Title": "kernel: bpf: Fix kmemleak warning for percpu hashmap", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix kmemleak warning for percpu hashmap\n\nVlad Poenaru reported the following kmemleak issue:\n\n unreferenced object 0x606fd7c44ac8 (size 32):\n backtrace (crc 0):\n pcpu_alloc_noprof+0x730/0xeb0\n bpf_map_alloc_percpu+0x69/0xc0\n prealloc_init+0x9d/0x1b0\n htab_map_alloc+0x363/0x510\n map_create+0x215/0x3a0\n __sys_bpf+0x16b/0x3e0\n __x64_sys_bpf+0x18/0x20\n do_syscall_64+0x7b/0x150\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nFurther investigation shows the reason is due to not 8-byte aligned\nstore of percpu pointer in htab_elem_set_ptr():\n *(void __percpu **)(l-\u003ekey + key_size) = pptr;\n\nNote that the whole htab_elem alignment is 8 (for x86_64). If the key_size\nis 4, that means pptr is stored in a location which is 4 byte aligned but\nnot 8 byte aligned. In mm/kmemleak.c, scan_block() scans the memory based\non 8 byte stride, so it won't detect above pptr, hence reporting the memory\nleak.\n\nIn htab_map_alloc(), we already have\n\n htab-\u003eelem_size = sizeof(struct htab_elem) +\n round_up(htab-\u003emap.key_size, 8);\n if (percpu)\n htab-\u003eelem_size += sizeof(void *);\n else\n htab-\u003eelem_size += round_up(htab-\u003emap.value_size, 8);\n\nSo storing pptr with 8-byte alignment won't cause any problem and can fix\nkmemleak too.\n\nThe issue can be reproduced with bpf selftest as well:\n 1. Enable CONFIG_DEBUG_KMEMLEAK config\n 2. Add a getchar() before skel destroy in test_hash_map() in prog_tests/for_each.c.\n The purpose is to keep map available so kmemleak can be detected.\n 3. run './test_progs -t for_each/hash_map \u0026' and a kmemleak should be reported.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "V3Score": 6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37807", "https://git.kernel.org/linus/11ba7ce076e5903e7bdc1fd1498979c331b3c286 (6.15-rc1)", "https://git.kernel.org/stable/c/11ba7ce076e5903e7bdc1fd1498979c331b3c286", "https://git.kernel.org/stable/c/1f1c29aa1934177349c17e3c32e68ec38a7a56df", "https://git.kernel.org/stable/c/7758e308aeda1038aba1944f7302d34161b3effe", "https://linux.oracle.com/cve/CVE-2025-37807.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025050815-CVE-2025-37807-d31f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37807", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-37807" ], "PublishedDate": "2025-05-08T07:15:51.873Z", "LastModifiedDate": "2025-11-10T17:32:35.18Z" }, { "VulnerabilityID": "CVE-2025-37820", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37820", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:15caf15a0cad931af4b36326f370aa6ad7a67bf9dada71ed983ce39f3cf25c0c", "Title": "kernel: xen-netfront: handle NULL returned by xdp_convert_buff_to_frame()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen-netfront: handle NULL returned by xdp_convert_buff_to_frame()\n\nThe function xdp_convert_buff_to_frame() may return NULL if it fails\nto correctly convert the XDP buffer into an XDP frame due to memory\nconstraints, internal errors, or invalid data. Failing to check for NULL\nmay lead to a NULL pointer dereference if the result is used later in\nprocessing, potentially causing crashes, data corruption, or undefined\nbehavior.\n\nOn XDP redirect failure, the associated page must be released explicitly\nif it was previously retained via get_page(). Failing to do so may result\nin a memory leak, as the pages reference count is not decremented.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37820", "https://git.kernel.org/linus/cc3628dcd851ddd8d418bf0c897024b4621ddc92 (6.15-rc4)", "https://git.kernel.org/stable/c/5b83d30c63f9964acb1bc63eb8e670b9e0d2c240", "https://git.kernel.org/stable/c/cc3628dcd851ddd8d418bf0c897024b4621ddc92", "https://git.kernel.org/stable/c/cefd8a2e2de46209ce66e6d30c237eb59b6c5bfa", "https://git.kernel.org/stable/c/d6a9c4e6f9b3ec3ad98468c950ad214af8a2efb9", "https://git.kernel.org/stable/c/eefccd889df3b49d92e7349d94c4aa7e1ba19f6c", "https://linux.oracle.com/cve/CVE-2025-37820.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html", "https://lore.kernel.org/linux-cve-announce/2025050820-CVE-2025-37820-799c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37820", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-37820" ], "PublishedDate": "2025-05-08T07:15:53.237Z", "LastModifiedDate": "2025-11-12T21:24:20.443Z" }, { "VulnerabilityID": "CVE-2025-37822", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37822", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:03e73ebd32c719fbb2e0fcfef0a43f516ce01fcf0949605e2e009282e9c7eed9", "Title": "kernel: riscv: uprobes: Add missing fence.i after building the XOL buffer", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: uprobes: Add missing fence.i after building the XOL buffer\n\nThe XOL (execute out-of-line) buffer is used to single-step the\nreplaced instruction(s) for uprobes. The RISC-V port was missing a\nproper fence.i (i$ flushing) after constructing the XOL buffer, which\ncan result in incorrect execution of stale/broken instructions.\n\nThis was found running the BPF selftests \"test_progs:\nuprobe_autoattach, attach_probe\" on the Spacemit K1/X60, where the\nuprobes tests randomly blew up.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 3, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37822", "https://git.kernel.org/linus/7d1d19a11cfbfd8bae1d89cc010b2cc397cd0c48 (6.15-rc4)", "https://git.kernel.org/stable/c/1dbb95a36499374c51b47ee8ae258a8862c20978", "https://git.kernel.org/stable/c/77c956152a3a7c7a18b68f3654f70565b2181d03", "https://git.kernel.org/stable/c/7d1d19a11cfbfd8bae1d89cc010b2cc397cd0c48", "https://git.kernel.org/stable/c/b6d8d4d01ca8514fa89b05355f296758a91e2297", "https://git.kernel.org/stable/c/bcf6d3158c5902d92b6d62335af4422b7bf7c4e2", "https://git.kernel.org/stable/c/be6d98766ac952d38241d5a5b213f363afa421c3", "https://linux.oracle.com/cve/CVE-2025-37822.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025050821-CVE-2025-37822-9fef@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37822", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-37822" ], "PublishedDate": "2025-05-08T07:15:53.427Z", "LastModifiedDate": "2026-03-17T15:02:19.537Z" }, { "VulnerabilityID": "CVE-2025-37833", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37833", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4dfb339e37c9dd5284d4f72e26429a29914a7d120146bf253b187a04109eef06", "Title": "kernel: net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads\n\nFix niu_try_msix() to not cause a fatal trap on sparc systems.\n\nSet PCI_DEV_FLAGS_MSIX_TOUCH_ENTRY_DATA_FIRST on the struct pci_dev to\nwork around a bug in the hardware or firmware.\n\nFor each vector entry in the msix table, niu chips will cause a fatal\ntrap if any registers in that entry are read before that entries'\nENTRY_DATA register is written to. Testing indicates writes to other\nregisters are not sufficient to prevent the fatal trap, however the value\ndoes not appear to matter. This only needs to happen once after power up,\nso simply rebooting into a kernel lacking this fix will NOT cause the\ntrap.\n\nNON-RESUMABLE ERROR: Reporting on cpu 64\nNON-RESUMABLE ERROR: TPC [0x00000000005f6900] \u003cmsix_prepare_msi_desc+0x90/0xa0\u003e\nNON-RESUMABLE ERROR: RAW [4010000000000016:00000e37f93e32ff:0000000202000080:ffffffffffffffff\nNON-RESUMABLE ERROR: 0000000800000000:0000000000000000:0000000000000000:0000000000000000]\nNON-RESUMABLE ERROR: handle [0x4010000000000016] stick [0x00000e37f93e32ff]\nNON-RESUMABLE ERROR: type [precise nonresumable]\nNON-RESUMABLE ERROR: attrs [0x02000080] \u003c ASI sp-faulted priv \u003e\nNON-RESUMABLE ERROR: raddr [0xffffffffffffffff]\nNON-RESUMABLE ERROR: insn effective address [0x000000c50020000c]\nNON-RESUMABLE ERROR: size [0x8]\nNON-RESUMABLE ERROR: asi [0x00]\nCPU: 64 UID: 0 PID: 745 Comm: kworker/64:1 Not tainted 6.11.5 #63\nWorkqueue: events work_for_cpu_fn\nTSTATE: 0000000011001602 TPC: 00000000005f6900 TNPC: 00000000005f6904 Y: 00000000 Not tainted\nTPC: \u003cmsix_prepare_msi_desc+0x90/0xa0\u003e\ng0: 00000000000002e9 g1: 000000000000000c g2: 000000c50020000c g3: 0000000000000100\ng4: ffff8000470307c0 g5: ffff800fec5be000 g6: ffff800047a08000 g7: 0000000000000000\no0: ffff800014feb000 o1: ffff800047a0b620 o2: 0000000000000011 o3: ffff800047a0b620\no4: 0000000000000080 o5: 0000000000000011 sp: ffff800047a0ad51 ret_pc: 00000000005f7128\nRPC: \u003c__pci_enable_msix_range+0x3cc/0x460\u003e\nl0: 000000000000000d l1: 000000000000c01f l2: ffff800014feb0a8 l3: 0000000000000020\nl4: 000000000000c000 l5: 0000000000000001 l6: 0000000020000000 l7: ffff800047a0b734\ni0: ffff800014feb000 i1: ffff800047a0b730 i2: 0000000000000001 i3: 000000000000000d\ni4: 0000000000000000 i5: 0000000000000000 i6: ffff800047a0ae81 i7: 00000000101888b0\nI7: \u003cniu_try_msix.constprop.0+0xc0/0x130 [niu]\u003e\nCall Trace:\n[\u003c00000000101888b0\u003e] niu_try_msix.constprop.0+0xc0/0x130 [niu]\n[\u003c000000001018f840\u003e] niu_get_invariants+0x183c/0x207c [niu]\n[\u003c00000000101902fc\u003e] niu_pci_init_one+0x27c/0x2fc [niu]\n[\u003c00000000005ef3e4\u003e] local_pci_probe+0x28/0x74\n[\u003c0000000000469240\u003e] work_for_cpu_fn+0x8/0x1c\n[\u003c000000000046b008\u003e] process_scheduled_works+0x144/0x210\n[\u003c000000000046b518\u003e] worker_thread+0x13c/0x1c0\n[\u003c00000000004710e0\u003e] kthread+0xb8/0xc8\n[\u003c00000000004060c8\u003e] ret_from_fork+0x1c/0x2c\n[\u003c0000000000000000\u003e] 0x0\nKernel panic - not syncing: Non-resumable error.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37833", "https://git.kernel.org/linus/fbb429ddff5c8e479edcc7dde5a542c9295944e6 (6.15-rc3)", "https://git.kernel.org/stable/c/64903e4849a71cf7f7c7e5d45225ccefc1280929", "https://git.kernel.org/stable/c/c187aaa9e79b4b6d86ac7ba941e579ad33df5538", "https://git.kernel.org/stable/c/fbb429ddff5c8e479edcc7dde5a542c9295944e6", "https://linux.oracle.com/cve/CVE-2025-37833.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025050824-CVE-2025-37833-d0a7@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37833", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-37833" ], "PublishedDate": "2025-05-08T07:15:54.533Z", "LastModifiedDate": "2025-11-14T19:44:52.723Z" }, { "VulnerabilityID": "CVE-2025-37834", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37834", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:858a84eea17853c323e7551a36db5572de4d1600ab5b8051a2d826a2af7ce1cf", "Title": "kernel: mm/vmscan: don't try to reclaim hwpoison folio", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/vmscan: don't try to reclaim hwpoison folio\n\nSyzkaller reports a bug as follows:\n\nInjecting memory failure for pfn 0x18b00e at process virtual address 0x20ffd000\nMemory failure: 0x18b00e: dirty swapcache page still referenced by 2 users\nMemory failure: 0x18b00e: recovery action for dirty swapcache page: Failed\npage: refcount:2 mapcount:0 mapping:0000000000000000 index:0x20ffd pfn:0x18b00e\nmemcg:ffff0000dd6d9000\nanon flags: 0x5ffffe00482011(locked|dirty|arch_1|swapbacked|hwpoison|node=0|zone=2|lastcpupid=0xfffff)\nraw: 005ffffe00482011 dead000000000100 dead000000000122 ffff0000e232a7c9\nraw: 0000000000020ffd 0000000000000000 00000002ffffffff ffff0000dd6d9000\npage dumped because: VM_BUG_ON_FOLIO(!folio_test_uptodate(folio))\n------------[ cut here ]------------\nkernel BUG at mm/swap_state.c:184!\nInternal error: Oops - BUG: 00000000f2000800 [#1] SMP\nModules linked in:\nCPU: 0 PID: 60 Comm: kswapd0 Not tainted 6.6.0-gcb097e7de84e #3\nHardware name: linux,dummy-virt (DT)\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : add_to_swap+0xbc/0x158\nlr : add_to_swap+0xbc/0x158\nsp : ffff800087f37340\nx29: ffff800087f37340 x28: fffffc00052c0380 x27: ffff800087f37780\nx26: ffff800087f37490 x25: ffff800087f37c78 x24: ffff800087f377a0\nx23: ffff800087f37c50 x22: 0000000000000000 x21: fffffc00052c03b4\nx20: 0000000000000000 x19: fffffc00052c0380 x18: 0000000000000000\nx17: 296f696c6f662865 x16: 7461646f7470755f x15: 747365745f6f696c\nx14: 6f6621284f494c4f x13: 0000000000000001 x12: ffff600036d8b97b\nx11: 1fffe00036d8b97a x10: ffff600036d8b97a x9 : dfff800000000000\nx8 : 00009fffc9274686 x7 : ffff0001b6c5cbd3 x6 : 0000000000000001\nx5 : ffff0000c25896c0 x4 : 0000000000000000 x3 : 0000000000000000\nx2 : 0000000000000000 x1 : ffff0000c25896c0 x0 : 0000000000000000\nCall trace:\n add_to_swap+0xbc/0x158\n shrink_folio_list+0x12ac/0x2648\n shrink_inactive_list+0x318/0x948\n shrink_lruvec+0x450/0x720\n shrink_node_memcgs+0x280/0x4a8\n shrink_node+0x128/0x978\n balance_pgdat+0x4f0/0xb20\n kswapd+0x228/0x438\n kthread+0x214/0x230\n ret_from_fork+0x10/0x20\n\nI can reproduce this issue with the following steps:\n\n1) When a dirty swapcache page is isolated by reclaim process and the\n page isn't locked, inject memory failure for the page. \n me_swapcache_dirty() clears uptodate flag and tries to delete from lru,\n but fails. Reclaim process will put the hwpoisoned page back to lru.\n\n2) The process that maps the hwpoisoned page exits, the page is deleted\n the page will never be freed and will be in the lru forever.\n\n3) If we trigger a reclaim again and tries to reclaim the page,\n add_to_swap() will trigger VM_BUG_ON_FOLIO due to the uptodate flag is\n cleared.\n\nTo fix it, skip the hwpoisoned page in shrink_folio_list(). Besides, the\nhwpoison folio may not be unmapped by hwpoison_user_mappings() yet, unmap\nit in shrink_folio_list(), otherwise the folio will fail to be unmaped by\nhwpoison_user_mappings() since the folio isn't in lru list.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37834", "https://git.kernel.org/linus/1b0449544c6482179ac84530b61fc192a6527bfd (6.15-rc1)", "https://git.kernel.org/stable/c/1b0449544c6482179ac84530b61fc192a6527bfd", "https://git.kernel.org/stable/c/1c9798bf8145a92abf45aa9d38a6406d9eb8bdf0", "https://git.kernel.org/stable/c/912e9f0300c3564b72a8808db406e313193a37ad", "https://linux.oracle.com/cve/CVE-2025-37834.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025050825-CVE-2025-37834-269b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37834", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-37834" ], "PublishedDate": "2025-05-08T07:15:54.627Z", "LastModifiedDate": "2025-11-14T19:48:51.243Z" }, { "VulnerabilityID": "CVE-2025-37842", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37842", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:bdde52ba765ead034a4172f39ce875c161ad545fd68f986aae87dc86fa5a592e", "Title": "kernel: spi: fsl-qspi: use devm function instead of driver remove", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: fsl-qspi: use devm function instead of driver remove\n\nDriver use devm APIs to manage clk/irq/resources and register the spi\ncontroller, but the legacy remove function will be called first during\ndevice detach and trigger kernel panic. Drop the remove function and use\ndevm_add_action_or_reset() for driver cleanup to ensure the release\nsequence.\n\nTrigger kernel panic on i.MX8MQ by\necho 30bb0000.spi \u003e/sys/bus/platform/drivers/fsl-quadspi/unbind", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37842", "https://git.kernel.org/linus/40369bfe717e96e26650eeecfa5a6363563df6e4 (6.15-rc1)", "https://git.kernel.org/stable/c/40369bfe717e96e26650eeecfa5a6363563df6e4", "https://git.kernel.org/stable/c/439688dbe82baa10d4430dc3252bb5ef1183a171", "https://git.kernel.org/stable/c/50ae352c1848cab408fb4f7d7f50c71f818bbdbf", "https://git.kernel.org/stable/c/f68b27d82a749117d9c7d7f33fa53f46373e38e2", "https://git.kernel.org/stable/c/f9bfb3a5f6f616f3eb7665c8ff3bcb9760ae33c8", "https://lore.kernel.org/linux-cve-announce/2025050916-CVE-2025-37842-8da3@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37842", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-37842" ], "PublishedDate": "2025-05-09T07:16:04.963Z", "LastModifiedDate": "2025-11-17T12:49:38.21Z" }, { "VulnerabilityID": "CVE-2025-37852", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37852", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6eb74396208b69db0f4afc7a2286f1af4af64d1fa4760b80ea034b0ad6f8df6d", "Title": "kernel: drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create()\n\nAdd error handling to propagate amdgpu_cgs_create_device() failures\nto the caller. When amdgpu_cgs_create_device() fails, release hwmgr\nand return -ENOMEM to prevent null pointer dereference.\n\n[v1]-\u003e[v2]: Change error code from -EINVAL to -ENOMEM. Free hwmgr.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37852", "https://git.kernel.org/linus/1435e895d4fc967d64e9f5bf81e992ac32f5ac76 (6.15-rc1)", "https://git.kernel.org/stable/c/1435e895d4fc967d64e9f5bf81e992ac32f5ac76", "https://git.kernel.org/stable/c/22ea19cc089013b55c240134dbb2797700ff5a6a", "https://git.kernel.org/stable/c/55ef52c30c3e747f145a64de96192e37a8fed670", "https://git.kernel.org/stable/c/b784734811438f11533e2fb9e0deb327844bdb56", "https://git.kernel.org/stable/c/dc4380f34613eaae997b3ed263bd1cb3d0fd0075", "https://git.kernel.org/stable/c/f8693e1bae9c08233a2f535c3f412e157df32b33", "https://linux.oracle.com/cve/CVE-2025-37852.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html", "https://lore.kernel.org/linux-cve-announce/2025050919-CVE-2025-37852-31b4@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37852", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-37852" ], "PublishedDate": "2025-05-09T07:16:06.133Z", "LastModifiedDate": "2025-11-17T12:52:14.693Z" }, { "VulnerabilityID": "CVE-2025-37853", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37853", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:081c124b92f69de54fc0576be4c7550db1e3baf388cbe3da1075dcbbb5e723b9", "Title": "kernel: drm/amdkfd: debugfs hang_hws skip GPU with MES", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: debugfs hang_hws skip GPU with MES\n\ndebugfs hang_hws is used by GPU reset test with HWS, for MES this crash\nthe kernel with NULL pointer access because dqm-\u003epacket_mgr is not setup\nfor MES path.\n\nSkip GPU with MES for now, MES hang_hws debugfs interface will be\nsupported later.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37853", "https://git.kernel.org/linus/fe9d0061c413f8fb8c529b18b592b04170850ded (6.15-rc1)", "https://git.kernel.org/stable/c/1a322b330dc0b775d1d7a84e55c752d9451bfe7d", "https://git.kernel.org/stable/c/24b9e0e2e6147314c22d821f0542c4dd9a320c40", "https://git.kernel.org/stable/c/a36f8d544522a19ef06ed9e84667d154dcb6be52", "https://git.kernel.org/stable/c/f84c57906f0fd2185e557d2552b20aa8430a4677", "https://git.kernel.org/stable/c/fe9d0061c413f8fb8c529b18b592b04170850ded", "https://linux.oracle.com/cve/CVE-2025-37853.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025050920-CVE-2025-37853-e9f7@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37853", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-37853" ], "PublishedDate": "2025-05-09T07:16:06.257Z", "LastModifiedDate": "2025-11-17T12:51:46.01Z" }, { "VulnerabilityID": "CVE-2025-37854", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37854", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2d2fca2571ec3f86210a67d49fb9098784b8a3f66b25eef26306b7f9f00e52f7", "Title": "kernel: drm/amdkfd: Fix mode1 reset crash issue", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Fix mode1 reset crash issue\n\nIf HW scheduler hangs and mode1 reset is used to recover GPU, KFD signal\nuser space to abort the processes. After process abort exit, user queues\nstill use the GPU to access system memory before h/w is reset while KFD\ncleanup worker free system memory and free VRAM.\n\nThere is use-after-free race bug that KFD allocate and reuse the freed\nsystem memory, and user queue write to the same system memory to corrupt\nthe data structure and cause driver crash.\n\nTo fix this race, KFD cleanup worker terminate user queues, then flush\nreset_domain wq to wait for any GPU ongoing reset complete, and then\nfree outstanding BOs.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 2, "nvd": 3, "oracle-oval": 3, "photon": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37854", "https://git.kernel.org/linus/f0b4440cdc1807bb6ec3dce0d6de81170803569b (6.15-rc1)", "https://git.kernel.org/stable/c/57c9dabda80ac167de8cd71231baae37cc2f442d", "https://git.kernel.org/stable/c/6f30a847432cae84c7428e9b684b3e3fa49b2391", "https://git.kernel.org/stable/c/89af6b39f028c130d4362f57042927f005423e6a", "https://git.kernel.org/stable/c/9c4bcdf4068aae3e17e31c144300be405cfa03ff", "https://git.kernel.org/stable/c/f0b4440cdc1807bb6ec3dce0d6de81170803569b", "https://git.kernel.org/stable/c/ffd37d7d44d7e0b6e769d4fe6590e327f8cc3951", "https://linux.oracle.com/cve/CVE-2025-37854.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html", "https://lore.kernel.org/linux-cve-announce/2025050920-CVE-2025-37854-61b7@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37854", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-37854" ], "PublishedDate": "2025-05-09T07:16:06.367Z", "LastModifiedDate": "2025-11-17T12:51:35.04Z" }, { "VulnerabilityID": "CVE-2025-37855", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37855", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:82733c381d168a66b2911ca86635da48fc2082914f85af9a158bf300305a6294", "Title": "kernel: drm/amd/display: Guard Possible Null Pointer Dereference", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Guard Possible Null Pointer Dereference\n\n[WHY]\nIn some situations, dc-\u003eres_pool may be null.\n\n[HOW]\nCheck if pointer is null before dereference.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37855", "https://git.kernel.org/linus/c87d202692de34ee71d1fd4679a549a29095658a (6.15-rc1)", "https://git.kernel.org/stable/c/c87d202692de34ee71d1fd4679a549a29095658a", "https://git.kernel.org/stable/c/dc2de1ac7145f882f3c03d2d6f84583ae7e35d41", "https://lore.kernel.org/linux-cve-announce/2025050920-CVE-2025-37855-6b15@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37855", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-37855" ], "PublishedDate": "2025-05-09T07:16:06.487Z", "LastModifiedDate": "2025-11-17T12:51:05.05Z" }, { "VulnerabilityID": "CVE-2025-37856", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37856", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9846fe3fdc18b2c6cd7b21c95479c7d346fe2dd3104e91b22a25bc30d648ac0b", "Title": "kernel: btrfs: harden block_group::bg_list against list_del() races", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: harden block_group::bg_list against list_del() races\n\nAs far as I can tell, these calls of list_del_init() on bg_list cannot\nrun concurrently with btrfs_mark_bg_unused() or btrfs_mark_bg_to_reclaim(),\nas they are in transaction error paths and situations where the block\ngroup is readonly.\n\nHowever, if there is any chance at all of racing with mark_bg_unused(),\nor a different future user of bg_list, better to be safe than sorry.\n\nOtherwise we risk the following interleaving (bg_list refcount in parens)\n\nT1 (some random op) T2 (btrfs_mark_bg_unused)\n !list_empty(\u0026bg-\u003ebg_list); (1)\nlist_del_init(\u0026bg-\u003ebg_list); (1)\n list_move_tail (1)\nbtrfs_put_block_group (0)\n btrfs_delete_unused_bgs\n bg = list_first_entry\n list_del_init(\u0026bg-\u003ebg_list);\n btrfs_put_block_group(bg); (-1)\n\nUltimately, this results in a broken ref count that hits zero one deref\nearly and the real final deref underflows the refcount, resulting in a WARNING.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37856", "https://git.kernel.org/linus/7511e29cf1355b2c47d0effb39e463119913e2f6 (6.15-rc1)", "https://git.kernel.org/stable/c/185fd73e5ac06027c4be9a129e59193f6a3ef202", "https://git.kernel.org/stable/c/7511e29cf1355b2c47d0effb39e463119913e2f6", "https://git.kernel.org/stable/c/909e60fb469d4101c6b08cf6e622efb062bb24a1", "https://git.kernel.org/stable/c/bf089c4d1141b27332c092b1dcca5022c415a3b6", "https://linux.oracle.com/cve/CVE-2025-37856.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025050921-CVE-2025-37856-3117@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37856", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-37856" ], "PublishedDate": "2025-05-09T07:16:06.593Z", "LastModifiedDate": "2025-11-12T20:08:08.82Z" }, { "VulnerabilityID": "CVE-2025-37861", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37861", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:82db9f195bd06462a5544cf0dce08cd69032503946bd3acdf0bf79d4ad023f63", "Title": "kernel: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue\n\nWhen the task management thread processes reply queues while the reset\nthread resets them, the task management thread accesses an invalid queue ID\n(0xFFFF), set by the reset thread, which points to unallocated memory,\ncausing a crash.\n\nAdd flag 'io_admin_reset_sync' to synchronize access between the reset,\nI/O, and admin threads. Before a reset, the reset handler sets this flag to\nblock I/O and admin processing threads. If any thread bypasses the initial\ncheck, the reset thread waits up to 10 seconds for processing to finish. If\nthe wait exceeds 10 seconds, the controller is marked as unrecoverable.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "nvd": 3, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 6.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37861", "https://git.kernel.org/linus/f195fc060c738d303a21fae146dbf85e1595fb4c (6.15-rc1)", "https://git.kernel.org/stable/c/65ba18c84dbd03afe9b38c06c151239d97a09834", "https://git.kernel.org/stable/c/75b67dca4195e11ccf966a704787b2aa2754a457", "https://git.kernel.org/stable/c/8d310d66e2b0f5f9f709764641647e8a3a4924fa", "https://git.kernel.org/stable/c/f195fc060c738d303a21fae146dbf85e1595fb4c", "https://linux.oracle.com/cve/CVE-2025-37861.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025050922-CVE-2025-37861-ab7f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37861", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-37861" ], "PublishedDate": "2025-05-09T07:16:07.073Z", "LastModifiedDate": "2025-11-12T20:12:35.137Z" }, { "VulnerabilityID": "CVE-2025-37870", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37870", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1be54f7b7630e9c18c06414369a4ef05ed79d4a2d886c73e62d4b9c2582fbacf", "Title": "kernel: drm/amd/display: prevent hang on link training fail", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: prevent hang on link training fail\n\n[Why]\nWhen link training fails, the phy clock will be disabled. However, in\nenable_streams, it is assumed that link training succeeded and the\nmux selects the phy clock, causing a hang when a register write is made.\n\n[How]\nWhen enable_stream is hit, check if link training failed. If it did, fall\nback to the ref clock to avoid a hang and keep the system in a recoverable\nstate.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37870", "https://git.kernel.org/linus/8058061ed9d6bc259d1e678607b07d259342c08f (6.15-rc1)", "https://git.kernel.org/stable/c/0363c03672cd3191f037905bf981eb523a3b71b1", "https://git.kernel.org/stable/c/04bf4f2a497e9877c425c5124652e61fb8a1a0aa", "https://git.kernel.org/stable/c/8058061ed9d6bc259d1e678607b07d259342c08f", "https://linux.oracle.com/cve/CVE-2025-37870.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025050959-CVE-2025-37870-311a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37870", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-37870" ], "PublishedDate": "2025-05-09T07:16:08.107Z", "LastModifiedDate": "2025-11-12T20:37:39.233Z" }, { "VulnerabilityID": "CVE-2025-37876", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37876", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a0aaa1623d90a97f886173ca7127379eb1a8e3f56722687c7d40a86e680bab2f", "Title": "kernel: netfs: Only create /proc/fs/netfs with CONFIG_PROC_FS", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Only create /proc/fs/netfs with CONFIG_PROC_FS\n\nWhen testing a special config:\n\nCONFIG_NETFS_SUPPORTS=y\nCONFIG_PROC_FS=n\n\nThe system crashes with something like:\n\n[ 3.766197] ------------[ cut here ]------------\n[ 3.766484] kernel BUG at mm/mempool.c:560!\n[ 3.766789] Oops: invalid opcode: 0000 [#1] SMP NOPTI\n[ 3.767123] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Tainted: G W\n[ 3.767777] Tainted: [W]=WARN\n[ 3.767968] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),\n[ 3.768523] RIP: 0010:mempool_alloc_slab.cold+0x17/0x19\n[ 3.768847] Code: 50 fe ff 58 5b 5d 41 5c 41 5d 41 5e 41 5f e9 93 95 13 00\n[ 3.769977] RSP: 0018:ffffc90000013998 EFLAGS: 00010286\n[ 3.770315] RAX: 000000000000002f RBX: ffff888100ba8640 RCX: 0000000000000000\n[ 3.770749] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 00000000ffffffff\n[ 3.771217] RBP: 0000000000092880 R08: 0000000000000000 R09: ffffc90000013828\n[ 3.771664] R10: 0000000000000001 R11: 00000000ffffffea R12: 0000000000092cc0\n[ 3.772117] R13: 0000000000000400 R14: ffff8881004b1620 R15: ffffea0004ef7e40\n[ 3.772554] FS: 0000000000000000(0000) GS:ffff8881b5f3c000(0000) knlGS:0000000000000000\n[ 3.773061] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 3.773443] CR2: ffffffff830901b4 CR3: 0000000004296001 CR4: 0000000000770ef0\n[ 3.773884] PKRU: 55555554\n[ 3.774058] Call Trace:\n[ 3.774232] \u003cTASK\u003e\n[ 3.774371] mempool_alloc_noprof+0x6a/0x190\n[ 3.774649] ? _printk+0x57/0x80\n[ 3.774862] netfs_alloc_request+0x85/0x2ce\n[ 3.775147] netfs_readahead+0x28/0x170\n[ 3.775395] read_pages+0x6c/0x350\n[ 3.775623] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 3.775928] page_cache_ra_unbounded+0x1bd/0x2a0\n[ 3.776247] filemap_get_pages+0x139/0x970\n[ 3.776510] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 3.776820] filemap_read+0xf9/0x580\n[ 3.777054] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 3.777368] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 3.777674] ? find_held_lock+0x32/0x90\n[ 3.777929] ? netfs_start_io_read+0x19/0x70\n[ 3.778221] ? netfs_start_io_read+0x19/0x70\n[ 3.778489] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 3.778800] ? lock_acquired+0x1e6/0x450\n[ 3.779054] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 3.779379] netfs_buffered_read_iter+0x57/0x80\n[ 3.779670] __kernel_read+0x158/0x2c0\n[ 3.779927] bprm_execve+0x300/0x7a0\n[ 3.780185] kernel_execve+0x10c/0x140\n[ 3.780423] ? __pfx_kernel_init+0x10/0x10\n[ 3.780690] kernel_init+0xd5/0x150\n[ 3.780910] ret_from_fork+0x2d/0x50\n[ 3.781156] ? __pfx_kernel_init+0x10/0x10\n[ 3.781414] ret_from_fork_asm+0x1a/0x30\n[ 3.781677] \u003c/TASK\u003e\n[ 3.781823] Modules linked in:\n[ 3.782065] ---[ end trace 0000000000000000 ]---\n\nThis is caused by the following error path in netfs_init():\n\n if (!proc_mkdir(\"fs/netfs\", NULL))\n goto error_proc;\n\nFix this by adding ifdef in netfs_main(), so that /proc/fs/netfs is only\ncreated with CONFIG_PROC_FS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37876", "https://git.kernel.org/linus/40cb48eba3b4b79e110c1a35d33a48cac54507a2 (6.15-rc3)", "https://git.kernel.org/stable/c/2ef6eea2efce01d1956ace483216f6b6e26330c9", "https://git.kernel.org/stable/c/40cb48eba3b4b79e110c1a35d33a48cac54507a2", "https://git.kernel.org/stable/c/6c4c5e0b96a90f2a11c378e66edc1f25165e10b6", "https://linux.oracle.com/cve/CVE-2025-37876.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025050942-CVE-2025-37876-679c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37876", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-37876" ], "PublishedDate": "2025-05-09T07:16:08.79Z", "LastModifiedDate": "2025-11-12T19:52:42.047Z" }, { "VulnerabilityID": "CVE-2025-37877", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37877", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7143541c2e8f5a7a05b95df52cb4dea79e0c16156ff266b6952b58e837c10502", "Title": "kernel: iommu: Clear iommu-dma ops on cleanup", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu: Clear iommu-dma ops on cleanup\n\nIf iommu_device_register() encounters an error, it can end up tearing\ndown already-configured groups and default domains, however this\ncurrently still leaves devices hooked up to iommu-dma (and even\nhistorically the behaviour in this area was at best inconsistent across\narchitectures/drivers...) Although in the case that an IOMMU is present\nwhose driver has failed to probe, users cannot necessarily expect DMA to\nwork anyway, it's still arguable that we should do our best to put\nthings back as if the IOMMU driver was never there at all, and certainly\nthe potential for crashing in iommu-dma itself is undesirable. Make sure\nwe clean up the dev-\u003edma_iommu flag along with everything else.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37877", "https://git.kernel.org/linus/280e5a30100578106a4305ce0118e0aa9b866f12 (6.15-rc2)", "https://git.kernel.org/stable/c/104a84276821aed0ed241ce0d82d6c3267e3fcb8", "https://git.kernel.org/stable/c/280e5a30100578106a4305ce0118e0aa9b866f12", "https://git.kernel.org/stable/c/b14d98641312d972bb3f38e82eddf92898522389", "https://linux.oracle.com/cve/CVE-2025-37877.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025050942-CVE-2025-37877-2e67@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37877", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-37877" ], "PublishedDate": "2025-05-09T07:16:08.907Z", "LastModifiedDate": "2025-11-12T19:53:09.763Z" }, { "VulnerabilityID": "CVE-2025-37878", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37878", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b41f4f0705f1728fc40b3d5c4c2c4672fe0cf628919114e3c532d345ed7e4b5d", "Title": "kernel: perf/core: Fix WARN_ON(!ctx) in __free_event() for partial init", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Fix WARN_ON(!ctx) in __free_event() for partial init\n\nMove the get_ctx(child_ctx) call and the child_event-\u003ectx assignment to\noccur immediately after the child event is allocated. Ensure that\nchild_event-\u003ectx is non-NULL before any subsequent error path within\ninherit_event calls free_event(), satisfying the assumptions of the\ncleanup code.\n\nDetails:\n\nThere's no clear Fixes tag, because this bug is a side-effect of\nmultiple interacting commits over time (up to 15 years old), not\na single regression.\n\nThe code initially incremented refcount then assigned context\nimmediately after the child_event was created. Later, an early\nvalidity check for child_event was added before the\nrefcount/assignment. Even later, a WARN_ON_ONCE() cleanup check was\nadded, assuming event-\u003ectx is valid if the pmu_ctx is valid.\nThe problem is that the WARN_ON_ONCE() could trigger after the initial\ncheck passed but before child_event-\u003ectx was assigned, violating its\nprecondition. The solution is to assign child_event-\u003ectx right after\nits initial validation. This ensures the context exists for any\nsubsequent checks or cleanup routines, resolving the WARN_ON_ONCE().\n\nTo resolve it, defer the refcount update and child_event-\u003ectx assignment\ndirectly after child_event-\u003epmu_ctx is set but before checking if the\nparent event is orphaned. The cleanup routine depends on\nevent-\u003epmu_ctx being non-NULL before it verifies event-\u003ectx is\nnon-NULL. This also maintains the author's original intent of passing\nin child_ctx to find_get_pmu_context before its refcount/assignment.\n\n[ mingo: Expanded the changelog from another email by Gabriel Shahrouzi. ]", "Severity": "MEDIUM", "CweIDs": [ "CWE-617" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37878", "https://git.kernel.org/linus/0ba3a4ab76fd3367b9cb680cad70182c896c795c (6.15-rc2)", "https://git.kernel.org/stable/c/0ba3a4ab76fd3367b9cb680cad70182c896c795c", "https://git.kernel.org/stable/c/1fe9b92eede32574dbe05b5bdb6ad666b350bed0", "https://git.kernel.org/stable/c/90dc6c1e3b200812da8d0aa030e1b7fda8226d0e", "https://git.kernel.org/stable/c/cb56cd11feabf99e08bc18960700a53322ffcea7", "https://linux.oracle.com/cve/CVE-2025-37878.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025050943-CVE-2025-37878-b963@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37878", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-37878" ], "PublishedDate": "2025-05-09T07:16:09.02Z", "LastModifiedDate": "2026-01-02T16:15:54.233Z" }, { "VulnerabilityID": "CVE-2025-37879", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37879", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:29a3a841478e0f9a7b8d22bbf54551f1066b4337115c683305621ecfac427aee", "Title": "kernel: 9p/net: fix improper handling of bogus negative read/write replies", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\n9p/net: fix improper handling of bogus negative read/write replies\n\nIn p9_client_write() and p9_client_read_once(), if the server\nincorrectly replies with success but a negative write/read count then we\nwould consider written (negative) \u003c= rsize (positive) because both\nvariables were signed.\n\nMake variables unsigned to avoid this problem.\n\nThe reproducer linked below now fails with the following error instead\nof a null pointer deref:\n9pnet: bogus RWRITE count (4294967295 \u003e 3)", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "azure": 2, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37879", "https://git.kernel.org/linus/d0259a856afca31d699b706ed5e2adf11086c73b (6.15-rc1)", "https://git.kernel.org/stable/c/374e4cd75617c8c2552f562f39dd989583f5c330", "https://git.kernel.org/stable/c/468ff4a7c61fb811c596a7c44b6a5455e40fd12b", "https://git.kernel.org/stable/c/a68768e280b7d0c967ea509e791bb9b90adc94a5", "https://git.kernel.org/stable/c/c548f95688e2b5ae0e2ae43d53cf717156c7d034", "https://git.kernel.org/stable/c/d0259a856afca31d699b706ed5e2adf11086c73b", "https://linux.oracle.com/cve/CVE-2025-37879.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html", "https://lore.kernel.org/linux-cve-announce/2025050943-CVE-2025-37879-a59f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37879", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-37879" ], "PublishedDate": "2025-05-09T07:16:09.143Z", "LastModifiedDate": "2025-11-12T19:53:46.03Z" }, { "VulnerabilityID": "CVE-2025-37880", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37880", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4a6773e592e47c1eb356dbdc0a79e6ebde33c13fa3ccf098bc8404fb02af8d88", "Title": "kernel: um: work around sched_yield not yielding in time-travel mode", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\num: work around sched_yield not yielding in time-travel mode\n\nsched_yield by a userspace may not actually cause scheduling in\ntime-travel mode as no time has passed. In the case seen it appears to\nbe a badly implemented userspace spinlock in ASAN. Unfortunately, with\ntime-travel it causes an extreme slowdown or even deadlock depending on\nthe kernel configuration (CONFIG_UML_MAX_USERSPACE_ITERATIONS).\n\nWork around it by accounting time to the process whenever it executes a\nsched_yield syscall.", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37880", "https://git.kernel.org/linus/887c5c12e80c8424bd471122d2e8b6b462e12874 (6.15-rc1)", "https://git.kernel.org/stable/c/887c5c12e80c8424bd471122d2e8b6b462e12874", "https://git.kernel.org/stable/c/990ddc65173776f1e01e7135d8c1fd5f8fd4d5d2", "https://git.kernel.org/stable/c/da780c4a075ba2deb05ae29f0af4a990578c7901", "https://linux.oracle.com/cve/CVE-2025-37880.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025050943-CVE-2025-37880-3f3c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37880", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-37880" ], "PublishedDate": "2025-05-09T07:16:09.257Z", "LastModifiedDate": "2025-11-12T19:54:01.35Z" }, { "VulnerabilityID": "CVE-2025-37882", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37882", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f3195a3da5602745dea60d531b64b62d2f65fc4e632f2fc2025f43b05a98a07d", "Title": "kernel: Linux kernel: xHCI driver isochronous event handling race condition leading to data loss or UAF", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci: Fix isochronous Ring Underrun/Overrun event handling\n\nThe TRB pointer of these events points at enqueue at the time of error\noccurrence on xHCI 1.1+ HCs or it's NULL on older ones. By the time we\nare handling the event, a new TD may be queued at this ring position.\n\nI can trigger this race by rising interrupt moderation to increase IRQ\nhandling delay. Similar delay may occur naturally due to system load.\n\nIf this ever happens after a Missed Service Error, missed TDs will be\nskipped and the new TD processed as if it matched the event. It could\nbe given back prematurely, risking data loss or buffer UAF by the xHC.\n\nDon't complete TDs on xrun events and don't warn if queued TDs don't\nmatch the event's TRB pointer, which can be NULL or a link/no-op TRB.\nDon't warn if there are no queued TDs at all.\n\nNow that it's safe, also handle xrun events if the skip flag is clear.\nThis ensures completion of any TD stuck in 'error mid TD' state right\nbefore the xrun event, which could happen if a driver submits a finite\nnumber of URBs to a buggy HC and then an error occurs on the last TD.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "nvd": 3, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:H", "V3Score": 6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37882", "https://git.kernel.org/linus/906dec15b9b321b546fd31a3c99ffc13724c7af4 (6.15-rc1)", "https://git.kernel.org/stable/c/16a7a8e6c47fea5c847beb696c8c21a7a44c1915", "https://git.kernel.org/stable/c/39a080a2925c81b0f1da0add44722ef2b78e5454", "https://git.kernel.org/stable/c/906dec15b9b321b546fd31a3c99ffc13724c7af4", "https://linux.oracle.com/cve/CVE-2025-37882.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025050944-CVE-2025-37882-db64@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37882", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-37882" ], "PublishedDate": "2025-05-09T07:16:09.497Z", "LastModifiedDate": "2025-11-12T19:28:05.73Z" }, { "VulnerabilityID": "CVE-2025-37884", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37884", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:31afc61742e9c9e4fa2bdf1733d71cc19e50c135731f9d7b22df72b344bea70e", "Title": "kernel: bpf: Fix deadlock between rcu_tasks_trace and event_mutex.", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix deadlock between rcu_tasks_trace and event_mutex.\n\nFix the following deadlock:\nCPU A\n_free_event()\n perf_kprobe_destroy()\n mutex_lock(\u0026event_mutex)\n perf_trace_event_unreg()\n synchronize_rcu_tasks_trace()\n\nThere are several paths where _free_event() grabs event_mutex\nand calls sync_rcu_tasks_trace. Above is one such case.\n\nCPU B\nbpf_prog_test_run_syscall()\n rcu_read_lock_trace()\n bpf_prog_run_pin_on_cpu()\n bpf_prog_load()\n bpf_tracing_func_proto()\n trace_set_clr_event()\n mutex_lock(\u0026event_mutex)\n\nDelegate trace_set_clr_event() to workqueue to avoid\nsuch lock dependency.", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37884", "https://git.kernel.org/linus/4580f4e0ebdf8dc8d506ae926b88510395a0c1d1 (6.15-rc1)", "https://git.kernel.org/stable/c/255cbc9db7067a83713fd2f4b31034ddd266549a", "https://git.kernel.org/stable/c/45286680b385f2592db3003554872388dee66d68", "https://git.kernel.org/stable/c/4580f4e0ebdf8dc8d506ae926b88510395a0c1d1", "https://git.kernel.org/stable/c/b5a528a34e1f613565115a7a6016862ccbfcb9ac", "https://git.kernel.org/stable/c/c5c833f6375f8ecf9254dd27946c927c7d645421", "https://linux.oracle.com/cve/CVE-2025-37884.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html", "https://lore.kernel.org/linux-cve-announce/2025050945-CVE-2025-37884-778b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37884", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-37884" ], "PublishedDate": "2025-05-09T07:16:09.727Z", "LastModifiedDate": "2026-01-02T16:15:54.767Z" }, { "VulnerabilityID": "CVE-2025-37903", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37903", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9c8b6dcc4dd01114b2124d3fe0e38cbed62956a510c9a161c498031454fbbc7a", "Title": "kernel: drm/amd/display: Fix slab-use-after-free in hdcp", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix slab-use-after-free in hdcp\n\nThe HDCP code in amdgpu_dm_hdcp.c copies pointers to amdgpu_dm_connector\nobjects without incrementing the kref reference counts. When using a\nUSB-C dock, and the dock is unplugged, the corresponding\namdgpu_dm_connector objects are freed, creating dangling pointers in the\nHDCP code. When the dock is plugged back, the dangling pointers are\ndereferenced, resulting in a slab-use-after-free:\n\n[ 66.775837] BUG: KASAN: slab-use-after-free in event_property_validate+0x42f/0x6c0 [amdgpu]\n[ 66.776171] Read of size 4 at addr ffff888127804120 by task kworker/0:1/10\n\n[ 66.776179] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.14.0-rc7-00180-g54505f727a38-dirty #233\n[ 66.776183] Hardware name: HP HP Pavilion Aero Laptop 13-be0xxx/8916, BIOS F.17 12/18/2024\n[ 66.776186] Workqueue: events event_property_validate [amdgpu]\n[ 66.776494] Call Trace:\n[ 66.776496] \u003cTASK\u003e\n[ 66.776497] dump_stack_lvl+0x70/0xa0\n[ 66.776504] print_report+0x175/0x555\n[ 66.776507] ? __virt_addr_valid+0x243/0x450\n[ 66.776510] ? kasan_complete_mode_report_info+0x66/0x1c0\n[ 66.776515] kasan_report+0xeb/0x1c0\n[ 66.776518] ? event_property_validate+0x42f/0x6c0 [amdgpu]\n[ 66.776819] ? event_property_validate+0x42f/0x6c0 [amdgpu]\n[ 66.777121] __asan_report_load4_noabort+0x14/0x20\n[ 66.777124] event_property_validate+0x42f/0x6c0 [amdgpu]\n[ 66.777342] ? __lock_acquire+0x6b40/0x6b40\n[ 66.777347] ? enable_assr+0x250/0x250 [amdgpu]\n[ 66.777571] process_one_work+0x86b/0x1510\n[ 66.777575] ? pwq_dec_nr_in_flight+0xcf0/0xcf0\n[ 66.777578] ? assign_work+0x16b/0x280\n[ 66.777580] ? lock_is_held_type+0xa3/0x130\n[ 66.777583] worker_thread+0x5c0/0xfa0\n[ 66.777587] ? process_one_work+0x1510/0x1510\n[ 66.777588] kthread+0x3a2/0x840\n[ 66.777591] ? kthread_is_per_cpu+0xd0/0xd0\n[ 66.777594] ? trace_hardirqs_on+0x4f/0x60\n[ 66.777597] ? _raw_spin_unlock_irq+0x27/0x60\n[ 66.777599] ? calculate_sigpending+0x77/0xa0\n[ 66.777602] ? kthread_is_per_cpu+0xd0/0xd0\n[ 66.777605] ret_from_fork+0x40/0x90\n[ 66.777607] ? kthread_is_per_cpu+0xd0/0xd0\n[ 66.777609] ret_from_fork_asm+0x11/0x20\n[ 66.777614] \u003c/TASK\u003e\n\n[ 66.777643] Allocated by task 10:\n[ 66.777646] kasan_save_stack+0x39/0x60\n[ 66.777649] kasan_save_track+0x14/0x40\n[ 66.777652] kasan_save_alloc_info+0x37/0x50\n[ 66.777655] __kasan_kmalloc+0xbb/0xc0\n[ 66.777658] __kmalloc_cache_noprof+0x1c8/0x4b0\n[ 66.777661] dm_dp_add_mst_connector+0xdd/0x5c0 [amdgpu]\n[ 66.777880] drm_dp_mst_port_add_connector+0x47e/0x770 [drm_display_helper]\n[ 66.777892] drm_dp_send_link_address+0x1554/0x2bf0 [drm_display_helper]\n[ 66.777901] drm_dp_check_and_send_link_address+0x187/0x1f0 [drm_display_helper]\n[ 66.777909] drm_dp_mst_link_probe_work+0x2b8/0x410 [drm_display_helper]\n[ 66.777917] process_one_work+0x86b/0x1510\n[ 66.777919] worker_thread+0x5c0/0xfa0\n[ 66.777922] kthread+0x3a2/0x840\n[ 66.777925] ret_from_fork+0x40/0x90\n[ 66.777927] ret_from_fork_asm+0x11/0x20\n\n[ 66.777932] Freed by task 1713:\n[ 66.777935] kasan_save_stack+0x39/0x60\n[ 66.777938] kasan_save_track+0x14/0x40\n[ 66.777940] kasan_save_free_info+0x3b/0x60\n[ 66.777944] __kasan_slab_free+0x52/0x70\n[ 66.777946] kfree+0x13f/0x4b0\n[ 66.777949] dm_dp_mst_connector_destroy+0xfa/0x150 [amdgpu]\n[ 66.778179] drm_connector_free+0x7d/0xb0\n[ 66.778184] drm_mode_object_put.part.0+0xee/0x160\n[ 66.778188] drm_mode_object_put+0x37/0x50\n[ 66.778191] drm_atomic_state_default_clear+0x220/0xd60\n[ 66.778194] __drm_atomic_state_free+0x16e/0x2a0\n[ 66.778197] drm_mode_atomic_ioctl+0x15ed/0x2ba0\n[ 66.778200] drm_ioctl_kernel+0x17a/0x310\n[ 66.778203] drm_ioctl+0x584/0xd10\n[ 66.778206] amdgpu_drm_ioctl+0xd2/0x1c0 [amdgpu]\n[ 66.778375] __x64_sys_ioctl+0x139/0x1a0\n[ 66.778378] x64_sys_call+0xee7/0xfb0\n[ 66.778381] \n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 2, "nvd": 3, "oracle-oval": 3, "photon": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37903", "https://git.kernel.org/linus/be593d9d91c5a3a363d456b9aceb71029aeb3f1d (6.15-rc5)", "https://git.kernel.org/stable/c/3a782a83d130ceac6c98a87639ddd89640bff486", "https://git.kernel.org/stable/c/bbc66abcd297be67e3d835276e21e6fdc65205a6", "https://git.kernel.org/stable/c/be593d9d91c5a3a363d456b9aceb71029aeb3f1d", "https://git.kernel.org/stable/c/dd329f04dda35a66e0c9ed462ba91bd5f2c8be70", "https://git.kernel.org/stable/c/e25139c4aa5621f2db8e86688c33546cdd885e42", "https://linux.oracle.com/cve/CVE-2025-37903.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html", "https://lore.kernel.org/linux-cve-announce/2025052056-CVE-2025-37903-7d1f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37903", "https://ubuntu.com/security/notices/USN-7649-1", "https://ubuntu.com/security/notices/USN-7649-2", "https://ubuntu.com/security/notices/USN-7650-1", "https://ubuntu.com/security/notices/USN-7665-1", "https://ubuntu.com/security/notices/USN-7665-2", "https://ubuntu.com/security/notices/USN-7721-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-37903" ], "PublishedDate": "2025-05-20T16:15:26.683Z", "LastModifiedDate": "2025-11-17T18:08:45.87Z" }, { "VulnerabilityID": "CVE-2025-37907", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37907", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:228cac3bd4958ee2ea34d3d51af276ea8f73d036855b4548fe1542fa49e93a76", "Title": "kernel: accel/ivpu: Fix locking order in ivpu_job_submit", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/ivpu: Fix locking order in ivpu_job_submit\n\nFix deadlock in job submission and abort handling.\nWhen a thread aborts currently executing jobs due to a fault,\nit first locks the global lock protecting submitted_jobs (#1).\n\nAfter the last job is destroyed, it proceeds to release the related context\nand locks file_priv (#2). Meanwhile, in the job submission thread,\nthe file_priv lock (#2) is taken first, and then the submitted_jobs\nlock (#1) is obtained when a job is added to the submitted jobs list.\n\n CPU0 CPU1\n ---- \t ----\n (for example due to a fault) (jobs submissions keep coming)\n\n lock(\u0026vdev-\u003esubmitted_jobs_lock) #1\n ivpu_jobs_abort_all()\n job_destroy()\n lock(\u0026file_priv-\u003elock) #2\n lock(\u0026vdev-\u003esubmitted_jobs_lock) #1\n file_priv_release()\n lock(\u0026vdev-\u003econtext_list_lock)\n lock(\u0026file_priv-\u003elock) #2\n\nThis order of locking causes a deadlock. To resolve this issue,\nchange the order of locking in ivpu_job_submit().", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37907", "https://git.kernel.org/linus/ab680dc6c78aa035e944ecc8c48a1caab9f39924 (6.15-rc1)", "https://git.kernel.org/stable/c/079d2622f8c9e0c380149645fff21d35c59ce6ff", "https://git.kernel.org/stable/c/ab680dc6c78aa035e944ecc8c48a1caab9f39924", "https://git.kernel.org/stable/c/b9b70924a272c2d72023306bc56f521c056212ee", "https://linux.oracle.com/cve/CVE-2025-37907.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025052057-CVE-2025-37907-7b62@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37907", "https://ubuntu.com/security/notices/USN-7649-1", "https://ubuntu.com/security/notices/USN-7649-2", "https://ubuntu.com/security/notices/USN-7650-1", "https://ubuntu.com/security/notices/USN-7665-1", "https://ubuntu.com/security/notices/USN-7665-2", "https://ubuntu.com/security/notices/USN-7721-1", "https://www.cve.org/CVERecord?id=CVE-2025-37907" ], "PublishedDate": "2025-05-20T16:15:27.177Z", "LastModifiedDate": "2025-11-17T15:02:38.81Z" }, { "VulnerabilityID": "CVE-2025-37920", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37920", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:61babf576c7721e23d1677f248cd6beba3c3dd8ff5b1f3bf894c17879b961940", "Title": "kernel: xsk: Fix race condition in AF_XDP generic RX path", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: Fix race condition in AF_XDP generic RX path\n\nMove rx_lock from xsk_socket to xsk_buff_pool.\nFix synchronization for shared umem mode in\ngeneric RX path where multiple sockets share\nsingle xsk_buff_pool.\n\nRX queue is exclusive to xsk_socket, while FILL\nqueue can be shared between multiple sockets.\nThis could result in race condition where two\nCPU cores access RX path of two different sockets\nsharing the same umem.\n\nProtect both queues by acquiring spinlock in shared\nxsk_buff_pool.\n\nLock contention may be minimized in the future by some\nper-thread FQ buffering.\n\nIt's safe and necessary to move spin_lock_bh(rx_lock)\nafter xsk_rcv_check():\n* xs-\u003epool and spinlock_init is synchronized by\n xsk_bind() -\u003e xsk_is_bound() memory barriers.\n* xsk_rcv_check() may return true at the moment\n of xsk_release() or xsk_unbind_dev(),\n however this will not cause any data races or\n race conditions. xsk_unbind_dev() removes xdp\n socket from all maps and waits for completion\n of all outstanding rx operations. Packets in\n RX path will either complete safely or drop.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37920", "https://git.kernel.org/linus/a1356ac7749cafc4e27aa62c0c4604b5dca4983e (6.15-rc5)", "https://git.kernel.org/stable/c/65d3c570614b892257dc58a1b202908242ecf8fd", "https://git.kernel.org/stable/c/75a240a3e8abf17b9e00b0ef0492b1bbaa932251", "https://git.kernel.org/stable/c/975b372313dc018b9bd6cc0d85d188787054b19e", "https://git.kernel.org/stable/c/a1356ac7749cafc4e27aa62c0c4604b5dca4983e", "https://git.kernel.org/stable/c/b6978c565ce33658543c637060852434b4248d30", "https://linux.oracle.com/cve/CVE-2025-37920.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025052002-CVE-2025-37920-304d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37920", "https://ubuntu.com/security/notices/USN-7649-1", "https://ubuntu.com/security/notices/USN-7649-2", "https://ubuntu.com/security/notices/USN-7650-1", "https://ubuntu.com/security/notices/USN-7665-1", "https://ubuntu.com/security/notices/USN-7665-2", "https://ubuntu.com/security/notices/USN-7721-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-37920" ], "PublishedDate": "2025-05-20T16:15:28.603Z", "LastModifiedDate": "2026-03-17T15:50:29.817Z" }, { "VulnerabilityID": "CVE-2025-37924", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37924", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:889826ec7fc27498b7551597c0d2876c8189555f43840c8e93bf2e8d2734a25f", "Title": "kernel: ksmbd: fix use-after-free in kerberos authentication", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix use-after-free in kerberos authentication\n\nSetting sess-\u003euser = NULL was introduced to fix the dangling pointer\ncreated by ksmbd_free_user. However, it is possible another thread could\nbe operating on the session and make use of sess-\u003euser after it has been\npassed to ksmbd_free_user but before sess-\u003euser is set to NULL.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 2, "nvd": 3, "oracle-oval": 3, "photon": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37924", "https://git.kernel.org/linus/e86e9134e1d1c90a960dd57f59ce574d27b9a124 (6.15-rc5)", "https://git.kernel.org/stable/c/28c756738af44a404a91b77830d017bb0c525890", "https://git.kernel.org/stable/c/b447463562238428503cfba1c913261047772f90", "https://git.kernel.org/stable/c/e18c616718018dfc440e4a2d2b94e28fe91b1861", "https://git.kernel.org/stable/c/e34a33d5d7e87399af0a138bb32f6a3e95dd83d2", "https://git.kernel.org/stable/c/e86e9134e1d1c90a960dd57f59ce574d27b9a124", "https://linux.oracle.com/cve/CVE-2025-37924.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html", "https://lore.kernel.org/linux-cve-announce/2025052004-CVE-2025-37924-ec7d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37924", "https://ubuntu.com/security/notices/USN-7649-1", "https://ubuntu.com/security/notices/USN-7649-2", "https://ubuntu.com/security/notices/USN-7650-1", "https://ubuntu.com/security/notices/USN-7665-1", "https://ubuntu.com/security/notices/USN-7665-2", "https://ubuntu.com/security/notices/USN-7721-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-37924" ], "PublishedDate": "2025-05-20T16:15:29.037Z", "LastModifiedDate": "2026-04-02T09:16:18.963Z" }, { "VulnerabilityID": "CVE-2025-37926", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37926", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:758fce25f437c1956da498a0636809328d043cfcf65fc76465c7641b83197702", "Title": "kernel: ksmbd: fix use-after-free in ksmbd_session_rpc_open", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix use-after-free in ksmbd_session_rpc_open\n\nA UAF issue can occur due to a race condition between\nksmbd_session_rpc_open() and __session_rpc_close().\nAdd rpc_lock to the session to protect it.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 3, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37926", "https://git.kernel.org/linus/a1f46c99d9ea411f9bf30025b912d881d36fc709 (6.15-rc5)", "https://git.kernel.org/stable/c/1067361a1cc6ad9cdf7acfc47f90012b72ad1502", "https://git.kernel.org/stable/c/6323fec65fe54b365961fed260dd579191e46121", "https://git.kernel.org/stable/c/8fb3b6c85b7e3127161623586b62abcc366caa20", "https://git.kernel.org/stable/c/a1f46c99d9ea411f9bf30025b912d881d36fc709", "https://git.kernel.org/stable/c/a4348710a7267705b75692dc1a000920481d1d92", "https://linux.oracle.com/cve/CVE-2025-37926.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025052004-CVE-2025-37926-cf39@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37926", "https://ubuntu.com/security/notices/USN-7649-1", "https://ubuntu.com/security/notices/USN-7649-2", "https://ubuntu.com/security/notices/USN-7650-1", "https://ubuntu.com/security/notices/USN-7665-1", "https://ubuntu.com/security/notices/USN-7665-2", "https://ubuntu.com/security/notices/USN-7721-1", "https://www.cve.org/CVERecord?id=CVE-2025-37926" ], "PublishedDate": "2025-05-20T16:15:29.14Z", "LastModifiedDate": "2026-03-17T15:46:45.43Z" }, { "VulnerabilityID": "CVE-2025-37928", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37928", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2211b32971a51d588094d5707ec4a8c2f763b1bfdde561c1bd9cb2b54460779f", "Title": "kernel: dm-bufio: don't schedule in atomic context", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-bufio: don't schedule in atomic context\n\nA BUG was reported as below when CONFIG_DEBUG_ATOMIC_SLEEP and\ntry_verify_in_tasklet are enabled.\n[ 129.444685][ T934] BUG: sleeping function called from invalid context at drivers/md/dm-bufio.c:2421\n[ 129.444723][ T934] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 934, name: kworker/1:4\n[ 129.444740][ T934] preempt_count: 201, expected: 0\n[ 129.444756][ T934] RCU nest depth: 0, expected: 0\n[ 129.444781][ T934] Preemption disabled at:\n[ 129.444789][ T934] [\u003cffffffd816231900\u003e] shrink_work+0x21c/0x248\n[ 129.445167][ T934] kernel BUG at kernel/sched/walt/walt_debug.c:16!\n[ 129.445183][ T934] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\n[ 129.445204][ T934] Skip md ftrace buffer dump for: 0x1609e0\n[ 129.447348][ T934] CPU: 1 PID: 934 Comm: kworker/1:4 Tainted: G W OE 6.6.56-android15-8-o-g6f82312b30b9-debug #1 1400000003000000474e5500b3187743670464e8\n[ 129.447362][ T934] Hardware name: Qualcomm Technologies, Inc. Parrot QRD, Alpha-M (DT)\n[ 129.447373][ T934] Workqueue: dm_bufio_cache shrink_work\n[ 129.447394][ T934] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 129.447406][ T934] pc : android_rvh_schedule_bug+0x0/0x8 [sched_walt_debug]\n[ 129.447435][ T934] lr : __traceiter_android_rvh_schedule_bug+0x44/0x6c\n[ 129.447451][ T934] sp : ffffffc0843dbc90\n[ 129.447459][ T934] x29: ffffffc0843dbc90 x28: ffffffffffffffff x27: 0000000000000c8b\n[ 129.447479][ T934] x26: 0000000000000040 x25: ffffff804b3d6260 x24: ffffffd816232b68\n[ 129.447497][ T934] x23: ffffff805171c5b4 x22: 0000000000000000 x21: ffffffd816231900\n[ 129.447517][ T934] x20: ffffff80306ba898 x19: 0000000000000000 x18: ffffffc084159030\n[ 129.447535][ T934] x17: 00000000d2b5dd1f x16: 00000000d2b5dd1f x15: ffffffd816720358\n[ 129.447554][ T934] x14: 0000000000000004 x13: ffffff89ef978000 x12: 0000000000000003\n[ 129.447572][ T934] x11: ffffffd817a823c4 x10: 0000000000000202 x9 : 7e779c5735de9400\n[ 129.447591][ T934] x8 : ffffffd81560d004 x7 : 205b5d3938373434 x6 : ffffffd8167397c8\n[ 129.447610][ T934] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffffffc0843db9e0\n[ 129.447629][ T934] x2 : 0000000000002f15 x1 : 0000000000000000 x0 : 0000000000000000\n[ 129.447647][ T934] Call trace:\n[ 129.447655][ T934] android_rvh_schedule_bug+0x0/0x8 [sched_walt_debug 1400000003000000474e550080cce8a8a78606b6]\n[ 129.447681][ T934] __might_resched+0x190/0x1a8\n[ 129.447694][ T934] shrink_work+0x180/0x248\n[ 129.447706][ T934] process_one_work+0x260/0x624\n[ 129.447718][ T934] worker_thread+0x28c/0x454\n[ 129.447729][ T934] kthread+0x118/0x158\n[ 129.447742][ T934] ret_from_fork+0x10/0x20\n[ 129.447761][ T934] Code: ???????? ???????? ???????? d2b5dd1f (d4210000)\n[ 129.447772][ T934] ---[ end trace 0000000000000000 ]---\n\ndm_bufio_lock will call spin_lock_bh when try_verify_in_tasklet\nis enabled, and __scan will be called in atomic context.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 2.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37928", "https://git.kernel.org/linus/a3d8f0a7f5e8b193db509c7191fefeed3533fc44 (6.15-rc5)", "https://git.kernel.org/stable/c/69a37b3ba85088fc6b903b8e1db7f0a1d4d0b52d", "https://git.kernel.org/stable/c/a3d8f0a7f5e8b193db509c7191fefeed3533fc44", "https://git.kernel.org/stable/c/a99f5bf4f7197009859dbce14c12f8e2ce5a5a69", "https://git.kernel.org/stable/c/c8c83052283bcf2fdd467a33d1d2bd5ba36e935a", "https://git.kernel.org/stable/c/f45108257280e0a1cc951ce254853721b40c0812", "https://linux.oracle.com/cve/CVE-2025-37928.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html", "https://lore.kernel.org/linux-cve-announce/2025052005-CVE-2025-37928-66d3@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37928", "https://ubuntu.com/security/notices/USN-7649-1", "https://ubuntu.com/security/notices/USN-7649-2", "https://ubuntu.com/security/notices/USN-7650-1", "https://ubuntu.com/security/notices/USN-7665-1", "https://ubuntu.com/security/notices/USN-7665-2", "https://ubuntu.com/security/notices/USN-7721-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-37928" ], "PublishedDate": "2025-05-20T16:15:29.363Z", "LastModifiedDate": "2025-11-10T20:32:41.36Z" }, { "VulnerabilityID": "CVE-2025-37931", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37931", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:452446fda3a1d70dd3152f81189fc328cfe16e84ba9c40e90374058c1c2c5a19", "Title": "kernel: btrfs: adjust subpage bit start based on sectorsize", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: adjust subpage bit start based on sectorsize\n\nWhen running machines with 64k page size and a 16k nodesize we started\nseeing tree log corruption in production. This turned out to be because\nwe were not writing out dirty blocks sometimes, so this in fact affects\nall metadata writes.\n\nWhen writing out a subpage EB we scan the subpage bitmap for a dirty\nrange. If the range isn't dirty we do\n\n\tbit_start++;\n\nto move onto the next bit. The problem is the bitmap is based on the\nnumber of sectors that an EB has. So in this case, we have a 64k\npagesize, 16k nodesize, but a 4k sectorsize. This means our bitmap is 4\nbits for every node. With a 64k page size we end up with 4 nodes per\npage.\n\nTo make this easier this is how everything looks\n\n[0 16k 32k 48k ] logical address\n[0 4 8 12 ] radix tree offset\n[ 64k page ] folio\n[ 16k eb ][ 16k eb ][ 16k eb ][ 16k eb ] extent buffers\n[ | | | | | | | | | | | | | | | | ] bitmap\n\nNow we use all of our addressing based on fs_info-\u003esectorsize_bits, so\nas you can see the above our 16k eb-\u003estart turns into radix entry 4.\n\nWhen we find a dirty range for our eb, we correctly do bit_start +=\nsectors_per_node, because if we start at bit 0, the next bit for the\nnext eb is 4, to correspond to eb-\u003estart 16k.\n\nHowever if our range is clean, we will do bit_start++, which will now\nput us offset from our radix tree entries.\n\nIn our case, assume that the first time we check the bitmap the block is\nnot dirty, we increment bit_start so now it == 1, and then we loop\naround and check again. This time it is dirty, and we go to find that\nstart using the following equation\n\n\tstart = folio_start + bit_start * fs_info-\u003esectorsize;\n\nso in the case above, eb-\u003estart 0 is now dirty, and we calculate start\nas\n\n\t0 + 1 * fs_info-\u003esectorsize = 4096\n\t4096 \u003e\u003e 12 = 1\n\nNow we're looking up the radix tree for 1, and we won't find an eb.\nWhat's worse is now we're using bit_start == 1, so we do bit_start +=\nsectors_per_node, which is now 5. If that eb is dirty we will run into\nthe same thing, we will look at an offset that is not populated in the\nradix tree, and now we're skipping the writeout of dirty extent buffers.\n\nThe best fix for this is to not use sectorsize_bits to address nodes,\nbut that's a larger change. Since this is a fs corruption problem fix\nit simply by always using sectors_per_node to increment the start bit.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37931", "https://git.kernel.org/linus/e08e49d986f82c30f42ad0ed43ebbede1e1e3739 (6.15-rc5)", "https://git.kernel.org/stable/c/396f4002710030ea1cfd4c789ebaf0a6969ab34f", "https://git.kernel.org/stable/c/5111b148360f50cac9abbae8fca44cc0ac4bf9bf", "https://git.kernel.org/stable/c/977849e8acd2466ac3cb49e04a3ecc73837f6b90", "https://git.kernel.org/stable/c/b80db09b614cb7edec5bada1bc7c7b0eb3b453ea", "https://git.kernel.org/stable/c/e08e49d986f82c30f42ad0ed43ebbede1e1e3739", "https://linux.oracle.com/cve/CVE-2025-37931.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025052006-CVE-2025-37931-e247@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37931", "https://ubuntu.com/security/notices/USN-7649-1", "https://ubuntu.com/security/notices/USN-7649-2", "https://ubuntu.com/security/notices/USN-7650-1", "https://ubuntu.com/security/notices/USN-7665-1", "https://ubuntu.com/security/notices/USN-7665-2", "https://ubuntu.com/security/notices/USN-7721-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-37931" ], "PublishedDate": "2025-05-20T16:15:29.713Z", "LastModifiedDate": "2025-12-19T16:59:37.937Z" }, { "VulnerabilityID": "CVE-2025-37938", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37938", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a24b0c56fabf0db99b086f44fed79d0a5defd7243d11c2ca02becf319d000bc7", "Title": "kernel: tracing: Verify event formats that have \"%*p..\"", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Verify event formats that have \"%*p..\"\n\nThe trace event verifier checks the formats of trace events to make sure\nthat they do not point at memory that is not in the trace event itself or\nin data that will never be freed. If an event references data that was\nallocated when the event triggered and that same data is freed before the\nevent is read, then the kernel can crash by reading freed memory.\n\nThe verifier runs at boot up (or module load) and scans the print formats\nof the events and checks their arguments to make sure that dereferenced\npointers are safe. If the format uses \"%*p..\" the verifier will ignore it,\nand that could be dangerous. Cover this case as well.\n\nAlso add to the sample code a use case of \"%*pbl\".", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 3, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37938", "https://git.kernel.org/linus/ea8d7647f9ddf1f81e2027ed305299797299aa03 (6.15-rc1)", "https://git.kernel.org/stable/c/03127354027508d076073b020d3070990fd6a958", "https://git.kernel.org/stable/c/04b80d45ecfaf780981d6582899e3ab205e4aa08", "https://git.kernel.org/stable/c/4d11fac941d83509be4e6a21038281d6d96da50c", "https://git.kernel.org/stable/c/6854c87ac823181c810f8c07489ba543260c0023", "https://git.kernel.org/stable/c/c7204fd1758c0caf1938e8a59809a1fdf28a8114", "https://git.kernel.org/stable/c/ea8d7647f9ddf1f81e2027ed305299797299aa03", "https://linux.oracle.com/cve/CVE-2025-37938.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html", "https://lore.kernel.org/linux-cve-announce/2025052047-CVE-2025-37938-30a4@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37938", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-37938" ], "PublishedDate": "2025-05-20T16:15:31.127Z", "LastModifiedDate": "2025-12-19T17:44:09.66Z" }, { "VulnerabilityID": "CVE-2025-37943", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37943", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c19f78f96300a910fde3d8c587d520b868bafafe01bc48cf4b816243dad9fb07", "Title": "kernel: wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi\n\nIn certain cases, hardware might provide packets with a\nlength greater than the maximum native Wi-Fi header length.\nThis can lead to accessing and modifying fields in the header\nwithin the ath12k_dp_rx_h_undecap_nwifi function for\nDP_RX_DECAP_TYPE_NATIVE_WIFI decap type and\npotentially resulting in invalid data access and memory corruption.\n\nAdd a sanity check before processing the SKB to prevent invalid\ndata access in the undecap native Wi-Fi function for the\nDP_RX_DECAP_TYPE_NATIVE_WIFI decap type.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 3, "nvd": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:8643", "https://access.redhat.com/security/cve/CVE-2025-37943", "https://bugzilla.redhat.com/2356587", "https://bugzilla.redhat.com/2356639", "https://bugzilla.redhat.com/2357143", "https://bugzilla.redhat.com/2360300", "https://bugzilla.redhat.com/2360921", "https://bugzilla.redhat.com/2367748", "https://bugzilla.redhat.com/show_bug.cgi?id=2356587", "https://bugzilla.redhat.com/show_bug.cgi?id=2356639", "https://bugzilla.redhat.com/show_bug.cgi?id=2357143", "https://bugzilla.redhat.com/show_bug.cgi?id=2360300", "https://bugzilla.redhat.com/show_bug.cgi?id=2360921", "https://bugzilla.redhat.com/show_bug.cgi?id=2367748", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21920", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21926", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21997", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22055", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37785", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37943", "https://errata.almalinux.org/9/ALSA-2025-8643.html", "https://errata.rockylinux.org/RLSA-2025:8643", "https://git.kernel.org/linus/9a0dddfb30f120db3851627935851d262e4e7acb (6.15-rc1)", "https://git.kernel.org/stable/c/3abe15e756481c45f6acba3d476cb3ca4afc3b61", "https://git.kernel.org/stable/c/50be1fb76556e80af9f5da80f28168b6c71bce58", "https://git.kernel.org/stable/c/6ee653194ddb83674913fd2727b8ecfae0597ade", "https://git.kernel.org/stable/c/7f1d986da5c6abb75ffe4d0d325fc9b341c41a1c", "https://git.kernel.org/stable/c/9a0dddfb30f120db3851627935851d262e4e7acb", "https://linux.oracle.com/cve/CVE-2025-37943.html", "https://linux.oracle.com/errata/ELSA-2025-8669.html", "https://lore.kernel.org/linux-cve-announce/2025052043-CVE-2025-37943-9cf8@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37943", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-37943" ], "PublishedDate": "2025-05-20T16:15:32.133Z", "LastModifiedDate": "2025-11-17T12:57:46.727Z" }, { "VulnerabilityID": "CVE-2025-37944", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37944", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:49372b500d7e33d4e0793acdbec41b8bdbdfc5a6d1907229dd7982cdff3dd000", "Title": "kernel: wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process\n\nCurrently, ath12k_dp_mon_srng_process uses ath12k_hal_srng_src_get_next_entry\nto fetch the next entry from the destination ring. This is incorrect because\nath12k_hal_srng_src_get_next_entry is intended for source rings, not destination\nrings. This leads to invalid entry fetches, causing potential data corruption or\ncrashes due to accessing incorrect memory locations. This happens because the\nsource ring and destination ring have different handling mechanisms and using\nthe wrong function results in incorrect pointer arithmetic and ring management.\n\nTo fix this issue, replace the call to ath12k_hal_srng_src_get_next_entry with\nath12k_hal_srng_dst_get_next_entry in ath12k_dp_mon_srng_process. This ensures\nthat the correct function is used for fetching entries from the destination\nring, preventing invalid memory accesses.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1\nTested-on: WCN7850 hw2.0 WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "nvd": 3, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37944", "https://git.kernel.org/linus/63fdc4509bcf483e79548de6bc08bf3c8e504bb3 (6.15-rc1)", "https://git.kernel.org/stable/c/298f0aea5cb32b5038f991f5db201a0fcbb9a31b", "https://git.kernel.org/stable/c/2c512f2eadabb1e80816116894ffaf7d802a944e", "https://git.kernel.org/stable/c/63fdc4509bcf483e79548de6bc08bf3c8e504bb3", "https://git.kernel.org/stable/c/ab7edf42ce800eb34d2f73dd7271b826661a06a5", "https://git.kernel.org/stable/c/b6a3b2b2cead103089d3bb7a57d8209bdfa5399d", "https://linux.oracle.com/cve/CVE-2025-37944.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025052044-CVE-2025-37944-5e94@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37944", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-37944" ], "PublishedDate": "2025-05-20T16:15:32.31Z", "LastModifiedDate": "2025-11-17T12:57:39.79Z" }, { "VulnerabilityID": "CVE-2025-37945", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37945", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3cfc1fd37a6f9cea25abfbed853776a2ddd1b794c20c1ae2b3cff65e48e3dc66", "Title": "kernel: net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY\n\nDSA has 2 kinds of drivers:\n\n1. Those who call dsa_switch_suspend() and dsa_switch_resume() from\n their device PM ops: qca8k-8xxx, bcm_sf2, microchip ksz\n2. Those who don't: all others. The above methods should be optional.\n\nFor type 1, dsa_switch_suspend() calls dsa_user_suspend() -\u003e phylink_stop(),\nand dsa_switch_resume() calls dsa_user_resume() -\u003e phylink_start().\nThese seem good candidates for setting mac_managed_pm = true because\nthat is essentially its definition [1], but that does not seem to be the\nbiggest problem for now, and is not what this change focuses on.\n\nTalking strictly about the 2nd category of DSA drivers here (which\ndo not have MAC managed PM, meaning that for their attached PHYs,\nmdio_bus_phy_suspend() and mdio_bus_phy_resume() should run in full),\nI have noticed that the following warning from mdio_bus_phy_resume() is\ntriggered:\n\n\tWARN_ON(phydev-\u003estate != PHY_HALTED \u0026\u0026 phydev-\u003estate != PHY_READY \u0026\u0026\n\t\tphydev-\u003estate != PHY_UP);\n\nbecause the PHY state machine is running.\n\nIt's running as a result of a previous dsa_user_open() -\u003e ... -\u003e\nphylink_start() -\u003e phy_start() having been initiated by the user.\n\nThe previous mdio_bus_phy_suspend() was supposed to have called\nphy_stop_machine(), but it didn't. So this is why the PHY is in state\nPHY_NOLINK by the time mdio_bus_phy_resume() runs.\n\nmdio_bus_phy_suspend() did not call phy_stop_machine() because for\nphylink, the phydev-\u003eadjust_link function pointer is NULL. This seems a\ntechnicality introduced by commit fddd91016d16 (\"phylib: fix PAL state\nmachine restart on resume\"). That commit was written before phylink\nexisted, and was intended to avoid crashing with consumer drivers which\ndon't use the PHY state machine - phylink always does, when using a PHY.\nBut phylink itself has historically not been developed with\nsuspend/resume in mind, and apparently not tested too much in that\nscenario, allowing this bug to exist unnoticed for so long. Plus, prior\nto the WARN_ON(), it would have likely been invisible.\n\nThis issue is not in fact restricted to type 2 DSA drivers (according to\nthe above ad-hoc classification), but can be extrapolated to any MAC\ndriver with phylink and MDIO-bus-managed PHY PM ops. DSA is just where\nthe issue was reported. Assuming mac_managed_pm is set correctly, a\nquick search indicates the following other drivers might be affected:\n\n$ grep -Zlr PHYLINK_NETDEV drivers/ | xargs -0 grep -L mac_managed_pm\ndrivers/net/ethernet/atheros/ag71xx.c\ndrivers/net/ethernet/microchip/sparx5/sparx5_main.c\ndrivers/net/ethernet/microchip/lan966x/lan966x_main.c\ndrivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c\ndrivers/net/ethernet/freescale/fs_enet/fs_enet-main.c\ndrivers/net/ethernet/freescale/dpaa/dpaa_eth.c\ndrivers/net/ethernet/freescale/ucc_geth.c\ndrivers/net/ethernet/freescale/enetc/enetc_pf_common.c\ndrivers/net/ethernet/marvell/mvpp2/mvpp2_main.c\ndrivers/net/ethernet/marvell/mvneta.c\ndrivers/net/ethernet/marvell/prestera/prestera_main.c\ndrivers/net/ethernet/mediatek/mtk_eth_soc.c\ndrivers/net/ethernet/altera/altera_tse_main.c\ndrivers/net/ethernet/wangxun/txgbe/txgbe_phy.c\ndrivers/net/ethernet/meta/fbnic/fbnic_phylink.c\ndrivers/net/ethernet/tehuti/tn40_phy.c\ndrivers/net/ethernet/mscc/ocelot_net.c\n\nMake the existing conditions dependent on the PHY device having a\nphydev-\u003ephy_link_change() implementation equal to the default\nphy_link_change() provided by phylib. Otherwise, we implicitly know that\nthe phydev has the phylink-provided phylink_phy_change() callback, and\nwhen phylink is used, the PHY state machine always needs to be stopped/\nstarted on the suspend/resume path. The code is structured as such that\nif phydev-\u003ephy_link_change() is absent, it is a matter of time until the\nkernel will crash - no need to further complicate the test.\n\nThus, for the situation where the PM is not managed b\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 2.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37945", "https://git.kernel.org/linus/fc75ea20ffb452652f0d4033f38fe88d7cfdae35 (6.15-rc2)", "https://git.kernel.org/stable/c/043aa41c43f8cb9cce75367ea07895ce68b5abb0", "https://git.kernel.org/stable/c/54e5d00a8de6c13f6c01a94ed48025e882cd15f7", "https://git.kernel.org/stable/c/a6ed6f8ec81b8ca7100dcd9e62bdbc0dff1b2259", "https://git.kernel.org/stable/c/bd4037d51d3f6667636a1383e78e48a5b7b60755", "https://git.kernel.org/stable/c/fc75ea20ffb452652f0d4033f38fe88d7cfdae35", "https://linux.oracle.com/cve/CVE-2025-37945.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025052044-CVE-2025-37945-7849@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37945", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-37945" ], "PublishedDate": "2025-05-20T16:15:32.453Z", "LastModifiedDate": "2026-01-30T10:15:54.597Z" }, { "VulnerabilityID": "CVE-2025-37947", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37947", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c98290de4cb59e734e1eb4870a1e3e100220c68ff8cc3bbf01bccbd01ac7ae9e", "Title": "kernel: ksmbd: prevent out-of-bounds stream writes by validating *pos", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: prevent out-of-bounds stream writes by validating *pos\n\nksmbd_vfs_stream_write() did not validate whether the write offset\n(*pos) was within the bounds of the existing stream data length (v_len).\nIf *pos was greater than or equal to v_len, this could lead to an\nout-of-bounds memory write.\n\nThis patch adds a check to ensure *pos is less than v_len before\nproceeding. If the condition fails, -EINVAL is returned.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "azure": 2, "nvd": 3, "oracle-oval": 3, "photon": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37947", "https://git.kernel.org/linus/0ca6df4f40cf4c32487944aaf48319cb6c25accc (6.15-rc6)", "https://git.kernel.org/stable/c/04c8a38c60346bb5a7c49b276de7233f703ce9cb", "https://git.kernel.org/stable/c/0ca6df4f40cf4c32487944aaf48319cb6c25accc", "https://git.kernel.org/stable/c/7f61da79df86fd140c7768e668ad846bfa7ec8e1", "https://git.kernel.org/stable/c/d62ba16563a86aae052f96d270b3b6f78fca154c", "https://git.kernel.org/stable/c/e6356499fd216ed6343ae0363f4c9303f02c5034", "https://github.com/doyensec/KSMBD-CVE-2025-37947/blob/main/CVE-2025-37947.c", "https://linux.oracle.com/cve/CVE-2025-37947.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html", "https://lore.kernel.org/linux-cve-announce/2025052059-CVE-2025-37947-8c07@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37947", "https://ubuntu.com/security/notices/USN-7699-1", "https://ubuntu.com/security/notices/USN-7699-2", "https://ubuntu.com/security/notices/USN-7721-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-37947" ], "PublishedDate": "2025-05-20T16:15:32.677Z", "LastModifiedDate": "2026-03-17T15:56:07.19Z" }, { "VulnerabilityID": "CVE-2025-37951", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37951", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:097208e965a2f3c94e3f7e089d5ddf53167dfdccf82106b63d4eb2a7ebb12c8a", "Title": "kernel: drm/v3d: Add job to pending list if the reset was skipped", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Add job to pending list if the reset was skipped\n\nWhen a CL/CSD job times out, we check if the GPU has made any progress\nsince the last timeout. If so, instead of resetting the hardware, we skip\nthe reset and let the timer get rearmed. This gives long-running jobs a\nchance to complete.\n\nHowever, when `timedout_job()` is called, the job in question is removed\nfrom the pending list, which means it won't be automatically freed through\n`free_job()`. Consequently, when we skip the reset and keep the job\nrunning, the job won't be freed when it finally completes.\n\nThis situation leads to a memory leak, as exposed in [1] and [2].\n\nSimilarly to commit 704d3d60fec4 (\"drm/etnaviv: don't block scheduler when\nGPU is still active\"), this patch ensures the job is put back on the\npending list when extending the timeout.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "photon": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37951", "https://git.kernel.org/linus/35e4079bf1a2570abffce6ababa631afcf8ea0e5 (6.15-rc6)", "https://git.kernel.org/stable/c/12125f7d9c15e6d8ac91d10373b2db2f17dcf767", "https://git.kernel.org/stable/c/35e4079bf1a2570abffce6ababa631afcf8ea0e5", "https://git.kernel.org/stable/c/422a8b10ba42097a704d6909ada2956f880246f2", "https://git.kernel.org/stable/c/5235b56b7e5449d990d21d78723b1a5e7bb5738e", "https://git.kernel.org/stable/c/a5f162727b91e480656da1876247a91f651f76de", "https://linux.oracle.com/cve/CVE-2025-37951.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html", "https://lore.kernel.org/linux-cve-announce/2025052001-CVE-2025-37951-1e36@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37951", "https://ubuntu.com/security/notices/USN-7699-1", "https://ubuntu.com/security/notices/USN-7699-2", "https://ubuntu.com/security/notices/USN-7721-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-37951" ], "PublishedDate": "2025-05-20T16:15:33.22Z", "LastModifiedDate": "2025-12-17T20:05:00.5Z" }, { "VulnerabilityID": "CVE-2025-37952", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37952", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:30ce22193fcda1c51b80f80cc98726ea4183a924ceae94415cc5d5f233eaafe1", "Title": "kernel: ksmbd: Fix UAF in __close_file_table_ids", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: Fix UAF in __close_file_table_ids\n\nA use-after-free is possible if one thread destroys the file\nvia __ksmbd_close_fd while another thread holds a reference to\nit. The existing checks on fp-\u003erefcount are not sufficient to\nprevent this.\n\nThe fix takes ft-\u003elock around the section which removes the\nfile from the file table. This prevents two threads acquiring the\nsame file pointer via __close_file_table_ids, as well as the other\nfunctions which retrieve a file from the IDR and which already use\nthis same lock.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 2, "nvd": 3, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37952", "https://git.kernel.org/linus/36991c1ccde2d5a521577c448ffe07fcccfe104d (6.15-rc6)", "https://git.kernel.org/stable/c/16727e442568a46d9cca69fe2595896de86e120d", "https://git.kernel.org/stable/c/36991c1ccde2d5a521577c448ffe07fcccfe104d", "https://git.kernel.org/stable/c/9e9841e232b51171ddf3bc4ee517d5d28dc8cad6", "https://git.kernel.org/stable/c/fec1f9e9a650e8e7011330a085c77e7bf2a08ea9", "https://linux.oracle.com/cve/CVE-2025-37952.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025052001-CVE-2025-37952-299d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37952", "https://ubuntu.com/security/notices/USN-7699-1", "https://ubuntu.com/security/notices/USN-7699-2", "https://ubuntu.com/security/notices/USN-7721-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-37952" ], "PublishedDate": "2025-05-20T16:15:33.353Z", "LastModifiedDate": "2025-11-17T12:57:06.88Z" }, { "VulnerabilityID": "CVE-2025-37954", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37954", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e7876e7d8a025ec916b805f46a8475ae5f6f20d9c71a1aaadc6bf5d7d03ba3cf", "Title": "kernel: smb: client: Avoid race in open_cached_dir with lease breaks", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: Avoid race in open_cached_dir with lease breaks\n\nA pre-existing valid cfid returned from find_or_create_cached_dir might\nrace with a lease break, meaning open_cached_dir doesn't consider it\nvalid, and thinks it's newly-constructed. This leaks a dentry reference\nif the allocation occurs before the queued lease break work runs.\n\nAvoid the race by extending holding the cfid_list_lock across\nfind_or_create_cached_dir and when the result is checked.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37954", "https://git.kernel.org/linus/3ca02e63edccb78ef3659bebc68579c7224a6ca2 (6.15-rc6)", "https://git.kernel.org/stable/c/2407265dc32bc8cc45b62a612c2a214ba9038e8b", "https://git.kernel.org/stable/c/2ed98e89ebc2e1bc73534dc3c18cb7843a889ff9", "https://git.kernel.org/stable/c/3ca02e63edccb78ef3659bebc68579c7224a6ca2", "https://git.kernel.org/stable/c/571dcf3d27b24800c171aea7b5e04ff06d10e2e9", "https://linux.oracle.com/cve/CVE-2025-37954.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025052002-CVE-2025-37954-6751@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37954", "https://ubuntu.com/security/notices/USN-7699-1", "https://ubuntu.com/security/notices/USN-7699-2", "https://ubuntu.com/security/notices/USN-7721-1", "https://ubuntu.com/security/notices/USN-7775-1", "https://ubuntu.com/security/notices/USN-7775-2", "https://ubuntu.com/security/notices/USN-7775-3", "https://ubuntu.com/security/notices/USN-7802-1", "https://ubuntu.com/security/notices/USN-7809-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://www.cve.org/CVERecord?id=CVE-2025-37954" ], "PublishedDate": "2025-05-20T16:15:33.603Z", "LastModifiedDate": "2025-11-14T17:03:37.727Z" }, { "VulnerabilityID": "CVE-2025-37956", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37956", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:006a95b051d67d21c1e7ebafd6a135cb69e55913b5e8f3683d1b6b9298c40447", "Title": "kernel: ksmbd: prevent rename with empty string", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: prevent rename with empty string\n\nClient can send empty newname string to ksmbd server.\nIt will cause a kernel oops from d_alloc.\nThis patch return the error when attempting to rename\na file or directory with an empty new name string.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37956", "https://git.kernel.org/linus/53e3e5babc0963a92d856a5ec0ce92c59f54bc12 (6.15-rc6)", "https://git.kernel.org/stable/c/53e3e5babc0963a92d856a5ec0ce92c59f54bc12", "https://git.kernel.org/stable/c/6ee551672c8cf36108b0cfba92ec0c7c28ac3439", "https://git.kernel.org/stable/c/c57301e332cc413fe0a7294a90725f4e21e9549d", "https://git.kernel.org/stable/c/d7f2c00acb1ef64304fd40ac507e9213ff1d9b5c", "https://linux.oracle.com/cve/CVE-2025-37956.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025052002-CVE-2025-37956-a6aa@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37956", "https://ubuntu.com/security/notices/USN-7699-1", "https://ubuntu.com/security/notices/USN-7699-2", "https://ubuntu.com/security/notices/USN-7721-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-37956" ], "PublishedDate": "2025-05-20T16:15:33.813Z", "LastModifiedDate": "2025-11-14T17:03:15.11Z" }, { "VulnerabilityID": "CVE-2025-37959", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37959", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4c1f0e70313d997ea24b1010dd7089ffcc3df27886979e6068d4bc9aacbeb215", "Title": "kernel: bpf: Scrub packet on bpf_redirect_peer", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Scrub packet on bpf_redirect_peer\n\nWhen bpf_redirect_peer is used to redirect packets to a device in\nanother network namespace, the skb isn't scrubbed. That can lead skb\ninformation from one namespace to be \"misused\" in another namespace.\n\nAs one example, this is causing Cilium to drop traffic when using\nbpf_redirect_peer to redirect packets that just went through IPsec\ndecryption to a container namespace. The following pwru trace shows (1)\nthe packet path from the host's XFRM layer to the container's XFRM\nlayer where it's dropped and (2) the number of active skb extensions at\neach function.\n\n NETNS MARK IFACE TUPLE FUNC\n 4026533547 d00 eth0 10.244.3.124:35473-\u003e10.244.2.158:53 xfrm_rcv_cb\n .active_extensions = (__u8)2,\n 4026533547 d00 eth0 10.244.3.124:35473-\u003e10.244.2.158:53 xfrm4_rcv_cb\n .active_extensions = (__u8)2,\n 4026533547 d00 eth0 10.244.3.124:35473-\u003e10.244.2.158:53 gro_cells_receive\n .active_extensions = (__u8)2,\n [...]\n 4026533547 0 eth0 10.244.3.124:35473-\u003e10.244.2.158:53 skb_do_redirect\n .active_extensions = (__u8)2,\n 4026534999 0 eth0 10.244.3.124:35473-\u003e10.244.2.158:53 ip_rcv\n .active_extensions = (__u8)2,\n 4026534999 0 eth0 10.244.3.124:35473-\u003e10.244.2.158:53 ip_rcv_core\n .active_extensions = (__u8)2,\n [...]\n 4026534999 0 eth0 10.244.3.124:35473-\u003e10.244.2.158:53 udp_queue_rcv_one_skb\n .active_extensions = (__u8)2,\n 4026534999 0 eth0 10.244.3.124:35473-\u003e10.244.2.158:53 __xfrm_policy_check\n .active_extensions = (__u8)2,\n 4026534999 0 eth0 10.244.3.124:35473-\u003e10.244.2.158:53 __xfrm_decode_session\n .active_extensions = (__u8)2,\n 4026534999 0 eth0 10.244.3.124:35473-\u003e10.244.2.158:53 security_xfrm_decode_session\n .active_extensions = (__u8)2,\n 4026534999 0 eth0 10.244.3.124:35473-\u003e10.244.2.158:53 kfree_skb_reason(SKB_DROP_REASON_XFRM_POLICY)\n .active_extensions = (__u8)2,\n\nIn this case, there are no XFRM policies in the container's network\nnamespace so the drop is unexpected. When we decrypt the IPsec packet,\nthe XFRM state used for decryption is set in the skb extensions. This\ninformation is preserved across the netns switch. When we reach the\nXFRM policy check in the container's netns, __xfrm_policy_check drops\nthe packet with LINUX_MIB_XFRMINNOPOLS because a (container-side) XFRM\npolicy can't be found that matches the (host-side) XFRM state used for\ndecryption.\n\nThis patch fixes this by scrubbing the packet when using\nbpf_redirect_peer, as is done on typical netns switches via veth\ndevices except skb-\u003emark and skb-\u003etstamp are not zeroed.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37959", "https://git.kernel.org/linus/c4327229948879814229b46aa26a750718888503 (6.15-rc6)", "https://git.kernel.org/stable/c/355b0526336c0bf2bf7feaca033568ede524f763", "https://git.kernel.org/stable/c/9e15ef33ba39fb6d9d1f51445957f16983a9437a", "https://git.kernel.org/stable/c/b37e54259cab4f78b53953d6f6268b85f07bef3e", "https://git.kernel.org/stable/c/c4327229948879814229b46aa26a750718888503", "https://git.kernel.org/stable/c/de1067cc8cf0e8c11ae20cbe5c467aef19d04ded", "https://linux.oracle.com/cve/CVE-2025-37959.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html", "https://lore.kernel.org/linux-cve-announce/2025052004-CVE-2025-37959-1d15@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37959", "https://ubuntu.com/security/notices/USN-7699-1", "https://ubuntu.com/security/notices/USN-7699-2", "https://ubuntu.com/security/notices/USN-7721-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-37959" ], "PublishedDate": "2025-05-20T16:15:34.143Z", "LastModifiedDate": "2025-12-16T20:38:15.677Z" }, { "VulnerabilityID": "CVE-2025-37961", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37961", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5f11ec0fdc4d4c8494db1e45e6664c79483efdc18b744300f79c622bfd60e618", "Title": "kernel: ipvs: fix uninit-value for saddr in do_output_route4", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix uninit-value for saddr in do_output_route4\n\nsyzbot reports for uninit-value for the saddr argument [1].\ncommit 4754957f04f5 (\"ipvs: do not use random local source address for\ntunnels\") already implies that the input value of saddr\nshould be ignored but the code is still reading it which can prevent\nto connect the route. Fix it by changing the argument to ret_saddr.\n\n[1]\nBUG: KMSAN: uninit-value in do_output_route4+0x42c/0x4d0 net/netfilter/ipvs/ip_vs_xmit.c:147\n do_output_route4+0x42c/0x4d0 net/netfilter/ipvs/ip_vs_xmit.c:147\n __ip_vs_get_out_rt+0x403/0x21d0 net/netfilter/ipvs/ip_vs_xmit.c:330\n ip_vs_tunnel_xmit+0x205/0x2380 net/netfilter/ipvs/ip_vs_xmit.c:1136\n ip_vs_in_hook+0x1aa5/0x35b0 net/netfilter/ipvs/ip_vs_core.c:2063\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xf7/0x400 net/netfilter/core.c:626\n nf_hook include/linux/netfilter.h:269 [inline]\n __ip_local_out+0x758/0x7e0 net/ipv4/ip_output.c:118\n ip_local_out net/ipv4/ip_output.c:127 [inline]\n ip_send_skb+0x6a/0x3c0 net/ipv4/ip_output.c:1501\n udp_send_skb+0xfda/0x1b70 net/ipv4/udp.c:1195\n udp_sendmsg+0x2fe3/0x33c0 net/ipv4/udp.c:1483\n inet_sendmsg+0x1fc/0x280 net/ipv4/af_inet.c:851\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg+0x267/0x380 net/socket.c:727\n ____sys_sendmsg+0x91b/0xda0 net/socket.c:2566\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2620\n __sys_sendmmsg+0x41d/0x880 net/socket.c:2702\n __compat_sys_sendmmsg net/compat.c:360 [inline]\n __do_compat_sys_sendmmsg net/compat.c:367 [inline]\n __se_compat_sys_sendmmsg net/compat.c:364 [inline]\n __ia32_compat_sys_sendmmsg+0xc8/0x140 net/compat.c:364\n ia32_sys_call+0x3ffa/0x41f0 arch/x86/include/generated/asm/syscalls_32.h:346\n do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline]\n __do_fast_syscall_32+0xb0/0x110 arch/x86/entry/syscall_32.c:306\n do_fast_syscall_32+0x38/0x80 arch/x86/entry/syscall_32.c:331\n do_SYSENTER_32+0x1f/0x30 arch/x86/entry/syscall_32.c:369\n entry_SYSENTER_compat_after_hwframe+0x84/0x8e\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4167 [inline]\n slab_alloc_node mm/slub.c:4210 [inline]\n __kmalloc_cache_noprof+0x8fa/0xe00 mm/slub.c:4367\n kmalloc_noprof include/linux/slab.h:905 [inline]\n ip_vs_dest_dst_alloc net/netfilter/ipvs/ip_vs_xmit.c:61 [inline]\n __ip_vs_get_out_rt+0x35d/0x21d0 net/netfilter/ipvs/ip_vs_xmit.c:323\n ip_vs_tunnel_xmit+0x205/0x2380 net/netfilter/ipvs/ip_vs_xmit.c:1136\n ip_vs_in_hook+0x1aa5/0x35b0 net/netfilter/ipvs/ip_vs_core.c:2063\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xf7/0x400 net/netfilter/core.c:626\n nf_hook include/linux/netfilter.h:269 [inline]\n __ip_local_out+0x758/0x7e0 net/ipv4/ip_output.c:118\n ip_local_out net/ipv4/ip_output.c:127 [inline]\n ip_send_skb+0x6a/0x3c0 net/ipv4/ip_output.c:1501\n udp_send_skb+0xfda/0x1b70 net/ipv4/udp.c:1195\n udp_sendmsg+0x2fe3/0x33c0 net/ipv4/udp.c:1483\n inet_sendmsg+0x1fc/0x280 net/ipv4/af_inet.c:851\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg+0x267/0x380 net/socket.c:727\n ____sys_sendmsg+0x91b/0xda0 net/socket.c:2566\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2620\n __sys_sendmmsg+0x41d/0x880 net/socket.c:2702\n __compat_sys_sendmmsg net/compat.c:360 [inline]\n __do_compat_sys_sendmmsg net/compat.c:367 [inline]\n __se_compat_sys_sendmmsg net/compat.c:364 [inline]\n __ia32_compat_sys_sendmmsg+0xc8/0x140 net/compat.c:364\n ia32_sys_call+0x3ffa/0x41f0 arch/x86/include/generated/asm/syscalls_32.h:346\n do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline]\n __do_fast_syscall_32+0xb0/0x110 arch/x86/entry/syscall_32.c:306\n do_fast_syscall_32+0x38/0x80 arch/x86/entry/syscall_32.c:331\n do_SYSENTER_32+0x1f/0x30 arch/x86/entry/syscall_32.c:369\n entry_SYSENTER_compat_after_hwframe+0x84/0x8e\n\nCPU: 0 UID: 0 PID: 22408 Comm: syz.4.5165 Not tainted 6.15.0-rc3-syzkaller-00019-gbc3372351d0c #0 PREEMPT(undef)\nHardware name: Google Google Compute Engi\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-908" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37961", "https://git.kernel.org/linus/e34090d7214e0516eb8722aee295cb2507317c07 (6.15-rc6)", "https://git.kernel.org/stable/c/0160ac84fb03a0bd8dce8a42cb25bfaeedd110f4", "https://git.kernel.org/stable/c/7d0032112a0380d0b8d7c9005f621928a9b9fc76", "https://git.kernel.org/stable/c/a3a1b784791a3cbfc6e05c4d8a3c321ac5136e25", "https://git.kernel.org/stable/c/adbc8cc1162951cb152ed7f147d5fbd35ce3e62f", "https://git.kernel.org/stable/c/e34090d7214e0516eb8722aee295cb2507317c07", "https://linux.oracle.com/cve/CVE-2025-37961.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html", "https://lore.kernel.org/linux-cve-announce/2025052004-CVE-2025-37961-e39b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37961", "https://ubuntu.com/security/notices/USN-7699-1", "https://ubuntu.com/security/notices/USN-7699-2", "https://ubuntu.com/security/notices/USN-7721-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-37961" ], "PublishedDate": "2025-05-20T16:15:34.367Z", "LastModifiedDate": "2025-12-16T20:38:32.373Z" }, { "VulnerabilityID": "CVE-2025-37980", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37980", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5a64a92bab6f3707cf6eb9735c2ec13fed6b808a73adaad218a2c2533af1eb8b", "Title": "kernel: block: fix resource leak in blk_register_queue() error path", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix resource leak in blk_register_queue() error path\n\nWhen registering a queue fails after blk_mq_sysfs_register() is\nsuccessful but the function later encounters an error, we need\nto clean up the blk_mq_sysfs resources.\n\nAdd the missing blk_mq_sysfs_unregister() call in the error path\nto properly clean up these resources and prevent a memory leak.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37980", "https://git.kernel.org/linus/40f2eb9b531475dd01b683fdaf61ca3cfd03a51e (6.15-rc3)", "https://git.kernel.org/stable/c/40f2eb9b531475dd01b683fdaf61ca3cfd03a51e", "https://git.kernel.org/stable/c/41e43134ddda35949974be40520460a12dda3502", "https://git.kernel.org/stable/c/549cbbd14bbec12469ceb279b79c763c8a24224e", "https://git.kernel.org/stable/c/55a7bb2708f7c7c5b366d4e40916113168a3824c", "https://linux.oracle.com/cve/CVE-2025-37980.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025052040-CVE-2025-37980-561f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37980", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-37980" ], "PublishedDate": "2025-05-20T17:15:48.65Z", "LastModifiedDate": "2025-11-14T17:00:50.587Z" }, { "VulnerabilityID": "CVE-2025-37984", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37984", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9291767878d56a1d65946e3fe1e0a085dd6df7c17f0d687c8644c9897899c302", "Title": "kernel: crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP()\n\nHerbert notes that DIV_ROUND_UP() may overflow unnecessarily if an ecdsa\nimplementation's -\u003ekey_size() callback returns an unusually large value.\nHerbert instead suggests (for a division by 8):\n\n X / 8 + !!(X \u0026 7)\n\nBased on this formula, introduce a generic DIV_ROUND_UP_POW2() macro and\nuse it in lieu of DIV_ROUND_UP() for -\u003ekey_size() return values.\n\nAdditionally, use the macro in ecc_digits_from_bytes(), whose \"nbytes\"\nparameter is a -\u003ekey_size() return value in some instances, or a\nuser-specified ASN.1 length in the case of ecdsa_get_signature_rs().", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 2.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37984", "https://git.kernel.org/linus/b16510a530d1e6ab9683f04f8fb34f2e0f538275 (6.15-rc1)", "https://git.kernel.org/stable/c/921b8167f10708e38080f84e195cdc68a7a561f1", "https://git.kernel.org/stable/c/b16510a530d1e6ab9683f04f8fb34f2e0f538275", "https://git.kernel.org/stable/c/f02f0218be412cff1c844addf58e002071be298b", "https://git.kernel.org/stable/c/f2133b849ff273abddb6da622daddd8f6f6fa448", "https://linux.oracle.com/cve/CVE-2025-37984.html", "https://linux.oracle.com/errata/ELSA-2025-20551.html", "https://lore.kernel.org/linux-cve-announce/2025052037-CVE-2025-37984-be4c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37984", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-37984" ], "PublishedDate": "2025-05-20T18:15:45.253Z", "LastModifiedDate": "2025-11-14T17:00:02.113Z" }, { "VulnerabilityID": "CVE-2025-38006", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38006", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:770440815638898258500c802f07d544d10d1b381fe4ee835cd45a64cf987cfc", "Title": "kernel: net: mctp: Don't access ifa_index when missing", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mctp: Don't access ifa_index when missing\n\nIn mctp_dump_addrinfo, ifa_index can be used to filter interfaces, but\nonly when the struct ifaddrmsg is provided. Otherwise it will be\ncomparing to uninitialised memory - reproducible in the syzkaller case from\ndhcpd, or busybox \"ip addr show\".\n\nThe kernel MCTP implementation has always filtered by ifa_index, so\nexisting userspace programs expecting to dump MCTP addresses must\nalready be passing a valid ifa_index value (either 0 or a real index).\n\nBUG: KMSAN: uninit-value in mctp_dump_addrinfo+0x208/0xac0 net/mctp/device.c:128\n mctp_dump_addrinfo+0x208/0xac0 net/mctp/device.c:128\n rtnl_dump_all+0x3ec/0x5b0 net/core/rtnetlink.c:4380\n rtnl_dumpit+0xd5/0x2f0 net/core/rtnetlink.c:6824\n netlink_dump+0x97b/0x1690 net/netlink/af_netlink.c:2309", "Severity": "MEDIUM", "CweIDs": [ "CWE-908" ], "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38006", "https://git.kernel.org/linus/f11cf946c0a92c560a890d68e4775723353599e1 (6.15-rc7)", "https://git.kernel.org/stable/c/24fa213dffa470166ec014f979f36c6ff44afb45", "https://git.kernel.org/stable/c/acab78ae12c7fefb4f3bfe22e00770a5faa42724", "https://git.kernel.org/stable/c/d4d1561d17eb72908e4489c0900d96e0484fac20", "https://git.kernel.org/stable/c/f11cf946c0a92c560a890d68e4775723353599e1", "https://lore.kernel.org/linux-cve-announce/2025061841-CVE-2025-38006-5478@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38006", "https://ubuntu.com/security/notices/USN-7699-1", "https://ubuntu.com/security/notices/USN-7699-2", "https://ubuntu.com/security/notices/USN-7721-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38006" ], "PublishedDate": "2025-06-18T10:15:31.773Z", "LastModifiedDate": "2025-11-14T16:42:01.43Z" }, { "VulnerabilityID": "CVE-2025-38011", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38011", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:44759d7143bb0b6312b37de4bc4aa534b6106525678e4233c77bb7830494c00b", "Title": "kernel: drm/amdgpu: csa unmap use uninterruptible lock", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: csa unmap use uninterruptible lock\n\nAfter process exit to unmap csa and free GPU vm, if signal is accepted\nand then waiting to take vm lock is interrupted and return, it causes\nmemory leaking and below warning backtrace.\n\nChange to use uninterruptible wait lock fix the issue.\n\nWARNING: CPU: 69 PID: 167800 at amd/amdgpu/amdgpu_kms.c:1525\n amdgpu_driver_postclose_kms+0x294/0x2a0 [amdgpu]\n Call Trace:\n \u003cTASK\u003e\n drm_file_free.part.0+0x1da/0x230 [drm]\n drm_close_helper.isra.0+0x65/0x70 [drm]\n drm_release+0x6a/0x120 [drm]\n amdgpu_drm_release+0x51/0x60 [amdgpu]\n __fput+0x9f/0x280\n ____fput+0xe/0x20\n task_work_run+0x67/0xa0\n do_exit+0x217/0x3c0\n do_group_exit+0x3b/0xb0\n get_signal+0x14a/0x8d0\n arch_do_signal_or_restart+0xde/0x100\n exit_to_user_mode_loop+0xc1/0x1a0\n exit_to_user_mode_prepare+0xf4/0x100\n syscall_exit_to_user_mode+0x17/0x40\n do_syscall_64+0x69/0xc0\n\n(cherry picked from commit 7dbbfb3c171a6f63b01165958629c9c26abf38ab)", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38011", "https://git.kernel.org/linus/a0fa7873f2f869087b1e7793f7fac3713a1e3afe (6.15-rc7)", "https://git.kernel.org/stable/c/8d2979b9bb1be0f4a52dff600e56d780403e04ac", "https://git.kernel.org/stable/c/8d71c3231b33e24a911b8f2d8c3a17ee40aa32d5", "https://git.kernel.org/stable/c/a0fa7873f2f869087b1e7793f7fac3713a1e3afe", "https://git.kernel.org/stable/c/a1adc8d9a0d219d4e88672c30dbc9ea960d73136", "https://linux.oracle.com/cve/CVE-2025-38011.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025061842-CVE-2025-38011-c17c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38011", "https://ubuntu.com/security/notices/USN-7699-1", "https://ubuntu.com/security/notices/USN-7699-2", "https://ubuntu.com/security/notices/USN-7721-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38011" ], "PublishedDate": "2025-06-18T10:15:32.417Z", "LastModifiedDate": "2026-03-17T13:09:22.407Z" }, { "VulnerabilityID": "CVE-2025-38014", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38014", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:770e544b05087283b4398514e69907bea117f54b683b3b5c6090a73cd451b4d8", "Title": "kernel: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Refactor remove call with idxd_cleanup() helper\n\nThe idxd_cleanup() helper cleans up perfmon, interrupts, internals and\nso on. Refactor remove call with the idxd_cleanup() helper to avoid code\nduplication. Note, this also fixes the missing put_device() for idxd\ngroups, enginces and wqs.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38014", "https://git.kernel.org/linus/a409e919ca321cc0e28f8abf96fde299f0072a81 (6.15-rc7)", "https://git.kernel.org/stable/c/23dc14c52d84b02b39d816bf16a754c0e7d48f9c", "https://git.kernel.org/stable/c/a409e919ca321cc0e28f8abf96fde299f0072a81", "https://git.kernel.org/stable/c/a7bd00f7e9bd075f3e4fbcc608d8ea445aed8692", "https://git.kernel.org/stable/c/d530dd65f6f3c04bbf141702ecccd70170ed04ad", "https://linux.oracle.com/cve/CVE-2025-38014.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025061843-CVE-2025-38014-960d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38014", "https://ubuntu.com/security/notices/USN-7699-1", "https://ubuntu.com/security/notices/USN-7699-2", "https://ubuntu.com/security/notices/USN-7721-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38014" ], "PublishedDate": "2025-06-18T10:15:32.927Z", "LastModifiedDate": "2025-11-14T19:02:05.763Z" }, { "VulnerabilityID": "CVE-2025-38015", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38015", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a2175426772f574473d19be5735a7b3d79c62f8b06e9295998b78b25e697d67e", "Title": "kernel: dmaengine: idxd: fix memory leak in error handling path of idxd_alloc", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: fix memory leak in error handling path of idxd_alloc\n\nMemory allocated for idxd is not freed if an error occurs during\nidxd_alloc(). To fix it, free the allocated memory in the reverse order\nof allocation before exiting the function in case of an error.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38015", "https://git.kernel.org/linus/46a5cca76c76c86063000a12936f8e7875295838 (6.15-rc7)", "https://git.kernel.org/stable/c/46a5cca76c76c86063000a12936f8e7875295838", "https://git.kernel.org/stable/c/4f005eb68890698e5abc6a3af04dab76f175c50c", "https://git.kernel.org/stable/c/64afd9a1f644b27661420257dcc007d5009c99dd", "https://git.kernel.org/stable/c/6e94a2c3e4c166cd2736ac225fba5889fb1e8ac0", "https://git.kernel.org/stable/c/868dbce755ec92855362d213f47e045a8388361a", "https://linux.oracle.com/cve/CVE-2025-38015.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html", "https://lore.kernel.org/linux-cve-announce/2025061844-CVE-2025-38015-84e8@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38015", "https://ubuntu.com/security/notices/USN-7699-1", "https://ubuntu.com/security/notices/USN-7699-2", "https://ubuntu.com/security/notices/USN-7721-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38015" ], "PublishedDate": "2025-06-18T10:15:33.06Z", "LastModifiedDate": "2025-12-17T19:54:17.557Z" }, { "VulnerabilityID": "CVE-2025-38020", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38020", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ab6088fbda5bc7dc4d71bc3c3770ce02310a39881dfd9d1dd692a50989f9bf64", "Title": "kernel: net/mlx5e: Disable MACsec offload for uplink representor profile", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Disable MACsec offload for uplink representor profile\n\nMACsec offload is not supported in switchdev mode for uplink\nrepresentors. When switching to the uplink representor profile, the\nMACsec offload feature must be cleared from the netdevice's features.\n\nIf left enabled, attempts to add offloads result in a null pointer\ndereference, as the uplink representor does not support MACsec offload\neven though the feature bit remains set.\n\nClear NETIF_F_HW_MACSEC in mlx5e_fix_uplink_rep_features().\n\nKernel log:\n\nOops: general protection fault, probably for non-canonical address 0xdffffc000000000f: 0000 [#1] SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000078-0x000000000000007f]\nCPU: 29 UID: 0 PID: 4714 Comm: ip Not tainted 6.14.0-rc4_for_upstream_debug_2025_03_02_17_35 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nRIP: 0010:__mutex_lock+0x128/0x1dd0\nCode: d0 7c 08 84 d2 0f 85 ad 15 00 00 8b 35 91 5c fe 03 85 f6 75 29 49 8d 7e 60 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 a6 15 00 00 4d 3b 76 60 0f 85 fd 0b 00 00 65 ff\nRSP: 0018:ffff888147a4f160 EFLAGS: 00010206\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000001\nRDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000078\nRBP: ffff888147a4f2e0 R08: ffffffffa05d2c19 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000\nR13: dffffc0000000000 R14: 0000000000000018 R15: ffff888152de0000\nFS: 00007f855e27d800(0000) GS:ffff88881ee80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000004e5768 CR3: 000000013ae7c005 CR4: 0000000000372eb0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? die_addr+0x3d/0xa0\n ? exc_general_protection+0x144/0x220\n ? asm_exc_general_protection+0x22/0x30\n ? mlx5e_macsec_add_secy+0xf9/0x700 [mlx5_core]\n ? __mutex_lock+0x128/0x1dd0\n ? lockdep_set_lock_cmp_fn+0x190/0x190\n ? mlx5e_macsec_add_secy+0xf9/0x700 [mlx5_core]\n ? mutex_lock_io_nested+0x1ae0/0x1ae0\n ? lock_acquire+0x1c2/0x530\n ? macsec_upd_offload+0x145/0x380\n ? lockdep_hardirqs_on_prepare+0x400/0x400\n ? kasan_save_stack+0x30/0x40\n ? kasan_save_stack+0x20/0x40\n ? kasan_save_track+0x10/0x30\n ? __kasan_kmalloc+0x77/0x90\n ? __kmalloc_noprof+0x249/0x6b0\n ? genl_family_rcv_msg_attrs_parse.constprop.0+0xb5/0x240\n ? mlx5e_macsec_add_secy+0xf9/0x700 [mlx5_core]\n mlx5e_macsec_add_secy+0xf9/0x700 [mlx5_core]\n ? mlx5e_macsec_add_rxsa+0x11a0/0x11a0 [mlx5_core]\n macsec_update_offload+0x26c/0x820\n ? macsec_set_mac_address+0x4b0/0x4b0\n ? lockdep_hardirqs_on_prepare+0x284/0x400\n ? _raw_spin_unlock_irqrestore+0x47/0x50\n macsec_upd_offload+0x2c8/0x380\n ? macsec_update_offload+0x820/0x820\n ? __nla_parse+0x22/0x30\n ? genl_family_rcv_msg_attrs_parse.constprop.0+0x15e/0x240\n genl_family_rcv_msg_doit+0x1cc/0x2a0\n ? genl_family_rcv_msg_attrs_parse.constprop.0+0x240/0x240\n ? cap_capable+0xd4/0x330\n genl_rcv_msg+0x3ea/0x670\n ? genl_family_rcv_msg_dumpit+0x2a0/0x2a0\n ? lockdep_set_lock_cmp_fn+0x190/0x190\n ? macsec_update_offload+0x820/0x820\n netlink_rcv_skb+0x12b/0x390\n ? genl_family_rcv_msg_dumpit+0x2a0/0x2a0\n ? netlink_ack+0xd80/0xd80\n ? rwsem_down_read_slowpath+0xf90/0xf90\n ? netlink_deliver_tap+0xcd/0xac0\n ? netlink_deliver_tap+0x155/0xac0\n ? _copy_from_iter+0x1bb/0x12c0\n genl_rcv+0x24/0x40\n netlink_unicast+0x440/0x700\n ? netlink_attachskb+0x760/0x760\n ? lock_acquire+0x1c2/0x530\n ? __might_fault+0xbb/0x170\n netlink_sendmsg+0x749/0xc10\n ? netlink_unicast+0x700/0x700\n ? __might_fault+0xbb/0x170\n ? netlink_unicast+0x700/0x700\n __sock_sendmsg+0xc5/0x190\n ____sys_sendmsg+0x53f/0x760\n ? import_iovec+0x7/0x10\n ? kernel_sendmsg+0x30/0x30\n ? __copy_msghdr+0x3c0/0x3c0\n ? filter_irq_stacks+0x90/0x90\n ? stack_depot_save_flags+0x28/0xa30\n ___sys_sen\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38020", "https://git.kernel.org/linus/588431474eb7572e57a927fa8558c9ba2f8af143 (6.15-rc7)", "https://git.kernel.org/stable/c/1a69d53922c1221351739f17837d38e317234e5d", "https://git.kernel.org/stable/c/1e577aeb51e9deba4f2c10edfcb07cb3cb406598", "https://git.kernel.org/stable/c/1f80e6ff026041721d8089da8c269b1963628325", "https://git.kernel.org/stable/c/588431474eb7572e57a927fa8558c9ba2f8af143", "https://git.kernel.org/stable/c/b48a47e137cedfd79655accaeeea6b296ad0b9e1", "https://linux.oracle.com/cve/CVE-2025-38020.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html", "https://lore.kernel.org/linux-cve-announce/2025061846-CVE-2025-38020-e249@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38020", "https://ubuntu.com/security/notices/USN-7699-1", "https://ubuntu.com/security/notices/USN-7699-2", "https://ubuntu.com/security/notices/USN-7721-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38020" ], "PublishedDate": "2025-06-18T10:15:33.7Z", "LastModifiedDate": "2025-12-17T19:48:31.287Z" }, { "VulnerabilityID": "CVE-2025-38022", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38022", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b2bbe030b1ca70041addddd87ccbfabdcea1ee7fd4dbecf17ba2f659e41d2165", "Title": "kernel: RDMA/core: Fix \"KASAN: slab-use-after-free Read in ib_register_device\" problem", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/core: Fix \"KASAN: slab-use-after-free Read in ib_register_device\" problem\n\nCall Trace:\n\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xc3/0x670 mm/kasan/report.c:521\n kasan_report+0xe0/0x110 mm/kasan/report.c:634\n strlen+0x93/0xa0 lib/string.c:420\n __fortify_strlen include/linux/fortify-string.h:268 [inline]\n get_kobj_path_length lib/kobject.c:118 [inline]\n kobject_get_path+0x3f/0x2a0 lib/kobject.c:158\n kobject_uevent_env+0x289/0x1870 lib/kobject_uevent.c:545\n ib_register_device drivers/infiniband/core/device.c:1472 [inline]\n ib_register_device+0x8cf/0xe00 drivers/infiniband/core/device.c:1393\n rxe_register_device+0x275/0x320 drivers/infiniband/sw/rxe/rxe_verbs.c:1552\n rxe_net_add+0x8e/0xe0 drivers/infiniband/sw/rxe/rxe_net.c:550\n rxe_newlink+0x70/0x190 drivers/infiniband/sw/rxe/rxe.c:225\n nldev_newlink+0x3a3/0x680 drivers/infiniband/core/nldev.c:1796\n rdma_nl_rcv_msg+0x387/0x6e0 drivers/infiniband/core/netlink.c:195\n rdma_nl_rcv_skb.constprop.0.isra.0+0x2e5/0x450\n netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]\n netlink_unicast+0x53a/0x7f0 net/netlink/af_netlink.c:1339\n netlink_sendmsg+0x8d1/0xdd0 net/netlink/af_netlink.c:1883\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg net/socket.c:727 [inline]\n ____sys_sendmsg+0xa95/0xc70 net/socket.c:2566\n ___sys_sendmsg+0x134/0x1d0 net/socket.c:2620\n __sys_sendmsg+0x16d/0x220 net/socket.c:2652\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nThis problem is similar to the problem that the\ncommit 1d6a9e7449e2 (\"RDMA/core: Fix use-after-free when rename device name\")\nfixes.\n\nThe root cause is: the function ib_device_rename() renames the name with\nlock. But in the function kobject_uevent(), this name is accessed without\nlock protection at the same time.\n\nThe solution is to add the lock protection when this name is accessed in\nthe function kobject_uevent().", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:2212", "https://access.redhat.com/security/cve/CVE-2025-38022", "https://bugzilla.redhat.com/2363315", "https://bugzilla.redhat.com/2365032", "https://bugzilla.redhat.com/2373326", "https://bugzilla.redhat.com/2373354", "https://bugzilla.redhat.com/2383404", "https://bugzilla.redhat.com/2383421", "https://bugzilla.redhat.com/2383487", "https://bugzilla.redhat.com/2393191", "https://bugzilla.redhat.com/2394601", "https://bugzilla.redhat.com/2414506", "https://bugzilla.redhat.com/2414521", "https://bugzilla.redhat.com/2414522", "https://bugzilla.redhat.com/2414523", "https://bugzilla.redhat.com/2419837", "https://bugzilla.redhat.com/2419919", "https://bugzilla.redhat.com/2419920", "https://bugzilla.redhat.com/show_bug.cgi?id=2363315", "https://bugzilla.redhat.com/show_bug.cgi?id=2365032", "https://bugzilla.redhat.com/show_bug.cgi?id=2373326", "https://bugzilla.redhat.com/show_bug.cgi?id=2373354", "https://bugzilla.redhat.com/show_bug.cgi?id=2383404", "https://bugzilla.redhat.com/show_bug.cgi?id=2383421", "https://bugzilla.redhat.com/show_bug.cgi?id=2383487", "https://bugzilla.redhat.com/show_bug.cgi?id=2393191", "https://bugzilla.redhat.com/show_bug.cgi?id=2394601", "https://bugzilla.redhat.com/show_bug.cgi?id=2414506", "https://bugzilla.redhat.com/show_bug.cgi?id=2414521", "https://bugzilla.redhat.com/show_bug.cgi?id=2414522", "https://bugzilla.redhat.com/show_bug.cgi?id=2414523", "https://bugzilla.redhat.com/show_bug.cgi?id=2419837", "https://bugzilla.redhat.com/show_bug.cgi?id=2419919", "https://bugzilla.redhat.com/show_bug.cgi?id=2419920", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37789", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37819", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38022", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38024", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38403", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38415", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38459", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38730", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39760", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40135", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40141", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40158", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40170", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40269", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40271", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40318", "https://errata.almalinux.org/9/ALSA-2026-2212.html", "https://errata.rockylinux.org/RLSA-2026:2212", "https://git.kernel.org/linus/d0706bfd3ee40923c001c6827b786a309e2a8713 (6.15-rc7)", "https://git.kernel.org/stable/c/03df57ad4b0ff9c5a93ff981aba0b42578ad1571", "https://git.kernel.org/stable/c/10c7f1c647da3b77ef8827d974a97b6530b64df0", "https://git.kernel.org/stable/c/17d3103325e891e10994e7aa28d12bea04dc2c60", "https://git.kernel.org/stable/c/312dae3499106ec8cb7442ada12be080aa9fbc3b", "https://git.kernel.org/stable/c/5629064f92f0de6d6b3572055cd35361c3ad953c", "https://git.kernel.org/stable/c/ba467b6870ea2a73590478d9612d6ea1dcdd68b7", "https://git.kernel.org/stable/c/d0706bfd3ee40923c001c6827b786a309e2a8713", "https://linux.oracle.com/cve/CVE-2025-38022.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2025061846-CVE-2025-38022-41b3@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38022", "https://ubuntu.com/security/notices/USN-7699-1", "https://ubuntu.com/security/notices/USN-7699-2", "https://ubuntu.com/security/notices/USN-7721-1", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-38022" ], "PublishedDate": "2025-06-18T10:15:33.95Z", "LastModifiedDate": "2026-01-19T13:16:08.14Z" }, { "VulnerabilityID": "CVE-2025-38029", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38029", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6530dde78ff6d56071924f94786e79d605c9b3effa89990c3e567a54c06aa942", "Title": "kernel: Linux kernel: Denial of Service due to sleepable page allocation in KASAN", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nkasan: avoid sleepable page allocation from atomic context\n\napply_to_pte_range() enters the lazy MMU mode and then invokes\nkasan_populate_vmalloc_pte() callback on each page table walk iteration. \nHowever, the callback can go into sleep when trying to allocate a single\npage, e.g. if an architecutre disables preemption on lazy MMU mode enter.\n\nOn s390 if make arch_enter_lazy_mmu_mode() -\u003e preempt_enable() and\narch_leave_lazy_mmu_mode() -\u003e preempt_disable(), such crash occurs:\n\n[ 0.663336] BUG: sleeping function called from invalid context at ./include/linux/sched/mm.h:321\n[ 0.663348] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2, name: kthreadd\n[ 0.663358] preempt_count: 1, expected: 0\n[ 0.663366] RCU nest depth: 0, expected: 0\n[ 0.663375] no locks held by kthreadd/2.\n[ 0.663383] Preemption disabled at:\n[ 0.663386] [\u003c0002f3284cbb4eda\u003e] apply_to_pte_range+0xfa/0x4a0\n[ 0.663405] CPU: 0 UID: 0 PID: 2 Comm: kthreadd Not tainted 6.15.0-rc5-gcc-kasan-00043-gd76bb1ebb558-dirty #162 PREEMPT\n[ 0.663408] Hardware name: IBM 3931 A01 701 (KVM/Linux)\n[ 0.663409] Call Trace:\n[ 0.663410] [\u003c0002f3284c385f58\u003e] dump_stack_lvl+0xe8/0x140\n[ 0.663413] [\u003c0002f3284c507b9e\u003e] __might_resched+0x66e/0x700\n[ 0.663415] [\u003c0002f3284cc4f6c0\u003e] __alloc_frozen_pages_noprof+0x370/0x4b0\n[ 0.663419] [\u003c0002f3284ccc73c0\u003e] alloc_pages_mpol+0x1a0/0x4a0\n[ 0.663421] [\u003c0002f3284ccc8518\u003e] alloc_frozen_pages_noprof+0x88/0xc0\n[ 0.663424] [\u003c0002f3284ccc8572\u003e] alloc_pages_noprof+0x22/0x120\n[ 0.663427] [\u003c0002f3284cc341ac\u003e] get_free_pages_noprof+0x2c/0xc0\n[ 0.663429] [\u003c0002f3284cceba70\u003e] kasan_populate_vmalloc_pte+0x50/0x120\n[ 0.663433] [\u003c0002f3284cbb4ef8\u003e] apply_to_pte_range+0x118/0x4a0\n[ 0.663435] [\u003c0002f3284cbc7c14\u003e] apply_to_pmd_range+0x194/0x3e0\n[ 0.663437] [\u003c0002f3284cbc99be\u003e] __apply_to_page_range+0x2fe/0x7a0\n[ 0.663440] [\u003c0002f3284cbc9e88\u003e] apply_to_page_range+0x28/0x40\n[ 0.663442] [\u003c0002f3284ccebf12\u003e] kasan_populate_vmalloc+0x82/0xa0\n[ 0.663445] [\u003c0002f3284cc1578c\u003e] alloc_vmap_area+0x34c/0xc10\n[ 0.663448] [\u003c0002f3284cc1c2a6\u003e] __get_vm_area_node+0x186/0x2a0\n[ 0.663451] [\u003c0002f3284cc1e696\u003e] __vmalloc_node_range_noprof+0x116/0x310\n[ 0.663454] [\u003c0002f3284cc1d950\u003e] __vmalloc_node_noprof+0xd0/0x110\n[ 0.663457] [\u003c0002f3284c454b88\u003e] alloc_thread_stack_node+0xf8/0x330\n[ 0.663460] [\u003c0002f3284c458d56\u003e] dup_task_struct+0x66/0x4d0\n[ 0.663463] [\u003c0002f3284c45be90\u003e] copy_process+0x280/0x4b90\n[ 0.663465] [\u003c0002f3284c460940\u003e] kernel_clone+0xd0/0x4b0\n[ 0.663467] [\u003c0002f3284c46115e\u003e] kernel_thread+0xbe/0xe0\n[ 0.663469] [\u003c0002f3284c4e440e\u003e] kthreadd+0x50e/0x7f0\n[ 0.663472] [\u003c0002f3284c38c04a\u003e] __ret_from_fork+0x8a/0xf0\n[ 0.663475] [\u003c0002f3284ed57ff2\u003e] ret_from_fork+0xa/0x38\n\nInstead of allocating single pages per-PTE, bulk-allocate the shadow\nmemory prior to applying kasan_populate_vmalloc_pte() callback on a page\nrange.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38029", "https://git.kernel.org/linus/b6ea95a34cbd014ab6ade4248107b86b0aaf2d6c (6.15)", "https://git.kernel.org/stable/c/6748dd09196248b985cca39eaf651d5317271977", "https://git.kernel.org/stable/c/b6ea95a34cbd014ab6ade4248107b86b0aaf2d6c", "https://lore.kernel.org/linux-cve-announce/2025061824-CVE-2025-38029-47a6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38029", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://www.cve.org/CVERecord?id=CVE-2025-38029" ], "PublishedDate": "2025-06-18T10:15:34.97Z", "LastModifiedDate": "2025-11-14T17:09:49.503Z" }, { "VulnerabilityID": "CVE-2025-38033", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38033", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e2e7c8ba763514169dbc1ec4910b1867d9e0fbd08172be78185dcc260664ca27", "Title": "kernel: x86/Kconfig: make CFI_AUTO_DEFAULT depend on !RUST or Rust \u003e= 1.88", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/Kconfig: make CFI_AUTO_DEFAULT depend on !RUST or Rust \u003e= 1.88\n\nCalling core::fmt::write() from rust code while FineIBT is enabled\nresults in a kernel panic:\n\n[ 4614.199779] kernel BUG at arch/x86/kernel/cet.c:132!\n[ 4614.205343] Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n[ 4614.211781] CPU: 2 UID: 0 PID: 6057 Comm: dmabuf_dump Tainted: G U O 6.12.17-android16-0-g6ab38c534a43 #1 9da040f27673ec3945e23b998a0f8bd64c846599\n[ 4614.227832] Tainted: [U]=USER, [O]=OOT_MODULE\n[ 4614.241247] RIP: 0010:do_kernel_cp_fault+0xea/0xf0\n...\n[ 4614.398144] RIP: 0010:_RNvXs5_NtNtNtCs3o2tGsuHyou_4core3fmt3num3impyNtB9_7Display3fmt+0x0/0x20\n[ 4614.407792] Code: 48 f7 df 48 0f 48 f9 48 89 f2 89 c6 5d e9 18 fd ff ff 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 41 81 ea 14 61 af 2c 74 03 0f 0b 90 \u003c66\u003e 0f 1f 00 55 48 89 e5 48 89 f2 48 8b 3f be 01 00 00 00 5d e9 e7\n[ 4614.428775] RSP: 0018:ffffb95acfa4ba68 EFLAGS: 00010246\n[ 4614.434609] RAX: 0000000000000000 RBX: 0000000000000010 RCX: 0000000000000000\n[ 4614.442587] RDX: 0000000000000007 RSI: ffffb95acfa4ba70 RDI: ffffb95acfa4bc88\n[ 4614.450557] RBP: ffffb95acfa4bae0 R08: ffff0a00ffffff05 R09: 0000000000000070\n[ 4614.458527] R10: 0000000000000000 R11: ffffffffab67eaf0 R12: ffffb95acfa4bcc8\n[ 4614.466493] R13: ffffffffac5d50f0 R14: 0000000000000000 R15: 0000000000000000\n[ 4614.474473] ? __cfi__RNvXs5_NtNtNtCs3o2tGsuHyou_4core3fmt3num3impyNtB9_7Display3fmt+0x10/0x10\n[ 4614.484118] ? _RNvNtCs3o2tGsuHyou_4core3fmt5write+0x1d2/0x250\n\nThis happens because core::fmt::write() calls\ncore::fmt::rt::Argument::fmt(), which currently has CFI disabled:\n\nlibrary/core/src/fmt/rt.rs:\n171 // FIXME: Transmuting formatter in new and indirectly branching to/calling\n172 // it here is an explicit CFI violation.\n173 #[allow(inline_no_sanitize)]\n174 #[no_sanitize(cfi, kcfi)]\n175 #[inline]\n176 pub(super) unsafe fn fmt(\u0026self, f: \u0026mut Formatter\u003c'_\u003e) -\u003e Result {\n\nThis causes a Control Protection exception, because FineIBT has sealed\noff the original function's endbr64.\n\nThis makes rust currently incompatible with FineIBT. Add a Kconfig\ndependency that prevents FineIBT from getting turned on by default\nif rust is enabled.\n\n[ Rust 1.88.0 (scheduled for 2025-06-26) should have this fixed [1],\n and thus we relaxed the condition with Rust \u003e= 1.88.\n\n When `objtool` lands checking for this with e.g. [2], the plan is\n to ideally run that in upstream Rust's CI to prevent regressions\n early [3], since we do not control `core`'s source code.\n\n Alice tested the Rust PR backported to an older compiler.\n\n Peter would like that Rust provides a stable `core` which can be\n pulled into the kernel: \"Relying on that much out of tree code is\n 'unfortunate'\".\n\n - Miguel ]\n\n[ Reduced splat. - Miguel ]", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38033", "https://git.kernel.org/linus/5595c31c370957aabe739ac3996aedba8267603f (6.15-rc6)", "https://git.kernel.org/stable/c/5595c31c370957aabe739ac3996aedba8267603f", "https://git.kernel.org/stable/c/5a8d073d87da4ad1496b35adaee5719e94665d81", "https://git.kernel.org/stable/c/6b9956d09382bcbd5fd260c4b60ec48680a4cffb", "https://linux.oracle.com/cve/CVE-2025-38033.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025061825-CVE-2025-38033-8da2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38033", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://www.cve.org/CVERecord?id=CVE-2025-38033" ], "PublishedDate": "2025-06-18T10:15:35.47Z", "LastModifiedDate": "2025-11-14T17:08:51.77Z" }, { "VulnerabilityID": "CVE-2025-38036", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38036", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ffac76ea1aef10ce241532d5e617f5d2561e0802dd8acad0d190c3cccd67d9fe", "Title": "kernel: Linux kernel: Denial of Service due to null pointer dereference in GT MMIO initialization for VFs", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/vf: Perform early GT MMIO initialization to read GMDID\n\nVFs need to communicate with the GuC to obtain the GMDID value\nand existing GuC functions used for that assume that the GT has\nit's MMIO members already setup. However, due to recent refactoring\nthe gt-\u003emmio is initialized later, and any attempt by the VF to use\nxe_mmio_read|write() from GuC functions will lead to NPD crash due\nto unset MMIO register address:\n\n[] xe 0000:00:02.1: [drm] Running in SR-IOV VF mode\n[] xe 0000:00:02.1: [drm] GT0: sending H2G MMIO 0x5507\n[] BUG: unable to handle page fault for address: 0000000000190240\n\nSince we are already tweaking the id and type of the primary GT to\nmimic it's a Media GT before initializing the GuC communication,\nwe can also call xe_gt_mmio_init() to perform early setup of the\ngt-\u003emmio which will make those GuC functions work again.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38036", "https://git.kernel.org/linus/13265fe7426ec9ba5aa86baab913417ca361e8a4 (6.15-rc1)", "https://git.kernel.org/stable/c/13265fe7426ec9ba5aa86baab913417ca361e8a4", "https://git.kernel.org/stable/c/ef6e950aea76a5009ccc79ebfa955ecc66cd85a2", "https://lore.kernel.org/linux-cve-announce/2025061826-CVE-2025-38036-0063@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38036", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://www.cve.org/CVERecord?id=CVE-2025-38036" ], "PublishedDate": "2025-06-18T10:15:35.897Z", "LastModifiedDate": "2025-11-14T17:08:38.437Z" }, { "VulnerabilityID": "CVE-2025-38038", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38038", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1316b4e5b21adc97afd0d81c9e12fd59578989aeb4eec38cd3f34c5524a4af1f", "Title": "kernel: Linux kernel: Denial of Service in amd-pstate cpufreq driver via deadlock", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: amd-pstate: Remove unnecessary driver_lock in set_boost\n\nset_boost is a per-policy function call, hence a driver wide lock is\nunnecessary. Also this mutex_acquire can collide with the mutex_acquire\nfrom the mode-switch path in status_store(), which can lead to a\ndeadlock. So, remove it.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38038", "https://git.kernel.org/linus/db1cafc77aaaf871509da06f4a864e9af6d6791f (6.15-rc1)", "https://git.kernel.org/stable/c/61e931ee145eeab8196e585ff4334870b130b744", "https://git.kernel.org/stable/c/cd347d071713234586762d79c5a691785e9be418", "https://git.kernel.org/stable/c/db1cafc77aaaf871509da06f4a864e9af6d6791f", "https://linux.oracle.com/cve/CVE-2025-38038.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025061827-CVE-2025-38038-797b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38038", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://www.cve.org/CVERecord?id=CVE-2025-38038" ], "PublishedDate": "2025-06-18T10:15:36.16Z", "LastModifiedDate": "2025-11-14T17:08:28.467Z" }, { "VulnerabilityID": "CVE-2025-38039", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38039", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:412d3371d23880a52b3fc947a62a35c2e87c79b69c32d4789ded819fe20718c6", "Title": "kernel: net/mlx5e: Avoid WARN_ON when configuring MQPRIO with HTB offload enabled", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Avoid WARN_ON when configuring MQPRIO with HTB offload enabled\n\nWhen attempting to enable MQPRIO while HTB offload is already\nconfigured, the driver currently returns `-EINVAL` and triggers a\n`WARN_ON`, leading to an unnecessary call trace.\n\nUpdate the code to handle this case more gracefully by returning\n`-EOPNOTSUPP` instead, while also providing a helpful user message.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38039", "https://git.kernel.org/linus/689805dcc474c2accb5cffbbcea1c06ee4a54570 (6.15-rc1)", "https://git.kernel.org/stable/c/090c0ba179eaf7b670e720aa054533756a43d565", "https://git.kernel.org/stable/c/689805dcc474c2accb5cffbbcea1c06ee4a54570", "https://git.kernel.org/stable/c/9e2bac6835f73895598df5a3a125a19497fad46b", "https://git.kernel.org/stable/c/b82e496531c571caf8a2ef247f51c160bab2162e", "https://linux.oracle.com/cve/CVE-2025-38039.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025061827-CVE-2025-38039-919c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38039", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38039" ], "PublishedDate": "2025-06-18T10:15:36.28Z", "LastModifiedDate": "2025-11-14T17:08:19.953Z" }, { "VulnerabilityID": "CVE-2025-38040", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38040", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a4a023141c78573d9c60649a12487638128bf94a3bd29beac21fe81694dbc90c", "Title": "kernel: serial: mctrl_gpio: split disable_ms into sync and no_sync APIs", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: mctrl_gpio: split disable_ms into sync and no_sync APIs\n\nThe following splat has been observed on a SAMA5D27 platform using\natmel_serial:\n\nBUG: sleeping function called from invalid context at kernel/irq/manage.c:738\nin_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 27, name: kworker/u5:0\npreempt_count: 1, expected: 0\nINFO: lockdep is turned off.\nirq event stamp: 0\nhardirqs last enabled at (0): [\u003c00000000\u003e] 0x0\nhardirqs last disabled at (0): [\u003cc01588f0\u003e] copy_process+0x1c4c/0x7bec\nsoftirqs last enabled at (0): [\u003cc0158944\u003e] copy_process+0x1ca0/0x7bec\nsoftirqs last disabled at (0): [\u003c00000000\u003e] 0x0\nCPU: 0 UID: 0 PID: 27 Comm: kworker/u5:0 Not tainted 6.13.0-rc7+ #74\nHardware name: Atmel SAMA5\nWorkqueue: hci0 hci_power_on [bluetooth]\nCall trace:\n unwind_backtrace from show_stack+0x18/0x1c\n show_stack from dump_stack_lvl+0x44/0x70\n dump_stack_lvl from __might_resched+0x38c/0x598\n __might_resched from disable_irq+0x1c/0x48\n disable_irq from mctrl_gpio_disable_ms+0x74/0xc0\n mctrl_gpio_disable_ms from atmel_disable_ms.part.0+0x80/0x1f4\n atmel_disable_ms.part.0 from atmel_set_termios+0x764/0x11e8\n atmel_set_termios from uart_change_line_settings+0x15c/0x994\n uart_change_line_settings from uart_set_termios+0x2b0/0x668\n uart_set_termios from tty_set_termios+0x600/0x8ec\n tty_set_termios from ttyport_set_flow_control+0x188/0x1e0\n ttyport_set_flow_control from wilc_setup+0xd0/0x524 [hci_wilc]\n wilc_setup [hci_wilc] from hci_dev_open_sync+0x330/0x203c [bluetooth]\n hci_dev_open_sync [bluetooth] from hci_dev_do_open+0x40/0xb0 [bluetooth]\n hci_dev_do_open [bluetooth] from hci_power_on+0x12c/0x664 [bluetooth]\n hci_power_on [bluetooth] from process_one_work+0x998/0x1a38\n process_one_work from worker_thread+0x6e0/0xfb4\n worker_thread from kthread+0x3d4/0x484\n kthread from ret_from_fork+0x14/0x28\n\nThis warning is emitted when trying to toggle, at the highest level,\nsome flow control (with serdev_device_set_flow_control) in a device\ndriver. At the lowest level, the atmel_serial driver is using\nserial_mctrl_gpio lib to enable/disable the corresponding IRQs\naccordingly. The warning emitted by CONFIG_DEBUG_ATOMIC_SLEEP is due to\ndisable_irq (called in mctrl_gpio_disable_ms) being possibly called in\nsome atomic context (some tty drivers perform modem lines configuration\nin regions protected by port lock).\n\nSplit mctrl_gpio_disable_ms into two differents APIs, a non-blocking one\nand a blocking one. Replace mctrl_gpio_disable_ms calls with the\nrelevant version depending on whether the call is protected by some port\nlock.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 3, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38040", "https://git.kernel.org/linus/1bd2aad57da95f7f2d2bb52f7ad15c0f4993a685 (6.15-rc1)", "https://git.kernel.org/stable/c/1bd2aad57da95f7f2d2bb52f7ad15c0f4993a685", "https://git.kernel.org/stable/c/68435c1fa3db696db4f480385db9e50e26691d0d", "https://git.kernel.org/stable/c/7187ec6b0b9ff22ebac2c3bb4178b7dbbdc0a55a", "https://git.kernel.org/stable/c/c504c11b94d6e4ad818ca5578dffa8ff29ad0f20", "https://git.kernel.org/stable/c/e6a46719a2369eb5186d4f7e6c0478720ca1ec3d", "https://linux.oracle.com/cve/CVE-2025-38040.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025061828-CVE-2025-38040-2247@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38040", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38040" ], "PublishedDate": "2025-06-18T10:15:36.4Z", "LastModifiedDate": "2025-12-18T21:32:44.097Z" }, { "VulnerabilityID": "CVE-2025-38041", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38041", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5fc6339daf9ec688a085dab7228c0575d5d885cd96bb6e5aaf5981cdfbb4e3ba", "Title": "kernel: clk: sunxi-ng: h616: Reparent GPU clock during frequency changes", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: sunxi-ng: h616: Reparent GPU clock during frequency changes\n\nThe H616 manual does not state that the GPU PLL supports\ndynamic frequency configuration, so we must take extra care when changing\nthe frequency. Currently any attempt to do device DVFS on the GPU lead\nto panfrost various ooops, and GPU hangs.\n\nThe manual describes the algorithm for changing the PLL\nfrequency, which the CPU PLL notifier code already support, so we reuse\nthat to reparent the GPU clock to GPU1 clock during frequency\nchanges.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38041", "https://git.kernel.org/linus/eb963d7948ce6571939c6875424b557b25f16610 (6.15-rc1)", "https://git.kernel.org/stable/c/1439673b78185eaaa5fae444b3a9d58c434ee78e", "https://git.kernel.org/stable/c/eb963d7948ce6571939c6875424b557b25f16610", "https://lore.kernel.org/linux-cve-announce/2025061828-CVE-2025-38041-7d47@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38041", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://www.cve.org/CVERecord?id=CVE-2025-38041" ], "PublishedDate": "2025-06-18T10:15:36.533Z", "LastModifiedDate": "2025-11-14T17:08:10.283Z" }, { "VulnerabilityID": "CVE-2025-38042", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38042", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:eb1d67e621a41badfd64966752163c8cb368ec3ea38790f7ed7ee3ea5014165d", "Title": "kernel: dmaengine: ti: k3-udma-glue: Drop skip_fdq argument from k3_udma_glue_reset_rx_chn", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: ti: k3-udma-glue: Drop skip_fdq argument from k3_udma_glue_reset_rx_chn\n\nThe user of k3_udma_glue_reset_rx_chn() e.g. ti_am65_cpsw_nuss can\nrun on multiple platforms having different DMA architectures.\nOn some platforms there can be one FDQ for all flows in the RX channel\nwhile for others there is a separate FDQ for each flow in the RX channel.\n\nSo far we have been relying on the skip_fdq argument of\nk3_udma_glue_reset_rx_chn().\n\nInstead of relying on the user to provide this information, infer it\nbased on DMA architecture during k3_udma_glue_request_rx_chn() and save it\nin an internal flag 'single_fdq'. Use that flag at\nk3_udma_glue_reset_rx_chn() to deicide if the FDQ needs\nto be cleared for every flow or just for flow 0.\n\nFixes the below issue on ti_am65_cpsw_nuss driver on AM62-SK.\n\n\u003e ip link set eth1 down\n\u003e ip link set eth0 down\n\u003e ethtool -L eth0 rx 8\n\u003e ip link set eth0 up\n\u003e modprobe -r ti_am65_cpsw_nuss\n\n[ 103.045726] ------------[ cut here ]------------\n[ 103.050505] k3_knav_desc_pool size 512000 != avail 64000\n[ 103.050703] WARNING: CPU: 1 PID: 450 at drivers/net/ethernet/ti/k3-cppi-desc-pool.c:33 k3_cppi_desc_pool_destroy+0xa0/0xa8 [k3_cppi_desc_pool]\n[ 103.068810] Modules linked in: ti_am65_cpsw_nuss(-) k3_cppi_desc_pool snd_soc_hdmi_codec crct10dif_ce snd_soc_simple_card snd_soc_simple_card_utils display_connector rtc_ti_k3 k3_j72xx_bandgap tidss drm_client_lib snd_soc_davinci_mcas\np drm_dma_helper tps6598x phylink snd_soc_ti_udma rti_wdt drm_display_helper snd_soc_tlv320aic3x_i2c typec at24 phy_gmii_sel snd_soc_ti_edma snd_soc_tlv320aic3x sii902x snd_soc_ti_sdma sa2ul omap_mailbox drm_kms_helper authenc cfg80211 r\nfkill fuse drm drm_panel_orientation_quirks backlight ip_tables x_tables ipv6 [last unloaded: k3_cppi_desc_pool]\n[ 103.119950] CPU: 1 UID: 0 PID: 450 Comm: modprobe Not tainted 6.13.0-rc7-00001-g9c5e3435fa66 #1011\n[ 103.119968] Hardware name: Texas Instruments AM625 SK (DT)\n[ 103.119974] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 103.119983] pc : k3_cppi_desc_pool_destroy+0xa0/0xa8 [k3_cppi_desc_pool]\n[ 103.148007] lr : k3_cppi_desc_pool_destroy+0xa0/0xa8 [k3_cppi_desc_pool]\n[ 103.154709] sp : ffff8000826ebbc0\n[ 103.158015] x29: ffff8000826ebbc0 x28: ffff0000090b6300 x27: 0000000000000000\n[ 103.165145] x26: 0000000000000000 x25: 0000000000000000 x24: ffff0000019df6b0\n[ 103.172271] x23: ffff0000019df6b8 x22: ffff0000019df410 x21: ffff8000826ebc88\n[ 103.179397] x20: 000000000007d000 x19: ffff00000a3b3000 x18: 0000000000000000\n[ 103.186522] x17: 0000000000000000 x16: 0000000000000000 x15: 000001e8c35e1cde\n[ 103.193647] x14: 0000000000000396 x13: 000000000000035c x12: 0000000000000000\n[ 103.200772] x11: 000000000000003a x10: 00000000000009c0 x9 : ffff8000826eba20\n[ 103.207897] x8 : ffff0000090b6d20 x7 : ffff00007728c180 x6 : ffff00007728c100\n[ 103.215022] x5 : 0000000000000001 x4 : ffff000000508a50 x3 : ffff7ffff6146000\n[ 103.222147] x2 : 0000000000000000 x1 : e300b4173ee6b200 x0 : 0000000000000000\n[ 103.229274] Call trace:\n[ 103.231714] k3_cppi_desc_pool_destroy+0xa0/0xa8 [k3_cppi_desc_pool] (P)\n[ 103.238408] am65_cpsw_nuss_free_rx_chns+0x28/0x4c [ti_am65_cpsw_nuss]\n[ 103.244942] devm_action_release+0x14/0x20\n[ 103.249040] release_nodes+0x3c/0x68\n[ 103.252610] devres_release_all+0x8c/0xdc\n[ 103.256614] device_unbind_cleanup+0x18/0x60\n[ 103.260876] device_release_driver_internal+0xf8/0x178\n[ 103.266004] driver_detach+0x50/0x9c\n[ 103.269571] bus_remove_driver+0x6c/0xbc\n[ 103.273485] driver_unregister+0x30/0x60\n[ 103.277401] platform_driver_unregister+0x14/0x20\n[ 103.282096] am65_cpsw_nuss_driver_exit+0x18/0xff4 [ti_am65_cpsw_nuss]\n[ 103.288620] __arm64_sys_delete_module+0x17c/0x25c\n[ 103.293404] invoke_syscall+0x44/0x100\n[ 103.297149] el0_svc_common.constprop.0+0xc0/0xe0\n[ 103.301845] do_el0_svc+0x1c/0x28\n[ 103.305155] el0_svc+0x28/0x98\n---truncated---", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38042", "https://git.kernel.org/linus/0da30874729baeb01889b0eca16cfda122687503 (6.15-rc1)", "https://git.kernel.org/stable/c/0da30874729baeb01889b0eca16cfda122687503", "https://git.kernel.org/stable/c/d0dd9d133ef8fdc894e0be9aa27dc49ef5f813cb", "https://lore.kernel.org/linux-cve-announce/2025061828-CVE-2025-38042-6f41@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38042", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://www.cve.org/CVERecord?id=CVE-2025-38042" ], "PublishedDate": "2025-06-18T10:15:36.657Z", "LastModifiedDate": "2025-11-14T17:07:59.693Z" }, { "VulnerabilityID": "CVE-2025-38045", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38045", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:07bdc4419eda87f18213789e1213e4240919cdc2705fc286d861c3c2e7ad69c1", "Title": "kernel: wifi: iwlwifi: fix debug actions order", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: fix debug actions order\n\nThe order of actions taken for debug was implemented incorrectly.\nNow we implemented the dump split and do the FW reset only in the\nmiddle of the dump (rather than the FW killing itself on error.)\nAs a result, some of the actions taken when applying the config\nwill now crash the device, so we need to fix the order.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 1, "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38045", "https://git.kernel.org/linus/eb29b4ffafb20281624dcd2cbb768d6f30edf600 (6.15-rc1)", "https://git.kernel.org/stable/c/181e8b56b74ad3920456dcdc8a361520d9007956", "https://git.kernel.org/stable/c/2b790fe67ed483d86c1aeb8be6735bf792caa7e5", "https://git.kernel.org/stable/c/328fbc96ecbee16c5fcbfcb3ac57b476f94da2f0", "https://git.kernel.org/stable/c/eb29b4ffafb20281624dcd2cbb768d6f30edf600", "https://linux.oracle.com/cve/CVE-2025-38045.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025061829-CVE-2025-38045-8fc7@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38045", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38045" ], "PublishedDate": "2025-06-18T10:15:37.07Z", "LastModifiedDate": "2025-11-14T17:07:48.527Z" }, { "VulnerabilityID": "CVE-2025-38047", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38047", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:bf87a3f567107ad9a47904bdbd6c63c4054f61c7b057ca671381094fdff6d4d8", "Title": "kernel: x86/fred: Fix system hang during S4 resume with FRED enabled", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/fred: Fix system hang during S4 resume with FRED enabled\n\nUpon a wakeup from S4, the restore kernel starts and initializes the\nFRED MSRs as needed from its perspective. It then loads a hibernation\nimage, including the image kernel, and attempts to load image pages\ndirectly into their original page frames used before hibernation unless\nthose frames are currently in use. Once all pages are moved to their\noriginal locations, it jumps to a \"trampoline\" page in the image kernel.\n\nAt this point, the image kernel takes control, but the FRED MSRs still\ncontain values set by the restore kernel, which may differ from those\nset by the image kernel before hibernation. Therefore, the image kernel\nmust ensure the FRED MSRs have the same values as before hibernation.\nSince these values depend only on the location of the kernel text and\ndata, they can be recomputed from scratch.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38047", "https://git.kernel.org/linus/e5f1e8af9c9e151ecd665f6d2e36fb25fec3b110 (6.15-rc1)", "https://git.kernel.org/stable/c/c42f740a07eea4807e98d2d8febc549c957a7b49", "https://git.kernel.org/stable/c/e5f1e8af9c9e151ecd665f6d2e36fb25fec3b110", "https://git.kernel.org/stable/c/e7090fe75a2826363c71ad1fb4e95e58141478df", "https://linux.oracle.com/cve/CVE-2025-38047.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025061830-CVE-2025-38047-ad81@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38047", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://www.cve.org/CVERecord?id=CVE-2025-38047" ], "PublishedDate": "2025-06-18T10:15:37.317Z", "LastModifiedDate": "2025-11-14T17:07:39.9Z" }, { "VulnerabilityID": "CVE-2025-38059", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38059", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:874c4d58a6561137a383632948633d9afae8c83fe570bc9d468c59c90a8ef9bd", "Title": "kernel: btrfs: avoid NULL pointer dereference if no valid csum tree", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: avoid NULL pointer dereference if no valid csum tree\n\n[BUG]\nWhen trying read-only scrub on a btrfs with rescue=idatacsums mount\noption, it will crash with the following call trace:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000208\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n CPU: 1 UID: 0 PID: 835 Comm: btrfs Tainted: G O 6.15.0-rc3-custom+ #236 PREEMPT(full)\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS unknown 02/02/2022\n RIP: 0010:btrfs_lookup_csums_bitmap+0x49/0x480 [btrfs]\n Call Trace:\n \u003cTASK\u003e\n scrub_find_fill_first_stripe+0x35b/0x3d0 [btrfs]\n scrub_simple_mirror+0x175/0x290 [btrfs]\n scrub_stripe+0x5f7/0x6f0 [btrfs]\n scrub_chunk+0x9a/0x150 [btrfs]\n scrub_enumerate_chunks+0x333/0x660 [btrfs]\n btrfs_scrub_dev+0x23e/0x600 [btrfs]\n btrfs_ioctl+0x1dcf/0x2f80 [btrfs]\n __x64_sys_ioctl+0x97/0xc0\n do_syscall_64+0x4f/0x120\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n[CAUSE]\nMount option \"rescue=idatacsums\" will completely skip loading the csum\ntree, so that any data read will not find any data csum thus we will\nignore data checksum verification.\n\nNormally call sites utilizing csum tree will check the fs state flag\nNO_DATA_CSUMS bit, but unfortunately scrub does not check that bit at all.\n\nThis results in scrub to call btrfs_search_slot() on a NULL pointer\nand triggered above crash.\n\n[FIX]\nCheck both extent and csum tree root before doing any tree search.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38059", "https://git.kernel.org/linus/f95d186255b319c48a365d47b69bd997fecb674e (6.15-rc6)", "https://git.kernel.org/stable/c/50d0de59f66cbe6d597481e099bf1c70fd07e0a9", "https://git.kernel.org/stable/c/6e9770de024964b1017f99ee94f71967bd6edaeb", "https://git.kernel.org/stable/c/d35bed14b0bc95c6845863a3744ecd10b888c830", "https://git.kernel.org/stable/c/f95d186255b319c48a365d47b69bd997fecb674e", "https://linux.oracle.com/cve/CVE-2025-38059.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025061834-CVE-2025-38059-4697@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38059", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38059" ], "PublishedDate": "2025-06-18T10:15:38.703Z", "LastModifiedDate": "2025-11-14T17:06:22.297Z" }, { "VulnerabilityID": "CVE-2025-38060", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38060", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e58d595c9b99353b54e80b17a9004f0b6d3757fcc89b578c1e6b9d3c6afdcece", "Title": "kernel: Linux kernel: BPF verifier security bypass due to incorrect state handling", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: copy_verifier_state() should copy 'loop_entry' field\n\nThe bpf_verifier_state.loop_entry state should be copied by\ncopy_verifier_state(). Otherwise, .loop_entry values from unrelated\nstates would poison env-\u003ecur_state.\n\nAdditionally, env-\u003estack should not contain any states with\n.loop_entry != NULL. The states in env-\u003estack are yet to be verified,\nwhile .loop_entry is set for states that reached an equivalent state.\nThis means that env-\u003ecur_state-\u003eloop_entry should always be NULL after\npop_stack().\n\nSee the selftest in the next commit for an example of the program that\nis not safe yet is accepted by verifier w/o this fix.\n\nThis change has some verification performance impact for selftests:\n\nFile Program Insns (A) Insns (B) Insns (DIFF) States (A) States (B) States (DIFF)\n---------------------------------- ---------------------------- --------- --------- -------------- ---------- ---------- -------------\narena_htab.bpf.o arena_htab_llvm 717 426 -291 (-40.59%) 57 37 -20 (-35.09%)\narena_htab_asm.bpf.o arena_htab_asm 597 445 -152 (-25.46%) 47 37 -10 (-21.28%)\narena_list.bpf.o arena_list_del 309 279 -30 (-9.71%) 23 14 -9 (-39.13%)\niters.bpf.o iter_subprog_check_stacksafe 155 141 -14 (-9.03%) 15 14 -1 (-6.67%)\niters.bpf.o iter_subprog_iters 1094 1003 -91 (-8.32%) 88 83 -5 (-5.68%)\niters.bpf.o loop_state_deps2 479 725 +246 (+51.36%) 46 63 +17 (+36.96%)\nkmem_cache_iter.bpf.o open_coded_iter 63 59 -4 (-6.35%) 7 6 -1 (-14.29%)\nverifier_bits_iter.bpf.o max_words 92 84 -8 (-8.70%) 8 7 -1 (-12.50%)\nverifier_iterating_callbacks.bpf.o cond_break2 113 107 -6 (-5.31%) 12 12 +0 (+0.00%)\n\nAnd significant negative impact for sched_ext:\n\nFile Program Insns (A) Insns (B) Insns (DIFF) States (A) States (B) States (DIFF)\n----------------- ---------------------- --------- --------- -------------------- ---------- ---------- ------------------\nbpf.bpf.o lavd_init 7039 14723 +7684 (+109.16%) 490 1139 +649 (+132.45%)\nbpf.bpf.o layered_dispatch 11485 10548 -937 (-8.16%) 848 762 -86 (-10.14%)\nbpf.bpf.o layered_dump 7422 1000001 +992579 (+13373.47%) 681 31178 +30497 (+4478.27%)\nbpf.bpf.o layered_enqueue 16854 71127 +54273 (+322.02%) 1611 6450 +4839 (+300.37%)\nbpf.bpf.o p2dq_dispatch 665 791 +126 (+18.95%) 68 78 +10 (+14.71%)\nbpf.bpf.o p2dq_init 2343 2980 +637 (+27.19%) 201 237 +36 (+17.91%)\nbpf.bpf.o refresh_layer_cpumasks 16487 674760 +658273 (+3992.68%) 1770 65370 +63600 (+3593.22%)\nbpf.bpf.o rusty_select_cpu 1937 40872 +38935 (+2010.07%) 177 3210 +3033 (+1713.56%)\nscx_central.bpf.o central_dispatch 636 2687 +2051 (+322.48%) 63 227 +164 (+260.32%)\nscx_nest.bpf.o nest_init 636 815 +179 (+28.14%) 60 73 +13 (+21.67%)\nscx_qmap.bpf.o qmap_dispatch \n---truncated---", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 3, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38060", "https://git.kernel.org/linus/bbbc02b7445ebfda13e4847f4f1413c6480a85a9 (6.15-rc1)", "https://git.kernel.org/stable/c/46ba5757a7a4714e7d3f68cfe118208822cb3d78", "https://git.kernel.org/stable/c/8b4afd89fa75f738a80ca849126fd3cad77bcbf1", "https://git.kernel.org/stable/c/bbbc02b7445ebfda13e4847f4f1413c6480a85a9", "https://linux.oracle.com/cve/CVE-2025-38060.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025061834-CVE-2025-38060-2363@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38060", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38060" ], "PublishedDate": "2025-06-18T10:15:38.83Z", "LastModifiedDate": "2025-11-14T17:06:04.77Z" }, { "VulnerabilityID": "CVE-2025-38062", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38062", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:123b89e93c20a992ac93f870988c77b59b8d613517a2f5b7588ccc79e3267449", "Title": "kernel: Linux kernel: Use-After-Free vulnerability in MSI translation via IOMMU domain change during VFIO operation", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ngenirq/msi: Store the IOMMU IOVA directly in msi_desc instead of iommu_cookie\n\nThe IOMMU translation for MSI message addresses has been a 2-step process,\nseparated in time:\n\n 1) iommu_dma_prepare_msi(): A cookie pointer containing the IOVA address\n is stored in the MSI descriptor when an MSI interrupt is allocated.\n\n 2) iommu_dma_compose_msi_msg(): this cookie pointer is used to compute a\n translated message address.\n\nThis has an inherent lifetime problem for the pointer stored in the cookie\nthat must remain valid between the two steps. However, there is no locking\nat the irq layer that helps protect the lifetime. Today, this works under\nthe assumption that the iommu domain is not changed while MSI interrupts\nbeing programmed. This is true for normal DMA API users within the kernel,\nas the iommu domain is attached before the driver is probed and cannot be\nchanged while a driver is attached.\n\nClassic VFIO type1 also prevented changing the iommu domain while VFIO was\nrunning as it does not support changing the \"container\" after starting up.\n\nHowever, iommufd has improved this so that the iommu domain can be changed\nduring VFIO operation. This potentially allows userspace to directly race\nVFIO_DEVICE_ATTACH_IOMMUFD_PT (which calls iommu_attach_group()) and\nVFIO_DEVICE_SET_IRQS (which calls into iommu_dma_compose_msi_msg()).\n\nThis potentially causes both the cookie pointer and the unlocked call to\niommu_get_domain_for_dev() on the MSI translation path to become UAFs.\n\nFix the MSI cookie UAF by removing the cookie pointer. The translated IOVA\naddress is already known during iommu_dma_prepare_msi() and cannot change.\nThus, it can simply be stored as an integer in the MSI descriptor.\n\nThe other UAF related to iommu_get_domain_for_dev() will be addressed in\npatch \"iommu: Make iommu_dma_prepare_msi() into a generic operation\" by\nusing the IOMMU group mutex.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 3, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38062", "https://git.kernel.org/linus/1f7df3a691740a7736bbc99dc4ed536120eb4746 (6.15-rc1)", "https://git.kernel.org/stable/c/1f7df3a691740a7736bbc99dc4ed536120eb4746", "https://git.kernel.org/stable/c/53f42776e435f63e5f8e61955e4c205dbfeaf524", "https://git.kernel.org/stable/c/856152eb91e67858a09e30a7149a1f29b04b7384", "https://git.kernel.org/stable/c/ba41e4e627db51d914444aee0b93eb67f31fa330", "https://git.kernel.org/stable/c/e4d3763223c7b72ded53425207075e7453b4e3d5", "https://linux.oracle.com/cve/CVE-2025-38062.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025061835-CVE-2025-38062-f2b5@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38062", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38062" ], "PublishedDate": "2025-06-18T10:15:39.08Z", "LastModifiedDate": "2025-12-18T21:31:24.73Z" }, { "VulnerabilityID": "CVE-2025-38063", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38063", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f4afc59c004e5ca51cfae9f1bb1372709ea1267ec68c7220f548cf20f1aaeed2", "Title": "kernel: dm: fix unconditional IO throttle caused by REQ_PREFLUSH", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: fix unconditional IO throttle caused by REQ_PREFLUSH\n\nWhen a bio with REQ_PREFLUSH is submitted to dm, __send_empty_flush()\ngenerates a flush_bio with REQ_OP_WRITE | REQ_PREFLUSH | REQ_SYNC,\nwhich causes the flush_bio to be throttled by wbt_wait().\n\nAn example from v5.4, similar problem also exists in upstream:\n\n crash\u003e bt 2091206\n PID: 2091206 TASK: ffff2050df92a300 CPU: 109 COMMAND: \"kworker/u260:0\"\n #0 [ffff800084a2f7f0] __switch_to at ffff80004008aeb8\n #1 [ffff800084a2f820] __schedule at ffff800040bfa0c4\n #2 [ffff800084a2f880] schedule at ffff800040bfa4b4\n #3 [ffff800084a2f8a0] io_schedule at ffff800040bfa9c4\n #4 [ffff800084a2f8c0] rq_qos_wait at ffff8000405925bc\n #5 [ffff800084a2f940] wbt_wait at ffff8000405bb3a0\n #6 [ffff800084a2f9a0] __rq_qos_throttle at ffff800040592254\n #7 [ffff800084a2f9c0] blk_mq_make_request at ffff80004057cf38\n #8 [ffff800084a2fa60] generic_make_request at ffff800040570138\n #9 [ffff800084a2fae0] submit_bio at ffff8000405703b4\n #10 [ffff800084a2fb50] xlog_write_iclog at ffff800001280834 [xfs]\n #11 [ffff800084a2fbb0] xlog_sync at ffff800001280c3c [xfs]\n #12 [ffff800084a2fbf0] xlog_state_release_iclog at ffff800001280df4 [xfs]\n #13 [ffff800084a2fc10] xlog_write at ffff80000128203c [xfs]\n #14 [ffff800084a2fcd0] xlog_cil_push at ffff8000012846dc [xfs]\n #15 [ffff800084a2fda0] xlog_cil_push_work at ffff800001284a2c [xfs]\n #16 [ffff800084a2fdb0] process_one_work at ffff800040111d08\n #17 [ffff800084a2fe00] worker_thread at ffff8000401121cc\n #18 [ffff800084a2fe70] kthread at ffff800040118de4\n\nAfter commit 2def2845cc33 (\"xfs: don't allow log IO to be throttled\"),\nthe metadata submitted by xlog_write_iclog() should not be throttled.\nBut due to the existence of the dm layer, throttling flush_bio indirectly\ncauses the metadata bio to be throttled.\n\nFix this by conditionally adding REQ_IDLE to flush_bio.bi_opf, which makes\nwbt_should_throttle() return false to avoid wbt_wait().", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 3, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "V3Score": 6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38063", "https://git.kernel.org/linus/88f7f56d16f568f19e1a695af34a7f4a6ce537a6 (6.15-rc1)", "https://git.kernel.org/stable/c/2858cda9a8d95e6deee7e3b0a26adde696a9a4f5", "https://git.kernel.org/stable/c/52aa28f7b1708d76e315d78b5ed397932a1a97c3", "https://git.kernel.org/stable/c/88f7f56d16f568f19e1a695af34a7f4a6ce537a6", "https://git.kernel.org/stable/c/95d08924335f3b6f4ea0b92ebfe4fe0731c502d9", "https://git.kernel.org/stable/c/b55a97d1bd4083729a60d19beffe85d4c96680de", "https://linux.oracle.com/cve/CVE-2025-38063.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025061835-CVE-2025-38063-e0a8@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38063", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38063" ], "PublishedDate": "2025-06-18T10:15:39.207Z", "LastModifiedDate": "2025-12-17T19:18:05.93Z" }, { "VulnerabilityID": "CVE-2025-38064", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38064", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9d2b9b0a26ab9a19eba183fc598c22b96d77a00a42426f7a77c4d5191458508f", "Title": "kernel: virtio: break and reset virtio devices on device_shutdown()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio: break and reset virtio devices on device_shutdown()\n\nHongyu reported a hang on kexec in a VM. QEMU reported invalid memory\naccesses during the hang.\n\n\tInvalid read at addr 0x102877002, size 2, region '(null)', reason: rejected\n\tInvalid write at addr 0x102877A44, size 2, region '(null)', reason: rejected\n\t...\n\nIt was traced down to virtio-console. Kexec works fine if virtio-console\nis not in use.\n\nThe issue is that virtio-console continues to write to the MMIO even after\nunderlying virtio-pci device is reset.\n\nAdditionally, Eric noticed that IOMMUs are reset before devices, if\ndevices are not reset on shutdown they continue to poke at guest memory\nand get errors from the IOMMU. Some devices get wedged then.\n\nThe problem can be solved by breaking all virtio devices on virtio\nbus shutdown, then resetting them.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38064", "https://git.kernel.org/linus/8bd2fa086a04886798b505f28db4002525895203 (6.15-rc1)", "https://git.kernel.org/stable/c/8bd2fa086a04886798b505f28db4002525895203", "https://git.kernel.org/stable/c/aee42f3d57bfa37b2716df4584edeecf63b9df4c", "https://lore.kernel.org/linux-cve-announce/2025061836-CVE-2025-38064-8108@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38064", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://www.cve.org/CVERecord?id=CVE-2025-38064" ], "PublishedDate": "2025-06-18T10:15:39.34Z", "LastModifiedDate": "2025-11-14T17:05:53.67Z" }, { "VulnerabilityID": "CVE-2025-38069", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38069", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4de7e72e178732c994f7859ead3450b69dd5f07a2d1ac33d595c1aafa523548d", "Title": "kernel: PCI: endpoint: pci-epf-test: Fix double free that causes kernel to oops", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: pci-epf-test: Fix double free that causes kernel to oops\n\nFix a kernel oops found while testing the stm32_pcie Endpoint driver\nwith handling of PERST# deassertion:\n\nDuring EP initialization, pci_epf_test_alloc_space() allocates all BARs,\nwhich are further freed if epc_set_bar() fails (for instance, due to no\nfree inbound window).\n\nHowever, when pci_epc_set_bar() fails, the error path:\n\n pci_epc_set_bar() -\u003e\n pci_epf_free_space()\n\ndoes not clear the previous assignment to epf_test-\u003ereg[bar].\n\nThen, if the host reboots, the PERST# deassertion restarts the BAR\nallocation sequence with the same allocation failure (no free inbound\nwindow), creating a double free situation since epf_test-\u003ereg[bar] was\ndeallocated and is still non-NULL.\n\nThus, make sure that pci_epf_alloc_space() and pci_epf_free_space()\ninvocations are symmetric, and as such, set epf_test-\u003ereg[bar] to NULL\nwhen memory is freed.\n\n[kwilczynski: commit log]", "Severity": "MEDIUM", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "nvd": 3, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38069", "https://git.kernel.org/linus/934e9d137d937706004c325fa1474f9e3f1ba10a (6.15-rc1)", "https://git.kernel.org/stable/c/8b83893d1f6c6061a7d58169ecdf9d5ee9f306ee", "https://git.kernel.org/stable/c/934e9d137d937706004c325fa1474f9e3f1ba10a", "https://git.kernel.org/stable/c/fe2329eff5bee461ebcafadb6ca1df0cbf5945fd", "https://linux.oracle.com/cve/CVE-2025-38069.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025061838-CVE-2025-38069-b1a0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38069", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://www.cve.org/CVERecord?id=CVE-2025-38069" ], "PublishedDate": "2025-06-18T10:15:40.09Z", "LastModifiedDate": "2025-11-14T17:05:43.17Z" }, { "VulnerabilityID": "CVE-2025-38070", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38070", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:618fd4683f40a30851c41bcba0bd0fbc27857f47c4fa28119e02604a6269507a", "Title": "kernel: ASoC: sma1307: Add NULL check in sma1307_setting_loaded()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: sma1307: Add NULL check in sma1307_setting_loaded()\n\nAll varibale allocated by kzalloc and devm_kzalloc could be NULL.\nMultiple pointer checks and their cleanup are added.\n\nThis issue is found by our static analysis tool", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38070", "https://git.kernel.org/linus/0ec6bd16705fe21d6429d6b8f7981eae2142bba8 (6.15-rc1)", "https://git.kernel.org/stable/c/0ec6bd16705fe21d6429d6b8f7981eae2142bba8", "https://git.kernel.org/stable/c/f8434b8ba437d3f6cbcd9ffe8405bd16ed28fc5c", "https://lore.kernel.org/linux-cve-announce/2025061838-CVE-2025-38070-8f13@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38070", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://www.cve.org/CVERecord?id=CVE-2025-38070" ], "PublishedDate": "2025-06-18T10:15:40.32Z", "LastModifiedDate": "2025-11-14T17:05:15.107Z" }, { "VulnerabilityID": "CVE-2025-38071", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38071", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:790e99f8cc6ae33d41392604f037b15ad5595cfdae750cb95d62341349d33814", "Title": "kernel: x86/mm: Check return value from memblock_phys_alloc_range()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm: Check return value from memblock_phys_alloc_range()\n\nAt least with CONFIG_PHYSICAL_START=0x100000, if there is \u003c 4 MiB of\ncontiguous free memory available at this point, the kernel will crash\nand burn because memblock_phys_alloc_range() returns 0 on failure,\nwhich leads memblock_phys_free() to throw the first 4 MiB of physical\nmemory to the wolves.\n\nAt a minimum it should fail gracefully with a meaningful diagnostic,\nbut in fact everything seems to work fine without the weird reserve\nallocation.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 6.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38071", "https://git.kernel.org/linus/631ca8909fd5c62b9fda9edda93924311a78a9c4 (6.15-rc1)", "https://git.kernel.org/stable/c/631ca8909fd5c62b9fda9edda93924311a78a9c4", "https://git.kernel.org/stable/c/8c18c904d301ffeb33b071eadc55cd6131e1e9be", "https://git.kernel.org/stable/c/bffd5f2815c5234d609725cd0dc2f4bc5de2fc67", "https://git.kernel.org/stable/c/c6f2694c580c27dca0cf7546ee9b4bfa6b940e38", "https://git.kernel.org/stable/c/dde4800d2b0f68b945fd81d4fc2d4a10ae25f743", "https://linux.oracle.com/cve/CVE-2025-38071.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025061838-CVE-2025-38071-cc7c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38071", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38071" ], "PublishedDate": "2025-06-18T10:15:40.45Z", "LastModifiedDate": "2025-12-17T18:54:05.94Z" }, { "VulnerabilityID": "CVE-2025-38080", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38080", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:22702d24c8fa77a43a645eb8857f0508361f0656fab11455a69a2643f9d3932c", "Title": "kernel: drm/amd/display: Increase block_sequence array size", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Increase block_sequence array size\n\n[Why]\nIt's possible to generate more than 50 steps in hwss_build_fast_sequence,\nfor example with a 6-pipe asic where all pipes are in one MPC chain. This\noverflows the block_sequence buffer and corrupts block_sequence_steps,\ncausing a crash.\n\n[How]\nExpand block_sequence to 100 items. A naive upper bound on the possible\nnumber of steps for a 6-pipe asic, ignoring the potential for steps to be\nmutually exclusive, is 91 with current code, therefore 100 is sufficient.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 3, "nvd": 2, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38080", "https://git.kernel.org/linus/3a7810c212bcf2f722671dadf4b23ff70a7d23ee (6.15-rc1)", "https://git.kernel.org/stable/c/3a7810c212bcf2f722671dadf4b23ff70a7d23ee", "https://git.kernel.org/stable/c/bf1666072e7482317cf2302621766482a21a62c7", "https://git.kernel.org/stable/c/de67e80ab48f1f23663831007a2fa3c1471a7757", "https://git.kernel.org/stable/c/e55c5704b12eeea27e212bfab8f7e51ad3e8ac1f", "https://linux.oracle.com/cve/CVE-2025-38080.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025061842-CVE-2025-38080-849c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38080", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38080" ], "PublishedDate": "2025-06-18T10:15:41.647Z", "LastModifiedDate": "2025-11-14T20:18:20.68Z" }, { "VulnerabilityID": "CVE-2025-38081", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38081", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:afac2e998d0f03c80675bac2f1a60b84c3f978e57e34b60e8a382862481f1378", "Title": "kernel: spi-rockchip: Fix register out of bounds access", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi-rockchip: Fix register out of bounds access\n\nDo not write native chip select stuff for GPIO chip selects.\nGPIOs can be numbered much higher than native CS.\nAlso, it makes no sense.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "azure": 2, "nvd": 3, "oracle-oval": 3, "photon": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38081", "https://git.kernel.org/linus/7a874e8b54ea21094f7fd2d428b164394c6cb316 (6.15-rc1)", "https://git.kernel.org/stable/c/254e04ec799c1ff8c1e2bd08a57c6a849895d6ff", "https://git.kernel.org/stable/c/4a120221661fcecb253448d7b041a52d47f1d91f", "https://git.kernel.org/stable/c/7a874e8b54ea21094f7fd2d428b164394c6cb316", "https://git.kernel.org/stable/c/ace57bd1fb49d193edec5f6a1f255f48dd5fca90", "https://linux.oracle.com/cve/CVE-2025-38081.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025061842-CVE-2025-38081-8916@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38081", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38081" ], "PublishedDate": "2025-06-18T10:15:41.767Z", "LastModifiedDate": "2025-11-14T20:23:34.783Z" }, { "VulnerabilityID": "CVE-2025-38082", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38082", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:63adff52909ee50036b55aa3319bda9a9bd26ae7f84909f551124a8190682983", "Title": "kernel: gpio: virtuser: fix potential out-of-bound write", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: virtuser: fix potential out-of-bound write\n\nIf the caller wrote more characters, count is truncated to the max\navailable space in \"simple_write_to_buffer\". Check that the input\nsize does not exceed the buffer size. Write a zero termination\nafterwards.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "amazon": 3, "nvd": 3, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38082", "https://git.kernel.org/linus/7118be7c6072f40391923543fdd1563b8d56377c (6.15-rc7)", "https://git.kernel.org/stable/c/7118be7c6072f40391923543fdd1563b8d56377c", "https://git.kernel.org/stable/c/afe090366f470f77e140ff3407db813f57852c04", "https://git.kernel.org/stable/c/b96feaaa0fda1e3871b438143c3446954b32d3a7", "https://linux.oracle.com/cve/CVE-2025-38082.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025061845-CVE-2025-38082-7ec8@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38082", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://www.cve.org/CVERecord?id=CVE-2025-38082" ], "PublishedDate": "2025-06-18T10:15:41.89Z", "LastModifiedDate": "2025-11-14T20:24:01.21Z" }, { "VulnerabilityID": "CVE-2025-38091", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38091", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:489ba09e97505ed164c50a8c5c27fb235c0b01e4126858836a66fbefb6c7bb85", "Title": "kernel: Linux kernel AMD display driver: Denial of Service via incorrect DML21 plane_id query", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: check stream id dml21 wrapper to get plane_id\n\n[Why \u0026 How]\nFix a false positive warning which occurs due to lack of correct checks\nwhen querying plane_id in DML21. This fixes the warning when performing a\nmode1 reset (cat /sys/kernel/debug/dri/1/amdgpu_gpu_recover):\n\n[ 35.751250] WARNING: CPU: 11 PID: 326 at /tmp/amd.PHpyAl7v/amd/amdgpu/../display/dc/dml2/dml2_dc_resource_mgmt.c:91 dml2_map_dc_pipes+0x243d/0x3f40 [amdgpu]\n[ 35.751434] Modules linked in: amdgpu(OE) amddrm_ttm_helper(OE) amdttm(OE) amddrm_buddy(OE) amdxcp(OE) amddrm_exec(OE) amd_sched(OE) amdkcl(OE) drm_suballoc_helper drm_ttm_helper ttm drm_display_helper cec rc_core i2c_algo_bit rfcomm qrtr cmac algif_hash algif_skcipher af_alg bnep amd_atl intel_rapl_msr intel_rapl_common snd_hda_codec_hdmi snd_hda_intel edac_mce_amd snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec kvm_amd snd_hda_core snd_hwdep snd_pcm kvm snd_seq_midi snd_seq_midi_event snd_rawmidi crct10dif_pclmul polyval_clmulni polyval_generic btusb ghash_clmulni_intel sha256_ssse3 btrtl sha1_ssse3 snd_seq btintel aesni_intel btbcm btmtk snd_seq_device crypto_simd sunrpc cryptd bluetooth snd_timer ccp binfmt_misc rapl snd i2c_piix4 wmi_bmof gigabyte_wmi k10temp i2c_smbus soundcore gpio_amdpt mac_hid sch_fq_codel msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs ip_tables x_tables autofs4 hid_generic usbhid hid crc32_pclmul igc ahci xhci_pci libahci xhci_pci_renesas video wmi\n[ 35.751501] CPU: 11 UID: 0 PID: 326 Comm: kworker/u64:9 Tainted: G OE 6.11.0-21-generic #21~24.04.1-Ubuntu\n[ 35.751504] Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n[ 35.751505] Hardware name: Gigabyte Technology Co., Ltd. X670E AORUS PRO X/X670E AORUS PRO X, BIOS F30 05/22/2024\n[ 35.751506] Workqueue: amdgpu-reset-dev amdgpu_debugfs_reset_work [amdgpu]\n[ 35.751638] RIP: 0010:dml2_map_dc_pipes+0x243d/0x3f40 [amdgpu]\n[ 35.751794] Code: 6d 0c 00 00 8b 84 24 88 00 00 00 41 3b 44 9c 20 0f 84 fc 07 00 00 48 83 c3 01 48 83 fb 06 75 b3 4c 8b 64 24 68 4c 8b 6c 24 40 \u003c0f\u003e 0b b8 06 00 00 00 49 8b 94 24 a0 49 00 00 89 c3 83 f8 07 0f 87\n[ 35.751796] RSP: 0018:ffffbfa3805d7680 EFLAGS: 00010246\n[ 35.751798] RAX: 0000000000010000 RBX: 0000000000000006 RCX: 0000000000000000\n[ 35.751799] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000000\n[ 35.751800] RBP: ffffbfa3805d78f0 R08: 0000000000000000 R09: 0000000000000000\n[ 35.751801] R10: 0000000000000000 R11: 0000000000000000 R12: ffffbfa383249000\n[ 35.751802] R13: ffffa0e68f280000 R14: ffffbfa383249658 R15: 0000000000000000\n[ 35.751803] FS: 0000000000000000(0000) GS:ffffa0edbe580000(0000) knlGS:0000000000000000\n[ 35.751804] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 35.751805] CR2: 00005d847ef96c58 CR3: 000000041de3e000 CR4: 0000000000f50ef0\n[ 35.751806] PKRU: 55555554\n[ 35.751807] Call Trace:\n[ 35.751810] \u003cTASK\u003e\n[ 35.751816] ? show_regs+0x6c/0x80\n[ 35.751820] ? __warn+0x88/0x140\n[ 35.751822] ? dml2_map_dc_pipes+0x243d/0x3f40 [amdgpu]\n[ 35.751964] ? report_bug+0x182/0x1b0\n[ 35.751969] ? handle_bug+0x6e/0xb0\n[ 35.751972] ? exc_invalid_op+0x18/0x80\n[ 35.751974] ? asm_exc_invalid_op+0x1b/0x20\n[ 35.751978] ? dml2_map_dc_pipes+0x243d/0x3f40 [amdgpu]\n[ 35.752117] ? math_pow+0x48/0xa0 [amdgpu]\n[ 35.752256] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 35.752260] ? math_pow+0x48/0xa0 [amdgpu]\n[ 35.752400] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 35.752403] ? math_pow+0x11/0xa0 [amdgpu]\n[ 35.752524] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 35.752526] ? core_dcn4_mode_programming+0xe4d/0x20d0 [amdgpu]\n[ 35.752663] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 35.752669] dml21_validate+0x3d4/0x980 [amdgpu]\n\n(cherry picked from commit f8ad62c0a93e5dd94243e10f1b742232e4d6411e)", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 3, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38091", "https://git.kernel.org/linus/2ddac70fed50485aa4ae49cdb7478ce41d8d4715 (6.15-rc7)", "https://git.kernel.org/stable/c/2ddac70fed50485aa4ae49cdb7478ce41d8d4715", "https://git.kernel.org/stable/c/6f47d7408133631a1b178f8a04e79aee189ef046", "https://git.kernel.org/stable/c/c53f23f7075c9f63f14d7ec8f2cc3e33e118d986", "https://linux.oracle.com/cve/CVE-2025-38091.html", "https://linux.oracle.com/errata/ELSA-2025-20551.html", "https://lore.kernel.org/linux-cve-announce/2025070235-CVE-2025-38091-cb97@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38091", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://www.cve.org/CVERecord?id=CVE-2025-38091" ], "PublishedDate": "2025-07-02T15:15:26.07Z", "LastModifiedDate": "2025-11-20T22:07:13.727Z" }, { "VulnerabilityID": "CVE-2025-38092", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38092", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:21f6f3515a6027fffb002bedbe375e33533913a6352eef67e419eb4ecaee35ac", "Title": "kernel: ksmbd: use list_first_entry_or_null for opinfo_get_list()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: use list_first_entry_or_null for opinfo_get_list()\n\nThe list_first_entry() macro never returns NULL. If the list is\nempty then it returns an invalid pointer. Use list_first_entry_or_null()\nto check if the list is empty.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38092", "https://git.kernel.org/linus/10379171f346e6f61d30d9949500a8de4336444a (6.15)", "https://git.kernel.org/stable/c/10379171f346e6f61d30d9949500a8de4336444a", "https://git.kernel.org/stable/c/334da674b25fdb7a1a4d4b89dcd7795144fc7e11", "https://git.kernel.org/stable/c/c78abb646ff823e7d22faad4cc0703d4484da9e8", "https://git.kernel.org/stable/c/cb7e06e9736d73007dc8dab7b353733bb37df86b", "https://lore.kernel.org/linux-cve-announce/2025070237-CVE-2025-38092-70a8@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38092", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://www.cve.org/CVERecord?id=CVE-2025-38092" ], "PublishedDate": "2025-07-02T15:15:26.197Z", "LastModifiedDate": "2025-11-20T21:58:27Z" }, { "VulnerabilityID": "CVE-2025-38096", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38096", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f012fb033bb2739db48f31288c89dcf0648d62c82030311bbf9aaf961014039e", "Title": "kernel: Linux Kernel: Denial of Service in iwlwifi due to improper firmware error handling", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: don't warn when if there is a FW error\n\niwl_trans_reclaim is warning if it is called when the FW is not alive.\nBut if it is called when there is a pending restart, i.e. after a FW\nerror, there is no need to warn, instead - return silently.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38096", "https://git.kernel.org/linus/c7f50d0433a016d43681592836a3d484817bfb34 (6.15-rc1)", "https://git.kernel.org/stable/c/0446d34a853d9576e2a7628c803d2abd2f8cf3a8", "https://git.kernel.org/stable/c/c7f50d0433a016d43681592836a3d484817bfb34", "https://git.kernel.org/stable/c/d07a08f42dc7230c902e1af2a899a72b0a03aa69", "https://linux.oracle.com/cve/CVE-2025-38096.html", "https://linux.oracle.com/errata/ELSA-2025-20551.html", "https://lore.kernel.org/linux-cve-announce/2025070303-CVE-2025-38096-ae58@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38096", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://www.cve.org/CVERecord?id=CVE-2025-38096" ], "PublishedDate": "2025-07-03T09:15:22.913Z", "LastModifiedDate": "2025-11-20T21:53:08.08Z" }, { "VulnerabilityID": "CVE-2025-38097", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38097", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f20a04ad780e8364c5310d930780a098543aae97236c09a0aa617068c96b9762", "Title": "kernel: espintcp: remove encap socket caching to avoid reference leak", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nespintcp: remove encap socket caching to avoid reference leak\n\nThe current scheme for caching the encap socket can lead to reference\nleaks when we try to delete the netns.\n\nThe reference chain is: xfrm_state -\u003e enacp_sk -\u003e netns\n\nSince the encap socket is a userspace socket, it holds a reference on\nthe netns. If we delete the espintcp state (through flush or\nindividual delete) before removing the netns, the reference on the\nsocket is dropped and the netns is correctly deleted. Otherwise, the\nnetns may not be reachable anymore (if all processes within the ns\nhave terminated), so we cannot delete the xfrm state to drop its\nreference on the socket.\n\nThis patch results in a small (~2% in my tests) performance\nregression.\n\nA GC-type mechanism could be added for the socket cache, to clear\nreferences if the state hasn't been used \"recently\", but it's a lot\nmore complex than just not caching the socket.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38097", "https://git.kernel.org/linus/028363685bd0b7a19b4a820f82dd905b1dc83999 (6.15)", "https://git.kernel.org/stable/c/028363685bd0b7a19b4a820f82dd905b1dc83999", "https://git.kernel.org/stable/c/74fd327767fb784c5875cf7c4ba1217f26020943", "https://git.kernel.org/stable/c/9cbca30102028f9ad3d2098f935c4368f581fd07", "https://git.kernel.org/stable/c/b58a295d10065960bcb9d60cb8ca6ead9837cd27", "https://git.kernel.org/stable/c/e4cde54b46a87231c77256a633be1bef62687d69", "https://linux.oracle.com/cve/CVE-2025-38097.html", "https://linux.oracle.com/errata/ELSA-2025-20551.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025070305-CVE-2025-38097-287c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38097", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38097" ], "PublishedDate": "2025-07-03T09:15:23.03Z", "LastModifiedDate": "2025-12-16T17:16:50.913Z" }, { "VulnerabilityID": "CVE-2025-38098", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38098", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:791427cd5126d3adda2a073a4fca2d6cf2972315738efa44f6f3cde97081cf89", "Title": "kernel: drm/amd/display: Don't treat wb connector as physical in create_validate_stream_for_sink", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Don't treat wb connector as physical in create_validate_stream_for_sink\n\nDon't try to operate on a drm_wb_connector as an amdgpu_dm_connector.\nWhile dereferencing aconnector-\u003ebase will \"work\" it's wrong and\nmight lead to unknown bad things. Just... don't.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38098", "https://git.kernel.org/linus/cbf4890c6f28fb1ad733e14613fbd33c2004bced (6.15-rc1)", "https://git.kernel.org/stable/c/18ca68f7c657721583a75cab01f0d0d2ec63a6c9", "https://git.kernel.org/stable/c/b14e726d57f61085485f107a6203c50a09695abd", "https://git.kernel.org/stable/c/cbf4890c6f28fb1ad733e14613fbd33c2004bced", "https://linux.oracle.com/cve/CVE-2025-38098.html", "https://linux.oracle.com/errata/ELSA-2025-20551.html", "https://lore.kernel.org/linux-cve-announce/2025070305-CVE-2025-38098-2802@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38098", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38098" ], "PublishedDate": "2025-07-03T09:15:23.173Z", "LastModifiedDate": "2025-11-20T21:52:51.12Z" }, { "VulnerabilityID": "CVE-2025-38099", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38099", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6e7cf6bcba5a791a7c19e90d55b8c077e29ad6cb561b6b28c72cdd3f83bc9b15", "Title": "kernel: Linux kernel Bluetooth: Denial of Service via improper SCO voice setting", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Disable SCO support if READ_VOICE_SETTING is unsupported/broken\n\nA SCO connection without the proper voice_setting can cause\nthe controller to lock up.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38099", "https://git.kernel.org/linus/14d17c78a4b1660c443bae9d38c814edea506f62 (6.15-rc1)", "https://git.kernel.org/stable/c/14d17c78a4b1660c443bae9d38c814edea506f62", "https://git.kernel.org/stable/c/ec1f015ec0c6fd250a6564e8452f7bb3160b9cb1", "https://git.kernel.org/stable/c/f48ee562c095e552a30b8d9cc0566a267b410f8a", "https://linux.oracle.com/cve/CVE-2025-38099.html", "https://linux.oracle.com/errata/ELSA-2025-20551.html", "https://lore.kernel.org/linux-cve-announce/2025070306-CVE-2025-38099-dffb@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38099", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38099" ], "PublishedDate": "2025-07-03T09:15:23.307Z", "LastModifiedDate": "2025-11-20T21:52:36.59Z" }, { "VulnerabilityID": "CVE-2025-38105", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38105", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:df561e704382624506d7dc3fd0b674c1f5aa0f66cf4978c0b10e8ed08cdffaeb", "Title": "kernel: Linux kernel: Denial of Service in USB-audio MIDI driver due to improper timer shutdown", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Kill timer properly at removal\n\nThe USB-audio MIDI code initializes the timer, but in a rare case, the\ndriver might be freed without the disconnect call. This leaves the\ntimer in an active state while the assigned object is released via\nsnd_usbmidi_free(), which ends up with a kernel warning when the debug\nconfiguration is enabled, as spotted by fuzzer.\n\nFor avoiding the problem, put timer_shutdown_sync() at\nsnd_usbmidi_free(), so that the timer can be killed properly.\nWhile we're at it, replace the existing timer_delete_sync() at the\ndisconnect callback with timer_shutdown_sync(), too.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 3, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38105", "https://git.kernel.org/linus/0718a78f6a9f04b88d0dc9616cc216b31c5f3cf1 (6.16-rc1)", "https://git.kernel.org/stable/c/0718a78f6a9f04b88d0dc9616cc216b31c5f3cf1", "https://git.kernel.org/stable/c/62066758d2ae169278e5d6aea5995b1b6f6ddeb5", "https://git.kernel.org/stable/c/647410a7da46067953a53c0d03f8680eff570959", "https://git.kernel.org/stable/c/c611b9e55174e439dcd85a72969b43a95f3827a4", "https://git.kernel.org/stable/c/efaf61052b8ff9ee8968912fbaf02c2847c78ede", "https://linux.oracle.com/cve/CVE-2025-38105.html", "https://linux.oracle.com/errata/ELSA-2025-28040.html", "https://lore.kernel.org/linux-cve-announce/2025070322-CVE-2025-38105-dfcf@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38105", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38105" ], "PublishedDate": "2025-07-03T09:15:23.997Z", "LastModifiedDate": "2026-03-25T11:16:10.13Z" }, { "VulnerabilityID": "CVE-2025-38109", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38109", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e183c96ae104f1a34f3ec374f235072d571ff0384f075a8d1ab3decad336426f", "Title": "kernel: Linux kernel (net/mlx5): Use-after-free in ECVF vports unload leads to denial of service", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix ECVF vports unload on shutdown flow\n\nFix shutdown flow UAF when a virtual function is created on the embedded\nchip (ECVF) of a BlueField device. In such case the vport acl ingress\ntable is not properly destroyed.\n\nECVF functionality is independent of ecpf_vport_exists capability and\nthus functions mlx5_eswitch_(enable|disable)_pf_vf_vports() should not\ntest it when enabling/disabling ECVF vports.\n\nkernel log:\n[] refcount_t: underflow; use-after-free.\n[] WARNING: CPU: 3 PID: 1 at lib/refcount.c:28\n refcount_warn_saturate+0x124/0x220\n----------------\n[] Call trace:\n[] refcount_warn_saturate+0x124/0x220\n[] tree_put_node+0x164/0x1e0 [mlx5_core]\n[] mlx5_destroy_flow_table+0x98/0x2c0 [mlx5_core]\n[] esw_acl_ingress_table_destroy+0x28/0x40 [mlx5_core]\n[] esw_acl_ingress_lgcy_cleanup+0x80/0xf4 [mlx5_core]\n[] esw_legacy_vport_acl_cleanup+0x44/0x60 [mlx5_core]\n[] esw_vport_cleanup+0x64/0x90 [mlx5_core]\n[] mlx5_esw_vport_disable+0xc0/0x1d0 [mlx5_core]\n[] mlx5_eswitch_unload_ec_vf_vports+0xcc/0x150 [mlx5_core]\n[] mlx5_eswitch_disable_sriov+0x198/0x2a0 [mlx5_core]\n[] mlx5_device_disable_sriov+0xb8/0x1e0 [mlx5_core]\n[] mlx5_sriov_detach+0x40/0x50 [mlx5_core]\n[] mlx5_unload+0x40/0xc4 [mlx5_core]\n[] mlx5_unload_one_devl_locked+0x6c/0xe4 [mlx5_core]\n[] mlx5_unload_one+0x3c/0x60 [mlx5_core]\n[] shutdown+0x7c/0xa4 [mlx5_core]\n[] pci_device_shutdown+0x3c/0xa0\n[] device_shutdown+0x170/0x340\n[] __do_sys_reboot+0x1f4/0x2a0\n[] __arm64_sys_reboot+0x2c/0x40\n[] invoke_syscall+0x78/0x100\n[] el0_svc_common.constprop.0+0x54/0x184\n[] do_el0_svc+0x30/0xac\n[] el0_svc+0x48/0x160\n[] el0t_64_sync_handler+0xa4/0x12c\n[] el0t_64_sync+0x1a4/0x1a8\n[] --[ end trace 9c4601d68c70030e ]---", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 3, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H", "V3Score": 7.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38109", "https://git.kernel.org/linus/687560d8a9a2d654829ad0da1ec24242f1de711d (6.16-rc2)", "https://git.kernel.org/stable/c/24db585d369f949f698e03d7d8017e5ae19d0497", "https://git.kernel.org/stable/c/5953ae44dfe5dbad374318875be834c3b7b71ee6", "https://git.kernel.org/stable/c/687560d8a9a2d654829ad0da1ec24242f1de711d", "https://git.kernel.org/stable/c/da15ca0553325acf68039015f2f4db750c8e2b96", "https://linux.oracle.com/cve/CVE-2025-38109.html", "https://linux.oracle.com/errata/ELSA-2025-20551.html", "https://lore.kernel.org/linux-cve-announce/2025070323-CVE-2025-38109-f925@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38109", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38109" ], "PublishedDate": "2025-07-03T09:15:24.553Z", "LastModifiedDate": "2025-11-20T21:36:33.887Z" }, { "VulnerabilityID": "CVE-2025-38117", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38117", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:058fb60be0997a1982a1c2f46f60894f206c0bbf9b221ad83142115a5a44dd90", "Title": "kernel: Bluetooth: MGMT: Protect mgmt_pending list with its own lock", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Protect mgmt_pending list with its own lock\n\nThis uses a mutex to protect from concurrent access of mgmt_pending\nlist which can cause crashes like:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in hci_sock_get_channel+0x60/0x68 net/bluetooth/hci_sock.c:91\nRead of size 2 at addr ffff0000c48885b2 by task syz.4.334/7318\n\nCPU: 0 UID: 0 PID: 7318 Comm: syz.4.334 Not tainted 6.15.0-rc7-syzkaller-g187899f4124a #0 PREEMPT\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025\nCall trace:\n show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:466 (C)\n __dump_stack+0x30/0x40 lib/dump_stack.c:94\n dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120\n print_address_description+0xa8/0x254 mm/kasan/report.c:408\n print_report+0x68/0x84 mm/kasan/report.c:521\n kasan_report+0xb0/0x110 mm/kasan/report.c:634\n __asan_report_load2_noabort+0x20/0x2c mm/kasan/report_generic.c:379\n hci_sock_get_channel+0x60/0x68 net/bluetooth/hci_sock.c:91\n mgmt_pending_find+0x7c/0x140 net/bluetooth/mgmt_util.c:223\n pending_find net/bluetooth/mgmt.c:947 [inline]\n remove_adv_monitor+0x44/0x1a4 net/bluetooth/mgmt.c:5445\n hci_mgmt_cmd+0x780/0xc00 net/bluetooth/hci_sock.c:1712\n hci_sock_sendmsg+0x544/0xbb0 net/bluetooth/hci_sock.c:1832\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg net/socket.c:727 [inline]\n sock_write_iter+0x25c/0x378 net/socket.c:1131\n new_sync_write fs/read_write.c:591 [inline]\n vfs_write+0x62c/0x97c fs/read_write.c:684\n ksys_write+0x120/0x210 fs/read_write.c:736\n __do_sys_write fs/read_write.c:747 [inline]\n __se_sys_write fs/read_write.c:744 [inline]\n __arm64_sys_write+0x7c/0x90 fs/read_write.c:744\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767\n el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600\n\nAllocated by task 7037:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x40/0x78 mm/kasan/common.c:68\n kasan_save_alloc_info+0x44/0x54 mm/kasan/generic.c:562\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x9c/0xb4 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4327 [inline]\n __kmalloc_noprof+0x2fc/0x4c8 mm/slub.c:4339\n kmalloc_noprof include/linux/slab.h:909 [inline]\n sk_prot_alloc+0xc4/0x1f0 net/core/sock.c:2198\n sk_alloc+0x44/0x3ac net/core/sock.c:2254\n bt_sock_alloc+0x4c/0x300 net/bluetooth/af_bluetooth.c:148\n hci_sock_create+0xa8/0x194 net/bluetooth/hci_sock.c:2202\n bt_sock_create+0x14c/0x24c net/bluetooth/af_bluetooth.c:132\n __sock_create+0x43c/0x91c net/socket.c:1541\n sock_create net/socket.c:1599 [inline]\n __sys_socket_create net/socket.c:1636 [inline]\n __sys_socket+0xd4/0x1c0 net/socket.c:1683\n __do_sys_socket net/socket.c:1697 [inline]\n __se_sys_socket net/socket.c:1695 [inline]\n __arm64_sys_socket+0x7c/0x94 net/socket.c:1695\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767\n el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600\n\nFreed by task 6607:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x40/0x78 mm/kasan/common.c:68\n kasan_save_free_info+0x58/0x70 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x68/0x88 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 2, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 6.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38117", "https://git.kernel.org/linus/6fe26f694c824b8a4dbf50c635bee1302e3f099c (6.16-rc2)", "https://git.kernel.org/stable/c/4e83f2dbb2bf677e614109df24426c4dded472d4", "https://git.kernel.org/stable/c/6fe26f694c824b8a4dbf50c635bee1302e3f099c", "https://git.kernel.org/stable/c/bdd56875c6926d8009914f427df71797693e90d4", "https://git.kernel.org/stable/c/d7882db79135c829a922daf3571f33ea1e056ae3", "https://linux.oracle.com/cve/CVE-2025-38117.html", "https://linux.oracle.com/errata/ELSA-2025-20551.html", "https://lore.kernel.org/linux-cve-announce/2025070326-CVE-2025-38117-3424@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38117", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38117" ], "PublishedDate": "2025-07-03T09:15:25.617Z", "LastModifiedDate": "2025-11-20T21:33:29.773Z" }, { "VulnerabilityID": "CVE-2025-38126", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38126", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:cdf2076f112d512762466c7435245e83e131b856fa1e70c175e2d88c38f3c742", "Title": "kernel: Linux kernel: Denial of Service in stmmac network driver due to division by zero during PTP timestamping configuration", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: make sure that ptp_rate is not 0 before configuring timestamping\n\nThe stmmac platform drivers that do not open-code the clk_ptp_rate value\nafter having retrieved the default one from the device-tree can end up\nwith 0 in clk_ptp_rate (as clk_get_rate can return 0). It will\neventually propagate up to PTP initialization when bringing up the\ninterface, leading to a divide by 0:\n\n Division by zero in kernel.\n CPU: 1 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.30-00001-g48313bd5768a #22\n Hardware name: STM32 (Device Tree Support)\n Call trace:\n unwind_backtrace from show_stack+0x18/0x1c\n show_stack from dump_stack_lvl+0x6c/0x8c\n dump_stack_lvl from Ldiv0_64+0x8/0x18\n Ldiv0_64 from stmmac_init_tstamp_counter+0x190/0x1a4\n stmmac_init_tstamp_counter from stmmac_hw_setup+0xc1c/0x111c\n stmmac_hw_setup from __stmmac_open+0x18c/0x434\n __stmmac_open from stmmac_open+0x3c/0xbc\n stmmac_open from __dev_open+0xf4/0x1ac\n __dev_open from __dev_change_flags+0x1cc/0x224\n __dev_change_flags from dev_change_flags+0x24/0x60\n dev_change_flags from ip_auto_config+0x2e8/0x11a0\n ip_auto_config from do_one_initcall+0x84/0x33c\n do_one_initcall from kernel_init_freeable+0x1b8/0x214\n kernel_init_freeable from kernel_init+0x24/0x140\n kernel_init from ret_from_fork+0x14/0x28\n Exception stack(0xe0815fb0 to 0xe0815ff8)\n\nPrevent this division by 0 by adding an explicit check and error log\nabout the actual issue. While at it, remove the same check from\nstmmac_ptp_register, which then becomes duplicate", "Severity": "MEDIUM", "CweIDs": [ "CWE-369" ], "VendorSeverity": { "azure": 3, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38126", "https://git.kernel.org/linus/030ce919e114a111e83b7976ecb3597cefd33f26 (6.16-rc1)", "https://git.kernel.org/stable/c/030ce919e114a111e83b7976ecb3597cefd33f26", "https://git.kernel.org/stable/c/32af9c289234990752281c805500dfe03c5b2b8f", "https://git.kernel.org/stable/c/379cd990dfe752b38fcf46034698a9a150626c7a", "https://git.kernel.org/stable/c/b263088ee8ab14563817a8be3519af8e25225793", "https://git.kernel.org/stable/c/bb033c6781ce1b0264c3993b767b4aa9021959c2", "https://linux.oracle.com/cve/CVE-2025-38126.html", "https://linux.oracle.com/errata/ELSA-2025-20551.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025070329-CVE-2025-38126-3c9b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38126", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38126" ], "PublishedDate": "2025-07-03T09:15:26.8Z", "LastModifiedDate": "2025-12-17T18:12:12.67Z" }, { "VulnerabilityID": "CVE-2025-38127", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38127", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0570411643fdd29672e5cedd50a77ad2fa3e0239bde5445221a3de28670e8901", "Title": "kernel: ice: fix Tx scheduler error handling in XDP callback", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix Tx scheduler error handling in XDP callback\n\nWhen the XDP program is loaded, the XDP callback adds new Tx queues.\nThis means that the callback must update the Tx scheduler with the new\nqueue number. In the event of a Tx scheduler failure, the XDP callback\nshould also fail and roll back any changes previously made for XDP\npreparation.\n\nThe previous implementation had a bug that not all changes made by the\nXDP callback were rolled back. This caused the crash with the following\ncall trace:\n\n[ +9.549584] ice 0000:ca:00.0: Failed VSI LAN queue config for XDP, error: -5\n[ +0.382335] Oops: general protection fault, probably for non-canonical address 0x50a2250a90495525: 0000 [#1] SMP NOPTI\n[ +0.010710] CPU: 103 UID: 0 PID: 0 Comm: swapper/103 Not tainted 6.14.0-net-next-mar-31+ #14 PREEMPT(voluntary)\n[ +0.010175] Hardware name: Intel Corporation M50CYP2SBSTD/M50CYP2SBSTD, BIOS SE5C620.86B.01.01.0005.2202160810 02/16/2022\n[ +0.010946] RIP: 0010:__ice_update_sample+0x39/0xe0 [ice]\n\n[...]\n\n[ +0.002715] Call Trace:\n[ +0.002452] \u003cIRQ\u003e\n[ +0.002021] ? __die_body.cold+0x19/0x29\n[ +0.003922] ? die_addr+0x3c/0x60\n[ +0.003319] ? exc_general_protection+0x17c/0x400\n[ +0.004707] ? asm_exc_general_protection+0x26/0x30\n[ +0.004879] ? __ice_update_sample+0x39/0xe0 [ice]\n[ +0.004835] ice_napi_poll+0x665/0x680 [ice]\n[ +0.004320] __napi_poll+0x28/0x190\n[ +0.003500] net_rx_action+0x198/0x360\n[ +0.003752] ? update_rq_clock+0x39/0x220\n[ +0.004013] handle_softirqs+0xf1/0x340\n[ +0.003840] ? sched_clock_cpu+0xf/0x1f0\n[ +0.003925] __irq_exit_rcu+0xc2/0xe0\n[ +0.003665] common_interrupt+0x85/0xa0\n[ +0.003839] \u003c/IRQ\u003e\n[ +0.002098] \u003cTASK\u003e\n[ +0.002106] asm_common_interrupt+0x26/0x40\n[ +0.004184] RIP: 0010:cpuidle_enter_state+0xd3/0x690\n\nFix this by performing the missing unmapping of XDP queues from\nq_vectors and setting the XDP rings pointer back to NULL after all those\nqueues are released.\nAlso, add an immediate exit from the XDP callback in case of ring\npreparation failure.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38127", "https://git.kernel.org/linus/0153f36041b8e52019ebfa8629c13bf8f9b0a951 (6.16-rc1)", "https://git.kernel.org/stable/c/0153f36041b8e52019ebfa8629c13bf8f9b0a951", "https://git.kernel.org/stable/c/0e061abaad1498c5b76c10c594d4359ceb6b9145", "https://git.kernel.org/stable/c/1d3c5d0dec6797eca3a861dab0816fa9505d9c3e", "https://git.kernel.org/stable/c/276849954d7cbe6eec827b21fe2df43f9bf07011", "https://linux.oracle.com/cve/CVE-2025-38127.html", "https://linux.oracle.com/errata/ELSA-2025-20551.html", "https://lore.kernel.org/linux-cve-announce/2025070329-CVE-2025-38127-686d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38127", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38127" ], "PublishedDate": "2025-07-03T09:15:26.923Z", "LastModifiedDate": "2025-11-20T21:32:54.54Z" }, { "VulnerabilityID": "CVE-2025-38129", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38129", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f57398ca2689750a5d56c0761fb4187ab33e0414bbdc340fbb56c6347eb1afc4", "Title": "kernel: Linux kernel: Use-after-free vulnerability in page_pool_recycle_in_ring can lead to arbitrary code execution", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\npage_pool: Fix use-after-free in page_pool_recycle_in_ring\n\nsyzbot reported a uaf in page_pool_recycle_in_ring:\n\nBUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862\nRead of size 8 at addr ffff8880286045a0 by task syz.0.284/6943\n\nCPU: 0 UID: 0 PID: 6943 Comm: syz.0.284 Not tainted 6.13.0-rc3-syzkaller-gdfa94ce54f41 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862\n __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:165 [inline]\n _raw_spin_unlock_bh+0x1b/0x40 kernel/locking/spinlock.c:210\n spin_unlock_bh include/linux/spinlock.h:396 [inline]\n ptr_ring_produce_bh include/linux/ptr_ring.h:164 [inline]\n page_pool_recycle_in_ring net/core/page_pool.c:707 [inline]\n page_pool_put_unrefed_netmem+0x748/0xb00 net/core/page_pool.c:826\n page_pool_put_netmem include/net/page_pool/helpers.h:323 [inline]\n page_pool_put_full_netmem include/net/page_pool/helpers.h:353 [inline]\n napi_pp_put_page+0x149/0x2b0 net/core/skbuff.c:1036\n skb_pp_recycle net/core/skbuff.c:1047 [inline]\n skb_free_head net/core/skbuff.c:1094 [inline]\n skb_release_data+0x6c4/0x8a0 net/core/skbuff.c:1125\n skb_release_all net/core/skbuff.c:1190 [inline]\n __kfree_skb net/core/skbuff.c:1204 [inline]\n sk_skb_reason_drop+0x1c9/0x380 net/core/skbuff.c:1242\n kfree_skb_reason include/linux/skbuff.h:1263 [inline]\n __skb_queue_purge_reason include/linux/skbuff.h:3343 [inline]\n\nroot cause is:\n\npage_pool_recycle_in_ring\n ptr_ring_produce\n spin_lock(\u0026r-\u003eproducer_lock);\n WRITE_ONCE(r-\u003equeue[r-\u003eproducer++], ptr)\n //recycle last page to pool\n\t\t\t\tpage_pool_release\n\t\t\t\t page_pool_scrub\n\t\t\t\t page_pool_empty_ring\n\t\t\t\t ptr_ring_consume\n\t\t\t\t page_pool_return_page //release all page\n\t\t\t\t __page_pool_destroy\n\t\t\t\t free_percpu(pool-\u003erecycle_stats);\n\t\t\t\t free(pool) //free\n\n spin_unlock(\u0026r-\u003eproducer_lock); //pool-\u003ering uaf read\n recycle_stat_inc(pool, ring);\n\npage_pool can be free while page pool recycle the last page in ring.\nAdd producer-lock barrier to page_pool_release to prevent the page\npool from being free before all pages have been recycled.\n\nrecycle_stat_inc() is empty when CONFIG_PAGE_POOL_STATS is not\nenabled, which will trigger Wempty-body build warning. Add definition\nfor pool stat macro to fix warning.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "alma": 2, "amazon": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H", "V3Score": 7.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:3066", "https://access.redhat.com/security/cve/CVE-2025-38129", "https://bugzilla.redhat.com/2376034", "https://bugzilla.redhat.com/2376377", "https://errata.almalinux.org/9/ALSA-2026-3066.html", "https://git.kernel.org/linus/271683bb2cf32e5126c592b5d5e6a756fa374fd9 (6.16-rc1)", "https://git.kernel.org/stable/c/1a8c0b61d4cb55c5440583ec9e7f86a730369e32", "https://git.kernel.org/stable/c/271683bb2cf32e5126c592b5d5e6a756fa374fd9", "https://git.kernel.org/stable/c/4914c0a166540e534a0c1d43affd329d95fb56fd", "https://git.kernel.org/stable/c/4ab8c0f8905c9c4d05e7f437e65a9a365573ff02", "https://git.kernel.org/stable/c/d69f28ef7cdafdcf37ee310f38b1399e7d05f9a8", "https://git.kernel.org/stable/c/e869a85acc2e60dc554579b910826a4919d8cd98", "https://linux.oracle.com/cve/CVE-2025-38129.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2025070330-CVE-2025-38129-3c0e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38129", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-38129" ], "PublishedDate": "2025-07-03T09:15:27.17Z", "LastModifiedDate": "2026-01-19T13:16:08.397Z" }, { "VulnerabilityID": "CVE-2025-38131", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38131", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:85f741f7cc190f0a77ffe291b5914d99209a70c4b62850b429d9340fa6c07eb4", "Title": "kernel: coresight: prevent deactivate active config while enabling the config", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: prevent deactivate active config while enabling the config\n\nWhile enable active config via cscfg_csdev_enable_active_config(),\nactive config could be deactivated via configfs' sysfs interface.\nThis could make UAF issue in below scenario:\n\nCPU0 CPU1\n(sysfs enable) load module\n cscfg_load_config_sets()\n activate config. // sysfs\n (sys_active_cnt == 1)\n...\ncscfg_csdev_enable_active_config()\nlock(csdev-\u003ecscfg_csdev_lock)\n// here load config activate by CPU1\nunlock(csdev-\u003ecscfg_csdev_lock)\n\n deactivate config // sysfs\n (sys_activec_cnt == 0)\n cscfg_unload_config_sets()\n unload module\n\n// access to config_desc which freed\n// while unloading module.\ncscfg_csdev_enable_config\n\nTo address this, use cscfg_config_desc's active_cnt as a reference count\n which will be holded when\n - activate the config.\n - enable the activated config.\nand put the module reference when config_active_cnt == 0.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 2, "nvd": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38131", "https://git.kernel.org/linus/408c97c4a5e0b634dcd15bf8b8808b382e888164 (6.16-rc1)", "https://git.kernel.org/stable/c/31028812724cef7bd57a51525ce58a32a6d73b22", "https://git.kernel.org/stable/c/408c97c4a5e0b634dcd15bf8b8808b382e888164", "https://git.kernel.org/stable/c/b3b4efa2e623aecaebd7c9b9e4171f5c659e9724", "https://git.kernel.org/stable/c/dfe8224c9c7a43d356eb9f74b06868aa05f90223", "https://git.kernel.org/stable/c/ed42ee1ed05ff2f4c36938379057413a40c56680", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025070330-CVE-2025-38131-2350@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38131", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38131" ], "PublishedDate": "2025-07-03T09:15:27.43Z", "LastModifiedDate": "2025-12-17T18:12:21.08Z" }, { "VulnerabilityID": "CVE-2025-38140", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38140", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a1b1c848477106a956fdd4383df04f2e941c5af004fe26d5db3e939eb4db7a86", "Title": "kernel: Linux kernel: Local denial of service in device mapper", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: limit swapping tables for devices with zone write plugs\n\ndm_revalidate_zones() only allowed new or previously unzoned devices to\ncall blk_revalidate_disk_zones(). If the device was already zoned,\ndisk-\u003enr_zones would always equal md-\u003enr_zones, so dm_revalidate_zones()\nreturned without doing any work. This would make the zoned settings for\nthe device not match the new table. If the device had zone write plug\nresources, it could run into errors like bdev_zone_is_seq() reading\ninvalid memory because disk-\u003econv_zones_bitmap was the wrong size.\n\nIf the device doesn't have any zone write plug resources, calling\nblk_revalidate_disk_zones() will always correctly update device. If\nblk_revalidate_disk_zones() fails, it can still overwrite or clear the\ncurrent disk-\u003enr_zones value. In this case, DM must restore the previous\nvalue of disk-\u003enr_zones, so that the zoned settings will continue to\nmatch the previous value that it fell back to.\n\nIf the device already has zone write plug resources,\nblk_revalidate_disk_zones() will not correctly update them, if it is\ncalled for arbitrary zoned device changes. Since there is not much need\nfor this ability, the easiest solution is to disallow any table reloads\nthat change the zoned settings, for devices that already have zone plug\nresources. Specifically, if a device already has zone plug resources\nallocated, it can only switch to another zoned table that also emulates\nzone append. Also, it cannot change the device size or the zone size. A\ndevice can switch to an error target.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38140", "https://git.kernel.org/linus/121218bef4c1df165181f5cd8fc3a2246bac817e (6.16-rc1)", "https://git.kernel.org/stable/c/121218bef4c1df165181f5cd8fc3a2246bac817e", "https://git.kernel.org/stable/c/ac8acb0bfd98a1c65f3ca9a3e217a766124eebd8", "https://lore.kernel.org/linux-cve-announce/2025070333-CVE-2025-38140-0ba9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38140", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://www.cve.org/CVERecord?id=CVE-2025-38140" ], "PublishedDate": "2025-07-03T09:15:28.617Z", "LastModifiedDate": "2025-11-20T20:11:16.69Z" }, { "VulnerabilityID": "CVE-2025-38162", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38162", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:188edd6b3e3f502f8393f7c3528679152fb097c41f7fb4cab9e8f8858cf94a07", "Title": "kernel: Linux kernel: Denial of Service in netfilter due to integer overflow", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo: prevent overflow in lookup table allocation\n\nWhen calculating the lookup table size, ensure the following\nmultiplication does not overflow:\n\n- desc-\u003efield_len[] maximum value is U8_MAX multiplied by\n NFT_PIPAPO_GROUPS_PER_BYTE(f) that can be 2, worst case.\n- NFT_PIPAPO_BUCKETS(f-\u003ebb) is 2^8, worst case.\n- sizeof(unsigned long), from sizeof(*f-\u003elt), lt in\n struct nft_pipapo_field.\n\nThen, use check_mul_overflow() to multiply by bucket size and then use\ncheck_add_overflow() to the alignment for avx2 (if needed). Finally, add\nlt_size_check_overflow() helper and use it to consolidate this.\n\nWhile at it, replace leftover allocation using the GFP_KERNEL to\nGFP_KERNEL_ACCOUNT for consistency, in pipapo_resize().", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 3, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38162", "https://git.kernel.org/linus/4c5c6aa9967dbe55bd017bb509885928d0f31206 (6.16-rc1)", "https://git.kernel.org/stable/c/43fe1181f738295624696ae9ff611790edb65b5e", "https://git.kernel.org/stable/c/4c5c6aa9967dbe55bd017bb509885928d0f31206", "https://git.kernel.org/stable/c/91edc076439c9e2f34b176149f1c84a47a8ec32f", "https://git.kernel.org/stable/c/a9e757473561da93c6a4136f0e59aba91ec777fc", "https://git.kernel.org/stable/c/c1360ac8156c0a3f2385baef91d8d26fd9d39701", "https://linux.oracle.com/cve/CVE-2025-38162.html", "https://linux.oracle.com/errata/ELSA-2025-20551.html", "https://lore.kernel.org/linux-cve-announce/2025070340-CVE-2025-38162-cd74@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38162", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38162" ], "PublishedDate": "2025-07-03T09:15:31.617Z", "LastModifiedDate": "2026-03-25T11:16:10.3Z" }, { "VulnerabilityID": "CVE-2025-38166", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38166", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b60e63643c674f1731ef02ebb640f787b6173e10de8637cea80b671fc3761893", "Title": "kernel: bpf: fix ktls panic with sockmap", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: fix ktls panic with sockmap\n\n[ 2172.936997] ------------[ cut here ]------------\n[ 2172.936999] kernel BUG at lib/iov_iter.c:629!\n......\n[ 2172.944996] PKRU: 55555554\n[ 2172.945155] Call Trace:\n[ 2172.945299] \u003cTASK\u003e\n[ 2172.945428] ? die+0x36/0x90\n[ 2172.945601] ? do_trap+0xdd/0x100\n[ 2172.945795] ? iov_iter_revert+0x178/0x180\n[ 2172.946031] ? iov_iter_revert+0x178/0x180\n[ 2172.946267] ? do_error_trap+0x7d/0x110\n[ 2172.946499] ? iov_iter_revert+0x178/0x180\n[ 2172.946736] ? exc_invalid_op+0x50/0x70\n[ 2172.946961] ? iov_iter_revert+0x178/0x180\n[ 2172.947197] ? asm_exc_invalid_op+0x1a/0x20\n[ 2172.947446] ? iov_iter_revert+0x178/0x180\n[ 2172.947683] ? iov_iter_revert+0x5c/0x180\n[ 2172.947913] tls_sw_sendmsg_locked.isra.0+0x794/0x840\n[ 2172.948206] tls_sw_sendmsg+0x52/0x80\n[ 2172.948420] ? inet_sendmsg+0x1f/0x70\n[ 2172.948634] __sys_sendto+0x1cd/0x200\n[ 2172.948848] ? find_held_lock+0x2b/0x80\n[ 2172.949072] ? syscall_trace_enter+0x140/0x270\n[ 2172.949330] ? __lock_release.isra.0+0x5e/0x170\n[ 2172.949595] ? find_held_lock+0x2b/0x80\n[ 2172.949817] ? syscall_trace_enter+0x140/0x270\n[ 2172.950211] ? lockdep_hardirqs_on_prepare+0xda/0x190\n[ 2172.950632] ? ktime_get_coarse_real_ts64+0xc2/0xd0\n[ 2172.951036] __x64_sys_sendto+0x24/0x30\n[ 2172.951382] do_syscall_64+0x90/0x170\n......\n\nAfter calling bpf_exec_tx_verdict(), the size of msg_pl-\u003esg may increase,\ne.g., when the BPF program executes bpf_msg_push_data().\n\nIf the BPF program sets cork_bytes and sg.size is smaller than cork_bytes,\nit will return -ENOSPC and attempt to roll back to the non-zero copy\nlogic. However, during rollback, msg-\u003emsg_iter is reset, but since\nmsg_pl-\u003esg.size has been increased, subsequent executions will exceed the\nactual size of msg_iter.\n'''\niov_iter_revert(\u0026msg-\u003emsg_iter, msg_pl-\u003esg.size - orig_size);\n'''\n\nThe changes in this commit are based on the following considerations:\n\n1. When cork_bytes is set, rolling back to non-zero copy logic is\npointless and can directly go to zero-copy logic.\n\n2. We can not calculate the correct number of bytes to revert msg_iter.\n\nAssume the original data is \"abcdefgh\" (8 bytes), and after 3 pushes\nby the BPF program, it becomes 11-byte data: \"abc?de?fgh?\".\nThen, we set cork_bytes to 6, which means the first 6 bytes have been\nprocessed, and the remaining 5 bytes \"?fgh?\" will be cached until the\nlength meets the cork_bytes requirement.\n\nHowever, some data in \"?fgh?\" is not within 'sg-\u003emsg_iter'\n(but in msg_pl instead), especially the data \"?\" we pushed.\n\nSo it doesn't seem as simple as just reverting through an offset of\nmsg_iter.\n\n3. For non-TLS sockets in tcp_bpf_sendmsg, when a \"cork\" situation occurs,\nthe user-space send() doesn't return an error, and the returned length is\nthe same as the input length parameter, even if some data is cached.\n\nAdditionally, I saw that the current non-zero-copy logic for handling\ncorking is written as:\n'''\nline 1177\nelse if (ret != -EAGAIN) {\n\tif (ret == -ENOSPC)\n\t\tret = 0;\n\tgoto send_end;\n'''\n\nSo it's ok to just return 'copied' without error when a \"cork\" situation\noccurs.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38166", "https://git.kernel.org/linus/54a3ecaeeeae8176da8badbd7d72af1017032c39 (6.16-rc1)", "https://git.kernel.org/stable/c/2e36a81d388ec9c3f78b6223f7eda2088cd40adb", "https://git.kernel.org/stable/c/328cac3f9f8ae394748485e769a527518a9137c8", "https://git.kernel.org/stable/c/54a3ecaeeeae8176da8badbd7d72af1017032c39", "https://git.kernel.org/stable/c/57fbbe29e86042bbaa31c1a30d2afa16c427e3f7", "https://git.kernel.org/stable/c/603943f022a7fe5cc83ca7005faf34798fb7853f", "https://linux.oracle.com/cve/CVE-2025-38166.html", "https://linux.oracle.com/errata/ELSA-2025-20551.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025070341-CVE-2025-38166-3dc8@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38166", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38166" ], "PublishedDate": "2025-07-03T09:15:32.12Z", "LastModifiedDate": "2025-12-18T20:51:59.933Z" }, { "VulnerabilityID": "CVE-2025-38168", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38168", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f62c700b7a79d1c89a3edaa6f4298be7736d3b3db26700d9c1d2cabce3958e2a", "Title": "kernel: Linux kernel: Local denial of service in arm-ni due to improper PMU unregistration", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: arm-ni: Unregister PMUs on probe failure\n\nWhen a resource allocation fails in one clock domain of an NI device,\nwe need to properly roll back all previously registered perf PMUs in\nother clock domains of the same device.\n\nOtherwise, it can lead to kernel panics.\n\nCalling arm_ni_init+0x0/0xff8 [arm_ni] @ 2374\narm-ni ARMHCB70:00: Failed to request PMU region 0x1f3c13000\narm-ni ARMHCB70:00: probe with driver arm-ni failed with error -16\nlist_add corruption: next-\u003eprev should be prev (fffffd01e9698a18),\nbut was 0000000000000000. (next=ffff10001a0decc8).\npstate: 6340009 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\npc : list_add_valid_or_report+0x7c/0xb8\nlr : list_add_valid_or_report+0x7c/0xb8\nCall trace:\n __list_add_valid_or_report+0x7c/0xb8\n perf_pmu_register+0x22c/0x3a0\n arm_ni_probe+0x554/0x70c [arm_ni]\n platform_probe+0x70/0xe8\n really_probe+0xc6/0x4d8\n driver_probe_device+0x48/0x170\n __driver_attach+0x8e/0x1c0\n bus_for_each_dev+0x64/0xf0\n driver_add+0x138/0x260\n bus_add_driver+0x68/0x138\n __platform_driver_register+0x2c/0x40\n arm_ni_init+0x14/0x2a [arm_ni]\n do_init_module+0x36/0x298\n---[ end trace 0000000000000000 ]---\nKernel panic - not syncing: Oops - BUG: Fatal exception\nSMP: stopping secondary CPUs", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38168", "https://git.kernel.org/linus/7f57afde6a44d9e044885e1125034edd4fda02e8 (6.16-rc1)", "https://git.kernel.org/stable/c/72caf9886e9c1731cf7bfe3eabc308b9268b21d6", "https://git.kernel.org/stable/c/7e958e116e3be05a1f869b5a885fc5d674c7725f", "https://git.kernel.org/stable/c/7f57afde6a44d9e044885e1125034edd4fda02e8", "https://lore.kernel.org/linux-cve-announce/2025070341-CVE-2025-38168-da4f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38168", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://www.cve.org/CVERecord?id=CVE-2025-38168" ], "PublishedDate": "2025-07-03T09:15:32.377Z", "LastModifiedDate": "2025-11-20T19:29:30.023Z" }, { "VulnerabilityID": "CVE-2025-38189", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38189", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b96f7ea1477c61b732007974a3a2af6fd537aa1af5e8d7c0a07f2f01c59ea97b", "Title": "kernel: drm/v3d: Avoid NULL pointer dereference in `v3d_job_update_stats()`", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Avoid NULL pointer dereference in `v3d_job_update_stats()`\n\nThe following kernel Oops was recently reported by Mesa CI:\n\n[ 800.139824] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000588\n[ 800.148619] Mem abort info:\n[ 800.151402] ESR = 0x0000000096000005\n[ 800.155141] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 800.160444] SET = 0, FnV = 0\n[ 800.163488] EA = 0, S1PTW = 0\n[ 800.166619] FSC = 0x05: level 1 translation fault\n[ 800.171487] Data abort info:\n[ 800.174357] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n[ 800.179832] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 800.184873] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 800.190176] user pgtable: 4k pages, 39-bit VAs, pgdp=00000001014c2000\n[ 800.196607] [0000000000000588] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n[ 800.205305] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n[ 800.211564] Modules linked in: vc4 snd_soc_hdmi_codec drm_display_helper v3d cec gpu_sched drm_dma_helper drm_shmem_helper drm_kms_helper drm drm_panel_orientation_quirks snd_soc_core snd_compress snd_pcm_dmaengine snd_pcm i2c_brcmstb snd_timer snd backlight\n[ 800.234448] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.25+rpt-rpi-v8 #1 Debian 1:6.12.25-1+rpt1\n[ 800.244182] Hardware name: Raspberry Pi 4 Model B Rev 1.4 (DT)\n[ 800.250005] pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 800.256959] pc : v3d_job_update_stats+0x60/0x130 [v3d]\n[ 800.262112] lr : v3d_job_update_stats+0x48/0x130 [v3d]\n[ 800.267251] sp : ffffffc080003e60\n[ 800.270555] x29: ffffffc080003e60 x28: ffffffd842784980 x27: 0224012000000000\n[ 800.277687] x26: ffffffd84277f630 x25: ffffff81012fd800 x24: 0000000000000020\n[ 800.284818] x23: ffffff8040238b08 x22: 0000000000000570 x21: 0000000000000158\n[ 800.291948] x20: 0000000000000000 x19: ffffff8040238000 x18: 0000000000000000\n[ 800.299078] x17: ffffffa8c1bd2000 x16: ffffffc080000000 x15: 0000000000000000\n[ 800.306208] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n[ 800.313338] x11: 0000000000000040 x10: 0000000000001a40 x9 : ffffffd83b39757c\n[ 800.320468] x8 : ffffffd842786420 x7 : 7fffffffffffffff x6 : 0000000000ef32b0\n[ 800.327598] x5 : 00ffffffffffffff x4 : 0000000000000015 x3 : ffffffd842784980\n[ 800.334728] x2 : 0000000000000004 x1 : 0000000000010002 x0 : 000000ba4c0ca382\n[ 800.341859] Call trace:\n[ 800.344294] v3d_job_update_stats+0x60/0x130 [v3d]\n[ 800.349086] v3d_irq+0x124/0x2e0 [v3d]\n[ 800.352835] __handle_irq_event_percpu+0x58/0x218\n[ 800.357539] handle_irq_event+0x54/0xb8\n[ 800.361369] handle_fasteoi_irq+0xac/0x240\n[ 800.365458] handle_irq_desc+0x48/0x68\n[ 800.369200] generic_handle_domain_irq+0x24/0x38\n[ 800.373810] gic_handle_irq+0x48/0xd8\n[ 800.377464] call_on_irq_stack+0x24/0x58\n[ 800.381379] do_interrupt_handler+0x88/0x98\n[ 800.385554] el1_interrupt+0x34/0x68\n[ 800.389123] el1h_64_irq_handler+0x18/0x28\n[ 800.393211] el1h_64_irq+0x64/0x68\n[ 800.396603] default_idle_call+0x3c/0x168\n[ 800.400606] do_idle+0x1fc/0x230\n[ 800.403827] cpu_startup_entry+0x40/0x50\n[ 800.407742] rest_init+0xe4/0xf0\n[ 800.410962] start_kernel+0x5e8/0x790\n[ 800.414616] __primary_switched+0x80/0x90\n[ 800.418622] Code: 8b170277 8b160296 11000421 b9000861 (b9401ac1)\n[ 800.424707] ---[ end trace 0000000000000000 ]---\n[ 800.457313] ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---\n\nThis issue happens when the file descriptor is closed before the jobs\nsubmitted by it are completed. When the job completes, we update the\nglobal GPU stats and the per-fd GPU stats, which are exposed through\nfdinfo. If the file descriptor was closed, then the struct `v3d_file_priv`\nand its stats were already freed and we can't update the per-fd stats.\n\nTherefore, if the file descriptor was already closed, don't u\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38189", "https://git.kernel.org/linus/e1bc3a13bd775791cca0bb144d977b00f3598042 (6.16-rc3)", "https://git.kernel.org/stable/c/4f4701489d0f768a232b10d281491184f34bacf0", "https://git.kernel.org/stable/c/c886784000934d5486621106da0614c85bcd76a8", "https://git.kernel.org/stable/c/e1bc3a13bd775791cca0bb144d977b00f3598042", "https://lore.kernel.org/linux-cve-announce/2025070414-CVE-2025-38189-5706@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38189", "https://ubuntu.com/security/notices/USN-7833-1", "https://ubuntu.com/security/notices/USN-7833-2", "https://ubuntu.com/security/notices/USN-7833-3", "https://ubuntu.com/security/notices/USN-7833-4", "https://ubuntu.com/security/notices/USN-7834-1", "https://ubuntu.com/security/notices/USN-7856-1", "https://www.cve.org/CVERecord?id=CVE-2025-38189" ], "PublishedDate": "2025-07-04T14:15:25.883Z", "LastModifiedDate": "2025-11-19T20:47:42.98Z" }, { "VulnerabilityID": "CVE-2025-38191", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38191", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2399d77f6a85bd2ce762bb6a3a1637c1b7c3899ad6e68553989ff9b7f8994b2b", "Title": "kernel: ksmbd: fix null pointer dereference in destroy_previous_session", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix null pointer dereference in destroy_previous_session\n\nIf client set -\u003ePreviousSessionId on kerberos session setup stage,\nNULL pointer dereference error will happen. Since sess-\u003euser is not\nset yet, It can pass the user argument as NULL to destroy_previous_session.\nsess-\u003euser will be set in ksmbd_krb5_authenticate(). So this patch move\ncalling destroy_previous_session() after ksmbd_krb5_authenticate().", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "photon": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38191", "https://git.kernel.org/linus/7ac5b66acafcc9292fb935d7e03790f2b8b2dc0e (6.16-rc3)", "https://git.kernel.org/stable/c/076f1adefb9837977af7ed233883842ddc446644", "https://git.kernel.org/stable/c/0902625a24eea7fdc187faa5d97df244d159dd6e", "https://git.kernel.org/stable/c/1193486dffb7432a09f57f5d09049b4d4123538b", "https://git.kernel.org/stable/c/281afc52e2961cd5dd8326ebc9c5bc40904c0468", "https://git.kernel.org/stable/c/7ac5b66acafcc9292fb935d7e03790f2b8b2dc0e", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025070414-CVE-2025-38191-ee47@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38191", "https://ubuntu.com/security/notices/USN-7833-1", "https://ubuntu.com/security/notices/USN-7833-2", "https://ubuntu.com/security/notices/USN-7833-3", "https://ubuntu.com/security/notices/USN-7833-4", "https://ubuntu.com/security/notices/USN-7834-1", "https://ubuntu.com/security/notices/USN-7856-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38191", "https://www.zerodayinitiative.com/advisories/ZDI-25-610/" ], "PublishedDate": "2025-07-04T14:15:26.157Z", "LastModifiedDate": "2025-12-18T17:24:30.987Z" }, { "VulnerabilityID": "CVE-2025-38192", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38192", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b823e7aee4cbf57d0a2e45e8af29ac32a4e613e2cdf468729f3c345426114351", "Title": "kernel: net: clear the dst when changing skb protocol", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: clear the dst when changing skb protocol\n\nA not-so-careful NAT46 BPF program can crash the kernel\nif it indiscriminately flips ingress packets from v4 to v6:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n ip6_rcv_core (net/ipv6/ip6_input.c:190:20)\n ipv6_rcv (net/ipv6/ip6_input.c:306:8)\n process_backlog (net/core/dev.c:6186:4)\n napi_poll (net/core/dev.c:6906:9)\n net_rx_action (net/core/dev.c:7028:13)\n do_softirq (kernel/softirq.c:462:3)\n netif_rx (net/core/dev.c:5326:3)\n dev_loopback_xmit (net/core/dev.c:4015:2)\n ip_mc_finish_output (net/ipv4/ip_output.c:363:8)\n NF_HOOK (./include/linux/netfilter.h:314:9)\n ip_mc_output (net/ipv4/ip_output.c:400:5)\n dst_output (./include/net/dst.h:459:9)\n ip_local_out (net/ipv4/ip_output.c:130:9)\n ip_send_skb (net/ipv4/ip_output.c:1496:8)\n udp_send_skb (net/ipv4/udp.c:1040:8)\n udp_sendmsg (net/ipv4/udp.c:1328:10)\n\nThe output interface has a 4-\u003e6 program attached at ingress.\nWe try to loop the multicast skb back to the sending socket.\nIngress BPF runs as part of netif_rx(), pushes a valid v6 hdr\nand changes skb-\u003eprotocol to v6. We enter ip6_rcv_core which\ntries to use skb_dst(). But the dst is still an IPv4 one left\nafter IPv4 mcast output.\n\nClear the dst in all BPF helpers which change the protocol.\nTry to preserve metadata dsts, those may carry non-routing\nmetadata.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38192", "https://git.kernel.org/linus/ba9db6f907ac02215e30128770f85fbd7db2fcf9 (6.16-rc2)", "https://git.kernel.org/stable/c/2a3ad42a57b43145839f2f233fb562247658a6d9", "https://git.kernel.org/stable/c/98b1d8dc9a3170b2614f1e8c93854e75cdd83980", "https://git.kernel.org/stable/c/ba9db6f907ac02215e30128770f85fbd7db2fcf9", "https://git.kernel.org/stable/c/bfa4d86e130a09f67607482e988313430e38f6c4", "https://git.kernel.org/stable/c/e9994e7b9f7bbb882d13c8191731649249150d21", "https://linux.oracle.com/cve/CVE-2025-38192.html", "https://linux.oracle.com/errata/ELSA-2025-20551.html", "https://lore.kernel.org/linux-cve-announce/2025070415-CVE-2025-38192-6a15@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38192", "https://ubuntu.com/security/notices/USN-7833-1", "https://ubuntu.com/security/notices/USN-7833-2", "https://ubuntu.com/security/notices/USN-7833-3", "https://ubuntu.com/security/notices/USN-7833-4", "https://ubuntu.com/security/notices/USN-7834-1", "https://ubuntu.com/security/notices/USN-7856-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38192" ], "PublishedDate": "2025-07-04T14:15:26.28Z", "LastModifiedDate": "2026-03-25T11:16:10.627Z" }, { "VulnerabilityID": "CVE-2025-38198", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38198", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:62b38c1be53a8908b83550aaa86cdb54a4d5aa82ab104e9ff42ef8a722392e01", "Title": "kernel: fbcon: Make sure modelist not set on unregistered console", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbcon: Make sure modelist not set on unregistered console\n\nIt looks like attempting to write to the \"store_modes\" sysfs node will\nrun afoul of unregistered consoles:\n\nUBSAN: array-index-out-of-bounds in drivers/video/fbdev/core/fbcon.c:122:28\nindex -1 is out of range for type 'fb_info *[32]'\n...\n fbcon_info_from_console+0x192/0x1a0 drivers/video/fbdev/core/fbcon.c:122\n fbcon_new_modelist+0xbf/0x2d0 drivers/video/fbdev/core/fbcon.c:3048\n fb_new_modelist+0x328/0x440 drivers/video/fbdev/core/fbmem.c:673\n store_modes+0x1c9/0x3e0 drivers/video/fbdev/core/fbsysfs.c:113\n dev_attr_store+0x55/0x80 drivers/base/core.c:2439\n\nstatic struct fb_info *fbcon_registered_fb[FB_MAX];\n...\nstatic signed char con2fb_map[MAX_NR_CONSOLES];\n...\nstatic struct fb_info *fbcon_info_from_console(int console)\n...\n return fbcon_registered_fb[con2fb_map[console]];\n\nIf con2fb_map contains a -1 things go wrong here. Instead, return NULL,\nas callers of fbcon_info_from_console() are trying to compare against\nexisting \"info\" pointers, so error handling should kick in correctly.", "Severity": "MEDIUM", "CweIDs": [ "CWE-129" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38198", "https://git.kernel.org/linus/cedc1b63394a866bf8663a3e40f4546f1d28c8d8 (6.16-rc1)", "https://git.kernel.org/stable/c/519ba75728ee8cd561dce25fc52a2ec5c47171dc", "https://git.kernel.org/stable/c/54b28f7c567dd659e5f9562f518e4d7f3f6a367b", "https://git.kernel.org/stable/c/b3237d451bf3a4490cb1a76f3b7c91d9888f1c4b", "https://git.kernel.org/stable/c/cedc1b63394a866bf8663a3e40f4546f1d28c8d8", "https://git.kernel.org/stable/c/f28f1f578cd810779d01999c60618cda14c281dd", "https://linux.oracle.com/cve/CVE-2025-38198.html", "https://linux.oracle.com/errata/ELSA-2025-20551.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025070417-CVE-2025-38198-b902@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38198", "https://ubuntu.com/security/notices/USN-7833-1", "https://ubuntu.com/security/notices/USN-7833-2", "https://ubuntu.com/security/notices/USN-7833-3", "https://ubuntu.com/security/notices/USN-7833-4", "https://ubuntu.com/security/notices/USN-7834-1", "https://ubuntu.com/security/notices/USN-7856-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38198" ], "PublishedDate": "2025-07-04T14:15:27.04Z", "LastModifiedDate": "2025-12-18T21:25:44.773Z" }, { "VulnerabilityID": "CVE-2025-38199", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38199", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:cfe3ed03c1cc6468297fb40d3a50e087dc5e17e4e3609d2c9e811f3d8d30ec6b", "Title": "kernel: wifi: ath12k: Fix memory leak due to multiple rx_stats allocation", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Fix memory leak due to multiple rx_stats allocation\n\nrx_stats for each arsta is allocated when adding a station.\narsta-\u003erx_stats will be freed when a station is removed.\n\nRedundant allocations are occurring when the same station is added\nmultiple times. This causes ath12k_mac_station_add() to be called\nmultiple times, and rx_stats is allocated each time. As a result there\nis memory leaks.\n\nPrevent multiple allocations of rx_stats when ath12k_mac_station_add()\nis called repeatedly by checking if rx_stats is already allocated\nbefore allocating again. Allocate arsta-\u003erx_stats if arsta-\u003erx_stats\nis NULL respectively.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38199", "https://git.kernel.org/linus/c426497fa2055c8005196922e7d29c41d7e0948a (6.16-rc1)", "https://git.kernel.org/stable/c/232f962ae5fca98912a719e64b4964a5aec7c99b", "https://git.kernel.org/stable/c/c426497fa2055c8005196922e7d29c41d7e0948a", "https://lore.kernel.org/linux-cve-announce/2025070417-CVE-2025-38199-287e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38199", "https://ubuntu.com/security/notices/USN-7833-1", "https://ubuntu.com/security/notices/USN-7833-2", "https://ubuntu.com/security/notices/USN-7833-3", "https://ubuntu.com/security/notices/USN-7833-4", "https://ubuntu.com/security/notices/USN-7834-1", "https://ubuntu.com/security/notices/USN-7856-1", "https://www.cve.org/CVERecord?id=CVE-2025-38199" ], "PublishedDate": "2025-07-04T14:15:27.707Z", "LastModifiedDate": "2025-11-18T17:17:24.977Z" }, { "VulnerabilityID": "CVE-2025-38201", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38201", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ef5ed695085bc1f4ba042190c6c9ec077a2fd2fc588bc4c65d36d536932e1878", "Title": "kernel: netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX\n\nOtherwise, it is possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof()\nwhen resizing hashtable because __GFP_NOWARN is unset.\n\nSimilar to:\n\n b541ba7d1f5a (\"netfilter: conntrack: clamp maximum hashtable size to INT_MAX\")", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 1, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38201", "https://git.kernel.org/linus/b85e3367a5716ed3662a4fe266525190d2af76df (6.16-rc1)", "https://git.kernel.org/stable/c/0ab3de047808f375a36cd345225572eb3366f3c6", "https://git.kernel.org/stable/c/1fe27f97944017a9d3c5af4d6d95282bff0f1147", "https://git.kernel.org/stable/c/4abccfb61f422300be014b8e734c63344306f009", "https://git.kernel.org/stable/c/80417057ac60dd80f4816eb426e4e4a5bf696534", "https://git.kernel.org/stable/c/b85e3367a5716ed3662a4fe266525190d2af76df", "https://git.kernel.org/stable/c/d2768016f091f8a5264076b433fd7c3fabb6eb97", "https://git.kernel.org/stable/c/df524a68d9021c1401965d610bb6e42ee5d9611e", "https://linux.oracle.com/cve/CVE-2025-38201.html", "https://linux.oracle.com/errata/ELSA-2025-20551.html", "https://lore.kernel.org/linux-cve-announce/2025070418-CVE-2025-38201-9575@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38201", "https://ubuntu.com/security/notices/USN-7833-1", "https://ubuntu.com/security/notices/USN-7833-2", "https://ubuntu.com/security/notices/USN-7833-3", "https://ubuntu.com/security/notices/USN-7833-4", "https://ubuntu.com/security/notices/USN-7834-1", "https://ubuntu.com/security/notices/USN-7856-1", "https://www.cve.org/CVERecord?id=CVE-2025-38201" ], "PublishedDate": "2025-07-04T14:15:28Z", "LastModifiedDate": "2026-03-17T13:27:27.653Z" }, { "VulnerabilityID": "CVE-2025-38202", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38202", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:52efb7814b0970c36425c680e93680cb6a6c601227d143db3ddfad7061b94e3f", "Title": "kernel: bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem()\n\nbpf_map_lookup_percpu_elem() helper is also available for sleepable bpf\nprogram. When BPF JIT is disabled or under 32-bit host,\nbpf_map_lookup_percpu_elem() will not be inlined. Using it in a\nsleepable bpf program will trigger the warning in\nbpf_map_lookup_percpu_elem(), because the bpf program only holds\nrcu_read_lock_trace lock. Therefore, add the missed check.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38202", "https://git.kernel.org/linus/d4965578267e2e81f67c86e2608481e77e9c8569 (6.16-rc1)", "https://git.kernel.org/stable/c/2d834477bbc1e8b8a59ff8b0c081529d6bed7b22", "https://git.kernel.org/stable/c/2f8c69a72e8ad87b36b8052f789da3cc2b2e186c", "https://git.kernel.org/stable/c/7bf4461f1c97207fda757014690d55a447ce859f", "https://git.kernel.org/stable/c/b522d4d334f206284b1a44b0b0b2f99fd443b39b", "https://git.kernel.org/stable/c/d4965578267e2e81f67c86e2608481e77e9c8569", "https://linux.oracle.com/cve/CVE-2025-38202.html", "https://linux.oracle.com/errata/ELSA-2025-20551.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025070418-CVE-2025-38202-bef0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38202", "https://ubuntu.com/security/notices/USN-7833-1", "https://ubuntu.com/security/notices/USN-7833-2", "https://ubuntu.com/security/notices/USN-7833-3", "https://ubuntu.com/security/notices/USN-7833-4", "https://ubuntu.com/security/notices/USN-7834-1", "https://ubuntu.com/security/notices/USN-7856-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38202" ], "PublishedDate": "2025-07-04T14:15:28.117Z", "LastModifiedDate": "2025-12-18T21:23:02.93Z" }, { "VulnerabilityID": "CVE-2025-38205", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38205", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:45a5d4f3f0523aa9c5d94f710bea0a99225e7d04af09e1db5a134793dbfe7a72", "Title": "kernel: drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid divide by zero by initializing dummy pitch to 1\n\n[Why]\nIf the dummy values in `populate_dummy_dml_surface_cfg()` aren't updated\nthen they can lead to a divide by zero in downstream callers like\nCalculateVMAndRowBytes()\n\n[How]\nInitialize dummy value to a value to avoid divide by zero.", "Severity": "MEDIUM", "CweIDs": [ "CWE-369" ], "VendorSeverity": { "azure": 2, "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38205", "https://git.kernel.org/linus/7e40f64896e8e3dca471e287672db5ace12ea0be (6.16-rc1)", "https://git.kernel.org/stable/c/7e40f64896e8e3dca471e287672db5ace12ea0be", "https://git.kernel.org/stable/c/8044f981b2cf8c32fe1bd5d1fc991552cdf7ffe0", "https://lore.kernel.org/linux-cve-announce/2025070419-CVE-2025-38205-0316@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38205", "https://ubuntu.com/security/notices/USN-7833-1", "https://ubuntu.com/security/notices/USN-7833-2", "https://ubuntu.com/security/notices/USN-7833-3", "https://ubuntu.com/security/notices/USN-7833-4", "https://ubuntu.com/security/notices/USN-7834-1", "https://ubuntu.com/security/notices/USN-7856-1", "https://www.cve.org/CVERecord?id=CVE-2025-38205" ], "PublishedDate": "2025-07-04T14:15:28.54Z", "LastModifiedDate": "2025-11-18T17:08:11.467Z" }, { "VulnerabilityID": "CVE-2025-38207", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38207", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:395d4cc2a91549b0f70d0906006ea99c7ca414b331e4cb909e50f35e5a7a0eb0", "Title": "kernel: mm: fix uprobe pte be overwritten when expanding vma", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: fix uprobe pte be overwritten when expanding vma\n\nPatch series \"Fix uprobe pte be overwritten when expanding vma\".\n\n\nThis patch (of 4):\n\nWe encountered a BUG alert triggered by Syzkaller as follows:\n BUG: Bad rss-counter state mm:00000000b4a60fca type:MM_ANONPAGES val:1\n\nAnd we can reproduce it with the following steps:\n1. register uprobe on file at zero offset\n2. mmap the file at zero offset:\n addr1 = mmap(NULL, 2 * 4096, PROT_NONE, MAP_PRIVATE, fd, 0);\n3. mremap part of vma1 to new vma2:\n addr2 = mremap(addr1, 4096, 2 * 4096, MREMAP_MAYMOVE);\n4. mremap back to orig addr1:\n mremap(addr2, 4096, 4096, MREMAP_MAYMOVE | MREMAP_FIXED, addr1);\n\nIn step 3, the vma1 range [addr1, addr1 + 4096] will be remap to new vma2\nwith range [addr2, addr2 + 8192], and remap uprobe anon page from the vma1\nto vma2, then unmap the vma1 range [addr1, addr1 + 4096].\n\nIn step 4, the vma2 range [addr2, addr2 + 4096] will be remap back to the\naddr range [addr1, addr1 + 4096]. Since the addr range [addr1 + 4096,\naddr1 + 8192] still maps the file, it will take vma_merge_new_range to\nexpand the range, and then do uprobe_mmap in vma_complete. Since the\nmerged vma pgoff is also zero offset, it will install uprobe anon page to\nthe merged vma. However, the upcomming move_page_tables step, which use\nset_pte_at to remap the vma2 uprobe pte to the merged vma, will overwrite\nthe newly uprobe pte in the merged vma, and lead that pte to be orphan.\n\nSince the uprobe pte will be remapped to the merged vma, we can remove the\nunnecessary uprobe_mmap upon merged vma.\n\nThis problem was first found in linux-6.6.y and also exists in the\ncommunity syzkaller:\nhttps://lore.kernel.org/all/000000000000ada39605a5e71711@google.com/T/", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38207", "https://git.kernel.org/linus/2b12d06c37fd3a394376f42f026a7478d826ed63 (6.16-rc1)", "https://git.kernel.org/stable/c/2b12d06c37fd3a394376f42f026a7478d826ed63", "https://git.kernel.org/stable/c/58b83b9a9a929611a2a2e7d88f45cb0d786b7ee0", "https://lore.kernel.org/linux-cve-announce/2025070420-CVE-2025-38207-e2ea@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38207", "https://www.cve.org/CVERecord?id=CVE-2025-38207" ], "PublishedDate": "2025-07-04T14:15:28.823Z", "LastModifiedDate": "2025-11-18T17:07:12.037Z" }, { "VulnerabilityID": "CVE-2025-38208", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38208", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e7978a7742f97fe23929fee73cc2faacb424ece1c393654f095eae2836582820", "Title": "kernel: smb: client: add NULL check in automount_fullpath", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: add NULL check in automount_fullpath\n\npage is checked for null in __build_path_from_dentry_optional_prefix\nwhen tcon-\u003eorigin_fullpath is not set. However, the check is missing when\nit is set.\nAdd a check to prevent a potential NULL pointer dereference.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38208", "https://git.kernel.org/linus/f1e7a277a1736e12cc4bd6d93b8a5c439b8ca20c (6.16-rc1)", "https://git.kernel.org/stable/c/37166d63e42c34846a16001950ecec96229a8d17", "https://git.kernel.org/stable/c/a9e916fa5c7d0ec2256aa44aa24ddd92f529ce35", "https://git.kernel.org/stable/c/cce8e71ca1f7ad9045707f0d22490c1e9ed1df6c", "https://git.kernel.org/stable/c/f1e7a277a1736e12cc4bd6d93b8a5c439b8ca20c", "https://linux.oracle.com/cve/CVE-2025-38208.html", "https://linux.oracle.com/errata/ELSA-2025-20551.html", "https://lore.kernel.org/linux-cve-announce/2025070420-CVE-2025-38208-97e1@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38208", "https://ubuntu.com/security/notices/USN-7833-1", "https://ubuntu.com/security/notices/USN-7833-2", "https://ubuntu.com/security/notices/USN-7833-3", "https://ubuntu.com/security/notices/USN-7833-4", "https://ubuntu.com/security/notices/USN-7834-1", "https://ubuntu.com/security/notices/USN-7856-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38208" ], "PublishedDate": "2025-07-04T14:15:28.95Z", "LastModifiedDate": "2025-11-18T16:49:31.74Z" }, { "VulnerabilityID": "CVE-2025-38215", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38215", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:aeb0442f65ab0cf82cee46cb0b062ff345c8a773a65bacdf97da6c4539513136", "Title": "kernel: fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var\n\nIf fb_add_videomode() in do_register_framebuffer() fails to allocate\nmemory for fb_videomode, it will later lead to a null-ptr dereference in\nfb_videomode_to_var(), as the fb_info is registered while not having the\nmode in modelist that is expected to be there, i.e. the one that is\ndescribed in fb_info-\u003evar.\n\n================================================================\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 PID: 30371 Comm: syz-executor.1 Not tainted 5.10.226-syzkaller #0\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nRIP: 0010:fb_videomode_to_var+0x24/0x610 drivers/video/fbdev/core/modedb.c:901\nCall Trace:\n display_to_var+0x3a/0x7c0 drivers/video/fbdev/core/fbcon.c:929\n fbcon_resize+0x3e2/0x8f0 drivers/video/fbdev/core/fbcon.c:2071\n resize_screen drivers/tty/vt/vt.c:1176 [inline]\n vc_do_resize+0x53a/0x1170 drivers/tty/vt/vt.c:1263\n fbcon_modechanged+0x3ac/0x6e0 drivers/video/fbdev/core/fbcon.c:2720\n fbcon_update_vcs+0x43/0x60 drivers/video/fbdev/core/fbcon.c:2776\n do_fb_ioctl+0x6d2/0x740 drivers/video/fbdev/core/fbmem.c:1128\n fb_ioctl+0xe7/0x150 drivers/video/fbdev/core/fbmem.c:1203\n vfs_ioctl fs/ioctl.c:48 [inline]\n __do_sys_ioctl fs/ioctl.c:753 [inline]\n __se_sys_ioctl fs/ioctl.c:739 [inline]\n __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:739\n do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n================================================================\n\nEven though fbcon_init() checks beforehand if fb_match_mode() in\nvar_to_display() fails, it can not prevent the panic because fbcon_init()\ndoes not return error code. Considering this and the comment in the code\nabout fb_match_mode() returning NULL - \"This should not happen\" - it is\nbetter to prevent registering the fb_info if its mode was not set\nsuccessfully. Also move fb_add_videomode() closer to the beginning of\ndo_register_framebuffer() to avoid having to do the cleanup on fail.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38215", "https://git.kernel.org/linus/17186f1f90d34fa701e4f14e6818305151637b9e (6.16-rc1)", "https://git.kernel.org/stable/c/0909b2b49c4546a7a08c80f53d93736b63270827", "https://git.kernel.org/stable/c/17186f1f90d34fa701e4f14e6818305151637b9e", "https://git.kernel.org/stable/c/3f2098f4fba7718eb2501207ca6e99d22427f25a", "https://git.kernel.org/stable/c/908c5bb64f9c4319902b8ca1aa3fef8f83302520", "https://git.kernel.org/stable/c/d803c4c2a4ac8ce2be6d899d5c7ab0bf7ec355e9", "https://linux.oracle.com/cve/CVE-2025-38215.html", "https://linux.oracle.com/errata/ELSA-2025-20551.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025070423-CVE-2025-38215-ddbd@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38215", "https://ubuntu.com/security/notices/USN-7856-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38215" ], "PublishedDate": "2025-07-04T14:15:29.98Z", "LastModifiedDate": "2025-12-18T20:01:54.45Z" }, { "VulnerabilityID": "CVE-2025-38225", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38225", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:44a9c762fe80939e9cda014648afc1b9d4291c8fdab74f8c925b0be743aa5c9c", "Title": "kernel: media: imx-jpeg: Cleanup after an allocation error", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-jpeg: Cleanup after an allocation error\n\nWhen allocation failures are not cleaned up by the driver, further\nallocation errors will be false-positives, which will cause buffers to\nremain uninitialized and cause NULL pointer dereferences.\nEnsure proper cleanup of failed allocations to prevent these issues.", "Severity": "MEDIUM", "CweIDs": [ "CWE-908" ], "VendorSeverity": { "azure": 2, "nvd": 2, "photon": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38225", "https://git.kernel.org/linus/7500bb9cf164edbb2c8117d57620227b1a4a8369 (6.16-rc1)", "https://git.kernel.org/stable/c/0ee9469f818a0b4de3c0e7aecd733c103820d181", "https://git.kernel.org/stable/c/6d0efe7d35c75394f32ff9d0650a007642d23857", "https://git.kernel.org/stable/c/7500bb9cf164edbb2c8117d57620227b1a4a8369", "https://git.kernel.org/stable/c/b89ff9cf37ff59399f850d5f7781ef78fc37679f", "https://git.kernel.org/stable/c/ec26be7d6355a05552a0d0c1e73031f83aa4dc7f", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025070427-CVE-2025-38225-75f6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38225", "https://ubuntu.com/security/notices/USN-7833-1", "https://ubuntu.com/security/notices/USN-7833-2", "https://ubuntu.com/security/notices/USN-7833-3", "https://ubuntu.com/security/notices/USN-7833-4", "https://ubuntu.com/security/notices/USN-7834-1", "https://ubuntu.com/security/notices/USN-7856-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38225" ], "PublishedDate": "2025-07-04T14:15:31.237Z", "LastModifiedDate": "2025-12-18T19:46:17.94Z" }, { "VulnerabilityID": "CVE-2025-38234", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38234", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:17baca5002a8632dce09506bbca9576e5c5a63d3a82626b49fe1b72d433f7106", "Title": "kernel: sched/rt: Fix race in push_rt_task", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/rt: Fix race in push_rt_task\n\nOverview\n========\nWhen a CPU chooses to call push_rt_task and picks a task to push to\nanother CPU's runqueue then it will call find_lock_lowest_rq method\nwhich would take a double lock on both CPUs' runqueues. If one of the\nlocks aren't readily available, it may lead to dropping the current\nrunqueue lock and reacquiring both the locks at once. During this window\nit is possible that the task is already migrated and is running on some\nother CPU. These cases are already handled. However, if the task is\nmigrated and has already been executed and another CPU is now trying to\nwake it up (ttwu) such that it is queued again on the runqeue\n(on_rq is 1) and also if the task was run by the same CPU, then the\ncurrent checks will pass even though the task was migrated out and is no\nlonger in the pushable tasks list.\n\nCrashes\n=======\nThis bug resulted in quite a few flavors of crashes triggering kernel\npanics with various crash signatures such as assert failures, page\nfaults, null pointer dereferences, and queue corruption errors all\ncoming from scheduler itself.\n\nSome of the crashes:\n-\u003e kernel BUG at kernel/sched/rt.c:1616! BUG_ON(idx \u003e= MAX_RT_PRIO)\n Call Trace:\n ? __die_body+0x1a/0x60\n ? die+0x2a/0x50\n ? do_trap+0x85/0x100\n ? pick_next_task_rt+0x6e/0x1d0\n ? do_error_trap+0x64/0xa0\n ? pick_next_task_rt+0x6e/0x1d0\n ? exc_invalid_op+0x4c/0x60\n ? pick_next_task_rt+0x6e/0x1d0\n ? asm_exc_invalid_op+0x12/0x20\n ? pick_next_task_rt+0x6e/0x1d0\n __schedule+0x5cb/0x790\n ? update_ts_time_stats+0x55/0x70\n schedule_idle+0x1e/0x40\n do_idle+0x15e/0x200\n cpu_startup_entry+0x19/0x20\n start_secondary+0x117/0x160\n secondary_startup_64_no_verify+0xb0/0xbb\n\n-\u003e BUG: kernel NULL pointer dereference, address: 00000000000000c0\n Call Trace:\n ? __die_body+0x1a/0x60\n ? no_context+0x183/0x350\n ? __warn+0x8a/0xe0\n ? exc_page_fault+0x3d6/0x520\n ? asm_exc_page_fault+0x1e/0x30\n ? pick_next_task_rt+0xb5/0x1d0\n ? pick_next_task_rt+0x8c/0x1d0\n __schedule+0x583/0x7e0\n ? update_ts_time_stats+0x55/0x70\n schedule_idle+0x1e/0x40\n do_idle+0x15e/0x200\n cpu_startup_entry+0x19/0x20\n start_secondary+0x117/0x160\n secondary_startup_64_no_verify+0xb0/0xbb\n\n-\u003e BUG: unable to handle page fault for address: ffff9464daea5900\n kernel BUG at kernel/sched/rt.c:1861! BUG_ON(rq-\u003ecpu != task_cpu(p))\n\n-\u003e kernel BUG at kernel/sched/rt.c:1055! BUG_ON(!rq-\u003enr_running)\n Call Trace:\n ? __die_body+0x1a/0x60\n ? die+0x2a/0x50\n ? do_trap+0x85/0x100\n ? dequeue_top_rt_rq+0xa2/0xb0\n ? do_error_trap+0x64/0xa0\n ? dequeue_top_rt_rq+0xa2/0xb0\n ? exc_invalid_op+0x4c/0x60\n ? dequeue_top_rt_rq+0xa2/0xb0\n ? asm_exc_invalid_op+0x12/0x20\n ? dequeue_top_rt_rq+0xa2/0xb0\n dequeue_rt_entity+0x1f/0x70\n dequeue_task_rt+0x2d/0x70\n __schedule+0x1a8/0x7e0\n ? blk_finish_plug+0x25/0x40\n schedule+0x3c/0xb0\n futex_wait_queue_me+0xb6/0x120\n futex_wait+0xd9/0x240\n do_futex+0x344/0xa90\n ? get_mm_exe_file+0x30/0x60\n ? audit_exe_compare+0x58/0x70\n ? audit_filter_rules.constprop.26+0x65e/0x1220\n __x64_sys_futex+0x148/0x1f0\n do_syscall_64+0x30/0x80\n entry_SYSCALL_64_after_hwframe+0x62/0xc7\n\n-\u003e BUG: unable to handle page fault for address: ffff8cf3608bc2c0\n Call Trace:\n ? __die_body+0x1a/0x60\n ? no_context+0x183/0x350\n ? spurious_kernel_fault+0x171/0x1c0\n ? exc_page_fault+0x3b6/0x520\n ? plist_check_list+0x15/0x40\n ? plist_check_list+0x2e/0x40\n ? asm_exc_page_fault+0x1e/0x30\n ? _cond_resched+0x15/0x30\n ? futex_wait_queue_me+0xc8/0x120\n ? futex_wait+0xd9/0x240\n ? try_to_wake_up+0x1b8/0x490\n ? futex_wake+0x78/0x160\n ? do_futex+0xcd/0xa90\n ? plist_check_list+0x15/0x40\n ? plist_check_list+0x2e/0x40\n ? plist_del+0x6a/0xd0\n ? plist_check_list+0x15/0x40\n ? plist_check_list+0x2e/0x40\n ? dequeue_pushable_task+0x20/0x70\n ? __schedule+0x382/0x7e0\n ? asm_sysvec_reschedule_i\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38234", "https://git.kernel.org/linus/690e47d1403e90b7f2366f03b52ed3304194c793 (6.16-rc1)", "https://git.kernel.org/stable/c/07ecabfbca64f4f0b6071cf96e49d162fa9d138d", "https://git.kernel.org/stable/c/690e47d1403e90b7f2366f03b52ed3304194c793", "https://git.kernel.org/stable/c/9f6022b2573ae068793810db719e131df3ded405", "https://git.kernel.org/stable/c/debfbc047196df1f6bfd52f2d028c21dce67f0de", "https://linux.oracle.com/cve/CVE-2025-38234.html", "https://linux.oracle.com/errata/ELSA-2026-50112.html", "https://lore.kernel.org/linux-cve-announce/2025070430-CVE-2025-38234-6984@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38234", "https://ubuntu.com/security/notices/USN-7833-1", "https://ubuntu.com/security/notices/USN-7833-2", "https://ubuntu.com/security/notices/USN-7833-3", "https://ubuntu.com/security/notices/USN-7833-4", "https://ubuntu.com/security/notices/USN-7834-1", "https://ubuntu.com/security/notices/USN-7856-1", "https://www.cve.org/CVERecord?id=CVE-2025-38234" ], "PublishedDate": "2025-07-04T14:15:33.087Z", "LastModifiedDate": "2026-03-17T13:30:18.6Z" }, { "VulnerabilityID": "CVE-2025-38236", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38236", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:48c6ef2fd39d9b9e27bb78fe25ff19cddf4a8f3fe2a358538410a6cb61b52827", "Title": "kernel: af_unix: Don't leave consecutive consumed OOB skbs.", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Don't leave consecutive consumed OOB skbs.\n\nJann Horn reported a use-after-free in unix_stream_read_generic().\n\nThe following sequences reproduce the issue:\n\n $ python3\n from socket import *\n s1, s2 = socketpair(AF_UNIX, SOCK_STREAM)\n s1.send(b'x', MSG_OOB)\n s2.recv(1, MSG_OOB) # leave a consumed OOB skb\n s1.send(b'y', MSG_OOB)\n s2.recv(1, MSG_OOB) # leave a consumed OOB skb\n s1.send(b'z', MSG_OOB)\n s2.recv(1) # recv 'z' illegally\n s2.recv(1, MSG_OOB) # access 'z' skb (use-after-free)\n\nEven though a user reads OOB data, the skb holding the data stays on\nthe recv queue to mark the OOB boundary and break the next recv().\n\nAfter the last send() in the scenario above, the sk2's recv queue has\n2 leading consumed OOB skbs and 1 real OOB skb.\n\nThen, the following happens during the next recv() without MSG_OOB\n\n 1. unix_stream_read_generic() peeks the first consumed OOB skb\n 2. manage_oob() returns the next consumed OOB skb\n 3. unix_stream_read_generic() fetches the next not-yet-consumed OOB skb\n 4. unix_stream_read_generic() reads and frees the OOB skb\n\n, and the last recv(MSG_OOB) triggers KASAN splat.\n\nThe 3. above occurs because of the SO_PEEK_OFF code, which does not\nexpect unix_skb_len(skb) to be 0, but this is true for such consumed\nOOB skbs.\n\n while (skip \u003e= unix_skb_len(skb)) {\n skip -= unix_skb_len(skb);\n skb = skb_peek_next(skb, \u0026sk-\u003esk_receive_queue);\n ...\n }\n\nIn addition to this use-after-free, there is another issue that\nioctl(SIOCATMARK) does not function properly with consecutive consumed\nOOB skbs.\n\nSo, nothing good comes out of such a situation.\n\nInstead of complicating manage_oob(), ioctl() handling, and the next\nECONNRESET fix by introducing a loop for consecutive consumed OOB skbs,\nlet's not leave such consecutive OOB unnecessarily.\n\nNow, while receiving an OOB skb in unix_stream_recv_urg(), if its\nprevious skb is a consumed OOB skb, it is freed.\n\n[0]:\nBUG: KASAN: slab-use-after-free in unix_stream_read_actor (net/unix/af_unix.c:3027)\nRead of size 4 at addr ffff888106ef2904 by task python3/315\n\nCPU: 2 UID: 0 PID: 315 Comm: python3 Not tainted 6.16.0-rc1-00407-gec315832f6f9 #8 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-4.fc42 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl (lib/dump_stack.c:122)\n print_report (mm/kasan/report.c:409 mm/kasan/report.c:521)\n kasan_report (mm/kasan/report.c:636)\n unix_stream_read_actor (net/unix/af_unix.c:3027)\n unix_stream_read_generic (net/unix/af_unix.c:2708 net/unix/af_unix.c:2847)\n unix_stream_recvmsg (net/unix/af_unix.c:3048)\n sock_recvmsg (net/socket.c:1063 (discriminator 20) net/socket.c:1085 (discriminator 20))\n __sys_recvfrom (net/socket.c:2278)\n __x64_sys_recvfrom (net/socket.c:2291 (discriminator 1) net/socket.c:2287 (discriminator 1) net/socket.c:2287 (discriminator 1))\n do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1))\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\nRIP: 0033:0x7f8911fcea06\nCode: 5d e8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 75 19 83 e2 39 83 fa 08 75 11 e8 26 ff ff ff 66 0f 1f 44 00 00 48 8b 45 10 0f 05 \u003c48\u003e 8b 5d f8 c9 c3 0f 1f 40 00 f3 0f 1e fa 55 48 89 e5 48 83 ec 08\nRSP: 002b:00007fffdb0dccb0 EFLAGS: 00000202 ORIG_RAX: 000000000000002d\nRAX: ffffffffffffffda RBX: 00007fffdb0dcdc8 RCX: 00007f8911fcea06\nRDX: 0000000000000001 RSI: 00007f8911a5e060 RDI: 0000000000000006\nRBP: 00007fffdb0dccd0 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000202 R12: 00007f89119a7d20\nR13: ffffffffc4653600 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\n\nAllocated by task 315:\n kasan_save_stack (mm/kasan/common.c:48)\n kasan_save_track (mm/kasan/common.c:60 (discriminator 1) mm/kasan/common.c:69 (discriminator 1))\n __kasan_slab_alloc (mm/kasan/common.c:348)\n kmem_cache_alloc_\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "azure": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "V3Score": 7.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38236", "https://git.kernel.org/linus/32ca245464e1479bfea8592b9db227fdc1641705 (6.16-rc4)", "https://git.kernel.org/stable/c/32ca245464e1479bfea8592b9db227fdc1641705", "https://git.kernel.org/stable/c/523edfed4f68b7794d85b9ac828c5f8f4442e4c5", "https://git.kernel.org/stable/c/61a9ad7b69ce688697e5f63332f03e17725353bc", "https://git.kernel.org/stable/c/8db4d2d026e6e3649832bfe23b96c4acff0756db", "https://git.kernel.org/stable/c/a12237865b48a73183df252029ff5065d73d305e", "https://git.kernel.org/stable/c/fad0a2c16062ac7c606b93166a7ce9d265bab976", "https://linux.oracle.com/cve/CVE-2025-38236.html", "https://linux.oracle.com/errata/ELSA-2025-25757.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025070842-CVE-2025-38236-f58c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38236", "https://project-zero.issues.chromium.org/issues/423023990", "https://ubuntu.com/security/notices/USN-7833-1", "https://ubuntu.com/security/notices/USN-7833-2", "https://ubuntu.com/security/notices/USN-7833-3", "https://ubuntu.com/security/notices/USN-7833-4", "https://ubuntu.com/security/notices/USN-7834-1", "https://ubuntu.com/security/notices/USN-7856-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-38236" ], "PublishedDate": "2025-07-08T08:15:20.96Z", "LastModifiedDate": "2025-12-18T19:23:29.963Z" }, { "VulnerabilityID": "CVE-2025-38239", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38239", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3ccd0fbdc0c4538d7dd4e051f66fb3528aaf4bca9e471d21ec6981bcd14ff189", "Title": "kernel: scsi: megaraid_sas: Fix invalid node index", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: megaraid_sas: Fix invalid node index\n\nOn a system with DRAM interleave enabled, out-of-bound access is\ndetected:\n\nmegaraid_sas 0000:3f:00.0: requested/available msix 128/128 poll_queue 0\n------------[ cut here ]------------\nUBSAN: array-index-out-of-bounds in ./arch/x86/include/asm/topology.h:72:28\nindex -1 is out of range for type 'cpumask *[1024]'\ndump_stack_lvl+0x5d/0x80\nubsan_epilogue+0x5/0x2b\n__ubsan_handle_out_of_bounds.cold+0x46/0x4b\nmegasas_alloc_irq_vectors+0x149/0x190 [megaraid_sas]\nmegasas_probe_one.cold+0xa4d/0x189c [megaraid_sas]\nlocal_pci_probe+0x42/0x90\npci_device_probe+0xdc/0x290\nreally_probe+0xdb/0x340\n__driver_probe_device+0x78/0x110\ndriver_probe_device+0x1f/0xa0\n__driver_attach+0xba/0x1c0\nbus_for_each_dev+0x8b/0xe0\nbus_add_driver+0x142/0x220\ndriver_register+0x72/0xd0\nmegasas_init+0xdf/0xff0 [megaraid_sas]\ndo_one_initcall+0x57/0x310\ndo_init_module+0x90/0x250\ninit_module_from_file+0x85/0xc0\nidempotent_init_module+0x114/0x310\n__x64_sys_finit_module+0x65/0xc0\ndo_syscall_64+0x82/0x170\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFix it accordingly.", "Severity": "MEDIUM", "CweIDs": [ "CWE-129" ], "VendorSeverity": { "azure": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38239", "https://git.kernel.org/linus/752eb816b55adb0673727ba0ed96609a17895654 (6.16-rc4)", "https://git.kernel.org/stable/c/074efb35552556a4b3b25eedab076d5dc24a8199", "https://git.kernel.org/stable/c/19a47c966deb36624843b7301f0373a3dc541a05", "https://git.kernel.org/stable/c/752eb816b55adb0673727ba0ed96609a17895654", "https://git.kernel.org/stable/c/bf2c1643abc3b2507d56bb6c22bf9897272f8a35", "https://git.kernel.org/stable/c/f1064b3532192e987ab17be7281d5fee36fd25e1", "https://linux.oracle.com/cve/CVE-2025-38239.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025070933-CVE-2025-38239-678a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38239", "https://ubuntu.com/security/notices/USN-7833-1", "https://ubuntu.com/security/notices/USN-7833-2", "https://ubuntu.com/security/notices/USN-7833-3", "https://ubuntu.com/security/notices/USN-7833-4", "https://ubuntu.com/security/notices/USN-7834-1", "https://ubuntu.com/security/notices/USN-7856-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38239" ], "PublishedDate": "2025-07-09T11:15:25.983Z", "LastModifiedDate": "2025-12-18T17:15:56.823Z" }, { "VulnerabilityID": "CVE-2025-38244", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38244", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:36ad0ac3931e9b2d63c6442c58d9438407070e5b40702eaaebe65d02848da96c", "Title": "kernel: Linux kernel: Denial of Service in SMB client due to deadlock during channel reconnection", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential deadlock when reconnecting channels\n\nFix cifs_signal_cifsd_for_reconnect() to take the correct lock order\nand prevent the following deadlock from happening\n\n======================================================\nWARNING: possible circular locking dependency detected\n6.16.0-rc3-build2+ #1301 Tainted: G S W\n------------------------------------------------------\ncifsd/6055 is trying to acquire lock:\nffff88810ad56038 (\u0026tcp_ses-\u003esrv_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0x134/0x200\n\nbut task is already holding lock:\nffff888119c64330 (\u0026ret_buf-\u003echan_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0xcf/0x200\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-\u003e #2 (\u0026ret_buf-\u003echan_lock){+.+.}-{3:3}:\n validate_chain+0x1cf/0x270\n __lock_acquire+0x60e/0x780\n lock_acquire.part.0+0xb4/0x1f0\n _raw_spin_lock+0x2f/0x40\n cifs_setup_session+0x81/0x4b0\n cifs_get_smb_ses+0x771/0x900\n cifs_mount_get_session+0x7e/0x170\n cifs_mount+0x92/0x2d0\n cifs_smb3_do_mount+0x161/0x460\n smb3_get_tree+0x55/0x90\n vfs_get_tree+0x46/0x180\n do_new_mount+0x1b0/0x2e0\n path_mount+0x6ee/0x740\n do_mount+0x98/0xe0\n __do_sys_mount+0x148/0x180\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n-\u003e #1 (\u0026ret_buf-\u003eses_lock){+.+.}-{3:3}:\n validate_chain+0x1cf/0x270\n __lock_acquire+0x60e/0x780\n lock_acquire.part.0+0xb4/0x1f0\n _raw_spin_lock+0x2f/0x40\n cifs_match_super+0x101/0x320\n sget+0xab/0x270\n cifs_smb3_do_mount+0x1e0/0x460\n smb3_get_tree+0x55/0x90\n vfs_get_tree+0x46/0x180\n do_new_mount+0x1b0/0x2e0\n path_mount+0x6ee/0x740\n do_mount+0x98/0xe0\n __do_sys_mount+0x148/0x180\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n-\u003e #0 (\u0026tcp_ses-\u003esrv_lock){+.+.}-{3:3}:\n check_noncircular+0x95/0xc0\n check_prev_add+0x115/0x2f0\n validate_chain+0x1cf/0x270\n __lock_acquire+0x60e/0x780\n lock_acquire.part.0+0xb4/0x1f0\n _raw_spin_lock+0x2f/0x40\n cifs_signal_cifsd_for_reconnect+0x134/0x200\n __cifs_reconnect+0x8f/0x500\n cifs_handle_standard+0x112/0x280\n cifs_demultiplex_thread+0x64d/0xbc0\n kthread+0x2f7/0x310\n ret_from_fork+0x2a/0x230\n ret_from_fork_asm+0x1a/0x30\n\nother info that might help us debug this:\n\nChain exists of:\n \u0026tcp_ses-\u003esrv_lock --\u003e \u0026ret_buf-\u003eses_lock --\u003e \u0026ret_buf-\u003echan_lock\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(\u0026ret_buf-\u003echan_lock);\n lock(\u0026ret_buf-\u003eses_lock);\n lock(\u0026ret_buf-\u003echan_lock);\n lock(\u0026tcp_ses-\u003esrv_lock);\n\n *** DEADLOCK ***\n\n3 locks held by cifsd/6055:\n #0: ffffffff857de398 (\u0026cifs_tcp_ses_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0x7b/0x200\n #1: ffff888119c64060 (\u0026ret_buf-\u003eses_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0x9c/0x200\n #2: ffff888119c64330 (\u0026ret_buf-\u003echan_lock){+.+.}-{3:3}, at: cifs_signal_cifsd_for_reconnect+0xcf/0x200", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "amazon": 3, "azure": 3, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38244", "https://git.kernel.org/linus/711741f94ac3cf9f4e3aa73aa171e76d188c0819 (6.16-rc4)", "https://git.kernel.org/stable/c/711741f94ac3cf9f4e3aa73aa171e76d188c0819", "https://git.kernel.org/stable/c/7f3ead8ebc0ef65b6c89a13912b4e80218425629", "https://git.kernel.org/stable/c/c82c7041258d96e3286f6790ab700e4edd3cc9e3", "https://git.kernel.org/stable/c/fe035dc78aa6ca8f862857d45beaf7a0e03206ca", "https://linux.oracle.com/cve/CVE-2025-38244.html", "https://linux.oracle.com/errata/ELSA-2025-20551.html", "https://lore.kernel.org/linux-cve-announce/2025070933-CVE-2025-38244-6c2c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38244", "https://ubuntu.com/security/notices/USN-7798-1", "https://ubuntu.com/security/notices/USN-7808-1", "https://ubuntu.com/security/notices/USN-7808-2", "https://ubuntu.com/security/notices/USN-7809-1", "https://ubuntu.com/security/notices/USN-7833-1", "https://ubuntu.com/security/notices/USN-7833-2", "https://ubuntu.com/security/notices/USN-7833-3", "https://ubuntu.com/security/notices/USN-7833-4", "https://ubuntu.com/security/notices/USN-7856-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://www.cve.org/CVERecord?id=CVE-2025-38244" ], "PublishedDate": "2025-07-09T11:15:26.48Z", "LastModifiedDate": "2025-11-20T20:13:41.24Z" }, { "VulnerabilityID": "CVE-2025-38248", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38248", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:fbdb8ce7334109ded5b32a9af63d44827ddbec8a02769190841e86691601f6b0", "Title": "kernel: Linux kernel:A use-after-free in bridge multicast in br_multicast_port_ctx_init", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbridge: mcast: Fix use-after-free during router port configuration\n\nThe bridge maintains a global list of ports behind which a multicast\nrouter resides. The list is consulted during forwarding to ensure\nmulticast packets are forwarded to these ports even if the ports are not\nmember in the matching MDB entry.\n\nWhen per-VLAN multicast snooping is enabled, the per-port multicast\ncontext is disabled on each port and the port is removed from the global\nrouter port list:\n\n # ip link add name br1 up type bridge vlan_filtering 1 mcast_snooping 1\n # ip link add name dummy1 up master br1 type dummy\n # ip link set dev dummy1 type bridge_slave mcast_router 2\n $ bridge -d mdb show | grep router\n router ports on br1: dummy1\n # ip link set dev br1 type bridge mcast_vlan_snooping 1\n $ bridge -d mdb show | grep router\n\nHowever, the port can be re-added to the global list even when per-VLAN\nmulticast snooping is enabled:\n\n # ip link set dev dummy1 type bridge_slave mcast_router 0\n # ip link set dev dummy1 type bridge_slave mcast_router 2\n $ bridge -d mdb show | grep router\n router ports on br1: dummy1\n\nSince commit 4b30ae9adb04 (\"net: bridge: mcast: re-implement\nbr_multicast_{enable, disable}_port functions\"), when per-VLAN multicast\nsnooping is enabled, multicast disablement on a port will disable the\nper-{port, VLAN} multicast contexts and not the per-port one. As a\nresult, a port will remain in the global router port list even after it\nis deleted. This will lead to a use-after-free [1] when the list is\ntraversed (when adding a new port to the list, for example):\n\n # ip link del dev dummy1\n # ip link add name dummy2 up master br1 type dummy\n # ip link set dev dummy2 type bridge_slave mcast_router 2\n\nSimilarly, stale entries can also be found in the per-VLAN router port\nlist. When per-VLAN multicast snooping is disabled, the per-{port, VLAN}\ncontexts are disabled on each port and the port is removed from the\nper-VLAN router port list:\n\n # ip link add name br1 up type bridge vlan_filtering 1 mcast_snooping 1 mcast_vlan_snooping 1\n # ip link add name dummy1 up master br1 type dummy\n # bridge vlan add vid 2 dev dummy1\n # bridge vlan global set vid 2 dev br1 mcast_snooping 1\n # bridge vlan set vid 2 dev dummy1 mcast_router 2\n $ bridge vlan global show dev br1 vid 2 | grep router\n router ports: dummy1\n # ip link set dev br1 type bridge mcast_vlan_snooping 0\n $ bridge vlan global show dev br1 vid 2 | grep router\n\nHowever, the port can be re-added to the per-VLAN list even when\nper-VLAN multicast snooping is disabled:\n\n # bridge vlan set vid 2 dev dummy1 mcast_router 0\n # bridge vlan set vid 2 dev dummy1 mcast_router 2\n $ bridge vlan global show dev br1 vid 2 | grep router\n router ports: dummy1\n\nWhen the VLAN is deleted from the port, the per-{port, VLAN} multicast\ncontext will not be disabled since multicast snooping is not enabled\non the VLAN. As a result, the port will remain in the per-VLAN router\nport list even after it is no longer member in the VLAN. This will lead\nto a use-after-free [2] when the list is traversed (when adding a new\nport to the list, for example):\n\n # ip link add name dummy2 up master br1 type dummy\n # bridge vlan add vid 2 dev dummy2\n # bridge vlan del vid 2 dev dummy1\n # bridge vlan set vid 2 dev dummy2 mcast_router 2\n\nFix these issues by removing the port from the relevant (global or\nper-VLAN) router port list in br_multicast_port_ctx_deinit(). The\nfunction is invoked during port deletion with the per-port multicast\ncontext and during VLAN deletion with the per-{port, VLAN} multicast\ncontext.\n\nNote that deleting the multicast router timer is not enough as it only\ntakes care of the temporary multicast router states (1 or 3) and not the\npermanent one (2).\n\n[1]\nBUG: KASAN: slab-out-of-bounds in br_multicast_add_router.part.0+0x3f1/0x560\nWrite of size 8 at addr ffff888004a67328 by task ip/384\n[...]\nCall Trace:\n \u003cTASK\u003e\n dump_stack\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:3110", "https://access.redhat.com/security/cve/CVE-2025-38248", "https://bugzilla.redhat.com/2376034", "https://bugzilla.redhat.com/2378981", "https://bugzilla.redhat.com/2406747", "https://bugzilla.redhat.com/2429065", "https://bugzilla.redhat.com/2436791", "https://errata.almalinux.org/8/ALSA-2026-3110.html", "https://git.kernel.org/linus/7544f3f5b0b58c396f374d060898b5939da31709 (6.16-rc4)", "https://git.kernel.org/stable/c/4d3c2a1d4c7c33103f1ddfdbc5cfe1ea4f6d0dcd", "https://git.kernel.org/stable/c/7544f3f5b0b58c396f374d060898b5939da31709", "https://git.kernel.org/stable/c/bdced577da71b118b6ed4242ebd47f81bf54d406", "https://git.kernel.org/stable/c/f05a4f9e959e0fc098046044c650acf897ea52d2", "https://linux.oracle.com/cve/CVE-2025-38248.html", "https://linux.oracle.com/errata/ELSA-2026-50144.html", "https://lore.kernel.org/linux-cve-announce/2025070934-CVE-2025-38248-003c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38248", "https://ubuntu.com/security/notices/USN-7833-1", "https://ubuntu.com/security/notices/USN-7833-2", "https://ubuntu.com/security/notices/USN-7833-3", "https://ubuntu.com/security/notices/USN-7833-4", "https://ubuntu.com/security/notices/USN-7834-1", "https://ubuntu.com/security/notices/USN-7856-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-38248" ], "PublishedDate": "2025-07-09T11:15:26.963Z", "LastModifiedDate": "2026-03-17T13:32:54.233Z" }, { "VulnerabilityID": "CVE-2025-38250", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38250", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5f21867e0b40e9368d329679da65244402aa6b18563e29184a8088e1ba19f442", "Title": "kernel: Bluetooth: hci_core: Fix use-after-free in vhci_flush()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_core: Fix use-after-free in vhci_flush()\n\nsyzbot reported use-after-free in vhci_flush() without repro. [0]\n\nFrom the splat, a thread close()d a vhci file descriptor while\nits device was being used by iotcl() on another thread.\n\nOnce the last fd refcnt is released, vhci_release() calls\nhci_unregister_dev(), hci_free_dev(), and kfree() for struct\nvhci_data, which is set to hci_dev-\u003edev-\u003edriver_data.\n\nThe problem is that there is no synchronisation after unlinking\nhdev from hci_dev_list in hci_unregister_dev(). There might be\nanother thread still accessing the hdev which was fetched before\nthe unlink operation.\n\nWe can use SRCU for such synchronisation.\n\nLet's run hci_dev_reset() under SRCU and wait for its completion\nin hci_unregister_dev().\n\nAnother option would be to restore hci_dev-\u003edestruct(), which was\nremoved in commit 587ae086f6e4 (\"Bluetooth: Remove unused\nhci-destruct cb\"). However, this would not be a good solution, as\nwe should not run hci_unregister_dev() while there are in-flight\nioctl() requests, which could lead to another data-race KCSAN splat.\n\nNote that other drivers seem to have the same problem, for exmaple,\nvirtbt_remove().\n\n[0]:\nBUG: KASAN: slab-use-after-free in skb_queue_empty_lockless include/linux/skbuff.h:1891 [inline]\nBUG: KASAN: slab-use-after-free in skb_queue_purge_reason+0x99/0x360 net/core/skbuff.c:3937\nRead of size 8 at addr ffff88807cb8d858 by task syz.1.219/6718\n\nCPU: 1 UID: 0 PID: 6718 Comm: syz.1.219 Not tainted 6.16.0-rc1-syzkaller-00196-g08207f42d3ff #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xd2/0x2b0 mm/kasan/report.c:521\n kasan_report+0x118/0x150 mm/kasan/report.c:634\n skb_queue_empty_lockless include/linux/skbuff.h:1891 [inline]\n skb_queue_purge_reason+0x99/0x360 net/core/skbuff.c:3937\n skb_queue_purge include/linux/skbuff.h:3368 [inline]\n vhci_flush+0x44/0x50 drivers/bluetooth/hci_vhci.c:69\n hci_dev_do_reset net/bluetooth/hci_core.c:552 [inline]\n hci_dev_reset+0x420/0x5c0 net/bluetooth/hci_core.c:592\n sock_do_ioctl+0xd9/0x300 net/socket.c:1190\n sock_ioctl+0x576/0x790 net/socket.c:1311\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fcf5b98e929\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fcf5c7b9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007fcf5bbb6160 RCX: 00007fcf5b98e929\nRDX: 0000000000000000 RSI: 00000000400448cb RDI: 0000000000000009\nRBP: 00007fcf5ba10b39 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007fcf5bbb6160 R15: 00007ffd6353d528\n \u003c/TASK\u003e\n\nAllocated by task 6535:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4359\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n vhci_open+0x57/0x360 drivers/bluetooth/hci_vhci.c:635\n misc_open+0x2bc/0x330 drivers/char/misc.c:161\n chrdev_open+0x4c9/0x5e0 fs/char_dev.c:414\n do_dentry_open+0xdf0/0x1970 fs/open.c:964\n vfs_open+0x3b/0x340 fs/open.c:1094\n do_open fs/namei.c:3887 [inline]\n path_openat+0x2ee5/0x3830 fs/name\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "alma": 3, "azure": 2, "nvd": 3, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H", "V3Score": 7.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:13962", "https://access.redhat.com/security/cve/CVE-2025-38250", "https://bugzilla.redhat.com/2355334", "https://bugzilla.redhat.com/2366125", "https://bugzilla.redhat.com/2375303", "https://bugzilla.redhat.com/2375304", "https://bugzilla.redhat.com/2376041", "https://bugzilla.redhat.com/2376064", "https://bugzilla.redhat.com/2378982", "https://bugzilla.redhat.com/2383381", "https://bugzilla.redhat.com/2383893", "https://errata.almalinux.org/9/ALSA-2025-13962.html", "https://git.kernel.org/linus/1d6123102e9fbedc8d25bf4731da6d513173e49e (6.16-rc4)", "https://git.kernel.org/stable/c/0e5c144c557df910ab64d9c25d06399a9a735e65", "https://git.kernel.org/stable/c/1d6123102e9fbedc8d25bf4731da6d513173e49e", "https://git.kernel.org/stable/c/bc0819a25e04cd68ef3568cfa51b63118fea39a7", "https://git.kernel.org/stable/c/c56b177efce8b62798e4d96bdb9867106cb7c4a0", "https://git.kernel.org/stable/c/ce23b73f0f27e2dbeb81734a79db710f05aa33c6", "https://linux.oracle.com/cve/CVE-2025-38250.html", "https://linux.oracle.com/errata/ELSA-2025-20551.html", "https://lore.kernel.org/linux-cve-announce/2025070934-CVE-2025-38250-3145@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38250", "https://ubuntu.com/security/notices/USN-7833-1", "https://ubuntu.com/security/notices/USN-7833-2", "https://ubuntu.com/security/notices/USN-7833-3", "https://ubuntu.com/security/notices/USN-7833-4", "https://ubuntu.com/security/notices/USN-7834-1", "https://ubuntu.com/security/notices/USN-7856-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38250" ], "PublishedDate": "2025-07-09T11:15:27.193Z", "LastModifiedDate": "2026-03-25T11:16:10.8Z" }, { "VulnerabilityID": "CVE-2025-38259", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38259", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2691276fb29b00c12d0fb58061e6718be84fda9a29bcbfb13bf739ba1d80a6a0", "Title": "kernel: ASoC: codecs: wcd9335: Fix missing free of regulator supplies", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: wcd9335: Fix missing free of regulator supplies\n\nDriver gets and enables all regulator supplies in probe path\n(wcd9335_parse_dt() and wcd9335_power_on_reset()), but does not cleanup\nin final error paths and in unbind (missing remove() callback). This\nleads to leaked memory and unbalanced regulator enable count during\nprobe errors or unbind.\n\nFix this by converting entire code into devm_regulator_bulk_get_enable()\nwhich also greatly simplifies the code.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 2, "nvd": 3, "photon": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38259", "https://git.kernel.org/linus/9079db287fc3e38e040b0edeb0a25770bb679c8e (6.16-rc1)", "https://git.kernel.org/stable/c/9079db287fc3e38e040b0edeb0a25770bb679c8e", "https://git.kernel.org/stable/c/9830ef1803a5bc50b4a984a06cf23142cd46229d", "https://git.kernel.org/stable/c/a8795f3cd289cd958f6396a1b43ba46fa8e22a2e", "https://git.kernel.org/stable/c/b86280aaa23c1c0f31bcaa600d35ddc45bc38b7a", "https://git.kernel.org/stable/c/edadaf4239c14dc8a19ea7f60b97d5524d93c29b", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025070936-CVE-2025-38259-a05a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38259", "https://ubuntu.com/security/notices/USN-7833-1", "https://ubuntu.com/security/notices/USN-7833-2", "https://ubuntu.com/security/notices/USN-7833-3", "https://ubuntu.com/security/notices/USN-7833-4", "https://ubuntu.com/security/notices/USN-7834-1", "https://ubuntu.com/security/notices/USN-7856-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38259" ], "PublishedDate": "2025-07-09T11:15:28.227Z", "LastModifiedDate": "2025-12-18T17:03:11.73Z" }, { "VulnerabilityID": "CVE-2025-38261", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38261", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e7587a6fdd80ea2a580ed0592d488c99a4630fe3f61f813d7a356630985f399a", "Title": "kernel: riscv: save the SR_SUM status over switches", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: save the SR_SUM status over switches\n\nWhen threads/tasks are switched we need to ensure the old execution's\nSR_SUM state is saved and the new thread has the old SR_SUM state\nrestored.\n\nThe issue was seen under heavy load especially with the syz-stress tool\nrunning, with crashes as follows in schedule_tail:\n\nUnable to handle kernel access to user memory without uaccess routines\nat virtual address 000000002749f0d0\nOops [#1]\nModules linked in:\nCPU: 1 PID: 4875 Comm: syz-executor.0 Not tainted\n5.12.0-rc2-syzkaller-00467-g0d7588ab9ef9 #0\nHardware name: riscv-virtio,qemu (DT)\nepc : schedule_tail+0x72/0xb2 kernel/sched/core.c:4264\n ra : task_pid_vnr include/linux/sched.h:1421 [inline]\n ra : schedule_tail+0x70/0xb2 kernel/sched/core.c:4264\nepc : ffffffe00008c8b0 ra : ffffffe00008c8ae sp : ffffffe025d17ec0\n gp : ffffffe005d25378 tp : ffffffe00f0d0000 t0 : 0000000000000000\n t1 : 0000000000000001 t2 : 00000000000f4240 s0 : ffffffe025d17ee0\n s1 : 000000002749f0d0 a0 : 000000000000002a a1 : 0000000000000003\n a2 : 1ffffffc0cfac500 a3 : ffffffe0000c80cc a4 : 5ae9db91c19bbe00\n a5 : 0000000000000000 a6 : 0000000000f00000 a7 : ffffffe000082eba\n s2 : 0000000000040000 s3 : ffffffe00eef96c0 s4 : ffffffe022c77fe0\n s5 : 0000000000004000 s6 : ffffffe067d74e00 s7 : ffffffe067d74850\n s8 : ffffffe067d73e18 s9 : ffffffe067d74e00 s10: ffffffe00eef96e8\n s11: 000000ae6cdf8368 t3 : 5ae9db91c19bbe00 t4 : ffffffc4043cafb2\n t5 : ffffffc4043cafba t6 : 0000000000040000\nstatus: 0000000000000120 badaddr: 000000002749f0d0 cause:\n000000000000000f\nCall Trace:\n[\u003cffffffe00008c8b0\u003e] schedule_tail+0x72/0xb2 kernel/sched/core.c:4264\n[\u003cffffffe000005570\u003e] ret_from_exception+0x0/0x14\nDumping ftrace buffer:\n (ftrace buffer empty)\n---[ end trace b5f8f9231dc87dda ]---\n\nThe issue comes from the put_user() in schedule_tail\n(kernel/sched/core.c) doing the following:\n\nasmlinkage __visible void schedule_tail(struct task_struct *prev)\n{\n...\n if (current-\u003eset_child_tid)\n put_user(task_pid_vnr(current), current-\u003eset_child_tid);\n...\n}\n\nthe put_user() macro causes the code sequence to come out as follows:\n\n1:\t__enable_user_access()\n2:\treg = task_pid_vnr(current);\n3:\t*current-\u003eset_child_tid = reg;\n4:\t__disable_user_access()\n\nThe problem is that we may have a sleeping function as argument which\ncould clear SR_SUM causing the panic above. This was fixed by\nevaluating the argument of the put_user() macro outside the user-enabled\nsection in commit 285a76bb2cf5 (\"riscv: evaluate put_user() arg before\nenabling user access\")\"\n\nIn order for riscv to take advantage of unsafe_get/put_XXX() macros and\nto avoid the same issue we had with put_user() and sleeping functions we\nmust ensure code flow can go through switch_to() from within a region of\ncode with SR_SUM enabled and come back with SR_SUM still enabled. This\npatch addresses the problem allowing future work to enable full use of\nunsafe_get/put_XXX() macros without needing to take a CSR bit flip cost\non every access. Make switch_to() save and restore SR_SUM.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38261", "https://git.kernel.org/linus/788aa64c01f1262310b4c1fb827a36df170d86ea (6.16-rc1)", "https://git.kernel.org/stable/c/69ea599a8dab93a620c92c255be4239a06290a77", "https://git.kernel.org/stable/c/788aa64c01f1262310b4c1fb827a36df170d86ea", "https://lore.kernel.org/linux-cve-announce/2025070936-CVE-2025-38261-54c0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38261", "https://ubuntu.com/security/notices/USN-7833-1", "https://ubuntu.com/security/notices/USN-7833-2", "https://ubuntu.com/security/notices/USN-7833-3", "https://ubuntu.com/security/notices/USN-7833-4", "https://ubuntu.com/security/notices/USN-7834-1", "https://ubuntu.com/security/notices/USN-7856-1", "https://www.cve.org/CVERecord?id=CVE-2025-38261" ], "PublishedDate": "2025-07-09T11:15:28.46Z", "LastModifiedDate": "2025-11-20T20:14:50.46Z" }, { "VulnerabilityID": "CVE-2025-38264", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38264", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b640428292f0ab675d8f2a3b659771f88d0586bf32de1920d3e1840689b94424", "Title": "kernel: nvme-tcp: sanitize request list handling", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-tcp: sanitize request list handling\n\nValidate the request in nvme_tcp_handle_r2t() to ensure it's not part of\nany list, otherwise a malicious R2T PDU might inject a loop in request\nlist processing.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 3, "amazon": 3, "nvd": 2, "oracle-oval": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:12662", "https://access.redhat.com/security/cve/CVE-2025-38264", "https://bugzilla.redhat.com/2348516", "https://bugzilla.redhat.com/2356592", "https://bugzilla.redhat.com/2356594", "https://bugzilla.redhat.com/2360099", "https://bugzilla.redhat.com/2360212", "https://bugzilla.redhat.com/2360219", "https://bugzilla.redhat.com/2366848", "https://bugzilla.redhat.com/2373380", "https://bugzilla.redhat.com/2375305", "https://bugzilla.redhat.com/2375531", "https://bugzilla.redhat.com/2378996", "https://bugzilla.redhat.com/show_bug.cgi?id=2348516", "https://bugzilla.redhat.com/show_bug.cgi?id=2356592", "https://bugzilla.redhat.com/show_bug.cgi?id=2356594", "https://bugzilla.redhat.com/show_bug.cgi?id=2360099", "https://bugzilla.redhat.com/show_bug.cgi?id=2360212", "https://bugzilla.redhat.com/show_bug.cgi?id=2360219", "https://bugzilla.redhat.com/show_bug.cgi?id=2366848", "https://bugzilla.redhat.com/show_bug.cgi?id=2373380", "https://bugzilla.redhat.com/show_bug.cgi?id=2375305", "https://bugzilla.redhat.com/show_bug.cgi?id=2375531", "https://bugzilla.redhat.com/show_bug.cgi?id=2378996", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21727", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21928", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21929", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22020", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22085", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22113", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37890", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38052", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38086", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38087", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38264", "https://errata.almalinux.org/10/ALSA-2025-12662.html", "https://errata.rockylinux.org/RLSA-2025:12662", "https://git.kernel.org/linus/0bf04c874fcb1ae46a863034296e4b33d8fbd66c (6.16-rc1)", "https://git.kernel.org/stable/c/0bf04c874fcb1ae46a863034296e4b33d8fbd66c", "https://git.kernel.org/stable/c/78a4adcd3fedb0728436e8094848ebf4c6bae006", "https://git.kernel.org/stable/c/f054ea62598197714a6ca7b3b387a027308f8b13", "https://linux.oracle.com/cve/CVE-2025-38264.html", "https://linux.oracle.com/errata/ELSA-2025-20716.html", "https://lore.kernel.org/linux-cve-announce/2025070937-CVE-2025-38264-ffd2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38264", "https://ubuntu.com/security/notices/USN-7833-1", "https://ubuntu.com/security/notices/USN-7833-2", "https://ubuntu.com/security/notices/USN-7833-3", "https://ubuntu.com/security/notices/USN-7833-4", "https://ubuntu.com/security/notices/USN-7834-1", "https://ubuntu.com/security/notices/USN-7856-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38264" ], "PublishedDate": "2025-07-09T11:15:28.81Z", "LastModifiedDate": "2025-11-18T18:22:21.84Z" }, { "VulnerabilityID": "CVE-2025-38269", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38269", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:fec83df771d7a6b70f409bf7f69ccd90ff87c3261d9a1958aff1cd4d49c54aa2", "Title": "kernel: btrfs: exit after state insertion failure at btrfs_convert_extent_bit()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: exit after state insertion failure at btrfs_convert_extent_bit()\n\nIf insert_state() state failed it returns an error pointer and we call\nextent_io_tree_panic() which will trigger a BUG() call. However if\nCONFIG_BUG is disabled, which is an uncommon and exotic scenario, then\nwe fallthrough and call cache_state() which will dereference the error\npointer, resulting in an invalid memory access.\n\nSo jump to the 'out' label after calling extent_io_tree_panic(), it also\nmakes the code more clear besides dealing with the exotic scenario where\nCONFIG_BUG is disabled.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38269", "https://git.kernel.org/linus/3bf179e36da917c5d9bec71c714573ed1649b7c1 (6.16-rc1)", "https://git.kernel.org/stable/c/3bf179e36da917c5d9bec71c714573ed1649b7c1", "https://git.kernel.org/stable/c/58c50f45e1821a04d61b62514f9bd34afe67c622", "https://git.kernel.org/stable/c/8d9d32088e304e2bc444a3087cab0bbbd9951866", "https://linux.oracle.com/cve/CVE-2025-38269.html", "https://linux.oracle.com/errata/ELSA-2025-20551.html", "https://lore.kernel.org/linux-cve-announce/2025071007-CVE-2025-38269-fb65@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38269", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38269" ], "PublishedDate": "2025-07-10T08:15:25.083Z", "LastModifiedDate": "2025-11-20T16:39:51.1Z" }, { "VulnerabilityID": "CVE-2025-38272", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38272", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:467960d7abd016911178badb28310b76f1b838855ec7a03aed36b1fc21d952ef", "Title": "kernel: net: dsa: b53: do not enable EEE on bcm63xx", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: b53: do not enable EEE on bcm63xx\n\nBCM63xx internal switches do not support EEE, but provide multiple RGMII\nports where external PHYs may be connected. If one of these PHYs are EEE\ncapable, we may try to enable EEE for the MACs, which then hangs the\nsystem on access of the (non-existent) EEE registers.\n\nFix this by checking if the switch actually supports EEE before\nattempting to configure it.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38272", "https://git.kernel.org/linus/1237c2d4a8db79dfd4369bff6930b0e385ed7d5c (6.16-rc1)", "https://git.kernel.org/stable/c/1237c2d4a8db79dfd4369bff6930b0e385ed7d5c", "https://git.kernel.org/stable/c/2dbccf1eb8c04b84ee3afdb1d6b787db02e7befc", "https://git.kernel.org/stable/c/3fbe3f4c57fda09f32e13fa05f53a0cc6f500619", "https://linux.oracle.com/cve/CVE-2025-38272.html", "https://linux.oracle.com/errata/ELSA-2025-25754.html", "https://lore.kernel.org/linux-cve-announce/2025071008-CVE-2025-38272-2f33@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38272", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://www.cve.org/CVERecord?id=CVE-2025-38272" ], "PublishedDate": "2025-07-10T08:15:25.423Z", "LastModifiedDate": "2025-11-20T16:56:06.49Z" }, { "VulnerabilityID": "CVE-2025-38275", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38275", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:347cb9bd0875b44f6a5f5fb3ed36579685436cd59bbde5d8d4cc3648d51611a5", "Title": "kernel: phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug\n\nThe qmp_usb_iomap() helper function currently returns the raw result of\ndevm_ioremap() for non-exclusive mappings. Since devm_ioremap() may return\na NULL pointer and the caller only checks error pointers with IS_ERR(),\nNULL could bypass the check and lead to an invalid dereference.\n\nFix the issue by checking if devm_ioremap() returns NULL. When it does,\nqmp_usb_iomap() now returns an error pointer via IOMEM_ERR_PTR(-ENOMEM),\nensuring safe and consistent error handling.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38275", "https://git.kernel.org/linus/d14402a38c2d868cacb1facaf9be908ca6558e59 (6.16-rc1)", "https://git.kernel.org/stable/c/0b979a409e40457ca1b5cb48755d1f34eee58805", "https://git.kernel.org/stable/c/0c33117f00c8c5363c22676931b22ae5041f7603", "https://git.kernel.org/stable/c/127dfb4f1c5a2b622039c5d203f321380ea36665", "https://git.kernel.org/stable/c/5072c1749197fc28b27d7efc0d80320d7cac9572", "https://git.kernel.org/stable/c/d14402a38c2d868cacb1facaf9be908ca6558e59", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025071008-CVE-2025-38275-4db0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38275", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38275" ], "PublishedDate": "2025-07-10T08:15:25.77Z", "LastModifiedDate": "2025-12-18T16:52:27.023Z" }, { "VulnerabilityID": "CVE-2025-38300", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38300", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c72a2f56835518042ec96940ff82f8e0820b84dffeca631cfc05ff53f9b4ef25", "Title": "kernel: crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare()\n\nFix two DMA cleanup issues on the error path in sun8i_ce_cipher_prepare():\n\n1] If dma_map_sg() fails for areq-\u003edst, the device driver would try to free\n DMA memory it has not allocated in the first place. To fix this, on the\n \"theend_sgs\" error path, call dma unmap only if the corresponding dma\n map was successful.\n\n2] If the dma_map_single() call for the IV fails, the device driver would\n try to free an invalid DMA memory address on the \"theend_iv\" path:\n ------------[ cut here ]------------\n DMA-API: sun8i-ce 1904000.crypto: device driver tries to free an invalid DMA memory address\n WARNING: CPU: 2 PID: 69 at kernel/dma/debug.c:968 check_unmap+0x123c/0x1b90\n Modules linked in: skcipher_example(O+)\n CPU: 2 UID: 0 PID: 69 Comm: 1904000.crypto- Tainted: G O 6.15.0-rc3+ #24 PREEMPT\n Tainted: [O]=OOT_MODULE\n Hardware name: OrangePi Zero2 (DT)\n pc : check_unmap+0x123c/0x1b90\n lr : check_unmap+0x123c/0x1b90\n ...\n Call trace:\n check_unmap+0x123c/0x1b90 (P)\n debug_dma_unmap_page+0xac/0xc0\n dma_unmap_page_attrs+0x1f4/0x5fc\n sun8i_ce_cipher_do_one+0x1bd4/0x1f40\n crypto_pump_work+0x334/0x6e0\n kthread_worker_fn+0x21c/0x438\n kthread+0x374/0x664\n ret_from_fork+0x10/0x20\n ---[ end trace 0000000000000000 ]---\n\nTo fix this, check for !dma_mapping_error() before calling\ndma_unmap_single() on the \"theend_iv\" path.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "azure": 2, "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38300", "https://git.kernel.org/linus/f31adc3e356f7350d4a4d68c98d3f60f2f6e26b3 (6.16-rc1)", "https://git.kernel.org/stable/c/19d267d9fad00d94ad8477899e38ed7c11f33fb6", "https://git.kernel.org/stable/c/4051250e5db489f8ad65fc337e2677b9b568ac72", "https://git.kernel.org/stable/c/a0ac3f85b2e3ef529e852f252a70311f9029d5e6", "https://git.kernel.org/stable/c/c62b79c1c51303dbcb6edfa4de0ee176f4934c52", "https://git.kernel.org/stable/c/f31adc3e356f7350d4a4d68c98d3f60f2f6e26b3", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025071013-CVE-2025-38300-f040@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38300", "https://ubuntu.com/security/notices/USN-7769-1", "https://ubuntu.com/security/notices/USN-7769-2", "https://ubuntu.com/security/notices/USN-7769-3", "https://ubuntu.com/security/notices/USN-7770-1", "https://ubuntu.com/security/notices/USN-7771-1", "https://ubuntu.com/security/notices/USN-7789-1", "https://ubuntu.com/security/notices/USN-7789-2", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38300" ], "PublishedDate": "2025-07-10T08:15:28.74Z", "LastModifiedDate": "2025-12-19T17:56:58.5Z" }, { "VulnerabilityID": "CVE-2025-38321", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38321", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1c4773620058eed13ad985e8db2c6975fc61d0a1afb0162dee3f319c8c6725e3", "Title": "kernel: smb: Log an error when close_all_cached_dirs fails", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: Log an error when close_all_cached_dirs fails\n\nUnder low-memory conditions, close_all_cached_dirs() can't move the\ndentries to a separate list to dput() them once the locks are dropped.\nThis will result in a \"Dentry still in use\" error, so add an error\nmessage that makes it clear this is what happened:\n\n[ 495.281119] CIFS: VFS: \\\\otters.example.com\\share Out of memory while dropping dentries\n[ 495.281595] ------------[ cut here ]------------\n[ 495.281887] BUG: Dentry ffff888115531138{i=78,n=/} still in use (2) [unmount of cifs cifs]\n[ 495.282391] WARNING: CPU: 1 PID: 2329 at fs/dcache.c:1536 umount_check+0xc8/0xf0\n\nAlso, bail out of looping through all tcons as soon as a single\nallocation fails, since we're already in trouble, and kmalloc() attempts\nfor subseqeuent tcons are likely to fail just like the first one did.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38321", "https://git.kernel.org/linus/a2182743a8b4969481f64aec4908ff162e8a206c (6.16-rc3)", "https://git.kernel.org/stable/c/43f26094d6702e494e800532c3f1606e7a68eb30", "https://git.kernel.org/stable/c/4479db143390bdcadc1561292aab579cdfa9f6c6", "https://git.kernel.org/stable/c/a2182743a8b4969481f64aec4908ff162e8a206c", "https://git.kernel.org/stable/c/b8ced2b9a23a1a2c1e0ed8d0d02512e51bdf38da", "https://linux.oracle.com/cve/CVE-2025-38321.html", "https://linux.oracle.com/errata/ELSA-2025-20551.html", "https://lore.kernel.org/linux-cve-announce/2025071031-CVE-2025-38321-25aa@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38321", "https://ubuntu.com/security/notices/USN-7833-1", "https://ubuntu.com/security/notices/USN-7833-2", "https://ubuntu.com/security/notices/USN-7833-3", "https://ubuntu.com/security/notices/USN-7833-4", "https://ubuntu.com/security/notices/USN-7834-1", "https://ubuntu.com/security/notices/USN-7856-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38321" ], "PublishedDate": "2025-07-10T09:15:26.103Z", "LastModifiedDate": "2025-11-18T12:53:57.88Z" }, { "VulnerabilityID": "CVE-2025-38329", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38329", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:51098fdef11ea553d530e9d6fece2354a1779369c0687287beb5fe7b0cc4c979", "Title": "kernel: firmware: cs_dsp: Fix OOB memory read access in KUnit test (wmfw info)", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: cs_dsp: Fix OOB memory read access in KUnit test (wmfw info)\n\nKASAN reported out of bounds access - cs_dsp_mock_wmfw_add_info(),\nbecause the source string length was rounded up to the allocation size.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38329", "https://git.kernel.org/linus/d979b783d61f7f1f95664031b71a33afc74627b2 (6.16-rc1)", "https://git.kernel.org/stable/c/0000a2303ba78b6424ff15b5085b5f5098750a2e", "https://git.kernel.org/stable/c/d979b783d61f7f1f95664031b71a33afc74627b2", "https://lore.kernel.org/linux-cve-announce/2025071033-CVE-2025-38329-b96c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38329", "https://ubuntu.com/security/notices/USN-7833-1", "https://ubuntu.com/security/notices/USN-7833-2", "https://ubuntu.com/security/notices/USN-7833-3", "https://ubuntu.com/security/notices/USN-7833-4", "https://ubuntu.com/security/notices/USN-7834-1", "https://ubuntu.com/security/notices/USN-7856-1", "https://www.cve.org/CVERecord?id=CVE-2025-38329" ], "PublishedDate": "2025-07-10T09:15:27.22Z", "LastModifiedDate": "2025-11-18T12:53:30.32Z" }, { "VulnerabilityID": "CVE-2025-38330", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38330", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9840a351b9fa0aab0339e09eef31a3604b37f0a7f156c2192086d3709e4892c5", "Title": "kernel: firmware: cs_dsp: Fix OOB memory read access in KUnit test (ctl cache)", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: cs_dsp: Fix OOB memory read access in KUnit test (ctl cache)\n\nKASAN reported out of bounds access - cs_dsp_ctl_cache_init_multiple_offsets().\nThe code uses mock_coeff_template.length_bytes (4 bytes) for register value\nallocations. But later, this length is set to 8 bytes which causes\ntest code failures.\n\nAs fix, just remove the lenght override, keeping the original value 4\nfor all operations.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38330", "https://git.kernel.org/linus/f4ba2ea57da51d616b689c4b8826c517ff5a8523 (6.16-rc1)", "https://git.kernel.org/stable/c/e3dafc64b90546eb769f33333afabd9e3e915757", "https://git.kernel.org/stable/c/f4ba2ea57da51d616b689c4b8826c517ff5a8523", "https://lore.kernel.org/linux-cve-announce/2025071033-CVE-2025-38330-bc1d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38330", "https://ubuntu.com/security/notices/USN-7833-1", "https://ubuntu.com/security/notices/USN-7833-2", "https://ubuntu.com/security/notices/USN-7833-3", "https://ubuntu.com/security/notices/USN-7833-4", "https://ubuntu.com/security/notices/USN-7834-1", "https://ubuntu.com/security/notices/USN-7856-1", "https://www.cve.org/CVERecord?id=CVE-2025-38330" ], "PublishedDate": "2025-07-10T09:15:27.363Z", "LastModifiedDate": "2025-11-18T12:53:20.02Z" }, { "VulnerabilityID": "CVE-2025-38331", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38331", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:724ebc10c0308e28711bb43d1ad34796c8a58706557a9c59b908c8a7502a1750", "Title": "kernel: net: ethernet: cortina: Use TOE/TSO on all TCP", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: cortina: Use TOE/TSO on all TCP\n\nIt is desireable to push the hardware accelerator to also\nprocess non-segmented TCP frames: we pass the skb-\u003elen\nto the \"TOE/TSO\" offloader and it will handle them.\n\nWithout this quirk the driver becomes unstable and lock\nup and and crash.\n\nI do not know exactly why, but it is probably due to the\nTOE (TCP offload engine) feature that is coupled with the\nsegmentation feature - it is not possible to turn one\npart off and not the other, either both TOE and TSO are\nactive, or neither of them.\n\nNot having the TOE part active seems detrimental, as if\nthat hardware feature is not really supposed to be turned\noff.\n\nThe datasheet says:\n\n \"Based on packet parsing and TCP connection/NAT table\n lookup results, the NetEngine puts the packets\n belonging to the same TCP connection to the same queue\n for the software to process. The NetEngine puts\n incoming packets to the buffer or series of buffers\n for a jumbo packet. With this hardware acceleration,\n IP/TCP header parsing, checksum validation and\n connection lookup are offloaded from the software\n processing.\"\n\nAfter numerous tests with the hardware locking up after\nsomething between minutes and hours depending on load\nusing iperf3 I have concluded this is necessary to stabilize\nthe hardware.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "photon": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38331", "https://git.kernel.org/linus/6a07e3af4973402fa199a80036c10060b922c92c (6.16-rc1)", "https://git.kernel.org/stable/c/1b503b790109d19710ec83c589c3ee59e95347ec", "https://git.kernel.org/stable/c/2bd434bb0eeb680c2b3dd6c68ca319b30cb8d47f", "https://git.kernel.org/stable/c/6a07e3af4973402fa199a80036c10060b922c92c", "https://git.kernel.org/stable/c/a37888a435b0737128d2d9c6f67b8d608f83df7a", "https://git.kernel.org/stable/c/ebe12e232f1d58ebb4b53b6d9149962b707bed91", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025071033-CVE-2025-38331-aad6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38331", "https://ubuntu.com/security/notices/USN-7833-1", "https://ubuntu.com/security/notices/USN-7833-2", "https://ubuntu.com/security/notices/USN-7833-3", "https://ubuntu.com/security/notices/USN-7833-4", "https://ubuntu.com/security/notices/USN-7834-1", "https://ubuntu.com/security/notices/USN-7856-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38331" ], "PublishedDate": "2025-07-10T09:15:27.533Z", "LastModifiedDate": "2025-12-19T16:56:03.233Z" }, { "VulnerabilityID": "CVE-2025-38333", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38333", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f1ecd64093dc8682845de6033c9025d38314eab38a300606654d2a70450dcf3d", "Title": "kernel: f2fs: fix to bail out in get_new_segment()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to bail out in get_new_segment()\n\n------------[ cut here ]------------\nWARNING: CPU: 3 PID: 579 at fs/f2fs/segment.c:2832 new_curseg+0x5e8/0x6dc\npc : new_curseg+0x5e8/0x6dc\nCall trace:\n new_curseg+0x5e8/0x6dc\n f2fs_allocate_data_block+0xa54/0xe28\n do_write_page+0x6c/0x194\n f2fs_do_write_node_page+0x38/0x78\n __write_node_page+0x248/0x6d4\n f2fs_sync_node_pages+0x524/0x72c\n f2fs_write_checkpoint+0x4bc/0x9b0\n __checkpoint_and_complete_reqs+0x80/0x244\n issue_checkpoint_thread+0x8c/0xec\n kthread+0x114/0x1bc\n ret_from_fork+0x10/0x20\n\nget_new_segment() detects inconsistent status in between free_segmap\nand free_secmap, let's record such error into super block, and bail\nout get_new_segment() instead of continue using the segment.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38333", "https://git.kernel.org/linus/bb5eb8a5b222fa5092f60d5555867a05ebc3bdf2 (6.16-rc1)", "https://git.kernel.org/stable/c/bb5eb8a5b222fa5092f60d5555867a05ebc3bdf2", "https://git.kernel.org/stable/c/ca860f507a61c7c3d4dde47b830a5c0d555cf83c", "https://git.kernel.org/stable/c/f0023d7a2a86999c8e1300e911d92f995a5310a8", "https://lore.kernel.org/linux-cve-announce/2025071033-CVE-2025-38333-a60d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38333", "https://ubuntu.com/security/notices/USN-7833-1", "https://ubuntu.com/security/notices/USN-7833-2", "https://ubuntu.com/security/notices/USN-7833-3", "https://ubuntu.com/security/notices/USN-7833-4", "https://ubuntu.com/security/notices/USN-7834-1", "https://ubuntu.com/security/notices/USN-7856-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38333" ], "PublishedDate": "2025-07-10T09:15:27.827Z", "LastModifiedDate": "2025-11-18T12:53:08.077Z" }, { "VulnerabilityID": "CVE-2025-38334", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38334", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:354648e57f58f190dbb6e1baf968189e1c171ba94c591f0feeafa940e29cfc1e", "Title": "kernel: x86/sgx: Prevent attempts to reclaim poisoned pages", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/sgx: Prevent attempts to reclaim poisoned pages\n\nTL;DR: SGX page reclaim touches the page to copy its contents to\nsecondary storage. SGX instructions do not gracefully handle machine\nchecks. Despite this, the existing SGX code will try to reclaim pages\nthat it _knows_ are poisoned. Avoid even trying to reclaim poisoned pages.\n\nThe longer story:\n\nPages used by an enclave only get epc_page-\u003epoison set in\narch_memory_failure() but they currently stay on sgx_active_page_list until\nsgx_encl_release(), with the SGX_EPC_PAGE_RECLAIMER_TRACKED flag untouched.\n\nepc_page-\u003epoison is not checked in the reclaimer logic meaning that, if other\nconditions are met, an attempt will be made to reclaim an EPC page that was\npoisoned. This is bad because 1. we don't want that page to end up added\nto another enclave and 2. it is likely to cause one core to shut down\nand the kernel to panic.\n\nSpecifically, reclaiming uses microcode operations including \"EWB\" which\naccesses the EPC page contents to encrypt and write them out to non-SGX\nmemory. Those operations cannot handle MCEs in their accesses other than\nby putting the executing core into a special shutdown state (affecting\nboth threads with HT.) The kernel will subsequently panic on the\nremaining cores seeing the core didn't enter MCE handler(s) in time.\n\nCall sgx_unmark_page_reclaimable() to remove the affected EPC page from\nsgx_active_page_list on memory error to stop it being considered for\nreclaiming.\n\nTesting epc_page-\u003epoison in sgx_reclaim_pages() would also work but I assume\nit's better to add code in the less likely paths.\n\nThe affected EPC page is not added to \u0026node-\u003esgx_poison_page_list until\nlater in sgx_encl_release()-\u003esgx_free_epc_page() when it is EREMOVEd.\nMembership on other lists doesn't change to avoid changing any of the\nlists' semantics except for sgx_active_page_list. There's a \"TBD\" comment\nin arch_memory_failure() about pre-emptive actions, the goal here is not\nto address everything that it may imply.\n\nThis also doesn't completely close the time window when a memory error\nnotification will be fatal (for a not previously poisoned EPC page) --\nthe MCE can happen after sgx_reclaim_pages() has selected its candidates\nor even *inside* a microcode operation (actually easy to trigger due to\nthe amount of time spent in them.)\n\nThe spinlock in sgx_unmark_page_reclaimable() is safe because\nmemory_failure() runs in process context and no spinlocks are held,\nexplicitly noted in a mm/memory-failure.c comment.", "Severity": "MEDIUM", "CweIDs": [ "CWE-754" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38334", "https://git.kernel.org/linus/ed16618c380c32c68c06186d0ccbb0d5e0586e59 (6.16-rc1)", "https://git.kernel.org/stable/c/00a88e9ea1b170d579c56327c38f7e8cf689df87", "https://git.kernel.org/stable/c/31dcbac94bfeabb86bf85b0c36803fdd6536437b", "https://git.kernel.org/stable/c/62b62a2a6dc51ed6e8e334861f04220c9cf8106a", "https://git.kernel.org/stable/c/dc5de5bd6deabd327ced2b2b1d0b4f14cd146afe", "https://git.kernel.org/stable/c/ed16618c380c32c68c06186d0ccbb0d5e0586e59", "https://linux.oracle.com/cve/CVE-2025-38334.html", "https://linux.oracle.com/errata/ELSA-2025-20551.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025071033-CVE-2025-38334-0d45@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38334", "https://ubuntu.com/security/notices/USN-7833-1", "https://ubuntu.com/security/notices/USN-7833-2", "https://ubuntu.com/security/notices/USN-7833-3", "https://ubuntu.com/security/notices/USN-7833-4", "https://ubuntu.com/security/notices/USN-7834-1", "https://ubuntu.com/security/notices/USN-7856-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38334" ], "PublishedDate": "2025-07-10T09:15:27.96Z", "LastModifiedDate": "2025-12-16T17:55:43.333Z" }, { "VulnerabilityID": "CVE-2025-38340", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38340", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c8be8474bf46544de4c52173d81b42b6434ed2e28f64eb06e00463b2d2789bed", "Title": "kernel: Linux kernel: Information disclosure or Denial of Service due to out-of-bounds read in cs_dsp firmware", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: cs_dsp: Fix OOB memory read access in KUnit test\n\nKASAN reported out of bounds access - cs_dsp_mock_bin_add_name_or_info(),\nbecause the source string length was rounded up to the allocation size.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "V3Score": 6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38340", "https://git.kernel.org/linus/fe6446215bfad11cf3b446f38b28dc7708973c25 (6.16-rc1)", "https://git.kernel.org/stable/c/8f4cc454a0bb45b800bc7817c09c8f72e31901f3", "https://git.kernel.org/stable/c/fe6446215bfad11cf3b446f38b28dc7708973c25", "https://lore.kernel.org/linux-cve-announce/2025071034-CVE-2025-38340-bd10@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38340", "https://ubuntu.com/security/notices/USN-7833-1", "https://ubuntu.com/security/notices/USN-7833-2", "https://ubuntu.com/security/notices/USN-7833-3", "https://ubuntu.com/security/notices/USN-7833-4", "https://ubuntu.com/security/notices/USN-7834-1", "https://ubuntu.com/security/notices/USN-7856-1", "https://www.cve.org/CVERecord?id=CVE-2025-38340" ], "PublishedDate": "2025-07-10T09:15:28.76Z", "LastModifiedDate": "2025-11-18T12:52:39.607Z" }, { "VulnerabilityID": "CVE-2025-38343", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38343", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:bfb50c72182fcf5fa8164ea9a54a9017f8b26a292dbf25d59ef5a0bc7052a1b5", "Title": "kernel: wifi: mt76: mt7996: drop fragments with multicast or broadcast RA", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7996: drop fragments with multicast or broadcast RA\n\nIEEE 802.11 fragmentation can only be applied to unicast frames.\nTherefore, drop fragments with multicast or broadcast RA. This patch\naddresses vulnerabilities such as CVE-2020-26145.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38343", "https://git.kernel.org/linus/80fda1cd7b0a1edd0849dc71403a070d0922118d (6.16-rc1)", "https://git.kernel.org/stable/c/24900688ee47071aa6a61e78473999b5b80f0423", "https://git.kernel.org/stable/c/5fd5b8132b5de08c99eea003f7715ff2e361b007", "https://git.kernel.org/stable/c/80fda1cd7b0a1edd0849dc71403a070d0922118d", "https://git.kernel.org/stable/c/d4b93f9c2f666011dcf810050ef60a6b8d06f186", "https://lore.kernel.org/linux-cve-announce/2025071035-CVE-2025-38343-9a3b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38343", "https://ubuntu.com/security/notices/USN-7833-1", "https://ubuntu.com/security/notices/USN-7833-2", "https://ubuntu.com/security/notices/USN-7833-3", "https://ubuntu.com/security/notices/USN-7833-4", "https://ubuntu.com/security/notices/USN-7834-1", "https://ubuntu.com/security/notices/USN-7856-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38343" ], "PublishedDate": "2025-07-10T09:15:29.157Z", "LastModifiedDate": "2025-11-18T12:52:21.097Z" }, { "VulnerabilityID": "CVE-2025-38349", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38349", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c54b0c1b89eb0ecb2039d9e4ccd3ec894357a15d08054b5529da45eb4d82e606", "Title": "kernel: Linux kernel use-after-free in eventpoll", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\neventpoll: don't decrement ep refcount while still holding the ep mutex\n\nJann Horn points out that epoll is decrementing the ep refcount and then\ndoing a\n\n mutex_unlock(\u0026ep-\u003emtx);\n\nafterwards. That's very wrong, because it can lead to a use-after-free.\n\nThat pattern is actually fine for the very last reference, because the\ncode in question will delay the actual call to \"ep_free(ep)\" until after\nit has unlocked the mutex.\n\nBut it's wrong for the much subtler \"next to last\" case when somebody\n*else* may also be dropping their reference and free the ep while we're\nstill using the mutex.\n\nNote that this is true even if that other user is also using the same ep\nmutex: mutexes, unlike spinlocks, can not be used for object ownership,\neven if they guarantee mutual exclusion.\n\nA mutex \"unlock\" operation is not atomic, and as one user is still\naccessing the mutex as part of unlocking it, another user can come in\nand get the now released mutex and free the data structure while the\nfirst user is still cleaning up.\n\nSee our mutex documentation in Documentation/locking/mutex-design.rst,\nin particular the section [1] about semantics:\n\n\t\"mutex_unlock() may access the mutex structure even after it has\n\t internally released the lock already - so it's not safe for\n\t another context to acquire the mutex and assume that the\n\t mutex_unlock() context is not using the structure anymore\"\n\nSo if we drop our ep ref before the mutex unlock, but we weren't the\nlast one, we may then unlock the mutex, another user comes in, drops\n_their_ reference and releases the 'ep' as it now has no users - all\nwhile the mutex_unlock() is still accessing it.\n\nFix this by simply moving the ep refcount dropping to outside the mutex:\nthe refcount itself is atomic, and doesn't need mutex protection (that's\nthe whole _point_ of refcounts: unlike mutexes, they are inherently\nabout object lifetimes).", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "nvd": 3, "oracle-oval": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1143", "https://access.redhat.com/security/cve/CVE-2025-38349", "https://bugzilla.redhat.com/2376052", "https://bugzilla.redhat.com/2381870", "https://bugzilla.redhat.com/2393488", "https://bugzilla.redhat.com/2418872", "https://bugzilla.redhat.com/2418876", "https://bugzilla.redhat.com/2419891", "https://bugzilla.redhat.com/2422836", "https://bugzilla.redhat.com/2422840", "https://bugzilla.redhat.com/show_bug.cgi?id=2376052", "https://bugzilla.redhat.com/show_bug.cgi?id=2381870", "https://bugzilla.redhat.com/show_bug.cgi?id=2393488", "https://bugzilla.redhat.com/show_bug.cgi?id=2418872", "https://bugzilla.redhat.com/show_bug.cgi?id=2418876", "https://bugzilla.redhat.com/show_bug.cgi?id=2419891", "https://bugzilla.redhat.com/show_bug.cgi?id=2422836", "https://bugzilla.redhat.com/show_bug.cgi?id=2422840", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38141", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38349", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38731", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40248", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40258", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40294", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68301", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68305", "https://errata.almalinux.org/9/ALSA-2026-1143.html", "https://errata.rockylinux.org/RLSA-2026:1143", "https://git.kernel.org/linus/8c2e52ebbe885c7eeaabd3b7ddcdc1246fc400d2 (6.16-rc6)", "https://git.kernel.org/stable/c/521e9ff0b67c66a17d6f9593dfccafaa984aae4c", "https://git.kernel.org/stable/c/605c18698ecfa99165f36b7f59d3ed503e169814", "https://git.kernel.org/stable/c/6dee745bd0aec9d399df674256e7b1ecdb615444", "https://git.kernel.org/stable/c/8c2e52ebbe885c7eeaabd3b7ddcdc1246fc400d2", "https://linux.oracle.com/cve/CVE-2025-38349.html", "https://linux.oracle.com/errata/ELSA-2026-1690.html", "https://lore.kernel.org/linux-cve-announce/2025071819-CVE-2025-38349-ee39@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38349", "https://project-zero.issues.chromium.org/issues/430541637", "https://ubuntu.com/security/notices/USN-7879-1", "https://ubuntu.com/security/notices/USN-7879-2", "https://ubuntu.com/security/notices/USN-7879-3", "https://ubuntu.com/security/notices/USN-7879-4", "https://ubuntu.com/security/notices/USN-7880-1", "https://ubuntu.com/security/notices/USN-7934-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38349" ], "PublishedDate": "2025-07-18T08:15:27.543Z", "LastModifiedDate": "2025-11-18T12:52:07.41Z" }, { "VulnerabilityID": "CVE-2025-38353", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38353", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:56279dd130837e5b9c47170bf0b22342b85d2bf19b4b6d50c46f9695e04f9979", "Title": "kernel: Linux kernel: Denial of Service due to invalid lock on device wedge in drm/xe", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix taking invalid lock on wedge\n\nIf device wedges on e.g. GuC upload, the submission is not yet enabled\nand the state is not even initialized. Protect the wedge call so it does\nnothing in this case. It fixes the following splat:\n\n\t[] xe 0000:bf:00.0: [drm] device wedged, needs recovery\n\t[] ------------[ cut here ]------------\n\t[] DEBUG_LOCKS_WARN_ON(lock-\u003emagic != lock)\n\t[] WARNING: CPU: 48 PID: 312 at kernel/locking/mutex.c:564 __mutex_lock+0x8a1/0xe60\n\t...\n\t[] RIP: 0010:__mutex_lock+0x8a1/0xe60\n\t[] mutex_lock_nested+0x1b/0x30\n\t[] xe_guc_submit_wedge+0x80/0x2b0 [xe]", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38353", "https://git.kernel.org/linus/1e1981b16bb1bbe2fafa57ed439b45cb5b34e32d (6.16-rc1)", "https://git.kernel.org/stable/c/1e1981b16bb1bbe2fafa57ed439b45cb5b34e32d", "https://git.kernel.org/stable/c/20eec7018e132a023f84ccbdf56b6c5b73d3094f", "https://git.kernel.org/stable/c/a6d81b2d7037ef36163ad16459ed3fd17cb1b596", "https://lore.kernel.org/linux-cve-announce/2025072553-CVE-2025-38353-a9eb@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38353", "https://ubuntu.com/security/notices/USN-7833-1", "https://ubuntu.com/security/notices/USN-7833-2", "https://ubuntu.com/security/notices/USN-7833-3", "https://ubuntu.com/security/notices/USN-7833-4", "https://ubuntu.com/security/notices/USN-7834-1", "https://ubuntu.com/security/notices/USN-7856-1", "https://www.cve.org/CVERecord?id=CVE-2025-38353" ], "PublishedDate": "2025-07-25T13:15:23.65Z", "LastModifiedDate": "2025-11-18T12:51:07.863Z" }, { "VulnerabilityID": "CVE-2025-38359", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38359", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d141154d3f65d137e680b6b50a8918ba942b22d6319f8b9d13ee106f73aaab69", "Title": "kernel: s390/mm: Fix in_atomic() handling in do_secure_storage_access()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/mm: Fix in_atomic() handling in do_secure_storage_access()\n\nKernel user spaces accesses to not exported pages in atomic context\nincorrectly try to resolve the page fault.\nWith debug options enabled call traces like this can be seen:\n\nBUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1523\nin_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 419074, name: qemu-system-s39\npreempt_count: 1, expected: 0\nRCU nest depth: 0, expected: 0\nINFO: lockdep is turned off.\nPreemption disabled at:\n[\u003c00000383ea47cfa2\u003e] copy_page_from_iter_atomic+0xa2/0x8a0\nCPU: 12 UID: 0 PID: 419074 Comm: qemu-system-s39\nTainted: G W 6.16.0-20250531.rc0.git0.69b3a602feac.63.fc42.s390x+debug #1 PREEMPT\nTainted: [W]=WARN\nHardware name: IBM 3931 A01 703 (LPAR)\nCall Trace:\n [\u003c00000383e990d282\u003e] dump_stack_lvl+0xa2/0xe8\n [\u003c00000383e99bf152\u003e] __might_resched+0x292/0x2d0\n [\u003c00000383eaa7c374\u003e] down_read+0x34/0x2d0\n [\u003c00000383e99432f8\u003e] do_secure_storage_access+0x108/0x360\n [\u003c00000383eaa724b0\u003e] __do_pgm_check+0x130/0x220\n [\u003c00000383eaa842e4\u003e] pgm_check_handler+0x114/0x160\n [\u003c00000383ea47d028\u003e] copy_page_from_iter_atomic+0x128/0x8a0\n([\u003c00000383ea47d016\u003e] copy_page_from_iter_atomic+0x116/0x8a0)\n [\u003c00000383e9c45eae\u003e] generic_perform_write+0x16e/0x310\n [\u003c00000383e9eb87f4\u003e] ext4_buffered_write_iter+0x84/0x160\n [\u003c00000383e9da0de4\u003e] vfs_write+0x1c4/0x460\n [\u003c00000383e9da123c\u003e] ksys_write+0x7c/0x100\n [\u003c00000383eaa7284e\u003e] __do_syscall+0x15e/0x280\n [\u003c00000383eaa8417e\u003e] system_call+0x6e/0x90\nINFO: lockdep is turned off.\n\nIt is not allowed to take the mmap_lock while in atomic context. Therefore\nhandle such a secure storage access fault as if the accessed page is not\nmapped: the uaccess function will return -EFAULT, and the caller has to\ndeal with this. Usually this means that the access is retried in process\ncontext, which allows to resolve the page fault (or in this case export the\npage).", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38359", "https://git.kernel.org/linus/11709abccf93b08adde95ef313c300b0d4bc28f1 (6.16-rc1)", "https://git.kernel.org/stable/c/11709abccf93b08adde95ef313c300b0d4bc28f1", "https://git.kernel.org/stable/c/d2e317dfd2d1fe416c77315d17c5d57dbe374915", "https://lore.kernel.org/linux-cve-announce/2025072556-CVE-2025-38359-8cda@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38359", "https://ubuntu.com/security/notices/USN-7833-1", "https://ubuntu.com/security/notices/USN-7833-2", "https://ubuntu.com/security/notices/USN-7833-3", "https://ubuntu.com/security/notices/USN-7833-4", "https://ubuntu.com/security/notices/USN-7834-1", "https://ubuntu.com/security/notices/USN-7856-1", "https://www.cve.org/CVERecord?id=CVE-2025-38359" ], "PublishedDate": "2025-07-25T13:15:24.687Z", "LastModifiedDate": "2025-11-18T20:33:01.203Z" }, { "VulnerabilityID": "CVE-2025-38360", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38360", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ac11ffeababd1152e6c78932476a924b81d41557941e24ce2d057db4c4abe92f", "Title": "kernel: drm/amd/display: Add more checks for DSC / HUBP ONO guarantees", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add more checks for DSC / HUBP ONO guarantees\n\n[WHY]\nFor non-zero DSC instances it's possible that the HUBP domain required\nto drive it for sequential ONO ASICs isn't met, potentially causing\nthe logic to the tile to enter an undefined state leading to a system\nhang.\n\n[HOW]\nAdd more checks to ensure that the HUBP domain matching the DSC instance\nis appropriately powered.\n\n(cherry picked from commit da63df07112e5a9857a8d2aaa04255c4206754ec)", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38360", "https://git.kernel.org/linus/0d57dd1765d311111d9885346108c4deeae1deb4 (6.16-rc3)", "https://git.kernel.org/stable/c/0d57dd1765d311111d9885346108c4deeae1deb4", "https://git.kernel.org/stable/c/3f4e601bc6765e4ff5f42cc2d00993c86b367f7e", "https://git.kernel.org/stable/c/646442758910d13f9afc57f38bc0a537c3575390", "https://linux.oracle.com/cve/CVE-2025-38360.html", "https://linux.oracle.com/errata/ELSA-2025-20551.html", "https://lore.kernel.org/linux-cve-announce/2025072557-CVE-2025-38360-1f17@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38360", "https://ubuntu.com/security/notices/USN-7833-1", "https://ubuntu.com/security/notices/USN-7833-2", "https://ubuntu.com/security/notices/USN-7833-3", "https://ubuntu.com/security/notices/USN-7833-4", "https://ubuntu.com/security/notices/USN-7834-1", "https://ubuntu.com/security/notices/USN-7856-1", "https://www.cve.org/CVERecord?id=CVE-2025-38360" ], "PublishedDate": "2025-07-25T13:15:24.797Z", "LastModifiedDate": "2025-11-18T20:32:19.577Z" }, { "VulnerabilityID": "CVE-2025-38361", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38361", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1c9465a40d53717e1cc1de5b0ac7a10ddd72ef3a859fb635c375f7fa5fc1b8e7", "Title": "kernel: drm/amd/display: Check dce_hwseq before dereferencing it", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check dce_hwseq before dereferencing it\n\n[WHAT]\n\nhws was checked for null earlier in dce110_blank_stream, indicating hws\ncan be null, and should be checked whenever it is used.\n\n(cherry picked from commit 79db43611ff61280b6de58ce1305e0b2ecf675ad)", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 3, "oracle-oval": 3, "photon": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38361", "https://git.kernel.org/linus/b669507b637eb6b1aaecf347f193efccc65d756e (6.16-rc3)", "https://git.kernel.org/stable/c/5e1482ae14b03b9fca73ef5afea26ede683f4450", "https://git.kernel.org/stable/c/60e450eec5d63113c6ad5c456ce64c12b4496a6e", "https://git.kernel.org/stable/c/b669507b637eb6b1aaecf347f193efccc65d756e", "https://git.kernel.org/stable/c/df11bf0ef795b6d415c4d8ee54fa3f2105e75bcb", "https://git.kernel.org/stable/c/e881b82f5d3d8d54d168cd276169f0fee01bf0e7", "https://linux.oracle.com/cve/CVE-2025-38361.html", "https://linux.oracle.com/errata/ELSA-2025-20551.html", "https://lore.kernel.org/linux-cve-announce/2025072557-CVE-2025-38361-3f11@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38361", "https://ubuntu.com/security/notices/USN-7833-1", "https://ubuntu.com/security/notices/USN-7833-2", "https://ubuntu.com/security/notices/USN-7833-3", "https://ubuntu.com/security/notices/USN-7833-4", "https://ubuntu.com/security/notices/USN-7834-1", "https://ubuntu.com/security/notices/USN-7856-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38361" ], "PublishedDate": "2025-07-25T13:15:24.903Z", "LastModifiedDate": "2026-03-17T15:58:15.29Z" }, { "VulnerabilityID": "CVE-2025-38368", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38368", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6fb9d22f8a8860c188496b841427e7fbe0cdc3551e41677164860f0a1ea8bd9e", "Title": "kernel: misc: tps6594-pfsm: Add NULL pointer check in tps6594_pfsm_probe()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: tps6594-pfsm: Add NULL pointer check in tps6594_pfsm_probe()\n\nThe returned value, pfsm-\u003emiscdev.name, from devm_kasprintf()\ncould be NULL.\nA pointer check is added to prevent potential NULL pointer dereference.\nThis is similar to the fix in commit 3027e7b15b02\n(\"ice: Fix some null pointer dereference issues in ice_ptp.c\").\n\nThis issue is found by our static analysis tool.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38368", "https://git.kernel.org/linus/a99b598d836c9c6411110c70a2da134c78d96e67 (6.16-rc1)", "https://git.kernel.org/stable/c/a10c8bff454b11ef553d9df19ee722d2df34cd0e", "https://git.kernel.org/stable/c/a8d1b4f219e8833130927f19d1c8bfbf49215ce4", "https://git.kernel.org/stable/c/a99b598d836c9c6411110c70a2da134c78d96e67", "https://git.kernel.org/stable/c/d27ee5c59881a64ea92e363502742cb4f38b7460", "https://lore.kernel.org/linux-cve-announce/2025072559-CVE-2025-38368-e561@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38368", "https://ubuntu.com/security/notices/USN-7833-1", "https://ubuntu.com/security/notices/USN-7833-2", "https://ubuntu.com/security/notices/USN-7833-3", "https://ubuntu.com/security/notices/USN-7833-4", "https://ubuntu.com/security/notices/USN-7834-1", "https://ubuntu.com/security/notices/USN-7856-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38368" ], "PublishedDate": "2025-07-25T13:15:25.71Z", "LastModifiedDate": "2025-11-19T20:17:59.197Z" }, { "VulnerabilityID": "CVE-2025-38369", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38369", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:fb0fb837823945b78cc79bbf40dd242bce8b945824c519f2d6838bcbc6f63338", "Title": "kernel: dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using\n\nRunning IDXD workloads in a container with the /dev directory mounted can\ntrigger a call trace or even a kernel panic when the parent process of the\ncontainer is terminated.\n\nThis issue occurs because, under certain configurations, Docker does not\nproperly propagate the mount replica back to the original mount point.\n\nIn this case, when the user driver detaches, the WQ is destroyed but it\nstill calls destroy_workqueue() attempting to completes all pending work.\nIt's necessary to check wq-\u003ewq and skip the drain if it no longer exists.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "alma": 2, "azure": 3, "nvd": 3, "oracle-oval": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:20095", "https://access.redhat.com/security/cve/CVE-2025-38369", "https://bugzilla.redhat.com/2331326", "https://bugzilla.redhat.com/2333985", "https://bugzilla.redhat.com/2334373", "https://bugzilla.redhat.com/2334415", "https://bugzilla.redhat.com/2334547", "https://bugzilla.redhat.com/2334548", "https://bugzilla.redhat.com/2334676", "https://bugzilla.redhat.com/2337121", "https://bugzilla.redhat.com/2338185", "https://bugzilla.redhat.com/2338211", "https://bugzilla.redhat.com/2338813", "https://bugzilla.redhat.com/2338821", "https://bugzilla.redhat.com/2338828", "https://bugzilla.redhat.com/2338998", "https://bugzilla.redhat.com/2339130", "https://bugzilla.redhat.com/2339141", "https://bugzilla.redhat.com/2343172", "https://bugzilla.redhat.com/2343186", "https://bugzilla.redhat.com/2344684", "https://bugzilla.redhat.com/2344687", "https://bugzilla.redhat.com/2345240", "https://bugzilla.redhat.com/2346272", "https://bugzilla.redhat.com/2348522", "https://bugzilla.redhat.com/2348523", "https://bugzilla.redhat.com/2348541", "https://bugzilla.redhat.com/2348543", "https://bugzilla.redhat.com/2348547", "https://bugzilla.redhat.com/2348550", "https://bugzilla.redhat.com/2348556", "https://bugzilla.redhat.com/2348561", "https://bugzilla.redhat.com/2348567", "https://bugzilla.redhat.com/2348572", "https://bugzilla.redhat.com/2348574", "https://bugzilla.redhat.com/2348577", "https://bugzilla.redhat.com/2348581", "https://bugzilla.redhat.com/2348584", "https://bugzilla.redhat.com/2348587", "https://bugzilla.redhat.com/2348590", "https://bugzilla.redhat.com/2348592", "https://bugzilla.redhat.com/2348593", "https://bugzilla.redhat.com/2348595", "https://bugzilla.redhat.com/2348597", "https://bugzilla.redhat.com/2348600", "https://bugzilla.redhat.com/2348601", "https://bugzilla.redhat.com/2348602", "https://bugzilla.redhat.com/2348603", "https://bugzilla.redhat.com/2348612", "https://bugzilla.redhat.com/2348617", "https://bugzilla.redhat.com/2348620", "https://bugzilla.redhat.com/2348621", "https://bugzilla.redhat.com/2348625", "https://bugzilla.redhat.com/2348629", "https://bugzilla.redhat.com/2348630", "https://bugzilla.redhat.com/2348645", "https://bugzilla.redhat.com/2348647", "https://bugzilla.redhat.com/2348650", "https://bugzilla.redhat.com/2348656", "https://bugzilla.redhat.com/2350363", "https://bugzilla.redhat.com/2350364", "https://bugzilla.redhat.com/2350373", "https://bugzilla.redhat.com/2350375", "https://bugzilla.redhat.com/2350386", "https://bugzilla.redhat.com/2350392", "https://bugzilla.redhat.com/2350396", "https://bugzilla.redhat.com/2350397", "https://bugzilla.redhat.com/2350589", "https://bugzilla.redhat.com/2350725", "https://bugzilla.redhat.com/2350726", "https://bugzilla.redhat.com/2351605", "https://bugzilla.redhat.com/2351606", "https://bugzilla.redhat.com/2351608", "https://bugzilla.redhat.com/2351612", "https://bugzilla.redhat.com/2351613", "https://bugzilla.redhat.com/2351616", "https://bugzilla.redhat.com/2351618", "https://bugzilla.redhat.com/2351620", "https://bugzilla.redhat.com/2351624", "https://bugzilla.redhat.com/2351625", "https://bugzilla.redhat.com/2351629", "https://bugzilla.redhat.com/2356664", "https://bugzilla.redhat.com/2360215", "https://bugzilla.redhat.com/2363332", "https://bugzilla.redhat.com/2366125", "https://bugzilla.redhat.com/2369184", "https://bugzilla.redhat.com/2376076", "https://bugzilla.redhat.com/2383398", "https://bugzilla.redhat.com/2383432", "https://bugzilla.redhat.com/2383913", "https://bugzilla.redhat.com/show_bug.cgi?id=2331326", "https://bugzilla.redhat.com/show_bug.cgi?id=2333985", "https://bugzilla.redhat.com/show_bug.cgi?id=2334373", "https://bugzilla.redhat.com/show_bug.cgi?id=2334415", "https://bugzilla.redhat.com/show_bug.cgi?id=2334547", "https://bugzilla.redhat.com/show_bug.cgi?id=2334548", "https://bugzilla.redhat.com/show_bug.cgi?id=2334676", "https://bugzilla.redhat.com/show_bug.cgi?id=2337121", "https://bugzilla.redhat.com/show_bug.cgi?id=2338185", "https://bugzilla.redhat.com/show_bug.cgi?id=2338211", "https://bugzilla.redhat.com/show_bug.cgi?id=2338813", "https://bugzilla.redhat.com/show_bug.cgi?id=2338821", "https://bugzilla.redhat.com/show_bug.cgi?id=2338828", "https://bugzilla.redhat.com/show_bug.cgi?id=2338998", "https://bugzilla.redhat.com/show_bug.cgi?id=2339130", "https://bugzilla.redhat.com/show_bug.cgi?id=2339141", "https://bugzilla.redhat.com/show_bug.cgi?id=2343172", "https://bugzilla.redhat.com/show_bug.cgi?id=2343186", "https://bugzilla.redhat.com/show_bug.cgi?id=2344684", "https://bugzilla.redhat.com/show_bug.cgi?id=2344687", "https://bugzilla.redhat.com/show_bug.cgi?id=2345240", "https://bugzilla.redhat.com/show_bug.cgi?id=2346272", "https://bugzilla.redhat.com/show_bug.cgi?id=2348522", "https://bugzilla.redhat.com/show_bug.cgi?id=2348523", "https://bugzilla.redhat.com/show_bug.cgi?id=2348541", "https://bugzilla.redhat.com/show_bug.cgi?id=2348543", "https://bugzilla.redhat.com/show_bug.cgi?id=2348547", "https://bugzilla.redhat.com/show_bug.cgi?id=2348550", "https://bugzilla.redhat.com/show_bug.cgi?id=2348556", "https://bugzilla.redhat.com/show_bug.cgi?id=2348561", "https://bugzilla.redhat.com/show_bug.cgi?id=2348567", "https://bugzilla.redhat.com/show_bug.cgi?id=2348572", "https://bugzilla.redhat.com/show_bug.cgi?id=2348574", "https://bugzilla.redhat.com/show_bug.cgi?id=2348577", "https://bugzilla.redhat.com/show_bug.cgi?id=2348581", "https://bugzilla.redhat.com/show_bug.cgi?id=2348584", "https://bugzilla.redhat.com/show_bug.cgi?id=2348587", "https://bugzilla.redhat.com/show_bug.cgi?id=2348590", "https://bugzilla.redhat.com/show_bug.cgi?id=2348592", "https://bugzilla.redhat.com/show_bug.cgi?id=2348593", "https://bugzilla.redhat.com/show_bug.cgi?id=2348595", "https://bugzilla.redhat.com/show_bug.cgi?id=2348597", "https://bugzilla.redhat.com/show_bug.cgi?id=2348600", "https://bugzilla.redhat.com/show_bug.cgi?id=2348601", "https://bugzilla.redhat.com/show_bug.cgi?id=2348602", "https://bugzilla.redhat.com/show_bug.cgi?id=2348603", "https://bugzilla.redhat.com/show_bug.cgi?id=2348612", "https://bugzilla.redhat.com/show_bug.cgi?id=2348617", "https://bugzilla.redhat.com/show_bug.cgi?id=2348620", "https://bugzilla.redhat.com/show_bug.cgi?id=2348621", "https://bugzilla.redhat.com/show_bug.cgi?id=2348625", "https://bugzilla.redhat.com/show_bug.cgi?id=2348629", "https://bugzilla.redhat.com/show_bug.cgi?id=2348630", "https://bugzilla.redhat.com/show_bug.cgi?id=2348645", "https://bugzilla.redhat.com/show_bug.cgi?id=2348647", "https://bugzilla.redhat.com/show_bug.cgi?id=2348650", "https://bugzilla.redhat.com/show_bug.cgi?id=2348656", "https://bugzilla.redhat.com/show_bug.cgi?id=2350363", "https://bugzilla.redhat.com/show_bug.cgi?id=2350364", "https://bugzilla.redhat.com/show_bug.cgi?id=2350373", "https://bugzilla.redhat.com/show_bug.cgi?id=2350375", "https://bugzilla.redhat.com/show_bug.cgi?id=2350386", "https://bugzilla.redhat.com/show_bug.cgi?id=2350392", "https://bugzilla.redhat.com/show_bug.cgi?id=2350396", "https://bugzilla.redhat.com/show_bug.cgi?id=2350397", "https://bugzilla.redhat.com/show_bug.cgi?id=2350589", "https://bugzilla.redhat.com/show_bug.cgi?id=2350725", "https://bugzilla.redhat.com/show_bug.cgi?id=2350726", "https://bugzilla.redhat.com/show_bug.cgi?id=2351605", "https://bugzilla.redhat.com/show_bug.cgi?id=2351606", "https://bugzilla.redhat.com/show_bug.cgi?id=2351608", "https://bugzilla.redhat.com/show_bug.cgi?id=2351612", "https://bugzilla.redhat.com/show_bug.cgi?id=2351613", "https://bugzilla.redhat.com/show_bug.cgi?id=2351616", "https://bugzilla.redhat.com/show_bug.cgi?id=2351618", "https://bugzilla.redhat.com/show_bug.cgi?id=2351620", "https://bugzilla.redhat.com/show_bug.cgi?id=2351624", "https://bugzilla.redhat.com/show_bug.cgi?id=2351625", "https://bugzilla.redhat.com/show_bug.cgi?id=2351629", "https://bugzilla.redhat.com/show_bug.cgi?id=2356641", "https://bugzilla.redhat.com/show_bug.cgi?id=2356647", "https://bugzilla.redhat.com/show_bug.cgi?id=2356664", "https://bugzilla.redhat.com/show_bug.cgi?id=2360215", "https://bugzilla.redhat.com/show_bug.cgi?id=2363332", "https://bugzilla.redhat.com/show_bug.cgi?id=2366125", "https://bugzilla.redhat.com/show_bug.cgi?id=2369184", "https://bugzilla.redhat.com/show_bug.cgi?id=2376076", "https://bugzilla.redhat.com/show_bug.cgi?id=2383398", "https://bugzilla.redhat.com/show_bug.cgi?id=2383432", "https://bugzilla.redhat.com/show_bug.cgi?id=2383913", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28956", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36350", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49570", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52332", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53147", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53222", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53241", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54456", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56662", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56690", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57901", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57902", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57941", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57942", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57977", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57981", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57984", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57986", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57987", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57988", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57995", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58004", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58005", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58006", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58012", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58013", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58015", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58020", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58057", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58061", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58069", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58072", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58075", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58077", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58088", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21633", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21647", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21652", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21655", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21671", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21680", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21693", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21696", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21702", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21732", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21738", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21741", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21742", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21743", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21750", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21761", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21765", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21771", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21777", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21785", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21828", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21837", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21844", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21846", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21851", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21855", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21857", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21861", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21863", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21902", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21931", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21976", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37749", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37994", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38116", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38369", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38412", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38468", "https://errata.almalinux.org/10/ALSA-2025-20095.html", "https://errata.rockylinux.org/RLSA-2025:20095", "https://git.kernel.org/linus/17502e7d7b7113346296f6758324798d536c31fd (6.16-rc1)", "https://git.kernel.org/stable/c/17502e7d7b7113346296f6758324798d536c31fd", "https://git.kernel.org/stable/c/98fd66c8ba77e3a7137575f610271014bc0e701f", "https://git.kernel.org/stable/c/aee7a7439f8c0884da87694a401930204a57128f", "https://git.kernel.org/stable/c/e0051a3daa8b2cb318b03b2f9317c3e40855847a", "https://linux.oracle.com/cve/CVE-2025-38369.html", "https://linux.oracle.com/errata/ELSA-2025-20551.html", "https://lore.kernel.org/linux-cve-announce/2025072559-CVE-2025-38369-6ddf@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38369", "https://ubuntu.com/security/notices/USN-7833-1", "https://ubuntu.com/security/notices/USN-7833-2", "https://ubuntu.com/security/notices/USN-7833-3", "https://ubuntu.com/security/notices/USN-7833-4", "https://ubuntu.com/security/notices/USN-7834-1", "https://ubuntu.com/security/notices/USN-7856-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38369" ], "PublishedDate": "2025-07-25T13:15:25.823Z", "LastModifiedDate": "2025-11-18T19:27:41.43Z" }, { "VulnerabilityID": "CVE-2025-38373", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38373", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0bd296d2f1d1b32da30efdd4b8a3b64245d7a01765c809124a812206afd83274", "Title": "kernel: Linux kernel: Denial of Service in IB/mlx5 driver due to deadlock", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/mlx5: Fix potential deadlock in MR deregistration\n\nThe issue arises when kzalloc() is invoked while holding umem_mutex or\nany other lock acquired under umem_mutex. This is problematic because\nkzalloc() can trigger fs_reclaim_aqcuire(), which may, in turn, invoke\nmmu_notifier_invalidate_range_start(). This function can lead to\nmlx5_ib_invalidate_range(), which attempts to acquire umem_mutex again,\nresulting in a deadlock.\n\nThe problematic flow:\n CPU0 | CPU1\n---------------------------------------|------------------------------------------------\nmlx5_ib_dereg_mr() |\n → revoke_mr() |\n → mutex_lock(\u0026umem_odp-\u003eumem_mutex) |\n | mlx5_mkey_cache_init()\n | → mutex_lock(\u0026dev-\u003ecache.rb_lock)\n | → mlx5r_cache_create_ent_locked()\n | → kzalloc(GFP_KERNEL)\n | → fs_reclaim()\n | → mmu_notifier_invalidate_range_start()\n | → mlx5_ib_invalidate_range()\n | → mutex_lock(\u0026umem_odp-\u003eumem_mutex)\n → cache_ent_find_and_store() |\n → mutex_lock(\u0026dev-\u003ecache.rb_lock) |\n\nAdditionally, when kzalloc() is called from within\ncache_ent_find_and_store(), we encounter the same deadlock due to\nre-acquisition of umem_mutex.\n\nSolve by releasing umem_mutex in dereg_mr() after umr_revoke_mr()\nand before acquiring rb_lock. This ensures that we don't hold\numem_mutex while performing memory allocations that could trigger\nthe reclaim path.\n\nThis change prevents the deadlock by ensuring proper lock ordering and\navoiding holding locks during memory allocation operations that could\ntrigger the reclaim path.\n\nThe following lockdep warning demonstrates the deadlock:\n\n python3/20557 is trying to acquire lock:\n ffff888387542128 (\u0026umem_odp-\u003eumem_mutex){+.+.}-{4:4}, at:\n mlx5_ib_invalidate_range+0x5b/0x550 [mlx5_ib]\n\n but task is already holding lock:\n ffffffff82f6b840 (mmu_notifier_invalidate_range_start){+.+.}-{0:0}, at:\n unmap_vmas+0x7b/0x1a0\n\n which lock already depends on the new lock.\n\n the existing dependency chain (in reverse order) is:\n\n -\u003e #3 (mmu_notifier_invalidate_range_start){+.+.}-{0:0}:\n fs_reclaim_acquire+0x60/0xd0\n mem_cgroup_css_alloc+0x6f/0x9b0\n cgroup_init_subsys+0xa4/0x240\n cgroup_init+0x1c8/0x510\n start_kernel+0x747/0x760\n x86_64_start_reservations+0x25/0x30\n x86_64_start_kernel+0x73/0x80\n common_startup_64+0x129/0x138\n\n -\u003e #2 (fs_reclaim){+.+.}-{0:0}:\n fs_reclaim_acquire+0x91/0xd0\n __kmalloc_cache_noprof+0x4d/0x4c0\n mlx5r_cache_create_ent_locked+0x75/0x620 [mlx5_ib]\n mlx5_mkey_cache_init+0x186/0x360 [mlx5_ib]\n mlx5_ib_stage_post_ib_reg_umr_init+0x3c/0x60 [mlx5_ib]\n __mlx5_ib_add+0x4b/0x190 [mlx5_ib]\n mlx5r_probe+0xd9/0x320 [mlx5_ib]\n auxiliary_bus_probe+0x42/0x70\n really_probe+0xdb/0x360\n __driver_probe_device+0x8f/0x130\n driver_probe_device+0x1f/0xb0\n __driver_attach+0xd4/0x1f0\n bus_for_each_dev+0x79/0xd0\n bus_add_driver+0xf0/0x200\n driver_register+0x6e/0xc0\n __auxiliary_driver_register+0x6a/0xc0\n do_one_initcall+0x5e/0x390\n do_init_module+0x88/0x240\n init_module_from_file+0x85/0xc0\n idempotent_init_module+0x104/0x300\n __x64_sys_finit_module+0x68/0xc0\n do_syscall_64+0x6d/0x140\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n -\u003e #1 (\u0026dev-\u003ecache.rb_lock){+.+.}-{4:4}:\n __mutex_lock+0x98/0xf10\n __mlx5_ib_dereg_mr+0x6f2/0x890 [mlx5_ib]\n mlx5_ib_dereg_mr+0x21/0x110 [mlx5_ib]\n ib_dereg_mr_user+0x85/0x1f0 [ib_core]\n \n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38373", "https://git.kernel.org/linus/2ed25aa7f7711f508b6120e336f05cd9d49943c0 (6.16-rc5)", "https://git.kernel.org/stable/c/2ed25aa7f7711f508b6120e336f05cd9d49943c0", "https://git.kernel.org/stable/c/727eb1be65a370572edf307558ec3396b8573156", "https://git.kernel.org/stable/c/beb89ada5715e7bd1518c58863eedce89ec051a7", "https://linux.oracle.com/cve/CVE-2025-38373.html", "https://linux.oracle.com/errata/ELSA-2025-20551.html", "https://lore.kernel.org/linux-cve-announce/2025072503-CVE-2025-38373-b6fa@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38373", "https://ubuntu.com/security/notices/USN-7833-1", "https://ubuntu.com/security/notices/USN-7833-2", "https://ubuntu.com/security/notices/USN-7833-3", "https://ubuntu.com/security/notices/USN-7833-4", "https://ubuntu.com/security/notices/USN-7834-1", "https://ubuntu.com/security/notices/USN-7856-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38373" ], "PublishedDate": "2025-07-25T13:15:26.283Z", "LastModifiedDate": "2025-11-19T19:34:31.907Z" }, { "VulnerabilityID": "CVE-2025-38409", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38409", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a93d0bc9e13802f806b1a4f44aaaa8f7ccbdd70c241c96670f70210c606c9a2a", "Title": "kernel: drm/msm: Fix another leak in the submit error path", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: Fix another leak in the submit error path\n\nput_unused_fd() doesn't free the installed file, if we've already done\nfd_install(). So we need to also free the sync_file.\n\nPatchwork: https://patchwork.freedesktop.org/patch/653583/", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38409", "https://git.kernel.org/linus/f681c2aa8676a890eacc84044717ab0fd26e058f (6.16-rc3)", "https://git.kernel.org/stable/c/00b3401f692082ddf6342500d1be25560bba46d4", "https://git.kernel.org/stable/c/30d3819b0b9173e31b84d662a592af8bad351427", "https://git.kernel.org/stable/c/3f6ce8433a9035b0aa810e1f5b708e9dc1c367b0", "https://git.kernel.org/stable/c/c40ad1c04d306f7fde26337fdcf8a5979657d93f", "https://git.kernel.org/stable/c/f681c2aa8676a890eacc84044717ab0fd26e058f", "https://linux.oracle.com/cve/CVE-2025-38409.html", "https://linux.oracle.com/errata/ELSA-2025-20551.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025072520-CVE-2025-38409-cee4@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38409", "https://ubuntu.com/security/notices/USN-7833-1", "https://ubuntu.com/security/notices/USN-7833-2", "https://ubuntu.com/security/notices/USN-7833-3", "https://ubuntu.com/security/notices/USN-7833-4", "https://ubuntu.com/security/notices/USN-7834-1", "https://ubuntu.com/security/notices/USN-7856-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38409" ], "PublishedDate": "2025-07-25T14:15:32.553Z", "LastModifiedDate": "2025-12-23T19:46:10.503Z" }, { "VulnerabilityID": "CVE-2025-38422", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38422", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c2082bc88ff5f43ec7c56c8116f090208475aa7513d41ae216e83f3248766005", "Title": "kernel: net: lan743x: Modify the EEPROM and OTP size for PCI1xxxx devices", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: lan743x: Modify the EEPROM and OTP size for PCI1xxxx devices\n\nMaximum OTP and EEPROM size for hearthstone PCI1xxxx devices are 8 Kb\nand 64 Kb respectively. Adjust max size definitions and return correct\nEEPROM length based on device. Also prevent out-of-bound read/write.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38422", "https://git.kernel.org/linus/3b9935586a9b54d2da27901b830d3cf46ad66a1e (6.16-rc1)", "https://git.kernel.org/stable/c/088279ff18cdc437d6fac5890e0c52c624f78a5b", "https://git.kernel.org/stable/c/3b9935586a9b54d2da27901b830d3cf46ad66a1e", "https://git.kernel.org/stable/c/51318d644c993b3f7a60b8616a6a5adc1e967cd2", "https://git.kernel.org/stable/c/6b4201d74d0a49af2123abf2c9d142e59566714b", "https://git.kernel.org/stable/c/9c41d2a2aa3817946eb613522200cab55513ddaa", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025072554-CVE-2025-38422-5d9b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38422", "https://ubuntu.com/security/notices/USN-7833-1", "https://ubuntu.com/security/notices/USN-7833-2", "https://ubuntu.com/security/notices/USN-7833-3", "https://ubuntu.com/security/notices/USN-7833-4", "https://ubuntu.com/security/notices/USN-7834-1", "https://ubuntu.com/security/notices/USN-7856-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38422" ], "PublishedDate": "2025-07-25T15:15:27.037Z", "LastModifiedDate": "2025-12-23T18:41:32.32Z" }, { "VulnerabilityID": "CVE-2025-38425", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38425", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:457f66e6406da8f2407f7996b8c77b707f113010e8ba57d3977f55099de0ccc0", "Title": "kernel: Linux kernel (i2c Tegra): Information disclosure or denial of service via SMBUS block read with invalid length", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: tegra: check msg length in SMBUS block read\n\nFor SMBUS block read, do not continue to read if the message length\npassed from the device is '0' or greater than the maximum allowed bytes.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "V3Score": 6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38425", "https://git.kernel.org/linus/a6e04f05ce0b070ab39d5775580e65c7d943da0b (6.16-rc1)", "https://git.kernel.org/stable/c/3f03f77ce688d02da284174e1884b6065d6159bd", "https://git.kernel.org/stable/c/75a864f21ceeb8c1e8ce1b7589174fec2c3a039e", "https://git.kernel.org/stable/c/a6e04f05ce0b070ab39d5775580e65c7d943da0b", "https://git.kernel.org/stable/c/be5f6a65509cd5675362f15eb0440fb28b0f9d64", "https://git.kernel.org/stable/c/c39d1a9ae4ad66afcecab124d7789722bfe909fa", "https://linux.oracle.com/cve/CVE-2025-38425.html", "https://linux.oracle.com/errata/ELSA-2025-25757.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025072555-CVE-2025-38425-d34f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38425", "https://ubuntu.com/security/notices/USN-7833-1", "https://ubuntu.com/security/notices/USN-7833-2", "https://ubuntu.com/security/notices/USN-7833-3", "https://ubuntu.com/security/notices/USN-7833-4", "https://ubuntu.com/security/notices/USN-7834-1", "https://ubuntu.com/security/notices/USN-7856-1", "https://ubuntu.com/security/notices/USN-7864-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38425" ], "PublishedDate": "2025-07-25T15:15:27.39Z", "LastModifiedDate": "2025-12-23T18:35:09.797Z" }, { "VulnerabilityID": "CVE-2025-38426", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38426", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:cc4d82b0197025aa3c0db6ac5038111a2f709412fc861533bd25a3bdf6e8cb13", "Title": "kernel: drm/amdgpu: Add basic validation for RAS header", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Add basic validation for RAS header\n\nIf RAS header read from EEPROM is corrupted, it could result in trying\nto allocate huge memory for reading the records. Add some validation to\nheader fields.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38426", "https://git.kernel.org/linus/5df0d6addb7e9b6f71f7162d1253762a5be9138e (6.16-rc1)", "https://git.kernel.org/stable/c/0479268fdfaaff6e15d69e8a8387410f36d1b793", "https://git.kernel.org/stable/c/5df0d6addb7e9b6f71f7162d1253762a5be9138e", "https://git.kernel.org/stable/c/b52f52bc5ba9feb026c0be600f8ac584fd12d187", "https://git.kernel.org/stable/c/e1903358b2152f5d64a83e796bb776aba0d3628d", "https://lore.kernel.org/linux-cve-announce/2025072555-CVE-2025-38426-718c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38426", "https://ubuntu.com/security/notices/USN-7833-1", "https://ubuntu.com/security/notices/USN-7833-2", "https://ubuntu.com/security/notices/USN-7833-3", "https://ubuntu.com/security/notices/USN-7833-4", "https://ubuntu.com/security/notices/USN-7834-1", "https://ubuntu.com/security/notices/USN-7856-1", "https://www.cve.org/CVERecord?id=CVE-2025-38426" ], "PublishedDate": "2025-07-25T15:15:27.51Z", "LastModifiedDate": "2026-03-25T11:16:11.007Z" }, { "VulnerabilityID": "CVE-2025-38436", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38436", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:388c22add406ebecb216a1d3dfe4dd75de8438a89b2a74057c0cfec0384e3118", "Title": "kernel: drm/scheduler: signal scheduled fence when kill job", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/scheduler: signal scheduled fence when kill job\n\nWhen an entity from application B is killed, drm_sched_entity_kill()\nremoves all jobs belonging to that entity through\ndrm_sched_entity_kill_jobs_work(). If application A's job depends on a\nscheduled fence from application B's job, and that fence is not properly\nsignaled during the killing process, application A's dependency cannot be\ncleared.\n\nThis leads to application A hanging indefinitely while waiting for a\ndependency that will never be resolved. Fix this issue by ensuring that\nscheduled fences are properly signaled when an entity is killed, allowing\ndependent applications to continue execution.", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "azure": 3, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38436", "https://git.kernel.org/linus/471db2c2d4f80ee94225a1ef246e4f5011733e50 (6.16-rc1)", "https://git.kernel.org/stable/c/471db2c2d4f80ee94225a1ef246e4f5011733e50", "https://git.kernel.org/stable/c/aa382a8b6ed483e9812d0e63b6d1bdcba0186f29", "https://git.kernel.org/stable/c/aefd0a935625165a6ca36d0258d2d053901555df", "https://git.kernel.org/stable/c/c5734f9bab6f0d40577ad0633af4090a5fda2407", "https://linux.oracle.com/cve/CVE-2025-38436.html", "https://linux.oracle.com/errata/ELSA-2025-20551.html", "https://lore.kernel.org/linux-cve-announce/2025072512-CVE-2025-38436-8cb6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38436", "https://ubuntu.com/security/notices/USN-7833-1", "https://ubuntu.com/security/notices/USN-7833-2", "https://ubuntu.com/security/notices/USN-7833-3", "https://ubuntu.com/security/notices/USN-7833-4", "https://ubuntu.com/security/notices/USN-7834-1", "https://ubuntu.com/security/notices/USN-7856-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38436" ], "PublishedDate": "2025-07-25T15:15:29Z", "LastModifiedDate": "2025-11-19T18:09:46.64Z" }, { "VulnerabilityID": "CVE-2025-38437", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38437", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:25570f7080033da8174686cd7cc4f294f7ae60da0b722ba3315d1684828e240e", "Title": "kernel: ksmbd: fix potential use-after-free in oplock/lease break ack", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix potential use-after-free in oplock/lease break ack\n\nIf ksmbd_iov_pin_rsp return error, use-after-free can happen by\naccessing opinfo-\u003estate and opinfo_put and ksmbd_fd_put could\ncalled twice.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 3, "nvd": 3, "photon": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38437", "https://git.kernel.org/linus/50f930db22365738d9387c974416f38a06e8057e (6.16-rc6)", "https://git.kernel.org/stable/c/50f930db22365738d9387c974416f38a06e8057e", "https://git.kernel.org/stable/c/8106adc21a2270c16abf69cd74ccd7c79c6e7acd", "https://git.kernel.org/stable/c/815f1161d6dbc4c54ccf94b7d3fdeab34b4d7477", "https://git.kernel.org/stable/c/97c355989928a5f60b228ef5266c1be67a46cdf9", "https://git.kernel.org/stable/c/e38ec88a2b42c494601b1213816d75f0b54d9bf0", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025072559-CVE-2025-38437-9752@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38437", "https://ubuntu.com/security/notices/USN-7879-1", "https://ubuntu.com/security/notices/USN-7879-2", "https://ubuntu.com/security/notices/USN-7879-3", "https://ubuntu.com/security/notices/USN-7879-4", "https://ubuntu.com/security/notices/USN-7880-1", "https://ubuntu.com/security/notices/USN-7934-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38437" ], "PublishedDate": "2025-07-25T16:15:29.03Z", "LastModifiedDate": "2025-12-22T21:55:04.17Z" }, { "VulnerabilityID": "CVE-2025-38438", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38438", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:749b175e6b68b53af57371495403f918da0637fb5b243b3c65b53aa34220b1a9", "Title": "kernel: ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak.", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak.\n\nsof_pdata-\u003etplg_filename can have address allocated by kstrdup()\nand can be overwritten. Memory leak was detected with kmemleak:\n\nunreferenced object 0xffff88812391ff60 (size 16):\n comm \"kworker/4:1\", pid 161, jiffies 4294802931\n hex dump (first 16 bytes):\n 73 6f 66 2d 68 64 61 2d 67 65 6e 65 72 69 63 00 sof-hda-generic.\n backtrace (crc 4bf1675c):\n __kmalloc_node_track_caller_noprof+0x49c/0x6b0\n kstrdup+0x46/0xc0\n hda_machine_select.cold+0x1de/0x12cf [snd_sof_intel_hda_generic]\n sof_init_environment+0x16f/0xb50 [snd_sof]\n sof_probe_continue+0x45/0x7c0 [snd_sof]\n sof_probe_work+0x1e/0x40 [snd_sof]\n process_one_work+0x894/0x14b0\n worker_thread+0x5e5/0xfb0\n kthread+0x39d/0x760\n ret_from_fork+0x31/0x70\n ret_from_fork_asm+0x1a/0x30", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38438", "https://git.kernel.org/linus/6c038b58a2dc5a008c7e7a1297f5aaa4deaaaa7e (6.16-rc4)", "https://git.kernel.org/stable/c/58ecf51af12cb32b890858b52b2c34e80590c74a", "https://git.kernel.org/stable/c/68397fda2caa90e99a7c0bcb2cf604e42ef3b91f", "https://git.kernel.org/stable/c/6c038b58a2dc5a008c7e7a1297f5aaa4deaaaa7e", "https://linux.oracle.com/cve/CVE-2025-38438.html", "https://linux.oracle.com/errata/ELSA-2025-20551.html", "https://lore.kernel.org/linux-cve-announce/2025072501-CVE-2025-38438-f653@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38438", "https://ubuntu.com/security/notices/USN-7879-1", "https://ubuntu.com/security/notices/USN-7879-2", "https://ubuntu.com/security/notices/USN-7879-3", "https://ubuntu.com/security/notices/USN-7879-4", "https://ubuntu.com/security/notices/USN-7880-1", "https://ubuntu.com/security/notices/USN-7934-1", "https://www.cve.org/CVERecord?id=CVE-2025-38438" ], "PublishedDate": "2025-07-25T16:15:29.143Z", "LastModifiedDate": "2025-11-19T18:09:51.987Z" }, { "VulnerabilityID": "CVE-2025-38440", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38440", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:794aa5d767a0d647bac1a9145782dceb24b9d00083aeb4aa6a0ac1a1c95fb1c3", "Title": "kernel: Linux kernel: Denial of Service due to race condition in mlx5e driver", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix race between DIM disable and net_dim()\n\nThere's a race between disabling DIM and NAPI callbacks using the dim\npointer on the RQ or SQ.\n\nIf NAPI checks the DIM state bit and sees it still set, it assumes\n`rq-\u003edim` or `sq-\u003edim` is valid. But if DIM gets disabled right after\nthat check, the pointer might already be set to NULL, leading to a NULL\npointer dereference in net_dim().\n\nFix this by calling `synchronize_net()` before freeing the DIM context.\nThis ensures all in-progress NAPI callbacks are finished before the\npointer is cleared.\n\nKernel log:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n...\nRIP: 0010:net_dim+0x23/0x190\n...\nCall Trace:\n \u003cTASK\u003e\n ? __die+0x20/0x60\n ? page_fault_oops+0x150/0x3e0\n ? common_interrupt+0xf/0xa0\n ? sysvec_call_function_single+0xb/0x90\n ? exc_page_fault+0x74/0x130\n ? asm_exc_page_fault+0x22/0x30\n ? net_dim+0x23/0x190\n ? mlx5e_poll_ico_cq+0x41/0x6f0 [mlx5_core]\n ? sysvec_apic_timer_interrupt+0xb/0x90\n mlx5e_handle_rx_dim+0x92/0xd0 [mlx5_core]\n mlx5e_napi_poll+0x2cd/0xac0 [mlx5_core]\n ? mlx5e_poll_ico_cq+0xe5/0x6f0 [mlx5_core]\n busy_poll_stop+0xa2/0x200\n ? mlx5e_napi_poll+0x1d9/0xac0 [mlx5_core]\n ? mlx5e_trigger_irq+0x130/0x130 [mlx5_core]\n __napi_busy_loop+0x345/0x3b0\n ? sysvec_call_function_single+0xb/0x90\n ? asm_sysvec_call_function_single+0x16/0x20\n ? sysvec_apic_timer_interrupt+0xb/0x90\n ? pcpu_free_area+0x1e4/0x2e0\n napi_busy_loop+0x11/0x20\n xsk_recvmsg+0x10c/0x130\n sock_recvmsg+0x44/0x70\n __sys_recvfrom+0xbc/0x130\n ? __schedule+0x398/0x890\n __x64_sys_recvfrom+0x20/0x30\n do_syscall_64+0x4c/0x100\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n...\n---[ end trace 0000000000000000 ]---\n...\n---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38440", "https://git.kernel.org/linus/eb41a264a3a576dc040ee37c3d9d6b7e2d9be968 (6.16-rc6)", "https://git.kernel.org/stable/c/2bc6fb90486e42dd80e660ef7a40c02b2516c6d6", "https://git.kernel.org/stable/c/7581afc051542e11ccf3ade68acd01b7fb1a3cde", "https://git.kernel.org/stable/c/eb41a264a3a576dc040ee37c3d9d6b7e2d9be968", "https://linux.oracle.com/cve/CVE-2025-38440.html", "https://linux.oracle.com/errata/ELSA-2025-20551.html", "https://lore.kernel.org/linux-cve-announce/2025072501-CVE-2025-38440-cb71@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38440", "https://ubuntu.com/security/notices/USN-7879-1", "https://ubuntu.com/security/notices/USN-7879-2", "https://ubuntu.com/security/notices/USN-7879-3", "https://ubuntu.com/security/notices/USN-7879-4", "https://ubuntu.com/security/notices/USN-7880-1", "https://ubuntu.com/security/notices/USN-7934-1", "https://www.cve.org/CVERecord?id=CVE-2025-38440" ], "PublishedDate": "2025-07-25T16:15:29.39Z", "LastModifiedDate": "2025-11-19T18:09:59.133Z" }, { "VulnerabilityID": "CVE-2025-38449", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38449", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f19b066cb609a686835f729d6ae7ab5f78cfaa524330638bc6eba451f33ac716", "Title": "kernel: drm/gem: Acquire references on GEM handles for framebuffers", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gem: Acquire references on GEM handles for framebuffers\n\nA GEM handle can be released while the GEM buffer object is attached\nto a DRM framebuffer. This leads to the release of the dma-buf backing\nthe buffer object, if any. [1] Trying to use the framebuffer in further\nmode-setting operations leads to a segmentation fault. Most easily\nhappens with driver that use shadow planes for vmap-ing the dma-buf\nduring a page flip. An example is shown below.\n\n[ 156.791968] ------------[ cut here ]------------\n[ 156.796830] WARNING: CPU: 2 PID: 2255 at drivers/dma-buf/dma-buf.c:1527 dma_buf_vmap+0x224/0x430\n[...]\n[ 156.942028] RIP: 0010:dma_buf_vmap+0x224/0x430\n[ 157.043420] Call Trace:\n[ 157.045898] \u003cTASK\u003e\n[ 157.048030] ? show_trace_log_lvl+0x1af/0x2c0\n[ 157.052436] ? show_trace_log_lvl+0x1af/0x2c0\n[ 157.056836] ? show_trace_log_lvl+0x1af/0x2c0\n[ 157.061253] ? drm_gem_shmem_vmap+0x74/0x710\n[ 157.065567] ? dma_buf_vmap+0x224/0x430\n[ 157.069446] ? __warn.cold+0x58/0xe4\n[ 157.073061] ? dma_buf_vmap+0x224/0x430\n[ 157.077111] ? report_bug+0x1dd/0x390\n[ 157.080842] ? handle_bug+0x5e/0xa0\n[ 157.084389] ? exc_invalid_op+0x14/0x50\n[ 157.088291] ? asm_exc_invalid_op+0x16/0x20\n[ 157.092548] ? dma_buf_vmap+0x224/0x430\n[ 157.096663] ? dma_resv_get_singleton+0x6d/0x230\n[ 157.101341] ? __pfx_dma_buf_vmap+0x10/0x10\n[ 157.105588] ? __pfx_dma_resv_get_singleton+0x10/0x10\n[ 157.110697] drm_gem_shmem_vmap+0x74/0x710\n[ 157.114866] drm_gem_vmap+0xa9/0x1b0\n[ 157.118763] drm_gem_vmap_unlocked+0x46/0xa0\n[ 157.123086] drm_gem_fb_vmap+0xab/0x300\n[ 157.126979] drm_atomic_helper_prepare_planes.part.0+0x487/0xb10\n[ 157.133032] ? lockdep_init_map_type+0x19d/0x880\n[ 157.137701] drm_atomic_helper_commit+0x13d/0x2e0\n[ 157.142671] ? drm_atomic_nonblocking_commit+0xa0/0x180\n[ 157.147988] drm_mode_atomic_ioctl+0x766/0xe40\n[...]\n[ 157.346424] ---[ end trace 0000000000000000 ]---\n\nAcquiring GEM handles for the framebuffer's GEM buffer objects prevents\nthis from happening. The framebuffer's cleanup later puts the handle\nreferences.\n\nCommit 1a148af06000 (\"drm/gem-shmem: Use dma_buf from GEM object\ninstance\") triggers the segmentation fault easily by using the dma-buf\nfield more widely. The underlying issue with reference counting has\nbeen present before.\n\nv2:\n- acquire the handle instead of the BO (Christian)\n- fix comment style (Christian)\n- drop the Fixes tag (Christian)\n- rename err_ gotos\n- add missing Link tag", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "nvd": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H", "V3Score": 7.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:15661", "https://access.redhat.com/security/cve/CVE-2025-38449", "https://bugzilla.redhat.com/2360223", "https://bugzilla.redhat.com/2379246", "https://bugzilla.redhat.com/2382581", "https://bugzilla.redhat.com/2383519", "https://bugzilla.redhat.com/show_bug.cgi?id=2360223", "https://bugzilla.redhat.com/show_bug.cgi?id=2379246", "https://bugzilla.redhat.com/show_bug.cgi?id=2382581", "https://bugzilla.redhat.com/show_bug.cgi?id=2383519", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38332", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38352", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38449", "https://errata.almalinux.org/9/ALSA-2025-15661.html", "https://errata.rockylinux.org/RLSA-2025:15661", "https://git.kernel.org/linus/5307dce878d4126e1b375587318955bd019c3741 (6.16-rc5)", "https://git.kernel.org/stable/c/08480e285c6a82ce689008d643e4a51db0aaef8b", "https://git.kernel.org/stable/c/3cf520d9860d4ec9f7f32068825da31f18dd3f25", "https://git.kernel.org/stable/c/5307dce878d4126e1b375587318955bd019c3741", "https://git.kernel.org/stable/c/cb4c956a15f8b7f870649454771fc3761f504b5f", "https://linux.oracle.com/cve/CVE-2025-38449.html", "https://linux.oracle.com/errata/ELSA-2025-20551.html", "https://lore.kernel.org/linux-cve-announce/2025072504-CVE-2025-38449-cbf0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38449", "https://ubuntu.com/security/notices/USN-7879-1", "https://ubuntu.com/security/notices/USN-7879-2", "https://ubuntu.com/security/notices/USN-7879-3", "https://ubuntu.com/security/notices/USN-7879-4", "https://ubuntu.com/security/notices/USN-7880-1", "https://ubuntu.com/security/notices/USN-7934-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38449" ], "PublishedDate": "2025-07-25T16:15:30.443Z", "LastModifiedDate": "2025-11-19T17:52:35.217Z" }, { "VulnerabilityID": "CVE-2025-38485", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38485", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:76a39941222aa16e5be370e502a1dd6a4471ba5eed2306fa7361c402702c881a", "Title": "kernel: iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush\n\nfxls8962af_fifo_flush() uses indio_dev-\u003eactive_scan_mask (with\niio_for_each_active_channel()) without making sure the indio_dev\nstays in buffer mode.\nThere is a race if indio_dev exits buffer mode in the middle of the\ninterrupt that flushes the fifo. Fix this by calling\nsynchronize_irq() to ensure that no interrupt is currently running when\ndisabling buffer mode.\n\nUnable to handle kernel NULL pointer dereference at virtual address 00000000 when read\n[...]\n_find_first_bit_le from fxls8962af_fifo_flush+0x17c/0x290\nfxls8962af_fifo_flush from fxls8962af_interrupt+0x80/0x178\nfxls8962af_interrupt from irq_thread_fn+0x1c/0x7c\nirq_thread_fn from irq_thread+0x110/0x1f4\nirq_thread from kthread+0xe0/0xfc\nkthread from ret_from_fork+0x14/0x2c", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 2, "nvd": 3, "photon": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38485", "https://git.kernel.org/linus/1fe16dc1a2f5057772e5391ec042ed7442966c9a (6.16-rc7)", "https://git.kernel.org/stable/c/1803d372460aaa9ae0188a30c9421d3f157f2f04", "https://git.kernel.org/stable/c/1fe16dc1a2f5057772e5391ec042ed7442966c9a", "https://git.kernel.org/stable/c/6ecd61c201b27ad2760b3975437ad2b97d725b98", "https://git.kernel.org/stable/c/bfcda3e1015791b3a63fb4d3aad408da9cf76e8f", "https://git.kernel.org/stable/c/dda42f23a8f5439eaac9521ce0531547d880cc54", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025072815-CVE-2025-38485-3cec@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38485", "https://ubuntu.com/security/notices/USN-7879-1", "https://ubuntu.com/security/notices/USN-7879-2", "https://ubuntu.com/security/notices/USN-7879-3", "https://ubuntu.com/security/notices/USN-7879-4", "https://ubuntu.com/security/notices/USN-7880-1", "https://ubuntu.com/security/notices/USN-7934-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38485" ], "PublishedDate": "2025-07-28T12:15:30.487Z", "LastModifiedDate": "2026-01-07T16:25:52.523Z" }, { "VulnerabilityID": "CVE-2025-38486", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38486", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4536519dc57138fd208467e95b00cda560171c0818adc9a5c33d334ba9d16188", "Title": "kernel: soundwire: Revert \"soundwire: qcom: Add set_channel_map api support\"", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoundwire: Revert \"soundwire: qcom: Add set_channel_map api support\"\n\nThis reverts commit 7796c97df6b1b2206681a07f3c80f6023a6593d5.\n\nThis patch broke Dragonboard 845c (sdm845). I see:\n\n Unexpected kernel BRK exception at EL1\n Internal error: BRK handler: 00000000f20003e8 [#1] SMP\n pc : qcom_swrm_set_channel_map+0x7c/0x80 [soundwire_qcom]\n lr : snd_soc_dai_set_channel_map+0x34/0x78\n Call trace:\n qcom_swrm_set_channel_map+0x7c/0x80 [soundwire_qcom] (P)\n sdm845_dai_init+0x18c/0x2e0 [snd_soc_sdm845]\n snd_soc_link_init+0x28/0x6c\n snd_soc_bind_card+0x5f4/0xb0c\n snd_soc_register_card+0x148/0x1a4\n devm_snd_soc_register_card+0x50/0xb0\n sdm845_snd_platform_probe+0x124/0x148 [snd_soc_sdm845]\n platform_probe+0x6c/0xd0\n really_probe+0xc0/0x2a4\n __driver_probe_device+0x7c/0x130\n driver_probe_device+0x40/0x118\n __device_attach_driver+0xc4/0x108\n bus_for_each_drv+0x8c/0xf0\n __device_attach+0xa4/0x198\n device_initial_probe+0x18/0x28\n bus_probe_device+0xb8/0xbc\n deferred_probe_work_func+0xac/0xfc\n process_one_work+0x244/0x658\n worker_thread+0x1b4/0x360\n kthread+0x148/0x228\n ret_from_fork+0x10/0x20\n Kernel panic - not syncing: BRK handler: Fatal exception\n\nDan has also reported following issues with the original patch\nhttps://lore.kernel.org/all/33fe8fe7-719a-405a-9ed2-d9f816ce1d57@sabinyo.mountain/\n\nBug #1:\nThe zeroeth element of ctrl-\u003epconfig[] is supposed to be unused. We\nstart counting at 1. However this code sets ctrl-\u003epconfig[0].ch_mask = 128.\n\nBug #2:\nThere are SLIM_MAX_TX_PORTS (16) elements in tx_ch[] array but only\nQCOM_SDW_MAX_PORTS + 1 (15) in the ctrl-\u003epconfig[] array so it corrupts\nmemory like Yongqin Liu pointed out.\n\nBug 3:\nLike Jie Gan pointed out, it erases all the tx information with the rx\ninformation.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38486", "https://git.kernel.org/linus/834bce6a715ae9a9c4dce7892454a19adf22b013 (6.16-rc7)", "https://git.kernel.org/stable/c/207cea8b72fcbdf4e6db178e54186ed4f1514b3c", "https://git.kernel.org/stable/c/834bce6a715ae9a9c4dce7892454a19adf22b013", "https://lore.kernel.org/linux-cve-announce/2025072815-CVE-2025-38486-e3f6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38486", "https://www.cve.org/CVERecord?id=CVE-2025-38486" ], "PublishedDate": "2025-07-28T12:15:30.6Z", "LastModifiedDate": "2025-11-19T17:45:46Z" }, { "VulnerabilityID": "CVE-2025-38491", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38491", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8435cbe2d67c8a4ab17b1b75edd07d8d90a096dc65b6178eedcf53461be20606", "Title": "kernel: mptcp: make fallback action and fallback decision atomic", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: make fallback action and fallback decision atomic\n\nSyzkaller reported the following splat:\n\n WARNING: CPU: 1 PID: 7704 at net/mptcp/protocol.h:1223 __mptcp_do_fallback net/mptcp/protocol.h:1223 [inline]\n WARNING: CPU: 1 PID: 7704 at net/mptcp/protocol.h:1223 mptcp_do_fallback net/mptcp/protocol.h:1244 [inline]\n WARNING: CPU: 1 PID: 7704 at net/mptcp/protocol.h:1223 check_fully_established net/mptcp/options.c:982 [inline]\n WARNING: CPU: 1 PID: 7704 at net/mptcp/protocol.h:1223 mptcp_incoming_options+0x21a8/0x2510 net/mptcp/options.c:1153\n Modules linked in:\n CPU: 1 UID: 0 PID: 7704 Comm: syz.3.1419 Not tainted 6.16.0-rc3-gbd5ce2324dba #20 PREEMPT(voluntary)\n Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n RIP: 0010:__mptcp_do_fallback net/mptcp/protocol.h:1223 [inline]\n RIP: 0010:mptcp_do_fallback net/mptcp/protocol.h:1244 [inline]\n RIP: 0010:check_fully_established net/mptcp/options.c:982 [inline]\n RIP: 0010:mptcp_incoming_options+0x21a8/0x2510 net/mptcp/options.c:1153\n Code: 24 18 e8 bb 2a 00 fd e9 1b df ff ff e8 b1 21 0f 00 e8 ec 5f c4 fc 44 0f b7 ac 24 b0 00 00 00 e9 54 f1 ff ff e8 d9 5f c4 fc 90 \u003c0f\u003e 0b 90 e9 b8 f4 ff ff e8 8b 2a 00 fd e9 8d e6 ff ff e8 81 2a 00\n RSP: 0018:ffff8880a3f08448 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: ffff8880180a8000 RCX: ffffffff84afcf45\n RDX: ffff888090223700 RSI: ffffffff84afdaa7 RDI: 0000000000000001\n RBP: ffff888017955780 R08: 0000000000000001 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000\n R13: ffff8880180a8910 R14: ffff8880a3e9d058 R15: 0000000000000000\n FS: 00005555791b8500(0000) GS:ffff88811c495000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000110c2800b7 CR3: 0000000058e44000 CR4: 0000000000350ef0\n Call Trace:\n \u003cIRQ\u003e\n tcp_reset+0x26f/0x2b0 net/ipv4/tcp_input.c:4432\n tcp_validate_incoming+0x1057/0x1b60 net/ipv4/tcp_input.c:5975\n tcp_rcv_established+0x5b5/0x21f0 net/ipv4/tcp_input.c:6166\n tcp_v4_do_rcv+0x5dc/0xa70 net/ipv4/tcp_ipv4.c:1925\n tcp_v4_rcv+0x3473/0x44a0 net/ipv4/tcp_ipv4.c:2363\n ip_protocol_deliver_rcu+0xba/0x480 net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x2f1/0x500 net/ipv4/ip_input.c:233\n NF_HOOK include/linux/netfilter.h:317 [inline]\n NF_HOOK include/linux/netfilter.h:311 [inline]\n ip_local_deliver+0x1be/0x560 net/ipv4/ip_input.c:254\n dst_input include/net/dst.h:469 [inline]\n ip_rcv_finish net/ipv4/ip_input.c:447 [inline]\n NF_HOOK include/linux/netfilter.h:317 [inline]\n NF_HOOK include/linux/netfilter.h:311 [inline]\n ip_rcv+0x514/0x810 net/ipv4/ip_input.c:567\n __netif_receive_skb_one_core+0x197/0x1e0 net/core/dev.c:5975\n __netif_receive_skb+0x1f/0x120 net/core/dev.c:6088\n process_backlog+0x301/0x1360 net/core/dev.c:6440\n __napi_poll.constprop.0+0xba/0x550 net/core/dev.c:7453\n napi_poll net/core/dev.c:7517 [inline]\n net_rx_action+0xb44/0x1010 net/core/dev.c:7644\n handle_softirqs+0x1d0/0x770 kernel/softirq.c:579\n do_softirq+0x3f/0x90 kernel/softirq.c:480\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n __local_bh_enable_ip+0xed/0x110 kernel/softirq.c:407\n local_bh_enable include/linux/bottom_half.h:33 [inline]\n inet_csk_listen_stop+0x2c5/0x1070 net/ipv4/inet_connection_sock.c:1524\n mptcp_check_listen_stop.part.0+0x1cc/0x220 net/mptcp/protocol.c:2985\n mptcp_check_listen_stop net/mptcp/mib.h:118 [inline]\n __mptcp_close+0x9b9/0xbd0 net/mptcp/protocol.c:3000\n mptcp_close+0x2f/0x140 net/mptcp/protocol.c:3066\n inet_release+0xed/0x200 net/ipv4/af_inet.c:435\n inet6_release+0x4f/0x70 net/ipv6/af_inet6.c:487\n __sock_release+0xb3/0x270 net/socket.c:649\n sock_close+0x1c/0x30 net/socket.c:1439\n __fput+0x402/0xb70 fs/file_table.c:465\n task_work_run+0x150/0x240 kernel/task_work.c:227\n resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]\n exit_to_user_mode_loop+0xd4\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38491", "https://git.kernel.org/linus/f8a1d9b18c5efc76784f5a326e905f641f839894 (6.16-rc7)", "https://git.kernel.org/stable/c/1d82a8fe6ee4afdc92f4e8808c9dad2a6095bbc5", "https://git.kernel.org/stable/c/54999dea879fecb761225e28f274b40662918c30", "https://git.kernel.org/stable/c/5586518bec27666c747cd52aabb62d485686d0bf", "https://git.kernel.org/stable/c/75a4c9ab8a7af0d76b31ccd1188ed178c38b35d2", "https://git.kernel.org/stable/c/f8a1d9b18c5efc76784f5a326e905f641f839894", "https://linux.oracle.com/cve/CVE-2025-38491.html", "https://linux.oracle.com/errata/ELSA-2025-20551.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025072817-CVE-2025-38491-859c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38491", "https://ubuntu.com/security/notices/USN-7879-1", "https://ubuntu.com/security/notices/USN-7879-2", "https://ubuntu.com/security/notices/USN-7879-3", "https://ubuntu.com/security/notices/USN-7879-4", "https://ubuntu.com/security/notices/USN-7880-1", "https://ubuntu.com/security/notices/USN-7934-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38491" ], "PublishedDate": "2025-07-28T12:15:31.24Z", "LastModifiedDate": "2026-01-07T16:26:19.27Z" }, { "VulnerabilityID": "CVE-2025-38501", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38501", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9556e6558b8412e5befc8f5651ca2d932dc5b828d12b81fd7f541f3997b73ac1", "Title": "kernel: ksmbd: limit repeated connections from clients with the same IP", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: limit repeated connections from clients with the same IP\n\nRepeated connections from clients with the same IP address may exhaust\nthe max connections and prevent other normal client connections.\nThis patch limit repeated connections from clients with the same IP.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "azure": 2, "nvd": 3, "photon": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/15/2", "https://access.redhat.com/security/cve/CVE-2025-38501", "https://git.kernel.org/linus/e6bb9193974059ddbb0ce7763fa3882bd60d4dc3 (6.17-rc1)", "https://git.kernel.org/stable/c/6073afe64510c302b7a0683a01e32c012eff715d", "https://git.kernel.org/stable/c/7e5d91d3e6c62a9755b36f29c35288f06c3cd86b", "https://git.kernel.org/stable/c/cb092fc3a62972a4aa47c9fe356c2c6a01cd840b", "https://git.kernel.org/stable/c/e6bb9193974059ddbb0ce7763fa3882bd60d4dc3", "https://git.kernel.org/stable/c/f1ce9258bcbce2491f9f71f7882b6eed0b33ec65", "https://git.kernel.org/stable/c/fa1c47af4ff641cf9197ecdb1f8240cbb30389c1", "https://github.com/keymaker-arch/KSMBDrain", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025081612-CVE-2025-38501-e51f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38501", "https://ubuntu.com/security/notices/USN-7879-1", "https://ubuntu.com/security/notices/USN-7879-2", "https://ubuntu.com/security/notices/USN-7879-3", "https://ubuntu.com/security/notices/USN-7879-4", "https://ubuntu.com/security/notices/USN-7880-1", "https://ubuntu.com/security/notices/USN-7934-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38501" ], "PublishedDate": "2025-08-16T06:15:27.923Z", "LastModifiedDate": "2026-03-17T16:04:50.967Z" }, { "VulnerabilityID": "CVE-2025-38503", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38503", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:58ef14673178b4d651038eb485f2ffebe794df033c7b262965a9d17784a61837", "Title": "kernel: btrfs: fix assertion when building free space tree", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix assertion when building free space tree\n\nWhen building the free space tree with the block group tree feature\nenabled, we can hit an assertion failure like this:\n\n BTRFS info (device loop0 state M): rebuilding free space tree\n assertion failed: ret == 0, in fs/btrfs/free-space-tree.c:1102\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/free-space-tree.c:1102!\n Internal error: Oops - BUG: 00000000f2000800 [#1] SMP\n Modules linked in:\n CPU: 1 UID: 0 PID: 6592 Comm: syz-executor322 Not tainted 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\n pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : populate_free_space_tree+0x514/0x518 fs/btrfs/free-space-tree.c:1102\n lr : populate_free_space_tree+0x514/0x518 fs/btrfs/free-space-tree.c:1102\n sp : ffff8000a4ce7600\n x29: ffff8000a4ce76e0 x28: ffff0000c9bc6000 x27: ffff0000ddfff3d8\n x26: ffff0000ddfff378 x25: dfff800000000000 x24: 0000000000000001\n x23: ffff8000a4ce7660 x22: ffff70001499cecc x21: ffff0000e1d8c160\n x20: ffff0000e1cb7800 x19: ffff0000e1d8c0b0 x18: 00000000ffffffff\n x17: ffff800092f39000 x16: ffff80008ad27e48 x15: ffff700011e740c0\n x14: 1ffff00011e740c0 x13: 0000000000000004 x12: ffffffffffffffff\n x11: ffff700011e740c0 x10: 0000000000ff0100 x9 : 94ef24f55d2dbc00\n x8 : 94ef24f55d2dbc00 x7 : 0000000000000001 x6 : 0000000000000001\n x5 : ffff8000a4ce6f98 x4 : ffff80008f415ba0 x3 : ffff800080548ef0\n x2 : 0000000000000000 x1 : 0000000100000000 x0 : 000000000000003e\n Call trace:\n populate_free_space_tree+0x514/0x518 fs/btrfs/free-space-tree.c:1102 (P)\n btrfs_rebuild_free_space_tree+0x14c/0x54c fs/btrfs/free-space-tree.c:1337\n btrfs_start_pre_rw_mount+0xa78/0xe10 fs/btrfs/disk-io.c:3074\n btrfs_remount_rw fs/btrfs/super.c:1319 [inline]\n btrfs_reconfigure+0x828/0x2418 fs/btrfs/super.c:1543\n reconfigure_super+0x1d4/0x6f0 fs/super.c:1083\n do_remount fs/namespace.c:3365 [inline]\n path_mount+0xb34/0xde0 fs/namespace.c:4200\n do_mount fs/namespace.c:4221 [inline]\n __do_sys_mount fs/namespace.c:4432 [inline]\n __se_sys_mount fs/namespace.c:4409 [inline]\n __arm64_sys_mount+0x3e8/0x468 fs/namespace.c:4409\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767\n el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786\n el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600\n Code: f0047182 91178042 528089c3 9771d47b (d4210000)\n ---[ end trace 0000000000000000 ]---\n\nThis happens because we are processing an empty block group, which has\nno extents allocated from it, there are no items for this block group,\nincluding the block group item since block group items are stored in a\ndedicated tree when using the block group tree feature. It also means\nthis is the block group with the highest start offset, so there are no\nhigher keys in the extent root, hence btrfs_search_slot_for_read()\nreturns 1 (no higher key found).\n\nFix this by asserting 'ret' is 0 only if the block group tree feature\nis not enabled, in which case we should find a block group item for\nthe block group since it's stored in the extent root and block group\nitem keys are greater than extent item keys (the value for\nBTRFS_BLOCK_GROUP_ITEM_KEY is 192 and for BTRFS_EXTENT_ITEM_KEY and\nBTRFS_METADATA_ITEM_KEY the values are 168 and 169 respectively).\nIn case 'ret' is 1, we just need to add a record to the free space\ntree which spans the whole block group, and we can achieve this by\nmaking 'ret == 0' as the while loop's condition.", "Severity": "MEDIUM", "CweIDs": [ "CWE-617" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38503", "https://git.kernel.org/linus/1961d20f6fa8903266ed9bd77c691924c22c8f02 (6.16-rc4)", "https://git.kernel.org/stable/c/0bcc14f36c7ad37121cf5c0ae18cdde5bfad9c4e", "https://git.kernel.org/stable/c/1961d20f6fa8903266ed9bd77c691924c22c8f02", "https://git.kernel.org/stable/c/6bbe6530b1db7b4365ce9e86144c18c5d73b2c5b", "https://git.kernel.org/stable/c/7c77df23324f60bcff0ea44392e2c82e9486640c", "https://git.kernel.org/stable/c/f4428b2d4c68732653e93f748f538bdee639ff80", "https://linux.oracle.com/cve/CVE-2025-38503.html", "https://linux.oracle.com/errata/ELSA-2025-20551.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025081645-CVE-2025-38503-8580@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38503", "https://ubuntu.com/security/notices/USN-7879-1", "https://ubuntu.com/security/notices/USN-7879-2", "https://ubuntu.com/security/notices/USN-7879-3", "https://ubuntu.com/security/notices/USN-7879-4", "https://ubuntu.com/security/notices/USN-7880-1", "https://ubuntu.com/security/notices/USN-7934-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38503" ], "PublishedDate": "2025-08-16T11:15:42.373Z", "LastModifiedDate": "2026-01-22T18:37:38.983Z" }, { "VulnerabilityID": "CVE-2025-38507", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38507", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:12f1f291cae0c19aa2f624c01fbc7abead52103f29953a35a09e9064abe7b0a3", "Title": "kernel: HID: nintendo: avoid bluetooth suspend/resume stalls", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: nintendo: avoid bluetooth suspend/resume stalls\n\nEnsure we don't stall or panic the kernel when using bluetooth-connected\ncontrollers. This was reported as an issue on android devices using\nkernel 6.6 due to the resume hook which had been added for usb joycons.\n\nFirst, set a new state value to JOYCON_CTLR_STATE_SUSPENDED in a\nnewly-added nintendo_hid_suspend. This makes sure we will not stall out\nthe kernel waiting for input reports during led classdev suspend. The\nstalls could happen if connectivity is unreliable or lost to the\ncontroller prior to suspend.\n\nSecond, since we lose connectivity during suspend, do not try\njoycon_init() for bluetooth controllers in the nintendo_hid_resume path.\n\nTested via multiple suspend/resume flows when using the controller both\nin USB and bluetooth modes.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38507", "https://git.kernel.org/linus/4a0381080397e77792a5168069f174d3e56175ff (6.16-rc4)", "https://git.kernel.org/stable/c/4a0381080397e77792a5168069f174d3e56175ff", "https://git.kernel.org/stable/c/72cb7eef06a5cde42b324dea85fa11fd5bb6a08a", "https://git.kernel.org/stable/c/7b4a026313529a487821ef6ab494a61f12c1db08", "https://lore.kernel.org/linux-cve-announce/2025081650-CVE-2025-38507-fb6a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38507", "https://ubuntu.com/security/notices/USN-7879-1", "https://ubuntu.com/security/notices/USN-7879-2", "https://ubuntu.com/security/notices/USN-7879-3", "https://ubuntu.com/security/notices/USN-7879-4", "https://ubuntu.com/security/notices/USN-7880-1", "https://ubuntu.com/security/notices/USN-7934-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38507" ], "PublishedDate": "2025-08-16T11:15:43.653Z", "LastModifiedDate": "2025-11-19T17:22:00.177Z" }, { "VulnerabilityID": "CVE-2025-38512", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38512", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a9369f80025ae8d99863ff26e3f3340513805e31c19d3c4d49abb9e03f1d07b2", "Title": "kernel: wifi: prevent A-MSDU attacks in mesh networks", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: prevent A-MSDU attacks in mesh networks\n\nThis patch is a mitigation to prevent the A-MSDU spoofing vulnerability\nfor mesh networks. The initial update to the IEEE 802.11 standard, in\nresponse to the FragAttacks, missed this case (CVE-2025-27558). It can\nbe considered a variant of CVE-2020-24588 but for mesh networks.\n\nThis patch tries to detect if a standard MSDU was turned into an A-MSDU\nby an adversary. This is done by parsing a received A-MSDU as a standard\nMSDU, calculating the length of the Mesh Control header, and seeing if\nthe 6 bytes after this header equal the start of an rfc1042 header. If\nequal, this is a strong indication of an ongoing attack attempt.\n\nThis defense was tested with mac80211_hwsim against a mesh network that\nuses an empty Mesh Address Extension field, i.e., when four addresses\nare used, and when using a 12-byte Mesh Address Extension field, i.e.,\nwhen six addresses are used. Functionality of normal MSDUs and A-MSDUs\nwas also tested, and confirmed working, when using both an empty and\n12-byte Mesh Address Extension field.\n\nIt was also tested with mac80211_hwsim that A-MSDU attacks in non-mesh\nnetworks keep being detected and prevented.\n\nNote that the vulnerability being patched, and the defense being\nimplemented, was also discussed in the following paper and in the\nfollowing IEEE 802.11 presentation:\n\nhttps://papers.mathyvanhoef.com/wisec2025.pdf\nhttps://mentor.ieee.org/802.11/dcn/25/11-25-0949-00-000m-a-msdu-mesh-spoof-protection.docx", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", "V3Score": 7.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38512", "https://git.kernel.org/linus/737bb912ebbe4571195c56eba557c4d7315b26fb (6.16-rc6)", "https://git.kernel.org/stable/c/6e3b09402cc6c3e3474fa548e8adf6897dda05de", "https://git.kernel.org/stable/c/737bb912ebbe4571195c56eba557c4d7315b26fb", "https://git.kernel.org/stable/c/e01851f6e9a665a6011b14714b271d3e6b0b8d32", "https://git.kernel.org/stable/c/e2c8a3c0388aef6bfc4aabfba07bc7dff16eea80", "https://git.kernel.org/stable/c/ec6392061de6681148b63ee6c8744da833498cdd", "https://linux.oracle.com/cve/CVE-2025-38512.html", "https://linux.oracle.com/errata/ELSA-2025-20551.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025081651-CVE-2025-38512-24bb@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38512", "https://ubuntu.com/security/notices/USN-7879-1", "https://ubuntu.com/security/notices/USN-7879-2", "https://ubuntu.com/security/notices/USN-7879-3", "https://ubuntu.com/security/notices/USN-7879-4", "https://ubuntu.com/security/notices/USN-7880-1", "https://ubuntu.com/security/notices/USN-7934-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38512" ], "PublishedDate": "2025-08-16T11:15:44.263Z", "LastModifiedDate": "2026-01-07T17:58:51.697Z" }, { "VulnerabilityID": "CVE-2025-38520", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38520", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a20f48d658db32036639a0b33637821ab736d255137ac87f45ded046c5b74c1f", "Title": "kernel: drm/amdkfd: Don't call mmput from MMU notifier callback", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Don't call mmput from MMU notifier callback\n\nIf the process is exiting, the mmput inside mmu notifier callback from\ncompactd or fork or numa balancing could release the last reference\nof mm struct to call exit_mmap and free_pgtable, this triggers deadlock\nwith below backtrace.\n\nThe deadlock will leak kfd process as mmu notifier release is not called\nand cause VRAM leaking.\n\nThe fix is to take mm reference mmget_non_zero when adding prange to the\ndeferred list to pair with mmput in deferred list work.\n\nIf prange split and add into pchild list, the pchild work_item.mm is not\nused, so remove the mm parameter from svm_range_unmap_split and\nsvm_range_add_child.\n\nThe backtrace of hung task:\n\n INFO: task python:348105 blocked for more than 64512 seconds.\n Call Trace:\n __schedule+0x1c3/0x550\n schedule+0x46/0xb0\n rwsem_down_write_slowpath+0x24b/0x4c0\n unlink_anon_vmas+0xb1/0x1c0\n free_pgtables+0xa9/0x130\n exit_mmap+0xbc/0x1a0\n mmput+0x5a/0x140\n svm_range_cpu_invalidate_pagetables+0x2b/0x40 [amdgpu]\n mn_itree_invalidate+0x72/0xc0\n __mmu_notifier_invalidate_range_start+0x48/0x60\n try_to_unmap_one+0x10fa/0x1400\n rmap_walk_anon+0x196/0x460\n try_to_unmap+0xbb/0x210\n migrate_page_unmap+0x54d/0x7e0\n migrate_pages_batch+0x1c3/0xae0\n migrate_pages_sync+0x98/0x240\n migrate_pages+0x25c/0x520\n compact_zone+0x29d/0x590\n compact_zone_order+0xb6/0xf0\n try_to_compact_pages+0xbe/0x220\n __alloc_pages_direct_compact+0x96/0x1a0\n __alloc_pages_slowpath+0x410/0x930\n __alloc_pages_nodemask+0x3a9/0x3e0\n do_huge_pmd_anonymous_page+0xd7/0x3e0\n __handle_mm_fault+0x5e3/0x5f0\n handle_mm_fault+0xf7/0x2e0\n hmm_vma_fault.isra.0+0x4d/0xa0\n walk_pmd_range.isra.0+0xa8/0x310\n walk_pud_range+0x167/0x240\n walk_pgd_range+0x55/0x100\n __walk_page_range+0x87/0x90\n walk_page_range+0xf6/0x160\n hmm_range_fault+0x4f/0x90\n amdgpu_hmm_range_get_pages+0x123/0x230 [amdgpu]\n amdgpu_ttm_tt_get_user_pages+0xb1/0x150 [amdgpu]\n init_user_pages+0xb1/0x2a0 [amdgpu]\n amdgpu_amdkfd_gpuvm_alloc_memory_of_gpu+0x543/0x7d0 [amdgpu]\n kfd_ioctl_alloc_memory_of_gpu+0x24c/0x4e0 [amdgpu]\n kfd_ioctl+0x29d/0x500 [amdgpu]\n\n(cherry picked from commit a29e067bd38946f752b0ef855f3dfff87e77bec7)", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38520", "https://git.kernel.org/linus/cf234231fcbc7d391e2135b9518613218cc5347f (6.16-rc5)", "https://git.kernel.org/stable/c/145a56bd68f4bff098d59fbc7c263d20dfef4fc4", "https://git.kernel.org/stable/c/a7eb0a25010a674c8fdfbece38353ef7be8c5834", "https://git.kernel.org/stable/c/c1bde9d48e09933c361521720f77a8072083c83a", "https://git.kernel.org/stable/c/cf234231fcbc7d391e2135b9518613218cc5347f", "https://git.kernel.org/stable/c/e90ee15ce28c61f6d83a0511c3e02e2662478350", "https://linux.oracle.com/cve/CVE-2025-38520.html", "https://linux.oracle.com/errata/ELSA-2025-20551.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025081654-CVE-2025-38520-1f4f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38520", "https://ubuntu.com/security/notices/USN-7879-1", "https://ubuntu.com/security/notices/USN-7879-2", "https://ubuntu.com/security/notices/USN-7879-3", "https://ubuntu.com/security/notices/USN-7879-4", "https://ubuntu.com/security/notices/USN-7880-1", "https://ubuntu.com/security/notices/USN-7934-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38520" ], "PublishedDate": "2025-08-16T11:15:45.283Z", "LastModifiedDate": "2026-01-07T17:39:21.887Z" }, { "VulnerabilityID": "CVE-2025-38524", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38524", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:45e14d3cbe1b0d532bfcbe485b56ca5f9443b12a97b525768c6fc3b1c4098f01", "Title": "kernel: rxrpc: Fix recv-recv race of completed call", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix recv-recv race of completed call\n\nIf a call receives an event (such as incoming data), the call gets placed\non the socket's queue and a thread in recvmsg can be awakened to go and\nprocess it. Once the thread has picked up the call off of the queue,\nfurther events will cause it to be requeued, and once the socket lock is\ndropped (recvmsg uses call-\u003euser_mutex to allow the socket to be used in\nparallel), a second thread can come in and its recvmsg can pop the call off\nthe socket queue again.\n\nIn such a case, the first thread will be receiving stuff from the call and\nthe second thread will be blocked on call-\u003euser_mutex. The first thread\ncan, at this point, process both the event that it picked call for and the\nevent that the second thread picked the call for and may see the call\nterminate - in which case the call will be \"released\", decoupling the call\nfrom the user call ID assigned to it (RXRPC_USER_CALL_ID in the control\nmessage).\n\nThe first thread will return okay, but then the second thread will wake up\nholding the user_mutex and, if it sees that the call has been released by\nthe first thread, it will BUG thusly:\n\n\tkernel BUG at net/rxrpc/recvmsg.c:474!\n\nFix this by just dequeuing the call and ignoring it if it is seen to be\nalready released. We can't tell userspace about it anyway as the user call\nID has become stale.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "azure": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 6.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38524", "https://git.kernel.org/linus/962fb1f651c2cf2083e0c3ef53ba69e3b96d3fbc (6.16-rc7)", "https://git.kernel.org/stable/c/6c75a97a32a5fa2060c3dd30207e63b6914b606d", "https://git.kernel.org/stable/c/7692bde890061797f3dece0148d7859e85c55778", "https://git.kernel.org/stable/c/839fe96c15209dc2255c064bb44b636efe04f032", "https://git.kernel.org/stable/c/962fb1f651c2cf2083e0c3ef53ba69e3b96d3fbc", "https://lore.kernel.org/linux-cve-announce/2025081653-CVE-2025-38524-7277@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38524", "https://ubuntu.com/security/notices/USN-7879-1", "https://ubuntu.com/security/notices/USN-7879-2", "https://ubuntu.com/security/notices/USN-7879-3", "https://ubuntu.com/security/notices/USN-7879-4", "https://ubuntu.com/security/notices/USN-7880-1", "https://ubuntu.com/security/notices/USN-7934-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38524" ], "PublishedDate": "2025-08-16T12:15:27.8Z", "LastModifiedDate": "2025-11-18T21:53:40.173Z" }, { "VulnerabilityID": "CVE-2025-38531", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38531", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d778acbabbf0f2d1d8c2473f849a4f4b9e19096a7ba63bd1aef3905072a40c19", "Title": "kernel: iio: common: st_sensors: Fix use of uninitialize device structs", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: common: st_sensors: Fix use of uninitialize device structs\n\nThroughout the various probe functions \u0026indio_dev-\u003edev is used before it\nis initialized. This caused a kernel panic in st_sensors_power_enable()\nwhen the call to devm_regulator_bulk_get_enable() fails and then calls\ndev_err_probe() with the uninitialized device.\n\nThis seems to only cause a panic with dev_err_probe(), dev_err(),\ndev_warn() and dev_info() don't seem to cause a panic, but are fixed\nas well.\n\nThe issue is reported and traced here: [1]", "Severity": "MEDIUM", "CweIDs": [ "CWE-908" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38531", "https://git.kernel.org/linus/9f92e93e257b33e73622640a9205f8642ec16ddd (6.16-rc7)", "https://git.kernel.org/stable/c/3297a9016a45144883ec990bd4bd5b1d79cafb46", "https://git.kernel.org/stable/c/610615c9668037e3eca11132063b93b2d945af13", "https://git.kernel.org/stable/c/9f92e93e257b33e73622640a9205f8642ec16ddd", "https://linux.oracle.com/cve/CVE-2025-38531.html", "https://linux.oracle.com/errata/ELSA-2025-20551.html", "https://lore.kernel.org/linux-cve-announce/2025081655-CVE-2025-38531-abbc@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38531", "https://ubuntu.com/security/notices/USN-7879-1", "https://ubuntu.com/security/notices/USN-7879-2", "https://ubuntu.com/security/notices/USN-7879-3", "https://ubuntu.com/security/notices/USN-7879-4", "https://ubuntu.com/security/notices/USN-7880-1", "https://ubuntu.com/security/notices/USN-7934-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38531" ], "PublishedDate": "2025-08-16T12:15:28.693Z", "LastModifiedDate": "2025-11-18T18:14:44.457Z" }, { "VulnerabilityID": "CVE-2025-38544", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38544", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:dbafc57a38b03f0da68b559d2f7db6c006301974936932f9bbe8ba0e5f7fd166", "Title": "kernel: Linux kernel: Denial of Service in rxrpc due to prealloc collision", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix bug due to prealloc collision\n\nWhen userspace is using AF_RXRPC to provide a server, it has to preallocate\nincoming calls and assign to them call IDs that will be used to thread\nrelated recvmsg() and sendmsg() together. The preallocated call IDs will\nautomatically be attached to calls as they come in until the pool is empty.\n\nTo the kernel, the call IDs are just arbitrary numbers, but userspace can\nuse the call ID to hold a pointer to prepared structs. In any case, the\nuser isn't permitted to create two calls with the same call ID (call IDs\nbecome available again when the call ends) and EBADSLT should result from\nsendmsg() if an attempt is made to preallocate a call with an in-use call\nID.\n\nHowever, the cleanup in the error handling will trigger both assertions in\nrxrpc_cleanup_call() because the call isn't marked complete and isn't\nmarked as having been released.\n\nFix this by setting the call state in rxrpc_service_prealloc_one() and then\nmarking it as being released before calling the cleanup function.", "Severity": "MEDIUM", "CweIDs": [ "CWE-617" ], "VendorSeverity": { "azure": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38544", "https://git.kernel.org/linus/69e4186773c6445b258fb45b6e1df18df831ec45 (6.16-rc6)", "https://git.kernel.org/stable/c/432c5363cd6fe5a928bbc94524d28b05515684dd", "https://git.kernel.org/stable/c/5385ad53793de2ab11e396bdcdaa65bb04b4dad6", "https://git.kernel.org/stable/c/69e4186773c6445b258fb45b6e1df18df831ec45", "https://git.kernel.org/stable/c/d8ffb47a443919277cb093c3db1ec6c0a06880b1", "https://lore.kernel.org/linux-cve-announce/2025081627-CVE-2025-38544-a2ab@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38544", "https://ubuntu.com/security/notices/USN-7879-1", "https://ubuntu.com/security/notices/USN-7879-2", "https://ubuntu.com/security/notices/USN-7879-3", "https://ubuntu.com/security/notices/USN-7879-4", "https://ubuntu.com/security/notices/USN-7880-1", "https://ubuntu.com/security/notices/USN-7934-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38544" ], "PublishedDate": "2025-08-16T12:15:30.373Z", "LastModifiedDate": "2025-11-18T18:09:45.81Z" }, { "VulnerabilityID": "CVE-2025-38552", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38552", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5d06c45d36420bc8820fdfbeccaebb00b56c7b82e21df3699e8cf682718df8dc", "Title": "kernel: mptcp: plug races between subflow fail and subflow creation", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: plug races between subflow fail and subflow creation\n\nWe have races similar to the one addressed by the previous patch between\nsubflow failing and additional subflow creation. They are just harder to\ntrigger.\n\nThe solution is similar. Use a separate flag to track the condition\n'socket state prevent any additional subflow creation' protected by the\nfallback lock.\n\nThe socket fallback makes such flag true, and also receiving or sending\nan MP_FAIL option.\n\nThe field 'allow_infinite_fallback' is now always touched under the\nrelevant lock, we can drop the ONCE annotation on write.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 3, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38552", "https://git.kernel.org/linus/def5b7b2643ebba696fc60ddf675dca13f073486 (6.16-rc7)", "https://git.kernel.org/stable/c/659da22dee5ff316ba63bdaeeac7b58b5442f6c2", "https://git.kernel.org/stable/c/7c96d519ee15a130842a6513530b4d20acd2bfcd", "https://git.kernel.org/stable/c/c476d627584b7589a134a8b48dd5c6639e4401c5", "https://git.kernel.org/stable/c/def5b7b2643ebba696fc60ddf675dca13f073486", "https://git.kernel.org/stable/c/f81b6fbe13c7fc413b5158cdffc6a59391a2a8db", "https://linux.oracle.com/cve/CVE-2025-38552.html", "https://linux.oracle.com/errata/ELSA-2025-20551.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025081629-CVE-2025-38552-f7a9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38552", "https://ubuntu.com/security/notices/USN-7879-1", "https://ubuntu.com/security/notices/USN-7879-2", "https://ubuntu.com/security/notices/USN-7879-3", "https://ubuntu.com/security/notices/USN-7879-4", "https://ubuntu.com/security/notices/USN-7880-1", "https://ubuntu.com/security/notices/USN-7934-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38552" ], "PublishedDate": "2025-08-16T12:15:31.4Z", "LastModifiedDate": "2026-01-07T18:31:15.84Z" }, { "VulnerabilityID": "CVE-2025-38556", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38556", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7b33369711db927c6e47580d807a6eac645d8e3d0404accfa8a20c682b944669", "Title": "kernel: HID: core: Harden s32ton() against conversion to 0 bits", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: Harden s32ton() against conversion to 0 bits\n\nTesting by the syzbot fuzzer showed that the HID core gets a\nshift-out-of-bounds exception when it tries to convert a 32-bit\nquantity to a 0-bit quantity. Ideally this should never occur, but\nthere are buggy devices and some might have a report field with size\nset to zero; we shouldn't reject the report or the device just because\nof that.\n\nInstead, harden the s32ton() routine so that it returns a reasonable\nresult instead of crashing when it is called with the number of bits\nset to 0 -- the same as what snto32() does.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:17760", "https://access.redhat.com/security/cve/CVE-2025-38556", "https://bugzilla.redhat.com/2389456", "https://bugzilla.redhat.com/2389491", "https://bugzilla.redhat.com/2394615", "https://bugzilla.redhat.com/2396379", "https://bugzilla.redhat.com/show_bug.cgi?id=2389456", "https://bugzilla.redhat.com/show_bug.cgi?id=2389491", "https://bugzilla.redhat.com/show_bug.cgi?id=2394615", "https://bugzilla.redhat.com/show_bug.cgi?id=2396379", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-53373", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38556", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38614", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39757", "https://errata.almalinux.org/9/ALSA-2025-17760.html", "https://errata.rockylinux.org/RLSA-2025:17760", "https://git.kernel.org/linus/a6b87bfc2ab5bccb7ad953693c85d9062aef3fdd (6.17-rc1)", "https://git.kernel.org/stable/c/3c86548a20d7bc2861aa4de044991a327bebad1a", "https://git.kernel.org/stable/c/6cdf6c708717c5c6897d0800a1793e83757c7491", "https://git.kernel.org/stable/c/810189546cb6c8f36443ed091d91f1f5d2fc2ec7", "https://git.kernel.org/stable/c/865ad8469fa24de1559f247d9426ab01e5ce3a56", "https://git.kernel.org/stable/c/8b4a94b1510f6a46ec48494b52ee8f67eb4fc836", "https://git.kernel.org/stable/c/a6b87bfc2ab5bccb7ad953693c85d9062aef3fdd", "https://git.kernel.org/stable/c/d3b504146c111548ab60b6ef7aad00bfb1db05a2", "https://git.kernel.org/stable/c/eeeaba737919bdce9885e2a00ac2912f61a3684d", "https://linux.oracle.com/cve/CVE-2025-38556.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2025081905-CVE-2025-38556-521e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38556", "https://ubuntu.com/security/notices/USN-7879-1", "https://ubuntu.com/security/notices/USN-7879-2", "https://ubuntu.com/security/notices/USN-7879-3", "https://ubuntu.com/security/notices/USN-7879-4", "https://ubuntu.com/security/notices/USN-7880-1", "https://ubuntu.com/security/notices/USN-7934-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-38556" ], "PublishedDate": "2025-08-19T17:15:31.817Z", "LastModifiedDate": "2026-01-19T13:16:08.517Z" }, { "VulnerabilityID": "CVE-2025-38560", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38560", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e103896550e72030aaa8f37f434a53cf3225ab3356eb70b7d3b262b4c1732b12", "Title": "kernel: x86/sev: Evict cache lines during SNP memory validation", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/sev: Evict cache lines during SNP memory validation\n\nAn SNP cache coherency vulnerability requires a cache line eviction\nmitigation when validating memory after a page state change to private.\nThe specific mitigation is to touch the first and last byte of each 4K\npage that is being validated. There is no need to perform the mitigation\nwhen performing a page state change to shared and rescinding validation.\n\nCPUID bit Fn8000001F_EBX[31] defines the COHERENCY_SFW_NO CPUID bit\nthat, when set, indicates that the software mitigation for this\nvulnerability is not needed.\n\nImplement the mitigation and invoke it when validating memory (making it\nprivate) and the COHERENCY_SFW_NO bit is not set, indicating the SNP\nguest is vulnerable.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38560", "https://git.kernel.org/linus/7b306dfa326f70114312b320d083b21fa9481e1e (6.17-rc2)", "https://git.kernel.org/stable/c/1fb873971e23c35c53823c62809a474a92bc3022", "https://git.kernel.org/stable/c/1fec416c03d0a64cc21aa04ce4aa14254b017e6a", "https://git.kernel.org/stable/c/7b306dfa326f70114312b320d083b21fa9481e1e", "https://git.kernel.org/stable/c/a762a4c8d9e768b538b3cc60615361a8cf377de8", "https://git.kernel.org/stable/c/aed15fc08f15dbb15822b2a0b653f67e76aa0fdf", "https://git.kernel.org/stable/c/f92af52e6dbd8d066d77beba451e0230482dc45b", "https://linux.oracle.com/cve/CVE-2025-38560.html", "https://linux.oracle.com/errata/ELSA-2025-20662.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025081906-CVE-2025-38560-d265@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38560", "https://ubuntu.com/security/notices/USN-7879-1", "https://ubuntu.com/security/notices/USN-7879-2", "https://ubuntu.com/security/notices/USN-7879-3", "https://ubuntu.com/security/notices/USN-7879-4", "https://ubuntu.com/security/notices/USN-7880-1", "https://ubuntu.com/security/notices/USN-7934-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38560" ], "PublishedDate": "2025-08-19T17:15:32.37Z", "LastModifiedDate": "2026-01-22T18:39:27.84Z" }, { "VulnerabilityID": "CVE-2025-38562", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38562", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f71e485cfcb9731f31a608bcf249f86250b0a94730366eb3a14ce84ab65fd11d", "Title": "kernel: ksmbd: fix null pointer dereference error in generate_encryptionkey", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix null pointer dereference error in generate_encryptionkey\n\nIf client send two session setups with krb5 authenticate to ksmbd,\nnull pointer dereference error in generate_encryptionkey could happen.\nsess-\u003ePreauth_HashValue is set to NULL if session is valid.\nSo this patch skip generate encryption key if session is valid.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "photon": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38562", "https://git.kernel.org/linus/9b493ab6f35178afd8d619800df9071992f715de (6.17-rc1)", "https://git.kernel.org/stable/c/015ef163d65496ae3ba6192c96140a22743f0353", "https://git.kernel.org/stable/c/2a30ed6428ce83afedca1a6c5c5c4247bcf12d0e", "https://git.kernel.org/stable/c/96a82e19434a2522525baab59c33332658bc7653", "https://git.kernel.org/stable/c/9b493ab6f35178afd8d619800df9071992f715de", "https://git.kernel.org/stable/c/9c2dbbc959e1fcc6f603a1a843e9cf743ba383bb", "https://git.kernel.org/stable/c/d79c8bebaa622ee223128be7c66d8aaeeb634a57", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025081907-CVE-2025-38562-1418@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38562", "https://ubuntu.com/security/notices/USN-7879-1", "https://ubuntu.com/security/notices/USN-7879-2", "https://ubuntu.com/security/notices/USN-7879-3", "https://ubuntu.com/security/notices/USN-7879-4", "https://ubuntu.com/security/notices/USN-7880-1", "https://ubuntu.com/security/notices/USN-7934-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38562", "https://www.zerodayinitiative.com/advisories/ZDI-25-917/" ], "PublishedDate": "2025-08-19T17:15:32.653Z", "LastModifiedDate": "2026-01-08T20:51:49.473Z" }, { "VulnerabilityID": "CVE-2025-38590", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38590", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1ad9aa23f0b81b7aed50036ca5de8301b496d662ba28302a6cd0f52bbbe4cc7a", "Title": "kernel: net/mlx5e: Remove skb secpath if xfrm state is not found", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Remove skb secpath if xfrm state is not found\n\nHardware returns a unique identifier for a decrypted packet's xfrm\nstate, this state is looked up in an xarray. However, the state might\nhave been freed by the time of this lookup.\n\nCurrently, if the state is not found, only a counter is incremented.\nThe secpath (sp) extension on the skb is not removed, resulting in\nsp-\u003elen becoming 0.\n\nSubsequently, functions like __xfrm_policy_check() attempt to access\nfields such as xfrm_input_state(skb)-\u003exso.type (which dereferences\nsp-\u003exvec[sp-\u003elen - 1]) without first validating sp-\u003elen. This leads to\na crash when dereferencing an invalid state pointer.\n\nThis patch prevents the crash by explicitly removing the secpath\nextension from the skb if the xfrm state is not found after hardware\ndecryption. This ensures downstream functions do not operate on a\nzero-length secpath.\n\n BUG: unable to handle page fault for address: ffffffff000002c8\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 282e067 P4D 282e067 PUD 0\n Oops: Oops: 0000 [#1] SMP\n CPU: 12 UID: 0 PID: 0 Comm: swapper/12 Not tainted 6.15.0-rc7_for_upstream_min_debug_2025_05_27_22_44 #1 NONE\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n RIP: 0010:__xfrm_policy_check+0x61a/0xa30\n Code: b6 77 7f 83 e6 02 74 14 4d 8b af d8 00 00 00 41 0f b6 45 05 c1 e0 03 48 98 49 01 c5 41 8b 45 00 83 e8 01 48 98 49 8b 44 c5 10 \u003c0f\u003e b6 80 c8 02 00 00 83 e0 0c 3c 04 0f 84 0c 02 00 00 31 ff 80 fa\n RSP: 0018:ffff88885fb04918 EFLAGS: 00010297\n RAX: ffffffff00000000 RBX: 0000000000000002 RCX: 0000000000000000\n RDX: 0000000000000002 RSI: 0000000000000002 RDI: 0000000000000000\n RBP: ffffffff8311af80 R08: 0000000000000020 R09: 00000000c2eda353\n R10: ffff88812be2bbc8 R11: 000000001faab533 R12: ffff88885fb049c8\n R13: ffff88812be2bbc8 R14: 0000000000000000 R15: ffff88811896ae00\n FS: 0000000000000000(0000) GS:ffff8888dca82000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: ffffffff000002c8 CR3: 0000000243050002 CR4: 0000000000372eb0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cIRQ\u003e\n ? try_to_wake_up+0x108/0x4c0\n ? udp4_lib_lookup2+0xbe/0x150\n ? udp_lib_lport_inuse+0x100/0x100\n ? __udp4_lib_lookup+0x2b0/0x410\n __xfrm_policy_check2.constprop.0+0x11e/0x130\n udp_queue_rcv_one_skb+0x1d/0x530\n udp_unicast_rcv_skb+0x76/0x90\n __udp4_lib_rcv+0xa64/0xe90\n ip_protocol_deliver_rcu+0x20/0x130\n ip_local_deliver_finish+0x75/0xa0\n ip_local_deliver+0xc1/0xd0\n ? ip_protocol_deliver_rcu+0x130/0x130\n ip_sublist_rcv+0x1f9/0x240\n ? ip_rcv_finish_core+0x430/0x430\n ip_list_rcv+0xfc/0x130\n __netif_receive_skb_list_core+0x181/0x1e0\n netif_receive_skb_list_internal+0x200/0x360\n ? mlx5e_build_rx_skb+0x1bc/0xda0 [mlx5_core]\n gro_receive_skb+0xfd/0x210\n mlx5e_handle_rx_cqe_mpwrq+0x141/0x280 [mlx5_core]\n mlx5e_poll_rx_cq+0xcc/0x8e0 [mlx5_core]\n ? mlx5e_handle_rx_dim+0x91/0xd0 [mlx5_core]\n mlx5e_napi_poll+0x114/0xab0 [mlx5_core]\n __napi_poll+0x25/0x170\n net_rx_action+0x32d/0x3a0\n ? mlx5_eq_comp_int+0x8d/0x280 [mlx5_core]\n ? notifier_call_chain+0x33/0xa0\n handle_softirqs+0xda/0x250\n irq_exit_rcu+0x6d/0xc0\n common_interrupt+0x81/0xa0\n \u003c/IRQ\u003e", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38590", "https://git.kernel.org/linus/6d19c44b5c6dd72f9a357d0399604ec16a77de3c (6.17-rc1)", "https://git.kernel.org/stable/c/137b12a4900eb6971b889839eab6036f72cbb217", "https://git.kernel.org/stable/c/314f568b84b01f6eac1e4313ca47f9ade4349443", "https://git.kernel.org/stable/c/3a5782431d84716b66302b07ff1b32fea1023bd5", "https://git.kernel.org/stable/c/6d19c44b5c6dd72f9a357d0399604ec16a77de3c", "https://git.kernel.org/stable/c/781a0bbf377443ef06f3248221f06cb555935530", "https://linux.oracle.com/cve/CVE-2025-38590.html", "https://linux.oracle.com/errata/ELSA-2025-20662.html", "https://lore.kernel.org/linux-cve-announce/2025081917-CVE-2025-38590-6e67@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38590", "https://ubuntu.com/security/notices/USN-7879-1", "https://ubuntu.com/security/notices/USN-7879-2", "https://ubuntu.com/security/notices/USN-7879-3", "https://ubuntu.com/security/notices/USN-7879-4", "https://ubuntu.com/security/notices/USN-7880-1", "https://ubuntu.com/security/notices/USN-7934-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38590" ], "PublishedDate": "2025-08-19T17:15:36.653Z", "LastModifiedDate": "2025-11-26T17:58:27.43Z" }, { "VulnerabilityID": "CVE-2025-38595", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38595", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:71b921c694384c2c781e91230d171523bb8eba5b1abcf068e923d031c7f4d94a", "Title": "kernel: xen: fix UAF in dmabuf_exp_from_pages()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen: fix UAF in dmabuf_exp_from_pages()\n\n[dma_buf_fd() fixes; no preferences regarding the tree it goes through -\nup to xen folks]\n\nAs soon as we'd inserted a file reference into descriptor table, another\nthread could close it. That's fine for the case when all we are doing is\nreturning that descriptor to userland (it's a race, but it's a userland\nrace and there's nothing the kernel can do about it). However, if we\nfollow fd_install() with any kind of access to objects that would be\ndestroyed on close (be it the struct file itself or anything destroyed\nby its -\u003erelease()), we have a UAF.\n\ndma_buf_fd() is a combination of reserving a descriptor and fd_install().\ngntdev dmabuf_exp_from_pages() calls it and then proceeds to access the\nobjects destroyed on close - starting with gntdev_dmabuf itself.\n\nFix that by doing reserving descriptor before anything else and do\nfd_install() only when everything had been set up.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38595", "https://git.kernel.org/linus/532c8b51b3a8676cbf533a291f8156774f30ea87 (6.17-rc1)", "https://git.kernel.org/stable/c/3edfd2353f301bfffd5ee41066e37320a59ccc2d", "https://git.kernel.org/stable/c/532c8b51b3a8676cbf533a291f8156774f30ea87", "https://git.kernel.org/stable/c/d59d49af4aeed9a81e673e37c26c6a3bacf1a181", "https://git.kernel.org/stable/c/e5907885260401bba300d4d18d79875c05b82651", "https://lore.kernel.org/linux-cve-announce/2025081918-CVE-2025-38595-9676@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38595", "https://ubuntu.com/security/notices/USN-7879-1", "https://ubuntu.com/security/notices/USN-7879-2", "https://ubuntu.com/security/notices/USN-7879-3", "https://ubuntu.com/security/notices/USN-7879-4", "https://ubuntu.com/security/notices/USN-7880-1", "https://ubuntu.com/security/notices/USN-7934-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38595" ], "PublishedDate": "2025-08-19T17:15:37.343Z", "LastModifiedDate": "2025-11-26T18:01:25.173Z" }, { "VulnerabilityID": "CVE-2025-38615", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38615", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:35a60d1baf0b9730506370687116204f971974aeaec0a7ce1edda011330d8102", "Title": "kernel: fs/ntfs3: cancle set bad inode after removing name fails", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: cancle set bad inode after removing name fails\n\nThe reproducer uses a file0 on a ntfs3 file system with a corrupted i_link.\nWhen renaming, the file0's inode is marked as a bad inode because the file\nname cannot be deleted.\n\nThe underlying bug is that make_bad_inode() is called on a live inode.\nIn some cases it's \"icache lookup finds a normal inode, d_splice_alias()\nis called to attach it to dentry, while another thread decides to call\nmake_bad_inode() on it - that would evict it from icache, but we'd already\nfound it there earlier\".\nIn some it's outright \"we have an inode attached to dentry - that's how we\ngot it in the first place; let's call make_bad_inode() on it just for shits\nand giggles\".", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38615", "https://git.kernel.org/linus/d99208b91933fd2a58ed9ed321af07dacd06ddc3 (6.17-rc1)", "https://git.kernel.org/stable/c/358d4f821c03add421a4c49290538a705852ccf1", "https://git.kernel.org/stable/c/3ed2cc6a6e93fbeb8c0cafce1e7fb1f64a331dcc", "https://git.kernel.org/stable/c/a285395020780adac1ffbc844069c3d700bf007a", "https://git.kernel.org/stable/c/b35a50d639ca5259466ef5fea85529bb4fb17d5b", "https://git.kernel.org/stable/c/d99208b91933fd2a58ed9ed321af07dacd06ddc3", "https://lore.kernel.org/linux-cve-announce/2025081925-CVE-2025-38615-5f57@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38615", "https://ubuntu.com/security/notices/USN-7879-1", "https://ubuntu.com/security/notices/USN-7879-2", "https://ubuntu.com/security/notices/USN-7879-3", "https://ubuntu.com/security/notices/USN-7879-4", "https://ubuntu.com/security/notices/USN-7880-1", "https://ubuntu.com/security/notices/USN-7934-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38615" ], "PublishedDate": "2025-08-19T17:15:40.177Z", "LastModifiedDate": "2025-11-26T17:41:11.79Z" }, { "VulnerabilityID": "CVE-2025-38621", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38621", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:06df83d7b5575d13f0f2393b91316322de0b6390e758a1ab1d579d88d10e9d68", "Title": "kernel: md: make rdev_addable usable for rcu mode", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: make rdev_addable usable for rcu mode\n\nOur testcase trigger panic:\n\nBUG: kernel NULL pointer dereference, address: 00000000000000e0\n...\nOops: Oops: 0000 [#1] SMP NOPTI\nCPU: 2 UID: 0 PID: 85 Comm: kworker/2:1 Not tainted 6.16.0+ #94\nPREEMPT(none)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.16.1-2.fc37 04/01/2014\nWorkqueue: md_misc md_start_sync\nRIP: 0010:rdev_addable+0x4d/0xf0\n...\nCall Trace:\n \u003cTASK\u003e\n md_start_sync+0x329/0x480\n process_one_work+0x226/0x6d0\n worker_thread+0x19e/0x340\n kthread+0x10f/0x250\n ret_from_fork+0x14d/0x180\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\nModules linked in: raid10\nCR2: 00000000000000e0\n---[ end trace 0000000000000000 ]---\nRIP: 0010:rdev_addable+0x4d/0xf0\n\nmd_spares_need_change in md_start_sync will call rdev_addable which\nprotected by rcu_read_lock/rcu_read_unlock. This rcu context will help\nprotect rdev won't be released, but rdev-\u003emddev will be set to NULL\nbefore we call synchronize_rcu in md_kick_rdev_from_array. Fix this by\nusing READ_ONCE and check does rdev-\u003emddev still alive.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38621", "https://git.kernel.org/linus/13017b427118f4311471ee47df74872372ca8482 (6.17-rc1)", "https://git.kernel.org/stable/c/13017b427118f4311471ee47df74872372ca8482", "https://git.kernel.org/stable/c/b5fbe940862339cdcc34dea7a057ad18d18fa137", "https://lore.kernel.org/linux-cve-announce/2025082229-CVE-2025-38621-763f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38621", "https://www.cve.org/CVERecord?id=CVE-2025-38621" ], "PublishedDate": "2025-08-22T16:15:35.46Z", "LastModifiedDate": "2025-11-26T17:46:17.203Z" }, { "VulnerabilityID": "CVE-2025-38626", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38626", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e9a1605e729d826b951336bdaec48df006fb2bdd70a5f375addf8bf6fc088e32", "Title": "kernel: f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode\n\nw/ \"mode=lfs\" mount option, generic/299 will cause system panic as below:\n\n------------[ cut here ]------------\nkernel BUG at fs/f2fs/segment.c:2835!\nCall Trace:\n \u003cTASK\u003e\n f2fs_allocate_data_block+0x6f4/0xc50\n f2fs_map_blocks+0x970/0x1550\n f2fs_iomap_begin+0xb2/0x1e0\n iomap_iter+0x1d6/0x430\n __iomap_dio_rw+0x208/0x9a0\n f2fs_file_write_iter+0x6b3/0xfa0\n aio_write+0x15d/0x2e0\n io_submit_one+0x55e/0xab0\n __x64_sys_io_submit+0xa5/0x230\n do_syscall_64+0x84/0x2f0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0010:new_curseg+0x70f/0x720\n\nThe root cause of we run out-of-space is: in f2fs_map_blocks(), f2fs may\ntrigger foreground gc only if it allocates any physical block, it will be\na little bit later when there is multiple threads writing data w/\naio/dio/bufio method in parallel, since we always use OPU in lfs mode, so\nf2fs_map_blocks() does block allocations aggressively.\n\nIn order to fix this issue, let's give a chance to trigger foreground\ngc in prior to block allocation in f2fs_map_blocks().", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38626", "https://git.kernel.org/linus/1005a3ca28e90c7a64fa43023f866b960a60f791 (6.17-rc1)", "https://git.kernel.org/stable/c/1005a3ca28e90c7a64fa43023f866b960a60f791", "https://git.kernel.org/stable/c/264ede8a52f18647ed5bb5f2bd9bf54f556ad8f5", "https://git.kernel.org/stable/c/385e64a0744584397b4b52b27c96703516f39968", "https://git.kernel.org/stable/c/82765ce5c7a56f9309ee45328e763610eaf11253", "https://git.kernel.org/stable/c/d2f280f43a2a9d918fd23169ff3a6f3b65c7cec5", "https://git.kernel.org/stable/c/f289690f50a01c3e085d87853392d5b7436a4cee", "https://lore.kernel.org/linux-cve-announce/2025082231-CVE-2025-38626-1e63@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38626", "https://ubuntu.com/security/notices/USN-7879-1", "https://ubuntu.com/security/notices/USN-7879-2", "https://ubuntu.com/security/notices/USN-7879-3", "https://ubuntu.com/security/notices/USN-7879-4", "https://ubuntu.com/security/notices/USN-7880-1", "https://ubuntu.com/security/notices/USN-7934-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38626" ], "PublishedDate": "2025-08-22T16:15:36.193Z", "LastModifiedDate": "2026-03-25T11:16:11.16Z" }, { "VulnerabilityID": "CVE-2025-38643", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38643", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e26267d0b613639a1fd89d083683ddfa8e90e75e0a119c9b35f688e5ba065a5e", "Title": "kernel: wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac()\n\nCallers of wdev_chandef() must hold the wiphy mutex.\n\nBut the worker cfg80211_propagate_cac_done_wk() never takes the lock.\nWhich triggers the warning below with the mesh_peer_connected_dfs\ntest from hostapd and not (yet) released mac80211 code changes:\n\nWARNING: CPU: 0 PID: 495 at net/wireless/chan.c:1552 wdev_chandef+0x60/0x165\nModules linked in:\nCPU: 0 UID: 0 PID: 495 Comm: kworker/u4:2 Not tainted 6.14.0-rc5-wt-g03960e6f9d47 #33 13c287eeabfe1efea01c0bcc863723ab082e17cf\nWorkqueue: cfg80211 cfg80211_propagate_cac_done_wk\nStack:\n 00000000 00000001 ffffff00 6093267c\n 00000000 6002ec30 6d577c50 60037608\n 00000000 67e8d108 6063717b 00000000\nCall Trace:\n [\u003c6002ec30\u003e] ? _printk+0x0/0x98\n [\u003c6003c2b3\u003e] show_stack+0x10e/0x11a\n [\u003c6002ec30\u003e] ? _printk+0x0/0x98\n [\u003c60037608\u003e] dump_stack_lvl+0x71/0xb8\n [\u003c6063717b\u003e] ? wdev_chandef+0x60/0x165\n [\u003c6003766d\u003e] dump_stack+0x1e/0x20\n [\u003c6005d1b7\u003e] __warn+0x101/0x20f\n [\u003c6005d3a8\u003e] warn_slowpath_fmt+0xe3/0x15d\n [\u003c600b0c5c\u003e] ? mark_lock.part.0+0x0/0x4ec\n [\u003c60751191\u003e] ? __this_cpu_preempt_check+0x0/0x16\n [\u003c600b11a2\u003e] ? mark_held_locks+0x5a/0x6e\n [\u003c6005d2c5\u003e] ? warn_slowpath_fmt+0x0/0x15d\n [\u003c60052e53\u003e] ? unblock_signals+0x3a/0xe7\n [\u003c60052f2d\u003e] ? um_set_signals+0x2d/0x43\n [\u003c60751191\u003e] ? __this_cpu_preempt_check+0x0/0x16\n [\u003c607508b2\u003e] ? lock_is_held_type+0x207/0x21f\n [\u003c6063717b\u003e] wdev_chandef+0x60/0x165\n [\u003c605f89b4\u003e] regulatory_propagate_dfs_state+0x247/0x43f\n [\u003c60052f00\u003e] ? um_set_signals+0x0/0x43\n [\u003c605e6bfd\u003e] cfg80211_propagate_cac_done_wk+0x3a/0x4a\n [\u003c6007e460\u003e] process_scheduled_works+0x3bc/0x60e\n [\u003c6007d0ec\u003e] ? move_linked_works+0x4d/0x81\n [\u003c6007d120\u003e] ? assign_work+0x0/0xaa\n [\u003c6007f81f\u003e] worker_thread+0x220/0x2dc\n [\u003c600786ef\u003e] ? set_pf_worker+0x0/0x57\n [\u003c60087c96\u003e] ? to_kthread+0x0/0x43\n [\u003c6008ab3c\u003e] kthread+0x2d3/0x2e2\n [\u003c6007f5ff\u003e] ? worker_thread+0x0/0x2dc\n [\u003c6006c05b\u003e] ? calculate_sigpending+0x0/0x56\n [\u003c6003b37d\u003e] new_thread_handler+0x4a/0x64\nirq event stamp: 614611\nhardirqs last enabled at (614621): [\u003c00000000600bc96b\u003e] __up_console_sem+0x82/0xaf\nhardirqs last disabled at (614630): [\u003c00000000600bc92c\u003e] __up_console_sem+0x43/0xaf\nsoftirqs last enabled at (614268): [\u003c00000000606c55c6\u003e] __ieee80211_wake_queue+0x933/0x985\nsoftirqs last disabled at (614266): [\u003c00000000606c52d6\u003e] __ieee80211_wake_queue+0x643/0x985", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38643", "https://git.kernel.org/linus/2c5dee15239f3f3e31aa5c8808f18996c039e2c1 (6.17-rc1)", "https://git.kernel.org/stable/c/2c5dee15239f3f3e31aa5c8808f18996c039e2c1", "https://git.kernel.org/stable/c/4a63523d3541eef4cf504a9682e6fbe94ffe79a6", "https://git.kernel.org/stable/c/7022df2248c08c6f75a01714163ac902333bf3db", "https://git.kernel.org/stable/c/b3d24038eb775f2f7a1dfef58d8e1dc444a12820", "https://git.kernel.org/stable/c/dbce810607726408f889d3358f4780fd1436861e", "https://git.kernel.org/stable/c/defe9ce121160788547e8e6ec4438ad8a14f40dd", "https://linux.oracle.com/cve/CVE-2025-38643.html", "https://linux.oracle.com/errata/ELSA-2026-50006.html", "https://lore.kernel.org/linux-cve-announce/2025082235-CVE-2025-38643-a281@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38643", "https://ubuntu.com/security/notices/USN-7879-1", "https://ubuntu.com/security/notices/USN-7879-2", "https://ubuntu.com/security/notices/USN-7879-3", "https://ubuntu.com/security/notices/USN-7879-4", "https://ubuntu.com/security/notices/USN-7880-1", "https://ubuntu.com/security/notices/USN-7934-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38643" ], "PublishedDate": "2025-08-22T16:15:38.417Z", "LastModifiedDate": "2026-03-17T16:15:09.467Z" }, { "VulnerabilityID": "CVE-2025-38644", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38644", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:42d28019d25e6107142248573cbab9eaaf0afc83d42dad9ed960626eb44bdba3", "Title": "kernel: wifi: mac80211: reject TDLS operations when station is not associated", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: reject TDLS operations when station is not associated\n\nsyzbot triggered a WARN in ieee80211_tdls_oper() by sending\nNL80211_TDLS_ENABLE_LINK immediately after NL80211_CMD_CONNECT,\nbefore association completed and without prior TDLS setup.\n\nThis left internal state like sdata-\u003eu.mgd.tdls_peer uninitialized,\nleading to a WARN_ON() in code paths that assumed it was valid.\n\nReject the operation early if not in station mode or not associated.", "Severity": "MEDIUM", "CweIDs": [ "CWE-908" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38644", "https://git.kernel.org/linus/16ecdab5446f15a61ec88eb0d23d25d009821db0 (6.17-rc1)", "https://git.kernel.org/stable/c/0c84204cf0bbe89e454a5caccc6a908bc7db1542", "https://git.kernel.org/stable/c/16ecdab5446f15a61ec88eb0d23d25d009821db0", "https://git.kernel.org/stable/c/31af06b574394530f68a4310c45ecbe2f68853c4", "https://git.kernel.org/stable/c/378ae9ccaea3f445838a087962a067b5cb2e8577", "https://git.kernel.org/stable/c/4df663d4c1ca386dcab2f743dfc9f0cc07aef73c", "https://git.kernel.org/stable/c/af72badd5ee423eb16f6ad7fe0a62f1b4252d848", "https://linux.oracle.com/cve/CVE-2025-38644.html", "https://linux.oracle.com/errata/ELSA-2025-20662.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025082235-CVE-2025-38644-39b4@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38644", "https://ubuntu.com/security/notices/USN-7879-1", "https://ubuntu.com/security/notices/USN-7879-2", "https://ubuntu.com/security/notices/USN-7879-3", "https://ubuntu.com/security/notices/USN-7879-4", "https://ubuntu.com/security/notices/USN-7880-1", "https://ubuntu.com/security/notices/USN-7934-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38644" ], "PublishedDate": "2025-08-22T16:15:38.567Z", "LastModifiedDate": "2026-01-07T16:21:33.453Z" }, { "VulnerabilityID": "CVE-2025-38659", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38659", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c8b4b9fefb5e108b0ff7b0109c3ad3a19bf65b487ef13df6aa0c5198f9ac74cc", "Title": "kernel: gfs2: No more self recovery", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: No more self recovery\n\nWhen a node withdraws and it turns out that it is the only node that has\nthe filesystem mounted, gfs2 currently tries to replay the local journal\nto bring the filesystem back into a consistent state. Not only is that\na very bad idea, it has also never worked because gfs2_recover_func()\nwill refuse to do anything during a withdraw.\n\nHowever, before even getting to this point, gfs2_recover_func()\ndereferences sdp-\u003esd_jdesc-\u003ejd_inode. This was a use-after-free before\ncommit 04133b607a78 (\"gfs2: Prevent double iput for journal on error\")\nand is a NULL pointer dereference since then.\n\nSimply get rid of self recovery to fix that.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38659", "https://git.kernel.org/linus/deb016c1669002e48c431d6fd32ea1c20ef41756 (6.17-rc1)", "https://git.kernel.org/stable/c/1a91ba12abef628b43cada87478328274d988e88", "https://git.kernel.org/stable/c/6784367b2f3cd7b89103de35764f37f152590dbd", "https://git.kernel.org/stable/c/6ebe17b359bead383581f729e43f591c1c36e159", "https://git.kernel.org/stable/c/97c94c7dbddc34d353c83b541b3decabf98d04af", "https://git.kernel.org/stable/c/deb016c1669002e48c431d6fd32ea1c20ef41756", "https://git.kernel.org/stable/c/f5426ffbec971a8f7346a57392d3a901bdee5a9b", "https://linux.oracle.com/cve/CVE-2025-38659.html", "https://linux.oracle.com/errata/ELSA-2025-20662.html", "https://lore.kernel.org/linux-cve-announce/2025082239-CVE-2025-38659-de59@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38659", "https://ubuntu.com/security/notices/USN-7879-1", "https://ubuntu.com/security/notices/USN-7879-2", "https://ubuntu.com/security/notices/USN-7879-3", "https://ubuntu.com/security/notices/USN-7879-4", "https://ubuntu.com/security/notices/USN-7880-1", "https://ubuntu.com/security/notices/USN-7934-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38659" ], "PublishedDate": "2025-08-22T16:15:41.053Z", "LastModifiedDate": "2026-03-25T11:16:11.51Z" }, { "VulnerabilityID": "CVE-2025-38665", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38665", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6166464610ce694a9f1821809d39d48fb11d8add6aa42f4ee5b9cb215226d79b", "Title": "kernel: can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode\n\nAndrei Lalaev reported a NULL pointer deref when a CAN device is\nrestarted from Bus Off and the driver does not implement the struct\ncan_priv::do_set_mode callback.\n\nThere are 2 code path that call struct can_priv::do_set_mode:\n- directly by a manual restart from the user space, via\n can_changelink()\n- delayed automatic restart after bus off (deactivated by default)\n\nTo prevent the NULL pointer deference, refuse a manual restart or\nconfigure the automatic restart delay in can_changelink() and report\nthe error via extack to user space.\n\nAs an additional safety measure let can_restart() return an error if\ncan_priv::do_set_mode is not set instead of dereferencing it\nunchecked.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 3, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38665", "https://git.kernel.org/linus/c1f3f9797c1f44a762e6f5f72520b2e520537b52 (6.16)", "https://git.kernel.org/stable/c/0ca816a96fdcf32644c80cbe7a82c7b6ce6ddda5", "https://git.kernel.org/stable/c/6acceb46180f9e160d4f0c56fcaf39ba562822ae", "https://git.kernel.org/stable/c/6bbcf37c5114926c99a1d1e6993a5b35689d2599", "https://git.kernel.org/stable/c/c1f3f9797c1f44a762e6f5f72520b2e520537b52", "https://git.kernel.org/stable/c/cf81a60a973358dea163f6b14062f17831ceb894", "https://linux.oracle.com/cve/CVE-2025-38665.html", "https://linux.oracle.com/errata/ELSA-2025-20662.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025082259-CVE-2025-38665-29e2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38665", "https://ubuntu.com/security/notices/USN-7879-1", "https://ubuntu.com/security/notices/USN-7879-2", "https://ubuntu.com/security/notices/USN-7879-3", "https://ubuntu.com/security/notices/USN-7879-4", "https://ubuntu.com/security/notices/USN-7880-1", "https://ubuntu.com/security/notices/USN-7934-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38665" ], "PublishedDate": "2025-08-22T16:15:41.86Z", "LastModifiedDate": "2026-01-07T17:32:07.123Z" }, { "VulnerabilityID": "CVE-2025-38669", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38669", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e950f989150de6f140f30d3c49f322306c0722a6b245569b0b9f8dd0d2cfc622", "Title": "kernel: Revert \"drm/gem-shmem: Use dma_buf from GEM object instance\"", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"drm/gem-shmem: Use dma_buf from GEM object instance\"\n\nThis reverts commit 1a148af06000e545e714fe3210af3d77ff903c11.\n\nThe dma_buf field in struct drm_gem_object is not stable over the\nobject instance's lifetime. The field becomes NULL when user space\nreleases the final GEM handle on the buffer object. This resulted\nin a NULL-pointer deref.\n\nWorkarounds in commit 5307dce878d4 (\"drm/gem: Acquire references on\nGEM handles for framebuffers\") and commit f6bfc9afc751 (\"drm/framebuffer:\nAcquire internal references on GEM handles\") only solved the problem\npartially. They especially don't work for buffer objects without a DRM\nframebuffer associated.\n\nHence, this revert to going back to using .import_attach-\u003edmabuf.\n\nv3:\n- cc stable", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38669", "https://git.kernel.org/linus/6d496e9569983a0d7a05be6661126d0702cf94f7 (6.16)", "https://git.kernel.org/stable/c/291a77604858a8b47cf6640a12b76e97f99e00ed", "https://git.kernel.org/stable/c/6d496e9569983a0d7a05be6661126d0702cf94f7", "https://lore.kernel.org/linux-cve-announce/2025082201-CVE-2025-38669-d1f0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38669", "https://www.cve.org/CVERecord?id=CVE-2025-38669" ], "PublishedDate": "2025-08-22T16:15:42.423Z", "LastModifiedDate": "2025-11-25T22:14:19.833Z" }, { "VulnerabilityID": "CVE-2025-38672", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38672", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d8dae81a1a8c1ec5d4a0927e20d0f032fba2e60d85d6e4562985359fc5c773e2", "Title": "kernel: Revert \"drm/gem-dma: Use dma_buf from GEM object instance\"", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"drm/gem-dma: Use dma_buf from GEM object instance\"\n\nThis reverts commit e8afa1557f4f963c9a511bd2c6074a941c308685.\n\nThe dma_buf field in struct drm_gem_object is not stable over the\nobject instance's lifetime. The field becomes NULL when user space\nreleases the final GEM handle on the buffer object. This resulted\nin a NULL-pointer deref.\n\nWorkarounds in commit 5307dce878d4 (\"drm/gem: Acquire references on\nGEM handles for framebuffers\") and commit f6bfc9afc751 (\"drm/framebuffer:\nAcquire internal references on GEM handles\") only solved the problem\npartially. They especially don't work for buffer objects without a DRM\nframebuffer associated.\n\nHence, this revert to going back to using .import_attach-\u003edmabuf.\n\nv3:\n- cc stable", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38672", "https://git.kernel.org/linus/1918e79be908b8a2c8757640289bc196c14d928a (6.16)", "https://git.kernel.org/stable/c/1918e79be908b8a2c8757640289bc196c14d928a", "https://git.kernel.org/stable/c/e7bdb3104a2f71ec1439d37f8e6e2f201dbcd7cf", "https://lore.kernel.org/linux-cve-announce/2025082201-CVE-2025-38672-f53c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38672", "https://www.cve.org/CVERecord?id=CVE-2025-38672" ], "PublishedDate": "2025-08-22T16:15:42.82Z", "LastModifiedDate": "2025-11-25T22:14:25.357Z" }, { "VulnerabilityID": "CVE-2025-38673", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38673", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8f7b5b974b008d992162bbfb525ba01170ed459cab99b9c0008da38ea2dcdd8d", "Title": "kernel: Revert \"drm/gem-framebuffer: Use dma_buf from GEM object instance\"", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"drm/gem-framebuffer: Use dma_buf from GEM object instance\"\n\nThis reverts commit cce16fcd7446dcff7480cd9d2b6417075ed81065.\n\nThe dma_buf field in struct drm_gem_object is not stable over the\nobject instance's lifetime. The field becomes NULL when user space\nreleases the final GEM handle on the buffer object. This resulted\nin a NULL-pointer deref.\n\nWorkarounds in commit 5307dce878d4 (\"drm/gem: Acquire references on\nGEM handles for framebuffers\") and commit f6bfc9afc751 (\"drm/framebuffer:\nAcquire internal references on GEM handles\") only solved the problem\npartially. They especially don't work for buffer objects without a DRM\nframebuffer associated.\n\nHence, this revert to going back to using .import_attach-\u003edmabuf.\n\nv3:\n- cc stable", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38673", "https://git.kernel.org/linus/2712ca878b688682ac2ce02aefc413fc76019cd9 (6.16)", "https://git.kernel.org/stable/c/2712ca878b688682ac2ce02aefc413fc76019cd9", "https://git.kernel.org/stable/c/e31f5a1c2cd38bf977736cdfa79444e19d4005ec", "https://lore.kernel.org/linux-cve-announce/2025082202-CVE-2025-38673-80b9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38673", "https://www.cve.org/CVERecord?id=CVE-2025-38673" ], "PublishedDate": "2025-08-22T16:15:42.953Z", "LastModifiedDate": "2025-11-25T22:14:31.263Z" }, { "VulnerabilityID": "CVE-2025-38674", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38674", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c2300f77abbcd241f0610b6c19db5921d66e2ad05fe6db5bd900c809ffb36fd6", "Title": "kernel: Revert \"drm/prime: Use dma_buf from GEM object instance\"", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"drm/prime: Use dma_buf from GEM object instance\"\n\nThis reverts commit f83a9b8c7fd0557b0c50784bfdc1bbe9140c9bf8.\n\nThe dma_buf field in struct drm_gem_object is not stable over the\nobject instance's lifetime. The field becomes NULL when user space\nreleases the final GEM handle on the buffer object. This resulted\nin a NULL-pointer deref.\n\nWorkarounds in commit 5307dce878d4 (\"drm/gem: Acquire references on\nGEM handles for framebuffers\") and commit f6bfc9afc751 (\"drm/framebuffer:\nAcquire internal references on GEM handles\") only solved the problem\npartially. They especially don't work for buffer objects without a DRM\nframebuffer associated.\n\nHence, this revert to going back to using .import_attach-\u003edmabuf.\n\nv3:\n- cc stable", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38674", "https://git.kernel.org/linus/fb4ef4a52b79a22ad382bfe77332642d02aef773 (6.16)", "https://git.kernel.org/stable/c/5f05d83ce689a8930a70dfa73f879604aef8cc03", "https://git.kernel.org/stable/c/fb4ef4a52b79a22ad382bfe77332642d02aef773", "https://lore.kernel.org/linux-cve-announce/2025082202-CVE-2025-38674-58f1@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38674", "https://www.cve.org/CVERecord?id=CVE-2025-38674" ], "PublishedDate": "2025-08-22T16:15:43.09Z", "LastModifiedDate": "2025-11-25T22:04:20.21Z" }, { "VulnerabilityID": "CVE-2025-38679", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38679", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b0f10c2fe5fefff3fd9c4922e4fb783557c2c06053167251a5db9ded96675310", "Title": "kernel: media: venus: Fix OOB read due to missing payload bound check", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: Fix OOB read due to missing payload bound check\n\nCurrently, The event_seq_changed() handler processes a variable number\nof properties sent by the firmware. The number of properties is indicated\nby the firmware and used to iterate over the payload. However, the\npayload size is not being validated against the actual message length.\n\nThis can lead to out-of-bounds memory access if the firmware provides a\nproperty count that exceeds the data available in the payload. Such a\ncondition can result in kernel crashes or potential information leaks if\nmemory beyond the buffer is accessed.\n\nFix this by properly validating the remaining size of the payload before\neach property access and updating bounds accordingly as properties are\nparsed.\n\nThis ensures that property parsing is safely bounded within the received\nmessage buffer and protects against malformed or malicious firmware\nbehavior.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "azure": 2, "nvd": 3, "photon": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38679", "https://git.kernel.org/linus/06d6770ff0d8cc8dfd392329a8cc03e2a83e7289 (6.17-rc1)", "https://git.kernel.org/stable/c/06d6770ff0d8cc8dfd392329a8cc03e2a83e7289", "https://git.kernel.org/stable/c/6f08bfb5805637419902f3d70069fe17a404545b", "https://git.kernel.org/stable/c/8f274e2b05fdae7a53cee83979202b5ecb49035c", "https://git.kernel.org/stable/c/a3eef5847603cd8a4110587907988c3f93c9605a", "https://git.kernel.org/stable/c/bed4921055dd7bb4d2eea2729852ae18cf97a2c6", "https://git.kernel.org/stable/c/c956c3758510b448b3d4d10d1da8230e8c9bf668", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025090443-CVE-2025-38679-be66@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38679", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38679" ], "PublishedDate": "2025-09-04T16:15:35.387Z", "LastModifiedDate": "2026-01-08T22:30:19.237Z" }, { "VulnerabilityID": "CVE-2025-38689", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38689", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:287234e7239f4053885cd7505229b6f18625aafdc2e0ab408e308bd48179d63a", "Title": "kernel: x86/fpu: Fix NULL dereference in avx512_status()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/fpu: Fix NULL dereference in avx512_status()\n\nProblem\n-------\nWith CONFIG_X86_DEBUG_FPU enabled, reading /proc/[kthread]/arch_status\ncauses a warning and a NULL pointer dereference.\n\nThis is because the AVX-512 timestamp code uses x86_task_fpu() but\ndoesn't check it for NULL. CONFIG_X86_DEBUG_FPU addles that function\nfor kernel threads (PF_KTHREAD specifically), making it return NULL.\n\nThe point of the warning was to ensure that kernel threads only access\ntask-\u003efpu after going through kernel_fpu_begin()/_end(). Note: all\nkernel tasks exposed in /proc have a valid task-\u003efpu.\n\nSolution\n--------\nOne option is to silence the warning and check for NULL from\nx86_task_fpu(). However, that warning is fairly fresh and seems like a\ndefense against misuse of the FPU state in kernel threads.\n\nInstead, stop outputting AVX-512_elapsed_ms for kernel threads\naltogether. The data was garbage anyway because avx512_timestamp is\nonly updated for user threads, not kernel threads.\n\nIf anyone ever wants to track kernel thread AVX-512 use, they can come\nback later and do it properly, separate from this bug fix.\n\n[ dhansen: mostly rewrite changelog ]", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38689", "https://git.kernel.org/linus/31cd31c9e17ece125aad27259501a2af69ccb020 (6.17-rc2)", "https://git.kernel.org/stable/c/2ca887e81095b99d890a8878841f36f4920181e6", "https://git.kernel.org/stable/c/31cd31c9e17ece125aad27259501a2af69ccb020", "https://lore.kernel.org/linux-cve-announce/2025090448-CVE-2025-38689-ac95@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38689", "https://www.cve.org/CVERecord?id=CVE-2025-38689" ], "PublishedDate": "2025-09-04T16:15:37.013Z", "LastModifiedDate": "2025-11-24T19:47:21.78Z" }, { "VulnerabilityID": "CVE-2025-38692", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38692", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4f4f89e1030a9f8b3730571db25e8e337b2fdd69e86ddd94aef6295af5e05765", "Title": "kernel: exfat: add cluster chain loop check for dir", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: add cluster chain loop check for dir\n\nAn infinite loop may occur if the following conditions occur due to\nfile system corruption.\n\n(1) Condition for exfat_count_dir_entries() to loop infinitely.\n - The cluster chain includes a loop.\n - There is no UNUSED entry in the cluster chain.\n\n(2) Condition for exfat_create_upcase_table() to loop infinitely.\n - The cluster chain of the root directory includes a loop.\n - There are no UNUSED entry and up-case table entry in the cluster\n chain of the root directory.\n\n(3) Condition for exfat_load_bitmap() to loop infinitely.\n - The cluster chain of the root directory includes a loop.\n - There are no UNUSED entry and bitmap entry in the cluster chain\n of the root directory.\n\n(4) Condition for exfat_find_dir_entry() to loop infinitely.\n - The cluster chain includes a loop.\n - The unused directory entries were exhausted by some operation.\n\n(5) Condition for exfat_check_dir_empty() to loop infinitely.\n - The cluster chain includes a loop.\n - The unused directory entries were exhausted by some operation.\n - All files and sub-directories under the directory are deleted.\n\nThis commit adds checks to break the above infinite loop.", "Severity": "MEDIUM", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38692", "https://git.kernel.org/linus/99f9a97dce39ad413c39b92c90393bbd6778f3fd (6.17-rc1)", "https://git.kernel.org/stable/c/4c3cda20c4cf1871e27868d08fda06b79bc7d568", "https://git.kernel.org/stable/c/868f23286c1a13162330fa6c614fe350f78e3f82", "https://git.kernel.org/stable/c/99f9a97dce39ad413c39b92c90393bbd6778f3fd", "https://git.kernel.org/stable/c/aa8fe7b7b73d4c9a41bb96cb3fb3092f794ecb33", "https://git.kernel.org/stable/c/e2066ca3ef49a30920d8536fa366b2a183a808ee", "https://linux.oracle.com/cve/CVE-2025-38692.html", "https://linux.oracle.com/errata/ELSA-2025-20662.html", "https://lore.kernel.org/linux-cve-announce/2025090450-CVE-2025-38692-90f5@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38692", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38692" ], "PublishedDate": "2025-09-04T16:15:37.447Z", "LastModifiedDate": "2025-11-24T19:45:16.833Z" }, { "VulnerabilityID": "CVE-2025-38702", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38702", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:fe96f6dacc720c4cab67750ac804d8573dbb534ba53b6949da3b339eb600267e", "Title": "kernel: fbdev: fix potential buffer overflow in do_register_framebuffer()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: fix potential buffer overflow in do_register_framebuffer()\n\nThe current implementation may lead to buffer overflow when:\n1. Unregistration creates NULL gaps in registered_fb[]\n2. All array slots become occupied despite num_registered_fb \u003c FB_MAX\n3. The registration loop exceeds array bounds\n\nAdd boundary check to prevent registered_fb[FB_MAX] access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "amazon": 3, "azure": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "V3Score": 6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38702", "https://git.kernel.org/linus/523b84dc7ccea9c4d79126d6ed1cf9033cf83b05 (6.17-rc1)", "https://git.kernel.org/stable/c/248b2aab9b2af5ecf89d9d7955a2ff20c4b4a399", "https://git.kernel.org/stable/c/2828a433c7d7a05b6f27c8148502095101dd0b09", "https://git.kernel.org/stable/c/523b84dc7ccea9c4d79126d6ed1cf9033cf83b05", "https://git.kernel.org/stable/c/5c3f5a25c62230b7965804ce7a2e9305c3ca3961", "https://git.kernel.org/stable/c/806f85bdd3a60187c21437fc51baace11f659f35", "https://git.kernel.org/stable/c/cbe740de32bb0fb7a5213731ff5f26ea6718fca3", "https://linux.oracle.com/cve/CVE-2025-38702.html", "https://linux.oracle.com/errata/ELSA-2025-20662.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025090453-CVE-2025-38702-0b09@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38702", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38702" ], "PublishedDate": "2025-09-04T16:15:38.99Z", "LastModifiedDate": "2026-01-23T20:31:27.95Z" }, { "VulnerabilityID": "CVE-2025-38703", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38703", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c04e47c1cf5c5139a4c10753b7162922c0a21e92594964b1e4231cd9b6364ab7", "Title": "kernel: drm/xe: Make dma-fences compliant with the safe access rules", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Make dma-fences compliant with the safe access rules\n\nXe can free some of the data pointed to by the dma-fences it exports. Most\nnotably the timeline name can get freed if userspace closes the associated\nsubmit queue. At the same time the fence could have been exported to a\nthird party (for example a sync_fence fd) which will then cause an use-\nafter-free on subsequent access.\n\nTo make this safe we need to make the driver compliant with the newly\ndocumented dma-fence rules. Driver has to ensure a RCU grace period\nbetween signalling a fence and freeing any data pointed to by said fence.\n\nFor the timeline name we simply make the queue be freed via kfree_rcu and\nfor the shared lock associated with multiple queues we add a RCU grace\nperiod before freeing the per GT structure holding the lock.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "alma": 3, "nvd": 3, "oracle-oval": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:0793", "https://access.redhat.com/security/cve/CVE-2025-38703", "https://bugzilla.redhat.com/2393157", "https://bugzilla.redhat.com/2401432", "https://bugzilla.redhat.com/2419954", "https://bugzilla.redhat.com/2422788", "https://bugzilla.redhat.com/2422801", "https://bugzilla.redhat.com/show_bug.cgi?id=2393157", "https://bugzilla.redhat.com/show_bug.cgi?id=2401432", "https://bugzilla.redhat.com/show_bug.cgi?id=2419954", "https://bugzilla.redhat.com/show_bug.cgi?id=2422788", "https://bugzilla.redhat.com/show_bug.cgi?id=2422801", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38703", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39933", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40277", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68285", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68287", "https://errata.almalinux.org/9/ALSA-2026-0793.html", "https://errata.rockylinux.org/RLSA-2026:0793", "https://git.kernel.org/linus/6bd90e700b4285e6a7541e00f969cab0d696adde (6.17-rc1)", "https://git.kernel.org/stable/c/683b0e397dad9f26a42dcacf6f7f545a77ce6c06", "https://git.kernel.org/stable/c/6bd90e700b4285e6a7541e00f969cab0d696adde", "https://git.kernel.org/stable/c/b17fcce70733c211cb5dabf54f4f9491920b1d92", "https://git.kernel.org/stable/c/ba37807d08bae67de6139346a85650cab5f6145a", "https://linux.oracle.com/cve/CVE-2025-38703.html", "https://linux.oracle.com/errata/ELSA-2026-4012.html", "https://lore.kernel.org/linux-cve-announce/2025090453-CVE-2025-38703-2f5c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38703", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38703" ], "PublishedDate": "2025-09-04T16:15:39.13Z", "LastModifiedDate": "2025-11-24T19:45:00.563Z" }, { "VulnerabilityID": "CVE-2025-38704", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38704", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:dc2ae048604f59a3e97041673a166834f582b6b74e8a89c7f3daf54337441620", "Title": "kernel: rcu/nocb: Fix possible invalid rdp's-\u003enocb_cb_kthread pointer access", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcu/nocb: Fix possible invalid rdp's-\u003enocb_cb_kthread pointer access\n\nIn the preparation stage of CPU online, if the corresponding\nthe rdp's-\u003enocb_cb_kthread does not exist, will be created,\nthere is a situation where the rdp's rcuop kthreads creation fails,\nand then de-offload this CPU's rdp, does not assign this CPU's\nrdp-\u003enocb_cb_kthread pointer, but this rdp's-\u003enocb_gp_rdp and\nrdp's-\u003erdp_gp-\u003enocb_gp_kthread is still valid.\n\nThis will cause the subsequent re-offload operation of this offline\nCPU, which will pass the conditional check and the kthread_unpark()\nwill access invalid rdp's-\u003enocb_cb_kthread pointer.\n\nThis commit therefore use rdp's-\u003enocb_gp_kthread instead of\nrdp_gp's-\u003enocb_gp_kthread for safety check.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38704", "https://git.kernel.org/linus/1bba3900ca18bdae28d1b9fa10f16a8f8cb2ada1 (6.17-rc1)", "https://git.kernel.org/stable/c/1bba3900ca18bdae28d1b9fa10f16a8f8cb2ada1", "https://git.kernel.org/stable/c/1c951683a720b17c9ecaad1932bc95b29044611f", "https://git.kernel.org/stable/c/3da45ec1e485a1a5ad31fe9ddd467c7ee5ae4ef9", "https://git.kernel.org/stable/c/9b5ec8e6b31755288a07b3abeeab8cd38e9d3c9d", "https://git.kernel.org/stable/c/b097ae798298885695c339d390b48b4e39619fa7", "https://git.kernel.org/stable/c/cce3d027227c69e85896af9fbc6fa9af5c68f067", "https://linux.oracle.com/cve/CVE-2025-38704.html", "https://linux.oracle.com/errata/ELSA-2025-20662.html", "https://lore.kernel.org/linux-cve-announce/2025090454-CVE-2025-38704-4353@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38704", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38704" ], "PublishedDate": "2025-09-04T16:15:39.263Z", "LastModifiedDate": "2026-03-25T11:16:11.683Z" }, { "VulnerabilityID": "CVE-2025-38705", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38705", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5c6e24d251b8d2878f4f9e307a1ae8b4a02a48d1de40e2086ecfebf89177bdb2", "Title": "kernel: drm/amd/pm: fix null pointer access", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: fix null pointer access\n\nWriting a string without delimiters (' ', '\\n', '\\0') to the under\ngpu_od/fan_ctrl sysfs or pp_power_profile_mode for the CUSTOM profile\nwill result in a null pointer dereference.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "photon": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38705", "https://git.kernel.org/linus/d524d40e3a6152a3ea1125af729f8cd8ca65efde (6.17-rc1)", "https://git.kernel.org/stable/c/5d8cc029e5595760c7d18c64632e8e40a86a9b2e", "https://git.kernel.org/stable/c/a83ffafd02a7af59848755c109d544e3894af737", "https://git.kernel.org/stable/c/cef79c18538e9ce2ca6e5b3fa95c38ec41dcd07a", "https://git.kernel.org/stable/c/d524d40e3a6152a3ea1125af729f8cd8ca65efde", "https://linux.oracle.com/cve/CVE-2025-38705.html", "https://linux.oracle.com/errata/ELSA-2025-20662.html", "https://lore.kernel.org/linux-cve-announce/2025090454-CVE-2025-38705-7cd6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38705", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38705" ], "PublishedDate": "2025-09-04T16:15:39.403Z", "LastModifiedDate": "2025-11-24T19:43:18.883Z" }, { "VulnerabilityID": "CVE-2025-38709", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38709", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:823bcf0f351914184e0e117096346cb0f5d627b69869d0a88716a8a3cef0235d", "Title": "kernel: loop: Avoid updating block size under exclusive owner", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nloop: Avoid updating block size under exclusive owner\n\nSyzbot came up with a reproducer where a loop device block size is\nchanged underneath a mounted filesystem. This causes a mismatch between\nthe block device block size and the block size stored in the superblock\ncausing confusion in various places such as fs/buffer.c. The particular\nissue triggered by syzbot was a warning in __getblk_slow() due to\nrequested buffer size not matching block device block size.\n\nFix the problem by getting exclusive hold of the loop device to change\nits block size. This fails if somebody (such as filesystem) has already\nan exclusive ownership of the block device and thus prevents modifying\nthe loop device under some exclusive owner which doesn't expect it.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38709", "https://git.kernel.org/linus/7e49538288e523427beedd26993d446afef1a6fb (6.17-rc1)", "https://git.kernel.org/stable/c/139a000d20f2f38ce34296feddd641d730fe1c08", "https://git.kernel.org/stable/c/457d2c5e112fd08dc1039b1ae39a83ec1782360d", "https://git.kernel.org/stable/c/5d67b30aefeb7a949040bbb1b4e3b84c5d29a624", "https://git.kernel.org/stable/c/7e49538288e523427beedd26993d446afef1a6fb", "https://git.kernel.org/stable/c/b928438cc87c0bf7ae078e4b7b6e14261e84c5c5", "https://git.kernel.org/stable/c/ce8da5d13d8c2a7b30b2fb376a22e8eb1a70b8bb", "https://linux.oracle.com/cve/CVE-2025-38709.html", "https://linux.oracle.com/errata/ELSA-2025-20662.html", "https://lore.kernel.org/linux-cve-announce/2025090456-CVE-2025-38709-f62c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38709", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38709" ], "PublishedDate": "2025-09-04T16:15:39.997Z", "LastModifiedDate": "2025-12-03T20:00:20.867Z" }, { "VulnerabilityID": "CVE-2025-38710", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38710", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5e792a57b0ade5a8949744b2d47dac52cfb9794c57305c9ba7952e65cb698729", "Title": "kernel: gfs2: Validate i_depth for exhash directories", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Validate i_depth for exhash directories\n\nA fuzzer test introduced corruption that ends up with a depth of 0 in\ndir_e_read(), causing an undefined shift by 32 at:\n\n index = hash \u003e\u003e (32 - dip-\u003ei_depth);\n\nAs calculated in an open-coded way in dir_make_exhash(), the minimum\ndepth for an exhash directory is ilog2(sdp-\u003esd_hash_ptrs) and 0 is\ninvalid as sdp-\u003esd_hash_ptrs is fixed as sdp-\u003ebsize / 16 at mount time.\n\nSo we can avoid the undefined behaviour by checking for depth values\nlower than the minimum in gfs2_dinode_in(). Values greater than the\nmaximum are already being checked for there.\n\nAlso switch the calculation in dir_make_exhash() to use ilog2() to\nclarify how the depth is calculated.\n\nTested with the syzkaller repro.c and xfstests '-g quick'.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H", "V3Score": 5.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38710", "https://git.kernel.org/linus/557c024ca7250bb65ae60f16c02074106c2f197b (6.17-rc1)", "https://git.kernel.org/stable/c/53a0249d68a210c16e961b83adfa82f94ee0a53d", "https://git.kernel.org/stable/c/557c024ca7250bb65ae60f16c02074106c2f197b", "https://git.kernel.org/stable/c/9680c58675b82348ab84d387e4fa727f7587e1a0", "https://git.kernel.org/stable/c/b5f46951e62377b6e406fadc18bc3c5bdf1632a7", "https://linux.oracle.com/cve/CVE-2025-38710.html", "https://linux.oracle.com/errata/ELSA-2025-20662.html", "https://lore.kernel.org/linux-cve-announce/2025090456-CVE-2025-38710-1b60@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38710", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38710" ], "PublishedDate": "2025-09-04T16:15:40.137Z", "LastModifiedDate": "2025-11-25T22:07:05.383Z" }, { "VulnerabilityID": "CVE-2025-38716", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38716", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e7474e1ccc995eff0396657947486733d1f9b6f898196886b14f391ccda55bd0", "Title": "kernel: hfs: fix general protection fault in hfs_find_init()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfs: fix general protection fault in hfs_find_init()\n\nThe hfs_find_init() method can trigger the crash\nif tree pointer is NULL:\n\n[ 45.746290][ T9787] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000008: 0000 [#1] SMP KAI\n[ 45.747287][ T9787] KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047]\n[ 45.748716][ T9787] CPU: 2 UID: 0 PID: 9787 Comm: repro Not tainted 6.16.0-rc3 #10 PREEMPT(full)\n[ 45.750250][ T9787] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 45.751983][ T9787] RIP: 0010:hfs_find_init+0x86/0x230\n[ 45.752834][ T9787] Code: c1 ea 03 80 3c 02 00 0f 85 9a 01 00 00 4c 8d 6b 40 48 c7 45 18 00 00 00 00 48 b8 00 00 00 00 00 fc\n[ 45.755574][ T9787] RSP: 0018:ffffc90015157668 EFLAGS: 00010202\n[ 45.756432][ T9787] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff819a4d09\n[ 45.757457][ T9787] RDX: 0000000000000008 RSI: ffffffff819acd3a RDI: ffffc900151576e8\n[ 45.758282][ T9787] RBP: ffffc900151576d0 R08: 0000000000000005 R09: 0000000000000000\n[ 45.758943][ T9787] R10: 0000000080000000 R11: 0000000000000001 R12: 0000000000000004\n[ 45.759619][ T9787] R13: 0000000000000040 R14: ffff88802c50814a R15: 0000000000000000\n[ 45.760293][ T9787] FS: 00007ffb72734540(0000) GS:ffff8880cec64000(0000) knlGS:0000000000000000\n[ 45.761050][ T9787] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 45.761606][ T9787] CR2: 00007f9bd8225000 CR3: 000000010979a000 CR4: 00000000000006f0\n[ 45.762286][ T9787] Call Trace:\n[ 45.762570][ T9787] \u003cTASK\u003e\n[ 45.762824][ T9787] hfs_ext_read_extent+0x190/0x9d0\n[ 45.763269][ T9787] ? submit_bio_noacct_nocheck+0x2dd/0xce0\n[ 45.763766][ T9787] ? __pfx_hfs_ext_read_extent+0x10/0x10\n[ 45.764250][ T9787] hfs_get_block+0x55f/0x830\n[ 45.764646][ T9787] block_read_full_folio+0x36d/0x850\n[ 45.765105][ T9787] ? __pfx_hfs_get_block+0x10/0x10\n[ 45.765541][ T9787] ? const_folio_flags+0x5b/0x100\n[ 45.765972][ T9787] ? __pfx_hfs_read_folio+0x10/0x10\n[ 45.766415][ T9787] filemap_read_folio+0xbe/0x290\n[ 45.766840][ T9787] ? __pfx_filemap_read_folio+0x10/0x10\n[ 45.767325][ T9787] ? __filemap_get_folio+0x32b/0xbf0\n[ 45.767780][ T9787] do_read_cache_folio+0x263/0x5c0\n[ 45.768223][ T9787] ? __pfx_hfs_read_folio+0x10/0x10\n[ 45.768666][ T9787] read_cache_page+0x5b/0x160\n[ 45.769070][ T9787] hfs_btree_open+0x491/0x1740\n[ 45.769481][ T9787] hfs_mdb_get+0x15e2/0x1fb0\n[ 45.769877][ T9787] ? __pfx_hfs_mdb_get+0x10/0x10\n[ 45.770316][ T9787] ? find_held_lock+0x2b/0x80\n[ 45.770731][ T9787] ? lockdep_init_map_type+0x5c/0x280\n[ 45.771200][ T9787] ? lockdep_init_map_type+0x5c/0x280\n[ 45.771674][ T9787] hfs_fill_super+0x38e/0x720\n[ 45.772092][ T9787] ? __pfx_hfs_fill_super+0x10/0x10\n[ 45.772549][ T9787] ? snprintf+0xbe/0x100\n[ 45.772931][ T9787] ? __pfx_snprintf+0x10/0x10\n[ 45.773350][ T9787] ? do_raw_spin_lock+0x129/0x2b0\n[ 45.773796][ T9787] ? find_held_lock+0x2b/0x80\n[ 45.774215][ T9787] ? set_blocksize+0x40a/0x510\n[ 45.774636][ T9787] ? sb_set_blocksize+0x176/0x1d0\n[ 45.775087][ T9787] ? setup_bdev_super+0x369/0x730\n[ 45.775533][ T9787] get_tree_bdev_flags+0x384/0x620\n[ 45.775985][ T9787] ? __pfx_hfs_fill_super+0x10/0x10\n[ 45.776453][ T9787] ? __pfx_get_tree_bdev_flags+0x10/0x10\n[ 45.776950][ T9787] ? bpf_lsm_capable+0x9/0x10\n[ 45.777365][ T9787] ? security_capable+0x80/0x260\n[ 45.777803][ T9787] vfs_get_tree+0x8e/0x340\n[ 45.778203][ T9787] path_mount+0x13de/0x2010\n[ 45.778604][ T9787] ? kmem_cache_free+0x2b0/0x4c0\n[ 45.779052][ T9787] ? __pfx_path_mount+0x10/0x10\n[ 45.779480][ T9787] ? getname_flags.part.0+0x1c5/0x550\n[ 45.779954][ T9787] ? putname+0x154/0x1a0\n[ 45.780335][ T9787] __x64_sys_mount+0x27b/0x300\n[ 45.780758][ T9787] ? __pfx___x64_sys_mount+0x10/0x10\n[ 45.781232][ T9787] \n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38716", "https://git.kernel.org/linus/736a0516a16268995f4898eded49bfef077af709 (6.17-rc1)", "https://git.kernel.org/stable/c/4f032979b63ad52e08aadf0faeac34ed35133ec0", "https://git.kernel.org/stable/c/5d8b249527362e0ccafcaf76b3bec2a0d2aa1498", "https://git.kernel.org/stable/c/6e20e10064fdc43231636fca519c15c013a8e3d6", "https://git.kernel.org/stable/c/736a0516a16268995f4898eded49bfef077af709", "https://git.kernel.org/stable/c/b918c17a1934ac6309b0083f41d4e9d8fb3bb46c", "https://lore.kernel.org/linux-cve-announce/2025090458-CVE-2025-38716-4971@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38716", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38716" ], "PublishedDate": "2025-09-04T16:15:41.12Z", "LastModifiedDate": "2025-11-25T22:07:21.85Z" }, { "VulnerabilityID": "CVE-2025-38717", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38717", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3c6665b06187dfae69d377352bab1c0722593abad1148d5404077471b16a3b3b", "Title": "kernel: net: kcm: Fix race condition in kcm_unattach()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: kcm: Fix race condition in kcm_unattach()\n\nsyzbot found a race condition when kcm_unattach(psock)\nand kcm_release(kcm) are executed at the same time.\n\nkcm_unattach() is missing a check of the flag\nkcm-\u003etx_stopped before calling queue_work().\n\nIf the kcm has a reserved psock, kcm_unattach() might get executed\nbetween cancel_work_sync() and unreserve_psock() in kcm_release(),\nrequeuing kcm-\u003etx_work right before kcm gets freed in kcm_done().\n\nRemove kcm-\u003etx_stopped and replace it by the less\nerror-prone disable_work_sync().", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38717", "https://git.kernel.org/linus/52565a935213cd6a8662ddb8efe5b4219343a25d (6.17-rc2)", "https://git.kernel.org/stable/c/52565a935213cd6a8662ddb8efe5b4219343a25d", "https://git.kernel.org/stable/c/7275dc3bb8f91b23125ff3f47b6529935cf46152", "https://git.kernel.org/stable/c/798733ee5d5788b12e8a52db1519abc17e826f69", "https://git.kernel.org/stable/c/c0bffbc92a1ca3960fb9cdb8e9f75a68468eb308", "https://lore.kernel.org/linux-cve-announce/2025090459-CVE-2025-38717-fbf6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38717", "https://www.cve.org/CVERecord?id=CVE-2025-38717" ], "PublishedDate": "2025-09-04T16:15:41.257Z", "LastModifiedDate": "2025-11-25T22:07:31.647Z" }, { "VulnerabilityID": "CVE-2025-38728", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38728", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2a13113fddb4d395f11de9bc4cf1516d8c21ddcbb60e54e1139d53c7d7ec09ab", "Title": "kernel: smb3: fix for slab out of bounds on mount to ksmbd", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb3: fix for slab out of bounds on mount to ksmbd\n\nWith KASAN enabled, it is possible to get a slab out of bounds\nduring mount to ksmbd due to missing check in parse_server_interfaces()\n(see below):\n\n BUG: KASAN: slab-out-of-bounds in\n parse_server_interfaces+0x14ee/0x1880 [cifs]\n Read of size 4 at addr ffff8881433dba98 by task mount/9827\n\n CPU: 5 UID: 0 PID: 9827 Comm: mount Tainted: G\n OE 6.16.0-rc2-kasan #2 PREEMPT(voluntary)\n Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n Hardware name: Dell Inc. Precision Tower 3620/0MWYPT,\n BIOS 2.13.1 06/14/2019\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x9f/0xf0\n print_report+0xd1/0x670\n __virt_addr_valid+0x22c/0x430\n ? parse_server_interfaces+0x14ee/0x1880 [cifs]\n ? kasan_complete_mode_report_info+0x2a/0x1f0\n ? parse_server_interfaces+0x14ee/0x1880 [cifs]\n kasan_report+0xd6/0x110\n parse_server_interfaces+0x14ee/0x1880 [cifs]\n __asan_report_load_n_noabort+0x13/0x20\n parse_server_interfaces+0x14ee/0x1880 [cifs]\n ? __pfx_parse_server_interfaces+0x10/0x10 [cifs]\n ? trace_hardirqs_on+0x51/0x60\n SMB3_request_interfaces+0x1ad/0x3f0 [cifs]\n ? __pfx_SMB3_request_interfaces+0x10/0x10 [cifs]\n ? SMB2_tcon+0x23c/0x15d0 [cifs]\n smb3_qfs_tcon+0x173/0x2b0 [cifs]\n ? __pfx_smb3_qfs_tcon+0x10/0x10 [cifs]\n ? cifs_get_tcon+0x105d/0x2120 [cifs]\n ? do_raw_spin_unlock+0x5d/0x200\n ? cifs_get_tcon+0x105d/0x2120 [cifs]\n ? __pfx_smb3_qfs_tcon+0x10/0x10 [cifs]\n cifs_mount_get_tcon+0x369/0xb90 [cifs]\n ? dfs_cache_find+0xe7/0x150 [cifs]\n dfs_mount_share+0x985/0x2970 [cifs]\n ? check_path.constprop.0+0x28/0x50\n ? save_trace+0x54/0x370\n ? __pfx_dfs_mount_share+0x10/0x10 [cifs]\n ? __lock_acquire+0xb82/0x2ba0\n ? __kasan_check_write+0x18/0x20\n cifs_mount+0xbc/0x9e0 [cifs]\n ? __pfx_cifs_mount+0x10/0x10 [cifs]\n ? do_raw_spin_unlock+0x5d/0x200\n ? cifs_setup_cifs_sb+0x29d/0x810 [cifs]\n cifs_smb3_do_mount+0x263/0x1990 [cifs]", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38728", "https://git.kernel.org/linus/7d34ec36abb84fdfb6632a0f2cbda90379ae21fc (6.17-rc2)", "https://git.kernel.org/stable/c/7d34ec36abb84fdfb6632a0f2cbda90379ae21fc", "https://git.kernel.org/stable/c/8de33d4d72e8fae3502ec3850bd7b14e7c7328b6", "https://git.kernel.org/stable/c/9bdb8e98a0073c73ab3e6c631ec78877ceb64565", "https://git.kernel.org/stable/c/a0620e1525663edd8c4594f49fb75fe5be4724b0", "https://git.kernel.org/stable/c/a542f93a123555d09c3ce8bc947f7b56ad8e6463", "https://git.kernel.org/stable/c/f6eda5b0e8f8123564c5b34f5801d63243032eac", "https://linux.oracle.com/cve/CVE-2025-38728.html", "https://linux.oracle.com/errata/ELSA-2025-20662.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025090402-CVE-2025-38728-191d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38728", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38728" ], "PublishedDate": "2025-09-04T16:15:42.867Z", "LastModifiedDate": "2026-01-08T17:31:44.547Z" }, { "VulnerabilityID": "CVE-2025-38734", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38734", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:05e2063b229014da3d2d3c039f41fbe86f146a3cf76836c3c39194d4a3303134", "Title": "kernel: net/smc: fix UAF on smcsk after smc_listen_out()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix UAF on smcsk after smc_listen_out()\n\nBPF CI testing report a UAF issue:\n\n [ 16.446633] BUG: kernel NULL pointer dereference, address: 000000000000003 0\n [ 16.447134] #PF: supervisor read access in kernel mod e\n [ 16.447516] #PF: error_code(0x0000) - not-present pag e\n [ 16.447878] PGD 0 P4D 0\n [ 16.448063] Oops: Oops: 0000 [#1] PREEMPT SMP NOPT I\n [ 16.448409] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:1 Tainted: G OE 6.13.0-rc3-g89e8a75fda73-dirty #4 2\n [ 16.449124] Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODUL E\n [ 16.449502] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/201 4\n [ 16.450201] Workqueue: smc_hs_wq smc_listen_wor k\n [ 16.450531] RIP: 0010:smc_listen_work+0xc02/0x159 0\n [ 16.452158] RSP: 0018:ffffb5ab40053d98 EFLAGS: 0001024 6\n [ 16.452526] RAX: 0000000000000001 RBX: 0000000000000002 RCX: 000000000000030 0\n [ 16.452994] RDX: 0000000000000280 RSI: 00003513840053f0 RDI: 000000000000000 0\n [ 16.453492] RBP: ffffa097808e3800 R08: ffffa09782dba1e0 R09: 000000000000000 5\n [ 16.453987] R10: 0000000000000000 R11: 0000000000000000 R12: ffffa0978274640 0\n [ 16.454497] R13: 0000000000000000 R14: 0000000000000000 R15: ffffa09782d4092 0\n [ 16.454996] FS: 0000000000000000(0000) GS:ffffa097bbc00000(0000) knlGS:000000000000000 0\n [ 16.455557] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003 3\n [ 16.455961] CR2: 0000000000000030 CR3: 0000000102788004 CR4: 0000000000770ef 0\n [ 16.456459] PKRU: 5555555 4\n [ 16.456654] Call Trace :\n [ 16.456832] \u003cTASK \u003e\n [ 16.456989] ? __die+0x23/0x7 0\n [ 16.457215] ? page_fault_oops+0x180/0x4c 0\n [ 16.457508] ? __lock_acquire+0x3e6/0x249 0\n [ 16.457801] ? exc_page_fault+0x68/0x20 0\n [ 16.458080] ? asm_exc_page_fault+0x26/0x3 0\n [ 16.458389] ? smc_listen_work+0xc02/0x159 0\n [ 16.458689] ? smc_listen_work+0xc02/0x159 0\n [ 16.458987] ? lock_is_held_type+0x8f/0x10 0\n [ 16.459284] process_one_work+0x1ea/0x6d 0\n [ 16.459570] worker_thread+0x1c3/0x38 0\n [ 16.459839] ? __pfx_worker_thread+0x10/0x1 0\n [ 16.460144] kthread+0xe0/0x11 0\n [ 16.460372] ? __pfx_kthread+0x10/0x1 0\n [ 16.460640] ret_from_fork+0x31/0x5 0\n [ 16.460896] ? __pfx_kthread+0x10/0x1 0\n [ 16.461166] ret_from_fork_asm+0x1a/0x3 0\n [ 16.461453] \u003c/TASK \u003e\n [ 16.461616] Modules linked in: bpf_testmod(OE) [last unloaded: bpf_testmod(OE) ]\n [ 16.462134] CR2: 000000000000003 0\n [ 16.462380] ---[ end trace 0000000000000000 ]---\n [ 16.462710] RIP: 0010:smc_listen_work+0xc02/0x1590\n\nThe direct cause of this issue is that after smc_listen_out_connected(),\nnewclcsock-\u003esk may be NULL since it will releases the smcsk. Therefore,\nif the application closes the socket immediately after accept,\nnewclcsock-\u003esk can be NULL. A possible execution order could be as\nfollows:\n\nsmc_listen_work | userspace\n-----------------------------------------------------------------\nlock_sock(sk) |\nsmc_listen_out_connected() |\n| \\- smc_listen_out |\n| | \\- release_sock |\n | |- sk-\u003esk_data_ready() |\n | fd = accept();\n | close(fd);\n | \\- socket-\u003esk = NULL;\n/* newclcsock-\u003esk is NULL now */\nSMC_STAT_SERV_SUCC_INC(sock_net(newclcsock-\u003esk))\n\nSince smc_listen_out_connected() will not fail, simply swapping the order\nof the code can easily fix this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 2, "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38734", "https://git.kernel.org/linus/d9cef55ed49117bd63695446fb84b4b91815c0b4 (6.17-rc3)", "https://git.kernel.org/stable/c/070b4af44c4b6e4c35fb1ca7001a6a88fd2d318f", "https://git.kernel.org/stable/c/2e765ba0ee0eae35688b443e97108308a716773e", "https://git.kernel.org/stable/c/85545f1525f9fa9bf44fec77ba011024f15da342", "https://git.kernel.org/stable/c/d9cef55ed49117bd63695446fb84b4b91815c0b4", "https://lore.kernel.org/linux-cve-announce/2025090543-CVE-2025-38734-a75f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38734", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-38734" ], "PublishedDate": "2025-09-05T18:15:42.677Z", "LastModifiedDate": "2025-11-25T21:59:17.53Z" }, { "VulnerabilityID": "CVE-2025-39677", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39677", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2f483b628f5b5f94388ab2677d5d636ea7762d9131cce89a357ea1e8e7f7c922", "Title": "kernel: net/sched: Fix backlog accounting in qdisc_dequeue_internal", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Fix backlog accounting in qdisc_dequeue_internal\n\nThis issue applies for the following qdiscs: hhf, fq, fq_codel, and\nfq_pie, and occurs in their change handlers when adjusting to the new\nlimit. The problem is the following in the values passed to the\nsubsequent qdisc_tree_reduce_backlog call given a tbf parent:\n\n When the tbf parent runs out of tokens, skbs of these qdiscs will\n be placed in gso_skb. Their peek handlers are qdisc_peek_dequeued,\n which accounts for both qlen and backlog. However, in the case of\n qdisc_dequeue_internal, ONLY qlen is accounted for when pulling\n from gso_skb. This means that these qdiscs are missing a\n qdisc_qstats_backlog_dec when dropping packets to satisfy the\n new limit in their change handlers.\n\n One can observe this issue with the following (with tc patched to\n support a limit of 0):\n\n export TARGET=fq\n tc qdisc del dev lo root\n tc qdisc add dev lo root handle 1: tbf rate 8bit burst 100b latency 1ms\n tc qdisc replace dev lo handle 3: parent 1:1 $TARGET limit 1000\n echo ''; echo 'add child'; tc -s -d qdisc show dev lo\n ping -I lo -f -c2 -s32 -W0.001 127.0.0.1 2\u003e\u00261 \u003e/dev/null\n echo ''; echo 'after ping'; tc -s -d qdisc show dev lo\n tc qdisc change dev lo handle 3: parent 1:1 $TARGET limit 0\n echo ''; echo 'after limit drop'; tc -s -d qdisc show dev lo\n tc qdisc replace dev lo handle 2: parent 1:1 sfq\n echo ''; echo 'post graft'; tc -s -d qdisc show dev lo\n\n The second to last show command shows 0 packets but a positive\n number (74) of backlog bytes. The problem becomes clearer in the\n last show command, where qdisc_purge_queue triggers\n qdisc_tree_reduce_backlog with the positive backlog and causes an\n underflow in the tbf parent's backlog (4096 Mb instead of 0).\n\nTo fix this issue, the codepath for all clients of qdisc_dequeue_internal\nhas been simplified: codel, pie, hhf, fq, fq_pie, and fq_codel.\nqdisc_dequeue_internal handles the backlog adjustments for all cases that\ndo not directly use the dequeue handler.\n\nThe old fq_codel_change limit adjustment loop accumulated the arguments to\nthe subsequent qdisc_tree_reduce_backlog call through the cstats field.\nHowever, this is confusing and error prone as fq_codel_dequeue could also\npotentially mutate this field (which qdisc_dequeue_internal calls in the\nnon gso_skb case), so we have unified the code here with other qdiscs.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39677", "https://git.kernel.org/linus/52bf272636bda69587952b35ae97690b8dc89941 (6.17-rc3)", "https://git.kernel.org/stable/c/52bf272636bda69587952b35ae97690b8dc89941", "https://git.kernel.org/stable/c/a225f44d84b8900d679c5f5a9ea46fe9c0cc7802", "https://lore.kernel.org/linux-cve-announce/2025090544-CVE-2025-39677-5733@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39677", "https://www.cve.org/CVERecord?id=CVE-2025-39677" ], "PublishedDate": "2025-09-05T18:15:44.043Z", "LastModifiedDate": "2025-11-25T21:28:36.563Z" }, { "VulnerabilityID": "CVE-2025-39692", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39692", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c342e5148de5f50532703f6b56ac7763ef51fefa80d9dc5cfe7081d45ab4446b", "Title": "kernel: smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy()\n\nWe can't call destroy_workqueue(smb_direct_wq); before stop_sessions()!\n\nOtherwise already existing connections try to use smb_direct_wq as\na NULL pointer.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "photon": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39692", "https://git.kernel.org/linus/bac7b996d42e458a94578f4227795a0d4deef6fa (6.17-rc3)", "https://git.kernel.org/stable/c/003e6a3150299f681f34cb189aa068018cef6a45", "https://git.kernel.org/stable/c/212eb86f75b4d7b82f3d94aed95ba61103bccb93", "https://git.kernel.org/stable/c/524e90e58a267dad11e23351d9e4b1f941490976", "https://git.kernel.org/stable/c/bac7b996d42e458a94578f4227795a0d4deef6fa", "https://git.kernel.org/stable/c/e41e33400516702427603f8fbbec43c91ede09c0", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025090547-CVE-2025-39692-7452@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39692", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39692" ], "PublishedDate": "2025-09-05T18:15:45.98Z", "LastModifiedDate": "2026-01-08T16:09:58.75Z" }, { "VulnerabilityID": "CVE-2025-39705", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39705", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:af33fc9d416d71a825d7d73a1d22f888397e4d53aeff80d8ea908365db5d7eb1", "Title": "kernel: drm/amd/display: fix a Null pointer dereference vulnerability", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix a Null pointer dereference vulnerability\n\n[Why]\nA null pointer dereference vulnerability exists in the AMD display driver's\n(DC module) cleanup function dc_destruct().\nWhen display control context (dc-\u003ectx) construction fails\n(due to memory allocation failure), this pointer remains NULL.\nDuring subsequent error handling when dc_destruct() is called,\nthere's no NULL check before dereferencing the perf_trace member\n(dc-\u003ectx-\u003eperf_trace), causing a kernel null pointer dereference crash.\n\n[How]\nCheck if dc-\u003ectx is non-NULL before dereferencing.\n\n(Updated commit text and removed unnecessary error message)\n(cherry picked from commit 9dd8e2ba268c636c240a918e0a31e6feaee19404)", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "photon": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39705", "https://git.kernel.org/linus/1bcf63a44381691d6192872801f830ce3250e367 (6.17-rc1)", "https://git.kernel.org/stable/c/0961673cc5f0055957aa46f25eb4ef6c07e00165", "https://git.kernel.org/stable/c/1bcf63a44381691d6192872801f830ce3250e367", "https://git.kernel.org/stable/c/4ade995b9b25b3c6e8dc42c27070340f1358d8c8", "https://linux.oracle.com/cve/CVE-2025-39705.html", "https://linux.oracle.com/errata/ELSA-2025-25754.html", "https://lore.kernel.org/linux-cve-announce/2025090549-CVE-2025-39705-6ac5@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39705", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39705" ], "PublishedDate": "2025-09-05T18:15:47.69Z", "LastModifiedDate": "2025-11-25T21:15:42.683Z" }, { "VulnerabilityID": "CVE-2025-39706", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39706", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a616dca2e70474ee59ec167b73c961ee58fd6d3435856053fee3367dd68e9bf2", "Title": "kernel: drm/amdkfd: Destroy KFD debugfs after destroy KFD wq", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Destroy KFD debugfs after destroy KFD wq\n\nSince KFD proc content was moved to kernel debugfs, we can't destroy KFD\ndebugfs before kfd_process_destroy_wq. Move kfd_process_destroy_wq prior\nto kfd_debugfs_fini to fix a kernel NULL pointer problem. It happens\nwhen /sys/kernel/debug/kfd was already destroyed in kfd_debugfs_fini but\nkfd_process_destroy_wq calls kfd_debugfs_remove_process. This line\n debugfs_remove_recursive(entry-\u003eproc_dentry);\ntries to remove /sys/kernel/debug/kfd/proc/\u003cpid\u003e while\n/sys/kernel/debug/kfd is already gone. It hangs the kernel by kernel\nNULL pointer.\n\n(cherry picked from commit 0333052d90683d88531558dcfdbf2525cc37c233)", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39706", "https://git.kernel.org/linus/2e58401a24e7b2d4ec619104e1a76590c1284a4c (6.17-rc1)", "https://git.kernel.org/stable/c/2e58401a24e7b2d4ec619104e1a76590c1284a4c", "https://git.kernel.org/stable/c/74ee7445c3b61c3bd899a54bd82c1982cb3a8206", "https://git.kernel.org/stable/c/910735ded17cc306625e7e1cdcc8102f7ac60994", "https://git.kernel.org/stable/c/96609a51e6134542bf90e053c2cd2fe4f61ebce3", "https://git.kernel.org/stable/c/fc35c955da799ba62f6f977d58e0866d0251e3f8", "https://linux.oracle.com/cve/CVE-2025-39706.html", "https://linux.oracle.com/errata/ELSA-2025-25754.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025090549-CVE-2025-39706-087c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39706", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39706" ], "PublishedDate": "2025-09-05T18:15:47.817Z", "LastModifiedDate": "2026-01-08T16:22:52.88Z" }, { "VulnerabilityID": "CVE-2025-39707", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39707", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:417efd1df8e070ab7773fafafcb7abd21cae8173bef614986b25e3938a180134", "Title": "kernel: drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities\n\nHUBBUB structure is not initialized on DCE hardware, so check if it is NULL\nto avoid null dereference while accessing amdgpu_dm_capabilities file in\ndebugfs.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39707", "https://git.kernel.org/linus/b4a69f7f29c8a459ad6b4d8a8b72450f1d9fd288 (6.17-rc1)", "https://git.kernel.org/stable/c/83cfdc2b018cd9c0f927b781d4e07c0d4a911fac", "https://git.kernel.org/stable/c/98e92fceb9507901e3e8b550e93b843306abd354", "https://git.kernel.org/stable/c/b4a69f7f29c8a459ad6b4d8a8b72450f1d9fd288", "https://linux.oracle.com/cve/CVE-2025-39707.html", "https://linux.oracle.com/errata/ELSA-2025-25754.html", "https://lore.kernel.org/linux-cve-announce/2025090549-CVE-2025-39707-c905@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39707", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39707" ], "PublishedDate": "2025-09-05T18:15:47.943Z", "LastModifiedDate": "2025-11-25T21:15:47.96Z" }, { "VulnerabilityID": "CVE-2025-39715", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39715", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:116043f188aecc0e65978d2fa2d6dac6c016b22ae924d13631f50d167f02e15f", "Title": "kernel: parisc: Revise gateway LWS calls to probe user read access", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nparisc: Revise gateway LWS calls to probe user read access\n\nWe use load and stbys,e instructions to trigger memory reference\ninterruptions without writing to memory. Because of the way read\naccess support is implemented, read access interruptions are only\ntriggered at privilege levels 2 and 3. The kernel and gateway\npage execute at privilege level 0, so this code never triggers\na read access interruption. Thus, it is currently possible for\nuser code to execute a LWS compare and swap operation at an\naddress that is read protected at privilege level 3 (PRIV_USER).\n\nFix this by probing read access rights at privilege level 3 and\nbranching to lws_fault if access isn't allowed.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "photon": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39715", "https://git.kernel.org/linus/f6334f4ae9a4e962ba74b026e1d965dfdf8cbef8 (6.17-rc1)", "https://git.kernel.org/stable/c/8bccf47adbf658293528e86960e6d6f736b1c9f7", "https://git.kernel.org/stable/c/9b6af875baba9c4679b55f4561e201485451305f", "https://git.kernel.org/stable/c/bc0a24c24ceebabb5ba65900e332233d79e625e6", "https://git.kernel.org/stable/c/e8b496c52aa0c6572d88db7cab85aeea6f9c194d", "https://git.kernel.org/stable/c/f6334f4ae9a4e962ba74b026e1d965dfdf8cbef8", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025090551-CVE-2025-39715-6248@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39715", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39715" ], "PublishedDate": "2025-09-05T18:15:48.99Z", "LastModifiedDate": "2026-01-07T19:43:02.637Z" }, { "VulnerabilityID": "CVE-2025-39716", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39716", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c221a7b459cdcf60e3a847cf1756658427367fad174025c7d1b348162924b2bf", "Title": "kernel: parisc: Revise __get_user() to probe user read access", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nparisc: Revise __get_user() to probe user read access\n\nBecause of the way read access support is implemented, read access\ninterruptions are only triggered at privilege levels 2 and 3. The\nkernel executes at privilege level 0, so __get_user() never triggers\na read access interruption (code 26). Thus, it is currently possible\nfor user code to access a read protected address via a system call.\n\nFix this by probing read access rights at privilege level 3 (PRIV_USER)\nand setting __gu_err to -EFAULT (-14) if access isn't allowed.\n\nNote the cmpiclr instruction does a 32-bit compare because COND macro\ndoesn't work inside asm.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "photon": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39716", "https://git.kernel.org/linus/89f686a0fb6e473a876a9a60a13aec67a62b9a7e (6.17-rc1)", "https://git.kernel.org/stable/c/28a9b71671fb4a2993ef85b8ef6f117ea63894fe", "https://git.kernel.org/stable/c/4c981077255acc2ed5b3df6e8dd0125c81b626a9", "https://git.kernel.org/stable/c/741b163e440683195b8fd4fc8495fcd0105c6ab7", "https://git.kernel.org/stable/c/89f686a0fb6e473a876a9a60a13aec67a62b9a7e", "https://git.kernel.org/stable/c/f410ef9a032caf98117256b22139c31342d7bb06", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025090551-CVE-2025-39716-7e3c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39716", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39716" ], "PublishedDate": "2025-09-05T18:15:49.123Z", "LastModifiedDate": "2026-01-07T19:41:50.223Z" }, { "VulnerabilityID": "CVE-2025-39720", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39720", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a69cbcda4226b9cb234000821f1d1cc80cd519f55e13499e2c7e540221d11ae3", "Title": "kernel: ksmbd: fix refcount leak causing resource not released", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix refcount leak causing resource not released\n\nWhen ksmbd_conn_releasing(opinfo-\u003econn) returns true,the refcount was not\ndecremented properly, causing a refcount leak that prevents the count from\nreaching zero and the memory from being released.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "photon": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39720", "https://git.kernel.org/linus/89bb430f621124af39bb31763c4a8b504c9651e2 (6.17-rc3)", "https://git.kernel.org/stable/c/36e010bb865fbaa1202fe9bcce3fd486d6db7606", "https://git.kernel.org/stable/c/89bb430f621124af39bb31763c4a8b504c9651e2", "https://git.kernel.org/stable/c/9a7abce6e8c0e2145b346a6d4abf0d9655e9b0e8", "https://git.kernel.org/stable/c/a1d2bab4d53368a526c97aba92671dd71814f95a", "https://lore.kernel.org/linux-cve-announce/2025090551-CVE-2025-39720-3cbf@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39720", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39720" ], "PublishedDate": "2025-09-05T18:15:49.643Z", "LastModifiedDate": "2025-11-25T17:46:33.25Z" }, { "VulnerabilityID": "CVE-2025-39726", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39726", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:42a15e75727e51d80a7005570c7e508f3e9c3d1938f16e096f97dd5daec50ae4", "Title": "kernel: s390/ism: fix concurrency management in ism_cmd()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/ism: fix concurrency management in ism_cmd()\n\nThe s390x ISM device data sheet clearly states that only one\nrequest-response sequence is allowable per ISM function at any point in\ntime. Unfortunately as of today the s390/ism driver in Linux does not\nhonor that requirement. This patch aims to rectify that.\n\nThis problem was discovered based on Aliaksei's bug report which states\nthat for certain workloads the ISM functions end up entering error state\n(with PEC 2 as seen from the logs) after a while and as a consequence\nconnections handled by the respective function break, and for future\nconnection requests the ISM device is not considered -- given it is in a\ndysfunctional state. During further debugging PEC 3A was observed as\nwell.\n\nA kernel message like\n[ 1211.244319] zpci: 061a:00:00.0: Event 0x2 reports an error for PCI function 0x61a\nis a reliable indicator of the stated function entering error state\nwith PEC 2. Let me also point out that a kernel message like\n[ 1211.244325] zpci: 061a:00:00.0: The ism driver bound to the device does not support error recovery\nis a reliable indicator that the ISM function won't be auto-recovered\nbecause the ISM driver currently lacks support for it.\n\nOn a technical level, without this synchronization, commands (inputs to\nthe FW) may be partially or fully overwritten (corrupted) by another CPU\ntrying to issue commands on the same function. There is hard evidence that\nthis can lead to DMB token values being used as DMB IOVAs, leading to\nPEC 2 PCI events indicating invalid DMA. But this is only one of the\nfailure modes imaginable. In theory even completely losing one command\nand executing another one twice and then trying to interpret the outputs\nas if the command we intended to execute was actually executed and not\nthe other one is also possible. Frankly, I don't feel confident about\nproviding an exhaustive list of possible consequences.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "azure": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39726", "https://git.kernel.org/linus/897e8601b9cff1d054cdd53047f568b0e1995726 (6.16)", "https://git.kernel.org/stable/c/1194ad0d44d66b273a02a3a22882dc863a68d764", "https://git.kernel.org/stable/c/897e8601b9cff1d054cdd53047f568b0e1995726", "https://git.kernel.org/stable/c/faf44487dfc80817f178dc8de7a0b73f960d019b", "https://git.kernel.org/stable/c/fafaa4982bedb5532f5952000f714a3e63023f40", "https://lore.kernel.org/linux-cve-announce/2025090522-CVE-2025-39726-8934@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39726", "https://ubuntu.com/security/notices/USN-7879-1", "https://ubuntu.com/security/notices/USN-7879-2", "https://ubuntu.com/security/notices/USN-7879-3", "https://ubuntu.com/security/notices/USN-7879-4", "https://ubuntu.com/security/notices/USN-7880-1", "https://ubuntu.com/security/notices/USN-7934-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39726" ], "PublishedDate": "2025-09-05T18:15:50.447Z", "LastModifiedDate": "2025-11-25T18:05:49.35Z" }, { "VulnerabilityID": "CVE-2025-39732", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39732", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8a1a571ed8314f29e37be160e7e0dc0917898e972d5eb6d46954baf5f0326541", "Title": "kernel: wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask()\n\nath11k_mac_disable_peer_fixed_rate() is passed as the iterator to\nieee80211_iterate_stations_atomic(). Note in this case the iterator is\nrequired to be atomic, however ath11k_mac_disable_peer_fixed_rate() does\nnot follow it as it might sleep. Consequently below warning is seen:\n\nBUG: sleeping function called from invalid context at wmi.c:304\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl\n __might_resched.cold\n ath11k_wmi_cmd_send\n ath11k_wmi_set_peer_param\n ath11k_mac_disable_peer_fixed_rate\n ieee80211_iterate_stations_atomic\n ath11k_mac_op_set_bitrate_mask.cold\n\nChange to ieee80211_iterate_stations_mtx() to fix this issue.\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39732", "https://git.kernel.org/linus/65c12b104cb942d588a1a093acc4537fb3d3b129 (6.17-rc1)", "https://git.kernel.org/stable/c/65c12b104cb942d588a1a093acc4537fb3d3b129", "https://git.kernel.org/stable/c/6bdef22d540258ca06f079f7b6ae100669a19b47", "https://git.kernel.org/stable/c/7d4d0db0dc9424de2bdc0b45e919e4892603356f", "https://git.kernel.org/stable/c/9c0e3144924c7db701575a73af341d33184afeaf", "https://linux.oracle.com/cve/CVE-2025-39732.html", "https://linux.oracle.com/errata/ELSA-2025-20662.html", "https://lore.kernel.org/linux-cve-announce/2025090730-CVE-2025-39732-4c7f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39732", "https://ubuntu.com/security/notices/USN-7879-1", "https://ubuntu.com/security/notices/USN-7879-2", "https://ubuntu.com/security/notices/USN-7879-3", "https://ubuntu.com/security/notices/USN-7879-4", "https://ubuntu.com/security/notices/USN-7880-1", "https://ubuntu.com/security/notices/USN-7934-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39732" ], "PublishedDate": "2025-09-07T16:15:48.77Z", "LastModifiedDate": "2025-11-25T17:52:03.647Z" }, { "VulnerabilityID": "CVE-2025-39744", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39744", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:72e68ec19003256635f2f064ad13d8f4b7831f15e2bb34646453641a5fc9c8dd", "Title": "kernel: rcu: Fix rcu_read_unlock() deadloop due to IRQ work", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcu: Fix rcu_read_unlock() deadloop due to IRQ work\n\nDuring rcu_read_unlock_special(), if this happens during irq_exit(), we\ncan lockup if an IPI is issued. This is because the IPI itself triggers\nthe irq_exit() path causing a recursive lock up.\n\nThis is precisely what Xiongfeng found when invoking a BPF program on\nthe trace_tick_stop() tracepoint As shown in the trace below. Fix by\nmanaging the irq_work state correctly.\n\nirq_exit()\n __irq_exit_rcu()\n /* in_hardirq() returns false after this */\n preempt_count_sub(HARDIRQ_OFFSET)\n tick_irq_exit()\n tick_nohz_irq_exit()\n\t tick_nohz_stop_sched_tick()\n\t trace_tick_stop() /* a bpf prog is hooked on this trace point */\n\t\t __bpf_trace_tick_stop()\n\t\t bpf_trace_run2()\n\t\t\t rcu_read_unlock_special()\n /* will send a IPI to itself */\n\t\t\t irq_work_queue_on(\u0026rdp-\u003edefer_qs_iw, rdp-\u003ecpu);\n\nA simple reproducer can also be obtained by doing the following in\ntick_irq_exit(). It will hang on boot without the patch:\n\n static inline void tick_irq_exit(void)\n {\n +\trcu_read_lock();\n +\tWRITE_ONCE(current-\u003ercu_read_unlock_special.b.need_qs, true);\n +\trcu_read_unlock();\n +\n\n[neeraj: Apply Frederic's suggested fix for PREEMPT_RT]", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 3, "oracle-oval": 3, "photon": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39744", "https://git.kernel.org/linus/b41642c87716bbd09797b1e4ea7d904f06c39b7b (6.17-rc1)", "https://git.kernel.org/stable/c/1cfa244f7198d325594e627574930b7b91df5bfe", "https://git.kernel.org/stable/c/56c5ef194f4509df63fc0f7a91ea5973ce479b1e", "https://git.kernel.org/stable/c/b41642c87716bbd09797b1e4ea7d904f06c39b7b", "https://git.kernel.org/stable/c/ddebb2a7677673cf4438a04e1a48b8ed6b0c8e9a", "https://git.kernel.org/stable/c/e7a375453cca2b8a0d2fa1b82b913f3fed7c0507", "https://linux.oracle.com/cve/CVE-2025-39744.html", "https://linux.oracle.com/errata/ELSA-2025-20662.html", "https://lore.kernel.org/linux-cve-announce/2025091140-CVE-2025-39744-2744@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39744", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39744" ], "PublishedDate": "2025-09-11T17:15:37.6Z", "LastModifiedDate": "2025-11-25T21:09:09.607Z" }, { "VulnerabilityID": "CVE-2025-39745", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39745", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:66bc69edc5449fb074a6f0ba934911d751b1fa1ecacd7338d8bf233ee15fdbec", "Title": "kernel: Linux kernel: Denial of Service in rcutorture due to incorrect preempt_count handling", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcutorture: Fix rcutorture_one_extend_check() splat in RT kernels\n\nFor built with CONFIG_PREEMPT_RT=y kernels, running rcutorture\ntests resulted in the following splat:\n\n[ 68.797425] rcutorture_one_extend_check during change: Current 0x1 To add 0x1 To remove 0x0 preempt_count() 0x0\n[ 68.797533] WARNING: CPU: 2 PID: 512 at kernel/rcu/rcutorture.c:1993 rcutorture_one_extend_check+0x419/0x560 [rcutorture]\n[ 68.797601] Call Trace:\n[ 68.797602] \u003cTASK\u003e\n[ 68.797619] ? lockdep_softirqs_off+0xa5/0x160\n[ 68.797631] rcutorture_one_extend+0x18e/0xcc0 [rcutorture 2466dbd2ff34dbaa36049cb323a80c3306ac997c]\n[ 68.797646] ? local_clock+0x19/0x40\n[ 68.797659] rcu_torture_one_read+0xf0/0x280 [rcutorture 2466dbd2ff34dbaa36049cb323a80c3306ac997c]\n[ 68.797678] ? __pfx_rcu_torture_one_read+0x10/0x10 [rcutorture 2466dbd2ff34dbaa36049cb323a80c3306ac997c]\n[ 68.797804] ? __pfx_rcu_torture_timer+0x10/0x10 [rcutorture 2466dbd2ff34dbaa36049cb323a80c3306ac997c]\n[ 68.797815] rcu-torture: rcu_torture_reader task started\n[ 68.797824] rcu-torture: Creating rcu_torture_reader task\n[ 68.797824] rcu_torture_reader+0x238/0x580 [rcutorture 2466dbd2ff34dbaa36049cb323a80c3306ac997c]\n[ 68.797836] ? kvm_sched_clock_read+0x15/0x30\n\nDisable BH does not change the SOFTIRQ corresponding bits in\npreempt_count() for RT kernels, this commit therefore use\nsoftirq_count() to check the if BH is disabled.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39745", "https://git.kernel.org/linus/8d71351d88e478d3c4e945e3218e97ec677fd807 (6.17-rc1)", "https://git.kernel.org/stable/c/69c5ae0f441c2d72e8f48dc1e08464c172360c4c", "https://git.kernel.org/stable/c/8d71351d88e478d3c4e945e3218e97ec677fd807", "https://git.kernel.org/stable/c/a85550267247cdf5e7499be00ea8e388ab014e50", "https://lore.kernel.org/linux-cve-announce/2025091140-CVE-2025-39745-ac0b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39745", "https://www.cve.org/CVERecord?id=CVE-2025-39745" ], "PublishedDate": "2025-09-11T17:15:37.75Z", "LastModifiedDate": "2025-11-25T21:09:37.197Z" }, { "VulnerabilityID": "CVE-2025-39746", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39746", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:89d17e7d8ffa7a759d64b5f0aebb493b4911540b0465f7b94094264d83d13901", "Title": "kernel: wifi: ath10k: shutdown driver when hardware is unreliable", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath10k: shutdown driver when hardware is unreliable\n\nIn rare cases, ath10k may lose connection with the PCIe bus due to\nsome unknown reasons, which could further lead to system crashes during\nresuming due to watchdog timeout:\n\nath10k_pci 0000:01:00.0: wmi command 20486 timeout, restarting hardware\nath10k_pci 0000:01:00.0: already restarting\nath10k_pci 0000:01:00.0: failed to stop WMI vdev 0: -11\nath10k_pci 0000:01:00.0: failed to stop vdev 0: -11\nieee80211 phy0: PM: **** DPM device timeout ****\nCall Trace:\n panic+0x125/0x315\n dpm_watchdog_set+0x54/0x54\n dpm_watchdog_handler+0x57/0x57\n call_timer_fn+0x31/0x13c\n\nAt this point, all WMI commands will timeout and attempt to restart\ndevice. So set a threshold for consecutive restart failures. If the\nthreshold is exceeded, consider the hardware is unreliable and all\nath10k operations should be skipped to avoid system crash.\n\nfail_cont_count and pending_recovery are atomic variables, and\ndo not involve complex conditional logic. Therefore, even if recovery\ncheck and reconfig complete are executed concurrently, the recovery\nmechanism will not be broken.\n\nTested-on: QCA6174 hw3.2 PCI WLAN.RM.4.4.1-00288-QCARMSWPZ-1", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39746", "https://git.kernel.org/linus/c256a94d1b1b15109740306f7f2a7c2173e12072 (6.17-rc1)", "https://git.kernel.org/stable/c/201c9b4485edc618863a60f97a2d88bddd139467", "https://git.kernel.org/stable/c/84ca5632b8d05d1c2e25604d1d63434b2fb61c85", "https://git.kernel.org/stable/c/c256a94d1b1b15109740306f7f2a7c2173e12072", "https://git.kernel.org/stable/c/e36991bddf8be63e79659f654cdb1722db4e8132", "https://linux.oracle.com/cve/CVE-2025-39746.html", "https://linux.oracle.com/errata/ELSA-2025-20662.html", "https://lore.kernel.org/linux-cve-announce/2025091140-CVE-2025-39746-7ba5@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39746", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39746" ], "PublishedDate": "2025-09-11T17:15:37.89Z", "LastModifiedDate": "2025-11-25T18:13:47.147Z" }, { "VulnerabilityID": "CVE-2025-39747", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39747", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0ea12be5223a2523588dd408dee3c26730efcdd76e977cdf39fe279208bd4fb7", "Title": "kernel: drm/msm: Add error handling for krealloc in metadata setup", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: Add error handling for krealloc in metadata setup\n\nFunction msm_ioctl_gem_info_set_metadata() now checks for krealloc\nfailure and returns -ENOMEM, avoiding potential NULL pointer dereference.\nExplicitly avoids __GFP_NOFAIL due to deadlock risks and allocation constraints.\n\nPatchwork: https://patchwork.freedesktop.org/patch/661235/", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39747", "https://git.kernel.org/linus/1c8c354098ea9d4376a58c96ae6b65288a6f15d8 (6.17-rc1)", "https://git.kernel.org/stable/c/01e3eda8edc3c4caaa49261d1a56c799b0bd6268", "https://git.kernel.org/stable/c/1c8c354098ea9d4376a58c96ae6b65288a6f15d8", "https://git.kernel.org/stable/c/53dc780c1e94ea782d8936b41bfaa83c663702eb", "https://git.kernel.org/stable/c/d5386bcede7b57b193c658dcbb9d22004cde7580", "https://linux.oracle.com/cve/CVE-2025-39747.html", "https://linux.oracle.com/errata/ELSA-2025-20662.html", "https://lore.kernel.org/linux-cve-announce/2025091141-CVE-2025-39747-a51c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39747", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39747" ], "PublishedDate": "2025-09-11T17:15:38.05Z", "LastModifiedDate": "2025-11-25T18:07:45.823Z" }, { "VulnerabilityID": "CVE-2025-39748", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39748", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:51c5e40714bd1e8b2b7e4949e33e7d98a38ee02409c028b68cc2cbc51149298a", "Title": "kernel: bpf: Forget ranges when refining tnum after JSET", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Forget ranges when refining tnum after JSET\n\nSyzbot reported a kernel warning due to a range invariant violation on\nthe following BPF program.\n\n 0: call bpf_get_netns_cookie\n 1: if r0 == 0 goto \u003cexit\u003e\n 2: if r0 \u0026 Oxffffffff goto \u003cexit\u003e\n\nThe issue is on the path where we fall through both jumps.\n\nThat path is unreachable at runtime: after insn 1, we know r0 != 0, but\nwith the sign extension on the jset, we would only fallthrough insn 2\nif r0 == 0. Unfortunately, is_branch_taken() isn't currently able to\nfigure this out, so the verifier walks all branches. The verifier then\nrefines the register bounds using the second condition and we end\nup with inconsistent bounds on this unreachable path:\n\n 1: if r0 == 0 goto \u003cexit\u003e\n r0: u64=[0x1, 0xffffffffffffffff] var_off=(0, 0xffffffffffffffff)\n 2: if r0 \u0026 0xffffffff goto \u003cexit\u003e\n r0 before reg_bounds_sync: u64=[0x1, 0xffffffffffffffff] var_off=(0, 0)\n r0 after reg_bounds_sync: u64=[0x1, 0] var_off=(0, 0)\n\nImproving the range refinement for JSET to cover all cases is tricky. We\nalso don't expect many users to rely on JSET given LLVM doesn't generate\nthose instructions. So instead of improving the range refinement for\nJSETs, Eduard suggested we forget the ranges whenever we're narrowing\ntnums after a JSET. This patch implements that approach.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39748", "https://git.kernel.org/linus/6279846b9b2532e1b04559ef8bd0dec049f29383 (6.17-rc1)", "https://git.kernel.org/stable/c/0643aa2468192a4d81326e8e76543854870b1ee2", "https://git.kernel.org/stable/c/2fd0c26bacd90ef26522bd3169000a4715bf151f", "https://git.kernel.org/stable/c/591c788d16046edb0220800bf1819554af5853ce", "https://git.kernel.org/stable/c/6279846b9b2532e1b04559ef8bd0dec049f29383", "https://git.kernel.org/stable/c/80a6b11862a7cfdf691e8f9faee89cfea219f098", "https://git.kernel.org/stable/c/f01e06930444cab289a8783017af9b64255bd103", "https://linux.oracle.com/cve/CVE-2025-39748.html", "https://linux.oracle.com/errata/ELSA-2025-20662.html", "https://lore.kernel.org/linux-cve-announce/2025091141-CVE-2025-39748-29e7@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39748", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39748" ], "PublishedDate": "2025-09-11T17:15:38.237Z", "LastModifiedDate": "2026-03-25T11:16:11.867Z" }, { "VulnerabilityID": "CVE-2025-39750", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39750", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d6a081e044845b0092d2eb717ab5d3f537da14693e1c5ff49aef5845f42f715c", "Title": "kernel: wifi: ath12k: Correct tid cleanup when tid setup fails", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Correct tid cleanup when tid setup fails\n\nCurrently, if any error occurs during ath12k_dp_rx_peer_tid_setup(),\nthe tid value is already incremented, even though the corresponding\nTID is not actually allocated. Proceed to\nath12k_dp_rx_peer_tid_delete() starting from unallocated tid,\nwhich might leads to freeing unallocated TID and cause potential\ncrash or out-of-bounds access.\n\nHence, fix by correctly decrementing tid before cleanup to match only\nthe successfully allocated TIDs.\n\nAlso, remove tid-- from failure case of ath12k_dp_rx_peer_frag_setup(),\nas decrementing the tid before cleanup in loop will take care of this.\n\nCompile tested only.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39750", "https://git.kernel.org/linus/4a2bf707270f897ab8077baee8ed5842a5321686 (6.17-rc1)", "https://git.kernel.org/stable/c/2ef17d1476ab26bce89764e2f16833d7f52acc38", "https://git.kernel.org/stable/c/30cad87978057516c93467516bc481a3eacfd66a", "https://git.kernel.org/stable/c/4a2bf707270f897ab8077baee8ed5842a5321686", "https://git.kernel.org/stable/c/6301fe4f209165334d251a1c6da8ae47f93cb32c", "https://git.kernel.org/stable/c/907c630e58af9e86e215f3951c7b287bd86d0f15", "https://lore.kernel.org/linux-cve-announce/2025091142-CVE-2025-39750-849e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39750", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39750" ], "PublishedDate": "2025-09-11T17:15:38.59Z", "LastModifiedDate": "2025-11-25T21:11:23.033Z" }, { "VulnerabilityID": "CVE-2025-39753", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39753", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:57307db4478a45aeed3fc41e70a7fb3b5dca6fcdc010cb682a9a111b6e95f9e5", "Title": "kernel: Linux kernel (gfs2): Denial of Service due to missing migrate_folio implementation", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops\n\nClears up the warning added in 7ee3647243e5 (\"migrate: Remove call to\n-\u003ewritepage\") that occurs in various xfstests, causing \"something found\nin dmesg\" failures.\n\n[ 341.136573] gfs2_meta_aops does not implement migrate_folio\n[ 341.136953] WARNING: CPU: 1 PID: 36 at mm/migrate.c:944 move_to_new_folio+0x2f8/0x300", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39753", "https://git.kernel.org/linus/5c8f12cf1e64e0e8e6cb80b0c935389973e8be8d (6.17-rc1)", "https://git.kernel.org/stable/c/3d2c05cbc6a3725d832b912b637971f37301c7e5", "https://git.kernel.org/stable/c/5c8f12cf1e64e0e8e6cb80b0c935389973e8be8d", "https://git.kernel.org/stable/c/9d9b053f7f9c5a35049abe56af9e6ac70b6b0e4b", "https://git.kernel.org/stable/c/9f745095c382b76e68407fd6f15ef27baf2a013f", "https://git.kernel.org/stable/c/e89cab180eb22950b6eb7b3462623c2aa81e5835", "https://linux.oracle.com/cve/CVE-2025-39753.html", "https://linux.oracle.com/errata/ELSA-2025-20662.html", "https://lore.kernel.org/linux-cve-announce/2025091143-CVE-2025-39753-efff@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39753", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39753" ], "PublishedDate": "2025-09-11T17:15:39.057Z", "LastModifiedDate": "2026-01-02T16:16:47.117Z" }, { "VulnerabilityID": "CVE-2025-39754", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39754", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:39494e3bea86f9061422abf67bed4b5512f35b00aa73be323faab5790960be03", "Title": "kernel: mm/smaps: fix race between smaps_hugetlb_range and migration", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/smaps: fix race between smaps_hugetlb_range and migration\n\nsmaps_hugetlb_range() handles the pte without holdling ptl, and may be\nconcurrenct with migration, leaing to BUG_ON in pfn_swap_entry_to_page(). \nThe race is as follows.\n\nsmaps_hugetlb_range migrate_pages\n huge_ptep_get\n remove_migration_ptes\n\t\t\t\t folio_unlock\n pfn_swap_entry_folio\n BUG_ON\n\nTo fix it, hold ptl lock in smaps_hugetlb_range().", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39754", "https://git.kernel.org/linus/45d19b4b6c2d422771c29b83462d84afcbb33f01 (6.17-rc2)", "https://git.kernel.org/stable/c/09fc018f48871123ad5dbd7b03c956580232ed76", "https://git.kernel.org/stable/c/2a1f3663974162b8f1e098196f557cfc1d160138", "https://git.kernel.org/stable/c/45d19b4b6c2d422771c29b83462d84afcbb33f01", "https://git.kernel.org/stable/c/b625883ccbcc2b57808db51d1375b1d7b9bcb3e5", "https://linux.oracle.com/cve/CVE-2025-39754.html", "https://linux.oracle.com/errata/ELSA-2025-20662.html", "https://lore.kernel.org/linux-cve-announce/2025091143-CVE-2025-39754-9cf6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39754", "https://www.cve.org/CVERecord?id=CVE-2025-39754" ], "PublishedDate": "2025-09-11T17:15:39.2Z", "LastModifiedDate": "2025-11-26T16:20:46.807Z" }, { "VulnerabilityID": "CVE-2025-39759", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39759", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a410d8b67c0c8a7a14a12c0e41eafa36b69d8fc96b1ae362a9e2e6ab9f72ef69", "Title": "kernel: Linux kernel (btrfs): Use-after-free in qgroup due to race condition", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: qgroup: fix race between quota disable and quota rescan ioctl\n\nThere's a race between a task disabling quotas and another running the\nrescan ioctl that can result in a use-after-free of qgroup records from\nthe fs_info-\u003eqgroup_tree rbtree.\n\nThis happens as follows:\n\n1) Task A enters btrfs_ioctl_quota_rescan() -\u003e btrfs_qgroup_rescan();\n\n2) Task B enters btrfs_quota_disable() and calls\n btrfs_qgroup_wait_for_completion(), which does nothing because at that\n point fs_info-\u003eqgroup_rescan_running is false (it wasn't set yet by\n task A);\n\n3) Task B calls btrfs_free_qgroup_config() which starts freeing qgroups\n from fs_info-\u003eqgroup_tree without taking the lock fs_info-\u003eqgroup_lock;\n\n4) Task A enters qgroup_rescan_zero_tracking() which starts iterating\n the fs_info-\u003eqgroup_tree tree while holding fs_info-\u003eqgroup_lock,\n but task B is freeing qgroup records from that tree without holding\n the lock, resulting in a use-after-free.\n\nFix this by taking fs_info-\u003eqgroup_lock at btrfs_free_qgroup_config().\nAlso at btrfs_qgroup_rescan() don't start the rescan worker if quotas\nwere already disabled.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39759", "https://git.kernel.org/linus/e1249667750399a48cafcf5945761d39fa584edf (6.17-rc1)", "https://git.kernel.org/stable/c/2fd0f5ceb997f90f4332ccbab6c7e907e6b2d0eb", "https://git.kernel.org/stable/c/7cda0fdde5d9890976861421d207870500f9aace", "https://git.kernel.org/stable/c/b172535ccba12f0cf7d23b3b840989de47fc104d", "https://git.kernel.org/stable/c/c38028ce0d0045ca600b6a8345a0ff92bfb47b66", "https://git.kernel.org/stable/c/dd0b28d877b293b1d7f8727a7de08ae36b6b9ef0", "https://git.kernel.org/stable/c/e1249667750399a48cafcf5945761d39fa584edf", "https://linux.oracle.com/cve/CVE-2025-39759.html", "https://linux.oracle.com/errata/ELSA-2025-25754.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025091145-CVE-2025-39759-fa5f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39759", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39759" ], "PublishedDate": "2025-09-11T17:15:39.827Z", "LastModifiedDate": "2026-01-09T18:46:41.317Z" }, { "VulnerabilityID": "CVE-2025-39761", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39761", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3bf9d022fe63741256d87332f97ebc0b099faa6963b19a0f53b101570171b3d6", "Title": "kernel: wifi: ath12k: Decrement TID on RX peer frag setup error handling", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Decrement TID on RX peer frag setup error handling\n\nCurrently, TID is not decremented before peer cleanup, during error\nhandling path of ath12k_dp_rx_peer_frag_setup(). This could lead to\nout-of-bounds access in peer-\u003erx_tid[].\n\nHence, add a decrement operation for TID, before peer cleanup to\nensures proper cleanup and prevents out-of-bounds access issues when\nthe RX peer frag setup fails.\n\nFound during code review. Compile tested only.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "alma": 2, "nvd": 3, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:17377", "https://access.redhat.com/security/cve/CVE-2025-39761", "https://bugzilla.redhat.com/2327188", "https://bugzilla.redhat.com/2382059", "https://bugzilla.redhat.com/2394606", "https://bugzilla.redhat.com/show_bug.cgi?id=2389456", "https://bugzilla.redhat.com/show_bug.cgi?id=2394606", "https://bugzilla.redhat.com/show_bug.cgi?id=2394615", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38556", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39757", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39761", "https://errata.almalinux.org/9/ALSA-2025-17377.html", "https://errata.rockylinux.org/RLSA-2025:17776", "https://git.kernel.org/linus/7c0884fcd2ddde0544d2e77f297ae461e1f53f58 (6.17-rc1)", "https://git.kernel.org/stable/c/7c0884fcd2ddde0544d2e77f297ae461e1f53f58", "https://git.kernel.org/stable/c/7c3e99fd4a66a5ac9c7dd32db07359666efe0002", "https://git.kernel.org/stable/c/9530d666f4376c294cdf4348c29fe3542fec980a", "https://git.kernel.org/stable/c/a3b73c72c42348bf1555fd2b00f32f941324b242", "https://git.kernel.org/stable/c/eb1e1526b82b8cf31f1ef9ca86a2647fb6cd89c6", "https://linux.oracle.com/cve/CVE-2025-39761.html", "https://linux.oracle.com/errata/ELSA-2025-17776.html", "https://lore.kernel.org/linux-cve-announce/2025091146-CVE-2025-39761-939b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39761", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39761" ], "PublishedDate": "2025-09-11T17:15:40.153Z", "LastModifiedDate": "2025-11-26T16:25:41.3Z" }, { "VulnerabilityID": "CVE-2025-39762", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39762", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6384f78cd0a9b2981ece2ee7f8fbe4402b4594323ab53c2e422f84a559e4be11", "Title": "kernel: drm/amd/display: add null check", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: add null check\n\n[WHY]\nPrevents null pointer dereferences to enhance function robustness\n\n[HOW]\nAdds early null check and return false if invalid.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39762", "https://git.kernel.org/linus/158b9201c17fc93ed4253c2f03b77fd2671669a1 (6.17-rc1)", "https://git.kernel.org/stable/c/10d97cc1a14ef1f611e156b0b27e8b226e103cc2", "https://git.kernel.org/stable/c/13895744e2c639324cf3cb18f2ba4e3f400dd0dd", "https://git.kernel.org/stable/c/158b9201c17fc93ed4253c2f03b77fd2671669a1", "https://lore.kernel.org/linux-cve-announce/2025091146-CVE-2025-39762-a8e0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39762", "https://www.cve.org/CVERecord?id=CVE-2025-39762" ], "PublishedDate": "2025-09-11T17:15:40.313Z", "LastModifiedDate": "2025-11-26T16:25:47.433Z" }, { "VulnerabilityID": "CVE-2025-39763", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39763", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c2faff45c12c2e7ad8e8e17a405edad26a790f990cbd56ed04ceaea688c21bfa", "Title": "kernel: ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered\n\nIf a synchronous error is detected as a result of user-space process\ntriggering a 2-bit uncorrected error, the CPU will take a synchronous\nerror exception such as Synchronous External Abort (SEA) on Arm64. The\nkernel will queue a memory_failure() work which poisons the related\npage, unmaps the page, and then sends a SIGBUS to the process, so that\na system wide panic can be avoided.\n\nHowever, no memory_failure() work will be queued when abnormal\nsynchronous errors occur. These errors can include situations like\ninvalid PA, unexpected severity, no memory failure config support,\ninvalid GUID section, etc. In such a case, the user-space process will\ntrigger SEA again. This loop can potentially exceed the platform\nfirmware threshold or even trigger a kernel hard lockup, leading to a\nsystem reboot.\n\nFix it by performing a force kill if no memory_failure() work is queued\nfor synchronous errors.\n\n[ rjw: Changelog edits ]", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39763", "https://git.kernel.org/linus/79a5ae3c4c5eb7e38e0ebe4d6bf602d296080060 (6.17-rc1)", "https://git.kernel.org/stable/c/082735fbcdb6cd0cf20fbec94516ab2996f1cdd5", "https://git.kernel.org/stable/c/2fbc85da9ac9386bd89fcc94e0aadaea19d47784", "https://git.kernel.org/stable/c/3cb4f18797247985b0f51d5300f8cb6c78f343ea", "https://git.kernel.org/stable/c/79a5ae3c4c5eb7e38e0ebe4d6bf602d296080060", "https://git.kernel.org/stable/c/af089e41811a1ad6a7b2b80e839a73ec4c3cecdd", "https://git.kernel.org/stable/c/cfc9bc15bda6fd0c496cbe2c628564d4d7c332c1", "https://linux.oracle.com/cve/CVE-2025-39763.html", "https://linux.oracle.com/errata/ELSA-2025-20662.html", "https://lore.kernel.org/linux-cve-announce/2025091146-CVE-2025-39763-902e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39763", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39763" ], "PublishedDate": "2025-09-11T17:15:40.473Z", "LastModifiedDate": "2026-03-17T16:30:58.27Z" }, { "VulnerabilityID": "CVE-2025-39764", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39764", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c6568f1d9e03b96079f6646b3537dd56faaa82b98eb014e788be5f6d12347123", "Title": "kernel: Linux kernel: Denial of Service via double-increment of reference count in netfilter", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ctnetlink: remove refcounting in expectation dumpers\n\nSame pattern as previous patch: do not keep the expectation object\nalive via refcount, only store a cookie value and then use that\nas the skip hint for dump resumption.\n\nAFAICS this has the same issue as the one resolved in the conntrack\ndumper, when we do\n if (!refcount_inc_not_zero(\u0026exp-\u003euse))\n\nto increment the refcount, there is a chance that exp == last, which\ncauses a double-increment of the refcount and subsequent memory leak.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39764", "https://git.kernel.org/linus/1492e3dcb2be3aa46d1963da96aa9593e4e4db5a (6.17-rc2)", "https://git.kernel.org/stable/c/078d33c95bf534d37aa04269d1ae6158e20082d5", "https://git.kernel.org/stable/c/1492e3dcb2be3aa46d1963da96aa9593e4e4db5a", "https://git.kernel.org/stable/c/64b7684042246e3238464c66894e30ba30c7e851", "https://git.kernel.org/stable/c/9e5021a906532ca16e2aac69c0607711e1c70b1f", "https://git.kernel.org/stable/c/a4d634ded4d3d400f115d84f654f316f249531c9", "https://lore.kernel.org/linux-cve-announce/2025091147-CVE-2025-39764-b300@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39764", "https://www.cve.org/CVERecord?id=CVE-2025-39764" ], "PublishedDate": "2025-09-11T17:15:40.653Z", "LastModifiedDate": "2026-03-25T11:16:12.05Z" }, { "VulnerabilityID": "CVE-2025-39770", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39770", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a998478084c1ad7140c440b759d1498403fcb739338af0c7ff2eb4618eff20ab", "Title": "kernel: net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM\n\nWhen performing Generic Segmentation Offload (GSO) on an IPv6 packet that\ncontains extension headers, the kernel incorrectly requests checksum offload\nif the egress device only advertises NETIF_F_IPV6_CSUM feature, which has\na strict contract: it supports checksum offload only for plain TCP or UDP\nover IPv6 and explicitly does not support packets with extension headers.\nThe current GSO logic violates this contract by failing to disable the feature\nfor packets with extension headers, such as those used in GREoIPv6 tunnels.\n\nThis violation results in the device being asked to perform an operation\nit cannot support, leading to a `skb_warn_bad_offload` warning and a collapse\nof network throughput. While device TSO/USO is correctly bypassed in favor\nof software GSO for these packets, the GSO stack must be explicitly told not\nto request checksum offload.\n\nMask NETIF_F_IPV6_CSUM, NETIF_F_TSO6 and NETIF_F_GSO_UDP_L4\nin gso_features_check if the IPv6 header contains extension headers to compute\nchecksum in software.\n\nThe exception is a BIG TCP extension, which, as stated in commit\n68e068cabd2c6c53 (\"net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets\"):\n\"The feature is only enabled on devices that support BIG TCP TSO.\nThe header is only present for PF_PACKET taps like tcpdump,\nand not transmitted by physical devices.\"\n\nkernel log output (truncated):\nWARNING: CPU: 1 PID: 5273 at net/core/dev.c:3535 skb_warn_bad_offload+0x81/0x140\n...\nCall Trace:\n \u003cTASK\u003e\n skb_checksum_help+0x12a/0x1f0\n validate_xmit_skb+0x1a3/0x2d0\n validate_xmit_skb_list+0x4f/0x80\n sch_direct_xmit+0x1a2/0x380\n __dev_xmit_skb+0x242/0x670\n __dev_queue_xmit+0x3fc/0x7f0\n ip6_finish_output2+0x25e/0x5d0\n ip6_finish_output+0x1fc/0x3f0\n ip6_tnl_xmit+0x608/0xc00 [ip6_tunnel]\n ip6gre_tunnel_xmit+0x1c0/0x390 [ip6_gre]\n dev_hard_start_xmit+0x63/0x1c0\n __dev_queue_xmit+0x6d0/0x7f0\n ip6_finish_output2+0x214/0x5d0\n ip6_finish_output+0x1fc/0x3f0\n ip6_xmit+0x2ca/0x6f0\n ip6_finish_output+0x1fc/0x3f0\n ip6_xmit+0x2ca/0x6f0\n inet6_csk_xmit+0xeb/0x150\n __tcp_transmit_skb+0x555/0xa80\n tcp_write_xmit+0x32a/0xe90\n tcp_sendmsg_locked+0x437/0x1110\n tcp_sendmsg+0x2f/0x50\n...\nskb linear: 00000000: e4 3d 1a 7d ec 30 e4 3d 1a 7e 5d 90 86 dd 60 0e\nskb linear: 00000010: 00 0a 1b 34 3c 40 20 11 00 00 00 00 00 00 00 00\nskb linear: 00000020: 00 00 00 00 00 12 20 11 00 00 00 00 00 00 00 00\nskb linear: 00000030: 00 00 00 00 00 11 2f 00 04 01 04 01 01 00 00 00\nskb linear: 00000040: 86 dd 60 0e 00 0a 1b 00 06 40 20 23 00 00 00 00\nskb linear: 00000050: 00 00 00 00 00 00 00 00 00 12 20 23 00 00 00 00\nskb linear: 00000060: 00 00 00 00 00 00 00 00 00 11 bf 96 14 51 13 f9\nskb linear: 00000070: ae 27 a0 a8 2b e3 80 18 00 40 5b 6f 00 00 01 01\nskb linear: 00000080: 08 0a 42 d4 50 d5 4b 70 f8 1a", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "V3Score": 5.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39770", "https://git.kernel.org/linus/864e3396976ef41de6cc7bc366276bf4e084fff2 (6.17-rc3)", "https://git.kernel.org/stable/c/041e2f945f82fdbd6fff577b79c33469430297aa", "https://git.kernel.org/stable/c/2156d9e9f2e483c8c3906c0ea57ea312c1424235", "https://git.kernel.org/stable/c/794ddbb7b63b6828c75967b9bcd43b086716e7a1", "https://git.kernel.org/stable/c/864e3396976ef41de6cc7bc366276bf4e084fff2", "https://git.kernel.org/stable/c/a0478d7e888028f85fa7785ea838ce0ca09398e2", "https://linux.oracle.com/cve/CVE-2025-39770.html", "https://linux.oracle.com/errata/ELSA-2025-25754.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-39770", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39770" ], "PublishedDate": "2025-09-11T17:15:42.53Z", "LastModifiedDate": "2026-01-16T20:11:39.663Z" }, { "VulnerabilityID": "CVE-2025-39771", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39771", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:574d014663561621bacff58042d2cf89bda17cd7a8e0c9ff29ddcc0c031e604f", "Title": "kernel: regulator: pca9450: Use devm_register_sys_off_handler", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: pca9450: Use devm_register_sys_off_handler\n\nWith module test, there is error dump:\n------------[ cut here ]------------\n notifier callback pca9450_i2c_restart_handler already registered\n WARNING: kernel/notifier.c:23 at notifier_chain_register+0x5c/0x88,\n CPU#0: kworker/u16:3/50\n Call trace:\n notifier_chain_register+0x5c/0x88 (P)\n atomic_notifier_chain_register+0x30/0x58\n register_restart_handler+0x1c/0x28\n pca9450_i2c_probe+0x418/0x538\n i2c_device_probe+0x220/0x3d0\n really_probe+0x114/0x410\n __driver_probe_device+0xa0/0x150\n driver_probe_device+0x40/0x114\n __device_attach_driver+0xd4/0x12c\n\nSo use devm_register_sys_off_handler to let kernel handle the resource\nfree to avoid kernel dump.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39771", "https://git.kernel.org/linus/447be50598c05499f7ccc2b1f6ddb3da30f8099a (6.17-rc3)", "https://git.kernel.org/stable/c/447be50598c05499f7ccc2b1f6ddb3da30f8099a", "https://git.kernel.org/stable/c/7a8c8aa0b0b2c62a0232bf868def85f3069ba7a7", "https://lore.kernel.org/linux-cve-announce/2025091146-CVE-2025-39771-2a74@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39771", "https://www.cve.org/CVERecord?id=CVE-2025-39771" ], "PublishedDate": "2025-09-11T17:15:42.683Z", "LastModifiedDate": "2025-11-25T19:55:53.85Z" }, { "VulnerabilityID": "CVE-2025-39779", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39779", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:26352f58be127ad0669dbb7eef1b07a042529ab0292f40d27c51e340aa2d9a5d", "Title": "kernel: btrfs: subpage: keep TOWRITE tag until folio is cleaned", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: subpage: keep TOWRITE tag until folio is cleaned\n\nbtrfs_subpage_set_writeback() calls folio_start_writeback() the first time\na folio is written back, and it also clears the PAGECACHE_TAG_TOWRITE tag\neven if there are still dirty blocks in the folio. This can break ordering\nguarantees, such as those required by btrfs_wait_ordered_extents().\n\nThat ordering breakage leads to a real failure. For example, running\ngeneric/464 on a zoned setup will hit the following ASSERT. This happens\nbecause the broken ordering fails to flush existing dirty pages before the\nfile size is truncated.\n\n assertion failed: !list_empty(\u0026ordered-\u003elist) :: 0, in fs/btrfs/zoned.c:1899\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/zoned.c:1899!\n Oops: invalid opcode: 0000 [#1] SMP NOPTI\n CPU: 2 UID: 0 PID: 1906169 Comm: kworker/u130:2 Kdump: loaded Not tainted 6.16.0-rc6-BTRFS-ZNS+ #554 PREEMPT(voluntary)\n Hardware name: Supermicro Super Server/H12SSL-NT, BIOS 2.0 02/22/2021\n Workqueue: btrfs-endio-write btrfs_work_helper [btrfs]\n RIP: 0010:btrfs_finish_ordered_zoned.cold+0x50/0x52 [btrfs]\n RSP: 0018:ffffc9002efdbd60 EFLAGS: 00010246\n RAX: 000000000000004c RBX: ffff88811923c4e0 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffffffff827e38b1 RDI: 00000000ffffffff\n RBP: ffff88810005d000 R08: 00000000ffffdfff R09: ffffffff831051c8\n R10: ffffffff83055220 R11: 0000000000000000 R12: ffff8881c2458c00\n R13: ffff88811923c540 R14: ffff88811923c5e8 R15: ffff8881c1bd9680\n FS: 0000000000000000(0000) GS:ffff88a04acd0000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f907c7a918c CR3: 0000000004024000 CR4: 0000000000350ef0\n Call Trace:\n \u003cTASK\u003e\n ? srso_return_thunk+0x5/0x5f\n btrfs_finish_ordered_io+0x4a/0x60 [btrfs]\n btrfs_work_helper+0xf9/0x490 [btrfs]\n process_one_work+0x204/0x590\n ? srso_return_thunk+0x5/0x5f\n worker_thread+0x1d6/0x3d0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x118/0x230\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x205/0x260\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nConsider process A calling writepages() with WB_SYNC_NONE. In zoned mode or\nfor compressed writes, it locks several folios for delalloc and starts\nwriting them out. Let's call the last locked folio folio X. Suppose the\nwrite range only partially covers folio X, leaving some pages dirty.\nProcess A calls btrfs_subpage_set_writeback() when building a bio. This\nfunction call clears the TOWRITE tag of folio X, whose size = 8K and\nthe block size = 4K. It is following state.\n\n 0 4K 8K\n |/////|/////| (flag: DIRTY, tag: DIRTY)\n \u003c-----\u003e Process A will write this range.\n\nNow suppose process B concurrently calls writepages() with WB_SYNC_ALL. It\ncalls tag_pages_for_writeback() to tag dirty folios with\nPAGECACHE_TAG_TOWRITE. Since folio X is still dirty, it gets tagged. Then,\nB collects tagged folios using filemap_get_folios_tag() and must wait for\nfolio X to be written before returning from writepages().\n\n 0 4K 8K\n |/////|/////| (flag: DIRTY, tag: DIRTY|TOWRITE)\n\nHowever, between tagging and collecting, process A may call\nbtrfs_subpage_set_writeback() and clear folio X's TOWRITE tag.\n 0 4K 8K\n | |/////| (flag: DIRTY|WRITEBACK, tag: DIRTY)\n\nAs a result, process B won't see folio X in its batch, and returns without\nwaiting for it. This breaks the WB_SYNC_ALL ordering requirement.\n\nFix this by using btrfs_subpage_set_writeback_keepwrite(), which retains\nthe TOWRITE tag. We now manually clear the tag only after the folio becomes\nclean, via the xas operation.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39779", "https://git.kernel.org/linus/b1511360c8ac882b0c52caa263620538e8d73220 (6.17-rc3)", "https://git.kernel.org/stable/c/3d61136945a7008fc90d013c3c67007ce0c96131", "https://git.kernel.org/stable/c/b1511360c8ac882b0c52caa263620538e8d73220", "https://git.kernel.org/stable/c/bce7a5c77a1e7a759e227b7713dde18c52da4759", "https://linux.oracle.com/cve/CVE-2025-39779.html", "https://linux.oracle.com/errata/ELSA-2025-25754.html", "https://lore.kernel.org/linux-cve-announce/2025091148-CVE-2025-39779-7d77@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39779", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39779" ], "PublishedDate": "2025-09-11T17:15:43.757Z", "LastModifiedDate": "2025-11-25T19:08:58.51Z" }, { "VulnerabilityID": "CVE-2025-39781", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39781", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f871db8fff8d806b24335d3f3693e21648844d3881c4cbafbae8b7aab1af5d40", "Title": "kernel: parisc: Drop WARN_ON_ONCE() from flush_cache_vmap", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nparisc: Drop WARN_ON_ONCE() from flush_cache_vmap\n\nI have observed warning to occassionally trigger.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "photon": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39781", "https://git.kernel.org/linus/4eab1c27ce1f0e89ab67b01bf1e4e4c75215708a (6.17-rc1)", "https://git.kernel.org/stable/c/4afb1352b85d7deb777694fba16d13c30c08776f", "https://git.kernel.org/stable/c/4eab1c27ce1f0e89ab67b01bf1e4e4c75215708a", "https://git.kernel.org/stable/c/69cf90e5aa50fe3cb0c1a63cabc4761db44b0035", "https://git.kernel.org/stable/c/8f8a07ad04da5b3c90fab61c33d4a8256a680591", "https://lore.kernel.org/linux-cve-announce/2025091149-CVE-2025-39781-eabe@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39781", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39781" ], "PublishedDate": "2025-09-11T17:15:44.04Z", "LastModifiedDate": "2025-11-25T18:49:43.003Z" }, { "VulnerabilityID": "CVE-2025-39789", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39789", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b7ca218739fe504914c7674eecfc5e8288bec3c8cd4f852bf2e63fa1fa7588f7", "Title": "kernel: crypto: x86/aegis - Add missing error checks", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: x86/aegis - Add missing error checks\n\nThe skcipher_walk functions can allocate memory and can fail, so\nchecking for errors is necessary.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39789", "https://git.kernel.org/linus/3d9eb180fbe8828cce43bce4c370124685b205c3 (6.17-rc1)", "https://git.kernel.org/stable/c/3d9eb180fbe8828cce43bce4c370124685b205c3", "https://git.kernel.org/stable/c/475104178f4d30e749ee4f5473c87f692b93bebb", "https://lore.kernel.org/linux-cve-announce/2025091152-CVE-2025-39789-8cdc@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39789", "https://www.cve.org/CVERecord?id=CVE-2025-39789" ], "PublishedDate": "2025-09-11T17:15:45.22Z", "LastModifiedDate": "2025-11-25T18:22:51.72Z" }, { "VulnerabilityID": "CVE-2025-39797", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39797", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:13618b49d6cf8c464cce12e328276b27973f11ead171fb2351b147c0e0280ba4", "Title": "kernel: xfrm: Duplicate SPI Handling", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: Duplicate SPI Handling\n\nThe issue originates when Strongswan initiates an XFRM_MSG_ALLOCSPI\nNetlink message, which triggers the kernel function xfrm_alloc_spi().\nThis function is expected to ensure uniqueness of the Security Parameter\nIndex (SPI) for inbound Security Associations (SAs). However, it can\nreturn success even when the requested SPI is already in use, leading\nto duplicate SPIs assigned to multiple inbound SAs, differentiated\nonly by their destination addresses.\n\nThis behavior causes inconsistencies during SPI lookups for inbound packets.\nSince the lookup may return an arbitrary SA among those with the same SPI,\npacket processing can fail, resulting in packet drops.\n\nAccording to RFC 4301 section 4.4.2 , for inbound processing a unicast SA\nis uniquely identified by the SPI and optionally protocol.\n\nReproducing the Issue Reliably:\nTo consistently reproduce the problem, restrict the available SPI range in\ncharon.conf : spi_min = 0x10000000 spi_max = 0x10000002\nThis limits the system to only 2 usable SPI values.\nNext, create more than 2 Child SA. each using unique pair of src/dst address.\nAs soon as the 3rd Child SA is initiated, it will be assigned a duplicate\nSPI, since the SPI pool is already exhausted.\nWith a narrow SPI range, the issue is consistently reproducible.\nWith a broader/default range, it becomes rare and unpredictable.\n\nCurrent implementation:\nxfrm_spi_hash() lookup function computes hash using daddr, proto, and family.\nSo if two SAs have the same SPI but different destination addresses, then\nthey will:\na. Hash into different buckets\nb. Be stored in different linked lists (byspi + h)\nc. Not be seen in the same hlist_for_each_entry_rcu() iteration.\nAs a result, the lookup will result in NULL and kernel allows that Duplicate SPI\n\nProposed Change:\nxfrm_state_lookup_spi_proto() does a truly global search - across all states,\nregardless of hash bucket and matches SPI and proto.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39797", "https://git.kernel.org/linus/94f39804d891cffe4ce17737d295f3b195bc7299 (6.17-rc1)", "https://git.kernel.org/stable/c/29e9158f91f99057dbd35db5e8674d93b38549fe", "https://git.kernel.org/stable/c/2fc5b54368a1bf1d2d74b4d3b8eea5309a653e38", "https://git.kernel.org/stable/c/3d8090bb53424432fa788fe9a49e8ceca74f0544", "https://git.kernel.org/stable/c/94f39804d891cffe4ce17737d295f3b195bc7299", "https://git.kernel.org/stable/c/c67d4e7a8f90fb6361ca89d4d5c9a28f4e935e47", "https://linux.oracle.com/cve/CVE-2025-39797.html", "https://linux.oracle.com/errata/ELSA-2025-20662.html", "https://lore.kernel.org/linux-cve-announce/2025091224-CVE-2025-39797-b0f7@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39797", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39797" ], "PublishedDate": "2025-09-12T16:15:34.137Z", "LastModifiedDate": "2025-11-24T18:04:53.373Z" }, { "VulnerabilityID": "CVE-2025-39800", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39800", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4c63d356ce1cf9cbebf6a2d950d4e3f38d20b854bc67dbddab2a825a9ce7a47e", "Title": "kernel: Linux kernel (btrfs): Denial of Service due to unexpected metadata generation", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: abort transaction on unexpected eb generation at btrfs_copy_root()\n\nIf we find an unexpected generation for the extent buffer we are cloning\nat btrfs_copy_root(), we just WARN_ON() and don't error out and abort the\ntransaction, meaning we allow to persist metadata with an unexpected\ngeneration. Instead of warning only, abort the transaction and return\n-EUCLEAN.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39800", "https://git.kernel.org/linus/33e8f24b52d2796b8cfb28c19a1a7dd6476323a8 (6.17-rc1)", "https://git.kernel.org/stable/c/33e8f24b52d2796b8cfb28c19a1a7dd6476323a8", "https://git.kernel.org/stable/c/4290e34fb87ae556b12c216efd0ae91583446b7a", "https://git.kernel.org/stable/c/4734255ef39b416864139dcda96a387fe5f33a6a", "https://git.kernel.org/stable/c/da2124719f386b6e5d4d4b1a2e67c440e4d5892f", "https://git.kernel.org/stable/c/f4f5bd9251a4cbe55aaa05725c6c3c32ad1f74b3", "https://linux.oracle.com/cve/CVE-2025-39800.html", "https://linux.oracle.com/errata/ELSA-2025-25754.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025091549-CVE-2025-39800-6b30@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39800", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39800" ], "PublishedDate": "2025-09-15T13:15:35.467Z", "LastModifiedDate": "2026-01-16T20:06:47.967Z" }, { "VulnerabilityID": "CVE-2025-39810", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39810", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:22efc1ca5e9fa986ccc849e510f907dd83d33dc8e7e397c52b4a101f08b5ab50", "Title": "kernel: bnxt_en: Fix memory corruption when FW resources change during ifdown", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix memory corruption when FW resources change during ifdown\n\nbnxt_set_dflt_rings() assumes that it is always called before any TC has\nbeen created. So it doesn't take bp-\u003enum_tc into account and assumes\nthat it is always 0 or 1.\n\nIn the FW resource or capability change scenario, the FW will return\nflags in bnxt_hwrm_if_change() that will cause the driver to\nreinitialize and call bnxt_cancel_reservations(). This will lead to\nbnxt_init_dflt_ring_mode() calling bnxt_set_dflt_rings() and bp-\u003enum_tc\nmay be greater than 1. This will cause bp-\u003etx_ring[] to be sized too\nsmall and cause memory corruption in bnxt_alloc_cp_rings().\n\nFix it by properly scaling the TX rings by bp-\u003enum_tc in the code\npaths mentioned above. Add 2 helper functions to determine\nbp-\u003etx_nr_rings and bp-\u003etx_nr_rings_per_tc.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "V3Score": 5.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39810", "https://git.kernel.org/linus/2747328ba2714f1a7454208dbbc1dc0631990b4a (6.17-rc4)", "https://git.kernel.org/stable/c/2747328ba2714f1a7454208dbbc1dc0631990b4a", "https://git.kernel.org/stable/c/9ab6a9950f152e094395d2e3967f889857daa185", "https://git.kernel.org/stable/c/d00e98977ef519280b075d783653e2c492fffbb6", "https://linux.oracle.com/cve/CVE-2025-39810.html", "https://linux.oracle.com/errata/ELSA-2026-50007.html", "https://lore.kernel.org/linux-cve-announce/2025091614-CVE-2025-39810-ed5c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39810", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39810" ], "PublishedDate": "2025-09-16T13:15:53.543Z", "LastModifiedDate": "2026-01-14T19:16:42.327Z" }, { "VulnerabilityID": "CVE-2025-39819", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39819", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b528665a68cd7943eea1b546718b4a95ac1741289932b1b7d9fd4ca9f9dcffaf", "Title": "kernel: Linux kernel: Denial of Service via resource leak in SMB2 compound operations", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/smb: Fix inconsistent refcnt update\n\nA possible inconsistent update of refcount was identified in `smb2_compound_op`.\nSuch inconsistent update could lead to possible resource leaks.\n\nWhy it is a possible bug:\n1. In the comment section of the function, it clearly states that the\nreference to `cfile` should be dropped after calling this function.\n2. Every control flow path would check and drop the reference to\n`cfile`, except the patched one.\n3. Existing callers would not handle refcount update of `cfile` if\n-ENOMEM is returned.\n\nTo fix the bug, an extra goto label \"out\" is added, to make sure that the\ncleanup logic would always be respected. As the problem is caused by the\nallocation failure of `vars`, the cleanup logic between label \"finished\"\nand \"out\" can be safely ignored. According to the definition of function\n`is_replayable_error`, the error code of \"-ENOMEM\" is not recoverable.\nTherefore, the replay logic also gets ignored.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39819", "https://bugzilla.redhat.com/show_bug.cgi?id=2393507", "https://bugzilla.redhat.com/show_bug.cgi?id=2393731", "https://bugzilla.redhat.com/show_bug.cgi?id=2394624", "https://bugzilla.redhat.com/show_bug.cgi?id=2395806", "https://bugzilla.redhat.com/show_bug.cgi?id=2395880", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-53331", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39718", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39730", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39751", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39819", "https://errata.rockylinux.org/RLSA-2025:19105", "https://git.kernel.org/linus/ab529e6ca1f67bcf31f3ea80c72bffde2e9e053e (6.17-rc4)", "https://git.kernel.org/stable/c/3fc11ff13fbc2749871d6ac2141685cf54699997", "https://git.kernel.org/stable/c/4191ea1f0bb3e27d65c5dcde7bd00e709ec67141", "https://git.kernel.org/stable/c/4735f5991f51468b85affb8366b7067248457a71", "https://git.kernel.org/stable/c/ab529e6ca1f67bcf31f3ea80c72bffde2e9e053e", "https://git.kernel.org/stable/c/cc82c6dff548f0066a51a6e577c7454e7d26a968", "https://linux.oracle.com/cve/CVE-2025-39819.html", "https://linux.oracle.com/errata/ELSA-2025-25754.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025091615-CVE-2025-39819-d3c9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39819", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39819" ], "PublishedDate": "2025-09-16T13:15:58.26Z", "LastModifiedDate": "2026-01-16T20:09:10.52Z" }, { "VulnerabilityID": "CVE-2025-39825", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39825", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b0f20bfd70706fe3ddb0dbcbd477384ad19399cd27a2769de30e630ad1dc08b4", "Title": "kernel: smb: client: fix race with concurrent opens in rename(2)", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix race with concurrent opens in rename(2)\n\nBesides sending the rename request to the server, the rename process\nalso involves closing any deferred close, waiting for outstanding I/O\nto complete as well as marking all existing open handles as deleted to\nprevent them from deferring closes, which increases the race window\nfor potential concurrent opens on the target file.\n\nFix this by unhashing the dentry in advance to prevent any concurrent\nopens on the target.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:22388", "https://access.redhat.com/security/cve/CVE-2025-39825", "https://bugzilla.redhat.com/2393172", "https://bugzilla.redhat.com/2395792", "https://bugzilla.redhat.com/2397553", "https://bugzilla.redhat.com/2400598", "https://bugzilla.redhat.com/2400795", "https://bugzilla.redhat.com/2402699", "https://bugzilla.redhat.com/show_bug.cgi?id=2393172", "https://bugzilla.redhat.com/show_bug.cgi?id=2395792", "https://bugzilla.redhat.com/show_bug.cgi?id=2397553", "https://bugzilla.redhat.com/show_bug.cgi?id=2400598", "https://bugzilla.redhat.com/show_bug.cgi?id=2400795", "https://bugzilla.redhat.com/show_bug.cgi?id=2402699", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-53513", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39825", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39883", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39898", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39955", "https://errata.almalinux.org/8/ALSA-2025-22388.html", "https://errata.rockylinux.org/RLSA-2025:22388", "https://git.kernel.org/linus/d84291fc7453df7881a970716f8256273aca5747 (6.17-rc2)", "https://git.kernel.org/stable/c/24b9ed739c8c5b464d983e12cf308982f3ae93c2", "https://git.kernel.org/stable/c/289f945acb20b9b54fe4d13895e44aa58965ddb2", "https://git.kernel.org/stable/c/c9991af5e09924f6f3b3e6996a5e09f9504b4358", "https://git.kernel.org/stable/c/c9e7de284da0be5b44dbe79d71573f9f7f9b144c", "https://git.kernel.org/stable/c/d84291fc7453df7881a970716f8256273aca5747", "https://linux.oracle.com/cve/CVE-2025-39825.html", "https://linux.oracle.com/errata/ELSA-2025-25754.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025091616-CVE-2025-39825-8a7a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39825", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39825" ], "PublishedDate": "2025-09-16T13:16:01.78Z", "LastModifiedDate": "2026-01-16T20:37:11.19Z" }, { "VulnerabilityID": "CVE-2025-39826", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39826", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b9066703b6b138b432d7c501d773b5575d6a30d71bc37e997cdc800e86238560", "Title": "kernel: net: rose: convert 'use' field to refcount_t", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rose: convert 'use' field to refcount_t\n\nThe 'use' field in struct rose_neigh is used as a reference counter but\nlacks atomicity. This can lead to race conditions where a rose_neigh\nstructure is freed while still being referenced by other code paths.\n\nFor example, when rose_neigh-\u003euse becomes zero during an ioctl operation\nvia rose_rt_ioctl(), the structure may be removed while its timer is\nstill active, potentially causing use-after-free issues.\n\nThis patch changes the type of 'use' from unsigned short to refcount_t and\nupdates all code paths to use rose_neigh_hold() and rose_neigh_put() which\noperate reference counts atomically.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 2, "nvd": 3, "photon": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39826", "https://git.kernel.org/linus/d860d1faa6b2ce3becfdb8b0c2b048ad31800061 (6.17-rc4)", "https://git.kernel.org/stable/c/0085b250fcc79f900c82a69980ec2f3e1871823b", "https://git.kernel.org/stable/c/203e4f42596ede31498744018716a3db6dbb7f51", "https://git.kernel.org/stable/c/d860d1faa6b2ce3becfdb8b0c2b048ad31800061", "https://git.kernel.org/stable/c/f8c29fc437d03a98fb075c31c5be761cc8326284", "https://git.kernel.org/stable/c/fb07156cc0742ba4e93dfcc84280c011d05b301f", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025091616-CVE-2025-39826-e096@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39826", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39826" ], "PublishedDate": "2025-09-16T13:16:02.29Z", "LastModifiedDate": "2026-01-16T20:36:13.207Z" }, { "VulnerabilityID": "CVE-2025-39827", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39827", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ccb90c7d3805f7ac7507c0b2e4e5aa736e7d400045bf9041712d5835da7cf9f6", "Title": "kernel: net: rose: include node references in rose_neigh refcount", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rose: include node references in rose_neigh refcount\n\nCurrent implementation maintains two separate reference counting\nmechanisms: the 'count' field in struct rose_neigh tracks references from\nrose_node structures, while the 'use' field (now refcount_t) tracks\nreferences from rose_sock.\n\nThis patch merges these two reference counting systems using 'use' field\nfor proper reference management. Specifically, this patch adds incrementing\nand decrementing of rose_neigh-\u003euse when rose_neigh-\u003ecount is incremented\nor decremented.\n\nThis patch also modifies rose_rt_free(), rose_rt_device_down() and\nrose_clear_route() to properly release references to rose_neigh objects\nbefore freeing a rose_node through rose_remove_node().\n\nThese changes ensure rose_neigh structures are properly freed only when\nall references, including those from rose_node structures, are released.\nAs a result, this resolves a slab-use-after-free issue reported by Syzbot.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39827", "https://git.kernel.org/linus/da9c9c877597170b929a6121a68dcd3dd9a80f45 (6.17-rc4)", "https://git.kernel.org/stable/c/384210cceb1873a4c8218b27ba0745444436b728", "https://git.kernel.org/stable/c/4cce478c3e82a5fc788d72adb2f4c4e983997639", "https://git.kernel.org/stable/c/9c547c8eee9d1cf6e744611d688b9f725cf9a115", "https://git.kernel.org/stable/c/d7563b456ed44151e1a82091d96f60166daea89b", "https://git.kernel.org/stable/c/da9c9c877597170b929a6121a68dcd3dd9a80f45", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025091617-CVE-2025-39827-0c7c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39827", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39827" ], "PublishedDate": "2025-09-16T13:16:02.873Z", "LastModifiedDate": "2026-01-16T20:35:06.037Z" }, { "VulnerabilityID": "CVE-2025-39829", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39829", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e450b9e18b6a5814ed3d88346454457617c8b164a00897cd3106dfd4e9cf6a0c", "Title": "kernel: trace/fgraph: Fix the warning caused by missing unregister notifier", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntrace/fgraph: Fix the warning caused by missing unregister notifier\n\nThis warning was triggered during testing on v6.16:\n\nnotifier callback ftrace_suspend_notifier_call already registered\nWARNING: CPU: 2 PID: 86 at kernel/notifier.c:23 notifier_chain_register+0x44/0xb0\n...\nCall Trace:\n \u003cTASK\u003e\n blocking_notifier_chain_register+0x34/0x60\n register_ftrace_graph+0x330/0x410\n ftrace_profile_write+0x1e9/0x340\n vfs_write+0xf8/0x420\n ? filp_flush+0x8a/0xa0\n ? filp_close+0x1f/0x30\n ? do_dup2+0xaf/0x160\n ksys_write+0x65/0xe0\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nWhen writing to the function_profile_enabled interface, the notifier was\nnot unregistered after start_graph_tracing failed, causing a warning the\nnext time function_profile_enabled was written.\n\nFixed by adding unregister_pm_notifier in the exception path.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39829", "https://git.kernel.org/linus/edede7a6dcd7435395cf757d053974aaab6ab1c2 (6.17-rc3)", "https://git.kernel.org/stable/c/000aa47a51233fd38a629b029478e0278e1e9fbe", "https://git.kernel.org/stable/c/2a2deb9f8df70480050351ac27041f19bb9e718b", "https://git.kernel.org/stable/c/edede7a6dcd7435395cf757d053974aaab6ab1c2", "https://linux.oracle.com/cve/CVE-2025-39829.html", "https://linux.oracle.com/errata/ELSA-2025-25754.html", "https://lore.kernel.org/linux-cve-announce/2025091617-CVE-2025-39829-2ef1@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39829", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39829" ], "PublishedDate": "2025-09-16T13:16:03.887Z", "LastModifiedDate": "2026-01-14T19:16:43.763Z" }, { "VulnerabilityID": "CVE-2025-39833", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39833", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c2929af52f251f6cf2868fa6423cd980ce95b8fc6a3b44486b6db7235f7a3232", "Title": "kernel: mISDN: hfcpci: Fix warning when deleting uninitialized timer", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmISDN: hfcpci: Fix warning when deleting uninitialized timer\n\nWith CONFIG_DEBUG_OBJECTS_TIMERS unloading hfcpci module leads\nto the following splat:\n\n[ 250.215892] ODEBUG: assert_init not available (active state 0) object: ffffffffc01a3dc0 object type: timer_list hint: 0x0\n[ 250.217520] WARNING: CPU: 0 PID: 233 at lib/debugobjects.c:612 debug_print_object+0x1b6/0x2c0\n[ 250.218775] Modules linked in: hfcpci(-) mISDN_core\n[ 250.219537] CPU: 0 UID: 0 PID: 233 Comm: rmmod Not tainted 6.17.0-rc2-g6f713187ac98 #2 PREEMPT(voluntary)\n[ 250.220940] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 250.222377] RIP: 0010:debug_print_object+0x1b6/0x2c0\n[ 250.223131] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 4f 41 56 48 8b 14 dd a0 4e 01 9f 48 89 ee 48 c7 c7 20 46 01 9f e8 cb 84d\n[ 250.225805] RSP: 0018:ffff888015ea7c08 EFLAGS: 00010286\n[ 250.226608] RAX: 0000000000000000 RBX: 0000000000000005 RCX: ffffffff9be93a95\n[ 250.227708] RDX: 1ffff1100d945138 RSI: 0000000000000008 RDI: ffff88806ca289c0\n[ 250.228993] RBP: ffffffff9f014a00 R08: 0000000000000001 R09: ffffed1002bd4f39\n[ 250.230043] R10: ffff888015ea79cf R11: 0000000000000001 R12: 0000000000000001\n[ 250.231185] R13: ffffffff9eea0520 R14: 0000000000000000 R15: ffff888015ea7cc8\n[ 250.232454] FS: 00007f3208f01540(0000) GS:ffff8880caf5a000(0000) knlGS:0000000000000000\n[ 250.233851] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 250.234856] CR2: 00007f32090a7421 CR3: 0000000004d63000 CR4: 00000000000006f0\n[ 250.236117] Call Trace:\n[ 250.236599] \u003cTASK\u003e\n[ 250.236967] ? trace_irq_enable.constprop.0+0xd4/0x130\n[ 250.237920] debug_object_assert_init+0x1f6/0x310\n[ 250.238762] ? __pfx_debug_object_assert_init+0x10/0x10\n[ 250.239658] ? __lock_acquire+0xdea/0x1c70\n[ 250.240369] __try_to_del_timer_sync+0x69/0x140\n[ 250.241172] ? __pfx___try_to_del_timer_sync+0x10/0x10\n[ 250.242058] ? __timer_delete_sync+0xc6/0x120\n[ 250.242842] ? lock_acquire+0x30/0x80\n[ 250.243474] ? __timer_delete_sync+0xc6/0x120\n[ 250.244262] __timer_delete_sync+0x98/0x120\n[ 250.245015] HFC_cleanup+0x10/0x20 [hfcpci]\n[ 250.245704] __do_sys_delete_module+0x348/0x510\n[ 250.246461] ? __pfx___do_sys_delete_module+0x10/0x10\n[ 250.247338] do_syscall_64+0xc1/0x360\n[ 250.247924] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFix this by initializing hfc_tl timer with DEFINE_TIMER macro.\nAlso, use mod_timer instead of manual timeout update.", "Severity": "MEDIUM", "CweIDs": [ "CWE-908" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39833", "https://git.kernel.org/linus/97766512a9951b9fd6fc97f1b93211642bb0b220 (6.17-rc4)", "https://git.kernel.org/stable/c/43fc5da8133badf17f5df250ba03b9d882254845", "https://git.kernel.org/stable/c/97766512a9951b9fd6fc97f1b93211642bb0b220", "https://lore.kernel.org/linux-cve-announce/2025091657-CVE-2025-39833-c2ef@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39833", "https://www.cve.org/CVERecord?id=CVE-2025-39833" ], "PublishedDate": "2025-09-16T14:15:51.58Z", "LastModifiedDate": "2026-01-14T19:16:44.403Z" }, { "VulnerabilityID": "CVE-2025-39838", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39838", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:53160c47ed967047814966779ffb3c9386d727f001a122e0bde85bc58215c442", "Title": "kernel: cifs: prevent NULL pointer dereference in UTF16 conversion", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: prevent NULL pointer dereference in UTF16 conversion\n\nThere can be a NULL pointer dereference bug here. NULL is passed to\n__cifs_sfu_make_node without checks, which passes it unchecked to\ncifs_strndup_to_utf16, which in turn passes it to\ncifs_local_to_utf16_bytes where '*from' is dereferenced, causing a crash.\n\nThis patch adds a check for NULL 'src' in cifs_strndup_to_utf16 and\nreturns NULL early to prevent dereferencing NULL pointer.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39838", "https://git.kernel.org/linus/70bccd9855dae56942f2b18a08ba137bb54093a0 (6.17-rc5)", "https://git.kernel.org/stable/c/1cfa5dd05847137f0fb3ce74ced80c0b4858d716", "https://git.kernel.org/stable/c/1f797f062b5cf13a1c2bcc23285361baaa7c9260", "https://git.kernel.org/stable/c/3c26a8d30ed6b53a52a023ec537dc50a6d34a67a", "https://git.kernel.org/stable/c/65b98a7e65e7a8f3894d8760cd194eaf20504c99", "https://git.kernel.org/stable/c/70bccd9855dae56942f2b18a08ba137bb54093a0", "https://linux.oracle.com/cve/CVE-2025-39838.html", "https://linux.oracle.com/errata/ELSA-2025-25754.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025091902-CVE-2025-39838-2a5d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39838", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39838" ], "PublishedDate": "2025-09-19T16:15:42.457Z", "LastModifiedDate": "2026-01-23T02:34:16.11Z" }, { "VulnerabilityID": "CVE-2025-39850", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39850", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6d0a634f793964729d8cd5003d5dbdbb51fedb022a3f04ee33aa00e3ae426973", "Title": "kernel: vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects\n\nWhen the \"proxy\" option is enabled on a VXLAN device, the device will\nsuppress ARP requests and IPv6 Neighbor Solicitation messages if it is\nable to reply on behalf of the remote host. That is, if a matching and\nvalid neighbor entry is configured on the VXLAN device whose MAC address\nis not behind the \"any\" remote (0.0.0.0 / ::).\n\nThe code currently assumes that the FDB entry for the neighbor's MAC\naddress points to a valid remote destination, but this is incorrect if\nthe entry is associated with an FDB nexthop group. This can result in a\nNPD [1][3] which can be reproduced using [2][4].\n\nFix by checking that the remote destination exists before dereferencing\nit.\n\n[1]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n[...]\nCPU: 4 UID: 0 PID: 365 Comm: arping Not tainted 6.17.0-rc2-virtme-g2a89cb21162c #2 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-4.fc41 04/01/2014\nRIP: 0010:vxlan_xmit+0xb58/0x15f0\n[...]\nCall Trace:\n \u003cTASK\u003e\n dev_hard_start_xmit+0x5d/0x1c0\n __dev_queue_xmit+0x246/0xfd0\n packet_sendmsg+0x113a/0x1850\n __sock_sendmsg+0x38/0x70\n __sys_sendto+0x126/0x180\n __x64_sys_sendto+0x24/0x30\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n[2]\n #!/bin/bash\n\n ip address add 192.0.2.1/32 dev lo\n\n ip nexthop add id 1 via 192.0.2.2 fdb\n ip nexthop add id 10 group 1 fdb\n\n ip link add name vx0 up type vxlan id 10010 local 192.0.2.1 dstport 4789 proxy\n\n ip neigh add 192.0.2.3 lladdr 00:11:22:33:44:55 nud perm dev vx0\n\n bridge fdb add 00:11:22:33:44:55 dev vx0 self static nhid 10\n\n arping -b -c 1 -s 192.0.2.1 -I vx0 192.0.2.3\n\n[3]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n[...]\nCPU: 13 UID: 0 PID: 372 Comm: ndisc6 Not tainted 6.17.0-rc2-virtmne-g6ee90cb26014 #3 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1v996), BIOS 1.17.0-4.fc41 04/01/2x014\nRIP: 0010:vxlan_xmit+0x803/0x1600\n[...]\nCall Trace:\n \u003cTASK\u003e\n dev_hard_start_xmit+0x5d/0x1c0\n __dev_queue_xmit+0x246/0xfd0\n ip6_finish_output2+0x210/0x6c0\n ip6_finish_output+0x1af/0x2b0\n ip6_mr_output+0x92/0x3e0\n ip6_send_skb+0x30/0x90\n rawv6_sendmsg+0xe6e/0x12e0\n __sock_sendmsg+0x38/0x70\n __sys_sendto+0x126/0x180\n __x64_sys_sendto+0x24/0x30\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\nRIP: 0033:0x7f383422ec77\n\n[4]\n #!/bin/bash\n\n ip address add 2001:db8:1::1/128 dev lo\n\n ip nexthop add id 1 via 2001:db8:1::1 fdb\n ip nexthop add id 10 group 1 fdb\n\n ip link add name vx0 up type vxlan id 10010 local 2001:db8:1::1 dstport 4789 proxy\n\n ip neigh add 2001:db8:1::3 lladdr 00:11:22:33:44:55 nud perm dev vx0\n\n bridge fdb add 00:11:22:33:44:55 dev vx0 self static nhid 10\n\n ndisc6 -r 1 -s 2001:db8:1::1 -w 1 2001:db8:1::3 vx0", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39850", "https://git.kernel.org/linus/1f5d2fd1ca04a23c18b1bde9a43ce2fa2ffa1bce (6.17-rc5)", "https://git.kernel.org/stable/c/1f5d2fd1ca04a23c18b1bde9a43ce2fa2ffa1bce", "https://git.kernel.org/stable/c/8cfa0f076842f9b3b4eb52ae0e41d16e25cbf8fa", "https://git.kernel.org/stable/c/e211e3f4199ac829bd493632efcd131d337cba9d", "https://linux.oracle.com/cve/CVE-2025-39850.html", "https://linux.oracle.com/errata/ELSA-2025-25754.html", "https://lore.kernel.org/linux-cve-announce/2025091904-CVE-2025-39850-a495@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39850", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39850" ], "PublishedDate": "2025-09-19T16:15:43.873Z", "LastModifiedDate": "2026-01-14T20:16:07.9Z" }, { "VulnerabilityID": "CVE-2025-39851", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39851", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f6e6d3315eefafcf28f29ddda9a2548f03defbaccb29f09873c52e3e5c432d09", "Title": "kernel: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: Fix NPD when refreshing an FDB entry with a nexthop object\n\nVXLAN FDB entries can point to either a remote destination or an FDB\nnexthop group. The latter is usually used in EVPN deployments where\nlearning is disabled.\n\nHowever, when learning is enabled, an incoming packet might try to\nrefresh an FDB entry that points to an FDB nexthop group and therefore\ndoes not have a remote. Such packets should be dropped, but they are\nonly dropped after dereferencing the non-existent remote, resulting in a\nNPD [1] which can be reproduced using [2].\n\nFix by dropping such packets earlier. Remove the misleading comment from\nfirst_remote_rcu().\n\n[1]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n[...]\nCPU: 13 UID: 0 PID: 361 Comm: mausezahn Not tainted 6.17.0-rc1-virtme-g9f6b606b6b37 #1 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-4.fc41 04/01/2014\nRIP: 0010:vxlan_snoop+0x98/0x1e0\n[...]\nCall Trace:\n \u003cTASK\u003e\n vxlan_encap_bypass+0x209/0x240\n encap_bypass_if_local+0xb1/0x100\n vxlan_xmit_one+0x1375/0x17e0\n vxlan_xmit+0x6b4/0x15f0\n dev_hard_start_xmit+0x5d/0x1c0\n __dev_queue_xmit+0x246/0xfd0\n packet_sendmsg+0x113a/0x1850\n __sock_sendmsg+0x38/0x70\n __sys_sendto+0x126/0x180\n __x64_sys_sendto+0x24/0x30\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n[2]\n #!/bin/bash\n\n ip address add 192.0.2.1/32 dev lo\n ip address add 192.0.2.2/32 dev lo\n\n ip nexthop add id 1 via 192.0.2.3 fdb\n ip nexthop add id 10 group 1 fdb\n\n ip link add name vx0 up type vxlan id 10010 local 192.0.2.1 dstport 12345 localbypass\n ip link add name vx1 up type vxlan id 10020 local 192.0.2.2 dstport 54321 learning\n\n bridge fdb add 00:11:22:33:44:55 dev vx0 self static dst 192.0.2.2 port 54321 vni 10020\n bridge fdb add 00:aa:bb:cc:dd:ee dev vx1 self static nhid 10\n\n mausezahn vx0 -a 00:aa:bb:cc:dd:ee -b 00:11:22:33:44:55 -c 1 -q", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39851", "https://git.kernel.org/linus/6ead38147ebb813f08be6ea8ef547a0e4c09559a (6.17-rc5)", "https://git.kernel.org/stable/c/0e8630f24c14d9c655d19eabe2e52a9e9f713307", "https://git.kernel.org/stable/c/4ff4f3104da6507e0f118c63c4560dfdeb59dce3", "https://git.kernel.org/stable/c/6ead38147ebb813f08be6ea8ef547a0e4c09559a", "https://linux.oracle.com/cve/CVE-2025-39851.html", "https://linux.oracle.com/errata/ELSA-2025-25754.html", "https://lore.kernel.org/linux-cve-announce/2025091904-CVE-2025-39851-8a50@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39851", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39851" ], "PublishedDate": "2025-09-19T16:15:43.983Z", "LastModifiedDate": "2026-01-14T20:16:08.077Z" }, { "VulnerabilityID": "CVE-2025-39859", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39859", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f01229db98ec3393e8410a4c2701a3c2fccdf0c8de768ccde0b965db7404f575", "Title": "kernel: ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog\n\nThe ptp_ocp_detach() only shuts down the watchdog timer if it is\npending. However, if the timer handler is already running, the\ntimer_delete_sync() is not called. This leads to race conditions\nwhere the devlink that contains the ptp_ocp is deallocated while\nthe timer handler is still accessing it, resulting in use-after-free\nbugs. The following details one of the race scenarios.\n\n(thread 1) | (thread 2)\nptp_ocp_remove() |\n ptp_ocp_detach() | ptp_ocp_watchdog()\n if (timer_pending(\u0026bp-\u003ewatchdog))| bp = timer_container_of()\n timer_delete_sync() |\n |\n devlink_free(devlink) //free |\n | bp-\u003e //use\n\nResolve this by unconditionally calling timer_delete_sync() to ensure\nthe timer is reliably deactivated, preventing any access after free.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39859", "https://git.kernel.org/linus/8bf935cf789872350b04c1a6468b0a509f67afb2 (6.17-rc5)", "https://git.kernel.org/stable/c/8bf935cf789872350b04c1a6468b0a509f67afb2", "https://git.kernel.org/stable/c/f10d3c7267ac7387a5129d5506c3c5f2460cfd9b", "https://lore.kernel.org/linux-cve-announce/2025091905-CVE-2025-39859-52d5@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39859", "https://www.cve.org/CVERecord?id=CVE-2025-39859" ], "PublishedDate": "2025-09-19T16:15:44.867Z", "LastModifiedDate": "2026-01-14T20:16:09.047Z" }, { "VulnerabilityID": "CVE-2025-39863", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39863", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:615333281a4412680be2eb4395b7be1f5f97f23e70045effb38056d8fa85110e", "Title": "kernel: wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work\n\nThe brcmf_btcoex_detach() only shuts down the btcoex timer, if the\nflag timer_on is false. However, the brcmf_btcoex_timerfunc(), which\nruns as timer handler, sets timer_on to false. This creates critical\nrace conditions:\n\n1.If brcmf_btcoex_detach() is called while brcmf_btcoex_timerfunc()\nis executing, it may observe timer_on as false and skip the call to\ntimer_shutdown_sync().\n\n2.The brcmf_btcoex_timerfunc() may then reschedule the brcmf_btcoex_info\nworker after the cancel_work_sync() has been executed, resulting in\nuse-after-free bugs.\n\nThe use-after-free bugs occur in two distinct scenarios, depending on\nthe timing of when the brcmf_btcoex_info struct is freed relative to\nthe execution of its worker thread.\n\nScenario 1: Freed before the worker is scheduled\n\nThe brcmf_btcoex_info is deallocated before the worker is scheduled.\nA race condition can occur when schedule_work(\u0026bt_local-\u003ework) is\ncalled after the target memory has been freed. The sequence of events\nis detailed below:\n\nCPU0 | CPU1\nbrcmf_btcoex_detach | brcmf_btcoex_timerfunc\n | bt_local-\u003etimer_on = false;\n if (cfg-\u003ebtcoex-\u003etimer_on) |\n ... |\n cancel_work_sync(); |\n ... |\n kfree(cfg-\u003ebtcoex); // FREE |\n | schedule_work(\u0026bt_local-\u003ework); // USE\n\nScenario 2: Freed after the worker is scheduled\n\nThe brcmf_btcoex_info is freed after the worker has been scheduled\nbut before or during its execution. In this case, statements within\nthe brcmf_btcoex_handler() — such as the container_of macro and\nsubsequent dereferences of the brcmf_btcoex_info object will cause\na use-after-free access. The following timeline illustrates this\nscenario:\n\nCPU0 | CPU1\nbrcmf_btcoex_detach | brcmf_btcoex_timerfunc\n | bt_local-\u003etimer_on = false;\n if (cfg-\u003ebtcoex-\u003etimer_on) |\n ... |\n cancel_work_sync(); |\n ... | schedule_work(); // Reschedule\n |\n kfree(cfg-\u003ebtcoex); // FREE | brcmf_btcoex_handler() // Worker\n /* | btci = container_of(....); // USE\n The kfree() above could | ...\n also occur at any point | btci-\u003e // USE\n during the worker's execution|\n */ |\n\nTo resolve the race conditions, drop the conditional check and call\ntimer_shutdown_sync() directly. It can deactivate the timer reliably,\nregardless of its current state. Once stopped, the timer_on state is\nthen set to false.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 3, "nvd": 3, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39863", "https://git.kernel.org/linus/9cb83d4be0b9b697eae93d321e0da999f9cdfcfc (6.17-rc5)", "https://git.kernel.org/stable/c/2f6fbc8e04ca1d1d5c560be694199f847229c625", "https://git.kernel.org/stable/c/3e789f8475f6c857c88de5c5bf4b24b11a477dd7", "https://git.kernel.org/stable/c/9cb83d4be0b9b697eae93d321e0da999f9cdfcfc", "https://git.kernel.org/stable/c/ae58f70bde0433f27ef4b388ab50634736607bf6", "https://git.kernel.org/stable/c/f1150153c4e5940fe49ab51136343c5b4fe49d63", "https://linux.oracle.com/cve/CVE-2025-39863.html", "https://linux.oracle.com/errata/ELSA-2025-25754.html", "https://lore.kernel.org/linux-cve-announce/2025091906-CVE-2025-39863-874e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39863", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39863" ], "PublishedDate": "2025-09-19T16:15:45.31Z", "LastModifiedDate": "2026-03-25T11:16:12.207Z" }, { "VulnerabilityID": "CVE-2025-39869", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39869", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:92a68d7b7de6b03b478077eb3e98ba127079ba632f36225aaee59bbdc8a631f5", "Title": "kernel: dmaengine: ti: edma: Fix memory allocation size for queue_priority_map", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: ti: edma: Fix memory allocation size for queue_priority_map\n\nFix a critical memory allocation bug in edma_setup_from_hw() where\nqueue_priority_map was allocated with insufficient memory. The code\ndeclared queue_priority_map as s8 (*)[2] (pointer to array of 2 s8),\nbut allocated memory using sizeof(s8) instead of the correct size.\n\nThis caused out-of-bounds memory writes when accessing:\n queue_priority_map[i][0] = i;\n queue_priority_map[i][1] = i;\n\nThe bug manifested as kernel crashes with \"Oops - undefined instruction\"\non ARM platforms (BeagleBoard-X15) during EDMA driver probe, as the\nmemory corruption triggered kernel hardening features on Clang.\n\nChange the allocation to use sizeof(*queue_priority_map) which\nautomatically gets the correct size for the 2D array structure.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "nvd": 3, "photon": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39869", "https://git.kernel.org/linus/e63419dbf2ceb083c1651852209c7f048089ac0f (6.17-rc6)", "https://git.kernel.org/stable/c/069fd1688c57c0cc8a3de64d108579b31676f74b", "https://git.kernel.org/stable/c/1baed10553fc8b388351d8fc803e3ae6f1a863bc", "https://git.kernel.org/stable/c/301a96cc4dc006c9a285913d301e681cfbf7edb6", "https://git.kernel.org/stable/c/5e462fa0dfdb52b3983cf41532d3d4c7d63e2f93", "https://git.kernel.org/stable/c/7d4de60d6db02d9b01d5890d5156b04fad65d07a", "https://git.kernel.org/stable/c/d5e82f3f2c918d446df46e8d65f8083fd97cdec5", "https://git.kernel.org/stable/c/d722de80ce037dccf6931e778f4a46499d51bdf9", "https://git.kernel.org/stable/c/e63419dbf2ceb083c1651852209c7f048089ac0f", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025092359-CVE-2025-39869-6005@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39869", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-39869" ], "PublishedDate": "2025-09-23T06:15:46.097Z", "LastModifiedDate": "2026-01-20T20:41:15.407Z" }, { "VulnerabilityID": "CVE-2025-39873", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39873", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c3c411fa01c0817f7879ebc66c2003ea0f025c4d745f0dd6622e53d55db622b8", "Title": "kernel: can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB\n\ncan_put_echo_skb() takes ownership of the SKB and it may be freed\nduring or after the call.\n\nHowever, xilinx_can xcan_write_frame() keeps using SKB after the call.\n\nFix that by only calling can_put_echo_skb() after the code is done\ntouching the SKB.\n\nThe tx_lock is held for the entire xcan_write_frame() execution and\nalso on the can_get_echo_skb() side so the order of operations does not\nmatter.\n\nAn earlier fix commit 3d3c817c3a40 (\"can: xilinx_can: Fix usage of skb\nmemory\") did not move the can_put_echo_skb() call far enough.\n\n[mkl: add \"commit\" in front of sha1 in patch description]\n[mkl: fix indention]", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 3, "cbl-mariner": 3, "nvd": 3, "photon": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39873", "https://git.kernel.org/linus/ef79f00be72bd81d2e1e6f060d83cf7e425deee4 (6.17-rc6)", "https://git.kernel.org/stable/c/1139321161a3ba5e45e61e0738b37f42f20bc57a", "https://git.kernel.org/stable/c/668cc1e3bb21101d074e430de1b7ba8fd10189e7", "https://git.kernel.org/stable/c/725b33deebd6e4c96fe7893f384510a54258f28f", "https://git.kernel.org/stable/c/94b050726288a56a6b8ff55aa641f2fedbd3b44c", "https://git.kernel.org/stable/c/e202ffd9e54538ef67ec301ebd6d9da4823466c9", "https://git.kernel.org/stable/c/ef79f00be72bd81d2e1e6f060d83cf7e425deee4", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025092300-CVE-2025-39873-94d3@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39873", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-39873" ], "PublishedDate": "2025-09-23T06:15:46.67Z", "LastModifiedDate": "2026-01-20T20:33:41.183Z" }, { "VulnerabilityID": "CVE-2025-39876", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39876", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e2f66e0b22aa6417fcf7d65f19ae0650b6996fdca42a92c090054e706e1fed49", "Title": "kernel: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable()\n\nThe function of_phy_find_device may return NULL, so we need to take\ncare before dereferencing phy_dev.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "nvd": 2, "photon": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39876", "https://git.kernel.org/linus/03e79de4608bdd48ad6eec272e196124cefaf798 (6.17-rc6)", "https://git.kernel.org/stable/c/03e79de4608bdd48ad6eec272e196124cefaf798", "https://git.kernel.org/stable/c/20a3433d31c2d2bf70ab0abec75f3136b42ae66c", "https://git.kernel.org/stable/c/4fe53aaa4271a72fe5fe3e88a45ce01646b68dc5", "https://git.kernel.org/stable/c/5f1bb554a131e59b28482abad21f691390651752", "https://git.kernel.org/stable/c/8c60d12bba14dc655d2d948b1dbf390b3ae39cb8", "https://git.kernel.org/stable/c/93a699d6e92cfdfa9eb9dbb8c653b5322542ca4f", "https://git.kernel.org/stable/c/eb148d85e126c47d65be34f2a465d69432ca5541", "https://git.kernel.org/stable/c/fe78891f296ac05bf4e5295c9829ef822f3c32e7", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025092300-CVE-2025-39876-3d4a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39876", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-39876" ], "PublishedDate": "2025-09-23T06:15:47.087Z", "LastModifiedDate": "2026-01-20T20:33:01.007Z" }, { "VulnerabilityID": "CVE-2025-39877", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39877", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:cb79b027229ec2be75f0d50724847eb11744d91e1bf2571c73c4ac6ead3f3bdb", "Title": "kernel: mm/damon/sysfs: fix use-after-free in state_show()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/sysfs: fix use-after-free in state_show()\n\nstate_show() reads kdamond-\u003edamon_ctx without holding damon_sysfs_lock. \nThis allows a use-after-free race:\n\nCPU 0 CPU 1\n----- -----\nstate_show() damon_sysfs_turn_damon_on()\nctx = kdamond-\u003edamon_ctx; mutex_lock(\u0026damon_sysfs_lock);\n damon_destroy_ctx(kdamond-\u003edamon_ctx);\n kdamond-\u003edamon_ctx = NULL;\n mutex_unlock(\u0026damon_sysfs_lock);\ndamon_is_running(ctx); /* ctx is freed */\nmutex_lock(\u0026ctx-\u003ekdamond_lock); /* UAF */\n\n(The race can also occur with damon_sysfs_kdamonds_rm_dirs() and\ndamon_sysfs_kdamond_release(), which free or replace the context under\ndamon_sysfs_lock.)\n\nFix by taking damon_sysfs_lock before dereferencing the context, mirroring\nthe locking used in pid_show().\n\nThe bug has existed since state_show() first accessed kdamond-\u003edamon_ctx.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39877", "https://git.kernel.org/linus/3260a3f0828e06f5f13fac69fb1999a6d60d9cff (6.17-rc6)", "https://git.kernel.org/stable/c/26d29b2ac87a2989071755f9828ebf839b560d4c", "https://git.kernel.org/stable/c/3260a3f0828e06f5f13fac69fb1999a6d60d9cff", "https://git.kernel.org/stable/c/3858c44341ad49dc7544b19cc9f9ecffaa7cc50e", "https://git.kernel.org/stable/c/4e87f461d61959647464a94d11ae15c011be58ce", "https://git.kernel.org/stable/c/60d7a3d2b985a395318faa1d88da6915fad11c19", "https://linux.oracle.com/cve/CVE-2025-39877.html", "https://linux.oracle.com/errata/ELSA-2025-25754.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025092301-CVE-2025-39877-1244@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39877", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39877" ], "PublishedDate": "2025-09-23T06:15:47.23Z", "LastModifiedDate": "2026-01-20T20:29:36.387Z" }, { "VulnerabilityID": "CVE-2025-39880", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39880", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c8281cdfd313bf0b2ca55c493604e0049b48115a95cb52800a45400880cf8ee2", "Title": "kernel: libceph: fix invalid accesses to ceph_connection_v1_info", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: fix invalid accesses to ceph_connection_v1_info\n\nThere is a place where generic code in messenger.c is reading and\nanother place where it is writing to con-\u003ev1 union member without\nchecking that the union member is active (i.e. msgr1 is in use).\n\nOn 64-bit systems, con-\u003ev1.auth_retry overlaps with con-\u003ev2.out_iter,\nso such a read is almost guaranteed to return a bogus value instead of\n0 when msgr2 is in use. This ends up being fairly benign because the\nside effect is just the invalidation of the authorizer and successive\nfetching of new tickets.\n\ncon-\u003ev1.connect_seq overlaps with con-\u003ev2.conn_bufs and the fact that\nit's being written to can cause more serious consequences, but luckily\nit's not something that happens often.", "Severity": "MEDIUM", "CweIDs": [ "CWE-704" ], "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39880", "https://git.kernel.org/linus/cdbc9836c7afadad68f374791738f118263c5371 (6.17-rc6)", "https://git.kernel.org/stable/c/23538cfbeed87159a5ac6c61e7a6de3d8d4486a8", "https://git.kernel.org/stable/c/35dbbc3dbf8bccb2d77c68444f42c1e6d2d27983", "https://git.kernel.org/stable/c/591ea9c30737663a471b2bb07b27ddde86b020d5", "https://git.kernel.org/stable/c/6bd8b56899be0b514945f639a89ccafb8f8dfaef", "https://git.kernel.org/stable/c/cdbc9836c7afadad68f374791738f118263c5371", "https://git.kernel.org/stable/c/ea12ab684f8ae8a6da11a22c78d94a79e2163096", "https://linux.oracle.com/cve/CVE-2025-39880.html", "https://linux.oracle.com/errata/ELSA-2025-28048.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025092301-CVE-2025-39880-17c5@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39880", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-39880" ], "PublishedDate": "2025-09-23T06:15:47.663Z", "LastModifiedDate": "2026-01-20T20:27:54.1Z" }, { "VulnerabilityID": "CVE-2025-39883", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39883", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0db8f8b2dd5501e3da8ce8e3b8ca2a49a346718f45bf6d892b23a73e3fef4662", "Title": "kernel: mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory\n\nWhen I did memory failure tests, below panic occurs:\n\npage dumped because: VM_BUG_ON_PAGE(PagePoisoned(page))\nkernel BUG at include/linux/page-flags.h:616!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 3 PID: 720 Comm: bash Not tainted 6.10.0-rc1-00195-g148743902568 #40\nRIP: 0010:unpoison_memory+0x2f3/0x590\nRSP: 0018:ffffa57fc8787d60 EFLAGS: 00000246\nRAX: 0000000000000037 RBX: 0000000000000009 RCX: ffff9be25fcdc9c8\nRDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff9be25fcdc9c0\nRBP: 0000000000300000 R08: ffffffffb4956f88 R09: 0000000000009ffb\nR10: 0000000000000284 R11: ffffffffb4926fa0 R12: ffffe6b00c000000\nR13: ffff9bdb453dfd00 R14: 0000000000000000 R15: fffffffffffffffe\nFS: 00007f08f04e4740(0000) GS:ffff9be25fcc0000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000564787a30410 CR3: 000000010d4e2000 CR4: 00000000000006f0\nCall Trace:\n \u003cTASK\u003e\n unpoison_memory+0x2f3/0x590\n simple_attr_write_xsigned.constprop.0.isra.0+0xb3/0x110\n debugfs_attr_write+0x42/0x60\n full_proxy_write+0x5b/0x80\n vfs_write+0xd5/0x540\n ksys_write+0x64/0xe0\n do_syscall_64+0xb9/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f08f0314887\nRSP: 002b:00007ffece710078 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 0000000000000009 RCX: 00007f08f0314887\nRDX: 0000000000000009 RSI: 0000564787a30410 RDI: 0000000000000001\nRBP: 0000564787a30410 R08: 000000000000fefe R09: 000000007fffffff\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009\nR13: 00007f08f041b780 R14: 00007f08f0417600 R15: 00007f08f0416a00\n \u003c/TASK\u003e\nModules linked in: hwpoison_inject\n---[ end trace 0000000000000000 ]---\nRIP: 0010:unpoison_memory+0x2f3/0x590\nRSP: 0018:ffffa57fc8787d60 EFLAGS: 00000246\nRAX: 0000000000000037 RBX: 0000000000000009 RCX: ffff9be25fcdc9c8\nRDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff9be25fcdc9c0\nRBP: 0000000000300000 R08: ffffffffb4956f88 R09: 0000000000009ffb\nR10: 0000000000000284 R11: ffffffffb4926fa0 R12: ffffe6b00c000000\nR13: ffff9bdb453dfd00 R14: 0000000000000000 R15: fffffffffffffffe\nFS: 00007f08f04e4740(0000) GS:ffff9be25fcc0000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000564787a30410 CR3: 000000010d4e2000 CR4: 00000000000006f0\nKernel panic - not syncing: Fatal exception\nKernel Offset: 0x31c00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)\n---[ end Kernel panic - not syncing: Fatal exception ]---\n\nThe root cause is that unpoison_memory() tries to check the PG_HWPoison\nflags of an uninitialized page. So VM_BUG_ON_PAGE(PagePoisoned(page)) is\ntriggered. This can be reproduced by below steps:\n\n1.Offline memory block:\n\n echo offline \u003e /sys/devices/system/memory/memory12/state\n\n2.Get offlined memory pfn:\n\n page-types -b n -rlN\n\n3.Write pfn to unpoison-pfn\n\n echo \u003cpfn\u003e \u003e /sys/kernel/debug/hwpoison/unpoison-pfn\n\nThis scenario can be identified by pfn_to_online_page() returning NULL. \nAnd ZONE_DEVICE pages are never expected, so we can simply fail if\npfn_to_online_page() == NULL to fix the bug.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 1, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:0445", "https://access.redhat.com/security/cve/CVE-2025-39883", "https://bugzilla.redhat.com/2395807", "https://bugzilla.redhat.com/2396936", "https://bugzilla.redhat.com/2397553", "https://bugzilla.redhat.com/2418832", "https://bugzilla.redhat.com/show_bug.cgi?id=2395807", "https://bugzilla.redhat.com/show_bug.cgi?id=2396936", "https://bugzilla.redhat.com/show_bug.cgi?id=2397553", "https://bugzilla.redhat.com/show_bug.cgi?id=2418832", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39806", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39840", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39883", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40240", "https://errata.almalinux.org/9/ALSA-2026-0445.html", "https://errata.rockylinux.org/RLSA-2026:0445", "https://git.kernel.org/linus/d613f53c83ec47089c4e25859d5e8e0359f6f8da (6.17-rc6)", "https://git.kernel.org/stable/c/3d278e89c2ea62b1aaa4b0d8a9766a35b3a3164a", "https://git.kernel.org/stable/c/63a327a2375a8ce7a47dec5aaa4d8a9ae0a00b96", "https://git.kernel.org/stable/c/7618fd443aa4cfa553a64cacf5721581653ee7b0", "https://git.kernel.org/stable/c/8e01ea186a52c90694c08a9ff57bea1b0e78256a", "https://git.kernel.org/stable/c/99f7048957f5ae3cee1c01189147e73a9a96de02", "https://git.kernel.org/stable/c/d613f53c83ec47089c4e25859d5e8e0359f6f8da", "https://git.kernel.org/stable/c/e4ec6def5643a1c9511115b3884eb879572294c6", "https://git.kernel.org/stable/c/fb65803ccff37cf9123c50c1c02efd1ed73c4ed5", "https://linux.oracle.com/cve/CVE-2025-39883.html", "https://linux.oracle.com/errata/ELSA-2026-0445.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025092302-CVE-2025-39883-6015@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39883", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-39883" ], "PublishedDate": "2025-09-23T06:15:48.087Z", "LastModifiedDate": "2026-01-16T19:26:44.733Z" }, { "VulnerabilityID": "CVE-2025-39884", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39884", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:cb1f6c701f7db943f8f9986780ac605789ab45e92496530a1270b1e41d722169", "Title": "kernel: btrfs: fix subvolume deletion lockup caused by inodes xarray race", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix subvolume deletion lockup caused by inodes xarray race\n\nThere is a race condition between inode eviction and inode caching that\ncan cause a live struct btrfs_inode to be missing from the root-\u003einodes\nxarray. Specifically, there is a window during evict() between the inode\nbeing unhashed and deleted from the xarray. If btrfs_iget() is called\nfor the same inode in that window, it will be recreated and inserted\ninto the xarray, but then eviction will delete the new entry, leaving\nnothing in the xarray:\n\nThread 1 Thread 2\n---------------------------------------------------------------\nevict()\n remove_inode_hash()\n btrfs_iget_path()\n btrfs_iget_locked()\n btrfs_read_locked_inode()\n btrfs_add_inode_to_root()\n destroy_inode()\n btrfs_destroy_inode()\n btrfs_del_inode_from_root()\n __xa_erase\n\nIn turn, this can cause issues for subvolume deletion. Specifically, if\nan inode is in this lost state, and all other inodes are evicted, then\nbtrfs_del_inode_from_root() will call btrfs_add_dead_root() prematurely.\nIf the lost inode has a delayed_node attached to it, then when\nbtrfs_clean_one_deleted_snapshot() calls btrfs_kill_all_delayed_nodes(),\nit will loop forever because the delayed_nodes xarray will never become\nempty (unless memory pressure forces the inode out). We saw this\nmanifest as soft lockups in production.\n\nFix it by only deleting the xarray entry if it matches the given inode\n(using __xa_cmpxchg()).", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39884", "https://git.kernel.org/linus/f6a6c280059c4ddc23e12e3de1b01098e240036f (6.17-rc6)", "https://git.kernel.org/stable/c/9ba898c9fcbe6ebb88bcd4df8aab0f90090d202e", "https://git.kernel.org/stable/c/f1498abaf74f8d7b1e7001f16ed77818d8ae6a59", "https://git.kernel.org/stable/c/f6a6c280059c4ddc23e12e3de1b01098e240036f", "https://linux.oracle.com/cve/CVE-2025-39884.html", "https://linux.oracle.com/errata/ELSA-2025-25754.html", "https://lore.kernel.org/linux-cve-announce/2025092302-CVE-2025-39884-1503@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39884", "https://www.cve.org/CVERecord?id=CVE-2025-39884" ], "PublishedDate": "2025-09-23T06:15:48.227Z", "LastModifiedDate": "2026-01-14T20:16:10.78Z" }, { "VulnerabilityID": "CVE-2025-39885", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39885", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:db4ea31c25954d30532cf1a7e1b7901e51bb8e1d2b7f72af8a96c84918c745b9", "Title": "kernel: ocfs2: fix recursive semaphore deadlock in fiemap call", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix recursive semaphore deadlock in fiemap call\n\nsyzbot detected a OCFS2 hang due to a recursive semaphore on a\nFS_IOC_FIEMAP of the extent list on a specially crafted mmap file.\n\ncontext_switch kernel/sched/core.c:5357 [inline]\n __schedule+0x1798/0x4cc0 kernel/sched/core.c:6961\n __schedule_loop kernel/sched/core.c:7043 [inline]\n schedule+0x165/0x360 kernel/sched/core.c:7058\n schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7115\n rwsem_down_write_slowpath+0x872/0xfe0 kernel/locking/rwsem.c:1185\n __down_write_common kernel/locking/rwsem.c:1317 [inline]\n __down_write kernel/locking/rwsem.c:1326 [inline]\n down_write+0x1ab/0x1f0 kernel/locking/rwsem.c:1591\n ocfs2_page_mkwrite+0x2ff/0xc40 fs/ocfs2/mmap.c:142\n do_page_mkwrite+0x14d/0x310 mm/memory.c:3361\n wp_page_shared mm/memory.c:3762 [inline]\n do_wp_page+0x268d/0x5800 mm/memory.c:3981\n handle_pte_fault mm/memory.c:6068 [inline]\n __handle_mm_fault+0x1033/0x5440 mm/memory.c:6195\n handle_mm_fault+0x40a/0x8e0 mm/memory.c:6364\n do_user_addr_fault+0x764/0x1390 arch/x86/mm/fault.c:1387\n handle_page_fault arch/x86/mm/fault.c:1476 [inline]\n exc_page_fault+0x76/0xf0 arch/x86/mm/fault.c:1532\n asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623\nRIP: 0010:copy_user_generic arch/x86/include/asm/uaccess_64.h:126 [inline]\nRIP: 0010:raw_copy_to_user arch/x86/include/asm/uaccess_64.h:147 [inline]\nRIP: 0010:_inline_copy_to_user include/linux/uaccess.h:197 [inline]\nRIP: 0010:_copy_to_user+0x85/0xb0 lib/usercopy.c:26\nCode: e8 00 bc f7 fc 4d 39 fc 72 3d 4d 39 ec 77 38 e8 91 b9 f7 fc 4c 89\nf7 89 de e8 47 25 5b fd 0f 01 cb 4c 89 ff 48 89 d9 4c 89 f6 \u003cf3\u003e a4 0f\n1f 00 48 89 cb 0f 01 ca 48 89 d8 5b 41 5c 41 5d 41 5e 41\nRSP: 0018:ffffc9000403f950 EFLAGS: 00050256\nRAX: ffffffff84c7f101 RBX: 0000000000000038 RCX: 0000000000000038\nRDX: 0000000000000000 RSI: ffffc9000403f9e0 RDI: 0000200000000060\nRBP: ffffc9000403fa90 R08: ffffc9000403fa17 R09: 1ffff92000807f42\nR10: dffffc0000000000 R11: fffff52000807f43 R12: 0000200000000098\nR13: 00007ffffffff000 R14: ffffc9000403f9e0 R15: 0000200000000060\n copy_to_user include/linux/uaccess.h:225 [inline]\n fiemap_fill_next_extent+0x1c0/0x390 fs/ioctl.c:145\n ocfs2_fiemap+0x888/0xc90 fs/ocfs2/extent_map.c:806\n ioctl_fiemap fs/ioctl.c:220 [inline]\n do_vfs_ioctl+0x1173/0x1430 fs/ioctl.c:532\n __do_sys_ioctl fs/ioctl.c:596 [inline]\n __se_sys_ioctl+0x82/0x170 fs/ioctl.c:584\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f5f13850fd9\nRSP: 002b:00007ffe3b3518b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 0000200000000000 RCX: 00007f5f13850fd9\nRDX: 0000200000000040 RSI: 00000000c020660b RDI: 0000000000000004\nRBP: 6165627472616568 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe3b3518f0\nR13: 00007ffe3b351b18 R14: 431bde82d7b634db R15: 00007f5f1389a03b\n\nocfs2_fiemap() takes a read lock of the ip_alloc_sem semaphore (since\nv2.6.22-527-g7307de80510a) and calls fiemap_fill_next_extent() to read the\nextent list of this running mmap executable. The user supplied buffer to\nhold the fiemap information page faults calling ocfs2_page_mkwrite() which\nwill take a write lock (since v2.6.27-38-g00dc417fa3e7) of the same\nsemaphore. This recursive semaphore will hold filesystem locks and causes\na hang of the fileystem.\n\nThe ip_alloc_sem protects the inode extent list and size. Release the\nread semphore before calling fiemap_fill_next_extent() in ocfs2_fiemap()\nand ocfs2_fiemap_inline(). This does an unnecessary semaphore lock/unlock\non the last extent but simplifies the error path.", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "photon": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39885", "https://git.kernel.org/linus/04100f775c2ea501927f508f17ad824ad1f23c8d (6.17-rc6)", "https://git.kernel.org/stable/c/04100f775c2ea501927f508f17ad824ad1f23c8d", "https://git.kernel.org/stable/c/0709bc11b942870fc0a7be150e42aea42321093a", "https://git.kernel.org/stable/c/16e518ca84dfe860c20a62f3615e14e8af0ace57", "https://git.kernel.org/stable/c/1d3c96547ee2ddeaddf8f19a3ef99ea06cc8115e", "https://git.kernel.org/stable/c/36054554772f95d090eb45793faf6aa3c0254b02", "https://git.kernel.org/stable/c/7e1514bd44ef68007703c752c99ff7319f35bce6", "https://git.kernel.org/stable/c/9efcb7a8b97310efed995397941a292cf89fa94f", "https://git.kernel.org/stable/c/ef30404980e4c832ef9bba1b10c08f67fa77a9ec", "https://linux.oracle.com/cve/CVE-2025-39885.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025092302-CVE-2025-39885-7e13@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39885", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-39885" ], "PublishedDate": "2025-09-23T06:15:48.37Z", "LastModifiedDate": "2026-01-16T19:29:02.18Z" }, { "VulnerabilityID": "CVE-2025-39886", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39886", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:01be1cfb37a622560b570c96fca6cbd11f1220d58d1a3574f4862e030391392c", "Title": "kernel: bpf: Tell memcg to use allow_spinning=false path in bpf_timer_init()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Tell memcg to use allow_spinning=false path in bpf_timer_init()\n\nCurrently, calling bpf_map_kmalloc_node() from __bpf_async_init() can\ncause various locking issues; see the following stack trace (edited for\nstyle) as one example:\n\n...\n [10.011566] do_raw_spin_lock.cold\n [10.011570] try_to_wake_up (5) double-acquiring the same\n [10.011575] kick_pool rq_lock, causing a hardlockup\n [10.011579] __queue_work\n [10.011582] queue_work_on\n [10.011585] kernfs_notify\n [10.011589] cgroup_file_notify\n [10.011593] try_charge_memcg (4) memcg accounting raises an\n [10.011597] obj_cgroup_charge_pages MEMCG_MAX event\n [10.011599] obj_cgroup_charge_account\n [10.011600] __memcg_slab_post_alloc_hook\n [10.011603] __kmalloc_node_noprof\n...\n [10.011611] bpf_map_kmalloc_node\n [10.011612] __bpf_async_init\n [10.011615] bpf_timer_init (3) BPF calls bpf_timer_init()\n [10.011617] bpf_prog_xxxxxxxxxxxxxxxx_fcg_runnable\n [10.011619] bpf__sched_ext_ops_runnable\n [10.011620] enqueue_task_scx (2) BPF runs with rq_lock held\n [10.011622] enqueue_task\n [10.011626] ttwu_do_activate\n [10.011629] sched_ttwu_pending (1) grabs rq_lock\n...\n\nThe above was reproduced on bpf-next (b338cf849ec8) by modifying\n./tools/sched_ext/scx_flatcg.bpf.c to call bpf_timer_init() during\nops.runnable(), and hacking the memcg accounting code a bit to make\na bpf_timer_init() call more likely to raise an MEMCG_MAX event.\n\nWe have also run into other similar variants (both internally and on\nbpf-next), including double-acquiring cgroup_file_kn_lock, the same\nworker_pool::lock, etc.\n\nAs suggested by Shakeel, fix this by using __GFP_HIGH instead of\nGFP_ATOMIC in __bpf_async_init(), so that e.g. if try_charge_memcg()\nraises an MEMCG_MAX event, we call __memcg_memory_event() with\n@allow_spinning=false and avoid calling cgroup_file_notify() there.\n\nDepends on mm patch\n\"memcg: skip cgroup_file_notify if spinning is not allowed\":\nhttps://lore.kernel.org/bpf/20250905201606.66198-1-shakeel.butt@linux.dev/\n\nv0 approach s/bpf_map_kmalloc_node/bpf_mem_alloc/\nhttps://lore.kernel.org/bpf/20250905061919.439648-1-yepeilin@google.com/\nv1 approach:\nhttps://lore.kernel.org/bpf/20250905234547.862249-1-yepeilin@google.com/", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39886", "https://git.kernel.org/linus/6d78b4473cdb08b74662355a9e8510bde09c511e (6.17-rc6)", "https://git.kernel.org/stable/c/449682e76f32601f211816d3e2100bed87e67a4c", "https://git.kernel.org/stable/c/6d78b4473cdb08b74662355a9e8510bde09c511e", "https://git.kernel.org/stable/c/ac70cd446f83ccb25532b343919ab86eacdcd06a", "https://git.kernel.org/stable/c/cd1fd26bb13473c1734e3026b2b97025a0a4087b", "https://linux.oracle.com/cve/CVE-2025-39886.html", "https://linux.oracle.com/errata/ELSA-2025-25754.html", "https://lore.kernel.org/linux-cve-announce/2025092302-CVE-2025-39886-4bea@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39886", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39886" ], "PublishedDate": "2025-09-23T06:15:48.68Z", "LastModifiedDate": "2026-01-14T20:16:10.937Z" }, { "VulnerabilityID": "CVE-2025-39901", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39901", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:33f2e582e0c33746eb86068c57dbb8385a70885a424b6c58c6dea4f6bc42110f", "Title": "kernel: i40e: remove read access to debugfs files", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: remove read access to debugfs files\n\nThe 'command' and 'netdev_ops' debugfs files are a legacy debugging\ninterface supported by the i40e driver since its early days by commit\n02e9c290814c (\"i40e: debugfs interface\").\n\nBoth of these debugfs files provide a read handler which is mostly useless,\nand which is implemented with questionable logic. They both use a static\n256 byte buffer which is initialized to the empty string. In the case of\nthe 'command' file this buffer is literally never used and simply wastes\nspace. In the case of the 'netdev_ops' file, the last command written is\nsaved here.\n\nOn read, the files contents are presented as the name of the device\nfollowed by a colon and then the contents of their respective static\nbuffer. For 'command' this will always be \"\u003cdevice\u003e: \". For 'netdev_ops',\nthis will be \"\u003cdevice\u003e: \u003clast command written\u003e\". But note the buffer is\nshared between all devices operated by this module. At best, it is mostly\nmeaningless information, and at worse it could be accessed simultaneously\nas there doesn't appear to be any locking mechanism.\n\nWe have also recently received multiple reports for both read functions\nabout their use of snprintf and potential overflow that could result in\nreading arbitrary kernel memory. For the 'command' file, this is definitely\nimpossible, since the static buffer is always zero and never written to.\nFor the 'netdev_ops' file, it does appear to be possible, if the user\ncarefully crafts the command input, it will be copied into the buffer,\nwhich could be large enough to cause snprintf to truncate, which then\ncauses the copy_to_user to read beyond the length of the buffer allocated\nby kzalloc.\n\nA minimal fix would be to replace snprintf() with scnprintf() which would\ncap the return to the number of bytes written, preventing an overflow. A\nmore involved fix would be to drop the mostly useless static buffers,\nsaving 512 bytes and modifying the read functions to stop needing those as\ninput.\n\nInstead, lets just completely drop the read access to these files. These\nare debug interfaces exposed as part of debugfs, and I don't believe that\ndropping read access will break any script, as the provided output is\npretty useless. You can find the netdev name through other more standard\ninterfaces, and the 'netdev_ops' interface can easily result in garbage if\nyou issue simultaneous writes to multiple devices at once.\n\nIn order to properly remove the i40e_dbg_netdev_ops_buf, we need to\nrefactor its write function to avoid using the static buffer. Instead, use\nthe same logic as the i40e_dbg_command_write, with an allocated buffer.\nUpdate the code to use this instead of the static buffer, and ensure we\nfree the buffer on exit. This fixes simultaneous writes to 'netdev_ops' on\nmultiple devices, and allows us to remove the now unused static buffer\nalong with removing the read access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39901", "https://git.kernel.org/linus/9fcdb1c3c4ba134434694c001dbff343f1ffa319 (6.17-rc5)", "https://git.kernel.org/stable/c/70d3dad7d5ad077965d7a63eed1942b7ba49bfb4", "https://git.kernel.org/stable/c/7d190963b80f4cd99d7008615600aa7cc993c6ba", "https://git.kernel.org/stable/c/9fcdb1c3c4ba134434694c001dbff343f1ffa319", "https://linux.oracle.com/cve/CVE-2025-39901.html", "https://linux.oracle.com/errata/ELSA-2025-25754.html", "https://lore.kernel.org/linux-cve-announce/2025100117-CVE-2025-39901-d6f4@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39901", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39901" ], "PublishedDate": "2025-10-01T08:15:32.86Z", "LastModifiedDate": "2026-01-14T20:16:12.697Z" }, { "VulnerabilityID": "CVE-2025-39905", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39905", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4077d9fba6e337679cf5f83bac7805b6dea92b3eb7e9866840a0c6d415bdb87d", "Title": "kernel: net: phylink: add lock for serializing concurrent pl-\u003ephydev writes with resolver", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phylink: add lock for serializing concurrent pl-\u003ephydev writes with resolver\n\nCurrently phylink_resolve() protects itself against concurrent\nphylink_bringup_phy() or phylink_disconnect_phy() calls which modify\npl-\u003ephydev by relying on pl-\u003estate_mutex.\n\nThe problem is that in phylink_resolve(), pl-\u003estate_mutex is in a lock\ninversion state with pl-\u003ephydev-\u003elock. So pl-\u003ephydev-\u003elock needs to be\nacquired prior to pl-\u003estate_mutex. But that requires dereferencing\npl-\u003ephydev in the first place, and without pl-\u003estate_mutex, that is\nracy.\n\nHence the reason for the extra lock. Currently it is redundant, but it\nwill serve a functional purpose once mutex_lock(\u0026phy-\u003elock) will be\nmoved outside of the mutex_lock(\u0026pl-\u003estate_mutex) section.\n\nAnother alternative considered would have been to let phylink_resolve()\nacquire the rtnl_mutex, which is also held when phylink_bringup_phy()\nand phylink_disconnect_phy() are called. But since phylink_disconnect_phy()\nruns under rtnl_lock(), it would deadlock with phylink_resolve() when\ncalling flush_work(\u0026pl-\u003eresolve). Additionally, it would have been\nundesirable because it would have unnecessarily blocked many other call\npaths as well in the entire kernel, so the smaller-scoped lock was\npreferred.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "alma": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:0453", "https://access.redhat.com/security/cve/CVE-2025-39905", "https://bugzilla.redhat.com/2395807", "https://bugzilla.redhat.com/2396936", "https://bugzilla.redhat.com/2396941", "https://bugzilla.redhat.com/2400611", "https://bugzilla.redhat.com/2404107", "https://bugzilla.redhat.com/2414524", "https://bugzilla.redhat.com/2418832", "https://bugzilla.redhat.com/2419954", "https://bugzilla.redhat.com/2422788", "https://bugzilla.redhat.com/show_bug.cgi?id=2395807", "https://bugzilla.redhat.com/show_bug.cgi?id=2396936", "https://bugzilla.redhat.com/show_bug.cgi?id=2396941", "https://bugzilla.redhat.com/show_bug.cgi?id=2400611", "https://bugzilla.redhat.com/show_bug.cgi?id=2404107", "https://bugzilla.redhat.com/show_bug.cgi?id=2414524", "https://bugzilla.redhat.com/show_bug.cgi?id=2418832", "https://bugzilla.redhat.com/show_bug.cgi?id=2419954", "https://bugzilla.redhat.com/show_bug.cgi?id=2422788", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39806", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39840", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39843", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39905", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39966", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40176", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40240", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40277", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68287", "https://errata.almalinux.org/10/ALSA-2026-0453.html", "https://errata.rockylinux.org/RLSA-2026:0453", "https://git.kernel.org/linus/0ba5b2f2c381dbec9ed9e4ab3ae5d3e667de0dc3 (6.17-rc6)", "https://git.kernel.org/stable/c/0ba5b2f2c381dbec9ed9e4ab3ae5d3e667de0dc3", "https://git.kernel.org/stable/c/56fe63b05ec84ae6674269d78397cec43a7a295a", "https://linux.oracle.com/cve/CVE-2025-39905.html", "https://linux.oracle.com/errata/ELSA-2026-0453.html", "https://lore.kernel.org/linux-cve-announce/2025100108-CVE-2025-39905-157f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39905", "https://www.cve.org/CVERecord?id=CVE-2025-39905" ], "PublishedDate": "2025-10-01T08:15:33.37Z", "LastModifiedDate": "2026-01-14T20:16:13.19Z" }, { "VulnerabilityID": "CVE-2025-39907", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39907", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2c8a4f8c5c5550ce3a2107563f5c6d328667c8701a08b6cd948b4f03cae5ef77", "Title": "kernel: mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer\n\nAvoid below overlapping mappings by using a contiguous\nnon-cacheable buffer.\n\n[ 4.077708] DMA-API: stm32_fmc2_nfc 48810000.nand-controller: cacheline tracking EEXIST,\noverlapping mappings aren't supported\n[ 4.089103] WARNING: CPU: 1 PID: 44 at kernel/dma/debug.c:568 add_dma_entry+0x23c/0x300\n[ 4.097071] Modules linked in:\n[ 4.100101] CPU: 1 PID: 44 Comm: kworker/u4:2 Not tainted 6.1.82 #1\n[ 4.106346] Hardware name: STMicroelectronics STM32MP257F VALID1 SNOR / MB1704 (LPDDR4 Power discrete) + MB1703 + MB1708 (SNOR MB1730) (DT)\n[ 4.118824] Workqueue: events_unbound deferred_probe_work_func\n[ 4.124674] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 4.131624] pc : add_dma_entry+0x23c/0x300\n[ 4.135658] lr : add_dma_entry+0x23c/0x300\n[ 4.139792] sp : ffff800009dbb490\n[ 4.143016] x29: ffff800009dbb4a0 x28: 0000000004008022 x27: ffff8000098a6000\n[ 4.150174] x26: 0000000000000000 x25: ffff8000099e7000 x24: ffff8000099e7de8\n[ 4.157231] x23: 00000000ffffffff x22: 0000000000000000 x21: ffff8000098a6a20\n[ 4.164388] x20: ffff000080964180 x19: ffff800009819ba0 x18: 0000000000000006\n[ 4.171545] x17: 6361727420656e69 x16: 6c6568636163203a x15: 72656c6c6f72746e\n[ 4.178602] x14: 6f632d646e616e2e x13: ffff800009832f58 x12: 00000000000004ec\n[ 4.185759] x11: 00000000000001a4 x10: ffff80000988af58 x9 : ffff800009832f58\n[ 4.192916] x8 : 00000000ffffefff x7 : ffff80000988af58 x6 : 80000000fffff000\n[ 4.199972] x5 : 000000000000bff4 x4 : 0000000000000000 x3 : 0000000000000000\n[ 4.207128] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0000812d2c40\n[ 4.214185] Call trace:\n[ 4.216605] add_dma_entry+0x23c/0x300\n[ 4.220338] debug_dma_map_sg+0x198/0x350\n[ 4.224373] __dma_map_sg_attrs+0xa0/0x110\n[ 4.228411] dma_map_sg_attrs+0x10/0x2c\n[ 4.232247] stm32_fmc2_nfc_xfer.isra.0+0x1c8/0x3fc\n[ 4.237088] stm32_fmc2_nfc_seq_read_page+0xc8/0x174\n[ 4.242127] nand_read_oob+0x1d4/0x8e0\n[ 4.245861] mtd_read_oob_std+0x58/0x84\n[ 4.249596] mtd_read_oob+0x90/0x150\n[ 4.253231] mtd_read+0x68/0xac", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "photon": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39907", "https://git.kernel.org/linus/513c40e59d5a414ab763a9c84797534b5e8c208d (6.17-rc6)", "https://git.kernel.org/stable/c/06d8ef8f853752fea88c8d5bb093a40e71b330cf", "https://git.kernel.org/stable/c/26adba1e7d7924174e15a3ba4b1132990786300b", "https://git.kernel.org/stable/c/513c40e59d5a414ab763a9c84797534b5e8c208d", "https://git.kernel.org/stable/c/75686c49574dd5f171ca682c18717787f1d8d55e", "https://git.kernel.org/stable/c/dc1c6e60993b93b87604eb11266ac72e1a3be9e0", "https://git.kernel.org/stable/c/dfe2ac47a6ee0ab50393694517c54ef1e276dda3", "https://git.kernel.org/stable/c/e32a2ea52b51368774d014e5bcd9b86110a2b727", "https://git.kernel.org/stable/c/f6fd98d961fa6f97347cead4f08ed862cbbb91ff", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025100109-CVE-2025-39907-73b1@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39907", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-39907" ], "PublishedDate": "2025-10-01T08:15:33.603Z", "LastModifiedDate": "2026-01-16T19:31:03.467Z" }, { "VulnerabilityID": "CVE-2025-39908", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39908", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:39974357cb0694441d969ec0530bedda77e42b17674aaa9a8b7bc5dbb7625ab9", "Title": "kernel: net: dev_ioctl: take ops lock in hwtstamp lower paths", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dev_ioctl: take ops lock in hwtstamp lower paths\n\nndo hwtstamp callbacks are expected to run under the per-device ops\nlock. Make the lower get/set paths consistent with the rest of ndo\ninvocations.\n\nKernel log:\nWARNING: CPU: 13 PID: 51364 at ./include/net/netdev_lock.h:70 __netdev_update_features+0x4bd/0xe60\n...\nRIP: 0010:__netdev_update_features+0x4bd/0xe60\n...\nCall Trace:\n\u003cTASK\u003e\nnetdev_update_features+0x1f/0x60\nmlx5_hwtstamp_set+0x181/0x290 [mlx5_core]\nmlx5e_hwtstamp_set+0x19/0x30 [mlx5_core]\ndev_set_hwtstamp_phylib+0x9f/0x220\ndev_set_hwtstamp_phylib+0x9f/0x220\ndev_set_hwtstamp+0x13d/0x240\ndev_ioctl+0x12f/0x4b0\nsock_ioctl+0x171/0x370\n__x64_sys_ioctl+0x3f7/0x900\n? __sys_setsockopt+0x69/0xb0\ndo_syscall_64+0x6f/0x2e0\nentry_SYSCALL_64_after_hwframe+0x4b/0x53\n...\n\u003c/TASK\u003e\n....\n---[ end trace 0000000000000000 ]---\n\nNote that the mlx5_hwtstamp_set and mlx5e_hwtstamp_set functions shown\nin the trace come from an in progress patch converting the legacy ioctl\nto ndo_hwtstamp_get/set and are not present in mainline.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39908", "https://git.kernel.org/linus/686cab5a18e443e1d5f2abb17bed45837836425f (6.17-rc6)", "https://git.kernel.org/stable/c/2d92fa0cdc02291de57f72170e8b60cef0cf5372", "https://git.kernel.org/stable/c/686cab5a18e443e1d5f2abb17bed45837836425f", "https://lore.kernel.org/linux-cve-announce/2025100109-CVE-2025-39908-5d27@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39908", "https://www.cve.org/CVERecord?id=CVE-2025-39908" ], "PublishedDate": "2025-10-01T08:15:33.727Z", "LastModifiedDate": "2026-01-14T18:16:39.383Z" }, { "VulnerabilityID": "CVE-2025-39911", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39911", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6541e6c757da3ad0c4766593122d3fd299889eefc412f56d55b8501931d3ab5c", "Title": "kernel: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path\n\nIf request_irq() in i40e_vsi_request_irq_msix() fails in an iteration\nlater than the first, the error path wants to free the IRQs requested\nso far. However, it uses the wrong dev_id argument for free_irq(), so\nit does not free the IRQs correctly and instead triggers the warning:\n\n Trying to free already-free IRQ 173\n WARNING: CPU: 25 PID: 1091 at kernel/irq/manage.c:1829 __free_irq+0x192/0x2c0\n Modules linked in: i40e(+) [...]\n CPU: 25 UID: 0 PID: 1091 Comm: NetworkManager Not tainted 6.17.0-rc1+ #1 PREEMPT(lazy)\n Hardware name: [...]\n RIP: 0010:__free_irq+0x192/0x2c0\n [...]\n Call Trace:\n \u003cTASK\u003e\n free_irq+0x32/0x70\n i40e_vsi_request_irq_msix.cold+0x63/0x8b [i40e]\n i40e_vsi_request_irq+0x79/0x80 [i40e]\n i40e_vsi_open+0x21f/0x2f0 [i40e]\n i40e_open+0x63/0x130 [i40e]\n __dev_open+0xfc/0x210\n __dev_change_flags+0x1fc/0x240\n netif_change_flags+0x27/0x70\n do_setlink.isra.0+0x341/0xc70\n rtnl_newlink+0x468/0x860\n rtnetlink_rcv_msg+0x375/0x450\n netlink_rcv_skb+0x5c/0x110\n netlink_unicast+0x288/0x3c0\n netlink_sendmsg+0x20d/0x430\n ____sys_sendmsg+0x3a2/0x3d0\n ___sys_sendmsg+0x99/0xe0\n __sys_sendmsg+0x8a/0xf0\n do_syscall_64+0x82/0x2c0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [...]\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---\n\nUse the same dev_id for free_irq() as for request_irq().\n\nI tested this with inserting code to fail intentionally.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 1, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 6.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39911", "https://git.kernel.org/linus/915470e1b44e71d1dd07ee067276f003c3521ee3 (6.17-rc6)", "https://git.kernel.org/stable/c/13ab9adef3cd386511c930a9660ae06595007f89", "https://git.kernel.org/stable/c/23431998a37764c464737b855c71a81d50992e98", "https://git.kernel.org/stable/c/6e4016c0dca53afc71e3b99e24252b63417395df", "https://git.kernel.org/stable/c/915470e1b44e71d1dd07ee067276f003c3521ee3", "https://git.kernel.org/stable/c/a30afd6617c30aaa338d1dbcb1e34e7a1890085c", "https://git.kernel.org/stable/c/b905b2acb3a0bbb08ad9be9984d8cdabdf827315", "https://git.kernel.org/stable/c/b9721a023df38cf44a88f2739b4cf51efd051f85", "https://git.kernel.org/stable/c/c62580674ce5feb1be4f90b5873ff3ce50e0a1db", "https://linux.oracle.com/cve/CVE-2025-39911.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025100110-CVE-2025-39911-5646@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39911", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-39911" ], "PublishedDate": "2025-10-01T08:15:34.14Z", "LastModifiedDate": "2026-01-16T19:37:09.06Z" }, { "VulnerabilityID": "CVE-2025-39913", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39913", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e95c543f72c33f2537218070be0d051a82789530d0b01995943f0b4c2b166a97", "Title": "kernel: tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock-\u003ecork", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock-\u003ecork.\n\nsyzbot reported the splat below. [0]\n\nThe repro does the following:\n\n 1. Load a sk_msg prog that calls bpf_msg_cork_bytes(msg, cork_bytes)\n 2. Attach the prog to a SOCKMAP\n 3. Add a socket to the SOCKMAP\n 4. Activate fault injection\n 5. Send data less than cork_bytes\n\nAt 5., the data is carried over to the next sendmsg() as it is\nsmaller than the cork_bytes specified by bpf_msg_cork_bytes().\n\nThen, tcp_bpf_send_verdict() tries to allocate psock-\u003ecork to hold\nthe data, but this fails silently due to fault injection + __GFP_NOWARN.\n\nIf the allocation fails, we need to revert the sk-\u003esk_forward_alloc\nchange done by sk_msg_alloc().\n\nLet's call sk_msg_free() when tcp_bpf_send_verdict fails to allocate\npsock-\u003ecork.\n\nThe \"*copied\" also needs to be updated such that a proper error can\nbe returned to the caller, sendmsg. It fails to allocate psock-\u003ecork.\nNothing has been corked so far, so this patch simply sets \"*copied\"\nto 0.\n\n[0]:\nWARNING: net/ipv4/af_inet.c:156 at inet_sock_destruct+0x623/0x730 net/ipv4/af_inet.c:156, CPU#1: syz-executor/5983\nModules linked in:\nCPU: 1 UID: 0 PID: 5983 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025\nRIP: 0010:inet_sock_destruct+0x623/0x730 net/ipv4/af_inet.c:156\nCode: 0f 0b 90 e9 62 fe ff ff e8 7a db b5 f7 90 0f 0b 90 e9 95 fe ff ff e8 6c db b5 f7 90 0f 0b 90 e9 bb fe ff ff e8 5e db b5 f7 90 \u003c0f\u003e 0b 90 e9 e1 fe ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 9f fc\nRSP: 0018:ffffc90000a08b48 EFLAGS: 00010246\nRAX: ffffffff8a09d0b2 RBX: dffffc0000000000 RCX: ffff888024a23c80\nRDX: 0000000000000100 RSI: 0000000000000fff RDI: 0000000000000000\nRBP: 0000000000000fff R08: ffff88807e07c627 R09: 1ffff1100fc0f8c4\nR10: dffffc0000000000 R11: ffffed100fc0f8c5 R12: ffff88807e07c380\nR13: dffffc0000000000 R14: ffff88807e07c60c R15: 1ffff1100fc0f872\nFS: 00005555604c4500(0000) GS:ffff888125af1000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00005555604df5c8 CR3: 0000000032b06000 CR4: 00000000003526f0\nCall Trace:\n \u003cIRQ\u003e\n __sk_destruct+0x86/0x660 net/core/sock.c:2339\n rcu_do_batch kernel/rcu/tree.c:2605 [inline]\n rcu_core+0xca8/0x1770 kernel/rcu/tree.c:2861\n handle_softirqs+0x286/0x870 kernel/softirq.c:579\n __do_softirq kernel/softirq.c:613 [inline]\n invoke_softirq kernel/softirq.c:453 [inline]\n __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:696\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1052 [inline]\n sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1052\n \u003c/IRQ\u003e", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 2, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39913", "https://git.kernel.org/linus/a3967baad4d533dc254c31e0d221e51c8d223d58 (6.17-rc6)", "https://git.kernel.org/stable/c/05366527f44cf4b884f3d9462ae8009be9665856", "https://git.kernel.org/stable/c/08f58d10f5abf11d297cc910754922498c921f91", "https://git.kernel.org/stable/c/539920180c55f5e13a2488a2339f94e6b8cb69e0", "https://git.kernel.org/stable/c/66bcb04a441fbf15d66834b7e3eefb313dd750c8", "https://git.kernel.org/stable/c/7429b8b9bfbc276fd304fbaebc405f46b421fedf", "https://git.kernel.org/stable/c/9c2a6456bdf9794474460d885c359b6c4522d6e3", "https://git.kernel.org/stable/c/a3967baad4d533dc254c31e0d221e51c8d223d58", "https://git.kernel.org/stable/c/de89e58368f8f07df005ecc1c86ad94898a999f2", "https://linux.oracle.com/cve/CVE-2025-39913.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025100111-CVE-2025-39913-f166@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39913", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-39913" ], "PublishedDate": "2025-10-01T08:15:34.39Z", "LastModifiedDate": "2026-01-16T19:48:30.623Z" }, { "VulnerabilityID": "CVE-2025-39923", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39923", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:19f3b3877f121c4ac81c8efc36f39e3517135b8c655d7a5a0609e015790887b5", "Title": "kernel: dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees\n\nWhen we don't have a clock specified in the device tree, we have no way to\nensure the BAM is on. This is often the case for remotely-controlled or\nremotely-powered BAM instances. In this case, we need to read num-channels\nfrom the DT to have all the necessary information to complete probing.\n\nHowever, at the moment invalid device trees without clock and without\nnum-channels still continue probing, because the error handling is missing\nreturn statements. The driver will then later try to read the number of\nchannels from the registers. This is unsafe, because it relies on boot\nfirmware and lucky timing to succeed. Unfortunately, the lack of proper\nerror handling here has been abused for several Qualcomm SoCs upstream,\ncausing early boot crashes in several situations [1, 2].\n\nAvoid these early crashes by erroring out when any of the required DT\nproperties are missing. Note that this will break some of the existing DTs\nupstream (mainly BAM instances related to the crypto engine). However,\nclearly these DTs have never been tested properly, since the error in the\nkernel log was just ignored. It's safer to disable the crypto engine for\nthese broken DTBs.\n\n[1]: https://lore.kernel.org/r/CY01EKQVWE36.B9X5TDXAREPF@fairphone.com/\n[2]: https://lore.kernel.org/r/20230626145959.646747-1-krzysztof.kozlowski@linaro.org/", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39923", "https://git.kernel.org/linus/5068b5254812433e841a40886e695633148d362d (6.17-rc6)", "https://git.kernel.org/stable/c/0ff9df758af7022d749718fb6b8385cc5693acf3", "https://git.kernel.org/stable/c/1d98ba204d8a6db0d986c7f1aefaa0dcd1c007a2", "https://git.kernel.org/stable/c/1fc14731f0be4885e60702b9596d14d9a79cf053", "https://git.kernel.org/stable/c/2e257a6125c63350f00dc42b9674f20fd3cf4a9f", "https://git.kernel.org/stable/c/5068b5254812433e841a40886e695633148d362d", "https://git.kernel.org/stable/c/555bd16351a35c79efb029a196975a5a27f7fbc4", "https://git.kernel.org/stable/c/6ac1599d0e78036d9d08efc2f58c2d91f0a3ee4c", "https://git.kernel.org/stable/c/ebf6c7c908e5999531c3517289598f187776124f", "https://linux.oracle.com/cve/CVE-2025-39923.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "https://lore.kernel.org/linux-cve-announce/2025100122-CVE-2025-39923-6775@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39923", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-39923" ], "PublishedDate": "2025-10-01T08:15:35.61Z", "LastModifiedDate": "2026-01-20T15:45:52.24Z" }, { "VulnerabilityID": "CVE-2025-39925", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39925", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a56d0f3901f5b1359d343697e511c6ebdacefce254c2167964e1de80cb48d3f4", "Title": "kernel: can: j1939: implement NETDEV_UNREGISTER notification handler", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: j1939: implement NETDEV_UNREGISTER notification handler\n\nsyzbot is reporting\n\n unregister_netdevice: waiting for vcan0 to become free. Usage count = 2\n\nproblem, for j1939 protocol did not have NETDEV_UNREGISTER notification\nhandler for undoing changes made by j1939_sk_bind().\n\nCommit 25fe97cb7620 (\"can: j1939: move j1939_priv_put() into sk_destruct\ncallback\") expects that a call to j1939_priv_put() can be unconditionally\ndelayed until j1939_sk_sock_destruct() is called. But we need to call\nj1939_priv_put() against an extra ref held by j1939_sk_bind() call\n(as a part of undoing changes made by j1939_sk_bind()) as soon as\nNETDEV_UNREGISTER notification fires (i.e. before j1939_sk_sock_destruct()\nis called via j1939_sk_release()). Otherwise, the extra ref on \"struct\nj1939_priv\" held by j1939_sk_bind() call prevents \"struct net_device\" from\ndropping the usage count to 1; making it impossible for\nunregister_netdevice() to continue.\n\n[mkl: remove space in front of label]", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "nvd": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 4.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:22865", "https://access.redhat.com/security/cve/CVE-2025-39925", "https://bugzilla.redhat.com/2400629", "https://bugzilla.redhat.com/2404109", "https://bugzilla.redhat.com/show_bug.cgi?id=2400629", "https://bugzilla.redhat.com/show_bug.cgi?id=2404109", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39925", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39979", "https://errata.almalinux.org/9/ALSA-2025-22865.html", "https://errata.rockylinux.org/RLSA-2025:22865", "https://git.kernel.org/linus/7fcbe5b2c6a4b5407bf2241fdb71e0a390f6ab9a (6.17-rc6)", "https://git.kernel.org/stable/c/7fcbe5b2c6a4b5407bf2241fdb71e0a390f6ab9a", "https://git.kernel.org/stable/c/da9e8f429139928570407e8f90559b5d46c20262", "https://linux.oracle.com/cve/CVE-2025-39925.html", "https://linux.oracle.com/errata/ELSA-2025-22865.html", "https://lore.kernel.org/linux-cve-announce/2025100124-CVE-2025-39925-bcec@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39925", "https://www.cve.org/CVERecord?id=CVE-2025-39925" ], "PublishedDate": "2025-10-01T08:15:35.857Z", "LastModifiedDate": "2026-01-14T18:16:40.93Z" }, { "VulnerabilityID": "CVE-2025-39927", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39927", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d3dc0c9b403822ed59c665cb60d0405f923a9f0bdca10fe7ea280857c791a3ec", "Title": "kernel: ceph: fix race condition validating r_parent before applying state", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: fix race condition validating r_parent before applying state\n\nAdd validation to ensure the cached parent directory inode matches the\ndirectory info in MDS replies. This prevents client-side race conditions\nwhere concurrent operations (e.g. rename) cause r_parent to become stale\nbetween request initiation and reply processing, which could lead to\napplying state changes to incorrect directory inodes.\n\n[ idryomov: folded a kerneldoc fixup and a follow-up fix from Alex to\n move CEPH_CAP_PIN reference when r_parent is updated:\n\n When the parent directory lock is not held, req-\u003er_parent can become\n stale and is updated to point to the correct inode. However, the\n associated CEPH_CAP_PIN reference was not being adjusted. The\n CEPH_CAP_PIN is a reference on an inode that is tracked for\n accounting purposes. Moving this pin is important to keep the\n accounting balanced. When the pin was not moved from the old parent\n to the new one, it created two problems: The reference on the old,\n stale parent was never released, causing a reference leak.\n A reference for the new parent was never acquired, creating the risk\n of a reference underflow later in ceph_mdsc_release_request(). This\n patch corrects the logic by releasing the pin from the old parent and\n acquiring it for the new parent when r_parent is switched. This\n ensures reference accounting stays balanced. ]", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39927", "https://git.kernel.org/linus/15f519e9f883b316d86e2bb6b767a023aafd9d83 (6.17-rc6)", "https://git.kernel.org/stable/c/15f519e9f883b316d86e2bb6b767a023aafd9d83", "https://git.kernel.org/stable/c/2bfe45987eb346e299d9f763f9cd05f77011519f", "https://git.kernel.org/stable/c/db378e6f83ec705c6091c65d482d555edc2b0a72", "https://linux.oracle.com/cve/CVE-2025-39927.html", "https://linux.oracle.com/errata/ELSA-2025-25754.html", "https://lore.kernel.org/linux-cve-announce/2025100125-CVE-2025-39927-5a57@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39927", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39927" ], "PublishedDate": "2025-10-01T08:15:36.097Z", "LastModifiedDate": "2026-01-14T18:16:41.223Z" }, { "VulnerabilityID": "CVE-2025-39929", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39929", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6b04c58a6effcbdfb3c13765e56f2b40d6caee51367f4adf418abb08dcec6033", "Title": "kernel: Linux kernel: Denial of Service due to memory leak in SMB client", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path\n\nDuring tests of another unrelated patch I was able to trigger this\nerror: Objects remaining on __kmem_cache_shutdown()", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39929", "https://git.kernel.org/linus/daac51c7032036a0ca5f1aa419ad1b0471d1c6e0 (6.17-rc7)", "https://git.kernel.org/stable/c/0991418bf98f191d0c320bd25245fcffa1998c7e", "https://git.kernel.org/stable/c/3d7c075c878ac844e33c43e506c2fa27ac7e9689", "https://git.kernel.org/stable/c/922338efaad63cfe30d459dfc59f9d69ff93ded4", "https://git.kernel.org/stable/c/daac51c7032036a0ca5f1aa419ad1b0471d1c6e0", "https://git.kernel.org/stable/c/e7b7a93879558e77d950f1ff9a6f3daa385b33df", "https://linux.oracle.com/cve/CVE-2025-39929.html", "https://linux.oracle.com/errata/ELSA-2025-25754.html", "https://lore.kernel.org/linux-cve-announce/2025100414-CVE-2025-39929-4308@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39929", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39929" ], "PublishedDate": "2025-10-04T08:15:44.62Z", "LastModifiedDate": "2026-03-25T00:50:47.31Z" }, { "VulnerabilityID": "CVE-2025-39931", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39931", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b44f1b0207cdc5252551366021474890def22d50f169cb85009b7b5e967233ee", "Title": "kernel: crypto: af_alg - Set merge to zero early in af_alg_sendmsg", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - Set merge to zero early in af_alg_sendmsg\n\nIf an error causes af_alg_sendmsg to abort, ctx-\u003emerge may contain\na garbage value from the previous loop. This may then trigger a\ncrash on the next entry into af_alg_sendmsg when it attempts to do\na merge that can't be done.\n\nFix this by setting ctx-\u003emerge to zero near the start of the loop.", "Severity": "MEDIUM", "CweIDs": [ "CWE-908" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39931", "https://git.kernel.org/linus/9574b2330dbd2b5459b74d3b5e9619d39299fc6f (6.17-rc7)", "https://git.kernel.org/stable/c/045ee26aa3920a47ec46d7fcb302420bf01fd753", "https://git.kernel.org/stable/c/2374c11189ef704a3e4863646369f1b8e6a27d71", "https://git.kernel.org/stable/c/24c1106504c625fabd3b7229611af617b4c27ac7", "https://git.kernel.org/stable/c/6241b9e2809b12da9130894cf5beddf088dc1b8a", "https://git.kernel.org/stable/c/9574b2330dbd2b5459b74d3b5e9619d39299fc6f", "https://linux.oracle.com/cve/CVE-2025-39931.html", "https://linux.oracle.com/errata/ELSA-2025-25754.html", "https://lore.kernel.org/linux-cve-announce/2025100416-CVE-2025-39931-8ff7@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39931", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39931" ], "PublishedDate": "2025-10-04T08:15:45.827Z", "LastModifiedDate": "2026-03-25T00:48:46.52Z" }, { "VulnerabilityID": "CVE-2025-39932", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39932", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:84627e81481e39134598b95ab2a4a96c188533614f70b03b266eba549d737480", "Title": "kernel: smb: client: let smbd_destroy() call disable_work_sync(\u0026#38;info-\u003epost_send_credits_work)", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: let smbd_destroy() call disable_work_sync(\u0026info-\u003epost_send_credits_work)\n\nIn smbd_destroy() we may destroy the memory so we better\nwait until post_send_credits_work is no longer pending\nand will never be started again.\n\nI actually just hit the case using rxe:\n\nWARNING: CPU: 0 PID: 138 at drivers/infiniband/sw/rxe/rxe_verbs.c:1032 rxe_post_recv+0x1ee/0x480 [rdma_rxe]\n...\n[ 5305.686979] [ T138] smbd_post_recv+0x445/0xc10 [cifs]\n[ 5305.687135] [ T138] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 5305.687149] [ T138] ? __kasan_check_write+0x14/0x30\n[ 5305.687185] [ T138] ? __pfx_smbd_post_recv+0x10/0x10 [cifs]\n[ 5305.687329] [ T138] ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n[ 5305.687356] [ T138] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 5305.687368] [ T138] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 5305.687378] [ T138] ? _raw_spin_unlock_irqrestore+0x11/0x60\n[ 5305.687389] [ T138] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 5305.687399] [ T138] ? get_receive_buffer+0x168/0x210 [cifs]\n[ 5305.687555] [ T138] smbd_post_send_credits+0x382/0x4b0 [cifs]\n[ 5305.687701] [ T138] ? __pfx_smbd_post_send_credits+0x10/0x10 [cifs]\n[ 5305.687855] [ T138] ? __pfx___schedule+0x10/0x10\n[ 5305.687865] [ T138] ? __pfx__raw_spin_lock_irq+0x10/0x10\n[ 5305.687875] [ T138] ? queue_delayed_work_on+0x8e/0xa0\n[ 5305.687889] [ T138] process_one_work+0x629/0xf80\n[ 5305.687908] [ T138] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 5305.687917] [ T138] ? __kasan_check_write+0x14/0x30\n[ 5305.687933] [ T138] worker_thread+0x87f/0x1570\n...\n\nIt means rxe_post_recv was called after rdma_destroy_qp().\nThis happened because put_receive_buffer() was triggered\nby ib_drain_qp() and called:\nqueue_work(info-\u003eworkqueue, \u0026info-\u003epost_send_credits_work);", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39932", "https://git.kernel.org/linus/d9dcbbcf9145b68aa85c40947311a6907277e097 (6.17-rc7)", "https://git.kernel.org/stable/c/3fabb1236f2e3ad78d531be0a4ad9f4a4ccdda87", "https://git.kernel.org/stable/c/6ae90a2baf923e85eb037b636aa641250bf4220f", "https://git.kernel.org/stable/c/d9dcbbcf9145b68aa85c40947311a6907277e097", "https://linux.oracle.com/cve/CVE-2025-39932.html", "https://linux.oracle.com/errata/ELSA-2025-25754.html", "https://lore.kernel.org/linux-cve-announce/2025100416-CVE-2025-39932-bdaf@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39932", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39932" ], "PublishedDate": "2025-10-04T08:15:45.953Z", "LastModifiedDate": "2026-03-25T00:49:03.097Z" }, { "VulnerabilityID": "CVE-2025-39933", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39933", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4591ccfff7e5e8f90844d9fbfbd551f004506669c99045b466a4ce7a90eaa609", "Title": "kernel: smb: client: let recv_done verify data_offset, data_length and remaining_data_length", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: let recv_done verify data_offset, data_length and remaining_data_length\n\nThis is inspired by the related server fixes.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 3, "nvd": 2, "oracle-oval": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:0793", "https://access.redhat.com/security/cve/CVE-2025-39933", "https://bugzilla.redhat.com/2393157", "https://bugzilla.redhat.com/2401432", "https://bugzilla.redhat.com/2419954", "https://bugzilla.redhat.com/2422788", "https://bugzilla.redhat.com/2422801", "https://bugzilla.redhat.com/show_bug.cgi?id=2393157", "https://bugzilla.redhat.com/show_bug.cgi?id=2401432", "https://bugzilla.redhat.com/show_bug.cgi?id=2419954", "https://bugzilla.redhat.com/show_bug.cgi?id=2422788", "https://bugzilla.redhat.com/show_bug.cgi?id=2422801", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38703", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39933", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40277", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68285", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68287", "https://errata.almalinux.org/9/ALSA-2026-0793.html", "https://errata.rockylinux.org/RLSA-2026:0793", "https://git.kernel.org/linus/f57e53ea252363234f86674db475839e5b87102e (6.17-rc7)", "https://git.kernel.org/stable/c/581fb78e0388b78911b0c920e4073737090c8b5f", "https://git.kernel.org/stable/c/f57e53ea252363234f86674db475839e5b87102e", "https://linux.oracle.com/cve/CVE-2025-39933.html", "https://linux.oracle.com/errata/ELSA-2026-2282.html", "https://lore.kernel.org/linux-cve-announce/2025100417-CVE-2025-39933-e224@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39933", "https://www.cve.org/CVERecord?id=CVE-2025-39933" ], "PublishedDate": "2025-10-04T08:15:46.09Z", "LastModifiedDate": "2026-03-25T00:51:25.6Z" }, { "VulnerabilityID": "CVE-2025-39934", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39934", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1a2d67251db86ae5eb7687cbb4a3b71f0eb604b30eaaa6634f0d53610977f283", "Title": "kernel: drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: bridge: anx7625: Fix NULL pointer dereference with early IRQ\n\nIf the interrupt occurs before resource initialization is complete, the\ninterrupt handler/worker may access uninitialized data such as the I2C\ntcpc_client device, potentially leading to NULL pointer dereference.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "photon": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39934", "https://git.kernel.org/linus/a10f910c77f280327b481e77eab909934ec508f0 (6.17-rc7)", "https://git.kernel.org/stable/c/0da73f7827691a5e2265b110d5fe12f29535ec92", "https://git.kernel.org/stable/c/15a77e1ab0a994d69b471c76b8d01117128dda26", "https://git.kernel.org/stable/c/1a7ea294d57fb61485d11b3f2241d631d73025cb", "https://git.kernel.org/stable/c/51a501e990a353a4f15da6bab295b28e5d118f64", "https://git.kernel.org/stable/c/a10f910c77f280327b481e77eab909934ec508f0", "https://git.kernel.org/stable/c/f9a089d0a6d537d0f2061c8a37a7de535ce0310e", "https://lore.kernel.org/linux-cve-announce/2025100417-CVE-2025-39934-4c48@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39934", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-39934" ], "PublishedDate": "2025-10-04T08:15:46.21Z", "LastModifiedDate": "2026-01-23T20:33:55.853Z" }, { "VulnerabilityID": "CVE-2025-39937", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39937", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3898b7931dcb05beed1af9f196d0b3629a73289e5369356884fae277f1fc0caa", "Title": "kernel: net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer\n\nSince commit 7d5e9737efda (\"net: rfkill: gpio: get the name and type from\ndevice property\") rfkill_find_type() gets called with the possibly\nuninitialized \"const char *type_name;\" local variable.\n\nOn x86 systems when rfkill-gpio binds to a \"BCM4752\" or \"LNV4752\"\nacpi_device, the rfkill-\u003etype is set based on the ACPI acpi_device_id:\n\n rfkill-\u003etype = (unsigned)id-\u003edriver_data;\n\nand there is no \"type\" property so device_property_read_string() will fail\nand leave type_name uninitialized, leading to a potential crash.\n\nrfkill_find_type() does accept a NULL pointer, fix the potential crash\nby initializing type_name to NULL.\n\nNote likely sofar this has not been caught because:\n\n1. Not many x86 machines actually have a \"BCM4752\"/\"LNV4752\" acpi_device\n2. The stack happened to contain NULL where type_name is stored", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39937", "https://git.kernel.org/linus/b6f56a44e4c1014b08859dcf04ed246500e310e5 (6.17-rc7)", "https://git.kernel.org/stable/c/184f608a68f96794e8fe58cd5535014d53622cde", "https://git.kernel.org/stable/c/21a39b958b4bcf44f7674bfbbe1bbb8cad0d842d", "https://git.kernel.org/stable/c/21ba85d9d508422ca9e6698463ff9357c928c22d", "https://git.kernel.org/stable/c/47ade5f9d70b23a119ec20b1c6504864b2543a79", "https://git.kernel.org/stable/c/689aee35ce671aab752f159e5c8e66d7685e6887", "https://git.kernel.org/stable/c/8793e7a8e1b60131a825457174ed6398111daeb7", "https://git.kernel.org/stable/c/ada2282259243387e6b6e89239aeb4897e62f051", "https://git.kernel.org/stable/c/b6f56a44e4c1014b08859dcf04ed246500e310e5", "https://lore.kernel.org/linux-cve-announce/2025100418-CVE-2025-39937-c8f7@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39937", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-39937" ], "PublishedDate": "2025-10-04T08:15:46.593Z", "LastModifiedDate": "2026-03-25T00:46:04.75Z" }, { "VulnerabilityID": "CVE-2025-39940", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39940", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:644955f03364c2e95c3391cf2070ae82ba82c216de65e3a0e23d9082dcf8fada", "Title": "kernel: Linux kernel: Denial of Service via integer overflow in dm-stripe", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-stripe: fix a possible integer overflow\n\nThere's a possible integer overflow in stripe_io_hints if we have too\nlarge chunk size. Test if the overflow happened, and if it did, don't set\nlimits-\u003eio_min and limits-\u003eio_opt;", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 6.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39940", "https://git.kernel.org/linus/1071d560afb4c245c2076494226df47db5a35708 (6.17-rc7)", "https://git.kernel.org/stable/c/1071d560afb4c245c2076494226df47db5a35708", "https://git.kernel.org/stable/c/ee27658c239b27721397f3e4eb16370b5cce596e", "https://git.kernel.org/stable/c/f8f64254bca5ae58f3b679441962bda4c409f659", "https://linux.oracle.com/cve/CVE-2025-39940.html", "https://linux.oracle.com/errata/ELSA-2025-25754.html", "https://lore.kernel.org/linux-cve-announce/2025100418-CVE-2025-39940-6097@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39940", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39940" ], "PublishedDate": "2025-10-04T08:15:46.973Z", "LastModifiedDate": "2026-01-23T20:35:34.493Z" }, { "VulnerabilityID": "CVE-2025-39942", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39942", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f5fe124cc0b4e3fbb134292896f2ce916c3fecd8f7239699a279b32230097daf", "Title": "kernel: ksmbd: smbdirect: verify remaining_data_length respects max_fragmented_recv_size", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: smbdirect: verify remaining_data_length respects max_fragmented_recv_size\n\nThis is inspired by the check for data_offset + data_length.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "photon": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39942", "https://git.kernel.org/linus/e1868ba37fd27c6a68e31565402b154beaa65df0 (6.17-rc7)", "https://git.kernel.org/stable/c/196a3a7676d726ee67621ea2bf3b7815ac2685b4", "https://git.kernel.org/stable/c/9644798294c7287e65a7b26e35aa6d2ce3345bcc", "https://git.kernel.org/stable/c/c64b915bb3d9339adcae5db4be2c35ffbef5e615", "https://git.kernel.org/stable/c/d3cb3f209d35c44b7ee74f77ed27ebb28995b9ce", "https://git.kernel.org/stable/c/e1868ba37fd27c6a68e31565402b154beaa65df0", "https://lore.kernel.org/linux-cve-announce/2025100419-CVE-2025-39942-0297@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39942", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39942" ], "PublishedDate": "2025-10-04T08:15:47.23Z", "LastModifiedDate": "2026-03-25T00:45:27.51Z" }, { "VulnerabilityID": "CVE-2025-39943", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39943", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:fc93a83d94479e6dbc72c316d6e0f742708b9e145a4420b1dfb8fa0b2c9fa6de", "Title": "kernel: ksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transfer", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transfer\n\nIf data_offset and data_length of smb_direct_data_transfer struct are\ninvalid, out of bounds issue could happen.\nThis patch validate data_offset and data_length field in recv_done.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "nvd": 3, "photon": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39943", "https://git.kernel.org/linus/5282491fc49d5614ac6ddcd012e5743eecb6a67c (6.17-rc7)", "https://git.kernel.org/stable/c/5282491fc49d5614ac6ddcd012e5743eecb6a67c", "https://git.kernel.org/stable/c/529b121b00a6ee3c88fb3c01b443b2b81f686d48", "https://git.kernel.org/stable/c/773fddf976d282ef059c36c575ddb81567acd6bc", "https://git.kernel.org/stable/c/8be498fcbd5b07272f560b45981d4b9e5a2ad885", "https://git.kernel.org/stable/c/bdaab5c6538e250a9654127e688ecbbeb6f771d5", "https://git.kernel.org/stable/c/eb0378dde086363046ed3d7db7f126fc3f76fd70", "https://lore.kernel.org/linux-cve-announce/2025100419-CVE-2025-39943-f5d8@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39943", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-39943" ], "PublishedDate": "2025-10-04T08:15:47.357Z", "LastModifiedDate": "2026-01-27T19:53:07.183Z" }, { "VulnerabilityID": "CVE-2025-39945", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39945", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1394b650478a70909c737dcff62ed9d6d1a7d468f992721cb60c6bebfed1bff4", "Title": "kernel: cnic: Fix use-after-free bugs in cnic_delete_task", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncnic: Fix use-after-free bugs in cnic_delete_task\n\nThe original code uses cancel_delayed_work() in cnic_cm_stop_bnx2x_hw(),\nwhich does not guarantee that the delayed work item 'delete_task' has\nfully completed if it was already running. Additionally, the delayed work\nitem is cyclic, the flush_workqueue() in cnic_cm_stop_bnx2x_hw() only\nblocks and waits for work items that were already queued to the\nworkqueue prior to its invocation. Any work items submitted after\nflush_workqueue() is called are not included in the set of tasks that the\nflush operation awaits. This means that after the cyclic work items have\nfinished executing, a delayed work item may still exist in the workqueue.\nThis leads to use-after-free scenarios where the cnic_dev is deallocated\nby cnic_free_dev(), while delete_task remains active and attempt to\ndereference cnic_dev in cnic_delete_task().\n\nA typical race condition is illustrated below:\n\nCPU 0 (cleanup) | CPU 1 (delayed work callback)\ncnic_netdev_event() |\n cnic_stop_hw() | cnic_delete_task()\n cnic_cm_stop_bnx2x_hw() | ...\n cancel_delayed_work() | /* the queue_delayed_work()\n flush_workqueue() | executes after flush_workqueue()*/\n | queue_delayed_work()\n cnic_free_dev(dev)//free | cnic_delete_task() //new instance\n | dev = cp-\u003edev; //use\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the cyclic delayed work item is properly canceled and that any\nongoing execution of the work item completes before the cnic_dev is\ndeallocated. Furthermore, since cancel_delayed_work_sync() uses\n__flush_work(work, true) to synchronously wait for any currently\nexecuting instance of the work item to finish, the flush_workqueue()\nbecomes redundant and should be removed.\n\nThis bug was identified through static analysis. To reproduce the issue\nand validate the fix, I simulated the cnic PCI device in QEMU and\nintroduced intentional delays — such as inserting calls to ssleep()\nwithin the cnic_delete_task() function — to increase the likelihood\nof triggering the bug.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39945", "https://git.kernel.org/linus/cfa7d9b1e3a8604afc84e9e51d789c29574fb216 (6.17-rc7)", "https://git.kernel.org/stable/c/0405055930264ea8fd26f4131466fa7652e5e47d", "https://git.kernel.org/stable/c/0627e1481676669cae2df0d85b5ff13e7d24c390", "https://git.kernel.org/stable/c/6e33a7eed587062ca8161ad1f4584882a860d697", "https://git.kernel.org/stable/c/7b6a5b0a6b392263c3767fc945b311ea04b34bbd", "https://git.kernel.org/stable/c/8eeb2091e72d75df8ceaa2172638d61b4cf8929a", "https://git.kernel.org/stable/c/cfa7d9b1e3a8604afc84e9e51d789c29574fb216", "https://git.kernel.org/stable/c/e1fcd4a9c09feac0902a65615e866dbf22616125", "https://git.kernel.org/stable/c/fde6e73189f40ebcf0633aed2b68e731c25f3aa3", "https://linux.oracle.com/cve/CVE-2025-39945.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025100419-CVE-2025-39945-84d4@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39945", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-39945" ], "PublishedDate": "2025-10-04T08:15:47.613Z", "LastModifiedDate": "2026-01-23T20:56:32.72Z" }, { "VulnerabilityID": "CVE-2025-39947", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39947", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0245f5127cbba708d771802a74d16d71a038d59c64b6f33dec6d9a3ed18a40a2", "Title": "kernel: net/mlx5e: Harden uplink netdev access against device unbind", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Harden uplink netdev access against device unbind\n\nThe function mlx5_uplink_netdev_get() gets the uplink netdevice\npointer from mdev-\u003emlx5e_res.uplink_netdev. However, the netdevice can\nbe removed and its pointer cleared when unbound from the mlx5_core.eth\ndriver. This results in a NULL pointer, causing a kernel panic.\n\n BUG: unable to handle page fault for address: 0000000000001300\n at RIP: 0010:mlx5e_vport_rep_load+0x22a/0x270 [mlx5_core]\n Call Trace:\n \u003cTASK\u003e\n mlx5_esw_offloads_rep_load+0x68/0xe0 [mlx5_core]\n esw_offloads_enable+0x593/0x910 [mlx5_core]\n mlx5_eswitch_enable_locked+0x341/0x420 [mlx5_core]\n mlx5_devlink_eswitch_mode_set+0x17e/0x3a0 [mlx5_core]\n devlink_nl_eswitch_set_doit+0x60/0xd0\n genl_family_rcv_msg_doit+0xe0/0x130\n genl_rcv_msg+0x183/0x290\n netlink_rcv_skb+0x4b/0xf0\n genl_rcv+0x24/0x40\n netlink_unicast+0x255/0x380\n netlink_sendmsg+0x1f3/0x420\n __sock_sendmsg+0x38/0x60\n __sys_sendto+0x119/0x180\n do_syscall_64+0x53/0x1d0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nEnsure the pointer is valid before use by checking it for NULL. If it\nis valid, immediately call netdev_hold() to take a reference, and\npreventing the netdevice from being freed while it is in use.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39947", "https://git.kernel.org/linus/6b4be64fd9fec16418f365c2d8e47a7566e9eba5 (6.17-rc7)", "https://git.kernel.org/stable/c/2cb17c88edd3a1c7aa6bc880dcdb35a6866fcb2e", "https://git.kernel.org/stable/c/6b4be64fd9fec16418f365c2d8e47a7566e9eba5", "https://git.kernel.org/stable/c/8df354eb2dd63d111ed5ae2e956e0dbb22bcf93b", "https://git.kernel.org/stable/c/d1f3db4e7a3be29fc17f01850f162363f919370d", "https://linux.oracle.com/cve/CVE-2025-39947.html", "https://linux.oracle.com/errata/ELSA-2025-25754.html", "https://lore.kernel.org/linux-cve-announce/2025100420-CVE-2025-39947-6872@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39947", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39947" ], "PublishedDate": "2025-10-04T08:15:47.867Z", "LastModifiedDate": "2026-01-27T19:47:34.887Z" }, { "VulnerabilityID": "CVE-2025-39949", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39949", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c6c0a014ee9fad15083e309ec1c0a664598a7ee412532c58f1937f0cd35f59a8", "Title": "kernel: qed: Don't collect too many protection override GRC elements", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nqed: Don't collect too many protection override GRC elements\n\nIn the protection override dump path, the firmware can return far too\nmany GRC elements, resulting in attempting to write past the end of the\npreviously-kmalloc'ed dump buffer.\n\nThis will result in a kernel panic with reason:\n\n BUG: unable to handle kernel paging request at ADDRESS\n\nwhere \"ADDRESS\" is just past the end of the protection override dump\nbuffer. The start address of the buffer is:\n p_hwfn-\u003ecdev-\u003edbg_features[DBG_FEATURE_PROTECTION_OVERRIDE].dump_buf\nand the size of the buffer is buf_size in the same data structure.\n\nThe panic can be arrived at from either the qede Ethernet driver path:\n\n [exception RIP: qed_grc_dump_addr_range+0x108]\n qed_protection_override_dump at ffffffffc02662ed [qed]\n qed_dbg_protection_override_dump at ffffffffc0267792 [qed]\n qed_dbg_feature at ffffffffc026aa8f [qed]\n qed_dbg_all_data at ffffffffc026b211 [qed]\n qed_fw_fatal_reporter_dump at ffffffffc027298a [qed]\n devlink_health_do_dump at ffffffff82497f61\n devlink_health_report at ffffffff8249cf29\n qed_report_fatal_error at ffffffffc0272baf [qed]\n qede_sp_task at ffffffffc045ed32 [qede]\n process_one_work at ffffffff81d19783\n\nor the qedf storage driver path:\n\n [exception RIP: qed_grc_dump_addr_range+0x108]\n qed_protection_override_dump at ffffffffc068b2ed [qed]\n qed_dbg_protection_override_dump at ffffffffc068c792 [qed]\n qed_dbg_feature at ffffffffc068fa8f [qed]\n qed_dbg_all_data at ffffffffc0690211 [qed]\n qed_fw_fatal_reporter_dump at ffffffffc069798a [qed]\n devlink_health_do_dump at ffffffff8aa95e51\n devlink_health_report at ffffffff8aa9ae19\n qed_report_fatal_error at ffffffffc0697baf [qed]\n qed_hw_err_notify at ffffffffc06d32d7 [qed]\n qed_spq_post at ffffffffc06b1011 [qed]\n qed_fcoe_destroy_conn at ffffffffc06b2e91 [qed]\n qedf_cleanup_fcport at ffffffffc05e7597 [qedf]\n qedf_rport_event_handler at ffffffffc05e7bf7 [qedf]\n fc_rport_work at ffffffffc02da715 [libfc]\n process_one_work at ffffffff8a319663\n\nResolve this by clamping the firmware's return value to the maximum\nnumber of legal elements the firmware should return.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39949", "https://git.kernel.org/linus/56c0a2a9ddc2f5b5078c5fb0f81ab76bbc3d4c37 (6.17-rc7)", "https://git.kernel.org/stable/c/25672c620421fa2105703a94a29a03487245e6d6", "https://git.kernel.org/stable/c/56c0a2a9ddc2f5b5078c5fb0f81ab76bbc3d4c37", "https://git.kernel.org/stable/c/660b2a8f5a306a28c7efc1b4990ecc4912a68f87", "https://git.kernel.org/stable/c/70affe82e38fd3dc76b9c68b5a1989f11e7fa0f3", "https://git.kernel.org/stable/c/8141910869596b7a3a5d9b46107da2191d523f82", "https://git.kernel.org/stable/c/e0e24571a7b2f8c8f06e25d3417253ebbdbc8d5c", "https://git.kernel.org/stable/c/ea53e6a47e148b490b1c652fc65d2de5a086df76", "https://linux.oracle.com/cve/CVE-2025-39949.html", "https://linux.oracle.com/errata/ELSA-2025-28048.html", "https://lore.kernel.org/linux-cve-announce/2025100420-CVE-2025-39949-d909@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39949", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-39949" ], "PublishedDate": "2025-10-04T08:15:48.12Z", "LastModifiedDate": "2026-03-25T00:36:02.617Z" }, { "VulnerabilityID": "CVE-2025-39951", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39951", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:915a3dbd9142eb57e07b9b7a5c711b418be96e28a74ca4f789424f7eb3d56211", "Title": "kernel: um: virtio_uml: Fix use-after-free after put_device in probe", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\num: virtio_uml: Fix use-after-free after put_device in probe\n\nWhen register_virtio_device() fails in virtio_uml_probe(),\nthe code sets vu_dev-\u003eregistered = 1 even though\nthe device was not successfully registered.\nThis can lead to use-after-free or other issues.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 3, "photon": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39951", "https://git.kernel.org/linus/7ebf70cf181651fe3f2e44e95e7e5073d594c9c0 (6.17-rc7)", "https://git.kernel.org/stable/c/00e98b5a69034b251bb36dc6e7123d7648e218e4", "https://git.kernel.org/stable/c/14c231959a16ca41bfdcaede72483362a8c645d7", "https://git.kernel.org/stable/c/4f364023ddcfe83f7073b973a9cb98584b7f2a46", "https://git.kernel.org/stable/c/5e94e44c9cb30d7a383d8ac227f24a8c9326b770", "https://git.kernel.org/stable/c/7ebf70cf181651fe3f2e44e95e7e5073d594c9c0", "https://git.kernel.org/stable/c/aaf900a83508c8cd5cdf765e7749f9076196ec7f", "https://git.kernel.org/stable/c/c2ff91255e0157b356cff115d8dc3eeb5162edf2", "https://lore.kernel.org/linux-cve-announce/2025100420-CVE-2025-39951-24b1@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39951", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-39951" ], "PublishedDate": "2025-10-04T08:15:48.38Z", "LastModifiedDate": "2026-01-23T20:03:14.37Z" }, { "VulnerabilityID": "CVE-2025-39952", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39952", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b03445366cd3a78ff8f384e1b06bc4e2c926ea436f9448a871a6d3a020fc5268", "Title": "kernel: wifi: wilc1000: avoid buffer overflow in WID string configuration", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wilc1000: avoid buffer overflow in WID string configuration\n\nFix the following copy overflow warning identified by Smatch checker.\n\n drivers/net/wireless/microchip/wilc1000/wlan_cfg.c:184 wilc_wlan_parse_response_frame()\n error: '__memcpy()' 'cfg-\u003es[i]-\u003estr' copy overflow (512 vs 65537)\n\nThis patch introduces size check before accessing the memory buffer.\nThe checks are base on the WID type of received data from the firmware.\nFor WID string configuration, the size limit is determined by individual\nelement size in 'struct wilc_cfg_str_vals' that is maintained in 'len' field\nof 'struct wilc_cfg_str'.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "nvd": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39952", "https://git.kernel.org/linus/fe9e4d0c39311d0f97b024147a0d155333f388b5 (6.17-rc5)", "https://git.kernel.org/stable/c/2203ef417044b10a8563ade6a17c74183745d72e", "https://git.kernel.org/stable/c/6085291a1a5865d4ad70f0e5812d524ebd5d1711", "https://git.kernel.org/stable/c/ae50f8562306a7ea1cf3c9722f97ee244f974729", "https://git.kernel.org/stable/c/fe9e4d0c39311d0f97b024147a0d155333f388b5", "https://lore.kernel.org/linux-cve-announce/2025100421-CVE-2025-39952-e36c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39952", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39952" ], "PublishedDate": "2025-10-04T08:15:48.507Z", "LastModifiedDate": "2026-01-23T20:02:35.517Z" }, { "VulnerabilityID": "CVE-2025-39953", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39953", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:cdf7271833f9d64028d3e65c13520cc51ff3918a83e516bca35777f19f3ef112", "Title": "kernel: cgroup: split cgroup_destroy_wq into 3 workqueues", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup: split cgroup_destroy_wq into 3 workqueues\n\nA hung task can occur during [1] LTP cgroup testing when repeatedly\nmounting/unmounting perf_event and net_prio controllers with\nsystemd.unified_cgroup_hierarchy=1. The hang manifests in\ncgroup_lock_and_drain_offline() during root destruction.\n\nRelated case:\ncgroup_fj_function_perf_event cgroup_fj_function.sh perf_event\ncgroup_fj_function_net_prio cgroup_fj_function.sh net_prio\n\nCall Trace:\n\tcgroup_lock_and_drain_offline+0x14c/0x1e8\n\tcgroup_destroy_root+0x3c/0x2c0\n\tcss_free_rwork_fn+0x248/0x338\n\tprocess_one_work+0x16c/0x3b8\n\tworker_thread+0x22c/0x3b0\n\tkthread+0xec/0x100\n\tret_from_fork+0x10/0x20\n\nRoot Cause:\n\nCPU0 CPU1\nmount perf_event umount net_prio\ncgroup1_get_tree cgroup_kill_sb\nrebind_subsystems // root destruction enqueues\n\t\t\t\t// cgroup_destroy_wq\n// kill all perf_event css\n // one perf_event css A is dying\n // css A offline enqueues cgroup_destroy_wq\n // root destruction will be executed first\n css_free_rwork_fn\n cgroup_destroy_root\n cgroup_lock_and_drain_offline\n // some perf descendants are dying\n // cgroup_destroy_wq max_active = 1\n // waiting for css A to die\n\nProblem scenario:\n1. CPU0 mounts perf_event (rebind_subsystems)\n2. CPU1 unmounts net_prio (cgroup_kill_sb), queuing root destruction work\n3. A dying perf_event CSS gets queued for offline after root destruction\n4. Root destruction waits for offline completion, but offline work is\n blocked behind root destruction in cgroup_destroy_wq (max_active=1)\n\nSolution:\nSplit cgroup_destroy_wq into three dedicated workqueues:\ncgroup_offline_wq – Handles CSS offline operations\ncgroup_release_wq – Manages resource release\ncgroup_free_wq – Performs final memory deallocation\n\nThis separation eliminates blocking in the CSS free path while waiting for\noffline operations to complete.\n\n[1] https://github.com/linux-test-project/ltp/blob/master/runtest/controllers", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39953", "https://git.kernel.org/linus/79f919a89c9d06816dbdbbd168fa41d27411a7f9 (6.17-rc7)", "https://git.kernel.org/stable/c/05e0b03447cf215ec384210441b34b7a3b16e8b0", "https://git.kernel.org/stable/c/4a1e3ec28e8062cd9f339aa6a942df9c5bcb6811", "https://git.kernel.org/stable/c/79f919a89c9d06816dbdbbd168fa41d27411a7f9", "https://git.kernel.org/stable/c/993049c9b1355c78918344a6403427d53f9ee700", "https://git.kernel.org/stable/c/a0c896bda7077aa5005473e2c5b3c27173313b4c", "https://git.kernel.org/stable/c/cabadd7fd15f97090f752fd22dd7f876a0dc3dc4", "https://git.kernel.org/stable/c/ded4d207a3209a834b6831ceec7f39b934c74802", "https://git.kernel.org/stable/c/f2795d1b92506e3adf52a298f7181032a1525e04", "https://linux.oracle.com/cve/CVE-2025-39953.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025100421-CVE-2025-39953-4ac6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39953", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-39953" ], "PublishedDate": "2025-10-04T08:15:48.627Z", "LastModifiedDate": "2026-01-23T20:01:35.36Z" }, { "VulnerabilityID": "CVE-2025-39955", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39955", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8368e73564dfa49d44675a35b08341a698ed22e3c1a6bdecca46d41b2f261bc5", "Title": "kernel: tcp: Clear tcp_sk(sk)-\u003efastopen_rsk in tcp_disconnect()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Clear tcp_sk(sk)-\u003efastopen_rsk in tcp_disconnect().\n\nsyzbot reported the splat below where a socket had tcp_sk(sk)-\u003efastopen_rsk\nin the TCP_ESTABLISHED state. [0]\n\nsyzbot reused the server-side TCP Fast Open socket as a new client before\nthe TFO socket completes 3WHS:\n\n 1. accept()\n 2. connect(AF_UNSPEC)\n 3. connect() to another destination\n\nAs of accept(), sk-\u003esk_state is TCP_SYN_RECV, and tcp_disconnect() changes\nit to TCP_CLOSE and makes connect() possible, which restarts timers.\n\nSince tcp_disconnect() forgot to clear tcp_sk(sk)-\u003efastopen_rsk, the\nretransmit timer triggered the warning and the intended packet was not\nretransmitted.\n\nLet's call reqsk_fastopen_remove() in tcp_disconnect().\n\n[0]:\nWARNING: CPU: 2 PID: 0 at net/ipv4/tcp_timer.c:542 tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))\nModules linked in:\nCPU: 2 UID: 0 PID: 0 Comm: swapper/2 Not tainted 6.17.0-rc5-g201825fb4278 #62 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nRIP: 0010:tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))\nCode: 41 55 41 54 55 53 48 8b af b8 08 00 00 48 89 fb 48 85 ed 0f 84 55 01 00 00 0f b6 47 12 3c 03 74 0c 0f b6 47 12 3c 04 74 04 90 \u003c0f\u003e 0b 90 48 8b 85 c0 00 00 00 48 89 ef 48 8b 40 30 e8 6a 4f 06 3e\nRSP: 0018:ffffc900002f8d40 EFLAGS: 00010293\nRAX: 0000000000000002 RBX: ffff888106911400 RCX: 0000000000000017\nRDX: 0000000002517619 RSI: ffffffff83764080 RDI: ffff888106911400\nRBP: ffff888106d5c000 R08: 0000000000000001 R09: ffffc900002f8de8\nR10: 00000000000000c2 R11: ffffc900002f8ff8 R12: ffff888106911540\nR13: ffff888106911480 R14: ffff888106911840 R15: ffffc900002f8de0\nFS: 0000000000000000(0000) GS:ffff88907b768000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f8044d69d90 CR3: 0000000002c30003 CR4: 0000000000370ef0\nCall Trace:\n \u003cIRQ\u003e\n tcp_write_timer (net/ipv4/tcp_timer.c:738)\n call_timer_fn (kernel/time/timer.c:1747)\n __run_timers (kernel/time/timer.c:1799 kernel/time/timer.c:2372)\n timer_expire_remote (kernel/time/timer.c:2385 kernel/time/timer.c:2376 kernel/time/timer.c:2135)\n tmigr_handle_remote_up (kernel/time/timer_migration.c:944 kernel/time/timer_migration.c:1035)\n __walk_groups.isra.0 (kernel/time/timer_migration.c:533 (discriminator 1))\n tmigr_handle_remote (kernel/time/timer_migration.c:1096)\n handle_softirqs (./arch/x86/include/asm/jump_label.h:36 ./include/trace/events/irq.h:142 kernel/softirq.c:580)\n irq_exit_rcu (kernel/softirq.c:614 kernel/softirq.c:453 kernel/softirq.c:680 kernel/softirq.c:696)\n sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1050 (discriminator 35) arch/x86/kernel/apic/apic.c:1050 (discriminator 35))\n \u003c/IRQ\u003e", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "cbl-mariner": 2, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "V3Score": 7.6 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:22405", "https://access.redhat.com/security/cve/CVE-2025-39955", "https://bugzilla.redhat.com/2393172", "https://bugzilla.redhat.com/2396934", "https://bugzilla.redhat.com/2400598", "https://bugzilla.redhat.com/2400628", "https://bugzilla.redhat.com/2402699", "https://bugzilla.redhat.com/2404105", "https://bugzilla.redhat.com/2406776", "https://bugzilla.redhat.com/2414741", "https://bugzilla.redhat.com/show_bug.cgi?id=2393172", "https://bugzilla.redhat.com/show_bug.cgi?id=2396934", "https://bugzilla.redhat.com/show_bug.cgi?id=2400598", "https://bugzilla.redhat.com/show_bug.cgi?id=2400628", "https://bugzilla.redhat.com/show_bug.cgi?id=2402699", "https://bugzilla.redhat.com/show_bug.cgi?id=2404105", "https://bugzilla.redhat.com/show_bug.cgi?id=2406776", "https://bugzilla.redhat.com/show_bug.cgi?id=2414741", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39898", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39918", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39955", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39981", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40058", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40185", "https://errata.almalinux.org/9/ALSA-2025-22405.html", "https://errata.rockylinux.org/RLSA-2025:22405", "https://git.kernel.org/stable/c/17d699727577814198d744d6afe54735c6b54c99", "https://git.kernel.org/stable/c/33a4fdf0b4a25f8ce65380c3b0136b407ca57609", "https://git.kernel.org/stable/c/45c8a6cc2bcd780e634a6ba8e46bffbdf1fc5c01", "https://git.kernel.org/stable/c/7ec092a91ff351dcde89c23e795b73a328274db6", "https://git.kernel.org/stable/c/a4378dedd6e07e62f2fccb17d78c9665718763d0", "https://git.kernel.org/stable/c/ae313d14b45eca7a6bb29cb9bf396d977e7d28fb", "https://git.kernel.org/stable/c/dfd06131107e7b699ef1e2a24ed2f7d17c917753", "https://git.kernel.org/stable/c/fa4749c065644af4db496b338452a69a3e5147d9", "https://linux.oracle.com/cve/CVE-2025-39955.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025100942-CVE-2025-39955-f36b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39955", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-39955" ], "PublishedDate": "2025-10-09T10:15:36.22Z", "LastModifiedDate": "2026-02-26T23:10:35.193Z" }, { "VulnerabilityID": "CVE-2025-39957", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39957", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:827a4f64f232f762eabeb2d460f6e778a6fedfe5dbd9e3472dc5f984ace9ed20", "Title": "kernel: wifi: mac80211: increase scan_ies_len for S1G", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: increase scan_ies_len for S1G\n\nCurrently the S1G capability element is not taken into account\nfor the scan_ies_len, which leads to a buffer length validation\nfailure in ieee80211_prep_hw_scan() and subsequent WARN in\n__ieee80211_start_scan(). This prevents hw scanning from functioning.\nTo fix ensure we accommodate for the S1G capability length.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 1, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 4.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39957", "https://git.kernel.org/stable/c/0dbad5f5549e54ac269cc04ce89f212892a98cab", "https://git.kernel.org/stable/c/16c9244a62116fe148f6961753b68e7160799f97", "https://git.kernel.org/stable/c/32adb020b0c32939da1322dcc87fc0ae2bc935d1", "https://git.kernel.org/stable/c/7e2f3213e85eba00acb4cfe6d71647892d63c3a1", "https://git.kernel.org/stable/c/93e063f15e17acb8cd6ac90c8f0802c2624e1a74", "https://lore.kernel.org/linux-cve-announce/2025100943-CVE-2025-39957-33c1@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39957", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39957" ], "PublishedDate": "2025-10-09T10:15:37.133Z", "LastModifiedDate": "2026-02-26T22:50:44.03Z" }, { "VulnerabilityID": "CVE-2025-39958", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39958", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:70014efea1a0db24a9739dbcb608f74fdb30aa563ca5204fa9bc4a9cd65a352b", "Title": "kernel: iommu/s390: Make attach succeed when the device was surprise removed", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/s390: Make attach succeed when the device was surprise removed\n\nWhen a PCI device is removed with surprise hotplug, there may still be\nattempts to attach the device to the default domain as part of tear down\nvia (__iommu_release_dma_ownership()), or because the removal happens\nduring probe (__iommu_probe_device()). In both cases zpci_register_ioat()\nfails with a cc value indicating that the device handle is invalid. This\nis because the device is no longer part of the instance as far as the\nhypervisor is concerned.\n\nCurrently this leads to an error return and s390_iommu_attach_device()\nfails. This triggers the WARN_ON() in __iommu_group_set_domain_nofail()\nbecause attaching to the default domain must never fail.\n\nWith the device fenced by the hypervisor no DMAs to or from memory are\npossible and the IOMMU translations have no effect. Proceed as if the\nregistration was successful and let the hotplug event handling clean up\nthe device.\n\nThis is similar to how devices in the error state are handled since\ncommit 59bbf596791b (\"iommu/s390: Make attach succeed even if the device\nis in error state\") except that for removal the domain will not be\nregistered later. This approach was also previously discussed at the\nlink.\n\nHandle both cases, error state and removal, in a helper which checks if\nthe error needs to be propagated or ignored. Avoid magic number\ncondition codes by using the pre-existing, but never used, defines for\nPCI load/store condition codes and rename them to reflect that they\napply to all PCI instructions.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39958", "https://git.kernel.org/stable/c/359613f2fa009587154511e4842e8ab9532edd15", "https://git.kernel.org/stable/c/9ffaf5229055fcfbb3b3d6f1c7e58d63715c3f73", "https://lore.kernel.org/linux-cve-announce/2025100943-CVE-2025-39958-6e96@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39958", "https://www.cve.org/CVERecord?id=CVE-2025-39958" ], "PublishedDate": "2025-10-09T10:15:37.867Z", "LastModifiedDate": "2026-02-26T22:51:27.093Z" }, { "VulnerabilityID": "CVE-2025-39961", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39961", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1ea5c3ad3914f9ca8efd240eaa049cd2495695050200ebf55a5b97035d3f7c23", "Title": "kernel: iommu/amd/pgtbl: Fix possible race while increase page table level", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/amd/pgtbl: Fix possible race while increase page table level\n\nThe AMD IOMMU host page table implementation supports dynamic page table levels\n(up to 6 levels), starting with a 3-level configuration that expands based on\nIOVA address. The kernel maintains a root pointer and current page table level\nto enable proper page table walks in alloc_pte()/fetch_pte() operations.\n\nThe IOMMU IOVA allocator initially starts with 32-bit address and onces its\nexhuasted it switches to 64-bit address (max address is determined based\non IOMMU and device DMA capability). To support larger IOVA, AMD IOMMU\ndriver increases page table level.\n\nBut in unmap path (iommu_v1_unmap_pages()), fetch_pte() reads\npgtable-\u003e[root/mode] without lock. So its possible that in exteme corner case,\nwhen increase_address_space() is updating pgtable-\u003e[root/mode], fetch_pte()\nreads wrong page table level (pgtable-\u003emode). It does compare the value with\nlevel encoded in page table and returns NULL. This will result is\niommu_unmap ops to fail and upper layer may retry/log WARN_ON.\n\nCPU 0 CPU 1\n------ ------\nmap pages unmap pages\nalloc_pte() -\u003e increase_address_space() iommu_v1_unmap_pages() -\u003e fetch_pte()\n pgtable-\u003eroot = pte (new root value)\n READ pgtable-\u003e[mode/root]\n\t\t\t\t\t Reads new root, old mode\n Updates mode (pgtable-\u003emode += 1)\n\nSince Page table level updates are infrequent and already synchronized with a\nspinlock, implement seqcount to enable lock-free read operations on the read path.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39961", "https://git.kernel.org/linus/1e56310b40fd2e7e0b9493da9ff488af145bdd0c (6.17-rc7)", "https://git.kernel.org/stable/c/075abf0b1a958acfbea2435003d228e738e90346", "https://git.kernel.org/stable/c/1e56310b40fd2e7e0b9493da9ff488af145bdd0c", "https://git.kernel.org/stable/c/7d462bdecb7d9c32934dab44aaeb7ea7d73a27a2", "https://git.kernel.org/stable/c/cd92c8ab336c3a633d46e6f35ebcd3509ae7db3b", "https://lore.kernel.org/linux-cve-announce/2025100916-CVE-2025-39961-09b1@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39961", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39961" ], "PublishedDate": "2025-10-09T13:15:32.25Z", "LastModifiedDate": "2026-02-26T23:03:20.56Z" }, { "VulnerabilityID": "CVE-2025-39964", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-164.174", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39964", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:73c7bd5358d5e785c9db092d7c1e66a6c122d5c8647c88db1ee50dea5e367258", "Title": "kernel: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - Disallow concurrent writes in af_alg_sendmsg\n\nIssuing two writes to the same af_alg socket is bogus as the\ndata will be interleaved in an unpredictable fashion. Furthermore,\nconcurrent writes may create inconsistencies in the internal\nsocket state.\n\nDisallow this by adding a new ctx-\u003ewrite field that indiciates\nexclusive ownership for writing.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 1, "nvd": 1, "oracle-oval": 3, "photon": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39964", "https://git.kernel.org/linus/1b34cbbf4f011a121ef7b2d7d6e6920a036d5285 (6.17-rc7)", "https://git.kernel.org/stable/c/0f28c4adbc4a97437874c9b669fd7958a8c6d6ce", "https://git.kernel.org/stable/c/1b34cbbf4f011a121ef7b2d7d6e6920a036d5285", "https://git.kernel.org/stable/c/1f323a48e9b5ebfe6dc7d130fdf5c3c0e92a07c8", "https://git.kernel.org/stable/c/45bcf60fe49b37daab1acee57b27211ad1574042", "https://git.kernel.org/stable/c/7c4491b5644e3a3708f3dbd7591be0a570135b84", "https://git.kernel.org/stable/c/9aee87da5572b3a14075f501752e209801160d3d", "https://git.kernel.org/stable/c/e4c1ec11132ec466f7362a95f36a506ce4dc08c9", "https://linux.oracle.com/cve/CVE-2025-39964.html", "https://linux.oracle.com/errata/ELSA-2026-50100.html", "https://lore.kernel.org/linux-cve-announce/2025101334-CVE-2025-39964-7964@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39964", "https://ubuntu.com/security/notices/USN-7907-1", "https://ubuntu.com/security/notices/USN-7907-2", "https://ubuntu.com/security/notices/USN-7907-3", "https://ubuntu.com/security/notices/USN-7907-4", "https://ubuntu.com/security/notices/USN-7907-5", "https://ubuntu.com/security/notices/USN-7921-1", "https://ubuntu.com/security/notices/USN-7921-2", "https://ubuntu.com/security/notices/USN-7922-1", "https://ubuntu.com/security/notices/USN-7922-2", "https://ubuntu.com/security/notices/USN-7922-3", "https://ubuntu.com/security/notices/USN-7922-4", "https://ubuntu.com/security/notices/USN-7922-5", "https://ubuntu.com/security/notices/USN-7928-1", "https://ubuntu.com/security/notices/USN-7928-2", "https://ubuntu.com/security/notices/USN-7928-3", "https://ubuntu.com/security/notices/USN-7928-4", "https://ubuntu.com/security/notices/USN-7928-5", "https://ubuntu.com/security/notices/USN-7930-1", "https://ubuntu.com/security/notices/USN-7930-2", "https://ubuntu.com/security/notices/USN-7931-1", "https://ubuntu.com/security/notices/USN-7931-2", "https://ubuntu.com/security/notices/USN-7931-3", "https://ubuntu.com/security/notices/USN-7931-4", "https://ubuntu.com/security/notices/USN-7931-5", "https://ubuntu.com/security/notices/USN-7934-1", "https://ubuntu.com/security/notices/USN-7935-1", "https://ubuntu.com/security/notices/USN-7936-1", "https://ubuntu.com/security/notices/USN-7937-1", "https://ubuntu.com/security/notices/USN-7938-1", "https://ubuntu.com/security/notices/USN-7939-1", "https://ubuntu.com/security/notices/USN-7939-2", "https://ubuntu.com/security/notices/USN-7940-1", "https://ubuntu.com/security/notices/USN-7940-2", "https://www.cve.org/CVERecord?id=CVE-2025-39964" ], "PublishedDate": "2025-10-13T14:15:34.737Z", "LastModifiedDate": "2026-02-26T23:05:10.84Z" }, { "VulnerabilityID": "CVE-2025-39967", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39967", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:548312da40e8a58b0eb40ff3adf15085ae45f539096f5a146a78ffd400dc82d2", "Title": "kernel: fbcon: fix integer overflow in fbcon_do_set_font", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbcon: fix integer overflow in fbcon_do_set_font\n\nFix integer overflow vulnerabilities in fbcon_do_set_font() where font\nsize calculations could overflow when handling user-controlled font\nparameters.\n\nThe vulnerabilities occur when:\n1. CALC_FONTSZ(h, pitch, charcount) performs h * pith * charcount\n multiplication with user-controlled values that can overflow.\n2. FONT_EXTRA_WORDS * sizeof(int) + size addition can also overflow\n3. This results in smaller allocations than expected, leading to buffer\n overflows during font data copying.\n\nAdd explicit overflow checking using check_mul_overflow() and\ncheck_add_overflow() kernel helpers to safety validate all size\ncalculations before allocation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "amazon": 3, "azure": 4, "cbl-mariner": 2, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "V3Score": 6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39967", "https://git.kernel.org/linus/1a194e6c8e1ee745e914b0b7f50fa86c89ed13fe (6.17)", "https://git.kernel.org/stable/c/1a194e6c8e1ee745e914b0b7f50fa86c89ed13fe", "https://git.kernel.org/stable/c/4a4bac869560f943edbe3c2b032062f6673b13d3", "https://git.kernel.org/stable/c/994bdc2d23c79087fbf7dcd9544454e8ebcef877", "https://git.kernel.org/stable/c/9c8ec14075c5317edd6b242f1be8167aa1e4e333", "https://git.kernel.org/stable/c/a6eb9f423b3db000aaedf83367b8539f6b72dcfc", "https://git.kernel.org/stable/c/adac90bb1aaf45ca66f9db8ac100be16750ace78", "https://git.kernel.org/stable/c/b8a6e85328aeb9881531dbe89bcd2637a06c3c95", "https://git.kernel.org/stable/c/c0c01f9aa08c8e10e10e8c9ebb5be01a4eff6eb7", "https://linux.oracle.com/cve/CVE-2025-39967.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025101555-CVE-2025-39967-0fbf@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39967", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-39967" ], "PublishedDate": "2025-10-15T08:15:34.21Z", "LastModifiedDate": "2026-02-26T23:06:19.07Z" }, { "VulnerabilityID": "CVE-2025-39968", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39968", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:fd081a96703e522050c3e49dbd9390c106ef44a907c7dc3b072cf18e2bfe78a7", "Title": "kernel: Linux kernel i40e: Resource exhaustion via unbounded VF filter requests", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: add max boundary check for VF filters\n\nThere is no check for max filters that VF can request. Add it.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 4, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39968", "https://git.kernel.org/linus/cb79fa7118c150c3c76a327894bb2eb878c02619 (6.17)", "https://git.kernel.org/stable/c/02aae5fcdd34c3a55a243d80a1b328a35852a35c", "https://git.kernel.org/stable/c/77a35be582dff4c80442ebcdce24d45eed8a6ce4", "https://git.kernel.org/stable/c/8b13df5aa877b9e4541e301a58a84c42d84d2d9a", "https://git.kernel.org/stable/c/9176e18681cb0d34c5acc87bda224f5652af2ab8", "https://git.kernel.org/stable/c/cb79fa7118c150c3c76a327894bb2eb878c02619", "https://git.kernel.org/stable/c/d33e5d6631ac4fddda235a7815babc9d3f124299", "https://git.kernel.org/stable/c/e490d8c5a54e0dd1ab22417d72c3a7319cf0f030", "https://git.kernel.org/stable/c/edecce7abd7152b48e279b4fa0a883d1839bb577", "https://linux.oracle.com/cve/CVE-2025-39968.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025101555-CVE-2025-39968-ca60@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39968", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-39968" ], "PublishedDate": "2025-10-15T08:15:34.35Z", "LastModifiedDate": "2025-10-16T15:29:11.563Z" }, { "VulnerabilityID": "CVE-2025-39969", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39969", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5f62dfd62ff1964892cf09a800f580b5284274e73b95f3d967f0aa993ebbb164", "Title": "kernel: i40e: fix validation of VF state in get resources", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix validation of VF state in get resources\n\nVF state I40E_VF_STATE_ACTIVE is not the only state in which\nVF is actually active so it should not be used to determine\nif a VF is allowed to obtain resources.\n\nUse I40E_VF_STATE_RESOURCES_LOADED that is set only in\ni40e_vc_get_vf_resources_msg() and cleared during reset.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39969", "https://git.kernel.org/linus/877b7e6ffc23766448236e8732254534c518ba42 (6.17)", "https://git.kernel.org/stable/c/185745d56ec958bf8aa773828213237dfcc32f5a", "https://git.kernel.org/stable/c/6128bbc7adc25c87c2f64b5eb66a280b78ef7ab7", "https://git.kernel.org/stable/c/6c3981fd59ef11a75005ac9978f034da5a168b6a", "https://git.kernel.org/stable/c/877b7e6ffc23766448236e8732254534c518ba42", "https://git.kernel.org/stable/c/8e35c80f8570426fe0f0cc92b151ebd835975f22", "https://git.kernel.org/stable/c/a991dc56d3e9a2c3db87d0c3f03c24f6595400f1", "https://git.kernel.org/stable/c/e748f1ee493f88e38b77363a60499f979d42c58a", "https://git.kernel.org/stable/c/f47876788a23de296c42ef9d505b5c1630f0b4b8", "https://linux.oracle.com/cve/CVE-2025-39969.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025101555-CVE-2025-39969-fbee@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39969", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-39969" ], "PublishedDate": "2025-10-15T08:15:34.483Z", "LastModifiedDate": "2025-10-16T15:29:11.563Z" }, { "VulnerabilityID": "CVE-2025-39970", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39970", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:568d05cde7b10723724b054b326f888d2ca33521627a51adf8fab1469858fc24", "Title": "kernel: i40e: fix input validation logic for action_meta", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix input validation logic for action_meta\n\nFix condition to check 'greater or equal' to prevent OOB dereference.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 4, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H", "V3Score": 5.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39970", "https://git.kernel.org/linus/9739d5830497812b0bdeaee356ddefbe60830b88 (6.17)", "https://git.kernel.org/stable/c/28465770ca3b694286ff9ed6dfd558413f57d98f", "https://git.kernel.org/stable/c/3118f41d8fa57b005f53ec3db2ba5eab1d7ba12b", "https://git.kernel.org/stable/c/3883e9702b6a4945e93b16c070f338a9f5b496f9", "https://git.kernel.org/stable/c/461e0917eedcd159d87f3ea846754a1e07d7e78a", "https://git.kernel.org/stable/c/560e1683410585fbd5df847f43433c4296f0d222", "https://git.kernel.org/stable/c/9739d5830497812b0bdeaee356ddefbe60830b88", "https://git.kernel.org/stable/c/a88c1b2746eccf00e2094b187945f0f1e990b400", "https://git.kernel.org/stable/c/f8c8e11825b24661596fa8db2f0981ba17ed0817", "https://linux.oracle.com/cve/CVE-2025-39970.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025101556-CVE-2025-39970-2ec8@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39970", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-39970" ], "PublishedDate": "2025-10-15T08:15:34.62Z", "LastModifiedDate": "2025-10-16T15:29:11.563Z" }, { "VulnerabilityID": "CVE-2025-39971", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39971", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b85a8b66074ac93000bd0619d60ed92a4a07a87a848b69c95b1ba2e37088ee4b", "Title": "kernel: i40e: fix idx validation in config queues msg", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix idx validation in config queues msg\n\nEnsure idx is within range of active/initialized TCs when iterating over\nvf-\u003ech[idx] in i40e_vc_config_queues_msg().", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "azure": 4, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 7.6 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:21920", "https://access.redhat.com/security/cve/CVE-2025-39971", "https://bugzilla.redhat.com/2393481", "https://bugzilla.redhat.com/2404108", "https://bugzilla.redhat.com/show_bug.cgi?id=2393481", "https://bugzilla.redhat.com/show_bug.cgi?id=2404108", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39697", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39971", "https://errata.almalinux.org/8/ALSA-2025-21920.html", "https://errata.rockylinux.org/RLSA-2025:21917", "https://git.kernel.org/linus/f1ad24c5abe1eaef69158bac1405a74b3c365115 (6.17)", "https://git.kernel.org/stable/c/1fa0aadade34481c567cdf4a897c0d4e4d548bd1", "https://git.kernel.org/stable/c/2cc26dac0518d2fa9b67ec813ee60e183480f98a", "https://git.kernel.org/stable/c/5c1f96123113e0bdc6d8dc2b0830184c93da9f65", "https://git.kernel.org/stable/c/8b9c7719b0987b1c6c5fc910599f3618a558dbde", "https://git.kernel.org/stable/c/a6ff2af78343eceb0f77ab1a2fe802183bc21648", "https://git.kernel.org/stable/c/bfcc1dff429d4b99ba03e40ddacc68ea4be2b32b", "https://git.kernel.org/stable/c/f1ad24c5abe1eaef69158bac1405a74b3c365115", "https://git.kernel.org/stable/c/f5f91d164af22e7147130ef8bebbdb28d8ecc6e2", "https://linux.oracle.com/cve/CVE-2025-39971.html", "https://linux.oracle.com/errata/ELSA-2026-1581.html", "https://lore.kernel.org/linux-cve-announce/2025101556-CVE-2025-39971-97e2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39971", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-39971" ], "PublishedDate": "2025-10-15T08:15:34.757Z", "LastModifiedDate": "2025-10-16T15:29:11.563Z" }, { "VulnerabilityID": "CVE-2025-39972", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39972", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6535a79619f72fc6eea724363182ddf32d52c490744a76abfbb4c1a0abd125fc", "Title": "kernel: i40e: fix idx validation in i40e_validate_queue_map", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix idx validation in i40e_validate_queue_map\n\nEnsure idx is within range of active/initialized TCs when iterating over\nvf-\u003ech[idx] in i40e_validate_queue_map().", "Severity": "MEDIUM", "VendorSeverity": { "azure": 4, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39972", "https://git.kernel.org/linus/aa68d3c3ac8d1dcec40d52ae27e39f6d32207009 (6.17)", "https://git.kernel.org/stable/c/34dfac0c904829967d500c51f216916ce1452957", "https://git.kernel.org/stable/c/4d5e804a9e19b639b18fd13664dbad3c03c79e61", "https://git.kernel.org/stable/c/50a1e2f50f6c22b93b94eb8d168a1be3c05bf5cd", "https://git.kernel.org/stable/c/6f15a7b34fae75e745bdc2ec05e06ddfd0dd2f3c", "https://git.kernel.org/stable/c/aa68d3c3ac8d1dcec40d52ae27e39f6d32207009", "https://git.kernel.org/stable/c/b6cb93a7ff208f324c7ec581d72995f80e115e0e", "https://git.kernel.org/stable/c/cc4191e8ef40d2249c1b9a8617d22ec8a976b574", "https://git.kernel.org/stable/c/d4e3eaaa3cb3af77836d806c89cd6ebf533a7320", "https://linux.oracle.com/cve/CVE-2025-39972.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025101556-CVE-2025-39972-06e0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39972", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-39972" ], "PublishedDate": "2025-10-15T08:15:34.88Z", "LastModifiedDate": "2025-10-16T15:29:11.563Z" }, { "VulnerabilityID": "CVE-2025-39973", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39973", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2741c6c84abce3e63342d7ad5c9d35ac8b50bd53f8ffc360c8684993186bd5e7", "Title": "kernel: i40e: add validation for ring_len param", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: add validation for ring_len param\n\nThe `ring_len` parameter provided by the virtual function (VF)\nis assigned directly to the hardware memory context (HMC) without\nany validation.\n\nTo address this, introduce an upper boundary check for both Tx and Rx\nqueue lengths. The maximum number of descriptors supported by the\nhardware is 8k-32.\nAdditionally, enforce alignment constraints: Tx rings must be a multiple\nof 8, and Rx rings must be a multiple of 32.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 4, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39973", "https://git.kernel.org/linus/55d225670def06b01af2e7a5e0446fbe946289e8 (6.17)", "https://git.kernel.org/stable/c/0543d40d6513cdf1c7882811086e59a6455dfe97", "https://git.kernel.org/stable/c/05fe81fb9db20464fa532a3835dc8300d68a2f84", "https://git.kernel.org/stable/c/45a7527cd7da4cdcf3b06b5c0cb1cae30b5a5985", "https://git.kernel.org/stable/c/55d225670def06b01af2e7a5e0446fbe946289e8", "https://git.kernel.org/stable/c/7d749e38dd2b7e8a80da2ca30c93e09de95bfcf9", "https://git.kernel.org/stable/c/afec12adab55d10708179a64d95d650741e60fe0", "https://git.kernel.org/stable/c/c0c83f4cd074b75cecef107bfc349be7d516c9c4", "https://git.kernel.org/stable/c/d3b0d3f8d11fa957171fbb186e53998361a88d4e", "https://linux.oracle.com/cve/CVE-2025-39973.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025101557-CVE-2025-39973-b1a3@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39973", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-39973" ], "PublishedDate": "2025-10-15T08:15:35.007Z", "LastModifiedDate": "2025-10-16T15:29:11.563Z" }, { "VulnerabilityID": "CVE-2025-39977", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39977", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f0d8256753df7561a23792644549a0224103d567ad03477c0cd2f9c6cda037bd", "Title": "kernel: futex: Prevent use-after-free during requeue-PI", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfutex: Prevent use-after-free during requeue-PI\n\nsyzbot managed to trigger the following race:\n\n T1 T2\n\n futex_wait_requeue_pi()\n futex_do_wait()\n schedule()\n futex_requeue()\n futex_proxy_trylock_atomic()\n futex_requeue_pi_prepare()\n requeue_pi_wake_futex()\n futex_requeue_pi_complete()\n /* preempt */\n\n * timeout/ signal wakes T1 *\n\n futex_requeue_pi_wakeup_sync() // Q_REQUEUE_PI_LOCKED\n futex_hash_put()\n // back to userland, on stack futex_q is garbage\n\n /* back */\n wake_up_state(q-\u003etask, TASK_NORMAL);\n\nIn this scenario futex_wait_requeue_pi() is able to leave without using\nfutex_q::lock_ptr for synchronization.\n\nThis can be prevented by reading futex_q::task before updating the\nfutex_q::requeue_state. A reference on the task_struct is not needed\nbecause requeue_pi_wake_futex() is invoked with a spinlock_t held which\nimplies a RCU read section.\n\nEven if T1 terminates immediately after, the task_struct will remain valid\nduring T2's wake_up_state(). A READ_ONCE on futex_q::task before\nfutex_requeue_pi_complete() is enough because it ensures that the variable\nis read before the state is updated.\n\nRead futex_q::task before updating the requeue state, use it for the\nfollowing wakeup.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39977", "https://git.kernel.org/linus/b549113738e8c751b613118032a724b772aa83f2 (6.17)", "https://git.kernel.org/stable/c/348736955ed6ca6e99ca24b93b1d3fbfe352c181", "https://git.kernel.org/stable/c/a170b9c0dde83312b8b58ccc91509c7c15711641", "https://git.kernel.org/stable/c/b549113738e8c751b613118032a724b772aa83f2", "https://git.kernel.org/stable/c/cb5d19a61274b51b49601214a87af573b43d60fa", "https://git.kernel.org/stable/c/d824b2dbdcfe3c390278dd9652ea526168ef6850", "https://linux.oracle.com/cve/CVE-2025-39977.html", "https://linux.oracle.com/errata/ELSA-2025-20719.html", "https://lore.kernel.org/linux-cve-announce/2025101558-CVE-2025-39977-b3a2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39977", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39977" ], "PublishedDate": "2025-10-15T08:15:35.517Z", "LastModifiedDate": "2025-10-16T15:29:11.563Z" }, { "VulnerabilityID": "CVE-2025-39978", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39978", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:333ce6fc72cb6677056532e513f2394c073170ed427389e10d3f40f4d1ec0ffc", "Title": "kernel: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: Fix potential use after free in otx2_tc_add_flow()\n\nThis code calls kfree_rcu(new_node, rcu) and then dereferences \"new_node\"\nand then dereferences it on the next line. Two lines later, we take\na mutex so I don't think this is an RCU safe region. Re-order it to do\nthe dereferences before queuing up the free.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39978", "https://git.kernel.org/linus/d9c70e93ec5988ab07ad2a92d9f9d12867f02c56 (6.17)", "https://git.kernel.org/stable/c/5723120423a753a220b8b2954b273838b9d7e74a", "https://git.kernel.org/stable/c/a8a63f27c3a8a3714210d32b12fd0f16d0337414", "https://git.kernel.org/stable/c/c41b2941a024d4ec7c768e16ffb10a74b188fced", "https://git.kernel.org/stable/c/d9c70e93ec5988ab07ad2a92d9f9d12867f02c56", "https://git.kernel.org/stable/c/df2c071061ed52d2225d97b212d27ecedf456b8a", "https://lore.kernel.org/linux-cve-announce/2025101558-CVE-2025-39978-d538@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39978", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39978" ], "PublishedDate": "2025-10-15T08:15:35.64Z", "LastModifiedDate": "2025-10-16T15:29:11.563Z" }, { "VulnerabilityID": "CVE-2025-39980", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39980", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ac455c77077ad7638413de2db3ce684960a5f043ef6f801558bdf47c25e0301b", "Title": "kernel: nexthop: Forbid FDB status change while nexthop is in a group", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnexthop: Forbid FDB status change while nexthop is in a group\n\nThe kernel forbids the creation of non-FDB nexthop groups with FDB\nnexthops:\n\n # ip nexthop add id 1 via 192.0.2.1 fdb\n # ip nexthop add id 2 group 1\n Error: Non FDB nexthop group cannot have fdb nexthops.\n\nAnd vice versa:\n\n # ip nexthop add id 3 via 192.0.2.2 dev dummy1\n # ip nexthop add id 4 group 3 fdb\n Error: FDB nexthop group can only have fdb nexthops.\n\nHowever, as long as no routes are pointing to a non-FDB nexthop group,\nthe kernel allows changing the type of a nexthop from FDB to non-FDB and\nvice versa:\n\n # ip nexthop add id 5 via 192.0.2.2 dev dummy1\n # ip nexthop add id 6 group 5\n # ip nexthop replace id 5 via 192.0.2.2 fdb\n # echo $?\n 0\n\nThis configuration is invalid and can result in a NPD [1] since FDB\nnexthops are not associated with a nexthop device:\n\n # ip route add 198.51.100.1/32 nhid 6\n # ping 198.51.100.1\n\nFix by preventing nexthop FDB status change while the nexthop is in a\ngroup:\n\n # ip nexthop add id 7 via 192.0.2.2 dev dummy1\n # ip nexthop add id 8 group 7\n # ip nexthop replace id 7 via 192.0.2.2 fdb\n Error: Cannot change nexthop FDB status while in a group.\n\n[1]\nBUG: kernel NULL pointer dereference, address: 00000000000003c0\n[...]\nOops: Oops: 0000 [#1] SMP\nCPU: 6 UID: 0 PID: 367 Comm: ping Not tainted 6.17.0-rc6-virtme-gb65678cacc03 #1 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-4.fc41 04/01/2014\nRIP: 0010:fib_lookup_good_nhc+0x1e/0x80\n[...]\nCall Trace:\n \u003cTASK\u003e\n fib_table_lookup+0x541/0x650\n ip_route_output_key_hash_rcu+0x2ea/0x970\n ip_route_output_key_hash+0x55/0x80\n __ip4_datagram_connect+0x250/0x330\n udp_connect+0x2b/0x60\n __sys_connect+0x9c/0xd0\n __x64_sys_connect+0x18/0x20\n do_syscall_64+0xa4/0x2a0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 3, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39980", "https://git.kernel.org/linus/390b3a300d7872cef9588f003b204398be69ce08 (6.17)", "https://git.kernel.org/stable/c/0e7bfe7a268ccbd7859730c529161cafbf44637c", "https://git.kernel.org/stable/c/24046d31f6f92220852d393d510b6062843e3fbd", "https://git.kernel.org/stable/c/390b3a300d7872cef9588f003b204398be69ce08", "https://git.kernel.org/stable/c/8dd4aa0122885f710930de135af2adc4ccc3238f", "https://git.kernel.org/stable/c/e1e87ac0daacd51f522ecd1645cd76b5809303ed", "https://git.kernel.org/stable/c/ec428fff792b7bd15b248dafca2e654b666b1304", "https://git.kernel.org/stable/c/f0e49fd13afe9dea7a09a1c9537fd00cea22badb", "https://linux.oracle.com/cve/CVE-2025-39980.html", "https://linux.oracle.com/errata/ELSA-2025-28048.html", "https://lore.kernel.org/linux-cve-announce/2025101559-CVE-2025-39980-1b78@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39980", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-39980" ], "PublishedDate": "2025-10-15T08:15:35.887Z", "LastModifiedDate": "2025-10-16T15:29:11.563Z" }, { "VulnerabilityID": "CVE-2025-39985", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39985", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9af4ab55132ce21d97c2f3ec4c40759f1f5ddb6ed44fa173770f6d0b8d9d52d4", "Title": "kernel: can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface's MTU.\n\nUnfortunately, because the mcba_usb driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL))\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers' xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, mcba_usb_start_xmit() receives a CAN XL frame which it is not\nable to correctly handle and will thus misinterpret it as a CAN frame.\n\nThis can result in a buffer overflow. The driver will consume cf-\u003elen\nas-is with no further checks on these lines:\n\n\tusb_msg.dlc = cf-\u003elen;\n\n\tmemcpy(usb_msg.data, cf-\u003edata, usb_msg.dlc);\n\nHere, cf-\u003elen corresponds to the flags field of the CAN XL frame. In\nour previous example, we set canxl_frame-\u003eflags to 0xff. Because the\nmaximum expected length is 8, a buffer overflow of 247 bytes occurs!\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface's MTU can not be set to anything bigger than CAN_MTU. By\nfixing the root cause, this prevents the buffer overflow.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 4, "photon": 3, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39985", "https://git.kernel.org/linus/17c8d794527f01def0d1c8b7dc2d7b8d34fed0e6 (6.17)", "https://git.kernel.org/stable/c/0fa9303c4b9493727e0d3a6ac3729300e3013930", "https://git.kernel.org/stable/c/17c8d794527f01def0d1c8b7dc2d7b8d34fed0e6", "https://git.kernel.org/stable/c/3664ae91b26d1fd7e4cee9cde17301361f4c89d5", "https://git.kernel.org/stable/c/37aed407496bf6de8910e588edb04d2435fa7011", "https://git.kernel.org/stable/c/6b9fb82df8868dbe9ffea5874b8d35f951faedbb", "https://git.kernel.org/stable/c/6eec67bfb25637f9b51e584cf59ddace59925bc8", "https://git.kernel.org/stable/c/b638c3fb0f163e69785ceddb3b434a9437878bec", "https://git.kernel.org/stable/c/ca4e51359608e1f29bf1f2c33c3ddf775b6b7ed1", "https://lore.kernel.org/linux-cve-announce/2025101500-CVE-2025-39985-98c2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39985", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-39985" ], "PublishedDate": "2025-10-15T08:15:36.523Z", "LastModifiedDate": "2025-10-16T15:29:11.563Z" }, { "VulnerabilityID": "CVE-2025-39986", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39986", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3bdcf5d101134e01825d56e96a46ee3627d041850be6c9e3a970044438630567", "Title": "kernel: can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface's MTU.\n\nUnfortunately, because the sun4i_can driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL))\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers' xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, sun4ican_start_xmit() receives a CAN XL frame which it is not\nable to correctly handle and will thus misinterpret it as a CAN frame.\n\nThis can result in a buffer overflow. The driver will consume cf-\u003elen\nas-is with no further checks on this line:\n\n\tdlc = cf-\u003elen;\n\nHere, cf-\u003elen corresponds to the flags field of the CAN XL frame. In\nour previous example, we set canxl_frame-\u003eflags to 0xff. Because the\nmaximum expected length is 8, a buffer overflow of 247 bytes occurs a\ncouple line below when doing:\n\n\tfor (i = 0; i \u003c dlc; i++)\n\t\twritel(cf-\u003edata[i], priv-\u003ebase + (dreg + i * 4));\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface's MTU can not be set to anything bigger than CAN_MTU. By\nfixing the root cause, this prevents the buffer overflow.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 3, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39986", "https://git.kernel.org/linus/61da0bd4102c459823fbe6b8b43b01fb6ace4a22 (6.17)", "https://git.kernel.org/stable/c/063539db42203b29d5aa2adf0cae3d68c646a6b6", "https://git.kernel.org/stable/c/2e423e1990f3972cbea779883fef52c2f2acb858", "https://git.kernel.org/stable/c/4f382cc887adca8478b9d3e6b81aa6698a95fff4", "https://git.kernel.org/stable/c/60463a1c138900494cb3adae41142a11cd8feb3c", "https://git.kernel.org/stable/c/61da0bd4102c459823fbe6b8b43b01fb6ace4a22", "https://git.kernel.org/stable/c/7f7b21026a6febdb749f6f6f950427245aa86cce", "https://git.kernel.org/stable/c/a61ff7ac93270d20ca426c027d6d01c8ac8e904c", "https://git.kernel.org/stable/c/de77841652e57afbc46e9e1dbf51ee364fc008e1", "https://lore.kernel.org/linux-cve-announce/2025101501-CVE-2025-39986-b33b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39986", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-39986" ], "PublishedDate": "2025-10-15T08:15:36.653Z", "LastModifiedDate": "2025-10-16T15:29:11.563Z" }, { "VulnerabilityID": "CVE-2025-39987", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39987", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e3de41678ac09b1d77275ad6caa64bb01c22c5f1b1c4b678a44c5630a2762fe7", "Title": "kernel: can: hi311x: populate ndo_change_mtu() to prevent buffer overflow", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: hi311x: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface's MTU.\n\nUnfortunately, because the sun4i_can driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL))\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers' xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, hi3110_hard_start_xmit() receives a CAN XL frame which it is\nnot able to correctly handle and will thus misinterpret it as a CAN\nframe. The driver will consume frame-\u003elen as-is with no further\nchecks.\n\nThis can result in a buffer overflow later on in hi3110_hw_tx() on\nthis line:\n\n\tmemcpy(buf + HI3110_FIFO_EXT_DATA_OFF,\n\t frame-\u003edata, frame-\u003elen);\n\nHere, frame-\u003elen corresponds to the flags field of the CAN XL frame.\nIn our previous example, we set canxl_frame-\u003eflags to 0xff. Because\nthe maximum expected length is 8, a buffer overflow of 247 bytes\noccurs!\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface's MTU can not be set to anything bigger than CAN_MTU. By\nfixing the root cause, this prevents the buffer overflow.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 3, "photon": 3, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39987", "https://git.kernel.org/linus/ac1c7656fa717f29fac3ea073af63f0b9919ec9a (6.17)", "https://git.kernel.org/stable/c/57d332ce8c921d0e340650470bb0c1d707f216ee", "https://git.kernel.org/stable/c/7ab85762274c0fa997f0ef9a2307b2001aae43c4", "https://git.kernel.org/stable/c/8f351db6b2367991f0736b2cff082f5de4872113", "https://git.kernel.org/stable/c/ac1c7656fa717f29fac3ea073af63f0b9919ec9a", "https://git.kernel.org/stable/c/be1b25005fd0f9d4e78bec6695711ef87ee33398", "https://git.kernel.org/stable/c/def814b4ba31b563584061d6895d5ff447d5bc14", "https://git.kernel.org/stable/c/e77fdf9e33a83a08f04ab0cb68c19ddb365a622f", "https://git.kernel.org/stable/c/f2c247e9581024d8b3dd44cbe086bf2bebbef42c", "https://lore.kernel.org/linux-cve-announce/2025101501-CVE-2025-39987-9feb@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39987", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-39987" ], "PublishedDate": "2025-10-15T08:15:36.783Z", "LastModifiedDate": "2025-10-16T15:29:11.563Z" }, { "VulnerabilityID": "CVE-2025-39988", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39988", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d970b9d180414e34e9641c20911a4f7c4a17df8155deceab24b2b8adaa549ca9", "Title": "kernel: can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface's MTU.\n\nUnfortunately, because the etas_es58x driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL));\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers' xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, es58x_start_xmit() receives a CAN XL frame which it is not\nable to correctly handle and will thus misinterpret it as a CAN(FD)\nframe.\n\nThis can result in a buffer overflow. For example, using the es581.4\nvariant, the frame will be dispatched to es581_4_tx_can_msg(), go\nthrough the last check at the beginning of this function:\n\n\tif (can_is_canfd_skb(skb))\n\t\treturn -EMSGSIZE;\n\nand reach this line:\n\n\tmemcpy(tx_can_msg-\u003edata, cf-\u003edata, cf-\u003elen);\n\nHere, cf-\u003elen corresponds to the flags field of the CAN XL frame. In\nour previous example, we set canxl_frame-\u003eflags to 0xff. Because the\nmaximum expected length is 8, a buffer overflow of 247 bytes occurs!\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface's MTU can not be set to anything bigger than CAN_MTU or\nCANFD_MTU (depending on the device capabilities). By fixing the root\ncause, this prevents the buffer overflow.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 3, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39988", "https://git.kernel.org/linus/38c0abad45b190a30d8284a37264d2127a6ec303 (6.17)", "https://git.kernel.org/stable/c/38c0abad45b190a30d8284a37264d2127a6ec303", "https://git.kernel.org/stable/c/72de0facc50afdb101fb7197d880407f1abfc77f", "https://git.kernel.org/stable/c/b26cccd87dcddc47b450a40f3b1ac3fe346efcff", "https://git.kernel.org/stable/c/c4e582e686c4d683c87f2b4a316385b3d81d370f", "https://git.kernel.org/stable/c/cbc1de71766f326a44bb798aeae4a7ef4a081cc9", "https://git.kernel.org/stable/c/e587af2c89ecc6382c518febea52fa9ba81e47c0", "https://lore.kernel.org/linux-cve-announce/2025101501-CVE-2025-39988-bda0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39988", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-39988" ], "PublishedDate": "2025-10-15T08:15:36.913Z", "LastModifiedDate": "2025-10-16T15:28:59.61Z" }, { "VulnerabilityID": "CVE-2025-39989", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39989", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e9b064fcecf8c75aea06a3ccd7cd1ed1d89b97e1acbb04586dde40d864cfc061", "Title": "kernel: x86/mce: use is_copy_from_user() to determine copy-from-user context", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mce: use is_copy_from_user() to determine copy-from-user context\n\nPatch series \"mm/hwpoison: Fix regressions in memory failure handling\",\nv4.\n\n## 1. What am I trying to do:\n\nThis patchset resolves two critical regressions related to memory failure\nhandling that have appeared in the upstream kernel since version 5.17, as\ncompared to 5.10 LTS.\n\n - copyin case: poison found in user page while kernel copying from user space\n - instr case: poison found while instruction fetching in user space\n\n## 2. What is the expected outcome and why\n\n- For copyin case:\n\nKernel can recover from poison found where kernel is doing get_user() or\ncopy_from_user() if those places get an error return and the kernel return\n-EFAULT to the process instead of crashing. More specifily, MCE handler\nchecks the fixup handler type to decide whether an in kernel #MC can be\nrecovered. When EX_TYPE_UACCESS is found, the PC jumps to recovery code\nspecified in _ASM_EXTABLE_FAULT() and return a -EFAULT to user space.\n\n- For instr case:\n\nIf a poison found while instruction fetching in user space, full recovery\nis possible. User process takes #PF, Linux allocates a new page and fills\nby reading from storage.\n\n\n## 3. What actually happens and why\n\n- For copyin case: kernel panic since v5.17\n\nCommit 4c132d1d844a (\"x86/futex: Remove .fixup usage\") introduced a new\nextable fixup type, EX_TYPE_EFAULT_REG, and later patches updated the\nextable fixup type for copy-from-user operations, changing it from\nEX_TYPE_UACCESS to EX_TYPE_EFAULT_REG. It breaks previous EX_TYPE_UACCESS\nhandling when posion found in get_user() or copy_from_user().\n\n- For instr case: user process is killed by a SIGBUS signal due to #CMCI\n and #MCE race\n\nWhen an uncorrected memory error is consumed there is a race between the\nCMCI from the memory controller reporting an uncorrected error with a UCNA\nsignature, and the core reporting and SRAR signature machine check when\nthe data is about to be consumed.\n\n### Background: why *UN*corrected errors tied to *C*MCI in Intel platform [1]\n\nPrior to Icelake memory controllers reported patrol scrub events that\ndetected a previously unseen uncorrected error in memory by signaling a\nbroadcast machine check with an SRAO (Software Recoverable Action\nOptional) signature in the machine check bank. This was overkill because\nit's not an urgent problem that no core is on the verge of consuming that\nbad data. It's also found that multi SRAO UCE may cause nested MCE\ninterrupts and finally become an IERR.\n\nHence, Intel downgrades the machine check bank signature of patrol scrub\nfrom SRAO to UCNA (Uncorrected, No Action required), and signal changed to\n#CMCI. Just to add to the confusion, Linux does take an action (in\nuc_decode_notifier()) to try to offline the page despite the UC*NA*\nsignature name.\n\n### Background: why #CMCI and #MCE race when poison is consuming in\n Intel platform [1]\n\nHaving decided that CMCI/UCNA is the best action for patrol scrub errors,\nthe memory controller uses it for reads too. But the memory controller is\nexecuting asynchronously from the core, and can't tell the difference\nbetween a \"real\" read and a speculative read. So it will do CMCI/UCNA if\nan error is found in any read.\n\nThus:\n\n1) Core is clever and thinks address A is needed soon, issues a\n speculative read.\n\n2) Core finds it is going to use address A soon after sending the read\n request\n\n3) The CMCI from the memory controller is in a race with MCE from the\n core that will soon try to retire the load from address A.\n\nQuite often (because speculation has got better) the CMCI from the memory\ncontroller is delivered before the core is committed to the instruction\nreading address A, so the interrupt is taken, and Linux offlines the page\n(marking it as poison).\n\n\n## Why user process is killed for instr case\n\nCommit 046545a661af (\"mm/hwpoison: fix error page recovered but reported\n\"not\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39989", "https://git.kernel.org/linus/1a15bb8303b6b104e78028b6c68f76a0d4562134 (6.15-rc1)", "https://git.kernel.org/stable/c/0b8388e97ba6a8c033f9a8b5565af41af07f9345", "https://git.kernel.org/stable/c/1a15bb8303b6b104e78028b6c68f76a0d4562134", "https://git.kernel.org/stable/c/3e3d8169c0950a0b3cd5105f6403a78350dcac80", "https://git.kernel.org/stable/c/449413da90a337f343cc5a73070cbd68e92e8a54", "https://git.kernel.org/stable/c/5724654a084f701dc64b08d34a0e800f22f0e6e4", "https://linux.oracle.com/cve/CVE-2025-39989.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025041821-CVE-2025-39989-5804@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39989", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-7605-1", "https://ubuntu.com/security/notices/USN-7605-2", "https://ubuntu.com/security/notices/USN-7606-1", "https://ubuntu.com/security/notices/USN-7628-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39989" ], "PublishedDate": "2025-04-18T07:15:44.55Z", "LastModifiedDate": "2025-11-06T21:33:09.493Z" }, { "VulnerabilityID": "CVE-2025-39990", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39990", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:40ee47c574467987a3d621271d1b16b1d7e613b11d461116618018981a6602c6", "Title": "kernel: bpf: Check the helper function is valid in get_helper_proto", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Check the helper function is valid in get_helper_proto\n\nkernel test robot reported verifier bug [1] where the helper func\npointer could be NULL due to disabled config option.\n\nAs Alexei suggested we could check on that in get_helper_proto\ndirectly. Marking tail_call helper func with BPF_PTR_POISON,\nbecause it is unused by design.\n\n [1] https://lore.kernel.org/oe-lkp/202507160818.68358831-lkp@intel.com", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "photon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39990", "https://git.kernel.org/linus/e4414b01c1cd9887bbde92f946c1ba94e40d6d64 (6.17-rc6)", "https://git.kernel.org/stable/c/3d429cb1278e995e22995ef117fa96d223a67e93", "https://git.kernel.org/stable/c/6233715b4b714068d6c831d214a4e8792109875a", "https://git.kernel.org/stable/c/e4414b01c1cd9887bbde92f946c1ba94e40d6d64", "https://lore.kernel.org/linux-cve-announce/2025101502-CVE-2025-39990-25bc@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39990", "https://www.cve.org/CVERecord?id=CVE-2025-39990" ], "PublishedDate": "2025-10-15T08:15:37.06Z", "LastModifiedDate": "2025-10-16T15:28:59.61Z" }, { "VulnerabilityID": "CVE-2025-39992", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39992", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:49e818c28966da24813d2f1feb247766315b499d294234d4a6953ebc2ad7eb14", "Title": "kernel: mm: swap: check for stable address space before operating on the VMA", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: swap: check for stable address space before operating on the VMA\n\nIt is possible to hit a zero entry while traversing the vmas in unuse_mm()\ncalled from swapoff path and accessing it causes the OOPS:\n\nUnable to handle kernel NULL pointer dereference at virtual address\n0000000000000446--\u003e Loading the memory from offset 0x40 on the\nXA_ZERO_ENTRY as address.\nMem abort info:\n ESR = 0x0000000096000005\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x05: level 1 translation fault\n\nThe issue is manifested from the below race between the fork() on a\nprocess and swapoff:\nfork(dup_mmap())\t\t\tswapoff(unuse_mm)\n--------------- -----------------\n1) Identical mtree is built using\n __mt_dup().\n\n2) copy_pte_range()--\u003e\n\tcopy_nonpresent_pte():\n The dst mm is added into the\n mmlist to be visible to the\n swapoff operation.\n\n3) Fatal signal is sent to the parent\nprocess(which is the current during the\nfork) thus skip the duplication of the\nvmas and mark the vma range with\nXA_ZERO_ENTRY as a marker for this process\nthat helps during exit_mmap().\n\n\t\t\t\t 4) swapoff is tried on the\n\t\t\t\t\t'mm' added to the 'mmlist' as\n\t\t\t\t\tpart of the 2.\n\n\t\t\t\t 5) unuse_mm(), that iterates\n\t\t\t\t\tthrough the vma's of this 'mm'\n\t\t\t\t\twill hit the non-NULL zero entry\n\t\t\t\t\tand operating on this zero entry\n\t\t\t\t\tas a vma is resulting into the\n\t\t\t\t\toops.\n\nThe proper fix would be around not exposing this partially-valid tree to\nothers when droping the mmap lock, which is being solved with [1]. A\nsimpler solution would be checking for MMF_UNSTABLE, as it is set if\nmm_struct is not fully initialized in dup_mmap().\n\nThanks to Liam/Lorenzo/David for all the suggestions in fixing this\nissue.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39992", "https://git.kernel.org/linus/1367da7eb875d01102d2ed18654b24d261ff5393 (6.18-rc1)", "https://git.kernel.org/stable/c/1367da7eb875d01102d2ed18654b24d261ff5393", "https://git.kernel.org/stable/c/4e5f060d7347466f77aaff1c0d5a6c4f1fb217ac", "https://git.kernel.org/stable/c/9cddad3b26dac830407d2d3c0de5205ff6d6dda0", "https://git.kernel.org/stable/c/e4e99d69b8b8295c501b2eef89e13306b738b667", "https://lore.kernel.org/linux-cve-announce/2025101527-CVE-2025-39992-f580@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39992", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-39992" ], "PublishedDate": "2025-10-15T08:15:37.317Z", "LastModifiedDate": "2025-10-16T15:28:59.61Z" }, { "VulnerabilityID": "CVE-2025-39993", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-164.174", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39993", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:10e34341874af80eda4faa31d821f3f716d4485bd0d01105faedab827366a00c", "Title": "kernel: media: rc: fix races with imon_disconnect()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rc: fix races with imon_disconnect()\n\nSyzbot reports a KASAN issue as below:\nBUG: KASAN: use-after-free in __create_pipe include/linux/usb.h:1945 [inline]\nBUG: KASAN: use-after-free in send_packet+0xa2d/0xbc0 drivers/media/rc/imon.c:627\nRead of size 4 at addr ffff8880256fb000 by task syz-executor314/4465\n\nCPU: 2 PID: 4465 Comm: syz-executor314 Not tainted 6.0.0-rc1-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n__dump_stack lib/dump_stack.c:88 [inline]\ndump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\nprint_address_description mm/kasan/report.c:317 [inline]\nprint_report.cold+0x2ba/0x6e9 mm/kasan/report.c:433\nkasan_report+0xb1/0x1e0 mm/kasan/report.c:495\n__create_pipe include/linux/usb.h:1945 [inline]\nsend_packet+0xa2d/0xbc0 drivers/media/rc/imon.c:627\nvfd_write+0x2d9/0x550 drivers/media/rc/imon.c:991\nvfs_write+0x2d7/0xdd0 fs/read_write.c:576\nksys_write+0x127/0x250 fs/read_write.c:631\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe iMON driver improperly releases the usb_device reference in\nimon_disconnect without coordinating with active users of the\ndevice.\n\nSpecifically, the fields usbdev_intf0 and usbdev_intf1 are not\nprotected by the users counter (ictx-\u003eusers). During probe,\nimon_init_intf0 or imon_init_intf1 increments the usb_device\nreference count depending on the interface. However, during\ndisconnect, usb_put_dev is called unconditionally, regardless of\nactual usage.\n\nAs a result, if vfd_write or other operations are still in\nprogress after disconnect, this can lead to a use-after-free of\nthe usb_device pointer.\n\nThread 1 vfd_write Thread 2 imon_disconnect\n ...\n if\n usb_put_dev(ictx-\u003eusbdev_intf0)\n else\n usb_put_dev(ictx-\u003eusbdev_intf1)\n...\nwhile\n send_packet\n if\n pipe = usb_sndintpipe(\n ictx-\u003eusbdev_intf0) UAF\n else\n pipe = usb_sndctrlpipe(\n ictx-\u003eusbdev_intf0, 0) UAF\n\nGuard access to usbdev_intf0 and usbdev_intf1 after disconnect by\nchecking ictx-\u003edisconnected in all writer paths. Add early return\nwith -ENODEV in send_packet(), vfd_write(), lcd_write() and\ndisplay_open() if the device is no longer present.\n\nSet and read ictx-\u003edisconnected under ictx-\u003elock to ensure memory\nsynchronization. Acquire the lock in imon_disconnect() before setting\nthe flag to synchronize with any ongoing operations.\n\nEnsure writers exit early and safely after disconnect before the USB\ncore proceeds with cleanup.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:0444", "https://access.redhat.com/security/cve/CVE-2025-39993", "https://bugzilla.redhat.com/2404121", "https://bugzilla.redhat.com/2418832", "https://bugzilla.redhat.com/2422801", "https://bugzilla.redhat.com/show_bug.cgi?id=2404121", "https://bugzilla.redhat.com/show_bug.cgi?id=2418832", "https://bugzilla.redhat.com/show_bug.cgi?id=2422801", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39993", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40240", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68285", "https://errata.almalinux.org/8/ALSA-2026-0444.html", "https://errata.rockylinux.org/RLSA-2026:0444", "https://git.kernel.org/linus/fa0f61cc1d828178aa921475a9b786e7fbb65ccb (6.18-rc1)", "https://git.kernel.org/stable/c/2e7fd93b9cc565b839bc55a6662475718963e156", "https://git.kernel.org/stable/c/71096a6161a25e84acddb89a9d77f138502d26ab", "https://git.kernel.org/stable/c/71c52b073922d05e79e6de7fc7f5f38f927929a4", "https://git.kernel.org/stable/c/71da40648741d15b302700b68973fe8b382aef3c", "https://git.kernel.org/stable/c/9348976003e39754af344949579e824a0a210fc4", "https://git.kernel.org/stable/c/b03fac6e2a38331faf8510b480becfa90cea1c9f", "https://git.kernel.org/stable/c/d9f6ce99624a41c3bcb29a8d7d79b800665229dd", "https://git.kernel.org/stable/c/fa0f61cc1d828178aa921475a9b786e7fbb65ccb", "https://git.kernel.org/stable/c/fd5d3e6b149ec8cce045d86a2b5e3664d6b32ba5", "https://linux.oracle.com/cve/CVE-2025-39993.html", "https://linux.oracle.com/errata/ELSA-2026-3685.html", "https://lore.kernel.org/linux-cve-announce/2025101527-CVE-2025-39993-caef@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39993", "https://ubuntu.com/security/notices/USN-7921-1", "https://ubuntu.com/security/notices/USN-7921-2", "https://ubuntu.com/security/notices/USN-7922-1", "https://ubuntu.com/security/notices/USN-7922-2", "https://ubuntu.com/security/notices/USN-7922-3", "https://ubuntu.com/security/notices/USN-7922-4", "https://ubuntu.com/security/notices/USN-7922-5", "https://ubuntu.com/security/notices/USN-7928-1", "https://ubuntu.com/security/notices/USN-7928-2", "https://ubuntu.com/security/notices/USN-7928-3", "https://ubuntu.com/security/notices/USN-7928-4", "https://ubuntu.com/security/notices/USN-7928-5", "https://ubuntu.com/security/notices/USN-7931-1", "https://ubuntu.com/security/notices/USN-7931-2", "https://ubuntu.com/security/notices/USN-7931-3", "https://ubuntu.com/security/notices/USN-7931-4", "https://ubuntu.com/security/notices/USN-7931-5", "https://ubuntu.com/security/notices/USN-7934-1", "https://ubuntu.com/security/notices/USN-7935-1", "https://ubuntu.com/security/notices/USN-7936-1", "https://ubuntu.com/security/notices/USN-7938-1", "https://ubuntu.com/security/notices/USN-7939-1", "https://ubuntu.com/security/notices/USN-7939-2", "https://ubuntu.com/security/notices/USN-7940-1", "https://ubuntu.com/security/notices/USN-7940-2", "https://ubuntu.com/security/notices/USN-7987-1", "https://ubuntu.com/security/notices/USN-7987-2", "https://ubuntu.com/security/notices/USN-7988-1", "https://ubuntu.com/security/notices/USN-7988-2", "https://ubuntu.com/security/notices/USN-7988-3", "https://ubuntu.com/security/notices/USN-7988-4", "https://ubuntu.com/security/notices/USN-7988-5", "https://www.cve.org/CVERecord?id=CVE-2025-39993" ], "PublishedDate": "2025-10-15T08:15:37.443Z", "LastModifiedDate": "2025-10-29T14:15:51.747Z" }, { "VulnerabilityID": "CVE-2025-39994", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39994", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:df0067e4d91ef56cef97ff5358ef14203fbd68c492f312a8d040efcf8779240a", "Title": "kernel: Linux kernel: Use-after-free in xc5000 tuner driver due to race condition", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: tuner: xc5000: Fix use-after-free in xc5000_release\n\nThe original code uses cancel_delayed_work() in xc5000_release(), which\ndoes not guarantee that the delayed work item timer_sleep has fully\ncompleted if it was already running. This leads to use-after-free scenarios\nwhere xc5000_release() may free the xc5000_priv while timer_sleep is still\nactive and attempts to dereference the xc5000_priv.\n\nA typical race condition is illustrated below:\n\nCPU 0 (release thread) | CPU 1 (delayed work callback)\nxc5000_release() | xc5000_do_timer_sleep()\n cancel_delayed_work() |\n hybrid_tuner_release_state(priv) |\n kfree(priv) |\n | priv = container_of() // UAF\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the timer_sleep is properly canceled before the xc5000_priv memory\nis deallocated.\n\nA deadlock concern was considered: xc5000_release() is called in a process\ncontext and is not holding any locks that the timer_sleep work item might\nalso need. Therefore, the use of the _sync() variant is safe here.\n\nThis bug was initially identified through static analysis.\n\n[hverkuil: fix typo in Subject: tunner -\u003e tuner]", "Severity": "MEDIUM", "VendorSeverity": { "azure": 4, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39994", "https://git.kernel.org/linus/40b7a19f321e65789612ebaca966472055dab48c (6.18-rc1)", "https://git.kernel.org/stable/c/3f876cd47ed8bca1e28d68435845949f51f90703", "https://git.kernel.org/stable/c/40b7a19f321e65789612ebaca966472055dab48c", "https://git.kernel.org/stable/c/4266f012806fc18e46da4a04d130df59a4946f93", "https://git.kernel.org/stable/c/71ed8b81a4906cb785966910f39cf7f5ad60a69e", "https://git.kernel.org/stable/c/9a00de20ed8ba90888479749b87bc1532cded4ce", "https://git.kernel.org/stable/c/bc4ffd962ce16a154c44c68853b9d93f5b6fc4b8", "https://git.kernel.org/stable/c/df0303b4839520b84d9367c2fad65b13650a4d42", "https://git.kernel.org/stable/c/e2f5eaafc0306a76fb1cb760aae804b065b8a341", "https://git.kernel.org/stable/c/effb1c19583bca7022fa641a70766de45c6d41ac", "https://linux.oracle.com/cve/CVE-2025-39994.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025101528-CVE-2025-39994-f3e0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39994", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-39994" ], "PublishedDate": "2025-10-15T08:15:37.567Z", "LastModifiedDate": "2025-10-29T14:15:51.893Z" }, { "VulnerabilityID": "CVE-2025-39995", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39995", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:cf225f8d9cdda2f683e327a4964763d8f264be26772cccc75097bdd6f2237308", "Title": "kernel: media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe\n\nThe state-\u003etimer is a cyclic timer that schedules work_i2c_poll and\ndelayed_work_enable_hotplug, while rearming itself. Using timer_delete()\nfails to guarantee the timer isn't still running when destroyed, similarly\ncancel_delayed_work() cannot ensure delayed_work_enable_hotplug has\nterminated if already executing. During probe failure after timer\ninitialization, these may continue running as orphans and reference the\nalready-freed tc358743_state object through tc358743_irq_poll_timer.\n\nThe following is the trace captured by KASAN.\n\nBUG: KASAN: slab-use-after-free in __run_timer_base.part.0+0x7d7/0x8c0\nWrite of size 8 at addr ffff88800ded83c8 by task swapper/1/0\n...\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x55/0x70\n print_report+0xcf/0x610\n ? __pfx_sched_balance_find_src_group+0x10/0x10\n ? __run_timer_base.part.0+0x7d7/0x8c0\n kasan_report+0xb8/0xf0\n ? __run_timer_base.part.0+0x7d7/0x8c0\n __run_timer_base.part.0+0x7d7/0x8c0\n ? rcu_sched_clock_irq+0xb06/0x27d0\n ? __pfx___run_timer_base.part.0+0x10/0x10\n ? try_to_wake_up+0xb15/0x1960\n ? tmigr_update_events+0x280/0x740\n ? _raw_spin_lock_irq+0x80/0xe0\n ? __pfx__raw_spin_lock_irq+0x10/0x10\n tmigr_handle_remote_up+0x603/0x7e0\n ? __pfx_tmigr_handle_remote_up+0x10/0x10\n ? sched_balance_trigger+0x98/0x9f0\n ? sched_tick+0x221/0x5a0\n ? _raw_spin_lock_irq+0x80/0xe0\n ? __pfx__raw_spin_lock_irq+0x10/0x10\n ? tick_nohz_handler+0x339/0x440\n ? __pfx_tmigr_handle_remote_up+0x10/0x10\n __walk_groups.isra.0+0x42/0x150\n tmigr_handle_remote+0x1f4/0x2e0\n ? __pfx_tmigr_handle_remote+0x10/0x10\n ? ktime_get+0x60/0x140\n ? lapic_next_event+0x11/0x20\n ? clockevents_program_event+0x1d4/0x2a0\n ? hrtimer_interrupt+0x322/0x780\n handle_softirqs+0x16a/0x550\n irq_exit_rcu+0xaf/0xe0\n sysvec_apic_timer_interrupt+0x70/0x80\n \u003c/IRQ\u003e\n...\n\nAllocated by task 141:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x7f/0x90\n __kmalloc_node_track_caller_noprof+0x198/0x430\n devm_kmalloc+0x7b/0x1e0\n tc358743_probe+0xb7/0x610 i2c_device_probe+0x51d/0x880\n really_probe+0x1ca/0x5c0\n __driver_probe_device+0x248/0x310\n driver_probe_device+0x44/0x120\n __device_attach_driver+0x174/0x220\n bus_for_each_drv+0x100/0x190\n __device_attach+0x206/0x370\n bus_probe_device+0x123/0x170\n device_add+0xd25/0x1470\n i2c_new_client_device+0x7a0/0xcd0\n do_one_initcall+0x89/0x300\n do_init_module+0x29d/0x7f0\n load_module+0x4f48/0x69e0\n init_module_from_file+0xe4/0x150\n idempotent_init_module+0x320/0x670\n __x64_sys_finit_module+0xbd/0x120\n do_syscall_64+0xac/0x280\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 141:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3a/0x60\n __kasan_slab_free+0x3f/0x50\n kfree+0x137/0x370\n release_nodes+0xa4/0x100\n devres_release_group+0x1b2/0x380\n i2c_device_probe+0x694/0x880\n really_probe+0x1ca/0x5c0\n __driver_probe_device+0x248/0x310\n driver_probe_device+0x44/0x120\n __device_attach_driver+0x174/0x220\n bus_for_each_drv+0x100/0x190\n __device_attach+0x206/0x370\n bus_probe_device+0x123/0x170\n device_add+0xd25/0x1470\n i2c_new_client_device+0x7a0/0xcd0\n do_one_initcall+0x89/0x300\n do_init_module+0x29d/0x7f0\n load_module+0x4f48/0x69e0\n init_module_from_file+0xe4/0x150\n idempotent_init_module+0x320/0x670\n __x64_sys_finit_module+0xbd/0x120\n do_syscall_64+0xac/0x280\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n\nReplace timer_delete() with timer_delete_sync() and cancel_delayed_work()\nwith cancel_delayed_work_sync() to ensure proper termination of timer and\nwork items before resource cleanup.\n\nThis bug was initially identified through static analysis. For reproduction\nand testing, I created a functional emulation of the tc358743 device via a\nkernel module and introduced faults through the debugfs interface.", "Severity": "MEDIUM", "VendorSeverity": { "oracle-oval": 3, "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39995", "https://git.kernel.org/linus/79d10f4f21a92e459b2276a77be62c59c1502c9d (6.18-rc1)", "https://git.kernel.org/stable/c/228d06c4cbfc750f1216a3fd91b4693b0766d2f6", "https://git.kernel.org/stable/c/2610617effb4454d2f1c434c011ccb5cc7140711", "https://git.kernel.org/stable/c/3d17701c156579969470e58b3a906511f8bc018d", "https://git.kernel.org/stable/c/663faf1179db9663a3793c75e9bc869358bad910", "https://git.kernel.org/stable/c/70913586c717dd25cfbade7a418e92cc9c99398a", "https://git.kernel.org/stable/c/79d10f4f21a92e459b2276a77be62c59c1502c9d", "https://git.kernel.org/stable/c/9205fb6e617a1c596d9a9ad2a160ee696e09d520", "https://git.kernel.org/stable/c/f3f3f00bcabbd2ce0a77a2ac7a6797b8646bfd8b", "https://git.kernel.org/stable/c/f92181c0e13cad9671d07b15be695a97fc2534a3", "https://linux.oracle.com/cve/CVE-2025-39995.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025101528-CVE-2025-39995-80ab@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39995", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-39995" ], "PublishedDate": "2025-10-15T08:15:37.69Z", "LastModifiedDate": "2025-10-29T14:15:52.01Z" }, { "VulnerabilityID": "CVE-2025-39996", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39996", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1ab1038f97a236abcca23051d154ca51580435624a4f9d2d7c9fe2de38c92c10", "Title": "kernel: Linux kernel (media: b2c2): Use-after-free vulnerability in flexcop_pci_remove leading to denial of service.", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove\n\nThe original code uses cancel_delayed_work() in flexcop_pci_remove(), which\ndoes not guarantee that the delayed work item irq_check_work has fully\ncompleted if it was already running. This leads to use-after-free scenarios\nwhere flexcop_pci_remove() may free the flexcop_device while irq_check_work\nis still active and attempts to dereference the device.\n\nA typical race condition is illustrated below:\n\nCPU 0 (remove) | CPU 1 (delayed work callback)\nflexcop_pci_remove() | flexcop_pci_irq_check_work()\n cancel_delayed_work() |\n flexcop_device_kfree(fc_pci-\u003efc_dev) |\n | fc = fc_pci-\u003efc_dev; // UAF\n\nThis is confirmed by a KASAN report:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in __run_timer_base.part.0+0x7d7/0x8c0\nWrite of size 8 at addr ffff8880093aa8c8 by task bash/135\n...\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x55/0x70\n print_report+0xcf/0x610\n ? __run_timer_base.part.0+0x7d7/0x8c0\n kasan_report+0xb8/0xf0\n ? __run_timer_base.part.0+0x7d7/0x8c0\n __run_timer_base.part.0+0x7d7/0x8c0\n ? __pfx___run_timer_base.part.0+0x10/0x10\n ? __pfx_read_tsc+0x10/0x10\n ? ktime_get+0x60/0x140\n ? lapic_next_event+0x11/0x20\n ? clockevents_program_event+0x1d4/0x2a0\n run_timer_softirq+0xd1/0x190\n handle_softirqs+0x16a/0x550\n irq_exit_rcu+0xaf/0xe0\n sysvec_apic_timer_interrupt+0x70/0x80\n \u003c/IRQ\u003e\n...\n\nAllocated by task 1:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x7f/0x90\n __kmalloc_noprof+0x1be/0x460\n flexcop_device_kmalloc+0x54/0xe0\n flexcop_pci_probe+0x1f/0x9d0\n local_pci_probe+0xdc/0x190\n pci_device_probe+0x2fe/0x470\n really_probe+0x1ca/0x5c0\n __driver_probe_device+0x248/0x310\n driver_probe_device+0x44/0x120\n __driver_attach+0xd2/0x310\n bus_for_each_dev+0xed/0x170\n bus_add_driver+0x208/0x500\n driver_register+0x132/0x460\n do_one_initcall+0x89/0x300\n kernel_init_freeable+0x40d/0x720\n kernel_init+0x1a/0x150\n ret_from_fork+0x10c/0x1a0\n ret_from_fork_asm+0x1a/0x30\n\nFreed by task 135:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3a/0x60\n __kasan_slab_free+0x3f/0x50\n kfree+0x137/0x370\n flexcop_device_kfree+0x32/0x50\n pci_device_remove+0xa6/0x1d0\n device_release_driver_internal+0xf8/0x210\n pci_stop_bus_device+0x105/0x150\n pci_stop_and_remove_bus_device_locked+0x15/0x30\n remove_store+0xcc/0xe0\n kernfs_fop_write_iter+0x2c3/0x440\n vfs_write+0x871/0xd70\n ksys_write+0xee/0x1c0\n do_syscall_64+0xac/0x280\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the delayed work item is properly canceled and any executing delayed\nwork has finished before the device memory is deallocated.\n\nThis bug was initially identified through static analysis. To reproduce\nand test it, I simulated the B2C2 FlexCop PCI device in QEMU and introduced\nartificial delays within the flexcop_pci_irq_check_work() function to\nincrease the likelihood of triggering the bug.", "Severity": "MEDIUM", "VendorSeverity": { "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39996", "https://git.kernel.org/linus/01e03fb7db419d39e18d6090d4873c1bff103914 (6.18-rc1)", "https://git.kernel.org/stable/c/01e03fb7db419d39e18d6090d4873c1bff103914", "https://git.kernel.org/stable/c/120e221b4bbe9d0f6c09b5c4dc53ca4ad91d956b", "https://git.kernel.org/stable/c/3ffabc79388e68877d9c02f724a0b7a38d519daf", "https://git.kernel.org/stable/c/514a519baa9e2be7ddc2714bd730bc5a883e1244", "https://git.kernel.org/stable/c/607010d07b8a509b01ed15ea12744acac6536a98", "https://git.kernel.org/stable/c/6a92f5796880f5aa345f0fed53ef511e3fd6f706", "https://git.kernel.org/stable/c/bb10a9ddc8d6c5dbf098f21eb1055a652652e524", "https://git.kernel.org/stable/c/bde8173def374230226e8554efb51b271f4066ec", "https://git.kernel.org/stable/c/d502df8a716d993fa0f9d8c00684f1190750e28e", "https://linux.oracle.com/cve/CVE-2025-39996.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025101528-CVE-2025-39996-b297@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39996", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-39996" ], "PublishedDate": "2025-10-15T08:15:37.817Z", "LastModifiedDate": "2025-10-29T14:15:52.13Z" }, { "VulnerabilityID": "CVE-2025-39998", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-39998", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:af82df830caa9cd7f8d3f8bef582e23c8ccdbede341f462b4860cf4753b5152f", "Title": "kernel: Linux kernel: Buffer overflow in target_lu_gp_members_show can lead to arbitrary code execution", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: target_core_configfs: Add length check to avoid buffer overflow\n\nA buffer overflow arises from the usage of snprintf to write into the\nbuffer \"buf\" in target_lu_gp_members_show function located in\n/drivers/target/target_core_configfs.c. This buffer is allocated with\nsize LU_GROUP_NAME_BUF (256 bytes).\n\nsnprintf(...) formats multiple strings into buf with the HBA name\n(hba-\u003ehba_group.cg_item), a slash character, a devicename (dev-\u003e\ndev_group.cg_item) and a newline character, the total formatted string\nlength may exceed the buffer size of 256 bytes.\n\nSince snprintf() returns the total number of bytes that would have been\nwritten (the length of %s/%sn ), this value may exceed the buffer length\n(256 bytes) passed to memcpy(), this will ultimately cause function\nmemcpy reporting a buffer overflow error.\n\nAn additional check of the return value of snprintf() can avoid this\nbuffer overflow.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-39998", "https://git.kernel.org/linus/27e06650a5eafe832a90fd2604f0c5e920857fae (6.18-rc1)", "https://git.kernel.org/stable/c/27e06650a5eafe832a90fd2604f0c5e920857fae", "https://git.kernel.org/stable/c/4b292286949588bd2818e66ff102db278de8dd26", "https://git.kernel.org/stable/c/53c6351597e6a17ec6619f6f060d54128cb9a187", "https://git.kernel.org/stable/c/764a91e2fc9639e07aac93bc70e387e6b1e33084", "https://git.kernel.org/stable/c/a150275831b765b0f1de8b8ff52ec5c6933ac15d", "https://git.kernel.org/stable/c/ddc79fba132b807ff775467acceaf48b456e008b", "https://git.kernel.org/stable/c/e6eeee5dc0d9221ff96d1b229b1d0222c8871b84", "https://git.kernel.org/stable/c/e73fe0eefac3e15bf88fb5b4afae4c76215ee4d4", "https://git.kernel.org/stable/c/f03aa5e39da7d045615b3951d2a6ca1d7132f881", "https://linux.oracle.com/cve/CVE-2025-39998.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025101529-CVE-2025-39998-57d5@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-39998", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-39998" ], "PublishedDate": "2025-10-15T08:15:38.077Z", "LastModifiedDate": "2025-10-29T14:15:52.25Z" }, { "VulnerabilityID": "CVE-2025-40001", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40001", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f0c17f184237517eb604d008a7fc962b4cb7800edea0e00d30defd4d3692c6a5", "Title": "kernel: scsi: mvsas: Fix use-after-free bugs in mvs_work_queue", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mvsas: Fix use-after-free bugs in mvs_work_queue\n\nDuring the detaching of Marvell's SAS/SATA controller, the original code\ncalls cancel_delayed_work() in mvs_free() to cancel the delayed work\nitem mwq-\u003ework_q. However, if mwq-\u003ework_q is already running, the\ncancel_delayed_work() may fail to cancel it. This can lead to\nuse-after-free scenarios where mvs_free() frees the mvs_info while\nmvs_work_queue() is still executing and attempts to access the\nalready-freed mvs_info.\n\nA typical race condition is illustrated below:\n\nCPU 0 (remove) | CPU 1 (delayed work callback)\nmvs_pci_remove() |\n mvs_free() | mvs_work_queue()\n cancel_delayed_work() |\n kfree(mvi) |\n | mvi-\u003e // UAF\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the delayed work item is properly canceled and any executing\ndelayed work item completes before the mvs_info is deallocated.\n\nThis bug was found by static analysis.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 3, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40001", "https://git.kernel.org/linus/60cd16a3b7439ccb699d0bf533799eeb894fd217 (6.18-rc1)", "https://git.kernel.org/stable/c/00d3af40b158ebf7c7db2b3bbb1598a54bf28127", "https://git.kernel.org/stable/c/3c90f583d679c81a5a607a6ae0051251b6dee35b", "https://git.kernel.org/stable/c/60cd16a3b7439ccb699d0bf533799eeb894fd217", "https://git.kernel.org/stable/c/6ba7e73cafd155a5d3abf560d315f0bab2b9d89f", "https://git.kernel.org/stable/c/a6f68f219d4d4b92d7c781708d4afc4cc42961ec", "https://git.kernel.org/stable/c/aacd1777d4a795c387a20b9ca776e2c1225d05d7", "https://git.kernel.org/stable/c/c2c35cb2a31844f84f21ab364b38b4309d756d42", "https://git.kernel.org/stable/c/feb946d2fc9dc754bf3d594d42cd228860ff8647", "https://linux.oracle.com/cve/CVE-2025-40001.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025101826-CVE-2025-40001-76a0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40001", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40001" ], "PublishedDate": "2025-10-18T08:15:34.13Z", "LastModifiedDate": "2025-10-29T14:15:52.37Z" }, { "VulnerabilityID": "CVE-2025-40003", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40003", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:15c51b512c774556c23d45913147c0d24604afc3d85f79946eed5ef29174d0a2", "Title": "kernel: net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mscc: ocelot: Fix use-after-free caused by cyclic delayed work\n\nThe origin code calls cancel_delayed_work() in ocelot_stats_deinit()\nto cancel the cyclic delayed work item ocelot-\u003estats_work. However,\ncancel_delayed_work() may fail to cancel the work item if it is already\nexecuting. While destroy_workqueue() does wait for all pending work items\nin the work queue to complete before destroying the work queue, it cannot\nprevent the delayed work item from being rescheduled within the\nocelot_check_stats_work() function. This limitation exists because the\ndelayed work item is only enqueued into the work queue after its timer\nexpires. Before the timer expiration, destroy_workqueue() has no visibility\nof this pending work item. Once the work queue appears empty,\ndestroy_workqueue() proceeds with destruction. When the timer eventually\nexpires, the delayed work item gets queued again, leading to the following\nwarning:\n\nworkqueue: cannot queue ocelot_check_stats_work on wq ocelot-switch-stats\nWARNING: CPU: 2 PID: 0 at kernel/workqueue.c:2255 __queue_work+0x875/0xaf0\n...\nRIP: 0010:__queue_work+0x875/0xaf0\n...\nRSP: 0018:ffff88806d108b10 EFLAGS: 00010086\nRAX: 0000000000000000 RBX: 0000000000000101 RCX: 0000000000000027\nRDX: 0000000000000027 RSI: 0000000000000004 RDI: ffff88806d123e88\nRBP: ffffffff813c3170 R08: 0000000000000000 R09: ffffed100da247d2\nR10: ffffed100da247d1 R11: ffff88806d123e8b R12: ffff88800c00f000\nR13: ffff88800d7285c0 R14: ffff88806d0a5580 R15: ffff88800d7285a0\nFS: 0000000000000000(0000) GS:ffff8880e5725000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fe18e45ea10 CR3: 0000000005e6c000 CR4: 00000000000006f0\nCall Trace:\n \u003cIRQ\u003e\n ? kasan_report+0xc6/0xf0\n ? __pfx_delayed_work_timer_fn+0x10/0x10\n ? __pfx_delayed_work_timer_fn+0x10/0x10\n call_timer_fn+0x25/0x1c0\n __run_timer_base.part.0+0x3be/0x8c0\n ? __pfx_delayed_work_timer_fn+0x10/0x10\n ? rcu_sched_clock_irq+0xb06/0x27d0\n ? __pfx___run_timer_base.part.0+0x10/0x10\n ? try_to_wake_up+0xb15/0x1960\n ? _raw_spin_lock_irq+0x80/0xe0\n ? __pfx__raw_spin_lock_irq+0x10/0x10\n tmigr_handle_remote_up+0x603/0x7e0\n ? __pfx_tmigr_handle_remote_up+0x10/0x10\n ? sched_balance_trigger+0x1c0/0x9f0\n ? sched_tick+0x221/0x5a0\n ? _raw_spin_lock_irq+0x80/0xe0\n ? __pfx__raw_spin_lock_irq+0x10/0x10\n ? tick_nohz_handler+0x339/0x440\n ? __pfx_tmigr_handle_remote_up+0x10/0x10\n __walk_groups.isra.0+0x42/0x150\n tmigr_handle_remote+0x1f4/0x2e0\n ? __pfx_tmigr_handle_remote+0x10/0x10\n ? ktime_get+0x60/0x140\n ? lapic_next_event+0x11/0x20\n ? clockevents_program_event+0x1d4/0x2a0\n ? hrtimer_interrupt+0x322/0x780\n handle_softirqs+0x16a/0x550\n irq_exit_rcu+0xaf/0xe0\n sysvec_apic_timer_interrupt+0x70/0x80\n \u003c/IRQ\u003e\n...\n\nThe following diagram reveals the cause of the above warning:\n\nCPU 0 (remove) | CPU 1 (delayed work callback)\nmscc_ocelot_remove() |\n ocelot_deinit() | ocelot_check_stats_work()\n ocelot_stats_deinit() |\n cancel_delayed_work()| ...\n | queue_delayed_work()\n destroy_workqueue() | (wait a time)\n | __queue_work() //UAF\n\nThe above scenario actually constitutes a UAF vulnerability.\n\nThe ocelot_stats_deinit() is only invoked when initialization\nfailure or resource destruction, so we must ensure that any\ndelayed work items cannot be rescheduled.\n\nReplace cancel_delayed_work() with disable_delayed_work_sync()\nto guarantee proper cancellation of the delayed work item and\nensure completion of any currently executing work before the\nworkqueue is deallocated.\n\nA deadlock concern was considered: ocelot_stats_deinit() is called\nin a process context and is not holding any locks that the delayed\nwork item might also need. Therefore, the use of the _sync() variant\nis safe here.\n\nThis bug was identified through static analysis. To reproduce the\nissue and validate the fix, I simulated ocelot-swit\n---truncated---", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40003", "https://git.kernel.org/linus/bc9ea787079671cb19a8b25ff9f02be5ef6bfcf5 (6.18-rc1)", "https://git.kernel.org/stable/c/70acdd1eb35ffb3afdcb59e4c3bbb178da411d0f", "https://git.kernel.org/stable/c/bc9ea787079671cb19a8b25ff9f02be5ef6bfcf5", "https://git.kernel.org/stable/c/c3363db5d0685a8d077ade706051bbccc75f7e14", "https://lore.kernel.org/linux-cve-announce/2025101829-CVE-2025-40003-cc34@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40003", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://www.cve.org/CVERecord?id=CVE-2025-40003" ], "PublishedDate": "2025-10-18T08:15:34.34Z", "LastModifiedDate": "2025-10-21T19:31:25.45Z" }, { "VulnerabilityID": "CVE-2025-40005", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40005", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0433a562fd42ab1e6198c6fa6f9de15a5ce821c25eaf3da50021963eb122d2fd", "Title": "kernel: spi: cadence-quadspi: Implement refcount to handle unbind during busy", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: cadence-quadspi: Implement refcount to handle unbind during busy\n\ndriver support indirect read and indirect write operation with\nassumption no force device removal(unbind) operation. However\nforce device removal(removal) is still available to root superuser.\n\nUnbinding driver during operation causes kernel crash. This changes\nensure driver able to handle such operation for indirect read and\nindirect write by implementing refcount to track attached devices\nto the controller and gracefully wait and until attached devices\nremove operation completed before proceed with removal operation.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H", "V3Score": 5.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40005", "https://git.kernel.org/linus/7446284023e8ef694fb392348185349c773eefb3 (6.17-rc5)", "https://git.kernel.org/stable/c/56787f4a75907ae99b5f5842b756fa68e2482f6d", "https://git.kernel.org/stable/c/65ed52200080eafce3eead05cf22ce01238defca", "https://git.kernel.org/stable/c/7446284023e8ef694fb392348185349c773eefb3", "https://git.kernel.org/stable/c/8df235f768cea7a5829cb02525622646eb0df5f5", "https://git.kernel.org/stable/c/b7ec8a2b094a33d0464958c2cbf75b8f229098b0", "https://lore.kernel.org/linux-cve-announce/2025102000-CVE-2025-40005-b351@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40005", "https://www.cve.org/CVERecord?id=CVE-2025-40005" ], "PublishedDate": "2025-10-20T16:15:37.127Z", "LastModifiedDate": "2026-03-25T11:16:12.737Z" }, { "VulnerabilityID": "CVE-2025-40006", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40006", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:03163803688f8f6e078c6cb5b2af8dc67960d3e58505c91d92b894e342adac8a", "Title": "kernel: mm/hugetlb: fix folio is still mapped when deleted", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: fix folio is still mapped when deleted\n\nMigration may be raced with fallocating hole. remove_inode_single_folio\nwill unmap the folio if the folio is still mapped. However, it's called\nwithout folio lock. If the folio is migrated and the mapped pte has been\nconverted to migration entry, folio_mapped() returns false, and won't\nunmap it. Due to extra refcount held by remove_inode_single_folio,\nmigration fails, restores migration entry to normal pte, and the folio is\nmapped again. As a result, we triggered BUG in filemap_unaccount_folio.\n\nThe log is as follows:\n BUG: Bad page cache in process hugetlb pfn:156c00\n page: refcount:515 mapcount:0 mapping:0000000099fef6e1 index:0x0 pfn:0x156c00\n head: order:9 mapcount:1 entire_mapcount:1 nr_pages_mapped:0 pincount:0\n aops:hugetlbfs_aops ino:dcc dentry name(?):\"my_hugepage_file\"\n flags: 0x17ffffc00000c1(locked|waiters|head|node=0|zone=2|lastcpupid=0x1fffff)\n page_type: f4(hugetlb)\n page dumped because: still mapped when deleted\n CPU: 1 UID: 0 PID: 395 Comm: hugetlb Not tainted 6.17.0-rc5-00044-g7aac71907bde-dirty #484 NONE\n Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 0.0.0 02/06/2015\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x4f/0x70\n filemap_unaccount_folio+0xc4/0x1c0\n __filemap_remove_folio+0x38/0x1c0\n filemap_remove_folio+0x41/0xd0\n remove_inode_hugepages+0x142/0x250\n hugetlbfs_fallocate+0x471/0x5a0\n vfs_fallocate+0x149/0x380\n\nHold folio lock before checking if the folio is mapped to avold race with\nmigration.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40006", "https://git.kernel.org/linus/7b7387650dcf2881fd8bb55bcf3c8bd6c9542dd7 (6.17)", "https://git.kernel.org/stable/c/21ee79ce938127f88fe07e409c1817f477dbe7ea", "https://git.kernel.org/stable/c/3e851448078f5b01f6264915df3cfef75e323a12", "https://git.kernel.org/stable/c/7b7387650dcf2881fd8bb55bcf3c8bd6c9542dd7", "https://git.kernel.org/stable/c/910d7749346c4b0acdc6e4adfdc4a9984281a206", "https://git.kernel.org/stable/c/91f548e920fbf8be3f285bfa3fa045ae017e836d", "https://git.kernel.org/stable/c/bc1c9ce8aeff45318332035dbef9713fb9e982d7", "https://git.kernel.org/stable/c/c1dc0524ab2cc3982d4e0d2bfac71a0cd4d65c39", "https://git.kernel.org/stable/c/c9c2a51f91aea70e89b496cac360cd795a2b3c26", "https://linux.oracle.com/cve/CVE-2025-40006.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-40006", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40006" ], "PublishedDate": "2025-10-20T16:15:37.24Z", "LastModifiedDate": "2025-10-21T19:31:25.45Z" }, { "VulnerabilityID": "CVE-2025-40011", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40011", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ce78aeb61a1f6488e3731767d56a97eed679f1d022c395f7a6089feb655c1ba6", "Title": "kernel: drm/gma500: Fix null dereference in hdmi teardown", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: Fix null dereference in hdmi teardown\n\npci_set_drvdata sets the value of pdev-\u003edriver_data to NULL,\nafter which the driver_data obtained from the same dev is\ndereferenced in oaktrail_hdmi_i2c_exit, and the i2c_dev is\nextracted from it. To prevent this, swap these calls.\n\nFound by Linux Verification Center (linuxtesting.org) with Svacer.", "Severity": "MEDIUM", "VendorSeverity": { "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40011", "https://git.kernel.org/linus/352e66900cde63f3dadb142364d3c35170bbaaff (6.17)", "https://git.kernel.org/stable/c/02e4ff4941efb9bbb40d8d5b61efa1a4119b1ba7", "https://git.kernel.org/stable/c/0fc650fa475b50c1da8236c5e900b9460c7027bc", "https://git.kernel.org/stable/c/352e66900cde63f3dadb142364d3c35170bbaaff", "https://git.kernel.org/stable/c/4bbfd1b290857b9d14ea9d91562bde55ff2bc85e", "https://git.kernel.org/stable/c/6ffa6b5bc861a3ea9dfcdc007f002b4a347c24ba", "https://git.kernel.org/stable/c/70b0c11483d3b90b2d0f416026e475e084a77e62", "https://git.kernel.org/stable/c/e15de80737d444ed743b1c60ced4a3a97913169b", "https://git.kernel.org/stable/c/f800f7054d2cf28b51296c7c575da27c29e3859b", "https://linux.oracle.com/cve/CVE-2025-40011.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025102003-CVE-2025-40011-f8f9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40011", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40011" ], "PublishedDate": "2025-10-20T16:15:37.813Z", "LastModifiedDate": "2025-10-21T19:31:25.45Z" }, { "VulnerabilityID": "CVE-2025-40012", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40012", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:dd8e71d2fd0545639e1e4fbaebd789406ad0f58f2d1f9f35e13f0acc8715b0f5", "Title": "kernel: net/smc: fix warning in smc_rx_splice() when calling get_page()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix warning in smc_rx_splice() when calling get_page()\n\nsmc_lo_register_dmb() allocates DMB buffers with kzalloc(), which are\nlater passed to get_page() in smc_rx_splice(). Since kmalloc memory is\nnot page-backed, this triggers WARN_ON_ONCE() in get_page() and prevents\nholding a refcount on the buffer. This can lead to use-after-free if\nthe memory is released before splice_to_pipe() completes.\n\nUse folio_alloc() instead, ensuring DMBs are page-backed and safe for\nget_page().\n\nWARNING: CPU: 18 PID: 12152 at ./include/linux/mm.h:1330 smc_rx_splice+0xaf8/0xe20 [smc]\nCPU: 18 UID: 0 PID: 12152 Comm: smcapp Kdump: loaded Not tainted 6.17.0-rc3-11705-g9cf4672ecfee #10 NONE\nHardware name: IBM 3931 A01 704 (z/VM 7.4.0)\nKrnl PSW : 0704e00180000000 000793161032696c (smc_rx_splice+0xafc/0xe20 [smc])\n R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 RI:0 EA:3\nKrnl GPRS: 0000000000000000 001cee80007d3001 00077400000000f8 0000000000000005\n 0000000000000001 001cee80007d3006 0007740000001000 001c000000000000\n 000000009b0c99e0 0000000000001000 001c0000000000f8 001c000000000000\n 000003ffcc6f7c88 0007740003e98000 0007931600000005 000792969b2ff7b8\nKrnl Code: 0007931610326960: af000000\t\tmc\t0,0\n 0007931610326964: a7f4ff43\t\tbrc\t15,00079316103267ea\n #0007931610326968: af000000\t\tmc\t0,0\n \u003e000793161032696c: a7f4ff3f\t\tbrc\t15,00079316103267ea\n 0007931610326970: e320f1000004\tlg\t%r2,256(%r15)\n 0007931610326976: c0e53fd1b5f5\tbrasl\t%r14,000793168fd5d560\n 000793161032697c: a7f4fbb5\t\tbrc\t15,00079316103260e6\n 0007931610326980: b904002b\t\tlgr\t%r2,%r11\nCall Trace:\n smc_rx_splice+0xafc/0xe20 [smc]\n smc_rx_splice+0x756/0xe20 [smc])\n smc_rx_recvmsg+0xa74/0xe00 [smc]\n smc_splice_read+0x1ce/0x3b0 [smc]\n sock_splice_read+0xa2/0xf0\n do_splice_read+0x198/0x240\n splice_file_to_pipe+0x7e/0x110\n do_splice+0x59e/0xde0\n __do_splice+0x11a/0x2d0\n __s390x_sys_splice+0x140/0x1f0\n __do_syscall+0x122/0x280\n system_call+0x6e/0x90\nLast Breaking-Event-Address:\nsmc_rx_splice+0x960/0xe20 [smc]\n---[ end trace 0000000000000000 ]---", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40012", "https://git.kernel.org/linus/a35c04de2565db191726b5741e6b66a35002c652 (6.17)", "https://git.kernel.org/stable/c/14fc4fdae42e34d7ee871b292ac2ecc61c2c5de7", "https://git.kernel.org/stable/c/a35c04de2565db191726b5741e6b66a35002c652", "https://git.kernel.org/stable/c/d5411685dc2f6ac7bdf01a0a204d56cae38c6cf6", "https://lore.kernel.org/linux-cve-announce/2025102003-CVE-2025-40012-86b3@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40012", "https://www.cve.org/CVERecord?id=CVE-2025-40012" ], "PublishedDate": "2025-10-20T16:15:37.937Z", "LastModifiedDate": "2025-10-21T19:31:25.45Z" }, { "VulnerabilityID": "CVE-2025-40016", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40016", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:25905761fd6cf83322160d56be4056a3e46ba7d9001b8f5a50761bbc2a66ce27", "Title": "kernel: Linux kernel: uvcvideo Denial of Service from invalid UVC entity IDs", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID\n\nPer UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero\nunique ID.\n\n```\nEach Unit and Terminal within the video function is assigned a unique\nidentification number, the Unit ID (UID) or Terminal ID (TID), contained in\nthe bUnitID or bTerminalID field of the descriptor. The value 0x00 is\nreserved for undefined ID,\n```\n\nIf we add a new entity with id 0 or a duplicated ID, it will be marked\nas UVC_INVALID_ENTITY_ID.\n\nIn a previous attempt commit 3dd075fe8ebb (\"media: uvcvideo: Require\nentities to have a non-zero unique ID\"), we ignored all the invalid units,\nthis broke a lot of non-compatible cameras. Hopefully we are more lucky\nthis time.\n\nThis also prevents some syzkaller reproducers from triggering warnings due\nto a chain of entities referring to themselves. In one particular case, an\nOutput Unit is connected to an Input Unit, both with the same ID of 1. But\nwhen looking up for the source ID of the Output Unit, that same entity is\nfound instead of the input entity, which leads to such warnings.\n\nIn another case, a backward chain was considered finished as the source ID\nwas 0. Later on, that entity was found, but its pads were not valid.\n\nHere is a sample stack trace for one of those cases.\n\n[ 20.650953] usb 1-1: new high-speed USB device number 2 using dummy_hcd\n[ 20.830206] usb 1-1: Using ep0 maxpacket: 8\n[ 20.833501] usb 1-1: config 0 descriptor??\n[ 21.038518] usb 1-1: string descriptor 0 read error: -71\n[ 21.038893] usb 1-1: Found UVC 0.00 device \u003cunnamed\u003e (2833:0201)\n[ 21.039299] uvcvideo 1-1:0.0: Entity type for entity Output 1 was not initialized!\n[ 21.041583] uvcvideo 1-1:0.0: Entity type for entity Input 1 was not initialized!\n[ 21.042218] ------------[ cut here ]------------\n[ 21.042536] WARNING: CPU: 0 PID: 9 at drivers/media/mc/mc-entity.c:1147 media_create_pad_link+0x2c4/0x2e0\n[ 21.043195] Modules linked in:\n[ 21.043535] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.11.0-rc7-00030-g3480e43aeccf #444\n[ 21.044101] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n[ 21.044639] Workqueue: usb_hub_wq hub_event\n[ 21.045100] RIP: 0010:media_create_pad_link+0x2c4/0x2e0\n[ 21.045508] Code: fe e8 20 01 00 00 b8 f4 ff ff ff 48 83 c4 30 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 0f 0b eb e9 0f 0b eb 0a 0f 0b eb 06 \u003c0f\u003e 0b eb 02 0f 0b b8 ea ff ff ff eb d4 66 2e 0f 1f 84 00 00 00 00\n[ 21.046801] RSP: 0018:ffffc9000004b318 EFLAGS: 00010246\n[ 21.047227] RAX: ffff888004e5d458 RBX: 0000000000000000 RCX: ffffffff818fccf1\n[ 21.047719] RDX: 000000000000007b RSI: 0000000000000000 RDI: ffff888004313290\n[ 21.048241] RBP: ffff888004313290 R08: 0001ffffffffffff R09: 0000000000000000\n[ 21.048701] R10: 0000000000000013 R11: 0001888004313290 R12: 0000000000000003\n[ 21.049138] R13: ffff888004313080 R14: ffff888004313080 R15: 0000000000000000\n[ 21.049648] FS: 0000000000000000(0000) GS:ffff88803ec00000(0000) knlGS:0000000000000000\n[ 21.050271] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 21.050688] CR2: 0000592cc27635b0 CR3: 000000000431c000 CR4: 0000000000750ef0\n[ 21.051136] PKRU: 55555554\n[ 21.051331] Call Trace:\n[ 21.051480] \u003cTASK\u003e\n[ 21.051611] ? __warn+0xc4/0x210\n[ 21.051861] ? media_create_pad_link+0x2c4/0x2e0\n[ 21.052252] ? report_bug+0x11b/0x1a0\n[ 21.052540] ? trace_hardirqs_on+0x31/0x40\n[ 21.052901] ? handle_bug+0x3d/0x70\n[ 21.053197] ? exc_invalid_op+0x1a/0x50\n[ 21.053511] ? asm_exc_invalid_op+0x1a/0x20\n[ 21.053924] ? media_create_pad_link+0x91/0x2e0\n[ 21.054364] ? media_create_pad_link+0x2c4/0x2e0\n[ 21.054834] ? media_create_pad_link+0x91/0x2e0\n[ 21.055131] ? _raw_spin_unlock+0x1e/0x40\n[ 21.055441] ? __v4l2_device_register_subdev+0x202/0x210\n[ 21.055837] uvc_mc_register_entities+0x358/0x400\n[ 21.056144] uvc_register_chains+0x1\n---truncated---", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40016", "https://git.kernel.org/linus/0e2ee70291e64a30fe36960c85294726d34a103e (6.18-rc1)", "https://git.kernel.org/stable/c/000b2a6bed7f30e0aadfb19bce9af6458d879304", "https://git.kernel.org/stable/c/0e2ee70291e64a30fe36960c85294726d34a103e", "https://git.kernel.org/stable/c/0f140cede24334b3ee55e3e1127071266cbb8287", "https://git.kernel.org/stable/c/15c0e136bd8cd70a1136a11c7876d6aae0eef8c8", "https://git.kernel.org/stable/c/f617d515d66c05e9aebc787a8fe48b7163fc7b70", "https://lore.kernel.org/linux-cve-announce/2025102004-CVE-2025-40016-bfe1@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40016", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40016" ], "PublishedDate": "2025-10-20T16:15:38.387Z", "LastModifiedDate": "2025-10-21T19:31:25.45Z" }, { "VulnerabilityID": "CVE-2025-40018", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-164.174", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40018", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:84812aebbde5eb1c7d596db10ad5db747c12fe9756b0406b0c2c1210b72a9969", "Title": "kernel: ipvs: Defer ip_vs_ftp unregister during netns cleanup", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: Defer ip_vs_ftp unregister during netns cleanup\n\nOn the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp\nbefore connections with valid cp-\u003eapp pointers are flushed, leading to a\nuse-after-free.\n\nFix this by introducing a global `exiting_module` flag, set to true in\nip_vs_ftp_exit() before unregistering the pernet subsystem. In\n__ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns\ncleanup (when exiting_module is false) and defer it to\n__ip_vs_cleanup_batch(), which unregisters all apps after all connections\nare flushed. If called during module exit, unregister ip_vs_ftp\nimmediately.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 6.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40018", "https://git.kernel.org/linus/134121bfd99a06d44ef5ba15a9beb075297c0821 (6.18-rc1)", "https://git.kernel.org/stable/c/134121bfd99a06d44ef5ba15a9beb075297c0821", "https://git.kernel.org/stable/c/1d79471414d7b9424d699afff2aa79fff322f52d", "https://git.kernel.org/stable/c/421b1ae1574dfdda68b835c15ac4921ec0030182", "https://git.kernel.org/stable/c/53717f8a4347b78eac6488072ad8e5adbaff38d9", "https://git.kernel.org/stable/c/8a6ecab3847c213ce2855b0378e63ce839085de3", "https://git.kernel.org/stable/c/8cbe2a21d85727b66d7c591fd5d83df0d8c4f757", "https://git.kernel.org/stable/c/a343811ef138a265407167294275201621e9ebb2", "https://git.kernel.org/stable/c/dc1a481359a72ee7e548f1f5da671282a7c13b8f", "https://linux.oracle.com/cve/CVE-2025-40018.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025102433-CVE-2025-40018-96db@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40018", "https://ubuntu.com/security/notices/USN-7907-1", "https://ubuntu.com/security/notices/USN-7907-2", "https://ubuntu.com/security/notices/USN-7907-3", "https://ubuntu.com/security/notices/USN-7907-4", "https://ubuntu.com/security/notices/USN-7907-5", "https://ubuntu.com/security/notices/USN-7920-1", "https://ubuntu.com/security/notices/USN-7920-2", "https://ubuntu.com/security/notices/USN-7921-1", "https://ubuntu.com/security/notices/USN-7921-2", "https://ubuntu.com/security/notices/USN-7922-1", "https://ubuntu.com/security/notices/USN-7922-2", "https://ubuntu.com/security/notices/USN-7922-3", "https://ubuntu.com/security/notices/USN-7922-4", "https://ubuntu.com/security/notices/USN-7922-5", "https://ubuntu.com/security/notices/USN-7928-1", "https://ubuntu.com/security/notices/USN-7928-2", "https://ubuntu.com/security/notices/USN-7928-3", "https://ubuntu.com/security/notices/USN-7928-4", "https://ubuntu.com/security/notices/USN-7928-5", "https://ubuntu.com/security/notices/USN-7930-1", "https://ubuntu.com/security/notices/USN-7930-2", "https://ubuntu.com/security/notices/USN-7931-1", "https://ubuntu.com/security/notices/USN-7931-2", "https://ubuntu.com/security/notices/USN-7931-3", "https://ubuntu.com/security/notices/USN-7931-4", "https://ubuntu.com/security/notices/USN-7931-5", "https://ubuntu.com/security/notices/USN-7934-1", "https://ubuntu.com/security/notices/USN-7935-1", "https://ubuntu.com/security/notices/USN-7936-1", "https://ubuntu.com/security/notices/USN-7937-1", "https://ubuntu.com/security/notices/USN-7938-1", "https://ubuntu.com/security/notices/USN-7939-1", "https://ubuntu.com/security/notices/USN-7939-2", "https://ubuntu.com/security/notices/USN-7940-1", "https://ubuntu.com/security/notices/USN-7940-2", "https://www.cve.org/CVERecord?id=CVE-2025-40018" ], "PublishedDate": "2025-10-24T12:15:37.703Z", "LastModifiedDate": "2025-10-29T14:15:52.53Z" }, { "VulnerabilityID": "CVE-2025-40019", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-168.178", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40019", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:378b1bf06a0790e5a4589e4260c993c9607848420cedec60a46028e2103bc276", "Title": "kernel: crypto: essiv - Check ssize for decryption and in-place encryption", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: essiv - Check ssize for decryption and in-place encryption\n\nMove the ssize check to the start in essiv_aead_crypt so that\nit's also checked for decryption and in-place encryption.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40019", "https://git.kernel.org/linus/6bb73db6948c2de23e407fe1b7ef94bf02b7529f (6.18-rc1)", "https://git.kernel.org/stable/c/248ff2797ff52a8cbf86507f9583437443bf7685", "https://git.kernel.org/stable/c/29294dd6f1e7acf527255fb136ffde6602c3a129", "https://git.kernel.org/stable/c/6bb73db6948c2de23e407fe1b7ef94bf02b7529f", "https://git.kernel.org/stable/c/71f03f8f72d9c70ffba76980e78b38c180e61589", "https://git.kernel.org/stable/c/da7afb01ba05577ba3629f7f4824205550644986", "https://git.kernel.org/stable/c/dc4c854a5e7453c465fa73b153eba4ef2a240abe", "https://git.kernel.org/stable/c/df58651968f82344a0ed2afdafd20ecfc55ff548", "https://git.kernel.org/stable/c/f37e7860dc5e94c70b4a3e38a5809181310ea9ac", "https://linux.oracle.com/cve/CVE-2025-40019.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025102433-CVE-2025-40019-a8e7@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40019", "https://ubuntu.com/security/notices/USN-7990-1", "https://ubuntu.com/security/notices/USN-7990-2", "https://ubuntu.com/security/notices/USN-7990-3", "https://ubuntu.com/security/notices/USN-7990-4", "https://ubuntu.com/security/notices/USN-7990-5", "https://ubuntu.com/security/notices/USN-7990-6", "https://ubuntu.com/security/notices/USN-8013-1", "https://ubuntu.com/security/notices/USN-8013-2", "https://ubuntu.com/security/notices/USN-8013-3", "https://ubuntu.com/security/notices/USN-8013-4", "https://ubuntu.com/security/notices/USN-8014-1", "https://ubuntu.com/security/notices/USN-8015-1", "https://ubuntu.com/security/notices/USN-8015-2", "https://ubuntu.com/security/notices/USN-8015-3", "https://ubuntu.com/security/notices/USN-8015-4", "https://ubuntu.com/security/notices/USN-8015-5", "https://ubuntu.com/security/notices/USN-8016-1", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40019" ], "PublishedDate": "2025-10-24T12:15:37.82Z", "LastModifiedDate": "2025-10-29T14:15:52.68Z" }, { "VulnerabilityID": "CVE-2025-40020", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40020", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:495e42e07a93874c04bdbc7e9b16cc1d1e8e809607979f9f01bf6965386ca3e7", "Title": "kernel: can: peak_usb: fix shift-out-of-bounds issue", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: peak_usb: fix shift-out-of-bounds issue\n\nExplicitly uses a 64-bit constant when the number of bits used for its\nshifting is 32 (which is the case for PC CAN FD interfaces supported by\nthis driver).\n\n[mkl: update subject, apply manually]", "Severity": "MEDIUM", "VendorSeverity": { "azure": 3, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40020", "https://git.kernel.org/linus/c443be70aaee42c2d1d251e0329e0a69dd96ae54 (6.17)", "https://git.kernel.org/stable/c/176c81cbf9c4e348610a421aad800087c0401f60", "https://git.kernel.org/stable/c/17edec1830e48c0becd61642d0e40bc753243b16", "https://git.kernel.org/stable/c/394c58017e5f41043584c345106cae16a4613710", "https://git.kernel.org/stable/c/48822a59ecc47d353400d38b1941d3ae7591ffff", "https://git.kernel.org/stable/c/572c656802781cc57f4a3231eefa83547e75ed78", "https://git.kernel.org/stable/c/61b1dd4c614935169d12bdecc26906e37b508618", "https://git.kernel.org/stable/c/c443be70aaee42c2d1d251e0329e0a69dd96ae54", "https://git.kernel.org/stable/c/eb79ed970670344380e77d62f8188e8015648d94", "https://linux.oracle.com/cve/CVE-2025-40020.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025102402-CVE-2025-40020-490f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40020", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40020" ], "PublishedDate": "2025-10-24T13:15:47.107Z", "LastModifiedDate": "2025-10-27T13:20:15.637Z" }, { "VulnerabilityID": "CVE-2025-40021", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40021", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:97ab5c6147703e2e09a04aaeed43414293c4575522d8c66572aac966c495d2f5", "Title": "kernel: tracing: dynevent: Add a missing lockdown check on dynevent", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: dynevent: Add a missing lockdown check on dynevent\n\nSince dynamic_events interface on tracefs is compatible with\nkprobe_events and uprobe_events, it should also check the lockdown\nstatus and reject if it is set.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40021", "https://git.kernel.org/linus/456c32e3c4316654f95f9d49c12cbecfb77d5660 (6.17)", "https://git.kernel.org/stable/c/07b1f63b5f86765793fab44d3d4c2be681cddafb", "https://git.kernel.org/stable/c/0d41604d2d53c1abe27fefb54b37a8f6642a4d74", "https://git.kernel.org/stable/c/3887f3814c0e770e6b73567fe0f83a2c01a6470c", "https://git.kernel.org/stable/c/456c32e3c4316654f95f9d49c12cbecfb77d5660", "https://git.kernel.org/stable/c/573b1e39edfcb7b4eecde0f1664455a1f4462eee", "https://git.kernel.org/stable/c/b47c4e06687a5a7b6c6ef4bd303fcfe4430b26bb", "https://git.kernel.org/stable/c/f3ac1f4eaba58e57943efa3e8b8d71fa7aab0abf", "https://linux.oracle.com/cve/CVE-2025-40021.html", "https://linux.oracle.com/errata/ELSA-2025-28048.html", "https://lore.kernel.org/linux-cve-announce/2025102403-CVE-2025-40021-fbe1@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40021", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40021" ], "PublishedDate": "2025-10-24T13:15:47.263Z", "LastModifiedDate": "2025-10-27T13:20:15.637Z" }, { "VulnerabilityID": "CVE-2025-40025", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40025", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0600b955eb8b04878e5c89fe5fb74f268618dd005e44cee088ef5b467c066fb4", "Title": "kernel: f2fs: fix to do sanity check on node footer for non inode dnode", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on node footer for non inode dnode\n\nAs syzbot reported below:\n\n------------[ cut here ]------------\nkernel BUG at fs/f2fs/file.c:1243!\nOops: invalid opcode: 0000 [#1] SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 5354 Comm: syz.0.0 Not tainted 6.17.0-rc1-syzkaller-00211-g90d970cade8e #0 PREEMPT(full)\nRIP: 0010:f2fs_truncate_hole+0x69e/0x6c0 fs/f2fs/file.c:1243\nCall Trace:\n \u003cTASK\u003e\n f2fs_punch_hole+0x2db/0x330 fs/f2fs/file.c:1306\n f2fs_fallocate+0x546/0x990 fs/f2fs/file.c:2018\n vfs_fallocate+0x666/0x7e0 fs/open.c:342\n ksys_fallocate fs/open.c:366 [inline]\n __do_sys_fallocate fs/open.c:371 [inline]\n __se_sys_fallocate fs/open.c:369 [inline]\n __x64_sys_fallocate+0xc0/0x110 fs/open.c:369\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f1e65f8ebe9\n\nw/ a fuzzed image, f2fs may encounter panic due to it detects inconsistent\ntruncation range in direct node in f2fs_truncate_hole().\n\nThe root cause is: a non-inode dnode may has the same footer.ino and\nfooter.nid, so the dnode will be parsed as an inode, then ADDRS_PER_PAGE()\nmay return wrong blkaddr count which may be 923 typically, by chance,\ndn.ofs_in_node is equal to 923, then count can be calculated to 0 in below\nstatement, later it will trigger panic w/ f2fs_bug_on(, count == 0 || ...).\n\n\tcount = min(end_offset - dn.ofs_in_node, pg_end - pg_start);\n\nThis patch introduces a new node_type NODE_TYPE_NON_INODE, then allowing\npassing the new_type to sanity_check_node_footer in f2fs_get_node_folio()\nto detect corruption that a non-inode dnode has the same footer.ino and\nfooter.nid.\n\nScripts to reproduce:\nmkfs.f2fs -f /dev/vdb\nmount /dev/vdb /mnt/f2fs\ntouch /mnt/f2fs/foo\ntouch /mnt/f2fs/bar\ndd if=/dev/zero of=/mnt/f2fs/foo bs=1M count=8\numount /mnt/f2fs\ninject.f2fs --node --mb i_nid --nid 4 --idx 0 --val 5 /dev/vdb\nmount /dev/vdb /mnt/f2fs\nxfs_io /mnt/f2fs/foo -c \"fpunch 6984k 4k\"", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40025", "https://git.kernel.org/stable/c/186098f34b8a5d65eb828f952c8cc56272c60ea0", "https://git.kernel.org/stable/c/c18ecd99e0c707ef8f83cace861cbc3162f4fdf1", "https://lore.kernel.org/linux-cve-announce/2025102839-CVE-2025-40025-0d25@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40025", "https://ubuntu.com/security/notices/USN-7906-1", "https://ubuntu.com/security/notices/USN-7906-2", "https://ubuntu.com/security/notices/USN-7906-3", "https://www.cve.org/CVERecord?id=CVE-2025-40025" ], "PublishedDate": "2025-10-28T10:15:40.92Z", "LastModifiedDate": "2025-10-30T15:05:32.197Z" }, { "VulnerabilityID": "CVE-2025-40026", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40026", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4e8d64970ae8a33b10d792f6d566bba5c19a41dad76062b28b3c2c5a00c6d6b8", "Title": "kernel: KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Don't (re)check L1 intercepts when completing userspace I/O\n\nWhen completing emulation of instruction that generated a userspace exit\nfor I/O, don't recheck L1 intercepts as KVM has already finished that\nphase of instruction execution, i.e. has already committed to allowing L2\nto perform I/O. If L1 (or host userspace) modifies the I/O permission\nbitmaps during the exit to userspace, KVM will treat the access as being\nintercepted despite already having emulated the I/O access.\n\nPivot on EMULTYPE_NO_DECODE to detect that KVM is completing emulation.\nOf the three users of EMULTYPE_NO_DECODE, only complete_emulated_io() (the\nintended \"recipient\") can reach the code in question. gp_interception()'s\nuse is mutually exclusive with is_guest_mode(), and\ncomplete_emulated_insn_gp() unconditionally pairs EMULTYPE_NO_DECODE with\nEMULTYPE_SKIP.\n\nThe bad behavior was detected by a syzkaller program that toggles port I/O\ninterception during the userspace I/O exit, ultimately resulting in a WARN\non vcpu-\u003earch.pio.count being non-zero due to KVM no completing emulation\nof the I/O instruction.\n\n WARNING: CPU: 23 PID: 1083 at arch/x86/kvm/x86.c:8039 emulator_pio_in_out+0x154/0x170 [kvm]\n Modules linked in: kvm_intel kvm irqbypass\n CPU: 23 UID: 1000 PID: 1083 Comm: repro Not tainted 6.16.0-rc5-c1610d2d66b1-next-vm #74 NONE\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n RIP: 0010:emulator_pio_in_out+0x154/0x170 [kvm]\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n kvm_fast_pio+0xd6/0x1d0 [kvm]\n vmx_handle_exit+0x149/0x610 [kvm_intel]\n kvm_arch_vcpu_ioctl_run+0xda8/0x1ac0 [kvm]\n kvm_vcpu_ioctl+0x244/0x8c0 [kvm]\n __x64_sys_ioctl+0x8a/0xd0\n do_syscall_64+0x5d/0xc60\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n \u003c/TASK\u003e", "Severity": "MEDIUM", "VendorSeverity": { "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40026", "https://git.kernel.org/stable/c/00338255bb1f422642fb2798ebe92e93b6e4209b", "https://git.kernel.org/stable/c/3a062a5c55adc5507600b9ae6d911e247e2f1d6e", "https://git.kernel.org/stable/c/3d3abf3f7e8b1abb082070a343de82d7efc80523", "https://git.kernel.org/stable/c/7366830642505683bbe905a2ba5d18d6e4b512b8", "https://git.kernel.org/stable/c/a908eca437789589dd4624da428614c1275064dc", "https://git.kernel.org/stable/c/ba35a5d775799ce5ad60230be97336f2fefd518e", "https://git.kernel.org/stable/c/e0ce3ed1048a47986d15aef1a98ebda25560d257", "https://git.kernel.org/stable/c/e7177c7e32cb806f348387b7f4faafd4a5b32054", "https://git.kernel.org/stable/c/e750f85391286a4c8100275516973324b621a269", "https://linux.oracle.com/cve/CVE-2025-40026.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025102841-CVE-2025-40026-760b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40026", "https://ubuntu.com/security/notices/USN-7906-1", "https://ubuntu.com/security/notices/USN-7906-2", "https://ubuntu.com/security/notices/USN-7906-3", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40026" ], "PublishedDate": "2025-10-28T10:15:42.167Z", "LastModifiedDate": "2025-10-30T15:05:32.197Z" }, { "VulnerabilityID": "CVE-2025-40027", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40027", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:996754f93536d1f10bd119ce47429769d2179253636c6f615825803759147d32", "Title": "kernel: Kernel: Denial of Service in 9p filesystem client via race condition", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/9p: fix double req put in p9_fd_cancelled\n\nSyzkaller reports a KASAN issue as below:\n\ngeneral protection fault, probably for non-canonical address 0xfbd59c0000000021: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: maybe wild-memory-access in range [0xdead000000000108-0xdead00000000010f]\nCPU: 0 PID: 5083 Comm: syz-executor.2 Not tainted 6.1.134-syzkaller-00037-g855bd1d7d838 #0\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nRIP: 0010:__list_del include/linux/list.h:114 [inline]\nRIP: 0010:__list_del_entry include/linux/list.h:137 [inline]\nRIP: 0010:list_del include/linux/list.h:148 [inline]\nRIP: 0010:p9_fd_cancelled+0xe9/0x200 net/9p/trans_fd.c:734\n\nCall Trace:\n \u003cTASK\u003e\n p9_client_flush+0x351/0x440 net/9p/client.c:614\n p9_client_rpc+0xb6b/0xc70 net/9p/client.c:734\n p9_client_version net/9p/client.c:920 [inline]\n p9_client_create+0xb51/0x1240 net/9p/client.c:1027\n v9fs_session_init+0x1f0/0x18f0 fs/9p/v9fs.c:408\n v9fs_mount+0xba/0xcb0 fs/9p/vfs_super.c:126\n legacy_get_tree+0x108/0x220 fs/fs_context.c:632\n vfs_get_tree+0x8e/0x300 fs/super.c:1573\n do_new_mount fs/namespace.c:3056 [inline]\n path_mount+0x6a6/0x1e90 fs/namespace.c:3386\n do_mount fs/namespace.c:3399 [inline]\n __do_sys_mount fs/namespace.c:3607 [inline]\n __se_sys_mount fs/namespace.c:3584 [inline]\n __x64_sys_mount+0x283/0x300 fs/namespace.c:3584\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x35/0x80 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\nThis happens because of a race condition between:\n\n- The 9p client sending an invalid flush request and later cleaning it up;\n- The 9p client in p9_read_work() canceled all pending requests.\n\n Thread 1 Thread 2\n ...\n p9_client_create()\n ...\n p9_fd_create()\n ...\n p9_conn_create()\n ...\n // start Thread 2\n INIT_WORK(\u0026m-\u003erq, p9_read_work);\n p9_read_work()\n ...\n p9_client_rpc()\n ...\n ...\n p9_conn_cancel()\n ...\n spin_lock(\u0026m-\u003ereq_lock);\n ...\n p9_fd_cancelled()\n ...\n ...\n spin_unlock(\u0026m-\u003ereq_lock);\n // status rewrite\n p9_client_cb(m-\u003eclient, req, REQ_STATUS_ERROR)\n // first remove\n list_del(\u0026req-\u003ereq_list);\n ...\n\n spin_lock(\u0026m-\u003ereq_lock)\n ...\n // second remove\n list_del(\u0026req-\u003ereq_list);\n spin_unlock(\u0026m-\u003ereq_lock)\n ...\n\nCommit 74d6a5d56629 (\"9p/trans_fd: Fix concurrency del of req_list in\np9_fd_cancelled/p9_read_work\") fixes a concurrency issue in the 9p filesystem\nclient where the req_list could be deleted simultaneously by both\np9_read_work and p9_fd_cancelled functions, but for the case where req-\u003estatus\nequals REQ_STATUS_RCVD.\n\nUpdate the check for req-\u003estatus in p9_fd_cancelled to skip processing not\njust received requests, but anything that is not SENT, as whatever\nchanged the state from SENT also removed the request from its list.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.\n\n[updated the check from status == RECV || status == ERROR to status != SENT]", "Severity": "MEDIUM", "VendorSeverity": { "azure": 1, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40027", "https://git.kernel.org/stable/c/0e0097005abc02c9f262370674f855625f4f3fb4", "https://git.kernel.org/stable/c/284e67a93b8c48952b6fc82129a8d3eb9dc73b06", "https://git.kernel.org/stable/c/448db01a48e1cdbbc31c995716a5dac1e52ba036", "https://git.kernel.org/stable/c/5c64c0b7b3446f7ed088a13bc8d7487d66534cbb", "https://git.kernel.org/stable/c/674b56aa57f9379854cb6798c3bbcef7e7b51ab7", "https://git.kernel.org/stable/c/716dceb19a9f8ff6c9d3aee5a771a93d6a47a0b6", "https://git.kernel.org/stable/c/94797b84cb9985022eb9cb3275c9497fbc883bb6", "https://git.kernel.org/stable/c/a5901a0dfb5964525990106706ae8b98db098226", "https://git.kernel.org/stable/c/c1db864270eb7fea94a9ef201da0c9dc1cbab7b8", "https://linux.oracle.com/cve/CVE-2025-40027.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025102841-CVE-2025-40027-8088@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40027", "https://ubuntu.com/security/notices/USN-7906-1", "https://ubuntu.com/security/notices/USN-7906-2", "https://ubuntu.com/security/notices/USN-7906-3", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40027" ], "PublishedDate": "2025-10-28T10:15:42.313Z", "LastModifiedDate": "2025-10-30T15:05:32.197Z" }, { "VulnerabilityID": "CVE-2025-40029", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40029", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c5dbc5bee27d3dfb593512fc25b95c427889d904b224dca51b93ad7d16388c5a", "Title": "kernel: bus: fsl-mc: Check return value of platform_get_resource()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: fsl-mc: Check return value of platform_get_resource()\n\nplatform_get_resource() returns NULL in case of failure, so check its\nreturn value and propagate the error in order to prevent NULL pointer\ndereference.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40029", "https://git.kernel.org/linus/25f526507b8ccc6ac3a43bc094d09b1f9b0b90ae (6.18-rc1)", "https://git.kernel.org/stable/c/25f526507b8ccc6ac3a43bc094d09b1f9b0b90ae", "https://git.kernel.org/stable/c/2ead548473f58c7960b6b939b79503c4a0a2c0bd", "https://git.kernel.org/stable/c/58dd05070b57a20f22ff35a34ef9846bdf49a1d0", "https://git.kernel.org/stable/c/78e87b8a3cf8a59671ea25c87192d16e8d710e1c", "https://git.kernel.org/stable/c/84ec0482ed9c9ed0aee553a5e7e7458ad79c021f", "https://git.kernel.org/stable/c/8a4dd74fe413d4a278e649be1d22d028e1667116", "https://git.kernel.org/stable/c/e60d55692e6c8e951000343c39f3fc92cab57efc", "https://lore.kernel.org/linux-cve-announce/2025102807-CVE-2025-40029-1508@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40029", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40029" ], "PublishedDate": "2025-10-28T12:15:36.02Z", "LastModifiedDate": "2025-10-30T15:05:32.197Z" }, { "VulnerabilityID": "CVE-2025-40030", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40030", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ab9dac7a8c422a25ecc8b78ebf18a1a9995e44d44cb91d5df30b2cf93e62b58b", "Title": "kernel: pinctrl: check the return value of pinmux_ops::get_function_name()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: check the return value of pinmux_ops::get_function_name()\n\nWhile the API contract in docs doesn't specify it explicitly, the\ngeneric implementation of the get_function_name() callback from struct\npinmux_ops - pinmux_generic_get_function_name() - can fail and return\nNULL. This is already checked in pinmux_check_ops() so add a similar\ncheck in pinmux_func_name_to_selector() instead of passing the returned\npointer right down to strcmp() where the NULL can get dereferenced. This\nis normal operation when adding new pinfunctions.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40030", "https://git.kernel.org/linus/4002ee98c022d671ecc1e4a84029e9ae7d8a5603 (6.18-rc1)", "https://git.kernel.org/stable/c/1a2ea887a5cd7d47bab599f733d89444df018b1a", "https://git.kernel.org/stable/c/1a7fc8fed2bb2e113604fde7a45432ace2056b97", "https://git.kernel.org/stable/c/4002ee98c022d671ecc1e4a84029e9ae7d8a5603", "https://git.kernel.org/stable/c/688c688e0bf55824f4a38f8c2180046f089a3e3b", "https://git.kernel.org/stable/c/b7e0535060a60cc99eafc19cc665d979714cd73a", "https://git.kernel.org/stable/c/ba7f7c2b2b3261e7def67018c38c69b626e0e66e", "https://git.kernel.org/stable/c/d77ef2f621cd1d605372c4c6ce667c496f6990c3", "https://git.kernel.org/stable/c/e7265dc4c670b89611bcf5fe33acf99bc0aa294f", "https://linux.oracle.com/cve/CVE-2025-40030.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025102810-CVE-2025-40030-b395@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40030", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40030" ], "PublishedDate": "2025-10-28T12:15:36.757Z", "LastModifiedDate": "2025-10-30T15:05:32.197Z" }, { "VulnerabilityID": "CVE-2025-40032", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40032", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:361751b4bd7f54ba72d5a22e47fc8aaa451b0b7fcfd491faaed2174f8dce5b62", "Title": "kernel: PCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release\n\nThe fields dma_chan_tx and dma_chan_rx of the struct pci_epf_test can be\nNULL even after EPF initialization. Then it is prudent to check that\nthey have non-NULL values before releasing the channels. Add the checks\nin pci_epf_test_clean_dma_chan().\n\nWithout the checks, NULL pointer dereferences happen and they can lead\nto a kernel panic in some cases:\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000050\n Call trace:\n dma_release_channel+0x2c/0x120 (P)\n pci_epf_test_epc_deinit+0x94/0xc0 [pci_epf_test]\n pci_epc_deinit_notify+0x74/0xc0\n tegra_pcie_ep_pex_rst_irq+0x250/0x5d8\n irq_thread_fn+0x34/0xb8\n irq_thread+0x18c/0x2e8\n kthread+0x14c/0x210\n ret_from_fork+0x10/0x20\n\n[mani: trimmed the stack trace]", "Severity": "MEDIUM", "VendorSeverity": { "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40032", "https://git.kernel.org/linus/85afa9ea122dd9d4a2ead104a951d318975dcd25 (6.18-rc1)", "https://git.kernel.org/stable/c/0c5ce6b6ccc22d486cc7239ed908cb0ae5363a7b", "https://git.kernel.org/stable/c/57f7fb0d1ac28540c0f6405c829bb9c3b89d8dba", "https://git.kernel.org/stable/c/6411f840a9b5c47c00ca8e004733de232553870d", "https://git.kernel.org/stable/c/85afa9ea122dd9d4a2ead104a951d318975dcd25", "https://git.kernel.org/stable/c/fb54ffd60064c4e5139a3eb216e877b1acae1c8b", "https://lore.kernel.org/linux-cve-announce/2025102810-CVE-2025-40032-a2fd@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40032", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40032" ], "PublishedDate": "2025-10-28T12:15:37.01Z", "LastModifiedDate": "2025-10-30T15:05:32.197Z" }, { "VulnerabilityID": "CVE-2025-40035", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40035", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:21dcf28d602c681133ec30104fe9e4e560c77f8bc243244aada402b607f51ed0", "Title": "kernel: Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak\n\nStruct ff_effect_compat is embedded twice inside\nuinput_ff_upload_compat, contains internal padding. In particular, there\nis a hole after struct ff_replay to satisfy alignment requirements for\nthe following union member. Without clearing the structure,\ncopy_to_user() may leak stack data to userspace.\n\nInitialize ff_up_compat to zero before filling valid fields.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40035", "https://git.kernel.org/linus/d3366a04770eea807f2826cbdb96934dd8c9bf79 (6.18-rc1)", "https://git.kernel.org/stable/c/1b317796013f666ae5040edbf0f230ec61496d42", "https://git.kernel.org/stable/c/48c96b7e9e03516936d6deba54b5553097eae817", "https://git.kernel.org/stable/c/877172b97786ed1678640dff0b2d35abb328844c", "https://git.kernel.org/stable/c/933b87c4590b42500299f00ff55f555903056803", "https://git.kernel.org/stable/c/d3366a04770eea807f2826cbdb96934dd8c9bf79", "https://git.kernel.org/stable/c/e63aade22a33e77b93c98c9f02db504d897a76b4", "https://git.kernel.org/stable/c/f5e1f3b85aadce74268c46676772c3e9fa79897e", "https://git.kernel.org/stable/c/fd8a23ecbc602d00e47b27f20b07350867d0ebe5", "https://linux.oracle.com/cve/CVE-2025-40035.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025102811-CVE-2025-40035-9c37@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40035", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40035" ], "PublishedDate": "2025-10-28T12:15:37.363Z", "LastModifiedDate": "2025-10-30T15:05:32.197Z" }, { "VulnerabilityID": "CVE-2025-40036", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40036", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1205eb1d87b84b6558ce3453db16bf1a3708eb9d4cd0865d0ef629dc3985c217", "Title": "kernel: misc: fastrpc: fix possible map leak in fastrpc_put_args", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: fix possible map leak in fastrpc_put_args\n\ncopy_to_user() failure would cause an early return without cleaning up\nthe fdlist, which has been updated by the DSP. This could lead to map\nleak. Fix this by redirecting to a cleanup path on failure, ensuring\nthat all mapped buffers are properly released before returning.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40036", "https://git.kernel.org/linus/da1ba64176e0138f2bfa96f9e43e8c3640d01e1e (6.18-rc1)", "https://git.kernel.org/stable/c/3ad42dc66445df6977cf4be0c06f1a655299ce6c", "https://git.kernel.org/stable/c/78d33a041555db03903e8037fd053ed74fbd88cb", "https://git.kernel.org/stable/c/a085658264d0c8d4f795d4631f77d7289a021de9", "https://git.kernel.org/stable/c/c000f65f0ac93d9f9cc69a230d372f6ca93e4879", "https://git.kernel.org/stable/c/da1ba64176e0138f2bfa96f9e43e8c3640d01e1e", "https://lore.kernel.org/linux-cve-announce/2025102811-CVE-2025-40036-a568@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40036", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40036" ], "PublishedDate": "2025-10-28T12:15:37.487Z", "LastModifiedDate": "2025-10-30T15:05:32.197Z" }, { "VulnerabilityID": "CVE-2025-40039", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40039", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0ba14c35f23130b317f98dbbcd55a4fb1b10bb422b8d3dc4d269fb4191117250", "Title": "kernel: ksmbd: Fix race condition in RPC handle list access", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: Fix race condition in RPC handle list access\n\nThe 'sess-\u003erpc_handle_list' XArray manages RPC handles within a ksmbd\nsession. Access to this list is intended to be protected by\n'sess-\u003erpc_lock' (an rw_semaphore). However, the locking implementation was\nflawed, leading to potential race conditions.\n\nIn ksmbd_session_rpc_open(), the code incorrectly acquired only a read lock\nbefore calling xa_store() and xa_erase(). Since these operations modify\nthe XArray structure, a write lock is required to ensure exclusive access\nand prevent data corruption from concurrent modifications.\n\nFurthermore, ksmbd_session_rpc_method() accessed the list using xa_load()\nwithout holding any lock at all. This could lead to reading inconsistent\ndata or a potential use-after-free if an entry is concurrently removed and\nthe pointer is dereferenced.\n\nFix these issues by:\n1. Using down_write() and up_write() in ksmbd_session_rpc_open()\n to ensure exclusive access during XArray modification, and ensuring\n the lock is correctly released on error paths.\n2. Adding down_read() and up_read() in ksmbd_session_rpc_method()\n to safely protect the lookup.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "nvd": 2, "photon": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40039", "https://git.kernel.org/linus/305853cce379407090a73b38c5de5ba748893aee (6.18-rc1)", "https://git.kernel.org/stable/c/305853cce379407090a73b38c5de5ba748893aee", "https://git.kernel.org/stable/c/5cc679ba0f4505936124cd4179ba66bb0a4bd9f3", "https://git.kernel.org/stable/c/69674b029002b1d90b655f014bdf64f404efa54d", "https://git.kernel.org/stable/c/6b615a8fb3af0baf8126cde3d4fee97d57222ffc", "https://git.kernel.org/stable/c/6bd7e0e55dcea2cf0d391bbc21c2eb069b4be3e1", "https://lore.kernel.org/linux-cve-announce/2025102812-CVE-2025-40039-2d65@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40039", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://www.cve.org/CVERecord?id=CVE-2025-40039" ], "PublishedDate": "2025-10-28T12:15:37.847Z", "LastModifiedDate": "2026-02-26T15:50:57.663Z" }, { "VulnerabilityID": "CVE-2025-40040", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40040", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6563b54afcdf4976aa93c66622ab58c128fe9dfe966e46dc92b9f88eb6fb00f5", "Title": "kernel: mm/ksm: fix flag-dropping behavior in ksm_madvise", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/ksm: fix flag-dropping behavior in ksm_madvise\n\nsyzkaller discovered the following crash: (kernel BUG)\n\n[ 44.607039] ------------[ cut here ]------------\n[ 44.607422] kernel BUG at mm/userfaultfd.c:2067!\n[ 44.608148] Oops: invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN NOPTI\n[ 44.608814] CPU: 1 UID: 0 PID: 2475 Comm: reproducer Not tainted 6.16.0-rc6 #1 PREEMPT(none)\n[ 44.609635] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\n[ 44.610695] RIP: 0010:userfaultfd_release_all+0x3a8/0x460\n\n\u003csnip other registers, drop unreliable trace\u003e\n\n[ 44.617726] Call Trace:\n[ 44.617926] \u003cTASK\u003e\n[ 44.619284] userfaultfd_release+0xef/0x1b0\n[ 44.620976] __fput+0x3f9/0xb60\n[ 44.621240] fput_close_sync+0x110/0x210\n[ 44.622222] __x64_sys_close+0x8f/0x120\n[ 44.622530] do_syscall_64+0x5b/0x2f0\n[ 44.622840] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 44.623244] RIP: 0033:0x7f365bb3f227\n\nKernel panics because it detects UFFD inconsistency during\nuserfaultfd_release_all(). Specifically, a VMA which has a valid pointer\nto vma-\u003evm_userfaultfd_ctx, but no UFFD flags in vma-\u003evm_flags.\n\nThe inconsistency is caused in ksm_madvise(): when user calls madvise()\nwith MADV_UNMEARGEABLE on a VMA that is registered for UFFD in MINOR mode,\nit accidentally clears all flags stored in the upper 32 bits of\nvma-\u003evm_flags.\n\nAssuming x86_64 kernel build, unsigned long is 64-bit and unsigned int and\nint are 32-bit wide. This setup causes the following mishap during the \u0026=\n~VM_MERGEABLE assignment.\n\nVM_MERGEABLE is a 32-bit constant of type unsigned int, 0x8000'0000. \nAfter ~ is applied, it becomes 0x7fff'ffff unsigned int, which is then\npromoted to unsigned long before the \u0026 operation. This promotion fills\nupper 32 bits with leading 0s, as we're doing unsigned conversion (and\neven for a signed conversion, this wouldn't help as the leading bit is 0).\n\u0026 operation thus ends up AND-ing vm_flags with 0x0000'0000'7fff'ffff\ninstead of intended 0xffff'ffff'7fff'ffff and hence accidentally clears\nthe upper 32-bits of its value.\n\nFix it by changing `VM_MERGEABLE` constant to unsigned long, using the\nBIT() macro.\n\nNote: other VM_* flags are not affected: This only happens to the\nVM_MERGEABLE flag, as the other VM_* flags are all constants of type int\nand after ~ operation, they end up with leading 1 and are thus converted\nto unsigned long with leading 1s.\n\nNote 2:\nAfter commit 31defc3b01d9 (\"userfaultfd: remove (VM_)BUG_ON()s\"), this is\nno longer a kernel BUG, but a WARNING at the same place:\n\n[ 45.595973] WARNING: CPU: 1 PID: 2474 at mm/userfaultfd.c:2067\n\nbut the root-cause (flag-drop) remains the same.\n\n[akpm@linux-foundation.org: rust bindgen wasn't able to handle BIT(), from Miguel]", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40040", "https://git.kernel.org/linus/f04aad36a07cc17b7a5d5b9a2d386ce6fae63e93 (6.18-rc1)", "https://git.kernel.org/stable/c/41cb9fd904fe0c39d52e82dd84dc3c96b7aa9693", "https://git.kernel.org/stable/c/76385629f45740b7888f8fcd83bde955b10f61fe", "https://git.kernel.org/stable/c/788e5385d0ff69cdba1cabccb9dab8d9647b9239", "https://git.kernel.org/stable/c/850f1ea245bdc0ce6a3fd36bfb80d8cf9647cb71", "https://git.kernel.org/stable/c/92b82e232b8d8b116ac6e57aeae7a6033db92c60", "https://git.kernel.org/stable/c/ac50c6e0a8f91a02b681af81abb2362fbb67cc18", "https://git.kernel.org/stable/c/b69f19244c2b6475c8a6eb72f0fb0d53509e48cd", "https://git.kernel.org/stable/c/f04aad36a07cc17b7a5d5b9a2d386ce6fae63e93", "https://linux.oracle.com/cve/CVE-2025-40040.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025102812-CVE-2025-40040-943a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40040", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40040" ], "PublishedDate": "2025-10-28T12:15:37.967Z", "LastModifiedDate": "2026-02-26T15:51:08.683Z" }, { "VulnerabilityID": "CVE-2025-40042", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40042", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:323e748a019b0eebeab21d4b9f972f8b44f3fccafbfc9bdfa97d73f19416ce91", "Title": "kernel: tracing: Fix race condition in kprobe initialization causing NULL pointer dereference", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix race condition in kprobe initialization causing NULL pointer dereference\n\nThere is a critical race condition in kprobe initialization that can lead to\nNULL pointer dereference and kernel crash.\n\n[1135630.084782] Unable to handle kernel paging request at virtual address 0000710a04630000\n...\n[1135630.260314] pstate: 404003c9 (nZcv DAIF +PAN -UAO)\n[1135630.269239] pc : kprobe_perf_func+0x30/0x260\n[1135630.277643] lr : kprobe_dispatcher+0x44/0x60\n[1135630.286041] sp : ffffaeff4977fa40\n[1135630.293441] x29: ffffaeff4977fa40 x28: ffffaf015340e400\n[1135630.302837] x27: 0000000000000000 x26: 0000000000000000\n[1135630.312257] x25: ffffaf029ed108a8 x24: ffffaf015340e528\n[1135630.321705] x23: ffffaeff4977fc50 x22: ffffaeff4977fc50\n[1135630.331154] x21: 0000000000000000 x20: ffffaeff4977fc50\n[1135630.340586] x19: ffffaf015340e400 x18: 0000000000000000\n[1135630.349985] x17: 0000000000000000 x16: 0000000000000000\n[1135630.359285] x15: 0000000000000000 x14: 0000000000000000\n[1135630.368445] x13: 0000000000000000 x12: 0000000000000000\n[1135630.377473] x11: 0000000000000000 x10: 0000000000000000\n[1135630.386411] x9 : 0000000000000000 x8 : 0000000000000000\n[1135630.395252] x7 : 0000000000000000 x6 : 0000000000000000\n[1135630.403963] x5 : 0000000000000000 x4 : 0000000000000000\n[1135630.412545] x3 : 0000710a04630000 x2 : 0000000000000006\n[1135630.421021] x1 : ffffaeff4977fc50 x0 : 0000710a04630000\n[1135630.429410] Call trace:\n[1135630.434828] kprobe_perf_func+0x30/0x260\n[1135630.441661] kprobe_dispatcher+0x44/0x60\n[1135630.448396] aggr_pre_handler+0x70/0xc8\n[1135630.454959] kprobe_breakpoint_handler+0x140/0x1e0\n[1135630.462435] brk_handler+0xbc/0xd8\n[1135630.468437] do_debug_exception+0x84/0x138\n[1135630.475074] el1_dbg+0x18/0x8c\n[1135630.480582] security_file_permission+0x0/0xd0\n[1135630.487426] vfs_write+0x70/0x1c0\n[1135630.493059] ksys_write+0x5c/0xc8\n[1135630.498638] __arm64_sys_write+0x24/0x30\n[1135630.504821] el0_svc_common+0x78/0x130\n[1135630.510838] el0_svc_handler+0x38/0x78\n[1135630.516834] el0_svc+0x8/0x1b0\n\nkernel/trace/trace_kprobe.c: 1308\n0xffff3df8995039ec \u003ckprobe_perf_func+0x2c\u003e: ldr x21, [x24,#120]\ninclude/linux/compiler.h: 294\n0xffff3df8995039f0 \u003ckprobe_perf_func+0x30\u003e: ldr x1, [x21,x0]\n\nkernel/trace/trace_kprobe.c\n1308: head = this_cpu_ptr(call-\u003eperf_events);\n1309: if (hlist_empty(head))\n1310: \treturn 0;\n\ncrash\u003e struct trace_event_call -o\nstruct trace_event_call {\n ...\n [120] struct hlist_head *perf_events; //(call-\u003eperf_event)\n ...\n}\n\ncrash\u003e struct trace_event_call ffffaf015340e528\nstruct trace_event_call {\n ...\n perf_events = 0xffff0ad5fa89f088, //this value is correct, but x21 = 0\n ...\n}\n\nRace Condition Analysis:\n\nThe race occurs between kprobe activation and perf_events initialization:\n\n CPU0 CPU1\n ==== ====\n perf_kprobe_init\n perf_trace_event_init\n tp_event-\u003eperf_events = list;(1)\n tp_event-\u003eclass-\u003ereg (2)← KPROBE ACTIVE\n Debug exception triggers\n ...\n kprobe_dispatcher\n kprobe_perf_func (tk-\u003etp.flags \u0026 TP_FLAG_PROFILE)\n head = this_cpu_ptr(call-\u003eperf_events)(3)\n (perf_events is still NULL)\n\nProblem:\n1. CPU0 executes (1) assigning tp_event-\u003eperf_events = list\n2. CPU0 executes (2) enabling kprobe functionality via class-\u003ereg()\n3. CPU1 triggers and reaches kprobe_dispatcher\n4. CPU1 checks TP_FLAG_PROFILE - condition passes (step 2 completed)\n5. CPU1 calls kprobe_perf_func() and crashes at (3) because\n call-\u003eperf_events is still NULL\n\nCPU1 sees that kprobe functionality is enabled but does not see that\nperf_events has been assigned.\n\nAdd pairing read an\n---truncated---", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40042", "https://git.kernel.org/linus/9cf9aa7b0acfde7545c1a1d912576e9bab28dc6f (6.18-rc1)", "https://git.kernel.org/stable/c/07926ce598a95de6fd874a74fb510e2ebdfd0aae", "https://git.kernel.org/stable/c/0fa388ab2c290ef1115ff88ae88e881d0fb2db02", "https://git.kernel.org/stable/c/1a301228c0a8aedc3154fb1a274456f487416b96", "https://git.kernel.org/stable/c/5ebea6561649d30ec7a18fea23d7f76738dae916", "https://git.kernel.org/stable/c/95dd33361061f808d1f68616d69ada639e737cfa", "https://git.kernel.org/stable/c/9c4951b691bb8d7a004acd010f45144391f85ea6", "https://git.kernel.org/stable/c/9cf9aa7b0acfde7545c1a1d912576e9bab28dc6f", "https://git.kernel.org/stable/c/a6e89ada1ff6b70df73f579071ffa6ade8ae7f98", "https://linux.oracle.com/cve/CVE-2025-40042.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025102812-CVE-2025-40042-80e6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40042", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40042" ], "PublishedDate": "2025-10-28T12:15:38.207Z", "LastModifiedDate": "2025-10-30T15:05:32.197Z" }, { "VulnerabilityID": "CVE-2025-40043", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40043", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:76807e1e664f810cd5e587acdb6fc07ff49db5d48bb67bb451cf4d7ba72be040", "Title": "kernel: net: nfc: nci: Add parameter validation for packet data", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nfc: nci: Add parameter validation for packet data\n\nSyzbot reported an uninitialized value bug in nci_init_req, which was\nintroduced by commit 5aca7966d2a7 (\"Merge tag\n'perf-tools-fixes-for-v6.17-2025-09-16' of\ngit://git.kernel.org/pub/scm/linux/kernel/git/perf/perf-tools\").\n\nThis bug arises due to very limited and poor input validation\nthat was done at nic_valid_size(). This validation only\nvalidates the skb-\u003elen (directly reflects size provided at the\nuserspace interface) with the length provided in the buffer\nitself (interpreted as NCI_HEADER). This leads to the processing\nof memory content at the address assuming the correct layout\nper what opcode requires there. This leads to the accesses to\nbuffer of `skb_buff-\u003edata` which is not assigned anything yet.\n\nFollowing the same silent drop of packets of invalid sizes at\n`nic_valid_size()`, add validation of the data in the respective\nhandlers and return error values in case of failure. Release\nthe skb if error values are returned from handlers in\n`nci_nft_packet` and effectively do a silent drop\n\nPossible TODO: because we silently drop the packets, the\ncall to `nci_request` will be waiting for completion of request\nand will face timeouts. These timeouts can get excessively logged\nin the dmesg. A proper handling of them may require to export\n`nci_request_cancel` (or propagate error handling from the\nnft packets handlers).", "Severity": "MEDIUM", "VendorSeverity": { "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40043", "https://git.kernel.org/linus/9c328f54741bd5465ca1dc717c84c04242fac2e1 (6.18-rc1)", "https://git.kernel.org/stable/c/0ba68bea1e356f466ad29449938bea12f5f3711f", "https://git.kernel.org/stable/c/74837bca0748763a77f77db47a0bdbe63b347628", "https://git.kernel.org/stable/c/8fcc7315a10a84264e55bb65ede10f0af20a983f", "https://git.kernel.org/stable/c/9c328f54741bd5465ca1dc717c84c04242fac2e1", "https://git.kernel.org/stable/c/bfdda0123dde406dbff62e7e9136037e97998a15", "https://git.kernel.org/stable/c/c395d1e548cc68e84584ffa2e3ca9796a78bf7b9", "https://lore.kernel.org/linux-cve-announce/2025102813-CVE-2025-40043-39d2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40043", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40043" ], "PublishedDate": "2025-10-28T12:15:38.333Z", "LastModifiedDate": "2025-10-30T15:05:32.197Z" }, { "VulnerabilityID": "CVE-2025-40044", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40044", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:bc0cb3ffaff63510896d542f40a549613cc6eb4474cc25de8ba1d8254bc66199", "Title": "kernel: fs: udf: fix OOB read in lengthAllocDescs handling", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: udf: fix OOB read in lengthAllocDescs handling\n\nWhen parsing Allocation Extent Descriptor, lengthAllocDescs comes from\non-disk data and must be validated against the block size. Crafted or\ncorrupted images may set lengthAllocDescs so that the total descriptor\nlength (sizeof(allocExtDesc) + lengthAllocDescs) exceeds the buffer,\nleading udf_update_tag() to call crc_itu_t() on out-of-bounds memory and\ntrigger a KASAN use-after-free read.\n\nBUG: KASAN: use-after-free in crc_itu_t+0x1d5/0x2b0 lib/crc-itu-t.c:60\nRead of size 1 at addr ffff888041e7d000 by task syz-executor317/5309\n\nCPU: 0 UID: 0 PID: 5309 Comm: syz-executor317 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n crc_itu_t+0x1d5/0x2b0 lib/crc-itu-t.c:60\n udf_update_tag+0x70/0x6a0 fs/udf/misc.c:261\n udf_write_aext+0x4d8/0x7b0 fs/udf/inode.c:2179\n extent_trunc+0x2f7/0x4a0 fs/udf/truncate.c:46\n udf_truncate_tail_extent+0x527/0x7e0 fs/udf/truncate.c:106\n udf_release_file+0xc1/0x120 fs/udf/file.c:185\n __fput+0x23f/0x880 fs/file_table.c:431\n task_work_run+0x24f/0x310 kernel/task_work.c:239\n exit_task_work include/linux/task_work.h:43 [inline]\n do_exit+0xa2f/0x28e0 kernel/exit.c:939\n do_group_exit+0x207/0x2c0 kernel/exit.c:1088\n __do_sys_exit_group kernel/exit.c:1099 [inline]\n __se_sys_exit_group kernel/exit.c:1097 [inline]\n __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1097\n x64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \u003c/TASK\u003e\n\nValidate the computed total length against epos-\u003ebh-\u003eb_size.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40044", "https://git.kernel.org/linus/3bd5e45c2ce30e239d596becd5db720f7eb83c99 (6.18-rc1)", "https://git.kernel.org/stable/c/14496175b264d30c2045584ee31d062af2e3a660", "https://git.kernel.org/stable/c/1d1847812a1a5375c10a2a779338df643f79c047", "https://git.kernel.org/stable/c/3bd5e45c2ce30e239d596becd5db720f7eb83c99", "https://git.kernel.org/stable/c/459404f858213967ccfff336c41747d8dd186d38", "https://git.kernel.org/stable/c/918649364fbca7d5df72522ca795479edcd25f91", "https://git.kernel.org/stable/c/a70dcfa8d0a0cc530a6af59483dfca260b652c1b", "https://git.kernel.org/stable/c/b57f2d7d3e6bb89ed82330c5fe106cdfa34d3e24", "https://git.kernel.org/stable/c/d2ed9aa8ae50fb0d4ac5ab07e4c67ba7e9a24818", "https://linux.oracle.com/cve/CVE-2025-40044.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025102813-CVE-2025-40044-d9af@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40044", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40044" ], "PublishedDate": "2025-10-28T12:15:38.453Z", "LastModifiedDate": "2025-10-30T15:05:32.197Z" }, { "VulnerabilityID": "CVE-2025-40048", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40048", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:09453e883dd934042119a2fbadc77dfb4b7eb2840a53a9854cd3e766c1eca6ae", "Title": "kernel: uio_hv_generic: Let userspace take care of interrupt mask", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nuio_hv_generic: Let userspace take care of interrupt mask\n\nRemove the logic to set interrupt mask by default in uio_hv_generic\ndriver as the interrupt mask value is supposed to be controlled\ncompletely by the user space. If the mask bit gets changed\nby the driver, concurrently with user mode operating on the ring,\nthe mask bit may be set when it is supposed to be clear, and the\nuser-mode driver will miss an interrupt which will cause a hang.\n\nFor eg- when the driver sets inbound ring buffer interrupt mask to 1,\nthe host does not interrupt the guest on the UIO VMBus channel.\nHowever, setting the mask does not prevent the host from putting a\nmessage in the inbound ring buffer. So let’s assume that happens,\nthe host puts a message into the ring buffer but does not interrupt.\n\nSubsequently, the user space code in the guest sets the inbound ring\nbuffer interrupt mask to 0, saying “Hey, I’m ready for interrupts”.\nUser space code then calls pread() to wait for an interrupt.\nThen one of two things happens:\n\n* The host never sends another message. So the pread() waits forever.\n* The host does send another message. But because there’s already a\n message in the ring buffer, it doesn’t generate an interrupt.\n This is the correct behavior, because the host should only send an\n interrupt when the inbound ring buffer transitions from empty to\n not-empty. Adding an additional message to a ring buffer that is not\n empty is not supposed to generate an interrupt on the guest.\n Since the guest is waiting in pread() and not removing messages from\n the ring buffer, the pread() waits forever.\n\nThis could be easily reproduced in hv_fcopy_uio_daemon if we delay\nsetting interrupt mask to 0.\n\nSimilarly if hv_uio_channel_cb() sets the interrupt_mask to 1,\nthere’s a race condition. Once user space empties the inbound ring\nbuffer, but before user space sets interrupt_mask to 0, the host could\nput another message in the ring buffer but it wouldn’t interrupt.\nThen the next pread() would hang.\n\nFix these by removing all instances where interrupt_mask is changed,\nwhile keeping the one in set_event() unchanged to enable userspace\ncontrol the interrupt mask by writing 0/1 to /dev/uioX.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 3, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40048", "https://git.kernel.org/linus/b15b7d2a1b09ef5428a8db260251897405a19496 (6.18-rc1)", "https://git.kernel.org/stable/c/01ce972e6f9974a7c76943bcb7e93746917db83a", "https://git.kernel.org/stable/c/2af39ab5e6dc46b835a52e80a22d0cad430985e3", "https://git.kernel.org/stable/c/37bd91f22794dc05436130d6983302cb90ecfe7e", "https://git.kernel.org/stable/c/540aac117eaea5723cef5e4cbf3035c4ac654d92", "https://git.kernel.org/stable/c/65d40acd911c7011745cbbd2aaac34eb5266d11e", "https://git.kernel.org/stable/c/a44f61f878f32071d6378e8dd7c2d47f9490c8f7", "https://git.kernel.org/stable/c/b15b7d2a1b09ef5428a8db260251897405a19496", "https://git.kernel.org/stable/c/e29587c07537929684faa365027f4b0d87521e1b", "https://linux.oracle.com/cve/CVE-2025-40048.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025102814-CVE-2025-40048-3bce@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40048", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40048" ], "PublishedDate": "2025-10-28T12:15:38.92Z", "LastModifiedDate": "2025-10-30T15:05:32.197Z" }, { "VulnerabilityID": "CVE-2025-40049", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40049", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:cace863c429320103a1125f47eaa62551b4c10beb85159719b3b15ceead90914", "Title": "kernel: Squashfs: fix uninit-value in squashfs_get_parent", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: fix uninit-value in squashfs_get_parent\n\nSyzkaller reports a \"KMSAN: uninit-value in squashfs_get_parent\" bug.\n\nThis is caused by open_by_handle_at() being called with a file handle\ncontaining an invalid parent inode number. In particular the inode number\nis that of a symbolic link, rather than a directory.\n\nSquashfs_get_parent() gets called with that symbolic link inode, and\naccesses the parent member field.\n\n\tunsigned int parent_ino = squashfs_i(inode)-\u003eparent;\n\nBecause non-directory inodes in Squashfs do not have a parent value, this\nis uninitialised, and this causes an uninitialised value access.\n\nThe fix is to initialise parent with the invalid inode 0, which will cause\nan EINVAL error to be returned.\n\nRegular inodes used to share the parent field with the block_list_start\nfield. This is removed in this commit to enable the parent field to\ncontain the invalid inode number 0.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40049", "https://git.kernel.org/linus/74058c0a9fc8b2b4d5f4a0ef7ee2cfa66a9e49cf (6.18-rc1)", "https://git.kernel.org/stable/c/1b3ccd0019132880c94bb00ca7088c1749308f82", "https://git.kernel.org/stable/c/382a47fae449e554ef1e8c198667fd2f3270b945", "https://git.kernel.org/stable/c/61d38b5ce2782bff3cacaacbb8164087a73ed1a5", "https://git.kernel.org/stable/c/74058c0a9fc8b2b4d5f4a0ef7ee2cfa66a9e49cf", "https://git.kernel.org/stable/c/81a2bca52d43fc9d9abf07408b91255131c5dc53", "https://git.kernel.org/stable/c/91b99db7a92e57ff48a96a1b10fddfd2547e7f53", "https://git.kernel.org/stable/c/c28b0ca029edf5d0558abcd76cb8c732706cd339", "https://git.kernel.org/stable/c/f81a5bc9e924ee1950e0dd82bd10749048390f6e", "https://linux.oracle.com/cve/CVE-2025-40049.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025102814-CVE-2025-40049-1ce8@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40049", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40049" ], "PublishedDate": "2025-10-28T12:15:39.043Z", "LastModifiedDate": "2025-10-30T15:05:32.197Z" }, { "VulnerabilityID": "CVE-2025-40053", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40053", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7f3df2ce0a4431b9883fe88ade312f216dbf584c95f60862691bc365fc92cac6", "Title": "kernel: net: dlink: handle copy_thresh allocation failure", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dlink: handle copy_thresh allocation failure\n\nThe driver did not handle failure of `netdev_alloc_skb_ip_align()`.\nIf the allocation failed, dereferencing `skb-\u003eprotocol` could lead to\na NULL pointer dereference.\n\nThis patch tries to allocate `skb`. If the allocation fails, it falls\nback to the normal path.\n\nTested-on: D-Link DGE-550T Rev-A3", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40053", "https://git.kernel.org/linus/8169a6011c5fecc6cb1c3654c541c567d3318de8 (6.18-rc1)", "https://git.kernel.org/stable/c/5aa9b885602811a026a3f45c92ea2b4b04c54f09", "https://git.kernel.org/stable/c/7ed5010fef0930f4322d620052edc854ef3ec41f", "https://git.kernel.org/stable/c/8169a6011c5fecc6cb1c3654c541c567d3318de8", "https://git.kernel.org/stable/c/84fd710a704f3d53d4120e452e86cea558cf73a8", "https://git.kernel.org/stable/c/9d49e4b14609e1a20d931e718962c4b6b5485174", "https://git.kernel.org/stable/c/ea87151df398d407a632c7bf63013290f01c5009", "https://git.kernel.org/stable/c/fd7b6b2c920d7fd370a612be416a904d6e1ebe55", "https://linux.oracle.com/cve/CVE-2025-40053.html", "https://linux.oracle.com/errata/ELSA-2025-28048.html", "https://lore.kernel.org/linux-cve-announce/2025102814-CVE-2025-40053-8e42@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40053", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40053" ], "PublishedDate": "2025-10-28T12:15:39.51Z", "LastModifiedDate": "2025-10-30T15:05:32.197Z" }, { "VulnerabilityID": "CVE-2025-40054", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40054", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:15c246b2983bb35ff3b4dc6aaa84eba6755c71d7934974c78aa29f8c742471b7", "Title": "kernel: f2fs: fix UAF issue in f2fs_merge_page_bio()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix UAF issue in f2fs_merge_page_bio()\n\nAs JY reported in bugzilla [1],\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000000\npc : [0xffffffe51d249484] f2fs_is_cp_guaranteed+0x70/0x98\nlr : [0xffffffe51d24adbc] f2fs_merge_page_bio+0x520/0x6d4\nCPU: 3 UID: 0 PID: 6790 Comm: kworker/u16:3 Tainted: P B W OE 6.12.30-android16-5-maybe-dirty-4k #1 5f7701c9cbf727d1eebe77c89bbbeb3371e895e5\nTainted: [P]=PROPRIETARY_MODULE, [B]=BAD_PAGE, [W]=WARN, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\nWorkqueue: writeback wb_workfn (flush-254:49)\nCall trace:\n f2fs_is_cp_guaranteed+0x70/0x98\n f2fs_inplace_write_data+0x174/0x2f4\n f2fs_do_write_data_page+0x214/0x81c\n f2fs_write_single_data_page+0x28c/0x764\n f2fs_write_data_pages+0x78c/0xce4\n do_writepages+0xe8/0x2fc\n __writeback_single_inode+0x4c/0x4b4\n writeback_sb_inodes+0x314/0x540\n __writeback_inodes_wb+0xa4/0xf4\n wb_writeback+0x160/0x448\n wb_workfn+0x2f0/0x5dc\n process_scheduled_works+0x1c8/0x458\n worker_thread+0x334/0x3f0\n kthread+0x118/0x1ac\n ret_from_fork+0x10/0x20\n\n[1] https://bugzilla.kernel.org/show_bug.cgi?id=220575\n\nThe panic was caused by UAF issue w/ below race condition:\n\nkworker\n- writepages\n - f2fs_write_cache_pages\n - f2fs_write_single_data_page\n - f2fs_do_write_data_page\n - f2fs_inplace_write_data\n - f2fs_merge_page_bio\n - add_inu_page\n : cache page #1 into bio \u0026 cache bio in\n io-\u003ebio_list\n - f2fs_write_single_data_page\n - f2fs_do_write_data_page\n - f2fs_inplace_write_data\n - f2fs_merge_page_bio\n - add_inu_page\n : cache page #2 into bio which is linked\n in io-\u003ebio_list\n\t\t\t\t\t\twrite\n\t\t\t\t\t\t- f2fs_write_begin\n\t\t\t\t\t\t: write page #1\n\t\t\t\t\t\t - f2fs_folio_wait_writeback\n\t\t\t\t\t\t - f2fs_submit_merged_ipu_write\n\t\t\t\t\t\t - f2fs_submit_write_bio\n\t\t\t\t\t\t : submit bio which inclues page #1 and #2\n\n\t\t\t\t\t\tsoftware IRQ\n\t\t\t\t\t\t- f2fs_write_end_io\n\t\t\t\t\t\t - fscrypt_free_bounce_page\n\t\t\t\t\t\t : freed bounced page which belongs to page #2\n - inc_page_count( , WB_DATA_TYPE(data_folio), false)\n : data_folio points to fio-\u003eencrypted_page\n the bounced page can be freed before\n accessing it in f2fs_is_cp_guarantee()\n\nIt can reproduce w/ below testcase:\nRun below script in shell #1:\nfor ((i=1;i\u003e0;i++)) do xfs_io -f /mnt/f2fs/enc/file \\\n-c \"pwrite 0 32k\" -c \"fdatasync\"\n\nRun below script in shell #2:\nfor ((i=1;i\u003e0;i++)) do xfs_io -f /mnt/f2fs/enc/file \\\n-c \"pwrite 0 32k\" -c \"fdatasync\"\n\nSo, in f2fs_merge_page_bio(), let's avoid using fio-\u003eencrypted_page after\ncommit page into internal ipu cache.", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40054", "https://git.kernel.org/linus/edf7e9040fc52c922db947f9c6c36f07377c52ea (6.18-rc1)", "https://git.kernel.org/stable/c/01118321e0c8a5f3ece57d0d377bfc92d83cd210", "https://git.kernel.org/stable/c/edf7e9040fc52c922db947f9c6c36f07377c52ea", "https://lore.kernel.org/linux-cve-announce/2025102815-CVE-2025-40054-c79b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40054", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://www.cve.org/CVERecord?id=CVE-2025-40054" ], "PublishedDate": "2025-10-28T12:15:39.64Z", "LastModifiedDate": "2025-10-30T15:05:32.197Z" }, { "VulnerabilityID": "CVE-2025-40055", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40055", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a66e4e01526528a8a099b048e80271436b39a475438d48e912e5034b4c7e67d6", "Title": "kernel: ocfs2: fix double free in user_cluster_connect()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix double free in user_cluster_connect()\n\nuser_cluster_disconnect() frees \"conn-\u003ecc_private\" which is \"lc\" but then\nthe error handling frees \"lc\" a second time. Set \"lc\" to NULL on this\npath to avoid a double free.", "Severity": "MEDIUM", "VendorSeverity": { "oracle-oval": 3, "photon": 3, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40055", "https://git.kernel.org/linus/8f45f089337d924db24397f55697cda0e6960516 (6.18-rc1)", "https://git.kernel.org/stable/c/283333079d96c84baa91f0c62b5e0cbec246b7a2", "https://git.kernel.org/stable/c/694d5b401036a614f8080085a9de6f86ff0742dc", "https://git.kernel.org/stable/c/7e76fe9dfadbc00364d7523d5a109e9d3e4a7db2", "https://git.kernel.org/stable/c/827c8efa0d1afe817b90f3618afff552e88348d2", "https://git.kernel.org/stable/c/892f41e12c8689130d552a9eb2b77bafd26484ab", "https://git.kernel.org/stable/c/8f45f089337d924db24397f55697cda0e6960516", "https://git.kernel.org/stable/c/bfe011297ddd2d0cd64752978baaa0c04cd20573", "https://git.kernel.org/stable/c/f992bc72f681c32a682d474a29c2135a64d4f4e5", "https://linux.oracle.com/cve/CVE-2025-40055.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025102815-CVE-2025-40055-8290@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40055", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40055" ], "PublishedDate": "2025-10-28T12:15:39.78Z", "LastModifiedDate": "2025-10-30T15:05:32.197Z" }, { "VulnerabilityID": "CVE-2025-40057", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40057", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:63fda471ef2ec3a4f794ead31d310b6ca7d372880c9a6b7e8ccf2648f8a627f6", "Title": "kernel: ptp: Add a upper bound on max_vclocks", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nptp: Add a upper bound on max_vclocks\n\nsyzbot reported WARNING in max_vclocks_store.\n\nThis occurs when the argument max is too large for kcalloc to handle.\n\nExtend the guard to guard against values that are too large for\nkcalloc", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40057", "https://git.kernel.org/linus/e9f35294e18da82162004a2f35976e7031aaf7f9 (6.18-rc1)", "https://git.kernel.org/stable/c/35ce5f163889dbce88eda1df661b357a09bbed87", "https://git.kernel.org/stable/c/8dd446056336faa2283d62cefc2f576536845edc", "https://git.kernel.org/stable/c/e9f35294e18da82162004a2f35976e7031aaf7f9", "https://linux.oracle.com/cve/CVE-2025-40057.html", "https://linux.oracle.com/errata/ELSA-2025-28040.html", "https://lore.kernel.org/linux-cve-announce/2025102815-CVE-2025-40057-2587@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40057", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40057" ], "PublishedDate": "2025-10-28T12:15:40.033Z", "LastModifiedDate": "2025-10-30T15:05:32.197Z" }, { "VulnerabilityID": "CVE-2025-40060", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40060", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:959b77587537a314e56cc7291e33c48d393d82d3eaf3bd02808eecc11d06c3f6", "Title": "kernel: coresight: trbe: Return NULL pointer for allocation failures", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: trbe: Return NULL pointer for allocation failures\n\nWhen the TRBE driver fails to allocate a buffer, it currently returns\nthe error code \"-ENOMEM\". However, the caller etm_setup_aux() only\nchecks for a NULL pointer, so it misses the error. As a result, the\ndriver continues and eventually causes a kernel panic.\n\nFix this by returning a NULL pointer from arm_trbe_alloc_buffer() on\nallocation failures. This allows that the callers can properly handle\nthe failure.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40060", "https://git.kernel.org/linus/8a55c161f7f9c1aa1c70611b39830d51c83ef36d (6.18-rc1)", "https://git.kernel.org/stable/c/296da78494633e1ab5e2e74173a9c8683b04aa6b", "https://git.kernel.org/stable/c/8a55c161f7f9c1aa1c70611b39830d51c83ef36d", "https://git.kernel.org/stable/c/9768536f82600a05ce901e31ccfabd92c027ff71", "https://git.kernel.org/stable/c/cef047e0a55cb07906fcaae99170f19a9c0bb6c2", "https://git.kernel.org/stable/c/f505a165f1c7cd37b4cb6952042a5984693a4067", "https://git.kernel.org/stable/c/fe53a726d5edf864e80b490780cc135fc1adece9", "https://lore.kernel.org/linux-cve-announce/2025102816-CVE-2025-40060-eb50@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40060", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40060" ], "PublishedDate": "2025-10-28T12:15:40.377Z", "LastModifiedDate": "2025-10-30T15:05:32.197Z" }, { "VulnerabilityID": "CVE-2025-40064", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40064", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2149ab957060818bca6c8db8011bad6fb167f97f7fc7f19d7d24d88f349fa142", "Title": "kernel: smc: Fix use-after-free in __pnet_find_base_ndev()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmc: Fix use-after-free in __pnet_find_base_ndev().\n\nsyzbot reported use-after-free of net_device in __pnet_find_base_ndev(),\nwhich was called during connect(). [0]\n\nsmc_pnet_find_ism_resource() fetches sk_dst_get(sk)-\u003edev and passes\ndown to pnet_find_base_ndev(), where RTNL is held. Then, UAF happened\nat __pnet_find_base_ndev() when the dev is first used.\n\nThis means dev had already been freed before acquiring RTNL in\npnet_find_base_ndev().\n\nWhile dev is going away, dst-\u003edev could be swapped with blackhole_netdev,\nand the dev's refcnt by dst will be released.\n\nWe must hold dev's refcnt before calling smc_pnet_find_ism_resource().\n\nAlso, smc_pnet_find_roce_resource() has the same problem.\n\nLet's use __sk_dst_get() and dst_dev_rcu() in the two functions.\n\n[0]:\nBUG: KASAN: use-after-free in __pnet_find_base_ndev+0x1b1/0x1c0 net/smc/smc_pnet.c:926\nRead of size 1 at addr ffff888036bac33a by task syz.0.3632/18609\n\nCPU: 1 UID: 0 PID: 18609 Comm: syz.0.3632 Not tainted syzkaller #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x240 mm/kasan/report.c:482\n kasan_report+0x118/0x150 mm/kasan/report.c:595\n __pnet_find_base_ndev+0x1b1/0x1c0 net/smc/smc_pnet.c:926\n pnet_find_base_ndev net/smc/smc_pnet.c:946 [inline]\n smc_pnet_find_ism_by_pnetid net/smc/smc_pnet.c:1103 [inline]\n smc_pnet_find_ism_resource+0xef/0x390 net/smc/smc_pnet.c:1154\n smc_find_ism_device net/smc/af_smc.c:1030 [inline]\n smc_find_proposal_devices net/smc/af_smc.c:1115 [inline]\n __smc_connect+0x372/0x1890 net/smc/af_smc.c:1545\n smc_connect+0x877/0xd90 net/smc/af_smc.c:1715\n __sys_connect_file net/socket.c:2086 [inline]\n __sys_connect+0x313/0x440 net/socket.c:2105\n __do_sys_connect net/socket.c:2111 [inline]\n __se_sys_connect net/socket.c:2108 [inline]\n __x64_sys_connect+0x7a/0x90 net/socket.c:2108\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f47cbf8eba9\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f47ccdb1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a\nRAX: ffffffffffffffda RBX: 00007f47cc1d5fa0 RCX: 00007f47cbf8eba9\nRDX: 0000000000000010 RSI: 0000200000000280 RDI: 000000000000000b\nRBP: 00007f47cc011e19 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007f47cc1d6038 R14: 00007f47cc1d5fa0 R15: 00007ffc512f8aa8\n \u003c/TASK\u003e\n\nThe buggy address belongs to the physical page:\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888036bacd00 pfn:0x36bac\nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)\nraw: 00fff00000000000 ffffea0001243d08 ffff8880b863fdc0 0000000000000000\nraw: ffff888036bacd00 0000000000000000 00000000ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as freed\npage last allocated via order 2, migratetype Unmovable, gfp_mask 0x446dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP), pid 16741, tgid 16741 (syz-executor), ts 343313197788, free_ts 380670750466\n set_page_owner include/linux/page_owner.h:32 [inline]\n post_alloc_hook+0x240/0x2a0 mm/page_alloc.c:1851\n prep_new_page mm/page_alloc.c:1859 [inline]\n get_page_from_freelist+0x21e4/0x22c0 mm/page_alloc.c:3858\n __alloc_frozen_pages_noprof+0x181/0x370 mm/page_alloc.c:5148\n alloc_pages_mpol+0x232/0x4a0 mm/mempolicy.c:2416\n ___kmalloc_large_node+0x5f/0x1b0 mm/slub.c:4317\n __kmalloc_large_node_noprof+0x18/0x90 mm/slub.c:4348\n __do_kmalloc_node mm/slub.c:4364 [inline]\n __kvmalloc_node\n---truncated---", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "oracle-oval": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:2722", "https://access.redhat.com/security/cve/CVE-2025-40064", "https://bugzilla.redhat.com/2360239", "https://bugzilla.redhat.com/2406747", "https://bugzilla.redhat.com/2419870", "https://bugzilla.redhat.com/2419902", "https://bugzilla.redhat.com/2424880", "https://bugzilla.redhat.com/2429116", "https://bugzilla.redhat.com/2432671", "https://bugzilla.redhat.com/show_bug.cgi?id=2360239", "https://bugzilla.redhat.com/show_bug.cgi?id=2406747", "https://bugzilla.redhat.com/show_bug.cgi?id=2419870", "https://bugzilla.redhat.com/show_bug.cgi?id=2419902", "https://bugzilla.redhat.com/show_bug.cgi?id=2424880", "https://bugzilla.redhat.com/show_bug.cgi?id=2429116", "https://bugzilla.redhat.com/show_bug.cgi?id=2432671", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-53034", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68349", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68811", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22998", "https://errata.almalinux.org/9/ALSA-2026-2722.html", "https://errata.rockylinux.org/RLSA-2026:2722", "https://git.kernel.org/linus/3d3466878afd8d43ec0ca2facfbc7f03e40d0f79 (6.18-rc1)", "https://git.kernel.org/stable/c/233927b645cb7a14bb98d23ac72e4c7243a9f0d9", "https://git.kernel.org/stable/c/3d3466878afd8d43ec0ca2facfbc7f03e40d0f79", "https://linux.oracle.com/cve/CVE-2025-40064.html", "https://linux.oracle.com/errata/ELSA-2026-3083.html", "https://lore.kernel.org/linux-cve-announce/2025102817-CVE-2025-40064-0c16@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40064", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://www.cve.org/CVERecord?id=CVE-2025-40064" ], "PublishedDate": "2025-10-28T12:15:40.84Z", "LastModifiedDate": "2025-10-30T15:05:32.197Z" }, { "VulnerabilityID": "CVE-2025-40068", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40068", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4a8e03d405f43b1ce4c06590ba397dd269476a3a28b451241224925a276f1f61", "Title": "kernel: fs: ntfs3: Fix integer overflow in run_unpack()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: ntfs3: Fix integer overflow in run_unpack()\n\nThe MFT record relative to the file being opened contains its runlist,\nan array containing information about the file's location on the physical\ndisk. Analysis of all Call Stack paths showed that the values of the\nrunlist array, from which LCNs are calculated, are not validated before\nrun_unpack function.\n\nThe run_unpack function decodes the compressed runlist data format\nfrom MFT attributes (for example, $DATA), converting them into a runs_tree\nstructure, which describes the mapping of virtual clusters (VCN) to\nlogical clusters (LCN). The NTFS3 subsystem also has a shortcut for\ndeleting files from MFT records - in this case, the RUN_DEALLOCATE\ncommand is sent to the run_unpack input, and the function logic\nprovides that all data transferred to the runlist about file or\ndirectory is deleted without creating a runs_tree structure.\n\nSubstituting the runlist in the $DATA attribute of the MFT record for an\narbitrary file can lead either to access to arbitrary data on the disk\nbypassing access checks to them (since the inode access check\noccurs above) or to destruction of arbitrary data on the disk.\n\nAdd overflow check for addition operation.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 3, "photon": 3, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40068", "https://git.kernel.org/linus/736fc7bf5f68f6b74a0925b7e072c571838657d2 (6.18-rc1)", "https://git.kernel.org/stable/c/3ac37e100385b59ac821a62118494442238aaac4", "https://git.kernel.org/stable/c/5aa5799d162ad1b8e8b699d48b6218143c695a78", "https://git.kernel.org/stable/c/736fc7bf5f68f6b74a0925b7e072c571838657d2", "https://git.kernel.org/stable/c/9378cfe228c2c679564a4116bcb28c8e89dff989", "https://git.kernel.org/stable/c/a86c8b9d03f7101e1750233846fe989df6f0d631", "https://git.kernel.org/stable/c/f6b36cfd25cbadad63447c673743cf771090e756", "https://lore.kernel.org/linux-cve-announce/2025102818-CVE-2025-40068-1b0e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40068", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40068" ], "PublishedDate": "2025-10-28T12:15:41.277Z", "LastModifiedDate": "2025-10-30T15:05:32.197Z" }, { "VulnerabilityID": "CVE-2025-40070", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40070", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:546cb25f51608807b0b6064e4089ea0e2fc37b8f2c0acee152a7af29dcf4c1c2", "Title": "kernel: pps: fix warning in pps_register_cdev when register device fail", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\npps: fix warning in pps_register_cdev when register device fail\n\nSimilar to previous commit 2a934fdb01db (\"media: v4l2-dev: fix error\nhandling in __video_register_device()\"), the release hook should be set\nbefore device_register(). Otherwise, when device_register() return error\nand put_device() try to callback the release function, the below warning\nmay happen.\n\n ------------[ cut here ]------------\n WARNING: CPU: 1 PID: 4760 at drivers/base/core.c:2567 device_release+0x1bd/0x240 drivers/base/core.c:2567\n Modules linked in:\n CPU: 1 UID: 0 PID: 4760 Comm: syz.4.914 Not tainted 6.17.0-rc3+ #1 NONE\n RIP: 0010:device_release+0x1bd/0x240 drivers/base/core.c:2567\n Call Trace:\n \u003cTASK\u003e\n kobject_cleanup+0x136/0x410 lib/kobject.c:689\n kobject_release lib/kobject.c:720 [inline]\n kref_put include/linux/kref.h:65 [inline]\n kobject_put+0xe9/0x130 lib/kobject.c:737\n put_device+0x24/0x30 drivers/base/core.c:3797\n pps_register_cdev+0x2da/0x370 drivers/pps/pps.c:402\n pps_register_source+0x2f6/0x480 drivers/pps/kapi.c:108\n pps_tty_open+0x190/0x310 drivers/pps/clients/pps-ldisc.c:57\n tty_ldisc_open+0xa7/0x120 drivers/tty/tty_ldisc.c:432\n tty_set_ldisc+0x333/0x780 drivers/tty/tty_ldisc.c:563\n tiocsetd drivers/tty/tty_io.c:2429 [inline]\n tty_ioctl+0x5d1/0x1700 drivers/tty/tty_io.c:2728\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:598 [inline]\n __se_sys_ioctl fs/ioctl.c:584 [inline]\n __x64_sys_ioctl+0x194/0x210 fs/ioctl.c:584\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0x5f/0x2a0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n \u003c/TASK\u003e\n\nBefore commit c79a39dc8d06 (\"pps: Fix a use-after-free\"),\npps_register_cdev() call device_create() to create pps-\u003edev, which will\ninit dev-\u003erelease to device_create_release(). Now the comment is outdated,\njust remove it.\n\nThanks for the reminder from Calvin Owens, 'kfree_pps' should be removed\nin pps_register_source() to avoid a double free in the failure case.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40070", "https://git.kernel.org/linus/b0531cdba5029f897da5156815e3bdafe1e9b88d (6.18-rc1)", "https://git.kernel.org/stable/c/0f97564a1fb62f34b3b498e2f12caffbe99c004a", "https://git.kernel.org/stable/c/125527db41805693208ee1aacd7f3ffe6a3a489c", "https://git.kernel.org/stable/c/2a194707ca27a3b0523023fa8b446e5ec922dc51", "https://git.kernel.org/stable/c/38c7bb10aae5118dd48fa7a82f7bf93839bcc320", "https://git.kernel.org/stable/c/4cbd7450a22c5ee4842fc4175ad06c0c82ea53a8", "https://git.kernel.org/stable/c/b0531cdba5029f897da5156815e3bdafe1e9b88d", "https://git.kernel.org/stable/c/cf71834a0cfc394c72d62fd6dbb470ee13cf8f5e", "https://git.kernel.org/stable/c/f01fa3588e0b3cb1540f56d2c6bd99e5b3810234", "https://linux.oracle.com/cve/CVE-2025-40070.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025102818-CVE-2025-40070-0156@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40070", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40070" ], "PublishedDate": "2025-10-28T12:15:41.493Z", "LastModifiedDate": "2025-10-30T15:05:32.197Z" }, { "VulnerabilityID": "CVE-2025-40071", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40071", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:743da2fd1948b35f9a38258ed4f47715c2ecc2e0319708ed6ffe5fcff2f8b085", "Title": "kernel: tty: n_gsm: Don't block input queue by waiting MSC", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: Don't block input queue by waiting MSC\n\nCurrently gsm_queue() processes incoming frames and when opening\na DLC channel it calls gsm_dlci_open() which calls gsm_modem_update().\nIf basic mode is used it calls gsm_modem_upd_via_msc() and it\ncannot block the input queue by waiting the response to come\ninto the same input queue.\n\nInstead allow sending Modem Status Command without waiting for remote\nend to respond. Define a new function gsm_modem_send_initial_msc()\nfor this purpose. As MSC is only valid for basic encoding, it does\nnot do anything for advanced or when convergence layer type 2 is used.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40071", "https://git.kernel.org/linus/3cf0b3c243e56bc43be560617416c1d9f301f44c (6.18-rc1)", "https://git.kernel.org/stable/c/3cf0b3c243e56bc43be560617416c1d9f301f44c", "https://git.kernel.org/stable/c/5416e89b81b00443cb03c88df8da097ae091a141", "https://git.kernel.org/stable/c/c36785f9de03df56ff9b8eca30fa681a12b2310d", "https://git.kernel.org/stable/c/c5a2791a7f11939f05f95c01f0aec0c55bbf28d5", "https://linux.oracle.com/cve/CVE-2025-40071.html", "https://linux.oracle.com/errata/ELSA-2025-28040.html", "https://lore.kernel.org/linux-cve-announce/2025102818-CVE-2025-40071-6cff@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40071", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40071" ], "PublishedDate": "2025-10-28T12:15:41.613Z", "LastModifiedDate": "2025-10-30T15:05:32.197Z" }, { "VulnerabilityID": "CVE-2025-40073", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40073", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:da657fc3c4aa851fe3d50a4100d440d1c575b74b9da00ff6d426b57e996a75c7", "Title": "kernel: drm/msm: Do not validate SSPP when it is not ready", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: Do not validate SSPP when it is not ready\n\nCurrent code will validate current plane and previous plane to\nconfirm they can share a SSPP with multi-rect mode. The SSPP\nis already allocated for previous plane, while current plane\nis not associated with any SSPP yet. Null pointer is referenced\nwhen validating the SSPP of current plane. Skip SSPP validation\nfor current plane.\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000020\nMem abort info:\n ESR = 0x0000000096000004\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x04: level 0 translation fault\nData abort info:\n ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\nuser pgtable: 4k pages, 48-bit VAs, pgdp=0000000888ac3000\n[0000000000000020] pgd=0000000000000000, p4d=0000000000000000\nInternal error: Oops: 0000000096000004 [#1] SMP\nModules linked in:\nCPU: 4 UID: 0 PID: 1891 Comm: modetest Tainted: G S 6.15.0-rc2-g3ee3f6e1202e #335 PREEMPT\nTainted: [S]=CPU_OUT_OF_SPEC\nHardware name: SM8650 EV1 rev1 4slam 2et (DT)\npstate: 63400009 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\npc : dpu_plane_is_multirect_capable+0x68/0x90\nlr : dpu_assign_plane_resources+0x288/0x410\nsp : ffff800093dcb770\nx29: ffff800093dcb770 x28: 0000000000002000 x27: ffff000817c6c000\nx26: ffff000806b46368 x25: ffff0008013f6080 x24: ffff00080cbf4800\nx23: ffff000810842680 x22: ffff0008013f1080 x21: ffff00080cc86080\nx20: ffff000806b463b0 x19: ffff00080cbf5a00 x18: 00000000ffffffff\nx17: 707a5f657a696c61 x16: 0000000000000003 x15: 0000000000002200\nx14: 00000000ffffffff x13: 00aaaaaa00aaaaaa x12: 0000000000000000\nx11: ffff000817c6e2b8 x10: 0000000000000000 x9 : ffff80008106a950\nx8 : ffff00080cbf48f4 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : 0000000000000000 x4 : 0000000000000438 x3 : 0000000000000438\nx2 : ffff800082e245e0 x1 : 0000000000000008 x0 : 0000000000000000\nCall trace:\n dpu_plane_is_multirect_capable+0x68/0x90 (P)\n dpu_crtc_atomic_check+0x5bc/0x650\n drm_atomic_helper_check_planes+0x13c/0x220\n drm_atomic_helper_check+0x58/0xb8\n msm_atomic_check+0xd8/0xf0\n drm_atomic_check_only+0x4a8/0x968\n drm_atomic_commit+0x50/0xd8\n drm_atomic_helper_update_plane+0x140/0x188\n __setplane_atomic+0xfc/0x148\n drm_mode_setplane+0x164/0x378\n drm_ioctl_kernel+0xc0/0x140\n drm_ioctl+0x20c/0x500\n __arm64_sys_ioctl+0xbc/0xf8\n invoke_syscall+0x50/0x120\n el0_svc_common.constprop.0+0x48/0xf8\n do_el0_svc+0x28/0x40\n el0_svc+0x30/0xd0\n el0t_64_sync_handler+0x144/0x168\n el0t_64_sync+0x198/0x1a0\nCode: b9402021 370fffc1 f9401441 3707ff81 (f94010a1)\n---[ end trace 0000000000000000 ]---\n\nPatchwork: https://patchwork.freedesktop.org/patch/669224/", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40073", "https://git.kernel.org/linus/6fc616723bb5fd4289d7422fa013da062b44ae55 (6.18-rc1)", "https://git.kernel.org/stable/c/6fc616723bb5fd4289d7422fa013da062b44ae55", "https://git.kernel.org/stable/c/f1dbb3eedb7db4cad45d2619edb1cce6041f79e3", "https://lore.kernel.org/linux-cve-announce/2025102819-CVE-2025-40073-575c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40073", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://www.cve.org/CVERecord?id=CVE-2025-40073" ], "PublishedDate": "2025-10-28T12:15:41.83Z", "LastModifiedDate": "2025-10-30T15:05:32.197Z" }, { "VulnerabilityID": "CVE-2025-40074", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40074", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:83950c900e60f4ca24970ca05ee6537d0061b043406968f87fd31355db469f84", "Title": "kernel: ipv4: start using dst_dev_rcu()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: start using dst_dev_rcu()\n\nChange icmpv4_xrlim_allow(), ip_defrag() to prevent possible UAF.\n\nChange ipmr_prepare_xmit(), ipmr_queue_fwd_xmit(), ip_mr_output(),\nipv4_neigh_lookup() to use lockdep enabled dst_dev_rcu().", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 6.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40074", "https://git.kernel.org/linus/6ad8de3cefdb6ffa6708b21c567df0dbf82c43a8 (6.18-rc1)", "https://git.kernel.org/stable/c/6ad8de3cefdb6ffa6708b21c567df0dbf82c43a8", "https://git.kernel.org/stable/c/923e0734c386984d45de508528a7a7ad91d791cc", "https://lore.kernel.org/linux-cve-announce/2025102819-CVE-2025-40074-8719@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40074", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://www.cve.org/CVERecord?id=CVE-2025-40074" ], "PublishedDate": "2025-10-28T12:15:41.943Z", "LastModifiedDate": "2025-10-30T15:05:32.197Z" }, { "VulnerabilityID": "CVE-2025-40075", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40075", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e9fec513d0779350796293922658afc823b9a67d50ef7655d930b00b84b409ea", "Title": "kernel: tcp_metrics: use dst_dev_net_rcu()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_metrics: use dst_dev_net_rcu()\n\nReplace three dst_dev() with a lockdep enabled helper.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40075", "https://git.kernel.org/linus/50c127a69cd6285300931853b352a1918cfa180f (6.18-rc1)", "https://git.kernel.org/stable/c/07613a95326ebad2d1b88d883cd72546025a4f3e", "https://git.kernel.org/stable/c/4b89397807eb04986427c4786d065e9442834ad4", "https://git.kernel.org/stable/c/50c127a69cd6285300931853b352a1918cfa180f", "https://linux.oracle.com/cve/CVE-2025-40075.html", "https://linux.oracle.com/errata/ELSA-2026-50112.html", "https://lore.kernel.org/linux-cve-announce/2025102819-CVE-2025-40075-770f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40075", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://www.cve.org/CVERecord?id=CVE-2025-40075" ], "PublishedDate": "2025-10-28T12:15:42.053Z", "LastModifiedDate": "2025-12-18T14:15:59.16Z" }, { "VulnerabilityID": "CVE-2025-40077", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40077", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:abf33c6f8558a7d4f965bea0b4e3f6594076612cfde00e0632f25170e62884d5", "Title": "kernel: f2fs: fix to avoid overflow while left shift operation", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid overflow while left shift operation\n\nShould cast type of folio-\u003eindex from pgoff_t to loff_t to avoid overflow\nwhile left shift operation.", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40077", "https://git.kernel.org/linus/0fe1c6bec54ea68ed8c987b3890f2296364e77bb (6.18-rc1)", "https://git.kernel.org/stable/c/0e75a098b0a37f02ca31fe99ac16004c8163cf67", "https://git.kernel.org/stable/c/0fe1c6bec54ea68ed8c987b3890f2296364e77bb", "https://git.kernel.org/stable/c/57d3381dfb97ff73ddd18601017fec21cca80985", "https://git.kernel.org/stable/c/ef49378864bb1ed14cd48c8e687729e12714d849", "https://lore.kernel.org/linux-cve-announce/2025102819-CVE-2025-40077-2313@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40077", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40077" ], "PublishedDate": "2025-10-28T12:15:42.26Z", "LastModifiedDate": "2025-11-24T10:16:01.48Z" }, { "VulnerabilityID": "CVE-2025-40078", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40078", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c7cb4a7d0c455aa2752290cab54acdb10e3afaa241c99dfbcd02677d59351433", "Title": "kernel: Linux kernel: Denial of Service via improper access validation in bpf_sock_addr", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Explicitly check accesses to bpf_sock_addr\n\nSyzkaller found a kernel warning on the following sock_addr program:\n\n 0: r0 = 0\n 1: r2 = *(u32 *)(r1 +60)\n 2: exit\n\nwhich triggers:\n\n verifier bug: error during ctx access conversion (0)\n\nThis is happening because offset 60 in bpf_sock_addr corresponds to an\nimplicit padding of 4 bytes, right after msg_src_ip4. Access to this\npadding isn't rejected in sock_addr_is_valid_access and it thus later\nfails to convert the access.\n\nThis patch fixes it by explicitly checking the various fields of\nbpf_sock_addr in sock_addr_is_valid_access.\n\nI checked the other ctx structures and is_valid_access functions and\ndidn't find any other similar cases. Other cases of (properly handled)\npadding are covered in new tests in a subsequent patch.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40078", "https://git.kernel.org/linus/6fabca2fc94d33cdf7ec102058983b086293395f (6.18-rc1)", "https://git.kernel.org/stable/c/4f00858cd9bbbdf67159e28b85a8ca9e77c83622", "https://git.kernel.org/stable/c/6d8b1a21fd5c34622b0c3893c61e4a38d8ba53ec", "https://git.kernel.org/stable/c/6fabca2fc94d33cdf7ec102058983b086293395f", "https://git.kernel.org/stable/c/76e04bbb4296fb6eac084dbfc27e02ccc744db3e", "https://git.kernel.org/stable/c/ad8b4fe5617e3c85fc23267f02500c4f3bf0ff69", "https://git.kernel.org/stable/c/cdeafacb4f9ff261a96baef519e29480fd7b1019", "https://git.kernel.org/stable/c/de44cdc50d2dce8718cb57deddf9cf1be9a7759f", "https://git.kernel.org/stable/c/fe9d33f0470350558cb08cecb54cf2267b3a45d2", "https://linux.oracle.com/cve/CVE-2025-40078.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025102820-CVE-2025-40078-258f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40078", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40078" ], "PublishedDate": "2025-10-28T12:15:42.36Z", "LastModifiedDate": "2025-10-30T15:05:32.197Z" }, { "VulnerabilityID": "CVE-2025-40080", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40080", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4621ef3306227866ce5a7800d35420573df52795c9a5a15af237a76259f1ef98", "Title": "kernel: nbd: restrict sockets to TCP and UDP", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: restrict sockets to TCP and UDP\n\nRecently, syzbot started to abuse NBD with all kinds of sockets.\n\nCommit cf1b2326b734 (\"nbd: verify socket is supported during setup\")\nmade sure the socket supported a shutdown() method.\n\nExplicitely accept TCP and UNIX stream sockets.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40080", "https://git.kernel.org/linus/9f7c02e031570e8291a63162c6c046dc15ff85b0 (6.18-rc1)", "https://git.kernel.org/stable/c/37ad11f20e164c23ce827dd455b42c0fdd29685c", "https://git.kernel.org/stable/c/4f9e6ff6319dbcebea64b50af0304cf0ad7e97e7", "https://git.kernel.org/stable/c/808e2335bc1cf2293b9e36ccc94c267c81509c71", "https://git.kernel.org/stable/c/9f7c02e031570e8291a63162c6c046dc15ff85b0", "https://git.kernel.org/stable/c/c365e8f20f4201d873a70385bd919f0fb531e960", "https://linux.oracle.com/cve/CVE-2025-40080.html", "https://linux.oracle.com/errata/ELSA-2025-28040.html", "https://lore.kernel.org/linux-cve-announce/2025102820-CVE-2025-40080-bda1@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40080", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40080" ], "PublishedDate": "2025-10-28T12:15:42.587Z", "LastModifiedDate": "2025-10-30T15:05:32.197Z" }, { "VulnerabilityID": "CVE-2025-40081", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40081", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3d1d812c5fc37977811cf46aa38a319ad090fec548615dbae3f4a8237bb55d19", "Title": "kernel: perf: arm_spe: Prevent overflow in PERF_IDX2OFF()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: arm_spe: Prevent overflow in PERF_IDX2OFF()\n\nCast nr_pages to unsigned long to avoid overflow when handling large\nAUX buffer sizes (\u003e= 2 GiB).", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 3, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40081", "https://git.kernel.org/linus/a29fea30dd93da16652930162b177941abd8c75e (6.18-rc1)", "https://git.kernel.org/stable/c/1a19ba8e1f4ff24ece8ca69b79df8442c431db90", "https://git.kernel.org/stable/c/379cae2cb982f571cda9493ac573ab71125fd299", "https://git.kernel.org/stable/c/5d01f2b81568289443d22f1e13a363f829de6343", "https://git.kernel.org/stable/c/656e9a5d69acdd1b20462f4a33378b90ddcb9626", "https://git.kernel.org/stable/c/7500384d3c9587593d75ded3b006835e7aa73ef8", "https://git.kernel.org/stable/c/9c045d4501f7f70724a3bbb561f4f22d292bbfe6", "https://git.kernel.org/stable/c/a29fea30dd93da16652930162b177941abd8c75e", "https://git.kernel.org/stable/c/e516cfd19b0f4c774a57b17fb43a7f41991f0735", "https://linux.oracle.com/cve/CVE-2025-40081.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025102820-CVE-2025-40081-c552@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40081", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40081" ], "PublishedDate": "2025-10-28T12:15:42.717Z", "LastModifiedDate": "2025-10-30T15:05:32.197Z" }, { "VulnerabilityID": "CVE-2025-40082", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40082", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:924285be66ab528fc60f03655975b6b08318265eadd6c5b55860dc7eddcb57f8", "Title": "kernel: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()\n\nBUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186\nRead of size 2 at addr ffff8880289ef218 by task syz.6.248/14290\n\nCPU: 0 UID: 0 PID: 14290 Comm: syz.6.248 Not tainted 6.16.4 #1 PREEMPT(full)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1b0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x5f0 mm/kasan/report.c:482\n kasan_report+0xca/0x100 mm/kasan/report.c:595\n hfsplus_uni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186\n hfsplus_listxattr+0x5b6/0xbd0 fs/hfsplus/xattr.c:738\n vfs_listxattr+0xbe/0x140 fs/xattr.c:493\n listxattr+0xee/0x190 fs/xattr.c:924\n filename_listxattr fs/xattr.c:958 [inline]\n path_listxattrat+0x143/0x360 fs/xattr.c:988\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcb/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fe0e9fae16d\nCode: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fe0eae67f98 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3\nRAX: ffffffffffffffda RBX: 00007fe0ea205fa0 RCX: 00007fe0e9fae16d\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000\nRBP: 00007fe0ea0480f0 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007fe0ea206038 R14: 00007fe0ea205fa0 R15: 00007fe0eae48000\n \u003c/TASK\u003e\n\nAllocated by task 14290:\n kasan_save_stack+0x24/0x50 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4333 [inline]\n __kmalloc_noprof+0x219/0x540 mm/slub.c:4345\n kmalloc_noprof include/linux/slab.h:909 [inline]\n hfsplus_find_init+0x95/0x1f0 fs/hfsplus/bfind.c:21\n hfsplus_listxattr+0x331/0xbd0 fs/hfsplus/xattr.c:697\n vfs_listxattr+0xbe/0x140 fs/xattr.c:493\n listxattr+0xee/0x190 fs/xattr.c:924\n filename_listxattr fs/xattr.c:958 [inline]\n path_listxattrat+0x143/0x360 fs/xattr.c:988\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcb/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nWhen hfsplus_uni2asc is called from hfsplus_listxattr,\nit actually passes in a struct hfsplus_attr_unistr*.\nThe size of the corresponding structure is different from that of hfsplus_unistr,\nso the previous fix (94458781aee6) is insufficient.\nThe pointer on the unicode buffer is still going beyond the allocated memory.\n\nThis patch introduces two warpper functions hfsplus_uni2asc_xattr_str and\nhfsplus_uni2asc_str to process two unicode buffers,\nstruct hfsplus_attr_unistr* and struct hfsplus_unistr* respectively.\nWhen ustrlen value is bigger than the allocated memory size,\nthe ustrlen value is limited to an safe size.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "azure": 3, "nvd": 3, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40082", "https://git.kernel.org/linus/bea3e1d4467bcf292c8e54f080353d556d355e26 (6.18-rc1)", "https://git.kernel.org/stable/c/343fe375a8dd6ee51a193a1c233b999f5ea4d479", "https://git.kernel.org/stable/c/5b5228964619b180f366940505b77255b1a03929", "https://git.kernel.org/stable/c/782acde47e127c98a113726e2ff8024bd65c0454", "https://git.kernel.org/stable/c/857aefc70d4ae3b9bf1ae67434d27d0f79f80c9e", "https://git.kernel.org/stable/c/bea3e1d4467bcf292c8e54f080353d556d355e26", "https://git.kernel.org/stable/c/c3db89ea1ed3d540eebe8f3c36e806fb75ee4a1e", "https://linux.oracle.com/cve/CVE-2025-40082.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2025102820-CVE-2025-40082-3f03@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40082", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://www.cve.org/CVERecord?id=CVE-2025-40082" ], "PublishedDate": "2025-10-28T12:15:42.84Z", "LastModifiedDate": "2026-02-26T15:51:15.73Z" }, { "VulnerabilityID": "CVE-2025-40083", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40083", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6ec3ed0919775afd13c9bf197b490e7c6f853eed368b28d74f92b1fe100f63e9", "Title": "kernel: net/sched: sch_qfq: Fix null-deref in agg_dequeue", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_qfq: Fix null-deref in agg_dequeue\n\nTo prevent a potential crash in agg_dequeue (net/sched/sch_qfq.c)\nwhen cl-\u003eqdisc-\u003eops-\u003epeek(cl-\u003eqdisc) returns NULL, we check the return\nvalue before using it, similar to the existing approach in sch_hfsc.c.\n\nTo avoid code duplication, the following changes are made:\n\n1. Changed qdisc_warn_nonwc(include/net/pkt_sched.h) into a static\ninline function.\n\n2. Moved qdisc_peek_len from net/sched/sch_hfsc.c to\ninclude/net/pkt_sched.h so that sch_qfq can reuse it.\n\n3. Applied qdisc_peek_len in agg_dequeue to avoid crashing.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40083", "https://git.kernel.org/linus/dd831ac8221e691e9e918585b1003c7071df0379 (6.16-rc6)", "https://git.kernel.org/stable/c/1bed56f089f09b465420bf23bb32985c305cfc28", "https://git.kernel.org/stable/c/3c2a8994807623c7655ece205667ae2cf74940aa", "https://git.kernel.org/stable/c/6ff8e74c8f8a68ec07ef837b95425dfe900d060f", "https://git.kernel.org/stable/c/6ffa9d66187188e3068b5a3895e6ae1ee34f9199", "https://git.kernel.org/stable/c/71d84658a61322e5630c85c5388fc25e4a2d08b2", "https://git.kernel.org/stable/c/99fc137f178797204d36ac860dd8b31e35baa2df", "https://git.kernel.org/stable/c/dd831ac8221e691e9e918585b1003c7071df0379", "https://linux.oracle.com/cve/CVE-2025-40083.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025102908-CVE-2025-40083-1481@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40083", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40083" ], "PublishedDate": "2025-10-29T14:15:54.9Z", "LastModifiedDate": "2025-12-06T22:15:52.233Z" }, { "VulnerabilityID": "CVE-2025-40084", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40084", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b305aefac74fcfeb67c1a8154c6b9556f8be14977b73b7dd00af9a8675e26c72", "Title": "kernel: ksmbd: transport_ipc: validate payload size before reading handle", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: transport_ipc: validate payload size before reading handle\n\nhandle_response() dereferences the payload as a 4-byte handle without\nverifying that the declared payload size is at least 4 bytes. A malformed\nor truncated message from ksmbd.mountd can lead to a 4-byte read past the\ndeclared payload size. Validate the size before dereferencing.\n\nThis is a minimal fix to guard the initial handle read.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40084", "https://git.kernel.org/linus/6f40e50ceb99fc8ef37e5c56e2ec1d162733fef0", "https://git.kernel.org/stable/c/2dc125f5da134c0915a840b62565c60a595673dd", "https://git.kernel.org/stable/c/6f40e50ceb99fc8ef37e5c56e2ec1d162733fef0", "https://git.kernel.org/stable/c/867ffd9d67285612da3f0498ca618297f8e41f01", "https://git.kernel.org/stable/c/898d527ed94c19980a4d848f10057f1fed578ffb", "https://git.kernel.org/stable/c/a02e432d5130da4c723aabe1205bac805889fdb2", "https://lore.kernel.org/linux-cve-announce/2025102909-CVE-2025-40084-1407@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40084", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40084" ], "PublishedDate": "2025-10-29T14:15:55.007Z", "LastModifiedDate": "2025-11-03T01:15:43.007Z" }, { "VulnerabilityID": "CVE-2025-40085", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40085", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0057a4f7b9232b6e1b4d4eea1c6a5a5b4a509ece8d7f853ec2605b44098c3296", "Title": "kernel: ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix NULL pointer deference in try_to_register_card\n\nIn try_to_register_card(), the return value of usb_ifnum_to_if() is\npassed directly to usb_interface_claimed() without a NULL check, which\nwill lead to a NULL pointer dereference when creating an invalid\nUSB audio device. Fix this by adding a check to ensure the interface\npointer is valid before passing it to usb_interface_claimed().", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40085", "https://git.kernel.org/linus/28412b489b088fb88dff488305fd4e56bd47f6e4 (6.18-rc2)", "https://git.kernel.org/stable/c/28412b489b088fb88dff488305fd4e56bd47f6e4", "https://git.kernel.org/stable/c/576312eb436326b44b7010f4d9ae2b698df075ea", "https://git.kernel.org/stable/c/736159f7b296d7a95f7208eb4799639b1f8b16a0", "https://git.kernel.org/stable/c/8503ac1a62075a085402e42a386b5c627c821a51", "https://git.kernel.org/stable/c/8d19a7ab28c7b9c207db5c5282afa8cc8595bcdb", "https://git.kernel.org/stable/c/bba7208765d26e5e36b87f21dacc2780b064f41f", "https://linux.oracle.com/cve/CVE-2025-40085.html", "https://linux.oracle.com/errata/ELSA-2025-28048.html", "https://lore.kernel.org/linux-cve-announce/2025102910-CVE-2025-40085-0ce0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40085", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40085" ], "PublishedDate": "2025-10-29T14:15:55.117Z", "LastModifiedDate": "2025-10-30T15:03:13.44Z" }, { "VulnerabilityID": "CVE-2025-40087", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40087", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:56cfb22c48189c3721b7dd52f55e0f5fb71d56c94f54ab32c16a891699e6965f", "Title": "kernel: NFSD: Define a proc_layoutcommit for the FlexFiles layout type", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Define a proc_layoutcommit for the FlexFiles layout type\n\nAvoid a crash if a pNFS client should happen to send a LAYOUTCOMMIT\noperation on a FlexFiles layout.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "oracle-oval": 3, "photon": 3, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40087", "https://git.kernel.org/linus/4b47a8601b71ad98833b447d465592d847b4dc77 (6.18-rc2)", "https://git.kernel.org/stable/c/34d187e020cbda112a6c6f094f0ca5e6a8672b75", "https://git.kernel.org/stable/c/4b47a8601b71ad98833b447d465592d847b4dc77", "https://git.kernel.org/stable/c/785ec512afa80d0540f2ca797c0e56de747a6083", "https://git.kernel.org/stable/c/a156af6a4dc38c2aa7c98e89520a70fb3b3e7df4", "https://git.kernel.org/stable/c/a75994dd879401c3e24ff51c2536559f1a53ea27", "https://git.kernel.org/stable/c/ba88a53d7f5df4191583abf214214efe0cda91d2", "https://git.kernel.org/stable/c/da9129ef77786839a3ccd1d7afeeab790bceaa1d", "https://git.kernel.org/stable/c/f7353208c91ab004e0179c5fb6c365b0f132f9f0", "https://linux.oracle.com/cve/CVE-2025-40087.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025103015-CVE-2025-40087-ff33@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40087", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40087" ], "PublishedDate": "2025-10-30T10:15:33.23Z", "LastModifiedDate": "2025-10-30T15:03:13.44Z" }, { "VulnerabilityID": "CVE-2025-40088", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40088", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1e8d0c92a46fe5b23b95fce0d9b935c39ba2a7804b741003402c53b52ad504ea", "Title": "kernel: hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp()\n\nThe hfsplus_strcasecmp() logic can trigger the issue:\n\n[ 117.317703][ T9855] ==================================================================\n[ 117.318353][ T9855] BUG: KASAN: slab-out-of-bounds in hfsplus_strcasecmp+0x1bc/0x490\n[ 117.318991][ T9855] Read of size 2 at addr ffff88802160f40c by task repro/9855\n[ 117.319577][ T9855]\n[ 117.319773][ T9855] CPU: 0 UID: 0 PID: 9855 Comm: repro Not tainted 6.17.0-rc6 #33 PREEMPT(full)\n[ 117.319780][ T9855] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 117.319783][ T9855] Call Trace:\n[ 117.319785][ T9855] \u003cTASK\u003e\n[ 117.319788][ T9855] dump_stack_lvl+0x1c1/0x2a0\n[ 117.319795][ T9855] ? __virt_addr_valid+0x1c8/0x5c0\n[ 117.319803][ T9855] ? __pfx_dump_stack_lvl+0x10/0x10\n[ 117.319808][ T9855] ? rcu_is_watching+0x15/0xb0\n[ 117.319816][ T9855] ? lock_release+0x4b/0x3e0\n[ 117.319821][ T9855] ? __kasan_check_byte+0x12/0x40\n[ 117.319828][ T9855] ? __virt_addr_valid+0x1c8/0x5c0\n[ 117.319835][ T9855] ? __virt_addr_valid+0x4a5/0x5c0\n[ 117.319842][ T9855] print_report+0x17e/0x7e0\n[ 117.319848][ T9855] ? __virt_addr_valid+0x1c8/0x5c0\n[ 117.319855][ T9855] ? __virt_addr_valid+0x4a5/0x5c0\n[ 117.319862][ T9855] ? __phys_addr+0xd3/0x180\n[ 117.319869][ T9855] ? hfsplus_strcasecmp+0x1bc/0x490\n[ 117.319876][ T9855] kasan_report+0x147/0x180\n[ 117.319882][ T9855] ? hfsplus_strcasecmp+0x1bc/0x490\n[ 117.319891][ T9855] hfsplus_strcasecmp+0x1bc/0x490\n[ 117.319900][ T9855] ? __pfx_hfsplus_cat_case_cmp_key+0x10/0x10\n[ 117.319906][ T9855] hfs_find_rec_by_key+0xa9/0x1e0\n[ 117.319913][ T9855] __hfsplus_brec_find+0x18e/0x470\n[ 117.319920][ T9855] ? __pfx_hfsplus_bnode_find+0x10/0x10\n[ 117.319926][ T9855] ? __pfx_hfs_find_rec_by_key+0x10/0x10\n[ 117.319933][ T9855] ? __pfx___hfsplus_brec_find+0x10/0x10\n[ 117.319942][ T9855] hfsplus_brec_find+0x28f/0x510\n[ 117.319949][ T9855] ? __pfx_hfs_find_rec_by_key+0x10/0x10\n[ 117.319956][ T9855] ? __pfx_hfsplus_brec_find+0x10/0x10\n[ 117.319963][ T9855] ? __kmalloc_noprof+0x2a9/0x510\n[ 117.319969][ T9855] ? hfsplus_find_init+0x8c/0x1d0\n[ 117.319976][ T9855] hfsplus_brec_read+0x2b/0x120\n[ 117.319983][ T9855] hfsplus_lookup+0x2aa/0x890\n[ 117.319990][ T9855] ? __pfx_hfsplus_lookup+0x10/0x10\n[ 117.320003][ T9855] ? d_alloc_parallel+0x2f0/0x15e0\n[ 117.320008][ T9855] ? __lock_acquire+0xaec/0xd80\n[ 117.320013][ T9855] ? __pfx_d_alloc_parallel+0x10/0x10\n[ 117.320019][ T9855] ? __raw_spin_lock_init+0x45/0x100\n[ 117.320026][ T9855] ? __init_waitqueue_head+0xa9/0x150\n[ 117.320034][ T9855] __lookup_slow+0x297/0x3d0\n[ 117.320039][ T9855] ? __pfx___lookup_slow+0x10/0x10\n[ 117.320045][ T9855] ? down_read+0x1ad/0x2e0\n[ 117.320055][ T9855] lookup_slow+0x53/0x70\n[ 117.320065][ T9855] walk_component+0x2f0/0x430\n[ 117.320073][ T9855] path_lookupat+0x169/0x440\n[ 117.320081][ T9855] filename_lookup+0x212/0x590\n[ 117.320089][ T9855] ? __pfx_filename_lookup+0x10/0x10\n[ 117.320098][ T9855] ? strncpy_from_user+0x150/0x290\n[ 117.320105][ T9855] ? getname_flags+0x1e5/0x540\n[ 117.320112][ T9855] user_path_at+0x3a/0x60\n[ 117.320117][ T9855] __x64_sys_umount+0xee/0x160\n[ 117.320123][ T9855] ? __pfx___x64_sys_umount+0x10/0x10\n[ 117.320129][ T9855] ? do_syscall_64+0xb7/0x3a0\n[ 117.320135][ T9855] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 117.320141][ T9855] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 117.320145][ T9855] do_syscall_64+0xf3/0x3a0\n[ 117.320150][ T9855] ? exc_page_fault+0x9f/0xf0\n[ 117.320154][ T9855] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 117.320158][ T9855] RIP: 0033:0x7f7dd7908b07\n[ 117.320163][ T9855] Code: 23 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 08\n[ 117.320167][ T9855] RSP: 002b:00007ffd5ebd9698 EFLAGS: 00000202 \n---truncated---", "Severity": "MEDIUM", "VendorSeverity": { "photon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40088", "https://git.kernel.org/linus/42520df65bf67189541a425f7d36b0b3e7bd7844 (6.18-rc1)", "https://git.kernel.org/stable/c/42520df65bf67189541a425f7d36b0b3e7bd7844", "https://git.kernel.org/stable/c/4bc081ba6c52b0c88c92701e3fbc33c7e2277afb", "https://git.kernel.org/stable/c/4f5ab4a9c6abd8b0d713cc2b7b041bc10d70f241", "https://git.kernel.org/stable/c/586c75dfd1d265c4150f6529debb85c9d62e101f", "https://git.kernel.org/stable/c/603158d4efa98a13a746bd586c20f194f4a31ec8", "https://git.kernel.org/stable/c/7ab44236b32ed41eb0636797e8e8e885a2f3b18a", "https://git.kernel.org/stable/c/b47a75b6f762321f9eb6f31aab7bce47a37063b7", "https://git.kernel.org/stable/c/ef250c3edd995d7bb5a5e5122ffad1c28a8686eb", "https://lore.kernel.org/linux-cve-announce/2025103015-CVE-2025-40088-3491@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40088", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40088" ], "PublishedDate": "2025-10-30T10:15:33.343Z", "LastModifiedDate": "2025-10-30T15:03:13.44Z" }, { "VulnerabilityID": "CVE-2025-40092", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40092", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a95df39c2e31f6c803b5da7d7b7c2ab67c75daa55f0f4a9b091b30912e483406", "Title": "kernel: usb: gadget: f_ncm: Refactor bind path to use __free()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_ncm: Refactor bind path to use __free()\n\nAfter an bind/unbind cycle, the ncm-\u003enotify_req is left stale. If a\nsubsequent bind fails, the unified error label attempts to free this\nstale request, leading to a NULL pointer dereference when accessing\nep-\u003eops-\u003efree_request.\n\nRefactor the error handling in the bind path to use the __free()\nautomatic cleanup mechanism.\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000020\nCall trace:\n usb_ep_free_request+0x2c/0xec\n ncm_bind+0x39c/0x3dc\n usb_add_function+0xcc/0x1f0\n configfs_composite_bind+0x468/0x588\n gadget_bind_driver+0x104/0x270\n really_probe+0x190/0x374\n __driver_probe_device+0xa0/0x12c\n driver_probe_device+0x3c/0x218\n __device_attach_driver+0x14c/0x188\n bus_for_each_drv+0x10c/0x168\n __device_attach+0xfc/0x198\n device_initial_probe+0x14/0x24\n bus_probe_device+0x94/0x11c\n device_add+0x268/0x48c\n usb_add_gadget+0x198/0x28c\n dwc3_gadget_init+0x700/0x858\n __dwc3_set_mode+0x3cc/0x664\n process_scheduled_works+0x1d8/0x488\n worker_thread+0x244/0x334\n kthread+0x114/0x1bc\n ret_from_fork+0x10/0x20", "Severity": "MEDIUM", "VendorSeverity": { "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40092", "https://git.kernel.org/linus/75a5b8d4ddd4eb6b16cb0b475d14ff4ae64295ef (6.18-rc1)", "https://git.kernel.org/stable/c/185193a4714aa9c78437a7a1858fbe5771f0f45c", "https://git.kernel.org/stable/c/1cde4516295a030cb8ab4c93114ca3b6c3c6a1e2", "https://git.kernel.org/stable/c/75a5b8d4ddd4eb6b16cb0b475d14ff4ae64295ef", "https://git.kernel.org/stable/c/d3fe7143928d8dfa2ec7bac9f906b48bc75b98ee", "https://git.kernel.org/stable/c/ed78f4d6079d872432b1ed54f155ef61965d3137", "https://git.kernel.org/stable/c/f37de8dec6a4c379b4b8486003a1de00ff8cff3b", "https://linux.oracle.com/cve/CVE-2025-40092.html", "https://linux.oracle.com/errata/ELSA-2025-28048.html", "https://lore.kernel.org/linux-cve-announce/2025103016-CVE-2025-40092-9135@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40092", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40092" ], "PublishedDate": "2025-10-30T10:15:33.713Z", "LastModifiedDate": "2025-10-30T15:03:13.44Z" }, { "VulnerabilityID": "CVE-2025-40093", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40093", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e2ee441260f975219c6d05cfa866c7024743d64988a0d41b8b2be452189722b9", "Title": "kernel: usb: gadget: f_ecm: Refactor bind path to use __free()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_ecm: Refactor bind path to use __free()\n\nAfter an bind/unbind cycle, the ecm-\u003enotify_req is left stale. If a\nsubsequent bind fails, the unified error label attempts to free this\nstale request, leading to a NULL pointer dereference when accessing\nep-\u003eops-\u003efree_request.\n\nRefactor the error handling in the bind path to use the __free()\nautomatic cleanup mechanism.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40093", "https://git.kernel.org/linus/42988380ac67c76bb9dff8f77d7ef3eefd50b7b5 (6.18-rc1)", "https://git.kernel.org/stable/c/070f341d86cf2c098d63e484a86c7c1d2696a868", "https://git.kernel.org/stable/c/15b9faf53ba8719700596e7ef78879ce200e8c2e", "https://git.kernel.org/stable/c/42988380ac67c76bb9dff8f77d7ef3eefd50b7b5", "https://git.kernel.org/stable/c/4630c68bade82f087eaaab22e9a361da2f18d139", "https://git.kernel.org/stable/c/d3745aaef19198d0c81637a7dd50ef53c4f879b7", "https://lore.kernel.org/linux-cve-announce/2025103016-CVE-2025-40093-f52d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40093", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40093" ], "PublishedDate": "2025-10-30T10:15:33.813Z", "LastModifiedDate": "2025-10-30T15:03:13.44Z" }, { "VulnerabilityID": "CVE-2025-40094", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40094", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c9a4ce619e3bb3d3654f22bb8308d6719e25ae6904f54a6eb23304a65b046407", "Title": "kernel: usb: gadget: f_acm: Refactor bind path to use __free()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_acm: Refactor bind path to use __free()\n\nAfter an bind/unbind cycle, the acm-\u003enotify_req is left stale. If a\nsubsequent bind fails, the unified error label attempts to free this\nstale request, leading to a NULL pointer dereference when accessing\nep-\u003eops-\u003efree_request.\n\nRefactor the error handling in the bind path to use the __free()\nautomatic cleanup mechanism.\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000020\nCall trace:\n usb_ep_free_request+0x2c/0xec\n gs_free_req+0x30/0x44\n acm_bind+0x1b8/0x1f4\n usb_add_function+0xcc/0x1f0\n configfs_composite_bind+0x468/0x588\n gadget_bind_driver+0x104/0x270\n really_probe+0x190/0x374\n __driver_probe_device+0xa0/0x12c\n driver_probe_device+0x3c/0x218\n __device_attach_driver+0x14c/0x188\n bus_for_each_drv+0x10c/0x168\n __device_attach+0xfc/0x198\n device_initial_probe+0x14/0x24\n bus_probe_device+0x94/0x11c\n device_add+0x268/0x48c\n usb_add_gadget+0x198/0x28c\n dwc3_gadget_init+0x700/0x858\n __dwc3_set_mode+0x3cc/0x664\n process_scheduled_works+0x1d8/0x488\n worker_thread+0x244/0x334\n kthread+0x114/0x1bc\n ret_from_fork+0x10/0x20", "Severity": "MEDIUM", "VendorSeverity": { "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40094", "https://git.kernel.org/linus/47b2116e54b4a854600341487e8b55249e926324 (6.18-rc1)", "https://git.kernel.org/stable/c/201a66d8e6630762e760e1d78f1d149da1691e7b", "https://git.kernel.org/stable/c/2b1546f7c5fc6c44555a8e7a2b34229d1dcd2175", "https://git.kernel.org/stable/c/47b2116e54b4a854600341487e8b55249e926324", "https://git.kernel.org/stable/c/c4301e4dd6b32faccb744f1c2320e64235b68d3b", "https://git.kernel.org/stable/c/c5d116862dd3ed162d079738a5ebddf9fceea850", "https://git.kernel.org/stable/c/e348d18fb0124b662cfefb3001733b49da428215", "https://linux.oracle.com/cve/CVE-2025-40094.html", "https://linux.oracle.com/errata/ELSA-2025-28048.html", "https://lore.kernel.org/linux-cve-announce/2025103016-CVE-2025-40094-113d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40094", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40094" ], "PublishedDate": "2025-10-30T10:15:33.9Z", "LastModifiedDate": "2025-10-30T15:03:13.44Z" }, { "VulnerabilityID": "CVE-2025-40095", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40095", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6127c3d03696704f97784c53e51bc4b910f73da4ac0a63fa786fc4be74ba3d8f", "Title": "kernel: usb: gadget: f_rndis: Refactor bind path to use __free()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_rndis: Refactor bind path to use __free()\n\nAfter an bind/unbind cycle, the rndis-\u003enotify_req is left stale. If a\nsubsequent bind fails, the unified error label attempts to free this\nstale request, leading to a NULL pointer dereference when accessing\nep-\u003eops-\u003efree_request.\n\nRefactor the error handling in the bind path to use the __free()\nautomatic cleanup mechanism.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40095", "https://git.kernel.org/linus/08228941436047bdcd35a612c1aec0912a29d8cd (6.18-rc1)", "https://git.kernel.org/stable/c/08228941436047bdcd35a612c1aec0912a29d8cd", "https://git.kernel.org/stable/c/380353c3a92be7d928e6f973bd065c5b79755ac3", "https://git.kernel.org/stable/c/5f65c8ad8c7292ed7e3716343fcd590a51818cc3", "https://git.kernel.org/stable/c/a8366263b7e5b663d7fb489d3a9ba1e2600049a6", "https://git.kernel.org/stable/c/ef81226bb1f8b6e761cd0b53d2696e9c1bc955d1", "https://lore.kernel.org/linux-cve-announce/2025103016-CVE-2025-40095-fde5@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40095", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40095" ], "PublishedDate": "2025-10-30T10:15:33.993Z", "LastModifiedDate": "2025-10-30T15:03:13.44Z" }, { "VulnerabilityID": "CVE-2025-40097", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40097", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ab22d855bff74a6a4db239bb92fa13ab228dd94b294e010fa0cde6343aba92d5", "Title": "kernel: ALSA: hda: Fix missing pointer check in hda_component_manager_init function", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda: Fix missing pointer check in hda_component_manager_init function\n\nThe __component_match_add function may assign the 'matchptr' pointer\nthe value ERR_PTR(-ENOMEM), which will subsequently be dereferenced.\n\nThe call stack leading to the error looks like this:\n\nhda_component_manager_init\n|-\u003e component_match_add\n |-\u003e component_match_add_release\n |-\u003e __component_match_add ( ... ,**matchptr, ... )\n |-\u003e *matchptr = ERR_PTR(-ENOMEM); // assign\n|-\u003e component_master_add_with_match( ... match)\n |-\u003e component_match_realloc(match, match-\u003enum); // dereference\n\nAdd IS_ERR() check to prevent the crash.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40097", "https://git.kernel.org/linus/1cf11d80db5df805b538c942269e05a65bcaf5bc (6.18-rc2)", "https://git.kernel.org/stable/c/1cf11d80db5df805b538c942269e05a65bcaf5bc", "https://git.kernel.org/stable/c/218a8504e62fc2c8a1fd12523346b7a2b9bd2474", "https://git.kernel.org/stable/c/47d1b9ca923b55c3f407788f1f15b04957e0e027", "https://lore.kernel.org/linux-cve-announce/2025103016-CVE-2025-40097-7676@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40097", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://www.cve.org/CVERecord?id=CVE-2025-40097" ], "PublishedDate": "2025-10-30T10:15:34.173Z", "LastModifiedDate": "2025-11-24T10:16:01.61Z" }, { "VulnerabilityID": "CVE-2025-40099", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40099", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4c2e0760e68827f65462fafc3f90e43cc7a990092bd0f1756b5958083fa69040", "Title": "kernel: cifs: parse_dfs_referrals: prevent oob on malformed input", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: parse_dfs_referrals: prevent oob on malformed input\n\nMalicious SMB server can send invalid reply to FSCTL_DFS_GET_REFERRALS\n\n- reply smaller than sizeof(struct get_dfs_referral_rsp)\n- reply with number of referrals smaller than NumberOfReferrals in the\nheader\n\nProcessing of such replies will cause oob.\n\nReturn -EINVAL error on such replies to prevent oob-s.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40099", "https://git.kernel.org/linus/6447b0e355562a1ff748c4a2ffb89aae7e84d2c9 (6.18-rc2)", "https://git.kernel.org/stable/c/15c73964da9df994302f579ed14ee5fdbce7a332", "https://git.kernel.org/stable/c/6447b0e355562a1ff748c4a2ffb89aae7e84d2c9", "https://git.kernel.org/stable/c/8bc4a8d39bac23d8b044fd3e2dbfd965f1d9b058", "https://git.kernel.org/stable/c/bb0f2e66e1ac043a5b238f5bcab4f26f3c317039", "https://git.kernel.org/stable/c/cfacc7441f760e4a73cc71b6ff1635261d534657", "https://linux.oracle.com/cve/CVE-2025-40099.html", "https://linux.oracle.com/errata/ELSA-2025-28040.html", "https://lore.kernel.org/linux-cve-announce/2025103017-CVE-2025-40099-fdf0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40099", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40099" ], "PublishedDate": "2025-10-30T10:15:34.337Z", "LastModifiedDate": "2025-10-30T15:03:13.44Z" }, { "VulnerabilityID": "CVE-2025-40100", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40100", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3ae5c908ef57648bd2aa3b5cd4a564bcdde5f6dca8c7afdeff4cc2bf36c9cf71", "Title": "kernel: btrfs: do not assert we found block group item when creating free space tree", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not assert we found block group item when creating free space tree\n\nCurrently, when building a free space tree at populate_free_space_tree(),\nif we are not using the block group tree feature, we always expect to find\nblock group items (either extent items or a block group item with key type\nBTRFS_BLOCK_GROUP_ITEM_KEY) when we search the extent tree with\nbtrfs_search_slot_for_read(), so we assert that we found an item. However\nthis expectation is wrong since we can have a new block group created in\nthe current transaction which is still empty and for which we still have\nnot added the block group's item to the extent tree, in which case we do\nnot have any items in the extent tree associated to the block group.\n\nThe insertion of a new block group's block group item in the extent tree\nhappens at btrfs_create_pending_block_groups() when it calls the helper\ninsert_block_group_item(). This typically is done when a transaction\nhandle is released, committed or when running delayed refs (either as\npart of a transaction commit or when serving tickets for space reservation\nif we are low on free space).\n\nSo remove the assertion at populate_free_space_tree() even when the block\ngroup tree feature is not enabled and update the comment to mention this\ncase.\n\nSyzbot reported this with the following stack trace:\n\n BTRFS info (device loop3 state M): rebuilding free space tree\n assertion failed: ret == 0 :: 0, in fs/btrfs/free-space-tree.c:1115\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/free-space-tree.c:1115!\n Oops: invalid opcode: 0000 [#1] SMP KASAN PTI\n CPU: 1 UID: 0 PID: 6352 Comm: syz.3.25 Not tainted syzkaller #0 PREEMPT(full)\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025\n RIP: 0010:populate_free_space_tree+0x700/0x710 fs/btrfs/free-space-tree.c:1115\n Code: ff ff e8 d3 (...)\n RSP: 0018:ffffc9000430f780 EFLAGS: 00010246\n RAX: 0000000000000043 RBX: ffff88805b709630 RCX: fea61d0e2e79d000\n RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000\n RBP: ffffc9000430f8b0 R08: ffffc9000430f4a7 R09: 1ffff92000861e94\n R10: dffffc0000000000 R11: fffff52000861e95 R12: 0000000000000001\n R13: 1ffff92000861f00 R14: dffffc0000000000 R15: 0000000000000000\n FS: 00007f424d9fe6c0(0000) GS:ffff888125afc000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007fd78ad212c0 CR3: 0000000076d68000 CR4: 00000000003526f0\n Call Trace:\n \u003cTASK\u003e\n btrfs_rebuild_free_space_tree+0x1ba/0x6d0 fs/btrfs/free-space-tree.c:1364\n btrfs_start_pre_rw_mount+0x128f/0x1bf0 fs/btrfs/disk-io.c:3062\n btrfs_remount_rw fs/btrfs/super.c:1334 [inline]\n btrfs_reconfigure+0xaed/0x2160 fs/btrfs/super.c:1559\n reconfigure_super+0x227/0x890 fs/super.c:1076\n do_remount fs/namespace.c:3279 [inline]\n path_mount+0xd1a/0xfe0 fs/namespace.c:4027\n do_mount fs/namespace.c:4048 [inline]\n __do_sys_mount fs/namespace.c:4236 [inline]\n __se_sys_mount+0x313/0x410 fs/namespace.c:4213\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f424e39066a\n Code: d8 64 89 02 (...)\n RSP: 002b:00007f424d9fde68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5\n RAX: ffffffffffffffda RBX: 00007f424d9fdef0 RCX: 00007f424e39066a\n RDX: 0000200000000180 RSI: 0000200000000380 RDI: 0000000000000000\n RBP: 0000200000000180 R08: 00007f424d9fdef0 R09: 0000000000000020\n R10: 0000000000000020 R11: 0000000000000246 R12: 0000200000000380\n R13: 00007f424d9fdeb0 R14: 0000000000000000 R15: 00002000000002c0\n \u003c/TASK\u003e\n Modules linked in:\n ---[ end trace 0000000000000000 ]---", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40100", "https://git.kernel.org/linus/a5a51bf4e9b7354ce7cd697e610d72c1b33fd949 (6.18-rc2)", "https://git.kernel.org/stable/c/289498da343b05c886f19b4269429606f86dd17b", "https://git.kernel.org/stable/c/3fdcfd91b93f930d87843156c7c8cc5fbcf9b144", "https://git.kernel.org/stable/c/4f4b9ca73f84130d9fbb0fc02306ce94ce8bdbe6", "https://git.kernel.org/stable/c/a5a51bf4e9b7354ce7cd697e610d72c1b33fd949", "https://git.kernel.org/stable/c/eb145463f22d7d32d426b29fe9810de9e792b6ba", "https://linux.oracle.com/cve/CVE-2025-40100.html", "https://linux.oracle.com/errata/ELSA-2025-28040.html", "https://lore.kernel.org/linux-cve-announce/2025103017-CVE-2025-40100-73e5@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40100", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40100" ], "PublishedDate": "2025-10-30T10:15:34.423Z", "LastModifiedDate": "2025-10-30T15:03:13.44Z" }, { "VulnerabilityID": "CVE-2025-40102", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40102", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:dc197b74a8e73aee1df1142a4802b003630878fb7e5baa49bf6cc5bf8a8f25b5", "Title": "kernel: Linux kernel KVM: Denial of Service due to uninitialized vCPU event handling", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Prevent access to vCPU events before init\n\nAnother day, another syzkaller bug. KVM erroneously allows userspace to\npend vCPU events for a vCPU that hasn't been initialized yet, leading to\nKVM interpreting a bunch of uninitialized garbage for routing /\ninjecting the exception.\n\nIn one case the injection code and the hyp disagree on whether the vCPU\nhas a 32bit EL1 and put the vCPU into an illegal mode for AArch64,\ntripping the BUG() in exception_target_el() during the next injection:\n\n kernel BUG at arch/arm64/kvm/inject_fault.c:40!\n Internal error: Oops - BUG: 00000000f2000800 [#1] SMP\n CPU: 3 UID: 0 PID: 318 Comm: repro Not tainted 6.17.0-rc4-00104-g10fd0285305d #6 PREEMPT\n Hardware name: linux,dummy-virt (DT)\n pstate: 21402009 (nzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n pc : exception_target_el+0x88/0x8c\n lr : pend_serror_exception+0x18/0x13c\n sp : ffff800082f03a10\n x29: ffff800082f03a10 x28: ffff0000cb132280 x27: 0000000000000000\n x26: 0000000000000000 x25: ffff0000c2a99c20 x24: 0000000000000000\n x23: 0000000000008000 x22: 0000000000000002 x21: 0000000000000004\n x20: 0000000000008000 x19: ffff0000c2a99c20 x18: 0000000000000000\n x17: 0000000000000000 x16: 0000000000000000 x15: 00000000200000c0\n x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\n x8 : ffff800082f03af8 x7 : 0000000000000000 x6 : 0000000000000000\n x5 : ffff800080f621f0 x4 : 0000000000000000 x3 : 0000000000000000\n x2 : 000000000040009b x1 : 0000000000000003 x0 : ffff0000c2a99c20\n Call trace:\n exception_target_el+0x88/0x8c (P)\n kvm_inject_serror_esr+0x40/0x3b4\n __kvm_arm_vcpu_set_events+0xf0/0x100\n kvm_arch_vcpu_ioctl+0x180/0x9d4\n kvm_vcpu_ioctl+0x60c/0x9f4\n __arm64_sys_ioctl+0xac/0x104\n invoke_syscall+0x48/0x110\n el0_svc_common.constprop.0+0x40/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x34/0xf0\n el0t_64_sync_handler+0xa0/0xe4\n el0t_64_sync+0x198/0x19c\n Code: f946bc01 b4fffe61 9101e020 17fffff2 (d4210000)\n\nReject the ioctls outright as no sane VMM would call these before\nKVM_ARM_VCPU_INIT anyway. Even if it did the exception would've been\nthrown away by the eventual reset of the vCPU's state.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40102", "https://git.kernel.org/linus/0aa1b76fe1429629215a7c79820e4b96233ac4a3 (6.18-rc2)", "https://git.kernel.org/stable/c/0aa1b76fe1429629215a7c79820e4b96233ac4a3", "https://git.kernel.org/stable/c/64a04e6320fc5affbadc59dc7024d79f909bfe84", "https://lore.kernel.org/linux-cve-announce/2025103017-CVE-2025-40102-c7d2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40102", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://www.cve.org/CVERecord?id=CVE-2025-40102" ], "PublishedDate": "2025-10-30T10:15:34.603Z", "LastModifiedDate": "2025-10-30T15:03:13.44Z" }, { "VulnerabilityID": "CVE-2025-40103", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40103", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:267990fbaceb9434a80e3e231ddccb29d6a6204b4dd8058ba6a46fefd2c35d9b", "Title": "kernel: smb: client: Fix refcount leak for cifs_sb_tlink", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: Fix refcount leak for cifs_sb_tlink\n\nFix three refcount inconsistency issues related to `cifs_sb_tlink`.\n\nComments for `cifs_sb_tlink` state that `cifs_put_tlink()` needs to be\ncalled after successful calls to `cifs_sb_tlink()`. Three calls fail to\nupdate refcount accordingly, leading to possible resource leaks.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 3, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40103", "https://git.kernel.org/linus/c2b77f42205ef485a647f62082c442c1cd69d3fc (6.18-rc2)", "https://git.kernel.org/stable/c/790282abe9d805f08618c1c24ea2529e7259b692", "https://git.kernel.org/stable/c/896bb31e1416f582503db1350cf1bd10dc64e5a6", "https://git.kernel.org/stable/c/c2b77f42205ef485a647f62082c442c1cd69d3fc", "https://git.kernel.org/stable/c/d7dd034c14928306db1b46be277ae439b84dacf9", "https://git.kernel.org/stable/c/e15605b68b490186da2ad8029c0351a9cfb0b9af", "https://linux.oracle.com/cve/CVE-2025-40103.html", "https://linux.oracle.com/errata/ELSA-2025-28040.html", "https://lore.kernel.org/linux-cve-announce/2025103018-CVE-2025-40103-e5ae@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40103", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40103" ], "PublishedDate": "2025-10-30T10:15:34.693Z", "LastModifiedDate": "2025-10-30T15:03:13.44Z" }, { "VulnerabilityID": "CVE-2025-40104", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40104", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0fb1b3d9dedc9149be36a23dc0d872a4a194f5ea03694d34733ec1b3552770ea", "Title": "kernel: ixgbevf: fix mailbox API compatibility by negotiating supported features", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nixgbevf: fix mailbox API compatibility by negotiating supported features\n\nThere was backward compatibility in the terms of mailbox API. Various\ndrivers from various OSes supporting 10G adapters from Intel portfolio\ncould easily negotiate mailbox API.\n\nThis convention has been broken since introducing API 1.4.\nCommit 0062e7cc955e (\"ixgbevf: add VF IPsec offload code\") added support\nfor IPSec which is specific only for the kernel ixgbe driver. None of the\nrest of the Intel 10G PF/VF drivers supports it. And actually lack of\nsupport was not included in the IPSec implementation - there were no such\ncode paths. No possibility to negotiate support for the feature was\nintroduced along with introduction of the feature itself.\n\nCommit 339f28964147 (\"ixgbevf: Add support for new mailbox communication\nbetween PF and VF\") increasing API version to 1.5 did the same - it\nintroduced code supported specifically by the PF ESX driver. It altered API\nversion for the VF driver in the same time not touching the version\ndefined for the PF ixgbe driver. It led to additional discrepancies,\nas the code provided within API 1.6 cannot be supported for Linux ixgbe\ndriver as it causes crashes.\n\nThe issue was noticed some time ago and mitigated by Jake within the commit\nd0725312adf5 (\"ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5\").\nAs a result we have regression for IPsec support and after increasing API\nto version 1.6 ixgbevf driver stopped to support ESX MBX.\n\nTo fix this mess add new mailbox op asking PF driver about supported\nfeatures. Basing on a response determine whether to set support for IPSec\nand ESX-specific enhanced mailbox.\n\nNew mailbox op, for compatibility purposes, must be added within new API\nrevision, as API version of OOT PF \u0026 VF drivers is already increased to\n1.6 and doesn't incorporate features negotiate op.\n\nFeatures negotiation mechanism gives possibility to be extended with new\nfeatures when needed in the future.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40104", "https://git.kernel.org/linus/a7075f501bd33c93570af759b6f4302ef0175168 (6.18-rc2)", "https://git.kernel.org/stable/c/2e0aab9ddaf1428602c78f12064cd1e6ffcc4d18", "https://git.kernel.org/stable/c/871ac1cd4ce4804defcb428cbb003fd84c415ff4", "https://git.kernel.org/stable/c/a376e29b1b196dc90b50df7e5e3947e3026300c4", "https://git.kernel.org/stable/c/a7075f501bd33c93570af759b6f4302ef0175168", "https://git.kernel.org/stable/c/bf580112ed61736c2645a893413a04732505d4b1", "https://linux.oracle.com/cve/CVE-2025-40104.html", "https://linux.oracle.com/errata/ELSA-2025-28040.html", "https://lore.kernel.org/linux-cve-announce/2025103018-CVE-2025-40104-d5a7@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40104", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40104" ], "PublishedDate": "2025-10-30T10:15:34.783Z", "LastModifiedDate": "2025-10-30T15:03:13.44Z" }, { "VulnerabilityID": "CVE-2025-40105", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40105", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a4a89496dcc55c831bb01ce4c1e1b530d404dcf8c7122efa760d88352bf6c8df", "Title": "kernel: vfs: Don't leak disconnected dentries on umount", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfs: Don't leak disconnected dentries on umount\n\nWhen user calls open_by_handle_at() on some inode that is not cached, we\nwill create disconnected dentry for it. If such dentry is a directory,\nexportfs_decode_fh_raw() will then try to connect this dentry to the\ndentry tree through reconnect_path(). It may happen for various reasons\n(such as corrupted fs or race with rename) that the call to\nlookup_one_unlocked() in reconnect_one() will fail to find the dentry we\nare trying to reconnect and instead create a new dentry under the\nparent. Now this dentry will not be marked as disconnected although the\nparent still may well be disconnected (at least in case this\ninconsistency happened because the fs is corrupted and .. doesn't point\nto the real parent directory). This creates inconsistency in\ndisconnected flags but AFAICS it was mostly harmless. At least until\ncommit f1ee616214cb (\"VFS: don't keep disconnected dentries on d_anon\")\nwhich removed adding of most disconnected dentries to sb-\u003es_anon list.\nThus after this commit cleanup of disconnected dentries implicitely\nrelies on the fact that dput() will immediately reclaim such dentries.\nHowever when some leaf dentry isn't marked as disconnected, as in the\nscenario described above, the reclaim doesn't happen and the dentries\nare \"leaked\". Memory reclaim can eventually reclaim them but otherwise\nthey stay in memory and if umount comes first, we hit infamous \"Busy\ninodes after unmount\" bug. Make sure all dentries created under a\ndisconnected parent are marked as disconnected as well.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 3, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40105", "https://git.kernel.org/linus/56094ad3eaa21e6621396cc33811d8f72847a834 (6.18-rc2)", "https://git.kernel.org/stable/c/20863bb7fbb016379f8227122edfabc5c799bc79", "https://git.kernel.org/stable/c/56094ad3eaa21e6621396cc33811d8f72847a834", "https://git.kernel.org/stable/c/620f3b0ede9c5cb4976cd0457d0b04ad551e5d6b", "https://git.kernel.org/stable/c/7e0c8aaf4e28918abded547a5147c7d52c4af7d2", "https://git.kernel.org/stable/c/8004d4b8cbf1bd68a23c160d57287e177c82cc69", "https://git.kernel.org/stable/c/b5abafd0aa8d7bcb935c8f91e4cfc2f2820759e4", "https://git.kernel.org/stable/c/cebfbf40056a4d858b2a3ca59a69936d599bd209", "https://git.kernel.org/stable/c/eadc49999fa994d6fbd70c332bd5d5051cc42261", "https://linux.oracle.com/cve/CVE-2025-40105.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025103018-CVE-2025-40105-a635@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40105", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40105" ], "PublishedDate": "2025-10-30T10:15:34.88Z", "LastModifiedDate": "2025-10-30T15:03:13.44Z" }, { "VulnerabilityID": "CVE-2025-40106", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40106", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2bbd482b98bf51ff7318287133335cc10293db62668f1333a755ca324e7a07f8", "Title": "kernel: comedi: fix divide-by-zero in comedi_buf_munge()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: fix divide-by-zero in comedi_buf_munge()\n\nThe comedi_buf_munge() function performs a modulo operation\n`async-\u003emunge_chan %= async-\u003ecmd.chanlist_len` without first\nchecking if chanlist_len is zero. If a user program submits a command with\nchanlist_len set to zero, this causes a divide-by-zero error when the device\nprocesses data in the interrupt handler path.\n\nAdd a check for zero chanlist_len at the beginning of the\nfunction, similar to the existing checks for !map and\nCMDF_RAWDATA flag. When chanlist_len is zero, update\nmunge_count and return early, indicating the data was\nhandled without munging.\n\nThis prevents potential kernel panics from malformed user commands.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40106", "https://git.kernel.org/linus/87b318ba81dda2ee7b603f4f6c55e78ec3e95974 (6.18-rc3)", "https://git.kernel.org/stable/c/2670932f2465793fea1ef073e40883e8390fa4d9", "https://git.kernel.org/stable/c/4ffea48c69cb2b96a281cb7e5e42d706996631db", "https://git.kernel.org/stable/c/55520f65fd447e04099a2c44185453c18ea73b7e", "https://git.kernel.org/stable/c/6db19822512396be1a3e1e20c16c97270285ba1a", "https://git.kernel.org/stable/c/87b318ba81dda2ee7b603f4f6c55e78ec3e95974", "https://git.kernel.org/stable/c/8f3e4cd9be4b47246ea73ce5e3e0fa2f57f0d10c", "https://git.kernel.org/stable/c/a4bb5d1bc2f238461bcbe5303eb500466690bb2c", "https://git.kernel.org/stable/c/d4854eff25efb06d0d84c13e7129bbdba4125f8c", "https://lore.kernel.org/linux-cve-announce/2025103155-CVE-2025-40106-ed47@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40106", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40106" ], "PublishedDate": "2025-10-31T10:15:50.52Z", "LastModifiedDate": "2025-11-04T15:41:31.45Z" }, { "VulnerabilityID": "CVE-2025-40107", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40107", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e98649b7d99a777036bc967899ebab2c704405c03f0810311fe9e623b7720777", "Title": "kernel: can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled\n\nThis issue is similar to the vulnerability in the `mcp251x` driver,\nwhich was fixed in commit 03c427147b2d (\"can: mcp251x: fix resume from\nsleep before interface was brought up\").\n\nIn the `hi311x` driver, when the device resumes from sleep, the driver\nschedules `priv-\u003erestart_work`. However, if the network interface was\nnot previously enabled, the `priv-\u003ewq` (workqueue) is not allocated and\ninitialized, leading to a null pointer dereference.\n\nTo fix this, we move the allocation and initialization of the workqueue\nfrom the `hi3110_open` function to the `hi3110_can_probe` function.\nThis ensures that the workqueue is properly initialized before it is\nused during device resume. And added logic to destroy the workqueue\nin the error handling paths of `hi3110_can_probe` and in the\n`hi3110_can_remove` function to prevent resource leaks.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "photon": 3, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40107", "https://git.kernel.org/linus/6b696808472197b77b888f50bc789a3bae077743 (6.17)", "https://git.kernel.org/stable/c/1d2ef21f02baff0c109ad78b9e835fb4acb14533", "https://git.kernel.org/stable/c/6b696808472197b77b888f50bc789a3bae077743", "https://git.kernel.org/stable/c/d1fc4c041459e2d4856c1b2501486ba4f0cbf96b", "https://git.kernel.org/stable/c/e93af787187e585933570563c643337fa731584a", "https://git.kernel.org/stable/c/fd00cf38fd437c979f0e5905e3ebdfc3f55a4b96", "https://lore.kernel.org/linux-cve-announce/2025110316-CVE-2025-40107-5bac@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40107", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40107" ], "PublishedDate": "2025-11-03T13:15:36.477Z", "LastModifiedDate": "2025-11-04T15:41:31.45Z" }, { "VulnerabilityID": "CVE-2025-40109", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40109", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:cefbaf6d20766d3302c60fe911929e20e8c834fd233f9181f7045293a8f3ec5f", "Title": "kernel: Linux kernel: Denial of Service in crypto random number generator due to missing set_ent", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: rng - Ensure set_ent is always present\n\nEnsure that set_ent is always set since only drbg provides it.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40109", "https://git.kernel.org/linus/c0d36727bf39bb16ef0a67ed608e279535ebf0da (6.18-rc1)", "https://git.kernel.org/stable/c/15d6f42da1bb527629d8e1067b1302d58dec9166", "https://git.kernel.org/stable/c/17acbcd44fe8dc17dc1072375e76df2d52da6ac8", "https://git.kernel.org/stable/c/915cb75983bc5e8b80f8a2f25a4af463f7b18c14", "https://git.kernel.org/stable/c/ab172f4f42626549b02bada05f09e3f2b0cc26ec", "https://git.kernel.org/stable/c/bd903c25b652c331831226cdf56c8179d18e43f4", "https://git.kernel.org/stable/c/c0d36727bf39bb16ef0a67ed608e279535ebf0da", "https://git.kernel.org/stable/c/c5c703b50e91dd4748769f4c5ab50d9ad60be370", "https://git.kernel.org/stable/c/e247a7d138e514a40edda7c4d72c8bd49bb2cad3", "https://linux.oracle.com/cve/CVE-2025-40109.html", "https://linux.oracle.com/errata/ELSA-2025-28048.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-40109", "https://ubuntu.com/security/notices/USN-7906-1", "https://ubuntu.com/security/notices/USN-7906-2", "https://ubuntu.com/security/notices/USN-7906-3", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40109" ], "PublishedDate": "2025-11-09T05:15:46.913Z", "LastModifiedDate": "2025-11-12T16:19:59.103Z" }, { "VulnerabilityID": "CVE-2025-40110", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40110", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4231b889b70e6112f6138eb6ef88b7a42e62325340bfa046dadf4ccd3ec3afdc", "Title": "kernel: drm/vmwgfx: Fix a null-ptr access in the cursor snooper", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Fix a null-ptr access in the cursor snooper\n\nCheck that the resource which is converted to a surface exists before\ntrying to use the cursor snooper on it.\n\nvmw_cmd_res_check allows explicit invalid (SVGA3D_INVALID_ID) identifiers\nbecause some svga commands accept SVGA3D_INVALID_ID to mean \"no surface\",\nunfortunately functions that accept the actual surfaces as objects might\n(and in case of the cursor snooper, do not) be able to handle null\nobjects. Make sure that we validate not only the identifier (via the\nvmw_cmd_res_check) but also check that the actual resource exists before\ntrying to do something with it.\n\nFixes unchecked null-ptr reference in the snooping code.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40110", "https://git.kernel.org/linus/5ac2c0279053a2c5265d46903432fb26ae2d0da2 (6.18-rc1)", "https://git.kernel.org/stable/c/13c9e4ed125e19484234c960efe5ac9c55119523", "https://git.kernel.org/stable/c/299cfb5a7deabdf9ecd30071755672af0aced5eb", "https://git.kernel.org/stable/c/3332212e93d0f6e24f8fe79f975e077c4e68ca39", "https://git.kernel.org/stable/c/5ac2c0279053a2c5265d46903432fb26ae2d0da2", "https://git.kernel.org/stable/c/86aae7053d2da3fdfde7b2e84d86e4af50490505", "https://git.kernel.org/stable/c/af9d88cbf0fce52f465978360542ef679713491f", "https://git.kernel.org/stable/c/b6fca0a07989f361ceda27cb2d09c555d4d4a964", "https://linux.oracle.com/cve/CVE-2025-40110.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2025111227-CVE-2025-40110-5ca4@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40110", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40110" ], "PublishedDate": "2025-11-12T02:15:32.9Z", "LastModifiedDate": "2026-01-19T13:16:08.643Z" }, { "VulnerabilityID": "CVE-2025-40111", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40111", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:cf4eaab26d6f66191d12d4af2cf5606053adde717ce257a70343b95882afe1a5", "Title": "kernel: drm/vmwgfx: Fix Use-after-free in validation", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Fix Use-after-free in validation\n\nNodes stored in the validation duplicates hashtable come from an arena\nallocator that is cleared at the end of vmw_execbuf_process. All nodes\nare expected to be cleared in vmw_validation_drop_ht but this node escaped\nbecause its resource was destroyed prematurely.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40111", "https://git.kernel.org/linus/dfe1323ab3c8a4dd5625ebfdba44dc47df84512a (6.18-rc1)", "https://git.kernel.org/stable/c/1822e5287b7dfa59d0af966756ebf1dc652b60ee", "https://git.kernel.org/stable/c/4c918f9d1ccccc0e092f43dcb2d8266f54d7340b", "https://git.kernel.org/stable/c/655a2f29bfc21105c80bf8a7d7aafa6eca8b4496", "https://git.kernel.org/stable/c/65608e991c2d771c13404e5c7ae122ac3c3357a4", "https://git.kernel.org/stable/c/867bda5d95d36f10da398fd4409e21c7002b2332", "https://git.kernel.org/stable/c/9a8eaca539708ca532747f606d231f70e684e8ca", "https://git.kernel.org/stable/c/dfe1323ab3c8a4dd5625ebfdba44dc47df84512a", "https://git.kernel.org/stable/c/fb7165e5f3b3b10721ff70553583ad12e90e447a", "https://linux.oracle.com/cve/CVE-2025-40111.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025111229-CVE-2025-40111-23d1@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40111", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40111" ], "PublishedDate": "2025-11-12T02:15:33.05Z", "LastModifiedDate": "2025-11-12T16:19:12.85Z" }, { "VulnerabilityID": "CVE-2025-40112", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40112", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a87a56f8b5afa054d2ca42270fad2236652376b96e24ba1b5f781515a14ca467", "Title": "In the Linux kernel, the following vulnerability has been resolved: s ...", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsparc: fix accurate exception reporting in copy_{from_to}_user for Niagara\n\nThe referenced commit introduced exception handlers on user-space memory\nreferences in copy_from_user and copy_to_user. These handlers return from\nthe respective function and calculate the remaining bytes left to copy\nusing the current register contents. This commit fixes a couple of bad\ncalculations and a broken epilogue in the exception handlers. This will\nprevent crashes and ensure correct return values of copy_from_user and\ncopy_to_user in the faulting case. The behaviour of memcpy stays unchanged.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 2, "ubuntu": 2 }, "References": [ "https://git.kernel.org/linus/0b67c8fc10b13a9090340c5f8a37d308f4e1571c (6.18-rc1)", "https://git.kernel.org/stable/c/05440320ea3e249d5f984918f2bf51210c1a7c03", "https://git.kernel.org/stable/c/088c5098ec6d6b0396edfbf3dad3e81de8469c1c", "https://git.kernel.org/stable/c/0b67c8fc10b13a9090340c5f8a37d308f4e1571c", "https://git.kernel.org/stable/c/37547d8e6eba87507279ee3dfddfd9dc46335454", "https://git.kernel.org/stable/c/7823fc4d8ab5e57f8db7806ff2530c03c166c4bb", "https://git.kernel.org/stable/c/8cdeb5e482d3fdce7e825444b6ca3865e24c0228", "https://git.kernel.org/stable/c/a365ee556e45f780ee322b349a06efdad0c1458f", "https://git.kernel.org/stable/c/a90ce516a73dbe087f9bf3dbf311301a58d125c6", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40112" ], "PublishedDate": "2025-11-12T11:15:40.46Z", "LastModifiedDate": "2025-11-12T16:19:12.85Z" }, { "VulnerabilityID": "CVE-2025-40115", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40115", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:61fbc4dbcb1c0286b687bcb9f5045e6a329998a434879b2457abf8e7ab5a2ab3", "Title": "kernel: scsi: mpt3sas: Fix crash in transport port remove by using ioc_info()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpt3sas: Fix crash in transport port remove by using ioc_info()\n\nDuring mpt3sas_transport_port_remove(), messages were logged with\ndev_printk() against \u0026mpt3sas_port-\u003eport-\u003edev. At this point the SAS\ntransport device may already be partially unregistered or freed, leading\nto a crash when accessing its struct device.\n\nUsing ioc_info(), which logs via the PCI device (ioc-\u003epdev-\u003edev),\nguaranteed to remain valid until driver removal.\n\n[83428.295776] Oops: general protection fault, probably for non-canonical address 0x6f702f323a33312d: 0000 [#1] SMP NOPTI\n[83428.295785] CPU: 145 UID: 0 PID: 113296 Comm: rmmod Kdump: loaded Tainted: G OE 6.16.0-rc1+ #1 PREEMPT(voluntary)\n[83428.295792] Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n[83428.295795] Hardware name: Dell Inc. Precision 7875 Tower/, BIOS 89.1.67 02/23/2024\n[83428.295799] RIP: 0010:__dev_printk+0x1f/0x70\n[83428.295805] Code: 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 49 89 d1 48 85 f6 74 52 4c 8b 46 50 4d 85 c0 74 1f 48 8b 46 68 48 85 c0 74 22 \u003c48\u003e 8b 08 0f b6 7f 01 48 c7 c2 db e8 42 ad 83 ef 30 e9 7b f8 ff ff\n[83428.295813] RSP: 0018:ff85aeafc3137bb0 EFLAGS: 00010206\n[83428.295817] RAX: 6f702f323a33312d RBX: ff4290ee81292860 RCX: 5000cca25103be32\n[83428.295820] RDX: ff85aeafc3137bb8 RSI: ff4290eeb1966c00 RDI: ffffffffc1560845\n[83428.295823] RBP: ff85aeafc3137c18 R08: 74726f702f303a33 R09: ff85aeafc3137bb8\n[83428.295826] R10: ff85aeafc3137b18 R11: ff4290f5bd60fe68 R12: ff4290ee81290000\n[83428.295830] R13: ff4290ee6e345de0 R14: ff4290ee81290000 R15: ff4290ee6e345e30\n[83428.295833] FS: 00007fd9472a6740(0000) GS:ff4290f5ce96b000(0000) knlGS:0000000000000000\n[83428.295837] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[83428.295840] CR2: 00007f242b4db238 CR3: 00000002372b8006 CR4: 0000000000771ef0\n[83428.295844] PKRU: 55555554\n[83428.295846] Call Trace:\n[83428.295848] \u003cTASK\u003e\n[83428.295850] _dev_printk+0x5c/0x80\n[83428.295857] ? srso_alias_return_thunk+0x5/0xfbef5\n[83428.295863] mpt3sas_transport_port_remove+0x1c7/0x420 [mpt3sas]\n[83428.295882] _scsih_remove_device+0x21b/0x280 [mpt3sas]\n[83428.295894] ? _scsih_expander_node_remove+0x108/0x140 [mpt3sas]\n[83428.295906] ? srso_alias_return_thunk+0x5/0xfbef5\n[83428.295910] mpt3sas_device_remove_by_sas_address.part.0+0x8f/0x110 [mpt3sas]\n[83428.295921] _scsih_expander_node_remove+0x129/0x140 [mpt3sas]\n[83428.295933] _scsih_expander_node_remove+0x6a/0x140 [mpt3sas]\n[83428.295944] scsih_remove+0x3f0/0x4a0 [mpt3sas]\n[83428.295957] pci_device_remove+0x3b/0xb0\n[83428.295962] device_release_driver_internal+0x193/0x200\n[83428.295968] driver_detach+0x44/0x90\n[83428.295971] bus_remove_driver+0x69/0xf0\n[83428.295975] pci_unregister_driver+0x2a/0xb0\n[83428.295979] _mpt3sas_exit+0x1f/0x300 [mpt3sas]\n[83428.295991] __do_sys_delete_module.constprop.0+0x174/0x310\n[83428.295997] ? srso_alias_return_thunk+0x5/0xfbef5\n[83428.296000] ? __x64_sys_getdents64+0x9a/0x110\n[83428.296005] ? srso_alias_return_thunk+0x5/0xfbef5\n[83428.296009] ? syscall_trace_enter+0xf6/0x1b0\n[83428.296014] do_syscall_64+0x7b/0x2c0\n[83428.296019] ? srso_alias_return_thunk+0x5/0xfbef5\n[83428.296023] entry_SYSCALL_64_after_hwframe+0x76/0x7e", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40115", "https://git.kernel.org/linus/1703fe4f8ae50d1fb6449854e1fcaed1053e3a14 (6.18-rc1)", "https://git.kernel.org/stable/c/1703fe4f8ae50d1fb6449854e1fcaed1053e3a14", "https://git.kernel.org/stable/c/1fd39e14d47d9b4965dd5c9cff16e64ba3e71a62", "https://git.kernel.org/stable/c/4e1442bae50ed633c2fe8058f47cd79b4ad88b9b", "https://git.kernel.org/stable/c/6459dba4f35017448535a799cf699d5205eb5489", "https://git.kernel.org/stable/c/970ceb1bdc3d6c2af9245d6eca38606e74fcb6b8", "https://git.kernel.org/stable/c/a89253eb4e648deace48a4e38996afd182eb95e3", "https://git.kernel.org/stable/c/b3a6d153861d0f29b80882470d14aafb8d687dc2", "https://git.kernel.org/stable/c/fa153fb40c61f8ca01237427c97a0b93ba32c403", "https://linux.oracle.com/cve/CVE-2025-40115.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025111251-CVE-2025-40115-6218@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40115", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40115" ], "PublishedDate": "2025-11-12T11:15:40.747Z", "LastModifiedDate": "2025-11-12T16:19:12.85Z" }, { "VulnerabilityID": "CVE-2025-40116", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40116", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:bff99a809857c99f1bbd65f3fa5cd9c2e7453f024b2d52147378958e7ec4e77d", "Title": "kernel: usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: host: max3421-hcd: Fix error pointer dereference in probe cleanup\n\nThe kthread_run() function returns error pointers so the\nmax3421_hcd-\u003espi_thread pointer can be either error pointers or NULL.\nCheck for both before dereferencing it.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40116", "https://git.kernel.org/linus/186e8f2bdba551f3ae23396caccd452d985c23e3 (6.18-rc1)", "https://git.kernel.org/stable/c/186e8f2bdba551f3ae23396caccd452d985c23e3", "https://git.kernel.org/stable/c/3723c3dda1cc82c9bbca08fcbd46705a361bfd56", "https://git.kernel.org/stable/c/3facf69a735e730ae36387f18780fe420708aa91", "https://git.kernel.org/stable/c/89838fe5c6c010ff8d3924f22afd9c18c5c95310", "https://git.kernel.org/stable/c/b0439e3762ac9ea580f714e1504a1827d1ad32f5", "https://git.kernel.org/stable/c/b682ce44bf20ada752a2f6ce70d5a575c56f6a35", "https://git.kernel.org/stable/c/e0e0ce06f3571be9b26790e4df56ba37b1de8543", "https://git.kernel.org/stable/c/e68ea6de1d0551f90d7a2c75f82cb3ebe5e397dc", "https://lore.kernel.org/linux-cve-announce/2025111251-CVE-2025-40116-3942@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40116", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40116" ], "PublishedDate": "2025-11-12T11:15:40.877Z", "LastModifiedDate": "2025-11-12T16:19:12.85Z" }, { "VulnerabilityID": "CVE-2025-40118", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40118", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:dcdbc66f0d0d53b2bd6248dd110fa41487c20fdb09bc757d1e1985c829c27ebc", "Title": "kernel: scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod\n\nSince commit f7b705c238d1 (\"scsi: pm80xx: Set phy_attached to zero when\ndevice is gone\") UBSAN reports:\n\n UBSAN: array-index-out-of-bounds in drivers/scsi/pm8001/pm8001_sas.c:786:17\n index 28 is out of range for type 'pm8001_phy [16]'\n\non rmmod when using an expander.\n\nFor a direct attached device, attached_phy contains the local phy id.\nFor a device behind an expander, attached_phy contains the remote phy\nid, not the local phy id.\n\nI.e. while pm8001_ha will have pm8001_ha-\u003echip-\u003en_phy local phys, for a\ndevice behind an expander, attached_phy can be much larger than\npm8001_ha-\u003echip-\u003en_phy (depending on the amount of phys of the\nexpander).\n\nE.g. on my system pm8001_ha has 8 phys with phy ids 0-7. One of the\nports has an expander connected. The expander has 31 phys with phy ids\n0-30.\n\nThe pm8001_ha-\u003ephy array only contains the phys of the HBA. It does not\ncontain the phys of the expander. Thus, it is wrong to use attached_phy\nto index the pm8001_ha-\u003ephy array for a device behind an expander.\n\nThus, we can only clear phy_attached for devices that are directly\nattached.", "Severity": "MEDIUM", "VendorSeverity": { "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40118", "https://git.kernel.org/linus/251be2f6037fb7ab399f68cd7428ff274133d693 (6.18-rc1)", "https://git.kernel.org/stable/c/251be2f6037fb7ab399f68cd7428ff274133d693", "https://git.kernel.org/stable/c/45acbf154befedd9bc135f5e031fe7855d1e6493", "https://git.kernel.org/stable/c/83ced3c206c292458e47c7fac54223abc7141585", "https://git.kernel.org/stable/c/9326a1541e1b7ed3efdbab72061b82cf01c6477a", "https://git.kernel.org/stable/c/9c671d4dbfbfb0d73cfdfb706afb36d9ad60a582", "https://git.kernel.org/stable/c/d94be0a6ae9ade706d4270e740bdb4f79953a7fc", "https://git.kernel.org/stable/c/e62251954a128a2d0fcbc19e5fa39e08935bb628", "https://git.kernel.org/stable/c/eef5ef400893f8e3dbb09342583be0cdc716d566", "https://linux.oracle.com/cve/CVE-2025-40118.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025111252-CVE-2025-40118-19e2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40118", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40118" ], "PublishedDate": "2025-11-12T11:15:41.117Z", "LastModifiedDate": "2025-11-12T16:19:12.85Z" }, { "VulnerabilityID": "CVE-2025-40120", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40120", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:75ba87213dcb3bb82f7a0941bb7dc3872c0f24367ac408bfdbf3f5c9cb6132c6", "Title": "kernel: net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock\n\nPrevent USB runtime PM (autosuspend) for AX88772* in bind.\n\nusbnet enables runtime PM (autosuspend) by default, so disabling it via\nthe usb_driver flag is ineffective. On AX88772B, autosuspend shows no\nmeasurable power saving with current driver (no link partner, admin\nup/down). The ~0.453 W -\u003e ~0.248 W drop on v6.1 comes from phylib powering\nthe PHY off on admin-down, not from USB autosuspend.\n\nThe real hazard is that with runtime PM enabled, ndo_open() (under RTNL)\nmay synchronously trigger autoresume (usb_autopm_get_interface()) into\nasix_resume() while the USB PM lock is held. Resume paths then invoke\nphylink/phylib and MDIO, which also expect RTNL, leading to possible\ndeadlocks or PM lock vs MDIO wake issues.\n\nTo avoid this, keep the device runtime-PM active by taking a usage\nreference in ax88772_bind() and dropping it in unbind(). A non-zero PM\nusage count blocks runtime suspend regardless of userspace policy\n(.../power/control - pm_runtime_allow/forbid), making this approach\nrobust against sysfs overrides.\n\nHolding a runtime-PM usage ref does not affect system-wide suspend;\nsystem sleep/resume callbacks continue to run as before.", "Severity": "MEDIUM", "VendorSeverity": { "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40120", "https://git.kernel.org/linus/3d3c4cd5c62f24bb3cb4511b7a95df707635e00a (6.18-rc1)", "https://git.kernel.org/stable/c/1534517300e12f2930b6ff477b8820ff658afd11", "https://git.kernel.org/stable/c/3d3c4cd5c62f24bb3cb4511b7a95df707635e00a", "https://git.kernel.org/stable/c/3e96cd27ff1a004d84908c1b6cc68ac60913874e", "https://git.kernel.org/stable/c/71a0ba7fdaf8d035426912a4ed7bf1738a81010c", "https://git.kernel.org/stable/c/724a9db84188f80ef60b1f21cc7b4e9c84e0cb64", "https://git.kernel.org/stable/c/9d8bcaf6fae1bd82bc27ec09a2694497e6f6c4b4", "https://linux.oracle.com/cve/CVE-2025-40120.html", "https://linux.oracle.com/errata/ELSA-2025-28048.html", "https://lore.kernel.org/linux-cve-announce/2025111252-CVE-2025-40120-8b68@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40120", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40120" ], "PublishedDate": "2025-11-12T11:15:41.43Z", "LastModifiedDate": "2025-11-12T16:19:12.85Z" }, { "VulnerabilityID": "CVE-2025-40121", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40121", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a0e7fc6625787d090a396449da78b183aafce6092f3ff0ff71a83b391e733e49", "Title": "kernel: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping\n\nWhen an invalid value is passed via quirk option, currently\nbytcr_rt5640 driver just ignores and leaves as is, which may lead to\nunepxected results like OOB access.\n\nThis patch adds the sanity check and corrects the input mapping to the\ncertain default value if an invalid value is passed.", "Severity": "MEDIUM", "VendorSeverity": { "oracle-oval": 3, "photon": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40121", "https://git.kernel.org/linus/4336efb59ef364e691ef829a73d9dbd4d5ed7c7b (6.18-rc1)", "https://git.kernel.org/stable/c/2204e582b4eea872e1e7a5c90edcb84b928c68b0", "https://git.kernel.org/stable/c/4336efb59ef364e691ef829a73d9dbd4d5ed7c7b", "https://git.kernel.org/stable/c/64a36a7032082b4c330ce081acb6efb99246020e", "https://git.kernel.org/stable/c/95e29db33b5f73218ae08ebb48c61c9a8d28e2ff", "https://git.kernel.org/stable/c/bff827b0d507e52b23efab9f67c232a4f037ab2c", "https://git.kernel.org/stable/c/c60f269c123210a6846d6d1367de0eaa402c10b0", "https://git.kernel.org/stable/c/f197894de2f4ef46c7d53827d9df294b75c35e13", "https://git.kernel.org/stable/c/fdf99978a6480e14405212472b6c747e0fa43bed", "https://linux.oracle.com/cve/CVE-2025-40121.html", "https://linux.oracle.com/errata/ELSA-2025-28048.html", "https://lore.kernel.org/linux-cve-announce/2025111252-CVE-2025-40121-c2ef@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40121", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40121" ], "PublishedDate": "2025-11-12T11:15:41.553Z", "LastModifiedDate": "2025-11-12T16:19:12.85Z" }, { "VulnerabilityID": "CVE-2025-40123", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40123", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:71dd79896567b6fef4286529d49a25061d89e2c9c0645b869b380085345ac823", "Title": "kernel: bpf: Enforce expected_attach_type for tailcall compatibility", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Enforce expected_attach_type for tailcall compatibility\n\nYinhao et al. recently reported:\n\n Our fuzzer tool discovered an uninitialized pointer issue in the\n bpf_prog_test_run_xdp() function within the Linux kernel's BPF subsystem.\n This leads to a NULL pointer dereference when a BPF program attempts to\n deference the txq member of struct xdp_buff object.\n\nThe test initializes two programs of BPF_PROG_TYPE_XDP: progA acts as the\nentry point for bpf_prog_test_run_xdp() and its expected_attach_type can\nneither be of be BPF_XDP_DEVMAP nor BPF_XDP_CPUMAP. progA calls into a slot\nof a tailcall map it owns. progB's expected_attach_type must be BPF_XDP_DEVMAP\nto pass xdp_is_valid_access() validation. The program returns struct xdp_md's\negress_ifindex, and the latter is only allowed to be accessed under mentioned\nexpected_attach_type. progB is then inserted into the tailcall which progA\ncalls.\n\nThe underlying issue goes beyond XDP though. Another example are programs\nof type BPF_PROG_TYPE_CGROUP_SOCK_ADDR. sock_addr_is_valid_access() as well\nas sock_addr_func_proto() have different logic depending on the programs'\nexpected_attach_type. Similarly, a program attached to BPF_CGROUP_INET4_GETPEERNAME\nshould not be allowed doing a tailcall into a program which calls bpf_bind()\nout of BPF which is only enabled for BPF_CGROUP_INET4_CONNECT.\n\nIn short, specifying expected_attach_type allows to open up additional\nfunctionality or restrictions beyond what the basic bpf_prog_type enables.\nThe use of tailcalls must not violate these constraints. Fix it by enforcing\nexpected_attach_type in __bpf_prog_map_compatible().\n\nNote that we only enforce this for tailcall maps, but not for BPF devmaps or\ncpumaps: There, the programs are invoked through dev_map_bpf_prog_run*() and\ncpu_map_bpf_prog_run*() which set up a new environment / context and therefore\nthese situations are not prone to this issue.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "photon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40123", "https://git.kernel.org/linus/4540aed51b12bc13364149bf95f6ecef013197c0 (6.18-rc1)", "https://git.kernel.org/stable/c/08cb3dc9d2b44f153d0bcf2cb966e4a94b5d0f32", "https://git.kernel.org/stable/c/4540aed51b12bc13364149bf95f6ecef013197c0", "https://git.kernel.org/stable/c/a99de19128aec0913f3d529f529fbbff5edfaff8", "https://git.kernel.org/stable/c/c1ad19b5d8e23123503dcaf2d4342e1b90b923ad", "https://git.kernel.org/stable/c/f856c598080ba7ce1252867b8ecd6ad5bdaf9a6a", "https://lore.kernel.org/linux-cve-announce/2025111253-CVE-2025-40123-fcb1@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40123", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40123" ], "PublishedDate": "2025-11-12T11:15:41.807Z", "LastModifiedDate": "2025-11-12T16:19:12.85Z" }, { "VulnerabilityID": "CVE-2025-40124", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40124", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:512e9284f510726a0934abb25078dcda78dd8cf60dc72b9589d7e7d365e71204", "Title": "kernel: sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III\n\nAnthony Yznaga tracked down that a BUG_ON in ext4 code with large folios\nenabled resulted from copy_from_user() returning impossibly large values\ngreater than the size to be copied. This lead to __copy_from_iter()\nreturning impossible values instead of the actual number of bytes it was\nable to copy.\n\nThe BUG_ON has been reported in\nhttps://lore.kernel.org/r/b14f55642207e63e907965e209f6323a0df6dcee.camel@physik.fu-berlin.de\n\nThe referenced commit introduced exception handlers on user-space memory\nreferences in copy_from_user and copy_to_user. These handlers return from\nthe respective function and calculate the remaining bytes left to copy\nusing the current register contents. The exception handlers expect that\n%o2 has already been masked during the bulk copy loop, but the masking was\nperformed after that loop. This will fix the return value of copy_from_user\nand copy_to_user in the faulting case. The behaviour of memcpy stays\nunchanged.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 1, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40124", "https://git.kernel.org/linus/47b49c06eb62504075f0f2e2227aee2e2c2a58b3 (6.18-rc1)", "https://git.kernel.org/stable/c/1198077606aeffb102587c6ea079ce99641c99d4", "https://git.kernel.org/stable/c/1857cdca12c4aff58bf26a7005a4d02850c29927", "https://git.kernel.org/stable/c/47b49c06eb62504075f0f2e2227aee2e2c2a58b3", "https://git.kernel.org/stable/c/5ef9c94d7110e90260c06868cf1dcf899b9f25ee", "https://git.kernel.org/stable/c/91eda032eb16e5d2be27c95584665bc555bb5a90", "https://git.kernel.org/stable/c/dc766c4830a7e1e1ee9d7f77d4ab344f2eb23c8e", "https://git.kernel.org/stable/c/e50377c6b3f278c9f3ef017ffce17f5fcc9dace4", "https://git.kernel.org/stable/c/fdd43fe6d286f27b826572457a89c926f97e2d3a", "https://lore.kernel.org/linux-cve-announce/2025111253-CVE-2025-40124-5006@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40124", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40124" ], "PublishedDate": "2025-11-12T11:15:41.92Z", "LastModifiedDate": "2025-11-12T16:19:12.85Z" }, { "VulnerabilityID": "CVE-2025-40125", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40125", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:28991e74d972967b04ae181bca7767c6f30b6e2cc407b79c2bea0423a0b4dfa0", "Title": "kernel: blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx\n\nIn __blk_mq_update_nr_hw_queues() the return value of\nblk_mq_sysfs_register_hctxs() is not checked. If sysfs creation for hctx\nfails, later changing the number of hw_queues or removing disk will\ntrigger the following warning:\n\n kernfs: can not remove 'nr_tags', no directory\n WARNING: CPU: 2 PID: 637 at fs/kernfs/dir.c:1707 kernfs_remove_by_name_ns+0x13f/0x160\n Call Trace:\n remove_files.isra.1+0x38/0xb0\n sysfs_remove_group+0x4d/0x100\n sysfs_remove_groups+0x31/0x60\n __kobject_del+0x23/0xf0\n kobject_del+0x17/0x40\n blk_mq_unregister_hctx+0x5d/0x80\n blk_mq_sysfs_unregister_hctxs+0x94/0xd0\n blk_mq_update_nr_hw_queues+0x124/0x760\n nullb_update_nr_hw_queues+0x71/0xf0 [null_blk]\n nullb_device_submit_queues_store+0x92/0x120 [null_blk]\n\nkobjct_del() was called unconditionally even if sysfs creation failed.\nFix it by checkig the kobject creation statusbefore deleting it.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40125", "https://git.kernel.org/linus/4c7ef92f6d4d08a27d676e4c348f4e2922cab3ed (6.18-rc1)", "https://git.kernel.org/stable/c/06c4826b1d900611096e4621e93133db57e13911", "https://git.kernel.org/stable/c/4b97e99b87a773d52699521d40864f3ec888e9a6", "https://git.kernel.org/stable/c/4c7ef92f6d4d08a27d676e4c348f4e2922cab3ed", "https://git.kernel.org/stable/c/6e7dadc5763c48eb3b9b91265a21f312599ebb2c", "https://git.kernel.org/stable/c/a8c53553f1833cc2d14175d2d72cf37193a01898", "https://git.kernel.org/stable/c/babc634e9fe2803962dba98a07587e835dbc0731", "https://git.kernel.org/stable/c/cc14ea21c4e658814d737ed4dedde6cd626a15ad", "https://git.kernel.org/stable/c/d5ddd76ee52bdc16e9f8b1e7791291e785dab032", "https://linux.oracle.com/cve/CVE-2025-40125.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025111253-CVE-2025-40125-cb33@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40125", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40125" ], "PublishedDate": "2025-11-12T11:15:42.043Z", "LastModifiedDate": "2025-11-12T16:19:12.85Z" }, { "VulnerabilityID": "CVE-2025-40126", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40126", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8f5f9789cd1b877d4723dd23ea7b23c5b9378a43fa94caf464bfad5d6c9beaad", "Title": "kernel: sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC\n\nThe referenced commit introduced exception handlers on user-space memory\nreferences in copy_from_user and copy_to_user. These handlers return from\nthe respective function and calculate the remaining bytes left to copy\nusing the current register contents. This commit fixes a couple of bad\ncalculations. This will fix the return value of copy_from_user and\ncopy_to_user in the faulting case. The behaviour of memcpy stays unchanged.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40126", "https://git.kernel.org/linus/4fba1713001195e59cfc001ff1f2837dab877efb (6.18-rc1)", "https://git.kernel.org/stable/c/0bf3dc3a2156f1c5ddaba4b85d09767874634114", "https://git.kernel.org/stable/c/41c18baee66134e6ef786eb075c1b6adb22432b0", "https://git.kernel.org/stable/c/4fba1713001195e59cfc001ff1f2837dab877efb", "https://git.kernel.org/stable/c/57c278500fce3cd4e1c540700c0b05426a958393", "https://git.kernel.org/stable/c/59424dc0d0e044b2eb007686a4724ddd91d57db5", "https://git.kernel.org/stable/c/674ff598148a28bae0b5372339de56f2abf0b1d1", "https://git.kernel.org/stable/c/7de3a75bbc8465d816336c74d50109e73501efab", "https://git.kernel.org/stable/c/9b137f277cc3297044aabd950f589e505d30104c", "https://lore.kernel.org/linux-cve-announce/2025111253-CVE-2025-40126-a667@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40126", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40126" ], "PublishedDate": "2025-11-12T11:15:42.163Z", "LastModifiedDate": "2025-11-12T16:19:12.85Z" }, { "VulnerabilityID": "CVE-2025-40127", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40127", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1b031e81e7860071a20f7f25816438534bc3b4e9e9c9bce607326e3fe7b0f07b", "Title": "kernel: hwrng: ks-sa - fix division by zero in ks_sa_rng_init", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwrng: ks-sa - fix division by zero in ks_sa_rng_init\n\nFix division by zero in ks_sa_rng_init caused by missing clock\npointer initialization. The clk_get_rate() call is performed on\nan uninitialized clk pointer, resulting in division by zero when\ncalculating delay values.\n\nAdd clock initialization code before using the clock.\n\n\n drivers/char/hw_random/ks-sa-rng.c | 7 +++++++\n 1 file changed, 7 insertions(+)", "Severity": "MEDIUM", "VendorSeverity": { "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40127", "https://git.kernel.org/linus/612b1dfeb414dfa780a6316014ceddf9a74ff5c0 (6.18-rc1)", "https://git.kernel.org/stable/c/2b6bcce32cb5aff84588a844a4d3f6dd5353b8e2", "https://git.kernel.org/stable/c/55a70e1de75e5ff5f961c79a2cdc6a4468cc2bf2", "https://git.kernel.org/stable/c/612b1dfeb414dfa780a6316014ceddf9a74ff5c0", "https://git.kernel.org/stable/c/692a04a1e0cde1d80a33df0078c755cf02cd7268", "https://git.kernel.org/stable/c/d76b099011fa056950f63d05ebb6160991242f6a", "https://git.kernel.org/stable/c/eec7e0e19c1fa75dc65e25aa6a21ef24a03849af", "https://git.kernel.org/stable/c/f4238064379a91e71a9c258996acac43c50c2094", "https://lore.kernel.org/linux-cve-announce/2025111253-CVE-2025-40127-361e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40127", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40127" ], "PublishedDate": "2025-11-12T11:15:42.29Z", "LastModifiedDate": "2025-11-12T16:19:12.85Z" }, { "VulnerabilityID": "CVE-2025-40134", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40134", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:38b89bcb15ffb8c2a0befcfcbbd9d3c387357af65f319ffa5b3c6828cd3a1e4a", "Title": "kernel: dm: fix NULL pointer dereference in __dm_suspend()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: fix NULL pointer dereference in __dm_suspend()\n\nThere is a race condition between dm device suspend and table load that\ncan lead to null pointer dereference. The issue occurs when suspend is\ninvoked before table load completes:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000054\nOops: 0000 [#1] PREEMPT SMP PTI\nCPU: 6 PID: 6798 Comm: dmsetup Not tainted 6.6.0-g7e52f5f0ca9b #62\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014\nRIP: 0010:blk_mq_wait_quiesce_done+0x0/0x50\nCall Trace:\n \u003cTASK\u003e\n blk_mq_quiesce_queue+0x2c/0x50\n dm_stop_queue+0xd/0x20\n __dm_suspend+0x130/0x330\n dm_suspend+0x11a/0x180\n dev_suspend+0x27e/0x560\n ctl_ioctl+0x4cf/0x850\n dm_ctl_ioctl+0xd/0x20\n vfs_ioctl+0x1d/0x50\n __se_sys_ioctl+0x9b/0xc0\n __x64_sys_ioctl+0x19/0x30\n x64_sys_call+0x2c4a/0x4620\n do_syscall_64+0x9e/0x1b0\n\nThe issue can be triggered as below:\n\nT1 \t\t\t\t\t\tT2\ndm_suspend\t\t\t\t\ttable_load\n__dm_suspend\t\t\t\t\tdm_setup_md_queue\n\t\t\t\t\t\tdm_mq_init_request_queue\n\t\t\t\t\t\tblk_mq_init_allocated_queue\n\t\t\t\t\t\t=\u003e q-\u003emq_ops = set-\u003eops; (1)\ndm_stop_queue / dm_wait_for_completion\n=\u003e q-\u003etag_set NULL pointer!\t(2)\n\t\t\t\t\t\t=\u003e q-\u003etag_set = set; (3)\n\nFix this by checking if a valid table (map) exists before performing\nrequest-based suspend and waiting for target I/O. When map is NULL,\nskip these table-dependent suspend steps.\n\nEven when map is NULL, no I/O can reach any target because there is\nno table loaded; I/O submitted in this state will fail early in the\nDM layer. Skipping the table-dependent suspend logic in this case\nis safe and avoids NULL pointer dereferences.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40134", "https://git.kernel.org/linus/8d33a030c566e1f105cd5bf27f37940b6367f3be (6.18-rc1)", "https://git.kernel.org/stable/c/19ca4528666990be376ac3eb6fe667b03db5324d", "https://git.kernel.org/stable/c/30f95b7eda5966b81cb221bd569c0f095a068cf6", "https://git.kernel.org/stable/c/331c2dd8ca8bad1a3ac10cce847ffb76158eece4", "https://git.kernel.org/stable/c/846cafc4725ca727d94f9c4b5f789c1a7c8fb6fe", "https://git.kernel.org/stable/c/8d33a030c566e1f105cd5bf27f37940b6367f3be", "https://git.kernel.org/stable/c/9dc43ea6a20ff83fe9a5fe4be47ae0fbf2409b98", "https://git.kernel.org/stable/c/a0e54bd8d7ea79127fe9920df3ae36f85e79ac7c", "https://git.kernel.org/stable/c/a802901b75e13cc306f1b7ab0f062135c8034e9e", "https://linux.oracle.com/cve/CVE-2025-40134.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025111254-CVE-2025-40134-4d24@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40134", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40134" ], "PublishedDate": "2025-11-12T11:15:43.1Z", "LastModifiedDate": "2025-11-12T16:19:12.85Z" }, { "VulnerabilityID": "CVE-2025-40135", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40135", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7d1bf8a30d49443028fb3e922f107d40f64ac3ec9507cd54630b966adeec3cec", "Title": "kernel: ipv6: use RCU in ip6_xmit()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: use RCU in ip6_xmit()\n\nUse RCU in ip6_xmit() in order to use dst_dev_rcu() to prevent\npossible UAF.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "azure": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:2212", "https://access.redhat.com/security/cve/CVE-2025-40135", "https://bugzilla.redhat.com/2363315", "https://bugzilla.redhat.com/2365032", "https://bugzilla.redhat.com/2373326", "https://bugzilla.redhat.com/2373354", "https://bugzilla.redhat.com/2383404", "https://bugzilla.redhat.com/2383421", "https://bugzilla.redhat.com/2383487", "https://bugzilla.redhat.com/2393191", "https://bugzilla.redhat.com/2394601", "https://bugzilla.redhat.com/2414506", "https://bugzilla.redhat.com/2414521", "https://bugzilla.redhat.com/2414522", "https://bugzilla.redhat.com/2414523", "https://bugzilla.redhat.com/2419837", "https://bugzilla.redhat.com/2419919", "https://bugzilla.redhat.com/2419920", "https://bugzilla.redhat.com/show_bug.cgi?id=2363315", "https://bugzilla.redhat.com/show_bug.cgi?id=2365032", "https://bugzilla.redhat.com/show_bug.cgi?id=2373326", "https://bugzilla.redhat.com/show_bug.cgi?id=2373354", "https://bugzilla.redhat.com/show_bug.cgi?id=2383404", "https://bugzilla.redhat.com/show_bug.cgi?id=2383421", "https://bugzilla.redhat.com/show_bug.cgi?id=2383487", "https://bugzilla.redhat.com/show_bug.cgi?id=2393191", "https://bugzilla.redhat.com/show_bug.cgi?id=2394601", "https://bugzilla.redhat.com/show_bug.cgi?id=2414506", "https://bugzilla.redhat.com/show_bug.cgi?id=2414521", "https://bugzilla.redhat.com/show_bug.cgi?id=2414522", "https://bugzilla.redhat.com/show_bug.cgi?id=2414523", "https://bugzilla.redhat.com/show_bug.cgi?id=2419837", "https://bugzilla.redhat.com/show_bug.cgi?id=2419919", "https://bugzilla.redhat.com/show_bug.cgi?id=2419920", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37789", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37819", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38022", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38024", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38403", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38415", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38459", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38730", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39760", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40135", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40141", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40158", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40170", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40269", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40271", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40318", "https://errata.almalinux.org/9/ALSA-2026-2212.html", "https://errata.rockylinux.org/RLSA-2026:2212", "https://git.kernel.org/linus/9085e56501d93af9f2d7bd16f7fcfacdde47b99c (6.18-rc1)", "https://git.kernel.org/stable/c/9085e56501d93af9f2d7bd16f7fcfacdde47b99c", "https://git.kernel.org/stable/c/bd0905e2122e3680968cd0741966983490bf2ed3", "https://git.kernel.org/stable/c/f0a54d00d2f36de40266f47c27989853e8588656", "https://git.kernel.org/stable/c/f69fec6287565fdeb61f65e700a1184352306943", "https://git.kernel.org/stable/c/f7f9e924f23684b4b23cd9f976cceab24a968e34", "https://linux.oracle.com/cve/CVE-2025-40135.html", "https://linux.oracle.com/errata/ELSA-2026-2264.html", "https://lore.kernel.org/linux-cve-announce/2025111255-CVE-2025-40135-67ca@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40135", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://www.cve.org/CVERecord?id=CVE-2025-40135" ], "PublishedDate": "2025-11-12T11:15:43.22Z", "LastModifiedDate": "2026-03-25T11:16:12.9Z" }, { "VulnerabilityID": "CVE-2025-40137", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40137", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6010e5fab5c82a6bb115a0097722dd5e0d295c93a3b7e109b846ccbcb12fa21a", "Title": "kernel: f2fs: fix to truncate first page in error path of f2fs_truncate()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to truncate first page in error path of f2fs_truncate()\n\nsyzbot reports a bug as below:\n\nloop0: detected capacity change from 0 to 40427\nF2FS-fs (loop0): Wrong SSA boundary, start(3584) end(4096) blocks(3072)\nF2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock\nF2FS-fs (loop0): invalid crc value\nF2FS-fs (loop0): f2fs_convert_inline_folio: corrupted inline inode ino=3, i_addr[0]:0x1601, run fsck to fix.\n------------[ cut here ]------------\nkernel BUG at fs/inode.c:753!\nRIP: 0010:clear_inode+0x169/0x190 fs/inode.c:753\nCall Trace:\n \u003cTASK\u003e\n evict+0x504/0x9c0 fs/inode.c:810\n f2fs_fill_super+0x5612/0x6fa0 fs/f2fs/super.c:5047\n get_tree_bdev_flags+0x40e/0x4d0 fs/super.c:1692\n vfs_get_tree+0x8f/0x2b0 fs/super.c:1815\n do_new_mount+0x2a2/0x9e0 fs/namespace.c:3808\n do_mount fs/namespace.c:4136 [inline]\n __do_sys_mount fs/namespace.c:4347 [inline]\n __se_sys_mount+0x317/0x410 fs/namespace.c:4324\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nDuring f2fs_evict_inode(), clear_inode() detects that we missed to truncate\nall page cache before destorying inode, that is because in below path, we\nwill create page #0 in cache, but missed to drop it in error path, let's fix\nit.\n\n- evict\n - f2fs_evict_inode\n - f2fs_truncate\n - f2fs_convert_inline_inode\n - f2fs_grab_cache_folio\n : create page #0 in cache\n - f2fs_convert_inline_folio\n : sanity check failed, return -EFSCORRUPTED\n - clear_inode detects that inode-\u003ei_data.nrpages is not zero", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40137", "https://git.kernel.org/linus/9251a9e6e871cb03c4714a18efa8f5d4a8818450 (6.18-rc1)", "https://git.kernel.org/stable/c/3b0c8908faa18cded84d64822882a830ab1f4d26", "https://git.kernel.org/stable/c/83a8e4efea022506a0e049e7206bdf8be9f78148", "https://git.kernel.org/stable/c/9251a9e6e871cb03c4714a18efa8f5d4a8818450", "https://git.kernel.org/stable/c/a7b7ebdd7045a36454b3e388a2ecf50344fad9e6", "https://lore.kernel.org/linux-cve-announce/2025111255-CVE-2025-40137-3047@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40137", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40137" ], "PublishedDate": "2025-11-12T11:15:43.44Z", "LastModifiedDate": "2025-11-12T16:19:12.85Z" }, { "VulnerabilityID": "CVE-2025-40139", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40139", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1e50163579c7880cdcf465d02486a71efe79936e135876407c7f53ae77194ea5", "Title": "kernel: smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set().\n\nsmc_clc_prfx_set() is called during connect() and not under RCU\nnor RTNL.\n\nUsing sk_dst_get(sk)-\u003edev could trigger UAF.\n\nLet's use __sk_dst_get() and dev_dst_rcu() under rcu_read_lock()\nafter kernel_getsockname().\n\nNote that the returned value of smc_clc_prfx_set() is not used\nin the caller.\n\nWhile at it, we change the 1st arg of smc_clc_prfx_set[46]_rcu()\nnot to touch dst there.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40139", "https://git.kernel.org/linus/935d783e5de9b64587f3adb25641dd8385e64ddb (6.18-rc1)", "https://git.kernel.org/stable/c/0736993bfe5c7a9c744ae3fac62d769dfdae54e1", "https://git.kernel.org/stable/c/935d783e5de9b64587f3adb25641dd8385e64ddb", "https://lore.kernel.org/linux-cve-announce/2025111255-CVE-2025-40139-a030@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40139", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://www.cve.org/CVERecord?id=CVE-2025-40139" ], "PublishedDate": "2025-11-12T11:15:43.677Z", "LastModifiedDate": "2025-11-12T16:19:12.85Z" }, { "VulnerabilityID": "CVE-2025-40140", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40140", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:92b15bd5754dcd54e9e40e493eb4666a35e0a50d6fe23c50bc9c68fb879f4b3f", "Title": "kernel: net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast\n\nsyzbot reported WARNING in rtl8150_start_xmit/usb_submit_urb.\nThis is the sequence of events that leads to the warning:\n\nrtl8150_start_xmit() {\n\tnetif_stop_queue();\n\tusb_submit_urb(dev-\u003etx_urb);\n}\n\nrtl8150_set_multicast() {\n\tnetif_stop_queue();\n\tnetif_wake_queue();\t\t\u003c-- wakes up TX queue before URB is done\n}\n\nrtl8150_start_xmit() {\n\tnetif_stop_queue();\n\tusb_submit_urb(dev-\u003etx_urb);\t\u003c-- double submission\n}\n\nrtl8150_set_multicast being the ndo_set_rx_mode callback should not be\ncalling netif_stop_queue and notif_start_queue as these handle\nTX queue synchronization.\n\nThe net core function dev_set_rx_mode handles the synchronization\nfor rtl8150_set_multicast making it safe to remove these locks.", "Severity": "MEDIUM", "VendorSeverity": { "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40140", "https://git.kernel.org/linus/958baf5eaee394e5fd976979b0791a875f14a179 (6.18-rc1)", "https://git.kernel.org/stable/c/114e05344763a102a8844efd96ec06ba99293ccd", "https://git.kernel.org/stable/c/1a08a37ac03d07a1608a1592791041cac979fbc3", "https://git.kernel.org/stable/c/54f8ef1a970a8376e5846ed90854decf7c00555d", "https://git.kernel.org/stable/c/6053e47bbf212b93c051beb4261d7d5a409d0ce3", "https://git.kernel.org/stable/c/6394bade9daab8e318c165fe43bba012bf13cd8e", "https://git.kernel.org/stable/c/958baf5eaee394e5fd976979b0791a875f14a179", "https://git.kernel.org/stable/c/9d72df7f5eac946f853bf49c428c4e87a17d91da", "https://git.kernel.org/stable/c/cce3c0e21cdd15bcba5c35d3af1700186de8f187", "https://linux.oracle.com/cve/CVE-2025-40140.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025111255-CVE-2025-40140-ae1a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40140", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40140" ], "PublishedDate": "2025-11-12T11:15:43.79Z", "LastModifiedDate": "2025-11-12T16:19:12.85Z" }, { "VulnerabilityID": "CVE-2025-40146", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40146", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d27e4ec2bc42257eb7d72e2ae7605b9f1ee4f24582d15bdc0b6091567885a8fa", "Title": "kernel: blk-mq: fix potential deadlock while nr_requests grown", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-mq: fix potential deadlock while nr_requests grown\n\nAllocate and free sched_tags while queue is freezed can deadlock[1],\nthis is a long term problem, hence allocate memory before freezing\nqueue and free memory after queue is unfreezed.\n\n[1] https://lore.kernel.org/all/0659ea8d-a463-47c8-9180-43c719e106eb@linux.ibm.com/", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40146", "https://git.kernel.org/linus/b86433721f46d934940528f28d49c1dedb690df1 (6.18-rc1)", "https://git.kernel.org/stable/c/8d26acf8477174d8ef690eb6affe13a630f586ae", "https://git.kernel.org/stable/c/b86433721f46d934940528f28d49c1dedb690df1", "https://lore.kernel.org/linux-cve-announce/2025111256-CVE-2025-40146-b919@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40146", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://www.cve.org/CVERecord?id=CVE-2025-40146" ], "PublishedDate": "2025-11-12T11:15:44.48Z", "LastModifiedDate": "2025-11-12T16:19:12.85Z" }, { "VulnerabilityID": "CVE-2025-40153", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40153", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8d1fc55b0c72b8144caa73b3e7f1d8c0661ed02ecac3b72e4b9cb70381ab31cb", "Title": "kernel: Linux kernel: Denial of Service via mprotect() on huge transparent huge pages", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: hugetlb: avoid soft lockup when mprotect to large memory area\n\nWhen calling mprotect() to a large hugetlb memory area in our customer's\nworkload (~300GB hugetlb memory), soft lockup was observed:\n\nwatchdog: BUG: soft lockup - CPU#98 stuck for 23s! [t2_new_sysv:126916]\n\nCPU: 98 PID: 126916 Comm: t2_new_sysv Kdump: loaded Not tainted 6.17-rc7\nHardware name: GIGACOMPUTING R2A3-T40-AAV1/Jefferson CIO, BIOS 5.4.4.1 07/15/2025\npstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : mte_clear_page_tags+0x14/0x24\nlr : mte_sync_tags+0x1c0/0x240\nsp : ffff80003150bb80\nx29: ffff80003150bb80 x28: ffff00739e9705a8 x27: 0000ffd2d6a00000\nx26: 0000ff8e4bc00000 x25: 00e80046cde00f45 x24: 0000000000022458\nx23: 0000000000000000 x22: 0000000000000004 x21: 000000011b380000\nx20: ffff000000000000 x19: 000000011b379f40 x18: 0000000000000000\nx17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\nx14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\nx11: 0000000000000000 x10: 0000000000000000 x9 : ffffc875e0aa5e2c\nx8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : fffffc01ce7a5c00 x4 : 00000000046cde00 x3 : fffffc0000000000\nx2 : 0000000000000004 x1 : 0000000000000040 x0 : ffff0046cde7c000\n\nCall trace:\n  mte_clear_page_tags+0x14/0x24\n  set_huge_pte_at+0x25c/0x280\n  hugetlb_change_protection+0x220/0x430\n  change_protection+0x5c/0x8c\n  mprotect_fixup+0x10c/0x294\n  do_mprotect_pkey.constprop.0+0x2e0/0x3d4\n  __arm64_sys_mprotect+0x24/0x44\n  invoke_syscall+0x50/0x160\n  el0_svc_common+0x48/0x144\n  do_el0_svc+0x30/0xe0\n  el0_svc+0x30/0xf0\n  el0t_64_sync_handler+0xc4/0x148\n  el0t_64_sync+0x1a4/0x1a8\n\nSoft lockup is not triggered with THP or base page because there is\ncond_resched() called for each PMD size.\n\nAlthough the soft lockup was triggered by MTE, it should be not MTE\nspecific. The other processing which takes long time in the loop may\ntrigger soft lockup too.\n\nSo add cond_resched() for hugetlb to avoid soft lockup.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "oracle-oval": 3, "photon": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40153", "https://git.kernel.org/linus/f52ce0ea90c83a28904c7cc203a70e6434adfecb (6.18-rc1)", "https://git.kernel.org/stable/c/30498c44c2a0b20f6833ed7d8fc3df901507f760", "https://git.kernel.org/stable/c/4975c975ed9457a77953a26aeef85fdba7cf5498", "https://git.kernel.org/stable/c/547e123e9d342a44c756446640ed847a8aeec611", "https://git.kernel.org/stable/c/5783485ab2be06be5312b26c8793526edc09123d", "https://git.kernel.org/stable/c/957faf9582f92bb2be8ebe4ab6aa1c2bc71d9859", "https://git.kernel.org/stable/c/964598e6f70a1be9fe675280bf16b4f96b0a6809", "https://git.kernel.org/stable/c/c6096f3947f68f96defedb8764b3b1ca4cf3469f", "https://git.kernel.org/stable/c/f52ce0ea90c83a28904c7cc203a70e6434adfecb", "https://linux.oracle.com/cve/CVE-2025-40153.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025111258-CVE-2025-40153-c820@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40153", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40153" ], "PublishedDate": "2025-11-12T11:15:45.257Z", "LastModifiedDate": "2025-11-12T16:19:12.85Z" }, { "VulnerabilityID": "CVE-2025-40154", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40154", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7dfd8a39402c0488ae0fc8b2c9644f31e2651ece86eed737a698547c19da48b3", "Title": "kernel: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping\n\nWhen an invalid value is passed via quirk option, currently\nbytcr_rt5640 driver only shows an error message but leaves as is.\nThis may lead to unepxected results like OOB access.\n\nThis patch corrects the input mapping to the certain default value if\nan invalid value is passed.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1617", "https://access.redhat.com/security/cve/CVE-2025-40154", "https://bugzilla.redhat.com/2389507", "https://bugzilla.redhat.com/2414494", "https://bugzilla.redhat.com/2418892", "https://bugzilla.redhat.com/show_bug.cgi?id=2389507", "https://bugzilla.redhat.com/show_bug.cgi?id=2414494", "https://bugzilla.redhat.com/show_bug.cgi?id=2418892", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38568", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40154", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40251", "https://errata.almalinux.org/9/ALSA-2026-1617.html", "https://errata.rockylinux.org/RLSA-2026:1617", "https://git.kernel.org/linus/fba404e4b4af4f4f747bb0e41e9fff7d03c7bcc0 (6.18-rc1)", "https://git.kernel.org/stable/c/29a41bf6422688f0c5a09b18222e1a64b2629fa4", "https://git.kernel.org/stable/c/2c27e047bdcba457ec953f7e90e4ed6d5f8aeb01", "https://git.kernel.org/stable/c/48880f3cdf2b6d8dcd91219c5b5c8a7526411322", "https://git.kernel.org/stable/c/5c03ea2ef4ebba75c69c90929d8590eb3d3797a9", "https://git.kernel.org/stable/c/a97b4d18ecb012c5624cdf2cab2ce5e1312fdd5d", "https://git.kernel.org/stable/c/dea9c8c9028c9374761224a7f9d824e845a2aa2e", "https://git.kernel.org/stable/c/f58fca15f3bf8b982e799c31e4afa8923788aa40", "https://git.kernel.org/stable/c/fba404e4b4af4f4f747bb0e41e9fff7d03c7bcc0", "https://linux.oracle.com/cve/CVE-2025-40154.html", "https://linux.oracle.com/errata/ELSA-2026-1690.html", "https://lore.kernel.org/linux-cve-announce/2025111258-CVE-2025-40154-fd98@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40154", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40154" ], "PublishedDate": "2025-11-12T11:15:45.38Z", "LastModifiedDate": "2025-11-12T16:19:12.85Z" }, { "VulnerabilityID": "CVE-2025-40158", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40158", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c781fbf238004ca71373f732611ac61e0effc538f16ea58c19a51ec3dd96cf71", "Title": "kernel: ipv6: use RCU in ip6_output()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: use RCU in ip6_output()\n\nUse RCU in ip6_output() in order to use dst_dev_rcu() to prevent\npossible UAF.\n\nWe can remove rcu_read_lock()/rcu_read_unlock() pairs\nfrom ip6_finish_output2().", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "oracle-oval": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:2212", "https://access.redhat.com/security/cve/CVE-2025-40158", "https://bugzilla.redhat.com/2363315", "https://bugzilla.redhat.com/2365032", "https://bugzilla.redhat.com/2373326", "https://bugzilla.redhat.com/2373354", "https://bugzilla.redhat.com/2383404", "https://bugzilla.redhat.com/2383421", "https://bugzilla.redhat.com/2383487", "https://bugzilla.redhat.com/2393191", "https://bugzilla.redhat.com/2394601", "https://bugzilla.redhat.com/2414506", "https://bugzilla.redhat.com/2414521", "https://bugzilla.redhat.com/2414522", "https://bugzilla.redhat.com/2414523", "https://bugzilla.redhat.com/2419837", "https://bugzilla.redhat.com/2419919", "https://bugzilla.redhat.com/2419920", "https://bugzilla.redhat.com/show_bug.cgi?id=2363315", "https://bugzilla.redhat.com/show_bug.cgi?id=2365032", "https://bugzilla.redhat.com/show_bug.cgi?id=2373326", "https://bugzilla.redhat.com/show_bug.cgi?id=2373354", "https://bugzilla.redhat.com/show_bug.cgi?id=2383404", "https://bugzilla.redhat.com/show_bug.cgi?id=2383421", "https://bugzilla.redhat.com/show_bug.cgi?id=2383487", "https://bugzilla.redhat.com/show_bug.cgi?id=2393191", "https://bugzilla.redhat.com/show_bug.cgi?id=2394601", "https://bugzilla.redhat.com/show_bug.cgi?id=2414506", "https://bugzilla.redhat.com/show_bug.cgi?id=2414521", "https://bugzilla.redhat.com/show_bug.cgi?id=2414522", "https://bugzilla.redhat.com/show_bug.cgi?id=2414523", "https://bugzilla.redhat.com/show_bug.cgi?id=2419837", "https://bugzilla.redhat.com/show_bug.cgi?id=2419919", "https://bugzilla.redhat.com/show_bug.cgi?id=2419920", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37789", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37819", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38022", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38024", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38403", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38415", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38459", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38730", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39760", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40135", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40141", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40158", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40170", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40269", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40271", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40318", "https://errata.almalinux.org/9/ALSA-2026-2212.html", "https://errata.rockylinux.org/RLSA-2026:2212", "https://git.kernel.org/linus/11709573cc4e48dc34c80fc7ab9ce5b159e29695 (6.18-rc1)", "https://git.kernel.org/stable/c/0393f85c3241c19ba8550f04a812e7d19f6b3082", "https://git.kernel.org/stable/c/11709573cc4e48dc34c80fc7ab9ce5b159e29695", "https://linux.oracle.com/cve/CVE-2025-40158.html", "https://linux.oracle.com/errata/ELSA-2026-2264.html", "https://lore.kernel.org/linux-cve-announce/2025111258-CVE-2025-40158-4c9d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40158", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://www.cve.org/CVERecord?id=CVE-2025-40158" ], "PublishedDate": "2025-11-12T11:15:45.897Z", "LastModifiedDate": "2025-11-12T16:19:12.85Z" }, { "VulnerabilityID": "CVE-2025-40160", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40160", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b84566764cb34ff066bf961dc353e4d73a9063f35509510fc7c9cc68d6160c66", "Title": "kernel: xen/events: Return -EEXIST for bound VIRQs", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen/events: Return -EEXIST for bound VIRQs\n\nChange find_virq() to return -EEXIST when a VIRQ is bound to a\ndifferent CPU than the one passed in. With that, remove the BUG_ON()\nfrom bind_virq_to_irq() to propogate the error upwards.\n\nSome VIRQs are per-cpu, but others are per-domain or global. Those must\nbe bound to CPU0 and can then migrate elsewhere. The lookup for\nper-domain and global will probably fail when migrated off CPU 0,\nespecially when the current CPU is tracked. This now returns -EEXIST\ninstead of BUG_ON().\n\nA second call to bind a per-domain or global VIRQ is not expected, but\nmake it non-fatal to avoid trying to look up the irq, since we don't\nknow which per_cpu(virq_to_irq) it will be in.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40160", "https://git.kernel.org/stable/c/07ce121d93a5e5fb2440a24da3dbf408fcee978e", "https://git.kernel.org/stable/c/612ef6056855c0aacb9b25d1d853c435754483f7", "https://git.kernel.org/stable/c/a1e7f07ae6b594f1ba5be46c6125b43bc505c5aa", "https://git.kernel.org/stable/c/f81db055a793eca9d05f79658ff62adafb41d664", "https://lore.kernel.org/linux-cve-announce/2025111239-CVE-2025-40160-b13a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40160", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40160" ], "PublishedDate": "2025-11-12T11:15:46.123Z", "LastModifiedDate": "2025-11-12T16:19:12.85Z" }, { "VulnerabilityID": "CVE-2025-40167", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40167", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:08e8b3d415269cdc2960fb7206989fd3d82c385deee361d6ef7a2b7cdb6c5153", "Title": "kernel: ext4: detect invalid INLINE_DATA + EXTENTS flag combination", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: detect invalid INLINE_DATA + EXTENTS flag combination\n\nsyzbot reported a BUG_ON in ext4_es_cache_extent() when opening a verity\nfile on a corrupted ext4 filesystem mounted without a journal.\n\nThe issue is that the filesystem has an inode with both the INLINE_DATA\nand EXTENTS flags set:\n\n EXT4-fs error (device loop0): ext4_cache_extents:545: inode #15:\n comm syz.0.17: corrupted extent tree: lblk 0 \u003c prev 66\n\nInvestigation revealed that the inode has both flags set:\n DEBUG: inode 15 - flag=1, i_inline_off=164, has_inline=1, extents_flag=1\n\nThis is an invalid combination since an inode should have either:\n- INLINE_DATA: data stored directly in the inode\n- EXTENTS: data stored in extent-mapped blocks\n\nHaving both flags causes ext4_has_inline_data() to return true, skipping\nextent tree validation in __ext4_iget(). The unvalidated out-of-order\nextents then trigger a BUG_ON in ext4_es_cache_extent() due to integer\nunderflow when calculating hole sizes.\n\nFix this by detecting this invalid flag combination early in ext4_iget()\nand rejecting the corrupted inode.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40167", "https://git.kernel.org/stable/c/1437c95ab2a28b138d4521653583729f61ccb48b", "https://git.kernel.org/stable/c/1d3ad183943b38eec2acf72a0ae98e635dc8456b", "https://git.kernel.org/stable/c/1f5ccd22ff482639133f2a0fe08f6d19d0e68717", "https://git.kernel.org/stable/c/2e9e10657b04152ed0d6ecae8d0c02a3405e28f5", "https://git.kernel.org/stable/c/4954d297c91d292630ab43ba4d195dc371ce65d3", "https://git.kernel.org/stable/c/cb6039b68efa547b676a8a10fc4618d9d1865c23", "https://git.kernel.org/stable/c/de985264eef64be8a90595908f2e6a87946dad34", "https://git.kernel.org/stable/c/f061f7c331fc16250fc82aa68964f35821687217", "https://linux.oracle.com/cve/CVE-2025-40167.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025111228-CVE-2025-40167-184f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40167", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40167" ], "PublishedDate": "2025-11-12T11:15:47.013Z", "LastModifiedDate": "2025-11-12T16:19:12.85Z" }, { "VulnerabilityID": "CVE-2025-40168", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40168", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:37fe6cbeebf4da2e0d615995d6f4f1835d1e5660cefaa40822bddd95331d7e8a", "Title": "kernel: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match().\n\nsmc_clc_prfx_match() is called from smc_listen_work() and\nnot under RCU nor RTNL.\n\nUsing sk_dst_get(sk)-\u003edev could trigger UAF.\n\nLet's use __sk_dst_get() and dst_dev_rcu().\n\nNote that the returned value of smc_clc_prfx_match() is not\nused in the caller.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:3488", "https://access.redhat.com/security/cve/CVE-2025-40168", "https://bugzilla.redhat.com/2414482", "https://bugzilla.redhat.com/2429026", "https://bugzilla.redhat.com/2436802", "https://bugzilla.redhat.com/show_bug.cgi?id=2414482", "https://bugzilla.redhat.com/show_bug.cgi?id=2429026", "https://bugzilla.redhat.com/show_bug.cgi?id=2436802", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40168", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-71085", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23097", "https://errata.almalinux.org/9/ALSA-2026-3488.html", "https://errata.rockylinux.org/RLSA-2026:3488", "https://git.kernel.org/stable/c/235f81045c008169cc4e1955b4a64e118eebe61b", "https://git.kernel.org/stable/c/d26e80f7fb62d77757b67a1b94e4ac756bc9c658", "https://linux.oracle.com/cve/CVE-2025-40168.html", "https://linux.oracle.com/errata/ELSA-2026-3488.html", "https://lore.kernel.org/linux-cve-announce/2025111256-CVE-2025-40168-bdd5@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40168", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://www.cve.org/CVERecord?id=CVE-2025-40168" ], "PublishedDate": "2025-11-12T11:15:47.15Z", "LastModifiedDate": "2025-11-12T16:19:12.85Z" }, { "VulnerabilityID": "CVE-2025-40170", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40170", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:39aa56c60d285513b20ce53db3f2440beffe418e78c4b253866fffcf7635d910", "Title": "kernel: net: use dst_dev_rcu() in sk_setup_caps()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: use dst_dev_rcu() in sk_setup_caps()\n\nUse RCU to protect accesses to dst-\u003edev from sk_setup_caps()\nand sk_dst_gso_max_size().\n\nAlso use dst_dev_rcu() in ip6_dst_mtu_maybe_forward(),\nand ip_dst_mtu_maybe_forward().\n\nip4_dst_hoplimit() can use dst_dev_net_rcu().", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "oracle-oval": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:2212", "https://access.redhat.com/security/cve/CVE-2025-40170", "https://bugzilla.redhat.com/2363315", "https://bugzilla.redhat.com/2365032", "https://bugzilla.redhat.com/2373326", "https://bugzilla.redhat.com/2373354", "https://bugzilla.redhat.com/2383404", "https://bugzilla.redhat.com/2383421", "https://bugzilla.redhat.com/2383487", "https://bugzilla.redhat.com/2393191", "https://bugzilla.redhat.com/2394601", "https://bugzilla.redhat.com/2414506", "https://bugzilla.redhat.com/2414521", "https://bugzilla.redhat.com/2414522", "https://bugzilla.redhat.com/2414523", "https://bugzilla.redhat.com/2419837", "https://bugzilla.redhat.com/2419919", "https://bugzilla.redhat.com/2419920", "https://bugzilla.redhat.com/show_bug.cgi?id=2363315", "https://bugzilla.redhat.com/show_bug.cgi?id=2365032", "https://bugzilla.redhat.com/show_bug.cgi?id=2373326", "https://bugzilla.redhat.com/show_bug.cgi?id=2373354", "https://bugzilla.redhat.com/show_bug.cgi?id=2383404", "https://bugzilla.redhat.com/show_bug.cgi?id=2383421", "https://bugzilla.redhat.com/show_bug.cgi?id=2383487", "https://bugzilla.redhat.com/show_bug.cgi?id=2393191", "https://bugzilla.redhat.com/show_bug.cgi?id=2394601", "https://bugzilla.redhat.com/show_bug.cgi?id=2414506", "https://bugzilla.redhat.com/show_bug.cgi?id=2414521", "https://bugzilla.redhat.com/show_bug.cgi?id=2414522", "https://bugzilla.redhat.com/show_bug.cgi?id=2414523", "https://bugzilla.redhat.com/show_bug.cgi?id=2419837", "https://bugzilla.redhat.com/show_bug.cgi?id=2419919", "https://bugzilla.redhat.com/show_bug.cgi?id=2419920", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37789", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37819", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38022", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38024", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38403", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38415", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38459", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38730", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39760", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40135", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40141", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40158", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40170", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40269", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40271", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40318", "https://errata.almalinux.org/9/ALSA-2026-2212.html", "https://errata.rockylinux.org/RLSA-2026:2212", "https://git.kernel.org/stable/c/5d1be493d1110c9e720b4c51a6e587bb2fb4ac12", "https://git.kernel.org/stable/c/99a2ace61b211b0be861b07fbaa062fca4b58879", "https://git.kernel.org/stable/c/a805729c0091073d8f0415cfa96c7acd1bc17a48", "https://linux.oracle.com/cve/CVE-2025-40170.html", "https://linux.oracle.com/errata/ELSA-2026-50112.html", "https://lore.kernel.org/linux-cve-announce/2025111259-CVE-2025-40170-d39d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40170", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://www.cve.org/CVERecord?id=CVE-2025-40170" ], "PublishedDate": "2025-11-12T11:15:47.393Z", "LastModifiedDate": "2026-01-08T10:15:49.48Z" }, { "VulnerabilityID": "CVE-2025-40171", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40171", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:22e1f7f47bc830f52f84c9f92b9a672cb4c09990c6d778e6b4b035ba04a29d44", "Title": "kernel: Kernel: Denial of Service in nvmet-fc due to resource leak", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-fc: move lsop put work to nvmet_fc_ls_req_op\n\nIt’s possible for more than one async command to be in flight from\n__nvmet_fc_send_ls_req. For each command, a tgtport reference is taken.\n\nIn the current code, only one put work item is queued at a time, which\nresults in a leaked reference.\n\nTo fix this, move the work item to the nvmet_fc_ls_req_op struct, which\nalready tracks all resources related to the command.", "Severity": "MEDIUM", "VendorSeverity": { "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40171", "https://git.kernel.org/stable/c/060ecc81240ef9d60d9485a3a5eb55a0d6e7a25c", "https://git.kernel.org/stable/c/11269c08013f4ee8b8f5edc6c56700acb34092d0", "https://git.kernel.org/stable/c/7331925c247b03b7767b8cd93cfe1b7aa2377850", "https://git.kernel.org/stable/c/7a619f8c869117ffed08365b377f66b7e1d941b4", "https://git.kernel.org/stable/c/a28112cc55013cd8cbd5d36b5115a5b851151bd9", "https://git.kernel.org/stable/c/db5a5406fb7e5337a074385c7a3e53c77f2c1bd3", "https://linux.oracle.com/cve/CVE-2025-40171.html", "https://linux.oracle.com/errata/ELSA-2025-28048.html", "https://lore.kernel.org/linux-cve-announce/2025111259-CVE-2025-40171-0cb5@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40171", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40171" ], "PublishedDate": "2025-11-12T11:15:47.513Z", "LastModifiedDate": "2025-11-12T16:19:12.85Z" }, { "VulnerabilityID": "CVE-2025-40173", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40173", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0b1c10e698f923d2ab1c9d0f6751b0da2483917b774a07e032d9bcb2244b63c9", "Title": "kernel: net/ip6_tunnel: Prevent perpetual tunnel growth", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/ip6_tunnel: Prevent perpetual tunnel growth\n\nSimilarly to ipv4 tunnel, ipv6 version updates dev-\u003eneeded_headroom, too.\nWhile ipv4 tunnel headroom adjustment growth was limited in\ncommit 5ae1e9922bbd (\"net: ip_tunnel: prevent perpetual headroom growth\"),\nipv6 tunnel yet increases the headroom without any ceiling.\n\nReflect ipv4 tunnel headroom adjustment limit on ipv6 version.\n\nCredits to Francesco Ruggeri, who was originally debugging this issue\nand wrote local Arista-specific patch and a reproducer.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40173", "https://git.kernel.org/stable/c/10fe967efe73c610e526ff7460581610633dee9c", "https://git.kernel.org/stable/c/11f6066af3bfb8149aa16c42c0b0c5ea5b199a94", "https://git.kernel.org/stable/c/21f4d45eba0b2dcae5dbc9e5e0ad08735c993f16", "https://git.kernel.org/stable/c/402b6985e872b4cf394bbbf33b503947a326a6cb", "https://git.kernel.org/stable/c/48294a67863c9cfa367abb66bbf0ef6548ae124f", "https://git.kernel.org/stable/c/566f8d5c8a443f2dd69c5460fdec43ed1c870c65", "https://git.kernel.org/stable/c/b6eb25d870f1a8ae571fd3da2244b71df547824b", "https://git.kernel.org/stable/c/eeb4345488672584db4f8c20a1ae13a212ce31c4", "https://linux.oracle.com/cve/CVE-2025-40173.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025111254-CVE-2025-40173-4a68@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40173", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40173" ], "PublishedDate": "2025-11-12T11:15:47.78Z", "LastModifiedDate": "2025-11-12T16:19:12.85Z" }, { "VulnerabilityID": "CVE-2025-40178", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40178", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2db9eab7205adcab8c2714d0bad75982a6f31143e54295ecd013644fd5890302", "Title": "kernel: pid: Add a judgment for ns null in pid_nr_ns", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\npid: Add a judgment for ns null in pid_nr_ns\n\n__task_pid_nr_ns\n ns = task_active_pid_ns(current);\n pid_nr_ns(rcu_dereference(*task_pid_ptr(task, type)), ns);\n if (pid \u0026\u0026 ns-\u003elevel \u003c= pid-\u003elevel) {\n\nSometimes null is returned for task_active_pid_ns. Then it will trigger kernel panic in pid_nr_ns.\n\nFor example:\n\tUnable to handle kernel NULL pointer dereference at virtual address 0000000000000058\n\tMem abort info:\n\tESR = 0x0000000096000007\n\tEC = 0x25: DABT (current EL), IL = 32 bits\n\tSET = 0, FnV = 0\n\tEA = 0, S1PTW = 0\n\tFSC = 0x07: level 3 translation fault\n\tData abort info:\n\tISV = 0, ISS = 0x00000007, ISS2 = 0x00000000\n\tCM = 0, WnR = 0, TnD = 0, TagAccess = 0\n\tGCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n\tuser pgtable: 4k pages, 39-bit VAs, pgdp=00000002175aa000\n\t[0000000000000058] pgd=08000002175ab003, p4d=08000002175ab003, pud=08000002175ab003, pmd=08000002175be003, pte=0000000000000000\n\tpstate: 834000c5 (Nzcv daIF +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\n\tpc : __task_pid_nr_ns+0x74/0xd0\n\tlr : __task_pid_nr_ns+0x24/0xd0\n\tsp : ffffffc08001bd10\n\tx29: ffffffc08001bd10 x28: ffffffd4422b2000 x27: 0000000000000001\n\tx26: ffffffd442821168 x25: ffffffd442821000 x24: 00000f89492eab31\n\tx23: 00000000000000c0 x22: ffffff806f5693c0 x21: ffffff806f5693c0\n\tx20: 0000000000000001 x19: 0000000000000000 x18: 0000000000000000\n\tx17: 00000000529c6ef0 x16: 00000000529c6ef0 x15: 00000000023a1adc\n\tx14: 0000000000000003 x13: 00000000007ef6d8 x12: 001167c391c78800\n\tx11: 00ffffffffffffff x10: 0000000000000000 x9 : 0000000000000001\n\tx8 : ffffff80816fa3c0 x7 : 0000000000000000 x6 : 49534d702d535449\n\tx5 : ffffffc080c4c2c0 x4 : ffffffd43ee128c8 x3 : ffffffd43ee124dc\n\tx2 : 0000000000000000 x1 : 0000000000000001 x0 : ffffff806f5693c0\n\tCall trace:\n\t__task_pid_nr_ns+0x74/0xd0\n\t...\n\t__handle_irq_event_percpu+0xd4/0x284\n\thandle_irq_event+0x48/0xb0\n\thandle_fasteoi_irq+0x160/0x2d8\n\tgeneric_handle_domain_irq+0x44/0x60\n\tgic_handle_irq+0x4c/0x114\n\tcall_on_irq_stack+0x3c/0x74\n\tdo_interrupt_handler+0x4c/0x84\n\tel1_interrupt+0x34/0x58\n\tel1h_64_irq_handler+0x18/0x24\n\tel1h_64_irq+0x68/0x6c\n\taccount_kernel_stack+0x60/0x144\n\texit_task_stack_account+0x1c/0x80\n\tdo_exit+0x7e4/0xaf8\n\t...\n\tget_signal+0x7bc/0x8d8\n\tdo_notify_resume+0x128/0x828\n\tel0_svc+0x6c/0x70\n\tel0t_64_sync_handler+0x68/0xbc\n\tel0t_64_sync+0x1a8/0x1ac\n\tCode: 35fffe54 911a02a8 f9400108 b4000128 (b9405a69)\n\t---[ end trace 0000000000000000 ]---\n\tKernel panic - not syncing: Oops: Fatal exception in interrupt", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40178", "https://git.kernel.org/linus/006568ab4c5ca2309ceb36fa553e390b4aa9c0c7 (6.18-rc1)", "https://git.kernel.org/stable/c/006568ab4c5ca2309ceb36fa553e390b4aa9c0c7", "https://git.kernel.org/stable/c/09d227c59d97efda7d5cc878a4335a6b2bb224c2", "https://git.kernel.org/stable/c/2076b916bf41be48799d1443df0f8fc75d12ccd0", "https://git.kernel.org/stable/c/75dbc029c5359438be4a6f908bfbfdab969af776", "https://git.kernel.org/stable/c/a0212978af1825b37da0b453b94d9b0e5af11478", "https://git.kernel.org/stable/c/c2d09d724856b6f82ab688f65fc1ce833bb56333", "https://git.kernel.org/stable/c/c3b654021931dc806ba086c549e8756c3f204a67", "https://git.kernel.org/stable/c/e10c36a771c5cc910abd9fe4aa9033ee32a47c38", "https://linux.oracle.com/cve/CVE-2025-40178.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025111240-CVE-2025-40178-8673@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40178", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40178" ], "PublishedDate": "2025-11-12T22:15:44.48Z", "LastModifiedDate": "2025-11-14T16:42:30.503Z" }, { "VulnerabilityID": "CVE-2025-40179", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40179", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:337810dd24b4e12111db117c5218b4aa1a2fee2fd7f5585a97f4bc6173ae7815", "Title": "kernel: ext4: verify orphan file size is not too big", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: verify orphan file size is not too big\n\nIn principle orphan file can be arbitrarily large. However orphan replay\nneeds to traverse it all and we also pin all its buffers in memory. Thus\nfilesystems with absurdly large orphan files can lead to big amounts of\nmemory consumed. Limit orphan file size to a sane value and also use\nkvmalloc() for allocating array of block descriptor structures to avoid\nlarge order allocations for sane but large orphan files.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40179", "https://git.kernel.org/linus/0a6ce20c156442a4ce2a404747bb0fb05d54eeb3 (6.18-rc1)", "https://git.kernel.org/stable/c/0a6ce20c156442a4ce2a404747bb0fb05d54eeb3", "https://git.kernel.org/stable/c/2b9da798ff0f4d026c5f0f815047393ebe7d8859", "https://git.kernel.org/stable/c/304fc34ff6fc8261138fd81f119e024ac3a129e9", "https://git.kernel.org/stable/c/566a1d6084563bd07433025aa23bcea4427de107", "https://git.kernel.org/stable/c/95a21611b14ae0a401720645245a8db16f040995", "https://git.kernel.org/stable/c/a2d803fab8a6c6a874277cb80156dc114db91921", "https://linux.oracle.com/cve/CVE-2025-40179.html", "https://linux.oracle.com/errata/ELSA-2025-28048.html", "https://lore.kernel.org/linux-cve-announce/2025111243-CVE-2025-40179-6d22@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40179", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40179" ], "PublishedDate": "2025-11-12T22:15:44.613Z", "LastModifiedDate": "2025-11-14T16:42:30.503Z" }, { "VulnerabilityID": "CVE-2025-40180", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40180", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4b618b7e618cda9332a45b476ddd1efa086d46403d1b460a23d4b31d5927ecc6", "Title": "kernel: mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop\n\nThe cleanup loop was starting at the wrong array index, causing\nout-of-bounds access.\nStart the loop at the correct index for zero-indexed arrays to prevent\naccessing memory beyond the allocated array bounds.", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40180", "https://git.kernel.org/linus/0aead8197fc1a85b0a89646e418feb49a564b029 (6.18-rc1)", "https://git.kernel.org/stable/c/0aead8197fc1a85b0a89646e418feb49a564b029", "https://git.kernel.org/stable/c/ab96f08ecedd263ecaab9df8455bfb23b07fdcc2", "https://git.kernel.org/stable/c/cd0cbf2713f6e027ebba867cb7409ae345a31312", "https://lore.kernel.org/linux-cve-announce/2025111243-CVE-2025-40180-8258@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40180", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40180" ], "PublishedDate": "2025-11-12T22:15:44.737Z", "LastModifiedDate": "2025-11-14T16:42:30.503Z" }, { "VulnerabilityID": "CVE-2025-40183", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40183", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ab6b7a16aca0a128c564d5bc1547fc85af0e27d3a58f82310a7a1197a4384a98", "Title": "kernel: bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6}", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6}\n\nCilium has a BPF egress gateway feature which forces outgoing K8s Pod\ntraffic to pass through dedicated egress gateways which then SNAT the\ntraffic in order to interact with stable IPs outside the cluster.\n\nThe traffic is directed to the gateway via vxlan tunnel in collect md\nmode. A recent BPF change utilized the bpf_redirect_neigh() helper to\nforward packets after the arrival and decap on vxlan, which turned out\nover time that the kmalloc-256 slab usage in kernel was ever-increasing.\n\nThe issue was that vxlan allocates the metadata_dst object and attaches\nit through a fake dst entry to the skb. The latter was never released\nthough given bpf_redirect_neigh() was merely setting the new dst entry\nvia skb_dst_set() without dropping an existing one first.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40183", "https://git.kernel.org/linus/23f3770e1a53e6c7a553135011f547209e141e72 (6.18-rc1)", "https://git.kernel.org/stable/c/057764172fcc6ee2ccb6c41351a55a9f054dc8fd", "https://git.kernel.org/stable/c/23f3770e1a53e6c7a553135011f547209e141e72", "https://git.kernel.org/stable/c/2e67c2037382abb56497bb9d7b7e10be04eb5598", "https://git.kernel.org/stable/c/3fba965a9aac0fa3cbd8138436a37af9ab466d79", "https://git.kernel.org/stable/c/7404ce888a45eb7da0508b7cbbe6f2e95302eeb8", "https://git.kernel.org/stable/c/b6bfe44b6dbb14a31d86c475cdc9c7689534fb09", "https://git.kernel.org/stable/c/f36a305d30f557306d87c787ddffe094ac5dac89", "https://linux.oracle.com/cve/CVE-2025-40183.html", "https://linux.oracle.com/errata/ELSA-2025-28048.html", "https://lore.kernel.org/linux-cve-announce/2025111243-CVE-2025-40183-fb2f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40183", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40183" ], "PublishedDate": "2025-11-12T22:15:45.08Z", "LastModifiedDate": "2025-11-14T16:42:30.503Z" }, { "VulnerabilityID": "CVE-2025-40187", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40187", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:052e4069cdd80c8e495a68a28e8626d366862132ccc926505d9cda30db3af5f1", "Title": "kernel: net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce()\n\nIf new_asoc-\u003epeer.adaptation_ind=0 and sctp_ulpevent_make_authkey=0\nand sctp_ulpevent_make_authkey() returns 0, then the variable\nai_ev remains zero and the zero will be dereferenced\nin the sctp_ulpevent_free() function.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40187", "https://git.kernel.org/linus/2f3119686ef50319490ccaec81a575973da98815 (6.18-rc1)", "https://git.kernel.org/stable/c/025419f4e216a3ae0d0cec622262e98e8078c447", "https://git.kernel.org/stable/c/1014b83778c8677f1d7a57c26dc728baa801ac62", "https://git.kernel.org/stable/c/2f3119686ef50319490ccaec81a575973da98815", "https://git.kernel.org/stable/c/7f702f85df0266ed7b5bab81ba50394c92f3c928", "https://git.kernel.org/stable/c/badbd79313e6591616c1b78e29a9b71efed7f035", "https://git.kernel.org/stable/c/c21f45cfa4a9526b34d76b397c9ef080668b6e73", "https://git.kernel.org/stable/c/d0e8f1445c19b1786759ba72a38267e1449bab7e", "https://git.kernel.org/stable/c/dbceedc0213e75bf3e9f9f9e2f66b10699d004fe", "https://linux.oracle.com/cve/CVE-2025-40187.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025111244-CVE-2025-40187-7826@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40187", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40187" ], "PublishedDate": "2025-11-12T22:15:45.577Z", "LastModifiedDate": "2025-11-14T16:42:30.503Z" }, { "VulnerabilityID": "CVE-2025-40188", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40188", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:220f2ab09f0f1a02366b501d81999f64fb78fb1116cc2256c0fabc411753da11", "Title": "kernel: pwm: berlin: Fix wrong register in suspend/resume", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\npwm: berlin: Fix wrong register in suspend/resume\n\nThe 'enable' register should be BERLIN_PWM_EN rather than\nBERLIN_PWM_ENABLE, otherwise, the driver accesses wrong address, there\nwill be cpu exception then kernel panic during suspend/resume.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40188", "https://git.kernel.org/linus/3a4b9d027e4061766f618292df91760ea64a1fcc (6.18-rc1)", "https://git.kernel.org/stable/c/3a4b9d027e4061766f618292df91760ea64a1fcc", "https://git.kernel.org/stable/c/5419c86ea134b8a5b8126f55fa5bc1ad7b3ca444", "https://git.kernel.org/stable/c/6cef9e4425143b19742044c8a675335821fa1994", "https://git.kernel.org/stable/c/9ee5eb3d09217f115f63b7c102d110ccdb1b26af", "https://git.kernel.org/stable/c/d9457e6258750692c3b27f80880a613178053c25", "https://git.kernel.org/stable/c/da3cadb8b0f35d845b3e2fbb7d978cf6473fd221", "https://git.kernel.org/stable/c/dc3a1c6237e7f8046e6d4109bcf1998452ccafad", "https://git.kernel.org/stable/c/fd017aabd4273216ed4223f17991fc087163771f", "https://lore.kernel.org/linux-cve-announce/2025111244-CVE-2025-40188-86c5@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40188", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40188" ], "PublishedDate": "2025-11-12T22:15:45.7Z", "LastModifiedDate": "2025-11-14T16:42:30.503Z" }, { "VulnerabilityID": "CVE-2025-40190", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40190", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3f74970b23495353885e83f601617ae2a1b51941cf43978fc512291638934e29", "Title": "kernel: ext4: guard against EA inode refcount underflow in xattr update", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: guard against EA inode refcount underflow in xattr update\n\nsyzkaller found a path where ext4_xattr_inode_update_ref() reads an EA\ninode refcount that is already \u003c= 0 and then applies ref_change (often\n-1). That lets the refcount underflow and we proceed with a bogus value,\ntriggering errors like:\n\n EXT4-fs error: EA inode \u003cn\u003e ref underflow: ref_count=-1 ref_change=-1\n EXT4-fs warning: ea_inode dec ref err=-117\n\nMake the invariant explicit: if the current refcount is non-positive,\ntreat this as on-disk corruption, emit ext4_error_inode(), and fail the\noperation with -EFSCORRUPTED instead of updating the refcount. Delete the\nWARN_ONCE() as negative refcounts are now impossible; keep error reporting\nin ext4_error_inode().\n\nThis prevents the underflow and the follow-on orphan/cleanup churn.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 3, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40190", "https://git.kernel.org/linus/57295e835408d8d425bef58da5253465db3d6888 (6.18-rc1)", "https://git.kernel.org/stable/c/1cfb3e4ddbdc8e02e637b8852540bd4718bf4814", "https://git.kernel.org/stable/c/3d6269028246f4484bfed403c947a114bb583631", "https://git.kernel.org/stable/c/440b003f449a4ff2a00b08c8eab9ba5cd28f3943", "https://git.kernel.org/stable/c/505e69f76ac497e788f4ea0267826ec7266b40c8", "https://git.kernel.org/stable/c/57295e835408d8d425bef58da5253465db3d6888", "https://git.kernel.org/stable/c/6b879c4c6bbaab03c0ad2a983953bd1410bb165e", "https://git.kernel.org/stable/c/79ea7f3e11effe1bd9e753172981d9029133a278", "https://git.kernel.org/stable/c/ea39e712c2f5ae148ee5515798ae03523673e002", "https://linux.oracle.com/cve/CVE-2025-40190.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025111244-CVE-2025-40190-b6bc@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40190", "https://www.cve.org/CVERecord?id=CVE-2025-40190" ], "PublishedDate": "2025-11-12T22:15:45.96Z", "LastModifiedDate": "2025-11-14T16:42:30.503Z" }, { "VulnerabilityID": "CVE-2025-40192", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40192", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7fdecd876de6dd037356c0b82df24b0f47ff361481330ae607719dac1bc8ff7b", "Title": "kernel: Revert \"ipmi: fix msg stack when IPMI is disconnected\"", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"ipmi: fix msg stack when IPMI is disconnected\"\n\nThis reverts commit c608966f3f9c2dca596967501d00753282b395fc.\n\nThis patch has a subtle bug that can cause the IPMI driver to go into an\ninfinite loop if the BMC misbehaves in a certain way. Apparently\ncertain BMCs do misbehave this way because several reports have come in\nrecently about this.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40192", "https://git.kernel.org/linus/5d09ee1bec870263f4ace439402ea840503b503b (6.18-rc1)", "https://git.kernel.org/stable/c/5d09ee1bec870263f4ace439402ea840503b503b", "https://git.kernel.org/stable/c/8cf5c24533b8058910fcb83a25a9cf0306383780", "https://git.kernel.org/stable/c/b9cc7155e65f6feca51bfedd543b9bd300e2be2b", "https://git.kernel.org/stable/c/f4aab940ae9eb3ba32e5332b35703673f00d7f37", "https://lore.kernel.org/linux-cve-announce/2025111245-CVE-2025-40192-6344@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40192", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40192" ], "PublishedDate": "2025-11-12T22:15:46.193Z", "LastModifiedDate": "2025-11-14T16:42:30.503Z" }, { "VulnerabilityID": "CVE-2025-40193", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40193", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:139863faefaeee9a1b26b0599d14fe5fcf277ffe3a7e7c304924a663c88eb8b3", "Title": "kernel: xtensa: simdisk: add input size check in proc_write_simdisk", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxtensa: simdisk: add input size check in proc_write_simdisk\n\nA malicious user could pass an arbitrarily bad value\nto memdup_user_nul(), potentially causing kernel crash.\n\nThis follows the same pattern as commit ee76746387f6\n(\"netdevsim: prevent bad user input in nsim_dev_health_break_write()\")", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40193", "https://git.kernel.org/linus/5d5f08fd0cd970184376bee07d59f635c8403f63 (6.18-rc1)", "https://git.kernel.org/stable/c/151bd88859474cdaccc1e4c8b21fbf72dbba2ab4", "https://git.kernel.org/stable/c/5d5f08fd0cd970184376bee07d59f635c8403f63", "https://git.kernel.org/stable/c/a0c2c36d864ef3676b05cfd8c58b72ee3214cb1a", "https://git.kernel.org/stable/c/d381de7fd4cdc928ede96987dc64b133e6480dd6", "https://git.kernel.org/stable/c/f40405ccfb87b71175f2d5d004c0b8a0aebcc2cf", "https://lore.kernel.org/linux-cve-announce/2025111245-CVE-2025-40193-6519@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40193", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40193" ], "PublishedDate": "2025-11-12T22:15:46.307Z", "LastModifiedDate": "2025-11-14T16:42:30.503Z" }, { "VulnerabilityID": "CVE-2025-40194", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40194", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:868a6599d11c34a67bbb75f9fc3311dd595f3930c72d1016e0aeca691ae2bd07", "Title": "kernel: cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request()\n\nThe cpufreq_cpu_put() call in update_qos_request() takes place too early\nbecause the latter subsequently calls freq_qos_update_request() that\nindirectly accesses the policy object in question through the QoS request\nobject passed to it.\n\nFortunately, update_qos_request() is called under intel_pstate_driver_lock,\nso this issue does not matter for changing the intel_pstate operation\nmode, but it theoretically can cause a crash to occur on CPU device hot\nremoval (which currently can only happen in virt, but it is formally\nsupported nevertheless).\n\nAddress this issue by modifying update_qos_request() to drop the\nreference to the policy later.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40194", "https://git.kernel.org/linus/69e5d50fcf4093fb3f9f41c4f931f12c2ca8c467 (6.18-rc1)", "https://git.kernel.org/stable/c/0a58d3e77b22b087a57831c87cafd360e144a5bd", "https://git.kernel.org/stable/c/15ac9579ebdaf22a37d7f60b3a8efc1029732ef9", "https://git.kernel.org/stable/c/57e4a6aadf12578b96a038373cffd54b3a58b092", "https://git.kernel.org/stable/c/69a18ff6c60e8e113420f15355fad862cb45d38e", "https://git.kernel.org/stable/c/69e5d50fcf4093fb3f9f41c4f931f12c2ca8c467", "https://git.kernel.org/stable/c/ad4e8f9bdbef11a19b7cb93e7f313bf59bdcc3b4", "https://git.kernel.org/stable/c/ba63d4e9857a72a89e71a4eff9f2cc8c283e94c3", "https://git.kernel.org/stable/c/bc26564bcc659beb6d977cd6eb394041ec2f2851", "https://linux.oracle.com/cve/CVE-2025-40194.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025111245-CVE-2025-40194-d959@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40194", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40194" ], "PublishedDate": "2025-11-12T22:15:46.427Z", "LastModifiedDate": "2025-11-14T16:42:30.503Z" }, { "VulnerabilityID": "CVE-2025-40195", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40195", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6abe340bf8d72057dd9e00c7500640b09d0dfdd11fbb0837c3cfc5931a547e9d", "Title": "kernel: Linux kernel: NULL pointer dereference in mount leads to local denial of service", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmount: handle NULL values in mnt_ns_release()\n\nWhen calling in listmount() mnt_ns_release() may be passed a NULL\npointer. Handle that case gracefully.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40195", "https://git.kernel.org/linus/6c7ca6a02f8f9549a438a08a23c6327580ecf3d6 (6.18-rc1)", "https://git.kernel.org/stable/c/2d68f8a7379d9c61005e982600c61948d4d019bd", "https://git.kernel.org/stable/c/6c7ca6a02f8f9549a438a08a23c6327580ecf3d6", "https://git.kernel.org/stable/c/99ae3e70a293834d0274c46a37120c71a24a4995", "https://lore.kernel.org/linux-cve-announce/2025111245-CVE-2025-40195-f91e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40195", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://www.cve.org/CVERecord?id=CVE-2025-40195" ], "PublishedDate": "2025-11-12T22:15:46.553Z", "LastModifiedDate": "2025-11-14T16:42:30.503Z" }, { "VulnerabilityID": "CVE-2025-40196", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40196", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d2d2a23bb45ce2a8a52cbfa345f34496641515f351e9d7eba6109dc83c36ff1d", "Title": "kernel: fs: quota: create dedicated workqueue for quota_release_work", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: quota: create dedicated workqueue for quota_release_work\n\nThere is a kernel panic due to WARN_ONCE when panic_on_warn is set.\n\nThis issue occurs when writeback is triggered due to sync call for an\nopened file(ie, writeback reason is WB_REASON_SYNC). When f2fs balance\nis needed at sync path, flush for quota_release_work is triggered.\nBy default quota_release_work is queued to \"events_unbound\" queue which\ndoes not have WQ_MEM_RECLAIM flag. During f2fs balance \"writeback\"\nworkqueue tries to flush quota_release_work causing kernel panic due to\nMEM_RECLAIM flag mismatch errors.\n\nThis patch creates dedicated workqueue with WQ_MEM_RECLAIM flag\nfor work quota_release_work.\n\n------------[ cut here ]------------\nWARNING: CPU: 4 PID: 14867 at kernel/workqueue.c:3721 check_flush_dependency+0x13c/0x148\nCall trace:\n check_flush_dependency+0x13c/0x148\n __flush_work+0xd0/0x398\n flush_delayed_work+0x44/0x5c\n dquot_writeback_dquots+0x54/0x318\n f2fs_do_quota_sync+0xb8/0x1a8\n f2fs_write_checkpoint+0x3cc/0x99c\n f2fs_gc+0x190/0x750\n f2fs_balance_fs+0x110/0x168\n f2fs_write_single_data_page+0x474/0x7dc\n f2fs_write_data_pages+0x7d0/0xd0c\n do_writepages+0xe0/0x2f4\n __writeback_single_inode+0x44/0x4ac\n writeback_sb_inodes+0x30c/0x538\n wb_writeback+0xf4/0x440\n wb_workfn+0x128/0x5d4\n process_scheduled_works+0x1c4/0x45c\n worker_thread+0x32c/0x3e8\n kthread+0x11c/0x1b0\n ret_from_fork+0x10/0x20\nKernel panic - not syncing: kernel: panic_on_warn set ...", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40196", "https://git.kernel.org/linus/72b7ceca857f38a8ca7c5629feffc63769638974 (6.18-rc1)", "https://git.kernel.org/stable/c/72b7ceca857f38a8ca7c5629feffc63769638974", "https://git.kernel.org/stable/c/8a09a62f0c8c6123c2f1864ed6d5f9eb144afaf0", "https://git.kernel.org/stable/c/f12039df1515d5daf7d92e586ece5cefeb39561b", "https://git.kernel.org/stable/c/f846eacde280ecc3daedfe001580e3033565179e", "https://lore.kernel.org/linux-cve-announce/2025111245-CVE-2025-40196-f1fa@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40196", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40196" ], "PublishedDate": "2025-11-12T22:15:46.673Z", "LastModifiedDate": "2025-11-14T16:42:30.503Z" }, { "VulnerabilityID": "CVE-2025-40198", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40198", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5b23604d2bd31e9a873dcf5b31d8580554a1b0b17658a9b98c36dee697435f75", "Title": "kernel: ext4: avoid potential buffer over-read in parse_apply_sb_mount_options()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid potential buffer over-read in parse_apply_sb_mount_options()\n\nUnlike other strings in the ext4 superblock, we rely on tune2fs to\nmake sure s_mount_opts is NUL terminated. Harden\nparse_apply_sb_mount_options() by treating s_mount_opts as a potential\n__nonstring.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 3, "oracle-oval": 3, "photon": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40198", "https://git.kernel.org/linus/8ecb790ea8c3fc69e77bace57f14cf0d7c177bd8 (6.18-rc1)", "https://git.kernel.org/stable/c/01829af7656b56d83682b3491265d583d502e502", "https://git.kernel.org/stable/c/2a0cf438320cdb783e0378570744c0ef0d83e934", "https://git.kernel.org/stable/c/7bf46ff83a0ef11836e38ebd72cdc5107209342d", "https://git.kernel.org/stable/c/8ecb790ea8c3fc69e77bace57f14cf0d7c177bd8", "https://git.kernel.org/stable/c/a6e94557cd05adc82fae0400f6e17745563e5412", "https://git.kernel.org/stable/c/b2bac84fde28fb6a88817b8b761abda17a1d300b", "https://git.kernel.org/stable/c/e651294218d2684302ee5ed95ccf381646f3e5b4", "https://linux.oracle.com/cve/CVE-2025-40198.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025111246-CVE-2025-40198-7a99@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40198", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40198" ], "PublishedDate": "2025-11-12T22:15:46.923Z", "LastModifiedDate": "2025-11-14T16:42:30.503Z" }, { "VulnerabilityID": "CVE-2025-40200", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40200", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:42d29b2f4974f1c6d21f6bd48b01120fbb0680b46a9e6cf200ee239da427d724", "Title": "kernel: Squashfs: reject negative file sizes in squashfs_read_inode()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: reject negative file sizes in squashfs_read_inode()\n\nSyskaller reports a \"WARNING in ovl_copy_up_file\" in overlayfs.\n\nThis warning is ultimately caused because the underlying Squashfs file\nsystem returns a file with a negative file size.\n\nThis commit checks for a negative file size and returns EINVAL.\n\n[phillip@squashfs.org.uk: only need to check 64 bit quantity]", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40200", "https://git.kernel.org/linus/9f1c14c1de1bdde395f6cc893efa4f80a2ae3b2b (6.18-rc1)", "https://git.kernel.org/stable/c/2871c74caa3f4f05b429e6bfefebac62dbf1b408", "https://git.kernel.org/stable/c/54170057a5fadd24a37b70de41e61d39284d9bd7", "https://git.kernel.org/stable/c/8118f66124895829443d09c207e654adcb2f9321", "https://git.kernel.org/stable/c/875fb3f87ae0225b881319ba016a1a8c4ffd5812", "https://git.kernel.org/stable/c/8c7aad76751816207fee556d44aa88a710824810", "https://git.kernel.org/stable/c/9f1c14c1de1bdde395f6cc893efa4f80a2ae3b2b", "https://git.kernel.org/stable/c/f271155ff31aca8ef82c61c8df23ca97e9a77dd4", "https://git.kernel.org/stable/c/fbfc745db628de31f5c089147deeb87e95b89e66", "https://linux.oracle.com/cve/CVE-2025-40200.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025111246-CVE-2025-40200-c514@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40200", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40200" ], "PublishedDate": "2025-11-12T22:15:47.16Z", "LastModifiedDate": "2025-11-14T16:42:30.503Z" }, { "VulnerabilityID": "CVE-2025-40204", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40204", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b76a641d7a206ac69e66eafddb0cee8ef077a7a314dd289b2b28f3a2a271d75d", "Title": "kernel: sctp: Fix MAC comparison to be constant-time", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: Fix MAC comparison to be constant-time\n\nTo prevent timing attacks, MACs need to be compared in constant time.\nUse the appropriate helper function for this.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 3, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40204", "https://git.kernel.org/linus/dd91c79e4f58fbe2898dac84858033700e0e99fb (6.18-rc1)", "https://git.kernel.org/stable/c/0b32ff285ff6f6f1ac1d9495787ccce8837d6405", "https://git.kernel.org/stable/c/0e8b8c326c2a6de4d837b1bb034ea704f4690d77", "https://git.kernel.org/stable/c/1cd60e0d0fb8f0e62ec4499138afce6342dc9d4c", "https://git.kernel.org/stable/c/8019b3699289fce3f10b63f98601db97b8d105b0", "https://git.kernel.org/stable/c/9c05d44ec24126fc283835b68f82dba3ae985209", "https://git.kernel.org/stable/c/b93fa8dc521d00d2d44bf034fb90e0d79b036617", "https://git.kernel.org/stable/c/dd91c79e4f58fbe2898dac84858033700e0e99fb", "https://git.kernel.org/stable/c/ed3044b9c810c5c24eb2830053fbfe5fd134c5d4", "https://linux.oracle.com/cve/CVE-2025-40204.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025111247-CVE-2025-40204-0f06@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40204", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40204" ], "PublishedDate": "2025-11-12T22:15:47.647Z", "LastModifiedDate": "2025-11-14T16:42:30.503Z" }, { "VulnerabilityID": "CVE-2025-40205", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40205", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:355b269379afd8d48ae0356aade1383a3f043ba25df783cbefbaddc6eebb08ab", "Title": "kernel: btrfs: avoid potential out-of-bounds in btrfs_encode_fh()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: avoid potential out-of-bounds in btrfs_encode_fh()\n\nThe function btrfs_encode_fh() does not properly account for the three\ncases it handles.\n\nBefore writing to the file handle (fh), the function only returns to the\nuser BTRFS_FID_SIZE_NON_CONNECTABLE (5 dwords, 20 bytes) or\nBTRFS_FID_SIZE_CONNECTABLE (8 dwords, 32 bytes).\n\nHowever, when a parent exists and the root ID of the parent and the\ninode are different, the function writes BTRFS_FID_SIZE_CONNECTABLE_ROOT\n(10 dwords, 40 bytes).\n\nIf *max_len is not large enough, this write goes out of bounds because\nBTRFS_FID_SIZE_CONNECTABLE_ROOT is greater than\nBTRFS_FID_SIZE_CONNECTABLE originally returned.\n\nThis results in an 8-byte out-of-bounds write at\nfid-\u003eparent_root_objectid = parent_root_id.\n\nA previous attempt to fix this issue was made but was lost.\n\nhttps://lore.kernel.org/all/4CADAEEC020000780001B32C@vpn.id2.novell.com/\n\nAlthough this issue does not seem to be easily triggerable, it is a\npotential memory corruption bug that should be fixed. This patch\nresolves the issue by ensuring the function returns the appropriate size\nfor all three cases and validates that *max_len is large enough before\nwriting any data.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40205", "https://git.kernel.org/linus/dff4f9ff5d7f289e4545cc936362e01ed3252742 (6.18-rc1)", "https://git.kernel.org/stable/c/0276c8582488022f057b4cec21975a5edf079f47", "https://git.kernel.org/stable/c/361d67276eb8ec6be8f27f4ad6c6090459438fee", "https://git.kernel.org/stable/c/43143776b0a7604d873d1a6f3e552a00aa930224", "https://git.kernel.org/stable/c/60de2f55d2aca53e81b4ef2a67d7cc9e1eb677db", "https://git.kernel.org/stable/c/742b44342204e5dfe3926433823623c1a0c581df", "https://git.kernel.org/stable/c/d3a9a8e1275eb9b87f006b5562a287aea3f6885f", "https://git.kernel.org/stable/c/d91f6626133698362bba08fbc04bd72c466806d3", "https://git.kernel.org/stable/c/dff4f9ff5d7f289e4545cc936362e01ed3252742", "https://linux.oracle.com/cve/CVE-2025-40205.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025111247-CVE-2025-40205-ad43@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40205", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40205" ], "PublishedDate": "2025-11-12T22:15:47.773Z", "LastModifiedDate": "2025-11-14T16:42:30.503Z" }, { "VulnerabilityID": "CVE-2025-40206", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40206", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c44725629d5396ae4799a62d9d5a7191dd9f40c83b8159f67b235467bfde2cec", "Title": "kernel: netfilter: nft_objref: validate objref and objrefmap expressions", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_objref: validate objref and objrefmap expressions\n\nReferencing a synproxy stateful object from OUTPUT hook causes kernel\ncrash due to infinite recursive calls:\n\nBUG: TASK stack guard page was hit at 000000008bda5b8c (stack is 000000003ab1c4a5..00000000494d8b12)\n[...]\nCall Trace:\n __find_rr_leaf+0x99/0x230\n fib6_table_lookup+0x13b/0x2d0\n ip6_pol_route+0xa4/0x400\n fib6_rule_lookup+0x156/0x240\n ip6_route_output_flags+0xc6/0x150\n __nf_ip6_route+0x23/0x50\n synproxy_send_tcp_ipv6+0x106/0x200\n synproxy_send_client_synack_ipv6+0x1aa/0x1f0\n nft_synproxy_do_eval+0x263/0x310\n nft_do_chain+0x5a8/0x5f0 [nf_tables\n nft_do_chain_inet+0x98/0x110\n nf_hook_slow+0x43/0xc0\n __ip6_local_out+0xf0/0x170\n ip6_local_out+0x17/0x70\n synproxy_send_tcp_ipv6+0x1a2/0x200\n synproxy_send_client_synack_ipv6+0x1aa/0x1f0\n[...]\n\nImplement objref and objrefmap expression validate functions.\n\nCurrently, only NFT_OBJECT_SYNPROXY object type requires validation.\nThis will also handle a jump to a chain using a synproxy object from the\nOUTPUT hook.\n\nNow when trying to reference a synproxy object in the OUTPUT hook, nft\nwill produce the following error:\n\nsynproxy_crash.nft: Error: Could not process rule: Operation not supported\n synproxy name mysynproxy\n ^^^^^^^^^^^^^^^^^^^^^^^^", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40206", "https://git.kernel.org/linus/f359b809d54c6e3dd1d039b97e0b68390b0e53e4 (6.18-rc1)", "https://git.kernel.org/stable/c/0028e0134c64d9ed21728341a74fcfc59cd0f944", "https://git.kernel.org/stable/c/4c1cf72ec10be5a9ad264650cadffa1fbce6fabd", "https://git.kernel.org/stable/c/7ea55a44493a5a36c3b3293b88bbe4841f9dbaf0", "https://git.kernel.org/stable/c/f359b809d54c6e3dd1d039b97e0b68390b0e53e4", "https://lore.kernel.org/linux-cve-announce/2025111247-CVE-2025-40206-b396@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40206", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40206" ], "PublishedDate": "2025-11-12T22:15:47.893Z", "LastModifiedDate": "2025-11-14T16:42:30.503Z" }, { "VulnerabilityID": "CVE-2025-40208", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40208", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e2625fd931878e49e55601e2aed43afeec4ec756e6742227865ac988124a7935", "Title": "kernel: media: iris: fix module removal if firmware download failed", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: iris: fix module removal if firmware download failed\n\nFix remove if firmware failed to load:\nqcom-iris aa00000.video-codec: Direct firmware load for qcom/vpu/vpu33_p4.mbn failed with error -2\nqcom-iris aa00000.video-codec: firmware download failed\nqcom-iris aa00000.video-codec: core init failed\n\nthen:\n$ echo aa00000.video-codec \u003e /sys/bus/platform/drivers/qcom-iris/unbind\n\nTriggers:\ngenpd genpd:1:aa00000.video-codec: Runtime PM usage count underflow!\n------------[ cut here ]------------\nvideo_cc_mvs0_clk already disabled\nWARNING: drivers/clk/clk.c:1206 at clk_core_disable+0xa4/0xac, CPU#1: sh/542\n\u003csnip\u003e\npc : clk_core_disable+0xa4/0xac\nlr : clk_core_disable+0xa4/0xac\n\u003csnip\u003e\nCall trace:\n clk_core_disable+0xa4/0xac (P)\n clk_disable+0x30/0x4c\n iris_disable_unprepare_clock+0x20/0x48 [qcom_iris]\n iris_vpu_power_off_hw+0x48/0x58 [qcom_iris]\n iris_vpu33_power_off_hardware+0x44/0x230 [qcom_iris]\n iris_vpu_power_off+0x34/0x84 [qcom_iris]\n iris_core_deinit+0x44/0xc8 [qcom_iris]\n iris_remove+0x20/0x48 [qcom_iris]\n platform_remove+0x20/0x30\n device_remove+0x4c/0x80\n\u003csnip\u003e\n---[ end trace 0000000000000000 ]---\n------------[ cut here ]------------\nvideo_cc_mvs0_clk already unprepared\nWARNING: drivers/clk/clk.c:1065 at clk_core_unprepare+0xf0/0x110, CPU#2: sh/542\n\u003csnip\u003e\npc : clk_core_unprepare+0xf0/0x110\nlr : clk_core_unprepare+0xf0/0x110\n\u003csnip\u003e\nCall trace:\n clk_core_unprepare+0xf0/0x110 (P)\n clk_unprepare+0x2c/0x44\n iris_disable_unprepare_clock+0x28/0x48 [qcom_iris]\n iris_vpu_power_off_hw+0x48/0x58 [qcom_iris]\n iris_vpu33_power_off_hardware+0x44/0x230 [qcom_iris]\n iris_vpu_power_off+0x34/0x84 [qcom_iris]\n iris_core_deinit+0x44/0xc8 [qcom_iris]\n iris_remove+0x20/0x48 [qcom_iris]\n platform_remove+0x20/0x30\n device_remove+0x4c/0x80\n\u003csnip\u003e\n---[ end trace 0000000000000000 ]---\ngenpd genpd:0:aa00000.video-codec: Runtime PM usage count underflow!\n------------[ cut here ]------------\ngcc_video_axi0_clk already disabled\nWARNING: drivers/clk/clk.c:1206 at clk_core_disable+0xa4/0xac, CPU#4: sh/542\n\u003csnip\u003e\npc : clk_core_disable+0xa4/0xac\nlr : clk_core_disable+0xa4/0xac\n\u003csnip\u003e\nCall trace:\n clk_core_disable+0xa4/0xac (P)\n clk_disable+0x30/0x4c\n iris_disable_unprepare_clock+0x20/0x48 [qcom_iris]\n iris_vpu33_power_off_controller+0x17c/0x428 [qcom_iris]\n iris_vpu_power_off+0x48/0x84 [qcom_iris]\n iris_core_deinit+0x44/0xc8 [qcom_iris]\n iris_remove+0x20/0x48 [qcom_iris]\n platform_remove+0x20/0x30\n device_remove+0x4c/0x80\n\u003csnip\u003e\n------------[ cut here ]------------\ngcc_video_axi0_clk already unprepared\nWARNING: drivers/clk/clk.c:1065 at clk_core_unprepare+0xf0/0x110, CPU#4: sh/542\n\u003csnip\u003e\npc : clk_core_unprepare+0xf0/0x110\nlr : clk_core_unprepare+0xf0/0x110\n\u003csnip\u003e\nCall trace:\n clk_core_unprepare+0xf0/0x110 (P)\n clk_unprepare+0x2c/0x44\n iris_disable_unprepare_clock+0x28/0x48 [qcom_iris]\n iris_vpu33_power_off_controller+0x17c/0x428 [qcom_iris]\n iris_vpu_power_off+0x48/0x84 [qcom_iris]\n iris_core_deinit+0x44/0xc8 [qcom_iris]\n iris_remove+0x20/0x48 [qcom_iris]\n platform_remove+0x20/0x30\n device_remove+0x4c/0x80\n\u003csnip\u003e\n---[ end trace 0000000000000000 ]---\n\nSkip deinit if initialization never succeeded.", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40208", "https://git.kernel.org/linus/fde38008fc4f43db8c17869491870df24b501543 (6.18-rc1)", "https://git.kernel.org/stable/c/7a0a77b936ff28f59c271172e81cefebf7b2b7a6", "https://git.kernel.org/stable/c/fde38008fc4f43db8c17869491870df24b501543", "https://lore.kernel.org/linux-cve-announce/2025111247-CVE-2025-40208-ded6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40208", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://www.cve.org/CVERecord?id=CVE-2025-40208" ], "PublishedDate": "2025-11-12T22:15:48.127Z", "LastModifiedDate": "2025-11-14T16:42:30.503Z" }, { "VulnerabilityID": "CVE-2025-40210", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40210", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:093a56723afcb35455439cc987676852c8149f713d0eb258928241a6867116a8", "Title": "kernel: Revert \"NFSD: Remove the cap on number of operations per NFSv4 COMPOUND\"", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"NFSD: Remove the cap on number of operations per NFSv4 COMPOUND\"\n\nI've found that pynfs COMP6 now leaves the connection or lease in a\nstrange state, which causes CLOSE9 to hang indefinitely. I've dug\ninto it a little, but I haven't been able to root-cause it yet.\nHowever, I bisected to commit 48aab1606fa8 (\"NFSD: Remove the cap on\nnumber of operations per NFSv4 COMPOUND\").\n\nTianshuo Han also reports a potential vulnerability when decoding\nan NFSv4 COMPOUND. An attacker can place an arbitrarily large op\ncount in the COMPOUND header, which results in:\n\n[ 51.410584] nfsd: vmalloc error: size 1209533382144, exceeds total\npages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO),\nnodemask=(null),cpuset=/,mems_allowed=0\n\nwhen NFSD attempts to allocate the COMPOUND op array.\n\nLet's restore the operation-per-COMPOUND limit, but increased to 200\nfor now.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40210", "https://git.kernel.org/linus/3e7f011c255582d7c914133785bbba1990441713 (6.18-rc4)", "https://git.kernel.org/stable/c/3e7f011c255582d7c914133785bbba1990441713", "https://git.kernel.org/stable/c/b3ee7ce432289deac87b9d14e01f2fe6958f7f0b", "https://lore.kernel.org/linux-cve-announce/2025112140-CVE-2025-40210-2490@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40210", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://www.cve.org/CVERecord?id=CVE-2025-40210" ], "PublishedDate": "2025-11-21T11:15:49.11Z", "LastModifiedDate": "2025-11-21T15:13:13.8Z" }, { "VulnerabilityID": "CVE-2025-40211", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40211", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b13ed7f6303b88edb86967471edebeca4562ba8605f006efe767ee8a3ecf7e7d", "Title": "kernel: ACPI: video: Fix use-after-free in acpi_video_switch_brightness()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: video: Fix use-after-free in acpi_video_switch_brightness()\n\nThe switch_brightness_work delayed work accesses device-\u003ebrightness\nand device-\u003ebacklight, freed by acpi_video_dev_unregister_backlight()\nduring device removal.\n\nIf the work executes after acpi_video_bus_unregister_backlight()\nfrees these resources, it causes a use-after-free when\nacpi_video_switch_brightness() dereferences device-\u003ebrightness or\ndevice-\u003ebacklight.\n\nFix this by calling cancel_delayed_work_sync() for each device's\nswitch_brightness_work in acpi_video_bus_remove_notify_handler()\nafter removing the notify handler that queues the work. This ensures\nthe work completes before the memory is freed.\n\n[ rjw: Changelog edit ]", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 3, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40211", "https://git.kernel.org/linus/8f067aa59430266386b83c18b983ca583faa6a11 (6.18-rc4)", "https://git.kernel.org/stable/c/293125536ef5521328815fa7c76d5f9eb1635659", "https://git.kernel.org/stable/c/3f803ccf5a0c043e7c8b83f6665b082401fc8bee", "https://git.kernel.org/stable/c/4e85246ec0d019dfba86ba54d841ef6694f97149", "https://git.kernel.org/stable/c/8f067aa59430266386b83c18b983ca583faa6a11", "https://git.kernel.org/stable/c/a63a5b6fb508d78fe57ae3b159d9ef3af7ba80e9", "https://git.kernel.org/stable/c/ba1704316492a0496c69334338ea1fdbf4c2fd34", "https://git.kernel.org/stable/c/bc78a4f51d548c1ccc3d1967c2b394bf687c86e9", "https://git.kernel.org/stable/c/de5fc93275a4a459fe2f7cb746984f2ab3e8292a", "https://linux.oracle.com/cve/CVE-2025-40211.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025112140-CVE-2025-40211-465b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40211", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40211" ], "PublishedDate": "2025-11-21T11:15:49.513Z", "LastModifiedDate": "2025-12-06T22:15:52.367Z" }, { "VulnerabilityID": "CVE-2025-40215", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40215", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:947dd089c4988573ef4f8b86c8520e7acfc501c98ca6cc14c85ca214840aedf2", "Title": "kernel: xfrm: delete x-\u003etunnel as we delete x", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: delete x-\u003etunnel as we delete x\n\nThe ipcomp fallback tunnels currently get deleted (from the various\nlists and hashtables) as the last user state that needed that fallback\nis destroyed (not deleted). If a reference to that user state still\nexists, the fallback state will remain on the hashtables/lists,\ntriggering the WARN in xfrm_state_fini. Because of those remaining\nreferences, the fix in commit f75a2804da39 (\"xfrm: destroy xfrm_state\nsynchronously on net exit path\") is not complete.\n\nWe recently fixed one such situation in TCP due to defered freeing of\nskbs (commit 9b6412e6979f (\"tcp: drop secpath at the same time as we\ncurrently drop dst\")). This can also happen due to IP reassembly: skbs\nwith a secpath remain on the reassembly queue until netns\ndestruction. If we can't guarantee that the queues are flushed by the\ntime xfrm_state_fini runs, there may still be references to a (user)\nxfrm_state, preventing the timely deletion of the corresponding\nfallback state.\n\nInstead of chasing each instance of skbs holding a secpath one by one,\nthis patch fixes the issue directly within xfrm, by deleting the\nfallback state as soon as the last user state depending on it has been\ndeleted. Destruction will still happen when the final reference is\ndropped.\n\nA separate lockdep class for the fallback state is required since\nwe're going to lock x-\u003etunnel while x is locked.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40215", "https://git.kernel.org/linus/b441cf3f8c4b8576639d20c8eb4aa32917602ecd (6.16)", "https://git.kernel.org/stable/c/0da961fa46da1b37ef868d9b603bd202136f8f8e", "https://git.kernel.org/stable/c/1b28a7fae0128fa140a7dccd995182ff6cd1c67b", "https://git.kernel.org/stable/c/4b2c17d0f9be8b58bb30468bc81a4b61c985b04e", "https://git.kernel.org/stable/c/b441cf3f8c4b8576639d20c8eb4aa32917602ecd", "https://git.kernel.org/stable/c/d0e0d1097118461463b76562c7ebaabaa5b90b13", "https://git.kernel.org/stable/c/dc3636912d41770466543623cb76e7b88fdb42c7", "https://linux.oracle.com/cve/CVE-2025-40215.html", "https://linux.oracle.com/errata/ELSA-2026-50142.html", "https://lore.kernel.org/linux-cve-announce/2025120438-CVE-2025-40215-0256@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40215", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8070-1", "https://ubuntu.com/security/notices/USN-8070-2", "https://ubuntu.com/security/notices/USN-8070-3", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8098-1", "https://ubuntu.com/security/notices/USN-8098-2", "https://ubuntu.com/security/notices/USN-8098-3", "https://ubuntu.com/security/notices/USN-8098-4", "https://ubuntu.com/security/notices/USN-8098-5", "https://ubuntu.com/security/notices/USN-8098-6", "https://ubuntu.com/security/notices/USN-8098-7", "https://ubuntu.com/security/notices/USN-8098-8", "https://ubuntu.com/security/notices/USN-8098-9", "https://ubuntu.com/security/notices/USN-8107-1", "https://ubuntu.com/security/notices/USN-8112-1", "https://ubuntu.com/security/notices/USN-8112-2", "https://ubuntu.com/security/notices/USN-8112-3", "https://ubuntu.com/security/notices/USN-8112-4", "https://ubuntu.com/security/notices/USN-8112-5", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40215" ], "PublishedDate": "2025-12-04T13:15:48.473Z", "LastModifiedDate": "2026-01-19T13:16:08.747Z" }, { "VulnerabilityID": "CVE-2025-40217", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40217", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e88082028c2a57f7b9b1f5c2980c0916415668e7e1e9a0c2c9a64a87c5083eca", "Title": "kernel: pidfs: validate extensible ioctls", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\npidfs: validate extensible ioctls\n\nValidate extensible ioctls stricter than we do now.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H", "V3Score": 5.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40217", "https://git.kernel.org/linus/3c17001b21b9f168c957ced9384abe969019b609 (6.18-rc1)", "https://git.kernel.org/stable/c/3c17001b21b9f168c957ced9384abe969019b609", "https://git.kernel.org/stable/c/bf0fbf5e8b0aff8a4a0fb35e32b10083baa83c04", "https://lore.kernel.org/linux-cve-announce/2025120450-CVE-2025-40217-d2a6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40217", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://www.cve.org/CVERecord?id=CVE-2025-40217" ], "PublishedDate": "2025-12-04T15:15:57.51Z", "LastModifiedDate": "2025-12-04T17:15:08.283Z" }, { "VulnerabilityID": "CVE-2025-40219", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40219", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5c06fb0fbd7e6ef182beec17318c5b0fdfc2920123cc30cc7b6520b0b41d685c", "Title": "kernel: PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/IOV: Fix race between SR-IOV enable/disable and hotplug\n\nCommit 05703271c3cd (\"PCI/IOV: Add PCI rescan-remove locking when\nenabling/disabling SR-IOV\") tried to fix a race between the VF removal\ninside sriov_del_vfs() and concurrent hot unplug by taking the PCI\nrescan/remove lock in sriov_del_vfs(). Similarly the PCI rescan/remove lock\nwas also taken in sriov_add_vfs() to protect addition of VFs.\n\nThis approach however causes deadlock on trying to remove PFs with SR-IOV\nenabled because PFs disable SR-IOV during removal and this removal happens\nunder the PCI rescan/remove lock. So the original fix had to be reverted.\n\nInstead of taking the PCI rescan/remove lock in sriov_add_vfs() and\nsriov_del_vfs(), fix the race that occurs with SR-IOV enable and disable vs\nhotplug higher up in the callchain by taking the lock in\nsriov_numvfs_store() before calling into the driver's sriov_configure()\ncallback.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40219", "https://git.kernel.org/linus/05703271c3cdcc0f2a8cf6ebdc45892b8ca83520 (6.18-rc1)", "https://git.kernel.org/stable/c/05703271c3cdcc0f2a8cf6ebdc45892b8ca83520", "https://git.kernel.org/stable/c/1047ca2d816994f31e1475e63e0c0b7825599747", "https://git.kernel.org/stable/c/1e8a80290f964bdbad225221c8a1594c7e01c8fd", "https://git.kernel.org/stable/c/36039348bca77828bf06eae41b8f76e38cd15847", "https://git.kernel.org/stable/c/3cddde484471c602bea04e6f384819d336a1ff84", "https://git.kernel.org/stable/c/53154cd40ccf285f1d1c24367824082061d155bd", "https://git.kernel.org/stable/c/5c1cd7d405e94dc6cb320cc0cc092b74895b6ddf", "https://git.kernel.org/stable/c/7c37920c96b85ef4255a7acc795e99e63dd38d59", "https://git.kernel.org/stable/c/97c18f074ff1c12d016a0753072a3afdfa0b9611", "https://git.kernel.org/stable/c/a24219172456f035d886857e265ca24c85b167c8", "https://git.kernel.org/stable/c/a5338e365c4559d7b4d7356116b0eb95b12e08d5", "https://git.kernel.org/stable/c/a645ca21de09e3137cbb224fa6c23cca873a1d01", "https://git.kernel.org/stable/c/bea1d373098b22d7142da48750ce5526096425bc", "https://git.kernel.org/stable/c/d7673ac466eca37ec3e6b7cc9ccdb06de3304e9b", "https://git.kernel.org/stable/c/ee40e5db052d7c6f406fdb95ad639c894c74674c", "https://git.kernel.org/stable/c/f3015627b6e9ddf85cfeaf42405b3c194dde2c36", "https://linux.oracle.com/cve/CVE-2025-40219.html", "https://linux.oracle.com/errata/ELSA-2025-28049.html", "https://lore.kernel.org/linux-cve-announce/2025120453-CVE-2025-40219-01f2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40219", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40219" ], "PublishedDate": "2025-12-04T15:15:57.79Z", "LastModifiedDate": "2026-04-03T16:16:22.607Z" }, { "VulnerabilityID": "CVE-2025-40220", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40220", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b8d060e4ca8958c93ccded7ec5162eaef4450fa24c7bf1645f332c169c3c8125", "Title": "kernel: fuse: fix livelock in synchronous file put from fuseblk workers", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: fix livelock in synchronous file put from fuseblk workers\n\nI observed a hang when running generic/323 against a fuseblk server.\nThis test opens a file, initiates a lot of AIO writes to that file\ndescriptor, and closes the file descriptor before the writes complete.\nUnsurprisingly, the AIO exerciser threads are mostly stuck waiting for\nresponses from the fuseblk server:\n\n# cat /proc/372265/task/372313/stack\n[\u003c0\u003e] request_wait_answer+0x1fe/0x2a0 [fuse]\n[\u003c0\u003e] __fuse_simple_request+0xd3/0x2b0 [fuse]\n[\u003c0\u003e] fuse_do_getattr+0xfc/0x1f0 [fuse]\n[\u003c0\u003e] fuse_file_read_iter+0xbe/0x1c0 [fuse]\n[\u003c0\u003e] aio_read+0x130/0x1e0\n[\u003c0\u003e] io_submit_one+0x542/0x860\n[\u003c0\u003e] __x64_sys_io_submit+0x98/0x1a0\n[\u003c0\u003e] do_syscall_64+0x37/0xf0\n[\u003c0\u003e] entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nBut the /weird/ part is that the fuseblk server threads are waiting for\nresponses from itself:\n\n# cat /proc/372210/task/372232/stack\n[\u003c0\u003e] request_wait_answer+0x1fe/0x2a0 [fuse]\n[\u003c0\u003e] __fuse_simple_request+0xd3/0x2b0 [fuse]\n[\u003c0\u003e] fuse_file_put+0x9a/0xd0 [fuse]\n[\u003c0\u003e] fuse_release+0x36/0x50 [fuse]\n[\u003c0\u003e] __fput+0xec/0x2b0\n[\u003c0\u003e] task_work_run+0x55/0x90\n[\u003c0\u003e] syscall_exit_to_user_mode+0xe9/0x100\n[\u003c0\u003e] do_syscall_64+0x43/0xf0\n[\u003c0\u003e] entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nThe fuseblk server is fuse2fs so there's nothing all that exciting in\nthe server itself. So why is the fuse server calling fuse_file_put?\nThe commit message for the fstest sheds some light on that:\n\n\"By closing the file descriptor before calling io_destroy, you pretty\nmuch guarantee that the last put on the ioctx will be done in interrupt\ncontext (during I/O completion).\n\nAha. AIO fgets a new struct file from the fd when it queues the ioctx.\nThe completion of the FUSE_WRITE command from userspace causes the fuse\nserver to call the AIO completion function. The completion puts the\nstruct file, queuing a delayed fput to the fuse server task. When the\nfuse server task returns to userspace, it has to run the delayed fput,\nwhich in the case of a fuseblk server, it does synchronously.\n\nSending the FUSE_RELEASE command sychronously from fuse server threads\nis a bad idea because a client program can initiate enough simultaneous\nAIOs such that all the fuse server threads end up in delayed_fput, and\nnow there aren't any threads left to handle the queued fuse commands.\n\nFix this by only using asynchronous fputs when closing files, and leave\na comment explaining why.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40220", "https://git.kernel.org/linus/26e5c67deb2e1f42a951f022fdf5b9f7eb747b01 (6.18-rc1)", "https://git.kernel.org/stable/c/26e5c67deb2e1f42a951f022fdf5b9f7eb747b01", "https://git.kernel.org/stable/c/548e1f2bac1d4df91a6138f26bb4ab00323fd948", "https://git.kernel.org/stable/c/83b375c6efef69b1066ad2d79601221e7892745a", "https://git.kernel.org/stable/c/b26923512dbe57ae4917bafd31396d22a9d1691a", "https://git.kernel.org/stable/c/bfd17b6138df0122a95989457d8e18ce0b86165e", "https://git.kernel.org/stable/c/cfd1aa3e2b71f3327cb373c45a897c9028c62b35", "https://git.kernel.org/stable/c/f19a1390af448d9e193c08e28ea5f727bf3c3049", "https://lore.kernel.org/linux-cve-announce/2025120454-CVE-2025-40220-2127@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40220", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40220" ], "PublishedDate": "2025-12-04T15:15:58.033Z", "LastModifiedDate": "2025-12-04T17:15:08.283Z" }, { "VulnerabilityID": "CVE-2025-40222", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40222", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2d75d482c73a9022fd6cd9e13e5ab46568509bb3307b534440d61020eaa30fac", "Title": "kernel: tty: serial: sh-sci: fix RSCI FIFO overrun handling", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: sh-sci: fix RSCI FIFO overrun handling\n\nThe receive error handling code is shared between RSCI and all other\nSCIF port types, but the RSCI overrun_reg is specified as a memory\noffset, while for other SCIF types it is an enum value used to index\ninto the sci_port_params-\u003eregs array, as mentioned above the\nsci_serial_in() function.\n\nFor RSCI, the overrun_reg is CSR (0x48), causing the sci_getreg() call\ninside the sci_handle_fifo_overrun() function to index outside the\nbounds of the regs array, which currently has a size of 20, as specified\nby SCI_NR_REGS.\n\nBecause of this, we end up accessing memory outside of RSCI's\nrsci_port_params structure, which, when interpreted as a plat_sci_reg,\nhappens to have a non-zero size, causing the following WARN when\nsci_serial_in() is called, as the accidental size does not match the\nsupported register sizes.\n\nThe existence of the overrun_reg needs to be checked because\nSCIx_SH3_SCIF_REGTYPE has overrun_reg set to SCLSR, but SCLSR is not\npresent in the regs array.\n\nAvoid calling sci_getreg() for port types which don't use standard\nregister handling.\n\nUse the ops-\u003eread_reg() and ops-\u003ewrite_reg() functions to properly read\nand write registers for RSCI, and change the type of the status variable\nto accommodate the 32-bit CSR register.\n\nsci_getreg() and sci_serial_in() are also called with overrun_reg in the\nsci_mpxed_interrupt() interrupt handler, but that code path is not used\nfor RSCI, as it does not have a muxed interrupt.\n\n------------[ cut here ]------------\nInvalid register access\nWARNING: CPU: 0 PID: 0 at drivers/tty/serial/sh-sci.c:522 sci_serial_in+0x38/0xac\nModules linked in: renesas_usbhs at24 rzt2h_adc industrialio_adc sha256 cfg80211 bluetooth ecdh_generic ecc rfkill fuse drm backlight ipv6\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.17.0-rc1+ #30 PREEMPT\nHardware name: Renesas RZ/T2H EVK Board based on r9a09g077m44 (DT)\npstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : sci_serial_in+0x38/0xac\nlr : sci_serial_in+0x38/0xac\nsp : ffff800080003e80\nx29: ffff800080003e80 x28: ffff800082195b80 x27: 000000000000000d\nx26: ffff8000821956d0 x25: 0000000000000000 x24: ffff800082195b80\nx23: ffff000180e0d800 x22: 0000000000000010 x21: 0000000000000000\nx20: 0000000000000010 x19: ffff000180e72000 x18: 000000000000000a\nx17: ffff8002bcee7000 x16: ffff800080000000 x15: 0720072007200720\nx14: 0720072007200720 x13: 0720072007200720 x12: 0720072007200720\nx11: 0000000000000058 x10: 0000000000000018 x9 : ffff8000821a6a48\nx8 : 0000000000057fa8 x7 : 0000000000000406 x6 : ffff8000821fea48\nx5 : ffff00033ef88408 x4 : ffff8002bcee7000 x3 : ffff800082195b80\nx2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff800082195b80\nCall trace:\n sci_serial_in+0x38/0xac (P)\n sci_handle_fifo_overrun.isra.0+0x70/0x134\n sci_er_interrupt+0x50/0x39c\n __handle_irq_event_percpu+0x48/0x140\n handle_irq_event+0x44/0xb0\n handle_fasteoi_irq+0xf4/0x1a0\n handle_irq_desc+0x34/0x58\n generic_handle_domain_irq+0x1c/0x28\n gic_handle_irq+0x4c/0x140\n call_on_irq_stack+0x30/0x48\n do_interrupt_handler+0x80/0x84\n el1_interrupt+0x34/0x68\n el1h_64_irq_handler+0x18/0x24\n el1h_64_irq+0x6c/0x70\n default_idle_call+0x28/0x58 (P)\n do_idle+0x1f8/0x250\n cpu_startup_entry+0x34/0x3c\n rest_init+0xd8/0xe0\n console_on_rootfs+0x0/0x6c\n __primary_switched+0x88/0x90\n---[ end trace 0000000000000000 ]---", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40222", "https://git.kernel.org/linus/ef8fef45c74b5a0059488fda2df65fa133f7d7d0 (6.18-rc3)", "https://git.kernel.org/stable/c/2ec9bbd09a6cdf5b8c726be34f29630faf585d07", "https://git.kernel.org/stable/c/ef8fef45c74b5a0059488fda2df65fa133f7d7d0", "https://lore.kernel.org/linux-cve-announce/2025120456-CVE-2025-40222-1901@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40222", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://www.cve.org/CVERecord?id=CVE-2025-40222" ], "PublishedDate": "2025-12-04T16:16:14.627Z", "LastModifiedDate": "2025-12-04T17:15:08.283Z" }, { "VulnerabilityID": "CVE-2025-40223", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40223", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7d6bce52a1fa3c8d18908535d6928d6d6a91e3dce339079ea3bb96f310429728", "Title": "kernel: most: usb: Fix use-after-free in hdm_disconnect", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmost: usb: Fix use-after-free in hdm_disconnect\n\nhdm_disconnect() calls most_deregister_interface(), which eventually\nunregisters the MOST interface device with device_unregister(iface-\u003edev).\nIf that drops the last reference, the device core may call release_mdev()\nimmediately while hdm_disconnect() is still executing.\n\nThe old code also freed several mdev-owned allocations in\nhdm_disconnect() and then performed additional put_device() calls.\nDepending on refcount order, this could lead to use-after-free or\ndouble-free when release_mdev() ran (or when unregister paths also\nperformed puts).\n\nFix by moving the frees of mdev-owned allocations into release_mdev(),\nso they happen exactly once when the device is truly released, and by\ndropping the extra put_device() calls in hdm_disconnect() that are\nredundant after device_unregister() and most_deregister_interface().\n\nThis addresses the KASAN slab-use-after-free reported by syzbot in\nhdm_disconnect(). See report and stack traces in the bug link below.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40223", "https://git.kernel.org/linus/4b1270902609ef0d935ed2faa2ea6d122bd148f5 (6.18-rc3)", "https://git.kernel.org/stable/c/33daf469f5294b9d07c4fc98216cace9f4f34cc6", "https://git.kernel.org/stable/c/3a3b8e89c7201c5b3b76ac4a4069d1adde1477d6", "https://git.kernel.org/stable/c/4b1270902609ef0d935ed2faa2ea6d122bd148f5", "https://git.kernel.org/stable/c/578eb18cd111addec94c43f61cd4b4429e454809", "https://git.kernel.org/stable/c/5b5c478f09b1b35e7fe6fc9a1786c9bf6030e831", "https://git.kernel.org/stable/c/72427dc6f87523995f4e6ae35a948bb2992cabce", "https://git.kernel.org/stable/c/f93a84ffb884d761a9d4e869ba29c238711e81f1", "https://lore.kernel.org/linux-cve-announce/2025120458-CVE-2025-40223-66bd@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40223", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40223" ], "PublishedDate": "2025-12-04T16:16:14.767Z", "LastModifiedDate": "2025-12-04T17:15:08.283Z" }, { "VulnerabilityID": "CVE-2025-40231", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40231", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:446a15968d8641befd69b5ff2cb9e6399add03938416267f79d63023ede9e9e7", "Title": "kernel: vsock: fix lock inversion in vsock_assign_transport()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: fix lock inversion in vsock_assign_transport()\n\nSyzbot reported a potential lock inversion deadlock between\nvsock_register_mutex and sk_lock-AF_VSOCK when vsock_linger() is called.\n\nThe issue was introduced by commit 687aa0c5581b (\"vsock: Fix\ntransport_* TOCTOU\") which added vsock_register_mutex locking in\nvsock_assign_transport() around the transport-\u003erelease() call, that can\ncall vsock_linger(). vsock_assign_transport() can be called with sk_lock\nheld. vsock_linger() calls sk_wait_event() that temporarily releases and\nre-acquires sk_lock. During this window, if another thread hold\nvsock_register_mutex while trying to acquire sk_lock, a circular\ndependency is created.\n\nFix this by releasing vsock_register_mutex before calling\ntransport-\u003erelease() and vsock_deassign_transport(). This is safe\nbecause we don't need to hold vsock_register_mutex while releasing the\nold transport, and we ensure the new transport won't disappear by\nobtaining a module reference first via try_module_get().", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40231", "https://git.kernel.org/linus/f7c877e7535260cc7a21484c994e8ce7e8cb6780 (6.18-rc3)", "https://git.kernel.org/stable/c/09bba278ccde25a14b6e5088a9e65a8717d0cccf", "https://git.kernel.org/stable/c/251caee792a21eb0b781aab91362b422c945e162", "https://git.kernel.org/stable/c/42ed0784d11adebf748711e503af0eb9f1e6d81d", "https://git.kernel.org/stable/c/a2a4346eea8b4cb75037dbcb20b98cb454324f80", "https://git.kernel.org/stable/c/b44182c116778feaa05da52a426aeb9da1878dcf", "https://git.kernel.org/stable/c/ce4f856c64f0bc30e29302a0ce41f4295ca391c5", "https://git.kernel.org/stable/c/f7c877e7535260cc7a21484c994e8ce7e8cb6780", "https://linux.oracle.com/cve/CVE-2025-40231.html", "https://linux.oracle.com/errata/ELSA-2026-50006.html", "https://lore.kernel.org/linux-cve-announce/2025120400-CVE-2025-40231-ae6a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40231", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40231" ], "PublishedDate": "2025-12-04T16:16:15.87Z", "LastModifiedDate": "2025-12-04T17:15:08.283Z" }, { "VulnerabilityID": "CVE-2025-40233", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40233", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a73687e73c0c6c52faed9025326ced57cebfe11d6f2750d1a1c2f721d9bfe423", "Title": "kernel: ocfs2: clear extent cache after moving/defragmenting extents", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: clear extent cache after moving/defragmenting extents\n\nThe extent map cache can become stale when extents are moved or\ndefragmented, causing subsequent operations to see outdated extent flags. \nThis triggers a BUG_ON in ocfs2_refcount_cal_cow_clusters().\n\nThe problem occurs when:\n1. copy_file_range() creates a reflinked extent with OCFS2_EXT_REFCOUNTED\n2. ioctl(FITRIM) triggers ocfs2_move_extents()\n3. __ocfs2_move_extents_range() reads and caches the extent (flags=0x2)\n4. ocfs2_move_extent()/ocfs2_defrag_extent() calls __ocfs2_move_extent()\n which clears OCFS2_EXT_REFCOUNTED flag on disk (flags=0x0)\n5. The extent map cache is not invalidated after the move\n6. Later write() operations read stale cached flags (0x2) but disk has\n updated flags (0x0), causing a mismatch\n7. BUG_ON(!(rec-\u003ee_flags \u0026 OCFS2_EXT_REFCOUNTED)) triggers\n\nFix by clearing the extent map cache after each extent move/defrag\noperation in __ocfs2_move_extents_range(). This ensures subsequent\noperations read fresh extent data from disk.", "Severity": "MEDIUM", "VendorSeverity": { "oracle-oval": 3, "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40233", "https://git.kernel.org/linus/78a63493f8e352296dbc7cb7b3f4973105e8679e (6.18-rc3)", "https://git.kernel.org/stable/c/78a63493f8e352296dbc7cb7b3f4973105e8679e", "https://git.kernel.org/stable/c/93166bc53c0e3587058327a4121daea34b4fecd5", "https://git.kernel.org/stable/c/93b1ab422f1966b71561158e1aedce4ec100f357", "https://git.kernel.org/stable/c/a21750df2f6169af6e039a3bb4893d6c9564e48d", "https://git.kernel.org/stable/c/a7ee72286efba1d407c6f15a0528e43593fb7007", "https://git.kernel.org/stable/c/aa6a21409dd6221bb268b56bb410e031c632ff9a", "https://git.kernel.org/stable/c/bb69928ed578f881e68d26aaf1a8f6e7faab3b44", "https://git.kernel.org/stable/c/e92af7737a94a729225d2a5d180eaaa77fe0bbc1", "https://linux.oracle.com/cve/CVE-2025-40233.html", "https://linux.oracle.com/errata/ELSA-2026-50006.html", "https://lore.kernel.org/linux-cve-announce/2025120401-CVE-2025-40233-adcb@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40233", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40233" ], "PublishedDate": "2025-12-04T16:16:16.137Z", "LastModifiedDate": "2025-12-04T17:15:08.283Z" }, { "VulnerabilityID": "CVE-2025-40237", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40237", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:95f6a3b6eb8cd532544bd10911e02096380a9d65481400e71f155af217a29e16", "Title": "kernel: fs/notify: call exportfs_encode_fid with s_umount", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/notify: call exportfs_encode_fid with s_umount\n\nCalling intotify_show_fdinfo() on fd watching an overlayfs inode, while\nthe overlayfs is being unmounted, can lead to dereferencing NULL ptr.\n\nThis issue was found by syzkaller.\n\nRace Condition Diagram:\n\nThread 1 Thread 2\n-------- --------\n\ngeneric_shutdown_super()\n shrink_dcache_for_umount\n sb-\u003es_root = NULL\n\n |\n | vfs_read()\n | inotify_fdinfo()\n | * inode get from mark *\n | show_mark_fhandle(m, inode)\n | exportfs_encode_fid(inode, ..)\n | ovl_encode_fh(inode, ..)\n | ovl_check_encode_origin(inode)\n | * deref i_sb-\u003es_root *\n |\n |\n v\n fsnotify_sb_delete(sb)\n\nWhich then leads to:\n\n[ 32.133461] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN NOPTI\n[ 32.134438] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]\n[ 32.135032] CPU: 1 UID: 0 PID: 4468 Comm: systemd-coredum Not tainted 6.17.0-rc6 #22 PREEMPT(none)\n\n\u003csnip registers, unreliable trace\u003e\n\n[ 32.143353] Call Trace:\n[ 32.143732] ovl_encode_fh+0xd5/0x170\n[ 32.144031] exportfs_encode_inode_fh+0x12f/0x300\n[ 32.144425] show_mark_fhandle+0xbe/0x1f0\n[ 32.145805] inotify_fdinfo+0x226/0x2d0\n[ 32.146442] inotify_show_fdinfo+0x1c5/0x350\n[ 32.147168] seq_show+0x530/0x6f0\n[ 32.147449] seq_read_iter+0x503/0x12a0\n[ 32.148419] seq_read+0x31f/0x410\n[ 32.150714] vfs_read+0x1f0/0x9e0\n[ 32.152297] ksys_read+0x125/0x240\n\nIOW ovl_check_encode_origin derefs inode-\u003ei_sb-\u003es_root, after it was set\nto NULL in the unmount path.\n\nFix it by protecting calling exportfs_encode_fid() from\nshow_mark_fhandle() with s_umount lock.\n\nThis form of fix was suggested by Amir in [1].\n\n[1]: https://lore.kernel.org/all/CAOQ4uxhbDwhb+2Brs1UdkoF0a3NSdBAOQPNfEHjahrgoKJpLEw@mail.gmail.com/", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40237", "https://git.kernel.org/linus/a7c4bb43bfdc2b9f06ee9d036028ed13a83df42a (6.18-rc3)", "https://git.kernel.org/stable/c/3f307a9f7a7a2822e38ac451b73e2244e7279496", "https://git.kernel.org/stable/c/950b604384fd75d62e860bec7135b2b62eb4d508", "https://git.kernel.org/stable/c/a7c4bb43bfdc2b9f06ee9d036028ed13a83df42a", "https://git.kernel.org/stable/c/bc1c6b803e14ea2b8f7e33b7164013f666ceb656", "https://git.kernel.org/stable/c/d1894bc542becb0fda61e7e513b09523cab44030", "https://linux.oracle.com/cve/CVE-2025-40237.html", "https://linux.oracle.com/errata/ELSA-2026-50006.html", "https://lore.kernel.org/linux-cve-announce/2025120402-CVE-2025-40237-f087@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40237", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40237" ], "PublishedDate": "2025-12-04T16:16:16.697Z", "LastModifiedDate": "2025-12-23T17:15:47.803Z" }, { "VulnerabilityID": "CVE-2025-40240", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40240", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:34724dc515190fa4ba6e87f0323b56ed5c59bbb4f9547fc8e23d1fa292083908", "Title": "kernel: sctp: avoid NULL dereference when chunk data buffer is missing", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: avoid NULL dereference when chunk data buffer is missing\n\nchunk-\u003eskb pointer is dereferenced in the if-block where it's supposed\nto be NULL only.\n\nchunk-\u003eskb can only be NULL if chunk-\u003ehead_skb is not. Check for frag_list\ninstead and do it just before replacing chunk-\u003eskb. We're sure that\notherwise chunk-\u003eskb is non-NULL because of outer if() condition.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:0445", "https://access.redhat.com/security/cve/CVE-2025-40240", "https://bugzilla.redhat.com/2395807", "https://bugzilla.redhat.com/2396936", "https://bugzilla.redhat.com/2397553", "https://bugzilla.redhat.com/2418832", "https://bugzilla.redhat.com/show_bug.cgi?id=2395807", "https://bugzilla.redhat.com/show_bug.cgi?id=2396936", "https://bugzilla.redhat.com/show_bug.cgi?id=2397553", "https://bugzilla.redhat.com/show_bug.cgi?id=2418832", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39806", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39840", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39883", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40240", "https://errata.almalinux.org/9/ALSA-2026-0445.html", "https://errata.rockylinux.org/RLSA-2026:0445", "https://git.kernel.org/linus/441f0647f7673e0e64d4910ef61a5fb8f16bfb82 (6.18-rc3)", "https://git.kernel.org/stable/c/03e80a4b04ef1fb2c61dd63216ab8d3a5dcb196f", "https://git.kernel.org/stable/c/08165c296597075763130919f2aae59b5822f016", "https://git.kernel.org/stable/c/441f0647f7673e0e64d4910ef61a5fb8f16bfb82", "https://git.kernel.org/stable/c/4f6da435fb5d8a21cbf8cae5ca5a2ba0e1012b71", "https://git.kernel.org/stable/c/61cda2777b07d27459f5cac5a047c3edf9c8a1a9", "https://git.kernel.org/stable/c/7a832b0f99be19df608cb75c023f8027b1789bd1", "https://git.kernel.org/stable/c/89b465b54227c245ddc7cc9ed822231af21123ef", "https://git.kernel.org/stable/c/cb9055ba30306ede4ad920002233d0659982f1cb", "https://linux.oracle.com/cve/CVE-2025-40240.html", "https://linux.oracle.com/errata/ELSA-2026-50006.html", "https://lore.kernel.org/linux-cve-announce/2025120403-CVE-2025-40240-745a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40240", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40240" ], "PublishedDate": "2025-12-04T16:16:17.1Z", "LastModifiedDate": "2025-12-04T17:15:08.283Z" }, { "VulnerabilityID": "CVE-2025-40242", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40242", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d48c68390df39b549d49179f7fd1d3239718286ae3141c1adc8ef9ede2cc69c8", "Title": "kernel: gfs2: Fix unlikely race in gdlm_put_lock", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Fix unlikely race in gdlm_put_lock\n\nIn gdlm_put_lock(), there is a small window of time in which the\nDFL_UNMOUNT flag has been set but the lockspace hasn't been released,\nyet. In that window, dlm may still call gdlm_ast() and gdlm_bast().\nTo prevent it from dereferencing freed glock objects, only free the\nglock if the lockspace has actually been released.", "Severity": "MEDIUM", "VendorSeverity": { "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40242", "https://git.kernel.org/linus/28c4d9bc0708956c1a736a9e49fee71b65deee81 (6.18-rc1)", "https://git.kernel.org/stable/c/279bde3bbb0ac0bad5c729dfa85983d75a5d7641", "https://git.kernel.org/stable/c/28c4d9bc0708956c1a736a9e49fee71b65deee81", "https://git.kernel.org/stable/c/4913592a3358f6ec366b8346b733d5e2360b08e1", "https://git.kernel.org/stable/c/64c61b4ac645222fa7b724cef616c1f862a72a40", "https://linux.oracle.com/cve/CVE-2025-40242.html", "https://linux.oracle.com/errata/ELSA-2026-50006.html", "https://lore.kernel.org/linux-cve-announce/2025120403-CVE-2025-40242-8f73@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40242", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40242" ], "PublishedDate": "2025-12-04T16:16:17.39Z", "LastModifiedDate": "2026-04-02T12:16:18.28Z" }, { "VulnerabilityID": "CVE-2025-40243", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40243", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:127b686a593998f49ed8b8487981b0a04299a946103daafe1e49c37c565467be", "Title": "kernel: hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits()\n\nThe syzbot reported issue in hfs_find_set_zero_bits():\n\n=====================================================\nBUG: KMSAN: uninit-value in hfs_find_set_zero_bits+0x74d/0xb60 fs/hfs/bitmap.c:45\n hfs_find_set_zero_bits+0x74d/0xb60 fs/hfs/bitmap.c:45\n hfs_vbm_search_free+0x13c/0x5b0 fs/hfs/bitmap.c:151\n hfs_extend_file+0x6a5/0x1b00 fs/hfs/extent.c:408\n hfs_get_block+0x435/0x1150 fs/hfs/extent.c:353\n __block_write_begin_int+0xa76/0x3030 fs/buffer.c:2151\n block_write_begin fs/buffer.c:2262 [inline]\n cont_write_begin+0x10e1/0x1bc0 fs/buffer.c:2601\n hfs_write_begin+0x85/0x130 fs/hfs/inode.c:52\n cont_expand_zero fs/buffer.c:2528 [inline]\n cont_write_begin+0x35a/0x1bc0 fs/buffer.c:2591\n hfs_write_begin+0x85/0x130 fs/hfs/inode.c:52\n hfs_file_truncate+0x1d6/0xe60 fs/hfs/extent.c:494\n hfs_inode_setattr+0x964/0xaa0 fs/hfs/inode.c:654\n notify_change+0x1993/0x1aa0 fs/attr.c:552\n do_truncate+0x28f/0x310 fs/open.c:68\n do_ftruncate+0x698/0x730 fs/open.c:195\n do_sys_ftruncate fs/open.c:210 [inline]\n __do_sys_ftruncate fs/open.c:215 [inline]\n __se_sys_ftruncate fs/open.c:213 [inline]\n __x64_sys_ftruncate+0x11b/0x250 fs/open.c:213\n x64_sys_call+0xfe3/0x3db0 arch/x86/include/generated/asm/syscalls_64.h:78\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4154 [inline]\n slab_alloc_node mm/slub.c:4197 [inline]\n __kmalloc_cache_noprof+0x7f7/0xed0 mm/slub.c:4354\n kmalloc_noprof include/linux/slab.h:905 [inline]\n hfs_mdb_get+0x1cc8/0x2a90 fs/hfs/mdb.c:175\n hfs_fill_super+0x3d0/0xb80 fs/hfs/super.c:337\n get_tree_bdev_flags+0x6e3/0x920 fs/super.c:1681\n get_tree_bdev+0x38/0x50 fs/super.c:1704\n hfs_get_tree+0x35/0x40 fs/hfs/super.c:388\n vfs_get_tree+0xb0/0x5c0 fs/super.c:1804\n do_new_mount+0x738/0x1610 fs/namespace.c:3902\n path_mount+0x6db/0x1e90 fs/namespace.c:4226\n do_mount fs/namespace.c:4239 [inline]\n __do_sys_mount fs/namespace.c:4450 [inline]\n __se_sys_mount+0x6eb/0x7d0 fs/namespace.c:4427\n __x64_sys_mount+0xe4/0x150 fs/namespace.c:4427\n x64_sys_call+0xfa7/0x3db0 arch/x86/include/generated/asm/syscalls_64.h:166\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 1 UID: 0 PID: 12609 Comm: syz.1.2692 Not tainted 6.16.0-syzkaller #0 PREEMPT(none)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025\n=====================================================\n\nThe HFS_SB(sb)-\u003ebitmap buffer is allocated in hfs_mdb_get():\n\nHFS_SB(sb)-\u003ebitmap = kmalloc(8192, GFP_KERNEL);\n\nFinally, it can trigger the reported issue because kmalloc()\ndoesn't clear the allocated memory. If allocated memory contains\nonly zeros, then everything will work pretty fine.\nBut if the allocated memory contains the \"garbage\", then\nit can affect the bitmap operations and it triggers\nthe reported issue.\n\nThis patch simply exchanges the kmalloc() on kzalloc()\nwith the goal to guarantee the correctness of bitmap operations.\nBecause, newly created allocation bitmap should have all\navailable blocks free. Potentially, initialization bitmap's read\noperation could not fill the whole allocated memory and\n\"garbage\" in the not initialized memory will be the reason of\nvolume coruptions and file system driver bugs.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40243", "https://git.kernel.org/linus/2048ec5b98dbdfe0b929d2e42dc7a54c389c53dd (6.18-rc1)", "https://git.kernel.org/stable/c/2048ec5b98dbdfe0b929d2e42dc7a54c389c53dd", "https://git.kernel.org/stable/c/2a112cdd66f5a132da5235ca31a320528c86bf33", "https://git.kernel.org/stable/c/3b447fd401824e1ccf0b769188edefe866a1e676", "https://git.kernel.org/stable/c/502fa92a71f344611101bd04ef1a595b8b6014f5", "https://git.kernel.org/stable/c/bf1683078fbdd09a7f7f9b74121ebaa03432bd00", "https://git.kernel.org/stable/c/cfafefcb0e1fc60135f7040f4aed0a4aef4f76ca", "https://git.kernel.org/stable/c/e148ed5cda8fd96d4620c4622fb02f552a2d166a", "https://git.kernel.org/stable/c/fc56548fca732f3d3692c83b40db796259a03887", "https://lore.kernel.org/linux-cve-announce/2025120404-CVE-2025-40243-8cca@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40243", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40243" ], "PublishedDate": "2025-12-04T16:16:17.523Z", "LastModifiedDate": "2025-12-04T17:15:08.283Z" }, { "VulnerabilityID": "CVE-2025-40244", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40244", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6d301ea9a4fea88713b57b29c91f69dbe23c80e3d871dbcdc69d6842b1f4300b", "Title": "kernel: hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent()\n\nThe syzbot reported issue in __hfsplus_ext_cache_extent():\n\n[ 70.194323][ T9350] BUG: KMSAN: uninit-value in __hfsplus_ext_cache_extent+0x7d0/0x990\n[ 70.195022][ T9350] __hfsplus_ext_cache_extent+0x7d0/0x990\n[ 70.195530][ T9350] hfsplus_file_extend+0x74f/0x1cf0\n[ 70.195998][ T9350] hfsplus_get_block+0xe16/0x17b0\n[ 70.196458][ T9350] __block_write_begin_int+0x962/0x2ce0\n[ 70.196959][ T9350] cont_write_begin+0x1000/0x1950\n[ 70.197416][ T9350] hfsplus_write_begin+0x85/0x130\n[ 70.197873][ T9350] generic_perform_write+0x3e8/0x1060\n[ 70.198374][ T9350] __generic_file_write_iter+0x215/0x460\n[ 70.198892][ T9350] generic_file_write_iter+0x109/0x5e0\n[ 70.199393][ T9350] vfs_write+0xb0f/0x14e0\n[ 70.199771][ T9350] ksys_write+0x23e/0x490\n[ 70.200149][ T9350] __x64_sys_write+0x97/0xf0\n[ 70.200570][ T9350] x64_sys_call+0x3015/0x3cf0\n[ 70.201065][ T9350] do_syscall_64+0xd9/0x1d0\n[ 70.201506][ T9350] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 70.202054][ T9350]\n[ 70.202279][ T9350] Uninit was created at:\n[ 70.202693][ T9350] __kmalloc_noprof+0x621/0xf80\n[ 70.203149][ T9350] hfsplus_find_init+0x8d/0x1d0\n[ 70.203602][ T9350] hfsplus_file_extend+0x6ca/0x1cf0\n[ 70.204087][ T9350] hfsplus_get_block+0xe16/0x17b0\n[ 70.204561][ T9350] __block_write_begin_int+0x962/0x2ce0\n[ 70.205074][ T9350] cont_write_begin+0x1000/0x1950\n[ 70.205547][ T9350] hfsplus_write_begin+0x85/0x130\n[ 70.206017][ T9350] generic_perform_write+0x3e8/0x1060\n[ 70.206519][ T9350] __generic_file_write_iter+0x215/0x460\n[ 70.207042][ T9350] generic_file_write_iter+0x109/0x5e0\n[ 70.207552][ T9350] vfs_write+0xb0f/0x14e0\n[ 70.207961][ T9350] ksys_write+0x23e/0x490\n[ 70.208375][ T9350] __x64_sys_write+0x97/0xf0\n[ 70.208810][ T9350] x64_sys_call+0x3015/0x3cf0\n[ 70.209255][ T9350] do_syscall_64+0xd9/0x1d0\n[ 70.209680][ T9350] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 70.210230][ T9350]\n[ 70.210454][ T9350] CPU: 2 UID: 0 PID: 9350 Comm: repro Not tainted 6.12.0-rc5 #5\n[ 70.211174][ T9350] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 70.212115][ T9350] =====================================================\n[ 70.212734][ T9350] Disabling lock debugging due to kernel taint\n[ 70.213284][ T9350] Kernel panic - not syncing: kmsan.panic set ...\n[ 70.213858][ T9350] CPU: 2 UID: 0 PID: 9350 Comm: repro Tainted: G B 6.12.0-rc5 #5\n[ 70.214679][ T9350] Tainted: [B]=BAD_PAGE\n[ 70.215057][ T9350] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 70.215999][ T9350] Call Trace:\n[ 70.216309][ T9350] \u003cTASK\u003e\n[ 70.216585][ T9350] dump_stack_lvl+0x1fd/0x2b0\n[ 70.217025][ T9350] dump_stack+0x1e/0x30\n[ 70.217421][ T9350] panic+0x502/0xca0\n[ 70.217803][ T9350] ? kmsan_get_metadata+0x13e/0x1c0\n\n[ 70.218294][ Message fromT sy9350] kmsan_report+0x296/slogd@syzkaller 0x2aat Aug 18 22:11:058 ...\n kernel\n:[ 70.213284][ T9350] Kernel panic - not syncing: kmsan.panic [ 70.220179][ T9350] ? kmsan_get_metadata+0x13e/0x1c0\nset ...\n[ 70.221254][ T9350] ? __msan_warning+0x96/0x120\n[ 70.222066][ T9350] ? __hfsplus_ext_cache_extent+0x7d0/0x990\n[ 70.223023][ T9350] ? hfsplus_file_extend+0x74f/0x1cf0\n[ 70.224120][ T9350] ? hfsplus_get_block+0xe16/0x17b0\n[ 70.224946][ T9350] ? __block_write_begin_int+0x962/0x2ce0\n[ 70.225756][ T9350] ? cont_write_begin+0x1000/0x1950\n[ 70.226337][ T9350] ? hfsplus_write_begin+0x85/0x130\n[ 70.226852][ T9350] ? generic_perform_write+0x3e8/0x1060\n[ 70.227405][ T9350] ? __generic_file_write_iter+0x215/0x460\n[ 70.227979][ T9350] ? generic_file_write_iter+0x109/0x5e0\n[ 70.228540][ T9350] ? vfs_write+0xb0f/0x14e0\n[ 70.228997][ T9350] ? ksys_write+0x23e/0x490\n---truncated---", "Severity": "MEDIUM", "VendorSeverity": { "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40244", "https://git.kernel.org/linus/4840ceadef4290c56cc422f0fc697655f3cbf070 (6.18-rc1)", "https://git.kernel.org/stable/c/14c673a2f3ecf650b694a52a88688f1d71849899", "https://git.kernel.org/stable/c/4840ceadef4290c56cc422f0fc697655f3cbf070", "https://git.kernel.org/stable/c/99202d94909d323a30d154ab0261c0a07166daec", "https://git.kernel.org/stable/c/a5bfb13b4f406aef1a450f99d22d3e48df01528c", "https://git.kernel.org/stable/c/b8a72692aa42b7dcd179a96b90bc2763ac74576a", "https://git.kernel.org/stable/c/c135b8dca65526aa5b8814e9954e0ae317d9c598", "https://git.kernel.org/stable/c/c1ec90bed504640a42bb20a5f413be39cd17ad71", "https://git.kernel.org/stable/c/d7e313039a8f3a6ee072dc5ff4643234d2d735cf", "https://lore.kernel.org/linux-cve-announce/2025120404-CVE-2025-40244-941b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40244", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40244" ], "PublishedDate": "2025-12-04T16:16:17.67Z", "LastModifiedDate": "2025-12-04T17:15:08.283Z" }, { "VulnerabilityID": "CVE-2025-40245", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40245", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2e39c6ba77000b1511e61040be8469e92ba2c1901b2f832ae2eb59c073d08409", "Title": "kernel: nios2: ensure that memblock.current_limit is set when setting pfn limits", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnios2: ensure that memblock.current_limit is set when setting pfn limits\n\nOn nios2, with CONFIG_FLATMEM set, the kernel relies on\nmemblock_get_current_limit() to determine the limits of mem_map, in\nparticular for max_low_pfn.\nUnfortunately, memblock.current_limit is only default initialized to\nMEMBLOCK_ALLOC_ANYWHERE at this point of the bootup, potentially leading\nto situations where max_low_pfn can erroneously exceed the value of\nmax_pfn and, thus, the valid range of available DRAM.\n\nThis can in turn cause kernel-level paging failures, e.g.:\n\n[ 76.900000] Unable to handle kernel paging request at virtual address 20303000\n[ 76.900000] ea = c0080890, ra = c000462c, cause = 14\n[ 76.900000] Kernel panic - not syncing: Oops\n[ 76.900000] ---[ end Kernel panic - not syncing: Oops ]---\n\nThis patch fixes this by pre-calculating memblock.current_limit\nbased on the upper limits of the available memory ranges via\nadjust_lowmem_bounds, a simplified version of the equivalent\nimplementation within the arm architecture.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40245", "https://git.kernel.org/linus/a20b83cf45be2057f3d073506779e52c7fa17f94 (6.18-rc1)", "https://git.kernel.org/stable/c/25f09699edd360b534ccae16bc276c3b52c471f3", "https://git.kernel.org/stable/c/5c3e38a367822f036227dd52bac82dc4a05157e2", "https://git.kernel.org/stable/c/8912814f14e298b83df072fecc1f7ed1b63b1b2c", "https://git.kernel.org/stable/c/90f5f715550e07cd6a51f80fc3f062d832c8c997", "https://git.kernel.org/stable/c/a20b83cf45be2057f3d073506779e52c7fa17f94", "https://git.kernel.org/stable/c/b1ec9faef7e36269ca3ec890972a78effbaeb975", "https://lore.kernel.org/linux-cve-announce/2025120404-CVE-2025-40245-0e1e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40245", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40245" ], "PublishedDate": "2025-12-04T16:16:17.827Z", "LastModifiedDate": "2025-12-04T17:15:08.283Z" }, { "VulnerabilityID": "CVE-2025-40247", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40247", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:54be64bc5c3a08cd31f8448fd28a3d107c64ab9390ac4dca28ab53ae50fc2130", "Title": "kernel: drm/msm: Fix pgtable prealloc error path", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: Fix pgtable prealloc error path\n\nThe following splat was reported:\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010\n Mem abort info:\n ESR = 0x0000000096000004\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x04: level 0 translation fault\n Data abort info:\n ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n user pgtable: 4k pages, 48-bit VAs, pgdp=00000008d0fd8000\n [0000000000000010] pgd=0000000000000000, p4d=0000000000000000\n Internal error: Oops: 0000000096000004 [#1] SMP\n CPU: 5 UID: 1000 PID: 149076 Comm: Xwayland Tainted: G S 6.16.0-rc2-00809-g0b6974bb4134-dirty #367 PREEMPT\n Tainted: [S]=CPU_OUT_OF_SPEC\n Hardware name: Qualcomm Technologies, Inc. SM8650 HDK (DT)\n pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\n pc : build_detached_freelist+0x28/0x224\n lr : kmem_cache_free_bulk.part.0+0x38/0x244\n sp : ffff000a508c7a20\n x29: ffff000a508c7a20 x28: ffff000a508c7d50 x27: ffffc4e49d16f350\n x26: 0000000000000058 x25: 00000000fffffffc x24: 0000000000000000\n x23: ffff00098c4e1450 x22: 00000000fffffffc x21: 0000000000000000\n x20: ffff000a508c7af8 x19: 0000000000000002 x18: 00000000000003e8\n x17: ffff000809523850 x16: ffff000809523820 x15: 0000000000401640\n x14: ffff000809371140 x13: 0000000000000130 x12: ffff0008b5711e30\n x11: 00000000001058fa x10: 0000000000000a80 x9 : ffff000a508c7940\n x8 : ffff000809371ba0 x7 : 781fffe033087fff x6 : 0000000000000000\n x5 : ffff0008003cd000 x4 : 781fffe033083fff x3 : ffff000a508c7af8\n x2 : fffffdffc0000000 x1 : 0001000000000000 x0 : ffff0008001a6a00\n Call trace:\n build_detached_freelist+0x28/0x224 (P)\n kmem_cache_free_bulk.part.0+0x38/0x244\n kmem_cache_free_bulk+0x10/0x1c\n msm_iommu_pagetable_prealloc_cleanup+0x3c/0xd0\n msm_vma_job_free+0x30/0x240\n msm_ioctl_vm_bind+0x1d0/0x9a0\n drm_ioctl_kernel+0x84/0x104\n drm_ioctl+0x358/0x4d4\n __arm64_sys_ioctl+0x8c/0xe0\n invoke_syscall+0x44/0x100\n el0_svc_common.constprop.0+0x3c/0xe0\n do_el0_svc+0x18/0x20\n el0_svc+0x30/0x100\n el0t_64_sync_handler+0x104/0x130\n el0t_64_sync+0x170/0x174\n Code: aa0203f5 b26287e2 f2dfbfe2 aa0303f4 (f8737ab6)\n ---[ end trace 0000000000000000 ]---\n\nSince msm_vma_job_free() is called directly from the ioctl, this looks\nlike an error path cleanup issue. Which I think results from\nprealloc_cleanup() called without a preceding successful\nprealloc_allocate() call. So handle that case better.\n\nPatchwork: https://patchwork.freedesktop.org/patch/678677/", "Severity": "MEDIUM", "VendorSeverity": { "photon": 3, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40247", "https://git.kernel.org/linus/830d68f2cb8ab6fb798bb9555016709a9e012af0 (6.18-rc4)", "https://git.kernel.org/stable/c/830d68f2cb8ab6fb798bb9555016709a9e012af0", "https://git.kernel.org/stable/c/b865da18b6cb878f33b5920693d03f23b9c4d1a3", "https://lore.kernel.org/linux-cve-announce/2025120429-CVE-2025-40247-14ed@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40247", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://www.cve.org/CVERecord?id=CVE-2025-40247" ], "PublishedDate": "2025-12-04T16:16:18.107Z", "LastModifiedDate": "2025-12-04T17:15:08.283Z" }, { "VulnerabilityID": "CVE-2025-40248", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40248", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:caa34f9a4ecec0d446abd728302c0ab91aaf9d71c83d17557830d2ea5329d950", "Title": "kernel: Linux kernel: vsock vulnerability may lead to memory corruption", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Ignore signal/timeout on connect() if already established\n\nDuring connect(), acting on a signal/timeout by disconnecting an already\nestablished socket leads to several issues:\n\n1. connect() invoking vsock_transport_cancel_pkt() -\u003e\n virtio_transport_purge_skbs() may race with sendmsg() invoking\n virtio_transport_get_credit(). This results in a permanently elevated\n `vvs-\u003ebytes_unsent`. Which, in turn, confuses the SOCK_LINGER handling.\n\n2. connect() resetting a connected socket's state may race with socket\n being placed in a sockmap. A disconnected socket remaining in a sockmap\n breaks sockmap's assumptions. And gives rise to WARNs.\n\n3. connect() transitioning SS_CONNECTED -\u003e SS_UNCONNECTED allows for a\n transport change/drop after TCP_ESTABLISHED. Which poses a problem for\n any simultaneous sendmsg() or connect() and may result in a\n use-after-free/null-ptr-deref.\n\nDo not disconnect socket on signal/timeout. Keep the logic for unconnected\nsockets: they don't linger, can't be placed in a sockmap, are rejected by\nsendmsg().\n\n[1]: https://lore.kernel.org/netdev/e07fd95c-9a38-4eea-9638-133e38c2ec9b@rbox.co/\n[2]: https://lore.kernel.org/netdev/20250317-vsock-trans-signal-race-v4-0-fc8837f3f1d4@rbox.co/\n[3]: https://lore.kernel.org/netdev/60f1b7db-3099-4f6a-875e-af9f6ef194f6@rbox.co/", "Severity": "MEDIUM", "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1143", "https://access.redhat.com/security/cve/CVE-2025-40248", "https://bugzilla.redhat.com/2376052", "https://bugzilla.redhat.com/2381870", "https://bugzilla.redhat.com/2393488", "https://bugzilla.redhat.com/2418872", "https://bugzilla.redhat.com/2418876", "https://bugzilla.redhat.com/2419891", "https://bugzilla.redhat.com/2422836", "https://bugzilla.redhat.com/2422840", "https://bugzilla.redhat.com/show_bug.cgi?id=2376052", "https://bugzilla.redhat.com/show_bug.cgi?id=2381870", "https://bugzilla.redhat.com/show_bug.cgi?id=2393488", "https://bugzilla.redhat.com/show_bug.cgi?id=2418872", "https://bugzilla.redhat.com/show_bug.cgi?id=2418876", "https://bugzilla.redhat.com/show_bug.cgi?id=2419891", "https://bugzilla.redhat.com/show_bug.cgi?id=2422836", "https://bugzilla.redhat.com/show_bug.cgi?id=2422840", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38141", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38349", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38731", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40248", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40258", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40294", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68301", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68305", "https://errata.almalinux.org/9/ALSA-2026-1143.html", "https://errata.rockylinux.org/RLSA-2026:1143", "https://git.kernel.org/linus/002541ef650b742a198e4be363881439bb9d86b4 (6.18-rc7)", "https://git.kernel.org/stable/c/002541ef650b742a198e4be363881439bb9d86b4", "https://git.kernel.org/stable/c/3f71753935d648082a8279a97d30efe6b85be680", "https://git.kernel.org/stable/c/5998da5a8208ae9ad7838ba322bccb2bdcd95e81", "https://git.kernel.org/stable/c/67432915145848658149683101104e32f9fd6559", "https://git.kernel.org/stable/c/ab6b19f690d89ae4709fba73a3c4a7911f495b7a", "https://git.kernel.org/stable/c/da664101fb4a0de5cb70d2bae6a650df954df2af", "https://git.kernel.org/stable/c/eeca93f06df89be5a36305b7b9dae1ed65550dfc", "https://git.kernel.org/stable/c/f1c170cae285e4b8f61be043bb17addc3d0a14b5", "https://linux.oracle.com/cve/CVE-2025-40248.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025120430-CVE-2025-40248-506e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40248", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40248" ], "PublishedDate": "2025-12-04T16:16:18.24Z", "LastModifiedDate": "2025-12-06T22:15:52.643Z" }, { "VulnerabilityID": "CVE-2025-40250", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40250", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5e7ac09e8e0a3f1228bad2f557d1b8677d68b459ae31f003a2a0db8c7fbf3416", "Title": "kernel: net/mlx5: Clean up only new IRQ glue on request_irq() failure", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Clean up only new IRQ glue on request_irq() failure\n\nThe mlx5_irq_alloc() function can inadvertently free the entire rmap\nand end up in a crash[1] when the other threads tries to access this,\nwhen request_irq() fails due to exhausted IRQ vectors. This commit\nmodifies the cleanup to remove only the specific IRQ mapping that was\njust added.\n\nThis prevents removal of other valid mappings and ensures precise\ncleanup of the failed IRQ allocation's associated glue object.\n\nNote: This error is observed when both fwctl and rds configs are enabled.\n\n[1]\nmlx5_core 0000:05:00.0: Successfully registered panic handler for port 1\nmlx5_core 0000:05:00.0: mlx5_irq_alloc:293:(pid 66740): Failed to\nrequest irq. err = -28\ninfiniband mlx5_0: mlx5_ib_test_wc:290:(pid 66740): Error -28 while\ntrying to test write-combining support\nmlx5_core 0000:05:00.0: Successfully unregistered panic handler for port 1\nmlx5_core 0000:06:00.0: Successfully registered panic handler for port 1\nmlx5_core 0000:06:00.0: mlx5_irq_alloc:293:(pid 66740): Failed to\nrequest irq. err = -28\ninfiniband mlx5_0: mlx5_ib_test_wc:290:(pid 66740): Error -28 while\ntrying to test write-combining support\nmlx5_core 0000:06:00.0: Successfully unregistered panic handler for port 1\nmlx5_core 0000:03:00.0: mlx5_irq_alloc:293:(pid 28895): Failed to\nrequest irq. err = -28\nmlx5_core 0000:05:00.0: mlx5_irq_alloc:293:(pid 28895): Failed to\nrequest irq. err = -28\ngeneral protection fault, probably for non-canonical address\n0xe277a58fde16f291: 0000 [#1] SMP NOPTI\n\nRIP: 0010:free_irq_cpu_rmap+0x23/0x7d\nCall Trace:\n \u003cTASK\u003e\n ? show_trace_log_lvl+0x1d6/0x2f9\n ? show_trace_log_lvl+0x1d6/0x2f9\n ? mlx5_irq_alloc.cold+0x5d/0xf3 [mlx5_core]\n ? __die_body.cold+0x8/0xa\n ? die_addr+0x39/0x53\n ? exc_general_protection+0x1c4/0x3e9\n ? dev_vprintk_emit+0x5f/0x90\n ? asm_exc_general_protection+0x22/0x27\n ? free_irq_cpu_rmap+0x23/0x7d\n mlx5_irq_alloc.cold+0x5d/0xf3 [mlx5_core]\n irq_pool_request_vector+0x7d/0x90 [mlx5_core]\n mlx5_irq_request+0x2e/0xe0 [mlx5_core]\n mlx5_irq_request_vector+0xad/0xf7 [mlx5_core]\n comp_irq_request_pci+0x64/0xf0 [mlx5_core]\n create_comp_eq+0x71/0x385 [mlx5_core]\n ? mlx5e_open_xdpsq+0x11c/0x230 [mlx5_core]\n mlx5_comp_eqn_get+0x72/0x90 [mlx5_core]\n ? xas_load+0x8/0x91\n mlx5_comp_irqn_get+0x40/0x90 [mlx5_core]\n mlx5e_open_channel+0x7d/0x3c7 [mlx5_core]\n mlx5e_open_channels+0xad/0x250 [mlx5_core]\n mlx5e_open_locked+0x3e/0x110 [mlx5_core]\n mlx5e_open+0x23/0x70 [mlx5_core]\n __dev_open+0xf1/0x1a5\n __dev_change_flags+0x1e1/0x249\n dev_change_flags+0x21/0x5c\n do_setlink+0x28b/0xcc4\n ? __nla_parse+0x22/0x3d\n ? inet6_validate_link_af+0x6b/0x108\n ? cpumask_next+0x1f/0x35\n ? __snmp6_fill_stats64.constprop.0+0x66/0x107\n ? __nla_validate_parse+0x48/0x1e6\n __rtnl_newlink+0x5ff/0xa57\n ? kmem_cache_alloc_trace+0x164/0x2ce\n rtnl_newlink+0x44/0x6e\n rtnetlink_rcv_msg+0x2bb/0x362\n ? __netlink_sendskb+0x4c/0x6c\n ? netlink_unicast+0x28f/0x2ce\n ? rtnl_calcit.isra.0+0x150/0x146\n netlink_rcv_skb+0x5f/0x112\n netlink_unicast+0x213/0x2ce\n netlink_sendmsg+0x24f/0x4d9\n __sock_sendmsg+0x65/0x6a\n ____sys_sendmsg+0x28f/0x2c9\n ? import_iovec+0x17/0x2b\n ___sys_sendmsg+0x97/0xe0\n __sys_sendmsg+0x81/0xd8\n do_syscall_64+0x35/0x87\n entry_SYSCALL_64_after_hwframe+0x6e/0x0\nRIP: 0033:0x7fc328603727\nCode: c3 66 90 41 54 41 89 d4 55 48 89 f5 53 89 fb 48 83 ec 10 e8 0b ed\nff ff 44 89 e2 48 89 ee 89 df 41 89 c0 b8 2e 00 00 00 0f 05 \u003c48\u003e 3d 00\nf0 ff ff 77 35 44 89 c7 48 89 44 24 08 e8 44 ed ff ff 48\nRSP: 002b:00007ffe8eb3f1a0 EFLAGS: 00000293 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 000000000000000d RCX: 00007fc328603727\nRDX: 0000000000000000 RSI: 00007ffe8eb3f1f0 RDI: 000000000000000d\nRBP: 00007ffe8eb3f1f0 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000\nR13: 00000000000\n---truncated---", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40250", "https://git.kernel.org/linus/d47515af6cccd7484d8b0870376858c9848a18ec (6.18-rc7)", "https://git.kernel.org/stable/c/4d6b4bea8b80bfa13c903ba547538249e7c5e977", "https://git.kernel.org/stable/c/69e043bce09c9a77e5f55b9ac7505874a2a1a9f0", "https://git.kernel.org/stable/c/6ebd02cf2dde11b86f89ea4c9f55179eab30d4ee", "https://git.kernel.org/stable/c/d47515af6cccd7484d8b0870376858c9848a18ec", "https://linux.oracle.com/cve/CVE-2025-40250.html", "https://linux.oracle.com/errata/ELSA-2026-50007.html", "https://lore.kernel.org/linux-cve-announce/2025120430-CVE-2025-40250-fa72@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40250", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40250" ], "PublishedDate": "2025-12-04T16:16:18.527Z", "LastModifiedDate": "2025-12-04T17:15:08.283Z" }, { "VulnerabilityID": "CVE-2025-40251", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40251", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9c52ed7d5fe7d90fb2f198d85c21465c429f5375fc2af8713cc031314c0e42d7", "Title": "kernel: devlink: rate: Unset parent pointer in devl_rate_nodes_destroy", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndevlink: rate: Unset parent pointer in devl_rate_nodes_destroy\n\nThe function devl_rate_nodes_destroy is documented to \"Unset parent for\nall rate objects\". However, it was only calling the driver-specific\n`rate_leaf_parent_set` or `rate_node_parent_set` ops and decrementing\nthe parent's refcount, without actually setting the\n`devlink_rate-\u003eparent` pointer to NULL.\n\nThis leaves a dangling pointer in the `devlink_rate` struct, which cause\nrefcount error in netdevsim[1] and mlx5[2]. In addition, this is\ninconsistent with the behavior of `devlink_nl_rate_parent_node_set`,\nwhere the parent pointer is correctly cleared.\n\nThis patch fixes the issue by explicitly setting `devlink_rate-\u003eparent`\nto NULL after notifying the driver, thus fulfilling the function's\ndocumented behavior for all rate objects.\n\n[1]\nrepro steps:\necho 1 \u003e /sys/bus/netdevsim/new_device\ndevlink dev eswitch set netdevsim/netdevsim1 mode switchdev\necho 1 \u003e /sys/bus/netdevsim/devices/netdevsim1/sriov_numvfs\ndevlink port function rate add netdevsim/netdevsim1/test_node\ndevlink port function rate set netdevsim/netdevsim1/128 parent test_node\necho 1 \u003e /sys/bus/netdevsim/del_device\n\ndmesg:\nrefcount_t: decrement hit 0; leaking memory.\nWARNING: CPU: 8 PID: 1530 at lib/refcount.c:31 refcount_warn_saturate+0x42/0xe0\nCPU: 8 UID: 0 PID: 1530 Comm: bash Not tainted 6.18.0-rc4+ #1 NONE\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nRIP: 0010:refcount_warn_saturate+0x42/0xe0\nCall Trace:\n \u003cTASK\u003e\n devl_rate_leaf_destroy+0x8d/0x90\n __nsim_dev_port_del+0x6c/0x70 [netdevsim]\n nsim_dev_reload_destroy+0x11c/0x140 [netdevsim]\n nsim_drv_remove+0x2b/0xb0 [netdevsim]\n device_release_driver_internal+0x194/0x1f0\n bus_remove_device+0xc6/0x130\n device_del+0x159/0x3c0\n device_unregister+0x1a/0x60\n del_device_store+0x111/0x170 [netdevsim]\n kernfs_fop_write_iter+0x12e/0x1e0\n vfs_write+0x215/0x3d0\n ksys_write+0x5f/0xd0\n do_syscall_64+0x55/0x10f0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n[2]\ndevlink dev eswitch set pci/0000:08:00.0 mode switchdev\ndevlink port add pci/0000:08:00.0 flavour pcisf pfnum 0 sfnum 1000\ndevlink port function rate add pci/0000:08:00.0/group1\ndevlink port function rate set pci/0000:08:00.0/32768 parent group1\nmodprobe -r mlx5_ib mlx5_fwctl mlx5_core\n\ndmesg:\nrefcount_t: decrement hit 0; leaking memory.\nWARNING: CPU: 7 PID: 16151 at lib/refcount.c:31 refcount_warn_saturate+0x42/0xe0\nCPU: 7 UID: 0 PID: 16151 Comm: bash Not tainted 6.17.0-rc7_for_upstream_min_debug_2025_10_02_12_44 #1 NONE\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nRIP: 0010:refcount_warn_saturate+0x42/0xe0\nCall Trace:\n \u003cTASK\u003e\n devl_rate_leaf_destroy+0x8d/0x90\n mlx5_esw_offloads_devlink_port_unregister+0x33/0x60 [mlx5_core]\n mlx5_esw_offloads_unload_rep+0x3f/0x50 [mlx5_core]\n mlx5_eswitch_unload_sf_vport+0x40/0x90 [mlx5_core]\n mlx5_sf_esw_event+0xc4/0x120 [mlx5_core]\n notifier_call_chain+0x33/0xa0\n blocking_notifier_call_chain+0x3b/0x50\n mlx5_eswitch_disable_locked+0x50/0x110 [mlx5_core]\n mlx5_eswitch_disable+0x63/0x90 [mlx5_core]\n mlx5_unload+0x1d/0x170 [mlx5_core]\n mlx5_uninit_one+0xa2/0x130 [mlx5_core]\n remove_one+0x78/0xd0 [mlx5_core]\n pci_device_remove+0x39/0xa0\n device_release_driver_internal+0x194/0x1f0\n unbind_store+0x99/0xa0\n kernfs_fop_write_iter+0x12e/0x1e0\n vfs_write+0x215/0x3d0\n ksys_write+0x5f/0xd0\n do_syscall_64+0x53/0x1f0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 4, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1617", "https://access.redhat.com/security/cve/CVE-2025-40251", "https://bugzilla.redhat.com/2389507", "https://bugzilla.redhat.com/2414494", "https://bugzilla.redhat.com/2418892", "https://bugzilla.redhat.com/show_bug.cgi?id=2389507", "https://bugzilla.redhat.com/show_bug.cgi?id=2414494", "https://bugzilla.redhat.com/show_bug.cgi?id=2418892", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38568", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40154", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40251", "https://errata.almalinux.org/9/ALSA-2026-1617.html", "https://errata.rockylinux.org/RLSA-2026:1617", "https://git.kernel.org/linus/f94c1a114ac209977bdf5ca841b98424295ab1f0 (6.18-rc7)", "https://git.kernel.org/stable/c/542f45486f1ce2d2dde75bd85aca0389ef7046c3", "https://git.kernel.org/stable/c/715d9cda646a8a38ea8b2bb5afb679a7464055e2", "https://git.kernel.org/stable/c/90e51e20bcec9bff5b2421ce1bd95704764655f5", "https://git.kernel.org/stable/c/c70df6c17d389cc743f0eb30160e2d6bc6910db8", "https://git.kernel.org/stable/c/f94c1a114ac209977bdf5ca841b98424295ab1f0", "https://linux.oracle.com/cve/CVE-2025-40251.html", "https://linux.oracle.com/errata/ELSA-2026-50112.html", "https://lore.kernel.org/linux-cve-announce/2025120431-CVE-2025-40251-7db7@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40251", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40251" ], "PublishedDate": "2025-12-04T16:16:18.663Z", "LastModifiedDate": "2026-02-26T15:52:30.673Z" }, { "VulnerabilityID": "CVE-2025-40252", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40252", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:20115a8a41f758482c249e3beb97f5677d98e14e7ee18f1b70d8bbfa0c9e63c1", "Title": "kernel: net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end()\n\nThe loops in 'qede_tpa_cont()' and 'qede_tpa_end()', iterate\nover 'cqe-\u003elen_list[]' using only a zero-length terminator as\nthe stopping condition. If the terminator was missing or\nmalformed, the loop could run past the end of the fixed-size array.\n\nAdd an explicit bound check using ARRAY_SIZE() in both loops to prevent\na potential out-of-bounds access.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40252", "https://git.kernel.org/linus/896f1a2493b59beb2b5ccdf990503dbb16cb2256 (6.18-rc7)", "https://git.kernel.org/stable/c/896f1a2493b59beb2b5ccdf990503dbb16cb2256", "https://git.kernel.org/stable/c/917a9d02182ac8b4f25eb47dc02f3ec679608c24", "https://git.kernel.org/stable/c/a778912b4a53587ea07d85526d152f85d109cbfe", "https://git.kernel.org/stable/c/e441db07f208184e0466abf44b389a81d70c340e", "https://git.kernel.org/stable/c/ecbb12caf399d7cf364b7553ed5aebeaa2f255bc", "https://git.kernel.org/stable/c/f0923011c1261b33a2ac1de349256d39cb750dd0", "https://linux.oracle.com/cve/CVE-2025-40252.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025120431-CVE-2025-40252-2d9b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40252", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40252" ], "PublishedDate": "2025-12-04T16:16:18.807Z", "LastModifiedDate": "2025-12-06T22:15:52.793Z" }, { "VulnerabilityID": "CVE-2025-40253", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40253", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:bffb02e3b2539d57beb226cd6acf5dfed43e044b5058d78b0965a09d8630d664", "Title": "kernel: s390/ctcm: Fix double-kfree", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/ctcm: Fix double-kfree\n\nThe function 'mpc_rcvd_sweep_req(mpcginfo)' is called conditionally\nfrom function 'ctcmpc_unpack_skb'. It frees passed mpcginfo.\nAfter that a call to function 'kfree' in function 'ctcmpc_unpack_skb'\nfrees it again.\n\nRemove 'kfree' call in function 'mpc_rcvd_sweep_req(mpcginfo)'.\n\nBug detected by the clang static analyzer.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40253", "https://git.kernel.org/linus/da02a1824884d6c84c5e5b5ac373b0c9e3288ec2 (6.18-rc7)", "https://git.kernel.org/stable/c/06f1dd1de0d33dbfbd2e1fc9fc57d8895f730de2", "https://git.kernel.org/stable/c/3b177b2ded563df16f6d5920671ffcfe5915d472", "https://git.kernel.org/stable/c/43096dab8cc60fc39133205fd149a54d3acebea8", "https://git.kernel.org/stable/c/6bf8ccaabce8cebb6cb1f255c93d0acdfe95c17a", "https://git.kernel.org/stable/c/7616e2eee679746d526c7f5befd4eedb995935b5", "https://git.kernel.org/stable/c/7ff76f8dc6b550f8d16487bf3cebc278be720b5c", "https://git.kernel.org/stable/c/b9dbfb1b5699f9f1e4991f96741bdf9047147589", "https://git.kernel.org/stable/c/da02a1824884d6c84c5e5b5ac373b0c9e3288ec2", "https://lore.kernel.org/linux-cve-announce/2025120431-CVE-2025-40253-e855@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40253", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40253" ], "PublishedDate": "2025-12-04T16:16:18.937Z", "LastModifiedDate": "2025-12-06T22:15:52.95Z" }, { "VulnerabilityID": "CVE-2025-40254", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40254", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:558112850170221d9b23a3d5967b7966c501b06b15048fafd03e1d39f4e9aa21", "Title": "kernel: net: openvswitch: remove never-working support for setting nsh fields", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: remove never-working support for setting nsh fields\n\nThe validation of the set(nsh(...)) action is completely wrong.\nIt runs through the nsh_key_put_from_nlattr() function that is the\nsame function that validates NSH keys for the flow match and the\npush_nsh() action. However, the set(nsh(...)) has a very different\nmemory layout. Nested attributes in there are doubled in size in\ncase of the masked set(). That makes proper validation impossible.\n\nThere is also confusion in the code between the 'masked' flag, that\nsays that the nested attributes are doubled in size containing both\nthe value and the mask, and the 'is_mask' that says that the value\nwe're parsing is the mask. This is causing kernel crash on trying to\nwrite into mask part of the match with SW_FLOW_KEY_PUT() during\nvalidation, while validate_nsh() doesn't allocate any memory for it:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000018\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 1c2383067 P4D 1c2383067 PUD 20b703067 PMD 0\n Oops: Oops: 0000 [#1] SMP NOPTI\n CPU: 8 UID: 0 Kdump: loaded Not tainted 6.17.0-rc4+ #107 PREEMPT(voluntary)\n RIP: 0010:nsh_key_put_from_nlattr+0x19d/0x610 [openvswitch]\n Call Trace:\n \u003cTASK\u003e\n validate_nsh+0x60/0x90 [openvswitch]\n validate_set.constprop.0+0x270/0x3c0 [openvswitch]\n __ovs_nla_copy_actions+0x477/0x860 [openvswitch]\n ovs_nla_copy_actions+0x8d/0x100 [openvswitch]\n ovs_packet_cmd_execute+0x1cc/0x310 [openvswitch]\n genl_family_rcv_msg_doit+0xdb/0x130\n genl_family_rcv_msg+0x14b/0x220\n genl_rcv_msg+0x47/0xa0\n netlink_rcv_skb+0x53/0x100\n genl_rcv+0x24/0x40\n netlink_unicast+0x280/0x3b0\n netlink_sendmsg+0x1f7/0x430\n ____sys_sendmsg+0x36b/0x3a0\n ___sys_sendmsg+0x87/0xd0\n __sys_sendmsg+0x6d/0xd0\n do_syscall_64+0x7b/0x2c0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe third issue with this process is that while trying to convert\nthe non-masked set into masked one, validate_set() copies and doubles\nthe size of the OVS_KEY_ATTR_NSH as if it didn't have any nested\nattributes. It should be copying each nested attribute and doubling\nthem in size independently. And the process must be properly reversed\nduring the conversion back from masked to a non-masked variant during\nthe flow dump.\n\nIn the end, the only two outcomes of trying to use this action are\neither validation failure or a kernel crash. And if somehow someone\nmanages to install a flow with such an action, it will most definitely\nnot do what it is supposed to, since all the keys and the masks are\nmixed up.\n\nFixing all the issues is a complex task as it requires re-writing\nmost of the validation code.\n\nGiven that and the fact that this functionality never worked since\nintroduction, let's just remove it altogether. It's better to\nre-introduce it later with a proper implementation instead of trying\nto fix it in stable releases.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40254", "https://git.kernel.org/linus/dfe28c4167a9259fc0c372d9f9473e1ac95cff67 (6.18-rc7)", "https://git.kernel.org/stable/c/0b903f33c31c82b1c3591279fd8a23893802b987", "https://git.kernel.org/stable/c/3415faa1fcb4150f29a72c5ecf959339d797feb7", "https://git.kernel.org/stable/c/3d2e7d3b28469081ccf08301df07cc411a1cc5e9", "https://git.kernel.org/stable/c/4689ba45296dbb3a47e70a1bc2ed0328263e48f3", "https://git.kernel.org/stable/c/87d2429381ddcf8cbd30c8c36793a4f7916d5f99", "https://git.kernel.org/stable/c/9c61d8fe1350b7322f4953318165d6719c3b1475", "https://git.kernel.org/stable/c/dfe28c4167a9259fc0c372d9f9473e1ac95cff67", "https://git.kernel.org/stable/c/f95bef5ba0b88d971b02c776f24bd17544930a3a", "https://linux.oracle.com/cve/CVE-2025-40254.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025120432-CVE-2025-40254-736a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40254", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40254" ], "PublishedDate": "2025-12-04T16:16:19.08Z", "LastModifiedDate": "2025-12-06T22:15:53.113Z" }, { "VulnerabilityID": "CVE-2025-40257", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40257", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:380975cb5b0eed02273bd9bd3e5a975c47277c1633c772cd6ed6354e6f7a5897", "Title": "kernel: Linux kernel MPTCP: Privilege escalation or denial of service via use-after-free in timer handling", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix a race in mptcp_pm_del_add_timer()\n\nmptcp_pm_del_add_timer() can call sk_stop_timer_sync(sk, \u0026entry-\u003eadd_timer)\nwhile another might have free entry already, as reported by syzbot.\n\nAdd RCU protection to fix this issue.\n\nAlso change confusing add_timer variable with stop_timer boolean.\n\nsyzbot report:\n\nBUG: KASAN: slab-use-after-free in __timer_delete_sync+0x372/0x3f0 kernel/time/timer.c:1616\nRead of size 4 at addr ffff8880311e4150 by task kworker/1:1/44\n\nCPU: 1 UID: 0 PID: 44 Comm: kworker/1:1 Not tainted syzkaller #0 PREEMPT_{RT,(full)}\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025\nWorkqueue: events mptcp_worker\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x240 mm/kasan/report.c:482\n kasan_report+0x118/0x150 mm/kasan/report.c:595\n __timer_delete_sync+0x372/0x3f0 kernel/time/timer.c:1616\n sk_stop_timer_sync+0x1b/0x90 net/core/sock.c:3631\n mptcp_pm_del_add_timer+0x283/0x310 net/mptcp/pm.c:362\n mptcp_incoming_options+0x1357/0x1f60 net/mptcp/options.c:1174\n tcp_data_queue+0xca/0x6450 net/ipv4/tcp_input.c:5361\n tcp_rcv_established+0x1335/0x2670 net/ipv4/tcp_input.c:6441\n tcp_v4_do_rcv+0x98b/0xbf0 net/ipv4/tcp_ipv4.c:1931\n tcp_v4_rcv+0x252a/0x2dc0 net/ipv4/tcp_ipv4.c:2374\n ip_protocol_deliver_rcu+0x221/0x440 net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x3bb/0x6f0 net/ipv4/ip_input.c:239\n NF_HOOK+0x30c/0x3a0 include/linux/netfilter.h:318\n NF_HOOK+0x30c/0x3a0 include/linux/netfilter.h:318\n __netif_receive_skb_one_core net/core/dev.c:6079 [inline]\n __netif_receive_skb+0x143/0x380 net/core/dev.c:6192\n process_backlog+0x31e/0x900 net/core/dev.c:6544\n __napi_poll+0xb6/0x540 net/core/dev.c:7594\n napi_poll net/core/dev.c:7657 [inline]\n net_rx_action+0x5f7/0xda0 net/core/dev.c:7784\n handle_softirqs+0x22f/0x710 kernel/softirq.c:622\n __do_softirq kernel/softirq.c:656 [inline]\n __local_bh_enable_ip+0x1a0/0x2e0 kernel/softirq.c:302\n mptcp_pm_send_ack net/mptcp/pm.c:210 [inline]\n mptcp_pm_addr_send_ack+0x41f/0x500 net/mptcp/pm.c:-1\n mptcp_pm_worker+0x174/0x320 net/mptcp/pm.c:1002\n mptcp_worker+0xd5/0x1170 net/mptcp/protocol.c:2762\n process_one_work kernel/workqueue.c:3263 [inline]\n process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3346\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3427\n kthread+0x711/0x8a0 kernel/kthread.c:463\n ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nAllocated by task 44:\n kasan_save_stack mm/kasan/common.c:56 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:77\n poison_kmalloc_redzone mm/kasan/common.c:400 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:417\n kasan_kmalloc include/linux/kasan.h:262 [inline]\n __kmalloc_cache_noprof+0x1ef/0x6c0 mm/slub.c:5748\n kmalloc_noprof include/linux/slab.h:957 [inline]\n mptcp_pm_alloc_anno_list+0x104/0x460 net/mptcp/pm.c:385\n mptcp_pm_create_subflow_or_signal_addr+0xf9d/0x1360 net/mptcp/pm_kernel.c:355\n mptcp_pm_nl_fully_established net/mptcp/pm_kernel.c:409 [inline]\n __mptcp_pm_kernel_worker+0x417/0x1ef0 net/mptcp/pm_kernel.c:1529\n mptcp_pm_worker+0x1ee/0x320 net/mptcp/pm.c:1008\n mptcp_worker+0xd5/0x1170 net/mptcp/protocol.c:2762\n process_one_work kernel/workqueue.c:3263 [inline]\n process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3346\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3427\n kthread+0x711/0x8a0 kernel/kthread.c:463\n ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n\nFreed by task 6630:\n kasan_save_stack mm/kasan/common.c:56 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:77\n __kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:587\n kasan_save_free_info mm/kasan/kasan.h:406 [inline]\n poison_slab_object m\n---truncated---", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40257", "https://git.kernel.org/linus/426358d9be7ce3518966422f87b96f1bad27295f (6.18-rc7)", "https://git.kernel.org/stable/c/385ddc0f008f24d1e7d03be998b3a98a37bd29ff", "https://git.kernel.org/stable/c/426358d9be7ce3518966422f87b96f1bad27295f", "https://git.kernel.org/stable/c/6d3275d4ca62e2c02e1b7e8cd32db59df91c14b7", "https://git.kernel.org/stable/c/9be29f8e7ce4e147e56caac2c3a0ce3573cf9c17", "https://git.kernel.org/stable/c/bbbd75346c8e6490b19c2ba90f38ea66ccf352b2", "https://git.kernel.org/stable/c/c602cc344b4b8d41515fec3ffa98457ac963ee12", "https://git.kernel.org/stable/c/e2d1ad207174a7cd7903dd27a00db4b2dfa6c64b", "https://linux.oracle.com/cve/CVE-2025-40257.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025120433-CVE-2025-40257-53e6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40257", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40257" ], "PublishedDate": "2025-12-04T16:16:19.503Z", "LastModifiedDate": "2025-12-06T22:15:53.257Z" }, { "VulnerabilityID": "CVE-2025-40258", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40258", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:841a30d6375d6e5ec9729003edb68b66480392f6170ada4c6c11e91d31c8cb9c", "Title": "kernel: mptcp: fix race condition in mptcp_schedule_work()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix race condition in mptcp_schedule_work()\n\nsyzbot reported use-after-free in mptcp_schedule_work() [1]\n\nIssue here is that mptcp_schedule_work() schedules a work,\nthen gets a refcount on sk-\u003esk_refcnt if the work was scheduled.\nThis refcount will be released by mptcp_worker().\n\n[A] if (schedule_work(...)) {\n[B] sock_hold(sk);\n return true;\n }\n\nProblem is that mptcp_worker() can run immediately and complete before [B]\n\nWe need instead :\n\n sock_hold(sk);\n if (schedule_work(...))\n return true;\n sock_put(sk);\n\n[1]\nrefcount_t: addition on 0; use-after-free.\n WARNING: CPU: 1 PID: 29 at lib/refcount.c:25 refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:25\nCall Trace:\n \u003cTASK\u003e\n __refcount_add include/linux/refcount.h:-1 [inline]\n __refcount_inc include/linux/refcount.h:366 [inline]\n refcount_inc include/linux/refcount.h:383 [inline]\n sock_hold include/net/sock.h:816 [inline]\n mptcp_schedule_work+0x164/0x1a0 net/mptcp/protocol.c:943\n mptcp_tout_timer+0x21/0xa0 net/mptcp/protocol.c:2316\n call_timer_fn+0x17e/0x5f0 kernel/time/timer.c:1747\n expire_timers kernel/time/timer.c:1798 [inline]\n __run_timers kernel/time/timer.c:2372 [inline]\n __run_timer_base+0x648/0x970 kernel/time/timer.c:2384\n run_timer_base kernel/time/timer.c:2393 [inline]\n run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2403\n handle_softirqs+0x22f/0x710 kernel/softirq.c:622\n __do_softirq kernel/softirq.c:656 [inline]\n run_ktimerd+0xcf/0x190 kernel/softirq.c:1138\n smpboot_thread_fn+0x542/0xa60 kernel/smpboot.c:160\n kthread+0x711/0x8a0 kernel/kthread.c:463\n ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245", "Severity": "MEDIUM", "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1143", "https://access.redhat.com/security/cve/CVE-2025-40258", "https://bugzilla.redhat.com/2376052", "https://bugzilla.redhat.com/2381870", "https://bugzilla.redhat.com/2393488", "https://bugzilla.redhat.com/2418872", "https://bugzilla.redhat.com/2418876", "https://bugzilla.redhat.com/2419891", "https://bugzilla.redhat.com/2422836", "https://bugzilla.redhat.com/2422840", "https://bugzilla.redhat.com/show_bug.cgi?id=2376052", "https://bugzilla.redhat.com/show_bug.cgi?id=2381870", "https://bugzilla.redhat.com/show_bug.cgi?id=2393488", "https://bugzilla.redhat.com/show_bug.cgi?id=2418872", "https://bugzilla.redhat.com/show_bug.cgi?id=2418876", "https://bugzilla.redhat.com/show_bug.cgi?id=2419891", "https://bugzilla.redhat.com/show_bug.cgi?id=2422836", "https://bugzilla.redhat.com/show_bug.cgi?id=2422840", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38141", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38349", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38731", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40248", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40258", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40294", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68301", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68305", "https://errata.almalinux.org/9/ALSA-2026-1143.html", "https://errata.rockylinux.org/RLSA-2026:1143", "https://git.kernel.org/linus/035bca3f017ee9dea3a5a756e77a6f7138cc6eea (6.18-rc7)", "https://git.kernel.org/stable/c/035bca3f017ee9dea3a5a756e77a6f7138cc6eea", "https://git.kernel.org/stable/c/3fc7723ed01d1130d4bf7063c50e0af60ecccbb4", "https://git.kernel.org/stable/c/8f9ba1a99a89feef9b5867c15a0141a97e893309", "https://git.kernel.org/stable/c/99908e2d601236842d705d5fd04fb349577316f5", "https://git.kernel.org/stable/c/ac28dfddedf6f209190950fc71bcff65ec4ab47b", "https://git.kernel.org/stable/c/db4f7968a75250ca6c4ed70d0a78beabb2dcee18", "https://git.kernel.org/stable/c/f865e6595acf33083168db76921e66ace8bf0e5b", "https://linux.oracle.com/cve/CVE-2025-40258.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025120433-CVE-2025-40258-d10d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40258", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40258" ], "PublishedDate": "2025-12-04T16:16:19.64Z", "LastModifiedDate": "2025-12-06T22:15:53.387Z" }, { "VulnerabilityID": "CVE-2025-40259", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40259", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d7d116b092e07153b59832e1ca1c25a11b4147b8b2223f0af1b6d310c5f0961b", "Title": "kernel: scsi: sg: Do not sleep in atomic context", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: sg: Do not sleep in atomic context\n\nsg_finish_rem_req() calls blk_rq_unmap_user(). The latter function may\nsleep. Hence, call sg_finish_rem_req() with interrupts enabled instead\nof disabled.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40259", "https://git.kernel.org/linus/90449f2d1e1f020835cba5417234636937dd657e (6.18-rc7)", "https://git.kernel.org/stable/c/109afbd88ecc46b6cc7551367222387e97999765", "https://git.kernel.org/stable/c/11eeee00c94d770d4e45364060b5f1526dfe567b", "https://git.kernel.org/stable/c/3dfd520c3b4ffe69e0630c580717d40447ab842f", "https://git.kernel.org/stable/c/6983d8375c040bb449d2187f4a57a20de01244fe", "https://git.kernel.org/stable/c/90449f2d1e1f020835cba5417234636937dd657e", "https://git.kernel.org/stable/c/b2c0340cfa25c5c1f65e8590cc1a2dc97d14ef0f", "https://git.kernel.org/stable/c/b343cee5df7e750d9033fba33e96fc4399fa88a5", "https://git.kernel.org/stable/c/db6ac8703ab2b473e1ec845f57f6dd961a388d9f", "https://linux.oracle.com/cve/CVE-2025-40259.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025120433-CVE-2025-40259-86e9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40259", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40259" ], "PublishedDate": "2025-12-04T16:16:19.79Z", "LastModifiedDate": "2025-12-06T22:15:53.517Z" }, { "VulnerabilityID": "CVE-2025-40261", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40261", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b4251c8e9309b7e871e70d71da5ee355350697e1e2d10d76c5b48ccf77f0ebcc", "Title": "kernel: nvme: nvme-fc: Ensure -\u003eioerr_work is cancelled in nvme_fc_delete_ctrl()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: nvme-fc: Ensure -\u003eioerr_work is cancelled in nvme_fc_delete_ctrl()\n\nnvme_fc_delete_assocation() waits for pending I/O to complete before\nreturning, and an error can cause -\u003eioerr_work to be queued after\ncancel_work_sync() had been called. Move the call to cancel_work_sync() to\nbe after nvme_fc_delete_association() to ensure -\u003eioerr_work is not running\nwhen the nvme_fc_ctrl object is freed. Otherwise the following can occur:\n\n[ 1135.911754] list_del corruption, ff2d24c8093f31f8-\u003enext is NULL\n[ 1135.917705] ------------[ cut here ]------------\n[ 1135.922336] kernel BUG at lib/list_debug.c:52!\n[ 1135.926784] Oops: invalid opcode: 0000 [#1] SMP NOPTI\n[ 1135.931851] CPU: 48 UID: 0 PID: 726 Comm: kworker/u449:23 Kdump: loaded Not tainted 6.12.0 #1 PREEMPT(voluntary)\n[ 1135.943490] Hardware name: Dell Inc. PowerEdge R660/0HGTK9, BIOS 2.5.4 01/16/2025\n[ 1135.950969] Workqueue: 0x0 (nvme-wq)\n[ 1135.954673] RIP: 0010:__list_del_entry_valid_or_report.cold+0xf/0x6f\n[ 1135.961041] Code: c7 c7 98 68 72 94 e8 26 45 fe ff 0f 0b 48 c7 c7 70 68 72 94 e8 18 45 fe ff 0f 0b 48 89 fe 48 c7 c7 80 69 72 94 e8 07 45 fe ff \u003c0f\u003e 0b 48 89 d1 48 c7 c7 a0 6a 72 94 48 89 c2 e8 f3 44 fe ff 0f 0b\n[ 1135.979788] RSP: 0018:ff579b19482d3e50 EFLAGS: 00010046\n[ 1135.985015] RAX: 0000000000000033 RBX: ff2d24c8093f31f0 RCX: 0000000000000000\n[ 1135.992148] RDX: 0000000000000000 RSI: ff2d24d6bfa1d0c0 RDI: ff2d24d6bfa1d0c0\n[ 1135.999278] RBP: ff2d24c8093f31f8 R08: 0000000000000000 R09: ffffffff951e2b08\n[ 1136.006413] R10: ffffffff95122ac8 R11: 0000000000000003 R12: ff2d24c78697c100\n[ 1136.013546] R13: fffffffffffffff8 R14: 0000000000000000 R15: ff2d24c78697c0c0\n[ 1136.020677] FS: 0000000000000000(0000) GS:ff2d24d6bfa00000(0000) knlGS:0000000000000000\n[ 1136.028765] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 1136.034510] CR2: 00007fd207f90b80 CR3: 000000163ea22003 CR4: 0000000000f73ef0\n[ 1136.041641] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 1136.048776] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\n[ 1136.055910] PKRU: 55555554\n[ 1136.058623] Call Trace:\n[ 1136.061074] \u003cTASK\u003e\n[ 1136.063179] ? show_trace_log_lvl+0x1b0/0x2f0\n[ 1136.067540] ? show_trace_log_lvl+0x1b0/0x2f0\n[ 1136.071898] ? move_linked_works+0x4a/0xa0\n[ 1136.075998] ? __list_del_entry_valid_or_report.cold+0xf/0x6f\n[ 1136.081744] ? __die_body.cold+0x8/0x12\n[ 1136.085584] ? die+0x2e/0x50\n[ 1136.088469] ? do_trap+0xca/0x110\n[ 1136.091789] ? do_error_trap+0x65/0x80\n[ 1136.095543] ? __list_del_entry_valid_or_report.cold+0xf/0x6f\n[ 1136.101289] ? exc_invalid_op+0x50/0x70\n[ 1136.105127] ? __list_del_entry_valid_or_report.cold+0xf/0x6f\n[ 1136.110874] ? asm_exc_invalid_op+0x1a/0x20\n[ 1136.115059] ? __list_del_entry_valid_or_report.cold+0xf/0x6f\n[ 1136.120806] move_linked_works+0x4a/0xa0\n[ 1136.124733] worker_thread+0x216/0x3a0\n[ 1136.128485] ? __pfx_worker_thread+0x10/0x10\n[ 1136.132758] kthread+0xfa/0x240\n[ 1136.135904] ? __pfx_kthread+0x10/0x10\n[ 1136.139657] ret_from_fork+0x31/0x50\n[ 1136.143236] ? __pfx_kthread+0x10/0x10\n[ 1136.146988] ret_from_fork_asm+0x1a/0x30\n[ 1136.150915] \u003c/TASK\u003e", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 6.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40261", "https://git.kernel.org/linus/0a2c5495b6d1ecb0fa18ef6631450f391a888256 (6.18-rc7)", "https://git.kernel.org/stable/c/0a2c5495b6d1ecb0fa18ef6631450f391a888256", "https://git.kernel.org/stable/c/33f64600a12055219bda38b55320c62cdeda9167", "https://git.kernel.org/stable/c/3d78e8e01251da032a5f7cbc9728e4ab1a5a5464", "https://git.kernel.org/stable/c/48ae433c6cc6985f647b1b37d8bb002972cf9bdb", "https://git.kernel.org/stable/c/60ba31330faf5677e2eebef7eac62ea9e42a200d", "https://git.kernel.org/stable/c/9610a2c162ef729a3988213a4604376e492f6f44", "https://git.kernel.org/stable/c/fbd5741a556eaaa63d0908132ca79d335b58b1cd", "https://linux.oracle.com/cve/CVE-2025-40261.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025120434-CVE-2025-40261-0531@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40261", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40261" ], "PublishedDate": "2025-12-04T16:16:20.053Z", "LastModifiedDate": "2026-03-25T11:16:13.327Z" }, { "VulnerabilityID": "CVE-2025-40262", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40262", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f0c298b49533c2b0fa723d71de7efdefc039c9e0156f45f23592bd575e1bd103", "Title": "kernel: Input: imx_sc_key - fix memory corruption on unload", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: imx_sc_key - fix memory corruption on unload\n\nThis is supposed to be \"priv\" but we accidentally pass \"\u0026priv\" which is\nan address in the stack and so it will lead to memory corruption when\nthe imx_sc_key_action() function is called. Remove the \u0026.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40262", "https://git.kernel.org/linus/d83f1512758f4ef6fc5e83219fe7eeeb6b428ea4 (6.18-rc7)", "https://git.kernel.org/stable/c/3e96803b169dc948847f0fc2bae729a80914eb7b", "https://git.kernel.org/stable/c/4ce5218b101205b3425099fe3df88a61b58f9cc2", "https://git.kernel.org/stable/c/56881294915a6e866d31a46f9bcb5e19167cfbaa", "https://git.kernel.org/stable/c/6524a15d33951b18ac408ebbcb9c16e14e21c336", "https://git.kernel.org/stable/c/a155292c3ce722036014da5477ee0e4c87b5e6b3", "https://git.kernel.org/stable/c/ca9a08de9b294422376f47ade323d69590dbc6f2", "https://git.kernel.org/stable/c/d83f1512758f4ef6fc5e83219fe7eeeb6b428ea4", "https://lore.kernel.org/linux-cve-announce/2025120434-CVE-2025-40262-ba54@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40262", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40262" ], "PublishedDate": "2025-12-04T16:16:20.2Z", "LastModifiedDate": "2025-12-06T22:15:53.783Z" }, { "VulnerabilityID": "CVE-2025-40263", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40263", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:deafdc6cdce75d4d0e0ae85da93aae24824bcc4751239c676b380c465bd85f2a", "Title": "kernel: Input: cros_ec_keyb - fix an invalid memory access", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: cros_ec_keyb - fix an invalid memory access\n\nIf cros_ec_keyb_register_matrix() isn't called (due to\n`buttons_switches_only`) in cros_ec_keyb_probe(), `ckdev-\u003eidev` remains\nNULL. An invalid memory access is observed in cros_ec_keyb_process()\nwhen receiving an EC_MKBP_EVENT_KEY_MATRIX event in cros_ec_keyb_work()\nin such case.\n\n Unable to handle kernel read from unreadable memory at virtual address 0000000000000028\n ...\n x3 : 0000000000000000 x2 : 0000000000000000\n x1 : 0000000000000000 x0 : 0000000000000000\n Call trace:\n input_event\n cros_ec_keyb_work\n blocking_notifier_call_chain\n ec_irq_thread\n\nIt's still unknown about why the kernel receives such malformed event,\nin any cases, the kernel shouldn't access `ckdev-\u003eidev` and friends if\nthe driver doesn't intend to initialize them.", "Severity": "MEDIUM", "VendorSeverity": { "oracle-oval": 3, "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40263", "https://git.kernel.org/linus/e08969c4d65ac31297fcb4d31d4808c789152f68 (6.18-rc7)", "https://git.kernel.org/stable/c/2d251c15c27e2dd16d6318425d2f7260cbd47d39", "https://git.kernel.org/stable/c/6d81068685154535af06163eb585d6d9663ec7ec", "https://git.kernel.org/stable/c/7bfd959187f2c7584bb43280bbc7b2846e7a5085", "https://git.kernel.org/stable/c/9cf59f4724a9ee06ebb06c76b8678ac322e850b7", "https://git.kernel.org/stable/c/d74864291cb8bd784d44d1d02e87109cf88666bb", "https://git.kernel.org/stable/c/e08969c4d65ac31297fcb4d31d4808c789152f68", "https://linux.oracle.com/cve/CVE-2025-40263.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025120434-CVE-2025-40263-bfaa@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40263", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40263" ], "PublishedDate": "2025-12-04T16:16:20.34Z", "LastModifiedDate": "2026-01-02T16:16:56.563Z" }, { "VulnerabilityID": "CVE-2025-40264", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40264", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8529df5e53a24729dd2033c0d6905899dfbacc197914e0e9bedff05ed8a0314d", "Title": "kernel: Linux kernel: be2net driver NULL pointer dereference leading to denial of service", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbe2net: pass wrb_params in case of OS2BMC\n\nbe_insert_vlan_in_pkt() is called with the wrb_params argument being NULL\nat be_send_pkt_to_bmc() call site.  This may lead to dereferencing a NULL\npointer when processing a workaround for specific packet, as commit\nbc0c3405abbb (\"be2net: fix a Tx stall bug caused by a specific ipv6\npacket\") states.\n\nThe correct way would be to pass the wrb_params from be_xmit().", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40264", "https://git.kernel.org/linus/7d277a7a58578dd62fd546ddaef459ec24ccae36 (6.18-rc7)", "https://git.kernel.org/stable/c/012ee5882b1830db469194466a210768ed207388", "https://git.kernel.org/stable/c/1ecd86ec6efddb59a10c927e8e679f183bb9113e", "https://git.kernel.org/stable/c/48d59b60dd5d7e4c48c077a2008c9dcd7b59bdfe", "https://git.kernel.org/stable/c/4c4741f6e7f2fa4e1486cb61e1c15b9236ec134d", "https://git.kernel.org/stable/c/630360c6724e27f1aa494ba3fffe1e38c4205284", "https://git.kernel.org/stable/c/7d277a7a58578dd62fd546ddaef459ec24ccae36", "https://git.kernel.org/stable/c/ce0a3699244aca3acb659f143c9cb1327b210f89", "https://git.kernel.org/stable/c/f499dfa5c98e92e72dd454eb95a1000a448f3405", "https://linux.oracle.com/cve/CVE-2025-40264.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025120435-CVE-2025-40264-4001@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40264", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40264" ], "PublishedDate": "2025-12-04T16:16:20.51Z", "LastModifiedDate": "2025-12-06T22:15:54.067Z" }, { "VulnerabilityID": "CVE-2025-40266", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40266", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:790d4c20ab7fd0263b64a843c0eb2600ae03b112de29a9cf573194a515fafe03", "Title": "kernel: KVM: arm64: Check the untrusted offset in FF-A memory share", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Check the untrusted offset in FF-A memory share\n\nVerify the offset to prevent OOB access in the hypervisor\nFF-A buffer in case an untrusted large enough value\n[U32_MAX - sizeof(struct ffa_composite_mem_region) + 1, U32_MAX]\nis set from the host kernel.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40266", "https://git.kernel.org/linus/103e17aac09cdd358133f9e00998b75d6c1f1518 (6.18-rc6)", "https://git.kernel.org/stable/c/103e17aac09cdd358133f9e00998b75d6c1f1518", "https://git.kernel.org/stable/c/bc1909ef38788f2ee3d8011d70bf029948433051", "https://git.kernel.org/stable/c/f9f1aed6c8a3427900da3121e1868124854569c3", "https://git.kernel.org/stable/c/fc3139d9f4c1fe1c7d5f25f99676bd8e9c6a1041", "https://linux.oracle.com/cve/CVE-2025-40266.html", "https://linux.oracle.com/errata/ELSA-2026-50112.html", "https://lore.kernel.org/linux-cve-announce/2025120435-CVE-2025-40266-30a1@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40266", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40266" ], "PublishedDate": "2025-12-04T16:16:20.787Z", "LastModifiedDate": "2025-12-04T17:15:08.283Z" }, { "VulnerabilityID": "CVE-2025-40268", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40268", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e93f8e8bfa45b88f695d7dbf6a5f8689c74789b59987dc762a5d13c71513c532", "Title": "kernel: cifs: client: fix memory leak in smb3_fs_context_parse_param", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: client: fix memory leak in smb3_fs_context_parse_param\n\nThe user calls fsconfig twice, but when the program exits, free() only\nfrees ctx-\u003esource for the second fsconfig, not the first.\nRegarding fc-\u003esource, there is no code in the fs context related to its\nmemory reclamation.\n\nTo fix this memory leak, release the source memory corresponding to ctx\nor fc before each parsing.\n\nsyzbot reported:\nBUG: memory leak\nunreferenced object 0xffff888128afa360 (size 96):\n backtrace (crc 79c9c7ba):\n kstrdup+0x3c/0x80 mm/util.c:84\n smb3_fs_context_parse_param+0x229b/0x36c0 fs/smb/client/fs_context.c:1444\n\nBUG: memory leak\nunreferenced object 0xffff888112c7d900 (size 96):\n backtrace (crc 79c9c7ba):\n smb3_fs_context_fullpath+0x70/0x1b0 fs/smb/client/fs_context.c:629\n smb3_fs_context_parse_param+0x2266/0x36c0 fs/smb/client/fs_context.c:1438", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40268", "https://git.kernel.org/linus/e8c73eb7db0a498cd4b22d2819e6ab1a6f506bd6 (6.18-rc6)", "https://git.kernel.org/stable/c/4515743cc7a42e1d67468402a6420c195532a6fa", "https://git.kernel.org/stable/c/48c17341577e25a22feb13d694374b61d974edbc", "https://git.kernel.org/stable/c/868fc62811d3fabcf5685e14f36377a855d5412d", "https://git.kernel.org/stable/c/e8c73eb7db0a498cd4b22d2819e6ab1a6f506bd6", "https://linux.oracle.com/cve/CVE-2025-40268.html", "https://linux.oracle.com/errata/ELSA-2026-50006.html", "https://lore.kernel.org/linux-cve-announce/2025120715-CVE-2025-40268-390a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40268", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40268" ], "PublishedDate": "2025-12-06T22:15:54.327Z", "LastModifiedDate": "2025-12-08T18:26:49.133Z" }, { "VulnerabilityID": "CVE-2025-40269", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40269", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:46ecae65f46d7379a22cb7a1d455077d50ec92b9a1e36ae5cc97509c286a9fb3", "Title": "kernel: Linux kernel ALSA USB audio driver: Buffer overflow leading to information disclosure and denial of service", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix potential overflow of PCM transfer buffer\n\nThe PCM stream data in USB-audio driver is transferred over USB URB\npacket buffers, and each packet size is determined dynamically. The\npacket sizes are limited by some factors such as wMaxPacketSize USB\ndescriptor. OTOH, in the current code, the actually used packet sizes\nare determined only by the rate and the PPS, which may be bigger than\nthe size limit above. This results in a buffer overflow, as reported\nby syzbot.\n\nBasically when the limit is smaller than the calculated packet size,\nit implies that something is wrong, most likely a weird USB\ndescriptor. So the best option would be just to return an error at\nthe parameter setup time before doing any further operations.\n\nThis patch introduces such a sanity check, and returns -EINVAL when\nthe packet size is greater than maxpacksize. The comparison with\nep-\u003epacksize[1] alone should suffice since it's always equal or\ngreater than ep-\u003epacksize[0].", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "azure": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H", "V3Score": 7.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:2212", "https://access.redhat.com/security/cve/CVE-2025-40269", "https://bugzilla.redhat.com/2363315", "https://bugzilla.redhat.com/2365032", "https://bugzilla.redhat.com/2373326", "https://bugzilla.redhat.com/2373354", "https://bugzilla.redhat.com/2383404", "https://bugzilla.redhat.com/2383421", "https://bugzilla.redhat.com/2383487", "https://bugzilla.redhat.com/2393191", "https://bugzilla.redhat.com/2394601", "https://bugzilla.redhat.com/2414506", "https://bugzilla.redhat.com/2414521", "https://bugzilla.redhat.com/2414522", "https://bugzilla.redhat.com/2414523", "https://bugzilla.redhat.com/2419837", "https://bugzilla.redhat.com/2419919", "https://bugzilla.redhat.com/2419920", "https://bugzilla.redhat.com/show_bug.cgi?id=2363315", "https://bugzilla.redhat.com/show_bug.cgi?id=2365032", "https://bugzilla.redhat.com/show_bug.cgi?id=2373326", "https://bugzilla.redhat.com/show_bug.cgi?id=2373354", "https://bugzilla.redhat.com/show_bug.cgi?id=2383404", "https://bugzilla.redhat.com/show_bug.cgi?id=2383421", "https://bugzilla.redhat.com/show_bug.cgi?id=2383487", "https://bugzilla.redhat.com/show_bug.cgi?id=2393191", "https://bugzilla.redhat.com/show_bug.cgi?id=2394601", "https://bugzilla.redhat.com/show_bug.cgi?id=2414506", "https://bugzilla.redhat.com/show_bug.cgi?id=2414521", "https://bugzilla.redhat.com/show_bug.cgi?id=2414522", "https://bugzilla.redhat.com/show_bug.cgi?id=2414523", "https://bugzilla.redhat.com/show_bug.cgi?id=2419837", "https://bugzilla.redhat.com/show_bug.cgi?id=2419919", "https://bugzilla.redhat.com/show_bug.cgi?id=2419920", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37789", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37819", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38022", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38024", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38403", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38415", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38459", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38730", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39760", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40135", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40141", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40158", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40170", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40269", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40271", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40318", "https://errata.almalinux.org/9/ALSA-2026-2212.html", "https://errata.rockylinux.org/RLSA-2026:2212", "https://git.kernel.org/linus/05a1fc5efdd8560f34a3af39c9cf1e1526cc3ddf (6.18-rc6)", "https://git.kernel.org/stable/c/05a1fc5efdd8560f34a3af39c9cf1e1526cc3ddf", "https://git.kernel.org/stable/c/217d47255a2ec8b246f2725f5db9ac3f1d4109d7", "https://git.kernel.org/stable/c/282aba56713bbc58155716b55ca7222b2d9cf3c8", "https://git.kernel.org/stable/c/480a1490c595a242f27493a4544b3efb21b29f6a", "https://git.kernel.org/stable/c/6a5da3fa80affc948923f20a4e086177f505e86e", "https://git.kernel.org/stable/c/98e9d5e33bda8db875cc1a4fe99c192658e45ab6", "https://git.kernel.org/stable/c/ab0b5e92fc36ee82c1bd01fe896d0f775ed5de41", "https://git.kernel.org/stable/c/c4dc012b027c9eb101583011089dea14d744e314", "https://git.kernel.org/stable/c/d2c04f20ccc6c0d219e6d3038bab45bc66a178ad", "https://git.kernel.org/stable/c/d67dde02049e632ba58d3c44a164a74b6a737154", "https://git.kernel.org/stable/c/e0ed5a36fb3ab9e7b9ee45cd17f09f6d5f594360", "https://git.kernel.org/stable/c/ece3b981bb6620e47fac826a2156c090b1a936a0", "https://git.kernel.org/stable/c/ef592bf2232a2daa9fffa8881881fc9957ea56e9", "https://linux.oracle.com/cve/CVE-2025-40269.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025120716-CVE-2025-40269-9769@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40269", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40269" ], "PublishedDate": "2025-12-06T22:15:54.467Z", "LastModifiedDate": "2026-01-02T16:16:56.773Z" }, { "VulnerabilityID": "CVE-2025-40271", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40271", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:32a42d622851b958007e5b016a07c8f9b84abfdba024b9e393452f7de0dac868", "Title": "kernel: Linux kernel: Use-after-free in proc_readdir_de() can lead to privilege escalation or denial of service.", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/proc: fix uaf in proc_readdir_de()\n\nPde is erased from subdir rbtree through rb_erase(), but not set the node\nto EMPTY, which may result in uaf access. We should use RB_CLEAR_NODE()\nset the erased node to EMPTY, then pde_subdir_next() will return NULL to\navoid uaf access.\n\nWe found an uaf issue while using stress-ng testing, need to run testcase\ngetdent and tun in the same time. The steps of the issue is as follows:\n\n1) use getdent to traverse dir /proc/pid/net/dev_snmp6/, and current\n pde is tun3;\n\n2) in the [time windows] unregister netdevice tun3 and tun2, and erase\n them from rbtree. erase tun3 first, and then erase tun2. the\n pde(tun2) will be released to slab;\n\n3) continue to getdent process, then pde_subdir_next() will return\n pde(tun2) which is released, it will case uaf access.\n\nCPU 0 | CPU 1\n-------------------------------------------------------------------------\ntraverse dir /proc/pid/net/dev_snmp6/ | unregister_netdevice(tun-\u003edev) //tun3 tun2\nsys_getdents64() |\n iterate_dir() |\n proc_readdir() |\n proc_readdir_de() | snmp6_unregister_dev()\n pde_get(de); | proc_remove()\n read_unlock(\u0026proc_subdir_lock); | remove_proc_subtree()\n | write_lock(\u0026proc_subdir_lock);\n [time window] | rb_erase(\u0026root-\u003esubdir_node, \u0026parent-\u003esubdir);\n | write_unlock(\u0026proc_subdir_lock);\n read_lock(\u0026proc_subdir_lock); |\n next = pde_subdir_next(de); |\n pde_put(de); |\n de = next; //UAF |\n\nrbtree of dev_snmp6\n |\n pde(tun3)\n / \\\n NULL pde(tun2)", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:2212", "https://access.redhat.com/security/cve/CVE-2025-40271", "https://bugzilla.redhat.com/2363315", "https://bugzilla.redhat.com/2365032", "https://bugzilla.redhat.com/2373326", "https://bugzilla.redhat.com/2373354", "https://bugzilla.redhat.com/2383404", "https://bugzilla.redhat.com/2383421", "https://bugzilla.redhat.com/2383487", "https://bugzilla.redhat.com/2393191", "https://bugzilla.redhat.com/2394601", "https://bugzilla.redhat.com/2414506", "https://bugzilla.redhat.com/2414521", "https://bugzilla.redhat.com/2414522", "https://bugzilla.redhat.com/2414523", "https://bugzilla.redhat.com/2419837", "https://bugzilla.redhat.com/2419919", "https://bugzilla.redhat.com/2419920", "https://bugzilla.redhat.com/show_bug.cgi?id=2363315", "https://bugzilla.redhat.com/show_bug.cgi?id=2365032", "https://bugzilla.redhat.com/show_bug.cgi?id=2373326", "https://bugzilla.redhat.com/show_bug.cgi?id=2373354", "https://bugzilla.redhat.com/show_bug.cgi?id=2383404", "https://bugzilla.redhat.com/show_bug.cgi?id=2383421", "https://bugzilla.redhat.com/show_bug.cgi?id=2383487", "https://bugzilla.redhat.com/show_bug.cgi?id=2393191", "https://bugzilla.redhat.com/show_bug.cgi?id=2394601", "https://bugzilla.redhat.com/show_bug.cgi?id=2414506", "https://bugzilla.redhat.com/show_bug.cgi?id=2414521", "https://bugzilla.redhat.com/show_bug.cgi?id=2414522", "https://bugzilla.redhat.com/show_bug.cgi?id=2414523", "https://bugzilla.redhat.com/show_bug.cgi?id=2419837", "https://bugzilla.redhat.com/show_bug.cgi?id=2419919", "https://bugzilla.redhat.com/show_bug.cgi?id=2419920", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37789", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37819", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38022", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38024", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38403", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38415", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38459", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38730", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39760", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40135", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40141", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40158", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40170", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40269", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40271", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40318", "https://errata.almalinux.org/9/ALSA-2026-2212.html", "https://errata.rockylinux.org/RLSA-2026:2212", "https://git.kernel.org/linus/895b4c0c79b092d732544011c3cecaf7322c36a1 (6.18-rc6)", "https://git.kernel.org/stable/c/03de7ff197a3d0e17d0d5c58fdac99a63cba8110", "https://git.kernel.org/stable/c/1d1596d68a6f11d28f677eedf6cf5b17dbfeb491", "https://git.kernel.org/stable/c/4cba73c4c89219beef7685a47374bf88b1022369", "https://git.kernel.org/stable/c/623bb26127fb581a741e880e1e1a47d79aecb6f8", "https://git.kernel.org/stable/c/67272c11f379d9aa5e0f6b16286b9d89b3f76046", "https://git.kernel.org/stable/c/6f2482745e510ae1dacc9b090194b9c5f918d774", "https://git.kernel.org/stable/c/895b4c0c79b092d732544011c3cecaf7322c36a1", "https://git.kernel.org/stable/c/c81d0385500446efe48c305bbb83d47f2ae23a50", "https://linux.oracle.com/cve/CVE-2025-40271.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025120716-CVE-2025-40271-7612@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40271", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40271" ], "PublishedDate": "2025-12-06T22:15:54.737Z", "LastModifiedDate": "2025-12-08T18:26:49.133Z" }, { "VulnerabilityID": "CVE-2025-40272", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40272", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e4a92579124985553a9f817c1b96f9ca10bd91f8468df501b9e255a59b8c2852", "Title": "kernel: mm/secretmem: fix use-after-free race in fault handler", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/secretmem: fix use-after-free race in fault handler\n\nWhen a page fault occurs in a secret memory file created with\n`memfd_secret(2)`, the kernel will allocate a new folio for it, mark the\nunderlying page as not-present in the direct map, and add it to the file\nmapping.\n\nIf two tasks cause a fault in the same page concurrently, both could end\nup allocating a folio and removing the page from the direct map, but only\none would succeed in adding the folio to the file mapping. The task that\nfailed undoes the effects of its attempt by (a) freeing the folio again\nand (b) putting the page back into the direct map. However, by doing\nthese two operations in this order, the page becomes available to the\nallocator again before it is placed back in the direct mapping.\n\nIf another task attempts to allocate the page between (a) and (b), and the\nkernel tries to access it via the direct map, it would result in a\nsupervisor not-present page fault.\n\nFix the ordering to restore the direct map before the folio is freed.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40272", "https://git.kernel.org/linus/6f86d0534fddfbd08687fa0f01479d4226bc3c3d (6.18-rc6)", "https://git.kernel.org/stable/c/1e4643d6628edf9c0047b1f8f5bc574665025acb", "https://git.kernel.org/stable/c/42d486d35a4143cc37fc72ee66edc99d942dd367", "https://git.kernel.org/stable/c/4444767e625da46009fc94a453fd1967b80ba047", "https://git.kernel.org/stable/c/52f2d5cf33de9a8f5e72bbb0ed38282ae0bc4649", "https://git.kernel.org/stable/c/6f86d0534fddfbd08687fa0f01479d4226bc3c3d", "https://git.kernel.org/stable/c/bb1c19636aedae39360e6fdbcaef4f2bcff25785", "https://linux.oracle.com/cve/CVE-2025-40272.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025120716-CVE-2025-40272-507b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40272", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40272" ], "PublishedDate": "2025-12-06T22:15:54.887Z", "LastModifiedDate": "2025-12-08T18:26:49.133Z" }, { "VulnerabilityID": "CVE-2025-40273", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40273", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:787568e4cb2ca6ed5108749dc9dbce33e9f85d7d928c9e17f47d8cf63fe05199", "Title": "kernel: NFSD: free copynotify stateid in nfs4_free_ol_stateid()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: free copynotify stateid in nfs4_free_ol_stateid()\n\nTypically copynotify stateid is freed either when parent's stateid\nis being close/freed or in nfsd4_laundromat if the stateid hasn't\nbeen used in a lease period.\n\nHowever, in case when the server got an OPEN (which created\na parent stateid), followed by a COPY_NOTIFY using that stateid,\nfollowed by a client reboot. New client instance while doing\nCREATE_SESSION would force expire previous state of this client.\nIt leads to the open state being freed thru release_openowner-\u003e\nnfs4_free_ol_stateid() and it finds that it still has copynotify\nstateid associated with it. We currently print a warning and is\ntriggerred\n\nWARNING: CPU: 1 PID: 8858 at fs/nfsd/nfs4state.c:1550 nfs4_free_ol_stateid+0xb0/0x100 [nfsd]\n\nThis patch, instead, frees the associated copynotify stateid here.\n\nIf the parent stateid is freed (without freeing the copynotify\nstateids associated with it), it leads to the list corruption\nwhen laundromat ends up freeing the copynotify state later.\n\n[ 1626.839430] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP\n[ 1626.842828] Modules linked in: nfnetlink_queue nfnetlink_log bluetooth cfg80211 rpcrdma rdma_cm iw_cm ib_cm ib_core nfsd nfs_acl lockd grace nfs_localio ext4 crc16 mbcache jbd2 overlay uinput snd_seq_dummy snd_hrtimer qrtr rfkill vfat fat uvcvideo snd_hda_codec_generic videobuf2_vmalloc videobuf2_memops snd_hda_intel uvc snd_intel_dspcfg videobuf2_v4l2 videobuf2_common snd_hda_codec snd_hda_core videodev snd_hwdep snd_seq mc snd_seq_device snd_pcm snd_timer snd soundcore sg loop auth_rpcgss vsock_loopback vmw_vsock_virtio_transport_common vmw_vsock_vmci_transport vmw_vmci vsock xfs 8021q garp stp llc mrp nvme ghash_ce e1000e nvme_core sr_mod nvme_keyring nvme_auth cdrom vmwgfx drm_ttm_helper ttm sunrpc dm_mirror dm_region_hash dm_log iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi fuse dm_multipath dm_mod nfnetlink\n[ 1626.855594] CPU: 2 UID: 0 PID: 199 Comm: kworker/u24:33 Kdump: loaded Tainted: G B W 6.17.0-rc7+ #22 PREEMPT(voluntary)\n[ 1626.857075] Tainted: [B]=BAD_PAGE, [W]=WARN\n[ 1626.857573] Hardware name: VMware, Inc. VMware20,1/VBSA, BIOS VMW201.00V.24006586.BA64.2406042154 06/04/2024\n[ 1626.858724] Workqueue: nfsd4 laundromat_main [nfsd]\n[ 1626.859304] pstate: 61400005 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n[ 1626.860010] pc : __list_del_entry_valid_or_report+0x148/0x200\n[ 1626.860601] lr : __list_del_entry_valid_or_report+0x148/0x200\n[ 1626.861182] sp : ffff8000881d7a40\n[ 1626.861521] x29: ffff8000881d7a40 x28: 0000000000000018 x27: ffff0000c2a98200\n[ 1626.862260] x26: 0000000000000600 x25: 0000000000000000 x24: ffff8000881d7b20\n[ 1626.862986] x23: ffff0000c2a981e8 x22: 1fffe00012410e7d x21: ffff0000920873e8\n[ 1626.863701] x20: ffff0000920873e8 x19: ffff000086f22998 x18: 0000000000000000\n[ 1626.864421] x17: 20747562202c3839 x16: 3932326636383030 x15: 3030666666662065\n[ 1626.865092] x14: 6220646c756f6873 x13: 0000000000000001 x12: ffff60004fd9e4a3\n[ 1626.865713] x11: 1fffe0004fd9e4a2 x10: ffff60004fd9e4a2 x9 : dfff800000000000\n[ 1626.866320] x8 : 00009fffb0261b5e x7 : ffff00027ecf2513 x6 : 0000000000000001\n[ 1626.866938] x5 : ffff00027ecf2510 x4 : ffff60004fd9e4a3 x3 : 0000000000000000\n[ 1626.867553] x2 : 0000000000000000 x1 : ffff000096069640 x0 : 000000000000006d\n[ 1626.868167] Call trace:\n[ 1626.868382] __list_del_entry_valid_or_report+0x148/0x200 (P)\n[ 1626.868876] _free_cpntf_state_locked+0xd0/0x268 [nfsd]\n[ 1626.869368] nfs4_laundromat+0x6f8/0x1058 [nfsd]\n[ 1626.869813] laundromat_main+0x24/0x60 [nfsd]\n[ 1626.870231] process_one_work+0x584/0x1050\n[ 1626.870595] worker_thread+0x4c4/0xc60\n[ 1626.870893] kthread+0x2f8/0x398\n[ 1626.871146] ret_from_fork+0x10/0x20\n[ 1626.871422] Code: aa1303e1 aa1403e3 910e8000 97bc55d7 (d4210000)\n[ 1626.871892] SMP: stopping secondary CPUs", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40273", "https://git.kernel.org/linus/4aa17144d5abc3c756883e3a010246f0dba8b468 (6.18-rc6)", "https://git.kernel.org/stable/c/29fbb3ad4018ca2b0988fbac76f4c694cc6d7e66", "https://git.kernel.org/stable/c/4aa17144d5abc3c756883e3a010246f0dba8b468", "https://git.kernel.org/stable/c/839f56f626723f36904764858467e7a3881b975d", "https://git.kernel.org/stable/c/935a2dc8928670bb2c37e21025331e61ec48ccf4", "https://git.kernel.org/stable/c/b114996a095da39e38410a0328d4a8aca8c36088", "https://git.kernel.org/stable/c/d7be15a634aa3874827d0d3ea47452ee878b8df7", "https://git.kernel.org/stable/c/f67ad9b33b0e6f00d2acc67cbf9cfa5c756be5fb", "https://linux.oracle.com/cve/CVE-2025-40273.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025120716-CVE-2025-40273-3765@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40273", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40273" ], "PublishedDate": "2025-12-06T22:15:55.023Z", "LastModifiedDate": "2025-12-08T18:26:49.133Z" }, { "VulnerabilityID": "CVE-2025-40275", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40275", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f8bd67fe36556ebe91340740c6810ac6c8c20abf268abd870dd1e9ba0f5bd40c", "Title": "kernel: ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd\n\nIn snd_usb_create_streams(), for UAC version 3 devices, the Interface\nAssociation Descriptor (IAD) is retrieved via usb_ifnum_to_if(). If this\ncall fails, a fallback routine attempts to obtain the IAD from the next\ninterface and sets a BADD profile. However, snd_usb_mixer_controls_badd()\nassumes that the IAD retrieved from usb_ifnum_to_if() is always valid,\nwithout performing a NULL check. This can lead to a NULL pointer\ndereference when usb_ifnum_to_if() fails to find the interface descriptor.\n\nThis patch adds a NULL pointer check after calling usb_ifnum_to_if() in\nsnd_usb_mixer_controls_badd() to prevent the dereference.\n\nThis issue was discovered by syzkaller, which triggered the bug by sending\na crafted USB device descriptor.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40275", "https://git.kernel.org/linus/632108ec072ad64c8c83db6e16a7efee29ebfb74 (6.18-rc6)", "https://git.kernel.org/stable/c/23aea9c74aeea2625aaf4fbcc6beb9d09e30f9e4", "https://git.kernel.org/stable/c/2762d3ea9c929ca4094541ca517c317ffa94625b", "https://git.kernel.org/stable/c/57f607c112966c21240c424b33e2cb71e121dcf0", "https://git.kernel.org/stable/c/632108ec072ad64c8c83db6e16a7efee29ebfb74", "https://git.kernel.org/stable/c/85568535893600024d7d8794f4f8b6428b521e0c", "https://git.kernel.org/stable/c/9f282104627be5fbded3102ff9004f753c55a063", "https://git.kernel.org/stable/c/c5c08965ab96b16361e69a1e2a0e89dbcb99b5a6", "https://git.kernel.org/stable/c/cbdbfc756f2990942138ed0138da9303b4dbf9ff", "https://linux.oracle.com/cve/CVE-2025-40275.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025120717-CVE-2025-40275-021a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40275", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40275" ], "PublishedDate": "2025-12-06T22:15:55.3Z", "LastModifiedDate": "2025-12-08T18:26:49.133Z" }, { "VulnerabilityID": "CVE-2025-40277", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40277", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4a92f79271ff79b86e96f56b82df5807029d5c9147751ca4b8e9b9d197be5494", "Title": "kernel: drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE\n\nThis data originates from userspace and is used in buffer offset\ncalculations which could potentially overflow causing an out-of-bounds\naccess.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:0793", "https://access.redhat.com/security/cve/CVE-2025-40277", "https://bugzilla.redhat.com/2393157", "https://bugzilla.redhat.com/2401432", "https://bugzilla.redhat.com/2419954", "https://bugzilla.redhat.com/2422788", "https://bugzilla.redhat.com/2422801", "https://bugzilla.redhat.com/show_bug.cgi?id=2393157", "https://bugzilla.redhat.com/show_bug.cgi?id=2401432", "https://bugzilla.redhat.com/show_bug.cgi?id=2419954", "https://bugzilla.redhat.com/show_bug.cgi?id=2422788", "https://bugzilla.redhat.com/show_bug.cgi?id=2422801", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38703", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39933", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40277", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68285", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68287", "https://errata.almalinux.org/9/ALSA-2026-0793.html", "https://errata.rockylinux.org/RLSA-2026:0793", "https://git.kernel.org/linus/32b415a9dc2c212e809b7ebc2b14bc3fbda2b9af (6.18-rc6)", "https://git.kernel.org/stable/c/32b415a9dc2c212e809b7ebc2b14bc3fbda2b9af", "https://git.kernel.org/stable/c/54d458b244893e47bda52ec3943fdfbc8d7d068b", "https://git.kernel.org/stable/c/5aea2cde03d4247cdcf53f9ab7d0747c9dca1cfc", "https://git.kernel.org/stable/c/709e5c088f9c99a5cf2c1d1c6ce58f2cca7ab173", "https://git.kernel.org/stable/c/a3abb54c27b2c393c44362399777ad2f6e1ff17e", "https://git.kernel.org/stable/c/b5df9e06eed3df6a4f5c6f8453013b0cabb927b4", "https://git.kernel.org/stable/c/e58559845021c3bad5e094219378b869157fad53", "https://git.kernel.org/stable/c/f3f3a8eb3f0ba799fae057091d8c67cca12d6fa0", "https://linux.oracle.com/cve/CVE-2025-40277.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025120717-CVE-2025-40277-d511@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40277", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40277" ], "PublishedDate": "2025-12-06T22:15:55.56Z", "LastModifiedDate": "2025-12-08T18:26:49.133Z" }, { "VulnerabilityID": "CVE-2025-40278", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40278", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b5e87b6c6dbc298078cb545c69292644d1f7fd62aa248145f084d80b49b3c8b9", "Title": "kernel: net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak\n\nFix a KMSAN kernel-infoleak detected by the syzbot .\n\n[net?] KMSAN: kernel-infoleak in __skb_datagram_iter\n\nIn tcf_ife_dump(), the variable 'opt' was partially initialized using a\ndesignatied initializer. While the padding bytes are reamined\nuninitialized. nla_put() copies the entire structure into a\nnetlink message, these uninitialized bytes leaked to userspace.\n\nInitialize the structure with memset before assigning its fields\nto ensure all members and padding are cleared prior to beign copied.\n\nThis change silences the KMSAN report and prevents potential information\nleaks from the kernel memory.\n\nThis fix has been tested and validated by syzbot. This patch closes the\nbug reported at the following syzkaller link and ensures no infoleak.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 1, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40278", "https://git.kernel.org/linus/ce50039be49eea9b4cd8873ca6eccded1b4a130a (6.18-rc6)", "https://git.kernel.org/stable/c/2191662058443e0bcc28d11694293d8339af6dde", "https://git.kernel.org/stable/c/37f0680887c5aeba9a433fe04b35169010568bb1", "https://git.kernel.org/stable/c/5e3644ef147bf7140259dfa4cace680c9b26fe8b", "https://git.kernel.org/stable/c/918e063304f945fb93be9bb70cacea07d0b730ea", "https://git.kernel.org/stable/c/a676a296af65d33725bdf7396803180957dbd92e", "https://git.kernel.org/stable/c/c8f51dad94cbb88054e2aacc272b3ce1ed11fb1e", "https://git.kernel.org/stable/c/ce50039be49eea9b4cd8873ca6eccded1b4a130a", "https://git.kernel.org/stable/c/d1dbbbe839647486c9b893e5011fe84a052962df", "https://lore.kernel.org/linux-cve-announce/2025120717-CVE-2025-40278-dae4@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40278", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40278" ], "PublishedDate": "2025-12-06T22:15:55.7Z", "LastModifiedDate": "2025-12-08T18:26:49.133Z" }, { "VulnerabilityID": "CVE-2025-40279", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40279", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f5f2e9e8039a79afc74966b22f78e16f4212bcc58c9cac1b0cc4444ba2670104", "Title": "kernel: Linux kernel: Information disclosure via uninitialized data in tcf_connmark_dump()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: act_connmark: initialize struct tc_ife to fix kernel leak\n\nIn tcf_connmark_dump(), the variable 'opt' was partially initialized using a\ndesignatied initializer. While the padding bytes are reamined\nuninitialized. nla_put() copies the entire structure into a\nnetlink message, these uninitialized bytes leaked to userspace.\n\nInitialize the structure with memset before assigning its fields\nto ensure all members and padding are cleared prior to beign copied.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40279", "https://git.kernel.org/linus/62b656e43eaeae445a39cd8021a4f47065af4389 (6.18-rc6)", "https://git.kernel.org/stable/c/218b67c8c8246d47a2a7910eae80abe4861fe2b7", "https://git.kernel.org/stable/c/25837889ec062f2b7618142cd80253dff3da5343", "https://git.kernel.org/stable/c/31e4aa93e2e5b5647fc235b0f6ee329646878f9e", "https://git.kernel.org/stable/c/51cb05d4fd632596816ba44e882e84db9fb28a7e", "https://git.kernel.org/stable/c/62b656e43eaeae445a39cd8021a4f47065af4389", "https://git.kernel.org/stable/c/73cc56c608c209d3d666cc571293b090a471da70", "https://linux.oracle.com/cve/CVE-2025-40279.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025120717-CVE-2025-40279-81d3@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40279", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40279" ], "PublishedDate": "2025-12-06T22:15:55.843Z", "LastModifiedDate": "2025-12-08T18:26:49.133Z" }, { "VulnerabilityID": "CVE-2025-40280", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40280", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4369c891e349dcd175de5b822502cf0b752ebb7aad61b918468812ffaf00f7e9", "Title": "kernel: tipc: Fix use-after-free in tipc_mon_reinit_self()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Fix use-after-free in tipc_mon_reinit_self().\n\nsyzbot reported use-after-free of tipc_net(net)-\u003emonitors[]\nin tipc_mon_reinit_self(). [0]\n\nThe array is protected by RTNL, but tipc_mon_reinit_self()\niterates over it without RTNL.\n\ntipc_mon_reinit_self() is called from tipc_net_finalize(),\nwhich is always under RTNL except for tipc_net_finalize_work().\n\nLet's hold RTNL in tipc_net_finalize_work().\n\n[0]:\nBUG: KASAN: slab-use-after-free in __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]\nBUG: KASAN: slab-use-after-free in _raw_spin_lock_irqsave+0xa7/0xf0 kernel/locking/spinlock.c:162\nRead of size 1 at addr ffff88805eae1030 by task kworker/0:7/5989\n\nCPU: 0 UID: 0 PID: 5989 Comm: kworker/0:7 Not tainted syzkaller #0 PREEMPT_{RT,(full)}\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025\nWorkqueue: events tipc_net_finalize_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x240 mm/kasan/report.c:482\n kasan_report+0x118/0x150 mm/kasan/report.c:595\n __kasan_check_byte+0x2a/0x40 mm/kasan/common.c:568\n kasan_check_byte include/linux/kasan.h:399 [inline]\n lock_acquire+0x8d/0x360 kernel/locking/lockdep.c:5842\n __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]\n _raw_spin_lock_irqsave+0xa7/0xf0 kernel/locking/spinlock.c:162\n rtlock_slowlock kernel/locking/rtmutex.c:1894 [inline]\n rwbase_rtmutex_lock_state kernel/locking/spinlock_rt.c:160 [inline]\n rwbase_write_lock+0xd3/0x7e0 kernel/locking/rwbase_rt.c:244\n rt_write_lock+0x76/0x110 kernel/locking/spinlock_rt.c:243\n write_lock_bh include/linux/rwlock_rt.h:99 [inline]\n tipc_mon_reinit_self+0x79/0x430 net/tipc/monitor.c:718\n tipc_net_finalize+0x115/0x190 net/tipc/net.c:140\n process_one_work kernel/workqueue.c:3236 [inline]\n process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3319\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400\n kthread+0x70e/0x8a0 kernel/kthread.c:463\n ret_from_fork+0x439/0x7d0 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nAllocated by task 6089:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:388 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:405\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x1a8/0x320 mm/slub.c:4407\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n tipc_mon_create+0xc3/0x4d0 net/tipc/monitor.c:657\n tipc_enable_bearer net/tipc/bearer.c:357 [inline]\n __tipc_nl_bearer_enable+0xe16/0x13f0 net/tipc/bearer.c:1047\n __tipc_nl_compat_doit net/tipc/netlink_compat.c:371 [inline]\n tipc_nl_compat_doit+0x3bc/0x5f0 net/tipc/netlink_compat.c:393\n tipc_nl_compat_handle net/tipc/netlink_compat.c:-1 [inline]\n tipc_nl_compat_recv+0x83c/0xbe0 net/tipc/netlink_compat.c:1321\n genl_family_rcv_msg_doit+0x215/0x300 net/netlink/genetlink.c:1115\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0x60e/0x790 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x208/0x470 net/netlink/af_netlink.c:2552\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]\n netlink_unicast+0x846/0xa10 net/netlink/af_netlink.c:1346\n netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1896\n sock_sendmsg_nosec net/socket.c:714 [inline]\n __sock_sendmsg+0x21c/0x270 net/socket.c:729\n ____sys_sendmsg+0x508/0x820 net/socket.c:2614\n ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2668\n __sys_sendmsg net/socket.c:2700 [inline]\n __do_sys_sendmsg net/socket.c:2705 [inline]\n __se_sys_sendmsg net/socket.c:2703 [inline]\n __x64_sys_sendmsg+0x1a1/0x260 net/socket.c:2703\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/\n---truncated---", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40280", "https://git.kernel.org/linus/0725e6afb55128be21a2ca36e9674f573ccec173 (6.18-rc6)", "https://git.kernel.org/stable/c/0725e6afb55128be21a2ca36e9674f573ccec173", "https://git.kernel.org/stable/c/499b5fa78d525c4450ebb76db83207db71efea77", "https://git.kernel.org/stable/c/51b8f0ab888f8aa5dfac954918864eeda8c12c19", "https://git.kernel.org/stable/c/5f541300b02ef8b2af34f6f7d41ce617f3571e88", "https://git.kernel.org/stable/c/b2e77c789c234e7fe49057d2ced8f32e2d2c7901", "https://git.kernel.org/stable/c/c92dbf85627b5c29e52d9c120a24e785801716df", "https://git.kernel.org/stable/c/f0104977fed25ebe001fd63dab2b6b7fefad3373", "https://git.kernel.org/stable/c/fdf7c4c9af4f246323ce854e84b6aec198d49f7e", "https://linux.oracle.com/cve/CVE-2025-40280.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025120717-CVE-2025-40280-4612@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40280", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40280" ], "PublishedDate": "2025-12-06T22:15:55.973Z", "LastModifiedDate": "2025-12-08T18:26:49.133Z" }, { "VulnerabilityID": "CVE-2025-40281", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40281", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:28d7fedcbcff40f96517c36cdaf8ce8a803ae33605bc69a49c59d1a9028152b6", "Title": "kernel: sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto\n\nsyzbot reported a possible shift-out-of-bounds [1]\n\nBlamed commit added rto_alpha_max and rto_beta_max set to 1000.\n\nIt is unclear if some sctp users are setting very large rto_alpha\nand/or rto_beta.\n\nIn order to prevent user regression, perform the test at run time.\n\nAlso add READ_ONCE() annotations as sysctl values can change under us.\n\n[1]\n\nUBSAN: shift-out-of-bounds in net/sctp/transport.c:509:41\nshift exponent 64 is too large for 32-bit type 'unsigned int'\nCPU: 0 UID: 0 PID: 16704 Comm: syz.2.2320 Not tainted syzkaller #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120\n ubsan_epilogue lib/ubsan.c:233 [inline]\n __ubsan_handle_shift_out_of_bounds+0x27f/0x420 lib/ubsan.c:494\n sctp_transport_update_rto.cold+0x1c/0x34b net/sctp/transport.c:509\n sctp_check_transmitted+0x11c4/0x1c30 net/sctp/outqueue.c:1502\n sctp_outq_sack+0x4ef/0x1b20 net/sctp/outqueue.c:1338\n sctp_cmd_process_sack net/sctp/sm_sideeffect.c:840 [inline]\n sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1372 [inline]", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40281", "https://git.kernel.org/linus/1534ff77757e44bcc4b98d0196bc5c0052fce5fa (6.18-rc6)", "https://git.kernel.org/stable/c/0e0413e3315199b23ff4aec295e256034cd0a6e4", "https://git.kernel.org/stable/c/1534ff77757e44bcc4b98d0196bc5c0052fce5fa", "https://git.kernel.org/stable/c/1cfa4eac275cc4875755c1303d48a4ddfe507ca8", "https://git.kernel.org/stable/c/834e65be429c0fa4f9bb5945064bd57f18ed2187", "https://git.kernel.org/stable/c/aaba523dd7b6106526c24b1fd9b5fc35e5aaa88d", "https://git.kernel.org/stable/c/abb086b9a95d0ed3b757ee59964ba3c4e4b2fc1a", "https://git.kernel.org/stable/c/d0d858652834dcf531342c82a0428170aa7c2675", "https://git.kernel.org/stable/c/ed71f801249d2350c77a73dca2c03918a15a62fe", "https://linux.oracle.com/cve/CVE-2025-40281.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025120718-CVE-2025-40281-557d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40281", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40281" ], "PublishedDate": "2025-12-06T22:15:56.113Z", "LastModifiedDate": "2025-12-08T18:26:49.133Z" }, { "VulnerabilityID": "CVE-2025-40282", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40282", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:48334e453311e975b41ff466d1b3719a4e1b99fa49a0aedb66984f8938e935c5", "Title": "kernel: Bluetooth: 6lowpan: reset link-local header on ipv6 recv path", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: 6lowpan: reset link-local header on ipv6 recv path\n\nBluetooth 6lowpan.c netdev has header_ops, so it must set link-local\nheader for RX skb, otherwise things crash, eg. with AF_PACKET SOCK_RAW\n\nAdd missing skb_reset_mac_header() for uncompressed ipv6 RX path.\n\nFor the compressed one, it is done in lowpan_header_decompress().\n\nLog: (BlueZ 6lowpan-tester Client Recv Raw - Success)\n------\nkernel BUG at net/core/skbuff.c:212!\nCall Trace:\n\u003cIRQ\u003e\n...\npacket_rcv (net/packet/af_packet.c:2152)\n...\n\u003cTASK\u003e\n__local_bh_enable_ip (kernel/softirq.c:407)\nnetif_rx (net/core/dev.c:5648)\nchan_recv_cb (net/bluetooth/6lowpan.c:294 net/bluetooth/6lowpan.c:359)\n------", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40282", "https://git.kernel.org/linus/3b78f50918276ab28fb22eac9aa49401ac436a3b (6.18-rc6)", "https://git.kernel.org/stable/c/11cd7e068381666f842ad41d1cc58eecd0c75237", "https://git.kernel.org/stable/c/3b78f50918276ab28fb22eac9aa49401ac436a3b", "https://git.kernel.org/stable/c/4ebb90c3c309e6375dc3e841af92e2a039843e62", "https://git.kernel.org/stable/c/70d84e7c3a44b81020a3c3d650a64c63593405bd", "https://git.kernel.org/stable/c/973e0271754c77db3e1b6b69adf2de85a79a4c8b", "https://git.kernel.org/stable/c/c24ac6cfe4f9a47180a65592c47e7a310d2f9d93", "https://git.kernel.org/stable/c/d566e9a2bfc848941b091ffd5f4e12c4e889d818", "https://git.kernel.org/stable/c/ea46a1d217bc82e01cf3d0424e50ebfe251e34bf", "https://lore.kernel.org/linux-cve-announce/2025120718-CVE-2025-40282-cdda@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40282", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40282" ], "PublishedDate": "2025-12-06T22:15:56.253Z", "LastModifiedDate": "2025-12-08T18:26:49.133Z" }, { "VulnerabilityID": "CVE-2025-40283", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40283", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:fcca7a6be45afa1410ab2ca44ed118f40a8731e749149eb0a0cf14a59e979439", "Title": "kernel: Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF\n\nThere is a KASAN: slab-use-after-free read in btusb_disconnect().\nCalling \"usb_driver_release_interface(\u0026btusb_driver, data-\u003eintf)\" will\nfree the btusb data associated with the interface. The same data is\nthen used later in the function, hence the UAF.\n\nFix by moving the accesses to btusb data to before the data is free'd.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40283", "https://git.kernel.org/linus/23d22f2f71768034d6ef86168213843fc49bf550 (6.18-rc6)", "https://git.kernel.org/stable/c/1c28c1e1522c773a94e26950ffb145e88cd9834b", "https://git.kernel.org/stable/c/23d22f2f71768034d6ef86168213843fc49bf550", "https://git.kernel.org/stable/c/297dbf87989e09af98f81f2bcb938041785557e8", "https://git.kernel.org/stable/c/5dc00065a0496c36694afe11e52a5bc64524a9b8", "https://git.kernel.org/stable/c/7a6d1e740220ff9dfcb6a8c994d6ba49e76db198", "https://git.kernel.org/stable/c/95b9b98c93b1c0916a3d4cf4540b7f5d69145a0d", "https://git.kernel.org/stable/c/a2610ecd9fd5708be8997ca8f033e4200c0bb6af", "https://git.kernel.org/stable/c/f858f004bc343a7ae9f2533bbb2a3ab27428532f", "https://linux.oracle.com/cve/CVE-2025-40283.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025120718-CVE-2025-40283-0706@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40283", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40283" ], "PublishedDate": "2025-12-06T22:15:56.393Z", "LastModifiedDate": "2025-12-08T18:26:49.133Z" }, { "VulnerabilityID": "CVE-2025-40284", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40284", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ddbedc4982d62c342d3d22734d58be108c9e0298162110923f72ea8e7cafed87", "Title": "kernel: Bluetooth: MGMT: cancel mesh send timer when hdev removed", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: cancel mesh send timer when hdev removed\n\nmesh_send_done timer is not canceled when hdev is removed, which causes\ncrash if the timer triggers after hdev is gone.\n\nCancel the timer when MGMT removes the hdev, like other MGMT timers.\n\nShould fix the BUG: sporadically seen by BlueZ test bot\n(in \"Mesh - Send cancel - 1\" test).\n\nLog:\n------\nBUG: KASAN: slab-use-after-free in run_timer_softirq+0x76b/0x7d0\n...\nFreed by task 36:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_save_free_info+0x3a/0x60\n __kasan_slab_free+0x43/0x70\n kfree+0x103/0x500\n device_release+0x9a/0x210\n kobject_put+0x100/0x1e0\n vhci_release+0x18b/0x240\n------", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40284", "https://git.kernel.org/linus/55fb52ffdd62850d667ebed842815e072d3c9961 (6.18-rc6)", "https://git.kernel.org/stable/c/2927ff643607eddf4f03d10ef80fe10d977154aa", "https://git.kernel.org/stable/c/55fb52ffdd62850d667ebed842815e072d3c9961", "https://git.kernel.org/stable/c/7b6b6c077cad0601d62c3c34ab7ce3fb25deda7b", "https://git.kernel.org/stable/c/990e6143b0ca0c66f099d67d00c112bf59b30d76", "https://git.kernel.org/stable/c/fd62ca5ad136dcf6f5aa308423b299a6be6f54ea", "https://linux.oracle.com/cve/CVE-2025-40284.html", "https://linux.oracle.com/errata/ELSA-2026-50006.html", "https://lore.kernel.org/linux-cve-announce/2025120718-CVE-2025-40284-9c41@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40284", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40284" ], "PublishedDate": "2025-12-06T22:15:56.53Z", "LastModifiedDate": "2025-12-08T18:26:49.133Z" }, { "VulnerabilityID": "CVE-2025-40285", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40285", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:cd8f57c87e42ec3c96e6f6d39b81e6efc853639307e8212f917056dc6b5c4864", "Title": "kernel: smb/server: fix possible refcount leak in smb2_sess_setup()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb/server: fix possible refcount leak in smb2_sess_setup()\n\nReference count of ksmbd_session will leak when session need reconnect.\nFix this by adding the missing ksmbd_user_session_put().", "Severity": "MEDIUM", "VendorSeverity": { "photon": 3, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40285", "https://git.kernel.org/linus/379510a815cb2e64eb0a379cb62295d6ade65df0 (6.18-rc2)", "https://git.kernel.org/stable/c/379510a815cb2e64eb0a379cb62295d6ade65df0", "https://git.kernel.org/stable/c/6fc935f798d44a8eb8a5e6659198399fbf57b981", "https://git.kernel.org/stable/c/d37b2c81c83d6c0d5ca582f4fe73c672983f9e0d", "https://git.kernel.org/stable/c/dcc51dfe6ff26b52cac106865a172ac982d78401", "https://git.kernel.org/stable/c/e671f9bb97805771380c98de944e2ceab6949188", "https://lore.kernel.org/linux-cve-announce/2025120718-CVE-2025-40285-9158@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40285", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40285" ], "PublishedDate": "2025-12-06T22:15:56.667Z", "LastModifiedDate": "2025-12-08T18:26:49.133Z" }, { "VulnerabilityID": "CVE-2025-40286", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40286", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6fa3a00431ccff362193634cfe482260b707edcf5ce4e92967729670bdc00f99", "Title": "kernel: smb/server: fix possible memory leak in smb2_read()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb/server: fix possible memory leak in smb2_read()\n\nMemory leak occurs when ksmbd_vfs_read() fails.\nFix this by adding the missing kvfree().", "Severity": "MEDIUM", "VendorSeverity": { "photon": 3, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40286", "https://git.kernel.org/linus/6fced056d2cc8d01b326e6fcfabaacb9850b71a4 (6.18-rc2)", "https://git.kernel.org/stable/c/0797c6cf3b857cc229ab2bc69552938dcd738d78", "https://git.kernel.org/stable/c/63d8706a2c09a0c29b8b0e8a44bc7a1339685de9", "https://git.kernel.org/stable/c/6fced056d2cc8d01b326e6fcfabaacb9850b71a4", "https://git.kernel.org/stable/c/bfda5422a16651d0bf864ec468b1c216e1b10d91", "https://git.kernel.org/stable/c/f1305587731886da37a214cda812ade246c653b0", "https://lore.kernel.org/linux-cve-announce/2025120718-CVE-2025-40286-1b9c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40286", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40286" ], "PublishedDate": "2025-12-06T22:15:56.797Z", "LastModifiedDate": "2025-12-08T18:26:49.133Z" }, { "VulnerabilityID": "CVE-2025-40287", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40287", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:286c9211f58e3129f182c8e493c957fe477c9c3d066ca4a2af77537600358403", "Title": "kernel: exfat: fix improper check of dentry.stream.valid_size", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix improper check of dentry.stream.valid_size\n\nWe found an infinite loop bug in the exFAT file system that can lead to a\nDenial-of-Service (DoS) condition. When a dentry in an exFAT filesystem is\nmalformed, the following system calls — SYS_openat, SYS_ftruncate, and\nSYS_pwrite64 — can cause the kernel to hang.\n\nRoot cause analysis shows that the size validation code in exfat_find()\ndoes not check whether dentry.stream.valid_size is negative. As a result,\nthe system calls mentioned above can succeed and eventually trigger the DoS\nissue.\n\nThis patch adds a check for negative dentry.stream.valid_size to prevent\nthis vulnerability.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40287", "https://git.kernel.org/linus/82ebecdc74ff555daf70b811d854b1f32a296bea (6.18-rc2)", "https://git.kernel.org/stable/c/204b1b02ee018ba52ad2ece21fe3a8643d66a1b2", "https://git.kernel.org/stable/c/6c627bcc1896ba62ec793d0c00da74f3c93ce3ad", "https://git.kernel.org/stable/c/82ebecdc74ff555daf70b811d854b1f32a296bea", "https://linux.oracle.com/cve/CVE-2025-40287.html", "https://linux.oracle.com/errata/ELSA-2026-50006.html", "https://lore.kernel.org/linux-cve-announce/2025120719-CVE-2025-40287-a68f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40287", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40287" ], "PublishedDate": "2025-12-06T22:15:56.927Z", "LastModifiedDate": "2025-12-08T18:26:49.133Z" }, { "VulnerabilityID": "CVE-2025-40288", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40288", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d9b955b620b46fa54233640869c8733a6ec98c7cf190e47bb313d4eeb94cffdc", "Title": "kernel: drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices\n\nPreviously, APU platforms (and other scenarios with uninitialized VRAM managers)\ntriggered a NULL pointer dereference in `ttm_resource_manager_usage()`. The root\ncause is not that the `struct ttm_resource_manager *man` pointer itself is NULL,\nbut that `man-\u003ebdev` (the backing device pointer within the manager) remains\nuninitialized (NULL) on APUs—since APUs lack dedicated VRAM and do not fully\nset up VRAM manager structures. When `ttm_resource_manager_usage()` attempts to\nacquire `man-\u003ebdev-\u003elru_lock`, it dereferences the NULL `man-\u003ebdev`, leading to\na kernel OOPS.\n\n1. **amdgpu_cs.c**: Extend the existing bandwidth control check in\n `amdgpu_cs_get_threshold_for_moves()` to include a check for\n `ttm_resource_manager_used()`. If the manager is not used (uninitialized\n `bdev`), return 0 for migration thresholds immediately—skipping VRAM-specific\n logic that would trigger the NULL dereference.\n\n2. **amdgpu_kms.c**: Update the `AMDGPU_INFO_VRAM_USAGE` ioctl and memory info\n reporting to use a conditional: if the manager is used, return the real VRAM\n usage; otherwise, return 0. This avoids accessing `man-\u003ebdev` when it is\n NULL.\n\n3. **amdgpu_virt.c**: Modify the vf2pf (virtual function to physical function)\n data write path. Use `ttm_resource_manager_used()` to check validity: if the\n manager is usable, calculate `fb_usage` from VRAM usage; otherwise, set\n `fb_usage` to 0 (APUs have no discrete framebuffer to report).\n\nThis approach is more robust than APU-specific checks because it:\n- Works for all scenarios where the VRAM manager is uninitialized (not just APUs),\n- Aligns with TTM's design by using its native helper function,\n- Preserves correct behavior for discrete GPUs (which have fully initialized\n `man-\u003ebdev` and pass the `ttm_resource_manager_used()` check).\n\nv4: use ttm_resource_manager_used(\u0026adev-\u003emman.vram_mgr.manager) instead of checking the adev-\u003egmc.is_app_apu flag (Christian)", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "oracle-oval": 3, "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40288", "https://git.kernel.org/linus/883f309add55060233bf11c1ea6947140372920f (6.18-rc2)", "https://git.kernel.org/stable/c/070bdce18fb12a49eb9c421e57df17d2ad29bf5f", "https://git.kernel.org/stable/c/1243e396148a65bb6c42a2b70fe43e50c16c494f", "https://git.kernel.org/stable/c/43aa61c18a3a45042b098b7a1186ffb29364002c", "https://git.kernel.org/stable/c/883f309add55060233bf11c1ea6947140372920f", "https://git.kernel.org/stable/c/e70113b741ba253886cd71dbadfe3ea444bb2f5c", "https://linux.oracle.com/cve/CVE-2025-40288.html", "https://linux.oracle.com/errata/ELSA-2026-50006.html", "https://lore.kernel.org/linux-cve-announce/2025120719-CVE-2025-40288-7d9f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40288", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40288" ], "PublishedDate": "2025-12-06T22:15:57.067Z", "LastModifiedDate": "2025-12-08T18:26:49.133Z" }, { "VulnerabilityID": "CVE-2025-40289", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40289", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e83b432a3992ab53c1274b35922cc925d5c931227118c5c594295712b91008ac", "Title": "kernel: drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM\n\nOtherwise accessing them can cause a crash.", "Severity": "MEDIUM", "VendorSeverity": { "oracle-oval": 3, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40289", "https://git.kernel.org/linus/33cc891b56b93cad1a83263eaf2e417436f70c82 (6.18-rc2)", "https://git.kernel.org/stable/c/33cc891b56b93cad1a83263eaf2e417436f70c82", "https://git.kernel.org/stable/c/39a1c8c860e32d775f29917939e87b6a7c08ebb1", "https://git.kernel.org/stable/c/a67a9f99ce1306898d7129a199d42876bc06a0f0", "https://linux.oracle.com/cve/CVE-2025-40289.html", "https://linux.oracle.com/errata/ELSA-2026-50006.html", "https://lore.kernel.org/linux-cve-announce/2025120719-CVE-2025-40289-6833@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40289", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40289" ], "PublishedDate": "2025-12-06T22:15:57.203Z", "LastModifiedDate": "2025-12-08T18:26:49.133Z" }, { "VulnerabilityID": "CVE-2025-40303", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40303", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:192b64448525486babfb941f5daf8dd346be9d2a1d3140551dc8ceb04fbd456f", "Title": "kernel: btrfs: ensure no dirty metadata is written back for an fs with errors", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: ensure no dirty metadata is written back for an fs with errors\n\n[BUG]\nDuring development of a minor feature (make sure all btrfs_bio::end_io()\nis called in task context), I noticed a crash in generic/388, where\nmetadata writes triggered new works after btrfs_stop_all_workers().\n\nIt turns out that it can even happen without any code modification, just\nusing RAID5 for metadata and the same workload from generic/388 is going\nto trigger the use-after-free.\n\n[CAUSE]\nIf btrfs hits an error, the fs is marked as error, no new\ntransaction is allowed thus metadata is in a frozen state.\n\nBut there are some metadata modifications before that error, and they are\nstill in the btree inode page cache.\n\nSince there will be no real transaction commit, all those dirty folios\nare just kept as is in the page cache, and they can not be invalidated\nby invalidate_inode_pages2() call inside close_ctree(), because they are\ndirty.\n\nAnd finally after btrfs_stop_all_workers(), we call iput() on btree\ninode, which triggers writeback of those dirty metadata.\n\nAnd if the fs is using RAID56 metadata, this will trigger RMW and queue\nnew works into rmw_workers, which is already stopped, causing warning\nfrom queue_work() and use-after-free.\n\n[FIX]\nAdd a special handling for write_one_eb(), that if the fs is already in\nan error state, immediately mark the bbio as failure, instead of really\nsubmitting them.\n\nThen during close_ctree(), iput() will just discard all those dirty\ntree blocks without really writing them back, thus no more new jobs for\nalready stopped-and-freed workqueues.\n\nThe extra discard in write_one_eb() also acts as an extra safenet.\nE.g. the transaction abort is triggered by some extent/free space\ntree corruptions, and since extent/free space tree is already corrupted\nsome tree blocks may be allocated where they shouldn't be (overwriting\nexisting tree blocks). In that case writing them back will further\ncorrupting the fs.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40303", "https://git.kernel.org/linus/2618849f31e7cf51fadd4a5242458501a6d5b315 (6.18-rc5)", "https://git.kernel.org/stable/c/066ee13f05fbd82ada01883e51f0695172f98dff", "https://git.kernel.org/stable/c/2618849f31e7cf51fadd4a5242458501a6d5b315", "https://git.kernel.org/stable/c/54a5b5a15588e3b0b294df31474d08a2678d4291", "https://git.kernel.org/stable/c/e2b3859067bf012d53c49b3f885fef40624a2c83", "https://lore.kernel.org/linux-cve-announce/2025120820-CVE-2025-40303-8209@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40303", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40303" ], "PublishedDate": "2025-12-08T01:16:02.44Z", "LastModifiedDate": "2025-12-08T18:26:49.133Z" }, { "VulnerabilityID": "CVE-2025-40304", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40304", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b898d6cccf1b57e5bb09b8805e29b5449f294a4a76a5e199c994bbb21c128f0d", "Title": "kernel: Linux kernel: Out-of-bounds write in fbdev can lead to privilege escalation, information disclosure, or denial of service.", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds\n\nAdd bounds checking to prevent writes past framebuffer boundaries when\nrendering text near screen edges. Return early if the Y position is off-screen\nand clip image height to screen boundary. Break from the rendering loop if the\nX position is off-screen. When clipping image width to fit the screen, update\nthe character count to match the clipped width to prevent buffer size\nmismatches.\n\nWithout the character count update, bit_putcs_aligned and bit_putcs_unaligned\nreceive mismatched parameters where the buffer is allocated for the clipped\nwidth but cnt reflects the original larger count, causing out-of-bounds writes.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H", "V3Score": 7.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:2722", "https://access.redhat.com/security/cve/CVE-2025-40304", "https://bugzilla.redhat.com/2360239", "https://bugzilla.redhat.com/2406747", "https://bugzilla.redhat.com/2419870", "https://bugzilla.redhat.com/2419902", "https://bugzilla.redhat.com/2424880", "https://bugzilla.redhat.com/2429116", "https://bugzilla.redhat.com/2432671", "https://bugzilla.redhat.com/show_bug.cgi?id=2360239", "https://bugzilla.redhat.com/show_bug.cgi?id=2406747", "https://bugzilla.redhat.com/show_bug.cgi?id=2419870", "https://bugzilla.redhat.com/show_bug.cgi?id=2419902", "https://bugzilla.redhat.com/show_bug.cgi?id=2424880", "https://bugzilla.redhat.com/show_bug.cgi?id=2429116", "https://bugzilla.redhat.com/show_bug.cgi?id=2432671", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-53034", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68349", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68811", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22998", "https://errata.almalinux.org/9/ALSA-2026-2722.html", "https://errata.rockylinux.org/RLSA-2026:2722", "https://git.kernel.org/linus/3637d34b35b287ab830e66048841ace404382b67 (6.18-rc1)", "https://git.kernel.org/stable/c/15ba9acafb0517f8359ca30002c189a68ddbb939", "https://git.kernel.org/stable/c/1943b69e87b0ab35032d47de0a7fca9a3d1d6fc1", "https://git.kernel.org/stable/c/2d1359e11674ed4274934eac8a71877ae5ae7bbb", "https://git.kernel.org/stable/c/3637d34b35b287ab830e66048841ace404382b67", "https://git.kernel.org/stable/c/86df8ade88d290725554cefd03101ecd0fbd3752", "https://git.kernel.org/stable/c/996bfaa7372d6718b6d860bdf78f6618e850c702", "https://git.kernel.org/stable/c/ebc0730b490c7f27340b1222e01dd106e820320d", "https://git.kernel.org/stable/c/f0982400648a3e00580253e0c48e991f34d2684c", "https://linux.oracle.com/cve/CVE-2025-40304.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025120820-CVE-2025-40304-47b3@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40304", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40304" ], "PublishedDate": "2025-12-08T01:16:02.567Z", "LastModifiedDate": "2025-12-08T18:26:49.133Z" }, { "VulnerabilityID": "CVE-2025-40305", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40305", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8e8cc5abdc03f415b061b688d4caa29494ec6ee8a0b012973db84656d0ed24ec", "Title": "kernel: 9p/trans_fd: p9_fd_request: kick rx thread if EPOLLIN", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\n9p/trans_fd: p9_fd_request: kick rx thread if EPOLLIN\n\np9_read_work() doesn't set Rworksched and doesn't do schedule_work(m-\u003erq)\nif list_empty(\u0026m-\u003ereq_list).\n\nHowever, if the pipe is full, we need to read more data and this used to\nwork prior to commit aaec5a95d59615 (\"pipe_read: don't wake up the writer\nif the pipe is still full\").\n\np9_read_work() does p9_fd_read() -\u003e ... -\u003e anon_pipe_read() which (before\nthe commit above) triggered the unnecessary wakeup. This wakeup calls\np9_pollwake() which kicks p9_poll_workfn() -\u003e p9_poll_mux(), p9_poll_mux()\nwill notice EPOLLIN and schedule_work(\u0026m-\u003erq).\n\nThis no longer happens after the optimization above, change p9_fd_request()\nto use p9_poll_mux() instead of only checking for EPOLLOUT.", "Severity": "MEDIUM", "VendorSeverity": { "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40305", "https://git.kernel.org/linus/e8fe3f07a357c39d429e02ca34f740692d88967a (6.18-rc1)", "https://git.kernel.org/stable/c/242531004d7de8c159f9bfadebe33fe8060b1046", "https://git.kernel.org/stable/c/2e1461034aef99e905a1fe5589aaf00eaea73eee", "https://git.kernel.org/stable/c/e8fe3f07a357c39d429e02ca34f740692d88967a", "https://linux.oracle.com/cve/CVE-2025-40305.html", "https://linux.oracle.com/errata/ELSA-2026-50006.html", "https://lore.kernel.org/linux-cve-announce/2025120820-CVE-2025-40305-d66a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40305", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40305" ], "PublishedDate": "2025-12-08T01:16:02.7Z", "LastModifiedDate": "2026-01-02T16:16:57.347Z" }, { "VulnerabilityID": "CVE-2025-40306", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40306", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:027be06e90f88de0946d4ffacf8f54736249a126156f688ebcd4e5b5b04ef8e7", "Title": "kernel: orangefs: fix xattr related buffer overflow..", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\norangefs: fix xattr related buffer overflow...\n\nWilly Tarreau \u003cw@1wt.eu\u003e forwarded me a message from\nDisclosure \u003cdisclosure@aisle.com\u003e with the following\nwarning:\n\n\u003e The helper `xattr_key()` uses the pointer variable in the loop condition\n\u003e rather than dereferencing it. As `key` is incremented, it remains non-NULL\n\u003e (until it runs into unmapped memory), so the loop does not terminate on\n\u003e valid C strings and will walk memory indefinitely, consuming CPU or hanging\n\u003e the thread.\n\nI easily reproduced this with setfattr and getfattr, causing a kernel\noops, hung user processes and corrupted orangefs files. Disclosure\nsent along a diff (not a patch) with a suggested fix, which I based\nthis patch on.\n\nAfter xattr_key started working right, xfstest generic/069 exposed an\nxattr related memory leak that lead to OOM. xattr_key returns\na hashed key. When adding xattrs to the orangefs xattr cache, orangefs\nused hash_add, a kernel hashing macro. hash_add also hashes the key using\nhash_log which resulted in additions to the xattr cache going to the wrong\nhash bucket. generic/069 tortures a single file and orangefs does a\ngetattr for the xattr \"security.capability\" every time. Orangefs\nnegative caches on xattrs which includes a kmalloc. Since adds to the\nxattr cache were going to the wrong bucket, every getattr for\n\"security.capability\" resulted in another kmalloc, none of which were\never freed.\n\nI changed the two uses of hash_add to hlist_add_head instead\nand the memory leak ceased and generic/069 quit throwing furniture.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40306", "https://git.kernel.org/linus/025e880759c279ec64d0f754fe65bf45961da864 (6.18-rc1)", "https://git.kernel.org/stable/c/025e880759c279ec64d0f754fe65bf45961da864", "https://git.kernel.org/stable/c/15afebb9597449c444801d1ff0b8d8b311f950ab", "https://git.kernel.org/stable/c/9127d1e90c90e5960c8bc72a4ce2c209691a7021", "https://git.kernel.org/stable/c/bc812574de633cf9a9ad6974490e45f6a4bb5126", "https://git.kernel.org/stable/c/c2ca015ac109fd743fdde27933d59dc5ad46658e", "https://git.kernel.org/stable/c/c6564ff6b53c9a8dc786b6f1c51ae7688273f931", "https://git.kernel.org/stable/c/e09a096104fc65859422817fb2211f35855983fe", "https://git.kernel.org/stable/c/ef892d2bf4f3fa2c8de1677dd307e678bdd3d865", "https://lore.kernel.org/linux-cve-announce/2025120820-CVE-2025-40306-3e2f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40306", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40306" ], "PublishedDate": "2025-12-08T01:16:02.82Z", "LastModifiedDate": "2025-12-08T18:26:19.9Z" }, { "VulnerabilityID": "CVE-2025-40307", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40307", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:cb61cfb81516ad20372c596468e33d68e0c8e53e7024cf9421a5d52e87578723", "Title": "kernel: exfat: validate cluster allocation bits of the allocation bitmap", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: validate cluster allocation bits of the allocation bitmap\n\nsyzbot created an exfat image with cluster bits not set for the allocation\nbitmap. exfat-fs reads and uses the allocation bitmap without checking\nthis. The problem is that if the start cluster of the allocation bitmap\nis 6, cluster 6 can be allocated when creating a directory with mkdir.\nexfat zeros out this cluster in exfat_mkdir, which can delete existing\nentries. This can reallocate the allocated entries. In addition,\nthe allocation bitmap is also zeroed out, so cluster 6 can be reallocated.\nThis patch adds exfat_test_bitmap_range to validate that clusters used for\nthe allocation bitmap are correctly marked as in-use.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H", "V3Score": 6.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40307", "https://git.kernel.org/linus/79c1587b6cda74deb0c86fc7ba194b92958c793c (6.18-rc1)", "https://git.kernel.org/stable/c/13c1d24803d5b0446b3f6f0fdd67e07ac1fdc7bf", "https://git.kernel.org/stable/c/6bc58b4c53795ab5fe00648344aa7d9d61175f90", "https://git.kernel.org/stable/c/79c1587b6cda74deb0c86fc7ba194b92958c793c", "https://linux.oracle.com/cve/CVE-2025-40307.html", "https://linux.oracle.com/errata/ELSA-2026-50006.html", "https://lore.kernel.org/linux-cve-announce/2025120820-CVE-2025-40307-40f1@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40307", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40307" ], "PublishedDate": "2025-12-08T01:16:02.95Z", "LastModifiedDate": "2025-12-08T18:26:19.9Z" }, { "VulnerabilityID": "CVE-2025-40308", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40308", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0236388972fad62a4c9b93fdf94e38ebe2afe9f3779e7dd8a8cdc029a18b347b", "Title": "kernel: Bluetooth: bcsp: receive data only if registered", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: bcsp: receive data only if registered\n\nCurrently, bcsp_recv() can be called even when the BCSP protocol has not\nbeen registered. This leads to a NULL pointer dereference, as shown in\nthe following stack trace:\n\n KASAN: null-ptr-deref in range [0x0000000000000108-0x000000000000010f]\n RIP: 0010:bcsp_recv+0x13d/0x1740 drivers/bluetooth/hci_bcsp.c:590\n Call Trace:\n \u003cTASK\u003e\n hci_uart_tty_receive+0x194/0x220 drivers/bluetooth/hci_ldisc.c:627\n tiocsti+0x23c/0x2c0 drivers/tty/tty_io.c:2290\n tty_ioctl+0x626/0xde0 drivers/tty/tty_io.c:2706\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nTo prevent this, ensure that the HCI_UART_REGISTERED flag is set before\nprocessing received data. If the protocol is not registered, return\n-EUNATCH.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 4.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40308", "https://git.kernel.org/linus/ca94b2b036c22556c3a66f1b80f490882deef7a6 (6.18-rc1)", "https://git.kernel.org/stable/c/164586725b47f9d61912e6bf17dbaffeff11710b", "https://git.kernel.org/stable/c/39a7d40314b6288cfa2d13269275e9247a7a055a", "https://git.kernel.org/stable/c/55c1519fca830f59a10bbf9aa8209c87b06cf7bc", "https://git.kernel.org/stable/c/799cd62cbcc3f12ee04b33ef390ff7d41c37d671", "https://git.kernel.org/stable/c/8b892dbef3887dbe9afdc7176d1a5fd90e1636aa", "https://git.kernel.org/stable/c/b420a4c7f915fc1c94ad1f6ca740acc046d94334", "https://git.kernel.org/stable/c/b65ca9708bfbf47d8b7bd44b7c574bd16798e9c9", "https://git.kernel.org/stable/c/ca94b2b036c22556c3a66f1b80f490882deef7a6", "https://linux.oracle.com/cve/CVE-2025-40308.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025120821-CVE-2025-40308-0613@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40308", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40308" ], "PublishedDate": "2025-12-08T01:16:03.073Z", "LastModifiedDate": "2025-12-08T18:26:19.9Z" }, { "VulnerabilityID": "CVE-2025-40309", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40309", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:038a63958fa93e289984d36e089841d6926338fefce7a4a38c8f7d90eeeec7c9", "Title": "kernel: Bluetooth: SCO: Fix UAF on sco_conn_free", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: SCO: Fix UAF on sco_conn_free\n\nBUG: KASAN: slab-use-after-free in sco_conn_free net/bluetooth/sco.c:87 [inline]\nBUG: KASAN: slab-use-after-free in kref_put include/linux/kref.h:65 [inline]\nBUG: KASAN: slab-use-after-free in sco_conn_put+0xdd/0x410\nnet/bluetooth/sco.c:107\nWrite of size 8 at addr ffff88811cb96b50 by task kworker/u17:4/352\n\nCPU: 1 UID: 0 PID: 352 Comm: kworker/u17:4 Not tainted\n6.17.0-rc5-g717368f83676 #4 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nWorkqueue: hci13 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x10b/0x170 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x191/0x550 mm/kasan/report.c:482\n kasan_report+0xc4/0x100 mm/kasan/report.c:595\n sco_conn_free net/bluetooth/sco.c:87 [inline]\n kref_put include/linux/kref.h:65 [inline]\n sco_conn_put+0xdd/0x410 net/bluetooth/sco.c:107\n sco_connect_cfm+0xb4/0xae0 net/bluetooth/sco.c:1441\n hci_connect_cfm include/net/bluetooth/hci_core.h:2082 [inline]\n hci_conn_failed+0x20a/0x2e0 net/bluetooth/hci_conn.c:1313\n hci_conn_unlink+0x55f/0x810 net/bluetooth/hci_conn.c:1121\n hci_conn_del+0xb6/0x1110 net/bluetooth/hci_conn.c:1147\n hci_abort_conn_sync+0x8c5/0xbb0 net/bluetooth/hci_sync.c:5689\n hci_cmd_sync_work+0x281/0x380 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3236 [inline]\n process_scheduled_works+0x77e/0x1040 kernel/workqueue.c:3319\n worker_thread+0xbee/0x1200 kernel/workqueue.c:3400\n kthread+0x3c7/0x870 kernel/kthread.c:463\n ret_from_fork+0x13a/0x1e0 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nAllocated by task 31370:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x30/0x70 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:388 [inline]\n __kasan_kmalloc+0x82/0x90 mm/kasan/common.c:405\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4382 [inline]\n __kmalloc_noprof+0x22f/0x390 mm/slub.c:4394\n kmalloc_noprof include/linux/slab.h:909 [inline]\n sk_prot_alloc+0xae/0x220 net/core/sock.c:2239\n sk_alloc+0x34/0x5a0 net/core/sock.c:2295\n bt_sock_alloc+0x3c/0x330 net/bluetooth/af_bluetooth.c:151\n sco_sock_alloc net/bluetooth/sco.c:562 [inline]\n sco_sock_create+0xc0/0x350 net/bluetooth/sco.c:593\n bt_sock_create+0x161/0x3b0 net/bluetooth/af_bluetooth.c:135\n __sock_create+0x3ad/0x780 net/socket.c:1589\n sock_create net/socket.c:1647 [inline]\n __sys_socket_create net/socket.c:1684 [inline]\n __sys_socket+0xd5/0x330 net/socket.c:1731\n __do_sys_socket net/socket.c:1745 [inline]\n __se_sys_socket net/socket.c:1743 [inline]\n __x64_sys_socket+0x7a/0x90 net/socket.c:1743\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xc7/0x240 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 31374:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x30/0x70 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:243 [inline]\n __kasan_slab_free+0x3d/0x50 mm/kasan/common.c:275\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2428 [inline]\n slab_free mm/slub.c:4701 [inline]\n kfree+0x199/0x3b0 mm/slub.c:4900\n sk_prot_free net/core/sock.c:2278 [inline]\n __sk_destruct+0x4aa/0x630 net/core/sock.c:2373\n sco_sock_release+0x2ad/0x300 net/bluetooth/sco.c:1333\n __sock_release net/socket.c:649 [inline]\n sock_close+0xb8/0x230 net/socket.c:1439\n __fput+0x3d1/0x9e0 fs/file_table.c:468\n task_work_run+0x206/0x2a0 kernel/task_work.c:227\n get_signal+0x1201/0x1410 kernel/signal.c:2807\n arch_do_signal_or_restart+0x34/0x740 arch/x86/kernel/signal.c:337\n exit_to_user_mode_loop+0x68/0xc0 kernel/entry/common.c:40\n exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]\n s\n---truncated---", "Severity": "MEDIUM", "VendorSeverity": { "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H", "V3Score": 6.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40309", "https://git.kernel.org/linus/ecb9a843be4d6fd710d7026e359f21015a062572 (6.18-rc1)", "https://git.kernel.org/stable/c/03371c0218189b185595b65a04dad60076ca9718", "https://git.kernel.org/stable/c/391f83547b7b2c63e4b572ab838e10a06cfa4425", "https://git.kernel.org/stable/c/57707135755bd78b1fe5acaebb054fba4739e14c", "https://git.kernel.org/stable/c/c17caff1062ca91ebac44bfd01d2fb3d99dc0e23", "https://git.kernel.org/stable/c/c419674cc74309ffaabc591e7200efb49a18fccd", "https://git.kernel.org/stable/c/d2850f037c2ae75882d68ae654d546ff5c0f678c", "https://git.kernel.org/stable/c/ecb9a843be4d6fd710d7026e359f21015a062572", "https://git.kernel.org/stable/c/ed10dddc7df2daaf2a4d98a972aac5183e738cc0", "https://linux.oracle.com/cve/CVE-2025-40309.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025120821-CVE-2025-40309-8e98@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40309", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40309" ], "PublishedDate": "2025-12-08T01:16:03.207Z", "LastModifiedDate": "2026-01-02T16:16:57.547Z" }, { "VulnerabilityID": "CVE-2025-40310", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40310", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:dd5b7443570116be64a6577a185f52d7e336dc306c07ecfe5fd30e2c5fe58747", "Title": "kernel: amd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\namd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw\n\nThere is race in amdgpu_amdkfd_device_fini_sw and interrupt.\nif amdgpu_amdkfd_device_fini_sw run in b/w kfd_cleanup_nodes and\n kfree(kfd), and KGD interrupt generated.\n\nkernel panic log:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000098\namdgpu 0000:c8:00.0: amdgpu: Requesting 4 partitions through PSP\n\nPGD d78c68067 P4D d78c68067\n\nkfd kfd: amdgpu: Allocated 3969056 bytes on gart\n\nPUD 1465b8067 PMD @\n\nOops: @002 [#1] SMP NOPTI\n\nkfd kfd: amdgpu: Total number of KFD nodes to be created: 4\nCPU: 115 PID: @ Comm: swapper/115 Kdump: loaded Tainted: G S W OE K\n\nRIP: 0010:_raw_spin_lock_irqsave+0x12/0x40\n\nCode: 89 e@ 41 5c c3 cc cc cc cc 66 66 2e Of 1f 84 00 00 00 00 00 OF 1f 40 00 Of 1f 44% 00 00 41 54 9c 41 5c fa 31 cO ba 01 00 00 00 \u003cfO\u003e OF b1 17 75 Ba 4c 89 e@ 41 Sc\n\n89 c6 e8 07 38 5d\n\nRSP: 0018: ffffc90@1a6b0e28 EFLAGS: 00010046\n\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000018\n0000000000000001 RSI: ffff8883bb623e00 RDI: 0000000000000098\nffff8883bb000000 RO8: ffff888100055020 ROO: ffff888100055020\n0000000000000000 R11: 0000000000000000 R12: 0900000000000002\nffff888F2b97da0@ R14: @000000000000098 R15: ffff8883babdfo00\n\nCS: 010 DS: 0000 ES: 0000 CRO: 0000000080050033\n\nCR2: 0000000000000098 CR3: 0000000e7cae2006 CR4: 0000000002770ce0\n0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n0000000000000000 DR6: 00000000fffeO7FO DR7: 0000000000000400\n\nPKRU: 55555554\n\nCall Trace:\n\n\u003cIRQ\u003e\n\nkgd2kfd_interrupt+@x6b/0x1f@ [amdgpu]\n\n? amdgpu_fence_process+0xa4/0x150 [amdgpu]\n\nkfd kfd: amdgpu: Node: 0, interrupt_bitmap: 3 YcpxFl Rant tErace\n\namdgpu_irq_dispatch+0x165/0x210 [amdgpu]\n\namdgpu_ih_process+0x80/0x100 [amdgpu]\n\namdgpu: Virtual CRAT table created for GPU\n\namdgpu_irq_handler+0x1f/@x60 [amdgpu]\n\n__handle_irq_event_percpu+0x3d/0x170\n\namdgpu: Topology: Add dGPU node [0x74a2:0x1002]\n\nhandle_irq_event+0x5a/@xcO\n\nhandle_edge_irq+0x93/0x240\n\nkfd kfd: amdgpu: KFD node 1 partition @ size 49148M\n\nasm_call_irq_on_stack+0xf/@x20\n\n\u003c/IRQ\u003e\n\ncommon_interrupt+0xb3/0x130\n\nasm_common_interrupt+0x1le/0x40\n\n5.10.134-010.a1i5000.a18.x86_64 #1", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "oracle-oval": 3, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40310", "https://git.kernel.org/linus/99d7181bca34e96fbf61bdb6844918bdd4df2814 (6.18-rc1)", "https://git.kernel.org/stable/c/2f89a2d15550b653caaeeab7ab68c4d7583fd4fe", "https://git.kernel.org/stable/c/93f8d67ef8b50334a26129df4da5a4cb60ad4090", "https://git.kernel.org/stable/c/99d7181bca34e96fbf61bdb6844918bdd4df2814", "https://git.kernel.org/stable/c/bc9e789053abe463f8cf74eee5fc2f157c11a79f", "https://linux.oracle.com/cve/CVE-2025-40310.html", "https://linux.oracle.com/errata/ELSA-2026-50006.html", "https://lore.kernel.org/linux-cve-announce/2025120821-CVE-2025-40310-23c0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40310", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40310" ], "PublishedDate": "2025-12-08T01:16:03.347Z", "LastModifiedDate": "2025-12-08T18:26:19.9Z" }, { "VulnerabilityID": "CVE-2025-40311", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40311", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:205b909d0533a374b749bc97e08c8b590417ca9ec4bb730f5b1892ea7af76ba2", "Title": "kernel: accel/habanalabs: support mapping cb with vmalloc-backed coherent memory", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/habanalabs: support mapping cb with vmalloc-backed coherent memory\n\nWhen IOMMU is enabled, dma_alloc_coherent() with GFP_USER may return\naddresses from the vmalloc range. If such an address is mapped without\nVM_MIXEDMAP, vm_insert_page() will trigger a BUG_ON due to the\nVM_PFNMAP restriction.\n\nFix this by checking for vmalloc addresses and setting VM_MIXEDMAP\nin the VMA before mapping. This ensures safe mapping and avoids kernel\ncrashes. The memory is still driver-allocated and cannot be accessed\ndirectly by userspace.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40311", "https://git.kernel.org/linus/513024d5a0e34fd34247043f1876b6138ca52847 (6.18-rc1)", "https://git.kernel.org/stable/c/513024d5a0e34fd34247043f1876b6138ca52847", "https://git.kernel.org/stable/c/73c7c2cdb442fc4160d2a2a4bfffbd162af06cb9", "https://git.kernel.org/stable/c/7ec8ac9f73d4a9438c2186768d6de27ace37531e", "https://git.kernel.org/stable/c/d1dfe21a332d38a6a09658ec29a55940afb5fe36", "https://lore.kernel.org/linux-cve-announce/2025120821-CVE-2025-40311-34ea@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40311", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40311" ], "PublishedDate": "2025-12-08T01:16:03.477Z", "LastModifiedDate": "2025-12-08T18:26:19.9Z" }, { "VulnerabilityID": "CVE-2025-40312", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40312", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:92ae6b1444d0453e21a8cee22edde116dad52e466d23622b854bf180735da0c4", "Title": "kernel: Linux kernel (JFS): Data corruption, information disclosure, and system unavailability via invalid inode mode.", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Verify inode mode when loading from disk\n\nThe inode mode loaded from corrupted disk can be invalid. Do like what\ncommit 0a9e74051313 (\"isofs: Verify inode mode when loading from disk\")\ndoes.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 4.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40312", "https://git.kernel.org/linus/7a5aa54fba2bd591b22b9b624e6baa9037276986 (6.18-rc1)", "https://git.kernel.org/stable/c/1795277a4e98d82e6451544d43695540cee042ea", "https://git.kernel.org/stable/c/19cce65709a8a2966203653028d9004e28e85bd5", "https://git.kernel.org/stable/c/2870a7dec49ccdc3f6ae35da8f5d6737f21133a8", "https://git.kernel.org/stable/c/46c76cfa17d1828c1a889cb54cb11d5ef3dfbc0f", "https://git.kernel.org/stable/c/7a5aa54fba2bd591b22b9b624e6baa9037276986", "https://git.kernel.org/stable/c/8d6a9cbd276b3b85da0e7e98208f89416fed9265", "https://git.kernel.org/stable/c/ce054a366c54992185c9514e489a14f145b10c29", "https://git.kernel.org/stable/c/fabc1348bb8fe6bc80850014ee94bd89945f7f4d", "https://lore.kernel.org/linux-cve-announce/2025120821-CVE-2025-40312-2743@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40312", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40312" ], "PublishedDate": "2025-12-08T01:16:03.613Z", "LastModifiedDate": "2025-12-08T18:26:19.9Z" }, { "VulnerabilityID": "CVE-2025-40313", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40313", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:31c2ded44bb9e40b112c9dcc44bb9f0c7a58d1d10a1a19fae51a335d0d6b577c", "Title": "kernel: ntfs3: pretend $Extend records as regular files", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nntfs3: pretend $Extend records as regular files\n\nSince commit af153bb63a33 (\"vfs: catch invalid modes in may_open()\")\nrequires any inode be one of S_IFDIR/S_IFLNK/S_IFREG/S_IFCHR/S_IFBLK/\nS_IFIFO/S_IFSOCK type, use S_IFREG for $Extend records.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40313", "https://git.kernel.org/linus/4e8011ffec79717e5fdac43a7e79faf811a384b7 (6.18-rc1)", "https://git.kernel.org/stable/c/17249b2a65274f73ed68bcd1604e08a60fd8a278", "https://git.kernel.org/stable/c/37f65e68ba9852dc51c78dbb54a9881c3f0fe4f7", "https://git.kernel.org/stable/c/4e8011ffec79717e5fdac43a7e79faf811a384b7", "https://git.kernel.org/stable/c/57534db1bbc4ca772393bb7d92e69d5e7b9051cf", "https://git.kernel.org/stable/c/63eb6730ce0604d3eacf036c2f68ea70b068317c", "https://git.kernel.org/stable/c/78d46f5276ed3589aaaa435580068c5b62efc921", "https://lore.kernel.org/linux-cve-announce/2025120822-CVE-2025-40313-d68b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40313", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40313" ], "PublishedDate": "2025-12-08T01:16:03.75Z", "LastModifiedDate": "2025-12-08T18:26:19.9Z" }, { "VulnerabilityID": "CVE-2025-40314", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40314", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:52a2d9a30a9782e5047d0699a058fc6d024bfb017b3ac6801636d1a449b60384", "Title": "kernel: usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget\n\nIn the __cdnsp_gadget_init() and cdnsp_gadget_exit() functions, the gadget\nstructure (pdev-\u003egadget) was freed before its endpoints.\nThe endpoints are linked via the ep_list in the gadget structure.\nFreeing the gadget first leaves dangling pointers in the endpoint list.\nWhen the endpoints are subsequently freed, this results in a use-after-free.\n\nFix:\nBy separating the usb_del_gadget_udc() operation into distinct \"del\" and\n\"put\" steps, cdnsp_gadget_free_endpoints() can be executed prior to the\nfinal release of the gadget structure with usb_put_gadget().\n\nA patch similar to bb9c74a5bd14(\"usb: dwc3: gadget: Free gadget structure\n only after freeing endpoints\").", "Severity": "MEDIUM", "VendorSeverity": { "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40314", "https://git.kernel.org/linus/87c5ff5615dc0a37167e8faf3adeeddc6f1344a3 (6.18-rc1)", "https://git.kernel.org/stable/c/0cf9a50af91fbdac3849f8d950e883a3eaa3ecea", "https://git.kernel.org/stable/c/37158ce6ba964b62d1e3eebd11f03c6900a52dd1", "https://git.kernel.org/stable/c/87c5ff5615dc0a37167e8faf3adeeddc6f1344a3", "https://git.kernel.org/stable/c/9c52f01429c377a2d32cafc977465f37b5384f77", "https://git.kernel.org/stable/c/ea37884097a0931abb8e11e40eacfb25e9fdb5e9", "https://git.kernel.org/stable/c/fdf573c517627a96f5040f988e9b21267806be5c", "https://lore.kernel.org/linux-cve-announce/2025120822-CVE-2025-40314-1dcb@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40314", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40314" ], "PublishedDate": "2025-12-08T01:16:03.877Z", "LastModifiedDate": "2025-12-08T18:26:19.9Z" }, { "VulnerabilityID": "CVE-2025-40315", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40315", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6110f6eb211916bf61da57388662236c74475819eb652cc27795612bf11745ea", "Title": "kernel: usb: gadget: f_fs: Fix epfile null pointer access after ep enable", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_fs: Fix epfile null pointer access after ep enable.\n\nA race condition occurs when ffs_func_eps_enable() runs concurrently\nwith ffs_data_reset(). The ffs_data_clear() called in ffs_data_reset()\nsets ffs-\u003eepfiles to NULL before resetting ffs-\u003eeps_count to 0, leading\nto a NULL pointer dereference when accessing epfile-\u003eep in\nffs_func_eps_enable() after successful usb_ep_enable().\n\nThe ffs-\u003eepfiles pointer is set to NULL in both ffs_data_clear() and\nffs_data_close() functions, and its modification is protected by the\nspinlock ffs-\u003eeps_lock. And the whole ffs_func_eps_enable() function\nis also protected by ffs-\u003eeps_lock.\n\nThus, add NULL pointer handling for ffs-\u003eepfiles in the\nffs_func_eps_enable() function to fix issues", "Severity": "MEDIUM", "VendorSeverity": { "photon": 3, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40315", "https://git.kernel.org/linus/cfd6f1a7b42f62523c96d9703ef32b0dbc495ba4 (6.18-rc1)", "https://git.kernel.org/stable/c/1c0dbd240be3f87cac321b14e17979b7e9cb6a8f", "https://git.kernel.org/stable/c/30880e9df27332403dd638a82c27921134b3630b", "https://git.kernel.org/stable/c/9ec40fba7357df2d36f4c2e2f3b9b1a4fba0a272", "https://git.kernel.org/stable/c/b00d2572c16e8e59e979960d3383c2ae9cebd195", "https://git.kernel.org/stable/c/c53e90563bc148e4e0ad09fe130ba2246d426ea6", "https://git.kernel.org/stable/c/cfd6f1a7b42f62523c96d9703ef32b0dbc495ba4", "https://git.kernel.org/stable/c/d62b808d5c68a931ad0849a00a5e3be3dd7e0019", "https://git.kernel.org/stable/c/fc1141a530dfc91f0ee19b7f422a2d24829584bc", "https://lore.kernel.org/linux-cve-announce/2025120822-CVE-2025-40315-38da@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40315", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40315" ], "PublishedDate": "2025-12-08T01:16:04.013Z", "LastModifiedDate": "2025-12-08T18:26:19.9Z" }, { "VulnerabilityID": "CVE-2025-40317", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40317", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:77fc3cee710bd6ee0bbdfd36ad0b79c75378ed7972f4dad2c7db58b34d26d3b9", "Title": "kernel: regmap: slimbus: fix bus_context pointer in regmap init calls", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nregmap: slimbus: fix bus_context pointer in regmap init calls\n\nCommit 4e65bda8273c (\"ASoC: wcd934x: fix error handling in\nwcd934x_codec_parse_data()\") revealed the problem in the slimbus regmap.\nThat commit breaks audio playback, for instance, on sdm845 Thundercomm\nDragonboard 845c board:\n\n Unable to handle kernel paging request at virtual address ffff8000847cbad4\n ...\n CPU: 5 UID: 0 PID: 776 Comm: aplay Not tainted 6.18.0-rc1-00028-g7ea30958b305 #11 PREEMPT\n Hardware name: Thundercomm Dragonboard 845c (DT)\n ...\n Call trace:\n slim_xfer_msg+0x24/0x1ac [slimbus] (P)\n slim_read+0x48/0x74 [slimbus]\n regmap_slimbus_read+0x18/0x24 [regmap_slimbus]\n _regmap_raw_read+0xe8/0x174\n _regmap_bus_read+0x44/0x80\n _regmap_read+0x60/0xd8\n _regmap_update_bits+0xf4/0x140\n _regmap_select_page+0xa8/0x124\n _regmap_raw_write_impl+0x3b8/0x65c\n _regmap_bus_raw_write+0x60/0x80\n _regmap_write+0x58/0xc0\n regmap_write+0x4c/0x80\n wcd934x_hw_params+0x494/0x8b8 [snd_soc_wcd934x]\n snd_soc_dai_hw_params+0x3c/0x7c [snd_soc_core]\n __soc_pcm_hw_params+0x22c/0x634 [snd_soc_core]\n dpcm_be_dai_hw_params+0x1d4/0x38c [snd_soc_core]\n dpcm_fe_dai_hw_params+0x9c/0x17c [snd_soc_core]\n snd_pcm_hw_params+0x124/0x464 [snd_pcm]\n snd_pcm_common_ioctl+0x110c/0x1820 [snd_pcm]\n snd_pcm_ioctl+0x34/0x4c [snd_pcm]\n __arm64_sys_ioctl+0xac/0x104\n invoke_syscall+0x48/0x104\n el0_svc_common.constprop.0+0x40/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x34/0xec\n el0t_64_sync_handler+0xa0/0xf0\n el0t_64_sync+0x198/0x19c\n\nThe __devm_regmap_init_slimbus() started to be used instead of\n__regmap_init_slimbus() after the commit mentioned above and turns out\nthe incorrect bus_context pointer (3rd argument) was used in\n__devm_regmap_init_slimbus(). It should be just \"slimbus\" (which is equal\nto \u0026slimbus-\u003edev). Correct it. The wcd934x codec seems to be the only or\nthe first user of devm_regmap_init_slimbus() but we should fix it till\nthe point where __devm_regmap_init_slimbus() was introduced therefore\ntwo \"Fixes\" tags.\n\nWhile at this, also correct the same argument in __regmap_init_slimbus().", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40317", "https://git.kernel.org/linus/434f7349a1f00618a620b316f091bd13a12bc8d2 (6.18-rc4)", "https://git.kernel.org/stable/c/02d3041caaa3fe4dd69e5a8afd1ac6b918ddc6a1", "https://git.kernel.org/stable/c/2664bfd8969d1c43dcbe3ea313f130dfa6b74f4c", "https://git.kernel.org/stable/c/434f7349a1f00618a620b316f091bd13a12bc8d2", "https://git.kernel.org/stable/c/8143e4075d131c528540417a51966f6697be14eb", "https://git.kernel.org/stable/c/a16e92f8d7dc7371e68f17a9926cb92d2244be7b", "https://git.kernel.org/stable/c/b65f3303349eaee333e47d2a99045aa12fa0c3a7", "https://git.kernel.org/stable/c/c0f05129e5734ff3fd14b2c242709314d9ca5433", "https://git.kernel.org/stable/c/d979639f099c6e51f06ce4dd8d8e56364d6c17ba", "https://lore.kernel.org/linux-cve-announce/2025120822-CVE-2025-40317-5237@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40317", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40317" ], "PublishedDate": "2025-12-08T01:16:04.277Z", "LastModifiedDate": "2025-12-08T18:26:19.9Z" }, { "VulnerabilityID": "CVE-2025-40319", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40319", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:49456b27fb5028946d04be438042e7ece75c965aa550d8cef353529fbb3c7351", "Title": "kernel: bpf: Sync pending IRQ work before freeing ring buffer", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Sync pending IRQ work before freeing ring buffer\n\nFix a race where irq_work can be queued in bpf_ringbuf_commit()\nbut the ring buffer is freed before the work executes.\nIn the syzbot reproducer, a BPF program attached to sched_switch\ntriggers bpf_ringbuf_commit(), queuing an irq_work. If the ring buffer\nis freed before this work executes, the irq_work thread may accesses\nfreed memory.\nCalling `irq_work_sync(\u0026rb-\u003ework)` ensures that all pending irq_work\ncomplete before freeing the buffer.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 3, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "V3Score": 5.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40319", "https://git.kernel.org/linus/4e9077638301816a7d73fa1e1b4c1db4a7e3b59c (6.18-rc4)", "https://git.kernel.org/stable/c/10ca3b2eec384628bc9f5d8190aed9427ad2dde6", "https://git.kernel.org/stable/c/430e15544f11f8de26b2b5109c7152f71b78295e", "https://git.kernel.org/stable/c/47626748a2a00068dbbd5836d19076637b4e235b", "https://git.kernel.org/stable/c/4e9077638301816a7d73fa1e1b4c1db4a7e3b59c", "https://git.kernel.org/stable/c/6451141103547f4efd774e912418a3b4318046c6", "https://git.kernel.org/stable/c/de2ce6b14bc3e565708a39bdba3ef9162aeffc72", "https://git.kernel.org/stable/c/e1828c7a8d8135e21ff6adaaa9458c32aae13b11", "https://linux.oracle.com/cve/CVE-2025-40319.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025120823-CVE-2025-40319-9a46@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40319", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40319" ], "PublishedDate": "2025-12-08T01:16:04.543Z", "LastModifiedDate": "2025-12-08T18:26:19.9Z" }, { "VulnerabilityID": "CVE-2025-40321", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40321", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d3f9d2c64285ce28516f9ba0b6a293e2f8399b0fe1e20f47d64c34427cc15f6b", "Title": "kernel: wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode\n\nCurrently, whenever there is a need to transmit an Action frame,\nthe brcmfmac driver always uses the P2P vif to send the \"actframe\" IOVAR to\nfirmware. The P2P interfaces were available when wpa_supplicant is managing\nthe wlan interface.\n\nHowever, the P2P interfaces are not created/initialized when only hostapd\nis managing the wlan interface. And if hostapd receives an ANQP Query REQ\nAction frame even from an un-associated STA, the brcmfmac driver tries\nto use an uninitialized P2P vif pointer for sending the IOVAR to firmware.\nThis NULL pointer dereferencing triggers a driver crash.\n\n [ 1417.074538] Unable to handle kernel NULL pointer dereference at virtual\n address 0000000000000000\n [...]\n [ 1417.075188] Hardware name: Raspberry Pi 4 Model B Rev 1.5 (DT)\n [...]\n [ 1417.075653] Call trace:\n [ 1417.075662] brcmf_p2p_send_action_frame+0x23c/0xc58 [brcmfmac]\n [ 1417.075738] brcmf_cfg80211_mgmt_tx+0x304/0x5c0 [brcmfmac]\n [ 1417.075810] cfg80211_mlme_mgmt_tx+0x1b0/0x428 [cfg80211]\n [ 1417.076067] nl80211_tx_mgmt+0x238/0x388 [cfg80211]\n [ 1417.076281] genl_family_rcv_msg_doit+0xe0/0x158\n [ 1417.076302] genl_rcv_msg+0x220/0x2a0\n [ 1417.076317] netlink_rcv_skb+0x68/0x140\n [ 1417.076330] genl_rcv+0x40/0x60\n [ 1417.076343] netlink_unicast+0x330/0x3b8\n [ 1417.076357] netlink_sendmsg+0x19c/0x3f8\n [ 1417.076370] __sock_sendmsg+0x64/0xc0\n [ 1417.076391] ____sys_sendmsg+0x268/0x2a0\n [ 1417.076408] ___sys_sendmsg+0xb8/0x118\n [ 1417.076427] __sys_sendmsg+0x90/0xf8\n [ 1417.076445] __arm64_sys_sendmsg+0x2c/0x40\n [ 1417.076465] invoke_syscall+0x50/0x120\n [ 1417.076486] el0_svc_common.constprop.0+0x48/0xf0\n [ 1417.076506] do_el0_svc+0x24/0x38\n [ 1417.076525] el0_svc+0x30/0x100\n [ 1417.076548] el0t_64_sync_handler+0x100/0x130\n [ 1417.076569] el0t_64_sync+0x190/0x198\n [ 1417.076589] Code: f9401e80 aa1603e2 f9403be1 5280e483 (f9400000)\n\nFix this, by always using the vif corresponding to the wdev on which the\nAction frame Transmission request was initiated by the userspace. This way,\neven if P2P vif is not available, the IOVAR is sent to firmware on AP vif\nand the ANQP Query RESP Action frame is transmitted without crashing the\ndriver.\n\nMove init_completion() for \"send_af_done\" from brcmf_p2p_create_p2pdev()\nto brcmf_p2p_attach(). Because the former function would not get executed\nwhen only hostapd is managing wlan interface, and it is not safe to do\nreinit_completion() later in brcmf_p2p_tx_action_frame(), without any prior\ninit_completion().\n\nAnd in the brcmf_p2p_tx_action_frame() function, the condition check for\nP2P Presence response frame is not needed, since the wpa_supplicant is\nproperly sending the P2P Presense Response frame on the P2P-GO vif instead\nof the P2P-Device vif.\n\n[Cc stable]", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 6.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40321", "https://git.kernel.org/linus/3776c685ebe5f43e9060af06872661de55e80b9a (6.18-rc4)", "https://git.kernel.org/stable/c/3776c685ebe5f43e9060af06872661de55e80b9a", "https://git.kernel.org/stable/c/55f60a72a178909ece4e32987e4c642ba57e1cf4", "https://git.kernel.org/stable/c/64e3175d1c8a3bea02032e7c9d1befd5f43786fa", "https://git.kernel.org/stable/c/a6eed58249e7d60f856900e682992300f770f64b", "https://git.kernel.org/stable/c/c2b0f8d3e7358c33d90f0e62765d474f25f26a45", "https://git.kernel.org/stable/c/c863b9c7b4e9af0b7931cb791ec91971a50f1a25", "https://git.kernel.org/stable/c/dbc7357b6aae686d9404e1dd7e2e6cf92c3a1b5a", "https://git.kernel.org/stable/c/e1fc9afcce9139791260f962541282d47fbb508d", "https://linux.oracle.com/cve/CVE-2025-40321.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025120823-CVE-2025-40321-83bc@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40321", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40321" ], "PublishedDate": "2025-12-08T01:16:04.793Z", "LastModifiedDate": "2025-12-08T18:26:19.9Z" }, { "VulnerabilityID": "CVE-2025-40322", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40322", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:57230cdda9e6608ab0ef04ed17dd22802e6e477e952f6b199c6d05a76ca88136", "Title": "kernel: Linux kernel: Information disclosure and denial of service via out-of-bounds read in font glyph handling", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: bitblit: bound-check glyph index in bit_putcs*\n\nbit_putcs_aligned()/unaligned() derived the glyph pointer from the\ncharacter value masked by 0xff/0x1ff, which may exceed the actual font's\nglyph count and read past the end of the built-in font array.\nClamp the index to the actual glyph count before computing the address.\n\nThis fixes a global out-of-bounds read reported by syzbot.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 1, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:2722", "https://access.redhat.com/security/cve/CVE-2025-40322", "https://bugzilla.redhat.com/2360239", "https://bugzilla.redhat.com/2406747", "https://bugzilla.redhat.com/2419870", "https://bugzilla.redhat.com/2419902", "https://bugzilla.redhat.com/2424880", "https://bugzilla.redhat.com/2429116", "https://bugzilla.redhat.com/2432671", "https://bugzilla.redhat.com/show_bug.cgi?id=2360239", "https://bugzilla.redhat.com/show_bug.cgi?id=2406747", "https://bugzilla.redhat.com/show_bug.cgi?id=2419870", "https://bugzilla.redhat.com/show_bug.cgi?id=2419902", "https://bugzilla.redhat.com/show_bug.cgi?id=2424880", "https://bugzilla.redhat.com/show_bug.cgi?id=2429116", "https://bugzilla.redhat.com/show_bug.cgi?id=2432671", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-53034", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68349", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68811", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22998", "https://errata.almalinux.org/9/ALSA-2026-2722.html", "https://errata.rockylinux.org/RLSA-2026:2722", "https://git.kernel.org/linus/18c4ef4e765a798b47980555ed665d78b71aeadf (6.18-rc4)", "https://git.kernel.org/stable/c/0998a6cb232674408a03e8561dc15aa266b2f53b", "https://git.kernel.org/stable/c/18c4ef4e765a798b47980555ed665d78b71aeadf", "https://git.kernel.org/stable/c/901f44227072be60812fe8083e83e1533c04eed1", "https://git.kernel.org/stable/c/9ba1a7802ca9a2590cef95b253e6526f4364477f", "https://git.kernel.org/stable/c/a10cede006f9614b465cf25609a8753efbfd45cc", "https://git.kernel.org/stable/c/c12003bf91fdff381c55ef54fef3e961a5af2545", "https://git.kernel.org/stable/c/db5c9a162d2f42bcc842b76b3d935dcc050a0eec", "https://git.kernel.org/stable/c/efaf89a75a29b2d179bf4fe63ca62852e93ad620", "https://linux.oracle.com/cve/CVE-2025-40322.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025120823-CVE-2025-40322-6355@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40322", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40322" ], "PublishedDate": "2025-12-08T01:16:04.923Z", "LastModifiedDate": "2025-12-08T18:26:19.9Z" }, { "VulnerabilityID": "CVE-2025-40323", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40323", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b08fd9ef1003b88d5f13d41d482076c3c881c33218a558dbfd8d732edd64f14e", "Title": "kernel: fbcon: Set fb_display[i]-\u003emode to NULL when the mode is released", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbcon: Set fb_display[i]-\u003emode to NULL when the mode is released\n\nRecently, we discovered the following issue through syzkaller:\n\nBUG: KASAN: slab-use-after-free in fb_mode_is_equal+0x285/0x2f0\nRead of size 4 at addr ff11000001b3c69c by task syz.xxx\n...\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xab/0xe0\n print_address_description.constprop.0+0x2c/0x390\n print_report+0xb9/0x280\n kasan_report+0xb8/0xf0\n fb_mode_is_equal+0x285/0x2f0\n fbcon_mode_deleted+0x129/0x180\n fb_set_var+0xe7f/0x11d0\n do_fb_ioctl+0x6a0/0x750\n fb_ioctl+0xe0/0x140\n __x64_sys_ioctl+0x193/0x210\n do_syscall_64+0x5f/0x9c0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nBased on experimentation and analysis, during framebuffer unregistration,\nonly the memory of fb_info-\u003emodelist is freed, without setting the\ncorresponding fb_display[i]-\u003emode to NULL for the freed modes. This leads\nto UAF issues during subsequent accesses. Here's an example of reproduction\nsteps:\n1. With /dev/fb0 already registered in the system, load a kernel module\n to register a new device /dev/fb1;\n2. Set fb1's mode to the global fb_display[] array (via FBIOPUT_CON2FBMAP);\n3. Switch console from fb to VGA (to allow normal rmmod of the ko);\n4. Unload the kernel module, at this point fb1's modelist is freed, leaving\n a wild pointer in fb_display[];\n5. Trigger the bug via system calls through fb0 attempting to delete a mode\n from fb0.\n\nAdd a check in do_unregister_framebuffer(): if the mode to be freed exists\nin fb_display[], set the corresponding mode pointer to NULL.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40323", "https://git.kernel.org/linus/a1f3058930745d2b938b6b4f5bd9630dc74b26b7 (6.18-rc4)", "https://git.kernel.org/stable/c/468f78276a37f4c6499385a4ce28f4f57be6655d", "https://git.kernel.org/stable/c/4ac18f0e6a6d599ca751c4cd98e522afc8e3d4eb", "https://git.kernel.org/stable/c/a1f3058930745d2b938b6b4f5bd9630dc74b26b7", "https://git.kernel.org/stable/c/c079d42f70109512eee49123a843be91d8fa133f", "https://git.kernel.org/stable/c/de89d19f4f30d9a8de87b9d08c1bd35cb70576d8", "https://linux.oracle.com/cve/CVE-2025-40323.html", "https://linux.oracle.com/errata/ELSA-2026-50006.html", "https://lore.kernel.org/linux-cve-announce/2025120824-CVE-2025-40323-047f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40323", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40323" ], "PublishedDate": "2025-12-08T01:16:05.067Z", "LastModifiedDate": "2025-12-08T18:26:19.9Z" }, { "VulnerabilityID": "CVE-2025-40324", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40324", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4bb0f6408ced448152c5049108eb28ecadd22bdb48c20b3488cdc368d53ed673", "Title": "kernel: NFSD: Fix crash in nfsd4_read_release()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Fix crash in nfsd4_read_release()\n\nWhen tracing is enabled, the trace_nfsd_read_done trace point\ncrashes during the pynfs read.testNoFh test.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40324", "https://git.kernel.org/linus/abb1f08a2121dd270193746e43b2a9373db9ad84 (6.18-rc4)", "https://git.kernel.org/stable/c/03524ccff698d4a77d096ed529073d91f5edee5d", "https://git.kernel.org/stable/c/2ac46606b2cc49e78d8e3d8f2685e79e9ba73020", "https://git.kernel.org/stable/c/375fdd8993cecc48afa359728a6e70b280dde1c8", "https://git.kernel.org/stable/c/8f244b773c63fa480c9a3bd1ae04f5272f285e89", "https://git.kernel.org/stable/c/930cb4fe3ab4061be31f20ee30bb72a66f7bb6d1", "https://git.kernel.org/stable/c/a4948875ed0599c037dc438c11891c9012721b1d", "https://git.kernel.org/stable/c/abb1f08a2121dd270193746e43b2a9373db9ad84", "https://linux.oracle.com/cve/CVE-2025-40324.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025120824-CVE-2025-40324-a4cd@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40324", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40324" ], "PublishedDate": "2025-12-08T01:16:05.197Z", "LastModifiedDate": "2025-12-08T18:26:19.9Z" }, { "VulnerabilityID": "CVE-2025-40325", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40325", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:25f7a2eb014232d9aebedb0bc069802a40fa8d651e933e3abfbd46bd76bb5f0d", "Title": "kernel: md/raid10: wait barrier before returning discard request with REQ_NOWAIT", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid10: wait barrier before returning discard request with REQ_NOWAIT\n\nraid10_handle_discard should wait barrier before returning a discard bio\nwhich has REQ_NOWAIT. And there is no need to print warning calltrace\nif a discard bio has REQ_NOWAIT flag. Quality engineer usually checks\ndmesg and reports error if dmesg has warning/error calltrace.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40325", "https://git.kernel.org/linus/3db4404435397a345431b45f57876a3df133f3b4 (6.15-rc1)", "https://git.kernel.org/stable/c/31d3156efe909b53ba174861a3da880c688f5edc", "https://git.kernel.org/stable/c/31ff67982c5fa39c0093b9d9f429fef91c2494b7", "https://git.kernel.org/stable/c/3db4404435397a345431b45f57876a3df133f3b4", "https://linux.oracle.com/cve/CVE-2025-40325.html", "https://linux.oracle.com/errata/ELSA-2026-50112.html", "https://lore.kernel.org/linux-cve-announce/2025041822-CVE-2025-40325-3cc4@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40325", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://www.cve.org/CVERecord?id=CVE-2025-40325" ], "PublishedDate": "2025-04-18T07:15:44.87Z", "LastModifiedDate": "2026-01-08T10:15:49.683Z" }, { "VulnerabilityID": "CVE-2025-40331", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40331", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9900fc1b163767f5b9a75f803b48805b22aae96258645361d785c4febc92622c", "Title": "kernel: sctp: Prevent TOCTOU out-of-bounds write", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: Prevent TOCTOU out-of-bounds write\n\nFor the following path not holding the sock lock,\n\n sctp_diag_dump() -\u003e sctp_for_each_endpoint() -\u003e sctp_ep_dump()\n\nmake sure not to exceed bounds in case the address list has grown\nbetween buffer allocation (time-of-check) and write (time-of-use).", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40331", "https://git.kernel.org/linus/95aef86ab231f047bb8085c70666059b58f53c09 (6.18-rc5)", "https://git.kernel.org/stable/c/2fe08fcaacb7eb019fa9c81db39b2214de216677", "https://git.kernel.org/stable/c/3006959371007fc2eae4a078f823c680fa52de1a", "https://git.kernel.org/stable/c/584307275b2048991b2e8984962189b6cc0a9b85", "https://git.kernel.org/stable/c/72e3fea68eac8d088e44c3dd954e843478e9240e", "https://git.kernel.org/stable/c/89eac1e150dbd42963e13d23828cb8c4e0763196", "https://git.kernel.org/stable/c/95aef86ab231f047bb8085c70666059b58f53c09", "https://git.kernel.org/stable/c/b106a68df0650b694b254427cd9250c04500edd3", "https://git.kernel.org/stable/c/c9119f243d9c0da3c3b5f577a328de3e7ffd1b42", "https://linux.oracle.com/cve/CVE-2025-40331.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025120910-CVE-2025-40331-ee3c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40331", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40331" ], "PublishedDate": "2025-12-09T16:17:43.247Z", "LastModifiedDate": "2025-12-09T18:36:53.557Z" }, { "VulnerabilityID": "CVE-2025-40332", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40332", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:39a25d383b421d2880d549fab66ab6958198db0e96d4855b478fdac81a8d5ec1", "Title": "kernel: drm/amdkfd: Fix mmap write lock not release", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Fix mmap write lock not release\n\nIf mmap write lock is taken while draining retry fault, mmap write lock\nis not released because svm_range_restore_pages calls mmap_read_unlock\nthen returns. This causes deadlock and system hangs later because mmap\nread or write lock cannot be taken.\n\nDowngrade mmap write lock to read lock if draining retry fault fix this\nbug.", "Severity": "MEDIUM", "VendorSeverity": { "oracle-oval": 3, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40332", "https://git.kernel.org/linus/7574f30337e19045f03126b4c51f525b84e5049e (6.18-rc1)", "https://git.kernel.org/stable/c/7574f30337e19045f03126b4c51f525b84e5049e", "https://git.kernel.org/stable/c/e2105ba1c262dcaa9573f11844b6e1e1ca762c3f", "https://git.kernel.org/stable/c/f7569ef1cf978aa87aa81b5e9bf40a77497f3685", "https://linux.oracle.com/cve/CVE-2025-40332.html", "https://linux.oracle.com/errata/ELSA-2026-50006.html", "https://lore.kernel.org/linux-cve-announce/2025120910-CVE-2025-40332-7e62@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40332", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://www.cve.org/CVERecord?id=CVE-2025-40332" ], "PublishedDate": "2025-12-09T16:17:43.38Z", "LastModifiedDate": "2025-12-09T18:36:53.557Z" }, { "VulnerabilityID": "CVE-2025-40333", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40333", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:331317061d2160bf56d4a183bd037a4734f7d79a12105bc6fdc5345437e345b3", "Title": "kernel: f2fs: fix infinite loop in __insert_extent_tree()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix infinite loop in __insert_extent_tree()\n\nWhen we get wrong extent info data, and look up extent_node in rb tree,\nit will cause infinite loop (CONFIG_F2FS_CHECK_FS=n). Avoiding this by\nreturn NULL and print some kernel messages in that case.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40333", "https://git.kernel.org/linus/23361bd54966b437e1ed3eb1a704572f4b279e58 (6.18-rc1)", "https://git.kernel.org/stable/c/23361bd54966b437e1ed3eb1a704572f4b279e58", "https://git.kernel.org/stable/c/765f8816d3959ef1f3f7f85e2af748594d091f40", "https://git.kernel.org/stable/c/c0b9951bb2668d67eb4817bb23fc109abc08c075", "https://git.kernel.org/stable/c/f4c31adcb2a0556f43776d4e51a67de88d7fb9ee", "https://lore.kernel.org/linux-cve-announce/2025120910-CVE-2025-40333-4f6a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40333", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40333" ], "PublishedDate": "2025-12-09T16:17:43.493Z", "LastModifiedDate": "2025-12-09T18:36:53.557Z" }, { "VulnerabilityID": "CVE-2025-40334", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40334", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:de262eb4d023b8c43cfe04e95926d7040c1cc96f8963daa1ca1ecfac1589c2cf", "Title": "kernel: drm/amdgpu: validate userq buffer virtual address and size", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: validate userq buffer virtual address and size\n\nIt needs to validate the userq object virtual address to\ndetermine whether it is residented in a valid vm mapping.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40334", "https://git.kernel.org/linus/9e46b8bb0539d7bc9a9e7b3072fa4f6082490392 (6.18-rc1)", "https://git.kernel.org/stable/c/5a577de86c4a1c67ca405571d6ef84e65c6897d1", "https://git.kernel.org/stable/c/9e46b8bb0539d7bc9a9e7b3072fa4f6082490392", "https://lore.kernel.org/linux-cve-announce/2025120910-CVE-2025-40334-82a0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40334", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://www.cve.org/CVERecord?id=CVE-2025-40334" ], "PublishedDate": "2025-12-09T16:17:43.603Z", "LastModifiedDate": "2025-12-09T18:36:53.557Z" }, { "VulnerabilityID": "CVE-2025-40335", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40335", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:fb983bef846fc212c4305565b2534a167b42787eae66bf3bb187501a53474aa2", "Title": "kernel: drm/amdgpu: validate userq input args", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: validate userq input args\n\nThis will help on validating the userq input args, and\nrejecting for the invalid userq request at the IOCTLs\nfirst place.", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40335", "https://git.kernel.org/linus/219be4711a1ba788bc2a9fafc117139d133e5fea (6.18-rc1)", "https://git.kernel.org/stable/c/219be4711a1ba788bc2a9fafc117139d133e5fea", "https://git.kernel.org/stable/c/bdaa7ad3a5bb606d7dbd5c8627dc7efcb2392eb9", "https://lore.kernel.org/linux-cve-announce/2025120911-CVE-2025-40335-8c1e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40335", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://www.cve.org/CVERecord?id=CVE-2025-40335" ], "PublishedDate": "2025-12-09T16:17:43.71Z", "LastModifiedDate": "2025-12-09T18:36:53.557Z" }, { "VulnerabilityID": "CVE-2025-40336", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40336", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:84656f3c26e88406609abe09df1dbee4ad66c4e099511d5b462bca45755b522e", "Title": "kernel: drm/gpusvm: fix hmm_pfn_to_map_order() usage", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gpusvm: fix hmm_pfn_to_map_order() usage\n\nHandle the case where the hmm range partially covers a huge page (like\n2M), otherwise we can potentially end up doing something nasty like\nmapping memory which is outside the range, and maybe not even mapped by\nthe mm. Fix is based on the xe userptr code, which in a future patch\nwill directly use gpusvm, so needs alignment here.\n\nv2:\n - Add kernel-doc (Matt B)\n - s/fls/ilog2/ (Thomas)", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40336", "https://git.kernel.org/linus/c50729c68aaf93611c855752b00e49ce1fdd1558 (6.18-rc1)", "https://git.kernel.org/stable/c/08e9fd78ba1b9e95141181c69cc51795c9888157", "https://git.kernel.org/stable/c/c50729c68aaf93611c855752b00e49ce1fdd1558", "https://lore.kernel.org/linux-cve-announce/2025120911-CVE-2025-40336-781e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40336", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://www.cve.org/CVERecord?id=CVE-2025-40336" ], "PublishedDate": "2025-12-09T16:17:43.82Z", "LastModifiedDate": "2025-12-09T18:36:53.557Z" }, { "VulnerabilityID": "CVE-2025-40337", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40337", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2e3b52a1f9e59d555c2f1f3a82e054532f7c649428337b5fa3a6679d1114e136", "Title": "kernel: net: stmmac: Correctly handle Rx checksum offload errors", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: Correctly handle Rx checksum offload errors\n\nThe stmmac_rx function would previously set skb-\u003eip_summed to\nCHECKSUM_UNNECESSARY if hardware checksum offload (CoE) was enabled\nand the packet was of a known IP ethertype.\n\nHowever, this logic failed to check if the hardware had actually\nreported a checksum error. The hardware status, indicating a header or\npayload checksum failure, was being ignored at this stage. This could\ncause corrupt packets to be passed up the network stack as valid.\n\nThis patch corrects the logic by checking the `csum_none` status flag,\nwhich is set when the hardware reports a checksum error. If this flag\nis set, skb-\u003eip_summed is now correctly set to CHECKSUM_NONE,\nensuring the kernel's network stack will perform its own validation and\nproperly handle the corrupt packet.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "oracle-oval": 3, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40337", "https://git.kernel.org/linus/ee0aace5f844ef59335148875d05bec8764e71e8 (6.18-rc1)", "https://git.kernel.org/stable/c/1aa319e0f12d2d761a31556b82a5852c98eb0bea", "https://git.kernel.org/stable/c/63fbe0e6413279d5ea5842e2423e351ded547683", "https://git.kernel.org/stable/c/719fcdf29051f7471d5d433475af76219019d33d", "https://git.kernel.org/stable/c/ee0aace5f844ef59335148875d05bec8764e71e8", "https://linux.oracle.com/cve/CVE-2025-40337.html", "https://linux.oracle.com/errata/ELSA-2026-50006.html", "https://lore.kernel.org/linux-cve-announce/2025120911-CVE-2025-40337-d3bd@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40337", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40337" ], "PublishedDate": "2025-12-09T16:17:43.923Z", "LastModifiedDate": "2025-12-09T18:36:53.557Z" }, { "VulnerabilityID": "CVE-2025-40338", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40338", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a5bbed9e178495a7cace222d476bf3e0e565de8839c2e4dfd31a8069c2fac083", "Title": "kernel: ASoC: Intel: avs: Do not share the name pointer between components", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: Intel: avs: Do not share the name pointer between components\n\nBy sharing 'name' directly, tearing down components may lead to\nuse-after-free errors. Duplicate the name to avoid that.\n\nAt the same time, update the order of operations - since commit\ncee28113db17 (\"ASoC: dmaengine_pcm: Allow passing component name via\nconfig\") the framework does not override component-\u003ename if set before\ninvoking the initializer.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H", "V3Score": 5.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40338", "https://git.kernel.org/linus/4dee5c1cc439b0d5ef87f741518268ad6a95b23d (6.18-rc1)", "https://git.kernel.org/stable/c/128bf29c992988f8b4f3829227339908fde5ec86", "https://git.kernel.org/stable/c/4dee5c1cc439b0d5ef87f741518268ad6a95b23d", "https://lore.kernel.org/linux-cve-announce/2025120911-CVE-2025-40338-c637@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40338", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://www.cve.org/CVERecord?id=CVE-2025-40338" ], "PublishedDate": "2025-12-09T16:17:44.043Z", "LastModifiedDate": "2025-12-09T18:36:53.557Z" }, { "VulnerabilityID": "CVE-2025-40339", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40339", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e33e9ede1d61e7e7d3958ecbd707d7c0a7e8b6e775cea1b62361a475f2153816", "Title": "kernel: drm/amdgpu: fix nullptr err of vm_handle_moved", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix nullptr err of vm_handle_moved\n\nIf a amdgpu_bo_va is fpriv-\u003eprt_va, the bo of this one is always NULL.\nSo, such kind of amdgpu_bo_va should be updated separately before\namdgpu_vm_handle_moved.", "Severity": "MEDIUM", "VendorSeverity": { "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40339", "https://git.kernel.org/linus/859958a7faefe5b7742b7b8cdbc170713d4bf158 (6.18-rc1)", "https://git.kernel.org/stable/c/273d1ea12e42e9babb9783837906f3c466f213d3", "https://git.kernel.org/stable/c/47281febebe337586569aa4c5694a7511063a42e", "https://git.kernel.org/stable/c/859958a7faefe5b7742b7b8cdbc170713d4bf158", "https://linux.oracle.com/cve/CVE-2025-40339.html", "https://linux.oracle.com/errata/ELSA-2026-50006.html", "https://lore.kernel.org/linux-cve-announce/2025120911-CVE-2025-40339-82ee@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40339", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40339" ], "PublishedDate": "2025-12-09T16:17:44.157Z", "LastModifiedDate": "2025-12-09T18:36:53.557Z" }, { "VulnerabilityID": "CVE-2025-40340", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40340", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5abb9a2cc078a657367a16c0d110b9bde8661a34d92cb0a418450426d2eb891d", "Title": "kernel: drm/xe: Fix oops in xe_gem_fault when running core_hotunplug test", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix oops in xe_gem_fault when running core_hotunplug test.\n\nI saw an oops in xe_gem_fault when running the xe-fast-feedback\ntestlist against the realtime kernel without debug options enabled.\n\nThe panic happens after core_hotunplug unbind-rebind finishes.\nPresumably what happens is that a process mmaps, unlocks because\nof the FAULT_FLAG_RETRY_NOWAIT logic, has no process memory left,\ncausing ttm_bo_vm_dummy_page() to return VM_FAULT_NOPAGE, since\nthere was nothing left to populate, and then oopses in\n\"mem_type_is_vram(tbo-\u003eresource-\u003emem_type)\" because tbo-\u003eresource\nis NULL.\n\nIt's convoluted, but fits the data and explains the oops after\nthe test exits.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40340", "https://git.kernel.org/linus/1cda3c755bb7770be07d75949bb0f45fb88651f6 (6.18-rc1)", "https://git.kernel.org/stable/c/1cda3c755bb7770be07d75949bb0f45fb88651f6", "https://git.kernel.org/stable/c/29a3064f9c5a908aaf0b39cd6ed30374db11840d", "https://git.kernel.org/stable/c/99428bd6123d5676209dfb1d7a8f176cc830b665", "https://lore.kernel.org/linux-cve-announce/2025120912-CVE-2025-40340-4d41@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40340", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://www.cve.org/CVERecord?id=CVE-2025-40340" ], "PublishedDate": "2025-12-09T16:17:44.267Z", "LastModifiedDate": "2025-12-09T18:36:53.557Z" }, { "VulnerabilityID": "CVE-2025-40341", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40341", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4498e134284a998bd01232130609250d0832bc37852f66edbfb2af9ce9630929", "Title": "kernel: futex: Don't leak robust_list pointer on exec race", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfutex: Don't leak robust_list pointer on exec race\n\nsys_get_robust_list() and compat_get_robust_list() use ptrace_may_access()\nto check if the calling task is allowed to access another task's\nrobust_list pointer. This check is racy against a concurrent exec() in the\ntarget process.\n\nDuring exec(), a task may transition from a non-privileged binary to a\nprivileged one (e.g., setuid binary) and its credentials/memory mappings\nmay change. If get_robust_list() performs ptrace_may_access() before\nthis transition, it may erroneously allow access to sensitive information\nafter the target becomes privileged.\n\nA racy access allows an attacker to exploit a window during which\nptrace_may_access() passes before a target process transitions to a\nprivileged state via exec().\n\nFor example, consider a non-privileged task T that is about to execute a\nsetuid-root binary. An attacker task A calls get_robust_list(T) while T\nis still unprivileged. Since ptrace_may_access() checks permissions\nbased on current credentials, it succeeds. However, if T begins exec\nimmediately afterwards, it becomes privileged and may change its memory\nmappings. Because get_robust_list() proceeds to access T-\u003erobust_list\nwithout synchronizing with exec() it may read user-space pointers from a\nnow-privileged process.\n\nThis violates the intended post-exec access restrictions and could\nexpose sensitive memory addresses or be used as a primitive in a larger\nexploit chain. Consequently, the race can lead to unauthorized\ndisclosure of information across privilege boundaries and poses a\npotential security risk.\n\nTake a read lock on signal-\u003eexec_update_lock prior to invoking\nptrace_may_access() and accessing the robust_list/compat_robust_list.\nThis ensures that the target task's exec state remains stable during the\ncheck, allowing for consistent and synchronized validation of\ncredentials.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40341", "https://git.kernel.org/linus/6b54082c3ed4dc9821cdf0edb17302355cc5bb45 (6.18-rc1)", "https://git.kernel.org/stable/c/3b4222494489f6d4b8705a496dab03384b7ca998", "https://git.kernel.org/stable/c/4aced32596ead1820b7dbd8e40d30b30dc1f3ad4", "https://git.kernel.org/stable/c/6511984d1aa1360181bcafb1ca75df7f291ef237", "https://git.kernel.org/stable/c/6b54082c3ed4dc9821cdf0edb17302355cc5bb45", "https://git.kernel.org/stable/c/b524455a51feb6013df3a5dba3160487b2e8e22a", "https://linux.oracle.com/cve/CVE-2025-40341.html", "https://linux.oracle.com/errata/ELSA-2026-50006.html", "https://lore.kernel.org/linux-cve-announce/2025120912-CVE-2025-40341-c778@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40341", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40341" ], "PublishedDate": "2025-12-09T16:17:44.387Z", "LastModifiedDate": "2025-12-09T18:36:53.557Z" }, { "VulnerabilityID": "CVE-2025-40342", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40342", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a561cd2298407e0fa044ded0b71478cc15b32954b0ad3370055ff733d63125d1", "Title": "kernel: nvme-fc: use lock accessing port_state and rport state", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-fc: use lock accessing port_state and rport state\n\nnvme_fc_unregister_remote removes the remote port on a lport object at\nany point in time when there is no active association. This races with\nwith the reconnect logic, because nvme_fc_create_association is not\ntaking a lock to check the port_state and atomically increase the\nactive count on the rport.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40342", "https://git.kernel.org/linus/891cdbb162ccdb079cd5228ae43bdeebce8597ad (6.18-rc1)", "https://git.kernel.org/stable/c/25f4bf1f7979a7871974fd36c79d69ff1cf4b446", "https://git.kernel.org/stable/c/4253e0a4546138a2bf9cb6acf66b32fee677fc7c", "https://git.kernel.org/stable/c/891cdbb162ccdb079cd5228ae43bdeebce8597ad", "https://git.kernel.org/stable/c/9950af4303942081dc8c7a5fdc3688c17c7eb6c0", "https://git.kernel.org/stable/c/a2f7fa75c4a2a07328fa22ccbef461db76790b55", "https://git.kernel.org/stable/c/de3d91af47bc015031e7721b100a29989f6498a5", "https://git.kernel.org/stable/c/e8cde03de8674b05f2c5e0870729049eba517800", "https://linux.oracle.com/cve/CVE-2025-40342.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025120912-CVE-2025-40342-a237@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40342", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40342" ], "PublishedDate": "2025-12-09T16:17:44.517Z", "LastModifiedDate": "2025-12-09T18:36:53.557Z" }, { "VulnerabilityID": "CVE-2025-40343", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40343", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9ee40a0dd4200ceaceb4a24c4f15a18a2f7c45ab82e8c05d67b9ad8a36222c7d", "Title": "kernel: nvmet-fc: avoid scheduling association deletion twice", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-fc: avoid scheduling association deletion twice\n\nWhen forcefully shutting down a port via the configfs interface,\nnvmet_port_subsys_drop_link() first calls nvmet_port_del_ctrls() and\nthen nvmet_disable_port(). Both functions will eventually schedule all\nremaining associations for deletion.\n\nThe current implementation checks whether an association is about to be\nremoved, but only after the work item has already been scheduled. As a\nresult, it is possible for the first scheduled work item to free all\nresources, and then for the same work item to be scheduled again for\ndeletion.\n\nBecause the association list is an RCU list, it is not possible to take\na lock and remove the list entry directly, so it cannot be looked up\nagain. Instead, a flag (terminating) must be used to determine whether\nthe association is already in the process of being deleted.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H", "V3Score": 5.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40343", "https://git.kernel.org/linus/f2537be4f8421f6495edfa0bc284d722f253841d (6.18-rc1)", "https://git.kernel.org/stable/c/04d17540ef51e2c291eb863ca87fd332259b2d40", "https://git.kernel.org/stable/c/2f4852db87e25d4e226b25cb6f652fef9504360e", "https://git.kernel.org/stable/c/601ed47b2363c24d948d7bac0c23abc8bd459570", "https://git.kernel.org/stable/c/85e2ce1920cb511d57aae59f0df6ff85b28bf04d", "https://git.kernel.org/stable/c/c09ac9a63fc3aaf4670ad7b5e4f5afd764424154", "https://git.kernel.org/stable/c/f2537be4f8421f6495edfa0bc284d722f253841d", "https://linux.oracle.com/cve/CVE-2025-40343.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025120912-CVE-2025-40343-dbb0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40343", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40343" ], "PublishedDate": "2025-12-09T16:17:44.65Z", "LastModifiedDate": "2025-12-09T18:36:53.557Z" }, { "VulnerabilityID": "CVE-2025-40345", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40345", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e88795b235715bf551c695fb0e51454fd4fb9365727ec8e5a9199ed20a8cde51", "Title": "kernel: usb: storage: sddr55: Reject out-of-bound new_pba", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: storage: sddr55: Reject out-of-bound new_pba\n\nDiscovered by Atuin - Automated Vulnerability Discovery Engine.\n\nnew_pba comes from the status packet returned after each write.\nA bogus device could report values beyond the block count derived\nfrom info-\u003ecapacity, letting the driver walk off the end of\npba_to_lba[] and corrupt heap memory.\n\nReject PBAs that exceed the computed block count and fail the\ntransfer so we avoid touching out-of-range mapping entries.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40345", "https://git.kernel.org/linus/b59d4fda7e7d0aff1043a7f742487cb829f5aac1 (6.18)", "https://git.kernel.org/stable/c/04a8a6393f3f2f471e05eacca33282dd30b01432", "https://git.kernel.org/stable/c/26e9b5da3231da7dc357b363883b5b7b51a64092", "https://git.kernel.org/stable/c/5ebe8d479aaf4f41ac35e6955332304193c646f6", "https://git.kernel.org/stable/c/a20f1dd19d21dcb70140ea5a71b1f8cbe0c7e68f", "https://git.kernel.org/stable/c/aa64e0e17e3a5991a25e6a46007770c629039869", "https://git.kernel.org/stable/c/b59d4fda7e7d0aff1043a7f742487cb829f5aac1", "https://git.kernel.org/stable/c/d00a6c04a502cd52425dbf35588732c652b16490", "https://linux.oracle.com/cve/CVE-2025-40345.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025121248-CVE-2025-40345-1796@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40345", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40345" ], "PublishedDate": "2025-12-12T18:15:39.253Z", "LastModifiedDate": "2025-12-15T18:22:40.637Z" }, { "VulnerabilityID": "CVE-2025-40346", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40346", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ea04ba41e5189631f58be4a6e8c44349a92a6c60a811cf95d26c6f688b82185d", "Title": "kernel: arch_topology: Fix incorrect error check in topology_parse_cpu_capacity()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\narch_topology: Fix incorrect error check in topology_parse_cpu_capacity()\n\nFix incorrect use of PTR_ERR_OR_ZERO() in topology_parse_cpu_capacity()\nwhich causes the code to proceed with NULL clock pointers. The current\nlogic uses !PTR_ERR_OR_ZERO(cpu_clk) which evaluates to true for both\nvalid pointers and NULL, leading to potential NULL pointer dereference\nin clk_get_rate().\n\nPer include/linux/err.h documentation, PTR_ERR_OR_ZERO(ptr) returns:\n\"The error code within @ptr if it is an error pointer; 0 otherwise.\"\n\nThis means PTR_ERR_OR_ZERO() returns 0 for both valid pointers AND NULL\npointers. Therefore !PTR_ERR_OR_ZERO(cpu_clk) evaluates to true (proceed)\nwhen cpu_clk is either valid or NULL, causing clk_get_rate(NULL) to be\ncalled when of_clk_get() returns NULL.\n\nReplace with !IS_ERR_OR_NULL(cpu_clk) which only proceeds for valid\npointers, preventing potential NULL pointer dereference in clk_get_rate().", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40346", "https://git.kernel.org/linus/2eead19334516c8e9927c11b448fbe512b1f18a1 (6.18-rc3)", "https://git.kernel.org/stable/c/02fbea0864fd4a863671f5d418129258d7159f68", "https://git.kernel.org/stable/c/2eead19334516c8e9927c11b448fbe512b1f18a1", "https://git.kernel.org/stable/c/3373f263bb647fcc3b5237cfaef757633b9ee25e", "https://git.kernel.org/stable/c/3a01b2614e84361aa222f67bc628593987e5cdb2", "https://git.kernel.org/stable/c/45379303124487db3a81219af7565d41f498167f", "https://git.kernel.org/stable/c/64da320252e43456cc9ec3055ff567f168467b37", "https://git.kernel.org/stable/c/a77f8434954cb1e9c42c3854e40855fdcf5ab235", "https://linux.oracle.com/cve/CVE-2025-40346.html", "https://linux.oracle.com/errata/ELSA-2026-50006.html", "https://lore.kernel.org/linux-cve-announce/2025121633-CVE-2025-40346-623f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40346", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40346" ], "PublishedDate": "2025-12-16T14:15:46.337Z", "LastModifiedDate": "2025-12-18T15:08:25.907Z" }, { "VulnerabilityID": "CVE-2025-40347", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40347", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f5ed4b88e12a5db8f44807bba2579d2ea9dcad866c8a1b886d68f2719687ec82", "Title": "kernel: net: enetc: fix the deadlock of enetc_mdio_lock", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: enetc: fix the deadlock of enetc_mdio_lock\n\nAfter applying the workaround for err050089, the LS1028A platform\nexperiences RCU stalls on RT kernel. This issue is caused by the\nrecursive acquisition of the read lock enetc_mdio_lock. Here list some\nof the call stacks identified under the enetc_poll path that may lead to\na deadlock:\n\nenetc_poll\n -\u003e enetc_lock_mdio\n -\u003e enetc_clean_rx_ring OR napi_complete_done\n -\u003e napi_gro_receive\n -\u003e enetc_start_xmit\n -\u003e enetc_lock_mdio\n -\u003e enetc_map_tx_buffs\n -\u003e enetc_unlock_mdio\n -\u003e enetc_unlock_mdio\n\nAfter enetc_poll acquires the read lock, a higher-priority writer attempts\nto acquire the lock, causing preemption. The writer detects that a\nread lock is already held and is scheduled out. However, readers under\nenetc_poll cannot acquire the read lock again because a writer is already\nwaiting, leading to a thread hang.\n\nCurrently, the deadlock is avoided by adjusting enetc_lock_mdio to prevent\nrecursive lock acquisition.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40347", "https://git.kernel.org/linus/50bd33f6b3922a6b760aa30d409cae891cec8fb5 (6.18-rc3)", "https://git.kernel.org/stable/c/1f92f5bd057a4fad9dab6af17963cdd21e5da6ed", "https://git.kernel.org/stable/c/2781ca82ce8cad263d80b617addb727e6a84c9e5", "https://git.kernel.org/stable/c/2e55a49dc3b2a6b23329e4fbbd8a5feb20e220aa", "https://git.kernel.org/stable/c/50bd33f6b3922a6b760aa30d409cae891cec8fb5", "https://lore.kernel.org/linux-cve-announce/2025121634-CVE-2025-40347-275c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40347", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40347" ], "PublishedDate": "2025-12-16T14:15:46.47Z", "LastModifiedDate": "2025-12-18T15:08:25.907Z" }, { "VulnerabilityID": "CVE-2025-40349", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40349", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7ca3e00560f75e5cdbf2e69f168676f34456e74c2620cbd7c8931771d75c8c8a", "Title": "kernel: hfs: validate record offset in hfsplus_bmap_alloc", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfs: validate record offset in hfsplus_bmap_alloc\n\nhfsplus_bmap_alloc can trigger a crash if a\nrecord offset or length is larger than node_size\n\n[ 15.264282] BUG: KASAN: slab-out-of-bounds in hfsplus_bmap_alloc+0x887/0x8b0\n[ 15.265192] Read of size 8 at addr ffff8881085ca188 by task test/183\n[ 15.265949]\n[ 15.266163] CPU: 0 UID: 0 PID: 183 Comm: test Not tainted 6.17.0-rc2-gc17b750b3ad9 #14 PREEMPT(voluntary)\n[ 15.266165] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 15.266167] Call Trace:\n[ 15.266168] \u003cTASK\u003e\n[ 15.266169] dump_stack_lvl+0x53/0x70\n[ 15.266173] print_report+0xd0/0x660\n[ 15.266181] kasan_report+0xce/0x100\n[ 15.266185] hfsplus_bmap_alloc+0x887/0x8b0\n[ 15.266208] hfs_btree_inc_height.isra.0+0xd5/0x7c0\n[ 15.266217] hfsplus_brec_insert+0x870/0xb00\n[ 15.266222] __hfsplus_ext_write_extent+0x428/0x570\n[ 15.266225] __hfsplus_ext_cache_extent+0x5e/0x910\n[ 15.266227] hfsplus_ext_read_extent+0x1b2/0x200\n[ 15.266233] hfsplus_file_extend+0x5a7/0x1000\n[ 15.266237] hfsplus_get_block+0x12b/0x8c0\n[ 15.266238] __block_write_begin_int+0x36b/0x12c0\n[ 15.266251] block_write_begin+0x77/0x110\n[ 15.266252] cont_write_begin+0x428/0x720\n[ 15.266259] hfsplus_write_begin+0x51/0x100\n[ 15.266262] cont_write_begin+0x272/0x720\n[ 15.266270] hfsplus_write_begin+0x51/0x100\n[ 15.266274] generic_perform_write+0x321/0x750\n[ 15.266285] generic_file_write_iter+0xc3/0x310\n[ 15.266289] __kernel_write_iter+0x2fd/0x800\n[ 15.266296] dump_user_range+0x2ea/0x910\n[ 15.266301] elf_core_dump+0x2a94/0x2ed0\n[ 15.266320] vfs_coredump+0x1d85/0x45e0\n[ 15.266349] get_signal+0x12e3/0x1990\n[ 15.266357] arch_do_signal_or_restart+0x89/0x580\n[ 15.266362] irqentry_exit_to_user_mode+0xab/0x110\n[ 15.266364] asm_exc_page_fault+0x26/0x30\n[ 15.266366] RIP: 0033:0x41bd35\n[ 15.266367] Code: bc d1 f3 0f 7f 27 f3 0f 7f 6f 10 f3 0f 7f 77 20 f3 0f 7f 7f 30 49 83 c0 0f 49 29 d0 48 8d 7c 17 31 e9 9f 0b 00 00 66 0f ef c0 \u003cf3\u003e 0f 6f 0e f3 0f 6f 56 10 66 0f 74 c1 66 0f d7 d0 49 83 f8f\n[ 15.266369] RSP: 002b:00007ffc9e62d078 EFLAGS: 00010283\n[ 15.266371] RAX: 00007ffc9e62d100 RBX: 0000000000000000 RCX: 0000000000000000\n[ 15.266372] RDX: 00000000000000e0 RSI: 0000000000000000 RDI: 00007ffc9e62d100\n[ 15.266373] RBP: 0000400000000040 R08: 00000000000000e0 R09: 0000000000000000\n[ 15.266374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n[ 15.266375] R13: 0000000000000000 R14: 0000000000000000 R15: 0000400000000000\n[ 15.266376] \u003c/TASK\u003e\n\nWhen calling hfsplus_bmap_alloc to allocate a free node, this function\nfirst retrieves the bitmap from header node and map node using node-\u003epage\ntogether with the offset and length from hfs_brec_lenoff\n\n```\nlen = hfs_brec_lenoff(node, 2, \u0026off16);\noff = off16;\n\noff += node-\u003epage_offset;\npagep = node-\u003epage + (off \u003e\u003e PAGE_SHIFT);\ndata = kmap_local_page(*pagep);\n```\n\nHowever, if the retrieved offset or length is invalid(i.e. exceeds\nnode_size), the code may end up accessing pages outside the allocated\nrange for this node.\n\nThis patch adds proper validation of both offset and length before use,\npreventing out-of-bounds page access. Move is_bnode_offset_valid and\ncheck_and_correct_requested_length to hfsplus_fs.h, as they may be\nrequired by other functions.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40349", "https://git.kernel.org/linus/738d5a51864ed8d7a68600b8c0c63fe6fe5c4f20 (6.18-rc1)", "https://git.kernel.org/stable/c/0058d20d76182861dbdd8fd6e2dd8d18d6d3becf", "https://git.kernel.org/stable/c/068a46df3e6acc68fb9db0a6313ab379a11ecd6f", "https://git.kernel.org/stable/c/17ed51cfce6c62cffb97059ef392ad2e0245806e", "https://git.kernel.org/stable/c/40dfe7a4215a1f20842561ffaf5a6f83a987e75b", "https://git.kernel.org/stable/c/418e48cab99c52c1760636a4dbe464bf6db2018b", "https://git.kernel.org/stable/c/4f40a2b3969daf10dca4dea6f6dd0e813f79b227", "https://git.kernel.org/stable/c/738d5a51864ed8d7a68600b8c0c63fe6fe5c4f20", "https://git.kernel.org/stable/c/f7d9f600c7c3ff5dab36181a388af55f2c95604c", "https://lore.kernel.org/linux-cve-announce/2025121635-CVE-2025-40349-82c6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40349", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40349" ], "PublishedDate": "2025-12-16T14:15:46.69Z", "LastModifiedDate": "2025-12-18T15:08:25.907Z" }, { "VulnerabilityID": "CVE-2025-40351", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40351", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:42d29956759d4091f929887c25905d42831c6afe6973ca791c430a0407e144a3", "Title": "kernel: hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat()\n\nThe syzbot reported issue in hfsplus_delete_cat():\n\n[ 70.682285][ T9333] =====================================================\n[ 70.682943][ T9333] BUG: KMSAN: uninit-value in hfsplus_subfolders_dec+0x1d7/0x220\n[ 70.683640][ T9333] hfsplus_subfolders_dec+0x1d7/0x220\n[ 70.684141][ T9333] hfsplus_delete_cat+0x105d/0x12b0\n[ 70.684621][ T9333] hfsplus_rmdir+0x13d/0x310\n[ 70.685048][ T9333] vfs_rmdir+0x5ba/0x810\n[ 70.685447][ T9333] do_rmdir+0x964/0xea0\n[ 70.685833][ T9333] __x64_sys_rmdir+0x71/0xb0\n[ 70.686260][ T9333] x64_sys_call+0xcd8/0x3cf0\n[ 70.686695][ T9333] do_syscall_64+0xd9/0x1d0\n[ 70.687119][ T9333] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 70.687646][ T9333]\n[ 70.687856][ T9333] Uninit was stored to memory at:\n[ 70.688311][ T9333] hfsplus_subfolders_inc+0x1c2/0x1d0\n[ 70.688779][ T9333] hfsplus_create_cat+0x148e/0x1800\n[ 70.689231][ T9333] hfsplus_mknod+0x27f/0x600\n[ 70.689730][ T9333] hfsplus_mkdir+0x5a/0x70\n[ 70.690146][ T9333] vfs_mkdir+0x483/0x7a0\n[ 70.690545][ T9333] do_mkdirat+0x3f2/0xd30\n[ 70.690944][ T9333] __x64_sys_mkdir+0x9a/0xf0\n[ 70.691380][ T9333] x64_sys_call+0x2f89/0x3cf0\n[ 70.691816][ T9333] do_syscall_64+0xd9/0x1d0\n[ 70.692229][ T9333] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 70.692773][ T9333]\n[ 70.692990][ T9333] Uninit was stored to memory at:\n[ 70.693469][ T9333] hfsplus_subfolders_inc+0x1c2/0x1d0\n[ 70.693960][ T9333] hfsplus_create_cat+0x148e/0x1800\n[ 70.694438][ T9333] hfsplus_fill_super+0x21c1/0x2700\n[ 70.694911][ T9333] mount_bdev+0x37b/0x530\n[ 70.695320][ T9333] hfsplus_mount+0x4d/0x60\n[ 70.695729][ T9333] legacy_get_tree+0x113/0x2c0\n[ 70.696167][ T9333] vfs_get_tree+0xb3/0x5c0\n[ 70.696588][ T9333] do_new_mount+0x73e/0x1630\n[ 70.697013][ T9333] path_mount+0x6e3/0x1eb0\n[ 70.697425][ T9333] __se_sys_mount+0x733/0x830\n[ 70.697857][ T9333] __x64_sys_mount+0xe4/0x150\n[ 70.698269][ T9333] x64_sys_call+0x2691/0x3cf0\n[ 70.698704][ T9333] do_syscall_64+0xd9/0x1d0\n[ 70.699117][ T9333] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 70.699730][ T9333]\n[ 70.699946][ T9333] Uninit was created at:\n[ 70.700378][ T9333] __alloc_pages_noprof+0x714/0xe60\n[ 70.700843][ T9333] alloc_pages_mpol_noprof+0x2a2/0x9b0\n[ 70.701331][ T9333] alloc_pages_noprof+0xf8/0x1f0\n[ 70.701774][ T9333] allocate_slab+0x30e/0x1390\n[ 70.702194][ T9333] ___slab_alloc+0x1049/0x33a0\n[ 70.702635][ T9333] kmem_cache_alloc_lru_noprof+0x5ce/0xb20\n[ 70.703153][ T9333] hfsplus_alloc_inode+0x5a/0xd0\n[ 70.703598][ T9333] alloc_inode+0x82/0x490\n[ 70.703984][ T9333] iget_locked+0x22e/0x1320\n[ 70.704428][ T9333] hfsplus_iget+0x5c/0xba0\n[ 70.704827][ T9333] hfsplus_btree_open+0x135/0x1dd0\n[ 70.705291][ T9333] hfsplus_fill_super+0x1132/0x2700\n[ 70.705776][ T9333] mount_bdev+0x37b/0x530\n[ 70.706171][ T9333] hfsplus_mount+0x4d/0x60\n[ 70.706579][ T9333] legacy_get_tree+0x113/0x2c0\n[ 70.707019][ T9333] vfs_get_tree+0xb3/0x5c0\n[ 70.707444][ T9333] do_new_mount+0x73e/0x1630\n[ 70.707865][ T9333] path_mount+0x6e3/0x1eb0\n[ 70.708270][ T9333] __se_sys_mount+0x733/0x830\n[ 70.708711][ T9333] __x64_sys_mount+0xe4/0x150\n[ 70.709158][ T9333] x64_sys_call+0x2691/0x3cf0\n[ 70.709630][ T9333] do_syscall_64+0xd9/0x1d0\n[ 70.710053][ T9333] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 70.710611][ T9333]\n[ 70.710842][ T9333] CPU: 3 UID: 0 PID: 9333 Comm: repro Not tainted 6.12.0-rc6-dirty #17\n[ 70.711568][ T9333] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 70.712490][ T9333] =====================================================\n[ 70.713085][ T9333] Disabling lock debugging due to kernel taint\n[ 70.713618][ T9333] Kernel panic - not syncing: kmsan.panic set ...\n[ 70.714159][ T9333] \n---truncated---", "Severity": "MEDIUM", "VendorSeverity": { "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40351", "https://git.kernel.org/linus/9b3d15a758910bb98ba8feb4109d99cc67450ee4 (6.18-rc1)", "https://git.kernel.org/stable/c/1b9e5ade272f8be6421c9eea4c4f6810180017f9", "https://git.kernel.org/stable/c/295527bfdefd5bf31ec8218e2891a65777141d05", "https://git.kernel.org/stable/c/2bb8bc99b1a7a46d83f95c46f530305f6df84eaf", "https://git.kernel.org/stable/c/4891bf2b09c313622a6e07d7f108aa5e123c768d", "https://git.kernel.org/stable/c/9b3d15a758910bb98ba8feb4109d99cc67450ee4", "https://git.kernel.org/stable/c/9df3c241fbf69edce968b20eeeeb3f6da34af041", "https://git.kernel.org/stable/c/a2bee43b451615531ae6f3cf45054f02915ef885", "https://git.kernel.org/stable/c/b07630afe1671096dc64064190cae3b6165cf6e4", "https://lore.kernel.org/linux-cve-announce/2025121636-CVE-2025-40351-55f8@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40351", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40351" ], "PublishedDate": "2025-12-16T14:15:46.953Z", "LastModifiedDate": "2025-12-18T15:08:25.907Z" }, { "VulnerabilityID": "CVE-2025-40353", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40353", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c59e391c81397d963bb3ee7b10c3f627948776331844508b8f59fd7031761f23", "Title": "kernel: arm64: mte: Do not warn if the page is already tagged in copy_highpage()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: mte: Do not warn if the page is already tagged in copy_highpage()\n\nThe arm64 copy_highpage() assumes that the destination page is newly\nallocated and not MTE-tagged (PG_mte_tagged unset) and warns\naccordingly. However, following commit 060913999d7a (\"mm: migrate:\nsupport poisoned recover from migrate folio\"), folio_mc_copy() is called\nbefore __folio_migrate_mapping(). If the latter fails (-EAGAIN), the\ncopy will be done again to the same destination page. Since\ncopy_highpage() already set the PG_mte_tagged flag, this second copy\nwill warn.\n\nReplace the WARN_ON_ONCE(page already tagged) in the arm64\ncopy_highpage() with a comment.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40353", "https://git.kernel.org/linus/b98c94eed4a975e0c80b7e90a649a46967376f58 (6.18-rc3)", "https://git.kernel.org/stable/c/0bbf3fc6e9211fce9889fe8efbb89c220504d617", "https://git.kernel.org/stable/c/5ff5765a1fc526f07d3bbaedb061d970eb13bcf4", "https://git.kernel.org/stable/c/b98c94eed4a975e0c80b7e90a649a46967376f58", "https://lore.kernel.org/linux-cve-announce/2025121636-CVE-2025-40353-fb93@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40353", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40353" ], "PublishedDate": "2025-12-16T14:15:47.203Z", "LastModifiedDate": "2025-12-18T15:08:25.907Z" }, { "VulnerabilityID": "CVE-2025-40354", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40354", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ff8d6fc51fe7418c0b4f5d0de173f8a933b36f1ec587cf00e3cf0c4c5d02a7e7", "Title": "kernel: drm/amd/display: increase max link count and fix link-\u003eenc NULL pointer access", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: increase max link count and fix link-\u003eenc NULL pointer access\n\n[why]\n1.) dc-\u003elinks[MAX_LINKS] array size smaller than actual requested.\nmax_connector + max_dpia + 4 virtual = 14.\nincrease from 12 to 14.\n\n2.) hw_init() access null LINK_ENC for dpia non display_endpoint.\n\n(cherry picked from commit d7f5a61e1b04ed87b008c8d327649d184dc5bb45)", "Severity": "MEDIUM", "VendorSeverity": { "oracle-oval": 3, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40354", "https://git.kernel.org/linus/bec947cbe9a65783adb475a5fb47980d7b4f4796 (6.18-rc3)", "https://git.kernel.org/stable/c/a3fc0d36cfb927f8986b83bf5fba47dbedad3c63", "https://git.kernel.org/stable/c/bec947cbe9a65783adb475a5fb47980d7b4f4796", "https://git.kernel.org/stable/c/f28092be4e12b7df9e4f415d25bf0d767bc2d9ed", "https://linux.oracle.com/cve/CVE-2025-40354.html", "https://linux.oracle.com/errata/ELSA-2026-50006.html", "https://lore.kernel.org/linux-cve-announce/2025121637-CVE-2025-40354-b9bd@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40354", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://www.cve.org/CVERecord?id=CVE-2025-40354" ], "PublishedDate": "2025-12-16T14:15:47.31Z", "LastModifiedDate": "2025-12-18T15:08:25.907Z" }, { "VulnerabilityID": "CVE-2025-40355", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40355", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:82172afb3395198f694b3ca791d9cce6ab5fb95be8de9802b870ae413c5f0829", "Title": "kernel: sysfs: check visibility before changing group attribute ownership", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsysfs: check visibility before changing group attribute ownership\n\nSince commit 0c17270f9b92 (\"net: sysfs: Implement is_visible for\nphys_(port_id, port_name, switch_id)\"), __dev_change_net_namespace() can\nhit WARN_ON() when trying to change owner of a file that isn't visible.\nSee the trace below:\n\n WARNING: CPU: 6 PID: 2938 at net/core/dev.c:12410 __dev_change_net_namespace+0xb89/0xc30\n CPU: 6 UID: 0 PID: 2938 Comm: incusd Not tainted 6.17.1-1-mainline #1 PREEMPT(full) 4b783b4a638669fb644857f484487d17cb45ed1f\n Hardware name: Framework Laptop 13 (AMD Ryzen 7040Series)/FRANMDCP07, BIOS 03.07 02/19/2025\n RIP: 0010:__dev_change_net_namespace+0xb89/0xc30\n [...]\n Call Trace:\n \u003cTASK\u003e\n ? if6_seq_show+0x30/0x50\n do_setlink.isra.0+0xc7/0x1270\n ? __nla_validate_parse+0x5c/0xcc0\n ? security_capable+0x94/0x1a0\n rtnl_newlink+0x858/0xc20\n ? update_curr+0x8e/0x1c0\n ? update_entity_lag+0x71/0x80\n ? sched_balance_newidle+0x358/0x450\n ? psi_task_switch+0x113/0x2a0\n ? __pfx_rtnl_newlink+0x10/0x10\n rtnetlink_rcv_msg+0x346/0x3e0\n ? sched_clock+0x10/0x30\n ? __pfx_rtnetlink_rcv_msg+0x10/0x10\n netlink_rcv_skb+0x59/0x110\n netlink_unicast+0x285/0x3c0\n ? __alloc_skb+0xdb/0x1a0\n netlink_sendmsg+0x20d/0x430\n ____sys_sendmsg+0x39f/0x3d0\n ? import_iovec+0x2f/0x40\n ___sys_sendmsg+0x99/0xe0\n __sys_sendmsg+0x8a/0xf0\n do_syscall_64+0x81/0x970\n ? __sys_bind+0xe3/0x110\n ? syscall_exit_work+0x143/0x1b0\n ? do_syscall_64+0x244/0x970\n ? sock_alloc_file+0x63/0xc0\n ? syscall_exit_work+0x143/0x1b0\n ? do_syscall_64+0x244/0x970\n ? alloc_fd+0x12e/0x190\n ? put_unused_fd+0x2a/0x70\n ? do_sys_openat2+0xa2/0xe0\n ? syscall_exit_work+0x143/0x1b0\n ? do_syscall_64+0x244/0x970\n ? exc_page_fault+0x7e/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [...]\n \u003c/TASK\u003e\n\nFix this by checking is_visible() before trying to touch the attribute.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40355", "https://git.kernel.org/linus/c7fbb8218b4ad35fec0bd2256d2b9c8d60331f33 (6.18-rc3)", "https://git.kernel.org/stable/c/ac2c526e103285d80a0330b91a318f6c9276d35a", "https://git.kernel.org/stable/c/c7fbb8218b4ad35fec0bd2256d2b9c8d60331f33", "https://lore.kernel.org/linux-cve-announce/2025121637-CVE-2025-40355-7b3b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40355", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://www.cve.org/CVERecord?id=CVE-2025-40355" ], "PublishedDate": "2025-12-16T14:15:47.423Z", "LastModifiedDate": "2025-12-18T15:08:25.907Z" }, { "VulnerabilityID": "CVE-2025-40356", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40356", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:396165711c6cf4c5ee0ed6988d291f9d08eb71078ce6429916cfb6d791728a74", "Title": "kernel: spi: rockchip-sfc: Fix DMA-API usage", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: rockchip-sfc: Fix DMA-API usage\n\nUse DMA-API dma_map_single() call for getting the DMA address of the\ntransfer buffer instead of hacking with virt_to_phys().\n\nThis fixes the following DMA-API debug warning:\n------------[ cut here ]------------\nDMA-API: rockchip-sfc fe300000.spi: device driver tries to sync DMA memory it has not allocated [device address=0x000000000cf70000] [size=288 bytes]\nWARNING: kernel/dma/debug.c:1106 at check_sync+0x1d8/0x690, CPU#2: systemd-udevd/151\nModules linked in: ...\nHardware name: Hardkernel ODROID-M1 (DT)\npstate: 604000c9 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : check_sync+0x1d8/0x690\nlr : check_sync+0x1d8/0x690\n..\nCall trace:\n check_sync+0x1d8/0x690 (P)\n debug_dma_sync_single_for_cpu+0x84/0x8c\n __dma_sync_single_for_cpu+0x88/0x234\n rockchip_sfc_exec_mem_op+0x4a0/0x798 [spi_rockchip_sfc]\n spi_mem_exec_op+0x408/0x498\n spi_nor_read_data+0x170/0x184\n spi_nor_read_sfdp+0x74/0xe4\n spi_nor_parse_sfdp+0x120/0x11f0\n spi_nor_sfdp_init_params_deprecated+0x3c/0x8c\n spi_nor_scan+0x690/0xf88\n spi_nor_probe+0xe4/0x304\n spi_mem_probe+0x6c/0xa8\n spi_probe+0x94/0xd4\n really_probe+0xbc/0x298\n ...", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40356", "https://git.kernel.org/linus/ee795e82e10197c070efd380dc9615c73dffad6c (6.18-rc3)", "https://git.kernel.org/stable/c/22810d4cb0e8a7d51b24527e73beac60afc1c693", "https://git.kernel.org/stable/c/ee795e82e10197c070efd380dc9615c73dffad6c", "https://lore.kernel.org/linux-cve-announce/2025121637-CVE-2025-40356-27b8@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40356", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://www.cve.org/CVERecord?id=CVE-2025-40356" ], "PublishedDate": "2025-12-16T14:15:47.53Z", "LastModifiedDate": "2025-12-18T15:08:25.907Z" }, { "VulnerabilityID": "CVE-2025-40358", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40358", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e3ac1a430250faf6847110ccbb59cd8016ef4b5aacda62de6c14769fb1848b03", "Title": "kernel: riscv: stacktrace: Disable KASAN checks for non-current tasks", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: stacktrace: Disable KASAN checks for non-current tasks\n\nUnwinding the stack of a task other than current, KASAN would report\n\"BUG: KASAN: out-of-bounds in walk_stackframe+0x41c/0x460\"\n\nThere is a same issue on x86 and has been resolved by the commit\n84936118bdf3 (\"x86/unwind: Disable KASAN checks for non-current tasks\")\nThe solution could be applied to RISC-V too.\n\nThis patch also can solve the issue:\nhttps://seclists.org/oss-sec/2025/q4/23\n\n[pjw@kernel.org: clean up checkpatch issues]", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40358", "https://git.kernel.org/linus/060ea84a484e852b52b938f234bf9b5503a6c910 (6.18-rc5)", "https://git.kernel.org/stable/c/060ea84a484e852b52b938f234bf9b5503a6c910", "https://git.kernel.org/stable/c/27379fcc15a10d3e3780fe79ba3fc7ed1ccd78e2", "https://git.kernel.org/stable/c/2c8d2b53866fb229b438296526ef0fa5a990e5e5", "https://git.kernel.org/stable/c/ef4d626ac59a56f8ec5cc09c1fef26f2923eec6f", "https://git.kernel.org/stable/c/f34ba22989da61186f30a40b6a82e0b3337b96fc", "https://lore.kernel.org/linux-cve-announce/2025121643-CVE-2025-40358-9963@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40358", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-40358" ], "PublishedDate": "2025-12-16T14:15:47.753Z", "LastModifiedDate": "2026-03-25T11:16:13.527Z" }, { "VulnerabilityID": "CVE-2025-40360", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40360", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:96efe3c8fb2132c30cd97948b2bf602d7a2bdbf08690ed0083905403010e55fb", "Title": "kernel: Linux kernel drm/sysfb: Denial of service via NULL pointer dereference", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/sysfb: Do not dereference NULL pointer in plane reset\n\nThe plane state in __drm_gem_reset_shadow_plane() can be NULL. Do not\nderef that pointer, but forward NULL to the other plane-reset helpers.\nClears plane-\u003estate to NULL.\n\nv2:\n- fix typo in commit description (Javier)", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40360", "https://git.kernel.org/linus/14e02ed3876f4ab0ed6d3f41972175f8b8df3d70 (6.18-rc4)", "https://git.kernel.org/stable/c/14e02ed3876f4ab0ed6d3f41972175f8b8df3d70", "https://git.kernel.org/stable/c/6abeff03cb79a2c7f4554a8e8738acd35bb37152", "https://git.kernel.org/stable/c/6bdef5648a60e49d4a3b02461ab7ae3776877e77", "https://git.kernel.org/stable/c/b61ed8005bd3102510fab5015ac6a275c9c5ea16", "https://git.kernel.org/stable/c/c4faf7f417eea8b8d5cc570a1015736f307aa2d5", "https://git.kernel.org/stable/c/c7d5e69866bbe95c1e4ab4c10a81e0a02d9ea232", "https://linux.oracle.com/cve/CVE-2025-40360.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025121644-CVE-2025-40360-28d0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40360", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40360" ], "PublishedDate": "2025-12-16T14:15:47.973Z", "LastModifiedDate": "2025-12-18T15:08:25.907Z" }, { "VulnerabilityID": "CVE-2025-40362", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40362", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d4ded1415e42a8877a8cba3eb80731a615b29d4bee1700d08a89384524fc60b2", "Title": "kernel: Linux kernel (ceph): Incorrect authorization allows privilege escalation in multifs clusters", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: fix multifs mds auth caps issue\n\nThe mds auth caps check should also validate the\nfsname along with the associated caps. Not doing\nso would result in applying the mds auth caps of\none fs on to the other fs in a multifs ceph cluster.\nThe bug causes multiple issues w.r.t user\nauthentication, following is one such example.\n\nSteps to Reproduce (on vstart cluster):\n1. Create two file systems in a cluster, say 'fsname1' and 'fsname2'\n2. Authorize read only permission to the user 'client.usr' on fs 'fsname1'\n $ceph fs authorize fsname1 client.usr / r\n3. Authorize read and write permission to the same user 'client.usr' on fs 'fsname2'\n $ceph fs authorize fsname2 client.usr / rw\n4. Update the keyring\n $ceph auth get client.usr \u003e\u003e ./keyring\n\nWith above permssions for the user 'client.usr', following is the\nexpectation.\n a. The 'client.usr' should be able to only read the contents\n and not allowed to create or delete files on file system 'fsname1'.\n b. The 'client.usr' should be able to read/write on file system 'fsname2'.\n\nBut, with this bug, the 'client.usr' is allowed to read/write on file\nsystem 'fsname1'. See below.\n\n5. Mount the file system 'fsname1' with the user 'client.usr'\n $sudo bin/mount.ceph usr@.fsname1=/ /kmnt_fsname1_usr/\n6. Try creating a file on file system 'fsname1' with user 'client.usr'. This\n should fail but passes with this bug.\n $touch /kmnt_fsname1_usr/file1\n7. Mount the file system 'fsname1' with the user 'client.admin' and create a\n file.\n $sudo bin/mount.ceph admin@.fsname1=/ /kmnt_fsname1_admin\n $echo \"data\" \u003e /kmnt_fsname1_admin/admin_file1\n8. Try removing an existing file on file system 'fsname1' with the user\n 'client.usr'. This shoudn't succeed but succeeds with the bug.\n $rm -f /kmnt_fsname1_usr/admin_file1\n\nFor more information, please take a look at the corresponding mds/fuse patch\nand tests added by looking into the tracker mentioned below.\n\nv2: Fix a possible null dereference in doutc\nv3: Don't store fsname from mdsmap, validate against\n ceph_mount_options's fsname and use it\nv4: Code refactor, better warning message and\n fix possible compiler warning\n\n[ Slava.Dubeyko: \"fsname check failed\" -\u003e \"fsname mismatch\" ]", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40362", "https://git.kernel.org/linus/22c73d52a6d05c5a2053385c0d6cd9984732799d (6.18-rc1)", "https://git.kernel.org/stable/c/07640d34a781bb2e39020a39137073c03c4aa932", "https://git.kernel.org/stable/c/22c73d52a6d05c5a2053385c0d6cd9984732799d", "https://git.kernel.org/stable/c/ca3da8b27ab9a0923ad477447cfb8fc7f4b4c523", "https://linux.oracle.com/cve/CVE-2025-40362.html", "https://linux.oracle.com/errata/ELSA-2026-50006.html", "https://lore.kernel.org/linux-cve-announce/2025121645-CVE-2025-40362-c4d6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40362", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://www.cve.org/CVERecord?id=CVE-2025-40362" ], "PublishedDate": "2025-12-16T14:15:48.217Z", "LastModifiedDate": "2025-12-18T15:08:25.907Z" }, { "VulnerabilityID": "CVE-2025-40363", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-40363", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ae7284a7ffc6155c8c59b14bc165b17925f4272f55472709144cd19f1b07d32e", "Title": "kernel: net: ipv6: fix field-spanning memcpy warning in AH output", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ipv6: fix field-spanning memcpy warning in AH output\n\nFix field-spanning memcpy warnings in ah6_output() and\nah6_output_done() where extension headers are copied to/from IPv6\naddress fields, triggering fortify-string warnings about writes beyond\nthe 16-byte address fields.\n\n memcpy: detected field-spanning write (size 40) of single field \"\u0026top_iph-\u003esaddr\" at net/ipv6/ah6.c:439 (size 16)\n WARNING: CPU: 0 PID: 8838 at net/ipv6/ah6.c:439 ah6_output+0xe7e/0x14e0 net/ipv6/ah6.c:439\n\nThe warnings are false positives as the extension headers are\nintentionally placed after the IPv6 header in memory. Fix by properly\ncopying addresses and extension headers separately, and introduce\nhelper functions to avoid code duplication.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "oracle-oval": 3, "photon": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-40363", "https://git.kernel.org/linus/2327a3d6f65ce2fe2634546dde4a25ef52296fec (6.18-rc1)", "https://git.kernel.org/stable/c/0bf756ae1e69fec5e6332c37830488315d6d771b", "https://git.kernel.org/stable/c/2327a3d6f65ce2fe2634546dde4a25ef52296fec", "https://git.kernel.org/stable/c/2da805a61ef5272a2773775ce14c3650adb84248", "https://git.kernel.org/stable/c/75b16b2755e12999ad850756ddfb88ad4bfc7186", "https://git.kernel.org/stable/c/9bf27de51bd6db5ff827780ec0eba55de230ba45", "https://git.kernel.org/stable/c/b056f971bd72b373b7ae2025a8f3bd18f69653d3", "https://git.kernel.org/stable/c/c14cf41094136691c92ef756872570645d61f4a1", "https://git.kernel.org/stable/c/f28dde240160f3c48a50d641d210ed6a3b9596ed", "https://linux.oracle.com/cve/CVE-2025-40363.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025121645-CVE-2025-40363-bbdd@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-40363", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-40363" ], "PublishedDate": "2025-12-16T14:15:48.327Z", "LastModifiedDate": "2025-12-18T15:08:25.907Z" }, { "VulnerabilityID": "CVE-2025-62626", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-62626", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:71badac8fba90644551bea0b20bb02e85a868f15956dca96061c83f1c549f8e2", "Title": "Improper handling of insufficient entropy in the AMD CPUs could allow ...", "Description": "Improper handling of insufficient entropy in the AMD CPUs could allow a local attacker to influence the values returned by the RDSEED instruction, potentially resulting in the consumption of insufficiently random values.", "Severity": "MEDIUM", "CweIDs": [ "CWE-333" ], "VendorSeverity": { "amazon": 3, "oracle-oval": 2, "ubuntu": 2 }, "References": [ "https://linux.oracle.com/cve/CVE-2025-62626.html", "https://linux.oracle.com/errata/ELSA-2025-25745.html", "https://lore.kernel.org/lkml/20251016182107.3496116-1-gourry@gourry.net/", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-7055.html", "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7055.html", "https://www.cve.org/CVERecord?id=CVE-2025-62626" ], "PublishedDate": "2025-11-21T19:16:02.633Z", "LastModifiedDate": "2025-11-25T22:16:42.557Z" }, { "VulnerabilityID": "CVE-2025-68168", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68168", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ffa2f9d65fe8b7b22d58b259e52885379022c6dee6d4aac26acc298f9df94a3d", "Title": "kernel: jfs: fix uninitialized waitqueue in transaction manager", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix uninitialized waitqueue in transaction manager\n\nThe transaction manager initialization in txInit() was not properly\ninitializing TxBlock[0].waitor waitqueue, causing a crash when\ntxEnd(0) is called on read-only filesystems.\n\nWhen a filesystem is mounted read-only, txBegin() returns tid=0 to\nindicate no transaction. However, txEnd(0) still gets called and\ntries to access TxBlock[0].waitor via tid_to_tblock(0), but this\nwaitqueue was never initialized because the initialization loop\nstarted at index 1 instead of 0.\n\nThis causes a 'non-static key' lockdep warning and system crash:\n INFO: trying to register non-static key in txEnd\n\nFix by ensuring all transaction blocks including TxBlock[0] have\ntheir waitqueues properly initialized during txInit().", "Severity": "MEDIUM", "VendorSeverity": { "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68168", "https://git.kernel.org/linus/300b072df72694ea330c4c673c035253e07827b8 (6.18-rc1)", "https://git.kernel.org/stable/c/038861414ab383b41dd35abbf9ff0ef715592d53", "https://git.kernel.org/stable/c/2a9575a372182ca075070b3cd77490dcf0c951e7", "https://git.kernel.org/stable/c/300b072df72694ea330c4c673c035253e07827b8", "https://git.kernel.org/stable/c/8cae9cf23e0bd424ac904e753639a587543ce03a", "https://git.kernel.org/stable/c/a2aa97cde9857f881920635a2e3d3b11769619c5", "https://git.kernel.org/stable/c/cbf2f527ae4ca7c7dabce42e85e8deb58588a37e", "https://git.kernel.org/stable/c/d2dd7ca05a11685c314e62802a55e8d67a90e974", "https://git.kernel.org/stable/c/d6af7fce2e162ac68e85d3a11eb6ac8c35b24b64", "https://lore.kernel.org/linux-cve-announce/2025121627-CVE-2025-68168-7341@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68168", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68168" ], "PublishedDate": "2025-12-16T14:15:48.647Z", "LastModifiedDate": "2025-12-18T15:08:25.907Z" }, { "VulnerabilityID": "CVE-2025-68171", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68171", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3c408af27b0ced876ba281d70b8dc1a9ce65c8b54ab51366bbda58df19d2249e", "Title": "kernel: x86/fpu: Ensure XFD state on signal delivery", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/fpu: Ensure XFD state on signal delivery\n\nSean reported [1] the following splat when running KVM tests:\n\n WARNING: CPU: 232 PID: 15391 at xfd_validate_state+0x65/0x70\n Call Trace:\n \u003cTASK\u003e\n fpu__clear_user_states+0x9c/0x100\n arch_do_signal_or_restart+0x142/0x210\n exit_to_user_mode_loop+0x55/0x100\n do_syscall_64+0x205/0x2c0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nChao further identified [2] a reproducible scenario involving signal\ndelivery: a non-AMX task is preempted by an AMX-enabled task which\nmodifies the XFD MSR.\n\nWhen the non-AMX task resumes and reloads XSTATE with init values,\na warning is triggered due to a mismatch between fpstate::xfd and the\nCPU's current XFD state. fpu__clear_user_states() does not currently\nre-synchronize the XFD state after such preemption.\n\nInvoke xfd_update_state() which detects and corrects the mismatch if\nthere is a dynamic feature.\n\nThis also benefits the sigreturn path, as fpu__restore_sig() may call\nfpu__clear_user_states() when the sigframe is inaccessible.\n\n[ dhansen: minor changelog munging ]", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "oracle-oval": 3, "photon": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68171", "https://git.kernel.org/linus/388eff894d6bc5f921e9bfff0e4b0ab2684a96e9 (6.18-rc4)", "https://git.kernel.org/stable/c/1811c610653c0cd21cc9add14595b7cffaeca511", "https://git.kernel.org/stable/c/388eff894d6bc5f921e9bfff0e4b0ab2684a96e9", "https://git.kernel.org/stable/c/3f735419c4b43cde42e6d408db39137b82474e31", "https://git.kernel.org/stable/c/5b2619b488f1d08b960c43c6468dd0759e8b3035", "https://git.kernel.org/stable/c/eefbfb722042fc9210d2e0ac2b063fd1abf51895", "https://linux.oracle.com/cve/CVE-2025-68171.html", "https://linux.oracle.com/errata/ELSA-2026-50006.html", "https://lore.kernel.org/linux-cve-announce/2025121628-CVE-2025-68171-d43d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68171", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-68171" ], "PublishedDate": "2025-12-16T14:15:48.98Z", "LastModifiedDate": "2025-12-18T15:08:25.907Z" }, { "VulnerabilityID": "CVE-2025-68173", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68173", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e10e79f3d9ad9e02f08f4973d7ad26a2efb57742f35da6cb1d21e134564dfec0", "Title": "kernel: ftrace: Fix softlockup in ftrace_module_enable", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix softlockup in ftrace_module_enable\n\nA soft lockup was observed when loading amdgpu module.\nIf a module has a lot of tracable functions, multiple calls\nto kallsyms_lookup can spend too much time in RCU critical\nsection and with disabled preemption, causing kernel panic.\nThis is the same issue that was fixed in\ncommit d0b24b4e91fc (\"ftrace: Prevent RCU stall on PREEMPT_VOLUNTARY\nkernels\") and commit 42ea22e754ba (\"ftrace: Add cond_resched() to\nftrace_graph_set_hash()\").\n\nFix it the same way by adding cond_resched() in ftrace_module_enable.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68173", "https://git.kernel.org/linus/4099b98203d6b33d990586542fa5beee408032a3 (6.18-rc1)", "https://git.kernel.org/stable/c/4099b98203d6b33d990586542fa5beee408032a3", "https://git.kernel.org/stable/c/40c8ee40e48a2c82c762539952ed8fc0571db5bf", "https://git.kernel.org/stable/c/7e3c96010ade29bb340a5bdce8675f50c7f59001", "https://git.kernel.org/stable/c/a1dd0abd741a8111260676da729825d6c1461a71", "https://git.kernel.org/stable/c/e81e6d6d99b16dae11adbeda5c996317942a940c", "https://linux.oracle.com/cve/CVE-2025-68173.html", "https://linux.oracle.com/errata/ELSA-2026-50006.html", "https://lore.kernel.org/linux-cve-announce/2025121629-CVE-2025-68173-788c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68173", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-68173" ], "PublishedDate": "2025-12-16T14:15:49.213Z", "LastModifiedDate": "2025-12-18T15:08:25.907Z" }, { "VulnerabilityID": "CVE-2025-68174", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68174", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:20324d9b0c3490e51e317c29a701652baec4368f101e798e780f8e1c240eed77", "Title": "kernel: amd/amdkfd: enhance kfd process check in switch partition", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\namd/amdkfd: enhance kfd process check in switch partition\n\ncurrent switch partition only check if kfd_processes_table is empty.\nkfd_prcesses_table entry is deleted in kfd_process_notifier_release, but\nkfd_process tear down is in kfd_process_wq_release.\n\nconsider two processes:\n\nProcess A (workqueue) -\u003e kfd_process_wq_release -\u003e Access kfd_node member\nProcess B switch partition -\u003e amdgpu_xcp_pre_partition_switch -\u003e amdgpu_amdkfd_device_fini_sw\n-\u003e kfd_node tear down.\n\nProcess A and B may trigger a race as shown in dmesg log.\n\nThis patch is to resolve the race by adding an atomic kfd_process counter\nkfd_processes_count, it increment as create kfd process, decrement as\nfinish kfd_process_wq_release.\n\nv2: Put kfd_processes_count per kfd_dev, move decrement to kfd_process_destroy_pdds\nand bug fix. (Philip Yang)\n\n[3966658.307702] divide error: 0000 [#1] SMP NOPTI\n[3966658.350818] i10nm_edac\n[3966658.356318] CPU: 124 PID: 38435 Comm: kworker/124:0 Kdump: loaded Tainted\n[3966658.356890] Workqueue: kfd_process_wq kfd_process_wq_release [amdgpu]\n[3966658.362839] nfit\n[3966658.366457] RIP: 0010:kfd_get_num_sdma_engines+0x17/0x40 [amdgpu]\n[3966658.366460] Code: 00 00 e9 ac 81 02 00 66 66 2e 0f 1f 84 00 00 00 00 00 90 0f 1f 44 00 00 48 8b 4f 08 48 8b b7 00 01 00 00 8b 81 58 26 03 00 99 \u003cf7\u003e be b8 01 00 00 80 b9 70 2e 00 00 00 74 0b 83 f8 02 ba 02 00 00\n[3966658.380967] x86_pkg_temp_thermal\n[3966658.391529] RSP: 0018:ffffc900a0edfdd8 EFLAGS: 00010246\n[3966658.391531] RAX: 0000000000000008 RBX: ffff8974e593b800 RCX: ffff888645900000\n[3966658.391531] RDX: 0000000000000000 RSI: ffff888129154400 RDI: ffff888129151c00\n[3966658.391532] RBP: ffff8883ad79d400 R08: 0000000000000000 R09: ffff8890d2750af4\n[3966658.391532] R10: 0000000000000018 R11: 0000000000000018 R12: 0000000000000000\n[3966658.391533] R13: ffff8883ad79d400 R14: ffffe87ff662ba00 R15: ffff8974e593b800\n[3966658.391533] FS: 0000000000000000(0000) GS:ffff88fe7f600000(0000) knlGS:0000000000000000\n[3966658.391534] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[3966658.391534] CR2: 0000000000d71000 CR3: 000000dd0e970004 CR4: 0000000002770ee0\n[3966658.391535] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[3966658.391535] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\n[3966658.391536] PKRU: 55555554\n[3966658.391536] Call Trace:\n[3966658.391674] deallocate_sdma_queue+0x38/0xa0 [amdgpu]\n[3966658.391762] process_termination_cpsch+0x1ed/0x480 [amdgpu]\n[3966658.399754] intel_powerclamp\n[3966658.402831] kfd_process_dequeue_from_all_devices+0x5b/0xc0 [amdgpu]\n[3966658.402908] kfd_process_wq_release+0x1a/0x1a0 [amdgpu]\n[3966658.410516] coretemp\n[3966658.434016] process_one_work+0x1ad/0x380\n[3966658.434021] worker_thread+0x49/0x310\n[3966658.438963] kvm_intel\n[3966658.446041] ? process_one_work+0x380/0x380\n[3966658.446045] kthread+0x118/0x140\n[3966658.446047] ? __kthread_bind_mask+0x60/0x60\n[3966658.446050] ret_from_fork+0x1f/0x30\n[3966658.446053] Modules linked in: kpatch_20765354(OEK)\n[3966658.455310] kvm\n[3966658.464534] mptcp_diag xsk_diag raw_diag unix_diag af_packet_diag netlink_diag udp_diag act_pedit act_mirred act_vlan cls_flower kpatch_21951273(OEK) kpatch_18424469(OEK) kpatch_19749756(OEK)\n[3966658.473462] idxd_mdev\n[3966658.482306] kpatch_17971294(OEK) sch_ingress xt_conntrack amdgpu(OE) amdxcp(OE) amddrm_buddy(OE) amd_sched(OE) amdttm(OE) amdkcl(OE) intel_ifs iptable_mangle tcm_loop target_core_pscsi tcp_diag target_core_file inet_diag target_core_iblock target_core_user target_core_mod coldpgs kpatch_18383292(OEK) ip6table_nat ip6table_filter ip6_tables ip_set_hash_ipportip ip_set_hash_ipportnet ip_set_hash_ipport ip_set_bitmap_port xt_comment iptable_nat nf_nat iptable_filter ip_tables ip_set ip_vs_sh ip_vs_wrr ip_vs_rr ip_vs nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 sn_core_odd(OE) i40e overlay binfmt_misc tun bonding(OE) aisqos(OE) aisqo\n---truncated---", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68174", "https://git.kernel.org/linus/45da20e00d5da842e17dfc633072b127504f0d0e (6.18-rc1)", "https://git.kernel.org/stable/c/45da20e00d5da842e17dfc633072b127504f0d0e", "https://git.kernel.org/stable/c/536d80f660ec12058e461f4db387ea42bee9250d", "https://lore.kernel.org/linux-cve-announce/2025121629-CVE-2025-68174-84da@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68174", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://www.cve.org/CVERecord?id=CVE-2025-68174" ], "PublishedDate": "2025-12-16T14:15:49.323Z", "LastModifiedDate": "2025-12-18T15:08:25.907Z" }, { "VulnerabilityID": "CVE-2025-68175", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68175", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4fc62ac091a1e061cbe143485bdf794a5f2a93d7a8a299aef97ced5d546f667a", "Title": "kernel: media: nxp: imx8-isi: Fix streaming cleanup on release", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: nxp: imx8-isi: Fix streaming cleanup on release\n\nThe current implementation unconditionally calls\nmxc_isi_video_cleanup_streaming() in mxc_isi_video_release(). This can\nlead to situations where any release call (like from a simple\n\"v4l2-ctl -l\") may release a currently streaming queue when called on\nsuch a device.\n\nThis is reproducible on an i.MX8MP board by streaming from an ISI\ncapture device using gstreamer:\n\n\tgst-launch-1.0 -v v4l2src device=/dev/videoX ! \\\n\t video/x-raw,format=GRAY8,width=1280,height=800,framerate=1/120 ! \\\n\t fakesink\n\nWhile this stream is running, querying the caps of the same device\nprovokes the error state:\n\n\tv4l2-ctl -l -d /dev/videoX\n\nThis results in the following trace:\n\n[ 155.452152] ------------[ cut here ]------------\n[ 155.452163] WARNING: CPU: 0 PID: 1708 at drivers/media/platform/nxp/imx8-isi/imx8-isi-pipe.c:713 mxc_isi_pipe_irq_handler+0x19c/0x1b0 [imx8_isi]\n[ 157.004248] Modules linked in: cfg80211 rpmsg_ctrl rpmsg_char rpmsg_tty virtio_rpmsg_bus rpmsg_ns rpmsg_core rfkill nft_ct nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables mcp251x6\n[ 157.053499] CPU: 0 UID: 0 PID: 1708 Comm: python3 Not tainted 6.15.4-00114-g1f61ca5cad76 #1 PREEMPT\n[ 157.064369] Hardware name: imx8mp_board_01 (DT)\n[ 157.068205] pstate: 400000c5 (nZcv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 157.075169] pc : mxc_isi_pipe_irq_handler+0x19c/0x1b0 [imx8_isi]\n[ 157.081195] lr : mxc_isi_pipe_irq_handler+0x38/0x1b0 [imx8_isi]\n[ 157.087126] sp : ffff800080003ee0\n[ 157.090438] x29: ffff800080003ee0 x28: ffff0000c3688000 x27: 0000000000000000\n[ 157.097580] x26: 0000000000000000 x25: ffff0000c1e7ac00 x24: ffff800081b5ad50\n[ 157.104723] x23: 00000000000000d1 x22: 0000000000000000 x21: ffff0000c25e4000\n[ 157.111866] x20: 0000000060000200 x19: ffff80007a0608d0 x18: 0000000000000000\n[ 157.119008] x17: ffff80006a4e3000 x16: ffff800080000000 x15: 0000000000000000\n[ 157.126146] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n[ 157.133287] x11: 0000000000000040 x10: ffff0000c01445f0 x9 : ffff80007a053a38\n[ 157.140425] x8 : ffff0000c04004b8 x7 : 0000000000000000 x6 : 0000000000000000\n[ 157.147567] x5 : ffff0000c0400490 x4 : ffff80006a4e3000 x3 : ffff0000c25e4000\n[ 157.154706] x2 : 0000000000000000 x1 : ffff8000825c0014 x0 : 0000000060000200\n[ 157.161850] Call trace:\n[ 157.164296] mxc_isi_pipe_irq_handler+0x19c/0x1b0 [imx8_isi] (P)\n[ 157.170319] __handle_irq_event_percpu+0x58/0x218\n[ 157.175029] handle_irq_event+0x54/0xb8\n[ 157.178867] handle_fasteoi_irq+0xac/0x248\n[ 157.182968] handle_irq_desc+0x48/0x68\n[ 157.186723] generic_handle_domain_irq+0x24/0x38\n[ 157.191346] gic_handle_irq+0x54/0x120\n[ 157.195098] call_on_irq_stack+0x24/0x30\n[ 157.199027] do_interrupt_handler+0x88/0x98\n[ 157.203212] el0_interrupt+0x44/0xc0\n[ 157.206792] __el0_irq_handler_common+0x18/0x28\n[ 157.211328] el0t_64_irq_handler+0x10/0x20\n[ 157.215429] el0t_64_irq+0x198/0x1a0\n[ 157.219009] ---[ end trace 0000000000000000 ]---\n\nAddress this issue by moving the streaming preparation and cleanup to\nthe vb2 .prepare_streaming() and .unprepare_streaming() operations. This\nalso simplifies the driver by allowing direct usage of the\nvb2_ioctl_streamon() and vb2_ioctl_streamoff() helpers, and removal of\nthe manual cleanup from mxc_isi_video_release().", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68175", "https://git.kernel.org/linus/47773031a148ad7973b809cc7723cba77eda2b42 (6.18-rc1)", "https://git.kernel.org/stable/c/029914306b93b37c6e7060793d2b6f76b935cfa6", "https://git.kernel.org/stable/c/47773031a148ad7973b809cc7723cba77eda2b42", "https://git.kernel.org/stable/c/a2008925ed7361d69f92f63f0a779c300432610a", "https://lore.kernel.org/linux-cve-announce/2025121629-CVE-2025-68175-d545@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68175", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://www.cve.org/CVERecord?id=CVE-2025-68175" ], "PublishedDate": "2025-12-16T14:15:49.433Z", "LastModifiedDate": "2026-04-02T12:16:18.47Z" }, { "VulnerabilityID": "CVE-2025-68176", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68176", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b93673ebaaf04fec83814c1e590a746ebb201fb1846e3213c3df1215a3ddc3ae", "Title": "kernel: PCI: cadence: Check for the existence of cdns_pcie::ops before using it", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: cadence: Check for the existence of cdns_pcie::ops before using it\n\ncdns_pcie::ops might not be populated by all the Cadence glue drivers. This\nis going to be true for the upcoming Sophgo platform which doesn't set the\nops.\n\nHence, add a check to prevent NULL pointer dereference.\n\n[mani: reworded subject and description]", "Severity": "MEDIUM", "VendorSeverity": { "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68176", "https://git.kernel.org/linus/49a6c160ad4812476f8ae1a8f4ed6d15adfa6c09 (6.18-rc1)", "https://git.kernel.org/stable/c/0d0bb756f002810d249caee51f3f1c309f3cdab5", "https://git.kernel.org/stable/c/1810b2fd7375de88a74976dcd402b29088e479ed", "https://git.kernel.org/stable/c/363448d069e29685ca37a118065121e486387af3", "https://git.kernel.org/stable/c/49a6c160ad4812476f8ae1a8f4ed6d15adfa6c09", "https://git.kernel.org/stable/c/953eb3796ef06b8ea3bf6bdde14156255bc75866", "https://git.kernel.org/stable/c/d5dbe92ac8a4ca6226093241f95f9cb1b0d2e0e1", "https://git.kernel.org/stable/c/eb3d29ca0820fa3d7cccad47d2da56c9ab5469ed", "https://lore.kernel.org/linux-cve-announce/2025121630-CVE-2025-68176-4be5@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68176", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68176" ], "PublishedDate": "2025-12-16T14:15:49.54Z", "LastModifiedDate": "2025-12-18T15:08:25.907Z" }, { "VulnerabilityID": "CVE-2025-68177", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68177", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:63585e0ff953bc190b78a814c73d158d69cd6335207f396d0a401d57123473b7", "Title": "kernel: cpufreq/longhaul: handle NULL policy in longhaul_exit", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq/longhaul: handle NULL policy in longhaul_exit\n\nlonghaul_exit() was calling cpufreq_cpu_get(0) without checking\nfor a NULL policy pointer. On some systems, this could lead to a\nNULL dereference and a kernel warning or panic.\n\nThis patch adds a check using unlikely() and returns early if the\npolicy is NULL.\n\nBugzilla: #219962", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68177", "https://git.kernel.org/linus/592532a77b736b5153e0c2e4c74aa50af0a352ab (6.18-rc1)", "https://git.kernel.org/stable/c/55cf586b9556863e3c2a45460aba71bcb2be5bcd", "https://git.kernel.org/stable/c/592532a77b736b5153e0c2e4c74aa50af0a352ab", "https://git.kernel.org/stable/c/64adabb6d9d51b7e7c02fe733346a2c4dd738488", "https://git.kernel.org/stable/c/809cf2a7794ca4c14c304b349f4c3ae220701ce4", "https://git.kernel.org/stable/c/8d6791c480f22d6e9a566eaa77336d3d37c5c591", "https://git.kernel.org/stable/c/956b56d17a89775e4957bbddefa45cd3c6c71000", "https://git.kernel.org/stable/c/b02352dd2e6cca98777714cc2a27553191df70db", "https://git.kernel.org/stable/c/fd93e1d71b3b14443092919be12b1abf08de35eb", "https://lore.kernel.org/linux-cve-announce/2025121630-CVE-2025-68177-5af8@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68177", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68177" ], "PublishedDate": "2025-12-16T14:15:49.65Z", "LastModifiedDate": "2025-12-18T15:08:25.907Z" }, { "VulnerabilityID": "CVE-2025-68178", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68178", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9b355f5137f3d7b3f54dbbc5324a0c3cbc5edb4ee0e903df432594357ae780a8", "Title": "kernel: Linux kernel blk-cgroup: Denial of Service due to circular locking dependency", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-cgroup: fix possible deadlock while configuring policy\n\nFollowing deadlock can be triggered easily by lockdep:\n\nWARNING: possible circular locking dependency detected\n6.17.0-rc3-00124-ga12c2658ced0 #1665 Not tainted\n------------------------------------------------------\ncheck/1334 is trying to acquire lock:\nff1100011d9d0678 (\u0026q-\u003esysfs_lock){+.+.}-{4:4}, at: blk_unregister_queue+0x53/0x180\n\nbut task is already holding lock:\nff1100011d9d00e0 (\u0026q-\u003eq_usage_counter(queue)#3){++++}-{0:0}, at: del_gendisk+0xba/0x110\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-\u003e #2 (\u0026q-\u003eq_usage_counter(queue)#3){++++}-{0:0}:\n blk_queue_enter+0x40b/0x470\n blkg_conf_prep+0x7b/0x3c0\n tg_set_limit+0x10a/0x3e0\n cgroup_file_write+0xc6/0x420\n kernfs_fop_write_iter+0x189/0x280\n vfs_write+0x256/0x490\n ksys_write+0x83/0x190\n __x64_sys_write+0x21/0x30\n x64_sys_call+0x4608/0x4630\n do_syscall_64+0xdb/0x6b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n-\u003e #1 (\u0026q-\u003erq_qos_mutex){+.+.}-{4:4}:\n __mutex_lock+0xd8/0xf50\n mutex_lock_nested+0x2b/0x40\n wbt_init+0x17e/0x280\n wbt_enable_default+0xe9/0x140\n blk_register_queue+0x1da/0x2e0\n __add_disk+0x38c/0x5d0\n add_disk_fwnode+0x89/0x250\n device_add_disk+0x18/0x30\n virtblk_probe+0x13a3/0x1800\n virtio_dev_probe+0x389/0x610\n really_probe+0x136/0x620\n __driver_probe_device+0xb3/0x230\n driver_probe_device+0x2f/0xe0\n __driver_attach+0x158/0x250\n bus_for_each_dev+0xa9/0x130\n driver_attach+0x26/0x40\n bus_add_driver+0x178/0x3d0\n driver_register+0x7d/0x1c0\n __register_virtio_driver+0x2c/0x60\n virtio_blk_init+0x6f/0xe0\n do_one_initcall+0x94/0x540\n kernel_init_freeable+0x56a/0x7b0\n kernel_init+0x2b/0x270\n ret_from_fork+0x268/0x4c0\n ret_from_fork_asm+0x1a/0x30\n\n-\u003e #0 (\u0026q-\u003esysfs_lock){+.+.}-{4:4}:\n __lock_acquire+0x1835/0x2940\n lock_acquire+0xf9/0x450\n __mutex_lock+0xd8/0xf50\n mutex_lock_nested+0x2b/0x40\n blk_unregister_queue+0x53/0x180\n __del_gendisk+0x226/0x690\n del_gendisk+0xba/0x110\n sd_remove+0x49/0xb0 [sd_mod]\n device_remove+0x87/0xb0\n device_release_driver_internal+0x11e/0x230\n device_release_driver+0x1a/0x30\n bus_remove_device+0x14d/0x220\n device_del+0x1e1/0x5a0\n __scsi_remove_device+0x1ff/0x2f0\n scsi_remove_device+0x37/0x60\n sdev_store_delete+0x77/0x100\n dev_attr_store+0x1f/0x40\n sysfs_kf_write+0x65/0x90\n kernfs_fop_write_iter+0x189/0x280\n vfs_write+0x256/0x490\n ksys_write+0x83/0x190\n __x64_sys_write+0x21/0x30\n x64_sys_call+0x4608/0x4630\n do_syscall_64+0xdb/0x6b0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nother info that might help us debug this:\n\nChain exists of:\n \u0026q-\u003esysfs_lock --\u003e \u0026q-\u003erq_qos_mutex --\u003e \u0026q-\u003eq_usage_counter(queue)#3\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(\u0026q-\u003eq_usage_counter(queue)#3);\n lock(\u0026q-\u003erq_qos_mutex);\n lock(\u0026q-\u003eq_usage_counter(queue)#3);\n lock(\u0026q-\u003esysfs_lock);\n\nRoot cause is that queue_usage_counter is grabbed with rq_qos_mutex\nheld in blkg_conf_prep(), while queue should be freezed before\nrq_qos_mutex from other context.\n\nThe blk_queue_enter() from blkg_conf_prep() is used to protect against\npolicy deactivation, which is already protected with blkcg_mutex, hence\nconvert blk_queue_enter() to blkcg_mutex to fix this problem. Meanwhile,\nconsider that blkcg_mutex is held after queue is freezed from policy\ndeactivation, also convert blkg_alloc() to use GFP_NOIO.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68178", "https://git.kernel.org/linus/5d726c4dbeeddef612e6bed27edd29733f4d13af (6.18-rc1)", "https://git.kernel.org/stable/c/0585b24d71197dd9ee8cf79c168a31628c631960", "https://git.kernel.org/stable/c/56ac639d6fa6fbb99caee74ee1c7276fc9bb47ed", "https://git.kernel.org/stable/c/5d726c4dbeeddef612e6bed27edd29733f4d13af", "https://git.kernel.org/stable/c/e1729523759cda2c0afb76b1c88e0d2f2ef5b7cb", "https://linux.oracle.com/cve/CVE-2025-68178.html", "https://linux.oracle.com/errata/ELSA-2026-50006.html", "https://lore.kernel.org/linux-cve-announce/2025121630-CVE-2025-68178-6a73@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68178", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-68178" ], "PublishedDate": "2025-12-16T14:15:49.76Z", "LastModifiedDate": "2025-12-18T15:08:25.907Z" }, { "VulnerabilityID": "CVE-2025-68183", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68183", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:10d66efc26e51d92b2a5c133ac249dd10011c5d866acaa16a609c34bf6b41cdd", "Title": "kernel: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr\n\nCurrently when both IMA and EVM are in fix mode, the IMA signature will\nbe reset to IMA hash if a program first stores IMA signature in\nsecurity.ima and then writes/removes some other security xattr for the\nfile.\n\nFor example, on Fedora, after booting the kernel with \"ima_appraise=fix\nevm=fix ima_policy=appraise_tcb\" and installing rpm-plugin-ima,\ninstalling/reinstalling a package will not make good reference IMA\nsignature generated. Instead IMA hash is generated,\n\n # getfattr -m - -d -e hex /usr/bin/bash\n # file: usr/bin/bash\n security.ima=0x0404...\n\nThis happens because when setting security.selinux, the IMA_DIGSIG flag\nthat had been set early was cleared. As a result, IMA hash is generated\nwhen the file is closed.\n\nSimilarly, IMA signature can be cleared on file close after removing\nsecurity xattr like security.evm or setting/removing ACL.\n\nPrevent replacing the IMA file signature with a file hash, by preventing\nthe IMA_DIGSIG flag from being reset.\n\nHere's a minimal C reproducer which sets security.selinux as the last\nstep which can also replaced by removing security.evm or setting ACL,\n\n #include \u003cstdio.h\u003e\n #include \u003csys/xattr.h\u003e\n #include \u003cfcntl.h\u003e\n #include \u003cunistd.h\u003e\n #include \u003cstring.h\u003e\n #include \u003cstdlib.h\u003e\n\n int main() {\n const char* file_path = \"/usr/sbin/test_binary\";\n const char* hex_string = \"030204d33204490066306402304\";\n int length = strlen(hex_string);\n char* ima_attr_value;\n int fd;\n\n fd = open(file_path, O_WRONLY|O_CREAT|O_EXCL, 0644);\n if (fd == -1) {\n perror(\"Error opening file\");\n return 1;\n }\n\n ima_attr_value = (char*)malloc(length / 2 );\n for (int i = 0, j = 0; i \u003c length; i += 2, j++) {\n sscanf(hex_string + i, \"%2hhx\", \u0026ima_attr_value[j]);\n }\n\n if (fsetxattr(fd, \"security.ima\", ima_attr_value, length/2, 0) == -1) {\n perror(\"Error setting extended attribute\");\n close(fd);\n return 1;\n }\n\n const char* selinux_value= \"system_u:object_r:bin_t:s0\";\n if (fsetxattr(fd, \"security.selinux\", selinux_value, strlen(selinux_value), 0) == -1) {\n perror(\"Error setting extended attribute\");\n close(fd);\n return 1;\n }\n\n close(fd);\n\n return 0;\n }", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68183", "https://git.kernel.org/linus/88b4cbcf6b041ae0f2fc8a34554a5b6a83a2b7cd (6.18-rc1)", "https://git.kernel.org/stable/c/02aa671c08a4834bef5166743a7b88686fbfa023", "https://git.kernel.org/stable/c/88b4cbcf6b041ae0f2fc8a34554a5b6a83a2b7cd", "https://git.kernel.org/stable/c/d2993a7e98eb70c737c6f5365a190e79c72b8407", "https://git.kernel.org/stable/c/edd824eb45e4f7e05ad3ab090dab6dbdb79cd292", "https://linux.oracle.com/cve/CVE-2025-68183.html", "https://linux.oracle.com/errata/ELSA-2026-50006.html", "https://lore.kernel.org/linux-cve-announce/2025121632-CVE-2025-68183-f588@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68183", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-68183" ], "PublishedDate": "2025-12-16T14:15:50.88Z", "LastModifiedDate": "2025-12-18T15:08:25.907Z" }, { "VulnerabilityID": "CVE-2025-68184", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68184", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e1d72a31c9ca91a83881de15d73b1777d98cb1a9d8dd96bd785607f0765a5de7", "Title": "kernel: drm/mediatek: Disable AFBC support on Mediatek DRM driver", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: Disable AFBC support on Mediatek DRM driver\n\nCommit c410fa9b07c3 (\"drm/mediatek: Add AFBC support to Mediatek DRM\ndriver\") added AFBC support to Mediatek DRM and enabled the\n32x8/split/sparse modifier.\n\nHowever, this is currently broken on Mediatek MT8188 (Genio 700 EVK\nplatform); tested using upstream Kernel and Mesa (v25.2.1), AFBC is used by\ndefault since Mesa v25.0.\n\nKernel trace reports vblank timeouts constantly, and the render is garbled:\n\n```\n[CRTC:62:crtc-0] vblank wait timed out\nWARNING: CPU: 7 PID: 70 at drivers/gpu/drm/drm_atomic_helper.c:1835 drm_atomic_helper_wait_for_vblanks.part.0+0x24c/0x27c\n[...]\nHardware name: MediaTek Genio-700 EVK (DT)\nWorkqueue: events_unbound commit_work\npstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : drm_atomic_helper_wait_for_vblanks.part.0+0x24c/0x27c\nlr : drm_atomic_helper_wait_for_vblanks.part.0+0x24c/0x27c\nsp : ffff80008337bca0\nx29: ffff80008337bcd0 x28: 0000000000000061 x27: 0000000000000000\nx26: 0000000000000001 x25: 0000000000000000 x24: ffff0000c9dcc000\nx23: 0000000000000001 x22: 0000000000000000 x21: ffff0000c66f2f80\nx20: ffff0000c0d7d880 x19: 0000000000000000 x18: 000000000000000a\nx17: 000000040044ffff x16: 005000f2b5503510 x15: 0000000000000000\nx14: 0000000000000000 x13: 74756f2064656d69 x12: 742074696177206b\nx11: 0000000000000058 x10: 0000000000000018 x9 : ffff800082396a70\nx8 : 0000000000057fa8 x7 : 0000000000000cce x6 : ffff8000823eea70\nx5 : ffff0001fef5f408 x4 : ffff80017ccee000 x3 : ffff0000c12cb480\nx2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0000c12cb480\nCall trace:\n drm_atomic_helper_wait_for_vblanks.part.0+0x24c/0x27c (P)\n drm_atomic_helper_commit_tail_rpm+0x64/0x80\n commit_tail+0xa4/0x1a4\n commit_work+0x14/0x20\n process_one_work+0x150/0x290\n worker_thread+0x2d0/0x3ec\n kthread+0x12c/0x210\n ret_from_fork+0x10/0x20\n---[ end trace 0000000000000000 ]---\n```\n\nUntil this gets fixed upstream, disable AFBC support on this platform, as\nit's currently broken with upstream Mesa.", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68184", "https://git.kernel.org/linus/9882a40640036d5bbc590426a78981526d4f2345 (6.18-rc5)", "https://git.kernel.org/stable/c/0eaa0a3dfe218c4cf1a0782ccbbc9e3931718f17", "https://git.kernel.org/stable/c/72223700b620885d556a4c52a63f5294316176c6", "https://git.kernel.org/stable/c/9882a40640036d5bbc590426a78981526d4f2345", "https://git.kernel.org/stable/c/df1ad5de2197ea1b527d13ae7b699e9ee7d724d4", "https://lore.kernel.org/linux-cve-announce/2025121632-CVE-2025-68184-602a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68184", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-68184" ], "PublishedDate": "2025-12-16T14:15:50.997Z", "LastModifiedDate": "2025-12-18T15:08:25.907Z" }, { "VulnerabilityID": "CVE-2025-68185", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68185", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f8522c51d2876f17456c8c32545d8862a59ae6cb120974366384971ca07c3673", "Title": "kernel: nfs4_setup_readdir(): insufficient locking for -\u003ed_parent-\u003ed_inode dereferencing", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs4_setup_readdir(): insufficient locking for -\u003ed_parent-\u003ed_inode dereferencing\n\nTheoretically it's an oopsable race, but I don't believe one can manage\nto hit it on real hardware; might become doable on a KVM, but it still\nwon't be easy to attack.\n\nAnyway, it's easy to deal with - since xdr_encode_hyper() is just a call of\nput_unaligned_be64(), we can put that under -\u003ed_lock and be done with that.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68185", "https://git.kernel.org/linus/a890a2e339b929dbd843328f9a92a1625404fe63 (6.18-rc1)", "https://git.kernel.org/stable/c/40be5b9080114f18b0cea386db415b68a7273c1a", "https://git.kernel.org/stable/c/504b3fb9948a9e96ebbabdee0d33966a8bab15cb", "https://git.kernel.org/stable/c/6025f641a0e30afdc5aa62017397b1860ad9f677", "https://git.kernel.org/stable/c/a890a2e339b929dbd843328f9a92a1625404fe63", "https://git.kernel.org/stable/c/e6cafe71eb3b5579b245ba1bd528a181e77f3df1", "https://git.kernel.org/stable/c/eacfd08b26a062f1095b18719715bc82ad35312e", "https://git.kernel.org/stable/c/f5e570eaab36a110c6ffda32b87c51170990c2d1", "https://git.kernel.org/stable/c/fa4daf7d11e45b72aad5d943a7ab991f869fff79", "https://linux.oracle.com/cve/CVE-2025-68185.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025121633-CVE-2025-68185-6db0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68185", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68185" ], "PublishedDate": "2025-12-16T14:15:51.113Z", "LastModifiedDate": "2025-12-18T15:08:25.907Z" }, { "VulnerabilityID": "CVE-2025-68188", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68188", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:50c215165977c8587a310e6481183c5c8d8e238fb4c9164400ae08d01141bfec", "Title": "kernel: tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check()\n\nUse RCU to avoid a pair of atomic operations and a potential\nUAF on dst_dev()-\u003eflags.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68188", "https://git.kernel.org/linus/b62a59c18b692f892dcb8109c1c2e653b2abc95c (6.18-rc1)", "https://git.kernel.org/stable/c/06da08d9355bf8e2070459bbedbe372ccc02cc0e", "https://git.kernel.org/stable/c/b62a59c18b692f892dcb8109c1c2e653b2abc95c", "https://git.kernel.org/stable/c/bc2b881a0896c111c1041d8bb1f92a3b3873ace5", "https://linux.oracle.com/cve/CVE-2025-68188.html", "https://linux.oracle.com/errata/ELSA-2026-50006.html", "https://lore.kernel.org/linux-cve-announce/2025121634-CVE-2025-68188-5392@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68188", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://www.cve.org/CVERecord?id=CVE-2025-68188" ], "PublishedDate": "2025-12-16T14:15:51.46Z", "LastModifiedDate": "2025-12-18T15:08:25.907Z" }, { "VulnerabilityID": "CVE-2025-68190", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68190", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4358bb1f18347579f9b49759aa2cafb28ed8b57e61584f6b63c0d8273eeea6da", "Title": "kernel: drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked()\n\nkcalloc() may fail. When WS is non-zero and allocation fails, ectx.ws\nremains NULL while ectx.ws_size is set, leading to a potential NULL\npointer dereference in atom_get_src_int() when accessing WS entries.\n\nReturn -ENOMEM on allocation failure to avoid the NULL dereference.", "Severity": "MEDIUM", "VendorSeverity": { "oracle-oval": 3, "photon": 3, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68190", "https://git.kernel.org/linus/cc9a8e238e42c1f43b98c097995137d644b69245 (6.18-rc1)", "https://git.kernel.org/stable/c/35f3fb86bb0158a298d6834e7e110dcaf07f490c", "https://git.kernel.org/stable/c/997e28d3d00a1d30649629515e4402612921205b", "https://git.kernel.org/stable/c/cc9a8e238e42c1f43b98c097995137d644b69245", "https://linux.oracle.com/cve/CVE-2025-68190.html", "https://linux.oracle.com/errata/ELSA-2026-50006.html", "https://lore.kernel.org/linux-cve-announce/2025121634-CVE-2025-68190-e648@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68190", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-68190" ], "PublishedDate": "2025-12-16T14:15:51.677Z", "LastModifiedDate": "2025-12-18T15:08:25.907Z" }, { "VulnerabilityID": "CVE-2025-68191", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68191", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:88e44a8421bedc9504abfe9870f4cee350a0fa388bce8ce81c2b859355ed34c7", "Title": "kernel: udp_tunnel: use netdev_warn() instead of netdev_WARN()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nudp_tunnel: use netdev_warn() instead of netdev_WARN()\n\nnetdev_WARN() uses WARN/WARN_ON to print a backtrace along with\nfile and line information. In this case, udp_tunnel_nic_register()\nreturning an error is just a failed operation, not a kernel bug.\n\nudp_tunnel_nic_register() can fail due to a memory allocation\nfailure (kzalloc() or udp_tunnel_nic_alloc()).\nThis is a normal runtime error and not a kernel bug.\n\nReplace netdev_WARN() with netdev_warn() accordingly.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "oracle-oval": 3, "photon": 1, "redhat": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68191", "https://git.kernel.org/linus/dc2f650f7e6857bf384069c1a56b2937a1ee370d (6.18-rc1)", "https://git.kernel.org/stable/c/087f1ed450dc6e7e49ffbbbe5b78be1218c6d5e0", "https://git.kernel.org/stable/c/3c3b148bf8384c8a787753cf20abde1c5731f97f", "https://git.kernel.org/stable/c/45e4e4a8772fa1c5f6f38e82b732b3a9d8137af4", "https://git.kernel.org/stable/c/51b3033088f0420b19027e3d54cd989b6ebd987e", "https://git.kernel.org/stable/c/7758ec35ff3e9a31558eda4f0f9eb0ddfa78a8ba", "https://git.kernel.org/stable/c/c018a87942bf1607aeebf8dba5a210ca9a09a0fd", "https://git.kernel.org/stable/c/dc2f650f7e6857bf384069c1a56b2937a1ee370d", "https://linux.oracle.com/cve/CVE-2025-68191.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025121635-CVE-2025-68191-ec54@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68191", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68191" ], "PublishedDate": "2025-12-16T14:15:51.79Z", "LastModifiedDate": "2025-12-18T15:08:25.907Z" }, { "VulnerabilityID": "CVE-2025-68192", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68192", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:10f48d2b66d5d142ba9c35bcd619eff74a779c278a9c00f42f9a3b326c2f2884", "Title": "kernel: net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup\n\nRaw IP packets have no MAC header, leaving skb-\u003emac_header uninitialized.\nThis can trigger kernel panics on ARM64 when xfrm or other subsystems\naccess the offset due to strict alignment checks.\n\nInitialize the MAC header to prevent such crashes.\n\nThis can trigger kernel panics on ARM when running IPsec over the\nqmimux0 interface.\n\nExample trace:\n\n Internal error: Oops: 000000009600004f [#1] SMP\n CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.34-gbe78e49cb433 #1\n Hardware name: LS1028A RDB Board (DT)\n pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : xfrm_input+0xde8/0x1318\n lr : xfrm_input+0x61c/0x1318\n sp : ffff800080003b20\n Call trace:\n xfrm_input+0xde8/0x1318\n xfrm6_rcv+0x38/0x44\n xfrm6_esp_rcv+0x48/0xa8\n ip6_protocol_deliver_rcu+0x94/0x4b0\n ip6_input_finish+0x44/0x70\n ip6_input+0x44/0xc0\n ipv6_rcv+0x6c/0x114\n __netif_receive_skb_one_core+0x5c/0x8c\n __netif_receive_skb+0x18/0x60\n process_backlog+0x78/0x17c\n __napi_poll+0x38/0x180\n net_rx_action+0x168/0x2f0", "Severity": "MEDIUM", "VendorSeverity": { "oracle-oval": 3, "photon": 3, "redhat": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68192", "https://git.kernel.org/linus/e120f46768d98151ece8756ebd688b0e43dc8b29 (6.18-rc5)", "https://git.kernel.org/stable/c/0aabccdcec1f4a36f95829ea2263f845bbc77223", "https://git.kernel.org/stable/c/4e6b9004f01d0fef5b19778399bc5bf55f8c2d71", "https://git.kernel.org/stable/c/8ab3b8f958d861a7f725a5be60769106509fbd69", "https://git.kernel.org/stable/c/ae811175cea35b03ac6d7c910f43a82a43b9c3b3", "https://git.kernel.org/stable/c/bf527b80b80a282ab5bf1540546211fc35e5cd42", "https://git.kernel.org/stable/c/d693c47fb902b988f5752182e4f7fbde5e6dcaf9", "https://git.kernel.org/stable/c/dd03780c29f87c26c0e0bb7e0db528c8109461fb", "https://git.kernel.org/stable/c/e120f46768d98151ece8756ebd688b0e43dc8b29", "https://linux.oracle.com/cve/CVE-2025-68192.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025121635-CVE-2025-68192-4491@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68192", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68192" ], "PublishedDate": "2025-12-16T14:15:51.9Z", "LastModifiedDate": "2025-12-18T15:08:25.907Z" }, { "VulnerabilityID": "CVE-2025-68193", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68193", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1a7d39a26b505736d80446060ae27e39f2a1fb76c39bc4507bf55abb27334ad3", "Title": "kernel: drm/xe/guc: Add devm release action to safely tear down CT", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/guc: Add devm release action to safely tear down CT\n\nWhen a buffer object (BO) is allocated with the XE_BO_FLAG_GGTT_INVALIDATE\nflag, the driver initiates TLB invalidation requests via the CTB mechanism\nwhile releasing the BO. However a premature release of the CTB BO can lead\nto system crashes, as observed in:\n\nOops: Oops: 0000 [#1] SMP NOPTI\nRIP: 0010:h2g_write+0x2f3/0x7c0 [xe]\nCall Trace:\n guc_ct_send_locked+0x8b/0x670 [xe]\n xe_guc_ct_send_locked+0x19/0x60 [xe]\n send_tlb_invalidation+0xb4/0x460 [xe]\n xe_gt_tlb_invalidation_ggtt+0x15e/0x2e0 [xe]\n ggtt_invalidate_gt_tlb.part.0+0x16/0x90 [xe]\n ggtt_node_remove+0x110/0x140 [xe]\n xe_ggtt_node_remove+0x40/0xa0 [xe]\n xe_ggtt_remove_bo+0x87/0x250 [xe]\n\nIntroduce a devm-managed release action during xe_guc_ct_init() and\nxe_guc_ct_init_post_hwconfig() to ensure proper CTB disablement before\nresource deallocation, preventing the use-after-free scenario.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68193", "https://git.kernel.org/linus/ee4b32220a6b41e71512e8804585325e685456ba (6.18-rc1)", "https://git.kernel.org/stable/c/52faa05fcd9f78af99abebe30a4b7b444744c991", "https://git.kernel.org/stable/c/ee4b32220a6b41e71512e8804585325e685456ba", "https://lore.kernel.org/linux-cve-announce/2025121635-CVE-2025-68193-2474@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68193", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://www.cve.org/CVERecord?id=CVE-2025-68193" ], "PublishedDate": "2025-12-16T14:15:52.02Z", "LastModifiedDate": "2025-12-18T15:08:25.907Z" }, { "VulnerabilityID": "CVE-2025-68194", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68194", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:040f74e150122bf2073ec5e7893632e3ce2195039819cae0329c40e0b596acef", "Title": "kernel: media: imon: make send_packet() more robust", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imon: make send_packet() more robust\n\nsyzbot is reporting that imon has three problems which result in\nhung tasks due to forever holding device lock [1].\n\nFirst problem is that when usb_rx_callback_intf0() once got -EPROTO error\nafter ictx-\u003edev_present_intf0 became true, usb_rx_callback_intf0()\nresubmits urb after printk(), and resubmitted urb causes\nusb_rx_callback_intf0() to again get -EPROTO error. This results in\nprintk() flooding (RCU stalls).\n\nAlan Stern commented [2] that\n\n In theory it's okay to resubmit _if_ the driver has a robust\n error-recovery scheme (such as giving up after some fixed limit on the\n number of errors or after some fixed time has elapsed, perhaps with a\n time delay to prevent a flood of errors). Most drivers don't bother to\n do this; they simply give up right away. This makes them more\n vulnerable to short-term noise interference during USB transfers, but in\n reality such interference is quite rare. There's nothing really wrong\n with giving up right away.\n\nbut imon has a poor error-recovery scheme which just retries forever;\nthis behavior should be fixed.\n\nSince I'm not sure whether it is safe for imon users to give up upon any\nerror code, this patch takes care of only union of error codes chosen from\nmodules in drivers/media/rc/ directory which handle -EPROTO error (i.e.\nir_toy, mceusb and igorplugusb).\n\nSecond problem is that when usb_rx_callback_intf0() once got -EPROTO error\nbefore ictx-\u003edev_present_intf0 becomes true, usb_rx_callback_intf0() always\nresubmits urb due to commit 8791d63af0cf (\"[media] imon: don't wedge\nhardware after early callbacks\"). Move the ictx-\u003edev_present_intf0 test\nintroduced by commit 6f6b90c9231a (\"[media] imon: don't parse scancodes\nuntil intf configured\") to immediately before imon_incoming_packet(), or\nthe first problem explained above happens without printk() flooding (i.e.\nhung task).\n\nThird problem is that when usb_rx_callback_intf0() is not called for some\nreason (e.g. flaky hardware; the reproducer for this problem sometimes\nprevents usb_rx_callback_intf0() from being called),\nwait_for_completion_interruptible() in send_packet() never returns (i.e.\nhung task). As a workaround for such situation, change send_packet() to\nwait for completion with timeout of 10 seconds.", "Severity": "MEDIUM", "VendorSeverity": { "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68194", "https://git.kernel.org/linus/eecd203ada43a4693ce6fdd3a58ae10c7819252c (6.18-rc1)", "https://git.kernel.org/stable/c/0213e4175abbb9dfcbf7c197e3817d527f459ad5", "https://git.kernel.org/stable/c/26f6a1dd5d81ad61a875a747698da6f27abf389b", "https://git.kernel.org/stable/c/519737af11c03590819a6eec2ad532cfdb87ea63", "https://git.kernel.org/stable/c/667afd4681781f60a644cd0d2ee6c59cb1c36208", "https://git.kernel.org/stable/c/8231e80118463be5598daaf266c1c83650f1948b", "https://git.kernel.org/stable/c/eecd203ada43a4693ce6fdd3a58ae10c7819252c", "https://git.kernel.org/stable/c/f58ab83b7b7133e6baefe03a46846c4f6ce45e2f", "https://git.kernel.org/stable/c/f7f3ecb4934fff782fa9bb1cd16e2290c041b22d", "https://linux.oracle.com/cve/CVE-2025-68194.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025121636-CVE-2025-68194-2b2f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68194", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68194" ], "PublishedDate": "2025-12-16T14:15:52.127Z", "LastModifiedDate": "2025-12-18T15:08:25.907Z" }, { "VulnerabilityID": "CVE-2025-68196", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68196", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2d5d86dcf2a64b547a7c0a76e118f3cdd8100b40ca71d79e6f6e952d1da21397", "Title": "kernel: drm/amd/display: Cache streams targeting link when performing LT automation", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Cache streams targeting link when performing LT automation\n\n[WHY]\nLast LT automation update can cause crash by referencing current_state and\ncalling into dc_update_planes_and_stream which may clobber current_state.\n\n[HOW]\nCache relevant stream pointers and iterate through them instead of relying\non the current_state.", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68196", "https://git.kernel.org/linus/f5b69101f956f5b89605a13cb15f093a7906f2a1 (6.18-rc1)", "https://git.kernel.org/stable/c/9ecd238e8230e83a5c5436fd2261da4518f5c979", "https://git.kernel.org/stable/c/f5b69101f956f5b89605a13cb15f093a7906f2a1", "https://lore.kernel.org/linux-cve-announce/2025121636-CVE-2025-68196-5e6e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68196", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://www.cve.org/CVERecord?id=CVE-2025-68196" ], "PublishedDate": "2025-12-16T14:15:52.377Z", "LastModifiedDate": "2025-12-18T15:08:25.907Z" }, { "VulnerabilityID": "CVE-2025-68200", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68200", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:bd37ee76a6b4ffc2bb0b9feee0a6f968f60b58f3b75f44301b575d7d7c566323", "Title": "kernel: bpf: Add bpf_prog_run_data_pointers()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Add bpf_prog_run_data_pointers()\n\nsyzbot found that cls_bpf_classify() is able to change\ntc_skb_cb(skb)-\u003edrop_reason triggering a warning in sk_skb_reason_drop().\n\nWARNING: CPU: 0 PID: 5965 at net/core/skbuff.c:1192 __sk_skb_reason_drop net/core/skbuff.c:1189 [inline]\nWARNING: CPU: 0 PID: 5965 at net/core/skbuff.c:1192 sk_skb_reason_drop+0x76/0x170 net/core/skbuff.c:1214\n\nstruct tc_skb_cb has been added in commit ec624fe740b4 (\"net/sched:\nExtend qdisc control block with tc control block\"), which added a wrong\ninteraction with db58ba459202 (\"bpf: wire in data and data_end for\ncls_act_bpf\").\n\ndrop_reason was added later.\n\nAdd bpf_prog_run_data_pointers() helper to save/restore the net_sched\nstorage colliding with BPF data_meta/data_end.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68200", "https://git.kernel.org/linus/4ef92743625818932b9c320152b58274c05e5053 (6.18-rc6)", "https://git.kernel.org/stable/c/4ef92743625818932b9c320152b58274c05e5053", "https://git.kernel.org/stable/c/5e149d8a8e732126fb6014efd60075cf63a73f91", "https://git.kernel.org/stable/c/6392e5f4b1a3cce10e828309baf35d22abd3457d", "https://git.kernel.org/stable/c/8dd2fe5f5d586c8e87307b7a271f6b994afcc006", "https://git.kernel.org/stable/c/baa61dcaa50b7141048c8d2aede7fe9ed8f21d11", "https://git.kernel.org/stable/c/c4cdd143c35974a2cedd000fa9eb3accc3023b20", "https://linux.oracle.com/cve/CVE-2025-68200.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025121630-CVE-2025-68200-3bbb@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68200", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68200" ], "PublishedDate": "2025-12-16T14:15:52.82Z", "LastModifiedDate": "2025-12-18T15:08:25.907Z" }, { "VulnerabilityID": "CVE-2025-68201", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68201", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7867c7e7cdbab21d3d6436be4a71aa5d392ff743bf7a11839d8ecc34c0a8abba", "Title": "kernel: drm/amdgpu: remove two invalid BUG_ON()s", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: remove two invalid BUG_ON()s\n\nThose can be triggered trivially by userspace.", "Severity": "MEDIUM", "VendorSeverity": { "oracle-oval": 3, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68201", "https://git.kernel.org/linus/5d55ed19d4190d2c210ac05ac7a53f800a8c6fe5 (6.18-rc2)", "https://git.kernel.org/stable/c/5d55ed19d4190d2c210ac05ac7a53f800a8c6fe5", "https://git.kernel.org/stable/c/a41bdba05899c7f455cd960ef0713acc335370dc", "https://git.kernel.org/stable/c/eaf12bffd7f79f4d46ec028706f9d1a2d90f46fd", "https://linux.oracle.com/cve/CVE-2025-68201.html", "https://linux.oracle.com/errata/ELSA-2026-50006.html", "https://lore.kernel.org/linux-cve-announce/2025121630-CVE-2025-68201-d175@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68201", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-68201" ], "PublishedDate": "2025-12-16T14:15:52.937Z", "LastModifiedDate": "2025-12-18T15:08:25.907Z" }, { "VulnerabilityID": "CVE-2025-68204", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68204", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:dd76d13eb31971b520b69eb9c987ce0a857e27347d663cbbc85de4d9edd2a8dd", "Title": "kernel: Linux kernel: Denial of Service due to generic power domain leak", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: arm: scmi: Fix genpd leak on provider registration failure\n\nIf of_genpd_add_provider_onecell() fails during probe, the previously\ncreated generic power domains are not removed, leading to a memory leak\nand potential kernel crash later in genpd_debug_add().\n\nAdd proper error handling to unwind the initialized domains before\nreturning from probe to ensure all resources are correctly released on\nfailure.\n\nExample crash trace observed without this fix:\n\n | Unable to handle kernel paging request at virtual address fffffffffffffc70\n | CPU: 1 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.18.0-rc1 #405 PREEMPT\n | Hardware name: ARM LTD ARM Juno Development Platform/ARM Juno Development Platform\n | pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n | pc : genpd_debug_add+0x2c/0x160\n | lr : genpd_debug_init+0x74/0x98\n | Call trace:\n | genpd_debug_add+0x2c/0x160 (P)\n | genpd_debug_init+0x74/0x98\n | do_one_initcall+0xd0/0x2d8\n | do_initcall_level+0xa0/0x140\n | do_initcalls+0x60/0xa8\n | do_basic_setup+0x28/0x40\n | kernel_init_freeable+0xe8/0x170\n | kernel_init+0x2c/0x140\n | ret_from_fork+0x10/0x20", "Severity": "MEDIUM", "VendorSeverity": { "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68204", "https://git.kernel.org/linus/7458f72cc28f9eb0de811effcb5376d0ec19094a (6.18-rc6)", "https://git.kernel.org/stable/c/18249a167ffd91b4b4fbd92afd4ddcbf3af81f35", "https://git.kernel.org/stable/c/582f48d22eb5676fe7be3589b986ddd29f7bf4d1", "https://git.kernel.org/stable/c/7458f72cc28f9eb0de811effcb5376d0ec19094a", "https://git.kernel.org/stable/c/7f569197f7ad09319af960bd7e43109de5c67c04", "https://git.kernel.org/stable/c/921b090841ae7a08b19ab14495bdf8636dc31e21", "https://git.kernel.org/stable/c/983e91da82ec3e331600108f9be3ea61236f5c75", "https://git.kernel.org/stable/c/ad120c08b89a81d41d091490bbe150343473b659", "https://git.kernel.org/stable/c/c6e11d320fd6cbaef6d589f2fcb45aa25a6b960a", "https://lore.kernel.org/linux-cve-announce/2025121631-CVE-2025-68204-8659@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68204", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68204" ], "PublishedDate": "2025-12-16T14:15:53.26Z", "LastModifiedDate": "2025-12-18T15:08:25.907Z" }, { "VulnerabilityID": "CVE-2025-68206", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68206", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c5ff908ff070deacb82d90a00bf40d0776cb975ca2aaf41d2d5ab1204dc19f49", "Title": "kernel: netfilter: nft_ct: add seqadj extension for natted connections", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_ct: add seqadj extension for natted connections\n\nSequence adjustment may be required for FTP traffic with PASV/EPSV modes.\ndue to need to re-write packet payload (IP, port) on the ftp control\nconnection. This can require changes to the TCP length and expected\nseq / ack_seq.\n\nThe easiest way to reproduce this issue is with PASV mode.\nExample ruleset:\ntable inet ftp_nat {\n ct helper ftp_helper {\n type \"ftp\" protocol tcp\n l3proto inet\n }\n\n chain prerouting {\n type filter hook prerouting priority 0; policy accept;\n tcp dport 21 ct state new ct helper set \"ftp_helper\"\n }\n}\ntable ip nat {\n chain prerouting {\n type nat hook prerouting priority -100; policy accept;\n tcp dport 21 dnat ip prefix to ip daddr map {\n\t\t\t192.168.100.1 : 192.168.13.2/32 }\n }\n\n chain postrouting {\n type nat hook postrouting priority 100 ; policy accept;\n tcp sport 21 snat ip prefix to ip saddr map {\n\t\t\t192.168.13.2 : 192.168.100.1/32 }\n }\n}\n\nNote that the ftp helper gets assigned *after* the dnat setup.\n\nThe inverse (nat after helper assign) is handled by an existing\ncheck in nf_nat_setup_info() and will not show the problem.\n\nTopoloy:\n\n +-------------------+ +----------------------------------+\n | FTP: 192.168.13.2 | \u003c-\u003e | NAT: 192.168.13.3, 192.168.100.1 |\n +-------------------+ +----------------------------------+\n |\n +-----------------------+\n | Client: 192.168.100.2 |\n +-----------------------+\n\nftp nat changes do not work as expected in this case:\nConnected to 192.168.100.1.\n[..]\nftp\u003e epsv\nEPSV/EPRT on IPv4 off.\nftp\u003e ls\n227 Entering passive mode (192,168,100,1,209,129).\n421 Service not available, remote server has closed connection.\n\nKernel logs:\nMissing nfct_seqadj_ext_add() setup call\nWARNING: CPU: 1 PID: 0 at net/netfilter/nf_conntrack_seqadj.c:41\n[..]\n __nf_nat_mangle_tcp_packet+0x100/0x160 [nf_nat]\n nf_nat_ftp+0x142/0x280 [nf_nat_ftp]\n help+0x4d1/0x880 [nf_conntrack_ftp]\n nf_confirm+0x122/0x2e0 [nf_conntrack]\n nf_hook_slow+0x3c/0xb0\n ..\n\nFix this by adding the required extension when a conntrack helper is assigned\nto a connection that has a nat binding.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 4, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68206", "https://git.kernel.org/linus/90918e3b6404c2a37837b8f11692471b4c512de2 (6.18-rc4)", "https://git.kernel.org/stable/c/2b52d89cbbb0dbe3e948d8d9a91e704316dccfe6", "https://git.kernel.org/stable/c/4ab2cd906e4e1a19ddbda6eb532851b0e9cda110", "https://git.kernel.org/stable/c/4de80f0dc3868408dd7fe9817e507123c9dd8bb0", "https://git.kernel.org/stable/c/90918e3b6404c2a37837b8f11692471b4c512de2", "https://git.kernel.org/stable/c/b477ef7fa612fa45b6b3134d90d1eeb09396500a", "https://linux.oracle.com/cve/CVE-2025-68206.html", "https://linux.oracle.com/errata/ELSA-2026-50112.html", "https://lore.kernel.org/linux-cve-announce/2025121632-CVE-2025-68206-47ba@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68206", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://www.cve.org/CVERecord?id=CVE-2025-68206" ], "PublishedDate": "2025-12-16T14:15:53.487Z", "LastModifiedDate": "2026-03-25T11:16:13.68Z" }, { "VulnerabilityID": "CVE-2025-68214", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68214", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c9cf74d181acd9182d0a6f8d72368d79b9d1113b2149d2c19e3b99abe4c503eb", "Title": "kernel: Linux kernel: Denial of Service due to NULL function pointer race in timer shutdown", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntimers: Fix NULL function pointer race in timer_shutdown_sync()\n\nThere is a race condition between timer_shutdown_sync() and timer\nexpiration that can lead to hitting a WARN_ON in expire_timers().\n\nThe issue occurs when timer_shutdown_sync() clears the timer function\nto NULL while the timer is still running on another CPU. The race\nscenario looks like this:\n\nCPU0\t\t\t\t\tCPU1\n\t\t\t\t\t\u003cSOFTIRQ\u003e\n\t\t\t\t\tlock_timer_base()\n\t\t\t\t\texpire_timers()\n\t\t\t\t\tbase-\u003erunning_timer = timer;\n\t\t\t\t\tunlock_timer_base()\n\t\t\t\t\t[call_timer_fn enter]\n\t\t\t\t\tmod_timer()\n\t\t\t\t\t...\ntimer_shutdown_sync()\nlock_timer_base()\n// For now, will not detach the timer but only clear its function to NULL\nif (base-\u003erunning_timer != timer)\n\tret = detach_if_pending(timer, base, true);\nif (shutdown)\n\ttimer-\u003efunction = NULL;\nunlock_timer_base()\n\t\t\t\t\t[call_timer_fn exit]\n\t\t\t\t\tlock_timer_base()\n\t\t\t\t\tbase-\u003erunning_timer = NULL;\n\t\t\t\t\tunlock_timer_base()\n\t\t\t\t\t...\n\t\t\t\t\t// Now timer is pending while its function set to NULL.\n\t\t\t\t\t// next timer trigger\n\t\t\t\t\t\u003cSOFTIRQ\u003e\n\t\t\t\t\texpire_timers()\n\t\t\t\t\tWARN_ON_ONCE(!fn) // hit\n\t\t\t\t\t...\nlock_timer_base()\n// Now timer will detach\nif (base-\u003erunning_timer != timer)\n\tret = detach_if_pending(timer, base, true);\nif (shutdown)\n\ttimer-\u003efunction = NULL;\nunlock_timer_base()\n\nThe problem is that timer_shutdown_sync() clears the timer function\nregardless of whether the timer is currently running. This can leave a\npending timer with a NULL function pointer, which triggers the\nWARN_ON_ONCE(!fn) check in expire_timers().\n\nFix this by only clearing the timer function when actually detaching the\ntimer. If the timer is running, leave the function pointer intact, which is\nsafe because the timer will be properly detached when it finishes running.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68214", "https://git.kernel.org/linus/20739af07383e6eb1ec59dcd70b72ebfa9ac362c (6.18-rc7)", "https://git.kernel.org/stable/c/176725f4848376530a0f0da9023f956afcc33585", "https://git.kernel.org/stable/c/1a975716cc8977f461e45e28e3e5977d46ad7a6a", "https://git.kernel.org/stable/c/20739af07383e6eb1ec59dcd70b72ebfa9ac362c", "https://git.kernel.org/stable/c/6665fbd7730b26d770c232b20d1b907e6a67a914", "https://git.kernel.org/stable/c/a01efa7a780c42ac5170a949bd95c9786ffcc60a", "https://git.kernel.org/stable/c/ba43ac025c4318241f8edf94f31d2eebab86991b", "https://linux.oracle.com/cve/CVE-2025-68214.html", "https://linux.oracle.com/errata/ELSA-2026-50112.html", "https://lore.kernel.org/linux-cve-announce/2025121631-CVE-2025-68214-1871@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68214", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-68214" ], "PublishedDate": "2025-12-16T14:15:54.363Z", "LastModifiedDate": "2026-02-26T15:52:56.02Z" }, { "VulnerabilityID": "CVE-2025-68217", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68217", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3dd0102a4138f10d48692da3897a255c3be5f2be834670a8765851a1fd652c8a", "Title": "kernel: Input: pegasus-notetaker - fix potential out-of-bounds access", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: pegasus-notetaker - fix potential out-of-bounds access\n\nIn the pegasus_notetaker driver, the pegasus_probe() function allocates\nthe URB transfer buffer using the wMaxPacketSize value from\nthe endpoint descriptor. An attacker can use a malicious USB descriptor\nto force the allocation of a very small buffer.\n\nSubsequently, if the device sends an interrupt packet with a specific\npattern (e.g., where the first byte is 0x80 or 0x42),\nthe pegasus_parse_packet() function parses the packet without checking\nthe allocated buffer size. This leads to an out-of-bounds memory access.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68217", "https://git.kernel.org/linus/69aeb507312306f73495598a055293fa749d454e (6.18-rc7)", "https://git.kernel.org/stable/c/015b719962696b793997e8deefac019f816aca77", "https://git.kernel.org/stable/c/084264e10e2ae8938a54355123ad977eb9df56d6", "https://git.kernel.org/stable/c/36bc92b838ff72f62f2c17751a9013b29ead2513", "https://git.kernel.org/stable/c/69aeb507312306f73495598a055293fa749d454e", "https://git.kernel.org/stable/c/763c3f4d2394a697d14af1335d3bb42f05c9409f", "https://git.kernel.org/stable/c/9ab67eff6d654e34ba6da07c64761aa87c2a3c26", "https://git.kernel.org/stable/c/c4e746651bd74c38f581e1cf31651119a94de8cd", "https://git.kernel.org/stable/c/d344ea1baf1946c90f0cd6f9daeb5f3e0a0ca479", "https://lore.kernel.org/linux-cve-announce/2025121632-CVE-2025-68217-896e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68217", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68217" ], "PublishedDate": "2025-12-16T14:15:54.763Z", "LastModifiedDate": "2025-12-18T15:08:06.237Z" }, { "VulnerabilityID": "CVE-2025-68219", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68219", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3144575a9d46338c10930bd715e45d6aedf05e217afb8c786b5dca6438fc10ca", "Title": "kernel: cifs: fix memory leak in smb3_fs_context_parse_param error path", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix memory leak in smb3_fs_context_parse_param error path\n\nAdd proper cleanup of ctx-\u003esource and fc-\u003esource to the\ncifs_parse_mount_err error handler. This ensures that memory allocated\nfor the source strings is correctly freed on all error paths, matching\nthe cleanup already performed in the success path by\nsmb3_cleanup_fs_context_contents().\nPointers are also set to NULL after freeing to prevent potential\ndouble-free issues.\n\nThis change fixes a memory leak originally detected by syzbot. The\nleak occurred when processing Opt_source mount options if an error\nhappened after ctx-\u003esource and fc-\u003esource were successfully\nallocated but before the function completed.\n\nThe specific leak sequence was:\n1. ctx-\u003esource = smb3_fs_context_fullpath(ctx, '/') allocates memory\n2. fc-\u003esource = kstrdup(ctx-\u003esource, GFP_KERNEL) allocates more memory\n3. A subsequent error jumps to cifs_parse_mount_err\n4. The old error handler freed passwords but not the source strings,\ncausing the memory to leak.\n\nThis issue was not addressed by commit e8c73eb7db0a (\"cifs: client:\nfix memory leak in smb3_fs_context_parse_param\"), which only fixed\nleaks from repeated fsconfig() calls but not this error path.\n\nPatch updated with minor change suggested by kernel test robot", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68219", "https://git.kernel.org/linus/7e4d9120cfa413dd34f4f434befc5dbe6c38b2e5 (6.18-rc7)", "https://git.kernel.org/stable/c/37010021d7e0341bb241ca00bcbae31f2c50b23f", "https://git.kernel.org/stable/c/48d69290270891f988e72edddd9688c20515421d", "https://git.kernel.org/stable/c/7627864dc3121f39e220f5253a227edf472de59e", "https://git.kernel.org/stable/c/7e4d9120cfa413dd34f4f434befc5dbe6c38b2e5", "https://linux.oracle.com/cve/CVE-2025-68219.html", "https://linux.oracle.com/errata/ELSA-2026-50112.html", "https://lore.kernel.org/linux-cve-announce/2025121632-CVE-2025-68219-f9c4@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68219", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-68219" ], "PublishedDate": "2025-12-16T14:15:55.013Z", "LastModifiedDate": "2025-12-18T15:08:06.237Z" }, { "VulnerabilityID": "CVE-2025-68220", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68220", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9ac74ad06a5996e07e7155c354989111594d711e0b1fbc2884e5dafe1f60c774", "Title": "kernel: net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error\n\nMake knav_dma_open_channel consistently return NULL on error instead\nof ERR_PTR. Currently the header include/linux/soc/ti/knav_dma.h\nreturns NULL when the driver is disabled, but the driver\nimplementation does not even return NULL or ERR_PTR on failure,\ncausing inconsistency in the users. This results in a crash in\nnetcp_free_navigator_resources as followed (trimmed):\n\nUnhandled fault: alignment exception (0x221) at 0xfffffff2\n[fffffff2] *pgd=80000800207003, *pmd=82ffda003, *pte=00000000\nInternal error: : 221 [#1] SMP ARM\nModules linked in:\nCPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.17.0-rc7 #1 NONE\nHardware name: Keystone\nPC is at knav_dma_close_channel+0x30/0x19c\nLR is at netcp_free_navigator_resources+0x2c/0x28c\n\n[... TRIM...]\n\nCall trace:\n knav_dma_close_channel from netcp_free_navigator_resources+0x2c/0x28c\n netcp_free_navigator_resources from netcp_ndo_open+0x430/0x46c\n netcp_ndo_open from __dev_open+0x114/0x29c\n __dev_open from __dev_change_flags+0x190/0x208\n __dev_change_flags from netif_change_flags+0x1c/0x58\n netif_change_flags from dev_change_flags+0x38/0xa0\n dev_change_flags from ip_auto_config+0x2c4/0x11f0\n ip_auto_config from do_one_initcall+0x58/0x200\n do_one_initcall from kernel_init_freeable+0x1cc/0x238\n kernel_init_freeable from kernel_init+0x1c/0x12c\n kernel_init from ret_from_fork+0x14/0x38\n[... TRIM...]\n\nStandardize the error handling by making the function return NULL on\nall error conditions. The API is used in just the netcp_core.c so the\nimpact is limited.\n\nNote, this change, in effect reverts commit 5b6cb43b4d62 (\"net:\nethernet: ti: netcp_core: return error while dma channel open issue\"),\nbut provides a less error prone implementation.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68220", "https://git.kernel.org/linus/90a88306eb874fe4bbdd860e6c9787f5bbc588b5 (6.18-rc5)", "https://git.kernel.org/stable/c/2572c358ee434ce4b994472cceeb4043cbff5bc5", "https://git.kernel.org/stable/c/3afeb909c3e2e0eb19b1e20506196e5f2d9c2259", "https://git.kernel.org/stable/c/8427218ecbd7f8559c37972e66cb0fa06e82353b", "https://git.kernel.org/stable/c/90a88306eb874fe4bbdd860e6c9787f5bbc588b5", "https://git.kernel.org/stable/c/952637c5b9be64539cd0e13ef88db71a1df46373", "https://git.kernel.org/stable/c/af6b10a13fc0aee37df4a8292414cc055c263fa3", "https://git.kernel.org/stable/c/f9608637ecc165d7d6341df105aee44691461fb9", "https://git.kernel.org/stable/c/fbb53727ca789a8d27052aab4b77ca9e2a0fae2b", "https://lore.kernel.org/linux-cve-announce/2025121633-CVE-2025-68220-9526@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68220", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68220" ], "PublishedDate": "2025-12-16T14:15:55.143Z", "LastModifiedDate": "2025-12-18T15:08:06.237Z" }, { "VulnerabilityID": "CVE-2025-68223", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68223", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:858f4df08655382cfd7be6a31d66183c68402890dd845a34b8e2c11e2d6dd140", "Title": "kernel: drm/radeon: delete radeon_fence_process in is_signaled, no deadlock", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: delete radeon_fence_process in is_signaled, no deadlock\n\nDelete the attempt to progress the queue when checking if fence is\nsignaled. This avoids deadlock.\n\ndma-fence_ops::signaled can be called with the fence lock in unknown\nstate. For radeon, the fence lock is also the wait queue lock. This can\ncause a self deadlock when signaled() tries to make forward progress on\nthe wait queue. But advancing the queue is unneeded because incorrectly\nreturning false from signaled() is perfectly acceptable.\n\n(cherry picked from commit 527ba26e50ec2ca2be9c7c82f3ad42998a75d0db)", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68223", "https://git.kernel.org/linus/9eb00b5f5697bd56baa3222c7a1426fa15bacfb5 (6.18-rc7)", "https://git.kernel.org/stable/c/73bc12d6a547f9571ce4393acfd73c004e2df9e5", "https://git.kernel.org/stable/c/7e3e9b3a44c23c8eac86a41308c05077d6d30f41", "https://git.kernel.org/stable/c/9d0ed508a9e2af82951ce7d834f58c139fc2bd9b", "https://git.kernel.org/stable/c/9eb00b5f5697bd56baa3222c7a1426fa15bacfb5", "https://git.kernel.org/stable/c/d40a72d7e3bad4dfb311ef078f5a57362f088c7f", "https://linux.oracle.com/cve/CVE-2025-68223.html", "https://linux.oracle.com/errata/ELSA-2026-50112.html", "https://lore.kernel.org/linux-cve-announce/2025121634-CVE-2025-68223-4e44@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68223", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-68223" ], "PublishedDate": "2025-12-16T14:15:55.63Z", "LastModifiedDate": "2026-02-26T15:53:03.087Z" }, { "VulnerabilityID": "CVE-2025-68227", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68227", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:41d164df32735f46a30535d418c34a49a974d40bde1b671abc0fa0d5e571b722", "Title": "kernel: mptcp: Fix proto fallback detection with BPF", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: Fix proto fallback detection with BPF\n\nThe sockmap feature allows bpf syscall from userspace, or based\non bpf sockops, replacing the sk_prot of sockets during protocol stack\nprocessing with sockmap's custom read/write interfaces.\n'''\ntcp_rcv_state_process()\n syn_recv_sock()/subflow_syn_recv_sock()\n tcp_init_transfer(BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB)\n bpf_skops_established \u003c== sockops\n bpf_sock_map_update(sk) \u003c== call bpf helper\n tcp_bpf_update_proto() \u003c== update sk_prot\n'''\n\nWhen the server has MPTCP enabled but the client sends a TCP SYN\nwithout MPTCP, subflow_syn_recv_sock() performs a fallback on the\nsubflow, replacing the subflow sk's sk_prot with the native sk_prot.\n'''\nsubflow_syn_recv_sock()\n subflow_ulp_fallback()\n subflow_drop_ctx()\n mptcp_subflow_ops_undo_override()\n'''\n\nThen, this subflow can be normally used by sockmap, which replaces the\nnative sk_prot with sockmap's custom sk_prot. The issue occurs when the\nuser executes accept::mptcp_stream_accept::mptcp_fallback_tcp_ops().\nHere, it uses sk-\u003esk_prot to compare with the native sk_prot, but this\nis incorrect when sockmap is used, as we may incorrectly set\nsk-\u003esk_socket-\u003eops.\n\nThis fix uses the more generic sk_family for the comparison instead.\n\nAdditionally, this also prevents a WARNING from occurring:\n\nresult from ./scripts/decode_stacktrace.sh:\n------------[ cut here ]------------\nWARNING: CPU: 0 PID: 337 at net/mptcp/protocol.c:68 mptcp_stream_accept \\\n(net/mptcp/protocol.c:4005)\nModules linked in:\n...\n\nPKRU: 55555554\nCall Trace:\n\u003cTASK\u003e\ndo_accept (net/socket.c:1989)\n__sys_accept4 (net/socket.c:2028 net/socket.c:2057)\n__x64_sys_accept (net/socket.c:2067)\nx64_sys_call (arch/x86/entry/syscall_64.c:41)\ndo_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\nRIP: 0033:0x7f87ac92b83d\n\n---[ end trace 0000000000000000 ]---", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 3, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68227", "https://git.kernel.org/linus/c77b3b79a92e3345aa1ee296180d1af4e7031f8f (6.18-rc6)", "https://git.kernel.org/stable/c/037cc50589643342d69185b663ecf9d26cce91e8", "https://git.kernel.org/stable/c/1a0d5c74af9b6ba9ffdf1172de5a1a6df5922a00", "https://git.kernel.org/stable/c/344974ea1a3ca30e4920687b0091bda4438cebdb", "https://git.kernel.org/stable/c/7ee8f015eb47907745e2070184a8ab1e442ac3c4", "https://git.kernel.org/stable/c/92c4092fe012ecdfa5fb05d394f1c1d8f91ad81c", "https://git.kernel.org/stable/c/9b1980b6f23fa30bf12add19f37c7458625099eb", "https://git.kernel.org/stable/c/c77b3b79a92e3345aa1ee296180d1af4e7031f8f", "https://linux.oracle.com/cve/CVE-2025-68227.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025121635-CVE-2025-68227-930f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68227", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68227" ], "PublishedDate": "2025-12-16T14:15:56.307Z", "LastModifiedDate": "2025-12-18T15:08:06.237Z" }, { "VulnerabilityID": "CVE-2025-68229", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68229", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1070089e32ad7ea2e9f44b56e646d6c37e3c1defc683bfaec51a420d1021432d", "Title": "kernel: scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show()\n\nIf the allocation of tl_hba-\u003esh fails in tcm_loop_driver_probe() and we\nattempt to dereference it in tcm_loop_tpg_address_show() we will get a\nsegfault, see below for an example. So, check tl_hba-\u003esh before\ndereferencing it.\n\n Unable to allocate struct scsi_host\n BUG: kernel NULL pointer dereference, address: 0000000000000194\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 1 PID: 8356 Comm: tokio-runtime-w Not tainted 6.6.104.2-4.azl3 #1\n Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 09/28/2024\n RIP: 0010:tcm_loop_tpg_address_show+0x2e/0x50 [tcm_loop]\n...\n Call Trace:\n \u003cTASK\u003e\n configfs_read_iter+0x12d/0x1d0 [configfs]\n vfs_read+0x1b5/0x300\n ksys_read+0x6f/0xf0\n...", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68229", "https://git.kernel.org/linus/e6965188f84a7883e6a0d3448e86b0cf29b24dfc (6.18-rc7)", "https://git.kernel.org/stable/c/13aff3b8a7184281b134698704d6c06863a8361b", "https://git.kernel.org/stable/c/1c9ba455b5073253ceaadae4859546e38e8261fe", "https://git.kernel.org/stable/c/3d8c517f6eb27e47b1a198e05f8023038329b40b", "https://git.kernel.org/stable/c/63f511d3855f7f4b35dd63dbc58fc3d935a81268", "https://git.kernel.org/stable/c/72e8831079266749a7023618a0de2f289a9dced6", "https://git.kernel.org/stable/c/a6ef60898ddaf1414592ce3e5b0d94276d631663", "https://git.kernel.org/stable/c/e6965188f84a7883e6a0d3448e86b0cf29b24dfc", "https://git.kernel.org/stable/c/f449a1edd7a13bb025aaf9342ea6f8bf92684bbf", "https://linux.oracle.com/cve/CVE-2025-68229.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025121636-CVE-2025-68229-8958@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68229", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68229" ], "PublishedDate": "2025-12-16T14:15:57.067Z", "LastModifiedDate": "2025-12-18T15:08:06.237Z" }, { "VulnerabilityID": "CVE-2025-68230", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68230", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3dfcb5805e75d22a5cfbdaf3908dd3441c2ffa447f61bf3e5768147cd39af1e5", "Title": "kernel: drm/amdgpu: fix gpu page fault after hibernation on PF passthrough", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix gpu page fault after hibernation on PF passthrough\n\nOn PF passthrough environment, after hibernate and then resume, coralgemm\nwill cause gpu page fault.\n\nMode1 reset happens during hibernate, but partition mode is not restored\non resume, register mmCP_HYP_XCP_CTL and mmCP_PSP_XCP_CTL is not right\nafter resume. When CP access the MQD BO, wrong stride size is used,\nthis will cause out of bound access on the MQD BO, resulting page fault.\n\nThe fix is to ensure gfx_v9_4_3_switch_compute_partition() is called\nwhen resume from a hibernation.\nKFD resume is called separately during a reset recovery or resume from\nsuspend sequence. Hence it's not required to be called as part of\npartition switch.\n\n(cherry picked from commit 5d1b32cfe4a676fe552416cb5ae847b215463a1a)", "Severity": "MEDIUM", "VendorSeverity": { "oracle-oval": 3, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68230", "https://git.kernel.org/linus/eb6e7f520d6efa4d4ebf1671455abe4a681f7a05 (6.18-rc5)", "https://git.kernel.org/stable/c/a45d6359eefb41e08d374a3260b10bff5626823b", "https://git.kernel.org/stable/c/eb6e7f520d6efa4d4ebf1671455abe4a681f7a05", "https://git.kernel.org/stable/c/eef72d856f978955e633c270abb1f7ec7b61c6d2", "https://linux.oracle.com/cve/CVE-2025-68230.html", "https://linux.oracle.com/errata/ELSA-2026-50112.html", "https://lore.kernel.org/linux-cve-announce/2025121636-CVE-2025-68230-a9be@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68230", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://www.cve.org/CVERecord?id=CVE-2025-68230" ], "PublishedDate": "2025-12-16T14:15:57.323Z", "LastModifiedDate": "2025-12-18T15:08:06.237Z" }, { "VulnerabilityID": "CVE-2025-68231", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68231", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0860cb2f2e5ec11e5748481ea83dd850d459ecc014e6d851010e9d835f1eb17f", "Title": "kernel: mm/mempool: fix poisoning order\u003e0 pages with HIGHMEM", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/mempool: fix poisoning order\u003e0 pages with HIGHMEM\n\nThe kernel test has reported:\n\n BUG: unable to handle page fault for address: fffba000\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n *pde = 03171067 *pte = 00000000\n Oops: Oops: 0002 [#1]\n CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Tainted: G T 6.18.0-rc2-00031-gec7f31b2a2d3 #1 NONE a1d066dfe789f54bc7645c7989957d2bdee593ca\n Tainted: [T]=RANDSTRUCT\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n EIP: memset (arch/x86/include/asm/string_32.h:168 arch/x86/lib/memcpy_32.c:17)\n Code: a5 8b 4d f4 83 e1 03 74 02 f3 a4 83 c4 04 5e 5f 5d 2e e9 73 41 01 00 90 90 90 3e 8d 74 26 00 55 89 e5 57 56 89 c6 89 d0 89 f7 \u003cf3\u003e aa 89 f0 5e 5f 5d 2e e9 53 41 01 00 cc cc cc 55 89 e5 53 57 56\n EAX: 0000006b EBX: 00000015 ECX: 001fefff EDX: 0000006b\n ESI: fffb9000 EDI: fffba000 EBP: c611fbf0 ESP: c611fbe8\n DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068 EFLAGS: 00010287\n CR0: 80050033 CR2: fffba000 CR3: 0316e000 CR4: 00040690\n Call Trace:\n poison_element (mm/mempool.c:83 mm/mempool.c:102)\n mempool_init_node (mm/mempool.c:142 mm/mempool.c:226)\n mempool_init_noprof (mm/mempool.c:250 (discriminator 1))\n ? mempool_alloc_pages (mm/mempool.c:640)\n bio_integrity_initfn (block/bio-integrity.c:483 (discriminator 8))\n ? mempool_alloc_pages (mm/mempool.c:640)\n do_one_initcall (init/main.c:1283)\n\nChristoph found out this is due to the poisoning code not dealing\nproperly with CONFIG_HIGHMEM because only the first page is mapped but\nthen the whole potentially high-order page is accessed.\n\nWe could give up on HIGHMEM here, but it's straightforward to fix this\nwith a loop that's mapping, poisoning or checking and unmapping\nindividual pages.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68231", "https://git.kernel.org/linus/ec33b59542d96830e3c89845ff833cf7b25ef172 (6.18-rc7)", "https://git.kernel.org/stable/c/19de79aaea33ee1ea058c8711b3b2b4a7e4decd4", "https://git.kernel.org/stable/c/6a13b56537e7b0d97f4bb74e8038ce471f9770d7", "https://git.kernel.org/stable/c/a79e49e1704367b635edad1479db23d7cf1fb71a", "https://git.kernel.org/stable/c/ea4131665107e66ece90e66bcec1a2f1246cbd41", "https://git.kernel.org/stable/c/ec33b59542d96830e3c89845ff833cf7b25ef172", "https://linux.oracle.com/cve/CVE-2025-68231.html", "https://linux.oracle.com/errata/ELSA-2026-50112.html", "https://lore.kernel.org/linux-cve-announce/2025121636-CVE-2025-68231-74ba@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68231", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-68231" ], "PublishedDate": "2025-12-16T14:15:57.473Z", "LastModifiedDate": "2025-12-18T15:08:06.237Z" }, { "VulnerabilityID": "CVE-2025-68236", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68236", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:59c0c16c97e940651a216458ac38408c77b863b5db30a64c6975fc28f1491152", "Title": "kernel: Linux kernel: Denial of Service during UFS power down", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: ufs-qcom: Fix UFS OCP issue during UFS power down (PC=3)\n\nAccording to UFS specifications, the power-off sequence for a UFS device\nincludes:\n\n - Sending an SSU command with Power_Condition=3 and await a response.\n\n - Asserting RST_N low.\n\n - Turning off REF_CLK.\n\n - Turning off VCC.\n\n - Turning off VCCQ/VCCQ2.\n\nAs part of ufs shutdown, after the SSU command completion, asserting\nhardware reset (HWRST) triggers the device firmware to wake up and\nexecute its reset routine. This routine initializes hardware blocks and\ntakes a few milliseconds to complete. During this time, the ICCQ draws a\nlarge current.\n\nThis large ICCQ current may cause issues for the regulator which is\nsupplying power to UFS, because the turn off request from UFS driver to\nthe regulator framework will be immediately followed by low power\nmode(LPM) request by regulator framework. This is done by framework\nbecause UFS which is the only client is requesting for disable. So if\nthe rail is still in the process of shutting down while ICCQ exceeds LPM\ncurrent thresholds, and LPM mode is activated in hardware during this\nstate, it may trigger an overcurrent protection (OCP) fault in the\nregulator.\n\nTo prevent this, a 10ms delay is added after asserting HWRST. This\nallows the reset operation to complete while power rails remain active\nand in high-power mode.\n\nCurrently there is no way for Host to query whether the reset is\ncompleted or not and hence this the delay is based on experiments with\nQualcomm UFS controllers across multiple UFS vendors.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68236", "https://git.kernel.org/linus/5127be409c6c3815c4a7d8f6d88043e44f9b9543 (6.18-rc5)", "https://git.kernel.org/stable/c/5127be409c6c3815c4a7d8f6d88043e44f9b9543", "https://git.kernel.org/stable/c/b712f234a74c1f5ce70b5d7aec3fc2499c258141", "https://lore.kernel.org/linux-cve-announce/2025121635-CVE-2025-68236-d2fe@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68236", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://www.cve.org/CVERecord?id=CVE-2025-68236" ], "PublishedDate": "2025-12-16T14:15:58.64Z", "LastModifiedDate": "2025-12-18T15:08:06.237Z" }, { "VulnerabilityID": "CVE-2025-68238", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68238", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:51fecc6a325fbe7f49fbd8be4db1d0a6fe4079f4293b97149db53fda0d5223bc", "Title": "kernel: mtd: rawnand: cadence: fix DMA device NULL pointer dereference", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: rawnand: cadence: fix DMA device NULL pointer dereference\n\nThe DMA device pointer `dma_dev` was being dereferenced before ensuring\nthat `cdns_ctrl-\u003edmac` is properly initialized.\n\nMove the assignment of `dma_dev` after successfully acquiring the DMA\nchannel to ensure the pointer is valid before use.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 3, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68238", "https://git.kernel.org/linus/5c56bf214af85ca042bf97f8584aab2151035840 (6.18-rc7)", "https://git.kernel.org/stable/c/0c2a43cb43786011b48eeab6093db14888258c6b", "https://git.kernel.org/stable/c/0c635241a62f2f5da1b48bfffae226d1f86a76ef", "https://git.kernel.org/stable/c/2178b0255eae108bb10e5e99658b28641bc06f43", "https://git.kernel.org/stable/c/5c56bf214af85ca042bf97f8584aab2151035840", "https://git.kernel.org/stable/c/9c58c64ec41290c12490ca7e1df45013fbbb41fd", "https://git.kernel.org/stable/c/b146e0b085d9d6bfe838e0a15481cba7d093c67f", "https://git.kernel.org/stable/c/e282a4fdf3c6ee842a720010a8b5f7d77bedd126", "https://lore.kernel.org/linux-cve-announce/2025121635-CVE-2025-68238-fd37@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68238", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68238" ], "PublishedDate": "2025-12-16T14:15:58.977Z", "LastModifiedDate": "2025-12-18T15:08:06.237Z" }, { "VulnerabilityID": "CVE-2025-68239", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68239", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a812f63039c0687a673e38b52053802e4c93de6c092bda7cd0794de909530de6", "Title": "kernel: binfmt_misc: restore write access before closing files opened by open_exec()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinfmt_misc: restore write access before closing files opened by open_exec()\n\nbm_register_write() opens an executable file using open_exec(), which\ninternally calls do_open_execat() and denies write access on the file to\navoid modification while it is being executed.\n\nHowever, when an error occurs, bm_register_write() closes the file using\nfilp_close() directly. This does not restore the write permission, which\nmay cause subsequent write operations on the same file to fail.\n\nFix this by calling exe_file_allow_write_access() before filp_close() to\nrestore the write permission properly.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68239", "https://git.kernel.org/linus/90f601b497d76f40fa66795c3ecf625b6aced9fd (6.18-rc7)", "https://git.kernel.org/stable/c/480ac88431703f2adbb8e6b5bd73c3f3cf9f3d7f", "https://git.kernel.org/stable/c/6cce7bc7fac8471c832696720d9c8f2a976d9c54", "https://git.kernel.org/stable/c/90f601b497d76f40fa66795c3ecf625b6aced9fd", "https://git.kernel.org/stable/c/e785f552ab04dbca01d31f0334f4561240b04459", "https://git.kernel.org/stable/c/fbab8c08e1a6dbaef81e22d672a7647553101d16", "https://lore.kernel.org/linux-cve-announce/2025121630-CVE-2025-68239-f7a4@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68239", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://www.cve.org/CVERecord?id=CVE-2025-68239" ], "PublishedDate": "2025-12-16T15:15:53.063Z", "LastModifiedDate": "2026-03-25T11:16:13.847Z" }, { "VulnerabilityID": "CVE-2025-68241", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68241", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c7d1adce3d3864ed42863f9a1bded947f27f96f995e42be5d904d5fad426fa8d", "Title": "kernel: ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe\n\nThe sit driver's packet transmission path calls: sit_tunnel_xmit() -\u003e\nupdate_or_create_fnhe(), which lead to fnhe_remove_oldest() being called\nto delete entries exceeding FNHE_RECLAIM_DEPTH+random.\n\nThe race window is between fnhe_remove_oldest() selecting fnheX for\ndeletion and the subsequent kfree_rcu(). During this time, the\nconcurrent path's __mkroute_output() -\u003e find_exception() can fetch the\nsoon-to-be-deleted fnheX, and rt_bind_exception() then binds it with a\nnew dst using a dst_hold(). When the original fnheX is freed via RCU,\nthe dst reference remains permanently leaked.\n\nCPU 0 CPU 1\n__mkroute_output()\n find_exception() [fnheX]\n update_or_create_fnhe()\n fnhe_remove_oldest() [fnheX]\n rt_bind_exception() [bind dst]\n RCU callback [fnheX freed, dst leak]\n\nThis issue manifests as a device reference count leak and a warning in\ndmesg when unregistering the net device:\n\n unregister_netdevice: waiting for sitX to become free. Usage count = N\n\nIdo Schimmel provided the simple test validation method [1].\n\nThe fix clears 'oldest-\u003efnhe_daddr' before calling fnhe_flush_routes().\nSince rt_bind_exception() checks this field, setting it to zero prevents\nthe stale fnhe from being reused and bound to a new dst just before it\nis freed.\n\n[1]\nip netns add ns1\nip -n ns1 link set dev lo up\nip -n ns1 address add 192.0.2.1/32 dev lo\nip -n ns1 link add name dummy1 up type dummy\nip -n ns1 route add 192.0.2.2/32 dev dummy1\nip -n ns1 link add name gretap1 up arp off type gretap \\\n local 192.0.2.1 remote 192.0.2.2\nip -n ns1 route add 198.51.0.0/16 dev gretap1\ntaskset -c 0 ip netns exec ns1 mausezahn gretap1 \\\n -A 198.51.100.1 -B 198.51.0.0/16 -t udp -p 1000 -c 0 -q \u0026\ntaskset -c 2 ip netns exec ns1 mausezahn gretap1 \\\n -A 198.51.100.1 -B 198.51.0.0/16 -t udp -p 1000 -c 0 -q \u0026\nsleep 10\nip netns pids ns1 | xargs kill\nip netns del ns1", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68241", "https://git.kernel.org/linus/ac1499fcd40fe06479e9b933347b837ccabc2a40 (6.18-rc6)", "https://git.kernel.org/stable/c/041ab9ca6e80d8f792bb69df28ebf1ef39c06af8", "https://git.kernel.org/stable/c/0fd16ed6dc331636fb2a874c42d2f7d3156f7ff0", "https://git.kernel.org/stable/c/298f1e0694ab4edb6092d66efed93c4554e6ced1", "https://git.kernel.org/stable/c/4b7210da22429765d19460d38c30eeca72656282", "https://git.kernel.org/stable/c/69d35c12168f9c59b159ae566f77dfad9f96d7ca", "https://git.kernel.org/stable/c/ac1499fcd40fe06479e9b933347b837ccabc2a40", "https://git.kernel.org/stable/c/b84f083f50ecc736a95091691339a1b363962f0e", "https://git.kernel.org/stable/c/b8a44407bdaf2f0c5505cc7d9fc7d8da90cf9a94", "https://linux.oracle.com/cve/CVE-2025-68241.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025121632-CVE-2025-68241-854d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68241", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68241" ], "PublishedDate": "2025-12-16T15:15:53.283Z", "LastModifiedDate": "2025-12-18T15:08:06.237Z" }, { "VulnerabilityID": "CVE-2025-68244", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68244", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:90674c57cb824ae216ef8d021690eb34f8f8764d1cf38f5d992bb8078eeed9fe", "Title": "kernel: drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD\n\nOn completion of i915_vma_pin_ww(), a synchronous variant of\ndma_fence_work_commit() is called. When pinning a VMA to GGTT address\nspace on a Cherry View family processor, or on a Broxton generation SoC\nwith VTD enabled, i.e., when stop_machine() is then called from\nintel_ggtt_bind_vma(), that can potentially lead to lock inversion among\nreservation_ww and cpu_hotplug locks.\n\n[86.861179] ======================================================\n[86.861193] WARNING: possible circular locking dependency detected\n[86.861209] 6.15.0-rc5-CI_DRM_16515-gca0305cadc2d+ #1 Tainted: G U\n[86.861226] ------------------------------------------------------\n[86.861238] i915_module_loa/1432 is trying to acquire lock:\n[86.861252] ffffffff83489090 (cpu_hotplug_lock){++++}-{0:0}, at: stop_machine+0x1c/0x50\n[86.861290]\nbut task is already holding lock:\n[86.861303] ffffc90002e0b4c8 (reservation_ww_class_mutex){+.+.}-{3:3}, at: i915_vma_pin.constprop.0+0x39/0x1d0 [i915]\n[86.862233]\nwhich lock already depends on the new lock.\n[86.862251]\nthe existing dependency chain (in reverse order) is:\n[86.862265]\n-\u003e #5 (reservation_ww_class_mutex){+.+.}-{3:3}:\n[86.862292] dma_resv_lockdep+0x19a/0x390\n[86.862315] do_one_initcall+0x60/0x3f0\n[86.862334] kernel_init_freeable+0x3cd/0x680\n[86.862353] kernel_init+0x1b/0x200\n[86.862369] ret_from_fork+0x47/0x70\n[86.862383] ret_from_fork_asm+0x1a/0x30\n[86.862399]\n-\u003e #4 (reservation_ww_class_acquire){+.+.}-{0:0}:\n[86.862425] dma_resv_lockdep+0x178/0x390\n[86.862440] do_one_initcall+0x60/0x3f0\n[86.862454] kernel_init_freeable+0x3cd/0x680\n[86.862470] kernel_init+0x1b/0x200\n[86.862482] ret_from_fork+0x47/0x70\n[86.862495] ret_from_fork_asm+0x1a/0x30\n[86.862509]\n-\u003e #3 (\u0026mm-\u003emmap_lock){++++}-{3:3}:\n[86.862531] down_read_killable+0x46/0x1e0\n[86.862546] lock_mm_and_find_vma+0xa2/0x280\n[86.862561] do_user_addr_fault+0x266/0x8e0\n[86.862578] exc_page_fault+0x8a/0x2f0\n[86.862593] asm_exc_page_fault+0x27/0x30\n[86.862607] filldir64+0xeb/0x180\n[86.862620] kernfs_fop_readdir+0x118/0x480\n[86.862635] iterate_dir+0xcf/0x2b0\n[86.862648] __x64_sys_getdents64+0x84/0x140\n[86.862661] x64_sys_call+0x1058/0x2660\n[86.862675] do_syscall_64+0x91/0xe90\n[86.862689] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[86.862703]\n-\u003e #2 (\u0026root-\u003ekernfs_rwsem){++++}-{3:3}:\n[86.862725] down_write+0x3e/0xf0\n[86.862738] kernfs_add_one+0x30/0x3c0\n[86.862751] kernfs_create_dir_ns+0x53/0xb0\n[86.862765] internal_create_group+0x134/0x4c0\n[86.862779] sysfs_create_group+0x13/0x20\n[86.862792] topology_add_dev+0x1d/0x30\n[86.862806] cpuhp_invoke_callback+0x4b5/0x850\n[86.862822] cpuhp_issue_call+0xbf/0x1f0\n[86.862836] __cpuhp_setup_state_cpuslocked+0x111/0x320\n[86.862852] __cpuhp_setup_state+0xb0/0x220\n[86.862866] topology_sysfs_init+0x30/0x50\n[86.862879] do_one_initcall+0x60/0x3f0\n[86.862893] kernel_init_freeable+0x3cd/0x680\n[86.862908] kernel_init+0x1b/0x200\n[86.862921] ret_from_fork+0x47/0x70\n[86.862934] ret_from_fork_asm+0x1a/0x30\n[86.862947]\n-\u003e #1 (cpuhp_state_mutex){+.+.}-{3:3}:\n[86.862969] __mutex_lock+0xaa/0xed0\n[86.862982] mutex_lock_nested+0x1b/0x30\n[86.862995] __cpuhp_setup_state_cpuslocked+0x67/0x320\n[86.863012] __cpuhp_setup_state+0xb0/0x220\n[86.863026] page_alloc_init_cpuhp+0x2d/0x60\n[86.863041] mm_core_init+0x22/0x2d0\n[86.863054] start_kernel+0x576/0xbd0\n[86.863068] x86_64_start_reservations+0x18/0x30\n[86.863084] x86_64_start_kernel+0xbf/0x110\n[86.863098] common_startup_64+0x13e/0x141\n[86.863114]\n-\u003e #0 (cpu_hotplug_lock){++++}-{0:0}:\n[86.863135] __lock_acquire+0x16\n---truncated---", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68244", "https://git.kernel.org/linus/84bbe327a5cbb060f3321c9d9d4d53936fc1ef9b (6.18-rc5)", "https://git.kernel.org/stable/c/20d94a6117b752fd10a78cefdc1cf2c16706048b", "https://git.kernel.org/stable/c/3dec22bde207a36f1b8a4b80564cbbe13996a7cd", "https://git.kernel.org/stable/c/4e73066e3323add260e46eb51f79383d87950281", "https://git.kernel.org/stable/c/84bbe327a5cbb060f3321c9d9d4d53936fc1ef9b", "https://git.kernel.org/stable/c/858a50127be714f55c3bcb25621028d4a323d77e", "https://git.kernel.org/stable/c/e988634d7aae7214818b9c86cd7ef9e78c84b02d", "https://linux.oracle.com/cve/CVE-2025-68244.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025121633-CVE-2025-68244-9dbc@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68244", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68244" ], "PublishedDate": "2025-12-16T15:15:53.65Z", "LastModifiedDate": "2025-12-18T15:08:06.237Z" }, { "VulnerabilityID": "CVE-2025-68245", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68245", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:aea29c64c080845656754da1744fea73e3b4ad3742199de9665a7bc21bab398a", "Title": "kernel: Linux kernel: Denial of Service due to memory leak in netpoll during cleanup", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: netpoll: fix incorrect refcount handling causing incorrect cleanup\n\ncommit efa95b01da18 (\"netpoll: fix use after free\") incorrectly\nignored the refcount and prematurely set dev-\u003enpinfo to NULL during\nnetpoll cleanup, leading to improper behavior and memory leaks.\n\nScenario causing lack of proper cleanup:\n\n1) A netpoll is associated with a NIC (e.g., eth0) and netdev-\u003enpinfo is\n allocated, and refcnt = 1\n - Keep in mind that npinfo is shared among all netpoll instances. In\n this case, there is just one.\n\n2) Another netpoll is also associated with the same NIC and\n npinfo-\u003erefcnt += 1.\n - Now dev-\u003enpinfo-\u003erefcnt = 2;\n - There is just one npinfo associated to the netdev.\n\n3) When the first netpolls goes to clean up:\n - The first cleanup succeeds and clears np-\u003edev-\u003enpinfo, ignoring\n refcnt.\n - It basically calls `RCU_INIT_POINTER(np-\u003edev-\u003enpinfo, NULL);`\n - Set dev-\u003enpinfo = NULL, without proper cleanup\n - No -\u003endo_netpoll_cleanup() is either called\n\n4) Now the second target tries to clean up\n - The second cleanup fails because np-\u003edev-\u003enpinfo is already NULL.\n * In this case, ops-\u003endo_netpoll_cleanup() was never called, and\n the skb pool is not cleaned as well (for the second netpoll\n instance)\n - This leaks npinfo and skbpool skbs, which is clearly reported by\n kmemleak.\n\nRevert commit efa95b01da18 (\"netpoll: fix use after free\") and adds\nclarifying comments emphasizing that npinfo cleanup should only happen\nonce the refcount reaches zero, ensuring stable and correct netpoll\nbehavior.", "Severity": "MEDIUM", "VendorSeverity": { "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68245", "https://git.kernel.org/linus/49c8d2c1f94cc2f4d1a108530d7ba52614b874c2 (6.18-rc6)", "https://git.kernel.org/stable/c/49c8d2c1f94cc2f4d1a108530d7ba52614b874c2", "https://git.kernel.org/stable/c/4afd4ebbad52aa146838ec23082ba393e426a2bb", "https://git.kernel.org/stable/c/890472d6fbf062e6de7fdd56642cb305ab79d669", "https://git.kernel.org/stable/c/8e6a50edad11e3e1426e4c29e7aa6201f3468ac2", "https://git.kernel.org/stable/c/9a51b5ccd1c79afec1c03a4e1e6688da52597556", "https://git.kernel.org/stable/c/9b0bb18b4b9dc017c1825a2c5e763615e34a1593", "https://git.kernel.org/stable/c/c645693180a98606c430825223d2029315d85e9d", "https://git.kernel.org/stable/c/c79a6d9da29219616b118a3adce9a14cd30f9bd0", "https://linux.oracle.com/cve/CVE-2025-68245.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025121633-CVE-2025-68245-4e60@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68245", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68245" ], "PublishedDate": "2025-12-16T15:15:53.767Z", "LastModifiedDate": "2025-12-18T15:08:06.237Z" }, { "VulnerabilityID": "CVE-2025-68246", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68246", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ada19d63476dd90b46c09a256c23f0c60a86f3d156827bbb1ca7f58196e4ab83", "Title": "kernel: ksmbd: close accepted socket when per-IP limit rejects connection", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: close accepted socket when per-IP limit rejects connection\n\nWhen the per-IP connection limit is exceeded in ksmbd_kthread_fn(),\nthe code sets ret = -EAGAIN and continues the accept loop without\nclosing the just-accepted socket. That leaks one socket per rejected\nattempt from a single IP and enables a trivial remote DoS.\n\nRelease client_sk before continuing.\n\nThis bug was found with ZeroPath.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 3, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68246", "https://git.kernel.org/linus/98a5fd31cbf72d46bf18e50b3ab0ce86d5f319a9 (6.18-rc6)", "https://git.kernel.org/stable/c/35521b5a7e8a184548125f4530552101236dcda1", "https://git.kernel.org/stable/c/4587a7826be1ae0190dba10ff70b46bb0e3bc7d3", "https://git.kernel.org/stable/c/5746b2a0f5eb3d79667b3c51fe849bd62464220e", "https://git.kernel.org/stable/c/7a3c7154d5fc05956a8ad9e72ecf49e21555bfca", "https://git.kernel.org/stable/c/98a5fd31cbf72d46bf18e50b3ab0ce86d5f319a9", "https://lore.kernel.org/linux-cve-announce/2025121634-CVE-2025-68246-7c3d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68246", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-68246" ], "PublishedDate": "2025-12-16T15:15:53.88Z", "LastModifiedDate": "2025-12-18T15:08:06.237Z" }, { "VulnerabilityID": "CVE-2025-68249", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68249", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c6ad23d525238121d29cf4408aaa2b70235ea7c65e06ffc315ab68216cbbbb85", "Title": "kernel: most: usb: hdm_probe: Fix calling put_device() before device initialization", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmost: usb: hdm_probe: Fix calling put_device() before device initialization\n\nThe early error path in hdm_probe() can jump to err_free_mdev before\n\u0026mdev-\u003edev has been initialized with device_initialize(). Calling\nput_device(\u0026mdev-\u003edev) there triggers a device core WARN and ends up\ninvoking kref_put(\u0026kobj-\u003ekref, kobject_release) on an uninitialized\nkobject.\n\nIn this path the private struct was only kmalloc'ed and the intended\nrelease is effectively kfree(mdev) anyway, so free it directly instead\nof calling put_device() on an uninitialized device.\n\nThis removes the WARNING and fixes the pre-initialization error path.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68249", "https://git.kernel.org/linus/a8cc9e5fcb0e2eef21513a4fec888f5712cb8162 (6.18-rc3)", "https://git.kernel.org/stable/c/3509c748e79435d09e730673c8c100b7f0ebc87c", "https://git.kernel.org/stable/c/4af0eedbdb4df7936bf43a28e31af232744d2620", "https://git.kernel.org/stable/c/6fb8fbc0aa542af5bf0fed94fa6b0edf18144f95", "https://git.kernel.org/stable/c/7d851f746067b8ee5bac9c262f326ace0a6ea253", "https://git.kernel.org/stable/c/a8cc9e5fcb0e2eef21513a4fec888f5712cb8162", "https://git.kernel.org/stable/c/ad2be44882716dc3589fbc5572cc13f88ead6b24", "https://git.kernel.org/stable/c/c400410fe0580dd6118ae8d60287ac9ce71a65fd", "https://lore.kernel.org/linux-cve-announce/2025121623-CVE-2025-68249-f6bc@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68249", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68249" ], "PublishedDate": "2025-12-16T15:15:54.193Z", "LastModifiedDate": "2025-12-18T15:08:06.237Z" }, { "VulnerabilityID": "CVE-2025-68254", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68254", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ec0e1e5bb668f4f9e006a1c5aadda052cb6b0e89bf14a3fe0d3c8ed92f66bfb6", "Title": "kernel: staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing\n\nThe Extended Supported Rates (ESR) IE handling in OnBeacon accessed\n*(p + 1 + ielen) and *(p + 2 + ielen) without verifying that these\noffsets lie within the received frame buffer. A malformed beacon with\nan ESR IE positioned at the end of the buffer could cause an\nout-of-bounds read, potentially triggering a kernel panic.\n\nAdd a boundary check to ensure that the ESR IE body and the subsequent\nbytes are within the limits of the frame before attempting to access\nthem.\n\nThis prevents OOB reads caused by malformed beacon frames.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 3, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68254", "https://git.kernel.org/linus/502ddcc405b69fa92e0add6c1714d654504f6fd7 (6.19-rc1)", "https://git.kernel.org/stable/c/38292407c2bb5b2b3131aaace4ecc7a829b40b76", "https://git.kernel.org/stable/c/502ddcc405b69fa92e0add6c1714d654504f6fd7", "https://git.kernel.org/stable/c/bb5940193d813449540d8d3a82abc045be41f48a", "https://git.kernel.org/stable/c/bf323db1d883c209880bd92f3b12503e3531c3fc", "https://git.kernel.org/stable/c/c03cb111628924827351e19baa5b073e9b0d723d", "https://git.kernel.org/stable/c/c173ce97d3f0f0c0fefa39139d6d04ba60b5db22", "https://git.kernel.org/stable/c/d1ab7f9cee22e7b8a528da9ac953e4193b96cda5", "https://linux.oracle.com/cve/CVE-2025-68254.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2025121610-CVE-2025-68254-b745@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68254", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68254" ], "PublishedDate": "2025-12-16T15:15:54.767Z", "LastModifiedDate": "2026-01-19T13:16:08.953Z" }, { "VulnerabilityID": "CVE-2025-68255", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68255", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:afeace16acf6c7e815819ae08d1c11b4f1bc15f9c98c75427be063e6a6054406", "Title": "kernel: staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing\n\nThe Supported Rates IE length from an incoming Association Request frame\nwas used directly as the memcpy() length when copying into a fixed-size\n16-byte stack buffer (supportRate). A malicious station can advertise an\nIE length larger than 16 bytes, causing a stack buffer overflow.\n\nClamp ie_len to the buffer size before copying the Supported Rates IE,\nand correct the bounds check when merging Extended Supported Rates to\nprevent a second potential overflow.\n\nThis prevents kernel stack corruption triggered by malformed association\nrequests.", "Severity": "MEDIUM", "VendorSeverity": { "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68255", "https://git.kernel.org/linus/6ef0e1c10455927867cac8f0ed6b49f328f8cf95 (6.19-rc1)", "https://git.kernel.org/stable/c/25411f5fcf5743131158f337c99c2bbf3f8477f5", "https://git.kernel.org/stable/c/34620eb602aa432f090b2b784ee5c5070fb16cf9", "https://git.kernel.org/stable/c/4445adedae770037078803d1ce41f9e88a1944b6", "https://git.kernel.org/stable/c/49b7806851f93fd342838c93f4f765e0cc5029b0", "https://git.kernel.org/stable/c/61871c83259a511980ec2664964cecc69005398b", "https://git.kernel.org/stable/c/6ef0e1c10455927867cac8f0ed6b49f328f8cf95", "https://git.kernel.org/stable/c/d129dc2a5d59b4d9cd2cc0b6eeb04df8461199f0", "https://git.kernel.org/stable/c/e841d8ea722315b781c4fc5bf4f7670fbca88875", "https://linux.oracle.com/cve/CVE-2025-68255.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2025121612-CVE-2025-68255-3994@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68255", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68255" ], "PublishedDate": "2025-12-16T15:15:54.88Z", "LastModifiedDate": "2026-01-19T13:16:09.057Z" }, { "VulnerabilityID": "CVE-2025-68256", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68256", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ee4abb28c31dea0bc556022bbde5a53e83ecf8b1057e4ef8f9e737ce5c2ffeec", "Title": "kernel: staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser\n\nThe Information Element (IE) parser rtw_get_ie() trusted the length\nbyte of each IE without validating that the IE body (len bytes after\nthe 2-byte header) fits inside the remaining frame buffer. A malformed\nframe can advertise an IE length larger than the available data, causing\nthe parser to increment its pointer beyond the buffer end. This results\nin out-of-bounds reads or, depending on the pattern, an infinite loop.\n\nFix by validating that (offset + 2 + len) does not exceed the limit\nbefore accepting the IE or advancing to the next element.\n\nThis prevents OOB reads and ensures the parser terminates safely on\nmalformed frames.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 2, "redhat": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68256", "https://git.kernel.org/linus/154828bf9559b9c8421fc2f0d7f7f76b3683aaed (6.19-rc1)", "https://git.kernel.org/stable/c/154828bf9559b9c8421fc2f0d7f7f76b3683aaed", "https://git.kernel.org/stable/c/30c558447e90935f0de61be181bbcedf75952e00", "https://git.kernel.org/stable/c/a54e2b2db1b7de2e008b4f62eec35aaefcc663c5", "https://git.kernel.org/stable/c/b977eb31802817f4a37da95bf16bfdaa1eeb5fc2", "https://git.kernel.org/stable/c/c0d93d69e1472ba75b78898979b90a98ba2a2501", "https://git.kernel.org/stable/c/df191dd9f4c7249d98ada55634fa8ac19089b8cb", "https://lore.kernel.org/linux-cve-announce/2025121612-CVE-2025-68256-5ed2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68256", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://www.cve.org/CVERecord?id=CVE-2025-68256" ], "PublishedDate": "2025-12-16T15:15:54.99Z", "LastModifiedDate": "2026-01-11T17:15:53.957Z" }, { "VulnerabilityID": "CVE-2025-68257", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68257", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c4e7070402bb46d5deed5b57dc5bb211e46bee3594f0409032d7da7a68f57cb7", "Title": "kernel: comedi: check device's attached status in compat ioctls", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: check device's attached status in compat ioctls\n\nSyzbot identified an issue [1] that crashes kernel, seemingly due to\nunexistent callback dev-\u003eget_valid_routes(). By all means, this should\nnot occur as said callback must always be set to\nget_zero_valid_routes() in __comedi_device_postconfig().\n\nAs the crash seems to appear exclusively in i386 kernels, at least,\njudging from [1] reports, the blame lies with compat versions\nof standard IOCTL handlers. Several of them are modified and\ndo not use comedi_unlocked_ioctl(). While functionality of these\nioctls essentially copy their original versions, they do not\nhave required sanity check for device's attached status. This,\nin turn, leads to a possibility of calling select IOCTLs on a\ndevice that has not been properly setup, even via COMEDI_DEVCONFIG.\n\nDoing so on unconfigured devices means that several crucial steps\nare missed, for instance, specifying dev-\u003eget_valid_routes()\ncallback.\n\nFix this somewhat crudely by ensuring device's attached status before\nperforming any ioctls, improving logic consistency between modern\nand compat functions.\n\n[1] Syzbot report:\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n...\nCR2: ffffffffffffffd6 CR3: 000000006c717000 CR4: 0000000000352ef0\nCall Trace:\n \u003cTASK\u003e\n get_valid_routes drivers/comedi/comedi_fops.c:1322 [inline]\n parse_insn+0x78c/0x1970 drivers/comedi/comedi_fops.c:1401\n do_insnlist_ioctl+0x272/0x700 drivers/comedi/comedi_fops.c:1594\n compat_insnlist drivers/comedi/comedi_fops.c:3208 [inline]\n comedi_compat_ioctl+0x810/0x990 drivers/comedi/comedi_fops.c:3273\n __do_compat_sys_ioctl fs/ioctl.c:695 [inline]\n __se_compat_sys_ioctl fs/ioctl.c:638 [inline]\n __ia32_compat_sys_ioctl+0x242/0x370 fs/ioctl.c:638\n do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline]\n...", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68257", "https://git.kernel.org/linus/0de7d9cd07a2671fa6089173bccc0b2afe6b93ee (6.19-rc1)", "https://git.kernel.org/stable/c/0de7d9cd07a2671fa6089173bccc0b2afe6b93ee", "https://git.kernel.org/stable/c/4836ba483a22ebd076c8faaf8293a7295fad4142", "https://git.kernel.org/stable/c/573b07d2e3d473ee7eb625ef87519922cf01168d", "https://git.kernel.org/stable/c/7141915bf0c41cb57d83cdbaf695b8c731b16b71", "https://git.kernel.org/stable/c/aac80e912de306815297a3b74f0426873ffa7dc3", "https://git.kernel.org/stable/c/b975f91de5f8f63cf490f0393775cc795f8b0557", "https://git.kernel.org/stable/c/f13895c03620933a58907e3250016f087e39b78c", "https://git.kernel.org/stable/c/f6e629dfe6f590091c662a87c9fcf118b1c1c7dc", "https://lore.kernel.org/linux-cve-announce/2025121613-CVE-2025-68257-3579@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68257", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68257" ], "PublishedDate": "2025-12-16T15:15:55.1Z", "LastModifiedDate": "2026-01-19T13:16:09.15Z" }, { "VulnerabilityID": "CVE-2025-68258", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68258", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4a1ec63aa8235fa66be2b13c6889d9fa7d9ced4988d3c15ea5858d342ad5e42f", "Title": "kernel: comedi: multiq3: sanitize config options in multiq3_attach()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: multiq3: sanitize config options in multiq3_attach()\n\nSyzbot identified an issue [1] in multiq3_attach() that induces a\ntask timeout due to open() or COMEDI_DEVCONFIG ioctl operations,\nspecifically, in the case of multiq3 driver.\n\nThis problem arose when syzkaller managed to craft weird configuration\noptions used to specify the number of channels in encoder subdevice.\nIf a particularly great number is passed to s-\u003en_chan in\nmultiq3_attach() via it-\u003eoptions[2], then multiple calls to\nmultiq3_encoder_reset() at the end of driver-specific attach() method\nwill be running for minutes, thus blocking tasks and affected devices\nas well.\n\nWhile this issue is most likely not too dangerous for real-life\ndevices, it still makes sense to sanitize configuration inputs. Enable\na sensible limit on the number of encoder chips (4 chips max, each\nwith 2 channels) to stop this behaviour from manifesting.\n\n[1] Syzbot crash:\nINFO: task syz.2.19:6067 blocked for more than 143 seconds.\n...\nCall Trace:\n \u003cTASK\u003e\n context_switch kernel/sched/core.c:5254 [inline]\n __schedule+0x17c4/0x4d60 kernel/sched/core.c:6862\n __schedule_loop kernel/sched/core.c:6944 [inline]\n schedule+0x165/0x360 kernel/sched/core.c:6959\n schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7016\n __mutex_lock_common kernel/locking/mutex.c:676 [inline]\n __mutex_lock+0x7e6/0x1350 kernel/locking/mutex.c:760\n comedi_open+0xc0/0x590 drivers/comedi/comedi_fops.c:2868\n chrdev_open+0x4cc/0x5e0 fs/char_dev.c:414\n do_dentry_open+0x953/0x13f0 fs/open.c:965\n vfs_open+0x3b/0x340 fs/open.c:1097\n...", "Severity": "MEDIUM", "VendorSeverity": { "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68258", "https://git.kernel.org/linus/f24c6e3a39fa355dabfb684c9ca82db579534e72 (6.19-rc1)", "https://git.kernel.org/stable/c/049f14557450351750f929ebfff36d849511e132", "https://git.kernel.org/stable/c/4cde9a7e025cc09b88097c70606f6b30c22880f4", "https://git.kernel.org/stable/c/543f4c380c2e1f35e60528df7cb54705cda7fee3", "https://git.kernel.org/stable/c/8952bc1973cd54158c35e06bfb8c29ace7375a48", "https://git.kernel.org/stable/c/8dc2f02d3bada9247f00bfd2e5f61f68c389a0a3", "https://git.kernel.org/stable/c/ad7ed3c9c7b8408e8612697bc43a5441fe386c71", "https://git.kernel.org/stable/c/f24c6e3a39fa355dabfb684c9ca82db579534e72", "https://git.kernel.org/stable/c/f9ff87aac7b37d462246c46d28912d382a8e2ea6", "https://lore.kernel.org/linux-cve-announce/2025121613-CVE-2025-68258-9a76@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68258", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68258" ], "PublishedDate": "2025-12-16T15:15:55.207Z", "LastModifiedDate": "2026-01-19T13:16:09.247Z" }, { "VulnerabilityID": "CVE-2025-68261", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68261", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:21db26771f515bacda556aba4f30907097571fab60068b538faae5e158e23780", "Title": "kernel: Linux kernel: Denial of Service in ext4 due to a race condition", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: add i_data_sem protection in ext4_destroy_inline_data_nolock()\n\nFix a race between inline data destruction and block mapping.\n\nThe function ext4_destroy_inline_data_nolock() changes the inode data\nlayout by clearing EXT4_INODE_INLINE_DATA and setting EXT4_INODE_EXTENTS.\nAt the same time, another thread may execute ext4_map_blocks(), which\ntests EXT4_INODE_EXTENTS to decide whether to call ext4_ext_map_blocks()\nor ext4_ind_map_blocks().\n\nWithout i_data_sem protection, ext4_ind_map_blocks() may receive inode\nwith EXT4_INODE_EXTENTS flag and triggering assert.\n\nkernel BUG at fs/ext4/indirect.c:546!\nEXT4-fs (loop2): unmounting filesystem.\ninvalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nRIP: 0010:ext4_ind_map_blocks.cold+0x2b/0x5a fs/ext4/indirect.c:546\n\nCall Trace:\n \u003cTASK\u003e\n ext4_map_blocks+0xb9b/0x16f0 fs/ext4/inode.c:681\n _ext4_get_block+0x242/0x590 fs/ext4/inode.c:822\n ext4_block_write_begin+0x48b/0x12c0 fs/ext4/inode.c:1124\n ext4_write_begin+0x598/0xef0 fs/ext4/inode.c:1255\n ext4_da_write_begin+0x21e/0x9c0 fs/ext4/inode.c:3000\n generic_perform_write+0x259/0x5d0 mm/filemap.c:3846\n ext4_buffered_write_iter+0x15b/0x470 fs/ext4/file.c:285\n ext4_file_write_iter+0x8e0/0x17f0 fs/ext4/file.c:679\n call_write_iter include/linux/fs.h:2271 [inline]\n do_iter_readv_writev+0x212/0x3c0 fs/read_write.c:735\n do_iter_write+0x186/0x710 fs/read_write.c:861\n vfs_iter_write+0x70/0xa0 fs/read_write.c:902\n iter_file_splice_write+0x73b/0xc90 fs/splice.c:685\n do_splice_from fs/splice.c:763 [inline]\n direct_splice_actor+0x10f/0x170 fs/splice.c:950\n splice_direct_to_actor+0x33a/0xa10 fs/splice.c:896\n do_splice_direct+0x1a9/0x280 fs/splice.c:1002\n do_sendfile+0xb13/0x12c0 fs/read_write.c:1255\n __do_sys_sendfile64 fs/read_write.c:1323 [inline]\n __se_sys_sendfile64 fs/read_write.c:1309 [inline]\n __x64_sys_sendfile64+0x1cf/0x210 fs/read_write.c:1309\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x35/0x80 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 3, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68261", "https://git.kernel.org/linus/0cd8feea8777f8d9b9a862b89c688b049a5c8475 (6.19-rc1)", "https://git.kernel.org/stable/c/0cd8feea8777f8d9b9a862b89c688b049a5c8475", "https://git.kernel.org/stable/c/144c48da33a01d92995aeccd8208eb47d2a8e659", "https://git.kernel.org/stable/c/22a76b0861ae61a299c8e126c1aca8c4fda820fd", "https://git.kernel.org/stable/c/5b266cf6851ce72b11b067fe02adf5a8687104ad", "https://git.kernel.org/stable/c/5cad18e527ba8a9ca5463cc170073eeb5a4826f4", "https://git.kernel.org/stable/c/61e03dc3794ebf77a706b85e5a36c9c6d70be6de", "https://git.kernel.org/stable/c/b322bac9f01d03190b5abc52be5d9dd9f22a2b41", "https://git.kernel.org/stable/c/ba8aeff294ac7ff6dfe293663d815c54c5ee218c", "https://linux.oracle.com/cve/CVE-2025-68261.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2025121614-CVE-2025-68261-4e23@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68261", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68261" ], "PublishedDate": "2025-12-16T15:15:55.547Z", "LastModifiedDate": "2026-01-19T13:16:09.347Z" }, { "VulnerabilityID": "CVE-2025-68263", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68263", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c508bb67cc929c1125f1696eccc493a88cca6028f7d08668797781061a7e91c6", "Title": "kernel: ksmbd: ipc: fix use-after-free in ipc_msg_send_request", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: ipc: fix use-after-free in ipc_msg_send_request\n\nipc_msg_send_request() waits for a generic netlink reply using an\nipc_msg_table_entry on the stack. The generic netlink handler\n(handle_generic_event()/handle_response()) fills entry-\u003eresponse under\nipc_msg_table_lock, but ipc_msg_send_request() used to validate and free\nentry-\u003eresponse without holding the same lock.\n\nUnder high concurrency this allows a race where handle_response() is\ncopying data into entry-\u003eresponse while ipc_msg_send_request() has just\nfreed it, leading to a slab-use-after-free reported by KASAN in\nhandle_generic_event():\n\n BUG: KASAN: slab-use-after-free in handle_generic_event+0x3c4/0x5f0 [ksmbd]\n Write of size 12 at addr ffff888198ee6e20 by task pool/109349\n ...\n Freed by task:\n kvfree\n ipc_msg_send_request [ksmbd]\n ksmbd_rpc_open -\u003e ksmbd_session_rpc_open [ksmbd]\n\nFix by:\n- Taking ipc_msg_table_lock in ipc_msg_send_request() while validating\n entry-\u003eresponse, freeing it when invalid, and removing the entry from\n ipc_msg_table.\n- Returning the final entry-\u003eresponse pointer to the caller only after\n the hash entry is removed under the lock.\n- Returning NULL in the error path, preserving the original API\n semantics.\n\nThis makes all accesses to entry-\u003eresponse consistent with\nhandle_response(), which already updates and fills the response buffer\nunder ipc_msg_table_lock, and closes the race that allowed the UAF.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 3, "redhat": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68263", "https://git.kernel.org/linus/1fab1fa091f5aa97265648b53ea031deedd26235 (6.19-rc1)", "https://git.kernel.org/stable/c/1fab1fa091f5aa97265648b53ea031deedd26235", "https://git.kernel.org/stable/c/5ac763713a1ef8f9a8bda1dbd81f0318d67baa4e", "https://git.kernel.org/stable/c/708a620b471a14466f1f52c90bf3f65ebdb31460", "https://git.kernel.org/stable/c/759c8c30cfa8706c518e56f67971b1f0932f4b9b", "https://git.kernel.org/stable/c/8229c6ca50cea701e25a7ee25f48441b582ec5fa", "https://git.kernel.org/stable/c/de85fb58f9967ba024bb08e0041613d37b57b4d1", "https://lore.kernel.org/linux-cve-announce/2025121615-CVE-2025-68263-9c03@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68263", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://www.cve.org/CVERecord?id=CVE-2025-68263" ], "PublishedDate": "2025-12-16T15:15:55.813Z", "LastModifiedDate": "2026-04-02T09:16:19.89Z" }, { "VulnerabilityID": "CVE-2025-68264", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68264", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e6b031ecbd88e4a1c58f51e456295c0ef43709a723eee8edf11cfa33d4bc5daa", "Title": "kernel: ext4: refresh inline data size before write operations", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: refresh inline data size before write operations\n\nThe cached ei-\u003ei_inline_size can become stale between the initial size\ncheck and when ext4_update_inline_data()/ext4_create_inline_data() use\nit. Although ext4_get_max_inline_size() reads the correct value at the\ntime of the check, concurrent xattr operations can modify i_inline_size\nbefore ext4_write_lock_xattr() is acquired.\n\nThis causes ext4_update_inline_data() and ext4_create_inline_data() to\nwork with stale capacity values, leading to a BUG_ON() crash in\next4_write_inline_data():\n\n kernel BUG at fs/ext4/inline.c:1331!\n BUG_ON(pos + len \u003e EXT4_I(inode)-\u003ei_inline_size);\n\nThe race window:\n1. ext4_get_max_inline_size() reads i_inline_size = 60 (correct)\n2. Size check passes for 50-byte write\n3. [Another thread adds xattr, i_inline_size changes to 40]\n4. ext4_write_lock_xattr() acquires lock\n5. ext4_update_inline_data() uses stale i_inline_size = 60\n6. Attempts to write 50 bytes but only 40 bytes actually available\n7. BUG_ON() triggers\n\nFix this by recalculating i_inline_size via ext4_find_inline_data_nolock()\nimmediately after acquiring xattr_sem. This ensures ext4_update_inline_data()\nand ext4_create_inline_data() work with current values that are protected\nfrom concurrent modifications.\n\nThis is similar to commit a54c4613dac1 (\"ext4: fix race writing to an\ninline_data file while its xattrs are changing\") which fixed i_inline_off\nstaleness. This patch addresses the related i_inline_size staleness issue.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68264", "https://git.kernel.org/linus/892e1cf17555735e9d021ab036c36bc7b58b0e3b (6.19-rc1)", "https://git.kernel.org/stable/c/1687a055a555347b002f406676a1aaae4668f242", "https://git.kernel.org/stable/c/210ac60a86a3ad2c76ae60e0dc71c34af6e7ea0b", "https://git.kernel.org/stable/c/43bf001f0fe4e59bba47c897505222f959f4a1cc", "https://git.kernel.org/stable/c/54ab81ae5f218452e64470cd8a8139bb5880fe2b", "https://git.kernel.org/stable/c/58df743faf21ceb1880f930aa5dd428e2a5e415d", "https://git.kernel.org/stable/c/892e1cf17555735e9d021ab036c36bc7b58b0e3b", "https://git.kernel.org/stable/c/89c2c41f0974e530b2d032c3695095aa0559adb1", "https://git.kernel.org/stable/c/ca43ea29b4c4d2764aec8a26cffcfb677a871e6e", "https://linux.oracle.com/cve/CVE-2025-68264.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2025121615-CVE-2025-68264-6768@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68264", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68264" ], "PublishedDate": "2025-12-16T15:15:55.92Z", "LastModifiedDate": "2026-01-19T13:16:09.45Z" }, { "VulnerabilityID": "CVE-2025-68265", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68265", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ac1f75ca59b6a5c589001958eecc0f83a77219f34eae61fa6324b35336c932cd", "Title": "kernel: Linux kernel: Denial of Service in NVMe driver due to use-after-free vulnerability", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: fix admin request_queue lifetime\n\nThe namespaces can access the controller's admin request_queue, and\nstale references on the namespaces may exist after tearing down the\ncontroller. Ensure the admin request_queue is active by moving the\ncontroller's 'put' to after all controller references have been released\nto ensure no one is can access the request_queue. This fixes a reported\nuse-after-free bug:\n\n BUG: KASAN: slab-use-after-free in blk_queue_enter+0x41c/0x4a0\n Read of size 8 at addr ffff88c0a53819f8 by task nvme/3287\n CPU: 67 UID: 0 PID: 3287 Comm: nvme Tainted: G E 6.13.2-ga1582f1a031e #15\n Tainted: [E]=UNSIGNED_MODULE\n Hardware name: Jabil /EGS 2S MB1, BIOS 1.00 06/18/2025\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x4f/0x60\n print_report+0xc4/0x620\n ? _raw_spin_lock_irqsave+0x70/0xb0\n ? _raw_read_unlock_irqrestore+0x30/0x30\n ? blk_queue_enter+0x41c/0x4a0\n kasan_report+0xab/0xe0\n ? blk_queue_enter+0x41c/0x4a0\n blk_queue_enter+0x41c/0x4a0\n ? __irq_work_queue_local+0x75/0x1d0\n ? blk_queue_start_drain+0x70/0x70\n ? irq_work_queue+0x18/0x20\n ? vprintk_emit.part.0+0x1cc/0x350\n ? wake_up_klogd_work_func+0x60/0x60\n blk_mq_alloc_request+0x2b7/0x6b0\n ? __blk_mq_alloc_requests+0x1060/0x1060\n ? __switch_to+0x5b7/0x1060\n nvme_submit_user_cmd+0xa9/0x330\n nvme_user_cmd.isra.0+0x240/0x3f0\n ? force_sigsegv+0xe0/0xe0\n ? nvme_user_cmd64+0x400/0x400\n ? vfs_fileattr_set+0x9b0/0x9b0\n ? cgroup_update_frozen_flag+0x24/0x1c0\n ? cgroup_leave_frozen+0x204/0x330\n ? nvme_ioctl+0x7c/0x2c0\n blkdev_ioctl+0x1a8/0x4d0\n ? blkdev_common_ioctl+0x1930/0x1930\n ? fdget+0x54/0x380\n __x64_sys_ioctl+0x129/0x190\n do_syscall_64+0x5b/0x160\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n RIP: 0033:0x7f765f703b0b\n Code: ff ff ff 85 c0 79 9b 49 c7 c4 ff ff ff ff 5b 5d 4c 89 e0 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d dd 52 0f 00 f7 d8 64 89 01 48\n RSP: 002b:00007ffe2cefe808 EFLAGS: 00000202 ORIG_RAX: 0000000000000010\n RAX: ffffffffffffffda RBX: 00007ffe2cefe860 RCX: 00007f765f703b0b\n RDX: 00007ffe2cefe860 RSI: 00000000c0484e41 RDI: 0000000000000003\n RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000000\n R10: 00007f765f611d50 R11: 0000000000000202 R12: 0000000000000003\n R13: 00000000c0484e41 R14: 0000000000000001 R15: 00007ffe2cefea60\n \u003c/TASK\u003e", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 3, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68265", "https://git.kernel.org/linus/03b3bcd319b3ab5182bc9aaa0421351572c78ac0 (6.18-rc7)", "https://git.kernel.org/stable/c/03b3bcd319b3ab5182bc9aaa0421351572c78ac0", "https://git.kernel.org/stable/c/a505f0ba36ab24176c300d7ff56aff85c2977e6c", "https://git.kernel.org/stable/c/e7dac681790556c131854b97551337aa8042215b", "https://git.kernel.org/stable/c/e8061d02b49c5c901980f58d91e96580e9a14acf", "https://git.kernel.org/stable/c/ff037b5f47eeccc1636c03f84cd47db094eb73c9", "https://linux.oracle.com/cve/CVE-2025-68265.html", "https://linux.oracle.com/errata/ELSA-2026-50112.html", "https://lore.kernel.org/linux-cve-announce/2025121609-CVE-2025-68265-4800@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68265", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://www.cve.org/CVERecord?id=CVE-2025-68265" ], "PublishedDate": "2025-12-16T15:15:56.03Z", "LastModifiedDate": "2026-03-25T11:16:14.02Z" }, { "VulnerabilityID": "CVE-2025-68266", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68266", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:24d5b0b42ef8bf48f56f2066dcd60a4a4cfb408bc9ec4ba99185c3e31d43fffa", "Title": "kernel: bfs: Reconstruct file type when loading from disk", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbfs: Reconstruct file type when loading from disk\n\nsyzbot is reporting that S_IFMT bits of inode-\u003ei_mode can become bogus when\nthe S_IFMT bits of the 32bits \"mode\" field loaded from disk are corrupted\nor when the 32bits \"attributes\" field loaded from disk are corrupted.\n\nA documentation says that BFS uses only lower 9 bits of the \"mode\" field.\nBut I can't find an explicit explanation that the unused upper 23 bits\n(especially, the S_IFMT bits) are initialized with 0.\n\nTherefore, ignore the S_IFMT bits of the \"mode\" field loaded from disk.\nAlso, verify that the value of the \"attributes\" field loaded from disk is\neither BFS_VREG or BFS_VDIR (because BFS supports only regular files and\nthe root directory).", "Severity": "MEDIUM", "VendorSeverity": { "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68266", "https://git.kernel.org/linus/34ab4c75588c07cca12884f2bf6b0347c7a13872 (6.18-rc7)", "https://git.kernel.org/stable/c/34ab4c75588c07cca12884f2bf6b0347c7a13872", "https://git.kernel.org/stable/c/77899444d46162aeb65f229590c26ba266864223", "https://git.kernel.org/stable/c/8f73336b75bd3457b6f9410f2a0601a238f32238", "https://git.kernel.org/stable/c/a8cb796e7e2cb7971311ba236922f5e7e1be77e6", "https://git.kernel.org/stable/c/a9f626396bfe66f49b743601e862767928237cc0", "https://git.kernel.org/stable/c/aeccd6743ee4fdd1ab8cfcbb5b9a20b613418f6d", "https://git.kernel.org/stable/c/d0c5ec1f57d8fbb953f166a27d9d32473dc8f3e4", "https://lore.kernel.org/linux-cve-announce/2025121609-CVE-2025-68266-d334@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68266", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68266" ], "PublishedDate": "2025-12-16T15:15:56.14Z", "LastModifiedDate": "2026-01-19T13:16:09.547Z" }, { "VulnerabilityID": "CVE-2025-68281", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68281", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2f00e99f07ff7f324f31456c9c9cbe02e1836bb97f7a781709b047019786db23", "Title": "kernel: Linux kernel: Denial of Service in ASoC SDCA due to incorrect memory allocation", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SDCA: bug fix while parsing mipi-sdca-control-cn-list\n\n\"struct sdca_control\" declares \"values\" field as integer array.\nBut the memory allocated to it is of char array. This causes\ncrash for sdca_parse_function API. This patch addresses the\nissue by allocating correct data size.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68281", "https://git.kernel.org/linus/eb2d6774cc0d9d6ab8f924825695a85c14b2e0c2 (6.18-rc6)", "https://git.kernel.org/stable/c/eb2d6774cc0d9d6ab8f924825695a85c14b2e0c2", "https://git.kernel.org/stable/c/fcd5786b506c51cbabc2560c68e040d8dba22a0d", "https://lore.kernel.org/linux-cve-announce/2025121640-CVE-2025-68281-4fa1@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68281", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://www.cve.org/CVERecord?id=CVE-2025-68281" ], "PublishedDate": "2025-12-16T15:15:56.243Z", "LastModifiedDate": "2025-12-18T15:08:06.237Z" }, { "VulnerabilityID": "CVE-2025-68282", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68282", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:aad821f13a55aaece5f72239bdbe188fae363d1374ac121362183c9e19a66536", "Title": "kernel: Linux kernel: Use-after-free in USB gadget driver due to race condition during teardown", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: udc: fix use-after-free in usb_gadget_state_work\n\nA race condition during gadget teardown can lead to a use-after-free\nin usb_gadget_state_work(), as reported by KASAN:\n\n BUG: KASAN: invalid-access in sysfs_notify+0x2c/0xd0\n Workqueue: events usb_gadget_state_work\n\nThe fundamental race occurs because a concurrent event (e.g., an\ninterrupt) can call usb_gadget_set_state() and schedule gadget-\u003ework\nat any time during the cleanup process in usb_del_gadget().\n\nCommit 399a45e5237c (\"usb: gadget: core: flush gadget workqueue after\ndevice removal\") attempted to fix this by moving flush_work() to after\ndevice_del(). However, this does not fully solve the race, as a new\nwork item can still be scheduled *after* flush_work() completes but\nbefore the gadget's memory is freed, leading to the same use-after-free.\n\nThis patch fixes the race condition robustly by introducing a 'teardown'\nflag and a 'state_lock' spinlock to the usb_gadget struct. The flag is\nset during cleanup in usb_del_gadget() *before* calling flush_work() to\nprevent any new work from being scheduled once cleanup has commenced.\nThe scheduling site, usb_gadget_set_state(), now checks this flag under\nthe lock before queueing the work, thus safely closing the race window.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 6.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68282", "https://git.kernel.org/linus/baeb66fbd4201d1c4325074e78b1f557dff89b5b (6.18)", "https://git.kernel.org/stable/c/10014310193cf6736c1aeb4105c5f4a0818d0c65", "https://git.kernel.org/stable/c/3b32caa73d135eea8fb9cabb45e9fc64c5a3ecb9", "https://git.kernel.org/stable/c/baeb66fbd4201d1c4325074e78b1f557dff89b5b", "https://git.kernel.org/stable/c/c12a0c3ef815ddd67e47f9c819f9fe822fed5467", "https://git.kernel.org/stable/c/dddc944d65169b552e09cb54e3ed4fbb9ea26416", "https://git.kernel.org/stable/c/eee16f3ff08e759ea828bdf7dc1c0ef2f22134f5", "https://git.kernel.org/stable/c/f02a412c0a18f02f0f91b0a3d9788315a721b7fd", "https://linux.oracle.com/cve/CVE-2025-68282.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2025121635-CVE-2025-68282-641e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68282", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68282" ], "PublishedDate": "2025-12-16T16:16:06.97Z", "LastModifiedDate": "2026-01-19T13:16:09.647Z" }, { "VulnerabilityID": "CVE-2025-68283", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68283", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6222c487ecc67de95d8c480ad33b2a22c9f203d53576b79baf12616a9b330c4a", "Title": "kernel: libceph: replace BUG_ON with bounds check for map-\u003emax_osd", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: replace BUG_ON with bounds check for map-\u003emax_osd\n\nOSD indexes come from untrusted network packets. Boundary checks are\nadded to validate these against map-\u003emax_osd.\n\n[ idryomov: drop BUG_ON in ceph_get_primary_affinity(), minor cosmetic\n edits ]", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68283", "https://git.kernel.org/linus/ec3797f043756a94ea2d0f106022e14ac4946c02 (6.18)", "https://git.kernel.org/stable/c/57f5fbae9f1024aba17ff75e00433324115c548a", "https://git.kernel.org/stable/c/b4368b7f97014e1015445d61abd0b27c4c6e8424", "https://git.kernel.org/stable/c/becc488a4d864db338ebd4e313aa3c77da24b604", "https://git.kernel.org/stable/c/e67e3be690f5f7e3b031cf29e8d91e6d02a8e30d", "https://git.kernel.org/stable/c/ec3797f043756a94ea2d0f106022e14ac4946c02", "https://linux.oracle.com/cve/CVE-2025-68283.html", "https://linux.oracle.com/errata/ELSA-2026-50112.html", "https://lore.kernel.org/linux-cve-announce/2025121637-CVE-2025-68283-77dd@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68283", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-68283" ], "PublishedDate": "2025-12-16T16:16:07.08Z", "LastModifiedDate": "2025-12-18T15:08:06.237Z" }, { "VulnerabilityID": "CVE-2025-68284", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68284", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b53f4dde8e5d85f6fde888268209a173621dd76015392868546515d008d2d41d", "Title": "kernel: libceph: prevent potential out-of-bounds writes in handle_auth_session_key()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: prevent potential out-of-bounds writes in handle_auth_session_key()\n\nThe len field originates from untrusted network packets. Boundary\nchecks have been added to prevent potential out-of-bounds writes when\ndecrypting the connection secret or processing service tickets.\n\n[ idryomov: changelog ]", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68284", "https://git.kernel.org/linus/7fce830ecd0a0256590ee37eb65a39cbad3d64fc (6.18)", "https://git.kernel.org/stable/c/5ef575834ca99f719d7573cdece9df2fe2b72424", "https://git.kernel.org/stable/c/6920ff09bf911bc919cd7a6b7176fbdd1a6e6850", "https://git.kernel.org/stable/c/7fce830ecd0a0256590ee37eb65a39cbad3d64fc", "https://git.kernel.org/stable/c/8dfcc56af28cffb8f25fb9be37b3acc61f2a3d09", "https://git.kernel.org/stable/c/ccbccfba25e9aa395daaea156b5e7790910054c4", "https://git.kernel.org/stable/c/f22c55a20a2d9ffbbac57408d5d488cef8201e9d", "https://linux.oracle.com/cve/CVE-2025-68284.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025121637-CVE-2025-68284-132f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68284", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68284" ], "PublishedDate": "2025-12-16T16:16:07.19Z", "LastModifiedDate": "2025-12-18T15:08:06.237Z" }, { "VulnerabilityID": "CVE-2025-68285", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68285", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2886998ab7f7ba52d04be04dfbe141b45d0f92add9d4fd28e6a40321e2425a10", "Title": "kernel: libceph: fix potential use-after-free in have_mon_and_osd_map()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: fix potential use-after-free in have_mon_and_osd_map()\n\nThe wait loop in __ceph_open_session() can race with the client\nreceiving a new monmap or osdmap shortly after the initial map is\nreceived. Both ceph_monc_handle_map() and handle_one_map() install\na new map immediately after freeing the old one\n\n kfree(monc-\u003emonmap);\n monc-\u003emonmap = monmap;\n\n ceph_osdmap_destroy(osdc-\u003eosdmap);\n osdc-\u003eosdmap = newmap;\n\nunder client-\u003emonc.mutex and client-\u003eosdc.lock respectively, but\nbecause neither is taken in have_mon_and_osd_map() it's possible for\nclient-\u003emonc.monmap-\u003eepoch and client-\u003eosdc.osdmap-\u003eepoch arms in\n\n client-\u003emonc.monmap \u0026\u0026 client-\u003emonc.monmap-\u003eepoch \u0026\u0026\n client-\u003eosdc.osdmap \u0026\u0026 client-\u003eosdc.osdmap-\u003eepoch;\n\ncondition to dereference an already freed map. This happens to be\nreproducible with generic/395 and generic/397 with KASAN enabled:\n\n BUG: KASAN: slab-use-after-free in have_mon_and_osd_map+0x56/0x70\n Read of size 4 at addr ffff88811012d810 by task mount.ceph/13305\n CPU: 2 UID: 0 PID: 13305 Comm: mount.ceph Not tainted 6.14.0-rc2-build2+ #1266\n ...\n Call Trace:\n \u003cTASK\u003e\n have_mon_and_osd_map+0x56/0x70\n ceph_open_session+0x182/0x290\n ceph_get_tree+0x333/0x680\n vfs_get_tree+0x49/0x180\n do_new_mount+0x1a3/0x2d0\n path_mount+0x6dd/0x730\n do_mount+0x99/0xe0\n __do_sys_mount+0x141/0x180\n do_syscall_64+0x9f/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n \u003c/TASK\u003e\n\n Allocated by task 13305:\n ceph_osdmap_alloc+0x16/0x130\n ceph_osdc_init+0x27a/0x4c0\n ceph_create_client+0x153/0x190\n create_fs_client+0x50/0x2a0\n ceph_get_tree+0xff/0x680\n vfs_get_tree+0x49/0x180\n do_new_mount+0x1a3/0x2d0\n path_mount+0x6dd/0x730\n do_mount+0x99/0xe0\n __do_sys_mount+0x141/0x180\n do_syscall_64+0x9f/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n Freed by task 9475:\n kfree+0x212/0x290\n handle_one_map+0x23c/0x3b0\n ceph_osdc_handle_map+0x3c9/0x590\n mon_dispatch+0x655/0x6f0\n ceph_con_process_message+0xc3/0xe0\n ceph_con_v1_try_read+0x614/0x760\n ceph_con_workfn+0x2de/0x650\n process_one_work+0x486/0x7c0\n process_scheduled_works+0x73/0x90\n worker_thread+0x1c8/0x2a0\n kthread+0x2ec/0x300\n ret_from_fork+0x24/0x40\n ret_from_fork_asm+0x1a/0x30\n\nRewrite the wait loop to check the above condition directly with\nclient-\u003emonc.mutex and client-\u003eosdc.lock taken as appropriate. While\nat it, improve the timeout handling (previously mount_timeout could be\nexceeded in case wait_event_interruptible_timeout() slept more than\nonce) and access client-\u003eauth_err under client-\u003emonc.mutex to match\nhow it's set in finish_auth().\n\nmonmap_show() and osdmap_show() now take the respective lock before\naccessing the map as well.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:0793", "https://access.redhat.com/security/cve/CVE-2025-68285", "https://bugzilla.redhat.com/2393157", "https://bugzilla.redhat.com/2401432", "https://bugzilla.redhat.com/2419954", "https://bugzilla.redhat.com/2422788", "https://bugzilla.redhat.com/2422801", "https://bugzilla.redhat.com/show_bug.cgi?id=2393157", "https://bugzilla.redhat.com/show_bug.cgi?id=2401432", "https://bugzilla.redhat.com/show_bug.cgi?id=2419954", "https://bugzilla.redhat.com/show_bug.cgi?id=2422788", "https://bugzilla.redhat.com/show_bug.cgi?id=2422801", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38703", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39933", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40277", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68285", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68287", "https://errata.almalinux.org/9/ALSA-2026-0793.html", "https://errata.rockylinux.org/RLSA-2026:0793", "https://git.kernel.org/linus/076381c261374c587700b3accf410bdd2dba334e (6.18)", "https://git.kernel.org/stable/c/05ec43e9a9de67132dc8cd3b22afef001574947f", "https://git.kernel.org/stable/c/076381c261374c587700b3accf410bdd2dba334e", "https://git.kernel.org/stable/c/183ad6e3b651e8fb0b66d6a2678f4b80bfbba092", "https://git.kernel.org/stable/c/3fc43120b22a3d4f1fbeff56a35ce2105b6a5683", "https://git.kernel.org/stable/c/7c8ccdc1714d9fabecd26e1be7db1771061acc6e", "https://git.kernel.org/stable/c/bb4910c5fd436701faf367e1b5476a5a6d2aff1c", "https://git.kernel.org/stable/c/e08021b3b56b2407f37b5fe47b654be80cc665fb", "https://linux.oracle.com/cve/CVE-2025-68285.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025121638-CVE-2025-68285-8339@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68285", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68285" ], "PublishedDate": "2025-12-16T16:16:07.293Z", "LastModifiedDate": "2025-12-18T15:08:06.237Z" }, { "VulnerabilityID": "CVE-2025-68286", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68286", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9d92075866f694cb71314db4ecf9c041569e4b9fc1354e0c7d7f942af26a1fed", "Title": "kernel: drm/amd/display: Check NULL before accessing", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check NULL before accessing\n\n[WHAT]\nIGT kms_cursor_legacy's long-nonblocking-modeset-vs-cursor-atomic\nfails with NULL pointer dereference. This can be reproduced with\nboth an eDP panel and a DP monitors connected.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] SMP NOPTI\n CPU: 13 UID: 0 PID: 2960 Comm: kms_cursor_lega Not tainted\n6.16.0-99-custom #8 PREEMPT(voluntary)\n Hardware name: AMD ........\n RIP: 0010:dc_stream_get_scanoutpos+0x34/0x130 [amdgpu]\n Code: 57 4d 89 c7 41 56 49 89 ce 41 55 49 89 d5 41 54 49\n 89 fc 53 48 83 ec 18 48 8b 87 a0 64 00 00 48 89 75 d0 48 c7 c6 e0 41 30\n c2 \u003c48\u003e 8b 38 48 8b 9f 68 06 00 00 e8 8d d7 fd ff 31 c0 48 81 c3 e0 02\n RSP: 0018:ffffd0f3c2bd7608 EFLAGS: 00010292\n RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffd0f3c2bd7668\n RDX: ffffd0f3c2bd7664 RSI: ffffffffc23041e0 RDI: ffff8b32494b8000\n RBP: ffffd0f3c2bd7648 R08: ffffd0f3c2bd766c R09: ffffd0f3c2bd7760\n R10: ffffd0f3c2bd7820 R11: 0000000000000000 R12: ffff8b32494b8000\n R13: ffffd0f3c2bd7664 R14: ffffd0f3c2bd7668 R15: ffffd0f3c2bd766c\n FS: 000071f631b68700(0000) GS:ffff8b399f114000(0000)\nknlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 00000001b8105000 CR4: 0000000000f50ef0\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n dm_crtc_get_scanoutpos+0xd7/0x180 [amdgpu]\n amdgpu_display_get_crtc_scanoutpos+0x86/0x1c0 [amdgpu]\n ? __pfx_amdgpu_crtc_get_scanout_position+0x10/0x10[amdgpu]\n amdgpu_crtc_get_scanout_position+0x27/0x50 [amdgpu]\n drm_crtc_vblank_helper_get_vblank_timestamp_internal+0xf7/0x400\n drm_crtc_vblank_helper_get_vblank_timestamp+0x1c/0x30\n drm_crtc_get_last_vbltimestamp+0x55/0x90\n drm_crtc_next_vblank_start+0x45/0xa0\n drm_atomic_helper_wait_for_fences+0x81/0x1f0\n ...\n\n(cherry picked from commit 621e55f1919640acab25383362b96e65f2baea3c)", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "oracle-oval": 3, "photon": 3, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68286", "https://git.kernel.org/linus/3ce62c189693e8ed7b3abe551802bbc67f3ace54 (6.18)", "https://git.kernel.org/stable/c/09092269cb762378ca8b56024746b1a136761e0d", "https://git.kernel.org/stable/c/109e9c92543f3105e8e1efd2c5e6b92ef55d5743", "https://git.kernel.org/stable/c/3ce62c189693e8ed7b3abe551802bbc67f3ace54", "https://git.kernel.org/stable/c/62150f1e7ec707da76ff353fb7db51fef9cd6557", "https://git.kernel.org/stable/c/781f2f32e9c19eb791b52af283c96f9a9677a7f2", "https://git.kernel.org/stable/c/9d1a65cbe3ec5da3003c8434ac7a38dcdc958fd9", "https://git.kernel.org/stable/c/f7cf491cd5b54b5a093bd3fdf76fa2860a7522bf", "https://linux.oracle.com/cve/CVE-2025-68286.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025121638-CVE-2025-68286-cda3@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68286", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68286" ], "PublishedDate": "2025-12-16T16:16:07.4Z", "LastModifiedDate": "2025-12-18T15:08:06.237Z" }, { "VulnerabilityID": "CVE-2025-68287", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68287", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a2a982f21d7e7153e9cef9e7871264fdbea508b3afdef76ef2729ade34bfcb97", "Title": "kernel: usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths\n\nThis patch addresses a race condition caused by unsynchronized\nexecution of multiple call paths invoking `dwc3_remove_requests()`,\nleading to premature freeing of USB requests and subsequent crashes.\n\nThree distinct execution paths interact with `dwc3_remove_requests()`:\nPath 1:\nTriggered via `dwc3_gadget_reset_interrupt()` during USB reset\nhandling. The call stack includes:\n- `dwc3_ep0_reset_state()`\n- `dwc3_ep0_stall_and_restart()`\n- `dwc3_ep0_out_start()`\n- `dwc3_remove_requests()`\n- `dwc3_gadget_del_and_unmap_request()`\n\nPath 2:\nAlso initiated from `dwc3_gadget_reset_interrupt()`, but through\n`dwc3_stop_active_transfers()`. The call stack includes:\n- `dwc3_stop_active_transfers()`\n- `dwc3_remove_requests()`\n- `dwc3_gadget_del_and_unmap_request()`\n\nPath 3:\nOccurs independently during `adb root` execution, which triggers\nUSB function unbind and bind operations. The sequence includes:\n- `gserial_disconnect()`\n- `usb_ep_disable()`\n- `dwc3_gadget_ep_disable()`\n- `dwc3_remove_requests()` with `-ESHUTDOWN` status\n\nPath 3 operates asynchronously and lacks synchronization with Paths\n1 and 2. When Path 3 completes, it disables endpoints and frees 'out'\nrequests. If Paths 1 or 2 are still processing these requests,\naccessing freed memory leads to a crash due to use-after-free conditions.\n\nTo fix this added check for request completion and skip processing\nif already completed and added the request status for ep0 while queue.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 3, "amazon": 3, "oracle-oval": 3, "photon": 2, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:0793", "https://access.redhat.com/security/cve/CVE-2025-68287", "https://bugzilla.redhat.com/2393157", "https://bugzilla.redhat.com/2401432", "https://bugzilla.redhat.com/2419954", "https://bugzilla.redhat.com/2422788", "https://bugzilla.redhat.com/2422801", "https://bugzilla.redhat.com/show_bug.cgi?id=2393157", "https://bugzilla.redhat.com/show_bug.cgi?id=2401432", "https://bugzilla.redhat.com/show_bug.cgi?id=2419954", "https://bugzilla.redhat.com/show_bug.cgi?id=2422788", "https://bugzilla.redhat.com/show_bug.cgi?id=2422801", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38703", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39933", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40277", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68285", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68287", "https://errata.almalinux.org/9/ALSA-2026-0793.html", "https://errata.rockylinux.org/RLSA-2026:0793", "https://git.kernel.org/linus/e4037689a366743c4233966f0e74bc455820d316 (6.18)", "https://git.kernel.org/stable/c/467add9db13219101f14b6cc5477998b4aaa5fe2", "https://git.kernel.org/stable/c/47de14d741cc4057046c9e2f33df1f7828254e6c", "https://git.kernel.org/stable/c/67192e8cb7f941b5bba91e4bb290683576ce1607", "https://git.kernel.org/stable/c/7cfb62888eba292fa35cd9ddbd28ce595f60e139", "https://git.kernel.org/stable/c/afc0e34f161ce61ad351303c46eb57bd44b8b090", "https://git.kernel.org/stable/c/e4037689a366743c4233966f0e74bc455820d316", "https://git.kernel.org/stable/c/fa5eaf701e576880070b60922200557ae4aa54e1", "https://linux.oracle.com/cve/CVE-2025-68287.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025121638-CVE-2025-68287-5647@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68287", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68287" ], "PublishedDate": "2025-12-16T16:16:07.51Z", "LastModifiedDate": "2025-12-18T15:08:06.237Z" }, { "VulnerabilityID": "CVE-2025-68288", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68288", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8773413c11392a24d2f33601786ca03ea7f0596be69af64f1f2c6de5ecac9836", "Title": "kernel: usb: storage: Fix memory leak in USB bulk transport", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: storage: Fix memory leak in USB bulk transport\n\nA kernel memory leak was identified by the 'ioctl_sg01' test from Linux\nTest Project (LTP). The following bytes were mainly observed: 0x53425355.\n\nWhen USB storage devices incorrectly skip the data phase with status data,\nthe code extracts/validates the CSW from the sg buffer, but fails to clear\nit afterwards. This leaves status protocol data in srb's transfer buffer,\nsuch as the US_BULK_CS_SIGN 'USBS' signature observed here. Thus, this can\nlead to USB protocols leaks to user space through SCSI generic (/dev/sg*)\ninterfaces, such as the one seen here when the LTP test requested 512 KiB.\n\nFix the leak by zeroing the CSW data in srb's transfer buffer immediately\nafter the validation of devices that skip data phase.\n\nNote: Differently from CVE-2018-1000204, which fixed a big leak by zero-\ning pages at allocation time, this leak occurs after allocation, when USB\nprotocol data is written to already-allocated sg pages.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68288", "https://git.kernel.org/linus/41e99fe2005182139b1058db71f0d241f8f0078c (6.18)", "https://git.kernel.org/stable/c/0f18eac44c5668204bf6eebb01ddb369ac56932b", "https://git.kernel.org/stable/c/41e99fe2005182139b1058db71f0d241f8f0078c", "https://git.kernel.org/stable/c/467fec3cefbeb9e3ea80f457da9a5666a71ca0d0", "https://git.kernel.org/stable/c/4ba515dfff7eeca369ab85cdbb3f3b231c71720c", "https://git.kernel.org/stable/c/5b815ddb3f5560fac35b16de3a2a22d5f81c5993", "https://git.kernel.org/stable/c/83f0241959831586d9b6d47f6bd5d3dec8f43bf0", "https://git.kernel.org/stable/c/cb1401b5bcc2feb5b038fc4b512e5968b016e05e", "https://linux.oracle.com/cve/CVE-2025-68288.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025121639-CVE-2025-68288-c606@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68288", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68288" ], "PublishedDate": "2025-12-16T16:16:07.62Z", "LastModifiedDate": "2025-12-18T15:08:06.237Z" }, { "VulnerabilityID": "CVE-2025-68289", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68289", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:58b16134cdb5469090b08d81c94b08a4204eac8aa573567313ef012f1f303c45", "Title": "kernel: usb: gadget: f_eem: Fix memory leak in eem_unwrap", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_eem: Fix memory leak in eem_unwrap\n\nThe existing code did not handle the failure case of usb_ep_queue in the\ncommand path, potentially leading to memory leaks.\n\nImprove error handling to free all allocated resources on usb_ep_queue\nfailure. This patch continues to use goto logic for error handling, as the\nexisting error handling is complex and not easily adaptable to auto-cleanup\nhelpers.\n\nkmemleak results:\n unreferenced object 0xffffff895a512300 (size 240):\n backtrace:\n slab_post_alloc_hook+0xbc/0x3a4\n kmem_cache_alloc+0x1b4/0x358\n skb_clone+0x90/0xd8\n eem_unwrap+0x1cc/0x36c\n unreferenced object 0xffffff8a157f4000 (size 256):\n backtrace:\n slab_post_alloc_hook+0xbc/0x3a4\n __kmem_cache_alloc_node+0x1b4/0x2dc\n kmalloc_trace+0x48/0x140\n dwc3_gadget_ep_alloc_request+0x58/0x11c\n usb_ep_alloc_request+0x40/0xe4\n eem_unwrap+0x204/0x36c\n unreferenced object 0xffffff8aadbaac00 (size 128):\n backtrace:\n slab_post_alloc_hook+0xbc/0x3a4\n __kmem_cache_alloc_node+0x1b4/0x2dc\n __kmalloc+0x64/0x1a8\n eem_unwrap+0x218/0x36c\n unreferenced object 0xffffff89ccef3500 (size 64):\n backtrace:\n slab_post_alloc_hook+0xbc/0x3a4\n __kmem_cache_alloc_node+0x1b4/0x2dc\n kmalloc_trace+0x48/0x140\n eem_unwrap+0x238/0x36c", "Severity": "MEDIUM", "VendorSeverity": { "oracle-oval": 3, "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68289", "https://git.kernel.org/linus/e4f5ce990818d37930cd9fb0be29eee0553c59d9 (6.18)", "https://git.kernel.org/stable/c/0ac07e476944a5e4c2b8b087dd167dec248c1bdf", "https://git.kernel.org/stable/c/0dea2e0069a7e9aa034696f8065945b7be6dd6b7", "https://git.kernel.org/stable/c/41434488ca714ab15cb2a4d0378418d1be8052d2", "https://git.kernel.org/stable/c/5a1628283cd9dccf1e44acfb74e77504f4dc7472", "https://git.kernel.org/stable/c/a9985a88b2fc29fbe1657fe8518908e261d6889c", "https://git.kernel.org/stable/c/e4f5ce990818d37930cd9fb0be29eee0553c59d9", "https://git.kernel.org/stable/c/e72c963177c708a167a7e17ed6c76320815157cf", "https://linux.oracle.com/cve/CVE-2025-68289.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025121639-CVE-2025-68289-1efe@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68289", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68289" ], "PublishedDate": "2025-12-16T16:16:07.747Z", "LastModifiedDate": "2025-12-18T15:08:06.237Z" }, { "VulnerabilityID": "CVE-2025-68290", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68290", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:85d5e7a8ffa5fa166a2e4ee3f5774f1087eaf98c7abc2ec2e8c573ff0774e290", "Title": "kernel: most: usb: fix double free on late probe failure", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmost: usb: fix double free on late probe failure\n\nThe MOST subsystem has a non-standard registration function which frees\nthe interface on registration failures and on deregistration.\n\nThis unsurprisingly leads to bugs in the MOST drivers, and a couple of\nrecent changes turned a reference underflow and use-after-free in the\nUSB driver into several double free and a use-after-free on late probe\nfailures.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 3, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68290", "https://git.kernel.org/linus/baadf2a5c26e802a46573eaad331b427b49aaa36 (6.18)", "https://git.kernel.org/stable/c/0dece48660be16918ecf2dbdc7193e8be03e1693", "https://git.kernel.org/stable/c/2274767dc02b756b25e3db1e31c0ed47c2a78442", "https://git.kernel.org/stable/c/8d8ffefe3d5d8b7b73efb866db61130107299c5c", "https://git.kernel.org/stable/c/90e6ce2b1b19fb8b9d4afee69f40e4c6a4791154", "https://git.kernel.org/stable/c/993bfdc3842893c394de13c8200c338ebb979589", "https://git.kernel.org/stable/c/a4c4118c2af284835b16431bbfe77e0130c06fef", "https://git.kernel.org/stable/c/baadf2a5c26e802a46573eaad331b427b49aaa36", "https://lore.kernel.org/linux-cve-announce/2025121639-CVE-2025-68290-e13c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68290", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68290" ], "PublishedDate": "2025-12-16T16:16:07.86Z", "LastModifiedDate": "2025-12-18T15:08:06.237Z" }, { "VulnerabilityID": "CVE-2025-68295", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68295", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a4a19f86141b8b0d78cd89561c2efd6f44c65775d23a2a186214da9948f9ba5d", "Title": "kernel: smb: client: fix memory leak in cifs_construct_tcon()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix memory leak in cifs_construct_tcon()\n\nWhen having a multiuser mount with domain= specified and using\ncifscreds, cifs_set_cifscreds() will end up setting @ctx-\u003edomainname,\nso it needs to be freed before leaving cifs_construct_tcon().\n\nThis fixes the following memory leak reported by kmemleak:\n\n mount.cifs //srv/share /mnt -o domain=ZELDA,multiuser,...\n su - testuser\n cifscreds add -d ZELDA -u testuser\n ...\n ls /mnt/1\n ...\n umount /mnt\n echo scan \u003e /sys/kernel/debug/kmemleak\n cat /sys/kernel/debug/kmemleak\n unreferenced object 0xffff8881203c3f08 (size 8):\n comm \"ls\", pid 5060, jiffies 4307222943\n hex dump (first 8 bytes):\n 5a 45 4c 44 41 00 cc cc ZELDA...\n backtrace (crc d109a8cf):\n __kmalloc_node_track_caller_noprof+0x572/0x710\n kstrdup+0x3a/0x70\n cifs_sb_tlink+0x1209/0x1770 [cifs]\n cifs_get_fattr+0xe1/0xf50 [cifs]\n cifs_get_inode_info+0xb5/0x240 [cifs]\n cifs_revalidate_dentry_attr+0x2d1/0x470 [cifs]\n cifs_getattr+0x28e/0x450 [cifs]\n vfs_getattr_nosec+0x126/0x180\n vfs_statx+0xf6/0x220\n do_statx+0xab/0x110\n __x64_sys_statx+0xd5/0x130\n do_syscall_64+0xbb/0x380\n entry_SYSCALL_64_after_hwframe+0x77/0x7f", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68295", "https://git.kernel.org/linus/3184b6a5a24ec9ee74087b2a550476f386df7dc2 (6.18)", "https://git.kernel.org/stable/c/3184b6a5a24ec9ee74087b2a550476f386df7dc2", "https://git.kernel.org/stable/c/3dd546e867e94c2f954bca45a961b6104ba708b6", "https://git.kernel.org/stable/c/a67e91d5f446e455dd9201cdd6e865f7078d251d", "https://git.kernel.org/stable/c/d146e96fef876492979658dce644305de35878d4", "https://git.kernel.org/stable/c/f15288c137d960836277d0e3ecc62de68e52f00f", "https://git.kernel.org/stable/c/f62ffdfb431bdfa4b6d24233b7fd830eca0b801e", "https://git.kernel.org/stable/c/ff8f9bd1c46ee02d5558293915d42e82646d5ee9", "https://linux.oracle.com/cve/CVE-2025-68295.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025121641-CVE-2025-68295-89cb@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68295", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68295" ], "PublishedDate": "2025-12-16T16:16:08.423Z", "LastModifiedDate": "2025-12-18T15:08:06.237Z" }, { "VulnerabilityID": "CVE-2025-68296", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68296", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:83f43fa018fa0108907b34a3e71def52de58ff3ab7257b3fca9350455330de9f", "Title": "kernel: Linux kernel: Denial of Service due to race condition in fbcon setup", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup\n\nProtect vga_switcheroo_client_fb_set() with console lock. Avoids OOB\naccess in fbcon_remap_all(). Without holding the console lock the call\nraces with switching outputs.\n\nVGA switcheroo calls fbcon_remap_all() when switching clients. The fbcon\nfunction uses struct fb_info.node, which is set by register_framebuffer().\nAs the fb-helper code currently sets up VGA switcheroo before registering\nthe framebuffer, the value of node is -1 and therefore not a legal value.\nFor example, fbcon uses the value within set_con2fb_map() [1] as an index\ninto an array.\n\nMoving vga_switcheroo_client_fb_set() after register_framebuffer() can\nresult in VGA switching that does not switch fbcon correctly.\n\nTherefore move vga_switcheroo_client_fb_set() under fbcon_fb_registered(),\nwhich already holds the console lock. Fbdev calls fbcon_fb_registered()\nfrom within register_framebuffer(). Serializes the helper with VGA\nswitcheroo's call to fbcon_remap_all().\n\nAlthough vga_switcheroo_client_fb_set() takes an instance of struct fb_info\nas parameter, it really only needs the contained fbcon state. Moving the\ncall to fbcon initialization is therefore cleaner than before. Only amdgpu,\ni915, nouveau and radeon support vga_switcheroo. For all other drivers,\nthis change does nothing.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68296", "https://git.kernel.org/linus/eb76d0f5553575599561010f24c277cc5b31d003 (6.18)", "https://git.kernel.org/stable/c/05814c389b53d2f3a0b9eeb90ba7a05ba77c4c2a", "https://git.kernel.org/stable/c/482330f8261b4bea8146d9bd69c1199e5dfcbb5c", "https://git.kernel.org/stable/c/eb76d0f5553575599561010f24c277cc5b31d003", "https://linux.oracle.com/cve/CVE-2025-68296.html", "https://linux.oracle.com/errata/ELSA-2026-50112.html", "https://lore.kernel.org/linux-cve-announce/2025121641-CVE-2025-68296-c946@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68296", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://www.cve.org/CVERecord?id=CVE-2025-68296" ], "PublishedDate": "2025-12-16T16:16:08.54Z", "LastModifiedDate": "2025-12-18T15:08:06.237Z" }, { "VulnerabilityID": "CVE-2025-68297", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68297", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c9c5590342b8d513fa96ef7e0b93ba2dee13539fdc00a4e446c7581cf9224db4", "Title": "kernel: ceph: fix crash in process_v2_sparse_read() for encrypted directories", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: fix crash in process_v2_sparse_read() for encrypted directories\n\nThe crash in process_v2_sparse_read() for fscrypt-encrypted directories\nhas been reported. Issue takes place for Ceph msgr2 protocol in secure\nmode. It can be reproduced by the steps:\n\nsudo mount -t ceph :/ /mnt/cephfs/ -o name=admin,fs=cephfs,ms_mode=secure\n\n(1) mkdir /mnt/cephfs/fscrypt-test-3\n(2) cp area_decrypted.tar /mnt/cephfs/fscrypt-test-3\n(3) fscrypt encrypt --source=raw_key --key=./my.key /mnt/cephfs/fscrypt-test-3\n(4) fscrypt lock /mnt/cephfs/fscrypt-test-3\n(5) fscrypt unlock --key=my.key /mnt/cephfs/fscrypt-test-3\n(6) cat /mnt/cephfs/fscrypt-test-3/area_decrypted.tar\n(7) Issue has been triggered\n\n[ 408.072247] ------------[ cut here ]------------\n[ 408.072251] WARNING: CPU: 1 PID: 392 at net/ceph/messenger_v2.c:865\nceph_con_v2_try_read+0x4b39/0x72f0\n[ 408.072267] Modules linked in: intel_rapl_msr intel_rapl_common\nintel_uncore_frequency_common intel_pmc_core pmt_telemetry pmt_discovery\npmt_class intel_pmc_ssram_telemetry intel_vsec kvm_intel joydev kvm irqbypass\npolyval_clmulni ghash_clmulni_intel aesni_intel rapl input_leds psmouse\nserio_raw i2c_piix4 vga16fb bochs vgastate i2c_smbus floppy mac_hid qemu_fw_cfg\npata_acpi sch_fq_codel rbd msr parport_pc ppdev lp parport efi_pstore\n[ 408.072304] CPU: 1 UID: 0 PID: 392 Comm: kworker/1:3 Not tainted 6.17.0-rc7+\n[ 408.072307] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.17.0-5.fc42 04/01/2014\n[ 408.072310] Workqueue: ceph-msgr ceph_con_workfn\n[ 408.072314] RIP: 0010:ceph_con_v2_try_read+0x4b39/0x72f0\n[ 408.072317] Code: c7 c1 20 f0 d4 ae 50 31 d2 48 c7 c6 60 27 d5 ae 48 c7 c7 f8\n8e 6f b0 68 60 38 d5 ae e8 00 47 61 fe 48 83 c4 18 e9 ac fc ff ff \u003c0f\u003e 0b e9 06\nfe ff ff 4c 8b 9d 98 fd ff ff 0f 84 64 e7 ff ff 89 85\n[ 408.072319] RSP: 0018:ffff88811c3e7a30 EFLAGS: 00010246\n[ 408.072322] RAX: ffffed1024874c6f RBX: ffffea00042c2b40 RCX: 0000000000000f38\n[ 408.072324] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n[ 408.072325] RBP: ffff88811c3e7ca8 R08: 0000000000000000 R09: 00000000000000c8\n[ 408.072326] R10: 00000000000000c8 R11: 0000000000000000 R12: 00000000000000c8\n[ 408.072327] R13: dffffc0000000000 R14: ffff8881243a6030 R15: 0000000000003000\n[ 408.072329] FS: 0000000000000000(0000) GS:ffff88823eadf000(0000)\nknlGS:0000000000000000\n[ 408.072331] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 408.072332] CR2: 000000c0003c6000 CR3: 000000010c106005 CR4: 0000000000772ef0\n[ 408.072336] PKRU: 55555554\n[ 408.072337] Call Trace:\n[ 408.072338] \u003cTASK\u003e\n[ 408.072340] ? sched_clock_noinstr+0x9/0x10\n[ 408.072344] ? __pfx_ceph_con_v2_try_read+0x10/0x10\n[ 408.072347] ? _raw_spin_unlock+0xe/0x40\n[ 408.072349] ? finish_task_switch.isra.0+0x15d/0x830\n[ 408.072353] ? __kasan_check_write+0x14/0x30\n[ 408.072357] ? mutex_lock+0x84/0xe0\n[ 408.072359] ? __pfx_mutex_lock+0x10/0x10\n[ 408.072361] ceph_con_workfn+0x27e/0x10e0\n[ 408.072364] ? metric_delayed_work+0x311/0x2c50\n[ 408.072367] process_one_work+0x611/0xe20\n[ 408.072371] ? __kasan_check_write+0x14/0x30\n[ 408.072373] worker_thread+0x7e3/0x1580\n[ 408.072375] ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n[ 408.072378] ? __pfx_worker_thread+0x10/0x10\n[ 408.072381] kthread+0x381/0x7a0\n[ 408.072383] ? __pfx__raw_spin_lock_irq+0x10/0x10\n[ 408.072385] ? __pfx_kthread+0x10/0x10\n[ 408.072387] ? __kasan_check_write+0x14/0x30\n[ 408.072389] ? recalc_sigpending+0x160/0x220\n[ 408.072392] ? _raw_spin_unlock_irq+0xe/0x50\n[ 408.072394] ? calculate_sigpending+0x78/0xb0\n[ 408.072395] ? __pfx_kthread+0x10/0x10\n[ 408.072397] ret_from_fork+0x2b6/0x380\n[ 408.072400] ? __pfx_kthread+0x10/0x10\n[ 408.072402] ret_from_fork_asm+0x1a/0x30\n[ 408.072406] \u003c/TASK\u003e\n[ 408.072407] ---[ end trace 0000000000000000 ]---\n[ 408.072418] Oops: general protection fault, probably for non-canonical\naddress 0xdffffc00000000\n---truncated---", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "oracle-oval": 3, "redhat": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68297", "https://git.kernel.org/linus/43962db4a6f593903340c85591056a0cef812dfd (6.18)", "https://git.kernel.org/stable/c/43962db4a6f593903340c85591056a0cef812dfd", "https://git.kernel.org/stable/c/47144748fbf12068ba4b82512098fe1ac748a2e9", "https://git.kernel.org/stable/c/5a3f3e39b18705bc578fae58abacc8ef93c15194", "https://git.kernel.org/stable/c/7d1b7de853f7d1eefd6d22949bcefc0c25186727", "https://linux.oracle.com/cve/CVE-2025-68297.html", "https://linux.oracle.com/errata/ELSA-2026-50112.html", "https://lore.kernel.org/linux-cve-announce/2025121642-CVE-2025-68297-1f6e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68297", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-68297" ], "PublishedDate": "2025-12-16T16:16:08.64Z", "LastModifiedDate": "2025-12-18T15:08:06.237Z" }, { "VulnerabilityID": "CVE-2025-68301", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68301", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2fac07894ecb77458ab766ae6a7145db36f804af386e84a1c2e0af9e8cad1e8d", "Title": "kernel: net: atlantic: fix fragment overflow handling in RX path", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: atlantic: fix fragment overflow handling in RX path\n\nThe atlantic driver can receive packets with more than MAX_SKB_FRAGS (17)\nfragments when handling large multi-descriptor packets. This causes an\nout-of-bounds write in skb_add_rx_frag_netmem() leading to kernel panic.\n\nThe issue occurs because the driver doesn't check the total number of\nfragments before calling skb_add_rx_frag(). When a packet requires more\nthan MAX_SKB_FRAGS fragments, the fragment index exceeds the array bounds.\n\nFix by assuming there will be an extra frag if buff-\u003elen \u003e AQ_CFG_RX_HDR_SIZE,\nthen all fragments are accounted for. And reusing the existing check to\nprevent the overflow earlier in the code path.\n\nThis crash occurred in production with an Aquantia AQC113 10G NIC.\n\nStack trace from production environment:\n```\nRIP: 0010:skb_add_rx_frag_netmem+0x29/0xd0\nCode: 90 f3 0f 1e fa 0f 1f 44 00 00 48 89 f8 41 89\nca 48 89 d7 48 63 ce 8b 90 c0 00 00 00 48 c1 e1 04 48 01 ca 48 03 90\nc8 00 00 00 \u003c48\u003e 89 7a 30 44 89 52 3c 44 89 42 38 40 f6 c7 01 75 74 48\n89 fa 83\nRSP: 0018:ffffa9bec02a8d50 EFLAGS: 00010287\nRAX: ffff925b22e80a00 RBX: ffff925ad38d2700 RCX:\nfffffffe0a0c8000\nRDX: ffff9258ea95bac0 RSI: ffff925ae0a0c800 RDI:\n0000000000037a40\nRBP: 0000000000000024 R08: 0000000000000000 R09:\n0000000000000021\nR10: 0000000000000848 R11: 0000000000000000 R12:\nffffa9bec02a8e24\nR13: ffff925ad8615570 R14: 0000000000000000 R15:\nffff925b22e80a00\nFS: 0000000000000000(0000)\nGS:ffff925e47880000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ffff9258ea95baf0 CR3: 0000000166022004 CR4:\n0000000000f72ef0\nPKRU: 55555554\nCall Trace:\n\u003cIRQ\u003e\naq_ring_rx_clean+0x175/0xe60 [atlantic]\n? aq_ring_rx_clean+0x14d/0xe60 [atlantic]\n? aq_ring_tx_clean+0xdf/0x190 [atlantic]\n? kmem_cache_free+0x348/0x450\n? aq_vec_poll+0x81/0x1d0 [atlantic]\n? __napi_poll+0x28/0x1c0\n? net_rx_action+0x337/0x420\n```\n\nChanges in v4:\n- Add Fixes: tag to satisfy patch validation requirements.\n\nChanges in v3:\n- Fix by assuming there will be an extra frag if buff-\u003elen \u003e AQ_CFG_RX_HDR_SIZE,\n then all fragments are accounted for.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 3, "azure": 3, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1143", "https://access.redhat.com/security/cve/CVE-2025-68301", "https://bugzilla.redhat.com/2376052", "https://bugzilla.redhat.com/2381870", "https://bugzilla.redhat.com/2393488", "https://bugzilla.redhat.com/2418872", "https://bugzilla.redhat.com/2418876", "https://bugzilla.redhat.com/2419891", "https://bugzilla.redhat.com/2422836", "https://bugzilla.redhat.com/2422840", "https://bugzilla.redhat.com/show_bug.cgi?id=2376052", "https://bugzilla.redhat.com/show_bug.cgi?id=2381870", "https://bugzilla.redhat.com/show_bug.cgi?id=2393488", "https://bugzilla.redhat.com/show_bug.cgi?id=2418872", "https://bugzilla.redhat.com/show_bug.cgi?id=2418876", "https://bugzilla.redhat.com/show_bug.cgi?id=2419891", "https://bugzilla.redhat.com/show_bug.cgi?id=2422836", "https://bugzilla.redhat.com/show_bug.cgi?id=2422840", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38141", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38349", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38731", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40248", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40258", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40294", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68301", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68305", "https://errata.almalinux.org/9/ALSA-2026-1143.html", "https://errata.rockylinux.org/RLSA-2026:1143", "https://git.kernel.org/linus/5ffcb7b890f61541201461580bb6622ace405aec (6.18)", "https://git.kernel.org/stable/c/34147477eeab24077fcfe9649e282849347d760c", "https://git.kernel.org/stable/c/3be37c3c96b16462394fcb8e15e757c691377038", "https://git.kernel.org/stable/c/3fd2105e1b7e041cc24be151c9a31a14d5fc50ab", "https://git.kernel.org/stable/c/5d6051ea1b0417ae2f06a8440d22e48fbc8f8997", "https://git.kernel.org/stable/c/5ffcb7b890f61541201461580bb6622ace405aec", "https://git.kernel.org/stable/c/64e47cd1fd631a21bf5a630cebefec6c8fc381cd", "https://git.kernel.org/stable/c/b0c4d5135b04ea100988e2458c98f2d8564cda16", "https://linux.oracle.com/cve/CVE-2025-68301.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025121643-CVE-2025-68301-be31@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68301", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68301" ], "PublishedDate": "2025-12-16T16:16:09.617Z", "LastModifiedDate": "2025-12-18T15:08:06.237Z" }, { "VulnerabilityID": "CVE-2025-68302", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68302", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b49e689a87da7b18c73246cef1ee8fe7239a81886fd0b53fb607506c6cb200c1", "Title": "kernel: net: sxgbe: fix potential NULL dereference in sxgbe_rx()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sxgbe: fix potential NULL dereference in sxgbe_rx()\n\nCurrently, when skb is null, the driver prints an error and then\ndereferences skb on the next line.\n\nTo fix this, let's add a 'break' after the error message to switch\nto sxgbe_rx_refill(), which is similar to the approach taken by the\nother drivers in this particular case, e.g. calxeda with xgmac_rx().\n\nFound during a code review.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "photon": 3, "redhat": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68302", "https://git.kernel.org/linus/f5bce28f6b9125502abec4a67d68eabcd24b3b17 (6.18)", "https://git.kernel.org/stable/c/18ef3ad1bb57dcf1a9ee61736039aedccf670b21", "https://git.kernel.org/stable/c/45b5b4ddb8d6bea5fc1625ff6f163bbb125d49cc", "https://git.kernel.org/stable/c/46e5332126596a2ca791140feab18ce1fc1a3c86", "https://git.kernel.org/stable/c/7fd789d6ea4915034eb6bcb72f6883c8151083e5", "https://git.kernel.org/stable/c/88f46c0be77bfe45830ac33102c75be7c34ac3f3", "https://git.kernel.org/stable/c/ac171c3c755499c9f87fe30b920602255f8b5648", "https://git.kernel.org/stable/c/f5bce28f6b9125502abec4a67d68eabcd24b3b17", "https://lore.kernel.org/linux-cve-announce/2025121643-CVE-2025-68302-913d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68302", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68302" ], "PublishedDate": "2025-12-16T16:16:09.727Z", "LastModifiedDate": "2025-12-18T15:08:06.237Z" }, { "VulnerabilityID": "CVE-2025-68303", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68303", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3d637792e9a4d3eab9251acb3c202ddc28641dae1dfa60b1fe2db98c5dfb578b", "Title": "kernel: platform/x86: intel: punit_ipc: fix memory corruption", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: intel: punit_ipc: fix memory corruption\n\nThis passes the address of the pointer \"\u0026punit_ipcdev\" when the intent\nwas to pass the pointer itself \"punit_ipcdev\" (without the ampersand).\nThis means that the:\n\n\tcomplete(\u0026ipcdev-\u003ecmd_complete);\n\nin intel_punit_ioc() will write to a wrong memory address corrupting it.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68303", "https://git.kernel.org/linus/9b9c0adbc3f8a524d291baccc9d0c04097fb4869 (6.18)", "https://git.kernel.org/stable/c/15d560cdf5b36c51fffec07ac2a983ab3bff4cb2", "https://git.kernel.org/stable/c/3e7442c5802146fd418ba3f68dcb9ca92b5cec83", "https://git.kernel.org/stable/c/46e9d6f54184573dae1dcbcf6685a572ba6f4480", "https://git.kernel.org/stable/c/9b9c0adbc3f8a524d291baccc9d0c04097fb4869", "https://git.kernel.org/stable/c/a21615a4ac6fecbb586d59fe2206b63501021789", "https://git.kernel.org/stable/c/c2ee6d38996775a19bfdf20cb01a9b8698cb0baa", "https://lore.kernel.org/linux-cve-announce/2025121644-CVE-2025-68303-2c61@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68303", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68303" ], "PublishedDate": "2025-12-16T16:16:09.82Z", "LastModifiedDate": "2025-12-18T15:08:06.237Z" }, { "VulnerabilityID": "CVE-2025-68307", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68307", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2b702b312e4da5892cc4d349ea51561e5f1a3e59e387956ffd276b6237751dad", "Title": "kernel: can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs\n\nThe driver lacks the cleanup of failed transfers of URBs. This reduces the\nnumber of available URBs per error by 1. This leads to reduced performance\nand ultimately to a complete stop of the transmission.\n\nIf the sending of a bulk URB fails do proper cleanup:\n- increase netdev stats\n- mark the echo_sbk as free\n- free the driver's context and do accounting\n- wake the send queue", "Severity": "MEDIUM", "VendorSeverity": { "azure": 3, "oracle-oval": 3, "photon": 2, "redhat": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68307", "https://git.kernel.org/linus/516a0cd1c03fa266bb67dd87940a209fd4e53ce7 (6.18)", "https://git.kernel.org/stable/c/1a588c40a422a3663a52f1c5535e8fb6b044167d", "https://git.kernel.org/stable/c/4a82072e451eacf24fc66a445e906f5095d215db", "https://git.kernel.org/stable/c/516a0cd1c03fa266bb67dd87940a209fd4e53ce7", "https://git.kernel.org/stable/c/9c8eb33b7008178b6ce88aa7593d12063ce60ca3", "https://git.kernel.org/stable/c/f7a5560675bd85efaf16ab01a43053670ff2b000", "https://linux.oracle.com/cve/CVE-2025-68307.html", "https://linux.oracle.com/errata/ELSA-2026-50112.html", "https://lore.kernel.org/linux-cve-announce/2025121645-CVE-2025-68307-5e9b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68307", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-68307" ], "PublishedDate": "2025-12-16T16:16:10.24Z", "LastModifiedDate": "2025-12-18T15:08:06.237Z" }, { "VulnerabilityID": "CVE-2025-68308", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68308", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:30a198410d7c90961be22987ce3114dca9f1fc3826bfab48b7608d228dc7d388", "Title": "kernel: Linux kernel: Denial of Service in kvaser_usb CAN driver due to infinite loop", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: kvaser_usb: leaf: Fix potential infinite loop in command parsers\n\nThe `kvaser_usb_leaf_wait_cmd()` and `kvaser_usb_leaf_read_bulk_callback`\nfunctions contain logic to zero-length commands. These commands are used\nto align data to the USB endpoint's wMaxPacketSize boundary.\n\nThe driver attempts to skip these placeholders by aligning the buffer\nposition `pos` to the next packet boundary using `round_up()` function.\n\nHowever, if zero-length command is found exactly on a packet boundary\n(i.e., `pos` is a multiple of wMaxPacketSize, including 0), `round_up`\nfunction will return the unchanged value of `pos`. This prevents `pos`\nto be increased, causing an infinite loop in the parsing logic.\n\nThis patch fixes this in the function by using `pos + 1` instead.\nThis ensures that even if `pos` is on a boundary, the calculation is\nbased on `pos + 1`, forcing `round_up()` to always return the next\naligned boundary.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68308", "https://git.kernel.org/linus/0c73772cd2b8cc108d5f5334de89ad648d89b9ec (6.18)", "https://git.kernel.org/stable/c/028e89c7e8b4346302e88df01cc50e0a1f05791a", "https://git.kernel.org/stable/c/0897cea266e39166a36111059ba147192b36592f", "https://git.kernel.org/stable/c/0c73772cd2b8cc108d5f5334de89ad648d89b9ec", "https://git.kernel.org/stable/c/58343e0a4d43699f0e2f5b169384bbe4c0217add", "https://git.kernel.org/stable/c/69c7825df64e24dc15d31631a1fc9145324b1345", "https://git.kernel.org/stable/c/bd8135a560cf6e64f0b98ed4daadf126a38f7f48", "https://git.kernel.org/stable/c/e9dd83a75a7274edef21682c823bf0b66d7b6b7f", "https://linux.oracle.com/cve/CVE-2025-68308.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025121645-CVE-2025-68308-5dc4@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68308", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68308" ], "PublishedDate": "2025-12-16T16:16:10.343Z", "LastModifiedDate": "2025-12-18T15:08:06.237Z" }, { "VulnerabilityID": "CVE-2025-68309", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68309", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:19d1bb1ad0d9ad0efb4d4d50275ba5645fb9c1b881202ca72ca40e130f084076", "Title": "kernel: PCI/AER: Fix NULL pointer access by aer_info", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/AER: Fix NULL pointer access by aer_info\n\nThe kzalloc(GFP_KERNEL) may return NULL, so all accesses to aer_info-\u003exxx\nwill result in kernel panic. Fix it.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68309", "https://git.kernel.org/linus/0a27bdb14b028fed30a10cec2f945c38cb5ca4fa (6.18-rc1)", "https://git.kernel.org/stable/c/0a27bdb14b028fed30a10cec2f945c38cb5ca4fa", "https://git.kernel.org/stable/c/6618243bcc3f60825f761a41ed65fef9fe97eb25", "https://lore.kernel.org/linux-cve-announce/2025121651-CVE-2025-68309-1029@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68309", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://www.cve.org/CVERecord?id=CVE-2025-68309" ], "PublishedDate": "2025-12-16T16:16:10.447Z", "LastModifiedDate": "2025-12-18T15:08:06.237Z" }, { "VulnerabilityID": "CVE-2025-68310", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68310", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4c184c2dce144e8960dfefe487c7f2b5ea4fc7bf6895ad224862437924997ac8", "Title": "kernel: Linux kernel: Denial of Service due to deadlock in PCI error recovery", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pci: Avoid deadlock between PCI error recovery and mlx5 crdump\n\nDo not block PCI config accesses through pci_cfg_access_lock() when\nexecuting the s390 variant of PCI error recovery: Acquire just\ndevice_lock() instead of pci_dev_lock() as powerpc's EEH and\ngenerig PCI AER processing do.\n\nDuring error recovery testing a pair of tasks was reported to be hung:\n\nmlx5_core 0000:00:00.1: mlx5_health_try_recover:338:(pid 5553): health recovery flow aborted, PCI reads still not working\nINFO: task kmcheck:72 blocked for more than 122 seconds.\n Not tainted 5.14.0-570.12.1.bringup7.el9.s390x #1\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:kmcheck state:D stack:0 pid:72 tgid:72 ppid:2 flags:0x00000000\nCall Trace:\n [\u003c000000065256f030\u003e] __schedule+0x2a0/0x590\n [\u003c000000065256f356\u003e] schedule+0x36/0xe0\n [\u003c000000065256f572\u003e] schedule_preempt_disabled+0x22/0x30\n [\u003c0000000652570a94\u003e] __mutex_lock.constprop.0+0x484/0x8a8\n [\u003c000003ff800673a4\u003e] mlx5_unload_one+0x34/0x58 [mlx5_core]\n [\u003c000003ff8006745c\u003e] mlx5_pci_err_detected+0x94/0x140 [mlx5_core]\n [\u003c0000000652556c5a\u003e] zpci_event_attempt_error_recovery+0xf2/0x398\n [\u003c0000000651b9184a\u003e] __zpci_event_error+0x23a/0x2c0\nINFO: task kworker/u1664:6:1514 blocked for more than 122 seconds.\n Not tainted 5.14.0-570.12.1.bringup7.el9.s390x #1\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:kworker/u1664:6 state:D stack:0 pid:1514 tgid:1514 ppid:2 flags:0x00000000\nWorkqueue: mlx5_health0000:00:00.0 mlx5_fw_fatal_reporter_err_work [mlx5_core]\nCall Trace:\n [\u003c000000065256f030\u003e] __schedule+0x2a0/0x590\n [\u003c000000065256f356\u003e] schedule+0x36/0xe0\n [\u003c0000000652172e28\u003e] pci_wait_cfg+0x80/0xe8\n [\u003c0000000652172f94\u003e] pci_cfg_access_lock+0x74/0x88\n [\u003c000003ff800916b6\u003e] mlx5_vsc_gw_lock+0x36/0x178 [mlx5_core]\n [\u003c000003ff80098824\u003e] mlx5_crdump_collect+0x34/0x1c8 [mlx5_core]\n [\u003c000003ff80074b62\u003e] mlx5_fw_fatal_reporter_dump+0x6a/0xe8 [mlx5_core]\n [\u003c0000000652512242\u003e] devlink_health_do_dump.part.0+0x82/0x168\n [\u003c0000000652513212\u003e] devlink_health_report+0x19a/0x230\n [\u003c000003ff80075a12\u003e] mlx5_fw_fatal_reporter_err_work+0xba/0x1b0 [mlx5_core]\n\nNo kernel log of the exact same error with an upstream kernel is\navailable - but the very same deadlock situation can be constructed there,\ntoo:\n\n- task: kmcheck\n mlx5_unload_one() tries to acquire devlink lock while the PCI error\n recovery code has set pdev-\u003eblock_cfg_access by way of\n pci_cfg_access_lock()\n- task: kworker\n mlx5_crdump_collect() tries to set block_cfg_access through\n pci_cfg_access_lock() while devlink_health_report() had acquired\n the devlink lock.\n\nA similar deadlock situation can be reproduced by requesting a\ncrdump with\n \u003e devlink health dump show pci/\u003cBDF\u003e reporter fw_fatal\n\nwhile PCI error recovery is executed on the same \u003cBDF\u003e physical function\nby mlx5_core's pci_error_handlers. On s390 this can be injected with\n \u003e zpcictl --reset-fw \u003cBDF\u003e\n\nTests with this patch failed to reproduce that second deadlock situation,\nthe devlink command is rejected with \"kernel answers: Permission denied\" -\nand we get a kernel log message of:\n\nmlx5_core 1ed0:00:00.1: mlx5_crdump_collect:50:(pid 254382): crdump: failed to lock vsc gw err -5\n\nbecause the config read of VSC_SEMAPHORE is rejected by the underlying\nhardware.\n\nTwo prior attempts to address this issue have been discussed and\nultimately rejected [see link], with the primary argument that s390's\nimplementation of PCI error recovery is imposing restrictions that\nneither powerpc's EEH nor PCI AER handling need. Tests show that PCI\nerror recovery on s390 is running to completion even without blocking\naccess to PCI config space.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68310", "https://git.kernel.org/linus/0fd20f65df6aa430454a0deed8f43efa91c54835 (6.18-rc4)", "https://git.kernel.org/stable/c/0fd20f65df6aa430454a0deed8f43efa91c54835", "https://git.kernel.org/stable/c/3591d56ea9bfd3e7fbbe70f749bdeed689d415f9", "https://git.kernel.org/stable/c/54f938d9f5693af8ed586a08db4af5d9da1f0f2d", "https://git.kernel.org/stable/c/b63c061be622b17b495cbf78a6d5f2d4c3147f8e", "https://git.kernel.org/stable/c/d0df2503bc3c2be385ca2fd96585daad1870c7c5", "https://lore.kernel.org/linux-cve-announce/2025121653-CVE-2025-68310-e0fc@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68310", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-68310" ], "PublishedDate": "2025-12-16T16:16:10.547Z", "LastModifiedDate": "2025-12-18T15:08:06.237Z" }, { "VulnerabilityID": "CVE-2025-68311", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68311", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3fc1053e5a46b59959dd134ea4ea8baf15acfa4398fc4b9a52c17b9af555b01e", "Title": "kernel: tty: serial: ip22zilog: Use platform device for probing", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: ip22zilog: Use platform device for probing\n\nAfter commit 84a9582fd203 (\"serial: core: Start managing serial controllers\nto enable runtime PM\") serial drivers need to provide a device in\nstruct uart_port.dev otherwise an oops happens. To fix this issue\nfor ip22zilog driver switch driver to a platform driver and setup\nthe serial device in sgi-ip22 code.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "redhat": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68311", "https://git.kernel.org/linus/3fc36ae6abd263a5cbf93b2f5539eccc1fc753f7 (6.18-rc1)", "https://git.kernel.org/stable/c/3fc36ae6abd263a5cbf93b2f5539eccc1fc753f7", "https://git.kernel.org/stable/c/460e0dc9af2d7790d5194c6743d79f9b77b58836", "https://git.kernel.org/stable/c/77a196ca904d66c8372aa8fbfc1c4ae3a66dee2e", "https://lore.kernel.org/linux-cve-announce/2025121654-CVE-2025-68311-c43d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68311", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-68311" ], "PublishedDate": "2025-12-16T16:16:10.653Z", "LastModifiedDate": "2025-12-18T15:08:06.237Z" }, { "VulnerabilityID": "CVE-2025-68312", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68312", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0ed73b19be7a2dbd252e65d5d6fe59967102d226764f8715b292a83a1b5b8200", "Title": "kernel: usbnet: Prevents free active kevent", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbnet: Prevents free active kevent\n\nThe root cause of this issue are:\n1. When probing the usbnet device, executing usbnet_link_change(dev, 0, 0);\nput the kevent work in global workqueue. However, the kevent has not yet\nbeen scheduled when the usbnet device is unregistered. Therefore, executing\nfree_netdev() results in the \"free active object (kevent)\" error reported\nhere.\n\n2. Another factor is that when calling usbnet_disconnect()-\u003eunregister_netdev(),\nif the usbnet device is up, ndo_stop() is executed to cancel the kevent.\nHowever, because the device is not up, ndo_stop() is not executed.\n\nThe solution to this problem is to cancel the kevent before executing\nfree_netdev().", "Severity": "MEDIUM", "VendorSeverity": { "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68312", "https://git.kernel.org/linus/420c84c330d1688b8c764479e5738bbdbf0a33de (6.18-rc4)", "https://git.kernel.org/stable/c/285d4b953f2ca03c358f986718dd89ee9bde632e", "https://git.kernel.org/stable/c/2ce1de32e05445d77fc056f6ff8339cfb78a5f84", "https://git.kernel.org/stable/c/3a10619fdefd3051aeb14860e4d4335529b4e94d", "https://git.kernel.org/stable/c/420c84c330d1688b8c764479e5738bbdbf0a33de", "https://git.kernel.org/stable/c/43005002b60ef3424719ecda16d124714b45da3b", "https://git.kernel.org/stable/c/5158fb8da162e3982940f30cd01ed77bdf42c6fc", "https://git.kernel.org/stable/c/88a38b135d69f5db9024ff6527232f1b51be8915", "https://git.kernel.org/stable/c/9a579d6a39513069d298eee70770bbac8a148565", "https://linux.oracle.com/cve/CVE-2025-68312.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025121654-CVE-2025-68312-63bb@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68312", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68312" ], "PublishedDate": "2025-12-16T16:16:10.77Z", "LastModifiedDate": "2025-12-18T15:08:06.237Z" }, { "VulnerabilityID": "CVE-2025-68313", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68313", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2600586bcb8bee03bca0ab8a619eef097a82f1c8f4697e96398a99a7f9e8d9c1", "Title": "kernel: Linux kernel: Denial of Service due to inconsistent random number generation on AMD Zen5 processors", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/CPU/AMD: Add RDSEED fix for Zen5\n\nThere's an issue with RDSEED's 16-bit and 32-bit register output\nvariants on Zen5 which return a random value of 0 \"at a rate inconsistent\nwith randomness while incorrectly signaling success (CF=1)\". Search the\nweb for AMD-SB-7055 for more detail.\n\nAdd a fix glue which checks microcode revisions.\n\n [ bp: Add microcode revisions checking, rewrite. ]", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68313", "https://git.kernel.org/linus/607b9fb2ce248cc5b633c5949e0153838992c152 (6.18-rc4)", "https://git.kernel.org/stable/c/36ff93e66d0efc46e39fab536a9feec968daa766", "https://git.kernel.org/stable/c/607b9fb2ce248cc5b633c5949e0153838992c152", "https://git.kernel.org/stable/c/e980de2ff109dacb6d9d3a77f01b27c467115ecb", "https://linux.oracle.com/cve/CVE-2025-68313.html", "https://linux.oracle.com/errata/ELSA-2026-50006.html", "https://lore.kernel.org/linux-cve-announce/2025121654-CVE-2025-68313-c65d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68313", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-68313" ], "PublishedDate": "2025-12-16T16:16:10.883Z", "LastModifiedDate": "2025-12-18T15:08:06.237Z" }, { "VulnerabilityID": "CVE-2025-68315", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68315", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b7e038a15250538072fa4fc265344010c92118b2335c35aa916d2ee079c6c4e0", "Title": "kernel: f2fs: fix to detect potential corrupted nid in free_nid_list", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to detect potential corrupted nid in free_nid_list\n\nAs reported, on-disk footer.ino and footer.nid is the same and\nout-of-range, let's add sanity check on f2fs_alloc_nid() to detect\nany potential corruption in free_nid_list.", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68315", "https://git.kernel.org/linus/8fc6056dcf79937c46c97fa4996cda65956437a9 (6.18-rc1)", "https://git.kernel.org/stable/c/6b9525596a83cd5b7bbc2c7bd5f9ad9cf5ad60fa", "https://git.kernel.org/stable/c/8fc6056dcf79937c46c97fa4996cda65956437a9", "https://git.kernel.org/stable/c/adbcb34f03abb89e681a5907c4c3ce4bf224991d", "https://lore.kernel.org/linux-cve-announce/2025121655-CVE-2025-68315-158d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68315", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-68315" ], "PublishedDate": "2025-12-16T16:16:11.08Z", "LastModifiedDate": "2025-12-18T15:08:06.237Z" }, { "VulnerabilityID": "CVE-2025-68317", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68317", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e222ce1f43ab137334ab995c31e7ec598c7952a1cd051f5b1a6014cbba466637", "Title": "kernel: Linux kernel: Denial of Service via improper handling of io_uring notification contexts", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/zctx: check chained notif contexts\n\nSend zc only links ubuf_info for requests coming from the same context.\nThere are some ambiguous syz reports, so let's check the assumption on\nnotification completion.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68317", "https://git.kernel.org/linus/ab3ea6eac5f45669b091309f592c4ea324003053 (6.18-rc1)", "https://git.kernel.org/stable/c/aaafd17d3f4be2c15539359a5b4bfa00237f687f", "https://git.kernel.org/stable/c/ab3ea6eac5f45669b091309f592c4ea324003053", "https://git.kernel.org/stable/c/d664a3ce3a604231a0b144c152a3755d03b18b60", "https://linux.oracle.com/cve/CVE-2025-68317.html", "https://linux.oracle.com/errata/ELSA-2026-50006.html", "https://lore.kernel.org/linux-cve-announce/2025121656-CVE-2025-68317-28c8@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68317", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://www.cve.org/CVERecord?id=CVE-2025-68317" ], "PublishedDate": "2025-12-16T16:16:11.28Z", "LastModifiedDate": "2025-12-18T15:08:06.237Z" }, { "VulnerabilityID": "CVE-2025-68318", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68318", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:790dc60cd5e02f72751b182c81bc62d147a92edf3324c60b6e13d028521ebd76", "Title": "kernel: clk: thead: th1520-ap: set all AXI clocks to CLK_IS_CRITICAL", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: thead: th1520-ap: set all AXI clocks to CLK_IS_CRITICAL\n\nThe AXI crossbar of TH1520 has no proper timeout handling, which means\ngating AXI clocks can easily lead to bus timeout and thus system hang.\n\nSet all AXI clock gates to CLK_IS_CRITICAL. All these clock gates are\nungated by default on system reset.\n\nIn addition, convert all current CLK_IGNORE_UNUSED usage to\nCLK_IS_CRITICAL to prevent unwanted clock gating.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68318", "https://git.kernel.org/linus/c567bc5fc68c4388c00e11fc65fd14fe86b52070 (6.18-rc1)", "https://git.kernel.org/stable/c/bdec5e01fc2f3114d1fb1daeb1000911d783c4ae", "https://git.kernel.org/stable/c/c567bc5fc68c4388c00e11fc65fd14fe86b52070", "https://lore.kernel.org/linux-cve-announce/2025121656-CVE-2025-68318-5c94@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68318", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://www.cve.org/CVERecord?id=CVE-2025-68318" ], "PublishedDate": "2025-12-16T16:16:11.387Z", "LastModifiedDate": "2025-12-18T15:08:06.237Z" }, { "VulnerabilityID": "CVE-2025-68321", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68321", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:33974bc95442b3327b8c6cfa7788f2d16bbcef622f9d4a986ee79568b695c095", "Title": "kernel: Linux kernel: Denial of Service due to page allocation failures", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\npage_pool: always add GFP_NOWARN for ATOMIC allocations\n\nDriver authors often forget to add GFP_NOWARN for page allocation\nfrom the datapath. This is annoying to users as OOMs are a fact\nof life, and we pretty much expect network Rx to hit page allocation\nfailures during OOM. Make page pool add GFP_NOWARN for ATOMIC allocations\nby default.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68321", "https://git.kernel.org/linus/f3b52167a0cb23b27414452fbc1278da2ee884fc (6.18-rc1)", "https://git.kernel.org/stable/c/0ec2cd5c58793d0c622797cd5fbe26634b357210", "https://git.kernel.org/stable/c/3671a0775952026228ae44e096eb144bca75f8dc", "https://git.kernel.org/stable/c/7613c06ffa89c1e2266fb532e23ef7dfdf269d73", "https://git.kernel.org/stable/c/9835a0fd59a1df5ec0740fdab6d50db68e0f10de", "https://git.kernel.org/stable/c/ab48dc0e23eb714b3f233f8e8f6deed7df2051f5", "https://git.kernel.org/stable/c/f3b52167a0cb23b27414452fbc1278da2ee884fc", "https://linux.oracle.com/cve/CVE-2025-68321.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025121622-CVE-2025-68321-72b0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68321", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68321" ], "PublishedDate": "2025-12-16T16:16:11.69Z", "LastModifiedDate": "2025-12-18T15:08:06.237Z" }, { "VulnerabilityID": "CVE-2025-68322", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68322", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c4c26bc19c50fe2046ed62ca4f87c0819417653c4d48d0631cb096ed77f1ac00", "Title": "kernel: parisc: Avoid crash due to unaligned access in unwinder", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nparisc: Avoid crash due to unaligned access in unwinder\n\nGuenter Roeck reported this kernel crash on his emulated B160L machine:\n\nStarting network: udhcpc: started, v1.36.1\n Backtrace:\n [\u003c104320d4\u003e] unwind_once+0x1c/0x5c\n [\u003c10434a00\u003e] walk_stackframe.isra.0+0x74/0xb8\n [\u003c10434a6c\u003e] arch_stack_walk+0x28/0x38\n [\u003c104e5efc\u003e] stack_trace_save+0x48/0x5c\n [\u003c105d1bdc\u003e] set_track_prepare+0x44/0x6c\n [\u003c105d9c80\u003e] ___slab_alloc+0xfc4/0x1024\n [\u003c105d9d38\u003e] __slab_alloc.isra.0+0x58/0x90\n [\u003c105dc80c\u003e] kmem_cache_alloc_noprof+0x2ac/0x4a0\n [\u003c105b8e54\u003e] __anon_vma_prepare+0x60/0x280\n [\u003c105a823c\u003e] __vmf_anon_prepare+0x68/0x94\n [\u003c105a8b34\u003e] do_wp_page+0x8cc/0xf10\n [\u003c105aad88\u003e] handle_mm_fault+0x6c0/0xf08\n [\u003c10425568\u003e] do_page_fault+0x110/0x440\n [\u003c10427938\u003e] handle_interruption+0x184/0x748\n [\u003c11178398\u003e] schedule+0x4c/0x190\n BUG: spinlock recursion on CPU#0, ifconfig/2420\n lock: terminate_lock.2+0x0/0x1c, .magic: dead4ead, .owner: ifconfig/2420, .owner_cpu: 0\n\nWhile creating the stack trace, the unwinder uses the stack pointer to guess\nthe previous frame to read the previous stack pointer from memory. The crash\nhappens, because the unwinder tries to read from unaligned memory and as such\ntriggers the unalignment trap handler which then leads to the spinlock\nrecursion and finally to a deadlock.\n\nFix it by checking the alignment before accessing the memory.", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68322", "https://git.kernel.org/linus/fd9f30d1038ee1624baa17a6ff11effe5f7617cb (6.18-rc5)", "https://git.kernel.org/stable/c/009270208f76456c2cefcd565da263b90bb2eadb", "https://git.kernel.org/stable/c/9ac1f44723f26881b9fe7e69c7bc25397b879155", "https://git.kernel.org/stable/c/fd9f30d1038ee1624baa17a6ff11effe5f7617cb", "https://lore.kernel.org/linux-cve-announce/2025121622-CVE-2025-68322-b034@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68322", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-68322" ], "PublishedDate": "2025-12-16T16:16:11.793Z", "LastModifiedDate": "2025-12-18T15:08:06.237Z" }, { "VulnerabilityID": "CVE-2025-68324", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68324", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:219da4880a62c7ee5a98bf3e8514d1a2bc44347ac953a1ecd754c5557abd073e", "Title": "kernel: Linux kernel: Denial of Service via use-after-free in IMM SCSI host adapter", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: imm: Fix use-after-free bug caused by unfinished delayed work\n\nThe delayed work item 'imm_tq' is initialized in imm_attach() and\nscheduled via imm_queuecommand() for processing SCSI commands. When the\nIMM parallel port SCSI host adapter is detached through imm_detach(),\nthe imm_struct device instance is deallocated.\n\nHowever, the delayed work might still be pending or executing\nwhen imm_detach() is called, leading to use-after-free bugs\nwhen the work function imm_interrupt() accesses the already\nfreed imm_struct memory.\n\nThe race condition can occur as follows:\n\nCPU 0(detach thread) | CPU 1\n | imm_queuecommand()\n | imm_queuecommand_lck()\nimm_detach() | schedule_delayed_work()\n kfree(dev) //FREE | imm_interrupt()\n | dev = container_of(...) //USE\n dev-\u003e //USE\n\nAdd disable_delayed_work_sync() in imm_detach() to guarantee proper\ncancellation of the delayed work item before imm_struct is deallocated.", "Severity": "MEDIUM", "VendorSeverity": { "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68324", "https://git.kernel.org/linus/ab58153ec64fa3fc9aea09ca09dc9322e0b54a7c (6.19-rc1)", "https://git.kernel.org/stable/c/31ab2aad7a7b7501e904a09bf361e44671f66092", "https://git.kernel.org/stable/c/48dd41fa2d6c6a0c50e714deeba06ffe7f91961b", "https://git.kernel.org/stable/c/9e434426cc23ad5e2aad649327b59aea00294b13", "https://git.kernel.org/stable/c/ab58153ec64fa3fc9aea09ca09dc9322e0b54a7c", "https://linux.oracle.com/cve/CVE-2025-68324.html", "https://linux.oracle.com/errata/ELSA-2026-50112.html", "https://lore.kernel.org/linux-cve-announce/2025121800-CVE-2025-68324-f8d5@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68324", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://www.cve.org/CVERecord?id=CVE-2025-68324" ], "PublishedDate": "2025-12-18T15:16:06.22Z", "LastModifiedDate": "2025-12-19T18:00:54.283Z" }, { "VulnerabilityID": "CVE-2025-68325", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68325", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:674ede29c923f39f45edf6c6767b020975e1fd7bccdab20ceea7a3203f65c47b", "Title": "kernel: net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_cake: Fix incorrect qlen reduction in cake_drop\n\nIn cake_drop(), qdisc_tree_reduce_backlog() is used to update the qlen\nand backlog of the qdisc hierarchy. Its caller, cake_enqueue(), assumes\nthat the parent qdisc will enqueue the current packet. However, this\nassumption breaks when cake_enqueue() returns NET_XMIT_CN: the parent\nqdisc stops enqueuing current packet, leaving the tree qlen/backlog\naccounting inconsistent. This mismatch can lead to a NULL dereference\n(e.g., when the parent Qdisc is qfq_qdisc).\n\nThis patch computes the qlen/backlog delta in a more robust way by\nobserving the difference before and after the series of cake_drop()\ncalls, and then compensates the qdisc tree accounting if cake_enqueue()\nreturns NET_XMIT_CN.\n\nTo ensure correct compensation when ACK thinning is enabled, a new\nvariable is introduced to keep qlen unchanged.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "oracle-oval": 3, "photon": 3, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68325", "https://git.kernel.org/linus/9fefc78f7f02d71810776fdeb119a05a946a27cc (6.19-rc1)", "https://git.kernel.org/stable/c/0b6216f9b3d1c33c76f74511026e5de5385ee520", "https://git.kernel.org/stable/c/38abf6e931b169ea88d7529b49096f53a5dcf8fe", "https://git.kernel.org/stable/c/3ed6c458530a547ed0c9ea0b02b19bab620be88b", "https://git.kernel.org/stable/c/529c284cc2815c8350860e9a31722050fe7117cb", "https://git.kernel.org/stable/c/9fefc78f7f02d71810776fdeb119a05a946a27cc", "https://git.kernel.org/stable/c/a3f4e3de41a3f115db35276c6b186ccbc913934a", "https://git.kernel.org/stable/c/d01f0e072dadb02fe10f436b940dd957aff0d7d4", "https://git.kernel.org/stable/c/fcb91be52eb6e92e00b533ebd7c77fecada537e1", "https://linux.oracle.com/cve/CVE-2025-68325.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025121802-CVE-2025-68325-13a9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68325", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68325" ], "PublishedDate": "2025-12-18T15:16:06.32Z", "LastModifiedDate": "2026-01-19T13:16:09.747Z" }, { "VulnerabilityID": "CVE-2025-68327", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68327", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f6e8b00715a57f137dbbd025ac549898d3633ec295d126fb029557385bac5b1f", "Title": "kernel: usb: renesas_usbhs: Fix synchronous external abort on unbind", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: renesas_usbhs: Fix synchronous external abort on unbind\n\nA synchronous external abort occurs on the Renesas RZ/G3S SoC if unbind is\nexecuted after the configuration sequence described above:\n\nmodprobe usb_f_ecm\nmodprobe libcomposite\nmodprobe configfs\ncd /sys/kernel/config/usb_gadget\nmkdir -p g1\ncd g1\necho \"0x1d6b\" \u003e idVendor\necho \"0x0104\" \u003e idProduct\nmkdir -p strings/0x409\necho \"0123456789\" \u003e strings/0x409/serialnumber\necho \"Renesas.\" \u003e strings/0x409/manufacturer\necho \"Ethernet Gadget\" \u003e strings/0x409/product\nmkdir -p functions/ecm.usb0\nmkdir -p configs/c.1\nmkdir -p configs/c.1/strings/0x409\necho \"ECM\" \u003e configs/c.1/strings/0x409/configuration\n\nif [ ! -L configs/c.1/ecm.usb0 ]; then\n ln -s functions/ecm.usb0 configs/c.1\nfi\n\necho 11e20000.usb \u003e UDC\necho 11e20000.usb \u003e /sys/bus/platform/drivers/renesas_usbhs/unbind\n\nThe displayed trace is as follows:\n\n Internal error: synchronous external abort: 0000000096000010 [#1] SMP\n CPU: 0 UID: 0 PID: 188 Comm: sh Tainted: G M 6.17.0-rc7-next-20250922-00010-g41050493b2bd #55 PREEMPT\n Tainted: [M]=MACHINE_CHECK\n Hardware name: Renesas SMARC EVK version 2 based on r9a08g045s33 (DT)\n pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : usbhs_sys_function_pullup+0x10/0x40 [renesas_usbhs]\n lr : usbhsg_update_pullup+0x3c/0x68 [renesas_usbhs]\n sp : ffff8000838b3920\n x29: ffff8000838b3920 x28: ffff00000d585780 x27: 0000000000000000\n x26: 0000000000000000 x25: 0000000000000000 x24: ffff00000c3e3810\n x23: ffff00000d5e5c80 x22: ffff00000d5e5d40 x21: 0000000000000000\n x20: 0000000000000000 x19: ffff00000d5e5c80 x18: 0000000000000020\n x17: 2e30303230316531 x16: 312d7968703a7968 x15: 3d454d414e5f4344\n x14: 000000000000002c x13: 0000000000000000 x12: 0000000000000000\n x11: ffff00000f358f38 x10: ffff00000f358db0 x9 : ffff00000b41f418\n x8 : 0101010101010101 x7 : 7f7f7f7f7f7f7f7f x6 : fefefeff6364626d\n x5 : 8080808000000000 x4 : 000000004b5ccb9d x3 : 0000000000000000\n x2 : 0000000000000000 x1 : ffff800083790000 x0 : ffff00000d5e5c80\n Call trace:\n usbhs_sys_function_pullup+0x10/0x40 [renesas_usbhs] (P)\n usbhsg_pullup+0x4c/0x7c [renesas_usbhs]\n usb_gadget_disconnect_locked+0x48/0xd4\n gadget_unbind_driver+0x44/0x114\n device_remove+0x4c/0x80\n device_release_driver_internal+0x1c8/0x224\n device_release_driver+0x18/0x24\n bus_remove_device+0xcc/0x10c\n device_del+0x14c/0x404\n usb_del_gadget+0x88/0xc0\n usb_del_gadget_udc+0x18/0x30\n usbhs_mod_gadget_remove+0x24/0x44 [renesas_usbhs]\n usbhs_mod_remove+0x20/0x30 [renesas_usbhs]\n usbhs_remove+0x98/0xdc [renesas_usbhs]\n platform_remove+0x20/0x30\n device_remove+0x4c/0x80\n device_release_driver_internal+0x1c8/0x224\n device_driver_detach+0x18/0x24\n unbind_store+0xb4/0xb8\n drv_attr_store+0x24/0x38\n sysfs_kf_write+0x7c/0x94\n kernfs_fop_write_iter+0x128/0x1b8\n vfs_write+0x2ac/0x350\n ksys_write+0x68/0xfc\n __arm64_sys_write+0x1c/0x28\n invoke_syscall+0x48/0x110\n el0_svc_common.constprop.0+0xc0/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x34/0xf0\n el0t_64_sync_handler+0xa0/0xe4\n el0t_64_sync+0x198/0x19c\n Code: 7100003f 1a9f07e1 531c6c22 f9400001 (79400021)\n ---[ end trace 0000000000000000 ]---\n note: sh[188] exited with irqs disabled\n note: sh[188] exited with preempt_count 1\n\nThe issue occurs because usbhs_sys_function_pullup(), which accesses the IP\nregisters, is executed after the USBHS clocks have been disabled. The\nproblem is reproducible on the Renesas RZ/G3S SoC starting with the\naddition of module stop in the clock enable/disable APIs. With module stop\nfunctionality enabled, a bus error is expected if a master accesses a\nmodule whose clock has been stopped and module stop activated.\n\nDisable the IP clocks at the end of remove.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "oracle-oval": 3, "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68327", "https://git.kernel.org/stable/c/230b1bc1310edcd5c1b71dcd6b77ccba43139cb5", "https://git.kernel.org/stable/c/26838f147aeaa8f820ff799d72815fba5e209bd9", "https://git.kernel.org/stable/c/9d86bc8b188a77c8d6f7252280ec2bd24ad6fbc1", "https://git.kernel.org/stable/c/aa658a6d5ac21c7cde54c6d015f2d4daff32e02d", "https://git.kernel.org/stable/c/cd5e86e34c66a831b5cb9b720ad411a006962cc8", "https://git.kernel.org/stable/c/eb9ac779830b2235847b72cb15cf07c7e3333c5e", "https://git.kernel.org/stable/c/fd1a7bf3a8cac13f6d2d52d8c7570ba41621db9a", "https://linux.oracle.com/cve/CVE-2025-68327.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025122217-CVE-2025-68327-a1f9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68327", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68327" ], "PublishedDate": "2025-12-22T17:16:00.353Z", "LastModifiedDate": "2025-12-23T14:51:52.65Z" }, { "VulnerabilityID": "CVE-2025-68328", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68328", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f39ee2cb4cbaa02e0bd3f95e230d01f67dbcab6f21e5a1279e28123730bf626f", "Title": "kernel: firmware: stratix10-svc: fix bug in saving controller data", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: stratix10-svc: fix bug in saving controller data\n\nFix the incorrect usage of platform_set_drvdata and dev_set_drvdata. They\nboth are of the same data and overrides each other. This resulted in the\nrmmod of the svc driver to fail and throw a kernel panic for kthread_stop\nand fifo free.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68328", "https://git.kernel.org/stable/c/354fb03002da0970d337f0d3edbeb46cc4fa6f41", "https://git.kernel.org/stable/c/60ab1851614e6007344042b66da6e31d1cc26cb3", "https://git.kernel.org/stable/c/71796c91ee8e33faf4434a9e210b5063c28ea907", "https://git.kernel.org/stable/c/9d0a330abd9e49bcebf6307aac185081bde49a43", "https://git.kernel.org/stable/c/b359df793f609b1efce31dadfe6883ec73852619", "https://git.kernel.org/stable/c/bd226fa02ed6db6fce0fae010802f0950fd14fb9", "https://git.kernel.org/stable/c/d0fcf70c680e4d1669fcb3a8632f41400b9a73c2", "https://lore.kernel.org/linux-cve-announce/2025122218-CVE-2025-68328-8653@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68328", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68328" ], "PublishedDate": "2025-12-22T17:16:00.47Z", "LastModifiedDate": "2025-12-23T14:51:52.65Z" }, { "VulnerabilityID": "CVE-2025-68330", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68330", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:640619bc56f3b27b8dab3f21343f7e376319e5e82dc12ce676200d38062aa291", "Title": "kernel: iio: accel: bmc150: Fix irq assumption regression", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: accel: bmc150: Fix irq assumption regression\n\nThe code in bmc150-accel-core.c unconditionally calls\nbmc150_accel_set_interrupt() in the iio_buffer_setup_ops,\nsuch as on the runtime PM resume path giving a kernel\nsplat like this if the device has no interrupts:\n\nUnable to handle kernel NULL pointer dereference at virtual\n address 00000001 when read\n\nPC is at bmc150_accel_set_interrupt+0x98/0x194\nLR is at __pm_runtime_resume+0x5c/0x64\n(...)\nCall trace:\nbmc150_accel_set_interrupt from bmc150_accel_buffer_postenable+0x40/0x108\nbmc150_accel_buffer_postenable from __iio_update_buffers+0xbe0/0xcbc\n__iio_update_buffers from enable_store+0x84/0xc8\nenable_store from kernfs_fop_write_iter+0x154/0x1b4\n\nThis bug seems to have been in the driver since the beginning,\nbut it only manifests recently, I do not know why.\n\nStore the IRQ number in the state struct, as this is a common\npattern in other drivers, then use this to determine if we have\nIRQ support or not.", "Severity": "MEDIUM", "VendorSeverity": { "oracle-oval": 3, "photon": 3, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68330", "https://git.kernel.org/stable/c/3aa385a9c75c09b59dcab2ff76423439d23673ab", "https://git.kernel.org/stable/c/65ad4ed983fd9ee0259d86391d6a53f78203918c", "https://git.kernel.org/stable/c/93eaa5ddc5fc4f50ac396afad8ce261102ebd4f3", "https://git.kernel.org/stable/c/aad9d048a3211c48ec02efa405bf462856feb862", "https://git.kernel.org/stable/c/c891f504bb66604c822e7985e093cf39b97fdeb0", "https://git.kernel.org/stable/c/cdd4a9e98004bd7c7488311951fa6dbae38b2b80", "https://linux.oracle.com/cve/CVE-2025-68330.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025122218-CVE-2025-68330-94b5@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68330", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68330" ], "PublishedDate": "2025-12-22T17:16:00.68Z", "LastModifiedDate": "2025-12-23T14:51:52.65Z" }, { "VulnerabilityID": "CVE-2025-68331", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68331", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:155abefe3f700351903d1fc5f5788322a4de39b0a7aabe32ed97ddb6b692c8ba", "Title": "kernel: usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer\n\nWhen a UAS device is unplugged during data transfer, there is\na probability of a system panic occurring. The root cause is\nan access to an invalid memory address during URB callback handling.\nSpecifically, this happens when the dma_direct_unmap_sg() function\nis called within the usb_hcd_unmap_urb_for_dma() interface, but the\nsg-\u003edma_address field is 0 and the sg data structure has already been\nfreed.\n\nThe SCSI driver sends transfer commands by invoking uas_queuecommand_lck()\nin uas.c, using the uas_submit_urbs() function to submit requests to USB.\nWithin the uas_submit_urbs() implementation, three URBs (sense_urb,\ndata_urb, and cmd_urb) are sequentially submitted. Device removal may\noccur at any point during uas_submit_urbs execution, which may result\nin URB submission failure. However, some URBs might have been successfully\nsubmitted before the failure, and uas_submit_urbs will return the -ENODEV\nerror code in this case. The current error handling directly calls\nscsi_done(). In the SCSI driver, this eventually triggers scsi_complete()\nto invoke scsi_end_request() for releasing the sgtable. The successfully\nsubmitted URBs, when being unlinked to giveback, call\nusb_hcd_unmap_urb_for_dma() in hcd.c, leading to exceptions during sg\nunmapping operations since the sg data structure has already been freed.\n\nThis patch modifies the error condition check in the uas_submit_urbs()\nfunction. When a UAS device is removed but one or more URBs have already\nbeen successfully submitted to USB, it avoids immediately invoking\nscsi_done() and save the cmnd to devinfo-\u003ecmnd array. If the successfully\nsubmitted URBs is completed before devinfo-\u003eresetting being set, then\nthe scsi_done() function will be called within uas_try_complete() after\nall pending URB operations are finalized. Otherwise, the scsi_done()\nfunction will be called within uas_zap_pending(), which is executed after\nusb_kill_anchored_urbs().\n\nThe error handling only takes effect when uas_queuecommand_lck() calls\nuas_submit_urbs() and returns the error value -ENODEV . In this case,\nthe device is disconnected, and the flow proceeds to uas_disconnect(),\nwhere uas_zap_pending() is invoked to call uas_try_complete().", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 3, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68331", "https://git.kernel.org/stable/c/26d56a9fcb2014b99e654127960aa0a48a391e3c", "https://git.kernel.org/stable/c/2b90a8131c83f6f2be69397d2b7d14d217d95d2f", "https://git.kernel.org/stable/c/426edbfc88b22601ea34a441a469092e7b301c52", "https://git.kernel.org/stable/c/6289fc489e94c9beb6be2b502ccc263663733d72", "https://git.kernel.org/stable/c/66ac05e7b0d6bbd1bee9fcf729e20fd4cce86d17", "https://git.kernel.org/stable/c/75f8e2643085db4f7e136fc6b368eb114dd80a64", "https://git.kernel.org/stable/c/e3a55221f4de080cb7a91ba10f01c4f708603f8d", "https://linux.oracle.com/cve/CVE-2025-68331.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025122219-CVE-2025-68331-e22f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68331", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68331" ], "PublishedDate": "2025-12-22T17:16:00.8Z", "LastModifiedDate": "2025-12-23T14:51:52.65Z" }, { "VulnerabilityID": "CVE-2025-68332", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68332", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2d6a5935b3c3b07659f4632b67b3c3cd0c03b5aa816a6bb44abba780701d4d43", "Title": "kernel: comedi: c6xdigio: Fix invalid PNP driver unregistration", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: c6xdigio: Fix invalid PNP driver unregistration\n\nThe Comedi low-level driver \"c6xdigio\" seems to be for a parallel port\nconnected device. When the Comedi core calls the driver's Comedi\n\"attach\" handler `c6xdigio_attach()` to configure a Comedi to use this\ndriver, it tries to enable the parallel port PNP resources by\nregistering a PNP driver with `pnp_register_driver()`, but ignores the\nreturn value. (The `struct pnp_driver` it uses has only the `name` and\n`id_table` members filled in.) The driver's Comedi \"detach\" handler\n`c6xdigio_detach()` unconditionally unregisters the PNP driver with\n`pnp_unregister_driver()`.\n\nIt is possible for `c6xdigio_attach()` to return an error before it\ncalls `pnp_register_driver()` and it is possible for the call to\n`pnp_register_driver()` to return an error (that is ignored). In both\ncases, the driver should not be calling `pnp_unregister_driver()` as it\ndoes in `c6xdigio_detach()`. (Note that `c6xdigio_detach()` will be\ncalled by the Comedi core if `c6xdigio_attach()` returns an error, or if\nthe Comedi core decides to detach the Comedi device from the driver for\nsome other reason.)\n\nThe unconditional call to `pnp_unregister_driver()` without a previous\nsuccessful call to `pnp_register_driver()` will cause\n`driver_unregister()` to issue a warning \"Unexpected driver\nunregister!\". This was detected by Syzbot [1].\n\nAlso, the PNP driver registration and unregistration should be done at\nmodule init and exit time, respectively, not when attaching or detaching\nComedi devices to the driver. (There might be more than one Comedi\ndevice being attached to the driver, although that is unlikely.)\n\nChange the driver to do the PNP driver registration at module init time,\nand the unregistration at module exit time. Since `c6xdigio_detach()`\nnow only calls `comedi_legacy_detach()`, remove the function and change\nthe Comedi driver \"detach\" handler to `comedi_legacy_detach`.\n\n-------------------------------------------\n[1] Syzbot sample crash report:\nUnexpected driver unregister!\nWARNING: CPU: 0 PID: 5970 at drivers/base/driver.c:273 driver_unregister drivers/base/driver.c:273 [inline]\nWARNING: CPU: 0 PID: 5970 at drivers/base/driver.c:273 driver_unregister+0x90/0xb0 drivers/base/driver.c:270\nModules linked in:\nCPU: 0 UID: 0 PID: 5970 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025\nRIP: 0010:driver_unregister drivers/base/driver.c:273 [inline]\nRIP: 0010:driver_unregister+0x90/0xb0 drivers/base/driver.c:270\nCode: 48 89 ef e8 c2 e6 82 fc 48 89 df e8 3a 93 ff ff 5b 5d e9 c3 6d d9 fb e8 be 6d d9 fb 90 48 c7 c7 e0 f8 1f 8c e8 51 a2 97 fb 90 \u003c0f\u003e 0b 90 90 5b 5d e9 a5 6d d9 fb e8 e0 f4 41 fc eb 94 e8 d9 f4 41\nRSP: 0018:ffffc9000373f9a0 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffffffff8ff24720 RCX: ffffffff817b6ee8\nRDX: ffff88807c932480 RSI: ffffffff817b6ef5 RDI: 0000000000000001\nRBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000001 R12: ffffffff8ff24660\nR13: dffffc0000000000 R14: 0000000000000000 R15: ffff88814cca0000\nFS: 000055556dab1500(0000) GS:ffff8881249d9000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000055f77f285cd0 CR3: 000000007d871000 CR4: 00000000003526f0\nCall Trace:\n \u003cTASK\u003e\n comedi_device_detach_locked+0x12f/0xa50 drivers/comedi/drivers.c:207\n comedi_device_detach+0x67/0xb0 drivers/comedi/drivers.c:215\n comedi_device_attach+0x43d/0x900 drivers/comedi/drivers.c:1011\n do_devconfig_ioctl+0x1b1/0x710 drivers/comedi/comedi_fops.c:872\n comedi_unlocked_ioctl+0x165d/0x2f00 drivers/comedi/comedi_fops.c:2178\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:597 [inline]\n __se_sys_ioctl fs/ioctl.c:583 [inline]\n __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:583\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_sys\n---truncated---", "Severity": "MEDIUM", "VendorSeverity": { "photon": 1, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68332", "https://git.kernel.org/stable/c/407b25bb9284d69c27309e691ab1e02f9e1c46ac", "https://git.kernel.org/stable/c/698149d797d0178162f394c55d4ed52aa0e0b7f6", "https://git.kernel.org/stable/c/72262330f7b3ad2130e800cecf02adcce3c32c77", "https://git.kernel.org/stable/c/72b3627b0d3b819de49b29c2c8cb1c64d54536b9", "https://git.kernel.org/stable/c/888f7e2847bcb9df8257e656e1e837828942c53b", "https://git.kernel.org/stable/c/9fd8c8ad35c8d2390ce5ca2eb523c044bebdc072", "https://git.kernel.org/stable/c/e8110402b0c24d822b0b933d87d50870d59667ef", "https://git.kernel.org/stable/c/f7fa1f4670c3c358a451546f0b80b9231952912d", "https://lore.kernel.org/linux-cve-announce/2025122219-CVE-2025-68332-0893@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68332", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68332" ], "PublishedDate": "2025-12-22T17:16:00.91Z", "LastModifiedDate": "2026-01-19T13:16:09.853Z" }, { "VulnerabilityID": "CVE-2025-68333", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68333", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:23afc8727a988a3d754771f439720812ce96d6c6b7b98be0b0791634ff63f0e5", "Title": "kernel: sched_ext: Fix possible deadlock in the deferred_irq_workfn()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched_ext: Fix possible deadlock in the deferred_irq_workfn()\n\nFor PREEMPT_RT=y kernels, the deferred_irq_workfn() is executed in\nthe per-cpu irq_work/* task context and not disable-irq, if the rq\nreturned by container_of() is current CPU's rq, the following scenarios\nmay occur:\n\nlock(\u0026rq-\u003e__lock);\n\u003cInterrupt\u003e\n lock(\u0026rq-\u003e__lock);\n\nThis commit use IRQ_WORK_INIT_HARD() to replace init_irq_work() to\ninitialize rq-\u003escx.deferred_irq_work, make the deferred_irq_workfn()\nis always invoked in hard-irq context.", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68333", "https://git.kernel.org/stable/c/541959b2fadb832a7d0ceb95041dc52bdcf6bff7", "https://git.kernel.org/stable/c/600b4379b9a7ba41340d652211fb29699da4c629", "https://git.kernel.org/stable/c/a257e974210320ede524f340ffe16bf4bf0dda1e", "https://linux.oracle.com/cve/CVE-2025-68333.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2025122219-CVE-2025-68333-4689@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68333", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://www.cve.org/CVERecord?id=CVE-2025-68333" ], "PublishedDate": "2025-12-22T17:16:01.02Z", "LastModifiedDate": "2026-02-26T15:53:10.37Z" }, { "VulnerabilityID": "CVE-2025-68334", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68334", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:999b383f8d7b3f1f8c0bfb0780d0a76a50f0b4b495ce7ffcb23903d18ff63d05", "Title": "kernel: Linux kernel: Denial of Service due to missing power management handler for AMD Van Gogh SoC", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86/amd/pmc: Add support for Van Gogh SoC\n\nThe ROG Xbox Ally (non-X) SoC features a similar architecture to the\nSteam Deck. While the Steam Deck supports S3 (s2idle causes a crash),\nthis support was dropped by the Xbox Ally which only S0ix suspend.\n\nSince the handler is missing here, this causes the device to not suspend\nand the AMD GPU driver to crash while trying to resume afterwards due to\na power hang.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68334", "https://git.kernel.org/stable/c/8af210df4f71dda74dc027da69372a028c6d4d84", "https://git.kernel.org/stable/c/9654c56b111cd1415aca7e77f0c63c109453c409", "https://git.kernel.org/stable/c/996092ba6df66e2ac8cf9022007a7c8a412e7733", "https://git.kernel.org/stable/c/db4a3f0fbedb0398f77b9047e8b8bb2b49f355bb", "https://lore.kernel.org/linux-cve-announce/2025122220-CVE-2025-68334-b63c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68334", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://www.cve.org/CVERecord?id=CVE-2025-68334" ], "PublishedDate": "2025-12-22T17:16:01.12Z", "LastModifiedDate": "2026-03-25T11:16:14.19Z" }, { "VulnerabilityID": "CVE-2025-68335", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68335", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:fc71175bd55b9ee33452ea2669895651ef9959e7cf13a9be645aea53da543c73", "Title": "kernel: comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel()\n\nSyzbot identified an issue [1] in pcl818_ai_cancel(), which stems from\nthe fact that in case of early device detach via pcl818_detach(),\nsubdevice dev-\u003eread_subdev may not have initialized its pointer to\n\u0026struct comedi_async as intended. Thus, any such dereferencing of\n\u0026s-\u003easync-\u003ecmd will lead to general protection fault and kernel crash.\n\nMitigate this problem by removing a call to pcl818_ai_cancel() from\npcl818_detach() altogether. This way, if the subdevice setups its\nsupport for async commands, everything async-related will be\nhandled via subdevice's own -\u003ecancel() function in\ncomedi_device_detach_locked() even before pcl818_detach(). If no\nsupport for asynchronous commands is provided, there is no need\nto cancel anything either.\n\n[1] Syzbot crash:\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]\nCPU: 1 UID: 0 PID: 6050 Comm: syz.0.18 Not tainted syzkaller #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025\nRIP: 0010:pcl818_ai_cancel+0x69/0x3f0 drivers/comedi/drivers/pcl818.c:762\n...\nCall Trace:\n \u003cTASK\u003e\n pcl818_detach+0x66/0xd0 drivers/comedi/drivers/pcl818.c:1115\n comedi_device_detach_locked+0x178/0x750 drivers/comedi/drivers.c:207\n do_devconfig_ioctl drivers/comedi/comedi_fops.c:848 [inline]\n comedi_unlocked_ioctl+0xcde/0x1020 drivers/comedi/comedi_fops.c:2178\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:597 [inline]\n...", "Severity": "MEDIUM", "VendorSeverity": { "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68335", "https://git.kernel.org/stable/c/5caa40e7c6a43e08e3574f990865127705c22861", "https://git.kernel.org/stable/c/877adccfacb32687b90714a27cfb09f444fdfa16", "https://git.kernel.org/stable/c/88d99ca5adbd01ff088f5fb2ddeba5755e085e52", "https://git.kernel.org/stable/c/935ad4b3c325c24fff2c702da403283025ffc722", "https://git.kernel.org/stable/c/a51f025b5038abd3d22eed2ede4cd46793d89565", "https://git.kernel.org/stable/c/b2a5b172dc05be6c4f2c5542c1bbc6b14d60ff16", "https://git.kernel.org/stable/c/d948c53dec36dafe182631457597c49c1f1df5ea", "https://lore.kernel.org/linux-cve-announce/2025122220-CVE-2025-68335-6742@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68335", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68335" ], "PublishedDate": "2025-12-22T17:16:01.237Z", "LastModifiedDate": "2026-01-19T13:16:09.957Z" }, { "VulnerabilityID": "CVE-2025-68336", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68336", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b20b0f65dcd439bbb97504409bcfe0ca1f7a2a8451def1d40c77da00385eecff", "Title": "kernel: locking/spinlock/debug: Fix data-race in do_raw_write_lock", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nlocking/spinlock/debug: Fix data-race in do_raw_write_lock\n\nKCSAN reports:\n\nBUG: KCSAN: data-race in do_raw_write_lock / do_raw_write_lock\n\nwrite (marked) to 0xffff800009cf504c of 4 bytes by task 1102 on cpu 1:\n do_raw_write_lock+0x120/0x204\n _raw_write_lock_irq\n do_exit\n call_usermodehelper_exec_async\n ret_from_fork\n\nread to 0xffff800009cf504c of 4 bytes by task 1103 on cpu 0:\n do_raw_write_lock+0x88/0x204\n _raw_write_lock_irq\n do_exit\n call_usermodehelper_exec_async\n ret_from_fork\n\nvalue changed: 0xffffffff -\u003e 0x00000001\n\nReported by Kernel Concurrency Sanitizer on:\nCPU: 0 PID: 1103 Comm: kworker/u4:1 6.1.111\n\nCommit 1a365e822372 (\"locking/spinlock/debug: Fix various data races\") has\nadressed most of these races, but seems to be not consistent/not complete.\n\n\u003eFrom do_raw_write_lock() only debug_write_lock_after() part has been\nconverted to WRITE_ONCE(), but not debug_write_lock_before() part.\nDo it now.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68336", "https://git.kernel.org/stable/c/16b3590c0e1e615757dade098c8fbc0d4f040c76", "https://git.kernel.org/stable/c/396a9270a7b90886be501611b13aa636f2e8c703", "https://git.kernel.org/stable/c/39d2ef113416f1a4205b03fb0aa2e428d1412c77", "https://git.kernel.org/stable/c/8e5b2cf10844402054b52b489b525dc30cc16908", "https://git.kernel.org/stable/c/93bd23524d63deb80fb85beb2e43fafeb1043d0f", "https://git.kernel.org/stable/c/b163a5e8c703201c905d6ec7920ed79d167e8442", "https://git.kernel.org/stable/c/c14ecb555c3ee80eeb030a4e46d00e679537f03a", "https://git.kernel.org/stable/c/c228cb699a07a5f2d596d186bc5c314c99bb8bbf", "https://lore.kernel.org/linux-cve-announce/2025122220-CVE-2025-68336-0253@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68336", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68336" ], "PublishedDate": "2025-12-22T17:16:01.357Z", "LastModifiedDate": "2026-01-19T13:16:10.053Z" }, { "VulnerabilityID": "CVE-2025-68337", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68337", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:105f75240dda5451e510bac0143873f2acf2b1c79d36cf17fa82b088b3f86775", "Title": "kernel: jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\njbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted\n\nThere's issue when file system corrupted:\n------------[ cut here ]------------\nkernel BUG at fs/jbd2/transaction.c:1289!\nOops: invalid opcode: 0000 [#1] SMP KASAN PTI\nCPU: 5 UID: 0 PID: 2031 Comm: mkdir Not tainted 6.18.0-rc1-next\nRIP: 0010:jbd2_journal_get_create_access+0x3b6/0x4d0\nRSP: 0018:ffff888117aafa30 EFLAGS: 00010202\nRAX: 0000000000000000 RBX: ffff88811a86b000 RCX: ffffffff89a63534\nRDX: 1ffff110200ec602 RSI: 0000000000000004 RDI: ffff888100763010\nRBP: ffff888100763000 R08: 0000000000000001 R09: ffff888100763028\nR10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000000\nR13: ffff88812c432000 R14: ffff88812c608000 R15: ffff888120bfc000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f91d6970c99 CR3: 00000001159c4000 CR4: 00000000000006f0\nCall Trace:\n \u003cTASK\u003e\n __ext4_journal_get_create_access+0x42/0x170\n ext4_getblk+0x319/0x6f0\n ext4_bread+0x11/0x100\n ext4_append+0x1e6/0x4a0\n ext4_init_new_dir+0x145/0x1d0\n ext4_mkdir+0x326/0x920\n vfs_mkdir+0x45c/0x740\n do_mkdirat+0x234/0x2f0\n __x64_sys_mkdir+0xd6/0x120\n do_syscall_64+0x5f/0xfa0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe above issue occurs with us in errors=continue mode when accompanied by\nstorage failures. There have been many inconsistencies in the file system\ndata.\nIn the case of file system data inconsistency, for example, if the block\nbitmap of a referenced block is not set, it can lead to the situation where\na block being committed is allocated and used again. As a result, the\nfollowing condition will not be satisfied then trigger BUG_ON. Of course,\nit is entirely possible to construct a problematic image that can trigger\nthis BUG_ON through specific operations. In fact, I have constructed such\nan image and easily reproduced this issue.\nTherefore, J_ASSERT() holds true only under ideal conditions, but it may\nnot necessarily be satisfied in exceptional scenarios. Using J_ASSERT()\ndirectly in abnormal situations would cause the system to crash, which is\nclearly not what we want. So here we directly trigger a JBD abort instead\nof immediately invoking BUG_ON.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68337", "https://git.kernel.org/stable/c/3faac6531d4818cd6be45e5bbf32937bbbc795c0", "https://git.kernel.org/stable/c/71bbe06c40fc59b5b15661eca8ff307f4176d7f9", "https://git.kernel.org/stable/c/986835bf4d11032bba4ab8414d18fce038c61bb4", "https://git.kernel.org/stable/c/a2a7f854d154a3e9232fec80782dad951655f52f", "https://git.kernel.org/stable/c/aa1703f3f706ea0867fb1991dcac709c9ec94cfb", "https://git.kernel.org/stable/c/b4f8eabf6d991bd41fabcdf9302c4b3eab590cf4", "https://git.kernel.org/stable/c/bf34c72337e40c4670cceeb79b353356933a254b", "https://git.kernel.org/stable/c/ed62fd8c15d41c4127ad16b8219b63124f5962bc", "https://linux.oracle.com/cve/CVE-2025-68337.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2025122221-CVE-2025-68337-4b29@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68337", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68337" ], "PublishedDate": "2025-12-22T17:16:01.463Z", "LastModifiedDate": "2026-01-19T13:16:10.153Z" }, { "VulnerabilityID": "CVE-2025-68339", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68339", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f3e89a5e0d384b5b8fe485a524b8d15997ad4dd07627a2f8f9b09849a496ed10", "Title": "kernel: atm/fore200e: Fix possible data race in fore200e_open()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\natm/fore200e: Fix possible data race in fore200e_open()\n\nProtect access to fore200e-\u003eavailable_cell_rate with rate_mtx lock in the\nerror handling path of fore200e_open() to prevent a data race.\n\nThe field fore200e-\u003eavailable_cell_rate is a shared resource used to track\navailable bandwidth. It is concurrently accessed by fore200e_open(),\nfore200e_close(), and fore200e_change_qos().\n\nIn fore200e_open(), the lock rate_mtx is correctly held when subtracting\nvcc-\u003eqos.txtp.max_pcr from available_cell_rate to reserve bandwidth.\nHowever, if the subsequent call to fore200e_activate_vcin() fails, the\nfunction restores the reserved bandwidth by adding back to\navailable_cell_rate without holding the lock.\n\nThis introduces a race condition because available_cell_rate is a global\ndevice resource shared across all VCCs. If the error path in\nfore200e_open() executes concurrently with operations like\nfore200e_close() or fore200e_change_qos() on other VCCs, a\nread-modify-write race occurs.\n\nSpecifically, the error path reads the rate without the lock. If another\nCPU acquires the lock and modifies the rate (e.g., releasing bandwidth in\nfore200e_close()) between this read and the subsequent write, the error\npath will overwrite the concurrent update with a stale value. This results\nin incorrect bandwidth accounting.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "photon": 1, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68339", "https://git.kernel.org/linus/82fca3d8a4a34667f01ec2351a607135249c9cff (6.18)", "https://git.kernel.org/stable/c/1b60f42a639999c37da7f1fbfa1ad29cf4cbdd2d", "https://git.kernel.org/stable/c/6610361458e7eb6502dd3182f586f91fcc218039", "https://git.kernel.org/stable/c/667ac868823224374f819500adc5baa2889c7bc5", "https://git.kernel.org/stable/c/82fca3d8a4a34667f01ec2351a607135249c9cff", "https://git.kernel.org/stable/c/9917ba597cf95f307778e495f71ff25a5064d167", "https://git.kernel.org/stable/c/bd1415efbab507b9b995918105eef953013449dd", "https://git.kernel.org/stable/c/ed34c70d88e2b8b9bc6c3ede88751186d6c6d5d1", "https://lore.kernel.org/linux-cve-announce/2025122331-CVE-2025-68339-4fc3@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68339", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68339" ], "PublishedDate": "2025-12-23T14:16:40.477Z", "LastModifiedDate": "2025-12-23T14:51:52.65Z" }, { "VulnerabilityID": "CVE-2025-68342", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68342", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:02f530d7b68637a808e557b0048aaf7e9827877e2b9749c1a0ba6af28a11871a", "Title": "kernel: can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing data", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing data\n\nThe URB received in gs_usb_receive_bulk_callback() contains a struct\ngs_host_frame. The length of the data after the header depends on the\ngs_host_frame hf::flags and the active device features (e.g. time\nstamping).\n\nIntroduce a new function gs_usb_get_minimum_length() and check that we have\nat least received the required amount of data before accessing it. Only\ncopy the data to that skb that has actually been received.\n\n[mkl: rename gs_usb_get_minimum_length() -\u003e +gs_usb_get_minimum_rx_length()]", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68342", "https://git.kernel.org/linus/395d988f93861101ec89d0dd9e3b876ae9392a5b (6.18)", "https://git.kernel.org/stable/c/395d988f93861101ec89d0dd9e3b876ae9392a5b", "https://git.kernel.org/stable/c/4ffac725154cf6a253f5e6aa0c8946232b6a0af5", "https://git.kernel.org/stable/c/ad55004a3cb5b41ef78aa6c09e7bc5a489ba652b", "https://git.kernel.org/stable/c/fb0c7c77a7ae3a2c3404b7d0173b8739a754b513", "https://linux.oracle.com/cve/CVE-2025-68342.html", "https://linux.oracle.com/errata/ELSA-2026-50112.html", "https://lore.kernel.org/linux-cve-announce/2025122332-CVE-2025-68342-7f69@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68342", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-68342" ], "PublishedDate": "2025-12-23T14:16:40.81Z", "LastModifiedDate": "2025-12-23T14:51:52.65Z" }, { "VulnerabilityID": "CVE-2025-68343", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68343", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:38c24bedba0d937be1cd086c1768ddb75bb81674567dabf7ec7357aeab37bc64", "Title": "kernel: can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header\n\nThe driver expects to receive a struct gs_host_frame in\ngs_usb_receive_bulk_callback().\n\nUse struct_group to describe the header of the struct gs_host_frame and\ncheck that we have at least received the header before accessing any\nmembers of it.\n\nTo resubmit the URB, do not dereference the pointer chain\n\"dev-\u003eparent-\u003ehf_size_rx\" but use \"parent-\u003ehf_size_rx\" instead. Since\n\"urb-\u003econtext\" contains \"parent\", it is always defined, while \"dev\" is not\ndefined if the URB it too short.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68343", "https://git.kernel.org/linus/6fe9f3279f7d2518439a7962c5870c6e9ecbadcf (6.18)", "https://git.kernel.org/stable/c/18cbce43363c9f84b90a92d57df341155eee0697", "https://git.kernel.org/stable/c/3433680b759646efcacc64fe36aa2e51ae34b8f0", "https://git.kernel.org/stable/c/616eee3e895b8ca0028163fcb1dce5e3e9dea322", "https://git.kernel.org/stable/c/6fe9f3279f7d2518439a7962c5870c6e9ecbadcf", "https://git.kernel.org/stable/c/f31693dc3a584c0ad3937e857b59dbc1a7ed2b87", "https://linux.oracle.com/cve/CVE-2025-68343.html", "https://linux.oracle.com/errata/ELSA-2026-50112.html", "https://lore.kernel.org/linux-cve-announce/2025122333-CVE-2025-68343-3238@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68343", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-68343" ], "PublishedDate": "2025-12-23T14:16:40.913Z", "LastModifiedDate": "2025-12-23T14:51:52.65Z" }, { "VulnerabilityID": "CVE-2025-68344", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68344", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5bf3b4748187b6aa178760eec7dae402ce0a6f584d3c25e2c562758f8e1832c7", "Title": "kernel: ALSA: wavefront: Fix integer overflow in sample size validation", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: wavefront: Fix integer overflow in sample size validation\n\nThe wavefront_send_sample() function has an integer overflow issue\nwhen validating sample size. The header-\u003esize field is u32 but gets\ncast to int for comparison with dev-\u003efreemem\n\nFix by using unsigned comparison to avoid integer overflow.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68344", "https://git.kernel.org/stable/c/02b63f3bc29265bd9e83191792d200ed563acacf", "https://git.kernel.org/stable/c/0c4a13ba88594fd4a27292853e736c6b4349823d", "https://git.kernel.org/stable/c/1823e08f76c68b9e1d26f6d5ef831b96f61a62a0", "https://git.kernel.org/stable/c/488bf86d60077f52810c60dbdf7468c277880167", "https://git.kernel.org/stable/c/4f811071e702fbb74933526e2fbadf8c4ed0c0c4", "https://git.kernel.org/stable/c/5588b7c86effffa9bb55383a38800649d7b40778", "https://git.kernel.org/stable/c/bca11de0a277b8baeb7d006f93b543c907b6e782", "https://git.kernel.org/stable/c/d2f5d8cf1eadb7b33e476f59aa9c6653e4f2b937", "https://lore.kernel.org/linux-cve-announce/2025122449-CVE-2025-68344-3af5@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68344", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68344" ], "PublishedDate": "2025-12-24T11:15:57.74Z", "LastModifiedDate": "2026-01-19T13:16:10.253Z" }, { "VulnerabilityID": "CVE-2025-68345", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68345", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:296b6950301b2c7e922a4773bd7f248894c3c29442655f42a5d35678c72854fd", "Title": "kernel: Linux kernel ALSA: Denial of Service due to NULL pointer dereference", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi()\n\nThe acpi_get_first_physical_node() function can return NULL, in which\ncase the get_device() function also returns NULL, but this value is\nthen dereferenced without checking,so add a check to prevent a crash.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "photon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68345", "https://git.kernel.org/stable/c/343fa9800cf9870ec681e21f0a6f2157b74ae520", "https://git.kernel.org/stable/c/7a35a505d76a4b6cd426b59ff2d800d0394cc5d3", "https://git.kernel.org/stable/c/c28946b7409b7b68fb0481ec738c8b04578b11c6", "https://git.kernel.org/stable/c/c34b04cc6178f33c08331568c7fd25c5b9a39f66", "https://git.kernel.org/stable/c/e63f9c81ca28b06eeeac3630faddc50717897351", "https://git.kernel.org/stable/c/e6ba921b17797ccc545d80e0dbccb5fab91c248c", "https://lore.kernel.org/linux-cve-announce/2025122452-CVE-2025-68345-eea0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68345", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://www.cve.org/CVERecord?id=CVE-2025-68345" ], "PublishedDate": "2025-12-24T11:15:57.85Z", "LastModifiedDate": "2026-01-11T17:15:55.517Z" }, { "VulnerabilityID": "CVE-2025-68346", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68346", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a11bd4a847909e4e75cecdc52710db80c8e7c54d9bfb193d3b347b6848c060f0", "Title": "kernel: ALSA: dice: fix buffer overflow in detect_stream_formats()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: dice: fix buffer overflow in detect_stream_formats()\n\nThe function detect_stream_formats() reads the stream_count value directly\nfrom a FireWire device without validating it. This can lead to\nout-of-bounds writes when a malicious device provides a stream_count value\ngreater than MAX_STREAMS.\n\nFix by applying the same validation to both TX and RX stream counts in\ndetect_stream_formats().", "Severity": "MEDIUM", "VendorSeverity": { "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68346", "https://git.kernel.org/stable/c/1e1b3207a53e50d5a66289fffc1f7d52cd9c50f9", "https://git.kernel.org/stable/c/324f3e03e8a85931ce0880654e3c3eb38b0f0bba", "https://git.kernel.org/stable/c/3cf854cec0eb371da47ff5fe56eab189d7fa623a", "https://git.kernel.org/stable/c/4a6ab0f6cc9bdfdfecbf257a46ff4275bd965af4", "https://git.kernel.org/stable/c/932aa1e80b022419cf9710e970739b7a8794f27c", "https://git.kernel.org/stable/c/c0a1fe1902ad23e6d48e0f68be1258ccf7a163e6", "https://git.kernel.org/stable/c/d6280a5b00cad37d9a9a875849e5bf7ed2fe4950", "https://git.kernel.org/stable/c/dea3ed2c16f99f46f97b1a090bf80ecdd6972ce0", "https://linux.oracle.com/cve/CVE-2025-68346.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2025122453-CVE-2025-68346-10ef@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68346", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68346" ], "PublishedDate": "2025-12-24T11:15:57.947Z", "LastModifiedDate": "2026-01-19T13:16:10.357Z" }, { "VulnerabilityID": "CVE-2025-68349", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68349", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e34d6a48093be7216fc65bd4ea4bf6480152dcca8044ab52dab18d066c61297d", "Title": "kernel: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid\n\nFixes a crash when layout is null during this call stack:\n\nwrite_inode\n -\u003e nfs4_write_inode\n -\u003e pnfs_layoutcommit_inode\n\npnfs_set_layoutcommit relies on the lseg refcount to keep the layout\naround. Need to clear NFS_INO_LAYOUTCOMMIT otherwise we might attempt\nto reference a null layout.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:2722", "https://access.redhat.com/security/cve/CVE-2025-68349", "https://bugzilla.redhat.com/2360239", "https://bugzilla.redhat.com/2406747", "https://bugzilla.redhat.com/2419870", "https://bugzilla.redhat.com/2419902", "https://bugzilla.redhat.com/2424880", "https://bugzilla.redhat.com/2429116", "https://bugzilla.redhat.com/2432671", "https://bugzilla.redhat.com/show_bug.cgi?id=2360239", "https://bugzilla.redhat.com/show_bug.cgi?id=2406747", "https://bugzilla.redhat.com/show_bug.cgi?id=2419870", "https://bugzilla.redhat.com/show_bug.cgi?id=2419902", "https://bugzilla.redhat.com/show_bug.cgi?id=2424880", "https://bugzilla.redhat.com/show_bug.cgi?id=2429116", "https://bugzilla.redhat.com/show_bug.cgi?id=2432671", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-53034", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68349", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68811", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22998", "https://errata.almalinux.org/9/ALSA-2026-2722.html", "https://errata.rockylinux.org/RLSA-2026:2722", "https://git.kernel.org/stable/c/084bebe82ad86f718a3af84f34761863e63164ed", "https://git.kernel.org/stable/c/104080582ae0aa6dce6c6d75ff89062efe84673b", "https://git.kernel.org/stable/c/38694f9aae00459ab443a7dc8b3949a6b33b560a", "https://git.kernel.org/stable/c/59947dff0fb7c19c09ce6dccbcd253fd542b6c25", "https://git.kernel.org/stable/c/b6e4e3a08c03200cc4b8067ec8ab3172a989d6fc", "https://git.kernel.org/stable/c/ca2e7fdad7c683b64821c94a58b9b68733214dad", "https://git.kernel.org/stable/c/e0f8058f2cb56de0b7572f51cd563ca5debce746", "https://git.kernel.org/stable/c/f718f9ea6094843b8c059b073af49ad61e9f49bb", "https://linux.oracle.com/cve/CVE-2025-68349.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2025122453-CVE-2025-68349-12d5@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68349", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68349" ], "PublishedDate": "2025-12-24T11:15:58.247Z", "LastModifiedDate": "2026-01-19T13:16:10.453Z" }, { "VulnerabilityID": "CVE-2025-68354", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68354", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:af3b579b658275bb1af0d3bfca69a9b48b119854ee9f71c2c6211a75156b5be4", "Title": "kernel: regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: core: Protect regulator_supply_alias_list with regulator_list_mutex\n\nregulator_supply_alias_list was accessed without any locking in\nregulator_supply_alias(), regulator_register_supply_alias(), and\nregulator_unregister_supply_alias(). Concurrent registration,\nunregistration and lookups can race, leading to:\n\n1 use-after-free if an alias entry is removed while being read,\n2 duplicate entries when two threads register the same alias,\n3 inconsistent alias mappings observed by consumers.\n\nProtect all traversals, insertions and deletions on\nregulator_supply_alias_list with the existing regulator_list_mutex.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "oracle-oval": 3, "photon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68354", "https://git.kernel.org/stable/c/09811a83b214cc15521e0d818e43ae9043e9a28d", "https://git.kernel.org/stable/c/0cc15a10c3b4ab14cd71b779fd5c9ca0cb2bc30d", "https://git.kernel.org/stable/c/431a1d44ad4866362cc28fc1cc4ca93d84989239", "https://git.kernel.org/stable/c/64099b5c0aeb70bc7cd5556eb7f59c5b4a5010bf", "https://git.kernel.org/stable/c/9d041a7ba13f21adfac052eb3fda1df62f2166c1", "https://git.kernel.org/stable/c/a63fbc07d1b34a9821ea3b31ff4e6456f9d0aa61", "https://git.kernel.org/stable/c/a9864d42ebcdd394ebb864643b961b36e7b515be", "https://git.kernel.org/stable/c/e1587064137028e7edcca14fb766b68d27bec94b", "https://linux.oracle.com/cve/CVE-2025-68354.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2025122455-CVE-2025-68354-d175@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68354", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68354" ], "PublishedDate": "2025-12-24T11:15:58.757Z", "LastModifiedDate": "2026-01-19T13:16:10.55Z" }, { "VulnerabilityID": "CVE-2025-68358", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68358", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8f3c3cd3f911589973edebb859df0860895acd3b3baa495f9faf4ae098bf338a", "Title": "kernel: btrfs: fix racy bitfield write in btrfs_clear_space_info_full()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix racy bitfield write in btrfs_clear_space_info_full()\n\nFrom the memory-barriers.txt document regarding memory barrier ordering\nguarantees:\n\n (*) These guarantees do not apply to bitfields, because compilers often\n generate code to modify these using non-atomic read-modify-write\n sequences. Do not attempt to use bitfields to synchronize parallel\n algorithms.\n\n (*) Even in cases where bitfields are protected by locks, all fields\n in a given bitfield must be protected by one lock. If two fields\n in a given bitfield are protected by different locks, the compiler's\n non-atomic read-modify-write sequences can cause an update to one\n field to corrupt the value of an adjacent field.\n\nbtrfs_space_info has a bitfield sharing an underlying word consisting of\nthe fields full, chunk_alloc, and flush:\n\nstruct btrfs_space_info {\n struct btrfs_fs_info * fs_info; /* 0 8 */\n struct btrfs_space_info * parent; /* 8 8 */\n ...\n int clamp; /* 172 4 */\n unsigned int full:1; /* 176: 0 4 */\n unsigned int chunk_alloc:1; /* 176: 1 4 */\n unsigned int flush:1; /* 176: 2 4 */\n ...\n\nTherefore, to be safe from parallel read-modify-writes losing a write to\none of the bitfield members protected by a lock, all writes to all the\nbitfields must use the lock. They almost universally do, except for\nbtrfs_clear_space_info_full() which iterates over the space_infos and\nwrites out found-\u003efull = 0 without a lock.\n\nImagine that we have one thread completing a transaction in which we\nfinished deleting a block_group and are thus calling\nbtrfs_clear_space_info_full() while simultaneously the data reclaim\nticket infrastructure is running do_async_reclaim_data_space():\n\n T1 T2\nbtrfs_commit_transaction\n btrfs_clear_space_info_full\n data_sinfo-\u003efull = 0\n READ: full:0, chunk_alloc:0, flush:1\n do_async_reclaim_data_space(data_sinfo)\n spin_lock(\u0026space_info-\u003elock);\n if(list_empty(tickets))\n space_info-\u003eflush = 0;\n READ: full: 0, chunk_alloc:0, flush:1\n MOD/WRITE: full: 0, chunk_alloc:0, flush:0\n spin_unlock(\u0026space_info-\u003elock);\n return;\n MOD/WRITE: full:0, chunk_alloc:0, flush:1\n\nand now data_sinfo-\u003eflush is 1 but the reclaim worker has exited. This\nbreaks the invariant that flush is 0 iff there is no work queued or\nrunning. Once this invariant is violated, future allocations that go\ninto __reserve_bytes() will add tickets to space_info-\u003etickets but will\nsee space_info-\u003eflush is set to 1 and not queue the work. After this,\nthey will block forever on the resulting ticket, as it is now impossible\nto kick the worker again.\n\nI also confirmed by looking at the assembly of the affected kernel that\nit is doing RMW operations. For example, to set the flush (3rd) bit to 0,\nthe assembly is:\n andb $0xfb,0x60(%rbx)\nand similarly for setting the full (1st) bit to 0:\n andb $0xfe,-0x20(%rax)\n\nSo I think this is really a bug on practical systems. I have observed\na number of systems in this exact state, but am currently unable to\nreproduce it.\n\nRather than leaving this footgun lying around for the future, take\nadvantage of the fact that there is room in the struct anyway, and that\nit is already quite large and simply change the three bitfield members to\nbools. This avoids writes to space_info-\u003efull having any effect on\n---truncated---", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68358", "https://git.kernel.org/stable/c/38e818718c5e04961eea0fa8feff3f100ce40408", "https://git.kernel.org/stable/c/55835646da78e83e7ad06abd741ca8fd8c0b0ea7", "https://git.kernel.org/stable/c/6f442808a86eef847ee10afa9e6459494ed85bb3", "https://git.kernel.org/stable/c/742b90eaf394f0018352c0e10dc89763b2dd5267", "https://git.kernel.org/stable/c/b0bb67385480a3aa4c54b139e4f371ddd06b5150", "https://git.kernel.org/stable/c/d4a81b8ec639895999275ea2472c69825cd67ea4", "https://git.kernel.org/stable/c/db4ae18e1b31e0421fb5312e56aefa382bbc6ece", "https://linux.oracle.com/cve/CVE-2025-68358.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2025122456-CVE-2025-68358-4efc@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68358", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://www.cve.org/CVERecord?id=CVE-2025-68358" ], "PublishedDate": "2025-12-24T11:15:59.173Z", "LastModifiedDate": "2026-02-26T18:49:42.557Z" }, { "VulnerabilityID": "CVE-2025-68362", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68362", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:51a474eaab9673f56cfd013b1f3e1e6df819c8c373fd99af586a575f20b2d7c4", "Title": "kernel: wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb()\n\nThe rtl8187_rx_cb() calculates the rx descriptor header address\nby subtracting its size from the skb tail pointer.\nHowever, it does not validate if the received packet\n(skb-\u003elen from urb-\u003eactual_length) is large enough to contain this\nheader.\n\nIf a truncated packet is received, this will lead to a buffer\nunderflow, reading memory before the start of the skb data area,\nand causing a kernel panic.\n\nAdd length checks for both rtl8187 and rtl8187b descriptor headers\nbefore attempting to access them, dropping the packet cleanly if the\ncheck fails.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68362", "https://git.kernel.org/stable/c/118e12bf3e4288cf845cd3759bd9d4c99f91aab5", "https://git.kernel.org/stable/c/4758770a673c60d8f615809304d72e1432fa6355", "https://git.kernel.org/stable/c/5ebf0fe7eaef9f6173a4c6ea77c5353e21645d15", "https://git.kernel.org/stable/c/638d4148e166d114a4cd7becaae992ce1a815ed8", "https://git.kernel.org/stable/c/6a96bd0d94305fd04a6ac64446ec113bae289384", "https://git.kernel.org/stable/c/b647d2574e4583c2e3b0ab35568f60c88e910840", "https://git.kernel.org/stable/c/dc153401fb26c1640a2b279c47b65e1c416af276", "https://git.kernel.org/stable/c/e2f3ea15e804607e0a4a34a2f6c331c8750b68bc", "https://linux.oracle.com/cve/CVE-2025-68362.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2025122458-CVE-2025-68362-e4d6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68362", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68362" ], "PublishedDate": "2025-12-24T11:15:59.593Z", "LastModifiedDate": "2026-01-19T13:16:10.65Z" }, { "VulnerabilityID": "CVE-2025-68363", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68363", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:22425867098929d68d3c708e6f9988029e3b23e8f2ad94d345f5ada5d7c9fbfb", "Title": "kernel: bpf: Check skb-\u003etransport_header is set in bpf_skb_check_mtu", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Check skb-\u003etransport_header is set in bpf_skb_check_mtu\n\nThe bpf_skb_check_mtu helper needs to use skb-\u003etransport_header when\nthe BPF_MTU_CHK_SEGS flag is used:\n\n\tbpf_skb_check_mtu(skb, ifindex, \u0026mtu_len, 0, BPF_MTU_CHK_SEGS)\n\nThe transport_header is not always set. There is a WARN_ON_ONCE\nreport when CONFIG_DEBUG_NET is enabled + skb-\u003egso_size is set +\nbpf_prog_test_run is used:\n\nWARNING: CPU: 1 PID: 2216 at ./include/linux/skbuff.h:3071\n skb_gso_validate_network_len\n bpf_skb_check_mtu\n bpf_prog_3920e25740a41171_tc_chk_segs_flag # A test in the next patch\n bpf_test_run\n bpf_prog_test_run_skb\n\nFor a normal ingress skb (not test_run), skb_reset_transport_header\nis performed but there is plan to avoid setting it as described in\ncommit 2170a1f09148 (\"net: no longer reset transport_header in __netif_receive_skb_core()\").\n\nThis patch fixes the bpf helper by checking\nskb_transport_header_was_set(). The check is done just before\nskb-\u003etransport_header is used, to avoid breaking the existing bpf prog.\nThe WARN_ON_ONCE is limited to bpf_prog_test_run, so targeting bpf-next.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68363", "https://git.kernel.org/stable/c/1c30e4afc5507f0069cc09bd561e510e4d97fbf7", "https://git.kernel.org/stable/c/30ce906557a21adef4cba5901c8e995dc18263a9", "https://git.kernel.org/stable/c/942268e2726ac7f16e3ec49dbfbbbe7cf5af9da5", "https://git.kernel.org/stable/c/97b876fa88322625228792cf7a5fd77531815a80", "https://git.kernel.org/stable/c/b3171a5e4622e915e94599a55f4964078bdec27e", "https://git.kernel.org/stable/c/d946f3c98328171fa50ddb908593cf833587f725", "https://linux.oracle.com/cve/CVE-2025-68363.html", "https://linux.oracle.com/errata/ELSA-2026-50112.html", "https://lore.kernel.org/linux-cve-announce/2025122458-CVE-2025-68363-3863@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68363", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://www.cve.org/CVERecord?id=CVE-2025-68363" ], "PublishedDate": "2025-12-24T11:15:59.72Z", "LastModifiedDate": "2026-01-11T17:15:56.163Z" }, { "VulnerabilityID": "CVE-2025-68364", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68364", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0cb3372f2f33741bbc670b6d1f4c579d80a56c7e2465e95801d7fc75160f78cd", "Title": "kernel: ocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent()\n\nIn '__ocfs2_move_extent()', relax 'BUG()' to 'ocfs2_error()' just\nto avoid crashing the whole kernel due to a filesystem corruption.", "Severity": "MEDIUM", "VendorSeverity": { "oracle-oval": 3, "photon": 1, "redhat": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68364", "https://git.kernel.org/stable/c/08b93c1c12c66989316883d733475c64d14de5d2", "https://git.kernel.org/stable/c/1ad2f81a099b8df5f72bce0a3e9f531263a846b8", "https://git.kernel.org/stable/c/7abbe41d22a06aae00fd46d29f59dd40a01e988f", "https://git.kernel.org/stable/c/8a7d58845fae061c62b50bc5eeb9bae4a1dedc3d", "https://git.kernel.org/stable/c/bcb94288d95cfc52f4d7cead260f4db54c8c741a", "https://git.kernel.org/stable/c/cb34a55f552960c74e26b3699c84745b96e3131a", "https://git.kernel.org/stable/c/e5c2503696ec2e0dc7b2aee902dc859ccde39ddf", "https://git.kernel.org/stable/c/e5c52c320577cd405b251943ef77842dc6f303bf", "https://linux.oracle.com/cve/CVE-2025-68364.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2025122458-CVE-2025-68364-ee48@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68364", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68364" ], "PublishedDate": "2025-12-24T11:15:59.96Z", "LastModifiedDate": "2026-01-19T13:16:10.75Z" }, { "VulnerabilityID": "CVE-2025-68366", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68366", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:004e1187912fe977e0faa2abff45fed4c89fc26f96736890ac2ac371ce514d76", "Title": "kernel: nbd: defer config unlock in nbd_genl_connect", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: defer config unlock in nbd_genl_connect\n\nThere is one use-after-free warning when running NBD_CMD_CONNECT and\nNBD_CLEAR_SOCK:\n\nnbd_genl_connect\n nbd_alloc_and_init_config // config_refs=1\n nbd_start_device // config_refs=2\n set NBD_RT_HAS_CONFIG_REF\t\t\topen nbd // config_refs=3\n recv_work done // config_refs=2\n\t\t\t\t\t\tNBD_CLEAR_SOCK // config_refs=1\n\t\t\t\t\t\tclose nbd // config_refs=0\n refcount_inc -\u003e uaf\n\n------------[ cut here ]------------\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 24 PID: 1014 at lib/refcount.c:25 refcount_warn_saturate+0x12e/0x290\n nbd_genl_connect+0x16d0/0x1ab0\n genl_family_rcv_msg_doit+0x1f3/0x310\n genl_rcv_msg+0x44a/0x790\n\nThe issue can be easily reproduced by adding a small delay before\nrefcount_inc(\u0026nbd-\u003econfig_refs) in nbd_genl_connect():\n\n mutex_unlock(\u0026nbd-\u003econfig_lock);\n if (!ret) {\n set_bit(NBD_RT_HAS_CONFIG_REF, \u0026config-\u003eruntime_flags);\n+ printk(\"before sleep\\n\");\n+ mdelay(5 * 1000);\n+ printk(\"after sleep\\n\");\n refcount_inc(\u0026nbd-\u003econfig_refs);\n nbd_connect_reply(info, nbd-\u003eindex);\n }", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68366", "https://git.kernel.org/stable/c/1649714b930f9ea6233ce0810ba885999da3b5d4", "https://git.kernel.org/stable/c/2e5e0665a594f076ef2b9439447bae8be293d09d", "https://git.kernel.org/stable/c/330d688a5ca53857828081a3cf31b92ad1b0b3ed", "https://git.kernel.org/stable/c/9a38306643874566d20f7aba7dff9e6f657b51a9", "https://git.kernel.org/stable/c/ae3e7bc1f4b393ae20e5c85583eb2c6977374716", "https://git.kernel.org/stable/c/c9b99c948b4fb014812afe7b5ccf2db121d22e46", "https://git.kernel.org/stable/c/c9e805f6a35d1dd189a9345595a5c20e87611942", "https://git.kernel.org/stable/c/cd93db1b1b4460e6ee77564024ea461e5940f69c", "https://linux.oracle.com/cve/CVE-2025-68366.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2025122459-CVE-2025-68366-b367@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68366", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68366" ], "PublishedDate": "2025-12-24T11:16:00.163Z", "LastModifiedDate": "2026-01-19T13:16:10.847Z" }, { "VulnerabilityID": "CVE-2025-68367", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68367", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0e24f8fc20423f62be88ab5223545e7de19f8bf2dbab85d46ff124dc0c47a647", "Title": "kernel: Linux kernel (macintosh/mac_hid): Denial of Service via race condition in mac_hid_toggle_emumouse", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmacintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse\n\nThe following warning appears when running syzkaller, and this issue also\nexists in the mainline code.\n\n ------------[ cut here ]------------\n list_add double add: new=ffffffffa57eee28, prev=ffffffffa57eee28, next=ffffffffa5e63100.\n WARNING: CPU: 0 PID: 1491 at lib/list_debug.c:35 __list_add_valid_or_report+0xf7/0x130\n Modules linked in:\n CPU: 0 PID: 1491 Comm: syz.1.28 Not tainted 6.6.0+ #3\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\n RIP: 0010:__list_add_valid_or_report+0xf7/0x130\n RSP: 0018:ff1100010dfb7b78 EFLAGS: 00010282\n RAX: 0000000000000000 RBX: ffffffffa57eee18 RCX: ffffffff97fc9817\n RDX: 0000000000040000 RSI: ffa0000002383000 RDI: 0000000000000001\n RBP: ffffffffa57eee28 R08: 0000000000000001 R09: ffe21c0021bf6f2c\n R10: 0000000000000001 R11: 6464615f7473696c R12: ffffffffa5e63100\n R13: ffffffffa57eee28 R14: ffffffffa57eee28 R15: ff1100010dfb7d48\n FS: 00007fb14398b640(0000) GS:ff11000119600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 000000010d096005 CR4: 0000000000773ef0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 80000000\n Call Trace:\n \u003cTASK\u003e\n input_register_handler+0xb3/0x210\n mac_hid_start_emulation+0x1c5/0x290\n mac_hid_toggle_emumouse+0x20a/0x240\n proc_sys_call_handler+0x4c2/0x6e0\n new_sync_write+0x1b1/0x2d0\n vfs_write+0x709/0x950\n ksys_write+0x12a/0x250\n do_syscall_64+0x5a/0x110\n entry_SYSCALL_64_after_hwframe+0x78/0xe2\n\nThe WARNING occurs when two processes concurrently write to the mac-hid\nemulation sysctl, causing a race condition in mac_hid_toggle_emumouse().\nBoth processes read old_val=0, then both try to register the input handler,\nleading to a double list_add of the same handler.\n\n CPU0 CPU1\n ------------------------- -------------------------\n vfs_write() //write 1 vfs_write() //write 1\n proc_sys_write() proc_sys_write()\n mac_hid_toggle_emumouse() mac_hid_toggle_emumouse()\n old_val = *valp // old_val=0\n old_val = *valp // old_val=0\n mutex_lock_killable()\n proc_dointvec() // *valp=1\n mac_hid_start_emulation()\n input_register_handler()\n mutex_unlock()\n mutex_lock_killable()\n proc_dointvec()\n mac_hid_start_emulation()\n input_register_handler() //Trigger Warning\n mutex_unlock()\n\nFix this by moving the old_val read inside the mutex lock region.", "Severity": "MEDIUM", "VendorSeverity": { "oracle-oval": 3, "photon": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68367", "https://git.kernel.org/stable/c/14c209835e47a87e6da94bb9401e570dcc14f31f", "https://git.kernel.org/stable/c/1e4b207ffe54cf33a4b7a2912c4110f89c73bf3f", "https://git.kernel.org/stable/c/230621ffdb361d15cd3ef92d8b4fa8d314f4fad4", "https://git.kernel.org/stable/c/388391dd1cc567fcf0b372b63d414c119d23e911", "https://git.kernel.org/stable/c/48a7d427eb65922b3f17fbe00e2bbc7cb9eac381", "https://git.kernel.org/stable/c/583d36523f56d8e9ddfa0bec20743a6faefc9b74", "https://git.kernel.org/stable/c/61abf8c3162d155b4fd0fb251f08557093363a0a", "https://git.kernel.org/stable/c/d5f1d40fd342b589420de7508b4c748fcf28122e", "https://linux.oracle.com/cve/CVE-2025-68367.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2025122459-CVE-2025-68367-847e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68367", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68367" ], "PublishedDate": "2025-12-24T11:16:00.267Z", "LastModifiedDate": "2026-01-19T13:16:10.943Z" }, { "VulnerabilityID": "CVE-2025-68371", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68371", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b1636b183d4caf44587899fef1cc8c7cc07a4e9351fe57fb0aea1728da181f9b", "Title": "kernel: scsi: smartpqi: Fix device resources accessed after device removal", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: smartpqi: Fix device resources accessed after device removal\n\nCorrect possible race conditions during device removal.\n\nPreviously, a scheduled work item to reset a LUN could still execute\nafter the device was removed, leading to use-after-free and other\nresource access issues.\n\nThis race condition occurs because the abort handler may schedule a LUN\nreset concurrently with device removal via sdev_destroy(), leading to\nuse-after-free and improper access to freed resources.\n\n - Check in the device reset handler if the device is still present in\n the controller's SCSI device list before running; if not, the reset\n is skipped.\n\n - Cancel any pending TMF work that has not started in sdev_destroy().\n\n - Ensure device freeing in sdev_destroy() is done while holding the\n LUN reset mutex to avoid races with ongoing resets.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68371", "https://git.kernel.org/stable/c/1a5c5a2f88e839af5320216a02ffb075b668596a", "https://git.kernel.org/stable/c/4e1acf1b6dd6dd0495bda139daafd7a403ae2dc1", "https://git.kernel.org/stable/c/6d2390653d82cad0e1ba2676e536dd99678f6ef1", "https://git.kernel.org/stable/c/7dfa5a5516ec3c6b9b6c22ee18f0eb2df3f38ef2", "https://git.kernel.org/stable/c/b518e86d1a70a88f6592a7c396cf1b93493d1aab", "https://git.kernel.org/stable/c/eccc02ba1747501d92bb2049e3ce378ba372f641", "https://linux.oracle.com/cve/CVE-2025-68371.html", "https://linux.oracle.com/errata/ELSA-2026-50112.html", "https://lore.kernel.org/linux-cve-announce/2025122401-CVE-2025-68371-5c31@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68371", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://www.cve.org/CVERecord?id=CVE-2025-68371" ], "PublishedDate": "2025-12-24T11:16:00.673Z", "LastModifiedDate": "2026-01-11T17:15:56.64Z" }, { "VulnerabilityID": "CVE-2025-68372", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68372", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:86d4834cd81dee796f143f2d63282352a39db1f3ce82e8c21ad2044cb6227cb1", "Title": "kernel: nbd: defer config put in recv_work", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: defer config put in recv_work\n\nThere is one uaf issue in recv_work when running NBD_CLEAR_SOCK and\nNBD_CMD_RECONFIGURE:\n nbd_genl_connect // conf_ref=2 (connect and recv_work A)\n nbd_open\t // conf_ref=3\n recv_work A done // conf_ref=2\n NBD_CLEAR_SOCK // conf_ref=1\n nbd_genl_reconfigure // conf_ref=2 (trigger recv_work B)\n close nbd\t // conf_ref=1\n recv_work B\n config_put // conf_ref=0\n atomic_dec(\u0026config-\u003erecv_threads); -\u003e UAF\n\nOr only running NBD_CLEAR_SOCK:\n nbd_genl_connect // conf_ref=2\n nbd_open \t // conf_ref=3\n NBD_CLEAR_SOCK // conf_ref=2\n close nbd\n nbd_release\n config_put // conf_ref=1\n recv_work\n config_put \t // conf_ref=0\n atomic_dec(\u0026config-\u003erecv_threads); -\u003e UAF\n\nCommit 87aac3a80af5 (\"nbd: call nbd_config_put() before notifying the\nwaiter\") moved nbd_config_put() to run before waking up the waiter in\nrecv_work, in order to ensure that nbd_start_device_ioctl() would not\nbe woken up while nbd-\u003etask_recv was still uncleared.\n\nHowever, in nbd_start_device_ioctl(), after being woken up it explicitly\ncalls flush_workqueue() to make sure all current works are finished.\nTherefore, there is no need to move the config put ahead of the wakeup.\n\nMove nbd_config_put() to the end of recv_work, so that the reference is\nheld for the whole lifetime of the worker thread. This makes sure the\nconfig cannot be freed while recv_work is still running, even if clear\n+ reconfigure interleave.\n\nIn addition, we don't need to worry about recv_work dropping the last\nnbd_put (which causes deadlock):\n\npath A (netlink with NBD_CFLAG_DESTROY_ON_DISCONNECT):\n connect // nbd_refs=1 (trigger recv_work)\n open nbd // nbd_refs=2\n NBD_CLEAR_SOCK\n close nbd\n nbd_release\n nbd_disconnect_and_put\n flush_workqueue // recv_work done\n nbd_config_put\n nbd_put // nbd_refs=1\n nbd_put // nbd_refs=0\n queue_work\n\npath B (netlink without NBD_CFLAG_DESTROY_ON_DISCONNECT):\n connect // nbd_refs=2 (trigger recv_work)\n open nbd // nbd_refs=3\n NBD_CLEAR_SOCK // conf_refs=2\n close nbd\n nbd_release\n nbd_config_put // conf_refs=1\n nbd_put // nbd_refs=2\n recv_work done // conf_refs=0, nbd_refs=1\n rmmod // nbd_refs=0\n\nDepends-on: e2daec488c57 (\"nbd: Fix hungtask when nbd_config_put\")", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68372", "https://git.kernel.org/stable/c/198aa230a6f8c1f6af7ed26b29180749c3e79e4d", "https://git.kernel.org/stable/c/1ba2ced2bbdf7e64a30c3e88c70ea8bc208d1509", "https://git.kernel.org/stable/c/3692884bd6187d89d41eef81e5a9724519fd01c1", "https://git.kernel.org/stable/c/443a1721806b6ff6303b5229e9811d68172d622f", "https://git.kernel.org/stable/c/6b69593f72e1bfba6ca47ca8d9b619341fded7d6", "https://git.kernel.org/stable/c/742012f6bf29553fdc460bf646a58df3a7b43d01", "https://git.kernel.org/stable/c/9517b82d8d422d426a988b213fdd45c6b417b86d", "https://git.kernel.org/stable/c/d3ba312675911ff9e3fefefd551751e153a9f0a9", "https://linux.oracle.com/cve/CVE-2025-68372.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2025122401-CVE-2025-68372-98d0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68372", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68372" ], "PublishedDate": "2025-12-24T11:16:00.777Z", "LastModifiedDate": "2026-01-19T13:16:11.14Z" }, { "VulnerabilityID": "CVE-2025-68378", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68378", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:29f6a4a2e597fd72ef4911a6fae8ffb217f34b2a40d9cff60c977e4e9dbd3cc5", "Title": "kernel: bpf: Fix stackmap overflow check in __bpf_get_stackid()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix stackmap overflow check in __bpf_get_stackid()\n\nSyzkaller reported a KASAN slab-out-of-bounds write in __bpf_get_stackid()\nwhen copying stack trace data. The issue occurs when the perf trace\n contains more stack entries than the stack map bucket can hold,\n leading to an out-of-bounds write in the bucket's data array.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68378", "https://git.kernel.org/stable/c/23f852daa4bab4d579110e034e4d513f7d490846", "https://git.kernel.org/stable/c/2a008f6de163279deffd488c1deab081bce5667c", "https://git.kernel.org/stable/c/4669a8db976c8cbd5427fe9945f12c5fa5168ff3", "https://git.kernel.org/stable/c/d1f424a77b6bd27b361737ed73df49a0158f1590", "https://linux.oracle.com/cve/CVE-2025-68378.html", "https://linux.oracle.com/errata/ELSA-2026-50112.html", "https://lore.kernel.org/linux-cve-announce/2025122403-CVE-2025-68378-60d1@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68378", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://www.cve.org/CVERecord?id=CVE-2025-68378" ], "PublishedDate": "2025-12-24T11:16:01.39Z", "LastModifiedDate": "2025-12-29T15:58:34.503Z" }, { "VulnerabilityID": "CVE-2025-68379", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68379", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:03ad0a32a39e0988021cc19b88b85c95f129511541bcbf2cdbb514de483406f8", "Title": "kernel: Linux kernel: Denial of Service in RDMA subsystem via repeated SRQ modification", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix null deref on srq-\u003erq.queue after resize failure\n\nA NULL pointer dereference can occur in rxe_srq_chk_attr() when\nibv_modify_srq() is invoked twice in succession under certain error\nconditions. The first call may fail in rxe_queue_resize(), which leads\nrxe_srq_from_attr() to set srq-\u003erq.queue = NULL. The second call then\ntriggers a crash (null deref) when accessing\nsrq-\u003erq.queue-\u003ebuf-\u003eindex_mask.\n\nCall Trace:\n\u003cTASK\u003e\nrxe_modify_srq+0x170/0x480 [rdma_rxe]\n? __pfx_rxe_modify_srq+0x10/0x10 [rdma_rxe]\n? uverbs_try_lock_object+0x4f/0xa0 [ib_uverbs]\n? rdma_lookup_get_uobject+0x1f0/0x380 [ib_uverbs]\nib_uverbs_modify_srq+0x204/0x290 [ib_uverbs]\n? __pfx_ib_uverbs_modify_srq+0x10/0x10 [ib_uverbs]\n? tryinc_node_nr_active+0xe6/0x150\n? uverbs_fill_udata+0xed/0x4f0 [ib_uverbs]\nib_uverbs_handler_UVERBS_METHOD_INVOKE_WRITE+0x2c0/0x470 [ib_uverbs]\n? __pfx_ib_uverbs_handler_UVERBS_METHOD_INVOKE_WRITE+0x10/0x10 [ib_uverbs]\n? uverbs_fill_udata+0xed/0x4f0 [ib_uverbs]\nib_uverbs_run_method+0x55a/0x6e0 [ib_uverbs]\n? __pfx_ib_uverbs_handler_UVERBS_METHOD_INVOKE_WRITE+0x10/0x10 [ib_uverbs]\nib_uverbs_cmd_verbs+0x54d/0x800 [ib_uverbs]\n? __pfx_ib_uverbs_cmd_verbs+0x10/0x10 [ib_uverbs]\n? __pfx___raw_spin_lock_irqsave+0x10/0x10\n? __pfx_do_vfs_ioctl+0x10/0x10\n? ioctl_has_perm.constprop.0.isra.0+0x2c7/0x4c0\n? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10\nib_uverbs_ioctl+0x13e/0x220 [ib_uverbs]\n? __pfx_ib_uverbs_ioctl+0x10/0x10 [ib_uverbs]\n__x64_sys_ioctl+0x138/0x1c0\ndo_syscall_64+0x82/0x250\n? fdget_pos+0x58/0x4c0\n? ksys_write+0xf3/0x1c0\n? __pfx_ksys_write+0x10/0x10\n? do_syscall_64+0xc8/0x250\n? __pfx_vm_mmap_pgoff+0x10/0x10\n? fget+0x173/0x230\n? fput+0x2a/0x80\n? ksys_mmap_pgoff+0x224/0x4c0\n? do_syscall_64+0xc8/0x250\n? do_user_addr_fault+0x37b/0xfe0\n? clear_bhb_loop+0x50/0xa0\n? clear_bhb_loop+0x50/0xa0\n? clear_bhb_loop+0x50/0xa0\nentry_SYSCALL_64_after_hwframe+0x76/0x7e", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68379", "https://git.kernel.org/stable/c/503a5e4690ae14c18570141bc0dcf7501a8419b0", "https://git.kernel.org/stable/c/58aca869babd48cb9c3d6ee9e1452c4b9f5266a6", "https://git.kernel.org/stable/c/5dbeb421e137824aa9bd8358bdfc926a3965fc0d", "https://git.kernel.org/stable/c/b8f6eeb87a76b6fb1f6381b0b2894568e1b784f7", "https://git.kernel.org/stable/c/bc4c14a3863cc0e03698caec9a0cdabd779776ee", "https://linux.oracle.com/cve/CVE-2025-68379.html", "https://linux.oracle.com/errata/ELSA-2026-50112.html", "https://lore.kernel.org/linux-cve-announce/2025122403-CVE-2025-68379-f90f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68379", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://www.cve.org/CVERecord?id=CVE-2025-68379" ], "PublishedDate": "2025-12-24T11:16:01.493Z", "LastModifiedDate": "2026-01-11T17:15:56.827Z" }, { "VulnerabilityID": "CVE-2025-68724", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68724", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a3c9cd915a77493c0eb4d77f2d9a42ba1685b0bf825f29321b22d2db60703773", "Title": "kernel: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id\n\nUse check_add_overflow() to guard against potential integer overflows\nwhen adding the binary blob lengths and the size of an asymmetric_key_id\nstructure and return ERR_PTR(-EOVERFLOW) accordingly. This prevents a\npossible buffer overflow when copying data from potentially malicious\nX.509 certificate fields that can be arbitrarily large, such as ASN.1\nINTEGER serial numbers, issuer names, etc.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68724", "https://git.kernel.org/stable/c/5b8ac617c8dab5cad3c4dc8d84d0987808a0f99c", "https://git.kernel.org/stable/c/60a7be5ee74408147e439164ac067e418ca74bb4", "https://git.kernel.org/stable/c/6af753ac5205115e6c310c8c4236c01b59a1c44f", "https://git.kernel.org/stable/c/b7090a5c153105b9fd221a5a81459ee8cd5babd6", "https://git.kernel.org/stable/c/c13c6e9de91d7f1dd7df756b1fa5a1f968839d76", "https://git.kernel.org/stable/c/c73be4f51eed98fa0c7c189db8f279e1c86bfbf7", "https://git.kernel.org/stable/c/df0845cf447ae1556c3440b8b155de0926cbaa56", "https://git.kernel.org/stable/c/dfc1613961828745165aec6552c3818fa14ab725", "https://linux.oracle.com/cve/CVE-2025-68724.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2025122404-CVE-2025-68724-4d3c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68724", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68724" ], "PublishedDate": "2025-12-24T11:16:01.697Z", "LastModifiedDate": "2026-01-19T13:16:11.24Z" }, { "VulnerabilityID": "CVE-2025-68727", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68727", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f6509ceddd41efbe2768c31c14b927106c70572e16669b265abb47658e13e4c0", "Title": "kernel: ntfs3: Fix uninit buffer allocated by __getname()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nntfs3: Fix uninit buffer allocated by __getname()\n\nFix uninit errors caused after buffer allocation given to 'de'; by\ninitializing the buffer with zeroes. The fix was found by using KMSAN.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68727", "https://git.kernel.org/stable/c/4b1fd82848fdf0e01b3320815b261006c1722c3e", "https://git.kernel.org/stable/c/53f4d6cb97096590410f3719f75cdf9fc5120f37", "https://git.kernel.org/stable/c/90e23db1a85956026999c18e76f402542cb004da", "https://git.kernel.org/stable/c/9948dcb2f7b5a1bf8e8710eafaf6016e00be3ad6", "https://git.kernel.org/stable/c/b40a4eb4a0543d49686a6e693745009dac3b86a9", "https://git.kernel.org/stable/c/d88d4b455b6794f48d7adad52593f1700c7bd50e", "https://git.kernel.org/stable/c/dcb5e3cd96b77d52bb65988e4c914636a6d4fdd9", "https://lore.kernel.org/linux-cve-announce/2025122405-CVE-2025-68727-8481@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68727", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68727" ], "PublishedDate": "2025-12-24T11:16:02Z", "LastModifiedDate": "2026-01-19T13:16:11.34Z" }, { "VulnerabilityID": "CVE-2025-68728", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68728", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4e82ffdd4e7c7c75ab8306a2f3efd7f0fadb8951539676566683073a45ba9fd9", "Title": "kernel: ntfs3: fix uninit memory after failed mi_read in mi_format_new", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nntfs3: fix uninit memory after failed mi_read in mi_format_new\n\nFix a KMSAN un-init bug found by syzkaller.\n\nntfs_get_bh() expects a buffer from sb_getblk(), that buffer may not be\nuptodate. We do not bring the buffer uptodate before setting it as\nuptodate. If the buffer were to not be uptodate, it could mean adding a\nbuffer with un-init data to the mi record. Attempting to load that record\nwill trigger KMSAN.\n\nAvoid this by setting the buffer as uptodate, if it’s not already, by\noverwriting it.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68728", "https://git.kernel.org/stable/c/46f2a881e5a7311d41551edb3915e4d4e8802341", "https://git.kernel.org/stable/c/73e6b9dacf72a1e7a4265eacca46f8f33e0997d6", "https://git.kernel.org/stable/c/7ce8f2028dfccb2161b905cf8ab85cdd9e93909c", "https://git.kernel.org/stable/c/81ffe9a265df3e41534726b852ab08792e3d374d", "https://git.kernel.org/stable/c/8bf729b96303bb862d7c6dc05edcf51274ae04cf", "https://git.kernel.org/stable/c/afb144bc8e920db43a23e996eb0a6f9bdea84341", "https://git.kernel.org/stable/c/c70b3abfd530c7f574bc25a5f84707e6fdf0def8", "https://lore.kernel.org/linux-cve-announce/2025122405-CVE-2025-68728-2b2c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68728", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68728" ], "PublishedDate": "2025-12-24T11:16:02.1Z", "LastModifiedDate": "2026-01-19T13:16:11.437Z" }, { "VulnerabilityID": "CVE-2025-68732", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68732", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4e54c58a32ed11ed2e3a0e609a5cb26f6b456a7c870a32dbab9dfd923524bb67", "Title": "kernel: gpu: host1x: Fix race in syncpt alloc/free", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpu: host1x: Fix race in syncpt alloc/free\n\nFix race condition between host1x_syncpt_alloc()\nand host1x_syncpt_put() by using kref_put_mutex()\ninstead of kref_put() + manual mutex locking.\n\nThis ensures no thread can acquire the\nsyncpt_mutex after the refcount drops to zero\nbut before syncpt_release acquires it.\nThis prevents races where syncpoints could\nbe allocated while still being cleaned up\nfrom a previous release.\n\nRemove explicit mutex locking in syncpt_release\nas kref_put_mutex() handles this atomically.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68732", "https://git.kernel.org/stable/c/4aeaece518fa4436af93d1d8b786200d9656ff4b", "https://git.kernel.org/stable/c/4e6e07ce0197aecfb6c4a62862acc93b3efedeb7", "https://git.kernel.org/stable/c/6245cce711e2cdb2cc75c0bb8632952e36f8c972", "https://git.kernel.org/stable/c/79197c6007f2afbfd7bcf5b9b80ccabf8483d774", "https://git.kernel.org/stable/c/c7d393267c497502fa737607f435f05dfe6e3d9b", "https://git.kernel.org/stable/c/ca9388fba50dac2eb71c13702b7022a801bef90e", "https://git.kernel.org/stable/c/d138f73ffb0c57ded473c577719e6e551b7b1f27", "https://linux.oracle.com/cve/CVE-2025-68732.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2025122406-CVE-2025-68732-d91d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68732", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68732" ], "PublishedDate": "2025-12-24T11:16:02.497Z", "LastModifiedDate": "2026-01-19T13:16:11.533Z" }, { "VulnerabilityID": "CVE-2025-68733", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68733", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:43bd702e56d0f2950e8052704a9422ccb98dbfdcf494a34ad3e1990dd76ecb39", "Title": "kernel: smack: fix bug: unprivileged task can create labels", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmack: fix bug: unprivileged task can create labels\n\nIf an unprivileged task is allowed to relabel itself\n(/smack/relabel-self is not empty),\nit can freely create new labels by writing their\nnames into own /proc/PID/attr/smack/current\n\nThis occurs because do_setattr() imports\nthe provided label in advance,\nbefore checking \"relabel-self\" list.\n\nThis change ensures that the \"relabel-self\" list\nis checked before importing the label.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68733", "https://git.kernel.org/stable/c/4a7a7621619a366712fb9cefcb6e69f956c247ce", "https://git.kernel.org/stable/c/60e8d49989410a7ade60f5dadfcd979c117d05c0", "https://git.kernel.org/stable/c/64aa81250171b6bb6803e97ea7a5d73bfa061f6e", "https://git.kernel.org/stable/c/6b1e45e13546c9ea0b1d99097993ac0aafae90b1", "https://git.kernel.org/stable/c/ac9fce2efabad37c338aac86fbe100f77a080e59", "https://git.kernel.org/stable/c/c147e13ea7fe9f118f8c9ba5e96cbd644b00d6b3", "https://git.kernel.org/stable/c/c80173233014a360c13fa5cc79d36bfe6e53a8ed", "https://git.kernel.org/stable/c/f8fd5491100f920847a3338d5fba22db19c72773", "https://lore.kernel.org/linux-cve-announce/2025122407-CVE-2025-68733-a65e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68733", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68733" ], "PublishedDate": "2025-12-24T11:16:02.6Z", "LastModifiedDate": "2026-01-19T13:16:11.633Z" }, { "VulnerabilityID": "CVE-2025-68734", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68734", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:bf502898133a958eb415f018c2adff26bfcf20f7821f2bfb2dc91323513045a2", "Title": "kernel: Linux kernel: Denial of Service due to memory leak in hfcsusb_probe()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nisdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe()\n\nIn hfcsusb_probe(), the memory allocated for ctrl_urb gets leaked when\nsetup_instance() fails with an error code. Fix that by freeing the urb\nbefore freeing the hw structure. Also change the error paths to use the\ngoto ladder style.\n\nCompile tested only. Issue found using a prototype static analysis tool.", "Severity": "MEDIUM", "VendorSeverity": { "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68734", "https://git.kernel.org/stable/c/03695541b3349bc40bf5d6563d44d6147fb20260", "https://git.kernel.org/stable/c/3f7c72bc73c4e542fde14cce017549d8a0b61a3c", "https://git.kernel.org/stable/c/3f978e3f1570155a1327ffa25f60968bc7b9398f", "https://git.kernel.org/stable/c/475032fa2bb82ffb592c321885e917e39f47357f", "https://git.kernel.org/stable/c/6dce43433e0635e7b00346bc937b69ce48ea71bb", "https://git.kernel.org/stable/c/adb7577e23a431fc53aa1b6107733c0d751015fb", "https://git.kernel.org/stable/c/b70c24827e11fdc71465f9207e974526fb457bb9", "https://git.kernel.org/stable/c/ea7936304ed74ab7f965d17f942a173ce91a5ca8", "https://linux.oracle.com/cve/CVE-2025-68734.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2025122453-CVE-2025-68734-6403@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68734", "https://ubuntu.com/security/notices/USN-8029-1", "https://ubuntu.com/security/notices/USN-8029-2", "https://ubuntu.com/security/notices/USN-8029-3", "https://ubuntu.com/security/notices/USN-8030-1", "https://ubuntu.com/security/notices/USN-8048-1", "https://ubuntu.com/security/notices/USN-8095-1", "https://ubuntu.com/security/notices/USN-8095-2", "https://ubuntu.com/security/notices/USN-8095-3", "https://ubuntu.com/security/notices/USN-8095-4", "https://ubuntu.com/security/notices/USN-8095-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8100-1", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8125-1", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68734" ], "PublishedDate": "2025-12-24T11:16:02.7Z", "LastModifiedDate": "2025-12-29T15:58:34.503Z" }, { "VulnerabilityID": "CVE-2025-68736", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68736", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:50e041ec7f647f688e99ce3b436d239827421979e1c326f8a8177829141c2453", "Title": "kernel: landlock: Fix handling of disconnected directories", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nlandlock: Fix handling of disconnected directories\n\nDisconnected files or directories can appear when they are visible and\nopened from a bind mount, but have been renamed or moved from the source\nof the bind mount in a way that makes them inaccessible from the mount\npoint (i.e. out of scope).\n\nPreviously, access rights tied to files or directories opened through a\ndisconnected directory were collected by walking the related hierarchy\ndown to the root of the filesystem, without taking into account the\nmount point because it couldn't be found. This could lead to\ninconsistent access results, potential access right widening, and\nhard-to-debug renames, especially since such paths cannot be printed.\n\nFor a sandboxed task to create a disconnected directory, it needs to\nhave write access (i.e. FS_MAKE_REG, FS_REMOVE_FILE, and FS_REFER) to\nthe underlying source of the bind mount, and read access to the related\nmount point. Because a sandboxed task cannot acquire more access\nrights than those defined by its Landlock domain, this could lead to\ninconsistent access rights due to missing permissions that should be\ninherited from the mount point hierarchy, while inheriting permissions\nfrom the filesystem hierarchy hidden by this mount point instead.\n\nLandlock now handles files and directories opened from disconnected\ndirectories by taking into account the filesystem hierarchy when the\nmount point is not found in the hierarchy walk, and also always taking\ninto account the mount point from which these disconnected directories\nwere opened. This ensures that a rename is not allowed if it would\nwiden access rights [1].\n\nThe rationale is that, even if disconnected hierarchies might not be\nvisible or accessible to a sandboxed task, relying on the collected\naccess rights from them improves the guarantee that access rights will\nnot be widened during a rename because of the access right comparison\nbetween the source and the destination (see LANDLOCK_ACCESS_FS_REFER).\nIt may look like this would grant more access on disconnected files and\ndirectories, but the security policies are always enforced for all the\nevaluated hierarchies. This new behavior should be less surprising to\nusers and safer from an access control perspective.\n\nRemove a wrong WARN_ON_ONCE() canary in collect_domain_accesses() and\nfix the related comment.\n\nBecause opened files have their access rights stored in the related file\nsecurity properties, there is no impact for disconnected or unlinked\nfiles.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68736", "https://git.kernel.org/stable/c/426d5b681b2f3339ff04da39b81d71176dc8c87c", "https://git.kernel.org/stable/c/49c9e09d961025b22e61ef9ad56aa1c21b6ce2f1", "https://git.kernel.org/stable/c/cadb28f8b3fd6908e3051e86158c65c3a8e1c907", "https://lore.kernel.org/linux-cve-announce/2025122413-CVE-2025-68736-30ec@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68736", "https://www.cve.org/CVERecord?id=CVE-2025-68736" ], "PublishedDate": "2025-12-24T13:16:28.55Z", "LastModifiedDate": "2026-04-02T12:16:18.64Z" }, { "VulnerabilityID": "CVE-2025-68740", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68740", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a3752cab7084ceeb72a2bbf9dd0be3f17c46117827dcdcebf93c25e78e164714", "Title": "kernel: ima: Handle error code returned by ima_filter_rule_match()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nima: Handle error code returned by ima_filter_rule_match()\n\nIn ima_match_rules(), if ima_filter_rule_match() returns -ENOENT due to\nthe rule being NULL, the function incorrectly skips the 'if (!rc)' check\nand sets 'result = true'. The LSM rule is considered a match, causing\nextra files to be measured by IMA.\n\nThis issue can be reproduced in the following scenario:\nAfter unloading the SELinux policy module via 'semodule -d', if an IMA\nmeasurement is triggered before ima_lsm_rules is updated,\nin ima_match_rules(), the first call to ima_filter_rule_match() returns\n-ESTALE. This causes the code to enter the 'if (rc == -ESTALE \u0026\u0026\n!rule_reinitialized)' block, perform ima_lsm_copy_rule() and retry. In\nima_lsm_copy_rule(), since the SELinux module has been removed, the rule\nbecomes NULL, and the second call to ima_filter_rule_match() returns\n-ENOENT. This bypasses the 'if (!rc)' check and results in a false match.\n\nCall trace:\n selinux_audit_rule_match+0x310/0x3b8\n security_audit_rule_match+0x60/0xa0\n ima_match_rules+0x2e4/0x4a0\n ima_match_policy+0x9c/0x1e8\n ima_get_action+0x48/0x60\n process_measurement+0xf8/0xa98\n ima_bprm_check+0x98/0xd8\n security_bprm_check+0x5c/0x78\n search_binary_handler+0x6c/0x318\n exec_binprm+0x58/0x1b8\n bprm_execve+0xb8/0x130\n do_execveat_common.isra.0+0x1a8/0x258\n __arm64_sys_execve+0x48/0x68\n invoke_syscall+0x50/0x128\n el0_svc_common.constprop.0+0xc8/0xf0\n do_el0_svc+0x24/0x38\n el0_svc+0x44/0x200\n el0t_64_sync_handler+0x100/0x130\n el0t_64_sync+0x3c8/0x3d0\n\nFix this by changing 'if (!rc)' to 'if (rc \u003c= 0)' to ensure that error\ncodes like -ENOENT do not bypass the check and accidentally result in a\nsuccessful match.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L", "V3Score": 3.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68740", "https://git.kernel.org/stable/c/32952c4f4d1b2deb30dce72ba109da808a9018e1", "https://git.kernel.org/stable/c/738c9738e690f5cea24a3ad6fd2d9a323cf614f6", "https://git.kernel.org/stable/c/88cd5fbf5869731be8fc6f7cecb4e0d6ab3d8749", "https://git.kernel.org/stable/c/c2238d487a640ae3511e1b6f4640ab27ce10d7f6", "https://git.kernel.org/stable/c/cca3e7df3c0f99542033657ba850b9a6d27f8784", "https://git.kernel.org/stable/c/d14e0ec6a6828ee0dffa163fb5d513c9a21f0a51", "https://git.kernel.org/stable/c/de4431faf308d0c533cb386f5fa9af009bc86158", "https://git.kernel.org/stable/c/f2f4627b74c120fcdd8e1db93bc91f9bbaf46f85", "https://linux.oracle.com/cve/CVE-2025-68740.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2025122414-CVE-2025-68740-dcfd@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68740", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68740" ], "PublishedDate": "2025-12-24T13:16:28.943Z", "LastModifiedDate": "2026-01-19T13:16:11.73Z" }, { "VulnerabilityID": "CVE-2025-68742", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68742", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c5030c3a54b5db9be32aa8f59387ab756aeaaadfa065c4d54e09201d8be71dfa", "Title": "kernel: bpf: Fix invalid prog-\u003estats access when update_effective_progs fails", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix invalid prog-\u003estats access when update_effective_progs fails\n\nSyzkaller triggers an invalid memory access issue following fault\ninjection in update_effective_progs. The issue can be described as\nfollows:\n\n__cgroup_bpf_detach\n update_effective_progs\n compute_effective_progs\n bpf_prog_array_alloc \u003c-- fault inject\n purge_effective_progs\n /* change to dummy_bpf_prog */\n array-\u003eitems[index] = \u0026dummy_bpf_prog.prog\n\n---softirq start---\n__do_softirq\n ...\n __cgroup_bpf_run_filter_skb\n __bpf_prog_run_save_cb\n bpf_prog_run\n stats = this_cpu_ptr(prog-\u003estats)\n /* invalid memory access */\n flags = u64_stats_update_begin_irqsave(\u0026stats-\u003esyncp)\n---softirq end---\n\n static_branch_dec(\u0026cgroup_bpf_enabled_key[atype])\n\nThe reason is that fault injection caused update_effective_progs to fail\nand then changed the original prog into dummy_bpf_prog.prog in\npurge_effective_progs. Then a softirq came, and accessing the members of\ndummy_bpf_prog.prog in the softirq triggers invalid mem access.\n\nTo fix it, skip updating stats when stats is NULL.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68742", "https://git.kernel.org/stable/c/2579c356ccd35d06238b176e4b460978186d804b", "https://git.kernel.org/stable/c/539137e3038ce6f953efd72110110f03c14c7d97", "https://git.kernel.org/stable/c/56905bb70c8b88421709bb4e32fcba617aa37d41", "https://git.kernel.org/stable/c/7dc211c1159d991db609bdf4b0fb9033c04adcbc", "https://git.kernel.org/stable/c/93d1964773ff513c9bd530f7686d3e48b786fa6b", "https://git.kernel.org/stable/c/bf2c990b012100610c0f1ec5c4ea434da2d080c2", "https://linux.oracle.com/cve/CVE-2025-68742.html", "https://linux.oracle.com/errata/ELSA-2026-50112.html", "https://lore.kernel.org/linux-cve-announce/2025122415-CVE-2025-68742-367d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68742", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://www.cve.org/CVERecord?id=CVE-2025-68742" ], "PublishedDate": "2025-12-24T13:16:29.147Z", "LastModifiedDate": "2026-01-11T17:15:57.683Z" }, { "VulnerabilityID": "CVE-2025-68745", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68745", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:21d3275153752d395cf5cb401f48cb81ebdb46367e0f1d6cf16eb00d29ed7149", "Title": "kernel: Linux kernel: Denial of Service in qla2xxx SCSI driver due to improper command handling after chip reset", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Clear cmds after chip reset\n\nCommit aefed3e5548f (\"scsi: qla2xxx: target: Fix offline port handling\nand host reset handling\") caused two problems:\n\n1. Commands sent to FW, after chip reset got stuck and never freed as FW\n is not going to respond to them anymore.\n\n2. BUG_ON(cmd-\u003esg_mapped) in qlt_free_cmd(). Commit 26f9ce53817a\n (\"scsi: qla2xxx: Fix missed DMA unmap for aborted commands\")\n attempted to fix this, but introduced another bug under different\n circumstances when two different CPUs were racing to call\n qlt_unmap_sg() at the same time: BUG_ON(!valid_dma_direction(dir)) in\n dma_unmap_sg_attrs().\n\nSo revert \"scsi: qla2xxx: Fix missed DMA unmap for aborted commands\" and\npartially revert \"scsi: qla2xxx: target: Fix offline port handling and\nhost reset handling\" at __qla2x00_abort_all_cmds.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68745", "https://git.kernel.org/stable/c/5c1fb3fd05da3d55b8cbc42d7d660b313cbdc936", "https://git.kernel.org/stable/c/d46c69a087aa3d1513f7a78f871b80251ea0c1ae", "https://lore.kernel.org/linux-cve-announce/2025122416-CVE-2025-68745-69b5@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68745", "https://www.cve.org/CVERecord?id=CVE-2025-68745" ], "PublishedDate": "2025-12-24T13:16:29.44Z", "LastModifiedDate": "2025-12-29T15:58:13.147Z" }, { "VulnerabilityID": "CVE-2025-68746", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68746", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:93cecebd00e14ee55aae78b60e4e950e0fa301ba9de3f5216db8f8762ee1f361", "Title": "kernel: spi: tegra210-quad: Fix timeout handling", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: tegra210-quad: Fix timeout handling\n\nWhen the CPU that the QSPI interrupt handler runs on (typically CPU 0)\nis excessively busy, it can lead to rare cases of the IRQ thread not\nrunning before the transfer timeout is reached.\n\nWhile handling the timeouts, any pending transfers are cleaned up and\nthe message that they correspond to is marked as failed, which leaves\nthe curr_xfer field pointing at stale memory.\n\nTo avoid this, clear curr_xfer to NULL upon timeout and check for this\ncondition when the IRQ thread is finally run.\n\nWhile at it, also make sure to clear interrupts on failure so that new\ninterrupts can be run.\n\nA better, more involved, fix would move the interrupt clearing into a\nhard IRQ handler. Ideally we would also want to signal that the IRQ\nthread no longer needs to be run after the timeout is hit to avoid the\nextra check for a valid transfer.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68746", "https://git.kernel.org/stable/c/01bbf25c767219b14c3235bfa85906b8d2cb8fbc", "https://git.kernel.org/stable/c/551060efb156c50fe33799038ba8145418cfdeef", "https://git.kernel.org/stable/c/83309dd551cfd60a5a1a98d9cab19f435b44d46d", "https://git.kernel.org/stable/c/88db8bb7ed1bb474618acdf05ebd4f0758d244e2", "https://git.kernel.org/stable/c/b4e002d8a7cee3b1d70efad0e222567f92a73000", "https://git.kernel.org/stable/c/bb0c58be84f907285af45657c1d4847b960a12bf", "https://git.kernel.org/stable/c/c934e40246da2c5726d14e94719c514e30840df8", "https://linux.oracle.com/cve/CVE-2025-68746.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2025122416-CVE-2025-68746-bd3e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68746", "https://ubuntu.com/security/notices/USN-8016-1", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68746" ], "PublishedDate": "2025-12-24T13:16:29.533Z", "LastModifiedDate": "2026-01-19T13:16:11.833Z" }, { "VulnerabilityID": "CVE-2025-68755", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68755", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:13881640c02fa7e628a876bd0f4f0252f12cec51345427bc90332e1b9637465c", "Title": "kernel: staging: most: remove broken i2c driver", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: most: remove broken i2c driver\n\nThe MOST I2C driver has been completely broken for five years without\nanyone noticing so remove the driver from staging.\n\nSpecifically, commit 723de0f9171e (\"staging: most: remove device from\ninterface structure\") started requiring drivers to set the interface\ndevice pointer before registration, but the I2C driver was never updated\nwhich results in a NULL pointer dereference if anyone ever tries to\nprobe it.", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68755", "https://git.kernel.org/linus/495df2da6944477d282d5cc0c13174d06e25b310 (6.19-rc1)", "https://git.kernel.org/stable/c/495df2da6944477d282d5cc0c13174d06e25b310", "https://git.kernel.org/stable/c/6059a66dba7f26b21852831432e17075f1a1c783", "https://git.kernel.org/stable/c/6cbba922934805f86eece6ba7010b7201962695d", "https://git.kernel.org/stable/c/e463548fd80e779efea1cb2d3049b8a7231e6925", "https://lore.kernel.org/linux-cve-announce/2026010549-CVE-2025-68755-b588@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68755", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://www.cve.org/CVERecord?id=CVE-2025-68755" ], "PublishedDate": "2026-01-05T10:15:56.543Z", "LastModifiedDate": "2026-01-11T17:15:58.17Z" }, { "VulnerabilityID": "CVE-2025-68757", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68757", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9e674a9ec0b92b7360a4dda3442ba3a909b9ce7136afbc476401783049bcbdd6", "Title": "kernel: drm/vgem-fence: Fix potential deadlock on release", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vgem-fence: Fix potential deadlock on release\n\nA timer that expires a vgem fence automatically in 10 seconds is now\nreleased with timer_delete_sync() from fence-\u003eops.release() called on last\ndma_fence_put(). In some scenarios, it can run in IRQ context, which is\nnot safe unless TIMER_IRQSAFE is used. One potentially risky scenario was\ndemonstrated in Intel DRM CI trybot, BAT run on machine bat-adlp-6, while\nworking on new IGT subtests syncobj_timeline@stress-* as user space\nreplacements of some problematic test cases of a dma-fence-chain selftest\n[1].\n\n[117.004338] ================================\n[117.004340] WARNING: inconsistent lock state\n[117.004342] 6.17.0-rc7-CI_DRM_17270-g7644974e648c+ #1 Tainted: G S U\n[117.004346] --------------------------------\n[117.004347] inconsistent {HARDIRQ-ON-W} -\u003e {IN-HARDIRQ-W} usage.\n[117.004349] swapper/0/0 [HC1[1]:SC1[1]:HE0:SE0] takes:\n[117.004352] ffff888138f86aa8 ((\u0026fence-\u003etimer)){?.-.}-{0:0}, at: __timer_delete_sync+0x4b/0x190\n[117.004361] {HARDIRQ-ON-W} state was registered at:\n[117.004363] lock_acquire+0xc4/0x2e0\n[117.004366] call_timer_fn+0x80/0x2a0\n[117.004368] __run_timers+0x231/0x310\n[117.004370] run_timer_softirq+0x76/0xe0\n[117.004372] handle_softirqs+0xd4/0x4d0\n[117.004375] __irq_exit_rcu+0x13f/0x160\n[117.004377] irq_exit_rcu+0xe/0x20\n[117.004379] sysvec_apic_timer_interrupt+0xa0/0xc0\n[117.004382] asm_sysvec_apic_timer_interrupt+0x1b/0x20\n[117.004385] cpuidle_enter_state+0x12b/0x8a0\n[117.004388] cpuidle_enter+0x2e/0x50\n[117.004393] call_cpuidle+0x22/0x60\n[117.004395] do_idle+0x1fd/0x260\n[117.004398] cpu_startup_entry+0x29/0x30\n[117.004401] start_secondary+0x12d/0x160\n[117.004404] common_startup_64+0x13e/0x141\n[117.004407] irq event stamp: 2282669\n[117.004409] hardirqs last enabled at (2282668): [\u003cffffffff8289db71\u003e] _raw_spin_unlock_irqrestore+0x51/0x80\n[117.004414] hardirqs last disabled at (2282669): [\u003cffffffff82882021\u003e] sysvec_irq_work+0x11/0xc0\n[117.004419] softirqs last enabled at (2254702): [\u003cffffffff8289fd00\u003e] __do_softirq+0x10/0x18\n[117.004423] softirqs last disabled at (2254725): [\u003cffffffff813d4ddf\u003e] __irq_exit_rcu+0x13f/0x160\n[117.004426]\nother info that might help us debug this:\n[117.004429] Possible unsafe locking scenario:\n[117.004432] CPU0\n[117.004433] ----\n[117.004434] lock((\u0026fence-\u003etimer));\n[117.004436] \u003cInterrupt\u003e\n[117.004438] lock((\u0026fence-\u003etimer));\n[117.004440]\n *** DEADLOCK ***\n[117.004443] 1 lock held by swapper/0/0:\n[117.004445] #0: ffffc90000003d50 ((\u0026fence-\u003etimer)){?.-.}-{0:0}, at: call_timer_fn+0x7a/0x2a0\n[117.004450]\nstack backtrace:\n[117.004453] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G S U 6.17.0-rc7-CI_DRM_17270-g7644974e648c+ #1 PREEMPT(voluntary)\n[117.004455] Tainted: [S]=CPU_OUT_OF_SPEC, [U]=USER\n[117.004455] Hardware name: Intel Corporation Alder Lake Client Platform/AlderLake-P DDR4 RVP, BIOS RPLPFWI1.R00.4035.A00.2301200723 01/20/2023\n[117.004456] Call Trace:\n[117.004456] \u003cIRQ\u003e\n[117.004457] dump_stack_lvl+0x91/0xf0\n[117.004460] dump_stack+0x10/0x20\n[117.004461] print_usage_bug.part.0+0x260/0x360\n[117.004463] mark_lock+0x76e/0x9c0\n[117.004465] ? register_lock_class+0x48/0x4a0\n[117.004467] __lock_acquire+0xbc3/0x2860\n[117.004469] lock_acquire+0xc4/0x2e0\n[117.004470] ? __timer_delete_sync+0x4b/0x190\n[117.004472] ? __timer_delete_sync+0x4b/0x190\n[117.004473] __timer_delete_sync+0x68/0x190\n[117.004474] ? __timer_delete_sync+0x4b/0x190\n[117.004475] timer_delete_sync+0x10/0x20\n[117.004476] vgem_fence_release+0x19/0x30 [vgem]\n[117.004478] dma_fence_release+0xc1/0x3b0\n[117.004480] ? dma_fence_release+0xa1/0x3b0\n[117.004481] dma_fence_chain_release+0xe7/0x130\n[117.004483] dma_fence_release+0xc1/0x3b0\n[117.004484] ? _raw_spin_unlock_irqrestore+0x27/0x80\n[117.004485] dma_fence_chain_irq_work+0x59/0x80\n[117.004487] irq_work_single+0x75/0xa0\n[117.004490] irq_work_r\n---truncated---", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68757", "https://git.kernel.org/linus/78b4d6463e9e69e5103f98b367f8984ad12cdc6f (6.19-rc1)", "https://git.kernel.org/stable/c/1026d1b0bd55e1be7ba0f9e9b1c9f6e02448f25a", "https://git.kernel.org/stable/c/1f0ca9d3e7c38a39f1f12377c24decf0bba46e54", "https://git.kernel.org/stable/c/338e388c0d80ffc04963b6b0ec702ffdfd2c4eba", "https://git.kernel.org/stable/c/37289a18099fc7ce916933bd542926a7334791a3", "https://git.kernel.org/stable/c/489b2158aec92a3fc256d70992416869f86e16e0", "https://git.kernel.org/stable/c/4f335cb8fad69b2be5accf0ebac3a8b345915f4e", "https://git.kernel.org/stable/c/78b4d6463e9e69e5103f98b367f8984ad12cdc6f", "https://git.kernel.org/stable/c/9dc3c78d21e16f5af1a9c3d11b4bd5276f891fe0", "https://linux.oracle.com/cve/CVE-2025-68757.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026010550-CVE-2025-68757-7245@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68757", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68757" ], "PublishedDate": "2026-01-05T10:15:56.773Z", "LastModifiedDate": "2026-01-19T13:16:11.933Z" }, { "VulnerabilityID": "CVE-2025-68758", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68758", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:55beb8946bc936585951bf84b13f496a905264b81b892234ebc1ace1f53f9ce0", "Title": "kernel: backlight: led-bl: Add devlink to supplier LEDs", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbacklight: led-bl: Add devlink to supplier LEDs\n\nLED Backlight is a consumer of one or multiple LED class devices, but\ndevlink is currently unable to create correct supplier-producer links when\nthe supplier is a class device. It creates instead a link where the\nsupplier is the parent of the expected device.\n\nOne consequence is that removal order is not correctly enforced.\n\nIssues happen for example with the following sections in a device tree\noverlay:\n\n // An LED driver chip\n pca9632@62 {\n compatible = \"nxp,pca9632\";\n reg = \u003c0x62\u003e;\n\n\t// ...\n\n addon_led_pwm: led-pwm@3 {\n reg = \u003c3\u003e;\n label = \"addon:led:pwm\";\n };\n };\n\n backlight-addon {\n compatible = \"led-backlight\";\n leds = \u003c\u0026addon_led_pwm\u003e;\n brightness-levels = \u003c255\u003e;\n default-brightness-level = \u003c255\u003e;\n };\n\nIn this example, the devlink should be created between the backlight-addon\n(consumer) and the pca9632@62 (supplier). Instead it is created between the\nbacklight-addon (consumer) and the parent of the pca9632@62, which is\ntypically the I2C bus adapter.\n\nOn removal of the above overlay, the LED driver can be removed before the\nbacklight device, resulting in:\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010\n ...\n Call trace:\n led_put+0xe0/0x140\n devm_led_release+0x6c/0x98\n\nAnother way to reproduce the bug without any device tree overlays is\nunbinding the LED class device (pca9632@62) before unbinding the consumer\n(backlight-addon):\n\n echo 11-0062 \u003e/sys/bus/i2c/drivers/leds-pca963x/unbind\n echo ...backlight-dock \u003e/sys/bus/platform/drivers/led-backlight/unbind\n\nFix by adding a devlink between the consuming led-backlight device and the\nsupplying LED device, as other drivers and subsystems do as well.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68758", "https://git.kernel.org/linus/9341d6698f4cfdfc374fb6944158d111ebe16a9d (6.19-rc1)", "https://git.kernel.org/stable/c/08c9dc6b0f2c68e5e7c374ac4499e321e435d46c", "https://git.kernel.org/stable/c/0e63ea4378489e09eb5e920c8a50c10caacf563a", "https://git.kernel.org/stable/c/30cbe4b642745a9488a0f0d78be43afe69d7555c", "https://git.kernel.org/stable/c/60a24070392ec726ccfe6ad1ca7b0381c8d8f7c9", "https://git.kernel.org/stable/c/64739adf3eef063b8e2c72b7e919eac8c6480bf0", "https://git.kernel.org/stable/c/9341d6698f4cfdfc374fb6944158d111ebe16a9d", "https://git.kernel.org/stable/c/cd01a24b3e52d6777b49c917d841f125fe9eebd0", "https://git.kernel.org/stable/c/e06df738a9ad8417f1c4c7cd6992cda320e9e7ca", "https://lore.kernel.org/linux-cve-announce/2026010550-CVE-2025-68758-a505@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68758", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68758" ], "PublishedDate": "2026-01-05T10:15:56.897Z", "LastModifiedDate": "2026-01-19T13:16:12.037Z" }, { "VulnerabilityID": "CVE-2025-68759", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68759", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:cd2ee942d7928ca6b84b45df126d488e316b4714a28376c0b8152cb5e9b614ac", "Title": "kernel: wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring()\n\nIn rtl8180_init_rx_ring(), memory is allocated for skb packets and DMA\nallocations in a loop. When an allocation fails, the previously\nsuccessful allocations are not freed on exit.\n\nFix that by jumping to err_free_rings label on error, which calls\nrtl8180_free_rx_ring() to free the allocations. Remove the free of\nrx_ring in rtl8180_init_rx_ring() error path, and set the freed\npriv-\u003erx_buf entry to null, to avoid double free.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 3, "oracle-oval": 3, "photon": 3, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68759", "https://git.kernel.org/linus/9b5b9c042b30befc5b37e4539ace95af70843473 (6.19-rc1)", "https://git.kernel.org/stable/c/3677c01891fb0239361e444afee8398868e34bdf", "https://git.kernel.org/stable/c/89caaeee8dd95fae8bb4f4964e6fe3ca688500c4", "https://git.kernel.org/stable/c/9b5b9c042b30befc5b37e4539ace95af70843473", "https://git.kernel.org/stable/c/a4fb7cca9837378878e6c94d9e7af019c8fdfcdb", "https://git.kernel.org/stable/c/a813a74570212cb5f3a7d3b05c0cb0cd00bace1d", "https://git.kernel.org/stable/c/bf8513dfa31ea015c9cf415796dca2113d293840", "https://git.kernel.org/stable/c/c9d1c4152e6d32fa74034464854bee262a60bc43", "https://git.kernel.org/stable/c/ee7db11742b30641f21306105ad27a275e3c61d7", "https://linux.oracle.com/cve/CVE-2025-68759.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026010550-CVE-2025-68759-8638@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68759", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68759" ], "PublishedDate": "2026-01-05T10:15:57.01Z", "LastModifiedDate": "2026-01-19T13:16:12.133Z" }, { "VulnerabilityID": "CVE-2025-68764", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68764", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:accc05d8f92bfac9fc2bea466116e78512643a5e307a3fc10ee8518ee673c641", "Title": "kernel: NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags\n\nWhen a filesystem is being automounted, it needs to preserve the\nuser-set superblock mount options, such as the \"ro\" flag.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68764", "https://git.kernel.org/linus/8675c69816e4276b979ff475ee5fac4688f80125 (6.19-rc1)", "https://git.kernel.org/stable/c/4b296944e632cf4c6a4cc8e2585c6451eae47b1b", "https://git.kernel.org/stable/c/612cc98698d667df804792f0c47d4e501e66da29", "https://git.kernel.org/stable/c/8675c69816e4276b979ff475ee5fac4688f80125", "https://git.kernel.org/stable/c/a3dc6c40bcab1a888d5c0d134ccc0746b4c98929", "https://git.kernel.org/stable/c/ba1495aefd22fcf0746a2a3025c95d766d7cde4d", "https://git.kernel.org/stable/c/c09070b4def1b34e473a746c6a5331ccb80902c1", "https://git.kernel.org/stable/c/dce10c59211e5cd763a62ea01e79b82a629811e3", "https://git.kernel.org/stable/c/df9b003a2ecacc7218486fbb31fe008c93097d5f", "https://linux.oracle.com/cve/CVE-2025-68764.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026010516-CVE-2025-68764-107e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68764", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68764" ], "PublishedDate": "2026-01-05T10:15:57.587Z", "LastModifiedDate": "2026-01-19T13:16:12.24Z" }, { "VulnerabilityID": "CVE-2025-68765", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68765", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5dbeecc60c21b7ecfc2c45b0871a3cb42c395e22c5cd4a94a621754e66100e90", "Title": "kernel: mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add()\n\nIn mt7615_mcu_wtbl_sta_add(), an skb sskb is allocated. If the\nsubsequent call to mt76_connac_mcu_alloc_wtbl_req() fails, the function\nreturns an error without freeing sskb, leading to a memory leak.\n\nFix this by calling dev_kfree_skb() on sskb in the error handling path\nto ensure it is properly released.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68765", "https://git.kernel.org/linus/53d1548612670aa8b5d89745116cc33d9d172863 (6.19-rc1)", "https://git.kernel.org/stable/c/1c3c234af9407256ed670c8752923a672eea4225", "https://git.kernel.org/stable/c/278bfed4529a0c9c9119f5a52ddafe69db61a75c", "https://git.kernel.org/stable/c/4d42aba0ee49c0aa015c50c4f2a07cf8fa1c3a49", "https://git.kernel.org/stable/c/53d1548612670aa8b5d89745116cc33d9d172863", "https://git.kernel.org/stable/c/594ff8bb69e239678a8baa461827ce4bb90eff8f", "https://git.kernel.org/stable/c/d6c91fc732698642f70c688324c98551b97b412c", "https://git.kernel.org/stable/c/fb905e69941b44e03fe1a24e95328d45442b6d6d", "https://lore.kernel.org/linux-cve-announce/2026010519-CVE-2025-68765-7c16@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68765", "https://ubuntu.com/security/notices/USN-8094-1", "https://ubuntu.com/security/notices/USN-8094-2", "https://ubuntu.com/security/notices/USN-8094-3", "https://ubuntu.com/security/notices/USN-8094-4", "https://ubuntu.com/security/notices/USN-8094-5", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68765" ], "PublishedDate": "2026-01-05T10:15:57.697Z", "LastModifiedDate": "2026-01-19T13:16:12.353Z" }, { "VulnerabilityID": "CVE-2025-68767", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68767", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d57b1962af4d55feb16ad583e4ccd47cfe24d9d150833129a2b27bb096d4c568", "Title": "kernel: hfsplus: Verify inode mode when loading from disk", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: Verify inode mode when loading from disk\n\nsyzbot is reporting that S_IFMT bits of inode-\u003ei_mode can become bogus when\nthe S_IFMT bits of the 16bits \"mode\" field loaded from disk are corrupted.\n\nAccording to [1], the permissions field was treated as reserved in Mac OS\n8 and 9. According to [2], the reserved field was explicitly initialized\nwith 0, and that field must remain 0 as long as reserved. Therefore, when\nthe \"mode\" field is not 0 (i.e. no longer reserved), the file must be\nS_IFDIR if dir == 1, and the file must be one of S_IFREG/S_IFLNK/S_IFCHR/\nS_IFBLK/S_IFIFO/S_IFSOCK if dir == 0.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68767", "https://git.kernel.org/linus/005d4b0d33f6b4a23d382b7930f7a96b95b01f39 (6.19-rc1)", "https://git.kernel.org/stable/c/001f44982587ad462b3002ee40c75e8df67d597d", "https://git.kernel.org/stable/c/005d4b0d33f6b4a23d382b7930f7a96b95b01f39", "https://git.kernel.org/stable/c/05ec9af3cc430683c97f76027e1c55ac6fd25c59", "https://git.kernel.org/stable/c/6f768724aabd5b321c5b8f15acdca11e4781cf32", "https://git.kernel.org/stable/c/91f114bffa36ce56d0e1f60a0a44fc09baaefc79", "https://git.kernel.org/stable/c/d92333c7a35856e419500e7eed72dac1afa404a5", "https://git.kernel.org/stable/c/edfb2e602b5ba5ca6bf31cbac20b366efb72b156", "https://lore.kernel.org/linux-cve-announce/2026011353-CVE-2025-68767-cd16@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68767", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68767" ], "PublishedDate": "2026-01-13T16:15:56.12Z", "LastModifiedDate": "2026-01-19T13:16:12.603Z" }, { "VulnerabilityID": "CVE-2025-68768", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68768", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3b9d6093ef1794a101c2e820d16f19cc578a3a0d4c929c1e36e2f067bfa1f49a", "Title": "kernel: inet: frags: flush pending skbs in fqdir_pre_exit()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ninet: frags: flush pending skbs in fqdir_pre_exit()\n\nWe have been seeing occasional deadlocks on pernet_ops_rwsem since\nSeptember in NIPA. The stuck task was usually modprobe (often loading\na driver like ipvlan), trying to take the lock as a Writer.\nlockdep does not track readers for rwsems so the read wasn't obvious\nfrom the reports.\n\nOn closer inspection the Reader holding the lock was conntrack looping\nforever in nf_conntrack_cleanup_net_list(). Based on past experience\nwith occasional NIPA crashes I looked thru the tests which run before\nthe crash and noticed that the crash follows ip_defrag.sh. An immediate\nred flag. Scouring thru (de)fragmentation queues reveals skbs sitting\naround, holding conntrack references.\n\nThe problem is that since conntrack depends on nf_defrag_ipv6,\nnf_defrag_ipv6 will load first. Since nf_defrag_ipv6 loads first its\nnetns exit hooks run _after_ conntrack's netns exit hook.\n\nFlush all fragment queue SKBs during fqdir_pre_exit() to release\nconntrack references before conntrack cleanup runs. Also flush\nthe queues in timer expiry handlers when they discover fqdir-\u003edead\nis set, in case packet sneaks in while we're running the pre_exit\nflush.\n\nThe commit under Fixes is not exactly the culprit, but I think\npreviously the timer firing would eventually unblock the spinning\nconntrack.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68768", "https://git.kernel.org/linus/006a5035b495dec008805df249f92c22c89c3d2e (6.19-rc2)", "https://git.kernel.org/stable/c/006a5035b495dec008805df249f92c22c89c3d2e", "https://git.kernel.org/stable/c/c70df25214ac9b32b53e18e6ae3b8f073ffa6903", "https://lore.kernel.org/linux-cve-announce/2026011356-CVE-2025-68768-d458@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68768", "https://www.cve.org/CVERecord?id=CVE-2025-68768" ], "PublishedDate": "2026-01-13T16:15:56.247Z", "LastModifiedDate": "2026-01-14T16:26:00.933Z" }, { "VulnerabilityID": "CVE-2025-68769", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68769", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f3720c93e964bb9a6e71d91124a2ef6b2543e2a7bdaabea3e8d00fa85eca7f03", "Title": "kernel: f2fs: fix return value of f2fs_recover_fsync_data()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix return value of f2fs_recover_fsync_data()\n\nWith below scripts, it will trigger panic in f2fs:\n\nmkfs.f2fs -f /dev/vdd\nmount /dev/vdd /mnt/f2fs\ntouch /mnt/f2fs/foo\nsync\necho 111 \u003e\u003e /mnt/f2fs/foo\nf2fs_io fsync /mnt/f2fs/foo\nf2fs_io shutdown 2 /mnt/f2fs\numount /mnt/f2fs\nmount -o ro,norecovery /dev/vdd /mnt/f2fs\nor\nmount -o ro,disable_roll_forward /dev/vdd /mnt/f2fs\n\nF2FS-fs (vdd): f2fs_recover_fsync_data: recovery fsync data, check_only: 0\nF2FS-fs (vdd): Mounted with checkpoint version = 7f5c361f\nF2FS-fs (vdd): Stopped filesystem due to reason: 0\nF2FS-fs (vdd): f2fs_recover_fsync_data: recovery fsync data, check_only: 1\nFilesystem f2fs get_tree() didn't set fc-\u003eroot, returned 1\n------------[ cut here ]------------\nkernel BUG at fs/super.c:1761!\nOops: invalid opcode: 0000 [#1] SMP PTI\nCPU: 3 UID: 0 PID: 722 Comm: mount Not tainted 6.18.0-rc2+ #721 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nRIP: 0010:vfs_get_tree.cold+0x18/0x1a\nCall Trace:\n \u003cTASK\u003e\n fc_mount+0x13/0xa0\n path_mount+0x34e/0xc50\n __x64_sys_mount+0x121/0x150\n do_syscall_64+0x84/0x800\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7fa6cc126cfe\n\nThe root cause is we missed to handle error number returned from\nf2fs_recover_fsync_data() when mounting image w/ ro,norecovery or\nro,disable_roll_forward mount option, result in returning a positive\nerror number to vfs_get_tree(), fix it.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68769", "https://git.kernel.org/linus/01fba45deaddcce0d0b01c411435d1acf6feab7b (6.19-rc1)", "https://git.kernel.org/stable/c/01fba45deaddcce0d0b01c411435d1acf6feab7b", "https://git.kernel.org/stable/c/0de4977a1eeafe9d77701e3c031a1bcdba389243", "https://git.kernel.org/stable/c/4560db9678a2c5952b6205fbca468c6805c2ba2a", "https://git.kernel.org/stable/c/473550e715654ad7612aa490d583cb7c25fe2ff3", "https://git.kernel.org/stable/c/9bc246018aaa3b46a7710428d0a2196c229f9d49", "https://git.kernel.org/stable/c/a4c67d96f92eefcfa5596a08f069e77b743c5865", "https://git.kernel.org/stable/c/e6ac31abd30e9fd2ef5f0819ce7f3f932be3b725", "https://lore.kernel.org/linux-cve-announce/2026011357-CVE-2025-68769-e471@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68769", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68769" ], "PublishedDate": "2026-01-13T16:15:56.353Z", "LastModifiedDate": "2026-01-19T13:16:12.753Z" }, { "VulnerabilityID": "CVE-2025-68771", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68771", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2144b85fa59fb8be572b6aadcf53f55a82e72b7de023155fff33cde0ec41e60b", "Title": "kernel: ocfs2: fix kernel BUG in ocfs2_find_victim_chain", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix kernel BUG in ocfs2_find_victim_chain\n\nsyzbot reported a kernel BUG in ocfs2_find_victim_chain() because the\n`cl_next_free_rec` field of the allocation chain list (next free slot in\nthe chain list) is 0, triggring the BUG_ON(!cl-\u003ecl_next_free_rec)\ncondition in ocfs2_find_victim_chain() and panicking the kernel.\n\nTo fix this, an if condition is introduced in ocfs2_claim_suballoc_bits(),\njust before calling ocfs2_find_victim_chain(), the code block in it being\nexecuted when either of the following conditions is true:\n\n1. `cl_next_free_rec` is equal to 0, indicating that there are no free\nchains in the allocation chain list\n2. `cl_next_free_rec` is greater than `cl_count` (the total number of\nchains in the allocation chain list)\n\nEither of them being true is indicative of the fact that there are no\nchains left for usage.\n\nThis is addressed using ocfs2_error(), which prints\nthe error log for debugging purposes, rather than panicking the kernel.", "Severity": "MEDIUM", "VendorSeverity": { "oracle-oval": 3, "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68771", "https://git.kernel.org/linus/039bef30e320827bac8990c9f29d2a68cd8adb5f (6.19-rc1)", "https://git.kernel.org/stable/c/039bef30e320827bac8990c9f29d2a68cd8adb5f", "https://git.kernel.org/stable/c/1f77e5cd563e6387fdf3bb714fcda36cd88ac5e7", "https://git.kernel.org/stable/c/7acc0390e0dd7474c4451d05465a677d55ad4268", "https://git.kernel.org/stable/c/96f1b074c98c20f55a3b23d2ab44d9fb0f619869", "https://git.kernel.org/stable/c/b08a33d5f80efe6979a6e8f905c1a898910c21dd", "https://git.kernel.org/stable/c/d0fd1f732ea8063cecd07a3879b7d815c7ee71ed", "https://git.kernel.org/stable/c/e24aedae71652d4119049f1fbef6532ccbe3966d", "https://linux.oracle.com/cve/CVE-2025-68771.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026011357-CVE-2025-68771-cf0d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68771", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68771" ], "PublishedDate": "2026-01-13T16:15:56.59Z", "LastModifiedDate": "2026-01-19T13:16:12.853Z" }, { "VulnerabilityID": "CVE-2025-68772", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68772", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3fe163ceddde311f683aa6f11f9d698d2f4a4f8548dfe77d40cf67f127fe8b2e", "Title": "kernel: f2fs: fix to avoid updating compression context during writeback", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid updating compression context during writeback\n\nBai, Shuangpeng \u003csjb7183@psu.edu\u003e reported a bug as below:\n\nOops: divide error: 0000 [#1] SMP KASAN PTI\nCPU: 0 UID: 0 PID: 11441 Comm: syz.0.46 Not tainted 6.17.0 #1 PREEMPT(full)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nRIP: 0010:f2fs_all_cluster_page_ready+0x106/0x550 fs/f2fs/compress.c:857\nCall Trace:\n \u003cTASK\u003e\n f2fs_write_cache_pages fs/f2fs/data.c:3078 [inline]\n __f2fs_write_data_pages fs/f2fs/data.c:3290 [inline]\n f2fs_write_data_pages+0x1c19/0x3600 fs/f2fs/data.c:3317\n do_writepages+0x38e/0x640 mm/page-writeback.c:2634\n filemap_fdatawrite_wbc mm/filemap.c:386 [inline]\n __filemap_fdatawrite_range mm/filemap.c:419 [inline]\n file_write_and_wait_range+0x2ba/0x3e0 mm/filemap.c:794\n f2fs_do_sync_file+0x6e6/0x1b00 fs/f2fs/file.c:294\n generic_write_sync include/linux/fs.h:3043 [inline]\n f2fs_file_write_iter+0x76e/0x2700 fs/f2fs/file.c:5259\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x7e9/0xe00 fs/read_write.c:686\n ksys_write+0x19d/0x2d0 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xf7/0x470 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nThe bug was triggered w/ below race condition:\n\nfsync\t\t\t\tsetattr\t\t\tioctl\n- f2fs_do_sync_file\n - file_write_and_wait_range\n - f2fs_write_cache_pages\n : inode is non-compressed\n : cc.cluster_size =\n F2FS_I(inode)-\u003ei_cluster_size = 0\n - tag_pages_for_writeback\n\t\t\t\t- f2fs_setattr\n\t\t\t\t - truncate_setsize\n\t\t\t\t - f2fs_truncate\n\t\t\t\t\t\t\t- f2fs_fileattr_set\n\t\t\t\t\t\t\t - f2fs_setflags_common\n\t\t\t\t\t\t\t - set_compress_context\n\t\t\t\t\t\t\t : F2FS_I(inode)-\u003ei_cluster_size = 4\n\t\t\t\t\t\t\t : set_inode_flag(inode, FI_COMPRESSED_FILE)\n - f2fs_compressed_file\n : return true\n - f2fs_all_cluster_page_ready\n : \"pgidx % cc-\u003ecluster_size\" trigger dividing 0 issue\n\nLet's change as below to fix this issue:\n- introduce a new atomic type variable .writeback in structure f2fs_inode_info\nto track the number of threads which calling f2fs_write_cache_pages().\n- use .i_sem lock to protect .writeback update.\n- check .writeback before update compression context in f2fs_setflags_common()\nto avoid race w/ -\u003ewritepages.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68772", "https://git.kernel.org/linus/10b591e7fb7cdc8c1e53e9c000dc0ef7069aaa76 (6.19-rc1)", "https://git.kernel.org/stable/c/0bf1a02494c7eb5bd43445de4c83c8592e02c4bf", "https://git.kernel.org/stable/c/0df713a9c082a474c8b0bcf670edc8e98461d5a0", "https://git.kernel.org/stable/c/10b591e7fb7cdc8c1e53e9c000dc0ef7069aaa76", "https://git.kernel.org/stable/c/ad26bfbc085c939b5dca77ff8c14798c06d151c4", "https://git.kernel.org/stable/c/bcd0086ee5a2e88c1224ff2ec1e4a43c83efe5a0", "https://lore.kernel.org/linux-cve-announce/2026011358-CVE-2025-68772-9d70@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68772", "https://www.cve.org/CVERecord?id=CVE-2025-68772" ], "PublishedDate": "2026-01-13T16:15:56.707Z", "LastModifiedDate": "2026-01-14T16:26:00.933Z" }, { "VulnerabilityID": "CVE-2025-68774", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68774", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:cf5e6fe6caf70bf41f4b926f441e1da1a4a0b6a8873fec423bdbaea16f566954", "Title": "kernel: hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create\n\nWhen sync() and link() are called concurrently, both threads may\nenter hfs_bnode_find() without finding the node in the hash table\nand proceed to create it.\n\nThread A:\n hfsplus_write_inode()\n -\u003e hfsplus_write_system_inode()\n -\u003e hfs_btree_write()\n -\u003e hfs_bnode_find(tree, 0)\n -\u003e __hfs_bnode_create(tree, 0)\n\nThread B:\n hfsplus_create_cat()\n -\u003e hfs_brec_insert()\n -\u003e hfs_bnode_split()\n -\u003e hfs_bmap_alloc()\n -\u003e hfs_bnode_find(tree, 0)\n -\u003e __hfs_bnode_create(tree, 0)\n\nIn this case, thread A creates the bnode, sets refcnt=1, and hashes it.\nThread B also tries to create the same bnode, notices it has already\nbeen inserted, drops its own instance, and uses the hashed one without\ngetting the node.\n\n```\n\n\tnode2 = hfs_bnode_findhash(tree, cnid);\n\tif (!node2) { \u003c- Thread A\n\t\thash = hfs_bnode_hash(cnid);\n\t\tnode-\u003enext_hash = tree-\u003enode_hash[hash];\n\t\ttree-\u003enode_hash[hash] = node;\n\t\ttree-\u003enode_hash_cnt++;\n\t} else { \u003c- Thread B\n\t\tspin_unlock(\u0026tree-\u003ehash_lock);\n\t\tkfree(node);\n\t\twait_event(node2-\u003elock_wq,\n\t\t\t!test_bit(HFS_BNODE_NEW, \u0026node2-\u003eflags));\n\t\treturn node2;\n\t}\n```\n\nHowever, hfs_bnode_find() requires each call to take a reference.\nHere both threads end up setting refcnt=1. When they later put the node,\nthis triggers:\n\nBUG_ON(!atomic_read(\u0026node-\u003erefcnt))\n\nIn this scenario, Thread B in fact finds the node in the hash table\nrather than creating a new one, and thus must take a reference.\n\nFix this by calling hfs_bnode_get() when reusing a bnode newly created by\nanother thread to ensure the refcount is updated correctly.\n\nA similar bug was fixed in HFS long ago in commit\na9dc087fd3c4 (\"fix missing hfs_bnode_get() in __hfs_bnode_create\")\nbut the same issue remained in HFS+ until now.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68774", "https://git.kernel.org/linus/152af114287851583cf7e0abc10129941f19466a (6.19-rc1)", "https://git.kernel.org/stable/c/152af114287851583cf7e0abc10129941f19466a", "https://git.kernel.org/stable/c/39e149d58ef4d7883cbf87448d39d51292fd342d", "https://git.kernel.org/stable/c/3b0fc7af50b896d0f3d104e70787ba1973bc0b56", "https://git.kernel.org/stable/c/457f795e7abd7770de10216d7f9994a3f12a56d6", "https://git.kernel.org/stable/c/5882e7c8cdbb5e254a69628b780acff89c78071e", "https://git.kernel.org/stable/c/b68dc4134b18a3922cd33439ec614aad4172bc86", "https://git.kernel.org/stable/c/b9d1c6bb5f19460074ce9862cb80be86b5fb0a50", "https://lore.kernel.org/linux-cve-announce/2026011358-CVE-2025-68774-f2fd@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68774", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68774" ], "PublishedDate": "2026-01-13T16:15:56.96Z", "LastModifiedDate": "2026-01-19T13:16:13.05Z" }, { "VulnerabilityID": "CVE-2025-68776", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68776", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2ce9d29b1f7941f06fde7ebfa6350790eded294b3314b2ed48c62b47374875c2", "Title": "kernel: Linux kernel: Denial of Service via NULL pointer dereference in HSR", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/hsr: fix NULL pointer dereference in prp_get_untagged_frame()\n\nprp_get_untagged_frame() calls __pskb_copy() to create frame-\u003eskb_std\nbut doesn't check if the allocation failed. If __pskb_copy() returns\nNULL, skb_clone() is called with a NULL pointer, causing a crash:\n\nOops: general protection fault, probably for non-canonical address 0xdffffc000000000f: 0000 [#1] SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000078-0x000000000000007f]\nCPU: 0 UID: 0 PID: 5625 Comm: syz.1.18 Not tainted syzkaller #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nRIP: 0010:skb_clone+0xd7/0x3a0 net/core/skbuff.c:2041\nCode: 03 42 80 3c 20 00 74 08 4c 89 f7 e8 23 29 05 f9 49 83 3e 00 0f 85 a0 01 00 00 e8 94 dd 9d f8 48 8d 6b 7e 49 89 ee 49 c1 ee 03 \u003c43\u003e 0f b6 04 26 84 c0 0f 85 d1 01 00 00 44 0f b6 7d 00 41 83 e7 0c\nRSP: 0018:ffffc9000d00f200 EFLAGS: 00010207\nRAX: ffffffff892235a1 RBX: 0000000000000000 RCX: ffff88803372a480\nRDX: 0000000000000000 RSI: 0000000000000820 RDI: 0000000000000000\nRBP: 000000000000007e R08: ffffffff8f7d0f77 R09: 1ffffffff1efa1ee\nR10: dffffc0000000000 R11: fffffbfff1efa1ef R12: dffffc0000000000\nR13: 0000000000000820 R14: 000000000000000f R15: ffff88805144cc00\nFS: 0000555557f6d500(0000) GS:ffff88808d72f000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000555581d35808 CR3: 000000005040e000 CR4: 0000000000352ef0\nCall Trace:\n \u003cTASK\u003e\n hsr_forward_do net/hsr/hsr_forward.c:-1 [inline]\n hsr_forward_skb+0x1013/0x2860 net/hsr/hsr_forward.c:741\n hsr_handle_frame+0x6ce/0xa70 net/hsr/hsr_slave.c:84\n __netif_receive_skb_core+0x10b9/0x4380 net/core/dev.c:5966\n __netif_receive_skb_one_core net/core/dev.c:6077 [inline]\n __netif_receive_skb+0x72/0x380 net/core/dev.c:6192\n netif_receive_skb_internal net/core/dev.c:6278 [inline]\n netif_receive_skb+0x1cb/0x790 net/core/dev.c:6337\n tun_rx_batched+0x1b9/0x730 drivers/net/tun.c:1485\n tun_get_user+0x2b65/0x3e90 drivers/net/tun.c:1953\n tun_chr_write_iter+0x113/0x200 drivers/net/tun.c:1999\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x5c9/0xb30 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f0449f8e1ff\nCode: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48\nRSP: 002b:00007ffd7ad94c90 EFLAGS: 00000293 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 00007f044a1e5fa0 RCX: 00007f0449f8e1ff\nRDX: 000000000000003e RSI: 0000200000000500 RDI: 00000000000000c8\nRBP: 00007ffd7ad94d20 R08: 0000000000000000 R09: 0000000000000000\nR10: 000000000000003e R11: 0000000000000293 R12: 0000000000000001\nR13: 00007f044a1e5fa0 R14: 00007f044a1e5fa0 R15: 0000000000000003\n \u003c/TASK\u003e\n\nAdd a NULL check immediately after __pskb_copy() to handle allocation\nfailures gracefully.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68776", "https://git.kernel.org/linus/188e0fa5a679570ea35474575e724d8211423d17 (6.19-rc2)", "https://git.kernel.org/stable/c/1742974c24a9c1f1fd2e5edca0cbaccb720b397a", "https://git.kernel.org/stable/c/188e0fa5a679570ea35474575e724d8211423d17", "https://git.kernel.org/stable/c/3ce95a57d8a1f0e20b637cdeddaaed81831ca819", "https://git.kernel.org/stable/c/6220d38a08f8837575cd8f830928b49a3a5a5095", "https://git.kernel.org/stable/c/7be6d25f4d974e44918ba3a5d58ebb9d36879087", "https://git.kernel.org/stable/c/8f289fa12926aae44347ca7d490e216555d8f255", "https://git.kernel.org/stable/c/c851e43b88b40bb7c20176c51cbf4f8c8d960dd9", "https://linux.oracle.com/cve/CVE-2025-68776.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026011359-CVE-2025-68776-5aed@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68776", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68776" ], "PublishedDate": "2026-01-13T16:15:57.193Z", "LastModifiedDate": "2026-01-19T13:16:13.157Z" }, { "VulnerabilityID": "CVE-2025-68777", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68777", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f8326c43fbab8f6f7a957a41348cb92acf30001f12be6136009a07b38f4b98de", "Title": "kernel: Input: ti_am335x_tsc - fix off-by-one error in wire_order validation", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: ti_am335x_tsc - fix off-by-one error in wire_order validation\n\nThe current validation 'wire_order[i] \u003e ARRAY_SIZE(config_pins)' allows\nwire_order[i] to equal ARRAY_SIZE(config_pins), which causes out-of-bounds\naccess when used as index in 'config_pins[wire_order[i]]'.\n\nSince config_pins has 4 elements (indices 0-3), the valid range for\nwire_order should be 0-3. Fix the off-by-one error by using \u003e= instead\nof \u003e in the validation check.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68777", "https://git.kernel.org/linus/248d3a73a0167dce15ba100477c3e778c4787178 (6.19-rc2)", "https://git.kernel.org/stable/c/08c0b561823a7026364efb38ed7f4a3af48ccfcd", "https://git.kernel.org/stable/c/136abe173a3cc2951d70c6e51fe7abdbadbb204b", "https://git.kernel.org/stable/c/248d3a73a0167dce15ba100477c3e778c4787178", "https://git.kernel.org/stable/c/40e3042de43ffa0017a8460ff9b4cad7b8c7cb96", "https://git.kernel.org/stable/c/84e4d3543168912549271b34261f5e0f94952d6e", "https://git.kernel.org/stable/c/a7ff2360431561b56f559d3a628d1f096048d178", "https://git.kernel.org/stable/c/bf95ec55805828c4f2b5241fb6b0c12388548570", "https://lore.kernel.org/linux-cve-announce/2026011359-CVE-2025-68777-2073@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68777", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68777" ], "PublishedDate": "2026-01-13T16:15:57.31Z", "LastModifiedDate": "2026-01-19T13:16:13.26Z" }, { "VulnerabilityID": "CVE-2025-68778", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68778", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1b50c99cbb2e22df533b3df53fa96d5e51593bab7bc53d414ef762184f2d1c18", "Title": "kernel: btrfs: don't log conflicting inode if it's a dir moved in the current transaction", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don't log conflicting inode if it's a dir moved in the current transaction\n\nWe can't log a conflicting inode if it's a directory and it was moved\nfrom one parent directory to another parent directory in the current\ntransaction, as this can result an attempt to have a directory with\ntwo hard links during log replay, one for the old parent directory and\nanother for the new parent directory.\n\nThe following scenario triggers that issue:\n\n1) We have directories \"dir1\" and \"dir2\" created in a past transaction.\n Directory \"dir1\" has inode A as its parent directory;\n\n2) We move \"dir1\" to some other directory;\n\n3) We create a file with the name \"dir1\" in directory inode A;\n\n4) We fsync the new file. This results in logging the inode of the new file\n and the inode for the directory \"dir1\" that was previously moved in the\n current transaction. So the log tree has the INODE_REF item for the\n new location of \"dir1\";\n\n5) We move the new file to some other directory. This results in updating\n the log tree to included the new INODE_REF for the new location of the\n file and removes the INODE_REF for the old location. This happens\n during the rename when we call btrfs_log_new_name();\n\n6) We fsync the file, and that persists the log tree changes done in the\n previous step (btrfs_log_new_name() only updates the log tree in\n memory);\n\n7) We have a power failure;\n\n8) Next time the fs is mounted, log replay happens and when processing\n the inode for directory \"dir1\" we find a new INODE_REF and add that\n link, but we don't remove the old link of the inode since we have\n not logged the old parent directory of the directory inode \"dir1\".\n\nAs a result after log replay finishes when we trigger writeback of the\nsubvolume tree's extent buffers, the tree check will detect that we have\na directory a hard link count of 2 and we get a mount failure.\nThe errors and stack traces reported in dmesg/syslog are like this:\n\n [ 3845.729764] BTRFS info (device dm-0): start tree-log replay\n [ 3845.730304] page: refcount:3 mapcount:0 mapping:000000005c8a3027 index:0x1d00 pfn:0x11510c\n [ 3845.731236] memcg:ffff9264c02f4e00\n [ 3845.731751] aops:btree_aops [btrfs] ino:1\n [ 3845.732300] flags: 0x17fffc00000400a(uptodate|private|writeback|node=0|zone=2|lastcpupid=0x1ffff)\n [ 3845.733346] raw: 017fffc00000400a 0000000000000000 dead000000000122 ffff9264d978aea8\n [ 3845.734265] raw: 0000000000001d00 ffff92650e6d4738 00000003ffffffff ffff9264c02f4e00\n [ 3845.735305] page dumped because: eb page dump\n [ 3845.735981] BTRFS critical (device dm-0): corrupt leaf: root=5 block=30408704 slot=6 ino=257, invalid nlink: has 2 expect no more than 1 for dir\n [ 3845.737786] BTRFS info (device dm-0): leaf 30408704 gen 10 total ptrs 17 free space 14881 owner 5\n [ 3845.737789] BTRFS info (device dm-0): refs 4 lock_owner 0 current 30701\n [ 3845.737792] \titem 0 key (256 INODE_ITEM 0) itemoff 16123 itemsize 160\n [ 3845.737794] \t\tinode generation 3 transid 9 size 16 nbytes 16384\n [ 3845.737795] \t\tblock group 0 mode 40755 links 1 uid 0 gid 0\n [ 3845.737797] \t\trdev 0 sequence 2 flags 0x0\n [ 3845.737798] \t\tatime 1764259517.0\n [ 3845.737800] \t\tctime 1764259517.572889464\n [ 3845.737801] \t\tmtime 1764259517.572889464\n [ 3845.737802] \t\totime 1764259517.0\n [ 3845.737803] \titem 1 key (256 INODE_REF 256) itemoff 16111 itemsize 12\n [ 3845.737805] \t\tindex 0 name_len 2\n [ 3845.737807] \titem 2 key (256 DIR_ITEM 2363071922) itemoff 16077 itemsize 34\n [ 3845.737808] \t\tlocation key (257 1 0) type 2\n [ 3845.737810] \t\ttransid 9 data_len 0 name_len 4\n [ 3845.737811] \titem 3 key (256 DIR_ITEM 2676584006) itemoff 16043 itemsize 34\n [ 3845.737813] \t\tlocation key (258 1 0) type 2\n [ 3845.737814] \t\ttransid 9 data_len 0 name_len 4\n [ 3845.737815] \titem 4 key (256 DIR_INDEX 2) itemoff 16009 itemsize 34\n [ 3845.737816] \t\tlocation key (257 1 0) type 2\n [\n---truncated---", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68778", "https://git.kernel.org/linus/266273eaf4d99475f1ae57f687b3e42bc71ec6f0 (6.19-rc2)", "https://git.kernel.org/stable/c/266273eaf4d99475f1ae57f687b3e42bc71ec6f0", "https://git.kernel.org/stable/c/7359e1d39c78816ecbdb0cb4e93975794ce53973", "https://git.kernel.org/stable/c/a35788ddf8df65837897ecbb0ddb2896b863159e", "https://git.kernel.org/stable/c/d478f50727c3ee46d0359f0d2ae114f70191816e", "https://git.kernel.org/stable/c/d64f3834dffef80f0a9185a037617a54ed7f4bd2", "https://linux.oracle.com/cve/CVE-2025-68778.html", "https://linux.oracle.com/errata/ELSA-2026-50112.html", "https://lore.kernel.org/linux-cve-announce/2026011300-CVE-2025-68778-c392@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68778", "https://www.cve.org/CVERecord?id=CVE-2025-68778" ], "PublishedDate": "2026-01-13T16:15:57.423Z", "LastModifiedDate": "2026-01-14T16:26:00.933Z" }, { "VulnerabilityID": "CVE-2025-68779", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68779", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:84ce028048ce7400b82df66aef1a2d174f07f893896088e0b75b3c5e86231053", "Title": "kernel: net/mlx5e: Avoid unregistering PSP twice", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Avoid unregistering PSP twice\n\nPSP is unregistered twice in:\n_mlx5e_remove -\u003e mlx5e_psp_unregister\nmlx5e_nic_cleanup -\u003e mlx5e_psp_unregister\n\nThis leads to a refcount underflow in some conditions:\n------------[ cut here ]------------\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 2 PID: 1694 at lib/refcount.c:28 refcount_warn_saturate+0xd8/0xe0\n[...]\n mlx5e_psp_unregister+0x26/0x50 [mlx5_core]\n mlx5e_nic_cleanup+0x26/0x90 [mlx5_core]\n mlx5e_remove+0xe6/0x1f0 [mlx5_core]\n auxiliary_bus_remove+0x18/0x30\n device_release_driver_internal+0x194/0x1f0\n bus_remove_device+0xc6/0x130\n device_del+0x159/0x3c0\n mlx5_rescan_drivers_locked+0xbc/0x2a0 [mlx5_core]\n[...]\n\nDo not directly remove psp from the _mlx5e_remove path, the PSP cleanup\nhappens as part of profile cleanup.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68779", "https://git.kernel.org/linus/35e93736f69963337912594eb3951ab320b77521 (6.19-rc2)", "https://git.kernel.org/stable/c/35e93736f69963337912594eb3951ab320b77521", "https://git.kernel.org/stable/c/e12c912f92ccea671b514caf371f28485714bb4b", "https://lore.kernel.org/linux-cve-announce/2026011300-CVE-2025-68779-726e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68779", "https://www.cve.org/CVERecord?id=CVE-2025-68779" ], "PublishedDate": "2026-01-13T16:15:57.55Z", "LastModifiedDate": "2026-01-14T16:26:00.933Z" }, { "VulnerabilityID": "CVE-2025-68780", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68780", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a58549bd5fc461b4e214a46a8c7ea5601ac9b3e3e299fe28ab9ec372c7aa944e", "Title": "kernel: sched/deadline: only set free_cpus for online runqueues", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/deadline: only set free_cpus for online runqueues\n\nCommit 16b269436b72 (\"sched/deadline: Modify cpudl::free_cpus\nto reflect rd-\u003eonline\") introduced the cpudl_set/clear_freecpu\nfunctions to allow the cpu_dl::free_cpus mask to be manipulated\nby the deadline scheduler class rq_on/offline callbacks so the\nmask would also reflect this state.\n\nCommit 9659e1eeee28 (\"sched/deadline: Remove cpu_active_mask\nfrom cpudl_find()\") removed the check of the cpu_active_mask to\nsave some processing on the premise that the cpudl::free_cpus\nmask already reflected the runqueue online state.\n\nUnfortunately, there are cases where it is possible for the\ncpudl_clear function to set the free_cpus bit for a CPU when the\ndeadline runqueue is offline. When this occurs while a CPU is\nconnected to the default root domain the flag may retain the bad\nstate after the CPU has been unplugged. Later, a different CPU\nthat is transitioning through the default root domain may push a\ndeadline task to the powered down CPU when cpudl_find sees its\nfree_cpus bit is set. If this happens the task will not have the\nopportunity to run.\n\nOne example is outlined here:\nhttps://lore.kernel.org/lkml/20250110233010.2339521-1-opendmb@gmail.com\n\nAnother occurs when the last deadline task is migrated from a\nCPU that has an offlined runqueue. The dequeue_task member of\nthe deadline scheduler class will eventually call cpudl_clear\nand set the free_cpus bit for the CPU.\n\nThis commit modifies the cpudl_clear function to be aware of the\nonline state of the deadline runqueue so that the free_cpus mask\ncan be updated appropriately.\n\nIt is no longer necessary to manage the mask outside of the\ncpudl_set/clear functions so the cpudl_set/clear_freecpu\nfunctions are removed. In addition, since the free_cpus mask is\nnow only updated under the cpudl lock the code was changed to\nuse the non-atomic __cpumask functions.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68780", "https://git.kernel.org/linus/382748c05e58a9f1935f5a653c352422375566ea (6.19-rc1)", "https://git.kernel.org/stable/c/382748c05e58a9f1935f5a653c352422375566ea", "https://git.kernel.org/stable/c/3ed049fbfb4d75b4e0b8ab54c934f485129d5dc8", "https://git.kernel.org/stable/c/9019e399684e3cc68c4a3f050e268f74d69c1317", "https://git.kernel.org/stable/c/91e448e69aca4bb0ba2e998eb3e555644db7322b", "https://git.kernel.org/stable/c/dbc61834b0412435df21c71410562d933e4eba49", "https://git.kernel.org/stable/c/fb36846cbcc936954f2ad2bffdff13d16c0be08a", "https://linux.oracle.com/cve/CVE-2025-68780.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026011300-CVE-2025-68780-f5c8@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68780", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68780" ], "PublishedDate": "2026-01-13T16:15:57.657Z", "LastModifiedDate": "2026-01-19T13:16:13.357Z" }, { "VulnerabilityID": "CVE-2025-68781", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68781", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:fa5e953a6b969d7a218def3d022fb7b0072fc951996648bc4880ba1d42210583", "Title": "kernel: usb: phy: fsl-usb: Fix use-after-free in delayed work during device removal", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: phy: fsl-usb: Fix use-after-free in delayed work during device removal\n\nThe delayed work item otg_event is initialized in fsl_otg_conf() and\nscheduled under two conditions:\n1. When a host controller binds to the OTG controller.\n2. When the USB ID pin state changes (cable insertion/removal).\n\nA race condition occurs when the device is removed via fsl_otg_remove():\nthe fsl_otg instance may be freed while the delayed work is still pending\nor executing. This leads to use-after-free when the work function\nfsl_otg_event() accesses the already freed memory.\n\nThe problematic scenario:\n\n(detach thread) | (delayed work)\nfsl_otg_remove() |\n kfree(fsl_otg_dev) //FREE| fsl_otg_event()\n | og = container_of(...) //USE\n | og-\u003e //USE\n\nFix this by calling disable_delayed_work_sync() in fsl_otg_remove()\nbefore deallocating the fsl_otg structure. This ensures the delayed work\nis properly canceled and completes execution prior to memory deallocation.\n\nThis bug was identified through static analysis.", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68781", "https://git.kernel.org/linus/41ca62e3e21e48c2903b3b45e232cf4f2ff7434f (6.19-rc3)", "https://git.kernel.org/stable/c/2e7c47e2eb3cfeadf78a1ccbac8492c60d508f23", "https://git.kernel.org/stable/c/319f7a85b3c4e34ac2fe083eb146fe129a556317", "https://git.kernel.org/stable/c/41ca62e3e21e48c2903b3b45e232cf4f2ff7434f", "https://git.kernel.org/stable/c/4476c73bbbb09b13a962176fca934b32d3954a2e", "https://git.kernel.org/stable/c/69f9a0701abc3d1f8225074c56c27e6c16a37222", "https://lore.kernel.org/linux-cve-announce/2026011301-CVE-2025-68781-f30f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68781", "https://www.cve.org/CVERecord?id=CVE-2025-68781" ], "PublishedDate": "2026-01-13T16:15:57.773Z", "LastModifiedDate": "2026-01-14T16:26:00.933Z" }, { "VulnerabilityID": "CVE-2025-68782", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68782", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:59b5611184e57d174d022d30c4279f2d707f6afdc10f5da5c01e8af4f192c333", "Title": "kernel: scsi: target: Reset t_task_cdb pointer in error case", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: Reset t_task_cdb pointer in error case\n\nIf allocation of cmd-\u003et_task_cdb fails, it remains NULL but is later\ndereferenced in the 'err' path.\n\nIn case of error, reset NULL t_task_cdb value to point at the default\nfixed-size buffer.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68782", "https://git.kernel.org/linus/5053eab38a4c4543522d0c320c639c56a8b59908 (6.19-rc1)", "https://git.kernel.org/stable/c/0260ad551b0815eb788d47f32899fbcd65d6f128", "https://git.kernel.org/stable/c/0d36db68fdb8a3325386fd9523b67735f944e1f3", "https://git.kernel.org/stable/c/45fd86b444105c8bd07a763f58635c87e5dc7aea", "https://git.kernel.org/stable/c/5053eab38a4c4543522d0c320c639c56a8b59908", "https://git.kernel.org/stable/c/6cac97b12bdab04832e0416d049efcd0d48d303b", "https://git.kernel.org/stable/c/8727663ded659aad55eef21e3864ebf5a4796a96", "https://git.kernel.org/stable/c/8edbb9e371af186b4cf40819dab65fafe109df4d", "https://linux.oracle.com/cve/CVE-2025-68782.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026011301-CVE-2025-68782-a72f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68782", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68782" ], "PublishedDate": "2026-01-13T16:15:57.89Z", "LastModifiedDate": "2026-01-19T13:16:13.45Z" }, { "VulnerabilityID": "CVE-2025-68783", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68783", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:461a2cb65376d82133354040cf2994b6f33afde932f6b1b876944f9dafc7ad8f", "Title": "kernel: ALSA: usb-mixer: us16x08: validate meter packet indices", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-mixer: us16x08: validate meter packet indices\n\nget_meter_levels_from_urb() parses the 64-byte meter packets sent by\nthe device and fills the per-channel arrays meter_level[],\ncomp_level[] and master_level[] in struct snd_us16x08_meter_store.\n\nCurrently the function derives the channel index directly from the\nmeter packet (MUB2(meter_urb, s) - 1) and uses it to index those\narrays without validating the range. If the packet contains a\nnegative or out-of-range channel number, the driver may write past\nthe end of these arrays.\n\nIntroduce a local channel variable and validate it before updating the\narrays. We reject negative indices, limit meter_level[] and\ncomp_level[] to SND_US16X08_MAX_CHANNELS, and guard master_level[]\nupdates with ARRAY_SIZE(master_level).", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "oracle-oval": 3, "photon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68783", "https://git.kernel.org/linus/5526c1c6ba1d0913c7dfcbbd6fe1744ea7c55f1e (6.19-rc3)", "https://git.kernel.org/stable/c/2168866396bd28ec4f3c8da0fbc7d08b5bd4f053", "https://git.kernel.org/stable/c/2f21a7cbaaa93926f5be15bc095b9c57c35748d9", "https://git.kernel.org/stable/c/53461710a95e15ac1f6542450943a492ecf8e550", "https://git.kernel.org/stable/c/5526c1c6ba1d0913c7dfcbbd6fe1744ea7c55f1e", "https://git.kernel.org/stable/c/a8ad320efb663be30b794e3dd3e829301c0d0ed3", "https://git.kernel.org/stable/c/cde47f4ccad6751ac36b7471572ddf38ee91870c", "https://git.kernel.org/stable/c/eaa95228b8a56c4880a182c0350d67922b22408f", "https://linux.oracle.com/cve/CVE-2025-68783.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026011302-CVE-2025-68783-e807@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68783", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68783" ], "PublishedDate": "2026-01-13T16:15:58Z", "LastModifiedDate": "2026-01-19T13:16:13.55Z" }, { "VulnerabilityID": "CVE-2025-68785", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68785", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d2c7ba807e1f66842d77eef918689df55a259238a4cabf147bc65afe3ec844b5", "Title": "kernel: net: openvswitch: fix middle attribute validation in push_nsh() action", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: fix middle attribute validation in push_nsh() action\n\nThe push_nsh() action structure looks like this:\n\n OVS_ACTION_ATTR_PUSH_NSH(OVS_KEY_ATTR_NSH(OVS_NSH_KEY_ATTR_BASE,...))\n\nThe outermost OVS_ACTION_ATTR_PUSH_NSH attribute is OK'ed by the\nnla_for_each_nested() inside __ovs_nla_copy_actions(). The innermost\nOVS_NSH_KEY_ATTR_BASE/MD1/MD2 are OK'ed by the nla_for_each_nested()\ninside nsh_key_put_from_nlattr(). But nothing checks if the attribute\nin the middle is OK. We don't even check that this attribute is the\nOVS_KEY_ATTR_NSH. We just do a double unwrap with a pair of nla_data()\ncalls - first time directly while calling validate_push_nsh() and the\nsecond time as part of the nla_for_each_nested() macro, which isn't\nsafe, potentially causing invalid memory access if the size of this\nattribute is incorrect. The failure may not be noticed during\nvalidation due to larger netlink buffer, but cause trouble later during\naction execution where the buffer is allocated exactly to the size:\n\n BUG: KASAN: slab-out-of-bounds in nsh_hdr_from_nlattr+0x1dd/0x6a0 [openvswitch]\n Read of size 184 at addr ffff88816459a634 by task a.out/22624\n\n CPU: 8 UID: 0 PID: 22624 6.18.0-rc7+ #115 PREEMPT(voluntary)\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x51/0x70\n print_address_description.constprop.0+0x2c/0x390\n kasan_report+0xdd/0x110\n kasan_check_range+0x35/0x1b0\n __asan_memcpy+0x20/0x60\n nsh_hdr_from_nlattr+0x1dd/0x6a0 [openvswitch]\n push_nsh+0x82/0x120 [openvswitch]\n do_execute_actions+0x1405/0x2840 [openvswitch]\n ovs_execute_actions+0xd5/0x3b0 [openvswitch]\n ovs_packet_cmd_execute+0x949/0xdb0 [openvswitch]\n genl_family_rcv_msg_doit+0x1d6/0x2b0\n genl_family_rcv_msg+0x336/0x580\n genl_rcv_msg+0x9f/0x130\n netlink_rcv_skb+0x11f/0x370\n genl_rcv+0x24/0x40\n netlink_unicast+0x73e/0xaa0\n netlink_sendmsg+0x744/0xbf0\n __sys_sendto+0x3d6/0x450\n do_syscall_64+0x79/0x2c0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n \u003c/TASK\u003e\n\nLet's add some checks that the attribute is properly sized and it's\nthe only one attribute inside the action. Technically, there is no\nreal reason for OVS_KEY_ATTR_NSH to be there, as we know that we're\npushing an NSH header already, it just creates extra nesting, but\nthat's how uAPI works today. So, keeping as it is.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 3, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68785", "https://git.kernel.org/linus/5ace7ef87f059d68b5f50837ef3e8a1a4870c36e (6.19-rc2)", "https://git.kernel.org/stable/c/10ffc558246f2c75619aedda0921906095e46702", "https://git.kernel.org/stable/c/1b569db9c2f28b599e40050524aae5f7332bc294", "https://git.kernel.org/stable/c/2ecfc4433acdb149eafd7fb22d7fd4adf90b25e9", "https://git.kernel.org/stable/c/3bc2efff20a38b2c7ca18317649715df0dd62ced", "https://git.kernel.org/stable/c/5ace7ef87f059d68b5f50837ef3e8a1a4870c36e", "https://git.kernel.org/stable/c/c999153bfb2d1d9b295b7010d920f2a7c6d7595f", "https://git.kernel.org/stable/c/d0c135b8bbbcf92836068fd395bebeb7ae6c7bef", "https://linux.oracle.com/cve/CVE-2025-68785.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026011302-CVE-2025-68785-c96c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68785", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68785" ], "PublishedDate": "2026-01-13T16:15:58.227Z", "LastModifiedDate": "2026-01-19T13:16:13.65Z" }, { "VulnerabilityID": "CVE-2025-68786", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68786", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2f44b52c0ba4319e1357f742edb4cafc6bdc7f71045dcbad1d3f168bac4b2d89", "Title": "kernel: ksmbd: skip lock-range check on equal size to avoid size==0 underflow", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: skip lock-range check on equal size to avoid size==0 underflow\n\nWhen size equals the current i_size (including 0), the code used to call\ncheck_lock_range(filp, i_size, size - 1, WRITE), which computes `size - 1`\nand can underflow for size==0. Skip the equal case.", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68786", "https://git.kernel.org/linus/5d510ac31626ed157d2182149559430350cf2104 (6.19-rc1)", "https://git.kernel.org/stable/c/52fcbb92e0d3acfd1448b2a43b6595d540da5295", "https://git.kernel.org/stable/c/571204e4758a528fbd67330bd4b0dfbdafb33dd8", "https://git.kernel.org/stable/c/5d510ac31626ed157d2182149559430350cf2104", "https://git.kernel.org/stable/c/a6f4cfa3783804336491e0edcb250c25f9b59d33", "https://git.kernel.org/stable/c/da29cd197246c85c0473259f1cad897d9d28faea", "https://lore.kernel.org/linux-cve-announce/2026011303-CVE-2025-68786-d145@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68786", "https://www.cve.org/CVERecord?id=CVE-2025-68786" ], "PublishedDate": "2026-01-13T16:15:58.357Z", "LastModifiedDate": "2026-01-14T16:26:00.933Z" }, { "VulnerabilityID": "CVE-2025-68787", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68787", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8a641e26f3f2b9aab3b5500bdd2ba9fb520cc739f7b4d0b7b8fb4ca3a9a90fd7", "Title": "kernel: netrom: Fix memory leak in nr_sendmsg()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetrom: Fix memory leak in nr_sendmsg()\n\nsyzbot reported a memory leak [1].\n\nWhen function sock_alloc_send_skb() return NULL in nr_output(), the\noriginal skb is not freed, which was allocated in nr_sendmsg(). Fix this\nby freeing it before return.\n\n[1]\nBUG: memory leak\nunreferenced object 0xffff888129f35500 (size 240):\n comm \"syz.0.17\", pid 6119, jiffies 4294944652\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 10 52 28 81 88 ff ff ..........R(....\n backtrace (crc 1456a3e4):\n kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]\n slab_post_alloc_hook mm/slub.c:4983 [inline]\n slab_alloc_node mm/slub.c:5288 [inline]\n kmem_cache_alloc_node_noprof+0x36f/0x5e0 mm/slub.c:5340\n __alloc_skb+0x203/0x240 net/core/skbuff.c:660\n alloc_skb include/linux/skbuff.h:1383 [inline]\n alloc_skb_with_frags+0x69/0x3f0 net/core/skbuff.c:6671\n sock_alloc_send_pskb+0x379/0x3e0 net/core/sock.c:2965\n sock_alloc_send_skb include/net/sock.h:1859 [inline]\n nr_sendmsg+0x287/0x450 net/netrom/af_netrom.c:1105\n sock_sendmsg_nosec net/socket.c:727 [inline]\n __sock_sendmsg net/socket.c:742 [inline]\n sock_write_iter+0x293/0x2a0 net/socket.c:1195\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x45d/0x710 fs/read_write.c:686\n ksys_write+0x143/0x170 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68787", "https://git.kernel.org/linus/613d12dd794e078be8ff3cf6b62a6b9acf7f4619 (6.19-rc2)", "https://git.kernel.org/stable/c/09efbf54eeaecebe882af603c9939a4b1bb9567e", "https://git.kernel.org/stable/c/156a0f6341dce634a825db49ca20b48b1ae9bcc1", "https://git.kernel.org/stable/c/51f5fbc1681bdcffcc7d18bf3dfdb2b1278d3977", "https://git.kernel.org/stable/c/613d12dd794e078be8ff3cf6b62a6b9acf7f4619", "https://git.kernel.org/stable/c/73839497bbde5cd4fd02bbd9c8bc2640780ae65d", "https://git.kernel.org/stable/c/8d1ccba4b171cd504ecfa47349cb9864fc9d687c", "https://git.kernel.org/stable/c/f77e538ac4e3adb1882d5bccb7bfdc111b5963d3", "https://lore.kernel.org/linux-cve-announce/2026011303-CVE-2025-68787-af6d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68787", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68787" ], "PublishedDate": "2026-01-13T16:15:58.497Z", "LastModifiedDate": "2026-01-19T13:16:13.75Z" }, { "VulnerabilityID": "CVE-2025-68788", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68788", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a67b72da2e665f29ef705d22a82693e357c8f9f2521847bdc90848adbf6088e8", "Title": "kernel: fsnotify: do not generate ACCESS/MODIFY events on child for special files", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfsnotify: do not generate ACCESS/MODIFY events on child for special files\n\ninotify/fanotify do not allow users with no read access to a file to\nsubscribe to events (e.g. IN_ACCESS/IN_MODIFY), but they do allow the\nsame user to subscribe for watching events on children when the user\nhas access to the parent directory (e.g. /dev).\n\nUsers with no read access to a file but with read access to its parent\ndirectory can still stat the file and see if it was accessed/modified\nvia atime/mtime change.\n\nThe same is not true for special files (e.g. /dev/null). Users will not\ngenerally observe atime/mtime changes when other users read/write to\nspecial files, only when someone sets atime/mtime via utimensat().\n\nAlign fsnotify events with this stat behavior and do not generate\nACCESS/MODIFY events to parent watchers on read/write of special files.\nThe events are still generated to parent watchers on utimensat(). This\ncloses some side-channels that could be possibly used for information\nexfiltration [1].\n\n[1] https://snee.la/pdf/pubs/file-notification-attacks.pdf", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "V3Score": 2.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68788", "https://git.kernel.org/linus/635bc4def026a24e071436f4f356ea08c0eed6ff (6.19-rc2)", "https://git.kernel.org/stable/c/635bc4def026a24e071436f4f356ea08c0eed6ff", "https://git.kernel.org/stable/c/6a7d7d96eeeab7af2bd01afbb3d9878a11a13d91", "https://git.kernel.org/stable/c/7a93edb23bcf07a3aaf8b598edfc2faa8fbcc0b6", "https://git.kernel.org/stable/c/82f7416bcbd951549e758d15fc1a96a5afc2e900", "https://git.kernel.org/stable/c/859bdf438f01d9aa7f84b09c1202d548c7cad9e8", "https://git.kernel.org/stable/c/df2711544b050aba703e6da418c53c7dc5d443ca", "https://git.kernel.org/stable/c/e0643d46759db8b84c0504a676043e5e341b6c81", "https://linux.oracle.com/cve/CVE-2025-68788.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026011303-CVE-2025-68788-05bd@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68788", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68788" ], "PublishedDate": "2026-01-13T16:15:58.623Z", "LastModifiedDate": "2026-01-19T13:16:13.853Z" }, { "VulnerabilityID": "CVE-2025-68794", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68794", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5723121838a95eda194ff6bafc2d36e5cbac3dd59084b31fec874f5869042539", "Title": "kernel: iomap: adjust read range correctly for non-block-aligned positions", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\niomap: adjust read range correctly for non-block-aligned positions\n\niomap_adjust_read_range() assumes that the position and length passed in\nare block-aligned. This is not always the case however, as shown in the\nsyzbot generated case for erofs. This causes too many bytes to be\nskipped for uptodate blocks, which results in returning the incorrect\nposition and length to read in. If all the blocks are uptodate, this\nunderflows length and returns a position beyond the folio.\n\nFix the calculation to also take into account the block offset when\ncalculating how many bytes can be skipped for uptodate blocks.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68794", "https://git.kernel.org/linus/7aa6bc3e8766990824f66ca76c19596ce10daf3e (6.19-rc1)", "https://git.kernel.org/stable/c/12053695c8ef5410e8cc6c9ed4c0db9cd9c82b3e", "https://git.kernel.org/stable/c/142194fb21afe964d2d194cab1fc357cbf87e899", "https://git.kernel.org/stable/c/7aa6bc3e8766990824f66ca76c19596ce10daf3e", "https://git.kernel.org/stable/c/82b60ffbb532d919959702768dca04c3c0500ae5", "https://linux.oracle.com/cve/CVE-2025-68794.html", "https://linux.oracle.com/errata/ELSA-2026-50112.html", "https://lore.kernel.org/linux-cve-announce/2026011305-CVE-2025-68794-32db@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68794", "https://www.cve.org/CVERecord?id=CVE-2025-68794" ], "PublishedDate": "2026-01-13T16:16:01.31Z", "LastModifiedDate": "2026-01-14T16:26:00.933Z" }, { "VulnerabilityID": "CVE-2025-68795", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68795", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:eaa8aca46c5d4409207f0f556e01321630c895747fc86c8a526cc5a095c7d917", "Title": "kernel: ethtool: Avoid overflowing userspace buffer on stats query", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: Avoid overflowing userspace buffer on stats query\n\nThe ethtool -S command operates across three ioctl calls:\nETHTOOL_GSSET_INFO for the size, ETHTOOL_GSTRINGS for the names, and\nETHTOOL_GSTATS for the values.\n\nIf the number of stats changes between these calls (e.g., due to device\nreconfiguration), userspace's buffer allocation will be incorrect,\npotentially leading to buffer overflow.\n\nDrivers are generally expected to maintain stable stat counts, but some\ndrivers (e.g., mlx5, bnx2x, bna, ksz884x) use dynamic counters, making\nthis scenario possible.\n\nSome drivers try to handle this internally:\n- bnad_get_ethtool_stats() returns early in case stats.n_stats is not\n equal to the driver's stats count.\n- micrel/ksz884x also makes sure not to write anything beyond\n stats.n_stats and overflow the buffer.\n\nHowever, both use stats.n_stats which is already assigned with the value\nreturned from get_sset_count(), hence won't solve the issue described\nhere.\n\nChange ethtool_get_strings(), ethtool_get_stats(),\nethtool_get_phy_stats() to not return anything in case of a mismatch\nbetween userspace's size and get_sset_size(), to prevent buffer\noverflow.\nThe returned n_stats value will be equal to zero, to reflect that\nnothing has been returned.\n\nThis could result in one of two cases when using upstream ethtool,\ndepending on when the size change is detected:\n1. When detected in ethtool_get_strings():\n # ethtool -S eth2\n no stats available\n\n2. When detected in get stats, all stats will be reported as zero.\n\nBoth cases are presumably transient, and a subsequent ethtool call\nshould succeed.\n\nOther than the overflow avoidance, these two cases are very evident (no\noutput/cleared stats), which is arguably better than presenting\nincorrect/shifted stats.\nI also considered returning an error instead of a \"silent\" response, but\nthat seems more destructive towards userspace apps.\n\nNotes:\n- This patch does not claim to fix the inherent race, it only makes sure\n that we do not overflow the userspace buffer, and makes for a more\n predictable behavior.\n\n- RTNL lock is held during each ioctl, the race window exists between\n the separate ioctl calls when the lock is released.\n\n- Userspace ethtool always fills stats.n_stats, but it is likely that\n these stats ioctls are implemented in other userspace applications\n which might not fill it. The added code checks that it's not zero,\n to prevent any regressions.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68795", "https://git.kernel.org/linus/7b07be1ff1cb6c49869910518650e8d0abc7d25f (6.19-rc2)", "https://git.kernel.org/stable/c/3df375a1e75483b7d973c3cc2e46aa374db8428b", "https://git.kernel.org/stable/c/4066b5b546293f44cd6d0e84ece6e3ee7ff27093", "https://git.kernel.org/stable/c/4afcb985355210e1688560dc47e64b94dad35d71", "https://git.kernel.org/stable/c/7b07be1ff1cb6c49869910518650e8d0abc7d25f", "https://git.kernel.org/stable/c/7bea09f60f2ad5d232e2db8f1c14e850fd3fd416", "https://git.kernel.org/stable/c/ca9983bc3a1189bd72f9ae449d925a66b2616326", "https://git.kernel.org/stable/c/f9dc0f45d2cd0189ce666288a29d2cc32c2e44d5", "https://linux.oracle.com/cve/CVE-2025-68795.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026011306-CVE-2025-68795-4e3e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68795", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68795" ], "PublishedDate": "2026-01-13T16:16:01.42Z", "LastModifiedDate": "2026-01-19T13:16:14.05Z" }, { "VulnerabilityID": "CVE-2025-68796", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68796", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ed8a31524753972561a4503da5111f4f2cee71d7ef563ecf9492a519892f6d69", "Title": "kernel: f2fs: fix to avoid updating zero-sized extent in extent cache", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid updating zero-sized extent in extent cache\n\nAs syzbot reported:\n\nF2FS-fs (loop0): __update_extent_tree_range: extent len is zero, type: 0, extent [0, 0, 0], age [0, 0]\n------------[ cut here ]------------\nkernel BUG at fs/f2fs/extent_cache.c:678!\nOops: invalid opcode: 0000 [#1] SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 5336 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nRIP: 0010:__update_extent_tree_range+0x13bc/0x1500 fs/f2fs/extent_cache.c:678\nCall Trace:\n \u003cTASK\u003e\n f2fs_update_read_extent_cache_range+0x192/0x3e0 fs/f2fs/extent_cache.c:1085\n f2fs_do_zero_range fs/f2fs/file.c:1657 [inline]\n f2fs_zero_range+0x10c1/0x1580 fs/f2fs/file.c:1737\n f2fs_fallocate+0x583/0x990 fs/f2fs/file.c:2030\n vfs_fallocate+0x669/0x7e0 fs/open.c:342\n ioctl_preallocate fs/ioctl.c:289 [inline]\n file_ioctl+0x611/0x780 fs/ioctl.c:-1\n do_vfs_ioctl+0xb33/0x1430 fs/ioctl.c:576\n __do_sys_ioctl fs/ioctl.c:595 [inline]\n __se_sys_ioctl+0x82/0x170 fs/ioctl.c:583\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f07bc58eec9\n\nIn error path of f2fs_zero_range(), it may add a zero-sized extent\ninto extent cache, it should be avoided.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68796", "https://git.kernel.org/linus/7c37c79510329cd951a4dedf3f7bf7e2b18dccec (6.19-rc1)", "https://git.kernel.org/stable/c/4f244c64efe628d277b916f47071adf480eb8646", "https://git.kernel.org/stable/c/72c58a82e6fb7b327e8701f5786c70c3edc56188", "https://git.kernel.org/stable/c/7c37c79510329cd951a4dedf3f7bf7e2b18dccec", "https://git.kernel.org/stable/c/9c07bd262c13ca922adad6e7613d48505f97f548", "https://git.kernel.org/stable/c/bac23833220a1f8fe8dfab7e16efa20ff64d7589", "https://git.kernel.org/stable/c/e50b81c50fcbe63f50405bb40f262162ff32af88", "https://git.kernel.org/stable/c/efe3371001f50a2d6f746b50bdc6f9f26b2089ec", "https://lore.kernel.org/linux-cve-announce/2026011306-CVE-2025-68796-9eee@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68796", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68796" ], "PublishedDate": "2026-01-13T16:16:01.54Z", "LastModifiedDate": "2026-01-19T13:16:14.15Z" }, { "VulnerabilityID": "CVE-2025-68797", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68797", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d832ce71e380e6e5248906abf17b471fe219eef778fb743113bdbe95a974313a", "Title": "kernel: char: applicom: fix NULL pointer dereference in ac_ioctl", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nchar: applicom: fix NULL pointer dereference in ac_ioctl\n\nDiscovered by Atuin - Automated Vulnerability Discovery Engine.\n\nIn ac_ioctl, the validation of IndexCard and the check for a valid\nRamIO pointer are skipped when cmd is 6. However, the function\nunconditionally executes readb(apbs[IndexCard].RamIO + VERS) at the\nend.\n\nIf cmd is 6, IndexCard may reference a board that does not exist\n(where RamIO is NULL), leading to a NULL pointer dereference.\n\nFix this by skipping the readb access when cmd is 6, as this\ncommand is a global information query and does not target a specific\nboard context.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "photon": 3, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68797", "https://git.kernel.org/linus/82d12088c297fa1cef670e1718b3d24f414c23f7 (6.19-rc1)", "https://git.kernel.org/stable/c/0b8b353e09888bccee405e0dd6feafb60360f478", "https://git.kernel.org/stable/c/5a6240804fb7bbd4f5f6e706955248a6f4c1abbc", "https://git.kernel.org/stable/c/74883565c621eec6cd2e35fe6d27454cf2810c23", "https://git.kernel.org/stable/c/82d12088c297fa1cef670e1718b3d24f414c23f7", "https://git.kernel.org/stable/c/d1b0452280029d05a98c75631131ee61c0b0d084", "https://git.kernel.org/stable/c/d285517429a75423789e6408653e57b6fdfc8e54", "https://git.kernel.org/stable/c/f83e3e9f89181b42f6076a115d767a7552c4a39e", "https://lore.kernel.org/linux-cve-announce/2026011306-CVE-2025-68797-b45e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68797", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68797" ], "PublishedDate": "2026-01-13T16:16:01.66Z", "LastModifiedDate": "2026-01-19T13:16:14.25Z" }, { "VulnerabilityID": "CVE-2025-68798", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68798", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c4868c11e4d578e39c18b65a340301c4140e8f84a4867271f843830132537cfc", "Title": "kernel: perf/x86/amd: Check event before enable to avoid GPF", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/amd: Check event before enable to avoid GPF\n\nOn AMD machines cpuc-\u003eevents[idx] can become NULL in a subtle race\ncondition with NMI-\u003ethrottle-\u003ex86_pmu_stop().\n\nCheck event for NULL in amd_pmu_enable_all() before enable to avoid a GPF.\nThis appears to be an AMD only issue.\n\nSyzkaller reported a GPF in amd_pmu_enable_all.\n\nINFO: NMI handler (perf_event_nmi_handler) took too long to run: 13.143\n msecs\nOops: general protection fault, probably for non-canonical address\n 0xdffffc0000000034: 0000 PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x00000000000001a0-0x00000000000001a7]\nCPU: 0 UID: 0 PID: 328415 Comm: repro_36674776 Not tainted 6.12.0-rc1-syzk\nRIP: 0010:x86_pmu_enable_event (arch/x86/events/perf_event.h:1195\n arch/x86/events/core.c:1430)\nRSP: 0018:ffff888118009d60 EFLAGS: 00010012\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000\nRDX: 0000000000000034 RSI: 0000000000000000 RDI: 00000000000001a0\nRBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000002\nR13: ffff88811802a440 R14: ffff88811802a240 R15: ffff8881132d8601\nFS: 00007f097dfaa700(0000) GS:ffff888118000000(0000) GS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000200001c0 CR3: 0000000103d56000 CR4: 00000000000006f0\nCall Trace:\n \u003cIRQ\u003e\namd_pmu_enable_all (arch/x86/events/amd/core.c:760 (discriminator 2))\nx86_pmu_enable (arch/x86/events/core.c:1360)\nevent_sched_out (kernel/events/core.c:1191 kernel/events/core.c:1186\n kernel/events/core.c:2346)\n__perf_remove_from_context (kernel/events/core.c:2435)\nevent_function (kernel/events/core.c:259)\nremote_function (kernel/events/core.c:92 (discriminator 1)\n kernel/events/core.c:72 (discriminator 1))\n__flush_smp_call_function_queue (./arch/x86/include/asm/jump_label.h:27\n ./include/linux/jump_label.h:207 ./include/trace/events/csd.h:64\n kernel/smp.c:135 kernel/smp.c:540)\n__sysvec_call_function_single (./arch/x86/include/asm/jump_label.h:27\n ./include/linux/jump_label.h:207\n ./arch/x86/include/asm/trace/irq_vectors.h:99 arch/x86/kernel/smp.c:272)\nsysvec_call_function_single (arch/x86/kernel/smp.c:266 (discriminator 47)\n arch/x86/kernel/smp.c:266 (discriminator 47))\n \u003c/IRQ\u003e", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68798", "https://git.kernel.org/linus/866cf36bfee4fba6a492d2dcc5133f857e3446b0 (6.19-rc1)", "https://git.kernel.org/stable/c/43c2e5c2acaae50e99d1c20a5a46e367c442fb3b", "https://git.kernel.org/stable/c/49324a0c40f7e9bae1bd0362d23fc42232e14621", "https://git.kernel.org/stable/c/6e41d9ec8d7cc3f01b9ba785e05f0ebef8b3b37f", "https://git.kernel.org/stable/c/866cf36bfee4fba6a492d2dcc5133f857e3446b0", "https://git.kernel.org/stable/c/e1028fb38b328084bc683a4efb001c95d3108573", "https://linux.oracle.com/cve/CVE-2025-68798.html", "https://linux.oracle.com/errata/ELSA-2026-50112.html", "https://lore.kernel.org/linux-cve-announce/2026011307-CVE-2025-68798-ea9c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68798", "https://www.cve.org/CVERecord?id=CVE-2025-68798" ], "PublishedDate": "2026-01-13T16:16:01.77Z", "LastModifiedDate": "2026-01-14T16:26:00.933Z" }, { "VulnerabilityID": "CVE-2025-68799", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68799", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:65dd79f7895d98f863337d0d64810b2a996b1e4544fae365826b3b820e1dfbe4", "Title": "kernel: caif: fix integer underflow in cffrml_receive()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncaif: fix integer underflow in cffrml_receive()\n\nThe cffrml_receive() function extracts a length field from the packet\nheader and, when FCS is disabled, subtracts 2 from this length without\nvalidating that len \u003e= 2.\n\nIf an attacker sends a malicious packet with a length field of 0 or 1\nto an interface with FCS disabled, the subtraction causes an integer\nunderflow.\n\nThis can lead to memory exhaustion and kernel instability, potential\ninformation disclosure if padding contains uninitialized kernel memory.\n\nFix this by validating that len \u003e= 2 before performing the subtraction.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "photon": 3, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68799", "https://git.kernel.org/linus/8a11ff0948b5ad09b71896b7ccc850625f9878d1 (6.19-rc2)", "https://git.kernel.org/stable/c/21fdcc00656a60af3c7aae2dea8dd96abd35519c", "https://git.kernel.org/stable/c/4ec29714aa4e0601ea29d2f02b461fc0ac92c2c3", "https://git.kernel.org/stable/c/785c7be6361630070790f6235b696da156ac71b3", "https://git.kernel.org/stable/c/8a11ff0948b5ad09b71896b7ccc850625f9878d1", "https://git.kernel.org/stable/c/c54091eec6fed19e94182aa05dd6846600a642f7", "https://git.kernel.org/stable/c/f407f1c9f45bbf5c99fd80b3f3f4a94fdbe35691", "https://git.kernel.org/stable/c/f818cd472565f8b0c2c409b040e0121c5cf8592c", "https://lore.kernel.org/linux-cve-announce/2026011307-CVE-2025-68799-b0dd@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68799", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68799" ], "PublishedDate": "2026-01-13T16:16:01.907Z", "LastModifiedDate": "2026-01-19T13:16:14.353Z" }, { "VulnerabilityID": "CVE-2025-68800", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68800", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e9b5aa91e7f973d0cecc6d1ab16df17c30a3b002a2b30886184b374ae081a7cb", "Title": "kernel: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats\n\nCited commit added a dedicated mutex (instead of RTNL) to protect the\nmulticast route list, so that it will not change while the driver\nperiodically traverses it in order to update the kernel about multicast\nroute stats that were queried from the device.\n\nOne instance of list entry deletion (during route replace) was missed\nand it can result in a use-after-free [1].\n\nFix by acquiring the mutex before deleting the entry from the list and\nreleasing it afterwards.\n\n[1]\nBUG: KASAN: slab-use-after-free in mlxsw_sp_mr_stats_update+0x4a5/0x540 drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c:1006 [mlxsw_spectrum]\nRead of size 8 at addr ffff8881523c2fa8 by task kworker/2:5/22043\n\nCPU: 2 UID: 0 PID: 22043 Comm: kworker/2:5 Not tainted 6.18.0-rc1-custom-g1a3d6d7cd014 #1 PREEMPT(full)\nHardware name: Mellanox Technologies Ltd. MSN2010/SA002610, BIOS 5.6.5 08/24/2017\nWorkqueue: mlxsw_core mlxsw_sp_mr_stats_update [mlxsw_spectrum]\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xba/0x110\n print_report+0x174/0x4f5\n kasan_report+0xdf/0x110\n mlxsw_sp_mr_stats_update+0x4a5/0x540 drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c:1006 [mlxsw_spectrum]\n process_one_work+0x9cc/0x18e0\n worker_thread+0x5df/0xe40\n kthread+0x3b8/0x730\n ret_from_fork+0x3e9/0x560\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 29933:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x8f/0xa0\n mlxsw_sp_mr_route_add+0xd8/0x4770 [mlxsw_spectrum]\n mlxsw_sp_router_fibmr_event_work+0x371/0xad0 drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c:7965 [mlxsw_spectrum]\n process_one_work+0x9cc/0x18e0\n worker_thread+0x5df/0xe40\n kthread+0x3b8/0x730\n ret_from_fork+0x3e9/0x560\n ret_from_fork_asm+0x1a/0x30\n\nFreed by task 29933:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_save_free_info+0x3b/0x70\n __kasan_slab_free+0x43/0x70\n kfree+0x14e/0x700\n mlxsw_sp_mr_route_add+0x2dea/0x4770 drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c:444 [mlxsw_spectrum]\n mlxsw_sp_router_fibmr_event_work+0x371/0xad0 drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c:7965 [mlxsw_spectrum]\n process_one_work+0x9cc/0x18e0\n worker_thread+0x5df/0xe40\n kthread+0x3b8/0x730\n ret_from_fork+0x3e9/0x560\n ret_from_fork_asm+0x1a/0x30", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "azure": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H", "V3Score": 7.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4759", "https://access.redhat.com/security/cve/CVE-2025-68800", "https://bugzilla.redhat.com/2395797", "https://bugzilla.redhat.com/2429065", "https://bugzilla.redhat.com/show_bug.cgi?id=2395797", "https://bugzilla.redhat.com/show_bug.cgi?id=2429065", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39818", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68800", "https://errata.almalinux.org/9/ALSA-2026-4759.html", "https://errata.rockylinux.org/RLSA-2026:4759", "https://git.kernel.org/linus/8ac1dacec458f55f871f7153242ed6ab60373b90 (6.19-rc2)", "https://git.kernel.org/stable/c/216afc198484fde110ebeafc017992266f4596ce", "https://git.kernel.org/stable/c/37ca08b35a27ce8fd8e74dd3fd2ae21c23b63b73", "https://git.kernel.org/stable/c/4049a6ace209f4ed150429f86ae796d7d6a4c22b", "https://git.kernel.org/stable/c/5f2831fc593c2b2efbff7dd0dd7441cec76adcd5", "https://git.kernel.org/stable/c/6e367c361a523a4b54fe618215c64a0ee189caf0", "https://git.kernel.org/stable/c/8ac1dacec458f55f871f7153242ed6ab60373b90", "https://git.kernel.org/stable/c/b957366f5611bbaba03dd10ef861283347ddcc88", "https://linux.oracle.com/cve/CVE-2025-68800.html", "https://linux.oracle.com/errata/ELSA-2026-4759.html", "https://lore.kernel.org/linux-cve-announce/2026011307-CVE-2025-68800-39d2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68800", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68800" ], "PublishedDate": "2026-01-13T16:16:02.023Z", "LastModifiedDate": "2026-01-19T13:16:14.453Z" }, { "VulnerabilityID": "CVE-2025-68801", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68801", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7cdd9d1edffa7dcbb6a9eac3cf4ed73a5cd06ac36f3a24c9a8e67f41afe3827d", "Title": "kernel: mlxsw: spectrum_router: Fix neighbour use-after-free", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_router: Fix neighbour use-after-free\n\nWe sometimes observe use-after-free when dereferencing a neighbour [1].\nThe problem seems to be that the driver stores a pointer to the\nneighbour, but without holding a reference on it. A reference is only\ntaken when the neighbour is used by a nexthop.\n\nFix by simplifying the reference counting scheme. Always take a\nreference when storing a neighbour pointer in a neighbour entry. Avoid\ntaking a referencing when the neighbour is used by a nexthop as the\nneighbour entry associated with the nexthop already holds a reference.\n\nTested by running the test that uncovered the problem over 300 times.\nWithout this patch the problem was reproduced after a handful of\niterations.\n\n[1]\nBUG: KASAN: slab-use-after-free in mlxsw_sp_neigh_entry_update+0x2d4/0x310\nRead of size 8 at addr ffff88817f8e3420 by task ip/3929\n\nCPU: 3 UID: 0 PID: 3929 Comm: ip Not tainted 6.18.0-rc4-virtme-g36b21a067510 #3 PREEMPT(full)\nHardware name: Nvidia SN5600/VMOD0013, BIOS 5.13 05/31/2023\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x6f/0xa0\n print_address_description.constprop.0+0x6e/0x300\n print_report+0xfc/0x1fb\n kasan_report+0xe4/0x110\n mlxsw_sp_neigh_entry_update+0x2d4/0x310\n mlxsw_sp_router_rif_gone_sync+0x35f/0x510\n mlxsw_sp_rif_destroy+0x1ea/0x730\n mlxsw_sp_inetaddr_port_vlan_event+0xa1/0x1b0\n __mlxsw_sp_inetaddr_lag_event+0xcc/0x130\n __mlxsw_sp_inetaddr_event+0xf5/0x3c0\n mlxsw_sp_router_netdevice_event+0x1015/0x1580\n notifier_call_chain+0xcc/0x150\n call_netdevice_notifiers_info+0x7e/0x100\n __netdev_upper_dev_unlink+0x10b/0x210\n netdev_upper_dev_unlink+0x79/0xa0\n vrf_del_slave+0x18/0x50\n do_set_master+0x146/0x7d0\n do_setlink.isra.0+0x9a0/0x2880\n rtnl_newlink+0x637/0xb20\n rtnetlink_rcv_msg+0x6fe/0xb90\n netlink_rcv_skb+0x123/0x380\n netlink_unicast+0x4a3/0x770\n netlink_sendmsg+0x75b/0xc90\n __sock_sendmsg+0xbe/0x160\n ____sys_sendmsg+0x5b2/0x7d0\n ___sys_sendmsg+0xfd/0x180\n __sys_sendmsg+0x124/0x1c0\n do_syscall_64+0xbb/0xfd0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n[...]\n\nAllocated by task 109:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x7b/0x90\n __kmalloc_noprof+0x2c1/0x790\n neigh_alloc+0x6af/0x8f0\n ___neigh_create+0x63/0xe90\n mlxsw_sp_nexthop_neigh_init+0x430/0x7e0\n mlxsw_sp_nexthop_type_init+0x212/0x960\n mlxsw_sp_nexthop6_group_info_init.constprop.0+0x81f/0x1280\n mlxsw_sp_nexthop6_group_get+0x392/0x6a0\n mlxsw_sp_fib6_entry_create+0x46a/0xfd0\n mlxsw_sp_router_fib6_replace+0x1ed/0x5f0\n mlxsw_sp_router_fib6_event_work+0x10a/0x2a0\n process_one_work+0xd57/0x1390\n worker_thread+0x4d6/0xd40\n kthread+0x355/0x5b0\n ret_from_fork+0x1d4/0x270\n ret_from_fork_asm+0x11/0x20\n\nFreed by task 154:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x43/0x70\n kmem_cache_free_bulk.part.0+0x1eb/0x5e0\n kvfree_rcu_bulk+0x1f2/0x260\n kfree_rcu_work+0x130/0x1b0\n process_one_work+0xd57/0x1390\n worker_thread+0x4d6/0xd40\n kthread+0x355/0x5b0\n ret_from_fork+0x1d4/0x270\n ret_from_fork_asm+0x11/0x20\n\nLast potentially related work creation:\n kasan_save_stack+0x30/0x50\n kasan_record_aux_stack+0x8c/0xa0\n kvfree_call_rcu+0x93/0x5b0\n mlxsw_sp_router_neigh_event_work+0x67d/0x860\n process_one_work+0xd57/0x1390\n worker_thread+0x4d6/0xd40\n kthread+0x355/0x5b0\n ret_from_fork+0x1d4/0x270\n ret_from_fork_asm+0x11/0x20", "Severity": "MEDIUM", "VendorSeverity": { "azure": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H", "V3Score": 5.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68801", "https://git.kernel.org/linus/8b0e69763ef948fb872a7767df4be665d18f5fd4 (6.19-rc2)", "https://git.kernel.org/stable/c/4a3c569005f42ab5e5b2ad637132a33bf102cc08", "https://git.kernel.org/stable/c/675c5aeadf6472672c472dc0f26401e4fcfbf254", "https://git.kernel.org/stable/c/8b0e69763ef948fb872a7767df4be665d18f5fd4", "https://git.kernel.org/stable/c/9e0a0d9eeb0dbeba2c83fa837885b19b8b9230fc", "https://git.kernel.org/stable/c/a2dfe6758fc63e542105bee8b17a3a7485684db0", "https://git.kernel.org/stable/c/c437fbfd4382412598cdda1f8e2881b523668cc2", "https://git.kernel.org/stable/c/ed8141b206bdcfd5d0b92c90832eeb77b7a60a0a", "https://lore.kernel.org/linux-cve-announce/2026011308-CVE-2025-68801-d3d5@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68801", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68801" ], "PublishedDate": "2026-01-13T16:16:02.137Z", "LastModifiedDate": "2026-01-19T13:16:14.553Z" }, { "VulnerabilityID": "CVE-2025-68802", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68802", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2fd7ffdc78805a665ed1104d7a92722c93e87d0131e6baee7ace42eb5463fe43", "Title": "kernel: drm/xe: Limit num_syncs to prevent oversized allocations", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Limit num_syncs to prevent oversized allocations\n\nThe exec and vm_bind ioctl allow userspace to specify an arbitrary\nnum_syncs value. Without bounds checking, a very large num_syncs\ncan force an excessively large allocation, leading to kernel warnings\nfrom the page allocator as below.\n\nIntroduce DRM_XE_MAX_SYNCS (set to 1024) and reject any request\nexceeding this limit.\n\n\"\n------------[ cut here ]------------\nWARNING: CPU: 0 PID: 1217 at mm/page_alloc.c:5124 __alloc_frozen_pages_noprof+0x2f8/0x2180 mm/page_alloc.c:5124\n...\nCall Trace:\n \u003cTASK\u003e\n alloc_pages_mpol+0xe4/0x330 mm/mempolicy.c:2416\n ___kmalloc_large_node+0xd8/0x110 mm/slub.c:4317\n __kmalloc_large_node_noprof+0x18/0xe0 mm/slub.c:4348\n __do_kmalloc_node mm/slub.c:4364 [inline]\n __kmalloc_noprof+0x3d4/0x4b0 mm/slub.c:4388\n kmalloc_noprof include/linux/slab.h:909 [inline]\n kmalloc_array_noprof include/linux/slab.h:948 [inline]\n xe_exec_ioctl+0xa47/0x1e70 drivers/gpu/drm/xe/xe_exec.c:158\n drm_ioctl_kernel+0x1f1/0x3e0 drivers/gpu/drm/drm_ioctl.c:797\n drm_ioctl+0x5e7/0xc50 drivers/gpu/drm/drm_ioctl.c:894\n xe_drm_ioctl+0x10b/0x170 drivers/gpu/drm/xe/xe_device.c:224\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:598 [inline]\n __se_sys_ioctl fs/ioctl.c:584 [inline]\n __x64_sys_ioctl+0x18b/0x210 fs/ioctl.c:584\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xbb/0x380 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n\"\n\nv2: Add \"Reported-by\" and Cc stable kernels.\nv3: Change XE_MAX_SYNCS from 64 to 1024. (Matt \u0026 Ashutosh)\nv4: s/XE_MAX_SYNCS/DRM_XE_MAX_SYNCS/ (Matt)\nv5: Do the check at the top of the exec func. (Matt)\n\n(cherry picked from commit b07bac9bd708ec468cd1b8a5fe70ae2ac9b0a11c)", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68802", "https://git.kernel.org/linus/8e461304009135270e9ccf2d7e2dfe29daec9b60 (6.19-rc2)", "https://git.kernel.org/stable/c/1d200017f55f829b9e376093bd31dfbec92081de", "https://git.kernel.org/stable/c/8e461304009135270e9ccf2d7e2dfe29daec9b60", "https://git.kernel.org/stable/c/e281d1fd6903a081ef023c341145ae92258e38d2", "https://lore.kernel.org/linux-cve-announce/2026011308-CVE-2025-68802-a7f9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68802", "https://www.cve.org/CVERecord?id=CVE-2025-68802" ], "PublishedDate": "2026-01-13T16:16:02.26Z", "LastModifiedDate": "2026-01-14T16:26:00.933Z" }, { "VulnerabilityID": "CVE-2025-68803", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68803", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f3c056f2641c983340203e164496f1d751a58c72b620cdf5e18cbcdc7a54d408", "Title": "kernel: NFSD: NFSv4 file creation neglects setting ACL", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: NFSv4 file creation neglects setting ACL\n\nAn NFSv4 client that sets an ACL with a named principal during file\ncreation retrieves the ACL afterwards, and finds that it is only a\ndefault ACL (based on the mode bits) and not the ACL that was\nrequested during file creation. This violates RFC 8881 section\n6.4.1.3: \"the ACL attribute is set as given\".\n\nThe issue occurs in nfsd_create_setattr(), which calls\nnfsd_attrs_valid() to determine whether to call nfsd_setattr().\nHowever, nfsd_attrs_valid() checks only for iattr changes and\nsecurity labels, but not POSIX ACLs. When only an ACL is present,\nthe function returns false, nfsd_setattr() is skipped, and the\nPOSIX ACL is never applied to the inode.\n\nSubsequently, when the client retrieves the ACL, the server finds\nno POSIX ACL on the inode and returns one generated from the file's\nmode bits rather than returning the originally-specified ACL.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68803", "https://git.kernel.org/linus/913f7cf77bf14c13cfea70e89bcb6d0b22239562 (6.19-rc3)", "https://git.kernel.org/stable/c/214b396480061cbc8b16f2c518b2add7fbfa5192", "https://git.kernel.org/stable/c/381261f24f4e4b41521c0e5ef5cc0b9a786a9862", "https://git.kernel.org/stable/c/60dbdef2ebc2317266a385e4debdb1bb0e57afe1", "https://git.kernel.org/stable/c/75f91534f9acdfef77f8fa094313b7806f801725", "https://git.kernel.org/stable/c/913f7cf77bf14c13cfea70e89bcb6d0b22239562", "https://git.kernel.org/stable/c/bf4e671c651534a307ab2fabba4926116beef8c3", "https://git.kernel.org/stable/c/c182e1e0b7640f6bcc0c5ca8d473f7c57199ea3d", "https://linux.oracle.com/cve/CVE-2025-68803.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026011309-CVE-2025-68803-d897@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68803", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68803" ], "PublishedDate": "2026-01-13T16:16:02.377Z", "LastModifiedDate": "2026-01-19T13:16:14.65Z" }, { "VulnerabilityID": "CVE-2025-68804", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68804", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4402052629bef542ebe7a545f11512310a3a0edd864d33dacfbce103686250bf", "Title": "kernel: platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver\n\nAfter unbinding the driver, another kthread `cros_ec_console_log_work`\nis still accessing the device, resulting an UAF and crash.\n\nThe driver doesn't unregister the EC device in .remove() which should\nshutdown sub-devices synchronously. Fix it.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68804", "https://git.kernel.org/linus/944edca81e7aea15f83cf9a13a6ab67f711e8abd (6.19-rc1)", "https://git.kernel.org/stable/c/24a2062257bbdfc831de5ed21c27b04b5bdf2437", "https://git.kernel.org/stable/c/27037916db38e6b78a0242031d3b93d997b84020", "https://git.kernel.org/stable/c/393b8f9bedc7806acb9c47cefdbdb223b4b6164b", "https://git.kernel.org/stable/c/4701493ba37654b3c38b526f6591cf0b02aa172f", "https://git.kernel.org/stable/c/8dc1f5a85286290dbf04dd5951d020570f49779b", "https://git.kernel.org/stable/c/944edca81e7aea15f83cf9a13a6ab67f711e8abd", "https://git.kernel.org/stable/c/e1da6e399df976dd04c7c73ec008bc81da368a95", "https://lore.kernel.org/linux-cve-announce/2026011309-CVE-2025-68804-f10e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68804", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68804" ], "PublishedDate": "2026-01-13T16:16:02.507Z", "LastModifiedDate": "2026-01-19T13:16:14.757Z" }, { "VulnerabilityID": "CVE-2025-68806", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68806", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8d0502df44c2387fa92dd03a5d92bb9887fc65728365ecbb9c31c68b13b8e538", "Title": "kernel: ksmbd: fix buffer validation by including null terminator size in EA length", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix buffer validation by including null terminator size in EA length\n\nThe smb2_set_ea function, which handles Extended Attributes (EA),\nwas performing buffer validation checks that incorrectly omitted the size\nof the null terminating character (+1 byte) for EA Name.\nThis patch fixes the issue by explicitly adding '+ 1' to EaNameLength where\nthe null terminator is expected to be present in the buffer, ensuring\nthe validation accurately reflects the total required buffer size.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "photon": 3, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68806", "https://git.kernel.org/linus/95d7a890e4b03e198836d49d699408fd1867cb55 (6.19-rc2)", "https://git.kernel.org/stable/c/6dc8cf6e7998ef7aeb9383a4c2904ea5d22fa2e4", "https://git.kernel.org/stable/c/95d7a890e4b03e198836d49d699408fd1867cb55", "https://git.kernel.org/stable/c/a28a375a5439eb474e9f284509a407efb479c925", "https://git.kernel.org/stable/c/cae52c592a07e1d3fa3338a5f064a374a5f26750", "https://git.kernel.org/stable/c/d26af6d14da43ab92d07bc60437c62901dc522e6", "https://lore.kernel.org/linux-cve-announce/2026011310-CVE-2025-68806-a2fb@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68806", "https://www.cve.org/CVERecord?id=CVE-2025-68806" ], "PublishedDate": "2026-01-13T16:16:02.747Z", "LastModifiedDate": "2026-01-14T16:26:00.933Z" }, { "VulnerabilityID": "CVE-2025-68808", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68808", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:64a9fcf2df8fb830cb140bc66ae9d653aff390c4c77771d489cc79ba131741df", "Title": "kernel: media: vidtv: initialize local pointers upon transfer of memory ownership", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: vidtv: initialize local pointers upon transfer of memory ownership\n\nvidtv_channel_si_init() creates a temporary list (program, service, event)\nand ownership of the memory itself is transferred to the PAT/SDT/EIT\ntables through vidtv_psi_pat_program_assign(),\nvidtv_psi_sdt_service_assign(), vidtv_psi_eit_event_assign().\n\nThe problem here is that the local pointer where the memory ownership\ntransfer was completed is not initialized to NULL. This causes the\nvidtv_psi_pmt_create_sec_for_each_pat_entry() function to fail, and\nin the flow that jumps to free_eit, the memory that was freed by\nvidtv_psi_*_table_destroy() can be accessed again by\nvidtv_psi_*_event_destroy() due to the uninitialized local pointer, so it\nis freed once again.\n\nTherefore, to prevent use-after-free and double-free vulnerability,\nlocal pointers must be initialized to NULL when transferring memory\nownership.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 3, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68808", "https://git.kernel.org/linus/98aabfe2d79f74613abc2b0b1cef08f97eaf5322 (6.19-rc1)", "https://git.kernel.org/stable/c/12ab6ebb37789b84073e83e4d9b14a5e0d133323", "https://git.kernel.org/stable/c/30f4d4e5224a9e44e9ceb3956489462319d804ce", "https://git.kernel.org/stable/c/3caa18d35f1dabe85a3dd31bc387f391ac9f9b4e", "https://git.kernel.org/stable/c/98aabfe2d79f74613abc2b0b1cef08f97eaf5322", "https://git.kernel.org/stable/c/a69c7fd603bf5ad93177394fbd9711922ee81032", "https://git.kernel.org/stable/c/c342e294dac4988c8ada759b2f057246e48c5108", "https://git.kernel.org/stable/c/fb9bd6d8d314b748e946ed6555eb4a956ee8c4d8", "https://lore.kernel.org/linux-cve-announce/2026011310-CVE-2025-68808-4cb9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68808", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68808" ], "PublishedDate": "2026-01-13T16:16:02.967Z", "LastModifiedDate": "2026-01-19T13:16:14.85Z" }, { "VulnerabilityID": "CVE-2025-68809", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68809", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:70de2ac244f4a67f3cda809b5d9b2ec5de54f35cc65de6fc0b29dc953749a62d", "Title": "kernel: ksmbd: vfs: fix race on m_flags in vfs_cache", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: vfs: fix race on m_flags in vfs_cache\n\nksmbd maintains delete-on-close and pending-delete state in\nksmbd_inode-\u003em_flags. In vfs_cache.c this field is accessed under\ninconsistent locking: some paths read and modify m_flags under\nci-\u003em_lock while others do so without taking the lock at all.\n\nExamples:\n\n - ksmbd_query_inode_status() and __ksmbd_inode_close() use\n ci-\u003em_lock when checking or updating m_flags.\n - ksmbd_inode_pending_delete(), ksmbd_set_inode_pending_delete(),\n ksmbd_clear_inode_pending_delete() and ksmbd_fd_set_delete_on_close()\n used to read and modify m_flags without ci-\u003em_lock.\n\nThis creates a potential data race on m_flags when multiple threads\nopen, close and delete the same file concurrently. In the worst case\ndelete-on-close and pending-delete bits can be lost or observed in an\ninconsistent state, leading to confusing delete semantics (files that\nstay on disk after delete-on-close, or files that disappear while still\nin use).\n\nFix it by:\n\n - Making ksmbd_query_inode_status() look at m_flags under ci-\u003em_lock\n after dropping inode_hash_lock.\n - Adding ci-\u003em_lock protection to all helpers that read or modify\n m_flags (ksmbd_inode_pending_delete(), ksmbd_set_inode_pending_delete(),\n ksmbd_clear_inode_pending_delete(), ksmbd_fd_set_delete_on_close()).\n - Keeping the existing ci-\u003em_lock protection in __ksmbd_inode_close(),\n and moving the actual unlink/xattr removal outside the lock.\n\nThis unifies the locking around m_flags and removes the data race while\npreserving the existing delete-on-close behaviour.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "redhat": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68809", "https://git.kernel.org/linus/991f8a79db99b14c48d20d2052c82d65b9186cad (6.19-rc1)", "https://git.kernel.org/stable/c/5adad9727a815c26013b0d41cfee92ffa7d4037c", "https://git.kernel.org/stable/c/991f8a79db99b14c48d20d2052c82d65b9186cad", "https://git.kernel.org/stable/c/ccc78781041589ea383e61d5d7a1e9a31b210b93", "https://git.kernel.org/stable/c/ee63729760f5b61a66f345c54dc4c7514e62383d", "https://lore.kernel.org/linux-cve-announce/2026011311-CVE-2025-68809-e875@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68809", "https://www.cve.org/CVERecord?id=CVE-2025-68809" ], "PublishedDate": "2026-01-13T16:16:03.08Z", "LastModifiedDate": "2026-01-14T16:26:00.933Z" }, { "VulnerabilityID": "CVE-2025-68813", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68813", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:28976ba70a4b9feefeeb4bd89463279186cf1537fbdb9df7e3830420a1581797", "Title": "kernel: ipvs: fix ipv4 null-ptr-deref in route error path", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: fix ipv4 null-ptr-deref in route error path\n\nThe IPv4 code path in __ip_vs_get_out_rt() calls dst_link_failure()\nwithout ensuring skb-\u003edev is set, leading to a NULL pointer dereference\nin fib_compute_spec_dst() when ipv4_link_failure() attempts to send\nICMP destination unreachable messages.\n\nThe issue emerged after commit ed0de45a1008 (\"ipv4: recompile ip options\nin ipv4_link_failure\") started calling __ip_options_compile() from\nipv4_link_failure(). This code path eventually calls fib_compute_spec_dst()\nwhich dereferences skb-\u003edev. An attempt was made to fix the NULL skb-\u003edev\ndereference in commit 0113d9c9d1cc (\"ipv4: fix null-deref in\nipv4_link_failure\"), but it only addressed the immediate dev_net(skb-\u003edev)\ndereference by using a fallback device. The fix was incomplete because\nfib_compute_spec_dst() later in the call chain still accesses skb-\u003edev\ndirectly, which remains NULL when IPVS calls dst_link_failure().\n\nThe crash occurs when:\n1. IPVS processes a packet in NAT mode with a misconfigured destination\n2. Route lookup fails in __ip_vs_get_out_rt() before establishing a route\n3. The error path calls dst_link_failure(skb) with skb-\u003edev == NULL\n4. ipv4_link_failure() → ipv4_send_dest_unreach() →\n __ip_options_compile() → fib_compute_spec_dst()\n5. fib_compute_spec_dst() dereferences NULL skb-\u003edev\n\nApply the same fix used for IPv6 in commit 326bf17ea5d4 (\"ipvs: fix\nipv6 route unreach panic\"): set skb-\u003edev from skb_dst(skb)-\u003edev before\ncalling dst_link_failure().\n\nKASAN: null-ptr-deref in range [0x0000000000000328-0x000000000000032f]\nCPU: 1 PID: 12732 Comm: syz.1.3469 Not tainted 6.6.114 #2\nRIP: 0010:__in_dev_get_rcu include/linux/inetdevice.h:233\nRIP: 0010:fib_compute_spec_dst+0x17a/0x9f0 net/ipv4/fib_frontend.c:285\nCall Trace:\n \u003cTASK\u003e\n spec_dst_fill net/ipv4/ip_options.c:232\n spec_dst_fill net/ipv4/ip_options.c:229\n __ip_options_compile+0x13a1/0x17d0 net/ipv4/ip_options.c:330\n ipv4_send_dest_unreach net/ipv4/route.c:1252\n ipv4_link_failure+0x702/0xb80 net/ipv4/route.c:1265\n dst_link_failure include/net/dst.h:437\n __ip_vs_get_out_rt+0x15fd/0x19e0 net/netfilter/ipvs/ip_vs_xmit.c:412\n ip_vs_nat_xmit+0x1d8/0xc80 net/netfilter/ipvs/ip_vs_xmit.c:764", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68813", "https://git.kernel.org/linus/ad891bb3d079a46a821bf2b8867854645191bab0 (6.19-rc2)", "https://git.kernel.org/stable/c/25ab24df31f7af843c96a38e0781b9165216e1a8", "https://git.kernel.org/stable/c/312d7cd88882fc6cadcc08b02287497aaaf94bcd", "https://git.kernel.org/stable/c/4729ff0581fbb7ad098b6153b76b6f5aac94618a", "https://git.kernel.org/stable/c/689a627d14788ad772e0fa24c2e57a23dbc7ce90", "https://git.kernel.org/stable/c/ad891bb3d079a46a821bf2b8867854645191bab0", "https://git.kernel.org/stable/c/cdeff10851c37a002d87a035818ebd60fdb74447", "https://git.kernel.org/stable/c/dd72a93c80408f06327dd2d956eb1a656d0b5903", "https://linux.oracle.com/cve/CVE-2025-68813.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026011312-CVE-2025-68813-13a5@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68813", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68813" ], "PublishedDate": "2026-01-13T16:16:03.523Z", "LastModifiedDate": "2026-01-19T13:16:14.95Z" }, { "VulnerabilityID": "CVE-2025-68814", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68814", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9d3409f0a352d9b31725a67b8cc4b8a1dd5b5aae98df3e6063c7c495b16d59ab", "Title": "kernel: Linux kernel: Memory leak in io_uring's __io_openat_prep() leading to denial of service", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fix filename leak in __io_openat_prep()\n\n __io_openat_prep() allocates a struct filename using getname(). However,\nfor the condition of the file being installed in the fixed file table as\nwell as having O_CLOEXEC flag set, the function returns early. At that\npoint, the request doesn't have REQ_F_NEED_CLEANUP flag set. Due to this,\nthe memory for the newly allocated struct filename is not cleaned up,\ncausing a memory leak.\n\nFix this by setting the REQ_F_NEED_CLEANUP for the request just after the\nsuccessful getname() call, so that when the request is torn down, the\nfilename will be cleaned up, along with other resources needing cleanup.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 4, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68814", "https://git.kernel.org/linus/b14fad555302a2104948feaff70503b64c80ac01 (6.19-rc3)", "https://git.kernel.org/stable/c/18b99fa603d0df5e1c898699c17d3b92ddc80746", "https://git.kernel.org/stable/c/2420ef01b2e836fbc05a0a8c73a1016504eb0458", "https://git.kernel.org/stable/c/7fbfb85b05bc960cc50e09d03e5e562131e48d45", "https://git.kernel.org/stable/c/8f44c4a550570cd5903625133f938c6b51310c9b", "https://git.kernel.org/stable/c/b14fad555302a2104948feaff70503b64c80ac01", "https://git.kernel.org/stable/c/e232269d511566b1f80872256a48593acc1becf4", "https://linux.oracle.com/cve/CVE-2025-68814.html", "https://linux.oracle.com/errata/ELSA-2026-50112.html", "https://lore.kernel.org/linux-cve-announce/2026011312-CVE-2025-68814-146a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68814", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68814" ], "PublishedDate": "2026-01-13T16:16:03.643Z", "LastModifiedDate": "2026-01-19T13:16:15.057Z" }, { "VulnerabilityID": "CVE-2025-68815", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68815", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8b1e9960f6e3d739624253278e20588da0e60f50c374ded8e7097797dfd5ee1d", "Title": "kernel: net/sched: ets: Remove drr class from the active list if it changes to strict", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: ets: Remove drr class from the active list if it changes to strict\n\nWhenever a user issues an ets qdisc change command, transforming a\ndrr class into a strict one, the ets code isn't checking whether that\nclass was in the active list and removing it. This means that, if a\nuser changes a strict class (which was in the active list) back to a drr\none, that class will be added twice to the active list [1].\n\nDoing so with the following commands:\n\ntc qdisc add dev lo root handle 1: ets bands 2 strict 1\ntc qdisc add dev lo parent 1:2 handle 20: \\\n tbf rate 8bit burst 100b latency 1s\ntc filter add dev lo parent 1: basic classid 1:2\nping -c1 -W0.01 -s 56 127.0.0.1\ntc qdisc change dev lo root handle 1: ets bands 2 strict 2\ntc qdisc change dev lo root handle 1: ets bands 2 strict 1\nping -c1 -W0.01 -s 56 127.0.0.1\n\nWill trigger the following splat with list debug turned on:\n\n[ 59.279014][ T365] ------------[ cut here ]------------\n[ 59.279452][ T365] list_add double add: new=ffff88801d60e350, prev=ffff88801d60e350, next=ffff88801d60e2c0.\n[ 59.280153][ T365] WARNING: CPU: 3 PID: 365 at lib/list_debug.c:35 __list_add_valid_or_report+0x17f/0x220\n[ 59.280860][ T365] Modules linked in:\n[ 59.281165][ T365] CPU: 3 UID: 0 PID: 365 Comm: tc Not tainted 6.18.0-rc7-00105-g7e9f13163c13-dirty #239 PREEMPT(voluntary)\n[ 59.281977][ T365] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011\n[ 59.282391][ T365] RIP: 0010:__list_add_valid_or_report+0x17f/0x220\n[ 59.282842][ T365] Code: 89 c6 e8 d4 b7 0d ff 90 0f 0b 90 90 31 c0 e9 31 ff ff ff 90 48 c7 c7 e0 a0 22 9f 48 89 f2 48 89 c1 4c 89 c6 e8 b2 b7 0d ff 90 \u003c0f\u003e 0b 90 90 31 c0 e9 0f ff ff ff 48 89 f7 48 89 44 24 10 4c 89 44\n...\n[ 59.288812][ T365] Call Trace:\n[ 59.289056][ T365] \u003cTASK\u003e\n[ 59.289224][ T365] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 59.289546][ T365] ets_qdisc_change+0xd2b/0x1e80\n[ 59.289891][ T365] ? __lock_acquire+0x7e7/0x1be0\n[ 59.290223][ T365] ? __pfx_ets_qdisc_change+0x10/0x10\n[ 59.290546][ T365] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 59.290898][ T365] ? __mutex_trylock_common+0xda/0x240\n[ 59.291228][ T365] ? __pfx___mutex_trylock_common+0x10/0x10\n[ 59.291655][ T365] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 59.291993][ T365] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 59.292313][ T365] ? trace_contention_end+0xc8/0x110\n[ 59.292656][ T365] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 59.293022][ T365] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 59.293351][ T365] tc_modify_qdisc+0x63a/0x1cf0\n\nFix this by always checking and removing an ets class from the active list\nwhen changing it to strict.\n\n[1] https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/tree/net/sched/sch_ets.c?id=ce052b9402e461a9aded599f5b47e76bc727f7de#n663", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68815", "https://git.kernel.org/linus/b1e125ae425aba9b45252e933ca8df52a843ec70 (6.19-rc2)", "https://git.kernel.org/stable/c/02783a37cb1c0a2bd9fcba4ff1b81e6e209c7d87", "https://git.kernel.org/stable/c/2f125ebe47d6369e562f3cbd9b6227cff51eaf34", "https://git.kernel.org/stable/c/43d9a530c8c094d137159784e7c951c65f11ec6c", "https://git.kernel.org/stable/c/58fdce6bc005e964f1dbc3ca716f5fe0f68839a2", "https://git.kernel.org/stable/c/8067db5c95aab9461d23117679338cd8869831fa", "https://git.kernel.org/stable/c/b1e125ae425aba9b45252e933ca8df52a843ec70", "https://git.kernel.org/stable/c/cca2ed931b734fe48139bc6f020e47367346630f", "https://linux.oracle.com/cve/CVE-2025-68815.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026011313-CVE-2025-68815-2112@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68815", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68815" ], "PublishedDate": "2026-01-13T16:16:03.757Z", "LastModifiedDate": "2026-01-19T13:16:15.163Z" }, { "VulnerabilityID": "CVE-2025-68816", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68816", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0489a73b0faabc82b06f59c39ff2e111a23ad2c44251597e6f1ecfd099a22353", "Title": "kernel: Linux kernel: mlx5 firmware tracer vulnerable to arbitrary memory access or denial of service via malformed format strings", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: fw_tracer, Validate format string parameters\n\nAdd validation for format string parameters in the firmware tracer to\nprevent potential security vulnerabilities and crashes from malformed\nformat strings received from firmware.\n\nThe firmware tracer receives format strings from the device firmware and\nuses them to format trace messages. Without proper validation, bad\nfirmware could provide format strings with invalid format specifiers\n(e.g., %s, %p, %n) that could lead to crashes, or other undefined\nbehavior.\n\nAdd mlx5_tracer_validate_params() to validate that all format specifiers\nin trace strings are limited to safe integer/hex formats (%x, %d, %i,\n%u, %llx, %lx, etc.). Reject strings containing other format types that\ncould be used to access arbitrary memory or cause crashes.\nInvalid format strings are added to the trace output for visibility with\n\"BAD_FORMAT: \" prefix.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 5.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68816", "https://git.kernel.org/linus/b35966042d20b14e2d83330049f77deec5229749 (6.19-rc2)", "https://git.kernel.org/stable/c/38ac688b52ef26a88f8bc4fe26d24fdd0ff91e5d", "https://git.kernel.org/stable/c/45bd283b1d69e2c97cddcb9956f0e0261fc4efd7", "https://git.kernel.org/stable/c/768d559f466cdd72849110a7ecd76a21d52dcfe3", "https://git.kernel.org/stable/c/8ac688c0e430dab19f6a9b70df94b1f635612c1a", "https://git.kernel.org/stable/c/8c35c2448086870509ede43947845be0833251f0", "https://git.kernel.org/stable/c/95624b731c490a4b849844269193a233d6d556a0", "https://git.kernel.org/stable/c/b35966042d20b14e2d83330049f77deec5229749", "https://linux.oracle.com/cve/CVE-2025-68816.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026011313-CVE-2025-68816-e773@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68816", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68816" ], "PublishedDate": "2026-01-13T16:16:03.87Z", "LastModifiedDate": "2026-01-19T13:16:15.263Z" }, { "VulnerabilityID": "CVE-2025-68818", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68818", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7fcb039dbead1920f1496ab7f6cdcc1d58419056b3595e67c88075d39d2fb4f0", "Title": "kernel: scsi: Revert \"scsi: qla2xxx: Perform lockless command completion in abort path\"", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: Revert \"scsi: qla2xxx: Perform lockless command completion in abort path\"\n\nThis reverts commit 0367076b0817d5c75dfb83001ce7ce5c64d803a9.\n\nThe commit being reverted added code to __qla2x00_abort_all_cmds() to\ncall sp-\u003edone() without holding a spinlock. But unlike the older code\nbelow it, this new code failed to check sp-\u003ecmd_type and just assumed\nTYPE_SRB, which results in a jump to an invalid pointer in target-mode\nwith TYPE_TGT_CMD:\n\nqla2xxx [0000:65:00.0]-d034:8: qla24xx_do_nack_work create sess success\n 0000000009f7a79b\nqla2xxx [0000:65:00.0]-5003:8: ISP System Error - mbx1=1ff5h mbx2=10h\n mbx3=0h mbx4=0h mbx5=191h mbx6=0h mbx7=0h.\nqla2xxx [0000:65:00.0]-d01e:8: -\u003e fwdump no buffer\nqla2xxx [0000:65:00.0]-f03a:8: qla_target(0): System error async event\n 0x8002 occurred\nqla2xxx [0000:65:00.0]-00af:8: Performing ISP error recovery -\n ha=0000000058183fda.\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nPF: supervisor instruction fetch in kernel mode\nPF: error_code(0x0010) - not-present page\nPGD 0 P4D 0\nOops: 0010 [#1] SMP\nCPU: 2 PID: 9446 Comm: qla2xxx_8_dpc Tainted: G O 6.1.133 #1\nHardware name: Supermicro Super Server/X11SPL-F, BIOS 4.2 12/15/2023\nRIP: 0010:0x0\nCode: Unable to access opcode bytes at 0xffffffffffffffd6.\nRSP: 0018:ffffc90001f93dc8 EFLAGS: 00010206\nRAX: 0000000000000282 RBX: 0000000000000355 RCX: ffff88810d16a000\nRDX: ffff88810dbadaa8 RSI: 0000000000080000 RDI: ffff888169dc38c0\nRBP: ffff888169dc38c0 R08: 0000000000000001 R09: 0000000000000045\nR10: ffffffffa034bdf0 R11: 0000000000000000 R12: ffff88810800bb40\nR13: 0000000000001aa8 R14: ffff888100136610 R15: ffff8881070f7400\nFS: 0000000000000000(0000) GS:ffff88bf80080000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ffffffffffffffd6 CR3: 000000010c8ff006 CR4: 00000000003706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? __die+0x4d/0x8b\n ? page_fault_oops+0x91/0x180\n ? trace_buffer_unlock_commit_regs+0x38/0x1a0\n ? exc_page_fault+0x391/0x5e0\n ? asm_exc_page_fault+0x22/0x30\n __qla2x00_abort_all_cmds+0xcb/0x3e0 [qla2xxx_scst]\n qla2x00_abort_all_cmds+0x50/0x70 [qla2xxx_scst]\n qla2x00_abort_isp_cleanup+0x3b7/0x4b0 [qla2xxx_scst]\n qla2x00_abort_isp+0xfd/0x860 [qla2xxx_scst]\n qla2x00_do_dpc+0x581/0xa40 [qla2xxx_scst]\n kthread+0xa8/0xd0\n \u003c/TASK\u003e\n\nThen commit 4475afa2646d (\"scsi: qla2xxx: Complete command early within\nlock\") added the spinlock back, because not having the lock caused a\nrace and a crash. But qla2x00_abort_srb() in the switch below already\nchecks for qla2x00_chip_is_down() and handles it the same way, so the\ncode above the switch is now redundant and still buggy in target-mode.\nRemove it.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68818", "https://git.kernel.org/linus/b57fbc88715b6d18f379463f48a15b560b087ffe (6.19-rc1)", "https://git.kernel.org/stable/c/1c728951bc769b795d377852eae1abddad88635d", "https://git.kernel.org/stable/c/50b097d92c99f718831b8b349722bc79f718ba1b", "https://git.kernel.org/stable/c/b04b3733fff7e94566386b962e4795550fbdfd3d", "https://git.kernel.org/stable/c/b10ebbfd59a535c8d22f4ede6e8389622ce98dc0", "https://git.kernel.org/stable/c/b57fbc88715b6d18f379463f48a15b560b087ffe", "https://git.kernel.org/stable/c/c5c37a821bd1708f26a9522b4a6f47b9f7a20003", "https://git.kernel.org/stable/c/e9e601b7df58ba0c667baf30263331df2c02ffe1", "https://linux.oracle.com/cve/CVE-2025-68818.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026011314-CVE-2025-68818-08ea@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68818", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68818" ], "PublishedDate": "2026-01-13T16:16:04.097Z", "LastModifiedDate": "2026-01-19T13:16:15.363Z" }, { "VulnerabilityID": "CVE-2025-68819", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68819", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d60f3b90b9967c9e5f2a0f2a1607e34e4855f6cb3dfbec61e2190340945920cd", "Title": "kernel: media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg()\n\nrlen value is a user-controlled value, but dtv5100_i2c_msg() does not\ncheck the size of the rlen value. Therefore, if it is set to a value\nlarger than sizeof(st-\u003edata), an out-of-bounds vuln occurs for st-\u003edata.\n\nTherefore, we need to add proper range checking to prevent this vuln.", "Severity": "MEDIUM", "VendorSeverity": { "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68819", "https://git.kernel.org/linus/b91e6aafe8d356086cc621bc03e35ba2299e4788 (6.19-rc1)", "https://git.kernel.org/stable/c/4a54d8fcb093761e4c56eb211cf4e39bf8401fa1", "https://git.kernel.org/stable/c/61f214a878e96e2a8750bf96a98f78c658dba60c", "https://git.kernel.org/stable/c/ac92151ff2494130d9fc686055d6bbb9743a673e", "https://git.kernel.org/stable/c/b91e6aafe8d356086cc621bc03e35ba2299e4788", "https://git.kernel.org/stable/c/c2305b4c5fc15e20ac06c35738e0578eb4323750", "https://git.kernel.org/stable/c/c2c293ea7b61f12cdaad1e99a5b4efc58c88960a", "https://git.kernel.org/stable/c/fe3e129ab49806aaaa3f22067ebc75c2dfbe4658", "https://linux.oracle.com/cve/CVE-2025-68819.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026011314-CVE-2025-68819-64a3@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68819", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68819" ], "PublishedDate": "2026-01-13T16:16:04.21Z", "LastModifiedDate": "2026-01-19T13:16:15.467Z" }, { "VulnerabilityID": "CVE-2025-68820", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68820", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7b13be3688c6bbda2145fec9255d647dcfc8f13110dc4543b38807496e185864", "Title": "kernel: ext4: xattr: fix null pointer deref in ext4_raw_inode()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: xattr: fix null pointer deref in ext4_raw_inode()\n\nIf ext4_get_inode_loc() fails (e.g. if it returns -EFSCORRUPTED),\niloc.bh will remain set to NULL. Since ext4_xattr_inode_dec_ref_all()\nlacks error checking, this will lead to a null pointer dereference\nin ext4_raw_inode(), called right after ext4_get_inode_loc().\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68820", "https://git.kernel.org/linus/b97cb7d6a051aa6ebd57906df0e26e9e36c26d14 (6.19-rc1)", "https://git.kernel.org/stable/c/190ad0f22ba49f1101182b80e3af50ca2ddfe72f", "https://git.kernel.org/stable/c/3d8d22e75f7edfa0b30ff27330fd6a1285d594c3", "https://git.kernel.org/stable/c/5b154e901fda2e98570b8f426a481f5740097dc2", "https://git.kernel.org/stable/c/b5d942922182e82724b7152cb998f540132885ec", "https://git.kernel.org/stable/c/b72a3476f0c97d02f63a6e9fff127348d55436f6", "https://git.kernel.org/stable/c/b97cb7d6a051aa6ebd57906df0e26e9e36c26d14", "https://git.kernel.org/stable/c/ce5f54c065a4a7cbb92787f4f140917112350142", "https://linux.oracle.com/cve/CVE-2025-68820.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026011315-CVE-2025-68820-7a4f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68820", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-68820" ], "PublishedDate": "2026-01-13T16:16:04.327Z", "LastModifiedDate": "2026-01-19T13:16:15.563Z" }, { "VulnerabilityID": "CVE-2025-68821", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68821", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3fb3c4bfd85c22e361527e3c0884017316367bba3890e0dc6847446f0eb6c41a", "Title": "kernel: Linux kernel FUSE: Denial of Service via readahead reclaim deadlock", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: fix readahead reclaim deadlock\n\nCommit e26ee4efbc79 (\"fuse: allocate ff-\u003erelease_args only if release is\nneeded\") skips allocating ff-\u003erelease_args if the server does not\nimplement open. However in doing so, fuse_prepare_release() now skips\ngrabbing the reference on the inode, which makes it possible for an\ninode to be evicted from the dcache while there are inflight readahead\nrequests. This causes a deadlock if the server triggers reclaim while\nservicing the readahead request and reclaim attempts to evict the inode\nof the file being read ahead. Since the folio is locked during\nreadahead, when reclaim evicts the fuse inode and fuse_evict_inode()\nattempts to remove all folios associated with the inode from the page\ncache (truncate_inode_pages_range()), reclaim will block forever waiting\nfor the lock since readahead cannot relinquish the lock because it is\nitself blocked in reclaim:\n\n\u003e\u003e\u003e stack_trace(1504735)\n folio_wait_bit_common (mm/filemap.c:1308:4)\n folio_lock (./include/linux/pagemap.h:1052:3)\n truncate_inode_pages_range (mm/truncate.c:336:10)\n fuse_evict_inode (fs/fuse/inode.c:161:2)\n evict (fs/inode.c:704:3)\n dentry_unlink_inode (fs/dcache.c:412:3)\n __dentry_kill (fs/dcache.c:615:3)\n shrink_kill (fs/dcache.c:1060:12)\n shrink_dentry_list (fs/dcache.c:1087:3)\n prune_dcache_sb (fs/dcache.c:1168:2)\n super_cache_scan (fs/super.c:221:10)\n do_shrink_slab (mm/shrinker.c:435:9)\n shrink_slab (mm/shrinker.c:626:10)\n shrink_node (mm/vmscan.c:5951:2)\n shrink_zones (mm/vmscan.c:6195:3)\n do_try_to_free_pages (mm/vmscan.c:6257:3)\n do_swap_page (mm/memory.c:4136:11)\n handle_pte_fault (mm/memory.c:5562:10)\n handle_mm_fault (mm/memory.c:5870:9)\n do_user_addr_fault (arch/x86/mm/fault.c:1338:10)\n handle_page_fault (arch/x86/mm/fault.c:1481:3)\n exc_page_fault (arch/x86/mm/fault.c:1539:2)\n asm_exc_page_fault+0x22/0x27\n\nFix this deadlock by allocating ff-\u003erelease_args and grabbing the\nreference on the inode when preparing the file for release even if the\nserver does not implement open. The inode reference will be dropped when\nthe last reference on the fuse file is dropped (see fuse_file_put() -\u003e\nfuse_release_end()).", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68821", "https://git.kernel.org/linus/bd5603eaae0aabf527bfb3ce1bb07e979ce5bd50 (6.19-rc1)", "https://git.kernel.org/stable/c/4703bc0e8cd3409acb1476a70cb5b7ff943cf39a", "https://git.kernel.org/stable/c/bd5603eaae0aabf527bfb3ce1bb07e979ce5bd50", "https://git.kernel.org/stable/c/cbbf3f1bb9f834bb2acbb61ddca74363456e19cd", "https://git.kernel.org/stable/c/cf74785c00b8b1c0c4a9dd74bfa9c22d62e2d99f", "https://git.kernel.org/stable/c/e0d6de83a4cc22bbac72713f3a58121af36cc411", "https://git.kernel.org/stable/c/fbba8b00bbe4e4f958a2b0654cc1219a7e6597f6", "https://linux.oracle.com/cve/CVE-2025-68821.html", "https://linux.oracle.com/errata/ELSA-2026-50113.html", "https://lore.kernel.org/linux-cve-announce/2026011315-CVE-2025-68821-b515@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68821", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://www.cve.org/CVERecord?id=CVE-2025-68821" ], "PublishedDate": "2026-01-13T16:16:04.44Z", "LastModifiedDate": "2026-01-19T13:16:15.663Z" }, { "VulnerabilityID": "CVE-2025-68822", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68822", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:cb42166032b9e25544a32b8542f59b52fd755bbf809089823ebee360eada2849", "Title": "kernel: Input: alps - fix use-after-free bugs caused by dev3_register_work", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: alps - fix use-after-free bugs caused by dev3_register_work\n\nThe dev3_register_work delayed work item is initialized within\nalps_reconnect() and scheduled upon receipt of the first bare\nPS/2 packet from an external PS/2 device connected to the ALPS\ntouchpad. During device detachment, the original implementation\ncalls flush_workqueue() in psmouse_disconnect() to ensure\ncompletion of dev3_register_work. However, the flush_workqueue()\nin psmouse_disconnect() only blocks and waits for work items that\nwere already queued to the workqueue prior to its invocation. Any\nwork items submitted after flush_workqueue() is called are not\nincluded in the set of tasks that the flush operation awaits.\nThis means that after flush_workqueue() has finished executing,\nthe dev3_register_work could still be scheduled. Although the\npsmouse state is set to PSMOUSE_CMD_MODE in psmouse_disconnect(),\nthe scheduling of dev3_register_work remains unaffected.\n\nThe race condition can occur as follows:\n\nCPU 0 (cleanup path) | CPU 1 (delayed work)\npsmouse_disconnect() |\n psmouse_set_state() |\n flush_workqueue() | alps_report_bare_ps2_packet()\n alps_disconnect() | psmouse_queue_work()\n kfree(priv); // FREE | alps_register_bare_ps2_mouse()\n | priv = container_of(work...); // USE\n | priv-\u003edev3 // USE\n\nAdd disable_delayed_work_sync() in alps_disconnect() to ensure\nthat dev3_register_work is properly canceled and prevented from\nexecuting after the alps_data structure has been deallocated.\n\nThis bug is identified by static analysis.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68822", "https://git.kernel.org/linus/bf40644ef8c8a288742fa45580897ed0e0289474 (6.19-rc2)", "https://git.kernel.org/stable/c/a9c115e017b2c633d25bdfe6709dda6fc36f08c2", "https://git.kernel.org/stable/c/bf40644ef8c8a288742fa45580897ed0e0289474", "https://git.kernel.org/stable/c/ed8c61b89be0c45f029228b2913d5cf7b5cda1a7", "https://linux.oracle.com/cve/CVE-2025-68822.html", "https://linux.oracle.com/errata/ELSA-2026-50112.html", "https://lore.kernel.org/linux-cve-announce/2026011315-CVE-2025-68822-a75d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-68822", "https://www.cve.org/CVERecord?id=CVE-2025-68822" ], "PublishedDate": "2026-01-13T16:16:04.55Z", "LastModifiedDate": "2026-01-14T16:26:00.933Z" }, { "VulnerabilityID": "CVE-2025-71064", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71064", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9660d113c5cde9ef038680a93324ce85e3851634c8e638691a0d54cdfcb27d11", "Title": "kernel: net: hns3: using the num_tqps in the vf driver to apply for resources", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: using the num_tqps in the vf driver to apply for resources\n\nCurrently, hdev-\u003ehtqp is allocated using hdev-\u003enum_tqps, and kinfo-\u003etqp\nis allocated using kinfo-\u003enum_tqps. However, kinfo-\u003enum_tqps is set to\nmin(new_tqps, hdev-\u003enum_tqps); Therefore, kinfo-\u003enum_tqps may be smaller\nthan hdev-\u003enum_tqps, which causes some hdev-\u003ehtqp[i] to remain\nuninitialized in hclgevf_knic_setup().\n\nThus, this patch allocates hdev-\u003ehtqp and kinfo-\u003etqp using hdev-\u003enum_tqps,\nensuring that the lengths of hdev-\u003ehtqp and kinfo-\u003etqp are consistent\nand that all elements are properly initialized.", "Severity": "MEDIUM", "VendorSeverity": { "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71064", "https://git.kernel.org/linus/c2a16269742e176fccdd0ef9c016a233491a49ad (6.19-rc2)", "https://git.kernel.org/stable/c/1956d47a03eb625951e9e070db39fe2590e27510", "https://git.kernel.org/stable/c/429f946a7af3fbf08761d218746cd4afa80a7954", "https://git.kernel.org/stable/c/62f28d79a6186a602a9d926a2dbb5b12b6867df7", "https://git.kernel.org/stable/c/6cd8a2930df850f4600fe8c57d0662b376520281", "https://git.kernel.org/stable/c/bcefdb288eedac96fd2f583298927e9c6c481489", "https://git.kernel.org/stable/c/c149decd8c18ae6acdd7a6041d74507835cf26e6", "https://git.kernel.org/stable/c/c2a16269742e176fccdd0ef9c016a233491a49ad", "https://lore.kernel.org/linux-cve-announce/2026011322-CVE-2025-71064-94ea@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71064", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-71064" ], "PublishedDate": "2026-01-13T16:16:05.74Z", "LastModifiedDate": "2026-01-19T13:16:15.763Z" }, { "VulnerabilityID": "CVE-2025-71066", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71066", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1854a17a171878655ba0fb5e3b3599d86954c70ac654db9443236fe40fd48992", "Title": "kernel: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: ets: Always remove class from active list before deleting in ets_qdisc_change\n\nzdi-disclosures@trendmicro.com says:\n\nThe vulnerability is a race condition between `ets_qdisc_dequeue` and\n`ets_qdisc_change`. It leads to UAF on `struct Qdisc` object.\nAttacker requires the capability to create new user and network namespace\nin order to trigger the bug.\nSee my additional commentary at the end of the analysis.\n\nAnalysis:\n\nstatic int ets_qdisc_change(struct Qdisc *sch, struct nlattr *opt,\n struct netlink_ext_ack *extack)\n{\n...\n\n // (1) this lock is preventing .change handler (`ets_qdisc_change`)\n //to race with .dequeue handler (`ets_qdisc_dequeue`)\n sch_tree_lock(sch);\n\n for (i = nbands; i \u003c oldbands; i++) {\n if (i \u003e= q-\u003enstrict \u0026\u0026 q-\u003eclasses[i].qdisc-\u003eq.qlen)\n list_del_init(\u0026q-\u003eclasses[i].alist);\n qdisc_purge_queue(q-\u003eclasses[i].qdisc);\n }\n\n WRITE_ONCE(q-\u003enbands, nbands);\n for (i = nstrict; i \u003c q-\u003enstrict; i++) {\n if (q-\u003eclasses[i].qdisc-\u003eq.qlen) {\n\t\t // (2) the class is added to the q-\u003eactive\n list_add_tail(\u0026q-\u003eclasses[i].alist, \u0026q-\u003eactive);\n q-\u003eclasses[i].deficit = quanta[i];\n }\n }\n WRITE_ONCE(q-\u003enstrict, nstrict);\n memcpy(q-\u003eprio2band, priomap, sizeof(priomap));\n\n for (i = 0; i \u003c q-\u003enbands; i++)\n WRITE_ONCE(q-\u003eclasses[i].quantum, quanta[i]);\n\n for (i = oldbands; i \u003c q-\u003enbands; i++) {\n q-\u003eclasses[i].qdisc = queues[i];\n if (q-\u003eclasses[i].qdisc != \u0026noop_qdisc)\n qdisc_hash_add(q-\u003eclasses[i].qdisc, true);\n }\n\n // (3) the qdisc is unlocked, now dequeue can be called in parallel\n // to the rest of .change handler\n sch_tree_unlock(sch);\n\n ets_offload_change(sch);\n for (i = q-\u003enbands; i \u003c oldbands; i++) {\n\t // (4) we're reducing the refcount for our class's qdisc and\n\t // freeing it\n qdisc_put(q-\u003eclasses[i].qdisc);\n\t // (5) If we call .dequeue between (4) and (5), we will have\n\t // a strong UAF and we can control RIP\n q-\u003eclasses[i].qdisc = NULL;\n WRITE_ONCE(q-\u003eclasses[i].quantum, 0);\n q-\u003eclasses[i].deficit = 0;\n gnet_stats_basic_sync_init(\u0026q-\u003eclasses[i].bstats);\n memset(\u0026q-\u003eclasses[i].qstats, 0, sizeof(q-\u003eclasses[i].qstats));\n }\n return 0;\n}\n\nComment:\nThis happens because some of the classes have their qdiscs assigned to\nNULL, but remain in the active list. This commit fixes this issue by always\nremoving the class from the active list before deleting and freeing its\nassociated qdisc\n\nReproducer Steps\n(trimmed version of what was sent by zdi-disclosures@trendmicro.com)\n\n```\nDEV=\"${DEV:-lo}\"\nROOT_HANDLE=\"${ROOT_HANDLE:-1:}\"\nBAND2_HANDLE=\"${BAND2_HANDLE:-20:}\" # child under 1:2\nPING_BYTES=\"${PING_BYTES:-48}\"\nPING_COUNT=\"${PING_COUNT:-200000}\"\nPING_DST=\"${PING_DST:-127.0.0.1}\"\n\nSLOW_TBF_RATE=\"${SLOW_TBF_RATE:-8bit}\"\nSLOW_TBF_BURST=\"${SLOW_TBF_BURST:-100b}\"\nSLOW_TBF_LAT=\"${SLOW_TBF_LAT:-1s}\"\n\ncleanup() {\n tc qdisc del dev \"$DEV\" root 2\u003e/dev/null\n}\ntrap cleanup EXIT\n\nip link set \"$DEV\" up\n\ntc qdisc del dev \"$DEV\" root 2\u003e/dev/null || true\n\ntc qdisc add dev \"$DEV\" root handle \"$ROOT_HANDLE\" ets bands 2 strict 2\n\ntc qdisc add dev \"$DEV\" parent 1:2 handle \"$BAND2_HANDLE\" \\\n tbf rate \"$SLOW_TBF_RATE\" burst \"$SLOW_TBF_BURST\" latency \"$SLOW_TBF_LAT\"\n\ntc filter add dev \"$DEV\" parent 1: protocol all prio 1 u32 match u32 0 0 flowid 1:2\ntc -s qdisc ls dev $DEV\n\nping -I \"$DEV\" -f -c \"$PING_COUNT\" -s \"$PING_BYTES\" -W 0.001 \"$PING_DST\" \\\n \u003e/dev/null 2\u003e\u00261 \u0026\ntc qdisc change dev \"$DEV\" root handle \"$ROOT_HANDLE\" ets bands 2 strict 0\ntc qdisc change dev \"$DEV\" root handle \"$ROOT_HANDLE\" ets bands 2 strict 2\ntc -s qdisc ls dev $DEV\ntc qdisc del dev \"$DEV\" parent \n---truncated---", "Severity": "MEDIUM", "VendorSeverity": { "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "V3Score": 6.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71066", "https://git.kernel.org/linus/ce052b9402e461a9aded599f5b47e76bc727f7de (6.19-rc2)", "https://git.kernel.org/stable/c/062d5d544e564473450d72e6af83077c2b2ff7c3", "https://git.kernel.org/stable/c/06bfb66a7c8b45e3fed01351a4b087410ae5ef39", "https://git.kernel.org/stable/c/45466141da3c98a0c5fa88be0bc14b4b6a4bd75c", "https://git.kernel.org/stable/c/9987cda315c08f63a02423fa2f9a1f6602c861a0", "https://git.kernel.org/stable/c/a75d617a4ef08682f5cfaadc01d5141c87e019c9", "https://git.kernel.org/stable/c/c7f6e7cc14df72b997258216e99d897d2df0dbbd", "https://git.kernel.org/stable/c/ce052b9402e461a9aded599f5b47e76bc727f7de", "https://linux.oracle.com/cve/CVE-2025-71066.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026011323-CVE-2025-71066-f1fa@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71066", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-71066" ], "PublishedDate": "2026-01-13T16:16:05.96Z", "LastModifiedDate": "2026-01-19T13:16:15.863Z" }, { "VulnerabilityID": "CVE-2025-71067", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71067", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:32f0a5ff9c6875830ed060819c9f4d54a938878444738fe17897fa89a41f3769", "Title": "kernel: ntfs: set dummy blocksize to read boot_block when mounting", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nntfs: set dummy blocksize to read boot_block when mounting\n\nWhen mounting, sb-\u003es_blocksize is used to read the boot_block without\nbeing defined or validated. Set a dummy blocksize before attempting to\nread the boot_block.\n\nThe issue can be triggered with the following syz reproducer:\n\n mkdirat(0xffffffffffffff9c, \u0026(0x7f0000000080)='./file1\\x00', 0x0)\n r4 = openat$nullb(0xffffffffffffff9c, \u0026(0x7f0000000040), 0x121403, 0x0)\n ioctl$FS_IOC_SETFLAGS(r4, 0x40081271, \u0026(0x7f0000000980)=0x4000)\n mount(\u0026(0x7f0000000140)=@nullb, \u0026(0x7f0000000040)='./cgroup\\x00',\n \u0026(0x7f0000000000)='ntfs3\\x00', 0x2208004, 0x0)\n syz_clone(0x88200200, 0x0, 0x0, 0x0, 0x0, 0x0)\n\nHere, the ioctl sets the bdev block size to 16384. During mount,\nget_tree_bdev_flags() calls sb_set_blocksize(sb, block_size(bdev)),\nbut since block_size(bdev) \u003e PAGE_SIZE, sb_set_blocksize() leaves\nsb-\u003es_blocksize at zero.\n\nLater, ntfs_init_from_boot() attempts to read the boot_block while\nsb-\u003es_blocksize is still zero, which triggers the bug.\n\n[almaz.alexandrovich@paragon-software.com: changed comment style, added\nreturn value handling]", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71067", "https://git.kernel.org/linus/d1693a7d5a38acf6424235a6070bcf5b186a360d (6.19-rc1)", "https://git.kernel.org/stable/c/0c9327c8abf9c8f046e45008bb43d94d8ee5c6c5", "https://git.kernel.org/stable/c/44a38eb4f7876513db5a1bccde74de9bc4389d43", "https://git.kernel.org/stable/c/4fff9a625da958a33191c8553a03283786f9f417", "https://git.kernel.org/stable/c/b3c151fe8f543f1a0b8b5df16ce5d97afa5ec85a", "https://git.kernel.org/stable/c/d1693a7d5a38acf6424235a6070bcf5b186a360d", "https://lore.kernel.org/linux-cve-announce/2026011323-CVE-2025-71067-9c81@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71067", "https://www.cve.org/CVERecord?id=CVE-2025-71067" ], "PublishedDate": "2026-01-13T16:16:06.077Z", "LastModifiedDate": "2026-03-25T11:16:14.447Z" }, { "VulnerabilityID": "CVE-2025-71068", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71068", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2a27823ea2707935cc6c1128e3fa1fca1ed17271e710f2db7fd7bf852bb4a86b", "Title": "kernel: svcrdma: bound check rq_pages index in inline path", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsvcrdma: bound check rq_pages index in inline path\n\nsvc_rdma_copy_inline_range indexed rqstp-\u003erq_pages[rc_curpage] without\nverifying rc_curpage stays within the allocated page array. Add guards\nbefore the first use and after advancing to a new page.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71068", "https://git.kernel.org/linus/d1bea0ce35b6095544ee82bb54156fc62c067e58 (6.19-rc3)", "https://git.kernel.org/stable/c/5f140b525180c628db8fa6c897f138194a2de417", "https://git.kernel.org/stable/c/7ba826aae1d43212f3baa53a2175ad949e21926e", "https://git.kernel.org/stable/c/a22316f5e9a29e4b92030bd8fb9435fe0eb1d5c9", "https://git.kernel.org/stable/c/d1bea0ce35b6095544ee82bb54156fc62c067e58", "https://git.kernel.org/stable/c/da1ccfc4c452541584a4eae89e337cfa21be6d5a", "https://linux.oracle.com/cve/CVE-2025-71068.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026011323-CVE-2025-71068-f1a9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71068", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-71068" ], "PublishedDate": "2026-01-13T16:16:06.187Z", "LastModifiedDate": "2026-04-03T16:30:31.23Z" }, { "VulnerabilityID": "CVE-2025-71069", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71069", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:91bc6ebca55697fdc0fe0c9f3e431dfb632af222a9897f194b06fc9fe520e237", "Title": "kernel: f2fs: invalidate dentry cache on failed whiteout creation", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: invalidate dentry cache on failed whiteout creation\n\nF2FS can mount filesystems with corrupted directory depth values that\nget runtime-clamped to MAX_DIR_HASH_DEPTH. When RENAME_WHITEOUT\noperations are performed on such directories, f2fs_rename performs\ndirectory modifications (updating target entry and deleting source\nentry) before attempting to add the whiteout entry via f2fs_add_link.\n\nIf f2fs_add_link fails due to the corrupted directory structure, the\nfunction returns an error to VFS, but the partial directory\nmodifications have already been committed to disk. VFS assumes the\nentire rename operation failed and does not update the dentry cache,\nleaving stale mappings.\n\nIn the error path, VFS does not call d_move() to update the dentry\ncache. This results in new_dentry still pointing to the old inode\n(new_inode) which has already had its i_nlink decremented to zero.\nThe stale cache causes subsequent operations to incorrectly reference\nthe freed inode.\n\nThis causes subsequent operations to use cached dentry information that\nno longer matches the on-disk state. When a second rename targets the\nsame entry, VFS attempts to decrement i_nlink on the stale inode, which\nmay already have i_nlink=0, triggering a WARNING in drop_nlink().\n\nExample sequence:\n1. First rename (RENAME_WHITEOUT): file2 → file1\n - f2fs updates file1 entry on disk (points to inode 8)\n - f2fs deletes file2 entry on disk\n - f2fs_add_link(whiteout) fails (corrupted directory)\n - Returns error to VFS\n - VFS does not call d_move() due to error\n - VFS cache still has: file1 → inode 7 (stale!)\n - inode 7 has i_nlink=0 (already decremented)\n\n2. Second rename: file3 → file1\n - VFS uses stale cache: file1 → inode 7\n - Tries to drop_nlink on inode 7 (i_nlink already 0)\n - WARNING in drop_nlink()\n\nFix this by explicitly invalidating old_dentry and new_dentry when\nf2fs_add_link fails during whiteout creation. This forces VFS to\nrefresh from disk on subsequent operations, ensuring cache consistency\neven when the rename partially succeeds.\n\nReproducer:\n1. Mount F2FS image with corrupted i_current_depth\n2. renameat2(file2, file1, RENAME_WHITEOUT)\n3. renameat2(file3, file1, 0)\n4. System triggers WARNING in drop_nlink()", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "photon": 1, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71069", "https://git.kernel.org/linus/d33f89b34aa313f50f9a512d58dd288999f246b0 (6.19-rc1)", "https://git.kernel.org/stable/c/0dde30753c1e8648665dbe069d814e540ce2fd37", "https://git.kernel.org/stable/c/3d65e27e57aaa9d66709fda4cbfb62a87c04a3f5", "https://git.kernel.org/stable/c/3d95ed8cf980fdfa67a3ab9491357521ae576168", "https://git.kernel.org/stable/c/64587ab4d1f16fc94f70e04fa87b2e3f69f8a7bb", "https://git.kernel.org/stable/c/7f2bae0c881aa1e0a6318756df692cc13df2cc83", "https://git.kernel.org/stable/c/c89845fae250efdd59c1d4ec60e9e1c652cee4b6", "https://git.kernel.org/stable/c/d33f89b34aa313f50f9a512d58dd288999f246b0", "https://lore.kernel.org/linux-cve-announce/2026011324-CVE-2025-71069-33d4@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71069", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-71069" ], "PublishedDate": "2026-01-13T16:16:06.3Z", "LastModifiedDate": "2026-01-19T13:16:16.067Z" }, { "VulnerabilityID": "CVE-2025-71073", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71073", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c670d710401fea621f1666824942f3c37623efed495f84221fe0bf143dd5c8ea", "Title": "kernel: Input: lkkbd - disable pending work before freeing device", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: lkkbd - disable pending work before freeing device\n\nlkkbd_interrupt() schedules lk-\u003etq via schedule_work(), and the work\nhandler lkkbd_reinit() dereferences the lkkbd structure and its\nserio/input_dev fields.\n\nlkkbd_disconnect() and error paths in lkkbd_connect() free the lkkbd\nstructure without preventing the reinit work from being queued again\nuntil serio_close() returns. This can allow the work handler to run\nafter the structure has been freed, leading to a potential use-after-free.\n\nUse disable_work_sync() instead of cancel_work_sync() to ensure the\nreinit work cannot be re-queued, and call it both in lkkbd_disconnect()\nand in lkkbd_connect() error paths after serio_open().", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71073", "https://git.kernel.org/linus/e58c88f0cb2d8ed89de78f6f17409d29cfab6c5c (6.19-rc2)", "https://git.kernel.org/stable/c/3a7cd1397c209076c371d53bf39a55c138f62342", "https://git.kernel.org/stable/c/cffc4e29b1e2d44ab094cf142d7c461ff09b9104", "https://git.kernel.org/stable/c/e58c88f0cb2d8ed89de78f6f17409d29cfab6c5c", "https://lore.kernel.org/linux-cve-announce/2026011325-CVE-2025-71073-b002@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71073", "https://www.cve.org/CVERecord?id=CVE-2025-71073" ], "PublishedDate": "2026-01-13T16:16:06.743Z", "LastModifiedDate": "2026-03-25T19:10:52.603Z" }, { "VulnerabilityID": "CVE-2025-71074", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71074", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0fa1a43a91360fa9ff01faa5749a0b5c3c8cb9b18ebd2036a3fd80a01f01c1ee", "Title": "kernel: functionfs: fix the open/removal races", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfunctionfs: fix the open/removal races\n\nffs_epfile_open() can race with removal, ending up with file-\u003eprivate_data\npointing to freed object.\n\nThere is a total count of opened files on functionfs (both ep0 and\ndynamic ones) and when it hits zero, dynamic files get removed.\nUnfortunately, that removal can happen while another thread is\nin ffs_epfile_open(), but has not incremented the count yet.\nIn that case open will succeed, leaving us with UAF on any subsequent\nread() or write().\n\nThe root cause is that ffs-\u003eopened is misused; atomic_dec_and_test() vs.\natomic_add_return() is not a good idea, when object remains visible all\nalong.\n\nTo untangle that\n\t* serialize openers on ffs-\u003emutex (both for ep0 and for dynamic files)\n\t* have dynamic ones use atomic_inc_not_zero() and fail if we had\nzero -\u003eopened; in that case the file we are opening is doomed.\n\t* have the inodes of dynamic files marked on removal (from the\ncallback of simple_recursive_removal()) - clear -\u003ei_private there.\n\t* have open of dynamic ones verify they hadn't been already removed,\nalong with checking that state is FFS_ACTIVE.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71074", "https://git.kernel.org/linus/e5bf5ee266633cb18fff6f98f0b7d59a62819eee (6.19-rc1)", "https://git.kernel.org/stable/c/b49c766856fb5901490de577e046149ebf15e39d", "https://git.kernel.org/stable/c/e5bf5ee266633cb18fff6f98f0b7d59a62819eee", "https://lore.kernel.org/linux-cve-announce/2026011326-CVE-2025-71074-f3ed@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71074", "https://www.cve.org/CVERecord?id=CVE-2025-71074" ], "PublishedDate": "2026-01-13T16:16:06.86Z", "LastModifiedDate": "2026-03-25T19:03:28.9Z" }, { "VulnerabilityID": "CVE-2025-71075", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71075", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e1132654e13fa0575b177a4e3ffb40b423c063019d92cf1b44ca3945d499c924", "Title": "kernel: scsi: aic94xx: fix use-after-free in device removal path", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: aic94xx: fix use-after-free in device removal path\n\nThe asd_pci_remove() function fails to synchronize with pending tasklets\nbefore freeing the asd_ha structure, leading to a potential\nuse-after-free vulnerability.\n\nWhen a device removal is triggered (via hot-unplug or module unload),\nrace condition can occur.\n\nThe fix adds tasklet_kill() before freeing the asd_ha structure,\nensuring all scheduled tasklets complete before cleanup proceeds.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "azure": 3, "nvd": 3, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71075", "https://git.kernel.org/linus/f6ab594672d4cba08540919a4e6be2e202b60007 (6.19-rc1)", "https://git.kernel.org/stable/c/278455a82245a572aeb218a6212a416a98e418de", "https://git.kernel.org/stable/c/751c19635c2bfaaf2836a533caa3663633066dcf", "https://git.kernel.org/stable/c/a41dc180b6e1229ae49ca290ae14d82101c148c3", "https://git.kernel.org/stable/c/b3e655e52b98a1d3df41c8e42035711e083099f8", "https://git.kernel.org/stable/c/c8f6f88cd1df35155258285c4f43268b361819df", "https://git.kernel.org/stable/c/e354793a7ab9bb0934ea699a9d57bcd1b48fc27b", "https://git.kernel.org/stable/c/f6ab594672d4cba08540919a4e6be2e202b60007", "https://linux.oracle.com/cve/CVE-2025-71075.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026011326-CVE-2025-71075-c85d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71075", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-71075" ], "PublishedDate": "2026-01-13T16:16:06.977Z", "LastModifiedDate": "2026-03-25T19:03:18.287Z" }, { "VulnerabilityID": "CVE-2025-71077", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71077", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8ead6d596ce6ffe4e6a61cd80391e1a14d3cdd4b6a03ceaf980f6d41907a67f2", "Title": "kernel: tpm: Cap the number of PCR banks", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: Cap the number of PCR banks\n\ntpm2_get_pcr_allocation() does not cap any upper limit for the number of\nbanks. Cap the limit to eight banks so that out of bounds values coming\nfrom external I/O cause on only limited harm.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71077", "https://git.kernel.org/linus/faf07e611dfa464b201223a7253e9dc5ee0f3c9e (6.19-rc1)", "https://git.kernel.org/stable/c/275c686f1e3cc056ec66c764489ec1fe1e51b950", "https://git.kernel.org/stable/c/858344bc9210bea9ab2bdc7e9e331ba84c164e50", "https://git.kernel.org/stable/c/8ceee7288152bc121a6bf92997261838c78bfe06", "https://git.kernel.org/stable/c/b69492161c056d36789aee42a87a33c18c8ed5e1", "https://git.kernel.org/stable/c/ceb70d31da5671d298bad94ae6c20e4bbb800f96", "https://git.kernel.org/stable/c/d88481653d74d622d1d0d2c9bad845fc2cc6fd23", "https://git.kernel.org/stable/c/faf07e611dfa464b201223a7253e9dc5ee0f3c9e", "https://linux.oracle.com/cve/CVE-2025-71077.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026011327-CVE-2025-71077-6e08@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71077", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-71077" ], "PublishedDate": "2026-01-13T16:16:07.2Z", "LastModifiedDate": "2026-03-25T19:00:14.08Z" }, { "VulnerabilityID": "CVE-2025-71078", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71078", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:22d74fa08e6d8a5287065c4b6660b6272ce28f389f3c3016d2897db3effa9dd2", "Title": "kernel: powerpc/64s/slb: Fix SLB multihit issue during SLB preload", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/64s/slb: Fix SLB multihit issue during SLB preload\n\nOn systems using the hash MMU, there is a software SLB preload cache that\nmirrors the entries loaded into the hardware SLB buffer. This preload\ncache is subject to periodic eviction — typically after every 256 context\nswitches — to remove old entry.\n\nTo optimize performance, the kernel skips switch_mmu_context() in\nswitch_mm_irqs_off() when the prev and next mm_struct are the same.\nHowever, on hash MMU systems, this can lead to inconsistencies between\nthe hardware SLB and the software preload cache.\n\nIf an SLB entry for a process is evicted from the software cache on one\nCPU, and the same process later runs on another CPU without executing\nswitch_mmu_context(), the hardware SLB may retain stale entries. If the\nkernel then attempts to reload that entry, it can trigger an SLB\nmulti-hit error.\n\nThe following timeline shows how stale SLB entries are created and can\ncause a multi-hit error when a process moves between CPUs without a\nMMU context switch.\n\nCPU 0 CPU 1\n----- -----\nProcess P\nexec swapper/1\n load_elf_binary\n begin_new_exc\n activate_mm\n switch_mm_irqs_off\n switch_mmu_context\n switch_slb\n /*\n * This invalidates all\n * the entries in the HW\n * and setup the new HW\n * SLB entries as per the\n * preload cache.\n */\ncontext_switch\nsched_migrate_task migrates process P to cpu-1\n\nProcess swapper/0 context switch (to process P)\n(uses mm_struct of Process P) switch_mm_irqs_off()\n switch_slb\n load_slb++\n /*\n * load_slb becomes 0 here\n * and we evict an entry from\n * the preload cache with\n * preload_age(). We still\n * keep HW SLB and preload\n * cache in sync, that is\n * because all HW SLB entries\n * anyways gets evicted in\n * switch_slb during SLBIA.\n * We then only add those\n * entries back in HW SLB,\n * which are currently\n * present in preload_cache\n * (after eviction).\n */\n load_elf_binary continues...\n setup_new_exec()\n slb_setup_new_exec()\n\n sched_switch event\n sched_migrate_task migrates\n process P to cpu-0\n\ncontext_switch from swapper/0 to Process P\n switch_mm_irqs_off()\n /*\n * Since both prev and next mm struct are same we don't call\n * switch_mmu_context(). This will cause the HW SLB and SW preload\n * cache to go out of sync in preload_new_slb_context. Because there\n * was an SLB entry which was evicted from both HW and preload cache\n * on cpu-1. Now later in preload_new_slb_context(), when we will try\n * to add the same preload entry again, we will add this to the SW\n * preload cache and then will add it to the HW SLB. Since on cpu-0\n * this entry was never invalidated, hence adding this entry to the HW\n * SLB will cause a SLB multi-hit error.\n */\nload_elf_binary cont\n---truncated---", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71078", "https://git.kernel.org/linus/00312419f0863964625d6dcda8183f96849412c6 (6.19-rc1)", "https://git.kernel.org/stable/c/00312419f0863964625d6dcda8183f96849412c6", "https://git.kernel.org/stable/c/01324c0328181b94cf390bda22ff91c75126ea57", "https://git.kernel.org/stable/c/2e9a95d60f1df7b57618fd5ef057aef331575bd2", "https://git.kernel.org/stable/c/4ae1e46d8a290319f33f71a2710a1382ba5431e8", "https://git.kernel.org/stable/c/895123c309a34d2cfccf7812b41e17261a3a6f37", "https://git.kernel.org/stable/c/b13a3dbfa196af68eae2031f209743735ad416bf", "https://git.kernel.org/stable/c/c9f865022a1823d814032a09906e91e4701a35fc", "https://lore.kernel.org/linux-cve-announce/2026011337-CVE-2025-71078-9a51@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71078", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-71078" ], "PublishedDate": "2026-01-13T16:16:07.317Z", "LastModifiedDate": "2026-03-25T19:46:32.647Z" }, { "VulnerabilityID": "CVE-2025-71079", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71079", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:918ee2b7f867e5ebf3d777b3cd11bfca7c5b753c4f0a0c33c2e64a6a4e08e7fc", "Title": "kernel: net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write\n\nA deadlock can occur between nfc_unregister_device() and rfkill_fop_write()\ndue to lock ordering inversion between device_lock and rfkill_global_mutex.\n\nThe problematic lock order is:\n\nThread A (rfkill_fop_write):\n rfkill_fop_write()\n mutex_lock(\u0026rfkill_global_mutex)\n rfkill_set_block()\n nfc_rfkill_set_block()\n nfc_dev_down()\n device_lock(\u0026dev-\u003edev) \u003c- waits for device_lock\n\nThread B (nfc_unregister_device):\n nfc_unregister_device()\n device_lock(\u0026dev-\u003edev)\n rfkill_unregister()\n mutex_lock(\u0026rfkill_global_mutex) \u003c- waits for rfkill_global_mutex\n\nThis creates a classic ABBA deadlock scenario.\n\nFix this by moving rfkill_unregister() and rfkill_destroy() outside the\ndevice_lock critical section. Store the rfkill pointer in a local variable\nbefore releasing the lock, then call rfkill_unregister() after releasing\ndevice_lock.\n\nThis change is safe because rfkill_fop_write() holds rfkill_global_mutex\nwhile calling the rfkill callbacks, and rfkill_unregister() also acquires\nrfkill_global_mutex before cleanup. Therefore, rfkill_unregister() will\nwait for any ongoing callback to complete before proceeding, and\ndevice_del() is only called after rfkill_unregister() returns, preventing\nany use-after-free.\n\nThe similar lock ordering in nfc_register_device() (device_lock -\u003e\nrfkill_global_mutex via rfkill_register) is safe because during\nregistration the device is not yet in rfkill_list, so no concurrent\nrfkill operations can occur on this device.", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "azure": 2, "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71079", "https://git.kernel.org/linus/1ab526d97a57e44d26fadcc0e9adeb9c0c0182f5 (6.19-rc4)", "https://git.kernel.org/stable/c/1ab526d97a57e44d26fadcc0e9adeb9c0c0182f5", "https://git.kernel.org/stable/c/2e0831e9fc46a06daa6d4d8d57a2738e343130c3", "https://git.kernel.org/stable/c/6b93c8ab6f6cda8818983a4ae3fcf84b023037b4", "https://git.kernel.org/stable/c/8fc4632fb508432895430cd02b38086bdd649083", "https://git.kernel.org/stable/c/e02a1c33f10a0ed3aba855ab8ae2b6c4c5be8012", "https://git.kernel.org/stable/c/ee41f4f3ccf8cd6ba3732e867abbec7e6d8d12e5", "https://git.kernel.org/stable/c/f3a8a7c1aa278f2378b2f3a10500c6674dffdfda", "https://lore.kernel.org/linux-cve-announce/2026011338-CVE-2025-71079-9f24@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71079", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-71079" ], "PublishedDate": "2026-01-13T16:16:07.433Z", "LastModifiedDate": "2026-03-25T19:44:18.643Z" }, { "VulnerabilityID": "CVE-2025-71081", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71081", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a7ba32eb6aa3010abcaa9b9004c0b5ef8cfc7d252224fd26900c87b75bb97fe7", "Title": "kernel: ASoC: stm32: sai: fix OF node leak on probe", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: stm32: sai: fix OF node leak on probe\n\nThe reference taken to the sync provider OF node when probing the\nplatform device is currently only dropped if the set_sync() callback\nfails during DAI probe.\n\nMake sure to drop the reference on platform probe failures (e.g. probe\ndeferral) and on driver unbind.\n\nThis also avoids a potential use-after-free in case the DAI is ever\nreprobed without first rebinding the platform driver.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71081", "https://git.kernel.org/linus/23261f0de09427367e99f39f588e31e2856a690e (6.19-rc1)", "https://git.kernel.org/stable/c/23261f0de09427367e99f39f588e31e2856a690e", "https://git.kernel.org/stable/c/3752afcc6d80d5525e236e329895ba2cb93bcb26", "https://git.kernel.org/stable/c/4054a3597d047f3fe87864ef87f399b5d523e6c0", "https://git.kernel.org/stable/c/7daa50a2157e41c964b745ab1dc378b5b3b626d1", "https://git.kernel.org/stable/c/acda653169e180b1d860dbb6bc5aceb105858394", "https://git.kernel.org/stable/c/bae74771fc5d3b2a9cf6f5aa64596083d032c4a3", "https://lore.kernel.org/linux-cve-announce/2026011338-CVE-2025-71081-df43@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71081", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-71081" ], "PublishedDate": "2026-01-13T16:16:07.66Z", "LastModifiedDate": "2026-03-25T19:39:35.977Z" }, { "VulnerabilityID": "CVE-2025-71082", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71082", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7f63749de0ba614cfcac25b67c15c21c95572c569c5aaee9ce654f7be474e32d", "Title": "kernel: Bluetooth: btusb: revert use of devm_kzalloc in btusb", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btusb: revert use of devm_kzalloc in btusb\n\nThis reverts commit 98921dbd00c4e (\"Bluetooth: Use devm_kzalloc in\nbtusb.c file\").\n\nIn btusb_probe(), we use devm_kzalloc() to allocate the btusb data. This\nties the lifetime of all the btusb data to the binding of a driver to\none interface, INTF. In a driver that binds to other interfaces, ISOC\nand DIAG, this is an accident waiting to happen.\n\nThe issue is revealed in btusb_disconnect(), where calling\nusb_driver_release_interface(\u0026btusb_driver, data-\u003eintf) will have devm\nfree the data that is also being used by the other interfaces of the\ndriver that may not be released yet.\n\nTo fix this, revert the use of devm and go back to freeing memory\nexplicitly.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 3, "nvd": 3, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71082", "https://git.kernel.org/linus/252714f1e8bdd542025b16321c790458014d6880 (6.19-rc4)", "https://git.kernel.org/stable/c/1e54c19eaf84ba652c4e376571093e58e144b339", "https://git.kernel.org/stable/c/252714f1e8bdd542025b16321c790458014d6880", "https://git.kernel.org/stable/c/c0ecb3e4451fe94f4315e6d09c4046dfbc42090b", "https://git.kernel.org/stable/c/cca0e9206e3bcc63cd3e72193e60149165d493cc", "https://git.kernel.org/stable/c/fdf7c640fb8a44a59b0671143d8c2f738bc48003", "https://git.kernel.org/stable/c/fff9206b0907252a41eb12b7c1407b9347df18b1", "https://linux.oracle.com/cve/CVE-2025-71082.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026011339-CVE-2025-71082-ef8a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71082", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-71082" ], "PublishedDate": "2026-01-13T16:16:07.78Z", "LastModifiedDate": "2026-03-25T19:38:23.75Z" }, { "VulnerabilityID": "CVE-2025-71083", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71083", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:39bd5ad0c42b26a07d67dc1e19083c857ce96cb1d5700b6d5cbefd212ef54721", "Title": "kernel: Kernel: Denial of Service via NULL pointer dereference in drm/ttm", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/ttm: Avoid NULL pointer deref for evicted BOs\n\nIt is possible for a BO to exist that is not currently associated with a\nresource, e.g. because it has been evicted.\n\nWhen devcoredump tries to read the contents of all BOs for dumping, we need\nto expect this as well -- in this case, ENODATA is recorded instead of the\nbuffer contents.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71083", "https://git.kernel.org/linus/491adc6a0f9903c32b05f284df1148de39e8e644 (6.19-rc1)", "https://git.kernel.org/stable/c/3d004f7341d4898889801ebb2ef61ffca610dd6f", "https://git.kernel.org/stable/c/47a85604a761005d255ae38115ee630cc6931756", "https://git.kernel.org/stable/c/491adc6a0f9903c32b05f284df1148de39e8e644", "https://git.kernel.org/stable/c/4b9944493c6d92d7b29cfd83aaf3deb842b8da79", "https://git.kernel.org/stable/c/5a81095d3e1b521ac7cfe3b14d5f149bace3d6e0", "https://git.kernel.org/stable/c/b94182b3d7228aec18d069cba56d5982e9bfe1b1", "https://linux.oracle.com/cve/CVE-2025-71083.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026011339-CVE-2025-71083-ddb3@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71083", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-71083" ], "PublishedDate": "2026-01-13T16:16:07.893Z", "LastModifiedDate": "2026-03-25T19:35:32.66Z" }, { "VulnerabilityID": "CVE-2025-71084", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71084", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c4197b469107283dd2a41b262e2f8e22f67a7192fa23b44e55b6ed8ca9ae1cc6", "Title": "kernel: RDMA/cm: Fix leaking the multicast GID table reference", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/cm: Fix leaking the multicast GID table reference\n\nIf the CM ID is destroyed while the CM event for multicast creating is\nstill queued the cancel_work_sync() will prevent the work from running\nwhich also prevents destroying the ah_attr. This leaks a refcount and\ntriggers a WARN:\n\n GID entry ref leak for dev syz1 index 2 ref=573\n WARNING: CPU: 1 PID: 655 at drivers/infiniband/core/cache.c:809 release_gid_table drivers/infiniband/core/cache.c:806 [inline]\n WARNING: CPU: 1 PID: 655 at drivers/infiniband/core/cache.c:809 gid_table_release_one+0x284/0x3cc drivers/infiniband/core/cache.c:886\n\nDestroy the ah_attr after canceling the work, it is safe to call this\ntwice.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71084", "https://git.kernel.org/linus/57f3cb6c84159d12ba343574df2115fb18dd83ca (6.19-rc4)", "https://git.kernel.org/stable/c/3ba6d01c4b3c584264dc733c6a2ecc5bbc8e0bb5", "https://git.kernel.org/stable/c/57f3cb6c84159d12ba343574df2115fb18dd83ca", "https://git.kernel.org/stable/c/5cb34bb5fd726491b809efbeb5cfd63ae5bf9cf3", "https://git.kernel.org/stable/c/ab668a58c4a2ccb6d54add7a76f2f955d15d0196", "https://git.kernel.org/stable/c/abf38398724ecc888f62c678d288da40d11878af", "https://git.kernel.org/stable/c/c0acdee513239e1d6e1b490f56be0e6837dfd162", "https://git.kernel.org/stable/c/d5ce588a9552878859a4d44b70b724216c188a5f", "https://linux.oracle.com/cve/CVE-2025-71084.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026011339-CVE-2025-71084-52a2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71084", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-71084" ], "PublishedDate": "2026-01-13T16:16:08.007Z", "LastModifiedDate": "2026-03-25T19:33:26.91Z" }, { "VulnerabilityID": "CVE-2025-71085", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71085", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e74d1abe5af9574d727aad1c9078becccd9db11ea6cfa70937413b4ee37f1a21", "Title": "kernel: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()\n\nThere exists a kernel oops caused by a BUG_ON(nhead \u003c 0) at\nnet/core/skbuff.c:2232 in pskb_expand_head().\nThis bug is triggered as part of the calipso_skbuff_setattr()\nroutine when skb_cow() is passed headroom \u003e INT_MAX\n(i.e. (int)(skb_headroom(skb) + len_delta) \u003c 0).\n\nThe root cause of the bug is due to an implicit integer cast in\n__skb_cow(). The check (headroom \u003e skb_headroom(skb)) is meant to ensure\nthat delta = headroom - skb_headroom(skb) is never negative, otherwise\nwe will trigger a BUG_ON in pskb_expand_head(). However, if\nheadroom \u003e INT_MAX and delta \u003c= -NET_SKB_PAD, the check passes, delta\nbecomes negative, and pskb_expand_head() is passed a negative value for\nnhead.\n\nFix the trigger condition in calipso_skbuff_setattr(). Avoid passing\n\"negative\" headroom sizes to skb_cow() within calipso_skbuff_setattr()\nby only using skb_cow() to grow headroom.\n\nPoC:\n\tUsing `netlabelctl` tool:\n\n netlabelctl map del default\n netlabelctl calipso add pass doi:7\n netlabelctl map add default address:0::1/128 protocol:calipso,7\n\n Then run the following PoC:\n\n int fd = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);\n\n // setup msghdr\n int cmsg_size = 2;\n int cmsg_len = 0x60;\n struct msghdr msg;\n struct sockaddr_in6 dest_addr;\n struct cmsghdr * cmsg = (struct cmsghdr *) calloc(1,\n sizeof(struct cmsghdr) + cmsg_len);\n msg.msg_name = \u0026dest_addr;\n msg.msg_namelen = sizeof(dest_addr);\n msg.msg_iov = NULL;\n msg.msg_iovlen = 0;\n msg.msg_control = cmsg;\n msg.msg_controllen = cmsg_len;\n msg.msg_flags = 0;\n\n // setup sockaddr\n dest_addr.sin6_family = AF_INET6;\n dest_addr.sin6_port = htons(31337);\n dest_addr.sin6_flowinfo = htonl(31337);\n dest_addr.sin6_addr = in6addr_loopback;\n dest_addr.sin6_scope_id = 31337;\n\n // setup cmsghdr\n cmsg-\u003ecmsg_len = cmsg_len;\n cmsg-\u003ecmsg_level = IPPROTO_IPV6;\n cmsg-\u003ecmsg_type = IPV6_HOPOPTS;\n char * hop_hdr = (char *)cmsg + sizeof(struct cmsghdr);\n hop_hdr[1] = 0x9; //set hop size - (0x9 + 1) * 8 = 80\n\n sendmsg(fd, \u0026msg, 0);", "Severity": "MEDIUM", "CweIDs": [ "CWE-617" ], "VendorSeverity": { "alma": 2, "amazon": 3, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:3488", "https://access.redhat.com/security/cve/CVE-2025-71085", "https://bugzilla.redhat.com/2414482", "https://bugzilla.redhat.com/2429026", "https://bugzilla.redhat.com/2436802", "https://bugzilla.redhat.com/show_bug.cgi?id=2414482", "https://bugzilla.redhat.com/show_bug.cgi?id=2429026", "https://bugzilla.redhat.com/show_bug.cgi?id=2436802", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40168", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-71085", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23097", "https://errata.almalinux.org/9/ALSA-2026-3488.html", "https://errata.rockylinux.org/RLSA-2026:3488", "https://git.kernel.org/linus/58fc7342b529803d3c221101102fe913df7adb83 (6.19-rc4)", "https://git.kernel.org/stable/c/2bb759062efa188ea5d07242a43e5aa5464bbae1", "https://git.kernel.org/stable/c/58fc7342b529803d3c221101102fe913df7adb83", "https://git.kernel.org/stable/c/6b7522424529556c9cbc15e15e7bd4eeae310910", "https://git.kernel.org/stable/c/73744ad5696dce0e0f43872aba8de6a83d6ad570", "https://git.kernel.org/stable/c/86f365897068d09418488165a68b23cb5baa37f2", "https://git.kernel.org/stable/c/bf3709738d8a8cc6fa275773170c5c29511a0b24", "https://git.kernel.org/stable/c/c53aa6a5086f03f19564096ee084a202a8c738c0", "https://linux.oracle.com/cve/CVE-2025-71085.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026011340-CVE-2025-71085-e6c1@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71085", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-71085" ], "PublishedDate": "2026-01-13T16:16:08.117Z", "LastModifiedDate": "2026-03-25T18:57:30.837Z" }, { "VulnerabilityID": "CVE-2025-71086", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71086", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:fc319d9a99d927a548730b0a6d90fe107e809df2f14d6f80439805fde4ba0b35", "Title": "kernel: net: rose: fix invalid array index in rose_kill_by_device()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rose: fix invalid array index in rose_kill_by_device()\n\nrose_kill_by_device() collects sockets into a local array[] and then\niterates over them to disconnect sockets bound to a device being brought\ndown.\n\nThe loop mistakenly indexes array[cnt] instead of array[i]. For cnt \u003c\nARRAY_SIZE(array), this reads an uninitialized entry; for cnt ==\nARRAY_SIZE(array), it is an out-of-bounds read. Either case can lead to\nan invalid socket pointer dereference and also leaks references taken\nvia sock_hold().\n\nFix the index to use i.", "Severity": "MEDIUM", "CweIDs": [ "CWE-129" ], "VendorSeverity": { "nvd": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71086", "https://git.kernel.org/linus/6595beb40fb0ec47223d3f6058ee40354694c8e4 (6.19-rc4)", "https://git.kernel.org/stable/c/1418c12cd3bba79dc56b57b61c99efe40f579981", "https://git.kernel.org/stable/c/6595beb40fb0ec47223d3f6058ee40354694c8e4", "https://git.kernel.org/stable/c/819fb41ae54960f66025802400c9d3935eef4042", "https://git.kernel.org/stable/c/92d900aac3a5721fb54f3328f1e089b44a861c38", "https://git.kernel.org/stable/c/9f6185a32496834d6980b168cffcccc2d6b17280", "https://git.kernel.org/stable/c/b409ba9e1e63ccf3ab4cc061e33c1f804183543e", "https://git.kernel.org/stable/c/ed2639414d43ba037f798eaf619e878309310451", "https://lore.kernel.org/linux-cve-announce/2026011340-CVE-2025-71086-18be@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71086", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-71086" ], "PublishedDate": "2026-01-13T16:16:08.23Z", "LastModifiedDate": "2026-03-25T18:57:17.753Z" }, { "VulnerabilityID": "CVE-2025-71087", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71087", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f279a5ee04f16e8bdf69fc4a8cc29e071ac6d56f6019f3b0318e6e467eaa7bfe", "Title": "kernel: iavf: fix off-by-one issues in iavf_config_rss_reg()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: fix off-by-one issues in iavf_config_rss_reg()\n\nThere are off-by-one bugs when configuring RSS hash key and lookup\ntable, causing out-of-bounds reads to memory [1] and out-of-bounds\nwrites to device registers.\n\nBefore commit 43a3d9ba34c9 (\"i40evf: Allow PF driver to configure RSS\"),\nthe loop upper bounds were:\n i \u003c= I40E_VFQF_{HKEY,HLUT}_MAX_INDEX\nwhich is safe since the value is the last valid index.\n\nThat commit changed the bounds to:\n i \u003c= adapter-\u003erss_{key,lut}_size / 4\nwhere `rss_{key,lut}_size / 4` is the number of dwords, so the last\nvalid index is `(rss_{key,lut}_size / 4) - 1`. Therefore, using `\u003c=`\naccesses one element past the end.\n\nFix the issues by using `\u003c` instead of `\u003c=`, ensuring we do not exceed\nthe bounds.\n\n[1] KASAN splat about rss_key_size off-by-one\n BUG: KASAN: slab-out-of-bounds in iavf_config_rss+0x619/0x800\n Read of size 4 at addr ffff888102c50134 by task kworker/u8:6/63\n\n CPU: 0 UID: 0 PID: 63 Comm: kworker/u8:6 Not tainted 6.18.0-rc2-enjuk-tnguy-00378-g3005f5b77652-dirty #156 PREEMPT(voluntary)\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n Workqueue: iavf iavf_watchdog_task\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x6f/0xb0\n print_report+0x170/0x4f3\n kasan_report+0xe1/0x1a0\n iavf_config_rss+0x619/0x800\n iavf_watchdog_task+0x2be7/0x3230\n process_one_work+0x7fd/0x1420\n worker_thread+0x4d1/0xd40\n kthread+0x344/0x660\n ret_from_fork+0x249/0x320\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\n Allocated by task 63:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x7f/0x90\n __kmalloc_noprof+0x246/0x6f0\n iavf_watchdog_task+0x28fc/0x3230\n process_one_work+0x7fd/0x1420\n worker_thread+0x4d1/0xd40\n kthread+0x344/0x660\n ret_from_fork+0x249/0x320\n ret_from_fork_asm+0x1a/0x30\n\n The buggy address belongs to the object at ffff888102c50100\n which belongs to the cache kmalloc-64 of size 64\n The buggy address is located 0 bytes to the right of\n allocated 52-byte region [ffff888102c50100, ffff888102c50134)\n\n The buggy address belongs to the physical page:\n page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c50\n flags: 0x200000000000000(node=0|zone=2)\n page_type: f5(slab)\n raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000\n raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n ffff888102c50000: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc\n ffff888102c50080: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc\n \u003effff888102c50100: 00 00 00 00 00 00 04 fc fc fc fc fc fc fc fc fc\n ^\n ffff888102c50180: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc\n ffff888102c50200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc", "Severity": "MEDIUM", "CweIDs": [ "CWE-193" ], "VendorSeverity": { "azure": 3, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 6.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71087", "https://git.kernel.org/linus/6daa2893f323981c7894c68440823326e93a7d61 (6.19-rc4)", "https://git.kernel.org/stable/c/18de0e41d69d97fab10b91fecf10ae78a5e43232", "https://git.kernel.org/stable/c/3095228e1320371e143835d0cebeef1a8a754c66", "https://git.kernel.org/stable/c/5bb18bfd505ca1affbca921462c350095a6c798c", "https://git.kernel.org/stable/c/6daa2893f323981c7894c68440823326e93a7d61", "https://git.kernel.org/stable/c/ceb8459df28d22c225a82d74c0f725f2a935d194", "https://git.kernel.org/stable/c/d7369dc8dd7cbf5cee3a22610028d847b6f02982", "https://git.kernel.org/stable/c/f36de3045d006e6d9be1be495f2ed88d1721e752", "https://linux.oracle.com/cve/CVE-2025-71087.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026011340-CVE-2025-71087-53c4@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71087", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-71087" ], "PublishedDate": "2026-01-13T16:16:08.343Z", "LastModifiedDate": "2026-03-25T18:57:03.82Z" }, { "VulnerabilityID": "CVE-2025-71089", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71089", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d89246545b347935d45420fd92c251e0bd0253fe4c4665086e34020dbbe41664", "Title": "kernel: iommu: disable SVA when CONFIG_X86 is set", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu: disable SVA when CONFIG_X86 is set\n\nPatch series \"Fix stale IOTLB entries for kernel address space\", v7.\n\nThis proposes a fix for a security vulnerability related to IOMMU Shared\nVirtual Addressing (SVA). In an SVA context, an IOMMU can cache kernel\npage table entries. When a kernel page table page is freed and\nreallocated for another purpose, the IOMMU might still hold stale,\nincorrect entries. This can be exploited to cause a use-after-free or\nwrite-after-free condition, potentially leading to privilege escalation or\ndata corruption.\n\nThis solution introduces a deferred freeing mechanism for kernel page\ntable pages, which provides a safe window to notify the IOMMU to\ninvalidate its caches before the page is reused.\n\n\nThis patch (of 8):\n\nIn the IOMMU Shared Virtual Addressing (SVA) context, the IOMMU hardware\nshares and walks the CPU's page tables. The x86 architecture maps the\nkernel's virtual address space into the upper portion of every process's\npage table. Consequently, in an SVA context, the IOMMU hardware can walk\nand cache kernel page table entries.\n\nThe Linux kernel currently lacks a notification mechanism for kernel page\ntable changes, specifically when page table pages are freed and reused. \nThe IOMMU driver is only notified of changes to user virtual address\nmappings. This can cause the IOMMU's internal caches to retain stale\nentries for kernel VA.\n\nUse-After-Free (UAF) and Write-After-Free (WAF) conditions arise when\nkernel page table pages are freed and later reallocated. The IOMMU could\nmisinterpret the new data as valid page table entries. The IOMMU might\nthen walk into attacker-controlled memory, leading to arbitrary physical\nmemory DMA access or privilege escalation. This is also a\nWrite-After-Free issue, as the IOMMU will potentially continue to write\nAccessed and Dirty bits to the freed memory while attempting to walk the\nstale page tables.\n\nCurrently, SVA contexts are unprivileged and cannot access kernel\nmappings. However, the IOMMU will still walk kernel-only page tables all\nthe way down to the leaf entries, where it realizes the mapping is for the\nkernel and errors out. This means the IOMMU still caches these\nintermediate page table entries, making the described vulnerability a real\nconcern.\n\nDisable SVA on x86 architecture until the IOMMU can receive notification\nto flush the paging cache before freeing the CPU kernel page table pages.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71089", "https://git.kernel.org/linus/72f98ef9a4be30d2a60136dd6faee376f780d06c (6.19-rc1)", "https://git.kernel.org/stable/c/240cd7f2812cc25496b12063d11c823618f364e9", "https://git.kernel.org/stable/c/72f98ef9a4be30d2a60136dd6faee376f780d06c", "https://git.kernel.org/stable/c/7cad37e358970af1bb49030ff01f06a69fa7d985", "https://git.kernel.org/stable/c/b34289505180a83607fcfdce14b5a290d0528476", "https://git.kernel.org/stable/c/c2c3f1a3fd74ef16cf115f0c558616a13a8471b4", "https://git.kernel.org/stable/c/c341dee80b5df49a936182341b36395c831c2661", "https://linux.oracle.com/cve/CVE-2025-71089.html", "https://linux.oracle.com/errata/ELSA-2026-50112.html", "https://lore.kernel.org/linux-cve-announce/2026011341-CVE-2025-71089-a642@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71089", "https://www.cve.org/CVERecord?id=CVE-2025-71089" ], "PublishedDate": "2026-01-13T16:16:08.583Z", "LastModifiedDate": "2026-04-02T09:16:20.12Z" }, { "VulnerabilityID": "CVE-2025-71091", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71091", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:309e66f9d98a81d16930d46a8b0d2b22c6a7471ffcff9674afa49c8b55559c7b", "Title": "kernel: team: fix check for port enabled in team_queue_override_port_prio_changed()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nteam: fix check for port enabled in team_queue_override_port_prio_changed()\n\nThere has been a syzkaller bug reported recently with the following\ntrace:\n\nlist_del corruption, ffff888058bea080-\u003eprev is LIST_POISON2 (dead000000000122)\n------------[ cut here ]------------\nkernel BUG at lib/list_debug.c:59!\nOops: invalid opcode: 0000 [#1] SMP KASAN NOPTI\nCPU: 3 UID: 0 PID: 21246 Comm: syz.0.2928 Not tainted syzkaller #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nRIP: 0010:__list_del_entry_valid_or_report+0x13e/0x200 lib/list_debug.c:59\nCode: 48 c7 c7 e0 71 f0 8b e8 30 08 ef fc 90 0f 0b 48 89 ef e8 a5 02 55 fd 48 89 ea 48 89 de 48 c7 c7 40 72 f0 8b e8 13 08 ef fc 90 \u003c0f\u003e 0b 48 89 ef e8 88 02 55 fd 48 89 ea 48 b8 00 00 00 00 00 fc ff\nRSP: 0018:ffffc9000d49f370 EFLAGS: 00010286\nRAX: 000000000000004e RBX: ffff888058bea080 RCX: ffffc9002817d000\nRDX: 0000000000000000 RSI: ffffffff819becc6 RDI: 0000000000000005\nRBP: dead000000000122 R08: 0000000000000005 R09: 0000000000000000\nR10: 0000000080000000 R11: 0000000000000001 R12: ffff888039e9c230\nR13: ffff888058bea088 R14: ffff888058bea080 R15: ffff888055461480\nFS: 00007fbbcfe6f6c0(0000) GS:ffff8880d6d0a000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000110c3afcb0 CR3: 00000000382c7000 CR4: 0000000000352ef0\nCall Trace:\n \u003cTASK\u003e\n __list_del_entry_valid include/linux/list.h:132 [inline]\n __list_del_entry include/linux/list.h:223 [inline]\n list_del_rcu include/linux/rculist.h:178 [inline]\n __team_queue_override_port_del drivers/net/team/team_core.c:826 [inline]\n __team_queue_override_port_del drivers/net/team/team_core.c:821 [inline]\n team_queue_override_port_prio_changed drivers/net/team/team_core.c:883 [inline]\n team_priority_option_set+0x171/0x2f0 drivers/net/team/team_core.c:1534\n team_option_set drivers/net/team/team_core.c:376 [inline]\n team_nl_options_set_doit+0x8ae/0xe60 drivers/net/team/team_core.c:2653\n genl_family_rcv_msg_doit+0x209/0x2f0 net/netlink/genetlink.c:1115\n genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\n genl_rcv_msg+0x55c/0x800 net/netlink/genetlink.c:1210\n netlink_rcv_skb+0x158/0x420 net/netlink/af_netlink.c:2552\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\n netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]\n netlink_unicast+0x5aa/0x870 net/netlink/af_netlink.c:1346\n netlink_sendmsg+0x8c8/0xdd0 net/netlink/af_netlink.c:1896\n sock_sendmsg_nosec net/socket.c:727 [inline]\n __sock_sendmsg net/socket.c:742 [inline]\n ____sys_sendmsg+0xa98/0xc70 net/socket.c:2630\n ___sys_sendmsg+0x134/0x1d0 net/socket.c:2684\n __sys_sendmsg+0x16d/0x220 net/socket.c:2716\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0xfa0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nThe problem is in this flow:\n1) Port is enabled, queue_id != 0, in qom_list\n2) Port gets disabled\n -\u003e team_port_disable()\n -\u003e team_queue_override_port_del()\n -\u003e del (removed from list)\n3) Port is disabled, queue_id != 0, not in any list\n4) Priority changes\n -\u003e team_queue_override_port_prio_changed()\n -\u003e checks: port disabled \u0026\u0026 queue_id != 0\n -\u003e calls del - hits the BUG as it is removed already\n\nTo fix this, change the check in team_queue_override_port_prio_changed()\nso it returns early if port is not enabled.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 3, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71091", "https://git.kernel.org/linus/932ac51d9953eaf77a1252f79b656d4ca86163c6 (6.19-rc4)", "https://git.kernel.org/stable/c/107d245f84cb4f55f597d31eda34b42a2b7d6952", "https://git.kernel.org/stable/c/25029e813c4aae5fcf7118e8dd5c56e382b9a1a3", "https://git.kernel.org/stable/c/53a727a8bfd78c739e130a781192d0f6f8e03d39", "https://git.kernel.org/stable/c/6bfb62b6010a16112dcae52f490e5e0e6abe12a3", "https://git.kernel.org/stable/c/932ac51d9953eaf77a1252f79b656d4ca86163c6", "https://git.kernel.org/stable/c/b71187648ef2349254673d0523fdf96d1fe3d758", "https://git.kernel.org/stable/c/f820e438b8ec2a8354e70e75145f05fe45500d97", "https://linux.oracle.com/cve/CVE-2025-71091.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026011342-CVE-2025-71091-860d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71091", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-71091" ], "PublishedDate": "2026-01-13T16:16:08.81Z", "LastModifiedDate": "2026-03-25T18:03:23.35Z" }, { "VulnerabilityID": "CVE-2025-71093", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71093", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b5d9913a83e11bfb6a26aa75be5ecd7f258da87fcc4fcd0ee2ff55801ece35cc", "Title": "kernel: e1000: fix OOB in e1000_tbi_should_accept()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ne1000: fix OOB in e1000_tbi_should_accept()\n\nIn e1000_tbi_should_accept() we read the last byte of the frame via\n'data[length - 1]' to evaluate the TBI workaround. If the descriptor-\nreported length is zero or larger than the actual RX buffer size, this\nread goes out of bounds and can hit unrelated slab objects. The issue\nis observed from the NAPI receive path (e1000_clean_rx_irq):\n\n==================================================================\nBUG: KASAN: slab-out-of-bounds in e1000_tbi_should_accept+0x610/0x790\nRead of size 1 at addr ffff888014114e54 by task sshd/363\n\nCPU: 0 PID: 363 Comm: sshd Not tainted 5.18.0-rc1 #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x5a/0x74\n print_address_description+0x7b/0x440\n print_report+0x101/0x200\n kasan_report+0xc1/0xf0\n e1000_tbi_should_accept+0x610/0x790\n e1000_clean_rx_irq+0xa8c/0x1110\n e1000_clean+0xde2/0x3c10\n __napi_poll+0x98/0x380\n net_rx_action+0x491/0xa20\n __do_softirq+0x2c9/0x61d\n do_softirq+0xd1/0x120\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n __local_bh_enable_ip+0xfe/0x130\n ip_finish_output2+0x7d5/0xb00\n __ip_queue_xmit+0xe24/0x1ab0\n __tcp_transmit_skb+0x1bcb/0x3340\n tcp_write_xmit+0x175d/0x6bd0\n __tcp_push_pending_frames+0x7b/0x280\n tcp_sendmsg_locked+0x2e4f/0x32d0\n tcp_sendmsg+0x24/0x40\n sock_write_iter+0x322/0x430\n vfs_write+0x56c/0xa60\n ksys_write+0xd1/0x190\n do_syscall_64+0x43/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7f511b476b10\nCode: 73 01 c3 48 8b 0d 88 d3 2b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d f9 2b 2c 00 00 75 10 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 8e 9b 01 00 48 89 04 24\nRSP: 002b:00007ffc9211d4e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 0000000000004024 RCX: 00007f511b476b10\nRDX: 0000000000004024 RSI: 0000559a9385962c RDI: 0000000000000003\nRBP: 0000559a9383a400 R08: fffffffffffffff0 R09: 0000000000004f00\nR10: 0000000000000070 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007ffc9211d57f R14: 0000559a9347bde7 R15: 0000000000000003\n \u003c/TASK\u003e\nAllocated by task 1:\n __kasan_krealloc+0x131/0x1c0\n krealloc+0x90/0xc0\n add_sysfs_param+0xcb/0x8a0\n kernel_add_sysfs_param+0x81/0xd4\n param_sysfs_builtin+0x138/0x1a6\n param_sysfs_init+0x57/0x5b\n do_one_initcall+0x104/0x250\n do_initcall_level+0x102/0x132\n do_initcalls+0x46/0x74\n kernel_init_freeable+0x28f/0x393\n kernel_init+0x14/0x1a0\n ret_from_fork+0x22/0x30\nThe buggy address belongs to the object at ffff888014114000\n which belongs to the cache kmalloc-2k of size 2048\nThe buggy address is located 1620 bytes to the right of\n 2048-byte region [ffff888014114000, ffff888014114800]\nThe buggy address belongs to the physical page:\npage:ffffea0000504400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14110\nhead:ffffea0000504400 order:3 compound_mapcount:0 compound_pincount:0\nflags: 0x100000000010200(slab|head|node=0|zone=1)\nraw: 0100000000010200 0000000000000000 dead000000000001 ffff888013442000\nraw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\n==================================================================\n\nThis happens because the TBI check unconditionally dereferences the last\nbyte without validating the reported length first:\n\n\tu8 last_byte = *(data + length - 1);\n\nFix by rejecting the frame early if the length is zero, or if it exceeds\nadapter-\u003erx_buffer_len. This preserves the TBI workaround semantics for\nvalid frames and prevents touching memory beyond the RX buffer.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 3, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71093", "https://git.kernel.org/linus/9c72a5182ed92904d01057f208c390a303f00a0f (6.19-rc4)", "https://git.kernel.org/stable/c/26c8bebc2f25288c2bcac7bc0a7662279a0e817c", "https://git.kernel.org/stable/c/278b7cfe0d4da7502c7fd679b15032f014c92892", "https://git.kernel.org/stable/c/2c4c0c09f9648ba766d399917d420d03e7b3e1f8", "https://git.kernel.org/stable/c/4ccfa56f272241e8d8e2c38191fdbb03df489d80", "https://git.kernel.org/stable/c/9c72a5182ed92904d01057f208c390a303f00a0f", "https://git.kernel.org/stable/c/ad7a2a45e2417ac54089926b520924f8f0d91aea", "https://git.kernel.org/stable/c/ee7c125fb3e8b04dd46510130b9fc92380e5d578", "https://linux.oracle.com/cve/CVE-2025-71093.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026011343-CVE-2025-71093-387f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71093", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-71093" ], "PublishedDate": "2026-01-13T16:16:09.033Z", "LastModifiedDate": "2026-03-25T17:41:23.91Z" }, { "VulnerabilityID": "CVE-2025-71094", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71094", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:35905f01a518294fcca89ff86cae62461a2e65c19591b771b6bbfa1e0f41d240", "Title": "kernel: net: usb: asix: validate PHY address before use", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: asix: validate PHY address before use\n\nThe ASIX driver reads the PHY address from the USB device via\nasix_read_phy_addr(). A malicious or faulty device can return an\ninvalid address (\u003e= PHY_MAX_ADDR), which causes a warning in\nmdiobus_get_phy():\n\n addr 207 out of range\n WARNING: drivers/net/phy/mdio_bus.c:76\n\nValidate the PHY address in asix_read_phy_addr() and remove the\nnow-redundant check in ax88172a.c.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 1, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71094", "https://git.kernel.org/linus/a1e077a3f76eea0dc671ed6792e7d543946227e8 (6.19-rc4)", "https://git.kernel.org/stable/c/38722e69ee64dbb020028c93898d25d6f4c0e0b2", "https://git.kernel.org/stable/c/98a12c2547a44a5f03f35c108d2022cc652cbc4d", "https://git.kernel.org/stable/c/a1e077a3f76eea0dc671ed6792e7d543946227e8", "https://git.kernel.org/stable/c/bf8a0f3b787ca7c5889bfca12c60c483041fbee3", "https://git.kernel.org/stable/c/f5f4f30f3811d37e1aa48667c36add74e5a8d99f", "https://git.kernel.org/stable/c/fc96018f09f8d30586ca6582c5045a84eafef146", "https://linux.oracle.com/cve/CVE-2025-71094.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026011343-CVE-2025-71094-087b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71094", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-71094" ], "PublishedDate": "2026-01-13T16:16:09.15Z", "LastModifiedDate": "2026-03-25T17:32:49.377Z" }, { "VulnerabilityID": "CVE-2025-71095", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71095", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1e7f27e71ede2a254109cc5c4d99eea5d953fcbddf03a04399fa1f861d94b334", "Title": "kernel: net: stmmac: fix the crash issue for zero copy XDP_TX action", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: fix the crash issue for zero copy XDP_TX action\n\nThere is a crash issue when running zero copy XDP_TX action, the crash\nlog is shown below.\n\n[ 216.122464] Unable to handle kernel paging request at virtual address fffeffff80000000\n[ 216.187524] Internal error: Oops: 0000000096000144 [#1] SMP\n[ 216.301694] Call trace:\n[ 216.304130] dcache_clean_poc+0x20/0x38 (P)\n[ 216.308308] __dma_sync_single_for_device+0x1bc/0x1e0\n[ 216.313351] stmmac_xdp_xmit_xdpf+0x354/0x400\n[ 216.317701] __stmmac_xdp_run_prog+0x164/0x368\n[ 216.322139] stmmac_napi_poll_rxtx+0xba8/0xf00\n[ 216.326576] __napi_poll+0x40/0x218\n[ 216.408054] Kernel panic - not syncing: Oops: Fatal exception in interrupt\n\nFor XDP_TX action, the xdp_buff is converted to xdp_frame by\nxdp_convert_buff_to_frame(). The memory type of the resulting xdp_frame\ndepends on the memory type of the xdp_buff. For page pool based xdp_buff\nit produces xdp_frame with memory type MEM_TYPE_PAGE_POOL. For zero copy\nXSK pool based xdp_buff it produces xdp_frame with memory type\nMEM_TYPE_PAGE_ORDER0. However, stmmac_xdp_xmit_back() does not check the\nmemory type and always uses the page pool type, this leads to invalid\nmappings and causes the crash. Therefore, check the xdp_buff memory type\nin stmmac_xdp_xmit_back() to fix this issue.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71095", "https://git.kernel.org/linus/a48e232210009be50591fdea8ba7c07b0f566a13 (6.19-rc4)", "https://git.kernel.org/stable/c/3f7823219407f2f18044c2b72366a48810c5c821", "https://git.kernel.org/stable/c/45ee0462b88396a0bd1df1991f801c89994ea72b", "https://git.kernel.org/stable/c/4d0ceb7677e1c4616afb96abb4518f70b65abb0d", "https://git.kernel.org/stable/c/5e5988736a95b1de7f91b10ac2575454b70e4897", "https://git.kernel.org/stable/c/a48e232210009be50591fdea8ba7c07b0f566a13", "https://linux.oracle.com/cve/CVE-2025-71095.html", "https://linux.oracle.com/errata/ELSA-2026-50112.html", "https://lore.kernel.org/linux-cve-announce/2026011343-CVE-2025-71095-6fad@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71095", "https://www.cve.org/CVERecord?id=CVE-2025-71095" ], "PublishedDate": "2026-01-13T16:16:09.347Z", "LastModifiedDate": "2026-03-25T17:28:09.533Z" }, { "VulnerabilityID": "CVE-2025-71096", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71096", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1e1aed91a4b824e4638ac12fed2be60ef32f9eb56bc18a64afdf14ede8f858ee", "Title": "kernel: RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly\n\nThe netlink response for RDMA_NL_LS_OP_IP_RESOLVE should always have a\nLS_NLA_TYPE_DGID attribute, it is invalid if it does not.\n\nUse the nl parsing logic properly and call nla_parse_deprecated() to fill\nthe nlattrs array and then directly index that array to get the data for\nthe DGID. Just fail if it is NULL.\n\nRemove the for loop searching for the nla, and squash the validation and\nparsing into one function.\n\nFixes an uninitialized read from the stack triggered by userspace if it\ndoes not provide the DGID to a kernel initiated RDMA_NL_LS_OP_IP_RESOLVE\nquery.\n\n BUG: KMSAN: uninit-value in hex_byte_pack include/linux/hex.h:13 [inline]\n BUG: KMSAN: uninit-value in ip6_string+0xef4/0x13a0 lib/vsprintf.c:1490\n hex_byte_pack include/linux/hex.h:13 [inline]\n ip6_string+0xef4/0x13a0 lib/vsprintf.c:1490\n ip6_addr_string+0x18a/0x3e0 lib/vsprintf.c:1509\n ip_addr_string+0x245/0xee0 lib/vsprintf.c:1633\n pointer+0xc09/0x1bd0 lib/vsprintf.c:2542\n vsnprintf+0xf8a/0x1bd0 lib/vsprintf.c:2930\n vprintk_store+0x3ae/0x1530 kernel/printk/printk.c:2279\n vprintk_emit+0x307/0xcd0 kernel/printk/printk.c:2426\n vprintk_default+0x3f/0x50 kernel/printk/printk.c:2465\n vprintk+0x36/0x50 kernel/printk/printk_safe.c:82\n _printk+0x17e/0x1b0 kernel/printk/printk.c:2475\n ib_nl_process_good_ip_rsep drivers/infiniband/core/addr.c:128 [inline]\n ib_nl_handle_ip_res_resp+0x963/0x9d0 drivers/infiniband/core/addr.c:141\n rdma_nl_rcv_msg drivers/infiniband/core/netlink.c:-1 [inline]\n rdma_nl_rcv_skb drivers/infiniband/core/netlink.c:239 [inline]\n rdma_nl_rcv+0xefa/0x11c0 drivers/infiniband/core/netlink.c:259\n netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]\n netlink_unicast+0xf04/0x12b0 net/netlink/af_netlink.c:1346\n netlink_sendmsg+0x10b3/0x1250 net/netlink/af_netlink.c:1896\n sock_sendmsg_nosec net/socket.c:714 [inline]\n __sock_sendmsg+0x333/0x3d0 net/socket.c:729\n ____sys_sendmsg+0x7e0/0xd80 net/socket.c:2617\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2671\n __sys_sendmsg+0x1aa/0x300 net/socket.c:2703\n __compat_sys_sendmsg net/compat.c:346 [inline]\n __do_compat_sys_sendmsg net/compat.c:353 [inline]\n __se_compat_sys_sendmsg net/compat.c:350 [inline]\n __ia32_compat_sys_sendmsg+0xa4/0x100 net/compat.c:350\n ia32_sys_call+0x3f6c/0x4310 arch/x86/include/generated/asm/syscalls_32.h:371\n do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline]\n __do_fast_syscall_32+0xb0/0x150 arch/x86/entry/syscall_32.c:306\n do_fast_syscall_32+0x38/0x80 arch/x86/entry/syscall_32.c:331\n do_SYSENTER_32+0x1f/0x30 arch/x86/entry/syscall_32.c:3", "Severity": "MEDIUM", "CweIDs": [ "CWE-908" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71096", "https://git.kernel.org/linus/a7b8e876e0ef0232b8076972c57ce9a7286b47ca (6.19-rc4)", "https://git.kernel.org/stable/c/0b948afc1ded88b3562c893114387f34389eeb94", "https://git.kernel.org/stable/c/376f46c8983458ead26cac83aa897a0b78491831", "https://git.kernel.org/stable/c/45532638de5da24c201aa2a9b3dd4b054064de7b", "https://git.kernel.org/stable/c/9d85524789c2f17c0e87de8d596bcccc3683a1fc", "https://git.kernel.org/stable/c/a7b8e876e0ef0232b8076972c57ce9a7286b47ca", "https://git.kernel.org/stable/c/acadd4097d25d6bd472bcb3f9f3eba2b5105d1ec", "https://git.kernel.org/stable/c/bfe10318fc23e0b3f1d0a18dad387d29473a624d", "https://linux.oracle.com/cve/CVE-2025-71096.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026011344-CVE-2025-71096-fb73@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71096", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-71096" ], "PublishedDate": "2026-01-13T16:16:09.47Z", "LastModifiedDate": "2026-03-25T16:59:19.683Z" }, { "VulnerabilityID": "CVE-2025-71097", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71097", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:713a83aeb2763453e1769fc5a37c424b53f057c05628b5bec3629ee490aa25df", "Title": "kernel: Linux kernel (IPv4): Denial of Service due to reference count leak in nexthop objects", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: Fix reference count leak when using error routes with nexthop objects\n\nWhen a nexthop object is deleted, it is marked as dead and then\nfib_table_flush() is called to flush all the routes that are using the\ndead nexthop.\n\nThe current logic in fib_table_flush() is to only flush error routes\n(e.g., blackhole) when it is called as part of network namespace\ndismantle (i.e., with flush_all=true). Therefore, error routes are not\nflushed when their nexthop object is deleted:\n\n # ip link add name dummy1 up type dummy\n # ip nexthop add id 1 dev dummy1\n # ip route add 198.51.100.1/32 nhid 1\n # ip route add blackhole 198.51.100.2/32 nhid 1\n # ip nexthop del id 1\n # ip route show\n blackhole 198.51.100.2 nhid 1 dev dummy1\n\nAs such, they keep holding a reference on the nexthop object which in\nturn holds a reference on the nexthop device, resulting in a reference\ncount leak:\n\n # ip link del dev dummy1\n [ 70.516258] unregister_netdevice: waiting for dummy1 to become free. Usage count = 2\n\nFix by flushing error routes when their nexthop is marked as dead.\n\nIPv6 does not suffer from this problem.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71097", "https://git.kernel.org/linus/ac782f4e3bfcde145b8a7f8af31d9422d94d172a (6.19-rc4)", "https://git.kernel.org/stable/c/30386e090c49e803c0616a7147e43409c32a2b0e", "https://git.kernel.org/stable/c/33ff5c207c873215e54e6176624ed57423cb7dea", "https://git.kernel.org/stable/c/5979338c83012110ccd45cae6517591770bfe536", "https://git.kernel.org/stable/c/5de7ad7e18356e39e8fbf7edd185a5faaf4f385a", "https://git.kernel.org/stable/c/ac782f4e3bfcde145b8a7f8af31d9422d94d172a", "https://git.kernel.org/stable/c/e3fc381320d04e4a74311e576a86cac49a16fc43", "https://git.kernel.org/stable/c/ee4183501ea556dca31f5ffd8690aa9fd25b609f", "https://linux.oracle.com/cve/CVE-2025-71097.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026011344-CVE-2025-71097-7cfc@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71097", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-71097" ], "PublishedDate": "2026-01-13T16:16:09.583Z", "LastModifiedDate": "2026-03-25T16:56:30.463Z" }, { "VulnerabilityID": "CVE-2025-71098", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71098", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a084d40ea50a8e514b862c43af034cb3fded56dcf79c3906e6b2536326cff2c7", "Title": "kernel: ip6_gre: make ip6gre_header() robust", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nip6_gre: make ip6gre_header() robust\n\nOver the years, syzbot found many ways to crash the kernel\nin ip6gre_header() [1].\n\nThis involves team or bonding drivers ability to dynamically\nchange their dev-\u003eneeded_headroom and/or dev-\u003ehard_header_len\n\nIn this particular crash mld_newpack() allocated an skb\nwith a too small reserve/headroom, and by the time mld_sendpack()\nwas called, syzbot managed to attach an ip6gre device.\n\n[1]\nskbuff: skb_under_panic: text:ffffffff8a1d69a8 len:136 put:40 head:ffff888059bc7000 data:ffff888059bc6fe8 tail:0x70 end:0x6c0 dev:team0\n------------[ cut here ]------------\n kernel BUG at net/core/skbuff.c:213 !\n \u003cTASK\u003e\n skb_under_panic net/core/skbuff.c:223 [inline]\n skb_push+0xc3/0xe0 net/core/skbuff.c:2641\n ip6gre_header+0xc8/0x790 net/ipv6/ip6_gre.c:1371\n dev_hard_header include/linux/netdevice.h:3436 [inline]\n neigh_connected_output+0x286/0x460 net/core/neighbour.c:1618\n neigh_output include/net/neighbour.h:556 [inline]\n ip6_finish_output2+0xfb3/0x1480 net/ipv6/ip6_output.c:136\n __ip6_finish_output net/ipv6/ip6_output.c:-1 [inline]\n ip6_finish_output+0x234/0x7d0 net/ipv6/ip6_output.c:220\n NF_HOOK_COND include/linux/netfilter.h:307 [inline]\n ip6_output+0x340/0x550 net/ipv6/ip6_output.c:247\n NF_HOOK+0x9e/0x380 include/linux/netfilter.h:318\n mld_sendpack+0x8d4/0xe60 net/ipv6/mcast.c:1855\n mld_send_cr net/ipv6/mcast.c:2154 [inline]\n mld_ifc_work+0x83e/0xd60 net/ipv6/mcast.c:2693", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 4, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71098", "https://git.kernel.org/linus/db5b4e39c4e63700c68a7e65fc4e1f1375273476 (6.19-rc4)", "https://git.kernel.org/stable/c/1717357007db150c2d703f13f5695460e960f26c", "https://git.kernel.org/stable/c/17e7386234f740f3e7d5e58a47b5847ea34c3bc2", "https://git.kernel.org/stable/c/41a1a3140aff295dee8063906f70a514548105e8", "https://git.kernel.org/stable/c/5fe210533e3459197eabfdbf97327dacbdc04d60", "https://git.kernel.org/stable/c/91a2b25be07ce1a7549ceebbe82017551d2eec92", "https://git.kernel.org/stable/c/adee129db814474f2f81207bd182bf343832a52e", "https://git.kernel.org/stable/c/db5b4e39c4e63700c68a7e65fc4e1f1375273476", "https://linux.oracle.com/cve/CVE-2025-71098.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026011344-CVE-2025-71098-ef6d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71098", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-71098" ], "PublishedDate": "2026-01-13T16:16:09.703Z", "LastModifiedDate": "2026-03-25T16:56:02.323Z" }, { "VulnerabilityID": "CVE-2025-71102", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71102", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3c1eaed50e03e051ff266012373e9ad47c151ebd4163a574c3f5634b183d8ee7", "Title": "kernel: scs: fix a wrong parameter in __scs_magic", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscs: fix a wrong parameter in __scs_magic\n\n__scs_magic() needs a 'void *' variable, but a 'struct task_struct *' is\ngiven. 'task_scs(tsk)' is the starting address of the task's shadow call\nstack, and '__scs_magic(task_scs(tsk))' is the end address of the task's\nshadow call stack. Here should be '__scs_magic(task_scs(tsk))'.\n\nThe user-visible effect of this bug is that when CONFIG_DEBUG_STACK_USAGE\nis enabled, the shadow call stack usage checking function\n(scs_check_usage) would scan an incorrect memory range. This could lead\n\n1. **Inaccurate stack usage reporting**: The function would calculate\n wrong usage statistics for the shadow call stack, potentially showing\n incorrect value in kmsg.\n\n2. **Potential kernel crash**: If the value of __scs_magic(tsk)is\n greater than that of __scs_magic(task_scs(tsk)), the for loop may\n access unmapped memory, potentially causing a kernel panic. However,\n this scenario is unlikely because task_struct is allocated via the slab\n allocator (which typically returns lower addresses), while the shadow\n call stack returned by task_scs(tsk) is allocated via vmalloc(which\n typically returns higher addresses).\n\nHowever, since this is purely a debugging feature\n(CONFIG_DEBUG_STACK_USAGE), normal production systems should be not\nunaffected. The bug only impacts developers and testers who are actively\ndebugging stack usage with this configuration enabled.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "photon": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71102", "https://git.kernel.org/stable/c/062774439d442882b44f5eab8c256ad3423ef284", "https://git.kernel.org/stable/c/08bd4c46d5e63b78e77f2605283874bbe868ab19", "https://git.kernel.org/stable/c/1727e8bd69103a68963a5613a0ddb6d8d37df5d3", "https://git.kernel.org/stable/c/57ba40b001be27786d0570dd292289df748b306b", "https://git.kernel.org/stable/c/9ef28943471a16e4f9646bc3e8e2de148e7d8d7b", "https://git.kernel.org/stable/c/a19fb3611e4c06624fc0f83ef19f4fb8d57d4751", "https://git.kernel.org/stable/c/cfdf6250b63b953b1d8e60814c8ca96c6f9d1c8c", "https://lore.kernel.org/linux-cve-announce/2026011407-CVE-2025-71102-f4be@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71102", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-71102" ], "PublishedDate": "2026-01-14T15:15:59.21Z", "LastModifiedDate": "2026-03-25T18:56:00.797Z" }, { "VulnerabilityID": "CVE-2025-71104", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71104", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0a2a104f7f4de78b5e8dcf1e580c094611bd8615a7c7226cc2d612462a7eabaf", "Title": "kernel: Linux kernel KVM: Host system hard lockup due to periodic HV timer mishandling after VM inactivity", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer\n\nWhen advancing the target expiration for the guest's APIC timer in periodic\nmode, set the expiration to \"now\" if the target expiration is in the past\n(similar to what is done in update_target_expiration()). Blindly adding\nthe period to the previous target expiration can result in KVM generating\na practically unbounded number of hrtimer IRQs due to programming an\nexpired timer over and over. In extreme scenarios, e.g. if userspace\npauses/suspends a VM for an extended duration, this can even cause hard\nlockups in the host.\n\nCurrently, the bug only affects Intel CPUs when using the hypervisor timer\n(HV timer), a.k.a. the VMX preemption timer. Unlike the software timer,\na.k.a. hrtimer, which KVM keeps running even on exits to userspace, the\nHV timer only runs while the guest is active. As a result, if the vCPU\ndoes not run for an extended duration, there will be a huge gap between\nthe target expiration and the current time the vCPU resumes running.\nBecause the target expiration is incremented by only one period on each\ntimer expiration, this leads to a series of timer expirations occurring\nrapidly after the vCPU/VM resumes.\n\nMore critically, when the vCPU first triggers a periodic HV timer\nexpiration after resuming, advancing the expiration by only one period\nwill result in a target expiration in the past. As a result, the delta\nmay be calculated as a negative value. When the delta is converted into\nan absolute value (tscdeadline is an unsigned u64), the resulting value\ncan overflow what the HV timer is capable of programming. I.e. the large\nvalue will exceed the VMX Preemption Timer's maximum bit width of\ncpu_preemption_timer_multi + 32, and thus cause KVM to switch from the\nHV timer to the software timer (hrtimers).\n\nAfter switching to the software timer, periodic timer expiration callbacks\nmay be executed consecutively within a single clock interrupt handler,\nbecause hrtimers honors KVM's request for an expiration in the past and\nimmediately re-invokes KVM's callback after reprogramming. And because\nthe interrupt handler runs with IRQs disabled, restarting KVM's hrtimer\nover and over until the target expiration is advanced to \"now\" can result\nin a hard lockup.\n\nE.g. the following hard lockup was triggered in the host when running a\nWindows VM (only relevant because it used the APIC timer in periodic mode)\nafter resuming the VM from a long suspend (in the host).\n\n NMI watchdog: Watchdog detected hard LOCKUP on cpu 45\n ...\n RIP: 0010:advance_periodic_target_expiration+0x4d/0x80 [kvm]\n ...\n RSP: 0018:ff4f88f5d98d8ef0 EFLAGS: 00000046\n RAX: fff0103f91be678e RBX: fff0103f91be678e RCX: 00843a7d9e127bcc\n RDX: 0000000000000002 RSI: 0052ca4003697505 RDI: ff440d5bfbdbd500\n RBP: ff440d5956f99200 R08: ff2ff2a42deb6a84 R09: 000000000002a6c0\n R10: 0122d794016332b3 R11: 0000000000000000 R12: ff440db1af39cfc0\n R13: ff440db1af39cfc0 R14: ffffffffc0d4a560 R15: ff440db1af39d0f8\n FS: 00007f04a6ffd700(0000) GS:ff440db1af380000(0000) knlGS:000000e38a3b8000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000d5651feff8 CR3: 000000684e038002 CR4: 0000000000773ee0\n PKRU: 55555554\n Call Trace:\n \u003cIRQ\u003e\n apic_timer_fn+0x31/0x50 [kvm]\n __hrtimer_run_queues+0x100/0x280\n hrtimer_interrupt+0x100/0x210\n ? ttwu_do_wakeup+0x19/0x160\n smp_apic_timer_interrupt+0x6a/0x130\n apic_timer_interrupt+0xf/0x20\n \u003c/IRQ\u003e\n\nMoreover, if the suspend duration of the virtual machine is not long enough\nto trigger a hard lockup in this scenario, since commit 98c25ead5eda\n(\"KVM: VMX: Move preemption timer \u003c=\u003e hrtimer dance to common x86\"), KVM\nwill continue using the software timer until the guest reprograms the APIC\ntimer in some way. Since the periodic timer does not require frequent APIC\ntimer register programming, the guest may continue to use the software\ntimer in \n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71104", "https://git.kernel.org/stable/c/18ab3fc8e880791aa9f7c000261320fc812b5465", "https://git.kernel.org/stable/c/786ed625c125c5cd180d6aaa37e653e3e4ffb8d9", "https://git.kernel.org/stable/c/7b54ccef865e0aa62e4871d4ada2ba4b9dcb8bed", "https://git.kernel.org/stable/c/807dbe8f3862fa7c164155857550ce94b36a11b9", "https://git.kernel.org/stable/c/d2da0df7bbc4fb4fd7d0a1da704f81a09c72fe73", "https://git.kernel.org/stable/c/e23f46f1a971c73dad2fd63e1408696114ddebe2", "https://git.kernel.org/stable/c/e746e51947053a02af2ea964593dc4887108d379", "https://linux.oracle.com/cve/CVE-2025-71104.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026011410-CVE-2025-71104-6882@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71104", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-71104" ], "PublishedDate": "2026-01-14T15:15:59.423Z", "LastModifiedDate": "2026-03-25T18:55:32.87Z" }, { "VulnerabilityID": "CVE-2025-71105", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71105", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:bc3fcc7d9e8dd5a9835970304812e6dea8fcb7985ad4d5d86ac083674c224e7f", "Title": "kernel: f2fs: use global inline_xattr_slab instead of per-sb slab cache", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: use global inline_xattr_slab instead of per-sb slab cache\n\nAs Hong Yun reported in mailing list:\n\nloop7: detected capacity change from 0 to 131072\n------------[ cut here ]------------\nkmem_cache of name 'f2fs_xattr_entry-7:7' already exists\nWARNING: CPU: 0 PID: 24426 at mm/slab_common.c:110 kmem_cache_sanity_check mm/slab_common.c:109 [inline]\nWARNING: CPU: 0 PID: 24426 at mm/slab_common.c:110 __kmem_cache_create_args+0xa6/0x320 mm/slab_common.c:307\nCPU: 0 UID: 0 PID: 24426 Comm: syz.7.1370 Not tainted 6.17.0-rc4 #1 PREEMPT(full)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\nRIP: 0010:kmem_cache_sanity_check mm/slab_common.c:109 [inline]\nRIP: 0010:__kmem_cache_create_args+0xa6/0x320 mm/slab_common.c:307\nCall Trace:\n __kmem_cache_create include/linux/slab.h:353 [inline]\n f2fs_kmem_cache_create fs/f2fs/f2fs.h:2943 [inline]\n f2fs_init_xattr_caches+0xa5/0xe0 fs/f2fs/xattr.c:843\n f2fs_fill_super+0x1645/0x2620 fs/f2fs/super.c:4918\n get_tree_bdev_flags+0x1fb/0x260 fs/super.c:1692\n vfs_get_tree+0x43/0x140 fs/super.c:1815\n do_new_mount+0x201/0x550 fs/namespace.c:3808\n do_mount fs/namespace.c:4136 [inline]\n __do_sys_mount fs/namespace.c:4347 [inline]\n __se_sys_mount+0x298/0x2f0 fs/namespace.c:4324\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0x8e/0x3a0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe bug can be reproduced w/ below scripts:\n- mount /dev/vdb /mnt1\n- mount /dev/vdc /mnt2\n- umount /mnt1\n- mounnt /dev/vdb /mnt1\n\nThe reason is if we created two slab caches, named f2fs_xattr_entry-7:3\nand f2fs_xattr_entry-7:7, and they have the same slab size. Actually,\nslab system will only create one slab cache core structure which has\nslab name of \"f2fs_xattr_entry-7:3\", and two slab caches share the same\nstructure and cache address.\n\nSo, if we destroy f2fs_xattr_entry-7:3 cache w/ cache address, it will\ndecrease reference count of slab cache, rather than release slab cache\nentirely, since there is one more user has referenced the cache.\n\nThen, if we try to create slab cache w/ name \"f2fs_xattr_entry-7:3\" again,\nslab system will find that there is existed cache which has the same name\nand trigger the warning.\n\nLet's changes to use global inline_xattr_slab instead of per-sb slab cache\nfor fixing.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "photon": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71105", "https://git.kernel.org/stable/c/1eb0b130196bcbc56c5c80c83139fa70c0aa82c5", "https://git.kernel.org/stable/c/1f27ef42bb0b7c0740c5616ec577ec188b8a1d05", "https://git.kernel.org/stable/c/474cc3ed37436ddfd63cac8dbffe3b1e219e9100", "https://git.kernel.org/stable/c/72ce19dfed162da6e430467333b2da70471d08a4", "https://git.kernel.org/stable/c/93d30fe19660dec6bf1bd3d5c186c1c737b21aa5", "https://git.kernel.org/stable/c/be4c3a3c6c2304a8fcd14095d18d26f0cc4e222a", "https://git.kernel.org/stable/c/e6d828eae00ec192e18c2ddaa2fd32050a96048a", "https://lore.kernel.org/linux-cve-announce/2026011410-CVE-2025-71105-2fbe@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71105", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-71105" ], "PublishedDate": "2026-01-14T15:15:59.533Z", "LastModifiedDate": "2026-03-25T18:55:20.767Z" }, { "VulnerabilityID": "CVE-2025-71107", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71107", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2dcf02fb729b2d581ef878e29a104bfe3f2ae1e2b196993a93a42f6b9d298f4c", "Title": "kernel: f2fs: ensure node page reads complete before f2fs_put_super() finishes", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: ensure node page reads complete before f2fs_put_super() finishes\n\nXfstests generic/335, generic/336 sometimes crash with the following message:\n\nF2FS-fs (dm-0): detect filesystem reference count leak during umount, type: 9, count: 1\n------------[ cut here ]------------\nkernel BUG at fs/f2fs/super.c:1939!\nOops: invalid opcode: 0000 [#1] SMP NOPTI\nCPU: 1 UID: 0 PID: 609351 Comm: umount Tainted: G W 6.17.0-rc5-xfstests-g9dd1835ecda5 #1 PREEMPT(none)\nTainted: [W]=WARN\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nRIP: 0010:f2fs_put_super+0x3b3/0x3c0\nCall Trace:\n \u003cTASK\u003e\n generic_shutdown_super+0x7e/0x190\n kill_block_super+0x1a/0x40\n kill_f2fs_super+0x9d/0x190\n deactivate_locked_super+0x30/0xb0\n cleanup_mnt+0xba/0x150\n task_work_run+0x5c/0xa0\n exit_to_user_mode_loop+0xb7/0xc0\n do_syscall_64+0x1ae/0x1c0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n \u003c/TASK\u003e\n---[ end trace 0000000000000000 ]---\n\nIt appears that sometimes it is possible that f2fs_put_super() is called before\nall node page reads are completed.\nAdding a call to f2fs_wait_on_all_pages() for F2FS_RD_NODE fixes the problem.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71107", "https://git.kernel.org/stable/c/0b36fae23621a09e772c8adf918b9011158f8511", "https://git.kernel.org/stable/c/297baa4aa263ff8f5b3d246ee16a660d76aa82c4", "https://git.kernel.org/stable/c/3b15d5f12935e9e25f9a571e680716bc9ee61025", "https://git.kernel.org/stable/c/c3031cf2b61f1508662fc95ef9ad505cb0882a5f", "https://lore.kernel.org/linux-cve-announce/2026011411-CVE-2025-71107-01b5@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71107", "https://www.cve.org/CVERecord?id=CVE-2025-71107" ], "PublishedDate": "2026-01-14T15:15:59.763Z", "LastModifiedDate": "2026-03-25T19:33:06.88Z" }, { "VulnerabilityID": "CVE-2025-71108", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71108", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4174d60966c5b285250b3d0a0438ae24712cfb187371e25854bdf7916d309993", "Title": "kernel: usb: typec: ucsi: Handle incorrect num_connectors capability", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: Handle incorrect num_connectors capability\n\nThe UCSI spec states that the num_connectors field is 7 bits, and the\n8th bit is reserved and should be set to zero.\nSome buggy FW has been known to set this bit, and it can lead to a\nsystem not booting.\nFlag that the FW is not behaving correctly, and auto-fix the value\nso that the system boots correctly.\n\nFound on Lenovo P1 G8 during Linux enablement program. The FW will\nbe fixed, but seemed worth addressing in case it hit platforms that\naren't officially Linux supported.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71108", "https://git.kernel.org/stable/c/07c8d2a109d847775b3b4e2c3294c8e1eea75432", "https://git.kernel.org/stable/c/132fe187e0d940f388f839fe2cde9b84106ad20d", "https://git.kernel.org/stable/c/3042a57a8e8bce4a3100c3f6f03dc372aab24943", "https://git.kernel.org/stable/c/30cd2cb1abf4c4acdb1ddb468c946f68939819fb", "https://git.kernel.org/stable/c/58941bbb0050e365a98c64f1fc4a9a0ac127dba6", "https://git.kernel.org/stable/c/914605b0de8128434eafc9582445306830748b93", "https://git.kernel.org/stable/c/f72f97d0aee4a993a35f2496bca5efd24827235d", "https://linux.oracle.com/cve/CVE-2025-71108.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026011411-CVE-2025-71108-2969@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71108", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-71108" ], "PublishedDate": "2026-01-14T15:15:59.867Z", "LastModifiedDate": "2026-03-25T19:32:29.92Z" }, { "VulnerabilityID": "CVE-2025-71109", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71109", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:326935d22ff7ed41731d33c1d0e1f1cd5655cff521a1f258286f016347c8d137", "Title": "kernel: MIPS: ftrace: Fix memory corruption when kernel is located beyond 32 bits", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nMIPS: ftrace: Fix memory corruption when kernel is located beyond 32 bits\n\nSince commit e424054000878 (\"MIPS: Tracing: Reduce the overhead of\ndynamic Function Tracer\"), the macro UASM_i_LA_mostly has been used,\nand this macro can generate more than 2 instructions. At the same\ntime, the code in ftrace assumes that no more than 2 instructions can\nbe generated, which is why it stores them in an int[2] array. However,\nas previously noted, the macro UASM_i_LA_mostly (and now UASM_i_LA)\ncauses a buffer overflow when _mcount is beyond 32 bits. This leads to\ncorruption of the variables located in the __read_mostly section.\n\nThis corruption was observed because the variable\n__cpu_primary_thread_mask was corrupted, causing a hang very early\nduring boot.\n\nThis fix prevents the corruption by avoiding the generation of\ninstructions if they could exceed 2 instructions in\nlength. Fortunately, insn_la_mcount is only used if the instrumented\ncode is located outside the kernel code section, so dynamic ftrace can\nstill be used, albeit in a more limited scope. This is still\npreferable to corrupting memory and/or crashing the kernel.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71109", "https://git.kernel.org/stable/c/36dac9a3dda1f2bae343191bc16b910c603cac25", "https://git.kernel.org/stable/c/7f39b9d0e86ed6236b9a5fb67616ab1f76c4f150", "https://git.kernel.org/stable/c/e3e33ac2eb69d595079a1a1e444c2fb98efdd42d", "https://lore.kernel.org/linux-cve-announce/2026011412-CVE-2025-71109-f2d9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71109", "https://www.cve.org/CVERecord?id=CVE-2025-71109" ], "PublishedDate": "2026-01-14T15:15:59.973Z", "LastModifiedDate": "2026-03-25T19:32:01.65Z" }, { "VulnerabilityID": "CVE-2025-71111", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71111", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0f1c3676a8bbb4cd3253ef4a1967ca430f89dcb0f8ec8698d710d885de125140", "Title": "kernel: hwmon: (w83791d) Convert macros to functions to avoid TOCTOU", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (w83791d) Convert macros to functions to avoid TOCTOU\n\nThe macro FAN_FROM_REG evaluates its arguments multiple times. When used\nin lockless contexts involving shared driver data, this leads to\nTime-of-Check to Time-of-Use (TOCTOU) race conditions, potentially\ncausing divide-by-zero errors.\n\nConvert the macro to a static function. This guarantees that arguments\nare evaluated only once (pass-by-value), preventing the race\nconditions.\n\nAdditionally, in store_fan_div, move the calculation of the minimum\nlimit inside the update lock. This ensures that the read-modify-write\nsequence operates on consistent data.\n\nAdhere to the principle of minimal changes by only converting macros\nthat evaluate arguments multiple times and are used in lockless\ncontexts.", "Severity": "MEDIUM", "CweIDs": [ "CWE-367" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "photon": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71111", "https://git.kernel.org/stable/c/3dceb68f6ad33156032ef4da21a93d84059cca6d", "https://git.kernel.org/stable/c/670d7ef945d3a84683594429aea6ab2cdfa5ceb4", "https://git.kernel.org/stable/c/a9fb6e8835a22f5796c1182ed612daed3fd273af", "https://git.kernel.org/stable/c/bf5b03227f2e6d4360004886d268f9df8993ef8f", "https://git.kernel.org/stable/c/c8cf0c2bdcccc6634b6915ff793b844e12436680", "https://git.kernel.org/stable/c/f2b579a0c37c0df19603d719894a942a295f634a", "https://git.kernel.org/stable/c/f94800fbc26ccf7c81eb791707b038a57aa39a18", "https://linux.oracle.com/cve/CVE-2025-71111.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026011412-CVE-2025-71111-1547@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71111", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-71111" ], "PublishedDate": "2026-01-14T15:16:00.193Z", "LastModifiedDate": "2026-03-25T19:27:20.137Z" }, { "VulnerabilityID": "CVE-2025-71112", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71112", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:fea761e92139bf2cf07cbccfd21b3ef9550e69889e87bc78adbc628537a9e868", "Title": "kernel: net: hns3: add VLAN id validation before using", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: add VLAN id validation before using\n\nCurrently, the VLAN id may be used without validation when\nreceive a VLAN configuration mailbox from VF. The length of\nvlan_del_fail_bmap is BITS_TO_LONGS(VLAN_N_VID). It may cause\nout-of-bounds memory access once the VLAN id is bigger than\nor equal to VLAN_N_VID.\n\nTherefore, VLAN id needs to be checked to ensure it is within\nthe range of VLAN_N_VID.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "nvd": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71112", "https://git.kernel.org/stable/c/00e56a7706e10b3d00a258d81fcb85a7e96372d6", "https://git.kernel.org/stable/c/42c91dfa772c57de141e5a55a187ac760c0fd7e1", "https://git.kernel.org/stable/c/46c7d9fe8dd869ea5de666aba8c1ec1061ca44a8", "https://git.kernel.org/stable/c/6ef935e65902bfed53980ad2754b06a284ea8ac1", "https://git.kernel.org/stable/c/91a51d01be5c9f82c12c2921ca5cceaa31b67128", "https://git.kernel.org/stable/c/95cca255a7a5ad782639ff0298c2a486707d1046", "https://git.kernel.org/stable/c/b7b4f3bf118f51b67691a55b464f04452e5dc6fc", "https://lore.kernel.org/linux-cve-announce/2026011413-CVE-2025-71112-ca37@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71112", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-71112" ], "PublishedDate": "2026-01-14T15:16:00.313Z", "LastModifiedDate": "2026-03-25T19:59:29.587Z" }, { "VulnerabilityID": "CVE-2025-71113", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71113", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:bf78f095d33b958f93e7235433ca4c2e31cb9a6f43c5a48e59b57eee1aded73e", "Title": "kernel: crypto: af_alg - zero initialize memory allocated via sock_kmalloc", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - zero initialize memory allocated via sock_kmalloc\n\nSeveral crypto user API contexts and requests allocated with\nsock_kmalloc() were left uninitialized, relying on callers to\nset fields explicitly. This resulted in the use of uninitialized\ndata in certain error paths or when new fields are added in the\nfuture.\n\nThe ACVP patches also contain two user-space interface files:\nalgif_kpp.c and algif_akcipher.c. These too rely on proper\ninitialization of their context structures.\n\nA particular issue has been observed with the newly added\n'inflight' variable introduced in af_alg_ctx by commit:\n\n 67b164a871af (\"crypto: af_alg - Disallow multiple in-flight AIO requests\")\n\nBecause the context is not memset to zero after allocation,\nthe inflight variable has contained garbage values. As a result,\naf_alg_alloc_areq() has incorrectly returned -EBUSY randomly when\nthe garbage value was interpreted as true:\n\n https://github.com/gregkh/linux/blame/master/crypto/af_alg.c#L1209\n\nThe check directly tests ctx-\u003einflight without explicitly\ncomparing against true/false. Since inflight is only ever set to\ntrue or false later, an uninitialized value has triggered\n-EBUSY failures. Zero-initializing memory allocated with\nsock_kmalloc() ensures inflight and other fields start in a known\nstate, removing random issues caused by uninitialized data.", "Severity": "MEDIUM", "CweIDs": [ "CWE-908" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71113", "https://git.kernel.org/stable/c/51a5ab36084f3251ef87eda3e6a6236f6488925e", "https://git.kernel.org/stable/c/543bf004e4eafbb302b1e6c78570d425d2ca13a0", "https://git.kernel.org/stable/c/5a4b65523608974a81edbe386f8a667a3e10c726", "https://git.kernel.org/stable/c/6f6e309328d53a10c0fe1f77dec2db73373179b6", "https://git.kernel.org/stable/c/84238876e3b3b262cf62d5f4d1338e983fb27010", "https://git.kernel.org/stable/c/e125c8e346e4eb7b3e854c862fcb4392bc13ddba", "https://git.kernel.org/stable/c/f81244fd6b14fecfa93b66b6bb1d59f96554e550", "https://linux.oracle.com/cve/CVE-2025-71113.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026011413-CVE-2025-71113-a5ec@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71113", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-71113" ], "PublishedDate": "2026-01-14T15:16:00.433Z", "LastModifiedDate": "2026-03-25T19:58:42.463Z" }, { "VulnerabilityID": "CVE-2025-71114", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71114", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d7c838e4b5358867b1fc410416a81da8e0093e67b55239c2d9a21ac66a2b568d", "Title": "kernel: via_wdt: fix critical boot hang due to unnamed resource allocation", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nvia_wdt: fix critical boot hang due to unnamed resource allocation\n\nThe VIA watchdog driver uses allocate_resource() to reserve a MMIO\nregion for the watchdog control register. However, the allocated\nresource was not given a name, which causes the kernel resource tree\nto contain an entry marked as \"\u003cBAD\u003e\" under /proc/iomem on x86\nplatforms.\n\nDuring boot, this unnamed resource can lead to a critical hang because\nsubsequent resource lookups and conflict checks fail to handle the\ninvalid entry properly.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71114", "https://git.kernel.org/stable/c/1d56025a3af50db0f3da2792f41eb9943eee5324", "https://git.kernel.org/stable/c/47c910965c936724070d2a8094a4c3ed8f452856", "https://git.kernel.org/stable/c/7aa31ee9ec92915926e74731378c009c9cc04928", "https://git.kernel.org/stable/c/c6a2dd4f2e4e6cbdfe7a1618160281af897b75db", "https://git.kernel.org/stable/c/c7b986adc9e9336066350542ac5a2005d305ae78", "https://git.kernel.org/stable/c/d2c7c90aca7b37f60f16b2bedcfeb16204f2f35d", "https://git.kernel.org/stable/c/f7b6370d0fbee06a867037d675797a606cb62e57", "https://linux.oracle.com/cve/CVE-2025-71114.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026011413-CVE-2025-71114-2866@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71114", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-71114" ], "PublishedDate": "2026-01-14T15:16:01.063Z", "LastModifiedDate": "2026-03-25T19:00:59.403Z" }, { "VulnerabilityID": "CVE-2025-71115", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71115", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:bb32aa7ecb622135f7ee9c327609a93aab9e6a94ed46eb75289ca6b530cec751", "Title": "kernel: um: init cpu_tasks[] earlier", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\num: init cpu_tasks[] earlier\n\nThis is currently done in uml_finishsetup(), but e.g. with\nKCOV enabled we'll crash because some init code can call\ninto e.g. memparse(), which has coverage annotations, and\nthen the checks in check_kcov_mode() crash because current\nis NULL.\n\nSimply initialize the cpu_tasks[] array statically, which\nfixes the crash. For the later SMP work, it seems to have\nnot really caused any problems yet, but initialize all of\nthe entries anyway.", "Severity": "MEDIUM", "CweIDs": [ "CWE-908" ], "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71115", "https://git.kernel.org/stable/c/7b5d4416964c07c902163822a30a622111172b01", "https://git.kernel.org/stable/c/dbbf6d47130674640cd12a0781a0fb2a575d0e44", "https://lore.kernel.org/linux-cve-announce/2026011414-CVE-2025-71115-7c28@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71115", "https://www.cve.org/CVERecord?id=CVE-2025-71115" ], "PublishedDate": "2026-01-14T15:16:01.177Z", "LastModifiedDate": "2026-03-25T19:00:38.887Z" }, { "VulnerabilityID": "CVE-2025-71116", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71116", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a6670bf029f82f8c154d40dbfe1db9ef0c6a1aa874987e9f1c10145d94a851dc", "Title": "kernel: libceph: make decode_pool() more resilient against corrupted osdmaps", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: make decode_pool() more resilient against corrupted osdmaps\n\nIf the osdmap is (maliciously) corrupted such that the encoded length\nof ceph_pg_pool envelope is less than what is expected for a particular\nencoding version, out-of-bounds reads may ensue because the only bounds\ncheck that is there is based on that length value.\n\nThis patch adds explicit bounds checks for each field that is decoded\nor skipped.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71116", "https://git.kernel.org/stable/c/145d140abda80e33331c5781d6603014fa75d258", "https://git.kernel.org/stable/c/2acb8517429ab42146c6c0ac1daed1f03d2fd125", "https://git.kernel.org/stable/c/5d0d8c292531fe356c4e94dcfdf7d7212aca9957", "https://git.kernel.org/stable/c/8c738512714e8c0aa18f8a10c072d5b01c83db39", "https://git.kernel.org/stable/c/c82e39ff67353a5a6cbc07b786b8690bd2c45aaa", "https://git.kernel.org/stable/c/d061be4c8040ffb1110d537654a038b8b6ad39d2", "https://git.kernel.org/stable/c/e927ab132b87ba3f076705fc2684d94b24201ed1", "https://linux.oracle.com/cve/CVE-2025-71116.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026011414-CVE-2025-71116-e57d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71116", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-71116" ], "PublishedDate": "2026-01-14T15:16:01.277Z", "LastModifiedDate": "2026-03-25T18:59:53.973Z" }, { "VulnerabilityID": "CVE-2025-71118", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71118", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:842062649fe3cab04ac176415e4e49d7d2f97a0c2c307e0d400f8d778be87bf4", "Title": "kernel: ACPICA: Avoid walking the Namespace if start_node is NULL", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: Avoid walking the Namespace if start_node is NULL\n\nAlthough commit 0c9992315e73 (\"ACPICA: Avoid walking the ACPI Namespace\nif it is not there\") fixed the situation when both start_node and\nacpi_gbl_root_node are NULL, the Linux kernel mainline now still crashed\non Honor Magicbook 14 Pro [1].\n\nThat happens due to the access to the member of parent_node in\nacpi_ns_get_next_node(). The NULL pointer dereference will always\nhappen, no matter whether or not the start_node is equal to\nACPI_ROOT_OBJECT, so move the check of start_node being NULL\nout of the if block.\n\nUnfortunately, all the attempts to contact Honor have failed, they\nrefused to provide any technical support for Linux.\n\nThe bad DSDT table's dump could be found on GitHub [2].\n\nDMI: HONOR FMB-P/FMB-P-PCB, BIOS 1.13 05/08/2025\n\n[ rjw: Subject adjustment, changelog edits ]", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71118", "https://git.kernel.org/stable/c/0d8bb08126920fd4b12dbf32d9250757c9064b36", "https://git.kernel.org/stable/c/1bc34293dfbd266c29875206849b4f8e8177e6df", "https://git.kernel.org/stable/c/7f9b951ed11842373851dd3c91860778356d62d3", "https://git.kernel.org/stable/c/9d6c58dae8f6590c746ac5d0012ffe14a77539f0", "https://git.kernel.org/stable/c/b84edef48cc8afb41150949a87dcfa81bc95b53e", "https://git.kernel.org/stable/c/ecb296286c8787895625bd4c53e9478db4ae139c", "https://git.kernel.org/stable/c/f91dad0a3b381244183ffbea4cec5a7a69d6f41e", "https://linux.oracle.com/cve/CVE-2025-71118.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026011415-CVE-2025-71118-1a69@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71118", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-71118" ], "PublishedDate": "2026-01-14T15:16:01.483Z", "LastModifiedDate": "2026-03-25T18:55:17.037Z" }, { "VulnerabilityID": "CVE-2025-71120", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71120", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:dc5df4e1663865ee387cf03d6d84c2906514151e3940617a962a6add6345a935", "Title": "kernel: Linux kernel: Denial of Service in SUNRPC via zero-length gss_token", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf\n\nA zero length gss_token results in pages == 0 and in_token-\u003epages[0]\nis NULL. The code unconditionally evaluates\npage_address(in_token-\u003epages[0]) for the initial memcpy, which can\ndereference NULL even when the copy length is 0. Guard the first\nmemcpy so it only runs when length \u003e 0.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71120", "https://git.kernel.org/stable/c/1c8bb965e9b0559ff0f5690615a527c30f651dd8", "https://git.kernel.org/stable/c/4dedb6a11243a5c9eb9dbb97bca3c98bd725e83d", "https://git.kernel.org/stable/c/7452d53f293379e2c38cfa8ad0694aa46fc4788b", "https://git.kernel.org/stable/c/a2c6f25ab98b423f99ccd94874d655b8bcb01a19", "https://git.kernel.org/stable/c/a8f1e445ce3545c90d69c9e8ff8f7821825fe810", "https://git.kernel.org/stable/c/d4b69a6186b215d2dc1ebcab965ed88e8d41768d", "https://git.kernel.org/stable/c/f9e53f69ac3bc4ef568b08d3542edac02e83fefd", "https://linux.oracle.com/cve/CVE-2025-71120.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026011415-CVE-2025-71120-d0a6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71120", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-71120" ], "PublishedDate": "2026-01-14T15:16:01.69Z", "LastModifiedDate": "2026-03-25T18:45:33.077Z" }, { "VulnerabilityID": "CVE-2025-71121", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71121", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2a4e552fa0f4f31597071ccec20fd82a4cbdfd000460ea90f7b1ce3e93b6e666", "Title": "kernel: parisc: Do not reprogram affinitiy on ASP chip", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nparisc: Do not reprogram affinitiy on ASP chip\n\nThe ASP chip is a very old variant of the GSP chip and is used e.g. in\nHP 730 workstations. When trying to reprogram the affinity it will crash\nwith a HPMC as the relevant registers don't seem to be at the usual\nlocation. Let's avoid the crash by checking the sversion. Also note,\nthat reprogramming isn't necessary either, as the HP730 is a just a\nsingle-CPU machine.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "photon": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71121", "https://git.kernel.org/stable/c/4d0858bbeea12a50bfb32137f74d4b74917ebadd", "https://git.kernel.org/stable/c/60560d13ff368415c96a0c1247bea16d427c0641", "https://git.kernel.org/stable/c/7a146f34e5be96330467397c9fd9d3d851b2cbbe", "https://git.kernel.org/stable/c/845a92b74cf7a730200532ecb4482981cec9d006", "https://git.kernel.org/stable/c/c8f810e20f4bbe50b49f73429d9fa6efad00623e", "https://git.kernel.org/stable/c/dca7da244349eef4d78527cafc0bf80816b261f5", "https://git.kernel.org/stable/c/e09fd2eb6d4c993ee9eaae556cb51e30ec1042df", "https://lore.kernel.org/linux-cve-announce/2026011416-CVE-2025-71121-bf23@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71121", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-71121" ], "PublishedDate": "2026-01-14T15:16:01.8Z", "LastModifiedDate": "2026-03-25T18:37:36.883Z" }, { "VulnerabilityID": "CVE-2025-71125", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71125", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:26408258442a9cbbc0a17f93aaa6684ea6fba0a5cb40de1024e3c9a742567bfd", "Title": "kernel: tracing: Do not register unsupported perf events", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Do not register unsupported perf events\n\nSynthetic events currently do not have a function to register perf events.\nThis leads to calling the tracepoint register functions with a NULL\nfunction pointer which triggers:\n\n ------------[ cut here ]------------\n WARNING: kernel/tracepoint.c:175 at tracepoint_add_func+0x357/0x370, CPU#2: perf/2272\n Modules linked in: kvm_intel kvm irqbypass\n CPU: 2 UID: 0 PID: 2272 Comm: perf Not tainted 6.18.0-ftest-11964-ge022764176fc-dirty #323 PREEMPTLAZY\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.17.0-debian-1.17.0-1 04/01/2014\n RIP: 0010:tracepoint_add_func+0x357/0x370\n Code: 28 9c e8 4c 0b f5 ff eb 0f 4c 89 f7 48 c7 c6 80 4d 28 9c e8 ab 89 f4 ff 31 c0 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc \u003c0f\u003e 0b 49 c7 c6 ea ff ff ff e9 ee fe ff ff 0f 0b e9 f9 fe ff ff 0f\n RSP: 0018:ffffabc0c44d3c40 EFLAGS: 00010246\n RAX: 0000000000000001 RBX: ffff9380aa9e4060 RCX: 0000000000000000\n RDX: 000000000000000a RSI: ffffffff9e1d4a98 RDI: ffff937fcf5fd6c8\n RBP: 0000000000000001 R08: 0000000000000007 R09: ffff937fcf5fc780\n R10: 0000000000000003 R11: ffffffff9c193910 R12: 000000000000000a\n R13: ffffffff9e1e5888 R14: 0000000000000000 R15: ffffabc0c44d3c78\n FS: 00007f6202f5f340(0000) GS:ffff93819f00f000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000055d3162281a8 CR3: 0000000106a56003 CR4: 0000000000172ef0\n Call Trace:\n \u003cTASK\u003e\n tracepoint_probe_register+0x5d/0x90\n synth_event_reg+0x3c/0x60\n perf_trace_event_init+0x204/0x340\n perf_trace_init+0x85/0xd0\n perf_tp_event_init+0x2e/0x50\n perf_try_init_event+0x6f/0x230\n ? perf_event_alloc+0x4bb/0xdc0\n perf_event_alloc+0x65a/0xdc0\n __se_sys_perf_event_open+0x290/0x9f0\n do_syscall_64+0x93/0x7b0\n ? entry_SYSCALL_64_after_hwframe+0x76/0x7e\n ? trace_hardirqs_off+0x53/0xc0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nInstead, have the code return -ENODEV, which doesn't warn and has perf\nerror out with:\n\n # perf record -e synthetic:futex_wait\nError:\nThe sys_perf_event_open() syscall returned with 19 (No such device) for event (synthetic:futex_wait).\n\"dmesg | grep -i perf\" may provide additional information.\n\nIdeally perf should support synthetic events, but for now just fix the\nwarning. The support can come later.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71125", "https://git.kernel.org/stable/c/3437c775bf209c674ad66304213b6b3c3b1b3f69", "https://git.kernel.org/stable/c/65b1971147ec12f0b1cee0811c859a3d7d9b04ce", "https://git.kernel.org/stable/c/6819bc6285c0ff835f67cfae7efebc03541782f6", "https://git.kernel.org/stable/c/6d15f08e6d8d4b4fb02d90805ea97f3e2c1d6fbc", "https://git.kernel.org/stable/c/6df47e5bb9b62d72f186f826ab643ea1856877c7", "https://git.kernel.org/stable/c/ef7f38df890f5dcd2ae62f8dbde191d72f3bebae", "https://git.kernel.org/stable/c/f7305697b60d79bc69c0a6e280fc931b4e8862dd", "https://linux.oracle.com/cve/CVE-2025-71125.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026011417-CVE-2025-71125-8435@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71125", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-71125" ], "PublishedDate": "2026-01-14T15:16:02.213Z", "LastModifiedDate": "2026-03-25T18:49:06.06Z" }, { "VulnerabilityID": "CVE-2025-71127", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71127", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:998ba1ea26f1e04ec1fbc0560703cf699efc7b0dfd53e6e79b488f429d7a1a5c", "Title": "kernel: wifi: mac80211: Discard Beacon frames to non-broadcast address", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: Discard Beacon frames to non-broadcast address\n\nBeacon frames are required to be sent to the broadcast address, see IEEE\nStd 802.11-2020, 11.1.3.1 (\"The Address 1 field of the Beacon .. frame\nshall be set to the broadcast address\"). A unicast Beacon frame might be\nused as a targeted attack to get one of the associated STAs to do\nsomething (e.g., using CSA to move it to another channel). As such, it\nis better have strict filtering for this on the received side and\ndiscard all Beacon frames that are sent to an unexpected address.\n\nThis is even more important for cases where beacon protection is used.\nThe current implementation in mac80211 is correctly discarding unicast\nBeacon frames if the Protected Frame bit in the Frame Control field is\nset to 0. However, if that bit is set to 1, the logic used for checking\nfor configured BIGTK(s) does not actually work. If the driver does not\nhave logic for dropping unicast Beacon frames with Protected Frame bit\n1, these frames would be accepted in mac80211 processing as valid Beacon\nframes even though they are not protected. This would allow beacon\nprotection to be bypassed. While the logic for checking beacon\nprotection could be extended to cover this corner case, a more generic\ncheck for discard all Beacon frames based on A1=unicast address covers\nthis without needing additional changes.\n\nAddress all these issues by dropping received Beacon frames if they are\nsent to a non-broadcast address.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "V3Score": 6.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71127", "https://git.kernel.org/stable/c/0a59a3895f804469276d188effa511c72e752f35", "https://git.kernel.org/stable/c/193d18f60588e95d62e0f82b6a53893e5f2f19f8", "https://git.kernel.org/stable/c/6e5bff40bb38741e40c33043ba0816fba5f93661", "https://git.kernel.org/stable/c/7b240a8935d554ad36a52c2c37c32039f9afaef2", "https://git.kernel.org/stable/c/88aab153d1528bc559292a12fb5105ee97528e1f", "https://git.kernel.org/stable/c/a21704df4024708be698fb3fd5830d5b113b70e0", "https://git.kernel.org/stable/c/be0974be5c42584e027883ac2af7dab5e950098c", "https://linux.oracle.com/cve/CVE-2025-71127.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026011450-CVE-2025-71127-29a7@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71127", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-71127" ], "PublishedDate": "2026-01-14T15:16:02.43Z", "LastModifiedDate": "2026-03-25T18:51:23.393Z" }, { "VulnerabilityID": "CVE-2025-71131", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71131", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b944180ffc043daf92e26f9db7336ac81960d0c98b3476fff2e70d65b87e3277", "Title": "kernel: crypto: seqiv - Do not use req-\u003eiv after crypto_aead_encrypt", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: seqiv - Do not use req-\u003eiv after crypto_aead_encrypt\n\nAs soon as crypto_aead_encrypt is called, the underlying request\nmay be freed by an asynchronous completion. Thus dereferencing\nreq-\u003eiv after it returns is invalid.\n\nInstead of checking req-\u003eiv against info, create a new variable\nunaligned_info and use it for that purpose instead.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71131", "https://git.kernel.org/stable/c/0279978adec6f1296af66b642cce641c6580be46", "https://git.kernel.org/stable/c/18202537856e0fae079fed2c9308780bcff2bb9d", "https://git.kernel.org/stable/c/50f196d2bbaee4ab2494bb1b0d294deba292951a", "https://git.kernel.org/stable/c/50fdb78b7c0bcc550910ef69c0984e751cac72fa", "https://git.kernel.org/stable/c/5476f7f8a311236604b78fcc5b2a63b3a61b0169", "https://git.kernel.org/stable/c/baf0e2d1e03ddb04781dfe7f22a654d3611f69b2", "https://git.kernel.org/stable/c/ccbb96434d88e32358894c879457b33f7508e798", "https://linux.oracle.com/cve/CVE-2025-71131.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026011452-CVE-2025-71131-c844@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71131", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-71131" ], "PublishedDate": "2026-01-14T15:16:02.843Z", "LastModifiedDate": "2026-03-25T19:56:42.483Z" }, { "VulnerabilityID": "CVE-2025-71132", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71132", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d89c60e2acc552385eff71560d327ecba1a4c6d7fadee2624f7aca6512bf1b47", "Title": "kernel: smc91x: fix broken irq-context in PREEMPT_RT", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmc91x: fix broken irq-context in PREEMPT_RT\n\nWhen smc91x.c is built with PREEMPT_RT, the following splat occurs\nin FVP_RevC:\n\n[ 13.055000] smc91x LNRO0003:00 eth0: link up, 10Mbps, half-duplex, lpa 0x0000\n[ 13.062137] BUG: workqueue leaked atomic, lock or RCU: kworker/2:1[106]\n[ 13.062137] preempt=0x00000000 lock=0-\u003e0 RCU=0-\u003e1 workfn=mld_ifc_work\n[ 13.062266] C\n** replaying previous printk message **\n[ 13.062266] CPU: 2 UID: 0 PID: 106 Comm: kworker/2:1 Not tainted 6.18.0-dirty #179 PREEMPT_{RT,(full)}\n[ 13.062353] Hardware name: , BIOS\n[ 13.062382] Workqueue: mld mld_ifc_work\n[ 13.062469] Call trace:\n[ 13.062494] show_stack+0x24/0x40 (C)\n[ 13.062602] __dump_stack+0x28/0x48\n[ 13.062710] dump_stack_lvl+0x7c/0xb0\n[ 13.062818] dump_stack+0x18/0x34\n[ 13.062926] process_scheduled_works+0x294/0x450\n[ 13.063043] worker_thread+0x260/0x3d8\n[ 13.063124] kthread+0x1c4/0x228\n[ 13.063235] ret_from_fork+0x10/0x20\n\nThis happens because smc_special_trylock() disables IRQs even on PREEMPT_RT,\nbut smc_special_unlock() does not restore IRQs on PREEMPT_RT.\nThe reason is that smc_special_unlock() calls spin_unlock_irqrestore(),\nand rcu_read_unlock_bh() in __dev_queue_xmit() cannot invoke\nrcu_read_unlock() through __local_bh_enable_ip() when current-\u003esoftirq_disable_cnt becomes zero.\n\nTo address this issue, replace smc_special_trylock() with spin_trylock_irqsave().", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71132", "https://git.kernel.org/stable/c/1c4cb705e733250d13243f6a69b8b5a92e39b9f6", "https://git.kernel.org/stable/c/36561b86cb2501647662cfaf91286dd6973804a6", "https://git.kernel.org/stable/c/6402078bd9d1ed46e79465e1faaa42e3458f8a33", "https://git.kernel.org/stable/c/9d222141b00156509d67d80c771fbefa92c43ace", "https://git.kernel.org/stable/c/b6018d5c1a8f09d5efe4d6961d7ee45fdf3a7ce3", "https://git.kernel.org/stable/c/ef277ae121b3249c99994652210a326b52d527b0", "https://linux.oracle.com/cve/CVE-2025-71132.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026011452-CVE-2025-71132-b03b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71132", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-71132" ], "PublishedDate": "2026-01-14T15:16:02.947Z", "LastModifiedDate": "2026-03-25T19:56:03.873Z" }, { "VulnerabilityID": "CVE-2025-71133", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71133", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:51b866b965fcec2b4607063f98dbfa7d79782a520abe7bca223eae2c70e181db", "Title": "kernel: RDMA/irdma: avoid invalid read in irdma_net_event", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: avoid invalid read in irdma_net_event\n\nirdma_net_event() should not dereference anything from \"neigh\" (alias\n\"ptr\") until it has checked that the event is NETEVENT_NEIGH_UPDATE.\nOther events come with different structures pointed to by \"ptr\" and they\nmay be smaller than struct neighbour.\n\nMove the read of neigh-\u003edev under the NETEVENT_NEIGH_UPDATE case.\n\nThe bug is mostly harmless, but it triggers KASAN on debug kernels:\n\n BUG: KASAN: stack-out-of-bounds in irdma_net_event+0x32e/0x3b0 [irdma]\n Read of size 8 at addr ffffc900075e07f0 by task kworker/27:2/542554\n\n CPU: 27 PID: 542554 Comm: kworker/27:2 Kdump: loaded Not tainted 5.14.0-630.el9.x86_64+debug #1\n Hardware name: [...]\n Workqueue: events rt6_probe_deferred\n Call Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x60/0xb0\n print_address_description.constprop.0+0x2c/0x3f0\n print_report+0xb4/0x270\n kasan_report+0x92/0xc0\n irdma_net_event+0x32e/0x3b0 [irdma]\n notifier_call_chain+0x9e/0x180\n atomic_notifier_call_chain+0x5c/0x110\n rt6_do_redirect+0xb91/0x1080\n tcp_v6_err+0xe9b/0x13e0\n icmpv6_notify+0x2b2/0x630\n ndisc_redirect_rcv+0x328/0x530\n icmpv6_rcv+0xc16/0x1360\n ip6_protocol_deliver_rcu+0xb84/0x12e0\n ip6_input_finish+0x117/0x240\n ip6_input+0xc4/0x370\n ipv6_rcv+0x420/0x7d0\n __netif_receive_skb_one_core+0x118/0x1b0\n process_backlog+0xd1/0x5d0\n __napi_poll.constprop.0+0xa3/0x440\n net_rx_action+0x78a/0xba0\n handle_softirqs+0x2d4/0x9c0\n do_softirq+0xad/0xe0\n \u003c/IRQ\u003e", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "nvd": 3, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71133", "https://git.kernel.org/stable/c/305c02e541befe4a44ffde30ed374970f41aeb6c", "https://git.kernel.org/stable/c/6f05611728e9d0ab024832a4f1abb74a5f5d0bb0", "https://git.kernel.org/stable/c/bf197c7c79ef6458d1ee84dd7db251b51784885f", "https://git.kernel.org/stable/c/d9b9affd103f51b42322da4ed5ac025b560bc354", "https://git.kernel.org/stable/c/db93ae6fa66f1c61ae63400191195e3ee58021da", "https://git.kernel.org/stable/c/fc23d05f0b3fb4d80657e7afebae2cae686b31c8", "https://linux.oracle.com/cve/CVE-2025-71133.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026011453-CVE-2025-71133-6435@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71133", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-71133" ], "PublishedDate": "2026-01-14T15:16:03.053Z", "LastModifiedDate": "2026-03-25T18:04:12.687Z" }, { "VulnerabilityID": "CVE-2025-71136", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71136", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0455b8a9e59dcae7304cca1fe2840bb7ddd7696c341f6066606b378fc76f6761", "Title": "kernel: media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status()\n\nIt's possible for cp_read() and hdmi_read() to return -EIO. Those\nvalues are further used as indexes for accessing arrays.\n\nFix that by checking return values where it's needed.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "nvd": 3, "photon": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71136", "https://git.kernel.org/stable/c/60dde0960e3ead8a9569f6c494d90d0232ac0983", "https://git.kernel.org/stable/c/8163419e3e05d71dcfa8fb49c8fdf8d76908fe51", "https://git.kernel.org/stable/c/a73881ae085db5702d8b13e2fc9f78d51c723d3f", "https://git.kernel.org/stable/c/b693d48a6ed0cd09171103ad418e4a693203d6e4", "https://git.kernel.org/stable/c/d6a22a4a96e4dfe6897cb3532d2b3016d87706f0", "https://git.kernel.org/stable/c/f81ee181cb036d046340c213091b69d9a8701a76", "https://git.kernel.org/stable/c/f913b9a2ccd6114b206b9e91dae5e3dc13a415a0", "https://lore.kernel.org/linux-cve-announce/2026011454-CVE-2025-71136-0f59@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71136", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-71136" ], "PublishedDate": "2026-01-14T15:16:03.383Z", "LastModifiedDate": "2026-03-25T18:03:37.533Z" }, { "VulnerabilityID": "CVE-2025-71137", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71137", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:683a3afa9fc96a939bed615768a4d7f9a065366942711534f5eb45f296e3ebce", "Title": "kernel: octeontx2-pf: fix \"UBSAN: shift-out-of-bounds error\"", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: fix \"UBSAN: shift-out-of-bounds error\"\n\nThis patch ensures that the RX ring size (rx_pending) is not\nset below the permitted length. This avoids UBSAN\nshift-out-of-bounds errors when users passes small or zero\nring sizes via ethtool -G.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "nvd": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71137", "https://git.kernel.org/stable/c/442848e457f5a9f71a4e7e14d24d73dae278ebe3", "https://git.kernel.org/stable/c/4cc4cfe4d23c883120b6f3d41145edbaa281f2ab", "https://git.kernel.org/stable/c/5d8dfa3abb9a845302e021cf9c92d941abbc011a", "https://git.kernel.org/stable/c/658caf3b8aad65f8b8e102670ca4f68c7030f655", "https://git.kernel.org/stable/c/85f4b0c650d9f9db10bda8d3acfa1af83bf78cf7", "https://git.kernel.org/stable/c/aa743b0d98448282b2cb37356db8db2a48524624", "https://git.kernel.org/stable/c/b23a2e15589466a027c9baa3fb5813c9f6a6c6dc", "https://lore.kernel.org/linux-cve-announce/2026011454-CVE-2025-71137-6471@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71137", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-71137" ], "PublishedDate": "2026-01-14T15:16:03.487Z", "LastModifiedDate": "2026-03-25T18:03:28.54Z" }, { "VulnerabilityID": "CVE-2025-71147", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71147", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:160151c43d34e4c6d3ba2f1e93029ee39fc85b548d6769724777e523fa0dd4de", "Title": "kernel: Linux kernel: Denial of Service due to memory leak in tpm2_load_cmd", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nKEYS: trusted: Fix a memory leak in tpm2_load_cmd\n\n'tpm2_load_cmd' allocates a tempoary blob indirectly via 'tpm2_key_decode'\nbut it is not freed in the failure paths. Address this by wrapping the blob\ninto with a cleanup helper.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71147", "https://git.kernel.org/linus/62cd5d480b9762ce70d720a81fa5b373052ae05f (6.19-rc1)", "https://git.kernel.org/stable/c/19166de9737218b77122c41a5730ac87025e089f", "https://git.kernel.org/stable/c/3fd7df4636d8fd5e3592371967a5941204368936", "https://git.kernel.org/stable/c/62cd5d480b9762ce70d720a81fa5b373052ae05f", "https://git.kernel.org/stable/c/9b015f2918b95bdde2ca9cefa10ef02b138aae1e", "https://git.kernel.org/stable/c/9e7c63c69f57b1db1a8a1542359a6167ff8fcef1", "https://git.kernel.org/stable/c/af0689cafb127a8d1af78cc8b72585c9b2a19ecd", "https://linux.oracle.com/cve/CVE-2025-71147.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026012327-CVE-2025-71147-a296@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71147", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-71147" ], "PublishedDate": "2026-01-23T15:16:05.363Z", "LastModifiedDate": "2026-02-26T20:26:24.18Z" }, { "VulnerabilityID": "CVE-2025-71150", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71150", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9f4f518aefaf09571403d3b377a5251968c37728a3be81a4eb94286ef6397b3c", "Title": "kernel: Linux kernel ksmbd: Denial of Service via reference count leak", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: Fix refcount leak when invalid session is found on session lookup\n\nWhen a session is found but its state is not SMB2_SESSION_VALID, It\nindicates that no valid session was found, but it is missing to decrement\nthe reference count acquired by the session lookup, which results in\na reference count leak. This patch fixes the issue by explicitly calling\nksmbd_user_session_put to release the reference to the session.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71150", "https://git.kernel.org/linus/cafb57f7bdd57abba87725eb4e82bbdca4959644 (6.19-rc2)", "https://git.kernel.org/stable/c/02e06785e85b4bd86ef3d23b7c8d87acc76773d5", "https://git.kernel.org/stable/c/0fb87b28cafae71e9c8248432cc3a6a1fd759efc", "https://git.kernel.org/stable/c/8cabcb4dd3dc85dd83a37d26efcc59a66a4074d7", "https://git.kernel.org/stable/c/cafb57f7bdd57abba87725eb4e82bbdca4959644", "https://git.kernel.org/stable/c/e54fb2a4772545701766cba08aab20de5eace8cd", "https://lore.kernel.org/linux-cve-announce/2026012328-CVE-2025-71150-1b7c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71150", "https://www.cve.org/CVERecord?id=CVE-2025-71150" ], "PublishedDate": "2026-01-23T15:16:05.773Z", "LastModifiedDate": "2026-02-26T20:28:42.167Z" }, { "VulnerabilityID": "CVE-2025-71152", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71152", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:eca8f63683bfd62fc0f035491dc759fc3fe3446405d8dc5d43db569cce70fe29", "Title": "kernel: net: dsa: properly keep track of conduit reference", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: properly keep track of conduit reference\n\nProblem description\n-------------------\n\nDSA has a mumbo-jumbo of reference handling of the conduit net device\nand its kobject which, sadly, is just wrong and doesn't make sense.\n\nThere are two distinct problems.\n\n1. The OF path, which uses of_find_net_device_by_node(), never releases\n the elevated refcount on the conduit's kobject. Nominally, the OF and\n non-OF paths should result in objects having identical reference\n counts taken, and it is already suspicious that\n dsa_dev_to_net_device() has a put_device() call which is missing in\n dsa_port_parse_of(), but we can actually even verify that an issue\n exists. With CONFIG_DEBUG_KOBJECT_RELEASE=y, if we run this command\n \"before\" and \"after\" applying this patch:\n\n(unbind the conduit driver for net device eno2)\necho 0000:00:00.2 \u003e /sys/bus/pci/drivers/fsl_enetc/unbind\n\nwe see these lines in the output diff which appear only with the patch\napplied:\n\nkobject: 'eno2' (ffff002009a3a6b8): kobject_release, parent 0000000000000000 (delayed 1000)\nkobject: '109' (ffff0020099d59a0): kobject_release, parent 0000000000000000 (delayed 1000)\n\n2. After we find the conduit interface one way (OF) or another (non-OF),\n it can get unregistered at any time, and DSA remains with a long-lived,\n but in this case stale, cpu_dp-\u003econduit pointer. Holding the net\n device's underlying kobject isn't actually of much help, it just\n prevents it from being freed (but we never need that kobject\n directly). What helps us to prevent the net device from being\n unregistered is the parallel netdev reference mechanism (dev_hold()\n and dev_put()).\n\nActually we actually use that netdev tracker mechanism implicitly on\nuser ports since commit 2f1e8ea726e9 (\"net: dsa: link interfaces with\nthe DSA master to get rid of lockdep warnings\"), via netdev_upper_dev_link().\nBut time still passes at DSA switch probe time between the initial\nof_find_net_device_by_node() code and the user port creation time, time\nduring which the conduit could unregister itself and DSA wouldn't know\nabout it.\n\nSo we have to run of_find_net_device_by_node() under rtnl_lock() to\nprevent that from happening, and release the lock only with the netdev\ntracker having acquired the reference.\n\nDo we need to keep the reference until dsa_unregister_switch() /\ndsa_switch_shutdown()?\n1: Maybe yes. A switch device will still be registered even if all user\n ports failed to probe, see commit 86f8b1c01a0a (\"net: dsa: Do not\n make user port errors fatal\"), and the cpu_dp-\u003econduit pointers\n remain valid. I haven't audited all call paths to see whether they\n will actually use the conduit in lack of any user port, but if they\n do, it seems safer to not rely on user ports for that reference.\n2. Definitely yes. We support changing the conduit which a user port is\n associated to, and we can get into a situation where we've moved all\n user ports away from a conduit, thus no longer hold any reference to\n it via the net device tracker. But we shouldn't let it go nonetheless\n - see the next change in relation to dsa_tree_find_first_conduit()\n and LAG conduits which disappear.\n We have to be prepared to return to the physical conduit, so the CPU\n port must explicitly keep another reference to it. This is also to\n say: the user ports and their CPU ports may not always keep a\n reference to the same conduit net device, and both are needed.\n\nAs for the conduit's kobject for the /sys/class/net/ entry, we don't\ncare about it, we can release it as soon as we hold the net device\nobject itself.\n\nHistory and blame attribution\n-----------------------------\n\nThe code has been refactored so many times, it is very difficult to\nfollow and properly attribute a blame, but I'll try to make a short\nhistory which I hope to be correct.\n\nWe have two distinct probing paths:\n- one for OF, introduced in 2016 i\n---truncated---", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71152", "https://git.kernel.org/linus/06e219f6a706c367c93051f408ac61417643d2f9 (6.19-rc4)", "https://git.kernel.org/stable/c/06e219f6a706c367c93051f408ac61417643d2f9", "https://git.kernel.org/stable/c/0e766b77ba5093583dfe609fae0aa1545c46dbbd", "https://git.kernel.org/stable/c/b358fc6ff3b35a29f7f677da1c67af67d0d560cb", "https://git.kernel.org/stable/c/ec2b34acb1894cfc10ed22d8277ca4f11e9f4b23", "https://lore.kernel.org/linux-cve-announce/2026012302-CVE-2025-71152-055a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71152", "https://www.cve.org/CVERecord?id=CVE-2025-71152" ], "PublishedDate": "2026-01-23T15:16:06.05Z", "LastModifiedDate": "2026-03-25T11:16:14.597Z" }, { "VulnerabilityID": "CVE-2025-71154", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71154", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ee9a515955a5c94518028aee79a06f16f80f918db7452c77cca9883a9c1ba98f", "Title": "kernel: net: usb: rtl8150: fix memory leak on usb_submit_urb() failure", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: rtl8150: fix memory leak on usb_submit_urb() failure\n\nIn async_set_registers(), when usb_submit_urb() fails, the allocated\n async_req structure and URB are not freed, causing a memory leak.\n\n The completion callback async_set_reg_cb() is responsible for freeing\n these allocations, but it is only called after the URB is successfully\n submitted and completes (successfully or with error). If submission\n fails, the callback never runs and the memory is leaked.\n\n Fix this by freeing both the URB and the request structure in the error\n path when usb_submit_urb() fails.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71154", "https://git.kernel.org/linus/12cab1191d9890097171156d06bfa8d31f1e39c8 (6.19-rc4)", "https://git.kernel.org/stable/c/12cab1191d9890097171156d06bfa8d31f1e39c8", "https://git.kernel.org/stable/c/151403e903840c9cf06754097b6732c14f26c532", "https://git.kernel.org/stable/c/2f966186b99550e3c665dbfb87b8314e30acea02", "https://git.kernel.org/stable/c/4bd4ea3eb326608ffc296db12c105f92dc2f2190", "https://git.kernel.org/stable/c/6492ad6439ff1a479fc94dc6052df3628faed8b6", "https://git.kernel.org/stable/c/a4e2442d3c48355a84463342f397134f149936d7", "https://git.kernel.org/stable/c/db2244c580540306d60ce783ed340190720cd429", "https://linux.oracle.com/cve/CVE-2025-71154.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026012305-CVE-2025-71154-bc99@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71154", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-71154" ], "PublishedDate": "2026-01-23T15:16:06.327Z", "LastModifiedDate": "2026-02-26T20:30:51.363Z" }, { "VulnerabilityID": "CVE-2025-71158", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71158", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c5ae7f016f7a36de956dc401e9413bb65cc13f02eb7516f9b3deed9a6a36e78e", "Title": "kernel: gpio: mpsse: ensure worker is torn down", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: mpsse: ensure worker is torn down\n\nWhen an IRQ worker is running, unplugging the device would cause a\ncrash. The sealevel hardware this driver was written for was not\nhotpluggable, so I never realized it.\n\nThis change uses a spinlock to protect a list of workers, which\nit tears down on disconnect.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71158", "https://git.kernel.org/linus/179ef1127d7a4f09f0e741fa9f30b8a8e7886271 (6.19-rc1)", "https://git.kernel.org/stable/c/179ef1127d7a4f09f0e741fa9f30b8a8e7886271", "https://git.kernel.org/stable/c/472d900c8bcac301ae0e40fdca7db799bd989ff5", "https://lore.kernel.org/linux-cve-announce/2026012344-CVE-2025-71158-1cfa@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71158", "https://www.cve.org/CVERecord?id=CVE-2025-71158" ], "PublishedDate": "2026-01-23T16:15:52.69Z", "LastModifiedDate": "2026-02-26T20:20:07.863Z" }, { "VulnerabilityID": "CVE-2025-71160", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71160", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a23d248c8e2065f7d6f88801542095d29ae529055413d36874ff5863204a9756", "Title": "kernel: netfilter: nf_tables: avoid chain re-validation if possible", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: avoid chain re-validation if possible\n\nHamza Mahfooz reports cpu soft lock-ups in\nnft_chain_validate():\n\n watchdog: BUG: soft lockup - CPU#1 stuck for 27s! [iptables-nft-re:37547]\n[..]\n RIP: 0010:nft_chain_validate+0xcb/0x110 [nf_tables]\n[..]\n nft_immediate_validate+0x36/0x50 [nf_tables]\n nft_chain_validate+0xc9/0x110 [nf_tables]\n nft_immediate_validate+0x36/0x50 [nf_tables]\n nft_chain_validate+0xc9/0x110 [nf_tables]\n nft_immediate_validate+0x36/0x50 [nf_tables]\n nft_chain_validate+0xc9/0x110 [nf_tables]\n nft_immediate_validate+0x36/0x50 [nf_tables]\n nft_chain_validate+0xc9/0x110 [nf_tables]\n nft_immediate_validate+0x36/0x50 [nf_tables]\n nft_chain_validate+0xc9/0x110 [nf_tables]\n nft_immediate_validate+0x36/0x50 [nf_tables]\n nft_chain_validate+0xc9/0x110 [nf_tables]\n nft_table_validate+0x6b/0xb0 [nf_tables]\n nf_tables_validate+0x8b/0xa0 [nf_tables]\n nf_tables_commit+0x1df/0x1eb0 [nf_tables]\n[..]\n\nCurrently nf_tables will traverse the entire table (chain graph), starting\nfrom the entry points (base chains), exploring all possible paths\n(chain jumps). But there are cases where we could avoid revalidation.\n\nConsider:\n1 input -\u003e j2 -\u003e j3\n2 input -\u003e j2 -\u003e j3\n3 input -\u003e j1 -\u003e j2 -\u003e j3\n\nThen the second rule does not need to revalidate j2, and, by extension j3,\nbecause this was already checked during validation of the first rule.\nWe need to validate it only for rule 3.\n\nThis is needed because chain loop detection also ensures we do not exceed\nthe jump stack: Just because we know that j2 is cycle free, its last jump\nmight now exceed the allowed stack size. We also need to update all\nreachable chains with the new largest observed call depth.\n\nCare has to be taken to revalidate even if the chain depth won't be an\nissue: chain validation also ensures that expressions are not called from\ninvalid base chains. For example, the masquerade expression can only be\ncalled from NAT postrouting base chains.\n\nTherefore we also need to keep record of the base chain context (type,\nhooknum) and revalidate if the chain becomes reachable from a different\nhook location.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71160", "https://git.kernel.org/linus/8e1a1bc4f5a42747c08130b8242ebebd1210b32f (6.19-rc2)", "https://git.kernel.org/stable/c/09d6074995c186e449979fe6c1b0f1a69cf9bd3b", "https://git.kernel.org/stable/c/14fa3d1927f1382f86e3f70a51f26005c8e3cff6", "https://git.kernel.org/stable/c/53de1e6cde8f9b791d9cf61aa0e7b02cf5bbe8b1", "https://git.kernel.org/stable/c/8e1a1bc4f5a42747c08130b8242ebebd1210b32f", "https://linux.oracle.com/cve/CVE-2025-71160.html", "https://linux.oracle.com/errata/ELSA-2026-50144.html", "https://lore.kernel.org/linux-cve-announce/2026012346-CVE-2025-71160-8c5d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71160", "https://www.cve.org/CVERecord?id=CVE-2025-71160" ], "PublishedDate": "2026-01-23T16:15:52.897Z", "LastModifiedDate": "2026-02-26T20:19:14.993Z" }, { "VulnerabilityID": "CVE-2025-71161", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71161", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e831c59d0afdad73b683c5f8f8b347fdc3769a3cad97367223d24a15eaf2b546", "Title": "kernel: dm-verity: disable recursive forward error correction", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-verity: disable recursive forward error correction\n\nThere are two problems with the recursive correction:\n\n1. It may cause denial-of-service. In fec_read_bufs, there is a loop that\nhas 253 iterations. For each iteration, we may call verity_hash_for_block\nrecursively. There is a limit of 4 nested recursions - that means that\nthere may be at most 253^4 (4 billion) iterations. Red Hat QE team\nactually created an image that pushes dm-verity to this limit - and this\nimage just makes the udev-worker process get stuck in the 'D' state.\n\n2. It doesn't work. In fec_read_bufs we store data into the variable\n\"fio-\u003ebufs\", but fio bufs is shared between recursive invocations, if\n\"verity_hash_for_block\" invoked correction recursively, it would\noverwrite partially filled fio-\u003ebufs.", "Severity": "MEDIUM", "CweIDs": [ "CWE-193" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71161", "https://git.kernel.org/linus/d9f3e47d3fae0c101d9094bc956ed24e7a0ee801 (6.19-rc1)", "https://git.kernel.org/stable/c/232948cf600fba69aff36b25d85ef91a73a35756", "https://git.kernel.org/stable/c/4220cb37406915c926c0e4a3dbab77cd9cceeb1e", "https://git.kernel.org/stable/c/897d9006e75f46f8bd7df78faa424327ae6a4bcf", "https://git.kernel.org/stable/c/d9f3e47d3fae0c101d9094bc956ed24e7a0ee801", "https://git.kernel.org/stable/c/e227d2b229c7529bd98d348efc55262ccf24ab35", "https://lore.kernel.org/linux-cve-announce/2026012346-CVE-2025-71161-4b58@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71161", "https://www.cve.org/CVERecord?id=CVE-2025-71161" ], "PublishedDate": "2026-01-23T16:15:53Z", "LastModifiedDate": "2026-03-25T11:16:14.79Z" }, { "VulnerabilityID": "CVE-2025-71180", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71180", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:fdd25e770a7110c09eaebec9b307cd968d09dcfeff995c07291ef7b1d603c7d0", "Title": "kernel: counter: interrupt-cnt: Drop IRQF_NO_THREAD flag", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncounter: interrupt-cnt: Drop IRQF_NO_THREAD flag\n\nAn IRQ handler can either be IRQF_NO_THREAD or acquire spinlock_t, as\nCONFIG_PROVE_RAW_LOCK_NESTING warns:\n=============================\n[ BUG: Invalid wait context ]\n6.18.0-rc1+git... #1\n-----------------------------\nsome-user-space-process/1251 is trying to lock:\n(\u0026counter-\u003eevents_list_lock){....}-{3:3}, at: counter_push_event [counter]\nother info that might help us debug this:\ncontext-{2:2}\nno locks held by some-user-space-process/....\nstack backtrace:\nCPU: 0 UID: 0 PID: 1251 Comm: some-user-space-process 6.18.0-rc1+git... #1 PREEMPT\nCall trace:\n show_stack (C)\n dump_stack_lvl\n dump_stack\n __lock_acquire\n lock_acquire\n _raw_spin_lock_irqsave\n counter_push_event [counter]\n interrupt_cnt_isr [interrupt_cnt]\n __handle_irq_event_percpu\n handle_irq_event\n handle_simple_irq\n handle_irq_desc\n generic_handle_domain_irq\n gpio_irq_handler\n handle_irq_desc\n generic_handle_domain_irq\n gic_handle_irq\n call_on_irq_stack\n do_interrupt_handler\n el0_interrupt\n __el0_irq_handler_common\n el0t_64_irq_handler\n el0t_64_irq\n\n... and Sebastian correctly points out. Remove IRQF_NO_THREAD as an\nalternative to switching to raw_spinlock_t, because the latter would limit\nall potential nested locks to raw_spinlock_t only.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71180", "https://git.kernel.org/linus/23f9485510c338476b9735d516c1d4aacb810d46 (6.19-rc5)", "https://git.kernel.org/stable/c/1c5a3175aecf82cd86dfcbef2a23e8b26d8d8e7c", "https://git.kernel.org/stable/c/23f9485510c338476b9735d516c1d4aacb810d46", "https://git.kernel.org/stable/c/425886b1f8304621b3f16632b274357067d5f13f", "https://git.kernel.org/stable/c/49a66829dd3653695e60d7cae13521d131362fcd", "https://git.kernel.org/stable/c/51d2e5d6491447258cb39ff1deb93df15d3c23cb", "https://git.kernel.org/stable/c/ef668c9a2261ec9287faba6e6ef05a98b391aa2b", "https://lore.kernel.org/linux-cve-announce/2026013131-CVE-2025-71180-538e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71180", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-71180" ], "PublishedDate": "2026-01-31T12:16:02.997Z", "LastModifiedDate": "2026-03-25T19:45:29.937Z" }, { "VulnerabilityID": "CVE-2025-71182", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71182", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:18622c0e0fdd244a9f820cfe49714572bc1c64d44aeed291bf9b18ae65601591", "Title": "kernel: can: j1939: make j1939_session_activate() fail if device is no longer registered", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: j1939: make j1939_session_activate() fail if device is no longer registered\n\nsyzbot is still reporting\n\n unregister_netdevice: waiting for vcan0 to become free. Usage count = 2\n\neven after commit 93a27b5891b8 (\"can: j1939: add missing calls in\nNETDEV_UNREGISTER notification handler\") was added. A debug printk() patch\nfound that j1939_session_activate() can succeed even after\nj1939_cancel_active_session() from j1939_netdev_notify(NETDEV_UNREGISTER)\nhas completed.\n\nSince j1939_cancel_active_session() is processed with the session list lock\nheld, checking ndev-\u003ereg_state in j1939_session_activate() with the session\nlist lock held can reliably close the race window.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "photon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71182", "https://git.kernel.org/linus/5d5602236f5db19e8b337a2cd87a90ace5ea776d (6.19-rc2)", "https://git.kernel.org/stable/c/46ca9dc978923c5e1247a9e9519240ba7ace413c", "https://git.kernel.org/stable/c/5d5602236f5db19e8b337a2cd87a90ace5ea776d", "https://git.kernel.org/stable/c/78d87b72cebe2a993fd5b017e9f14fb6278f2eae", "https://git.kernel.org/stable/c/79dd3f1d9dd310c2af89b09c71f34d93973b200f", "https://git.kernel.org/stable/c/ba6f0d1832eeb5eb3a6dc5cb30e0f720b3cb3536", "https://git.kernel.org/stable/c/c3a4316e3c746af415c0fd6c6d489ad13f53714d", "https://git.kernel.org/stable/c/ebb0dfd718dd31c8d3600612ca4b7207ec3d923a", "https://linux.oracle.com/cve/CVE-2025-71182.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026013134-CVE-2025-71182-54d0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71182", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-71182" ], "PublishedDate": "2026-01-31T12:16:03.463Z", "LastModifiedDate": "2026-03-25T19:41:58.97Z" }, { "VulnerabilityID": "CVE-2025-71183", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71183", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:be0276638ec17c83a51c60437e6d12b075d80b014093b53da41ddf53ceafba13", "Title": "kernel: btrfs: always detect conflicting inodes when logging inode refs", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: always detect conflicting inodes when logging inode refs\n\nAfter rename exchanging (either with the rename exchange operation or\nregular renames in multiple non-atomic steps) two inodes and at least\none of them is a directory, we can end up with a log tree that contains\nonly of the inodes and after a power failure that can result in an attempt\nto delete the other inode when it should not because it was not deleted\nbefore the power failure. In some case that delete attempt fails when\nthe target inode is a directory that contains a subvolume inside it, since\nthe log replay code is not prepared to deal with directory entries that\npoint to root items (only inode items).\n\n1) We have directories \"dir1\" (inode A) and \"dir2\" (inode B) under the\n same parent directory;\n\n2) We have a file (inode C) under directory \"dir1\" (inode A);\n\n3) We have a subvolume inside directory \"dir2\" (inode B);\n\n4) All these inodes were persisted in a past transaction and we are\n currently at transaction N;\n\n5) We rename the file (inode C), so at btrfs_log_new_name() we update\n inode C's last_unlink_trans to N;\n\n6) We get a rename exchange for \"dir1\" (inode A) and \"dir2\" (inode B),\n so after the exchange \"dir1\" is inode B and \"dir2\" is inode A.\n During the rename exchange we call btrfs_log_new_name() for inodes\n A and B, but because they are directories, we don't update their\n last_unlink_trans to N;\n\n7) An fsync against the file (inode C) is done, and because its inode\n has a last_unlink_trans with a value of N we log its parent directory\n (inode A) (through btrfs_log_all_parents(), called from\n btrfs_log_inode_parent()).\n\n8) So we end up with inode B not logged, which now has the old name\n of inode A. At copy_inode_items_to_log(), when logging inode A, we\n did not check if we had any conflicting inode to log because inode\n A has a generation lower than the current transaction (created in\n a past transaction);\n\n9) After a power failure, when replaying the log tree, since we find that\n inode A has a new name that conflicts with the name of inode B in the\n fs tree, we attempt to delete inode B... this is wrong since that\n directory was never deleted before the power failure, and because there\n is a subvolume inside that directory, attempting to delete it will fail\n since replay_dir_deletes() and btrfs_unlink_inode() are not prepared\n to deal with dir items that point to roots instead of inodes.\n\n When that happens the mount fails and we get a stack trace like the\n following:\n\n [87.2314] BTRFS info (device dm-0): start tree-log replay\n [87.2318] BTRFS critical (device dm-0): failed to delete reference to subvol, root 5 inode 256 parent 259\n [87.2332] ------------[ cut here ]------------\n [87.2338] BTRFS: Transaction aborted (error -2)\n [87.2346] WARNING: CPU: 1 PID: 638968 at fs/btrfs/inode.c:4345 __btrfs_unlink_inode+0x416/0x440 [btrfs]\n [87.2368] Modules linked in: btrfs loop dm_thin_pool (...)\n [87.2470] CPU: 1 UID: 0 PID: 638968 Comm: mount Tainted: G W 6.18.0-rc7-btrfs-next-218+ #2 PREEMPT(full)\n [87.2489] Tainted: [W]=WARN\n [87.2494] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-0-gea1b7a073390-prebuilt.qemu.org 04/01/2014\n [87.2514] RIP: 0010:__btrfs_unlink_inode+0x416/0x440 [btrfs]\n [87.2538] Code: c0 89 04 24 (...)\n [87.2568] RSP: 0018:ffffc0e741f4b9b8 EFLAGS: 00010286\n [87.2574] RAX: 0000000000000000 RBX: ffff9d3ec8a6cf60 RCX: 0000000000000000\n [87.2582] RDX: 0000000000000002 RSI: ffffffff84ab45a1 RDI: 00000000ffffffff\n [87.2591] RBP: ffff9d3ec8a6ef20 R08: 0000000000000000 R09: ffffc0e741f4b840\n [87.2599] R10: ffff9d45dc1fffa8 R11: 0000000000000003 R12: ffff9d3ee26d77e0\n [87.2608] R13: ffffc0e741f4ba98 R14: ffff9d4458040800 R15: ffff9d44b6b7ca10\n [87.2618] FS: 00007f7b9603a840(0000) GS:ffff9d4658982000(0000) knlGS:0000000000000000\n [87.\n---truncated---", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71183", "https://git.kernel.org/linus/7ba0b6461bc4edb3005ea6e00cdae189bcf908a5 (6.19-rc5)", "https://git.kernel.org/stable/c/0c2413c69129f6ce60157f7b53d9ba880260400b", "https://git.kernel.org/stable/c/7ba0b6461bc4edb3005ea6e00cdae189bcf908a5", "https://git.kernel.org/stable/c/a63998cd6687c14b160dccb0bbcf281b2eb0dab3", "https://git.kernel.org/stable/c/c7f0207db68d5a1b4af23acbef1a8e8ddc431ebb", "https://git.kernel.org/stable/c/d52af58dd463821c5c516aebb031a58934f696ea", "https://linux.oracle.com/cve/CVE-2025-71183.html", "https://linux.oracle.com/errata/ELSA-2026-50144.html", "https://lore.kernel.org/linux-cve-announce/2026013134-CVE-2025-71183-8bb4@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71183", "https://www.cve.org/CVERecord?id=CVE-2025-71183" ], "PublishedDate": "2026-01-31T12:16:03.57Z", "LastModifiedDate": "2026-03-25T19:16:17.12Z" }, { "VulnerabilityID": "CVE-2025-71184", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71184", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d4ef7677580aa1faaa6553ccc49cb6eb4ad6675388516a292b7875391f4ab5b2", "Title": "kernel: btrfs: fix NULL dereference on root when tracing inode eviction", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix NULL dereference on root when tracing inode eviction\n\nWhen evicting an inode the first thing we do is to setup tracing for it,\nwhich implies fetching the root's id. But in btrfs_evict_inode() the\nroot might be NULL, as implied in the next check that we do in\nbtrfs_evict_inode().\n\nHence, we either should set the -\u003eroot_objectid to 0 in case the root is\nNULL, or we move tracing setup after checking that the root is not\nNULL. Setting the rootid to 0 at least gives us the possibility to trace\nthis call even in the case when the root is NULL, so that's the solution\ntaken here.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71184", "https://git.kernel.org/linus/f157dd661339fc6f5f2b574fe2429c43bd309534 (6.19-rc5)", "https://git.kernel.org/stable/c/582ba48e4a4c06fef6bdcf4e57b7b9af660bbd0c", "https://git.kernel.org/stable/c/64d8abd8c5305795a2b35fc96039d99d34f5e762", "https://git.kernel.org/stable/c/99e057f3d3ef24b99a7b1d84e01dd1bd890098da", "https://git.kernel.org/stable/c/f157dd661339fc6f5f2b574fe2429c43bd309534", "https://linux.oracle.com/cve/CVE-2025-71184.html", "https://linux.oracle.com/errata/ELSA-2026-50144.html", "https://lore.kernel.org/linux-cve-announce/2026013134-CVE-2025-71184-e27f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71184", "https://www.cve.org/CVERecord?id=CVE-2025-71184" ], "PublishedDate": "2026-01-31T12:16:03.673Z", "LastModifiedDate": "2026-03-25T18:55:11.563Z" }, { "VulnerabilityID": "CVE-2025-71192", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71192", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9362b77751d0fa2dab8bceaa83eb28bd7e7000ff2c02ff9e045016cbc9e05369", "Title": "kernel: ALSA: ac97: fix a double free in snd_ac97_controller_register()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: ac97: fix a double free in snd_ac97_controller_register()\n\nIf ac97_add_adapter() fails, put_device() is the correct way to drop\nthe device reference. kfree() is not required.\nAdd kfree() if idr_alloc() fails and in ac97_adapter_release() to do\nthe cleanup.\n\nFound by code review.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71192", "https://git.kernel.org/linus/830988b6cf197e6dcffdfe2008c5738e6c6c3c0f (6.19-rc5)", "https://git.kernel.org/stable/c/21f8bc5179bed91c3f946adb5e55d717b891960c", "https://git.kernel.org/stable/c/830988b6cf197e6dcffdfe2008c5738e6c6c3c0f", "https://git.kernel.org/stable/c/c80f9b3349a99a9d5b295f5bbc23f544c5995ad7", "https://git.kernel.org/stable/c/cb73d37ac18bc1716690ff5255a0ef1952827e9e", "https://git.kernel.org/stable/c/fcc04c92cbb5497ce67c58dd2f0001bb87f40396", "https://lore.kernel.org/linux-cve-announce/2026020438-CVE-2025-71192-3370@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71192", "https://www.cve.org/CVERecord?id=CVE-2025-71192" ], "PublishedDate": "2026-02-04T16:16:18.77Z", "LastModifiedDate": "2026-02-04T16:33:44.537Z" }, { "VulnerabilityID": "CVE-2025-71193", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71193", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:14e9d4562614100d8168ed617c99f69bca1f1ba5bbd70ef5019e0a10e94e2473", "Title": "kernel: phy: qcom-qusb2: Fix NULL pointer dereference on early suspend", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: qcom-qusb2: Fix NULL pointer dereference on early suspend\n\nEnabling runtime PM before attaching the QPHY instance as driver data\ncan lead to a NULL pointer dereference in runtime PM callbacks that\nexpect valid driver data. There is a small window where the suspend\ncallback may run after PM runtime enabling and before runtime forbid.\nThis causes a sporadic crash during boot:\n\n```\nUnable to handle kernel NULL pointer dereference at virtual address 00000000000000a1\n[...]\nCPU: 0 UID: 0 PID: 11 Comm: kworker/0:1 Not tainted 6.16.7+ #116 PREEMPT\nWorkqueue: pm pm_runtime_work\npstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : qusb2_phy_runtime_suspend+0x14/0x1e0 [phy_qcom_qusb2]\nlr : pm_generic_runtime_suspend+0x2c/0x44\n[...]\n```\n\nAttach the QPHY instance as driver data before enabling runtime PM to\nprevent NULL pointer dereference in runtime PM callbacks.\n\nReorder pm_runtime_enable() and pm_runtime_forbid() to prevent a\nshort window where an unnecessary runtime suspend can occur.\n\nUse the devres-managed version to ensure PM runtime is symmetrically\ndisabled during driver removal for proper cleanup.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71193", "https://git.kernel.org/linus/1ca52c0983c34fca506921791202ed5bdafd5306 (6.19-rc6)", "https://git.kernel.org/stable/c/1ca52c0983c34fca506921791202ed5bdafd5306", "https://git.kernel.org/stable/c/4ac15caa27ff842b068a54f1c6a8ff8b31f658e7", "https://git.kernel.org/stable/c/beba460a299150b5d8dcbe3474a8f4bdf0205180", "https://git.kernel.org/stable/c/d50a9b7fd07296a1ab81c49ceba14cae3d31df86", "https://lore.kernel.org/linux-cve-announce/2026020439-CVE-2025-71193-288d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71193", "https://www.cve.org/CVERecord?id=CVE-2025-71193" ], "PublishedDate": "2026-02-04T17:16:11.193Z", "LastModifiedDate": "2026-02-05T14:57:34.297Z" }, { "VulnerabilityID": "CVE-2025-71195", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71195", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:adade066e6e93a178c30e355873bda0766e018f183b9e918c68f67a7e5afd6ee", "Title": "kernel: dmaengine: xilinx: xdma: Fix regmap max_register", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: xilinx: xdma: Fix regmap max_register\n\nThe max_register field is assigned the size of the register memory\nregion instead of the offset of the last register.\nThe result is that reading from the regmap via debugfs can cause\na segmentation fault:\n\ntail /sys/kernel/debug/regmap/xdma.1.auto/registers\nUnable to handle kernel paging request at virtual address ffff800082f70000\nMem abort info:\n ESR = 0x0000000096000007\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x07: level 3 translation fault\n[...]\nCall trace:\n regmap_mmio_read32le+0x10/0x30\n _regmap_bus_reg_read+0x74/0xc0\n _regmap_read+0x68/0x198\n regmap_read+0x54/0x88\n regmap_read_debugfs+0x140/0x380\n regmap_map_read_file+0x30/0x48\n full_proxy_read+0x68/0xc8\n vfs_read+0xcc/0x310\n ksys_read+0x7c/0x120\n __arm64_sys_read+0x24/0x40\n invoke_syscall.constprop.0+0x64/0x108\n do_el0_svc+0xb0/0xd8\n el0_svc+0x38/0x130\n el0t_64_sync_handler+0x120/0x138\n el0t_64_sync+0x194/0x198\nCode: aa1e03e9 d503201f f9400000 8b214000 (b9400000)\n---[ end trace 0000000000000000 ]---\nnote: tail[1217] exited with irqs disabled\nnote: tail[1217] exited with preempt_count 1\nSegmentation fault", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71195", "https://git.kernel.org/linus/c7d436a6c1a274c1ac28d5fb3b8eb8f03b6d0e10 (6.19-rc6)", "https://git.kernel.org/stable/c/5e7ad329d259cf5bed7530d6d2525bcf7cb487a1", "https://git.kernel.org/stable/c/606ea969e78295407f4bf06aa0e272fe59897184", "https://git.kernel.org/stable/c/c7d436a6c1a274c1ac28d5fb3b8eb8f03b6d0e10", "https://git.kernel.org/stable/c/df8a131a41ff6202d47f59452735787f2b71dd2d", "https://lore.kernel.org/linux-cve-announce/2026020449-CVE-2025-71195-8c0c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71195", "https://www.cve.org/CVERecord?id=CVE-2025-71195" ], "PublishedDate": "2026-02-04T17:16:11.407Z", "LastModifiedDate": "2026-02-05T14:57:34.297Z" }, { "VulnerabilityID": "CVE-2025-71198", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71198", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4e425e9e2354b0ee36e1434219522cc68dc585865eef89a15114946ed14d214f", "Title": "kernel: iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection\n\nThe st_lsm6dsx_acc_channels array of struct iio_chan_spec has a non-NULL\nevent_spec field, indicating support for IIO events. However, event\ndetection is not supported for all sensors, and if userspace tries to\nconfigure accelerometer wakeup events on a sensor device that does not\nsupport them (e.g. LSM6DS0), st_lsm6dsx_write_event() dereferences a NULL\npointer when trying to write to the wakeup register.\nDefine an additional struct iio_chan_spec array whose members have a NULL\nevent_spec field, and use this array instead of st_lsm6dsx_acc_channels for\nsensors without event detection capability.", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71198", "https://git.kernel.org/linus/c34e2e2d67b3bb8d5a6d09b0d6dac845cdd13fb3 (6.19-rc7)", "https://git.kernel.org/stable/c/4d60ffcdedfe2cdb68a1cde19bb292bc67451629", "https://git.kernel.org/stable/c/7673167fac9323110973a3300637adba7d45de3a", "https://git.kernel.org/stable/c/81ed6e42d6e555dd978c9dd5e3f7c20cb121221b", "https://git.kernel.org/stable/c/c34e2e2d67b3bb8d5a6d09b0d6dac845cdd13fb3", "https://lore.kernel.org/linux-cve-announce/2026020412-CVE-2025-71198-3572@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71198", "https://www.cve.org/CVERecord?id=CVE-2025-71198" ], "PublishedDate": "2026-02-04T17:16:11.743Z", "LastModifiedDate": "2026-02-05T14:57:34.297Z" }, { "VulnerabilityID": "CVE-2025-71202", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71202", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a4eb759eac330eb8b2366818dac6bd38f1db02aa8e20fb7394e1beb8d4bfd754", "Title": "kernel: Linux kernel: Memory Corruption and Kernel Crashes via IOMMU SVA coherency issue", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/sva: invalidate stale IOTLB entries for kernel address space\n\nIntroduce a new IOMMU interface to flush IOTLB paging cache entries for\nthe CPU kernel address space. This interface is invoked from the x86\narchitecture code that manages combined user and kernel page tables,\nspecifically before any kernel page table page is freed and reused.\n\nThis addresses the main issue with vfree() which is a common occurrence\nand can be triggered by unprivileged users. While this resolves the\nprimary problem, it doesn't address some extremely rare case related to\nmemory unplug of memory that was present as reserved memory at boot, which\ncannot be triggered by unprivileged users. The discussion can be found at\nthe link below.\n\nEnable SVA on x86 architecture since the IOMMU can now receive\nnotification to flush the paging cache before freeing the CPU kernel page\ntable pages.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71202", "https://git.kernel.org/linus/e37d5a2d60a338c5917c45296bac65da1382eda5 (6.19-rc1)", "https://git.kernel.org/stable/c/9f0a7ab700f8620e433b05c57fbd26c92ea186d9", "https://git.kernel.org/stable/c/e37d5a2d60a338c5917c45296bac65da1382eda5", "https://lore.kernel.org/linux-cve-announce/2026021414-CVE-2025-71202-4c01@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71202", "https://www.cve.org/CVERecord?id=CVE-2025-71202" ], "PublishedDate": "2026-02-14T16:15:52.79Z", "LastModifiedDate": "2026-03-17T21:16:48.27Z" }, { "VulnerabilityID": "CVE-2025-71203", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71203", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6f8d5e0004c5a51e4321a5991652d99aa0ff9cac445441dbb5d10393859ea088", "Title": "kernel: riscv: Sanitize syscall table indexing under speculation", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Sanitize syscall table indexing under speculation\n\nThe syscall number is a user-controlled value used to index into the\nsyscall table. Use array_index_nospec() to clamp this value after the\nbounds check to prevent speculative out-of-bounds access and subsequent\ndata leakage via cache side channels.", "Severity": "MEDIUM", "CweIDs": [ "CWE-129" ], "VendorSeverity": { "nvd": 3, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71203", "https://git.kernel.org/linus/25fd7ee7bf58ac3ec7be3c9f82ceff153451946c (6.19-rc5)", "https://git.kernel.org/stable/c/25fd7ee7bf58ac3ec7be3c9f82ceff153451946c", "https://git.kernel.org/stable/c/33743ec6679aa364ee19d1afbaa50593e9e6e443", "https://git.kernel.org/stable/c/8b44e753795107a22ba31495686e83f4aca48f36", "https://git.kernel.org/stable/c/c45848936ebdb4fcab92f8c39510db83c16d0239", "https://linux.oracle.com/cve/CVE-2025-71203.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026021423-CVE-2025-71203-a81c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71203", "https://www.cve.org/CVERecord?id=CVE-2025-71203" ], "PublishedDate": "2026-02-14T17:15:54.11Z", "LastModifiedDate": "2026-03-25T11:16:15.093Z" }, { "VulnerabilityID": "CVE-2025-71204", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71204", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0141a793ea0c150f5245d081bb3067075bd80ac4e47de3dbbf4adc4c6b66c1fc", "Title": "kernel: smb/server: fix refcount leak in parse_durable_handle_context()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb/server: fix refcount leak in parse_durable_handle_context()\n\nWhen the command is a replay operation and -ENOEXEC is returned,\nthe refcount of ksmbd_file must be released.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71204", "https://git.kernel.org/linus/3296c3012a9d9a27e81e34910384e55a6ff3cff0 (6.19-rc4)", "https://git.kernel.org/stable/c/07df5ff4f6490a5c96715b7c562e0b2908422e04", "https://git.kernel.org/stable/c/3296c3012a9d9a27e81e34910384e55a6ff3cff0", "https://git.kernel.org/stable/c/70dd3513ed6ac8c6cab23f72c5b19f44ca89de9d", "https://git.kernel.org/stable/c/8a15107c4c031fb19737bf2eb4000f847f1d5e4c", "https://linux.oracle.com/cve/CVE-2025-71204.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026021425-CVE-2025-71204-88b2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71204", "https://www.cve.org/CVERecord?id=CVE-2025-71204" ], "PublishedDate": "2026-02-14T17:15:54.237Z", "LastModifiedDate": "2026-03-18T17:12:03.873Z" }, { "VulnerabilityID": "CVE-2025-71220", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71220", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1d50931091844bb39bf033c707e1f5ea8cd9882e6df615ad5dd80c1dc0d41944", "Title": "kernel: smb/server: call ksmbd_session_rpc_close() on error path in create_smb2_pipe()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb/server: call ksmbd_session_rpc_close() on error path in create_smb2_pipe()\n\nWhen ksmbd_iov_pin_rsp() fails, we should call ksmbd_session_rpc_close().", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 3, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71220", "https://git.kernel.org/linus/7c28f8eef5ac5312794d8a52918076dcd787e53b (6.19-rc4)", "https://git.kernel.org/stable/c/04dd114b682a4ccaeba2c2bad049c8b50ce740d8", "https://git.kernel.org/stable/c/2b7b4df87fe6f2db6ee45f475de6b37b8b8e5d29", "https://git.kernel.org/stable/c/7c28f8eef5ac5312794d8a52918076dcd787e53b", "https://git.kernel.org/stable/c/a2c68e256fb7a4ac34154c6e865a1389acca839f", "https://git.kernel.org/stable/c/ac18761b530b5dd40f59af8a25902282e5512854", "https://git.kernel.org/stable/c/fdda836fcee6fdbcccc24e3679097efb583f581f", "https://linux.oracle.com/cve/CVE-2025-71220.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026021425-CVE-2025-71220-162f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71220", "https://www.cve.org/CVERecord?id=CVE-2025-71220" ], "PublishedDate": "2026-02-14T17:15:54.343Z", "LastModifiedDate": "2026-03-19T18:06:27.14Z" }, { "VulnerabilityID": "CVE-2025-71221", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71221", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:fea05a1191676e31dab07247fd47f9285e5b973bdeda055f6eb6985964956352", "Title": "kernel: dmaengine: mmp_pdma: Fix race condition in mmp_pdma_residue()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: mmp_pdma: Fix race condition in mmp_pdma_residue()\n\nAdd proper locking in mmp_pdma_residue() to prevent use-after-free when\naccessing descriptor list and descriptor contents.\n\nThe race occurs when multiple threads call tx_status() while the tasklet\non another CPU is freeing completed descriptors:\n\nCPU 0 CPU 1\n----- -----\nmmp_pdma_tx_status()\nmmp_pdma_residue()\n -\u003e NO LOCK held\n list_for_each_entry(sw, ..)\n DMA interrupt\n dma_do_tasklet()\n -\u003e spin_lock(\u0026desc_lock)\n list_move(sw-\u003enode, ...)\n spin_unlock(\u0026desc_lock)\n | dma_pool_free(sw) \u003c- FREED!\n -\u003e access sw-\u003edesc \u003c- UAF!\n\nThis issue can be reproduced when running dmatest on the same channel with\nmultiple threads (threads_per_chan \u003e 1).\n\nFix by protecting the chain_running list iteration and descriptor access\nwith the chan-\u003edesc_lock spinlock.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71221", "https://git.kernel.org/linus/a143545855bc2c6e1330f6f57ae375ac44af00a7 (6.19-rc6)", "https://git.kernel.org/stable/c/9f665b3c3d9a168410251f27a5d019b7bf93185c", "https://git.kernel.org/stable/c/a143545855bc2c6e1330f6f57ae375ac44af00a7", "https://git.kernel.org/stable/c/dfb5e05227745de43b7fd589721817a4337c970d", "https://git.kernel.org/stable/c/eba0c75670c022cb1f948600db972524bcfe8166", "https://git.kernel.org/stable/c/fc023b8fab057f0c910856ff36d3e12a30b7af4a", "https://lore.kernel.org/linux-cve-announce/2026021426-CVE-2025-71221-2987@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71221", "https://www.cve.org/CVERecord?id=CVE-2025-71221" ], "PublishedDate": "2026-02-14T17:15:54.45Z", "LastModifiedDate": "2026-03-25T11:16:15.247Z" }, { "VulnerabilityID": "CVE-2025-71222", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71222", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6777d3e28185c761b395a6761399a4cad3b47df31d7b067dec4e728f4c1dcd30", "Title": "kernel: Linux kernel: Denial of Service in wlcore due to insufficient skb headroom", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wlcore: ensure skb headroom before skb_push\n\nThis avoids occasional skb_under_panic Oops from wl1271_tx_work. In this case, headroom is\nless than needed (typically 110 - 94 = 16 bytes).", "Severity": "MEDIUM", "VendorSeverity": { "azure": 3, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71222", "https://git.kernel.org/linus/e75665dd096819b1184087ba5718bd93beafff51 (6.19-rc4)", "https://git.kernel.org/stable/c/689a7980e4788e13e766763d53569fb78dea2513", "https://git.kernel.org/stable/c/71de0b6e04bbee5575caf9a1e4d424e7dcc50018", "https://git.kernel.org/stable/c/745a0810dbc96a0471e5f5e627ba1e978c3116d4", "https://git.kernel.org/stable/c/88295a55fefe5414e64293638b6f7549646e58ed", "https://git.kernel.org/stable/c/b167312390fdd461c81ead516f2b0b44e83a9edb", "https://git.kernel.org/stable/c/cd89a4656c03f8db0c57350aaec69cd3cfaa3522", "https://git.kernel.org/stable/c/e75665dd096819b1184087ba5718bd93beafff51", "https://linux.oracle.com/cve/CVE-2025-71222.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026021426-CVE-2025-71222-1437@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71222", "https://www.cve.org/CVERecord?id=CVE-2025-71222" ], "PublishedDate": "2026-02-14T17:15:54.56Z", "LastModifiedDate": "2026-03-19T18:05:23.48Z" }, { "VulnerabilityID": "CVE-2025-71223", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71223", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:79da6f621ff3b2a1c81294d01bf2d0294a8140d9172a9ce469e50dd271dcbf07", "Title": "kernel: smb/server: fix refcount leak in smb2_open()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb/server: fix refcount leak in smb2_open()\n\nWhen ksmbd_vfs_getattr() fails, the reference count of ksmbd_file\nmust be released.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71223", "https://git.kernel.org/linus/f416c556997aa56ec4384c6b6efd6a0e6ac70aa7 (6.19-rc4)", "https://git.kernel.org/stable/c/2456fde2b137703328f1695f60c68fe488d17e36", "https://git.kernel.org/stable/c/39ca11ff158c98fb092176f06047628c54bcf7a1", "https://git.kernel.org/stable/c/4665e52bde3b1f8f442895ce7d88fa62a43e48c4", "https://git.kernel.org/stable/c/f416c556997aa56ec4384c6b6efd6a0e6ac70aa7", "https://linux.oracle.com/cve/CVE-2025-71223.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026021426-CVE-2025-71223-65b9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71223", "https://www.cve.org/CVERecord?id=CVE-2025-71223" ], "PublishedDate": "2026-02-14T17:15:54.67Z", "LastModifiedDate": "2026-03-18T17:11:48.833Z" }, { "VulnerabilityID": "CVE-2025-71224", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71224", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1ec3653990b6bd568d2bb937d67006a1ec88cd90902ca4448497144ad574cef8", "Title": "kernel: wifi: mac80211: ocb: skip rx_no_sta when interface is not joined", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: ocb: skip rx_no_sta when interface is not joined\n\nieee80211_ocb_rx_no_sta() assumes a valid channel context, which is only\npresent after JOIN_OCB.\n\nRX may run before JOIN_OCB is executed, in which case the OCB interface\nis not operational. Skip RX peer handling when the interface is not\njoined to avoid warnings in the RX path.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 3, "oracle-oval": 3, "photon": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71224", "https://git.kernel.org/linus/ff4071c60018a668249dc6a2df7d16330543540e (6.19-rc4)", "https://git.kernel.org/stable/c/536447521b3b9be1975c7f1db9054bdf2ab779cb", "https://git.kernel.org/stable/c/8fd1c63e016893b7f6c1cf799410da4eaa98c090", "https://git.kernel.org/stable/c/b04c75366a5471ae2dd7f4c33b7f1e2c08b9b32d", "https://git.kernel.org/stable/c/e0bd226804f8e0098711042c93d64f3b720b36c0", "https://git.kernel.org/stable/c/fcc768760df08337525cde28e8460e36f9855af8", "https://git.kernel.org/stable/c/ff4071c60018a668249dc6a2df7d16330543540e", "https://git.kernel.org/stable/c/ffe1e19c3b0e5b9eb9e04fad4bce7d1dc407fd77", "https://linux.oracle.com/cve/CVE-2025-71224.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026021427-CVE-2025-71224-318e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71224", "https://www.cve.org/CVERecord?id=CVE-2025-71224" ], "PublishedDate": "2026-02-14T17:15:54.773Z", "LastModifiedDate": "2026-02-18T17:52:22.253Z" }, { "VulnerabilityID": "CVE-2025-71225", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71225", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:56f28209bcf34e7af879cc73c445b50b32be45e3fd01074cfdb2579734f7b063", "Title": "kernel: md: suspend array while updating raid_disks via sysfs", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: suspend array while updating raid_disks via sysfs\n\nIn raid1_reshape(), freeze_array() is called before modifying the r1bio\nmemory pool (conf-\u003er1bio_pool) and conf-\u003eraid_disks, and\nunfreeze_array() is called after the update is completed.\n\nHowever, freeze_array() only waits until nr_sync_pending and\n(nr_pending - nr_queued) of all buckets reaches zero. When an I/O error\noccurs, nr_queued is increased and the corresponding r1bio is queued to\neither retry_list or bio_end_io_list. As a result, freeze_array() may\nunblock before these r1bios are released.\n\nThis can lead to a situation where conf-\u003eraid_disks and the mempool have\nalready been updated while queued r1bios, allocated with the old\nraid_disks value, are later released. Consequently, free_r1bio() may\naccess memory out of bounds in put_all_bios() and release r1bios of the\nwrong size to the new mempool, potentially causing issues with the\nmempool as well.\n\nSince only normal I/O might increase nr_queued while an I/O error occurs,\nsuspending the array avoids this issue.\n\nNote: Updating raid_disks via ioctl SET_ARRAY_INFO already suspends\nthe array. Therefore, we suspend the array when updating raid_disks\nvia sysfs to avoid this issue too.", "Severity": "MEDIUM", "CweIDs": [ "CWE-367" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71225", "https://git.kernel.org/linus/2cc583653bbe050bacd1cadcc9776d39bf449740 (6.19-rc4)", "https://git.kernel.org/stable/c/0107b18cd8ac17eb3e54786adc05a85cdbb6ef22", "https://git.kernel.org/stable/c/165d1359f945b72c5f90088f60d48ff46115269e", "https://git.kernel.org/stable/c/2cc583653bbe050bacd1cadcc9776d39bf449740", "https://linux.oracle.com/cve/CVE-2025-71225.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026021859-CVE-2025-71225-44de@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71225", "https://www.cve.org/CVERecord?id=CVE-2025-71225" ], "PublishedDate": "2026-02-18T15:18:40.33Z", "LastModifiedDate": "2026-03-18T20:44:55.71Z" }, { "VulnerabilityID": "CVE-2025-71227", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71227", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ef235e2c2749bc6d66862e6b38f02f412315eacb3ef545fe6947880df29f7a33", "Title": "kernel: wifi: mac80211: don't WARN for connections on invalid channels", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: don't WARN for connections on invalid channels\n\nIt's not clear (to me) how exactly syzbot managed to hit this,\nbut it seems conceivable that e.g. regulatory changed and has\ndisabled a channel between scanning (channel is checked to be\nusable by cfg80211_get_ies_channel_number) and connecting on\nthe channel later.\n\nWith one scenario that isn't covered elsewhere described above,\nthe warning isn't good, replace it with a (more informative)\nerror message.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71227", "https://git.kernel.org/linus/99067b58a408a384d2a45c105eb3dce980a862ce (6.19-rc4)", "https://git.kernel.org/stable/c/10d3ff7e5812c8d70300f6fa8f524009a06aa7e1", "https://git.kernel.org/stable/c/99067b58a408a384d2a45c105eb3dce980a862ce", "https://lore.kernel.org/linux-cve-announce/2026021859-CVE-2025-71227-949c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71227", "https://www.cve.org/CVERecord?id=CVE-2025-71227" ], "PublishedDate": "2026-02-18T15:18:40.563Z", "LastModifiedDate": "2026-03-18T20:40:39.997Z" }, { "VulnerabilityID": "CVE-2025-71229", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71229", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e1ebb1bc44cf1087b478e72df50ce8c38a5bade69696524403a930915a5126b3", "Title": "kernel: wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: Fix alignment fault in rtw_core_enable_beacon()\n\nrtw_core_enable_beacon() reads 4 bytes from an address that is not a\nmultiple of 4. This results in a crash on some systems.\n\nDo 1 byte reads/writes instead.\n\nUnable to handle kernel paging request at virtual address ffff8000827e0522\nMem abort info:\n ESR = 0x0000000096000021\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x21: alignment fault\nData abort info:\n ISV = 0, ISS = 0x00000021, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\nswapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000005492000\n[ffff8000827e0522] pgd=0000000000000000, p4d=10000001021d9403, pud=10000001021da403, pmd=100000011061c403, pte=00780000f3200f13\nInternal error: Oops: 0000000096000021 [#1] SMP\nModules linked in: [...] rtw88_8822ce rtw88_8822c rtw88_pci rtw88_core [...]\nCPU: 0 UID: 0 PID: 73 Comm: kworker/u32:2 Tainted: G W 6.17.9 #1-NixOS VOLUNTARY\nTainted: [W]=WARN\nHardware name: FriendlyElec NanoPC-T6 LTS (DT)\nWorkqueue: phy0 rtw_c2h_work [rtw88_core]\npstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : rtw_pci_read32+0x18/0x40 [rtw88_pci]\nlr : rtw_core_enable_beacon+0xe0/0x148 [rtw88_core]\nsp : ffff800080cc3ca0\nx29: ffff800080cc3ca0 x28: ffff0001031fc240 x27: ffff000102100828\nx26: ffffd2cb7c9b4088 x25: ffff0001031fc2c0 x24: ffff000112fdef00\nx23: ffff000112fdef18 x22: ffff000111c29970 x21: 0000000000000001\nx20: 0000000000000001 x19: ffff000111c22040 x18: 0000000000000000\nx17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\nx14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\nx11: 0000000000000000 x10: 0000000000000000 x9 : ffffd2cb6507c090\nx8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000\nx2 : 0000000000007f10 x1 : 0000000000000522 x0 : ffff8000827e0522\nCall trace:\n rtw_pci_read32+0x18/0x40 [rtw88_pci] (P)\n rtw_hw_scan_chan_switch+0x124/0x1a8 [rtw88_core]\n rtw_fw_c2h_cmd_handle+0x254/0x290 [rtw88_core]\n rtw_c2h_work+0x50/0x98 [rtw88_core]\n process_one_work+0x178/0x3f8\n worker_thread+0x208/0x418\n kthread+0x120/0x220\n ret_from_fork+0x10/0x20\nCode: d28fe202 8b020000 f9524400 8b214000 (b9400000)\n---[ end trace 0000000000000000 ]---", "Severity": "MEDIUM", "VendorSeverity": { "azure": 3, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71229", "https://git.kernel.org/stable/c/0177aa828d966117ea30a44f2e1890fdb356118e", "https://git.kernel.org/stable/c/13394550441557115bb74f6de9778c165755a7ab", "https://git.kernel.org/stable/c/653f8b6a091538b084715f259900f62c2ec1c6cf", "https://git.kernel.org/stable/c/71dee092903adb496fe1f357b267d94087b679e0", "https://git.kernel.org/stable/c/7d31dde1bd8678115329e46dc8d7afb63c176b74", "https://linux.oracle.com/cve/CVE-2025-71229.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026021802-CVE-2025-71229-81bd@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71229", "https://www.cve.org/CVERecord?id=CVE-2025-71229" ], "PublishedDate": "2026-02-18T16:22:29.627Z", "LastModifiedDate": "2026-03-18T17:27:35.4Z" }, { "VulnerabilityID": "CVE-2025-71232", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71232", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ee6aebd792964e28ba74da74a1dfe436638c839f979881baf98ccc172331d4a5", "Title": "kernel: scsi: qla2xxx: Free sp in error path to fix system crash", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Free sp in error path to fix system crash\n\nSystem crash seen during load/unload test in a loop,\n\n[61110.449331] qla2xxx [0000:27:00.0]-0042:0: Disabled MSI-X.\n[61110.467494] =============================================================================\n[61110.467498] BUG qla2xxx_srbs (Tainted: G OE -------- --- ): Objects remaining in qla2xxx_srbs on __kmem_cache_shutdown()\n[61110.467501] -----------------------------------------------------------------------------\n\n[61110.467502] Slab 0x000000000ffc8162 objects=51 used=1 fp=0x00000000e25d3d85 flags=0x57ffffc0010200(slab|head|node=1|zone=2|lastcpupid=0x1fffff)\n[61110.467509] CPU: 53 PID: 455206 Comm: rmmod Kdump: loaded Tainted: G OE -------- --- 5.14.0-284.11.1.el9_2.x86_64 #1\n[61110.467513] Hardware name: HPE ProLiant DL385 Gen10 Plus v2/ProLiant DL385 Gen10 Plus v2, BIOS A42 08/17/2023\n[61110.467515] Call Trace:\n[61110.467516] \u003cTASK\u003e\n[61110.467519] dump_stack_lvl+0x34/0x48\n[61110.467526] slab_err.cold+0x53/0x67\n[61110.467534] __kmem_cache_shutdown+0x16e/0x320\n[61110.467540] kmem_cache_destroy+0x51/0x160\n[61110.467544] qla2x00_module_exit+0x93/0x99 [qla2xxx]\n[61110.467607] ? __do_sys_delete_module.constprop.0+0x178/0x280\n[61110.467613] ? syscall_trace_enter.constprop.0+0x145/0x1d0\n[61110.467616] ? do_syscall_64+0x5c/0x90\n[61110.467619] ? exc_page_fault+0x62/0x150\n[61110.467622] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[61110.467626] \u003c/TASK\u003e\n[61110.467627] Disabling lock debugging due to kernel taint\n[61110.467635] Object 0x0000000026f7e6e6 @offset=16000\n[61110.467639] ------------[ cut here ]------------\n[61110.467639] kmem_cache_destroy qla2xxx_srbs: Slab cache still has objects when called from qla2x00_module_exit+0x93/0x99 [qla2xxx]\n[61110.467659] WARNING: CPU: 53 PID: 455206 at mm/slab_common.c:520 kmem_cache_destroy+0x14d/0x160\n[61110.467718] CPU: 53 PID: 455206 Comm: rmmod Kdump: loaded Tainted: G B OE -------- --- 5.14.0-284.11.1.el9_2.x86_64 #1\n[61110.467720] Hardware name: HPE ProLiant DL385 Gen10 Plus v2/ProLiant DL385 Gen10 Plus v2, BIOS A42 08/17/2023\n[61110.467721] RIP: 0010:kmem_cache_destroy+0x14d/0x160\n[61110.467724] Code: 99 7d 07 00 48 89 ef e8 e1 6a 07 00 eb b3 48 8b 55 60 48 8b 4c 24 20 48 c7 c6 70 fc 66 90 48 c7 c7 f8 ef a1 90 e8 e1 ed 7c 00 \u003c0f\u003e 0b eb 93 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 55 48 89\n[61110.467725] RSP: 0018:ffffa304e489fe80 EFLAGS: 00010282\n[61110.467727] RAX: 0000000000000000 RBX: ffffffffc0d9a860 RCX: 0000000000000027\n[61110.467729] RDX: ffff8fd5ff9598a8 RSI: 0000000000000001 RDI: ffff8fd5ff9598a0\n[61110.467730] RBP: ffff8fb6aaf78700 R08: 0000000000000000 R09: 0000000100d863b7\n[61110.467731] R10: ffffa304e489fd20 R11: ffffffff913bef48 R12: 0000000040002000\n[61110.467731] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n[61110.467733] FS: 00007f64c89fb740(0000) GS:ffff8fd5ff940000(0000) knlGS:0000000000000000\n[61110.467734] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[61110.467735] CR2: 00007f0f02bfe000 CR3: 00000020ad6dc005 CR4: 0000000000770ee0\n[61110.467736] PKRU: 55555554\n[61110.467737] Call Trace:\n[61110.467738] \u003cTASK\u003e\n[61110.467739] qla2x00_module_exit+0x93/0x99 [qla2xxx]\n[61110.467755] ? __do_sys_delete_module.constprop.0+0x178/0x280\n\nFree sp in the error path to fix the crash.", "Severity": "MEDIUM", "CweIDs": [ "CWE-772" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71232", "https://git.kernel.org/stable/c/05fcd590e5fbbb3e9e1b4fc6c23c98a1d38cf256", "https://git.kernel.org/stable/c/19ac050ef09a2f0a9d9787540f77bb45cf9033e8", "https://git.kernel.org/stable/c/7adbd2b7809066c75f0433e5e2a8e114b429f30f", "https://git.kernel.org/stable/c/8e7597b4efee6143439641bc6522f247d585e060", "https://git.kernel.org/stable/c/aed16d37696f494288a291b4b477484ed0be774b", "https://git.kernel.org/stable/c/b410ab8b9431d6d63d04caa1d69909fcc8b25eae", "https://git.kernel.org/stable/c/b74408de1f2264220979f0c6a5a9d5e50b5b534b", "https://git.kernel.org/stable/c/f04840512438ac025dea6e357d80a986b28bbe4c", "https://linux.oracle.com/cve/CVE-2025-71232.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026021805-CVE-2025-71232-8ee0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71232", "https://www.cve.org/CVERecord?id=CVE-2025-71232" ], "PublishedDate": "2026-02-18T16:22:29.97Z", "LastModifiedDate": "2026-03-18T17:17:03.19Z" }, { "VulnerabilityID": "CVE-2025-71233", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71233", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9f257440a24369e6ab3476c2ecff07bed26a2cd5b8ac15141ed875a2742c938c", "Title": "kernel: Linux kernel: Denial of Service via NULL pointer dereference in PCI endpoint configfs during asynchronous sub-group creation", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: Avoid creating sub-groups asynchronously\n\nThe asynchronous creation of sub-groups by a delayed work could lead to a\nNULL pointer dereference when the driver directory is removed before the\nwork completes.\n\nThe crash can be easily reproduced with the following commands:\n\n # cd /sys/kernel/config/pci_ep/functions/pci_epf_test\n # for i in {1..20}; do mkdir test \u0026\u0026 rmdir test; done\n\n BUG: kernel NULL pointer dereference, address: 0000000000000088\n ...\n Call Trace:\n configfs_register_group+0x3d/0x190\n pci_epf_cfs_work+0x41/0x110\n process_one_work+0x18f/0x350\n worker_thread+0x25a/0x3a0\n\nFix this issue by using configfs_add_default_group() API which does not\nhave the deadlock problem as configfs_register_group() and does not require\nthe delayed work handler.\n\n[mani: slightly reworded the description and added stable list]", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 3, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71233", "https://git.kernel.org/stable/c/24a253c3aa6d9a2cde46158ce9782e023bfbf32d", "https://git.kernel.org/stable/c/5f609b3bffd4207cf9f2c9b41e1978457a5a1ea9", "https://git.kernel.org/stable/c/73cee890adafa2c219bb865356e08e7f82423fe5", "https://git.kernel.org/stable/c/7c5c7d06bd1f86d2c3ebe62be903a4ba42db4d2c", "https://git.kernel.org/stable/c/8cb905eca73944089a0db01443c7628a9e87012d", "https://git.kernel.org/stable/c/d9af3cf58bb4c8d6dea4166011c780756b1138b5", "https://git.kernel.org/stable/c/fa9fb38f5fe9c80094c2138354d45cdc8d094d69", "https://linux.oracle.com/cve/CVE-2025-71233.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026021805-CVE-2025-71233-0c35@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71233", "https://www.cve.org/CVERecord?id=CVE-2025-71233" ], "PublishedDate": "2026-02-18T16:22:30.08Z", "LastModifiedDate": "2026-03-18T17:14:10.28Z" }, { "VulnerabilityID": "CVE-2025-71235", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71235", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ab9f32c0d7f2d612bf8d226e30648af36ac53cd72bd81eb1e77ab7a733ace87c", "Title": "kernel: scsi: qla2xxx: Delay module unload while fabric scan in progress", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Delay module unload while fabric scan in progress\n\nSystem crash seen during load/unload test in a loop.\n\n[105954.384919] RBP: ffff914589838dc0 R08: 0000000000000000 R09: 0000000000000086\n[105954.384920] R10: 000000000000000f R11: ffffa31240904be5 R12: ffff914605f868e0\n[105954.384921] R13: ffff914605f86910 R14: 0000000000008010 R15: 00000000ddb7c000\n[105954.384923] FS: 0000000000000000(0000) GS:ffff9163fec40000(0000) knlGS:0000000000000000\n[105954.384925] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[105954.384926] CR2: 000055d31ce1d6a0 CR3: 0000000119f5e001 CR4: 0000000000770ee0\n[105954.384928] PKRU: 55555554\n[105954.384929] Call Trace:\n[105954.384931] \u003cIRQ\u003e\n[105954.384934] qla24xx_sp_unmap+0x1f3/0x2a0 [qla2xxx]\n[105954.384962] ? qla_async_scan_sp_done+0x114/0x1f0 [qla2xxx]\n[105954.384980] ? qla24xx_els_ct_entry+0x4de/0x760 [qla2xxx]\n[105954.384999] ? __wake_up_common+0x80/0x190\n[105954.385004] ? qla24xx_process_response_queue+0xc2/0xaa0 [qla2xxx]\n[105954.385023] ? qla24xx_msix_rsp_q+0x44/0xb0 [qla2xxx]\n[105954.385040] ? __handle_irq_event_percpu+0x3d/0x190\n[105954.385044] ? handle_irq_event+0x58/0xb0\n[105954.385046] ? handle_edge_irq+0x93/0x240\n[105954.385050] ? __common_interrupt+0x41/0xa0\n[105954.385055] ? common_interrupt+0x3e/0xa0\n[105954.385060] ? asm_common_interrupt+0x22/0x40\n\nThe root cause of this was that there was a free (dma_free_attrs) in the\ninterrupt context. There was a device discovery/fabric scan in\nprogress. A module unload was issued which set the UNLOADING flag. As\npart of the discovery, after receiving an interrupt a work queue was\nscheduled (which involved a work to be queued). Since the UNLOADING\nflag is set, the work item was not allocated and the mapped memory had\nto be freed. The free occurred in interrupt context leading to system\ncrash. Delay the driver unload until the fabric scan is complete to\navoid the crash.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71235", "https://git.kernel.org/stable/c/528b2f1027edfb52af0171f0f4b227fb356dde05", "https://git.kernel.org/stable/c/7062eb0c488f35730334daad9495d9265c574853", "https://git.kernel.org/stable/c/8890bf450e0b6b283f48ac619fca5ac2f14ddd62", "https://git.kernel.org/stable/c/891f9969a29e9767a453cef4811c8d2472ccab49", "https://git.kernel.org/stable/c/984dc1a51bf6fc3ca4e726abe790ec38952935d8", "https://git.kernel.org/stable/c/c068ebbaf52820d6bdefb9b405a1e426663c635a", "https://git.kernel.org/stable/c/d70f71d4c92bcb8b6a21ac62d4ea3e87721f4f32", "https://git.kernel.org/stable/c/d8af012f92eee021c6ebb7093e65813c926c336b", "https://linux.oracle.com/cve/CVE-2025-71235.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026021805-CVE-2025-71235-b233@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71235", "https://www.cve.org/CVERecord?id=CVE-2025-71235" ], "PublishedDate": "2026-02-18T16:22:30.293Z", "LastModifiedDate": "2026-03-18T17:07:43.897Z" }, { "VulnerabilityID": "CVE-2025-71236", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71236", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:cec2f99e6c0c50cc52fe34ec2f5ef0022e49c22efa811aaa3014254c3216951b", "Title": "kernel: Linux kernel qla2xxx driver: Denial of Service via NULL pointer dereference during fabric async scan cleanup", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Validate sp before freeing associated memory\n\nSystem crash with the following signature\n[154563.214890] nvme nvme2: NVME-FC{1}: controller connect complete\n[154564.169363] qla2xxx [0000:b0:00.1]-3002:2: nvme: Sched: Set ZIO exchange threshold to 3.\n[154564.169405] qla2xxx [0000:b0:00.1]-ffffff:2: SET ZIO Activity exchange threshold to 5.\n[154565.539974] qla2xxx [0000:b0:00.1]-5013:2: RSCN database changed – 0078 0080 0000.\n[154565.545744] qla2xxx [0000:b0:00.1]-5013:2: RSCN database changed – 0078 00a0 0000.\n[154565.545857] qla2xxx [0000:b0:00.1]-11a2:2: FEC=enabled (data rate).\n[154565.552760] qla2xxx [0000:b0:00.1]-11a2:2: FEC=enabled (data rate).\n[154565.553079] BUG: kernel NULL pointer dereference, address: 00000000000000f8\n[154565.553080] #PF: supervisor read access in kernel mode\n[154565.553082] #PF: error_code(0x0000) - not-present page\n[154565.553084] PGD 80000010488ab067 P4D 80000010488ab067 PUD 104978a067 PMD 0\n[154565.553089] Oops: 0000 1 PREEMPT SMP PTI\n[154565.553092] CPU: 10 PID: 858 Comm: qla2xxx_2_dpc Kdump: loaded Tainted: G OE ------- --- 5.14.0-503.11.1.el9_5.x86_64 #1\n[154565.553096] Hardware name: HPE Synergy 660 Gen10/Synergy 660 Gen10 Compute Module, BIOS I43 09/30/2024\n[154565.553097] RIP: 0010:qla_fab_async_scan.part.0+0x40b/0x870 [qla2xxx]\n[154565.553141] Code: 00 00 e8 58 a3 ec d4 49 89 e9 ba 12 20 00 00 4c 89 e6 49 c7 c0 00 ee a8 c0 48 c7 c1 66 c0 a9 c0 bf 00 80 00 10 e8 15 69 00 00 \u003c4c\u003e 8b 8d f8 00 00 00 4d 85 c9 74 35 49 8b 84 24 00 19 00 00 48 8b\n[154565.553143] RSP: 0018:ffffb4dbc8aebdd0 EFLAGS: 00010286\n[154565.553145] RAX: 0000000000000000 RBX: ffff8ec2cf0908d0 RCX: 0000000000000002\n[154565.553147] RDX: 0000000000000000 RSI: ffffffffc0a9c896 RDI: ffffb4dbc8aebd47\n[154565.553148] RBP: 0000000000000000 R08: ffffb4dbc8aebd45 R09: 0000000000ffff0a\n[154565.553150] R10: 0000000000000000 R11: 000000000000000f R12: ffff8ec2cf0908d0\n[154565.553151] R13: ffff8ec2cf090900 R14: 0000000000000102 R15: ffff8ec2cf084000\n[154565.553152] FS: 0000000000000000(0000) GS:ffff8ed27f800000(0000) knlGS:0000000000000000\n[154565.553154] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[154565.553155] CR2: 00000000000000f8 CR3: 000000113ae0a005 CR4: 00000000007706f0\n[154565.553157] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[154565.553158] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[154565.553159] PKRU: 55555554\n[154565.553160] Call Trace:\n[154565.553162] \u003cTASK\u003e\n[154565.553165] ? show_trace_log_lvl+0x1c4/0x2df\n[154565.553172] ? show_trace_log_lvl+0x1c4/0x2df\n[154565.553177] ? qla_fab_async_scan.part.0+0x40b/0x870 [qla2xxx]\n[154565.553215] ? __die_body.cold+0x8/0xd\n[154565.553218] ? page_fault_oops+0x134/0x170\n[154565.553223] ? snprintf+0x49/0x70\n[154565.553229] ? exc_page_fault+0x62/0x150\n[154565.553238] ? asm_exc_page_fault+0x22/0x30\n\nCheck for sp being non NULL before freeing any associated memory", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71236", "https://git.kernel.org/stable/c/044131fce27749cb6ea986baf861fbe63c6d8a17", "https://git.kernel.org/stable/c/1a9585e4c58d1f1662b3ca46110ed4f583082ce5", "https://git.kernel.org/stable/c/40ae93668226b610edb952c6036f607a61750b57", "https://git.kernel.org/stable/c/85c0890fea6baeba9c4ae6ae090182cbb1a93fb2", "https://git.kernel.org/stable/c/944378ead9a48d5d50e9e3cc85e4cdb911c37ca1", "https://git.kernel.org/stable/c/949010291bb941d53733ed08a33454254d9afb1b", "https://git.kernel.org/stable/c/a46f81c1e627437de436e517f5fd4b725c15a1e6", "https://git.kernel.org/stable/c/b6df15aec8c3441357d4da0eaf4339eb20f5999f", "https://linux.oracle.com/cve/CVE-2025-71236.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026021806-CVE-2025-71236-26df@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71236", "https://www.cve.org/CVERecord?id=CVE-2025-71236" ], "PublishedDate": "2026-02-18T16:22:30.407Z", "LastModifiedDate": "2026-03-18T14:59:39.58Z" }, { "VulnerabilityID": "CVE-2025-71237", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71237", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d75309b827048edf8a161b466e17da3d6b87692989e54fb3e0bca9f6ff8968ca", "Title": "kernel: nilfs2: Fix potential block overflow that cause system hang", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: Fix potential block overflow that cause system hang\n\nWhen a user executes the FITRIM command, an underflow can occur when\ncalculating nblocks if end_block is too small. Since nblocks is of\ntype sector_t, which is u64, a negative nblocks value will become a\nvery large positive integer. This ultimately leads to the block layer\nfunction __blkdev_issue_discard() taking an excessively long time to\nprocess the bio chain, and the ns_segctor_sem lock remains held for a\nlong period. This prevents other tasks from acquiring the ns_segctor_sem\nlock, resulting in the hang reported by syzbot in [1].\n\nIf the ending block is too small, typically if it is smaller than 4KiB\nrange, depending on the usage of the segment 0, it may be possible to\nattempt a discard request beyond the device size causing the hang.\n\nExiting successfully and assign the discarded size (0 in this case)\nto range-\u003elen.\n\nAlthough the start and len values in the user input range are too small,\na conservative strategy is adopted here to safely ignore them, which is\nequivalent to a no-op; it will not perform any trimming and will not\nthrow an error.\n\n[1]\ntask:segctord state:D stack:28968 pid:6093 tgid:6093 ppid:2 task_flags:0x200040 flags:0x00080000\nCall Trace:\n rwbase_write_lock+0x3dd/0x750 kernel/locking/rwbase_rt.c:272\n nilfs_transaction_lock+0x253/0x4c0 fs/nilfs2/segment.c:357\n nilfs_segctor_thread_construct fs/nilfs2/segment.c:2569 [inline]\n nilfs_segctor_thread+0x6ec/0xe00 fs/nilfs2/segment.c:2684\n\n[ryusuke: corrected part of the commit message about the consequences]", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71237", "https://git.kernel.org/stable/c/2438982f635e6cc2009be68ba2efb2998727d8d4", "https://git.kernel.org/stable/c/4aa45f841413cca81882602b4042c53502f34cad", "https://git.kernel.org/stable/c/6457d3ee41a4c15082ac49c5aa7fb933b4a043f3", "https://git.kernel.org/stable/c/b8c5ee234bd54f1447c846101fdaef2cf70c2149", "https://git.kernel.org/stable/c/ba18e5f22f26aa4ef78bc3e81f639d1d4f3845e6", "https://git.kernel.org/stable/c/df1e20796c9f3d541cca47fb72e4369ea135642d", "https://git.kernel.org/stable/c/ea2278657ad0d62596589fbe2caf995e189e65e7", "https://git.kernel.org/stable/c/ed527ef0c264e4bed6c7b2a158ddf516b17f5f66", "https://linux.oracle.com/cve/CVE-2025-71237.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026021806-CVE-2025-71237-545a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71237", "https://www.cve.org/CVERecord?id=CVE-2025-71237" ], "PublishedDate": "2026-02-18T16:22:30.517Z", "LastModifiedDate": "2026-03-18T14:58:45.933Z" }, { "VulnerabilityID": "CVE-2025-71238", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71238", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9a60cd06a7973b895cf05a1c8500cf83fd5ec559e1bd23b90cb098d32b9b752b", "Title": "kernel: Linux kernel (qla2xxx): Double free vulnerability leads to denial of service and potential privilege escalation.", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix bsg_done() causing double free\n\nKernel panic observed on system,\n\n[5353358.825191] BUG: unable to handle page fault for address: ff5f5e897b024000\n[5353358.825194] #PF: supervisor write access in kernel mode\n[5353358.825195] #PF: error_code(0x0002) - not-present page\n[5353358.825196] PGD 100006067 P4D 0\n[5353358.825198] Oops: 0002 [#1] PREEMPT SMP NOPTI\n[5353358.825200] CPU: 5 PID: 2132085 Comm: qlafwupdate.sub Kdump: loaded Tainted: G W L ------- --- 5.14.0-503.34.1.el9_5.x86_64 #1\n[5353358.825203] Hardware name: HPE ProLiant DL360 Gen11/ProLiant DL360 Gen11, BIOS 2.44 01/17/2025\n[5353358.825204] RIP: 0010:memcpy_erms+0x6/0x10\n[5353358.825211] RSP: 0018:ff591da8f4f6b710 EFLAGS: 00010246\n[5353358.825212] RAX: ff5f5e897b024000 RBX: 0000000000007090 RCX: 0000000000001000\n[5353358.825213] RDX: 0000000000001000 RSI: ff591da8f4fed090 RDI: ff5f5e897b024000\n[5353358.825214] RBP: 0000000000010000 R08: ff5f5e897b024000 R09: 0000000000000000\n[5353358.825215] R10: ff46cf8c40517000 R11: 0000000000000001 R12: 0000000000008090\n[5353358.825216] R13: ff591da8f4f6b720 R14: 0000000000001000 R15: 0000000000000000\n[5353358.825218] FS: 00007f1e88d47740(0000) GS:ff46cf935f940000(0000) knlGS:0000000000000000\n[5353358.825219] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[5353358.825220] CR2: ff5f5e897b024000 CR3: 0000000231532004 CR4: 0000000000771ef0\n[5353358.825221] PKRU: 55555554\n[5353358.825222] Call Trace:\n[5353358.825223] \u003cTASK\u003e\n[5353358.825224] ? show_trace_log_lvl+0x1c4/0x2df\n[5353358.825229] ? show_trace_log_lvl+0x1c4/0x2df\n[5353358.825232] ? sg_copy_buffer+0xc8/0x110\n[5353358.825236] ? __die_body.cold+0x8/0xd\n[5353358.825238] ? page_fault_oops+0x134/0x170\n[5353358.825242] ? kernelmode_fixup_or_oops+0x84/0x110\n[5353358.825244] ? exc_page_fault+0xa8/0x150\n[5353358.825247] ? asm_exc_page_fault+0x22/0x30\n[5353358.825252] ? memcpy_erms+0x6/0x10\n[5353358.825253] sg_copy_buffer+0xc8/0x110\n[5353358.825259] qla2x00_process_vendor_specific+0x652/0x1320 [qla2xxx]\n[5353358.825317] qla24xx_bsg_request+0x1b2/0x2d0 [qla2xxx]\n\nMost routines in qla_bsg.c call bsg_done() only for success cases.\nHowever a few invoke it for failure case as well leading to a double\nfree. Validate before calling bsg_done().", "Severity": "MEDIUM", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "V3Score": 7.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:6053", "https://access.redhat.com/security/cve/CVE-2025-71238", "https://bugzilla.redhat.com/2444376", "https://bugzilla.redhat.com/2444398", "https://errata.almalinux.org/10/ALSA-2026-6053.html", "https://git.kernel.org/linus/c2c68225b1456f4d0d393b5a8778d51bb0d5b1d0 (7.0-rc1)", "https://git.kernel.org/stable/c/057a5bdc481e58ab853117254867ffb22caf9f6e", "https://git.kernel.org/stable/c/27ac9679c43a09e54e2d9aae9980ada045b428e0", "https://git.kernel.org/stable/c/31f33b856d2324d86bcaef295f4d210477a1c018", "https://git.kernel.org/stable/c/708003e1bc857dd014d4c44278d7d77c26f91b1c", "https://git.kernel.org/stable/c/74e7458537cd9349cf019862e51491f670871707", "https://git.kernel.org/stable/c/871f6236da96c4a9712b8a29d7f555f767a47e95", "https://git.kernel.org/stable/c/c2c68225b1456f4d0d393b5a8778d51bb0d5b1d0", "https://git.kernel.org/stable/c/f2bbb4db0e4a4fbd5e649c0b5d8733f61da24720", "https://linux.oracle.com/cve/CVE-2025-71238.html", "https://linux.oracle.com/errata/ELSA-2026-6053.html", "https://lore.kernel.org/linux-cve-announce/2026030437-CVE-2025-71238-76bc@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71238", "https://www.cve.org/CVERecord?id=CVE-2025-71238" ], "PublishedDate": "2026-03-04T15:16:12.7Z", "LastModifiedDate": "2026-03-17T21:21:58.76Z" }, { "VulnerabilityID": "CVE-2025-71239", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71239", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3c6f4a308f5b0070a5be212c7e3c8ff193176e8c426bc6034e6b502633311b74", "Title": "kernel: audit: add fchmodat2() to change attributes class", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\naudit: add fchmodat2() to change attributes class\n\nfchmodat2(), introduced in version 6.6 is currently not in the change\nattribute class of audit. Calling fchmodat2() to change a file\nattribute in the same fashion than chmod() or fchmodat() will bypass\naudit rules such as:\n\n-w /tmp/test -p rwa -k test_rwa\n\nThe current patch adds fchmodat2() to the change attributes class.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 5.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71239", "https://git.kernel.org/linus/4f493a6079b588cf1f04ce5ed6cdad45ab0d53dc (7.0-rc1)", "https://git.kernel.org/stable/c/3e762a03713e8c25ca0108c075d662c897fc0623", "https://git.kernel.org/stable/c/4f493a6079b588cf1f04ce5ed6cdad45ab0d53dc", "https://git.kernel.org/stable/c/4fed776ca86378da7dd743a7b648e20b025ba8ef", "https://git.kernel.org/stable/c/91e27bc79c3bca93c06bf5a471d47df9a35b3741", "https://git.kernel.org/stable/c/c4334c0d0e7d6f02ed93756fd4ba807e3d00c05f", "https://lore.kernel.org/linux-cve-announce/2026031708-CVE-2025-71239-47f6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71239", "https://www.bencteux.fr/posts/missing_syscalls_audit/", "https://www.cve.org/CVERecord?id=CVE-2025-71239" ], "PublishedDate": "2026-03-17T10:15:59.01Z", "LastModifiedDate": "2026-03-18T17:16:04.707Z" }, { "VulnerabilityID": "CVE-2025-71265", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71265", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e2fc04a0d127955c48cda6d07ca50682f882d7ffe53d8de738ff14d8eaab2c4d", "Title": "kernel: fs: ntfs3: fix infinite loop in attr_load_runs_range on inconsistent metadata", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: ntfs3: fix infinite loop in attr_load_runs_range on inconsistent metadata\n\nWe found an infinite loop bug in the ntfs3 file system that can lead to a\nDenial-of-Service (DoS) condition.\n\nA malformed NTFS image can cause an infinite loop when an attribute header\nindicates an empty run list, while directory entries reference it as\ncontaining actual data. In NTFS, setting evcn=-1 with svcn=0 is a valid way\nto represent an empty run list, and run_unpack() correctly handles this by\nchecking if evcn + 1 equals svcn and returning early without parsing any run\ndata. However, this creates a problem when there is metadata inconsistency,\nwhere the attribute header claims to be empty (evcn=-1) but the caller\nexpects to read actual data. When run_unpack() immediately returns success\nupon seeing this condition, it leaves the runs_tree uninitialized with\nrun-\u003eruns as a NULL. The calling function attr_load_runs_range() assumes\nthat a successful return means that the runs were loaded and sets clen to 0,\nexpecting the next run_lookup_entry() call to succeed. Because runs_tree\nremains uninitialized, run_lookup_entry() continues to fail, and the loop\nincrements vcn by zero (vcn += 0), leading to an infinite loop.\n\nThis patch adds a retry counter to detect when run_lookup_entry() fails\nconsecutively after attr_load_runs_vcn(). If the run is still not found on\nthe second attempt, it indicates corrupted metadata and returns -EINVAL,\npreventing the Denial-of-Service (DoS) vulnerability.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71265", "https://git.kernel.org/linus/4b90f16e4bb5607fb35e7802eb67874038da4640 (7.0-rc1)", "https://git.kernel.org/stable/c/3c3a6e951b9b53dab2ac460a655313cf04c4a10a", "https://git.kernel.org/stable/c/4b90f16e4bb5607fb35e7802eb67874038da4640", "https://git.kernel.org/stable/c/6f07a590616ff5f57f7c041d98e463fad9e9f763", "https://git.kernel.org/stable/c/78b61f7eac37a63284774b147f38dd0be6cad43c", "https://git.kernel.org/stable/c/a89bc96d5abd8a4a8d5d911884ea347efcdf460b", "https://git.kernel.org/stable/c/af839013c70a24779f9d1afb1575952009312d38", "https://git.kernel.org/stable/c/c0b43c45d45f59e7faad48675a50231a210c379b", "https://lore.kernel.org/linux-cve-announce/2026031813-CVE-2025-71265-00ce@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71265", "https://www.cve.org/CVERecord?id=CVE-2025-71265" ], "PublishedDate": "2026-03-18T11:16:15.373Z", "LastModifiedDate": "2026-03-18T14:52:44.227Z" }, { "VulnerabilityID": "CVE-2025-71266", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71266", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:259a8b480a29c22ab56470519551e9566969f4b3f26b72d71f421d6df24f8d1c", "Title": "kernel: fs: ntfs3: check return value of indx_find to avoid infinite loop", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: ntfs3: check return value of indx_find to avoid infinite loop\n\nWe found an infinite loop bug in the ntfs3 file system that can lead to a\nDenial-of-Service (DoS) condition.\n\nA malformed dentry in the ntfs3 filesystem can cause the kernel to hang\nduring the lookup operations. By setting the HAS_SUB_NODE flag in an\nINDEX_ENTRY within a directory's INDEX_ALLOCATION block and manipulating the\nVCN pointer, an attacker can cause the indx_find() function to repeatedly\nread the same block, allocating 4 KB of memory each time. The kernel lacks\nVCN loop detection and depth limits, causing memory exhaustion and an OOM\ncrash.\n\nThis patch adds a return value check for fnd_push() to prevent a memory\nexhaustion vulnerability caused by infinite loops. When the index exceeds the\nsize of the fnd-\u003enodes array, fnd_push() returns -EINVAL. The indx_find()\nfunction checks this return value and stops processing, preventing further\nmemory allocation.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71266", "https://git.kernel.org/linus/1732053c8a6b360e2d5afb1b34fe9779398b072c (7.0-rc1)", "https://git.kernel.org/stable/c/0ad7a1be44479503dbe5c699759861ef5b8bd70c", "https://git.kernel.org/stable/c/14c3188afbedfd5178bbabb8002487ea14b37b56", "https://git.kernel.org/stable/c/1732053c8a6b360e2d5afb1b34fe9779398b072c", "https://git.kernel.org/stable/c/398e768d1accd1f5645492ab996005d7aa84a5b0", "https://git.kernel.org/stable/c/435d34719db0e130f6f0c621d67ed524cc1a7d10", "https://git.kernel.org/stable/c/68e32694be231c1cdb99b7637a657314e88e1a96", "https://git.kernel.org/stable/c/b0ea441f44ce64fa514a415d4a9e6e2b06e7946c", "https://lore.kernel.org/linux-cve-announce/2026031816-CVE-2025-71266-d35d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71266", "https://www.cve.org/CVERecord?id=CVE-2025-71266" ], "PublishedDate": "2026-03-18T11:16:15.56Z", "LastModifiedDate": "2026-03-18T14:52:44.227Z" }, { "VulnerabilityID": "CVE-2025-71267", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71267", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9686a63e4deca1f2ce1680081af214111ec4a4bdb60d384eedcb192854be8694", "Title": "kernel: fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST\n\nWe found an infinite loop bug in the ntfs3 file system that can lead to a\nDenial-of-Service (DoS) condition.\n\nA malformed NTFS image can cause an infinite loop when an ATTR_LIST attribute\nindicates a zero data size while the driver allocates memory for it.\n\nWhen ntfs_load_attr_list() processes a resident ATTR_LIST with data_size set\nto zero, it still allocates memory because of al_aligned(0). This creates an\ninconsistent state where ni-\u003eattr_list.size is zero, but ni-\u003eattr_list.le is\nnon-null. This causes ni_enum_attr_ex to incorrectly assume that no attribute\nlist exists and enumerates only the primary MFT record. When it finds\nATTR_LIST, the code reloads it and restarts the enumeration, repeating\nindefinitely. The mount operation never completes, hanging the kernel thread.\n\nThis patch adds validation to ensure that data_size is non-zero before memory\nallocation. When a zero-sized ATTR_LIST is detected, the function returns\n-EINVAL, preventing a DoS vulnerability.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71267", "https://git.kernel.org/linus/06909b2549d631a47fcda249d34be26f7ca1711d (7.0-rc1)", "https://git.kernel.org/stable/c/06909b2549d631a47fcda249d34be26f7ca1711d", "https://git.kernel.org/stable/c/7ef219656febf5ae06ae56b1fce47ebd05f92b68", "https://git.kernel.org/stable/c/8d8c70b57dbeda3eb165c0940b97e85373ca9354", "https://git.kernel.org/stable/c/9267d99fade76d44d4a133599524031fe684156e", "https://git.kernel.org/stable/c/976e6a7c51fabf150478decbe8ef5d9a26039b7c", "https://git.kernel.org/stable/c/9779a6eaaabdf47aa57910d352b398ad742e6a5f", "https://git.kernel.org/stable/c/fd508939dbca5eceefb2d0c2564beb15469572f2", "https://lore.kernel.org/linux-cve-announce/2026031816-CVE-2025-71267-2a56@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71267", "https://www.cve.org/CVERecord?id=CVE-2025-71267" ], "PublishedDate": "2026-03-18T11:16:15.72Z", "LastModifiedDate": "2026-03-18T14:52:44.227Z" }, { "VulnerabilityID": "CVE-2025-71268", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71268", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e4ba7830413127751598f9ea3dffb0d2b1617d210b5e8ab8d80909fc9b643c0a", "Title": "kernel: btrfs: fix reservation leak in some error paths when inserting inline extent", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix reservation leak in some error paths when inserting inline extent\n\nIf we fail to allocate a path or join a transaction, we return from\n__cow_file_range_inline() without freeing the reserved qgroup data,\nresulting in a leak. Fix this by ensuring we call btrfs_qgroup_free_data()\nin such cases.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71268", "https://git.kernel.org/linus/c1c050f92d8f6aac4e17f7f2230160794fceef0c (6.19-rc5)", "https://git.kernel.org/stable/c/28768bd3abf9995a93f6e01bfce01c60622964dd", "https://git.kernel.org/stable/c/28b97fcbbf523779688e8de5fe55bf2dae3859f6", "https://git.kernel.org/stable/c/c1c050f92d8f6aac4e17f7f2230160794fceef0c", "https://git.kernel.org/stable/c/f3ee1732851aec6fe6b2cec2ef1b32d4e71d9913", "https://git.kernel.org/stable/c/f7156512c8166d385f574b9ec030479aa7b1e8c9", "https://lore.kernel.org/linux-cve-announce/2026031814-CVE-2025-71268-057a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71268", "https://www.cve.org/CVERecord?id=CVE-2025-71268" ], "PublishedDate": "2026-03-18T18:16:21.96Z", "LastModifiedDate": "2026-03-19T13:25:00.57Z" }, { "VulnerabilityID": "CVE-2025-71269", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71269", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2a74582bc54610a3dafc23a0f2cdaea3dd94af63aad67f790dd2c52092960d99", "Title": "kernel: btrfs: do not free data reservation in fallback from inline due to -ENOSPC", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not free data reservation in fallback from inline due to -ENOSPC\n\nIf we fail to create an inline extent due to -ENOSPC, we will attempt to\ngo through the normal COW path, reserve an extent, create an ordered\nextent, etc. However we were always freeing the reserved qgroup data,\nwhich is wrong since we will use data. Fix this by freeing the reserved\nqgroup data in __cow_file_range_inline() only if we are not doing the\nfallback (ret is \u003c= 0).", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71269", "https://git.kernel.org/linus/f8da41de0bff9eb1d774a7253da0c9f637c4470a (6.19-rc5)", "https://git.kernel.org/stable/c/6de3a371a8b9fd095198b1aa68c22cc10a4c6961", "https://git.kernel.org/stable/c/f8da41de0bff9eb1d774a7253da0c9f637c4470a", "https://lore.kernel.org/linux-cve-announce/2026031816-CVE-2025-71269-b47d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71269", "https://www.cve.org/CVERecord?id=CVE-2025-71269" ], "PublishedDate": "2026-03-18T18:16:22.11Z", "LastModifiedDate": "2026-03-19T13:25:00.57Z" }, { "VulnerabilityID": "CVE-2025-71270", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-71270", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2200906f72268bc6e96d3ec8381840b8c16a5cfabf36fd0d7e79512057f65dde", "Title": "kernel: LoongArch: Enable exception fixup for specific ADE subcode", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: Enable exception fixup for specific ADE subcode\n\nThis patch allows the LoongArch BPF JIT to handle recoverable memory\naccess errors generated by BPF_PROBE_MEM* instructions.\n\nWhen a BPF program performs memory access operations, the instructions\nit executes may trigger ADEM exceptions. The kernel’s built-in BPF\nexception table mechanism (EX_TYPE_BPF) will generate corresponding\nexception fixup entries in the JIT compilation phase; however, the\narchitecture-specific trap handling function needs to proactively call\nthe common fixup routine to achieve exception recovery.\n\ndo_ade(): fix EX_TYPE_BPF memory access exceptions for BPF programs,\nensure safe execution.\n\nRelevant test cases: illegal address access tests in module_attach and\nsubprogs_extable of selftests/bpf.", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-71270", "https://git.kernel.org/linus/9bdc1ab5e4ce6f066119018d8f69631a46f9c5a0 (6.19-rc4)", "https://git.kernel.org/stable/c/73ede654d9daa2ee41bdd17bc62946fc5a0258cb", "https://git.kernel.org/stable/c/9bdc1ab5e4ce6f066119018d8f69631a46f9c5a0", "https://git.kernel.org/stable/c/b9d9a221bd14ed4b01d113701976fa376762c544", "https://git.kernel.org/stable/c/c2ed4f71e9288f21d5c53ff790270758e60fa5f9", "https://git.kernel.org/stable/c/c49a28068363f3dca439aa5fe4d3b1f8159809fe", "https://lore.kernel.org/linux-cve-announce/2026031816-CVE-2025-71270-19ac@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-71270", "https://www.cve.org/CVERecord?id=CVE-2025-71270" ], "PublishedDate": "2026-03-18T18:16:22.23Z", "LastModifiedDate": "2026-03-19T17:16:21.52Z" }, { "VulnerabilityID": "CVE-2026-22976", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22976", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b432eceb75f203df1bb53531b98bec39873d2f052dba13d965ea889f5a72cc0f", "Title": "kernel: Linux kernel: Denial of Service in sch_qfq due to NULL pointer dereference", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset\n\n`qfq_class-\u003eleaf_qdisc-\u003eq.qlen \u003e 0` does not imply that the class\nitself is active.\n\nTwo qfq_class objects may point to the same leaf_qdisc. This happens\nwhen:\n\n1. one QFQ qdisc is attached to the dev as the root qdisc, and\n\n2. another QFQ qdisc is temporarily referenced (e.g., via qdisc_get()\n/ qdisc_put()) and is pending to be destroyed, as in function\ntc_new_tfilter.\n\nWhen packets are enqueued through the root QFQ qdisc, the shared\nleaf_qdisc-\u003eq.qlen increases. At the same time, the second QFQ\nqdisc triggers qdisc_put and qdisc_destroy: the qdisc enters\nqfq_reset() with its own q-\u003eq.qlen == 0, but its class's leaf\nqdisc-\u003eq.qlen \u003e 0. Therefore, the qfq_reset would wrongly deactivate\nan inactive aggregate and trigger a null-deref in qfq_deactivate_agg:\n\n[ 0.903172] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 0.903571] #PF: supervisor write access in kernel mode\n[ 0.903860] #PF: error_code(0x0002) - not-present page\n[ 0.904177] PGD 10299b067 P4D 10299b067 PUD 10299c067 PMD 0\n[ 0.904502] Oops: Oops: 0002 [#1] SMP NOPTI\n[ 0.904737] CPU: 0 UID: 0 PID: 135 Comm: exploit Not tainted 6.19.0-rc3+ #2 NONE\n[ 0.905157] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.17.0-0-gb52ca86e094d-prebuilt.qemu.org 04/01/2014\n[ 0.905754] RIP: 0010:qfq_deactivate_agg (include/linux/list.h:992 (discriminator 2) include/linux/list.h:1006 (discriminator 2) net/sched/sch_qfq.c:1367 (discriminator 2) net/sched/sch_qfq.c:1393 (discriminator 2))\n[ 0.906046] Code: 0f 84 4d 01 00 00 48 89 70 18 8b 4b 10 48 c7 c2 ff ff ff ff 48 8b 78 08 48 d3 e2 48 21 f2 48 2b 13 48 8b 30 48 d3 ea 8b 4b 18 0\n\nCode starting with the faulting instruction\n===========================================\n 0:\t0f 84 4d 01 00 00 \tje 0x153\n 6:\t48 89 70 18 \tmov %rsi,0x18(%rax)\n a:\t8b 4b 10 \tmov 0x10(%rbx),%ecx\n d:\t48 c7 c2 ff ff ff ff \tmov $0xffffffffffffffff,%rdx\n 14:\t48 8b 78 08 \tmov 0x8(%rax),%rdi\n 18:\t48 d3 e2 \tshl %cl,%rdx\n 1b:\t48 21 f2 \tand %rsi,%rdx\n 1e:\t48 2b 13 \tsub (%rbx),%rdx\n 21:\t48 8b 30 \tmov (%rax),%rsi\n 24:\t48 d3 ea \tshr %cl,%rdx\n 27:\t8b 4b 18 \tmov 0x18(%rbx),%ecx\n\t...\n[ 0.907095] RSP: 0018:ffffc900004a39a0 EFLAGS: 00010246\n[ 0.907368] RAX: ffff8881043a0880 RBX: ffff888102953340 RCX: 0000000000000000\n[ 0.907723] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n[ 0.908100] RBP: ffff888102952180 R08: 0000000000000000 R09: 0000000000000000\n[ 0.908451] R10: ffff8881043a0000 R11: 0000000000000000 R12: ffff888102952000\n[ 0.908804] R13: ffff888102952180 R14: ffff8881043a0ad8 R15: ffff8881043a0880\n[ 0.909179] FS: 000000002a1a0380(0000) GS:ffff888196d8d000(0000) knlGS:0000000000000000\n[ 0.909572] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 0.909857] CR2: 0000000000000000 CR3: 0000000102993002 CR4: 0000000000772ef0\n[ 0.910247] PKRU: 55555554\n[ 0.910391] Call Trace:\n[ 0.910527] \u003cTASK\u003e\n[ 0.910638] qfq_reset_qdisc (net/sched/sch_qfq.c:357 net/sched/sch_qfq.c:1485)\n[ 0.910826] qdisc_reset (include/linux/skbuff.h:2195 include/linux/skbuff.h:2501 include/linux/skbuff.h:3424 include/linux/skbuff.h:3430 net/sched/sch_generic.c:1036)\n[ 0.911040] __qdisc_destroy (net/sched/sch_generic.c:1076)\n[ 0.911236] tc_new_tfilter (net/sched/cls_api.c:2447)\n[ 0.911447] rtnetlink_rcv_msg (net/core/rtnetlink.c:6958)\n[ 0.911663] ? __pfx_rtnetlink_rcv_msg (net/core/rtnetlink.c:6861)\n[ 0.911894] netlink_rcv_skb (net/netlink/af_netlink.c:2550)\n[ 0.912100] netlink_unicast (net/netlink/af_netlink.c:1319 net/netlink/af_netlink.c:1344)\n[ 0.912296] ? __alloc_skb (net/core/skbuff.c:706)\n[ 0.912484] netlink_sendmsg (net/netlink/af\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-22976", "https://git.kernel.org/linus/c1d73b1480235731e35c81df70b08f4714a7d095 (6.19-rc5)", "https://git.kernel.org/stable/c/0809c4bc06c9c961222df29f2eccfd449304056f", "https://git.kernel.org/stable/c/11bf9134613f6c71fc0ff36c5d8d33856f6ae3bb", "https://git.kernel.org/stable/c/43497313d0da3e12b5cfcd97aa17bf48ee663f95", "https://git.kernel.org/stable/c/51ffd447bc37bf1a5776b85523f51d2bc69977f6", "https://git.kernel.org/stable/c/6116a83ec167d3ab1390cded854d237481f41b63", "https://git.kernel.org/stable/c/c1d73b1480235731e35c81df70b08f4714a7d095", "https://git.kernel.org/stable/c/cdb24200b043438a144df501f1ebbd926bb1a2c7", "https://linux.oracle.com/cve/CVE-2026-22976.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-22976", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2026-22976" ], "PublishedDate": "2026-01-21T07:16:01.433Z", "LastModifiedDate": "2026-02-26T20:02:36.82Z" }, { "VulnerabilityID": "CVE-2026-22977", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22977", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0ad4786dfa96e3e021298726e5a5168aedbb10956084cc89ac6dc0ef7b964e7f", "Title": "kernel: Kernel: Denial of Service in network socket error handling", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sock: fix hardened usercopy panic in sock_recv_errqueue\n\nskbuff_fclone_cache was created without defining a usercopy region,\n[1] unlike skbuff_head_cache which properly whitelists the cb[] field.\n[2] This causes a usercopy BUG() when CONFIG_HARDENED_USERCOPY is\nenabled and the kernel attempts to copy sk_buff.cb data to userspace\nvia sock_recv_errqueue() -\u003e put_cmsg().\n\nThe crash occurs when: 1. TCP allocates an skb using alloc_skb_fclone()\n (from skbuff_fclone_cache) [1]\n2. The skb is cloned via skb_clone() using the pre-allocated fclone\n[3] 3. The cloned skb is queued to sk_error_queue for timestamp\nreporting 4. Userspace reads the error queue via recvmsg(MSG_ERRQUEUE)\n5. sock_recv_errqueue() calls put_cmsg() to copy serr-\u003eee from skb-\u003ecb\n[4] 6. __check_heap_object() fails because skbuff_fclone_cache has no\n usercopy whitelist [5]\n\nWhen cloned skbs allocated from skbuff_fclone_cache are used in the\nsocket error queue, accessing the sock_exterr_skb structure in skb-\u003ecb\nvia put_cmsg() triggers a usercopy hardening violation:\n\n[ 5.379589] usercopy: Kernel memory exposure attempt detected from SLUB object 'skbuff_fclone_cache' (offset 296, size 16)!\n[ 5.382796] kernel BUG at mm/usercopy.c:102!\n[ 5.383923] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI\n[ 5.384903] CPU: 1 UID: 0 PID: 138 Comm: poc_put_cmsg Not tainted 6.12.57 #7\n[ 5.384903] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\n[ 5.384903] RIP: 0010:usercopy_abort+0x6c/0x80\n[ 5.384903] Code: 1a 86 51 48 c7 c2 40 15 1a 86 41 52 48 c7 c7 c0 15 1a 86 48 0f 45 d6 48 c7 c6 80 15 1a 86 48 89 c1 49 0f 45 f3 e8 84 27 88 ff \u003c0f\u003e 0b 490\n[ 5.384903] RSP: 0018:ffffc900006f77a8 EFLAGS: 00010246\n[ 5.384903] RAX: 000000000000006f RBX: ffff88800f0ad2a8 RCX: 1ffffffff0f72e74\n[ 5.384903] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff87b973a0\n[ 5.384903] RBP: 0000000000000010 R08: 0000000000000000 R09: fffffbfff0f72e74\n[ 5.384903] R10: 0000000000000003 R11: 79706f6372657375 R12: 0000000000000001\n[ 5.384903] R13: ffff88800f0ad2b8 R14: ffffea00003c2b40 R15: ffffea00003c2b00\n[ 5.384903] FS: 0000000011bc4380(0000) GS:ffff8880bf100000(0000) knlGS:0000000000000000\n[ 5.384903] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 5.384903] CR2: 000056aa3b8e5fe4 CR3: 000000000ea26004 CR4: 0000000000770ef0\n[ 5.384903] PKRU: 55555554\n[ 5.384903] Call Trace:\n[ 5.384903] \u003cTASK\u003e\n[ 5.384903] __check_heap_object+0x9a/0xd0\n[ 5.384903] __check_object_size+0x46c/0x690\n[ 5.384903] put_cmsg+0x129/0x5e0\n[ 5.384903] sock_recv_errqueue+0x22f/0x380\n[ 5.384903] tls_sw_recvmsg+0x7ed/0x1960\n[ 5.384903] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 5.384903] ? schedule+0x6d/0x270\n[ 5.384903] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 5.384903] ? mutex_unlock+0x81/0xd0\n[ 5.384903] ? __pfx_mutex_unlock+0x10/0x10\n[ 5.384903] ? __pfx_tls_sw_recvmsg+0x10/0x10\n[ 5.384903] ? _raw_spin_lock_irqsave+0x8f/0xf0\n[ 5.384903] ? _raw_read_unlock_irqrestore+0x20/0x40\n[ 5.384903] ? srso_alias_return_thunk+0x5/0xfbef5\n\nThe crash offset 296 corresponds to skb2-\u003ecb within skbuff_fclones:\n - sizeof(struct sk_buff) = 232 - offsetof(struct sk_buff, cb) = 40 -\n offset of skb2.cb in fclones = 232 + 40 = 272 - crash offset 296 =\n 272 + 24 (inside sock_exterr_skb.ee)\n\nThis patch uses a local stack variable as a bounce buffer to avoid the hardened usercopy check failure.\n\n[1] https://elixir.bootlin.com/linux/v6.12.62/source/net/ipv4/tcp.c#L885\n[2] https://elixir.bootlin.com/linux/v6.12.62/source/net/core/skbuff.c#L5104\n[3] https://elixir.bootlin.com/linux/v6.12.62/source/net/core/skbuff.c#L5566\n[4] https://elixir.bootlin.com/linux/v6.12.62/source/net/core/skbuff.c#L5491\n[5] https://elixir.bootlin.com/linux/v6.12.62/source/mm/slub.c#L5719", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-22977", "https://git.kernel.org/linus/2a71a1a8d0ed718b1c7a9ac61f07e5755c47ae20 (6.19-rc5)", "https://git.kernel.org/stable/c/005671c60fcf1dbdb8bddf12a62568fd5e4ec391", "https://git.kernel.org/stable/c/2a71a1a8d0ed718b1c7a9ac61f07e5755c47ae20", "https://git.kernel.org/stable/c/582a5e922a9652fcbb7d0165c95d5b20aa37575d", "https://git.kernel.org/stable/c/88dd6be7ebb3153b662c2cebcb06e032a92857f5", "https://git.kernel.org/stable/c/8c6901aa29626e35045130bac09b75f791acca85", "https://git.kernel.org/stable/c/c655d2167bf014d4c61b4faeca59b60ff9b9f6b1", "https://git.kernel.org/stable/c/e00b169eaac5f7cdbf710c354c8fa76d02009115", "https://linux.oracle.com/cve/CVE-2026-22977.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-22977", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2026-22977" ], "PublishedDate": "2026-01-21T14:16:06.853Z", "LastModifiedDate": "2026-02-26T20:02:55.91Z" }, { "VulnerabilityID": "CVE-2026-22978", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22978", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:14c1f7b21296a258dd16f72a4bfdfb2600ede473ea5ec4a30d1b15f49313d87f", "Title": "kernel: Linux kernel (wifi): Information disclosure via uninitialized data in struct iw_point", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: avoid kernel-infoleak from struct iw_point\n\nstruct iw_point has a 32bit hole on 64bit arches.\n\nstruct iw_point {\n void __user *pointer; /* Pointer to the data (in user space) */\n __u16 length; /* number of fields or size in bytes */\n __u16 flags; /* Optional params */\n};\n\nMake sure to zero the structure to avoid disclosing 32bits of kernel data\nto user space.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 1, "nvd": 1, "oracle-oval": 3, "photon": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "V3Score": 3.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-22978", "https://git.kernel.org/linus/21cbf883d073abbfe09e3924466aa5e0449e7261 (6.19-rc5)", "https://git.kernel.org/stable/c/024f71a57d563fbe162e528c8bf2d27e9cac7c7b", "https://git.kernel.org/stable/c/21cbf883d073abbfe09e3924466aa5e0449e7261", "https://git.kernel.org/stable/c/442ceac0393185e9982323f6682a52a53e8462b1", "https://git.kernel.org/stable/c/a3827e310b5a73535646ef4a552d53b3c8bf74f6", "https://git.kernel.org/stable/c/d21ec867d84c9f3a9845d7d8c90c9ce35dbe48f8", "https://git.kernel.org/stable/c/d943b5f592767b107ba8c12a902f17431350378c", "https://git.kernel.org/stable/c/e3c35177103ead4658b8a62f41e3080d45885464", "https://linux.oracle.com/cve/CVE-2026-22978.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026012347-CVE-2026-22978-4e34@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-22978", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2026-22978" ], "PublishedDate": "2026-01-23T16:15:53.783Z", "LastModifiedDate": "2026-02-26T20:17:16.28Z" }, { "VulnerabilityID": "CVE-2026-22979", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22979", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8e8a23a21433283953b243475b20998cc6a12c407475c3d2c49009de3432e09e", "Title": "kernel: Linux kernel: Memory leak in networking due to incorrect GRO packet handling", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix memory leak in skb_segment_list for GRO packets\n\nWhen skb_segment_list() is called during packet forwarding, it handles\npackets that were aggregated by the GRO engine.\n\nHistorically, the segmentation logic in skb_segment_list assumes that\nindividual segments are split from a parent SKB and may need to carry\ntheir own socket memory accounting. Accordingly, the code transfers\ntruesize from the parent to the newly created segments.\n\nPrior to commit ed4cccef64c1 (\"gro: fix ownership transfer\"), this\ntruesize subtraction in skb_segment_list() was valid because fragments\nstill carry a reference to the original socket.\n\nHowever, commit ed4cccef64c1 (\"gro: fix ownership transfer\") changed\nthis behavior by ensuring that fraglist entries are explicitly\norphaned (skb-\u003esk = NULL) to prevent illegal orphaning later in the\nstack. This change meant that the entire socket memory charge remained\nwith the head SKB, but the corresponding accounting logic in\nskb_segment_list() was never updated.\n\nAs a result, the current code unconditionally adds each fragment's\ntruesize to delta_truesize and subtracts it from the parent SKB. Since\nthe fragments are no longer charged to the socket, this subtraction\nresults in an effective under-count of memory when the head is freed.\nThis causes sk_wmem_alloc to remain non-zero, preventing socket\ndestruction and leading to a persistent memory leak.\n\nThe leak can be observed via KMEMLEAK when tearing down the networking\nenvironment:\n\nunreferenced object 0xffff8881e6eb9100 (size 2048):\n comm \"ping\", pid 6720, jiffies 4295492526\n backtrace:\n kmem_cache_alloc_noprof+0x5c6/0x800\n sk_prot_alloc+0x5b/0x220\n sk_alloc+0x35/0xa00\n inet6_create.part.0+0x303/0x10d0\n __sock_create+0x248/0x640\n __sys_socket+0x11b/0x1d0\n\nSince skb_segment_list() is exclusively used for SKB_GSO_FRAGLIST\npackets constructed by GRO, the truesize adjustment is removed.\n\nThe call to skb_release_head_state() must be preserved. As documented in\ncommit cf673ed0e057 (\"net: fix fraglist segmentation reference count\nleak\"), it is still required to correctly drop references to SKB\nextensions that may be overwritten during __copy_skb_header().", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-22979", "https://git.kernel.org/linus/238e03d0466239410b72294b79494e43d4fabe77 (6.19-rc5)", "https://git.kernel.org/stable/c/0b27828ebd1ed3107d7929c3737adbe862e99e74", "https://git.kernel.org/stable/c/238e03d0466239410b72294b79494e43d4fabe77", "https://git.kernel.org/stable/c/3264881431e308b9c72cb8a0159d57a56d67dd79", "https://git.kernel.org/stable/c/88bea149db2057112af3aaf63534b24fab5858ab", "https://git.kernel.org/stable/c/c114a32a2e70b82d447f409f7ffcfa3058f9d5bd", "https://linux.oracle.com/cve/CVE-2026-22979.html", "https://linux.oracle.com/errata/ELSA-2026-50144.html", "https://lore.kernel.org/linux-cve-announce/2026012347-CVE-2026-22979-b883@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-22979", "https://www.cve.org/CVERecord?id=CVE-2026-22979" ], "PublishedDate": "2026-01-23T16:15:53.893Z", "LastModifiedDate": "2026-02-26T23:37:06.353Z" }, { "VulnerabilityID": "CVE-2026-22980", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22980", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9c153ad1d3d9f410f04c39aeaeb0a3415c33bea101497f5d8748b2120b4e5357", "Title": "kernel: nfsd: provide locking for v4_end_grace", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: provide locking for v4_end_grace\n\nWriting to v4_end_grace can race with server shutdown and result in\nmemory being accessed after it was freed - reclaim_str_hashtbl in\nparticularly.\n\nWe cannot hold nfsd_mutex across the nfsd4_end_grace() call as that is\nheld while client_tracking_op-\u003einit() is called and that can wait for\nan upcall to nfsdcltrack which can write to v4_end_grace, resulting in a\ndeadlock.\n\nnfsd4_end_grace() is also called by the landromat work queue and this\ndoesn't require locking as server shutdown will stop the work and wait\nfor it before freeing anything that nfsd4_end_grace() might access.\n\nHowever, we must be sure that writing to v4_end_grace doesn't restart\nthe work item after shutdown has already waited for it. For this we\nadd a new flag protected with nn-\u003eclient_lock. It is set only while it\nis safe to make client tracking calls, and v4_end_grace only schedules\nwork while the flag is set with the spinlock held.\n\nSo this patch adds a nfsd_net field \"client_tracking_active\" which is\nset as described. Another field \"grace_end_forced\", is set when\nv4_end_grace is written. After this is set, and providing\nclient_tracking_active is set, the laundromat is scheduled.\nThis \"grace_end_forced\" field bypasses other checks for whether the\ngrace period has finished.\n\nThis resolves a race which can result in use-after-free.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-22980", "https://git.kernel.org/linus/2857bd59feb63fcf40fe4baf55401baea6b4feb4 (6.19-rc5)", "https://git.kernel.org/stable/c/06600719d0f7a723811c45e4d51f5b742f345309", "https://git.kernel.org/stable/c/2857bd59feb63fcf40fe4baf55401baea6b4feb4", "https://git.kernel.org/stable/c/34eb22836e0cdba093baac66599d68c4cd245a9d", "https://git.kernel.org/stable/c/53f07d095e7e680c5e4569a55a019f2c0348cdc6", "https://git.kernel.org/stable/c/ba4811c8b433bfa681729ca42cc62b6034f223b0", "https://git.kernel.org/stable/c/ca97360860eb02e3ae4ba42c19b439a0fcecbf06", "https://git.kernel.org/stable/c/e8bfa2401d4c51eca6e48e9b33c798828ca9df61", "https://linux.oracle.com/cve/CVE-2026-22980.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026012347-CVE-2026-22980-6031@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-22980", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2026-22980" ], "PublishedDate": "2026-01-23T16:15:54.003Z", "LastModifiedDate": "2026-02-26T18:48:11.53Z" }, { "VulnerabilityID": "CVE-2026-22982", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22982", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:39ba47d8468ef87deb89238faf0d6648839582790144bce9ed0f561410182312", "Title": "kernel: net: mscc: ocelot: Fix crash when adding interface under a lag", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mscc: ocelot: Fix crash when adding interface under a lag\n\nCommit 15faa1f67ab4 (\"lan966x: Fix crash when adding interface under a lag\")\nfixed a similar issue in the lan966x driver caused by a NULL pointer dereference.\nThe ocelot_set_aggr_pgids() function in the ocelot driver has similar logic\nand is susceptible to the same crash.\n\nThis issue specifically affects the ocelot_vsc7514.c frontend, which leaves\nunused ports as NULL pointers. The felix_vsc9959.c frontend is unaffected as\nit uses the DSA framework which registers all ports.\n\nFix this by checking if the port pointer is valid before accessing it.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "cbl-mariner": 2, "nvd": 2, "photon": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-22982", "https://git.kernel.org/linus/34f3ff52cb9fa7dbf04f5c734fcc4cb6ed5d1a95 (6.19-rc5)", "https://git.kernel.org/stable/c/03fb1708b7d1e76aecebf767ad059c319845039f", "https://git.kernel.org/stable/c/2985712dc76dfa670eb7fd607c09d4d48e5f5c6e", "https://git.kernel.org/stable/c/34f3ff52cb9fa7dbf04f5c734fcc4cb6ed5d1a95", "https://git.kernel.org/stable/c/8767f238b0e6c3d0b295ac6dce9fbe6a99bd1b9d", "https://git.kernel.org/stable/c/b17818307446c5a8d925a39a792261dbfa930041", "https://git.kernel.org/stable/c/f490af47bbee02441e356a1e0b86e3b3dd5120ff", "https://lore.kernel.org/linux-cve-announce/2026012348-CVE-2026-22982-b250@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-22982", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2026-22982" ], "PublishedDate": "2026-01-23T16:15:54.223Z", "LastModifiedDate": "2026-02-26T18:48:27.273Z" }, { "VulnerabilityID": "CVE-2026-22984", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22984", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3a56c5792efc6e75a5ad6947a7c6542a74cf3353fdf99ab0b96ffdb1000f535e", "Title": "kernel: libceph: prevent potential out-of-bounds reads in handle_auth_done()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: prevent potential out-of-bounds reads in handle_auth_done()\n\nPerform an explicit bounds check on payload_len to avoid a possible\nout-of-bounds access in the callout.\n\n[ idryomov: changelog ]", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "amazon": 3, "azure": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-22984", "https://git.kernel.org/linus/818156caffbf55cb4d368f9c3cac64e458fb49c9 (6.19-rc5)", "https://git.kernel.org/stable/c/194cfe2af4d2a1de599d39dad636b47c2f6c2c96", "https://git.kernel.org/stable/c/2802ef3380fa8c4a08cda51ec1f085b1a712e9e2", "https://git.kernel.org/stable/c/2d653bb63d598ae4b096dd678744bdcc34ee89e8", "https://git.kernel.org/stable/c/79fe3511db416d2f2edcfd93569807cb02736e5e", "https://git.kernel.org/stable/c/818156caffbf55cb4d368f9c3cac64e458fb49c9", "https://git.kernel.org/stable/c/ef208ea331ef688729f64089b895ed1b49e842e3", "https://linux.oracle.com/cve/CVE-2026-22984.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026012349-CVE-2026-22984-001c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-22984", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2026-22984" ], "PublishedDate": "2026-01-23T16:15:54.44Z", "LastModifiedDate": "2026-02-26T18:48:45.403Z" }, { "VulnerabilityID": "CVE-2026-22990", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22990", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a155fe353e5b3a5bbeb9a55ce293fe005c6f0231b64e879cdf859a16f1ee0f1e", "Title": "kernel: libceph: replace overzealous BUG_ON in osdmap_apply_incremental()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: replace overzealous BUG_ON in osdmap_apply_incremental()\n\nIf the osdmap is (maliciously) corrupted such that the incremental\nosdmap epoch is different from what is expected, there is no need to\nBUG. Instead, just declare the incremental osdmap to be invalid.", "Severity": "MEDIUM", "CweIDs": [ "CWE-617" ], "VendorSeverity": { "amazon": 3, "azure": 3, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-22990", "https://git.kernel.org/linus/e00c3f71b5cf75681dbd74ee3f982a99cb690c2b (6.19-rc5)", "https://git.kernel.org/stable/c/4b106fbb1c7b841cd402abd83eb2447164c799ea", "https://git.kernel.org/stable/c/6348d70af847b79805374fe628d3809a63fd7df3", "https://git.kernel.org/stable/c/6afd2a4213524bc742b709599a3663aeaf77193c", "https://git.kernel.org/stable/c/6c6cec3db3b418c4fdf815731bc39e46dff75e1b", "https://git.kernel.org/stable/c/9aa0b0c14cefece078286d78b97d4c09685e372d", "https://git.kernel.org/stable/c/d3613770e2677683e65d062da5e31f48c409abe9", "https://git.kernel.org/stable/c/e00c3f71b5cf75681dbd74ee3f982a99cb690c2b", "https://linux.oracle.com/cve/CVE-2026-22990.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026012351-CVE-2026-22990-a62e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-22990", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2026-22990" ], "PublishedDate": "2026-01-23T16:15:55.077Z", "LastModifiedDate": "2026-02-26T17:22:52.02Z" }, { "VulnerabilityID": "CVE-2026-22991", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22991", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7f365ad153f969e1c303c717d52ae1b6ab7324001807fcb069618144be55f144", "Title": "kernel: libceph: make free_choose_arg_map() resilient to partial allocation", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: make free_choose_arg_map() resilient to partial allocation\n\nfree_choose_arg_map() may dereference a NULL pointer if its caller fails\nafter a partial allocation.\n\nFor example, in decode_choose_args(), if allocation of arg_map-\u003eargs\nfails, execution jumps to the fail label and free_choose_arg_map() is\ncalled. Since arg_map-\u003esize is updated to a non-zero value before memory\nallocation, free_choose_arg_map() will iterate over arg_map-\u003eargs and\ndereference a NULL pointer.\n\nTo prevent this potential NULL pointer dereference and make\nfree_choose_arg_map() more resilient, add checks for pointers before\niterating.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-22991", "https://git.kernel.org/linus/e3fe30e57649c551757a02e1cad073c47e1e075e (6.19-rc5)", "https://git.kernel.org/stable/c/8081faaf089db5280c3be820948469f7c58ef8dd", "https://git.kernel.org/stable/c/851241d3f78a5505224dc21c03d8692f530256b4", "https://git.kernel.org/stable/c/9b3730dabcf3764bfe3ff07caf55e641a0b45234", "https://git.kernel.org/stable/c/c4c2152a858c0ce4d2bff6ca8c1d5b0ef9f2cbdf", "https://git.kernel.org/stable/c/e3fe30e57649c551757a02e1cad073c47e1e075e", "https://git.kernel.org/stable/c/ec1850f663da64842614c86b20fe734be070c2ba", "https://git.kernel.org/stable/c/f21c3fdb96833aac2f533506899fe38c19cf49d5", "https://linux.oracle.com/cve/CVE-2026-22991.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026012351-CVE-2026-22991-e4a2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-22991", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2026-22991" ], "PublishedDate": "2026-01-23T16:15:55.183Z", "LastModifiedDate": "2026-02-26T18:50:48.817Z" }, { "VulnerabilityID": "CVE-2026-22992", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22992", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f089f1dc73808e1693d64303c7da9eba10caa60ddb1d111a28b480bb691318fd", "Title": "kernel: libceph: return the handler error from mon_handle_auth_done()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: return the handler error from mon_handle_auth_done()\n\nCurrently any error from ceph_auth_handle_reply_done() is propagated\nvia finish_auth() but isn't returned from mon_handle_auth_done(). This\nresults in higher layers learning that (despite the monitor considering\nus to be successfully authenticated) something went wrong in the\nauthentication phase and reacting accordingly, but msgr2 still trying\nto proceed with establishing the session in the background. In the\ncase of secure mode this can trigger a WARN in setup_crypto() and later\nlead to a NULL pointer dereference inside of prepare_auth_signature().", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-22992", "https://git.kernel.org/linus/e84b48d31b5008932c0a0902982809fbaa1d3b70 (6.19-rc5)", "https://git.kernel.org/stable/c/33908769248b38a5e77cf9292817bb28e641992d", "https://git.kernel.org/stable/c/77229551f2cf72f3e35636db68e6a825b912cf16", "https://git.kernel.org/stable/c/9e0101e57534ef0e7578dd09608a6106736b82e5", "https://git.kernel.org/stable/c/d2c4a5f6996683f287f3851ef5412797042de7f1", "https://git.kernel.org/stable/c/e097cd858196b1914309e7e3d79b4fa79383754d", "https://git.kernel.org/stable/c/e84b48d31b5008932c0a0902982809fbaa1d3b70", "https://linux.oracle.com/cve/CVE-2026-22992.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026012351-CVE-2026-22992-0607@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-22992", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2026-22992" ], "PublishedDate": "2026-01-23T16:15:55.29Z", "LastModifiedDate": "2026-02-26T18:47:46.9Z" }, { "VulnerabilityID": "CVE-2026-22996", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22996", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c0ea413395bda807f8571adda7319d74664738af5a578047618bf1aa02d6d2bf", "Title": "kernel: net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv\n\nmlx5e_priv is an unstable structure that can be memset(0) if profile\nattaching fails, mlx5e_priv in mlx5e_dev devlink private is used to\nreference the netdev and mdev associated with that struct. Instead,\nstore netdev directly into mlx5e_dev and get mdev from the containing\nmlx5_adev aux device structure.\n\nThis fixes a kernel oops in mlx5e_remove when switchdev mode fails due\nto change profile failure.\n\n$ devlink dev eswitch set pci/0000:00:03.0 mode switchdev\nError: mlx5_core: Failed setting eswitch to offloads.\ndmesg:\nworkqueue: Failed to create a rescuer kthread for wq \"mlx5e\": -EINTR\nmlx5_core 0012:03:00.1: mlx5e_netdev_init_profile:6214:(pid 37199): mlx5e_priv_init failed, err=-12\nmlx5_core 0012:03:00.1 gpu3rdma1: mlx5e_netdev_change_profile: new profile init failed, -12\nworkqueue: Failed to create a rescuer kthread for wq \"mlx5e\": -EINTR\nmlx5_core 0012:03:00.1: mlx5e_netdev_init_profile:6214:(pid 37199): mlx5e_priv_init failed, err=-12\nmlx5_core 0012:03:00.1 gpu3rdma1: mlx5e_netdev_change_profile: failed to rollback to orig profile, -12\n\n$ devlink dev reload pci/0000:00:03.0 ==\u003e oops\n\nBUG: kernel NULL pointer dereference, address: 0000000000000520\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] SMP NOPTI\nCPU: 3 UID: 0 PID: 521 Comm: devlink Not tainted 6.18.0-rc5+ #117 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\nRIP: 0010:mlx5e_remove+0x68/0x130\nRSP: 0018:ffffc900034838f0 EFLAGS: 00010246\nRAX: ffff88810283c380 RBX: ffff888101874400 RCX: ffffffff826ffc45\nRDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000\nRBP: ffff888102d789c0 R08: ffff8881007137f0 R09: ffff888100264e10\nR10: ffffc90003483898 R11: ffffc900034838a0 R12: ffff888100d261a0\nR13: ffff888100d261a0 R14: ffff8881018749a0 R15: ffff888101874400\nFS: 00007f8565fea740(0000) GS:ffff88856a759000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000520 CR3: 000000010b11a004 CR4: 0000000000370ef0\nCall Trace:\n \u003cTASK\u003e\n device_release_driver_internal+0x19c/0x200\n bus_remove_device+0xc6/0x130\n device_del+0x160/0x3d0\n ? devl_param_driverinit_value_get+0x2d/0x90\n mlx5_detach_device+0x89/0xe0\n mlx5_unload_one_devl_locked+0x3a/0x70\n mlx5_devlink_reload_down+0xc8/0x220\n devlink_reload+0x7d/0x260\n devlink_nl_reload_doit+0x45b/0x5a0\n genl_family_rcv_msg_doit+0xe8/0x140", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-22996", "https://git.kernel.org/linus/123eda2e5b1638e298e3a66bb1e64a8da92de5e1 (6.19-rc6)", "https://git.kernel.org/stable/c/123eda2e5b1638e298e3a66bb1e64a8da92de5e1", "https://git.kernel.org/stable/c/a3d4f87d41f5140f1cf5c02fce5cdad2637f6244", "https://git.kernel.org/stable/c/dcb2ad755a16cb0ecd2dc98234d71a6e216ae7fe", "https://linux.oracle.com/cve/CVE-2026-22996.html", "https://linux.oracle.com/errata/ELSA-2026-50144.html", "https://lore.kernel.org/linux-cve-announce/2026012532-CVE-2026-22996-f977@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-22996", "https://www.cve.org/CVERecord?id=CVE-2026-22996" ], "PublishedDate": "2026-01-25T15:15:54.43Z", "LastModifiedDate": "2026-02-26T17:09:05.283Z" }, { "VulnerabilityID": "CVE-2026-23000", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23000", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:bea6db0aff52025c93abc097ff63724f471000941de43c736f372454c5f0de9f", "Title": "kernel: Linux kernel (mlx5e): Denial of Service due to NULL pointer dereference during network profile change", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix crash on profile change rollback failure\n\nmlx5e_netdev_change_profile can fail to attach a new profile and can\nfail to rollback to old profile, in such case, we could end up with a\ndangling netdev with a fully reset netdev_priv. A retry to change\nprofile, e.g. another attempt to call mlx5e_netdev_change_profile via\nswitchdev mode change, will crash trying to access the now NULL\npriv-\u003emdev.\n\nThis fix allows mlx5e_netdev_change_profile() to handle previous\nfailures and an empty priv, by not assuming priv is valid.\n\nPass netdev and mdev to all flows requiring\nmlx5e_netdev_change_profile() and avoid passing priv.\nIn mlx5e_netdev_change_profile() check if current priv is valid, and if\nnot, just attach the new profile without trying to access the old one.\n\nThis fixes the following oops, when enabling switchdev mode for the 2nd\ntime after first time failure:\n\n ## Enabling switchdev mode first time:\n\nmlx5_core 0012:03:00.1: E-Switch: Supported tc chains and prios offload\nworkqueue: Failed to create a rescuer kthread for wq \"mlx5e\": -EINTR\nmlx5_core 0012:03:00.1: mlx5e_netdev_init_profile:6214:(pid 37199): mlx5e_priv_init failed, err=-12\nmlx5_core 0012:03:00.1 gpu3rdma1: mlx5e_netdev_change_profile: new profile init failed, -12\nworkqueue: Failed to create a rescuer kthread for wq \"mlx5e\": -EINTR\nmlx5_core 0012:03:00.1: mlx5e_netdev_init_profile:6214:(pid 37199): mlx5e_priv_init failed, err=-12\nmlx5_core 0012:03:00.1 gpu3rdma1: mlx5e_netdev_change_profile: failed to rollback to orig profile, -12\n ^^^^^^^^\nmlx5_core 0000:00:03.0: E-Switch: Disable: mode(LEGACY), nvfs(0), necvfs(0), active vports(0)\n\n ## retry: Enabling switchdev mode 2nd time:\n\nmlx5_core 0000:00:03.0: E-Switch: Supported tc chains and prios offload\nBUG: kernel NULL pointer dereference, address: 0000000000000038\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] SMP NOPTI\nCPU: 13 UID: 0 PID: 520 Comm: devlink Not tainted 6.18.0-rc4+ #91 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\nRIP: 0010:mlx5e_detach_netdev+0x3c/0x90\nCode: 50 00 00 f0 80 4f 78 02 48 8b bf e8 07 00 00 48 85 ff 74 16 48 8b 73 78 48 d1 ee 83 e6 01 83 f6 01 40 0f b6 f6 e8 c4 42 00 00 \u003c48\u003e 8b 45 38 48 85 c0 74 08 48 89 df e8 cc 47 40 1e 48 8b bb f0 07\nRSP: 0018:ffffc90000673890 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff8881036a89c0 RCX: 0000000000000000\nRDX: ffff888113f63800 RSI: ffffffff822fe720 RDI: 0000000000000000\nRBP: 0000000000000000 R08: 0000000000002dcd R09: 0000000000000000\nR10: ffffc900006738e8 R11: 00000000ffffffff R12: 0000000000000000\nR13: 0000000000000000 R14: ffff8881036a89c0 R15: 0000000000000000\nFS: 00007fdfb8384740(0000) GS:ffff88856a9d6000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000038 CR3: 0000000112ae0005 CR4: 0000000000370ef0\nCall Trace:\n \u003cTASK\u003e\n mlx5e_netdev_change_profile+0x45/0xb0\n mlx5e_vport_rep_load+0x27b/0x2d0\n mlx5_esw_offloads_rep_load+0x72/0xf0\n esw_offloads_enable+0x5d0/0x970\n mlx5_eswitch_enable_locked+0x349/0x430\n ? is_mp_supported+0x57/0xb0\n mlx5_devlink_eswitch_mode_set+0x26b/0x430\n devlink_nl_eswitch_set_doit+0x6f/0xf0\n genl_family_rcv_msg_doit+0xe8/0x140\n genl_rcv_msg+0x18b/0x290\n ? __pfx_devlink_nl_pre_doit+0x10/0x10\n ? __pfx_devlink_nl_eswitch_set_doit+0x10/0x10\n ? __pfx_devlink_nl_post_doit+0x10/0x10\n ? __pfx_genl_rcv_msg+0x10/0x10\n netlink_rcv_skb+0x52/0x100\n genl_rcv+0x28/0x40\n netlink_unicast+0x282/0x3e0\n ? __alloc_skb+0xd6/0x190\n netlink_sendmsg+0x1f7/0x430\n __sys_sendto+0x213/0x220\n ? __sys_recvmsg+0x6a/0xd0\n __x64_sys_sendto+0x24/0x30\n do_syscall_64+0x50/0x1f0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7fdfb8495047", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23000", "https://git.kernel.org/linus/4dadc4077e3f77d6d31e199a925fc7a705e7adeb (6.19-rc6)", "https://git.kernel.org/stable/c/4dadc4077e3f77d6d31e199a925fc7a705e7adeb", "https://git.kernel.org/stable/c/dad52950b409d6923880d65a4cddb383286e17d2", "https://git.kernel.org/stable/c/e05b8084a20f6bd5827d338c928e5e0fcbafa496", "https://linux.oracle.com/cve/CVE-2026-23000.html", "https://linux.oracle.com/errata/ELSA-2026-50144.html", "https://lore.kernel.org/linux-cve-announce/2026012534-CVE-2026-23000-36e1@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23000", "https://www.cve.org/CVERecord?id=CVE-2026-23000" ], "PublishedDate": "2026-01-25T15:15:54.853Z", "LastModifiedDate": "2026-02-24T21:01:41.39Z" }, { "VulnerabilityID": "CVE-2026-23004", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23004", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:44b67caa0bfd69cbc52b359c57ff037a4646fc33ce398f6f7b2b77d0e7e0e7e5", "Title": "kernel: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndst: fix races in rt6_uncached_list_del() and rt_del_uncached_list()\n\nsyzbot was able to crash the kernel in rt6_uncached_list_flush_dev()\nin an interesting way [1]\n\nCrash happens in list_del_init()/INIT_LIST_HEAD() while writing\nlist-\u003eprev, while the prior write on list-\u003enext went well.\n\nstatic inline void INIT_LIST_HEAD(struct list_head *list)\n{\n\tWRITE_ONCE(list-\u003enext, list); // This went well\n\tWRITE_ONCE(list-\u003eprev, list); // Crash, @list has been freed.\n}\n\nIssue here is that rt6_uncached_list_del() did not attempt to lock\nul-\u003elock, as list_empty(\u0026rt-\u003edst.rt_uncached) returned\ntrue because the WRITE_ONCE(list-\u003enext, list) happened on the other CPU.\n\nWe might use list_del_init_careful() and list_empty_careful(),\nor make sure rt6_uncached_list_del() always grabs the spinlock\nwhenever rt-\u003edst.rt_uncached_list has been set.\n\nA similar fix is neeed for IPv4.\n\n[1]\n\n BUG: KASAN: slab-use-after-free in INIT_LIST_HEAD include/linux/list.h:46 [inline]\n BUG: KASAN: slab-use-after-free in list_del_init include/linux/list.h:296 [inline]\n BUG: KASAN: slab-use-after-free in rt6_uncached_list_flush_dev net/ipv6/route.c:191 [inline]\n BUG: KASAN: slab-use-after-free in rt6_disable_ip+0x633/0x730 net/ipv6/route.c:5020\nWrite of size 8 at addr ffff8880294cfa78 by task kworker/u8:14/3450\n\nCPU: 0 UID: 0 PID: 3450 Comm: kworker/u8:14 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)}\nTainted: [L]=SOFTLOCKUP\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025\nWorkqueue: netns cleanup_net\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x240 mm/kasan/report.c:482\n kasan_report+0x118/0x150 mm/kasan/report.c:595\n INIT_LIST_HEAD include/linux/list.h:46 [inline]\n list_del_init include/linux/list.h:296 [inline]\n rt6_uncached_list_flush_dev net/ipv6/route.c:191 [inline]\n rt6_disable_ip+0x633/0x730 net/ipv6/route.c:5020\n addrconf_ifdown+0x143/0x18a0 net/ipv6/addrconf.c:3853\n addrconf_notify+0x1bc/0x1050 net/ipv6/addrconf.c:-1\n notifier_call_chain+0x19d/0x3a0 kernel/notifier.c:85\n call_netdevice_notifiers_extack net/core/dev.c:2268 [inline]\n call_netdevice_notifiers net/core/dev.c:2282 [inline]\n netif_close_many+0x29c/0x410 net/core/dev.c:1785\n unregister_netdevice_many_notify+0xb50/0x2330 net/core/dev.c:12353\n ops_exit_rtnl_list net/core/net_namespace.c:187 [inline]\n ops_undo_list+0x3dc/0x990 net/core/net_namespace.c:248\n cleanup_net+0x4de/0x7b0 net/core/net_namespace.c:696\n process_one_work kernel/workqueue.c:3257 [inline]\n process_scheduled_works+0xad1/0x1770 kernel/workqueue.c:3340\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3421\n kthread+0x711/0x8a0 kernel/kthread.c:463\n ret_from_fork+0x510/0xa50 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246\n \u003c/TASK\u003e\n\nAllocated by task 803:\n kasan_save_stack mm/kasan/common.c:57 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:78\n unpoison_slab_object mm/kasan/common.c:340 [inline]\n __kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c:366\n kasan_slab_alloc include/linux/kasan.h:253 [inline]\n slab_post_alloc_hook mm/slub.c:4953 [inline]\n slab_alloc_node mm/slub.c:5263 [inline]\n kmem_cache_alloc_noprof+0x18d/0x6c0 mm/slub.c:5270\n dst_alloc+0x105/0x170 net/core/dst.c:89\n ip6_dst_alloc net/ipv6/route.c:342 [inline]\n icmp6_dst_alloc+0x75/0x460 net/ipv6/route.c:3333\n mld_sendpack+0x683/0xe60 net/ipv6/mcast.c:1844\n mld_send_cr net/ipv6/mcast.c:2154 [inline]\n mld_ifc_work+0x83e/0xd60 net/ipv6/mcast.c:2693\n process_one_work kernel/workqueue.c:3257 [inline]\n process_scheduled_works+0xad1/0x1770 kernel/workqueue.c:3340\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3421\n kthread+0x711/0x8a0 kernel/kthread.c:463\n ret_from_fork+0x510/0xa50 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entr\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "azure": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23004", "https://git.kernel.org/linus/9a6f0c4d5796ab89b5a28a890ce542344d58bd69 (6.19-rc6)", "https://git.kernel.org/stable/c/722de945216144af7cd4d39bdeb936108d2595a7", "https://git.kernel.org/stable/c/815db2363e51f0ef416947492d4dac5b7a520f56", "https://git.kernel.org/stable/c/9a6f0c4d5796ab89b5a28a890ce542344d58bd69", "https://git.kernel.org/stable/c/f24a52948c95e02facbca2b3b6eb5a225e27eb01", "https://lore.kernel.org/linux-cve-announce/2026012535-CVE-2026-23004-205e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23004", "https://www.cve.org/CVERecord?id=CVE-2026-23004" ], "PublishedDate": "2026-01-25T15:15:55.273Z", "LastModifiedDate": "2026-03-25T19:26:59.85Z" }, { "VulnerabilityID": "CVE-2026-23019", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23019", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9592904a2bc9fbc1397ab321f8a9386f8e9c766d48d31fe6cefe3f52be3c7f05", "Title": "kernel: net: marvell: prestera: fix NULL dereference on devlink_alloc() failure", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: marvell: prestera: fix NULL dereference on devlink_alloc() failure\n\ndevlink_alloc() may return NULL on allocation failure, but\nprestera_devlink_alloc() unconditionally calls devlink_priv() on\nthe returned pointer.\n\nThis leads to a NULL pointer dereference if devlink allocation fails.\nAdd a check for a NULL devlink pointer and return NULL early to avoid\nthe crash.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23019", "https://git.kernel.org/linus/a428e0da1248c353557970848994f35fd3f005e2 (6.19-rc5)", "https://git.kernel.org/stable/c/325aea74be7e192b5c947c782da23b0d19a5fda2", "https://git.kernel.org/stable/c/326a4b7e61d01db3507f71c8bb5e85362f607064", "https://git.kernel.org/stable/c/3950054c9512add0cc79ab7e72b6d2f9f675e25b", "https://git.kernel.org/stable/c/8a4333b2818f0d853b43e139936c20659366e4a0", "https://git.kernel.org/stable/c/94e070cd50790317fba7787ae6006934b7edcb6f", "https://git.kernel.org/stable/c/a428e0da1248c353557970848994f35fd3f005e2", "https://lore.kernel.org/linux-cve-announce/2026013135-CVE-2026-23019-dce2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23019", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2026-23019" ], "PublishedDate": "2026-01-31T12:16:05.207Z", "LastModifiedDate": "2026-03-25T15:55:44.02Z" }, { "VulnerabilityID": "CVE-2026-23020", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23020", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ddd9adff645ecdeee4ad20e2029ce619c06e6f76a3f4df1cc80eded608793c77", "Title": "kernel: net: 3com: 3c59x: fix possible null dereference in vortex_probe1()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: 3com: 3c59x: fix possible null dereference in vortex_probe1()\n\npdev can be null and free_ring: can be called in 1297 with a null\npdev.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23020", "https://git.kernel.org/linus/a4e305ed60f7c41bbf9aabc16dd75267194e0de3 (6.19-rc5)", "https://git.kernel.org/stable/c/053ac9e37eee435e999277c0f1ef890dad6064bf", "https://git.kernel.org/stable/c/28b2a805609699be7b90020ae7dccfb234be1ceb", "https://git.kernel.org/stable/c/2f05f7737e16d9a40038cc1c38a96a3f7964898b", "https://git.kernel.org/stable/c/606872c8e8bf96066730f6a2317502c5633c37f1", "https://git.kernel.org/stable/c/6cff14b831dbdb32675b4c7904dcc3eeeaf47e9d", "https://git.kernel.org/stable/c/a4e305ed60f7c41bbf9aabc16dd75267194e0de3", "https://git.kernel.org/stable/c/d82796a57cc0dac1dbef19d913c8f02a8cc7b1a7", "https://linux.oracle.com/cve/CVE-2026-23020.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026013136-CVE-2026-23020-07c3@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23020", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2026-23020" ], "PublishedDate": "2026-01-31T12:16:05.31Z", "LastModifiedDate": "2026-03-25T15:56:02.047Z" }, { "VulnerabilityID": "CVE-2026-23021", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23021", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:eadf621f7aa52497a773cdf96c619cc7e905b4926d5a2b2311c516387f998903", "Title": "kernel: Linux kernel (net: usb: pegasus): Denial of Service due to memory leak", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: pegasus: fix memory leak in update_eth_regs_async()\n\nWhen asynchronously writing to the device registers and if usb_submit_urb()\nfail, the code fail to release allocated to this point resources.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23021", "https://git.kernel.org/linus/afa27621a28af317523e0836dad430bec551eb54 (6.19-rc5)", "https://git.kernel.org/stable/c/471dfb97599eec74e0476046b3ef8e7037f27b34", "https://git.kernel.org/stable/c/5397ea6d21c35a17707e201a60761bdee00bcc4e", "https://git.kernel.org/stable/c/93f18eaa190374e0f2d253e3b1a65cee19a7abe6", "https://git.kernel.org/stable/c/a40af9a2904a1ab8ce61866ebe2a894ef30754ba", "https://git.kernel.org/stable/c/ac5d92d2826dec51e5d4c6854865bc5817277452", "https://git.kernel.org/stable/c/afa27621a28af317523e0836dad430bec551eb54", "https://git.kernel.org/stable/c/ce6eef731aba23a988decea1df3b08cf978f7b01", "https://linux.oracle.com/cve/CVE-2026-23021.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026013136-CVE-2026-23021-8fc2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23021", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2026-23021" ], "PublishedDate": "2026-01-31T12:16:05.413Z", "LastModifiedDate": "2026-03-25T15:56:19.39Z" }, { "VulnerabilityID": "CVE-2026-23031", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23031", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:00240e0befb5289b44b156e565a57b2af26106398b1ce4fd07f31021b0c6a2dc", "Title": "kernel: Linux kernel: Memory leak in gs_usb module can lead to denial of service via improper USB Request Block handling.", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak\n\nIn gs_can_open(), the URBs for USB-in transfers are allocated, added to the\nparent-\u003erx_submitted anchor and submitted. In the complete callback\ngs_usb_receive_bulk_callback(), the URB is processed and resubmitted. In\ngs_can_close() the URBs are freed by calling\nusb_kill_anchored_urbs(parent-\u003erx_submitted).\n\nHowever, this does not take into account that the USB framework unanchors\nthe URB before the complete function is called. This means that once an\nin-URB has been completed, it is no longer anchored and is ultimately not\nreleased in gs_can_close().\n\nFix the memory leak by anchoring the URB in the\ngs_usb_receive_bulk_callback() to the parent-\u003erx_submitted anchor.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23031", "https://git.kernel.org/linus/7352e1d5932a0e777e39fa4b619801191f57e603 (6.19-rc6)", "https://git.kernel.org/stable/c/08624b7206ddb9148eeffc2384ebda2c47b6d1e9", "https://git.kernel.org/stable/c/7352e1d5932a0e777e39fa4b619801191f57e603", "https://git.kernel.org/stable/c/9f669a38ca70839229b7ba0f851820850a2fe1f7", "https://git.kernel.org/stable/c/ec5ccc2af9e5b045671f3f604b57512feda8bcc5", "https://git.kernel.org/stable/c/f905bcfa971edb89e398c98957838d8c6381c0c7", "https://linux.oracle.com/cve/CVE-2026-23031.html", "https://linux.oracle.com/errata/ELSA-2026-50144.html", "https://lore.kernel.org/linux-cve-announce/2026013120-CVE-2026-23031-9e82@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23031", "https://www.cve.org/CVERecord?id=CVE-2026-23031" ], "PublishedDate": "2026-01-31T12:16:06.413Z", "LastModifiedDate": "2026-02-06T17:16:21.677Z" }, { "VulnerabilityID": "CVE-2026-23035", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23035", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f8896893a43324e5ea231aee2ab5bbdcdfc7876c763c4d215642aec10f682dcb", "Title": "kernel: net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv\n\nmlx5e_priv is an unstable structure that can be memset(0) if profile\nattaching fails.\n\nPass netdev to mlx5e_destroy_netdev() to guarantee it will work on a\nvalid netdev.\n\nOn mlx5e_remove: Check validity of priv-\u003eprofile, before attempting\nto cleanup any resources that might be not there.\n\nThis fixes a kernel oops in mlx5e_remove when switchdev mode fails due\nto change profile failure.\n\n$ devlink dev eswitch set pci/0000:00:03.0 mode switchdev\nError: mlx5_core: Failed setting eswitch to offloads.\ndmesg:\nworkqueue: Failed to create a rescuer kthread for wq \"mlx5e\": -EINTR\nmlx5_core 0012:03:00.1: mlx5e_netdev_init_profile:6214:(pid 37199): mlx5e_priv_init failed, err=-12\nmlx5_core 0012:03:00.1 gpu3rdma1: mlx5e_netdev_change_profile: new profile init failed, -12\nworkqueue: Failed to create a rescuer kthread for wq \"mlx5e\": -EINTR\nmlx5_core 0012:03:00.1: mlx5e_netdev_init_profile:6214:(pid 37199): mlx5e_priv_init failed, err=-12\nmlx5_core 0012:03:00.1 gpu3rdma1: mlx5e_netdev_change_profile: failed to rollback to orig profile, -12\n\n$ devlink dev reload pci/0000:00:03.0 ==\u003e oops\n\nBUG: kernel NULL pointer dereference, address: 0000000000000370\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] SMP NOPTI\nCPU: 15 UID: 0 PID: 520 Comm: devlink Not tainted 6.18.0-rc5+ #115 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\nRIP: 0010:mlx5e_dcbnl_dscp_app+0x23/0x100\nRSP: 0018:ffffc9000083f8b8 EFLAGS: 00010286\nRAX: ffff8881126fc380 RBX: ffff8881015ac400 RCX: ffffffff826ffc45\nRDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8881035109c0\nRBP: ffff8881035109c0 R08: ffff888101e3e838 R09: ffff888100264e10\nR10: ffffc9000083f898 R11: ffffc9000083f8a0 R12: ffff888101b921a0\nR13: ffff888101b921a0 R14: ffff8881015ac9a0 R15: ffff8881015ac400\nFS: 00007f789a3c8740(0000) GS:ffff88856aa59000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000370 CR3: 000000010b6c0001 CR4: 0000000000370ef0\nCall Trace:\n \u003cTASK\u003e\n mlx5e_remove+0x57/0x110\n device_release_driver_internal+0x19c/0x200\n bus_remove_device+0xc6/0x130\n device_del+0x160/0x3d0\n ? devl_param_driverinit_value_get+0x2d/0x90\n mlx5_detach_device+0x89/0xe0\n mlx5_unload_one_devl_locked+0x3a/0x70\n mlx5_devlink_reload_down+0xc8/0x220\n devlink_reload+0x7d/0x260\n devlink_nl_reload_doit+0x45b/0x5a0\n genl_family_rcv_msg_doit+0xe8/0x140", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", "V3Score": 5.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23035", "https://git.kernel.org/linus/4ef8512e1427111f7ba92b4a847d181ff0aeec42 (6.19-rc6)", "https://git.kernel.org/stable/c/4ef8512e1427111f7ba92b4a847d181ff0aeec42", "https://git.kernel.org/stable/c/66a25f6b7c0bfd84e6d27b536f5d24116dbd52da", "https://git.kernel.org/stable/c/a7625bacaa8c8c2bfcde6dd6d1397bd63ad82b02", "https://linux.oracle.com/cve/CVE-2026-23035.html", "https://linux.oracle.com/errata/ELSA-2026-50144.html", "https://lore.kernel.org/linux-cve-announce/2026013121-CVE-2026-23035-0b86@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23035", "https://www.cve.org/CVERecord?id=CVE-2026-23035" ], "PublishedDate": "2026-01-31T12:16:06.807Z", "LastModifiedDate": "2026-02-03T16:44:36.63Z" }, { "VulnerabilityID": "CVE-2026-23047", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23047", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d98c6b1155f8c17b94e4fbc3a2ec4eb9afcea9d364a8ea520e4d4a93508f62ec", "Title": "kernel: libceph: make calc_target() set t-\u003epaused, not just clear it", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: make calc_target() set t-\u003epaused, not just clear it\n\nCurrently calc_target() clears t-\u003epaused if the request shouldn't be\npaused anymore, but doesn't ever set t-\u003epaused even though it's able to\ndetermine when the request should be paused. Setting t-\u003epaused is left\nto __submit_request() which is fine for regular requests but doesn't\nwork for linger requests -- since __submit_request() doesn't operate\non linger requests, there is nowhere for lreq-\u003et.paused to be set.\nOne consequence of this is that watches don't get reestablished on\npaused -\u003e unpaused transitions in cases where requests have been paused\nlong enough for the (paused) unwatch request to time out and for the\nsubsequent (re)watch request to enter the paused state. On top of the\nwatch not getting reestablished, rbd_reregister_watch() gets stuck with\nrbd_dev-\u003ewatch_mutex held:\n\n rbd_register_watch\n __rbd_register_watch\n ceph_osdc_watch\n linger_reg_commit_wait\n\nIt's waiting for lreq-\u003ereg_commit_wait to be completed, but for that to\nhappen the respective request needs to end up on need_resend_linger list\nand be kicked when requests are unpaused. There is no chance for that\nif the request in question is never marked paused in the first place.\n\nThe fact that rbd_dev-\u003ewatch_mutex remains taken out forever then\nprevents the image from getting unmapped -- \"rbd unmap\" would inevitably\nhang in D state on an attempt to grab the mutex.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23047", "https://git.kernel.org/linus/c0fe2994f9a9d0a2ec9e42441ea5ba74b6a16176 (6.19-rc5)", "https://git.kernel.org/stable/c/2b3329b3c29d9e188e40d902d5230c2d5989b940", "https://git.kernel.org/stable/c/4d3399c52e0e61720ae898f5a0b5b75d4460ae24", "https://git.kernel.org/stable/c/4ebc711b738d139cabe2fc9e7e7749847676a342", "https://git.kernel.org/stable/c/5647d42c47b535573b63e073e91164d6a5bb058c", "https://git.kernel.org/stable/c/5d0dc83cb9a69c1d0bea58f1c430199b05f6b021", "https://git.kernel.org/stable/c/6f468f6ff233c6a81e0e761d9124e982903fe9a5", "https://git.kernel.org/stable/c/c0fe2994f9a9d0a2ec9e42441ea5ba74b6a16176", "https://linux.oracle.com/cve/CVE-2026-23047.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2026020440-CVE-2026-23047-38d4@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23047", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2026-23047" ], "PublishedDate": "2026-02-04T16:16:20.227Z", "LastModifiedDate": "2026-02-04T16:33:44.537Z" }, { "VulnerabilityID": "CVE-2026-23050", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23050", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:cfba9b03738e9a459643b4423167423bc863b0113c69785759be16719682b731", "Title": "kernel: pNFS: Fix a deadlock when returning a delegation during open()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\npNFS: Fix a deadlock when returning a delegation during open()\n\nBen Coddington reports seeing a hang in the following stack trace:\n 0 [ffffd0b50e1774e0] __schedule at ffffffff9ca05415\n 1 [ffffd0b50e177548] schedule at ffffffff9ca05717\n 2 [ffffd0b50e177558] bit_wait at ffffffff9ca061e1\n 3 [ffffd0b50e177568] __wait_on_bit at ffffffff9ca05cfb\n 4 [ffffd0b50e1775c8] out_of_line_wait_on_bit at ffffffff9ca05ea5\n 5 [ffffd0b50e177618] pnfs_roc at ffffffffc154207b [nfsv4]\n 6 [ffffd0b50e1776b8] _nfs4_proc_delegreturn at ffffffffc1506586 [nfsv4]\n 7 [ffffd0b50e177788] nfs4_proc_delegreturn at ffffffffc1507480 [nfsv4]\n 8 [ffffd0b50e1777f8] nfs_do_return_delegation at ffffffffc1523e41 [nfsv4]\n 9 [ffffd0b50e177838] nfs_inode_set_delegation at ffffffffc1524a75 [nfsv4]\n 10 [ffffd0b50e177888] nfs4_process_delegation at ffffffffc14f41dd [nfsv4]\n 11 [ffffd0b50e1778a0] _nfs4_opendata_to_nfs4_state at ffffffffc1503edf [nfsv4]\n 12 [ffffd0b50e1778c0] _nfs4_open_and_get_state at ffffffffc1504e56 [nfsv4]\n 13 [ffffd0b50e177978] _nfs4_do_open at ffffffffc15051b8 [nfsv4]\n 14 [ffffd0b50e1779f8] nfs4_do_open at ffffffffc150559c [nfsv4]\n 15 [ffffd0b50e177a80] nfs4_atomic_open at ffffffffc15057fb [nfsv4]\n 16 [ffffd0b50e177ad0] nfs4_file_open at ffffffffc15219be [nfsv4]\n 17 [ffffd0b50e177b78] do_dentry_open at ffffffff9c09e6ea\n 18 [ffffd0b50e177ba8] vfs_open at ffffffff9c0a082e\n 19 [ffffd0b50e177bd0] dentry_open at ffffffff9c0a0935\n\nThe issue is that the delegreturn is being asked to wait for a layout\nreturn that cannot complete because a state recovery was initiated. The\nstate recovery cannot complete until the open() finishes processing the\ndelegations it was given.\n\nThe solution is to propagate the existing flags that indicate a\nnon-blocking call to the function pnfs_roc(), so that it knows not to\nwait in this situation.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 3, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23050", "https://git.kernel.org/linus/857bf9056291a16785ae3be1d291026b2437fc48 (6.19-rc6)", "https://git.kernel.org/stable/c/857bf9056291a16785ae3be1d291026b2437fc48", "https://git.kernel.org/stable/c/a316fd9d3065b753b03d802530004aea481512cc", "https://git.kernel.org/stable/c/c57387d447a2bcbaea009ba5f9497adf3de5edeb", "https://git.kernel.org/stable/c/d6c75aa9d607044d1e5c8498eff0259eed356c32", "https://linux.oracle.com/cve/CVE-2026-23050.html", "https://linux.oracle.com/errata/ELSA-2026-50144.html", "https://lore.kernel.org/linux-cve-announce/2026020450-CVE-2026-23050-378c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23050", "https://www.cve.org/CVERecord?id=CVE-2026-23050" ], "PublishedDate": "2026-02-04T17:16:15.663Z", "LastModifiedDate": "2026-03-25T11:16:17.447Z" }, { "VulnerabilityID": "CVE-2026-23054", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23054", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:cad932f4e3ebc6eeb7ee2e1790ebd17c0a6e9efe483a9b19a6281a03161ba65e", "Title": "kernel: net: hv_netvsc: reject RSS hash key programming without RX indirection table", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hv_netvsc: reject RSS hash key programming without RX indirection table\n\nRSS configuration requires a valid RX indirection table. When the device\nreports a single receive queue, rndis_filter_device_add() does not\nallocate an indirection table, accepting RSS hash key updates in this\nstate leads to a hang.\n\nFix this by gating netvsc_set_rxfh() on ndc-\u003erx_table_sz and return\n-EOPNOTSUPP when the table is absent. This aligns set_rxfh with the device\ncapabilities and prevents incorrect behavior.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 3, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23054", "https://git.kernel.org/linus/d23564955811da493f34412d7de60fa268c8cb50 (6.19-rc6)", "https://git.kernel.org/stable/c/11dd9a9ef4dc4507a15a69b8511a0013c6c28fa3", "https://git.kernel.org/stable/c/4cd55c609e85ae2313248ef1a33619a3eef44a16", "https://git.kernel.org/stable/c/8288136f508e78eb3563e7073975999cf225a2f9", "https://git.kernel.org/stable/c/82c9039c8ebb715753a40434df714f865a3aec9c", "https://git.kernel.org/stable/c/d23564955811da493f34412d7de60fa268c8cb50", "https://linux.oracle.com/cve/CVE-2026-23054.html", "https://linux.oracle.com/errata/ELSA-2026-50144.html", "https://lore.kernel.org/linux-cve-announce/2026020451-CVE-2026-23054-3712@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23054", "https://www.cve.org/CVERecord?id=CVE-2026-23054" ], "PublishedDate": "2026-02-04T17:16:16.07Z", "LastModifiedDate": "2026-02-06T17:16:22.237Z" }, { "VulnerabilityID": "CVE-2026-23066", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23066", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:861314500b9e429b1c9009bfffa4510a2ab6cd9fe51dbfbf2fe92458b2079506", "Title": "kernel: Linux kernel: Denial of Service via unsafe requeue in rxrpc_recvmsg", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix recvmsg() unconditional requeue\n\nIf rxrpc_recvmsg() fails because MSG_DONTWAIT was specified but the call at\nthe front of the recvmsg queue already has its mutex locked, it requeues\nthe call - whether or not the call is already queued. The call may be on\nthe queue because MSG_PEEK was also passed and so the call was not dequeued\nor because the I/O thread requeued it.\n\nThe unconditional requeue may then corrupt the recvmsg queue, leading to\nthings like UAFs or refcount underruns.\n\nFix this by only requeuing the call if it isn't already on the queue - and\nmoving it to the front if it is already queued. If we don't queue it, we\nhave to put the ref we obtained by dequeuing it.\n\nAlso, MSG_PEEK doesn't dequeue the call so shouldn't call\nrxrpc_notify_socket() for the call if we didn't use up all the data on the\nqueue, so fix that also.", "Severity": "MEDIUM", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23066", "https://git.kernel.org/linus/2c28769a51deb6022d7fbd499987e237a01dd63a (6.19-rc7)", "https://git.kernel.org/stable/c/0464bf75590da75b8413c3e758c04647b4cdb3c6", "https://git.kernel.org/stable/c/2c28769a51deb6022d7fbd499987e237a01dd63a", "https://git.kernel.org/stable/c/930114425065f7ace6e0c0630fab4af75e059ea8", "https://git.kernel.org/stable/c/cf969bddd6e69c5777fa89dc88402204e72f312a", "https://lore.kernel.org/linux-cve-announce/2026020416-CVE-2026-23066-8e44@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23066", "https://www.cve.org/CVERecord?id=CVE-2026-23066" ], "PublishedDate": "2026-02-04T17:16:17.303Z", "LastModifiedDate": "2026-04-03T14:16:22.383Z" }, { "VulnerabilityID": "CVE-2026-23068", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23068", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:eeaa8860097f09a1d40d8850c917569f8020c47b6ada01f3a923acc2ecfad15c", "Title": "kernel: spi: spi-sprd-adi: Fix double free in probe error path", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: spi-sprd-adi: Fix double free in probe error path\n\nThe driver currently uses spi_alloc_host() to allocate the controller\nbut registers it using devm_spi_register_controller().\n\nIf devm_register_restart_handler() fails, the code jumps to the\nput_ctlr label and calls spi_controller_put(). However, since the\ncontroller was registered via a devm function, the device core will\nautomatically call spi_controller_put() again when the probe fails.\nThis results in a double-free of the spi_controller structure.\n\nFix this by switching to devm_spi_alloc_host() and removing the\nmanual spi_controller_put() call.", "Severity": "MEDIUM", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "azure": 3, "nvd": 3, "photon": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23068", "https://git.kernel.org/linus/383d4f5cffcc8df930d95b06518a9d25a6d74aac (6.19-rc7)", "https://git.kernel.org/stable/c/346775f2b4cf839177e8e86b94aa180a06dc15b0", "https://git.kernel.org/stable/c/383d4f5cffcc8df930d95b06518a9d25a6d74aac", "https://git.kernel.org/stable/c/417cdfd9b9f986e95bfcb1d68eb443e6e0a15f8c", "https://git.kernel.org/stable/c/bddd3d10d039729b81cfb0804520c8832a701a0e", "https://git.kernel.org/stable/c/f6d6b3f172df118db582fe5ec43ae223a55d99cf", "https://lore.kernel.org/linux-cve-announce/2026020417-CVE-2026-23068-0852@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23068", "https://www.cve.org/CVERecord?id=CVE-2026-23068" ], "PublishedDate": "2026-02-04T17:16:17.5Z", "LastModifiedDate": "2026-03-13T21:27:37.353Z" }, { "VulnerabilityID": "CVE-2026-23069", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23069", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:404eb5d8edb2b9db440239ced5aa61e06899be7e1b80dbfedec0c7e1eb9af25a", "Title": "kernel: vsock/virtio: fix potential underflow in virtio_transport_get_credit()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/virtio: fix potential underflow in virtio_transport_get_credit()\n\nThe credit calculation in virtio_transport_get_credit() uses unsigned\narithmetic:\n\n ret = vvs-\u003epeer_buf_alloc - (vvs-\u003etx_cnt - vvs-\u003epeer_fwd_cnt);\n\nIf the peer shrinks its advertised buffer (peer_buf_alloc) while bytes\nare in flight, the subtraction can underflow and produce a large\npositive value, potentially allowing more data to be queued than the\npeer can handle.\n\nReuse virtio_transport_has_space() which already handles this case and\nadd a comment to make it clear why we are doing that.\n\n[Stefano: use virtio_transport_has_space() instead of duplicating the code]\n[Stefano: tweak the commit message]", "Severity": "MEDIUM", "CweIDs": [ "CWE-191" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23069", "https://git.kernel.org/linus/3ef3d52a1a9860d094395c7a3e593f3aa26ff012 (6.19-rc7)", "https://git.kernel.org/stable/c/02f9af192b98d15883c70dd41ac76d1b0217c899", "https://git.kernel.org/stable/c/3ef3d52a1a9860d094395c7a3e593f3aa26ff012", "https://git.kernel.org/stable/c/d05bc313788f0684b27f0f5b60c52a844669b542", "https://git.kernel.org/stable/c/d96de882d6b99955604669d962ae14e94b66a551", "https://git.kernel.org/stable/c/ec0f1b3da8061be3173d1c39faaf9504f91942c3", "https://linux.oracle.com/cve/CVE-2026-23069.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026020417-CVE-2026-23069-d026@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23069", "https://www.cve.org/CVERecord?id=CVE-2026-23069" ], "PublishedDate": "2026-02-04T17:16:17.61Z", "LastModifiedDate": "2026-03-13T21:27:26.643Z" }, { "VulnerabilityID": "CVE-2026-23086", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23086", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b88b07a7aea934de561f48626fcd012b60715b81bc2dcbe45cbeead705b47d73", "Title": "kernel: vsock/virtio: cap TX credit to local buffer size", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/virtio: cap TX credit to local buffer size\n\nThe virtio transports derives its TX credit directly from peer_buf_alloc,\nwhich is set from the remote endpoint's SO_VM_SOCKETS_BUFFER_SIZE value.\n\nOn the host side this means that the amount of data we are willing to\nqueue for a connection is scaled by a guest-chosen buffer size, rather\nthan the host's own vsock configuration. A malicious guest can advertise\na large buffer and read slowly, causing the host to allocate a\ncorrespondingly large amount of sk_buff memory.\nThe same thing would happen in the guest with a malicious host, since\nvirtio transports share the same code base.\n\nIntroduce a small helper, virtio_transport_tx_buf_size(), that\nreturns min(peer_buf_alloc, buf_alloc), and use it wherever we consume\npeer_buf_alloc.\n\nThis ensures the effective TX window is bounded by both the peer's\nadvertised buffer and our own buf_alloc (already clamped to\nbuffer_max_size via SO_VM_SOCKETS_BUFFER_MAX_SIZE), so a remote peer\ncannot force the other to queue more data than allowed by its own\nvsock settings.\n\nOn an unpatched Ubuntu 22.04 host (~64 GiB RAM), running a PoC with\n32 guest vsock connections advertising 2 GiB each and reading slowly\ndrove Slab/SUnreclaim from ~0.5 GiB to ~57 GiB; the system only\nrecovered after killing the QEMU process. That said, if QEMU memory is\nlimited with cgroups, the maximum memory used will be limited.\n\nWith this patch applied:\n\n Before:\n MemFree: ~61.6 GiB\n Slab: ~142 MiB\n SUnreclaim: ~117 MiB\n\n After 32 high-credit connections:\n MemFree: ~61.5 GiB\n Slab: ~178 MiB\n SUnreclaim: ~152 MiB\n\nOnly ~35 MiB increase in Slab/SUnreclaim, no host OOM, and the guest\nremains responsive.\n\nCompatibility with non-virtio transports:\n\n - VMCI uses the AF_VSOCK buffer knobs to size its queue pairs per\n socket based on the local vsk-\u003ebuffer_* values; the remote side\n cannot enlarge those queues beyond what the local endpoint\n configured.\n\n - Hyper-V's vsock transport uses fixed-size VMBus ring buffers and\n an MTU bound; there is no peer-controlled credit field comparable\n to peer_buf_alloc, and the remote endpoint cannot drive in-flight\n kernel memory above those ring sizes.\n\n - The loopback path reuses virtio_transport_common.c, so it\n naturally follows the same semantics as the virtio transport.\n\nThis change is limited to virtio_transport_common.c and thus affects\nvirtio-vsock, vhost-vsock, and loopback, bringing them in line with the\n\"remote window intersected with local policy\" behaviour that VMCI and\nHyper-V already effectively have.\n\n[Stefano: small adjustments after changing the previous patch]\n[Stefano: tweak the commit message]", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23086", "https://git.kernel.org/linus/8ee784fdf006cbe8739cfa093f54d326cbf54037 (6.19-rc7)", "https://git.kernel.org/stable/c/84ef86aa7120449828d1e0ce438c499014839711", "https://git.kernel.org/stable/c/8ee784fdf006cbe8739cfa093f54d326cbf54037", "https://git.kernel.org/stable/c/c0e42fb0e054c2b2ec4ee80f48ccd256ae0227ce", "https://git.kernel.org/stable/c/d9d5f222558b42f6277eafaaa6080966faf37676", "https://git.kernel.org/stable/c/fef7110ae5617555c792a2bb4d27878d84583adf", "https://linux.oracle.com/cve/CVE-2026-23086.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026020423-CVE-2026-23086-9ad9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23086", "https://www.cve.org/CVERecord?id=CVE-2026-23086" ], "PublishedDate": "2026-02-04T17:16:19.467Z", "LastModifiedDate": "2026-03-17T21:10:14.74Z" }, { "VulnerabilityID": "CVE-2026-23088", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23088", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:775a78cb5a896d8e88745c70b4f11610a8c867e6c6fe22911508cbd4c63ea4c9", "Title": "kernel: tracing: Fix crash on synthetic stacktrace field usage", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix crash on synthetic stacktrace field usage\n\nWhen creating a synthetic event based on an existing synthetic event that\nhad a stacktrace field and the new synthetic event used that field a\nkernel crash occurred:\n\n ~# cd /sys/kernel/tracing\n ~# echo 's:stack unsigned long stack[];' \u003e dynamic_events\n ~# echo 'hist:keys=prev_pid:s0=common_stacktrace if prev_state \u0026 3' \u003e\u003e events/sched/sched_switch/trigger\n ~# echo 'hist:keys=next_pid:s1=$s0:onmatch(sched.sched_switch).trace(stack,$s1)' \u003e\u003e events/sched/sched_switch/trigger\n\nThe above creates a synthetic event that takes a stacktrace when a task\nschedules out in a non-running state and passes that stacktrace to the\nsched_switch event when that task schedules back in. It triggers the\n\"stack\" synthetic event that has a stacktrace as its field (called \"stack\").\n\n ~# echo 's:syscall_stack s64 id; unsigned long stack[];' \u003e\u003e dynamic_events\n ~# echo 'hist:keys=common_pid:s2=stack' \u003e\u003e events/synthetic/stack/trigger\n ~# echo 'hist:keys=common_pid:s3=$s2,i0=id:onmatch(synthetic.stack).trace(syscall_stack,$i0,$s3)' \u003e\u003e events/raw_syscalls/sys_exit/trigger\n\nThe above makes another synthetic event called \"syscall_stack\" that\nattaches the first synthetic event (stack) to the sys_exit trace event and\nrecords the stacktrace from the stack event with the id of the system call\nthat is exiting.\n\nWhen enabling this event (or using it in a historgram):\n\n ~# echo 1 \u003e events/synthetic/syscall_stack/enable\n\nProduces a kernel crash!\n\n BUG: unable to handle page fault for address: 0000000000400010\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] SMP PTI\n CPU: 6 UID: 0 PID: 1257 Comm: bash Not tainted 6.16.3+deb14-amd64 #1 PREEMPT(lazy) Debian 6.16.3-1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.17.0-debian-1.17.0-1 04/01/2014\n RIP: 0010:trace_event_raw_event_synth+0x90/0x380\n Code: c5 00 00 00 00 85 d2 0f 84 e1 00 00 00 31 db eb 34 0f 1f 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 66 2e 0f 1f 84 00 00 00 00 00 \u003c49\u003e 8b 04 24 48 83 c3 01 8d 0c c5 08 00 00 00 01 cd 41 3b 5d 40 0f\n RSP: 0018:ffffd2670388f958 EFLAGS: 00010202\n RAX: ffff8ba1065cc100 RBX: 0000000000000000 RCX: 0000000000000000\n RDX: 0000000000000001 RSI: fffff266ffda7b90 RDI: ffffd2670388f9b0\n RBP: 0000000000000010 R08: ffff8ba104e76000 R09: ffffd2670388fa50\n R10: ffff8ba102dd42e0 R11: ffffffff9a908970 R12: 0000000000400010\n R13: ffff8ba10a246400 R14: ffff8ba10a710220 R15: fffff266ffda7b90\n FS: 00007fa3bc63f740(0000) GS:ffff8ba2e0f48000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000400010 CR3: 0000000107f9e003 CR4: 0000000000172ef0\n Call Trace:\n \u003cTASK\u003e\n ? __tracing_map_insert+0x208/0x3a0\n action_trace+0x67/0x70\n event_hist_trigger+0x633/0x6d0\n event_triggers_call+0x82/0x130\n trace_event_buffer_commit+0x19d/0x250\n trace_event_raw_event_sys_exit+0x62/0xb0\n syscall_exit_work+0x9d/0x140\n do_syscall_64+0x20a/0x2f0\n ? trace_event_raw_event_sched_switch+0x12b/0x170\n ? save_fpregs_to_fpstate+0x3e/0x90\n ? _raw_spin_unlock+0xe/0x30\n ? finish_task_switch.isra.0+0x97/0x2c0\n ? __rseq_handle_notify_resume+0xad/0x4c0\n ? __schedule+0x4b8/0xd00\n ? restore_fpregs_from_fpstate+0x3c/0x90\n ? switch_fpu_return+0x5b/0xe0\n ? do_syscall_64+0x1ef/0x2f0\n ? do_fault+0x2e9/0x540\n ? __handle_mm_fault+0x7d1/0xf70\n ? count_memcg_events+0x167/0x1d0\n ? handle_mm_fault+0x1d7/0x2e0\n ? do_user_addr_fault+0x2c3/0x7f0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe reason is that the stacktrace field is not labeled as such, and is\ntreated as a normal field and not as a dynamic event that it is.\n\nIn trace_event_raw_event_synth() the event is field is still treated as a\ndynamic array, but the retrieval of the data is considered a normal field,\nand the reference is just the meta data:\n\n// Meta data is retrieved instead of a dynamic array\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23088", "https://git.kernel.org/linus/90f9f5d64cae4e72defd96a2a22760173cb3c9ec (6.19-rc7)", "https://git.kernel.org/stable/c/327af07dff6ab5650b21491eb4f69694999ff3d1", "https://git.kernel.org/stable/c/3b90d099efa2b67239bd3b3dc3521ec584261748", "https://git.kernel.org/stable/c/90f9f5d64cae4e72defd96a2a22760173cb3c9ec", "https://git.kernel.org/stable/c/98ecbfb2598c9c7ca755a29f402da9d36c057077", "https://linux.oracle.com/cve/CVE-2026-23088.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026020424-CVE-2026-23088-e0da@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23088", "https://www.cve.org/CVERecord?id=CVE-2026-23088" ], "PublishedDate": "2026-02-04T17:16:19.673Z", "LastModifiedDate": "2026-03-17T21:09:54.317Z" }, { "VulnerabilityID": "CVE-2026-23100", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23100", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2c2ea620b3ec838929c7fc4eaad5221c5de2cfe125109e0b8fdcc60c92b8480b", "Title": "kernel: mm/hugetlb: fix hugetlb_pmd_shared()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: fix hugetlb_pmd_shared()\n\nPatch series \"mm/hugetlb: fixes for PMD table sharing (incl. using\nmmu_gather)\", v3.\n\nOne functional fix, one performance regression fix, and two related\ncomment fixes.\n\nI cleaned up my prototype I recently shared [1] for the performance fix,\ndeferring most of the cleanups I had in the prototype to a later point. \nWhile doing that I identified the other things.\n\nThe goal of this patch set is to be backported to stable trees \"fairly\"\neasily. At least patch #1 and #4.\n\nPatch #1 fixes hugetlb_pmd_shared() not detecting any sharing\nPatch #2 + #3 are simple comment fixes that patch #4 interacts with.\nPatch #4 is a fix for the reported performance regression due to excessive\nIPI broadcasts during fork()+exit().\n\nThe last patch is all about TLB flushes, IPIs and mmu_gather.\nRead: complicated\n\nThere are plenty of cleanups in the future to be had + one reasonable\noptimization on x86. But that's all out of scope for this series.\n\nRuntime tested, with a focus on fixing the performance regression using\nthe original reproducer [2] on x86.\n\n\nThis patch (of 4):\n\nWe switched from (wrongly) using the page count to an independent shared\ncount. Now, shared page tables have a refcount of 1 (excluding\nspeculative references) and instead use ptdesc-\u003ept_share_count to identify\nsharing.\n\nWe didn't convert hugetlb_pmd_shared(), so right now, we would never\ndetect a shared PMD table as such, because sharing/unsharing no longer\ntouches the refcount of a PMD table.\n\nPage migration, like mbind() or migrate_pages() would allow for migrating\nfolios mapped into such shared PMD tables, even though the folios are not\nexclusive. In smaps we would account them as \"private\" although they are\n\"shared\", and we would be wrongly setting the PM_MMAP_EXCLUSIVE in the\npagemap interface.\n\nFix it by properly using ptdesc_pmd_is_shared() in hugetlb_pmd_shared().", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 2, "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23100", "https://git.kernel.org/linus/ca1a47cd3f5f4c46ca188b1c9a27af87d1ab2216 (6.19-rc7)", "https://git.kernel.org/stable/c/3a18b452dd5f7f1652c2e92f8ae769aa17a66c9e", "https://git.kernel.org/stable/c/51dcf459845fd28f5a0d83d408a379b274ec5cc5", "https://git.kernel.org/stable/c/5b2aec77f92265a9028c5f632bdd9af5b57ec3a3", "https://git.kernel.org/stable/c/69c4e241ff13545d410a8b2a688c932182a858bf", "https://git.kernel.org/stable/c/ca1a47cd3f5f4c46ca188b1c9a27af87d1ab2216", "https://linux.oracle.com/cve/CVE-2026-23100.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026020428-CVE-2026-23100-b482@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23100", "https://www.cve.org/CVERecord?id=CVE-2026-23100" ], "PublishedDate": "2026-02-04T17:16:20.88Z", "LastModifiedDate": "2026-03-25T11:16:18.37Z" }, { "VulnerabilityID": "CVE-2026-23110", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23110", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a6ec35b7b2d8136cc181f61d7f2afecc36b8c6e5564226b82b93f15515d0c091", "Title": "kernel: scsi: core: Wake up the error handler when final completions race against each other", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: core: Wake up the error handler when final completions race against each other\n\nThe fragile ordering between marking commands completed or failed so\nthat the error handler only wakes when the last running command\ncompletes or times out has race conditions. These race conditions can\ncause the SCSI layer to fail to wake the error handler, leaving I/O\nthrough the SCSI host stuck as the error state cannot advance.\n\nFirst, there is an memory ordering issue within scsi_dec_host_busy().\nThe write which clears SCMD_STATE_INFLIGHT may be reordered with reads\ncounting in scsi_host_busy(). While the local CPU will see its own\nwrite, reordering can allow other CPUs in scsi_dec_host_busy() or\nscsi_eh_inc_host_failed() to see a raised busy count, causing no CPU to\nsee a host busy equal to the host_failed count.\n\nThis race condition can be prevented with a memory barrier on the error\npath to force the write to be visible before counting host busy\ncommands.\n\nSecond, there is a general ordering issue with scsi_eh_inc_host_failed(). By\ncounting busy commands before incrementing host_failed, it can race with a\nfinal command in scsi_dec_host_busy(), such that scsi_dec_host_busy() does\nnot see host_failed incremented but scsi_eh_inc_host_failed() counts busy\ncommands before SCMD_STATE_INFLIGHT is cleared by scsi_dec_host_busy(),\nresulting in neither waking the error handler task.\n\nThis needs the call to scsi_host_busy() to be moved after host_failed is\nincremented to close the race condition.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23110", "https://git.kernel.org/linus/fe2f8ad6f0999db3b318359a01ee0108c703a8c3 (6.19-rc7)", "https://git.kernel.org/stable/c/219f009ebfd1ef3970888ee9eef4c8a06357f862", "https://git.kernel.org/stable/c/64ae21b9c4f0c7e60cf47a53fa7ab68852079ef0", "https://git.kernel.org/stable/c/6d9a367be356101963c249ebf10ea10b32886607", "https://git.kernel.org/stable/c/9fdc6f28d5e81350ab1d2cac8389062bd09e61e1", "https://git.kernel.org/stable/c/cc872e35c0df80062abc71268d690a2f749e542e", "https://git.kernel.org/stable/c/fe2f8ad6f0999db3b318359a01ee0108c703a8c3", "https://linux.oracle.com/cve/CVE-2026-23110.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026020431-CVE-2026-23110-56b1@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23110", "https://www.cve.org/CVERecord?id=CVE-2026-23110" ], "PublishedDate": "2026-02-04T17:16:21.88Z", "LastModifiedDate": "2026-03-18T14:12:01.923Z" }, { "VulnerabilityID": "CVE-2026-23113", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23113", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b00280bee5c8bcae718ea5301768b8bb184a609872a8dc2f5c2fc4049d444c51", "Title": "kernel: io_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop\n\nCurrently this is checked before running the pending work. Normally this\nis quite fine, as work items either end up blocking (which will create a\nnew worker for other items), or they complete fairly quickly. But syzbot\nreports an issue where io-wq takes seemingly forever to exit, and with a\nbit of debugging, this turns out to be because it queues a bunch of big\n(2GB - 4096b) reads with a /dev/msr* file. Since this file type doesn't\nsupport -\u003eread_iter(), loop_rw_iter() ends up handling them. Each read\nreturns 16MB of data read, which takes 20 (!!) seconds. With a bunch of\nthese pending, processing the whole chain can take a long time. Easily\nlonger than the syzbot uninterruptible sleep timeout of 140 seconds.\nThis then triggers a complaint off the io-wq exit path:\n\nINFO: task syz.4.135:6326 blocked for more than 143 seconds.\n Not tainted syzkaller #0\n Blocked by coredump.\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:syz.4.135 state:D stack:26824 pid:6326 tgid:6324 ppid:5957 task_flags:0x400548 flags:0x00080000\nCall Trace:\n \u003cTASK\u003e\n context_switch kernel/sched/core.c:5256 [inline]\n __schedule+0x1139/0x6150 kernel/sched/core.c:6863\n __schedule_loop kernel/sched/core.c:6945 [inline]\n schedule+0xe7/0x3a0 kernel/sched/core.c:6960\n schedule_timeout+0x257/0x290 kernel/time/sleep_timeout.c:75\n do_wait_for_common kernel/sched/completion.c:100 [inline]\n __wait_for_common+0x2fc/0x4e0 kernel/sched/completion.c:121\n io_wq_exit_workers io_uring/io-wq.c:1328 [inline]\n io_wq_put_and_exit+0x271/0x8a0 io_uring/io-wq.c:1356\n io_uring_clean_tctx+0x10d/0x190 io_uring/tctx.c:203\n io_uring_cancel_generic+0x69c/0x9a0 io_uring/cancel.c:651\n io_uring_files_cancel include/linux/io_uring.h:19 [inline]\n do_exit+0x2ce/0x2bd0 kernel/exit.c:911\n do_group_exit+0xd3/0x2a0 kernel/exit.c:1112\n get_signal+0x2671/0x26d0 kernel/signal.c:3034\n arch_do_signal_or_restart+0x8f/0x7e0 arch/x86/kernel/signal.c:337\n __exit_to_user_mode_loop kernel/entry/common.c:41 [inline]\n exit_to_user_mode_loop+0x8c/0x540 kernel/entry/common.c:75\n __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]\n syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]\n syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline]\n syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline]\n do_syscall_64+0x4ee/0xf80 arch/x86/entry/syscall_64.c:100\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fa02738f749\nRSP: 002b:00007fa0281ae0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca\nRAX: fffffffffffffe00 RBX: 00007fa0275e6098 RCX: 00007fa02738f749\nRDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fa0275e6098\nRBP: 00007fa0275e6090 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007fa0275e6128 R14: 00007fff14e4fcb0 R15: 00007fff14e4fd98\n\nThere's really nothing wrong here, outside of processing these reads\nwill take a LONG time. However, we can speed up the exit by checking the\nIO_WQ_BIT_EXIT inside the io_worker_handle_work() loop, as syzbot will\nexit the ring after queueing up all of these reads. Then once the first\nitem is processed, io-wq will simply cancel the rest. That should avoid\nsyzbot running into this complaint again.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 3, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23113", "https://git.kernel.org/linus/10dc959398175736e495f71c771f8641e1ca1907 (6.19-rc7)", "https://git.kernel.org/stable/c/10dc959398175736e495f71c771f8641e1ca1907", "https://git.kernel.org/stable/c/2e8ca1078b14142db2ce51cbd18ff9971560046b", "https://git.kernel.org/stable/c/85eb83694a91c89d9abe615d717c0053c3efa714", "https://git.kernel.org/stable/c/bdf0bf73006ea8af9327cdb85cfdff4c23a5f966", "https://git.kernel.org/stable/c/d05d99573f81a091547b1778b9a50120f5d6c68a", "https://linux.oracle.com/cve/CVE-2026-23113.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026021405-CVE-2026-23113-a027@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23113", "https://www.cve.org/CVERecord?id=CVE-2026-23113" ], "PublishedDate": "2026-02-14T15:16:06.38Z", "LastModifiedDate": "2026-03-25T11:16:18.723Z" }, { "VulnerabilityID": "CVE-2026-23118", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23118", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1a0eb14863d49ff3eb6633f74236ba51a2b1fee418f04e3a1133e2b50a77150d", "Title": "kernel: rxrpc: Fix data-race warning and potential load/store tearing", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix data-race warning and potential load/store tearing\n\nFix the following:\n\n BUG: KCSAN: data-race in rxrpc_peer_keepalive_worker / rxrpc_send_data_packet\n\nwhich is reporting an issue with the reads and writes to -\u003elast_tx_at in:\n\n conn-\u003epeer-\u003elast_tx_at = ktime_get_seconds();\n\nand:\n\n keepalive_at = peer-\u003elast_tx_at + RXRPC_KEEPALIVE_TIME;\n\nThe lockless accesses to these to values aren't actually a problem as the\nread only needs an approximate time of last transmission for the purposes\nof deciding whether or not the transmission of a keepalive packet is\nwarranted yet.\n\nAlso, as -\u003elast_tx_at is a 64-bit value, tearing can occur on a 32-bit\narch.\n\nFix both of these by switching to an unsigned int for -\u003elast_tx_at and only\nstoring the LSW of the time64_t. It can then be reconstructed at need\nprovided no more than 68 years has elapsed since the last transmission.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23118", "https://git.kernel.org/linus/5d5fe8bcd331f1e34e0943ec7c18432edfcf0e8b (6.19-rc7)", "https://git.kernel.org/stable/c/5d5fe8bcd331f1e34e0943ec7c18432edfcf0e8b", "https://git.kernel.org/stable/c/a426f29ac3fa3465093567ab763ada46762fb57c", "https://git.kernel.org/stable/c/c08cf314191cd0f8699089715efb9eff030f0086", "https://git.kernel.org/stable/c/f8cf1368e0a5491b27189a695c36f64e48f3d19d", "https://linux.oracle.com/cve/CVE-2026-23118.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026021407-CVE-2026-23118-7579@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23118", "https://www.cve.org/CVERecord?id=CVE-2026-23118" ], "PublishedDate": "2026-02-14T15:16:06.933Z", "LastModifiedDate": "2026-03-25T11:16:18.923Z" }, { "VulnerabilityID": "CVE-2026-23126", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23126", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:446cbf4f12d6e5268937e7fdb617cbcb47afc77a2c15aedabf589b68b1e67730", "Title": "kernel: Linux kernel: Denial of Service in netdevsim due to race condition in BPF program list operations", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetdevsim: fix a race issue related to the operation on bpf_bound_progs list\n\nThe netdevsim driver lacks a protection mechanism for operations on the\nbpf_bound_progs list. When the nsim_bpf_create_prog() performs\nlist_add_tail, it is possible that nsim_bpf_destroy_prog() is\nsimultaneously performs list_del. Concurrent operations on the list may\nlead to list corruption and trigger a kernel crash as follows:\n\n[ 417.290971] kernel BUG at lib/list_debug.c:62!\n[ 417.290983] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n[ 417.290992] CPU: 10 PID: 168 Comm: kworker/10:1 Kdump: loaded Not tainted 6.19.0-rc5 #1\n[ 417.291003] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 417.291007] Workqueue: events bpf_prog_free_deferred\n[ 417.291021] RIP: 0010:__list_del_entry_valid_or_report+0xa7/0xc0\n[ 417.291034] Code: a8 ff 0f 0b 48 89 fe 48 89 ca 48 c7 c7 48 a1 eb ae e8 ed fb a8 ff 0f 0b 48 89 fe 48 89 c2 48 c7 c7 80 a1 eb ae e8 d9 fb a8 ff \u003c0f\u003e 0b 48 89 d1 48 c7 c7 d0 a1 eb ae 48 89 f2 48 89 c6 e8 c2 fb a8\n[ 417.291040] RSP: 0018:ffffb16a40807df8 EFLAGS: 00010246\n[ 417.291046] RAX: 000000000000006d RBX: ffff8e589866f500 RCX: 0000000000000000\n[ 417.291051] RDX: 0000000000000000 RSI: ffff8e59f7b23180 RDI: ffff8e59f7b23180\n[ 417.291055] RBP: ffffb16a412c9000 R08: 0000000000000000 R09: 0000000000000003\n[ 417.291059] R10: ffffb16a40807c80 R11: ffffffffaf9edce8 R12: ffff8e594427ac20\n[ 417.291063] R13: ffff8e59f7b44780 R14: ffff8e58800b7a05 R15: 0000000000000000\n[ 417.291074] FS: 0000000000000000(0000) GS:ffff8e59f7b00000(0000) knlGS:0000000000000000\n[ 417.291079] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 417.291083] CR2: 00007fc4083efe08 CR3: 00000001c3626006 CR4: 0000000000770ee0\n[ 417.291088] PKRU: 55555554\n[ 417.291091] Call Trace:\n[ 417.291096] \u003cTASK\u003e\n[ 417.291103] nsim_bpf_destroy_prog+0x31/0x80 [netdevsim]\n[ 417.291154] __bpf_prog_offload_destroy+0x2a/0x80\n[ 417.291163] bpf_prog_dev_bound_destroy+0x6f/0xb0\n[ 417.291171] bpf_prog_free_deferred+0x18e/0x1a0\n[ 417.291178] process_one_work+0x18a/0x3a0\n[ 417.291188] worker_thread+0x27b/0x3a0\n[ 417.291197] ? __pfx_worker_thread+0x10/0x10\n[ 417.291207] kthread+0xe5/0x120\n[ 417.291214] ? __pfx_kthread+0x10/0x10\n[ 417.291221] ret_from_fork+0x31/0x50\n[ 417.291230] ? __pfx_kthread+0x10/0x10\n[ 417.291236] ret_from_fork_asm+0x1a/0x30\n[ 417.291246] \u003c/TASK\u003e\n\nAdd a mutex lock, to prevent simultaneous addition and deletion operations\non the list.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H", "V3Score": 6.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23126", "https://git.kernel.org/linus/b97d5eedf4976cc94321243be83b39efe81a0e15 (6.19-rc7)", "https://git.kernel.org/stable/c/3f560cfc7706029294132482fff5d1bc7884b70d", "https://git.kernel.org/stable/c/68462ecc40ea8f780fb3c74ebfddd05506bb731b", "https://git.kernel.org/stable/c/b97d5eedf4976cc94321243be83b39efe81a0e15", "https://git.kernel.org/stable/c/d77379ca82efcb2fe563359cc795027d680410db", "https://git.kernel.org/stable/c/f1f9cfd2f46a73b7de2982d01be822eac3a0efaa", "https://linux.oracle.com/cve/CVE-2026-23126.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026021409-CVE-2026-23126-b259@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23126", "https://www.cve.org/CVERecord?id=CVE-2026-23126" ], "PublishedDate": "2026-02-14T15:16:07.853Z", "LastModifiedDate": "2026-03-18T14:50:12.257Z" }, { "VulnerabilityID": "CVE-2026-23137", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23137", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:99e89de472a7f2cfc300cc702861a9273cbc7fb03cb51a1722b7bd86086a289e", "Title": "kernel: of: unittest: Fix memory leak in unittest_data_add()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nof: unittest: Fix memory leak in unittest_data_add()\n\nIn unittest_data_add(), if of_resolve_phandles() fails, the allocated\nunittest_data is not freed, leading to a memory leak.\n\nFix this by using scope-based cleanup helper __free(kfree) for automatic\nresource cleanup. This ensures unittest_data is automatically freed when\nit goes out of scope in error paths.\n\nFor the success path, use retain_and_null_ptr() to transfer ownership\nof the memory to the device tree and prevent double freeing.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23137", "https://git.kernel.org/linus/235a1eb8d2dcc49a6cf0a5ee1aa85544a5d0054b (6.19-rc5)", "https://git.kernel.org/stable/c/235a1eb8d2dcc49a6cf0a5ee1aa85544a5d0054b", "https://git.kernel.org/stable/c/f09b0f705bd7197863b90256ef533a6414d1db2c", "https://lore.kernel.org/linux-cve-announce/2026021429-CVE-2026-23137-b77f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23137", "https://www.cve.org/CVERecord?id=CVE-2026-23137" ], "PublishedDate": "2026-02-14T16:15:53.703Z", "LastModifiedDate": "2026-03-17T21:15:45.09Z" }, { "VulnerabilityID": "CVE-2026-23138", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23138", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:80cc39339c19ec5232918f2bc93ed9e913ce9c36e7cfb7a0a10ec28f26f05811", "Title": "kernel: tracing: Add recursion protection in kernel stack trace recording", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Add recursion protection in kernel stack trace recording\n\nA bug was reported about an infinite recursion caused by tracing the rcu\nevents with the kernel stack trace trigger enabled. The stack trace code\ncalled back into RCU which then called the stack trace again.\n\nExpand the ftrace recursion protection to add a set of bits to protect\nevents from recursion. Each bit represents the context that the event is\nin (normal, softirq, interrupt and NMI).\n\nHave the stack trace code use the interrupt context to protect against\nrecursion.\n\nNote, the bug showed an issue in both the RCU code as well as the tracing\nstacktrace code. This only handles the tracing stack trace side of the\nbug. The RCU fix will be handled separately.", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23138", "https://git.kernel.org/linus/5f1ef0dfcb5b7f4a91a9b0e0ba533efd9f7e2cdb (6.19-rc5)", "https://git.kernel.org/stable/c/19e18e6dabb1bbba76d2809ca7d8ae9e1f5975fe", "https://git.kernel.org/stable/c/5b7f91acffd2c4c000971553d22efa1e1bb4feae", "https://git.kernel.org/stable/c/5f1ef0dfcb5b7f4a91a9b0e0ba533efd9f7e2cdb", "https://git.kernel.org/stable/c/9b03768037d91ce727effb1c5d92d2c7781bf692", "https://lore.kernel.org/linux-cve-announce/2026021429-CVE-2026-23138-9853@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23138", "https://www.cve.org/CVERecord?id=CVE-2026-23138" ], "PublishedDate": "2026-02-14T16:15:53.83Z", "LastModifiedDate": "2026-03-25T11:16:19.087Z" }, { "VulnerabilityID": "CVE-2026-23141", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23141", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:59566faf9b829771048e0cc37924ef5828611721fd967535035911e761a5487a", "Title": "kernel: btrfs: send: check for inline extents in range_is_hole_in_parent()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: send: check for inline extents in range_is_hole_in_parent()\n\nBefore accessing the disk_bytenr field of a file extent item we need\nto check if we are dealing with an inline extent.\nThis is because for inline extents their data starts at the offset of\nthe disk_bytenr field. So accessing the disk_bytenr\nmeans we are accessing inline data or in case the inline data is less\nthan 8 bytes we can actually cause an invalid\nmemory access if this inline extent item is the first item in the leaf\nor access metadata from other items.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23141", "https://git.kernel.org/linus/08b096c1372cd69627f4f559fb47c9fb67a52b39 (6.19-rc6)", "https://git.kernel.org/stable/c/08b096c1372cd69627f4f559fb47c9fb67a52b39", "https://git.kernel.org/stable/c/39f83f10772310ba4a77f2b5256aaf36994ef7e8", "https://git.kernel.org/stable/c/d948055bd46a9c14d1d4217aed65c5c258c32903", "https://git.kernel.org/stable/c/db00636643e66898d79f2530ac9c56ebd5eca369", "https://git.kernel.org/stable/c/f2dc6ab3a14c2d2eb0b14783427eb9b03bf631c9", "https://linux.oracle.com/cve/CVE-2026-23141.html", "https://linux.oracle.com/errata/ELSA-2026-50144.html", "https://lore.kernel.org/linux-cve-announce/2026021415-CVE-2026-23141-c6bd@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23141", "https://www.cve.org/CVERecord?id=CVE-2026-23141" ], "PublishedDate": "2026-02-14T16:15:54.163Z", "LastModifiedDate": "2026-03-25T11:16:19.24Z" }, { "VulnerabilityID": "CVE-2026-23154", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23154", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d4c154fa68f32f939ba0f1922ff256dd85c5165d3ec872e82aedc0403d2d5657", "Title": "kernel: net: fix segmentation of forwarding fraglist GRO", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix segmentation of forwarding fraglist GRO\n\nThis patch enhances GSO segment handling by properly checking\nthe SKB_GSO_DODGY flag for frag_list GSO packets, addressing\nlow throughput issues observed when a station accesses IPv4\nservers via hotspots with an IPv6-only upstream interface.\n\nSpecifically, it fixes a bug in GSO segmentation when forwarding\nGRO packets containing a frag_list. The function skb_segment_list\ncannot correctly process GRO skbs that have been converted by XLAT,\nsince XLAT only translates the header of the head skb. Consequently,\nskbs in the frag_list may remain untranslated, resulting in protocol\ninconsistencies and reduced throughput.\n\nTo address this, the patch explicitly sets the SKB_GSO_DODGY flag\nfor GSO packets in XLAT's IPv4/IPv6 protocol translation helpers\n(bpf_skb_proto_4_to_6 and bpf_skb_proto_6_to_4). This marks GSO\npackets as potentially modified after protocol translation. As a\nresult, GSO segmentation will avoid using skb_segment_list and\ninstead falls back to skb_segment for packets with the SKB_GSO_DODGY\nflag. This ensures that only safe and fully translated frag_list\npackets are processed by skb_segment_list, resolving protocol\ninconsistencies and improving throughput when forwarding GRO packets\nconverted by XLAT.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23154", "https://git.kernel.org/linus/426ca15c7f6cb6562a081341ca88893a50c59fa2 (6.19-rc8)", "https://git.kernel.org/stable/c/2cbef9ea5a0ac51863ede35c45f26931a85d3888", "https://git.kernel.org/stable/c/3d48d59235c494d34e32052f768393111c0806ef", "https://git.kernel.org/stable/c/3e62db1e3140449608975e29e0979cc5f3b1cc07", "https://git.kernel.org/stable/c/426ca15c7f6cb6562a081341ca88893a50c59fa2", "https://git.kernel.org/stable/c/9122d7280b2303e835cdfec156bd932ac1f586ed", "https://linux.oracle.com/cve/CVE-2026-23154.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026021415-CVE-2026-23154-f658@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23154", "https://www.cve.org/CVERecord?id=CVE-2026-23154" ], "PublishedDate": "2026-02-14T16:15:55.55Z", "LastModifiedDate": "2026-03-25T11:16:19.4Z" }, { "VulnerabilityID": "CVE-2026-23157", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23157", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:40b23dbe205b0c6a38fb18625e44f1f16b3bbefe3b26313b3f99d4c5845bb53a", "Title": "kernel: btrfs: do not strictly require dirty metadata threshold for metadata writepages", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not strictly require dirty metadata threshold for metadata writepages\n\n[BUG]\nThere is an internal report that over 1000 processes are\nwaiting at the io_schedule_timeout() of balance_dirty_pages(), causing\na system hang and trigger a kernel coredump.\n\nThe kernel is v6.4 kernel based, but the root problem still applies to\nany upstream kernel before v6.18.\n\n[CAUSE]\nFrom Jan Kara for his wisdom on the dirty page balance behavior first.\n\n This cgroup dirty limit was what was actually playing the role here\n because the cgroup had only a small amount of memory and so the dirty\n limit for it was something like 16MB.\n\n Dirty throttling is responsible for enforcing that nobody can dirty\n (significantly) more dirty memory than there's dirty limit. Thus when\n a task is dirtying pages it periodically enters into balance_dirty_pages()\n and we let it sleep there to slow down the dirtying.\n\n When the system is over dirty limit already (either globally or within\n a cgroup of the running task), we will not let the task exit from\n balance_dirty_pages() until the number of dirty pages drops below the\n limit.\n\n So in this particular case, as I already mentioned, there was a cgroup\n with relatively small amount of memory and as a result with dirty limit\n set at 16MB. A task from that cgroup has dirtied about 28MB worth of\n pages in btrfs btree inode and these were practically the only dirty\n pages in that cgroup.\n\nSo that means the only way to reduce the dirty pages of that cgroup is\nto writeback the dirty pages of btrfs btree inode, and only after that\nthose processes can exit balance_dirty_pages().\n\nNow back to the btrfs part, btree_writepages() is responsible for\nwriting back dirty btree inode pages.\n\nThe problem here is, there is a btrfs internal threshold that if the\nbtree inode's dirty bytes are below the 32M threshold, it will not\ndo any writeback.\n\nThis behavior is to batch as much metadata as possible so we won't write\nback those tree blocks and then later re-COW them again for another\nmodification.\n\nThis internal 32MiB is higher than the existing dirty page size (28MiB),\nmeaning no writeback will happen, causing a deadlock between btrfs and\ncgroup:\n\n- Btrfs doesn't want to write back btree inode until more dirty pages\n\n- Cgroup/MM doesn't want more dirty pages for btrfs btree inode\n Thus any process touching that btree inode is put into sleep until\n the number of dirty pages is reduced.\n\nThanks Jan Kara a lot for the analysis of the root cause.\n\n[ENHANCEMENT]\nSince kernel commit b55102826d7d (\"btrfs: set AS_KERNEL_FILE on the\nbtree_inode\"), btrfs btree inode pages will only be charged to the root\ncgroup which should have a much larger limit than btrfs' 32MiB\nthreshold.\nSo it should not affect newer kernels.\n\nBut for all current LTS kernels, they are all affected by this problem,\nand backporting the whole AS_KERNEL_FILE may not be a good idea.\n\nEven for newer kernels I still think it's a good idea to get\nrid of the internal threshold at btree_writepages(), since for most cases\ncgroup/MM has a better view of full system memory usage than btrfs' fixed\nthreshold.\n\nFor internal callers using btrfs_btree_balance_dirty() since that\nfunction is already doing internal threshold check, we don't need to\nbother them.\n\nBut for external callers of btree_writepages(), just respect their\nrequests and write back whatever they want, ignoring the internal\nbtrfs threshold to avoid such deadlock on btree inode dirty page\nbalancing.", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23157", "https://git.kernel.org/linus/4e159150a9a56d66d247f4b5510bed46fe58aa1c (6.19-rc8)", "https://git.kernel.org/stable/c/0c3666ec188640c20e254011e7adf4464c32ee58", "https://git.kernel.org/stable/c/4357e02cafabe01c2d737ceb4c4c6382fc2ee10a", "https://git.kernel.org/stable/c/4e159150a9a56d66d247f4b5510bed46fe58aa1c", "https://git.kernel.org/stable/c/629666d20c7dcd740e193ec0631fdff035b1f7d6", "https://git.kernel.org/stable/c/bb9be3f713652e330df00f3724c18c7a5469e7ac", "https://lore.kernel.org/linux-cve-announce/2026021416-CVE-2026-23157-6214@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23157", "https://www.cve.org/CVERecord?id=CVE-2026-23157" ], "PublishedDate": "2026-02-14T16:15:55.863Z", "LastModifiedDate": "2026-03-25T11:16:19.57Z" }, { "VulnerabilityID": "CVE-2026-23169", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23169", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f91bb7c4265c5463716f0c5304e8d8810ee5f4fb47b509f72d8aa8d9a93da991", "Title": "kernel: Linux kernel: Denial of Service in MPTCP due to a race condition", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix race in mptcp_pm_nl_flush_addrs_doit()\n\nsyzbot and Eulgyu Kim reported crashes in mptcp_pm_nl_get_local_id()\nand/or mptcp_pm_nl_is_backup()\n\nRoot cause is list_splice_init() in mptcp_pm_nl_flush_addrs_doit()\nwhich is not RCU ready.\n\nlist_splice_init_rcu() can not be called here while holding pernet-\u003elock\nspinlock.\n\nMany thanks to Eulgyu Kim for providing a repro and testing our patches.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H", "V3Score": 5.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23169", "https://git.kernel.org/linus/e2a9eeb69f7d4ca4cf4c70463af77664fdb6ab1d (6.19-rc8)", "https://git.kernel.org/stable/c/1f1b9523527df02685dde603f20ff6e603d8e4a1", "https://git.kernel.org/stable/c/338d40bab283da2639780ee3e458fb61f1567d8c", "https://git.kernel.org/stable/c/455e882192c9833f176f3fbbbb2f036b6c5bf555", "https://git.kernel.org/stable/c/51223bdd0f60b06cfc7f25885c4d4be917adba94", "https://git.kernel.org/stable/c/7896dbe990d56d5bb8097863b2645355633665eb", "https://git.kernel.org/stable/c/e2a9eeb69f7d4ca4cf4c70463af77664fdb6ab1d", "https://linux.oracle.com/cve/CVE-2026-23169.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026021420-CVE-2026-23169-38ea@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23169", "https://www.cve.org/CVERecord?id=CVE-2026-23169" ], "PublishedDate": "2026-02-14T16:15:57.147Z", "LastModifiedDate": "2026-04-03T14:16:24.997Z" }, { "VulnerabilityID": "CVE-2026-23171", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23171", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9583d065db6733554f4eb92f6c2523ac348ba0bad115ff4cfbf069bded18ebc0", "Title": "kernel: Linux kernel: Use-after-free in bonding module can cause system crash or arbitrary code execution", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix use-after-free due to enslave fail after slave array update\n\nFix a use-after-free which happens due to enslave failure after the new\nslave has been added to the array. Since the new slave can be used for Tx\nimmediately, we can use it after it has been freed by the enslave error\ncleanup path which frees the allocated slave memory. Slave update array is\nsupposed to be called last when further enslave failures are not expected.\nMove it after xdp setup to avoid any problems.\n\nIt is very easy to reproduce the problem with a simple xdp_pass prog:\n ip l add bond1 type bond mode balance-xor\n ip l set bond1 up\n ip l set dev bond1 xdp object xdp_pass.o sec xdp_pass\n ip l add dumdum type dummy\n\nThen run in parallel:\n while :; do ip l set dumdum master bond1 1\u003e/dev/null 2\u003e\u00261; done;\n mausezahn bond1 -a own -b rand -A rand -B 1.1.1.1 -c 0 -t tcp \"dp=1-1023, flags=syn\"\n\nThe crash happens almost immediately:\n [ 605.602850] Oops: general protection fault, probably for non-canonical address 0xe0e6fc2460000137: 0000 [#1] SMP KASAN NOPTI\n [ 605.602916] KASAN: maybe wild-memory-access in range [0x07380123000009b8-0x07380123000009bf]\n [ 605.602946] CPU: 0 UID: 0 PID: 2445 Comm: mausezahn Kdump: loaded Tainted: G B 6.19.0-rc6+ #21 PREEMPT(voluntary)\n [ 605.602979] Tainted: [B]=BAD_PAGE\n [ 605.602998] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n [ 605.603032] RIP: 0010:netdev_core_pick_tx+0xcd/0x210\n [ 605.603063] Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 3e 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 6b 08 49 8d 7d 30 48 89 fa 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 25 01 00 00 49 8b 45 30 4c 89 e2 48 89 ee 48 89\n [ 605.603111] RSP: 0018:ffff88817b9af348 EFLAGS: 00010213\n [ 605.603145] RAX: dffffc0000000000 RBX: ffff88817d28b420 RCX: 0000000000000000\n [ 605.603172] RDX: 00e7002460000137 RSI: 0000000000000008 RDI: 07380123000009be\n [ 605.603199] RBP: ffff88817b541a00 R08: 0000000000000001 R09: fffffbfff3ed8c0c\n [ 605.603226] R10: ffffffff9f6c6067 R11: 0000000000000001 R12: 0000000000000000\n [ 605.603253] R13: 073801230000098e R14: ffff88817d28b448 R15: ffff88817b541a84\n [ 605.603286] FS: 00007f6570ef67c0(0000) GS:ffff888221dfa000(0000) knlGS:0000000000000000\n [ 605.603319] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [ 605.603343] CR2: 00007f65712fae40 CR3: 000000011371b000 CR4: 0000000000350ef0\n [ 605.603373] Call Trace:\n [ 605.603392] \u003cTASK\u003e\n [ 605.603410] __dev_queue_xmit+0x448/0x32a0\n [ 605.603434] ? __pfx_vprintk_emit+0x10/0x10\n [ 605.603461] ? __pfx_vprintk_emit+0x10/0x10\n [ 605.603484] ? __pfx___dev_queue_xmit+0x10/0x10\n [ 605.603507] ? bond_start_xmit+0xbfb/0xc20 [bonding]\n [ 605.603546] ? _printk+0xcb/0x100\n [ 605.603566] ? __pfx__printk+0x10/0x10\n [ 605.603589] ? bond_start_xmit+0xbfb/0xc20 [bonding]\n [ 605.603627] ? add_taint+0x5e/0x70\n [ 605.603648] ? add_taint+0x2a/0x70\n [ 605.603670] ? end_report.cold+0x51/0x75\n [ 605.603693] ? bond_start_xmit+0xbfb/0xc20 [bonding]\n [ 605.603731] bond_start_xmit+0x623/0xc20 [bonding]", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "alma": 2, "nvd": 3, "oracle-oval": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:6153", "https://access.redhat.com/security/cve/CVE-2026-23171", "https://bugzilla.redhat.com/2376376", "https://bugzilla.redhat.com/2407333", "https://bugzilla.redhat.com/2439872", "https://bugzilla.redhat.com/2439886", "https://bugzilla.redhat.com/2439887", "https://bugzilla.redhat.com/2439900", "https://bugzilla.redhat.com/2439931", "https://bugzilla.redhat.com/2439947", "https://errata.almalinux.org/9/ALSA-2026-6153.html", "https://git.kernel.org/linus/e9acda52fd2ee0cdca332f996da7a95c5fd25294 (6.19-rc8)", "https://git.kernel.org/stable/c/bd25b092a06a3e05f7e8bd6da6fa7318777d8c3d", "https://git.kernel.org/stable/c/e9acda52fd2ee0cdca332f996da7a95c5fd25294", "https://linux.oracle.com/cve/CVE-2026-23171.html", "https://linux.oracle.com/errata/ELSA-2026-6153.html", "https://lore.kernel.org/linux-cve-announce/2026021421-CVE-2026-23171-5a73@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23171", "https://www.cve.org/CVERecord?id=CVE-2026-23171" ], "PublishedDate": "2026-02-14T16:15:57.353Z", "LastModifiedDate": "2026-04-03T14:16:25.187Z" }, { "VulnerabilityID": "CVE-2026-23176", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23176", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:af1ba5989ecaa7c9e433ae75ba0311f52c943de26425dfdd376fa355fd403e00", "Title": "kernel: platform/x86: toshiba_haps: Fix memory leaks in add/remove routines", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: toshiba_haps: Fix memory leaks in add/remove routines\n\ntoshiba_haps_add() leaks the haps object allocated by it if it returns\nan error after allocating that object successfully.\n\ntoshiba_haps_remove() does not free the object pointed to by\ntoshiba_haps before clearing that pointer, so it becomes unreachable\nallocated memory.\n\nAddress these memory leaks by using devm_kzalloc() for allocating\nthe memory in question.", "Severity": "MEDIUM", "VendorSeverity": { "oracle-oval": 3, "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23176", "https://git.kernel.org/linus/128497456756e1b952bd5a912cd073836465109d (6.19)", "https://git.kernel.org/stable/c/128497456756e1b952bd5a912cd073836465109d", "https://git.kernel.org/stable/c/17f37c4cdf42a9e4915216b9e130fc8baef4cc64", "https://git.kernel.org/stable/c/5bce10f0f9435afaae3fc4df9a52b01d9b3853dc", "https://git.kernel.org/stable/c/bf0474356875d005d420f8c6b9ac168566e72e87", "https://git.kernel.org/stable/c/ca9ff71c15bc8e48529c2033294a519a7749b272", "https://git.kernel.org/stable/c/f2093e87ddec13e7a920f326c078a5f765ba89c3", "https://git.kernel.org/stable/c/f93ae43780b759a70734be9bc82c1adcf7f33208", "https://linux.oracle.com/cve/CVE-2026-23176.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026021428-CVE-2026-23176-4baf@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23176", "https://www.cve.org/CVERecord?id=CVE-2026-23176" ], "PublishedDate": "2026-02-14T17:15:55.32Z", "LastModifiedDate": "2026-02-18T17:52:22.253Z" }, { "VulnerabilityID": "CVE-2026-23178", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23178", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:35685c1042df52d99ef16f778412bb98f05e68c6a107dd84dedd90d51f17c045", "Title": "kernel: HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report()\n\n`i2c_hid_xfer` is used to read `recv_len + sizeof(__le16)` bytes of data\ninto `ihid-\u003erawbuf`.\n\nThe former can come from the userspace in the hidraw driver and is only\nbounded by HID_MAX_BUFFER_SIZE(16384) by default (unless we also set\n`max_buffer_size` field of `struct hid_ll_driver` which we do not).\n\nThe latter has size determined at runtime by the maximum size of\ndifferent report types you could receive on any particular device and\ncan be a much smaller value.\n\nFix this by truncating `recv_len` to `ihid-\u003ebufsize - sizeof(__le16)`.\n\nThe impact is low since access to hidraw devices requires root.", "Severity": "MEDIUM", "VendorSeverity": { "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23178", "https://git.kernel.org/linus/2497ff38c530b1af0df5130ca9f5ab22c5e92f29 (6.19-rc5)", "https://git.kernel.org/stable/c/2124279f1f8c32c1646ce98e75a1a39b23b7db76", "https://git.kernel.org/stable/c/2497ff38c530b1af0df5130ca9f5ab22c5e92f29", "https://git.kernel.org/stable/c/786ec171788bdf9dda38789163f1b1fbb47f2d1e", "https://git.kernel.org/stable/c/cff3f619fd1cb40cdd89971df9001f075613d219", "https://git.kernel.org/stable/c/f9c9ad89d845f88a1509e9d672f65d234425fde9", "https://linux.oracle.com/cve/CVE-2026-23178.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026021428-CVE-2026-23178-ffd4@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23178", "https://www.cve.org/CVERecord?id=CVE-2026-23178" ], "PublishedDate": "2026-02-14T17:15:55.537Z", "LastModifiedDate": "2026-04-03T14:16:25.703Z" }, { "VulnerabilityID": "CVE-2026-23179", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23179", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ee1a82143a76225567b9e65314c35a0183a4a9f7a8eef2825a6ced3eae30c4fe", "Title": "kernel: nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready()\n\nWhen the socket is closed while in TCP_LISTEN a callback is run to\nflush all outstanding packets, which in turns calls\nnvmet_tcp_listen_data_ready() with the sk_callback_lock held.\nSo we need to check if we are in TCP_LISTEN before attempting\nto get the sk_callback_lock() to avoid a deadlock.", "Severity": "MEDIUM", "VendorSeverity": { "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23179", "https://git.kernel.org/linus/2fa8961d3a6a1c2395d8d560ffed2c782681bade (6.19-rc6)", "https://git.kernel.org/stable/c/1c90f930e7b410dd2d75a2a19a85e19c64e98ad5", "https://git.kernel.org/stable/c/2fa8961d3a6a1c2395d8d560ffed2c782681bade", "https://git.kernel.org/stable/c/6e0c7503a5803d568d56a9f9bca662cd94a14908", "https://git.kernel.org/stable/c/f532b29b0e313f42b964014038b0f52899b240ec", "https://linux.oracle.com/cve/CVE-2026-23179.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026021429-CVE-2026-23179-6ff7@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23179", "https://www.cve.org/CVERecord?id=CVE-2026-23179" ], "PublishedDate": "2026-02-14T17:15:55.643Z", "LastModifiedDate": "2026-02-18T17:52:22.253Z" }, { "VulnerabilityID": "CVE-2026-23180", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23180", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7503a9c161291874d9381243f9555c5392a4207f015d87cf36c1f6f83a06c988", "Title": "kernel: Linux kernel (dpaa2-switch): Out-of-bounds read in IRQ handler due to improper if_id validation", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndpaa2-switch: add bounds check for if_id in IRQ handler\n\nThe IRQ handler extracts if_id from the upper 16 bits of the hardware\nstatus register and uses it to index into ethsw-\u003eports[] without\nvalidation. Since if_id can be any 16-bit value (0-65535) but the ports\narray is only allocated with sw_attr.num_ifs elements, this can lead to\nan out-of-bounds read potentially.\n\nAdd a bounds check before accessing the array, consistent with the\nexisting validation in dpaa2_switch_rx().", "Severity": "MEDIUM", "VendorSeverity": { "azure": 3, "oracle-oval": 3, "photon": 1, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23180", "https://git.kernel.org/linus/31a7a0bbeb006bac2d9c81a2874825025214b6d8 (6.19)", "https://git.kernel.org/stable/c/1b381a638e1851d8cfdfe08ed9cdbec5295b18c9", "https://git.kernel.org/stable/c/2447edc367800ba914acf7ddd5d250416b45fb31", "https://git.kernel.org/stable/c/31a7a0bbeb006bac2d9c81a2874825025214b6d8", "https://git.kernel.org/stable/c/34b56c16efd61325d80bf1d780d0e176be662f59", "https://git.kernel.org/stable/c/77611cab5bdfff7a070ae574bbfba20a1de99d1b", "https://git.kernel.org/stable/c/f89e33c9c37f0001b730e23b3b05ab7b1ecface2", "https://linux.oracle.com/cve/CVE-2026-23180.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026021429-CVE-2026-23180-19a8@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23180", "https://www.cve.org/CVERecord?id=CVE-2026-23180" ], "PublishedDate": "2026-02-14T17:15:55.747Z", "LastModifiedDate": "2026-04-03T14:16:25.903Z" }, { "VulnerabilityID": "CVE-2026-23181", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23181", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:583abf693fbb9851e8c54a7410a92a13568ca4423dc9920684777bf7c27f4181", "Title": "kernel: btrfs: sync read disk super and set block size", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: sync read disk super and set block size\n\nWhen the user performs a btrfs mount, the block device is not set\ncorrectly. The user sets the block size of the block device to 0x4000\nby executing the BLKBSZSET command.\nSince the block size change also changes the mapping-\u003eflags value, this\nfurther affects the result of the mapping_min_folio_order() calculation.\n\nLet's analyze the following two scenarios:\n\nScenario 1: Without executing the BLKBSZSET command, the block size is\n0x1000, and mapping_min_folio_order() returns 0;\n\nScenario 2: After executing the BLKBSZSET command, the block size is\n0x4000, and mapping_min_folio_order() returns 2.\n\ndo_read_cache_folio() allocates a folio before the BLKBSZSET command\nis executed. This results in the allocated folio having an order value\nof 0. Later, after BLKBSZSET is executed, the block size increases to\n0x4000, and the mapping_min_folio_order() calculation result becomes 2.\n\nThis leads to two undesirable consequences:\n\n1. filemap_add_folio() triggers a VM_BUG_ON_FOLIO(folio_order(folio) \u003c\nmapping_min_folio_order(mapping)) assertion.\n\n2. The syzbot report [1] shows a null pointer dereference in\ncreate_empty_buffers() due to a buffer head allocation failure.\n\nSynchronization should be established based on the inode between the\nBLKBSZSET command and read cache page to prevent inconsistencies in\nblock size or mapping flags before and after folio allocation.\n\n[1]\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nRIP: 0010:create_empty_buffers+0x4d/0x480 fs/buffer.c:1694\nCall Trace:\n folio_create_buffers+0x109/0x150 fs/buffer.c:1802\n block_read_full_folio+0x14c/0x850 fs/buffer.c:2403\n filemap_read_folio+0xc8/0x2a0 mm/filemap.c:2496\n do_read_cache_folio+0x266/0x5c0 mm/filemap.c:4096\n do_read_cache_page mm/filemap.c:4162 [inline]\n read_cache_page_gfp+0x29/0x120 mm/filemap.c:4195\n btrfs_read_disk_super+0x192/0x500 fs/btrfs/volumes.c:1367", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23181", "https://git.kernel.org/linus/3f29d661e5686f3aa14e6f11537ff5c49846f2e2 (6.19-rc7)", "https://git.kernel.org/stable/c/3f29d661e5686f3aa14e6f11537ff5c49846f2e2", "https://git.kernel.org/stable/c/ccb3c75d57039adb3170ae54a0d470e359705984", "https://lore.kernel.org/linux-cve-announce/2026021429-CVE-2026-23181-7c82@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23181", "https://www.cve.org/CVERecord?id=CVE-2026-23181" ], "PublishedDate": "2026-02-14T17:15:55.853Z", "LastModifiedDate": "2026-02-18T17:52:22.253Z" }, { "VulnerabilityID": "CVE-2026-23182", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23182", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:34ccffbfd53f003f39eb57fc075c7cc29a3626889119131f7976e19438e0b552", "Title": "kernel: spi: tegra: Fix a memory leak in tegra_slink_probe()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: tegra: Fix a memory leak in tegra_slink_probe()\n\nIn tegra_slink_probe(), when platform_get_irq() fails, it directly\nreturns from the function with an error code, which causes a memory leak.\n\nReplace it with a goto label to ensure proper cleanup.", "Severity": "MEDIUM", "VendorSeverity": { "oracle-oval": 3, "photon": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23182", "https://git.kernel.org/linus/41d9a6795b95d6ea28439ac1e9ce8c95bbca20fc (6.19)", "https://git.kernel.org/stable/c/075415ae18b5b3e4d0187962d538653154216fe7", "https://git.kernel.org/stable/c/126a09f4fcd2b895a818ca43fde078d907c1ac9a", "https://git.kernel.org/stable/c/327b71326cc1834bc031e8f52a470a18dfd9caa6", "https://git.kernel.org/stable/c/41d9a6795b95d6ea28439ac1e9ce8c95bbca20fc", "https://git.kernel.org/stable/c/6a04dc650cef8d52a1ccb4ae245dbe318ffff32e", "https://git.kernel.org/stable/c/b8eec12aa666c11f8a6ad1488c568f85c58875fa", "https://linux.oracle.com/cve/CVE-2026-23182.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026021430-CVE-2026-23182-651e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23182", "https://www.cve.org/CVERecord?id=CVE-2026-23182" ], "PublishedDate": "2026-02-14T17:15:55.96Z", "LastModifiedDate": "2026-02-18T17:52:22.253Z" }, { "VulnerabilityID": "CVE-2026-23190", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23190", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f5b40c123c55e91ffbfd272caba273b0d592ad8a8e4c4bfd6db6f598ecada4fd", "Title": "kernel: ASoC: amd: fix memory leak in acp3x pdm dma ops", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: amd: fix memory leak in acp3x pdm dma ops", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23190", "https://git.kernel.org/linus/7f67ba5413f98d93116a756e7f17cd2c1d6c2bd6 (6.19)", "https://git.kernel.org/stable/c/0e0120214b5dcb0bf6b2171bb4e68e38968b2861", "https://git.kernel.org/stable/c/279cb9180510f7e13c3a4dfde8c16a8fbc7c5709", "https://git.kernel.org/stable/c/6d33640404968fe9f14a1252b337362b62fff490", "https://git.kernel.org/stable/c/7f67ba5413f98d93116a756e7f17cd2c1d6c2bd6", "https://git.kernel.org/stable/c/9f23800c7eed06cb8ccae8a225f5e3d421b0d4cc", "https://git.kernel.org/stable/c/c9c14d2abe4c5546fcd3a7347fadc4aad2b308d8", "https://git.kernel.org/stable/c/d7ead6512650447a4cd6db774a2379acb259650c", "https://linux.oracle.com/cve/CVE-2026-23190.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026021433-CVE-2026-23190-0719@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23190", "https://www.cve.org/CVERecord?id=CVE-2026-23190" ], "PublishedDate": "2026-02-14T17:15:56.81Z", "LastModifiedDate": "2026-03-18T17:11:17.49Z" }, { "VulnerabilityID": "CVE-2026-23191", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23191", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:99969e15fa157c8afd33ae999dd439107a893d1ff6c59aafedd37f117142c0f1", "Title": "kernel: ALSA: aloop: Fix racy access at PCM trigger", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: aloop: Fix racy access at PCM trigger\n\nThe PCM trigger callback of aloop driver tries to check the PCM state\nand stop the stream of the tied substream in the corresponding cable.\nSince both check and stop operations are performed outside the cable\nlock, this may result in UAF when a program attempts to trigger\nfrequently while opening/closing the tied stream, as spotted by\nfuzzers.\n\nFor addressing the UAF, this patch changes two things:\n- It covers the most of code in loopback_check_format() with\n cable-\u003elock spinlock, and add the proper NULL checks. This avoids\n already some racy accesses.\n- In addition, now we try to check the state of the capture PCM stream\n that may be stopped in this function, which was the major pain point\n leading to UAF.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "alma": 2, "nvd": 3, "oracle-oval": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:6153", "https://access.redhat.com/security/cve/CVE-2026-23191", "https://bugzilla.redhat.com/2376376", "https://bugzilla.redhat.com/2407333", "https://bugzilla.redhat.com/2439872", "https://bugzilla.redhat.com/2439886", "https://bugzilla.redhat.com/2439887", "https://bugzilla.redhat.com/2439900", "https://bugzilla.redhat.com/2439931", "https://bugzilla.redhat.com/2439947", "https://errata.almalinux.org/9/ALSA-2026-6153.html", "https://git.kernel.org/linus/826af7fa62e347464b1b4e0ba2fe19a92438084f (6.19)", "https://git.kernel.org/stable/c/5727ccf9d19ca414cb76d9b647883822e2789c2e", "https://git.kernel.org/stable/c/826af7fa62e347464b1b4e0ba2fe19a92438084f", "https://git.kernel.org/stable/c/bad15420050db1803767e58756114800cce91ea4", "https://linux.oracle.com/cve/CVE-2026-23191.html", "https://linux.oracle.com/errata/ELSA-2026-6153.html", "https://lore.kernel.org/linux-cve-announce/2026021433-CVE-2026-23191-f990@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23191", "https://www.cve.org/CVERecord?id=CVE-2026-23191" ], "PublishedDate": "2026-02-14T17:15:56.917Z", "LastModifiedDate": "2026-04-03T14:16:26.377Z" }, { "VulnerabilityID": "CVE-2026-23193", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23193", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6fd96b7dcb5424be411f7e2810e0f5db939acef6f48a37cb70c4c1274ae03436", "Title": "kernel: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count()\n\nIn iscsit_dec_session_usage_count(), the function calls complete() while\nholding the sess-\u003esession_usage_lock. Similar to the connection usage count\nlogic, the waiter signaled by complete() (e.g., in the session release\npath) may wake up and free the iscsit_session structure immediately.\n\nThis creates a race condition where the current thread may attempt to\nexecute spin_unlock_bh() on a session structure that has already been\ndeallocated, resulting in a KASAN slab-use-after-free.\n\nTo resolve this, release the session_usage_lock before calling complete()\nto ensure all dereferences of the sess pointer are finished before the\nwaiter is allowed to proceed with deallocation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "nvd": 3, "oracle-oval": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:6153", "https://access.redhat.com/security/cve/CVE-2026-23193", "https://bugzilla.redhat.com/2376376", "https://bugzilla.redhat.com/2407333", "https://bugzilla.redhat.com/2439872", "https://bugzilla.redhat.com/2439886", "https://bugzilla.redhat.com/2439887", "https://bugzilla.redhat.com/2439900", "https://bugzilla.redhat.com/2439931", "https://bugzilla.redhat.com/2439947", "https://errata.almalinux.org/9/ALSA-2026-6153.html", "https://git.kernel.org/linus/84dc6037390b8607c5551047d3970336cb51ba9a (6.19-rc7)", "https://git.kernel.org/stable/c/11ebafffce31efc6abeb28c509017976fc49f1ca", "https://git.kernel.org/stable/c/2b64015550a13bcc72910be0565548d9a754d46d", "https://git.kernel.org/stable/c/41b86a9ec037bd3435d68dd3692f0891a207e7e7", "https://git.kernel.org/stable/c/4530f4e4d0e6a207110b0ffed0c911bca43531a4", "https://git.kernel.org/stable/c/84dc6037390b8607c5551047d3970336cb51ba9a", "https://git.kernel.org/stable/c/d8dbdc146e9e9a976931b78715be2e91299049f9", "https://git.kernel.org/stable/c/fd8b0900173307039d3a84644c2fee041a7ed4fb", "https://linux.oracle.com/cve/CVE-2026-23193.html", "https://linux.oracle.com/errata/ELSA-2026-6153.html", "https://lore.kernel.org/linux-cve-announce/2026021434-CVE-2026-23193-2c6c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23193", "https://www.cve.org/CVERecord?id=CVE-2026-23193" ], "PublishedDate": "2026-02-14T17:15:57.123Z", "LastModifiedDate": "2026-04-03T14:16:26.713Z" }, { "VulnerabilityID": "CVE-2026-23196", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23196", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2995bc219220920d2c851495364d4758bc0fd081dc3599e5851fdb2ae60a9462", "Title": "kernel: HID: Intel-thc-hid: Intel-thc: Add safety check for reading DMA buffer", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: Intel-thc-hid: Intel-thc: Add safety check for reading DMA buffer\n\nAdd DMA buffer readiness check before reading DMA buffer to avoid\nunexpected NULL pointer accessing.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23196", "https://git.kernel.org/linus/a9a917998d172ec117f9e9de1919174153c0ace4 (6.19-rc5)", "https://git.kernel.org/stable/c/1e84a807c98a71f767fd1f609637bc5944f916cb", "https://git.kernel.org/stable/c/a9a917998d172ec117f9e9de1919174153c0ace4", "https://lore.kernel.org/linux-cve-announce/2026021435-CVE-2026-23196-2812@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23196", "https://www.cve.org/CVERecord?id=CVE-2026-23196" ], "PublishedDate": "2026-02-14T17:15:57.44Z", "LastModifiedDate": "2026-03-19T17:45:26.697Z" }, { "VulnerabilityID": "CVE-2026-23198", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23198", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:991da8cc9d231ad62a4ff10dde4ea7840c29c14c8d24eef943c96d8fea5efc3e", "Title": "kernel: KVM: Don't clobber irqfd routing type when deassigning irqfd", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Don't clobber irqfd routing type when deassigning irqfd\n\nWhen deassigning a KVM_IRQFD, don't clobber the irqfd's copy of the IRQ's\nrouting entry as doing so breaks kvm_arch_irq_bypass_del_producer() on x86\nand arm64, which explicitly look for KVM_IRQ_ROUTING_MSI. Instead, to\nhandle a concurrent routing update, verify that the irqfd is still active\nbefore consuming the routing information. As evidenced by the x86 and\narm64 bugs, and another bug in kvm_arch_update_irqfd_routing() (see below),\nclobbering the entry type without notifying arch code is surprising and\nerror prone.\n\nAs a bonus, checking that the irqfd is active provides a convenient\nlocation for documenting _why_ KVM must not consume the routing entry for\nan irqfd that is in the process of being deassigned: once the irqfd is\ndeleted from the list (which happens *before* the eventfd is detached), it\nwill no longer receive updates via kvm_irq_routing_update(), and so KVM\ncould deliver an event using stale routing information (relative to\nKVM_SET_GSI_ROUTING returning to userspace).\n\nAs an even better bonus, explicitly checking for the irqfd being active\nfixes a similar bug to the one the clobbering is trying to prevent: if an\nirqfd is deactivated, and then its routing is changed,\nkvm_irq_routing_update() won't invoke kvm_arch_update_irqfd_routing()\n(because the irqfd isn't in the list). And so if the irqfd is in bypass\nmode, IRQs will continue to be posted using the old routing information.\n\nAs for kvm_arch_irq_bypass_del_producer(), clobbering the routing type\nresults in KVM incorrectly keeping the IRQ in bypass mode, which is\nespecially problematic on AMD as KVM tracks IRQs that are being posted to\na vCPU in a list whose lifetime is tied to the irqfd.\n\nWithout the help of KASAN to detect use-after-free, the most common\nsympton on AMD is a NULL pointer deref in amd_iommu_update_ga() due to\nthe memory for irqfd structure being re-allocated and zeroed, resulting\nin irqfd-\u003eirq_bypass_data being NULL when read by\navic_update_iommu_vcpu_affinity():\n\n BUG: kernel NULL pointer dereference, address: 0000000000000018\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 40cf2b9067 P4D 40cf2b9067 PUD 408362a067 PMD 0\n Oops: Oops: 0000 [#1] SMP\n CPU: 6 UID: 0 PID: 40383 Comm: vfio_irq_test\n Tainted: G U W O 6.19.0-smp--5dddc257e6b2-irqfd #31 NONE\n Tainted: [U]=USER, [W]=WARN, [O]=OOT_MODULE\n Hardware name: Google, Inc. Arcadia_IT_80/Arcadia_IT_80, BIOS 34.78.2-0 09/05/2025\n RIP: 0010:amd_iommu_update_ga+0x19/0xe0\n Call Trace:\n \u003cTASK\u003e\n avic_update_iommu_vcpu_affinity+0x3d/0x90 [kvm_amd]\n __avic_vcpu_load+0xf4/0x130 [kvm_amd]\n kvm_arch_vcpu_load+0x89/0x210 [kvm]\n vcpu_load+0x30/0x40 [kvm]\n kvm_arch_vcpu_ioctl_run+0x45/0x620 [kvm]\n kvm_vcpu_ioctl+0x571/0x6a0 [kvm]\n __se_sys_ioctl+0x6d/0xb0\n do_syscall_64+0x6f/0x9d0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n RIP: 0033:0x46893b\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---\n\nIf AVIC is inhibited when the irfd is deassigned, the bug will manifest as\nlist corruption, e.g. on the next irqfd assignment.\n\n list_add corruption. next-\u003eprev should be prev (ffff8d474d5cd588),\n but was 0000000000000000. (next=ffff8d8658f86530).\n ------------[ cut here ]------------\n kernel BUG at lib/list_debug.c:31!\n Oops: invalid opcode: 0000 [#1] SMP\n CPU: 128 UID: 0 PID: 80818 Comm: vfio_irq_test\n Tainted: G U W O 6.19.0-smp--f19dc4d680ba-irqfd #28 NONE\n Tainted: [U]=USER, [W]=WARN, [O]=OOT_MODULE\n Hardware name: Google, Inc. Arcadia_IT_80/Arcadia_IT_80, BIOS 34.78.2-0 09/05/2025\n RIP: 0010:__list_add_valid_or_report+0x97/0xc0\n Call Trace:\n \u003cTASK\u003e\n avic_pi_update_irte+0x28e/0x2b0 [kvm_amd]\n kvm_pi_update_irte+0xbf/0x190 [kvm]\n kvm_arch_irq_bypass_add_producer+0x72/0x90 [kvm]\n irq_bypass_register_consumer+0xcd/0x170 [irqbypa\n---truncated---", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 3, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23198", "https://git.kernel.org/linus/b4d37cdb77a0015f51fee083598fa227cc07aaf1 (6.19)", "https://git.kernel.org/stable/c/2284bc168b148a17b5ca3b37b3d95c411f18a08d", "https://git.kernel.org/stable/c/4385b2f2843549bfb932e0dcf76bf4b065543a3c", "https://git.kernel.org/stable/c/6d14ba1e144e796b5fc81044f08cfba9024ca195", "https://git.kernel.org/stable/c/959a063e7f12524bc1871ad1f519787967bbcd45", "https://git.kernel.org/stable/c/b4d37cdb77a0015f51fee083598fa227cc07aaf1", "https://git.kernel.org/stable/c/b61f9b2fcf181451d0a319889478cc53c001123e", "https://git.kernel.org/stable/c/ff48c9312d042bfbe826ca675e98acc6c623211c", "https://linux.oracle.com/cve/CVE-2026-23198.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026021435-CVE-2026-23198-8a25@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23198", "https://www.cve.org/CVERecord?id=CVE-2026-23198" ], "PublishedDate": "2026-02-14T17:15:57.64Z", "LastModifiedDate": "2026-04-03T14:16:27.073Z" }, { "VulnerabilityID": "CVE-2026-23202", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23202", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5507735ae5bfdbf18275daf7cf97730ca4754c3ff74292cf9462e3436dfb2af3", "Title": "kernel: spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer\n\nThe curr_xfer field is read by the IRQ handler without holding the lock\nto check if a transfer is in progress. When clearing curr_xfer in the\ncombined sequence transfer loop, protect it with the spinlock to prevent\na race with the interrupt handler.\n\nProtect the curr_xfer clearing at the exit path of\ntegra_qspi_combined_seq_xfer() with the spinlock to prevent a race\nwith the interrupt handler that reads this field.\n\nWithout this protection, the IRQ handler could read a partially updated\ncurr_xfer value, leading to NULL pointer dereference or use-after-free.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23202", "https://git.kernel.org/linus/bf4528ab28e2bf112c3a2cdef44fd13f007781cd (6.19)", "https://git.kernel.org/stable/c/3bc293d5b56502068481478842f57b3d96e432c7", "https://git.kernel.org/stable/c/6fd446178a610a48e80e5c5b487b0707cd01daac", "https://git.kernel.org/stable/c/712cde8d916889e282727cdf304a43683adf899e", "https://git.kernel.org/stable/c/762e2ce71c8f0238e9eaf05d14da803d9a24422f", "https://git.kernel.org/stable/c/9fa4262a80f751d14a6a39d2c03f57db68da2618", "https://git.kernel.org/stable/c/bf4528ab28e2bf112c3a2cdef44fd13f007781cd", "https://linux.oracle.com/cve/CVE-2026-23202.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026021437-CVE-2026-23202-0480@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23202", "https://ubuntu.com/security/notices/USN-8100-1", "https://www.cve.org/CVERecord?id=CVE-2026-23202" ], "PublishedDate": "2026-02-14T17:15:58.05Z", "LastModifiedDate": "2026-03-19T16:35:07.93Z" }, { "VulnerabilityID": "CVE-2026-23204", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23204", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:83671fe6ac57440ac48dc47c7e5080644888e8b9c519c84a8c14ca749818f4c5", "Title": "kernel: net/sched: cls_u32: use skb_header_pointer_careful()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: cls_u32: use skb_header_pointer_careful()\n\nskb_header_pointer() does not fully validate negative @offset values.\n\nUse skb_header_pointer_careful() instead.\n\nGangMin Kim provided a report and a repro fooling u32_classify():\n\nBUG: KASAN: slab-out-of-bounds in u32_classify+0x1180/0x11b0\nnet/sched/cls_u32.c:221", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "nvd": 3, "oracle-oval": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H", "V3Score": 7.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:6153", "https://access.redhat.com/security/cve/CVE-2026-23204", "https://bugzilla.redhat.com/2376376", "https://bugzilla.redhat.com/2407333", "https://bugzilla.redhat.com/2439872", "https://bugzilla.redhat.com/2439886", "https://bugzilla.redhat.com/2439887", "https://bugzilla.redhat.com/2439900", "https://bugzilla.redhat.com/2439931", "https://bugzilla.redhat.com/2439947", "https://errata.almalinux.org/9/ALSA-2026-6153.html", "https://git.kernel.org/linus/cabd1a976375780dabab888784e356f574bbaed8 (6.19)", "https://git.kernel.org/stable/c/13336a6239b9d7c6e61483017bb8bdfe3ceb10a5", "https://git.kernel.org/stable/c/8a672f177ebe19c93d795fbe967846084fbc7943", "https://git.kernel.org/stable/c/cabd1a976375780dabab888784e356f574bbaed8", "https://git.kernel.org/stable/c/cfa745830e45ecb75c061aa34330ee0cac941cc7", "https://git.kernel.org/stable/c/e41a23e61259f5526af875c3b86b3d42a9bae0e5", "https://linux.oracle.com/cve/CVE-2026-23204.html", "https://linux.oracle.com/errata/ELSA-2026-6153.html", "https://lore.kernel.org/linux-cve-announce/2026021437-CVE-2026-23204-be85@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23204", "https://www.cve.org/CVERecord?id=CVE-2026-23204" ], "PublishedDate": "2026-02-14T17:15:58.297Z", "LastModifiedDate": "2026-04-03T14:16:27.31Z" }, { "VulnerabilityID": "CVE-2026-23206", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23206", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:502a5d71f20ca97b56a5021c5f7ca09355745b0906e3aebf35d8b06642bf2d4d", "Title": "kernel: dpaa2-switch: prevent ZERO_SIZE_PTR dereference when num_ifs is zero", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndpaa2-switch: prevent ZERO_SIZE_PTR dereference when num_ifs is zero\n\nThe driver allocates arrays for ports, FDBs, and filter blocks using\nkcalloc() with ethsw-\u003esw_attr.num_ifs as the element count. When the\ndevice reports zero interfaces (either due to hardware configuration\nor firmware issues), kcalloc(0, ...) returns ZERO_SIZE_PTR (0x10)\ninstead of NULL.\n\nLater in dpaa2_switch_probe(), the NAPI initialization unconditionally\naccesses ethsw-\u003eports[0]-\u003enetdev, which attempts to dereference\nZERO_SIZE_PTR (address 0x10), resulting in a kernel panic.\n\nAdd a check to ensure num_ifs is greater than zero after retrieving\ndevice attributes. This prevents the zero-sized allocations and\nsubsequent invalid pointer dereference.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23206", "https://git.kernel.org/linus/ed48a84a72fefb20a82dd90a7caa7807e90c6f66 (6.19)", "https://git.kernel.org/stable/c/155eb99aff2920153bf21217ae29565fff81e6af", "https://git.kernel.org/stable/c/2fcccca88456b592bd668db13aa1d29ed257ca2b", "https://git.kernel.org/stable/c/4acc40db06ffd0fd92683505342b00c8a7394c60", "https://git.kernel.org/stable/c/80165ff16051448d6f840585ebe13f2400415df3", "https://git.kernel.org/stable/c/b97415c4362f739e25ec6f71012277086fabdf6f", "https://git.kernel.org/stable/c/ed48a84a72fefb20a82dd90a7caa7807e90c6f66", "https://linux.oracle.com/cve/CVE-2026-23206.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026021438-CVE-2026-23206-ed03@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23206", "https://www.cve.org/CVERecord?id=CVE-2026-23206" ], "PublishedDate": "2026-02-14T17:15:58.507Z", "LastModifiedDate": "2026-03-19T16:34:27.203Z" }, { "VulnerabilityID": "CVE-2026-23207", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23207", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:296738fa8e17c15cf902ecde32d1e58c72022f21306b96b52ff44f2e45b9ab9e", "Title": "kernel: spi: tegra210-quad: Protect curr_xfer check in IRQ handler", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: tegra210-quad: Protect curr_xfer check in IRQ handler\n\nNow that all other accesses to curr_xfer are done under the lock,\nprotect the curr_xfer NULL check in tegra_qspi_isr_thread() with the\nspinlock. Without this protection, the following race can occur:\n\n CPU0 (ISR thread) CPU1 (timeout path)\n ---------------- -------------------\n if (!tqspi-\u003ecurr_xfer)\n // sees non-NULL\n spin_lock()\n tqspi-\u003ecurr_xfer = NULL\n spin_unlock()\n handle_*_xfer()\n spin_lock()\n t = tqspi-\u003ecurr_xfer // NULL!\n ... t-\u003elen ... // NULL dereference!\n\nWith this patch, all curr_xfer accesses are now properly synchronized.\n\nAlthough all accesses to curr_xfer are done under the lock, in\ntegra_qspi_isr_thread() it checks for NULL, releases the lock and\nreacquires it later in handle_cpu_based_xfer()/handle_dma_based_xfer().\nThere is a potential for an update in between, which could cause a NULL\npointer dereference.\n\nTo handle this, add a NULL check inside the handlers after acquiring\nthe lock. This ensures that if the timeout path has already cleared\ncurr_xfer, the handler will safely return without dereferencing the\nNULL pointer.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362", "CWE-416" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23207", "https://git.kernel.org/linus/edf9088b6e1d6d88982db7eb5e736a0e4fbcc09e (6.19)", "https://git.kernel.org/stable/c/2ac3a105e51496147c0e44e49466eecfcc532d57", "https://git.kernel.org/stable/c/84e926c1c272a35ddb9b86842d32fa833a60dfc7", "https://git.kernel.org/stable/c/edf9088b6e1d6d88982db7eb5e736a0e4fbcc09e", "https://lore.kernel.org/linux-cve-announce/2026021438-CVE-2026-23207-a80c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23207", "https://ubuntu.com/security/notices/USN-8100-1", "https://www.cve.org/CVERecord?id=CVE-2026-23207" ], "PublishedDate": "2026-02-14T17:15:58.61Z", "LastModifiedDate": "2026-04-02T12:16:19.293Z" }, { "VulnerabilityID": "CVE-2026-23208", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23208", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:32b452c3c5a7d27fd82033dad32bbdbf592d7209a19cdb766479bcec76b03fed", "Title": "kernel: ALSA: usb-audio: Prevent excessive number of frames", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Prevent excessive number of frames\n\nIn this case, the user constructed the parameters with maxpacksize 40\nfor rate 22050 / pps 1000, and packsize[0] 22 packsize[1] 23. The buffer\nsize for each data URB is maxpacksize * packets, which in this example\nis 40 * 6 = 240; When the user performs a write operation to send audio\ndata into the ALSA PCM playback stream, the calculated number of frames\nis packsize[0] * packets = 264, which exceeds the allocated URB buffer\nsize, triggering the out-of-bounds (OOB) issue reported by syzbot [1].\n\nAdded a check for the number of single data URB frames when calculating\nthe number of frames to prevent [1].\n\n[1]\nBUG: KASAN: slab-out-of-bounds in copy_to_urb+0x261/0x460 sound/usb/pcm.c:1487\nWrite of size 264 at addr ffff88804337e800 by task syz.0.17/5506\nCall Trace:\n copy_to_urb+0x261/0x460 sound/usb/pcm.c:1487\n prepare_playback_urb+0x953/0x13d0 sound/usb/pcm.c:1611\n prepare_outbound_urb+0x377/0xc50 sound/usb/endpoint.c:333", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23208", "https://git.kernel.org/linus/ef5749ef8b307bf8717945701b1b79d036af0a15 (6.19-rc6)", "https://git.kernel.org/stable/c/282aba56713bbc58155716b55ca7222b2d9cf3c8", "https://git.kernel.org/stable/c/480a1490c595a242f27493a4544b3efb21b29f6a", "https://git.kernel.org/stable/c/62932d9ed639a9fa71b4ac1a56766a4b43abb7e4", "https://git.kernel.org/stable/c/ab0b5e92fc36ee82c1bd01fe896d0f775ed5de41", "https://git.kernel.org/stable/c/c4dc012b027c9eb101583011089dea14d744e314", "https://git.kernel.org/stable/c/d67dde02049e632ba58d3c44a164a74b6a737154", "https://git.kernel.org/stable/c/e0ed5a36fb3ab9e7b9ee45cd17f09f6d5f594360", "https://git.kernel.org/stable/c/ef5749ef8b307bf8717945701b1b79d036af0a15", "https://lore.kernel.org/linux-cve-announce/2026021439-CVE-2026-23208-cc9e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23208", "https://www.cve.org/CVERecord?id=CVE-2026-23208" ], "PublishedDate": "2026-02-14T17:15:58.703Z", "LastModifiedDate": "2026-03-18T20:49:35.557Z" }, { "VulnerabilityID": "CVE-2026-23212", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23212", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:419e53ae8d1a5d3861e1b3d8b8176b148c79a9b3d980795f24720602c0720273", "Title": "kernel: bonding: annotate data-races around slave-\u003elast_rx", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: annotate data-races around slave-\u003elast_rx\n\nslave-\u003elast_rx and slave-\u003etarget_last_arp_rx[...] can be read and written\nlocklessly. Add READ_ONCE() and WRITE_ONCE() annotations.\n\nsyzbot reported:\n\nBUG: KCSAN: data-race in bond_rcv_validate / bond_rcv_validate\n\nwrite to 0xffff888149f0d428 of 8 bytes by interrupt on cpu 1:\n bond_rcv_validate+0x202/0x7a0 drivers/net/bonding/bond_main.c:3335\n bond_handle_frame+0xde/0x5e0 drivers/net/bonding/bond_main.c:1533\n __netif_receive_skb_core+0x5b1/0x1950 net/core/dev.c:6039\n __netif_receive_skb_one_core net/core/dev.c:6150 [inline]\n __netif_receive_skb+0x59/0x270 net/core/dev.c:6265\n netif_receive_skb_internal net/core/dev.c:6351 [inline]\n netif_receive_skb+0x4b/0x2d0 net/core/dev.c:6410\n...\n\nwrite to 0xffff888149f0d428 of 8 bytes by interrupt on cpu 0:\n bond_rcv_validate+0x202/0x7a0 drivers/net/bonding/bond_main.c:3335\n bond_handle_frame+0xde/0x5e0 drivers/net/bonding/bond_main.c:1533\n __netif_receive_skb_core+0x5b1/0x1950 net/core/dev.c:6039\n __netif_receive_skb_one_core net/core/dev.c:6150 [inline]\n __netif_receive_skb+0x59/0x270 net/core/dev.c:6265\n netif_receive_skb_internal net/core/dev.c:6351 [inline]\n netif_receive_skb+0x4b/0x2d0 net/core/dev.c:6410\n br_netif_receive_skb net/bridge/br_input.c:30 [inline]\n NF_HOOK include/linux/netfilter.h:318 [inline]\n...\n\nvalue changed: 0x0000000100005365 -\u003e 0x0000000100005366", "Severity": "MEDIUM", "CweIDs": [ "CWE-367" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23212", "https://git.kernel.org/linus/f6c3665b6dc53c3ab7d31b585446a953a74340ef (6.19-rc8)", "https://git.kernel.org/stable/c/8c0be3277e7aefb2f900fc37ca3fe7df362e26f5", "https://git.kernel.org/stable/c/a7516cb0165926d308187e231ccd330e5e3ebff7", "https://git.kernel.org/stable/c/b956289b83887e0a306067b6003c3fcd81bfdf84", "https://git.kernel.org/stable/c/bd98324e327e41de04b13e372cc16f73150df254", "https://git.kernel.org/stable/c/f6c3665b6dc53c3ab7d31b585446a953a74340ef", "https://linux.oracle.com/cve/CVE-2026-23212.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026021832-CVE-2026-23212-adae@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23212", "https://www.cve.org/CVERecord?id=CVE-2026-23212" ], "PublishedDate": "2026-02-18T15:18:42.47Z", "LastModifiedDate": "2026-03-18T20:37:42.577Z" }, { "VulnerabilityID": "CVE-2026-23213", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23213", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f318e9ec3f6d6e551c0284c0e13c046b5361b2336fcec27fd33bc4fb3736830b", "Title": "kernel: drm/amd/pm: Disable MMIO access during SMU Mode 1 reset", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Disable MMIO access during SMU Mode 1 reset\n\nDuring Mode 1 reset, the ASIC undergoes a reset cycle and becomes\ntemporarily inaccessible via PCIe. Any attempt to access MMIO registers\nduring this window (e.g., from interrupt handlers or other driver threads)\ncan result in uncompleted PCIe transactions, leading to NMI panics or\nsystem hangs.\n\nTo prevent this, set the `no_hw_access` flag to true immediately after\ntriggering the reset. This signals other driver components to skip\nregister accesses while the device is offline.\n\nA memory barrier `smp_mb()` is added to ensure the flag update is\nglobally visible to all cores before the driver enters the sleep/wait\nstate.\n\n(cherry picked from commit 7edb503fe4b6d67f47d8bb0dfafb8e699bb0f8a4)", "Severity": "MEDIUM", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23213", "https://git.kernel.org/linus/0de604d0357d0d22cbf03af1077d174b641707b6 (6.19-rc5)", "https://git.kernel.org/stable/c/0de604d0357d0d22cbf03af1077d174b641707b6", "https://git.kernel.org/stable/c/c1853ebbec980d5c05d431bfd6ded73b1363fd00", "https://git.kernel.org/stable/c/cd7ff7fd3e4b77f0b5a292e0926532eaa07c5162", "https://linux.oracle.com/cve/CVE-2026-23213.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026021800-CVE-2026-23213-c699@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23213", "https://www.cve.org/CVERecord?id=CVE-2026-23213" ], "PublishedDate": "2026-02-18T15:18:42.6Z", "LastModifiedDate": "2026-03-18T20:35:21.567Z" }, { "VulnerabilityID": "CVE-2026-23214", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23214", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:155ad07c605813b5178d27d8e8b9f1d736d8f506174665de636b40b813e7bdc3", "Title": "kernel: btrfs: reject new transactions if the fs is fully read-only", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: reject new transactions if the fs is fully read-only\n\n[BUG]\nThere is a bug report where a heavily fuzzed fs is mounted with all\nrescue mount options, which leads to the following warnings during\nunmount:\n\n BTRFS: Transaction aborted (error -22)\n Modules linked in:\n CPU: 0 UID: 0 PID: 9758 Comm: repro.out Not tainted\n 6.19.0-rc5-00002-gb71e635feefc #7 PREEMPT(full)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n RIP: 0010:find_free_extent_update_loop fs/btrfs/extent-tree.c:4208 [inline]\n RIP: 0010:find_free_extent+0x52f0/0x5d20 fs/btrfs/extent-tree.c:4611\n Call Trace:\n \u003cTASK\u003e\n btrfs_reserve_extent+0x2cd/0x790 fs/btrfs/extent-tree.c:4705\n btrfs_alloc_tree_block+0x1e1/0x10e0 fs/btrfs/extent-tree.c:5157\n btrfs_force_cow_block+0x578/0x2410 fs/btrfs/ctree.c:517\n btrfs_cow_block+0x3c4/0xa80 fs/btrfs/ctree.c:708\n btrfs_search_slot+0xcad/0x2b50 fs/btrfs/ctree.c:2130\n btrfs_truncate_inode_items+0x45d/0x2350 fs/btrfs/inode-item.c:499\n btrfs_evict_inode+0x923/0xe70 fs/btrfs/inode.c:5628\n evict+0x5f4/0xae0 fs/inode.c:837\n __dentry_kill+0x209/0x660 fs/dcache.c:670\n finish_dput+0xc9/0x480 fs/dcache.c:879\n shrink_dcache_for_umount+0xa0/0x170 fs/dcache.c:1661\n generic_shutdown_super+0x67/0x2c0 fs/super.c:621\n kill_anon_super+0x3b/0x70 fs/super.c:1289\n btrfs_kill_super+0x41/0x50 fs/btrfs/super.c:2127\n deactivate_locked_super+0xbc/0x130 fs/super.c:474\n cleanup_mnt+0x425/0x4c0 fs/namespace.c:1318\n task_work_run+0x1d4/0x260 kernel/task_work.c:233\n exit_task_work include/linux/task_work.h:40 [inline]\n do_exit+0x694/0x22f0 kernel/exit.c:971\n do_group_exit+0x21c/0x2d0 kernel/exit.c:1112\n __do_sys_exit_group kernel/exit.c:1123 [inline]\n __se_sys_exit_group kernel/exit.c:1121 [inline]\n __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1121\n x64_sys_call+0x2210/0x2210 arch/x86/include/generated/asm/syscalls_64.h:232\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xe8/0xf80 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x44f639\n Code: Unable to access opcode bytes at 0x44f60f.\n RSP: 002b:00007ffc15c4e088 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\n RAX: ffffffffffffffda RBX: 00000000004c32f0 RCX: 000000000044f639\n RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001\n RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004c32f0\n R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001\n \u003c/TASK\u003e\n\nSince rescue mount options will mark the full fs read-only, there should\nbe no new transaction triggered.\n\nBut during unmount we will evict all inodes, which can trigger a new\ntransaction, and triggers warnings on a heavily corrupted fs.\n\n[CAUSE]\nBtrfs allows new transaction even on a read-only fs, this is to allow\nlog replay happen even on read-only mounts, just like what ext4/xfs do.\n\nHowever with rescue mount options, the fs is fully read-only and cannot\nbe remounted read-write, thus in that case we should also reject any new\ntransactions.\n\n[FIX]\nIf we find the fs has rescue mount options, we should treat the fs as\nerror, so that no new transaction can be started.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "V3Score": 5.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23214", "https://git.kernel.org/linus/1972f44c189c8aacde308fa9284e474c1a5cbd9f (6.19-rc7)", "https://git.kernel.org/stable/c/1972f44c189c8aacde308fa9284e474c1a5cbd9f", "https://git.kernel.org/stable/c/3228b2eceb6c3d7e237f8a5330113dbd164fb90d", "https://git.kernel.org/stable/c/a928eecf030a9a5dc5f5ca98332699f379b91963", "https://linux.oracle.com/cve/CVE-2026-23214.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026021800-CVE-2026-23214-c822@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23214", "https://www.cve.org/CVERecord?id=CVE-2026-23214" ], "PublishedDate": "2026-02-18T15:18:42.717Z", "LastModifiedDate": "2026-03-18T20:34:47.867Z" }, { "VulnerabilityID": "CVE-2026-23215", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23215", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:84513eb3df9eae4b81fffdbabf36d8a4c28bb0fea2085159779edf66af21c4ca", "Title": "kernel: x86/vmware: Fix hypercall clobbers", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/vmware: Fix hypercall clobbers\n\nFedora QA reported the following panic:\n\n BUG: unable to handle page fault for address: 0000000040003e54\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS edk2-20251119-3.fc43 11/19/2025\n RIP: 0010:vmware_hypercall4.constprop.0+0x52/0x90\n ..\n Call Trace:\n vmmouse_report_events+0x13e/0x1b0\n psmouse_handle_byte+0x15/0x60\n ps2_interrupt+0x8a/0xd0\n ...\n\nbecause the QEMU VMware mouse emulation is buggy, and clears the top 32\nbits of %rdi that the kernel kept a pointer in.\n\nThe QEMU vmmouse driver saves and restores the register state in a\n\"uint32_t data[6];\" and as a result restores the state with the high\nbits all cleared.\n\nRDI originally contained the value of a valid kernel stack address\n(0xff5eeb3240003e54). After the vmware hypercall it now contains\n0x40003e54, and we get a page fault as a result when it is dereferenced.\n\nThe proper fix would be in QEMU, but this works around the issue in the\nkernel to keep old setups working, when old kernels had not happened to\nkeep any state in %rdi over the hypercall.\n\nIn theory this same issue exists for all the hypercalls in the vmmouse\ndriver; in practice it has only been seen with vmware_hypercall3() and\nvmware_hypercall4(). For now, just mark RDI/RSI as clobbered for those\ntwo calls. This should have a minimal effect on code generation overall\nas it should be rare for the compiler to want to make RDI/RSI live\nacross hypercalls.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23215", "https://git.kernel.org/linus/2687c848e57820651b9f69d30c4710f4219f7dbf (6.19)", "https://git.kernel.org/stable/c/2687c848e57820651b9f69d30c4710f4219f7dbf", "https://git.kernel.org/stable/c/2f467a92df61eb516a4ec36ee16234dd4e5ccf00", "https://git.kernel.org/stable/c/feb603a69f830acb58f78d604f0c29e63cd38f87", "https://linux.oracle.com/cve/CVE-2026-23215.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026021800-CVE-2026-23215-3294@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23215", "https://www.cve.org/CVERecord?id=CVE-2026-23215" ], "PublishedDate": "2026-02-18T15:18:42.843Z", "LastModifiedDate": "2026-03-18T20:30:20.19Z" }, { "VulnerabilityID": "CVE-2026-23216", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23216", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:fa52f9e9f20f62a7722f77d20823d01b062a821757dc8fc59d36d19b800daef1", "Title": "kernel: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()\n\nIn iscsit_dec_conn_usage_count(), the function calls complete() while\nholding the conn-\u003econn_usage_lock. As soon as complete() is invoked, the\nwaiter (such as iscsit_close_connection()) may wake up and proceed to free\nthe iscsit_conn structure.\n\nIf the waiter frees the memory before the current thread reaches\nspin_unlock_bh(), it results in a KASAN slab-use-after-free as the function\nattempts to release a lock within the already-freed connection structure.\n\nFix this by releasing the spinlock before calling complete().", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "azure": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23216", "https://git.kernel.org/linus/9411a89e9e7135cc459178fa77a3f1d6191ae903 (6.19-rc7)", "https://git.kernel.org/stable/c/275016a551ba1a068a3bd6171b18611726b67110", "https://git.kernel.org/stable/c/3835e49e146a4e6e7787b29465f1a23379b6ec44", "https://git.kernel.org/stable/c/48fe983e92de2c59d143fe38362ad17ba23ec7f3", "https://git.kernel.org/stable/c/73b487d44bf4f92942629d578381f89c326ff77f", "https://git.kernel.org/stable/c/8518f072fc92921418cd9ed4268dd4f3e9a8fd75", "https://git.kernel.org/stable/c/9411a89e9e7135cc459178fa77a3f1d6191ae903", "https://git.kernel.org/stable/c/ba684191437380a07b27666eb4e72748be1ea201", "https://linux.oracle.com/cve/CVE-2026-23216.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026021800-CVE-2026-23216-6c63@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23216", "https://www.cve.org/CVERecord?id=CVE-2026-23216" ], "PublishedDate": "2026-02-18T15:18:42.957Z", "LastModifiedDate": "2026-03-18T20:28:20.997Z" }, { "VulnerabilityID": "CVE-2026-23217", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23217", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7a11f4e5dc528fb603bc3e5c463a9a08fcfa380fee2290891280179ac1d8eca0", "Title": "kernel: riscv: trace: fix snapshot deadlock with sbi ecall", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: trace: fix snapshot deadlock with sbi ecall\n\nIf sbi_ecall.c's functions are traceable,\n\necho \"__sbi_ecall:snapshot\" \u003e /sys/kernel/tracing/set_ftrace_filter\n\nmay get the kernel into a deadlock.\n\n(Functions in sbi_ecall.c are excluded from tracing if\nCONFIG_RISCV_ALTERNATIVE_EARLY is set.)\n\n__sbi_ecall triggers a snapshot of the ringbuffer. The snapshot code\nraises an IPI interrupt, which results in another call to __sbi_ecall\nand another snapshot...\n\nAll it takes to get into this endless loop is one initial __sbi_ecall.\nOn RISC-V systems without SSTC extension, the clock events in\ntimer-riscv.c issue periodic sbi ecalls, making the problem easy to\ntrigger.\n\nAlways exclude the sbi_ecall.c functions from tracing to fix the\npotential deadlock.\n\nsbi ecalls can easiliy be logged via trace events, excluding ecall\nfunctions from function tracing is not a big limitation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "nvd": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23217", "https://git.kernel.org/linus/b0d7f5f0c9f05f1b6d4ee7110f15bef9c11f9df0 (6.19-rc5)", "https://git.kernel.org/stable/c/b0d7f5f0c9f05f1b6d4ee7110f15bef9c11f9df0", "https://git.kernel.org/stable/c/b1f8285bc8e3508c1fde23b5205f1270215d4984", "https://lore.kernel.org/linux-cve-announce/2026021800-CVE-2026-23217-f399@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23217", "https://www.cve.org/CVERecord?id=CVE-2026-23217" ], "PublishedDate": "2026-02-18T15:18:43.08Z", "LastModifiedDate": "2026-03-18T17:36:43.673Z" }, { "VulnerabilityID": "CVE-2026-23220", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23220", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0af3aa8fdc45e679be66ed1b31d8bc91f58f6edde16f96a7b694d278a96d129d", "Title": "kernel: ksmbd: fix infinite loop caused by next_smb2_rcv_hdr_off reset in error paths", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix infinite loop caused by next_smb2_rcv_hdr_off reset in error paths\n\nThe problem occurs when a signed request fails smb2 signature verification\ncheck. In __process_request(), if check_sign_req() returns an error,\nset_smb2_rsp_status(work, STATUS_ACCESS_DENIED) is called.\nset_smb2_rsp_status() set work-\u003enext_smb2_rcv_hdr_off as zero. By resetting\nnext_smb2_rcv_hdr_off to zero, the pointer to the next command in the chain\nis lost. Consequently, is_chained_smb2_message() continues to point to\nthe same request header instead of advancing. If the header's NextCommand\nfield is non-zero, the function returns true, causing __handle_ksmbd_work()\nto repeatedly process the same failed request in an infinite loop.\nThis results in the kernel log being flooded with \"bad smb2 signature\"\nmessages and high CPU usage.\n\nThis patch fixes the issue by changing the return value from\nSERVER_HANDLER_CONTINUE to SERVER_HANDLER_ABORT. This ensures that\nthe processing loop terminates immediately rather than attempting to\ncontinue from an invalidated offset.", "Severity": "MEDIUM", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23220", "https://git.kernel.org/stable/c/010eb01ce23b34b50531448b0da391c7f05a72af", "https://git.kernel.org/stable/c/5accdc5b7f28a81bbc5880ac0b8886e60c86e8c8", "https://git.kernel.org/stable/c/71b5e7c528315ca360a1825a4ad2f8ae48c5dc16", "https://git.kernel.org/stable/c/9135e791ec2709bcf0cda0335535c74762489498", "https://git.kernel.org/stable/c/f7b1c2f5642bbd60b1beef1f3298cbac81eb232c", "https://git.kernel.org/stable/c/fb3b66bd72deb5543addaefa67963b34fb163a7b", "https://linux.oracle.com/cve/CVE-2026-23220.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026021806-CVE-2026-23220-efda@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23220", "https://www.cve.org/CVERecord?id=CVE-2026-23220" ], "PublishedDate": "2026-02-18T16:22:31.7Z", "LastModifiedDate": "2026-03-18T14:52:29.85Z" }, { "VulnerabilityID": "CVE-2026-23221", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23221", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2c943e4c6d469c6f521efcf4fe63d8bd501631f5213b785d0545f72e3d19be18", "Title": "kernel: bus: fsl-mc: fix use-after-free in driver_override_show()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: fsl-mc: fix use-after-free in driver_override_show()\n\nThe driver_override_show() function reads the driver_override string\nwithout holding the device_lock. However, driver_override_store() uses\ndriver_set_override(), which modifies and frees the string while holding\nthe device_lock.\n\nThis can result in a concurrent use-after-free if the string is freed\nby the store function while being read by the show function.\n\nFix this by holding the device_lock around the read operation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "azure": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23221", "https://git.kernel.org/stable/c/148891e95014b5dc5878acefa57f1940c281c431", "https://git.kernel.org/stable/c/1d6bd6183e723a7b256ff34bbb5b498b5f4f2ec0", "https://git.kernel.org/stable/c/a2ae33e1c6361e960a4d00f7cf75d880b54f9528", "https://git.kernel.org/stable/c/b1983840287303e0dfb401b1b6cecc5ea7471e90", "https://git.kernel.org/stable/c/c424e72cfa67e7e1477035058a8a659f2c0ea637", "https://git.kernel.org/stable/c/c71dfb7833db7af652ee8f65011f14c97c47405d", "https://git.kernel.org/stable/c/dd8ba8c0c3f3916d4ee1e3a09da9cd5caff5d227", "https://linux.oracle.com/cve/CVE-2026-23221.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026021806-CVE-2026-23221-43ae@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23221", "https://www.cve.org/CVERecord?id=CVE-2026-23221" ], "PublishedDate": "2026-02-18T16:22:31.82Z", "LastModifiedDate": "2026-03-18T14:50:04.377Z" }, { "VulnerabilityID": "CVE-2026-23222", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23222", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a6c6e7ea34c5bb220812d5629f430be0bad4ecb68085727ad2e9bdd521ee55b9", "Title": "kernel: crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly\n\nThe existing allocation of scatterlists in omap_crypto_copy_sg_lists()\nwas allocating an array of scatterlist pointers, not scatterlist objects,\nresulting in a 4x too small allocation.\n\nUse sizeof(*new_sg) to get the correct object size.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23222", "https://git.kernel.org/stable/c/1562b1fb7e17c1b3addb15e125c718b2be7f5512", "https://git.kernel.org/stable/c/2ed27b5a1174351148c3adbfc0cd86d54072ba2e", "https://git.kernel.org/stable/c/31aff96a41ae6f1f1687c065607875a27c364da8", "https://git.kernel.org/stable/c/6edf8df4bd29f7bfd245b67b2c31d905f1cfc14b", "https://git.kernel.org/stable/c/79f95b51d4278044013672c27519ae88d07013d8", "https://git.kernel.org/stable/c/953c81941b0ad373674656b8767c00234ebf17ac", "https://git.kernel.org/stable/c/c184341920ed78b6466360ed7b45b8922586c38f", "https://git.kernel.org/stable/c/d1836c628cb72734eb5f7dfd4c996a9c18bba3ad", "https://linux.oracle.com/cve/CVE-2026-23222.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026021806-CVE-2026-23222-3958@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23222", "https://www.cve.org/CVERecord?id=CVE-2026-23222" ], "PublishedDate": "2026-02-18T16:22:31.92Z", "LastModifiedDate": "2026-04-02T15:16:23.297Z" }, { "VulnerabilityID": "CVE-2026-23226", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23226", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6b8269d265809e27c95a261a6c744510d16eb9157f61601c2458910169578a1c", "Title": "kernel: ksmbd: add chann_lock to protect ksmbd_chann_list xarray", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: add chann_lock to protect ksmbd_chann_list xarray\n\nksmbd_chann_list xarray lacks synchronization, allowing use-after-free in\nmulti-channel sessions (between lookup_chann_list() and ksmbd_chann_del).\n\nAdds rw_semaphore chann_lock to struct ksmbd_session and protects\nall xa_load/xa_store/xa_erase accesses.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23226", "https://git.kernel.org/stable/c/36ef605c0395b94b826a8c8d6f2697071173de6e", "https://git.kernel.org/stable/c/4c2ca31608521895dd742a43beca4b4d29762345", "https://git.kernel.org/stable/c/4f3a06cc57976cafa8c6f716646be6c79a99e485", "https://git.kernel.org/stable/c/e4a8a96a93d08570e0405cfd989a8a07e5b6ff33", "https://lore.kernel.org/linux-cve-announce/2026021807-CVE-2026-23226-438c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23226", "https://www.cve.org/CVERecord?id=CVE-2026-23226" ], "PublishedDate": "2026-02-18T16:22:32.363Z", "LastModifiedDate": "2026-04-02T15:16:23.97Z" }, { "VulnerabilityID": "CVE-2026-23227", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23227", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8d52c86233dbe2b364c5cfadcf250a1fb0fa1573d79b79553785e76bcc113f6a", "Title": "kernel: drm/exynos: vidi: use ctx-\u003elock to protect struct vidi_context member variables related to memory alloc/free", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/exynos: vidi: use ctx-\u003elock to protect struct vidi_context member variables related to memory alloc/free\n\nExynos Virtual Display driver performs memory alloc/free operations\nwithout lock protection, which easily causes concurrency problem.\n\nFor example, use-after-free can occur in race scenario like this:\n```\n\tCPU0\t\t\t\tCPU1\t\t\t\tCPU2\n\t----\t\t\t\t----\t\t\t\t----\n vidi_connection_ioctl()\n if (vidi-\u003econnection) // true\n drm_edid = drm_edid_alloc(); // alloc drm_edid\n ...\n ctx-\u003eraw_edid = drm_edid;\n ...\n\t\t\t\t\t\t\t\tdrm_mode_getconnector()\n\t\t\t\t\t\t\t\t drm_helper_probe_single_connector_modes()\n\t\t\t\t\t\t\t\t vidi_get_modes()\n\t\t\t\t\t\t\t\t if (ctx-\u003eraw_edid) // true\n\t\t\t\t\t\t\t\t drm_edid_dup(ctx-\u003eraw_edid);\n\t\t\t\t\t\t\t\t if (!drm_edid) // false\n\t\t\t\t\t\t\t\t ...\n\t\t\t\tvidi_connection_ioctl()\n\t\t\t\t if (vidi-\u003econnection) // false\n\t\t\t\t drm_edid_free(ctx-\u003eraw_edid); // free drm_edid\n\t\t\t\t ...\n\t\t\t\t\t\t\t\t drm_edid_alloc(drm_edid-\u003eedid)\n\t\t\t\t\t\t\t\t kmemdup(edid); // UAF!!\n\t\t\t\t\t\t\t\t ...\n```\n\nTo prevent these vulns, at least in vidi_context, member variables related\nto memory alloc/free should be protected with ctx-\u003elock.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23227", "https://git.kernel.org/stable/c/0cd2c155740dbd00868ac5a8ae5d14cd6b9ed385", "https://git.kernel.org/stable/c/1b24d3e8792bcc050c70e8e0dea6b49c4fc63b13", "https://git.kernel.org/stable/c/52b330799e2d6f825ae2bb74662ec1b10eb954bb", "https://git.kernel.org/stable/c/60b75407c172e1f341a8a5097c5cbc97dbbdd893", "https://git.kernel.org/stable/c/92dd1f38d7db75374dcdaf54f1d79d67bffd54e5", "https://git.kernel.org/stable/c/abfdf449fb3d7b42e85a1ad1c8694b768b1582f4", "https://lore.kernel.org/linux-cve-announce/2026021807-CVE-2026-23227-6986@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23227", "https://www.cve.org/CVERecord?id=CVE-2026-23227" ], "PublishedDate": "2026-02-18T16:22:32.467Z", "LastModifiedDate": "2026-04-02T15:16:24.193Z" }, { "VulnerabilityID": "CVE-2026-23228", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23228", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2af1f25a9fe4609d4634bcbf37bdc67aba247ae7fe381b0ad6af56aefd531e5b", "Title": "kernel: smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection()\n\nOn kthread_run() failure in ksmbd_tcp_new_connection(), the transport is\nfreed via free_transport(), which does not decrement active_num_conn,\nleaking this counter.\n\nReplace free_transport() with ksmbd_tcp_disconnect().", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23228", "https://git.kernel.org/stable/c/599271110c35f6b16e2e4e45b9fbd47ed378c982", "https://git.kernel.org/stable/c/6dd2645cf080a75be31fa66063c7332b291f46f0", "https://git.kernel.org/stable/c/77ffbcac4e569566d0092d5f22627dfc0896b553", "https://git.kernel.org/stable/c/787769c8cc50416af7b8b1a36e6bcd6aaa7680aa", "https://git.kernel.org/stable/c/7ddd69cd1338c6197e1b6b19cec60d99c8633e4f", "https://git.kernel.org/stable/c/baf664fc90a6139a39a58333e4aaa390c10d45dc", "https://git.kernel.org/stable/c/cd25e0d809531a67e9dd53b19012d27d2b13425f", "https://linux.oracle.com/cve/CVE-2026-23228.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026021807-CVE-2026-23228-647c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23228", "https://www.cve.org/CVERecord?id=CVE-2026-23228" ], "PublishedDate": "2026-02-18T16:22:32.58Z", "LastModifiedDate": "2026-03-18T13:27:53.357Z" }, { "VulnerabilityID": "CVE-2026-23229", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23229", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d47eb46c689a5053943caa642f9b88b7c55416f64693399048c9e856f62e087a", "Title": "kernel: Kernel: Denial of Service in virtio-crypto due to missing spinlock protection", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: virtio - Add spinlock protection with virtqueue notification\n\nWhen VM boots with one virtio-crypto PCI device and builtin backend,\nrun openssl benchmark command with multiple processes, such as\n openssl speed -evp aes-128-cbc -engine afalg -seconds 10 -multi 32\n\nopenssl processes will hangup and there is error reported like this:\n virtio_crypto virtio0: dataq.0:id 3 is not a head!\n\nIt seems that the data virtqueue need protection when it is handled\nfor virtio done notification. If the spinlock protection is added\nin virtcrypto_done_task(), openssl benchmark with multiple processes\nworks well.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23229", "https://git.kernel.org/stable/c/49c57c6c108931a914ed94e3c0ddb974008260a3", "https://git.kernel.org/stable/c/552475d0b6cece73a52c0fa5faa0ce45e99df74b", "https://git.kernel.org/stable/c/8ee8ccfd60bf17cbdab91069d324b5302f4f3a30", "https://git.kernel.org/stable/c/b505047ffc8057555900d2d3a005d033e6967382", "https://git.kernel.org/stable/c/c0a0ded3bb7fd45f720faa48449a930153257d3a", "https://git.kernel.org/stable/c/c9e594194795c86ca753ad6ed64c2762e9309d0d", "https://git.kernel.org/stable/c/d6f0d586808689963e58fd739bed626ff5013b24", "https://git.kernel.org/stable/c/e69a7b0a71b6561b3b6459f1fded8d589f2e8ac2", "https://linux.oracle.com/cve/CVE-2026-23229.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026021808-CVE-2026-23229-9dfe@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23229", "https://www.cve.org/CVERecord?id=CVE-2026-23229" ], "PublishedDate": "2026-02-18T16:22:32.693Z", "LastModifiedDate": "2026-03-18T13:25:23.1Z" }, { "VulnerabilityID": "CVE-2026-23234", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23234", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6f079094add0865f0084ffebaa87bdc3b5aaacec41347546d75768f84ff77afa", "Title": "kernel: f2fs: fix to avoid UAF in f2fs_write_end_io()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid UAF in f2fs_write_end_io()\n\nAs syzbot reported an use-after-free issue in f2fs_write_end_io().\n\nIt is caused by below race condition:\n\nloop device\t\t\t\tumount\n- worker_thread\n - loop_process_work\n - do_req_filebacked\n - lo_rw_aio\n - lo_rw_aio_complete\n - blk_mq_end_request\n - blk_update_request\n - f2fs_write_end_io\n - dec_page_count\n - folio_end_writeback\n\t\t\t\t\t- kill_f2fs_super\n\t\t\t\t\t - kill_block_super\n\t\t\t\t\t - f2fs_put_super\n\t\t\t\t\t : free(sbi)\n : get_pages(, F2FS_WB_CP_DATA)\n accessed sbi which is freed\n\nIn kill_f2fs_super(), we will drop all page caches of f2fs inodes before\ncall free(sbi), it guarantee that all folios should end its writeback, so\nit should be safe to access sbi before last folio_end_writeback().\n\nLet's relocate ckpt thread wakeup flow before folio_end_writeback() to\nresolve this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 3, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23234", "https://git.kernel.org/linus/ce2739e482bce8d2c014d76c4531c877f382aa54 (7.0-rc1)", "https://git.kernel.org/stable/c/0fb58aff0dafd6837cc91f4154f3ed6e020358fa", "https://git.kernel.org/stable/c/2f67ff1e15a8a4d0e4ffc6564ab20d03d7398fe9", "https://git.kernel.org/stable/c/505e1c0530db6152cab3feef8e3e4da3d3e358c9", "https://git.kernel.org/stable/c/995030be4ce6338c6ff814583c14166446a64008", "https://git.kernel.org/stable/c/a42f99be8a16b32a0bb91bb6dda212a6ad61be5d", "https://git.kernel.org/stable/c/acc2c97fc0005846e5cf11b5ba3189fef130c9b3", "https://git.kernel.org/stable/c/ce2739e482bce8d2c014d76c4531c877f382aa54", "https://git.kernel.org/stable/c/cf4a9e1bc8129eb63fda5f8bdcd8d87f0bd76f42", "https://linux.oracle.com/cve/CVE-2026-23234.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026030439-CVE-2026-23234-5cef@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23234", "https://www.cve.org/CVERecord?id=CVE-2026-23234" ], "PublishedDate": "2026-03-04T15:16:13.79Z", "LastModifiedDate": "2026-03-17T21:21:25.823Z" }, { "VulnerabilityID": "CVE-2026-23235", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23235", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:07b6b70429ebeefebb1424ee7875afea53b13f5008315e6e9988c1aa7d6633d7", "Title": "kernel: f2fs: fix out-of-bounds access in sysfs attribute read/write", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix out-of-bounds access in sysfs attribute read/write\n\nSome f2fs sysfs attributes suffer from out-of-bounds memory access and\nincorrect handling of integer values whose size is not 4 bytes.\n\nFor example:\nvm:~# echo 65537 \u003e /sys/fs/f2fs/vde/carve_out\nvm:~# cat /sys/fs/f2fs/vde/carve_out\n65537\nvm:~# echo 4294967297 \u003e /sys/fs/f2fs/vde/atgc_age_threshold\nvm:~# cat /sys/fs/f2fs/vde/atgc_age_threshold\n1\n\ncarve_out maps to {struct f2fs_sb_info}-\u003ecarve_out, which is a 8-bit\ninteger. However, the sysfs interface allows setting it to a value\nlarger than 255, resulting in an out-of-range update.\n\natgc_age_threshold maps to {struct atgc_management}-\u003eage_threshold,\nwhich is a 64-bit integer, but its sysfs interface cannot correctly set\nvalues larger than UINT_MAX.\n\nThe root causes are:\n1. __sbi_store() treats all default values as unsigned int, which\nprevents updating integers larger than 4 bytes and causes out-of-bounds\nwrites for integers smaller than 4 bytes.\n\n2. f2fs_sbi_show() also assumes all default values are unsigned int,\nleading to out-of-bounds reads and incorrect access to integers larger\nthan 4 bytes.\n\nThis patch introduces {struct f2fs_attr}-\u003esize to record the actual size\nof the integer associated with each sysfs attribute. With this\ninformation, sysfs read and write operations can correctly access and\nupdate values according to their real data size, avoiding memory\ncorruption and truncation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "nvd": 3, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23235", "https://git.kernel.org/linus/98ea0039dbfdd00e5cc1b9a8afa40434476c0955 (7.0-rc1)", "https://git.kernel.org/stable/c/3a905e183c047577b154f08a78ac3039e9454703", "https://git.kernel.org/stable/c/438a405fbad6882df0e34b3e1a16839a71f04240", "https://git.kernel.org/stable/c/4ef30b9f1641c9e877792df6b049f1cf507d002d", "https://git.kernel.org/stable/c/6a6c07a9b49e43f0df42d7118fc76aa555c73d98", "https://git.kernel.org/stable/c/98ea0039dbfdd00e5cc1b9a8afa40434476c0955", "https://git.kernel.org/stable/c/d4a594dd952df123cbdcdee9b9640d9d55e4a954", "https://git.kernel.org/stable/c/e85a99db9ab85dfc30d93b0ca0e9156f3127f55a", "https://git.kernel.org/stable/c/eebd72cff518ac87e660aefb8a41224bd88c32ce", "https://linux.oracle.com/cve/CVE-2026-23235.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026030440-CVE-2026-23235-3b8d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23235", "https://www.cve.org/CVERecord?id=CVE-2026-23235" ], "PublishedDate": "2026-03-04T15:16:13.977Z", "LastModifiedDate": "2026-03-17T21:20:33.457Z" }, { "VulnerabilityID": "CVE-2026-23236", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23236", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:472a4a3834fa3b8a139aeddfad15b2e14eae647b67e92bc1ff9423ee7d81d0c1", "Title": "kernel: fbdev: smscufx: properly copy ioctl memory to kernelspace", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: smscufx: properly copy ioctl memory to kernelspace\n\nThe UFX_IOCTL_REPORT_DAMAGE ioctl does not properly copy data from\nuserspace to kernelspace, and instead directly references the memory,\nwhich can cause problems if invalid data is passed from userspace. Fix\nthis all up by correctly copying the memory before accessing it within\nthe kernel.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23236", "https://git.kernel.org/linus/120adae7b42faa641179270c067864544a50ab69 (7.0-rc1)", "https://git.kernel.org/stable/c/061cfeb560aa3ddc174153dbe5be9d0b55eb7248", "https://git.kernel.org/stable/c/0634e8d650993602fc5b389ff7ac525f6542e141", "https://git.kernel.org/stable/c/120adae7b42faa641179270c067864544a50ab69", "https://git.kernel.org/stable/c/1c008ad0f0d1c1523902b9cdb08e404129677bfc", "https://git.kernel.org/stable/c/52917e265aa5f848212f60fc50fc504d8ef12866", "https://git.kernel.org/stable/c/6167af934f956d3ae1e06d61f45cd0d1004bbe1a", "https://git.kernel.org/stable/c/a0321e6e58facb39fe191caa0e52ed9aab6a48fe", "https://git.kernel.org/stable/c/f1e91bd4efeae48b0f42caed7e8ce2e3a0d05b02", "https://linux.oracle.com/cve/CVE-2026-23236.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026030440-CVE-2026-23236-b419@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23236", "https://www.cve.org/CVERecord?id=CVE-2026-23236" ], "PublishedDate": "2026-03-04T15:16:14.173Z", "LastModifiedDate": "2026-04-02T15:16:24.923Z" }, { "VulnerabilityID": "CVE-2026-23237", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23237", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b2b839fc8012c36d51d61be84ac0f03f745f41cc814125ee23122d793a590719", "Title": "kernel: platform/x86: classmate-laptop: Add missing NULL pointer checks", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: classmate-laptop: Add missing NULL pointer checks\n\nIn a few places in the Classmate laptop driver, code using the accel\nobject may run before that object's address is stored in the driver\ndata of the input device using it.\n\nFor example, cmpc_accel_sensitivity_store_v4() is the \"show\" method\nof cmpc_accel_sensitivity_attr_v4 which is added in cmpc_accel_add_v4(),\nbefore calling dev_set_drvdata() for inputdev-\u003edev. If the sysfs\nattribute is accessed prematurely, the dev_get_drvdata(\u0026inputdev-\u003edev)\ncall in in cmpc_accel_sensitivity_store_v4() returns NULL which\nleads to a NULL pointer dereference going forward.\n\nMoreover, sysfs attributes using the input device are added before\ninitializing that device by cmpc_add_acpi_notify_device() and if one\nof them is accessed before running that function, a NULL pointer\ndereference will occur.\n\nFor example, cmpc_accel_sensitivity_attr_v4 is added before calling\ncmpc_add_acpi_notify_device() and if it is read prematurely, the\ndev_get_drvdata(\u0026acpi-\u003edev) call in cmpc_accel_sensitivity_show_v4()\nreturns NULL which leads to a NULL pointer dereference going forward.\n\nFix this by adding NULL pointer checks in all of the relevant places.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23237", "https://git.kernel.org/linus/fe747d7112283f47169e9c16e751179a9b38611e (6.19)", "https://git.kernel.org/stable/c/97528b1622b8f129574d29a571c32a3c85eafa3c", "https://git.kernel.org/stable/c/993708fc18d0d0919db438361b4e8c1f980a8d1b", "https://git.kernel.org/stable/c/9cf4b9b8ad09d6e05307abc4e951cabdff4be652", "https://git.kernel.org/stable/c/af673209d43b46257540997aba042b90ef3258c0", "https://git.kernel.org/stable/c/da6e06a5fdbabea3870d18c227734b5dea5b3be6", "https://git.kernel.org/stable/c/eb214804f03c829decf10998e9b7dd26f4c8ab9e", "https://git.kernel.org/stable/c/fe747d7112283f47169e9c16e751179a9b38611e", "https://linux.oracle.com/cve/CVE-2026-23237.html", "https://linux.oracle.com/errata/ELSA-2026-50160.html", "https://lore.kernel.org/linux-cve-announce/2026030436-CVE-2026-23237-f6fb@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23237", "https://www.cve.org/CVERecord?id=CVE-2026-23237" ], "PublishedDate": "2026-03-04T15:16:14.35Z", "LastModifiedDate": "2026-03-17T21:16:04.753Z" }, { "VulnerabilityID": "CVE-2026-23238", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23238", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d8e8995eca9f57e2f6982f7f04db5b877718764d6317342ffa46968f498a7692", "Title": "kernel: romfs: check sb_set_blocksize() return value", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nromfs: check sb_set_blocksize() return value\n\nromfs_fill_super() ignores the return value of sb_set_blocksize(), which\ncan fail if the requested block size is incompatible with the block\ndevice's configuration.\n\nThis can be triggered by setting a loop device's block size larger than\nPAGE_SIZE using ioctl(LOOP_SET_BLOCK_SIZE, 32768), then mounting a romfs\nfilesystem on that device.\n\nWhen sb_set_blocksize(sb, ROMBSIZE) is called with ROMBSIZE=4096 but the\ndevice has logical_block_size=32768, bdev_validate_blocksize() fails\nbecause the requested size is smaller than the device's logical block\nsize. sb_set_blocksize() returns 0 (failure), but romfs ignores this and\ncontinues mounting.\n\nThe superblock's block size remains at the device's logical block size\n(32768). Later, when sb_bread() attempts I/O with this oversized block\nsize, it triggers a kernel BUG in folio_set_bh():\n\n kernel BUG at fs/buffer.c:1582!\n BUG_ON(size \u003e PAGE_SIZE);\n\nFix by checking the return value of sb_set_blocksize() and failing the\nmount with -EINVAL if it returns 0.", "Severity": "MEDIUM", "CweIDs": [ "CWE-617" ], "VendorSeverity": { "amazon": 3, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23238", "https://git.kernel.org/linus/ab7ad7abb3660c58ffffdf07ff3bb976e7e0afa0 (6.19-rc8)", "https://git.kernel.org/stable/c/2c5829cd8fbbc91568c520b666898f57cdcb8cf6", "https://git.kernel.org/stable/c/4b71ad7676564a94ec5f7d18298f51e8ae53db73", "https://git.kernel.org/stable/c/9b203b8ddd7359270e8a694d0584743555128e2c", "https://git.kernel.org/stable/c/a381f0f61b35c8894b0bd0d6acef2d8f9b08b244", "https://git.kernel.org/stable/c/ab7ad7abb3660c58ffffdf07ff3bb976e7e0afa0", "https://git.kernel.org/stable/c/cbd9931e6456822067725354d83446c5bb813030", "https://git.kernel.org/stable/c/f2521ab1f63a8c244f06a080319e5ff9a2e1bd95", "https://lore.kernel.org/linux-cve-announce/2026030436-CVE-2026-23238-47f3@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23238", "https://www.cve.org/CVERecord?id=CVE-2026-23238" ], "PublishedDate": "2026-03-04T15:16:14.53Z", "LastModifiedDate": "2026-03-17T21:15:39.097Z" }, { "VulnerabilityID": "CVE-2026-23239", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23239", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a3004e904341dd25901c46876131a3bc2dce89c7b2e783ab6f9954c6b80d1bc8", "Title": "kernel: Kernel: Race condition in espintcp can lead to denial of service", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nespintcp: Fix race condition in espintcp_close()\n\nThis issue was discovered during a code audit.\n\nAfter cancel_work_sync() is called from espintcp_close(),\nespintcp_tx_work() can still be scheduled from paths such as\nthe Delayed ACK handler or ksoftirqd.\nAs a result, the espintcp_tx_work() worker may dereference a\nfreed espintcp ctx or sk.\n\nThe following is a simple race scenario:\n\n cpu0 cpu1\n\n espintcp_close()\n cancel_work_sync(\u0026ctx-\u003ework);\n espintcp_write_space()\n schedule_work(\u0026ctx-\u003ework);\n\nTo prevent this race condition, cancel_work_sync() is\nreplaced with disable_work_sync().", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23239", "https://git.kernel.org/linus/e1512c1db9e8794d8d130addd2615ec27231d994 (7.0-rc2)", "https://git.kernel.org/stable/c/022ff7f347588de6e17879a1da6019647b21321b", "https://git.kernel.org/stable/c/664e9df53226b4505a0894817ecad2c610ab11d8", "https://git.kernel.org/stable/c/e1512c1db9e8794d8d130addd2615ec27231d994", "https://git.kernel.org/stable/c/f7ad8b1d0e421c524604d5076b73232093490d5c", "https://lore.kernel.org/linux-cve-announce/2026031031-CVE-2026-23239-1fc9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23239", "https://www.cve.org/CVERecord?id=CVE-2026-23239" ], "PublishedDate": "2026-03-10T18:18:13.383Z", "LastModifiedDate": "2026-04-02T15:16:25.183Z" }, { "VulnerabilityID": "CVE-2026-23240", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23240", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f56072fb96a0a3a30a49bfb1cc5a8aa28bca38e240e45fdf532337943c646cda", "Title": "kernel: Linux kernel: Denial of service due to a race condition in the TLS subsystem", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: Fix race condition in tls_sw_cancel_work_tx()\n\nThis issue was discovered during a code audit.\n\nAfter cancel_delayed_work_sync() is called from tls_sk_proto_close(),\ntx_work_handler() can still be scheduled from paths such as the\nDelayed ACK handler or ksoftirqd.\nAs a result, the tx_work_handler() worker may dereference a freed\nTLS object.\n\nThe following is a simple race scenario:\n\n cpu0 cpu1\n\ntls_sk_proto_close()\n tls_sw_cancel_work_tx()\n tls_write_space()\n tls_sw_write_space()\n if (!test_and_set_bit(BIT_TX_SCHEDULED, \u0026tx_ctx-\u003etx_bitmask))\n set_bit(BIT_TX_SCHEDULED, \u0026ctx-\u003etx_bitmask);\n cancel_delayed_work_sync(\u0026ctx-\u003etx_work.work);\n schedule_delayed_work(\u0026tx_ctx-\u003etx_work.work, 0);\n\nTo prevent this race condition, cancel_delayed_work_sync() is\nreplaced with disable_delayed_work_sync().", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23240", "https://git.kernel.org/linus/7bb09315f93dce6acc54bf59e5a95ba7365c2be4 (7.0-rc2)", "https://git.kernel.org/stable/c/17153f154f80be2b47ebf52840f2d8f724eb2f3b", "https://git.kernel.org/stable/c/7bb09315f93dce6acc54bf59e5a95ba7365c2be4", "https://git.kernel.org/stable/c/854cd32bc74fe573353095e90958490e4e4d641b", "https://git.kernel.org/stable/c/a5de36d6cee74a92c1a21b260bc507e64bc451de", "https://lore.kernel.org/linux-cve-announce/2026031034-CVE-2026-23240-2531@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23240", "https://www.cve.org/CVERecord?id=CVE-2026-23240" ], "PublishedDate": "2026-03-10T18:18:13.533Z", "LastModifiedDate": "2026-04-02T15:16:25.907Z" }, { "VulnerabilityID": "CVE-2026-23241", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23241", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:bbb6f89c5d17661a5dad54c8330680e79c0cb1660204b98525a09cd4fbc9b4c1", "Title": "kernel: audit: add missing syscalls to read class", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\naudit: add missing syscalls to read class\n\nThe \"at\" variant of getxattr() and listxattr() are missing from the\naudit read class. Calling getxattrat() or listxattrat() on a file to\nread its extended attributes will bypass audit rules such as:\n\n-w /tmp/test -p rwa -k test_rwa\n\nThe current patch adds missing syscalls to the audit read class.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 5.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23241", "https://git.kernel.org/linus/bcb90a2834c7393c26df9609b889a3097b7700cd (7.0-rc1)", "https://git.kernel.org/stable/c/a2e8c144299c31d3972295ed80d4cb908daf4f6f", "https://git.kernel.org/stable/c/ad37505ce869a8100ff23f24eea117de7a7516bf", "https://git.kernel.org/stable/c/bcb90a2834c7393c26df9609b889a3097b7700cd", "https://lore.kernel.org/linux-cve-announce/2026031710-CVE-2026-23241-86e0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23241", "https://www.bencteux.fr/posts/missing_syscalls_audit/", "https://www.cve.org/CVERecord?id=CVE-2026-23241" ], "PublishedDate": "2026-03-17T10:16:00.127Z", "LastModifiedDate": "2026-03-18T10:16:25.173Z" }, { "VulnerabilityID": "CVE-2026-23242", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23242", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c146aa70d8473d014e0bc3234e5f3541223c524f895d8c01bfd8f806f1c8cc7c", "Title": "kernel: RDMA/siw: Fix potential NULL pointer dereference in header processing", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/siw: Fix potential NULL pointer dereference in header processing\n\nIf siw_get_hdr() returns -EINVAL before set_rx_fpdu_context(),\nqp-\u003erx_fpdu can be NULL. The error path in siw_tcp_rx_data()\ndereferences qp-\u003erx_fpdu-\u003emore_ddp_segs without checking, which\nmay lead to a NULL pointer deref. Only check more_ddp_segs when\nrx_fpdu is present.\n\nKASAN splat:\n[ 101.384271] KASAN: null-ptr-deref in range [0x00000000000000c0-0x00000000000000c7]\n[ 101.385869] RIP: 0010:siw_tcp_rx_data+0x13ad/0x1e50", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23242", "https://git.kernel.org/linus/14ab3da122bd18920ad57428f6cf4fade8385142 (7.0-rc1)", "https://git.kernel.org/stable/c/14ab3da122bd18920ad57428f6cf4fade8385142", "https://git.kernel.org/stable/c/714c99e1dc8f85f446e05be02ba83972e981a817", "https://git.kernel.org/stable/c/8564dcc12fbb372d984ab45768cae9335777b274", "https://git.kernel.org/stable/c/87b7a036d2c73d5bb3ae2d47dee23de465db3355", "https://git.kernel.org/stable/c/ab61841633d10e56a58c1493a262f0d02dba2f5e", "https://git.kernel.org/stable/c/ab957056192d6bd068b3759cb2077d859cca01f0", "https://git.kernel.org/stable/c/ce025f7f5d070596194315eb2e4e89d568b8a755", "https://git.kernel.org/stable/c/ffba40b67663567481fa8a1ed5d2da36897c175d", "https://lore.kernel.org/linux-cve-announce/2026031816-CVE-2026-23242-a8b5@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23242", "https://www.cve.org/CVERecord?id=CVE-2026-23242" ], "PublishedDate": "2026-03-18T11:16:15.887Z", "LastModifiedDate": "2026-04-02T15:16:26.167Z" }, { "VulnerabilityID": "CVE-2026-23243", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23243", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d4b879fd89400d3f46deae0e4961ab5884555da06e1d881db6073c11fd8de354", "Title": "kernel: Linux kernel: Denial of service and memory corruption in RDMA umad", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/umad: Reject negative data_len in ib_umad_write\n\nib_umad_write computes data_len from user-controlled count and the\nMAD header sizes. With a mismatched user MAD header size and RMPP\nheader length, data_len can become negative and reach ib_create_send_mad().\nThis can make the padding calculation exceed the segment size and trigger\nan out-of-bounds memset in alloc_send_rmpp_list().\n\nAdd an explicit check to reject negative data_len before creating the\nsend buffer.\n\nKASAN splat:\n[ 211.363464] BUG: KASAN: slab-out-of-bounds in ib_create_send_mad+0xa01/0x11b0\n[ 211.364077] Write of size 220 at addr ffff88800c3fa1f8 by task spray_thread/102\n[ 211.365867] ib_create_send_mad+0xa01/0x11b0\n[ 211.365887] ib_umad_write+0x853/0x1c80", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H", "V3Score": 7.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23243", "https://git.kernel.org/linus/5551b02fdbfd85a325bb857f3a8f9c9f33397ed2 (7.0-rc1)", "https://git.kernel.org/stable/c/1371ef6b1ecf3676b8942f5dfb3634fb0648128e", "https://git.kernel.org/stable/c/205955f29c26330b1dc7fdeadd5bb97c38e26f56", "https://git.kernel.org/stable/c/362e45fd9069ffa1523f9f1633b606ebf72060d7", "https://git.kernel.org/stable/c/52ab82cc5cf8ada5c3fb6ffe8f32fdb2fc27a34b", "https://git.kernel.org/stable/c/5551b02fdbfd85a325bb857f3a8f9c9f33397ed2", "https://git.kernel.org/stable/c/6eb2919474ca105c5b13d19574e25f0ddcf19ca2", "https://git.kernel.org/stable/c/9c80d688f402539dfc8f336de1380d6b4ee14316", "https://git.kernel.org/stable/c/a6a3e4af10993cb9e4b8f0548680aba0ab5f3b0d", "https://lore.kernel.org/linux-cve-announce/2026031816-CVE-2026-23243-b88e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23243", "https://www.cve.org/CVERecord?id=CVE-2026-23243" ], "PublishedDate": "2026-03-18T11:16:16.09Z", "LastModifiedDate": "2026-04-02T15:16:26.467Z" }, { "VulnerabilityID": "CVE-2026-23245", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23245", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2693da45c2af01222f6aab02fd122a784b417748ee2c573c883548faa4cebc59", "Title": "kernel: net/sched: act_gate: snapshot parameters with RCU on replace", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_gate: snapshot parameters with RCU on replace\n\nThe gate action can be replaced while the hrtimer callback or dump path is\nwalking the schedule list.\n\nConvert the parameters to an RCU-protected snapshot and swap updates under\ntcf_lock, freeing the previous snapshot via call_rcu(). When REPLACE omits\nthe entry list, preserve the existing schedule so the effective state is\nunchanged.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23245", "https://git.kernel.org/linus/62413a9c3cb183afb9bb6e94dd68caf4e4145f4c (7.0-rc3)", "https://git.kernel.org/stable/c/035d0d09d5ab3ed3e93d18cde2b562a6719eea23", "https://git.kernel.org/stable/c/04d75529dc0f9be78786162ebab7424af4644df2", "https://git.kernel.org/stable/c/58b162e318d0243ad2d7d92456c0873f2494c351", "https://git.kernel.org/stable/c/62413a9c3cb183afb9bb6e94dd68caf4e4145f4c", "https://git.kernel.org/stable/c/8b1251bbf0f10ac745ed74bad4d3b433caa1eeae", "https://git.kernel.org/stable/c/dfc314d7c767e350f78a46a8f8b134f80e8ad432", "https://lore.kernel.org/linux-cve-announce/2026031817-CVE-2026-23245-ac26@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23245", "https://www.cve.org/CVERecord?id=CVE-2026-23245" ], "PublishedDate": "2026-03-18T11:16:16.437Z", "LastModifiedDate": "2026-04-02T15:16:26.71Z" }, { "VulnerabilityID": "CVE-2026-23247", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23247", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b438fd1e876678525e4d7e5f575d80c15a341dd914e37216f62ca7035ac759d5", "Title": "kernel: tcp: secure_seq: add back ports to TS offset", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: secure_seq: add back ports to TS offset\n\nThis reverts 28ee1b746f49 (\"secure_seq: downgrade to per-host timestamp offsets\")\n\ntcp_tw_recycle went away in 2017.\n\nZhouyan Deng reported off-path TCP source port leakage via\nSYN cookie side-channel that can be fixed in multiple ways.\n\nOne of them is to bring back TCP ports in TS offset randomization.\n\nAs a bonus, we perform a single siphash() computation\nto provide both an ISN and a TS offset.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23247", "https://git.kernel.org/linus/165573e41f2f66ef98940cf65f838b2cb575d9d1 (7.0-rc3)", "https://git.kernel.org/stable/c/165573e41f2f66ef98940cf65f838b2cb575d9d1", "https://git.kernel.org/stable/c/46e5b0d7cf55821527adea471ffe52a5afbd9caf", "https://git.kernel.org/stable/c/eae2f14ab2efccdb7480fae7d42c4b0116ef8805", "https://lore.kernel.org/linux-cve-announce/2026031818-CVE-2026-23247-07b3@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23247", "https://www.cve.org/CVERecord?id=CVE-2026-23247" ], "PublishedDate": "2026-03-18T11:16:16.723Z", "LastModifiedDate": "2026-03-18T14:52:44.227Z" }, { "VulnerabilityID": "CVE-2026-23248", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23248", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:88cae697990df7b98f8c5e22c91f902138ebe55fb7eff72bead2b3768856c2a2", "Title": "kernel: perf/core: Fix refcount bug and potential UAF in perf_mmap", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Fix refcount bug and potential UAF in perf_mmap\n\nSyzkaller reported a refcount_t: addition on 0; use-after-free warning\nin perf_mmap.\n\nThe issue is caused by a race condition between a failing mmap() setup\nand a concurrent mmap() on a dependent event (e.g., using output\nredirection).\n\nIn perf_mmap(), the ring_buffer (rb) is allocated and assigned to\nevent-\u003erb with the mmap_mutex held. The mutex is then released to\nperform map_range().\n\nIf map_range() fails, perf_mmap_close() is called to clean up.\nHowever, since the mutex was dropped, another thread attaching to\nthis event (via inherited events or output redirection) can acquire\nthe mutex, observe the valid event-\u003erb pointer, and attempt to\nincrement its reference count. If the cleanup path has already\ndropped the reference count to zero, this results in a\nuse-after-free or refcount saturation warning.\n\nFix this by extending the scope of mmap_mutex to cover the\nmap_range() call. This ensures that the ring buffer initialization\nand mapping (or cleanup on failure) happens atomically effectively,\npreventing other threads from accessing a half-initialized or\ndying ring buffer.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23248", "https://git.kernel.org/linus/77de62ad3de3967818c3dbe656b7336ebee461d2 (7.0-rc2)", "https://git.kernel.org/stable/c/77de62ad3de3967818c3dbe656b7336ebee461d2", "https://git.kernel.org/stable/c/ac7ecb65af170a7fc193e7bd8be15dac84ec6a56", "https://git.kernel.org/stable/c/c27dea9f50ed525facb62ef647dddc4722456e07", "https://lore.kernel.org/linux-cve-announce/2026031818-CVE-2026-23248-d0e1@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23248", "https://www.cve.org/CVERecord?id=CVE-2026-23248" ], "PublishedDate": "2026-03-18T11:16:16.863Z", "LastModifiedDate": "2026-04-02T15:16:27.123Z" }, { "VulnerabilityID": "CVE-2026-23253", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23253", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:01421be50ea647e170d36fb7330fd987aa4e2bd95cd7ddf2e889c9c790db5e33", "Title": "kernel: Kernel: Denial of Service via DVB DVR ringbuffer reinitialization flaw", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-core: fix wrong reinitialization of ringbuffer on reopen\n\ndvb_dvr_open() calls dvb_ringbuffer_init() when a new reader opens the\nDVR device. dvb_ringbuffer_init() calls init_waitqueue_head(), which\nreinitializes the waitqueue list head to empty.\n\nSince dmxdev-\u003edvr_buffer.queue is a shared waitqueue (all opens of the\nsame DVR device share it), this orphans any existing waitqueue entries\nfrom io_uring poll or epoll, leaving them with stale prev/next pointers\nwhile the list head is reset to {self, self}.\n\nThe waitqueue and spinlock in dvr_buffer are already properly\ninitialized once in dvb_dmxdev_init(). The open path only needs to\nreset the buffer data pointer, size, and read/write positions.\n\nReplace the dvb_ringbuffer_init() call in dvb_dvr_open() with direct\nassignment of data/size and a call to dvb_ringbuffer_reset(), which\nproperly resets pread, pwrite, and error with correct memory ordering\nwithout touching the waitqueue or spinlock.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "V3Score": 6.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23253", "https://git.kernel.org/linus/bfbc0b5b32a8f28ce284add619bf226716a59bc0 (7.0-rc2)", "https://git.kernel.org/stable/c/32eb8e4adc207ef31bc6e5ae56bab940b0176066", "https://git.kernel.org/stable/c/af050ab44fa1b1897a940d7d756e512232f5e5df", "https://git.kernel.org/stable/c/bfbc0b5b32a8f28ce284add619bf226716a59bc0", "https://git.kernel.org/stable/c/cfd94642025e6f71c8f754bdec0800ee95e4f3dd", "https://git.kernel.org/stable/c/d71781bad59b1c9d60d7068004581f9bf19c0c9d", "https://git.kernel.org/stable/c/f1e520ca2e83ece6731af6167c9e5e16931ecba0", "https://lore.kernel.org/linux-cve-announce/2026031846-CVE-2026-23253-b1c6@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23253", "https://www.cve.org/CVERecord?id=CVE-2026-23253" ], "PublishedDate": "2026-03-18T18:16:23.383Z", "LastModifiedDate": "2026-04-02T15:16:27.31Z" }, { "VulnerabilityID": "CVE-2026-23255", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23255", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:129c60372c8f590f6eb2caa50b739410ca5af007ca469cd9b3f1569f7ea05e32", "Title": "kernel: net: add proper RCU protection to /proc/net/ptype", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: add proper RCU protection to /proc/net/ptype\n\nYin Fengwei reported an RCU stall in ptype_seq_show() and provided\na patch.\n\nReal issue is that ptype_seq_next() and ptype_seq_show() violate\nRCU rules.\n\nptype_seq_show() runs under rcu_read_lock(), and reads pt-\u003edev\nto get device name without any barrier.\n\nAt the same time, concurrent writers can remove a packet_type structure\n(which is correctly freed after an RCU grace period) and clear pt-\u003edev\nwithout an RCU grace period.\n\nDefine ptype_iter_state to carry a dev pointer along seq_net_private:\n\nstruct ptype_iter_state {\n\tstruct seq_net_private\tp;\n\tstruct net_device\t*dev; // added in this patch\n};\n\nWe need to record the device pointer in ptype_get_idx() and\nptype_seq_next() so that ptype_seq_show() is safe against\nconcurrent pt-\u003edev changes.\n\nWe also need to add full RCU protection in ptype_seq_next().\n(Missing READ_ONCE() when reading list.next values)\n\nMany thanks to Dong Chenchen for providing a repro.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23255", "https://git.kernel.org/linus/f613e8b4afea0cd17c7168e8b00e25bc8d33175d (6.19)", "https://git.kernel.org/stable/c/589a530ae44d0c80f523fcfd1a15af8087f27d35", "https://git.kernel.org/stable/c/dcefd3f0b9ed8288654c75254bdcee8e1085e861", "https://git.kernel.org/stable/c/f613e8b4afea0cd17c7168e8b00e25bc8d33175d", "https://lore.kernel.org/linux-cve-announce/2026031817-CVE-2026-23255-fc51@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23255", "https://www.cve.org/CVERecord?id=CVE-2026-23255" ], "PublishedDate": "2026-03-18T18:16:23.687Z", "LastModifiedDate": "2026-04-02T12:16:19.657Z" }, { "VulnerabilityID": "CVE-2026-23256", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23256", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d0f896f89ff5ef739ae5d7bfb1eba18cc91bada9bfb9b68e147d7b3c21922fff", "Title": "kernel: net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup\n\nIn setup_nic_devices(), the initialization loop jumps to the label\nsetup_nic_dev_free on failure. The current cleanup loop while(i--)\nskip the failing index i, causing a memory leak.\n\nFix this by changing the loop to iterate from the current index i\ndown to 0.\n\nCompile tested only. Issue found using code review.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23256", "https://git.kernel.org/linus/6cbba46934aefdfb5d171e0a95aec06c24f7ca30 (6.19)", "https://git.kernel.org/stable/c/01fbca1e93ec3f39f76c31a8f9afa32ce00da48a", "https://git.kernel.org/stable/c/3bf519e39b51cb08a93c0599870b35a23db1031e", "https://git.kernel.org/stable/c/4640fa5ad5e1a0dbd1c2d22323b7d70a8107dcfd", "https://git.kernel.org/stable/c/52b19b3a22306fe452ec9e8ff96063f4bfb77b99", "https://git.kernel.org/stable/c/6cbba46934aefdfb5d171e0a95aec06c24f7ca30", "https://git.kernel.org/stable/c/71a56b89203ec7e5670d94a61a9b4ae617eca804", "https://git.kernel.org/stable/c/bd680e56e316be92c01568be98d85d7a6c9bd92c", "https://lore.kernel.org/linux-cve-announce/2026031818-CVE-2026-23256-b93b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23256", "https://www.cve.org/CVERecord?id=CVE-2026-23256" ], "PublishedDate": "2026-03-18T18:16:23.817Z", "LastModifiedDate": "2026-03-19T13:25:00.57Z" }, { "VulnerabilityID": "CVE-2026-23257", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23257", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8a7b11066bd8c16b6119e105c05a16cb6d62864ae84eec7e751637779acb3c00", "Title": "kernel: net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup\n\nIn setup_nic_devices(), the initialization loop jumps to the label\nsetup_nic_dev_free on failure. The current cleanup loop while(i--)\nskip the failing index i, causing a memory leak.\n\nFix this by changing the loop to iterate from the current index i\ndown to 0.\n\nAlso, decrement i in the devlink_alloc failure path to point to the\nlast successfully allocated index.\n\nCompile tested only. Issue found using code review.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23257", "https://git.kernel.org/linus/8558aef4e8a1a83049ab906d21d391093cfa7e7f (6.19)", "https://git.kernel.org/stable/c/293eaad0d6d6b2a37a458c7deb7be345349cd963", "https://git.kernel.org/stable/c/8558aef4e8a1a83049ab906d21d391093cfa7e7f", "https://git.kernel.org/stable/c/a0d2389c8cdc1f05de5eb8663bffe9ed05dca769", "https://git.kernel.org/stable/c/af38d9a5cb49fe9d0d282b44f17fdc1f3270d99d", "https://git.kernel.org/stable/c/d86c58eb005eb99da402452f3db7a6e0eae32815", "https://git.kernel.org/stable/c/f1216b80c9040a904d2ad7c8cd24ca0ff1f36932", "https://git.kernel.org/stable/c/f86bd16280a0f88b538394e0565c56ce4756da99", "https://lore.kernel.org/linux-cve-announce/2026031818-CVE-2026-23257-bd18@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23257", "https://www.cve.org/CVERecord?id=CVE-2026-23257" ], "PublishedDate": "2026-03-18T18:16:23.997Z", "LastModifiedDate": "2026-03-19T13:25:00.57Z" }, { "VulnerabilityID": "CVE-2026-23258", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23258", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:04420c5a48531ed75cda4d021f30986247e000846e9fec259c4f00fbb8350c3e", "Title": "kernel: net: liquidio: Initialize netdev pointer before queue setup", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: liquidio: Initialize netdev pointer before queue setup\n\nIn setup_nic_devices(), the netdev is allocated using alloc_etherdev_mq().\nHowever, the pointer to this structure is stored in oct-\u003eprops[i].netdev\nonly after the calls to netif_set_real_num_rx_queues() and\nnetif_set_real_num_tx_queues().\n\nIf either of these functions fails, setup_nic_devices() returns an error\nwithout freeing the allocated netdev. Since oct-\u003eprops[i].netdev is still\nNULL at this point, the cleanup function liquidio_destroy_nic_device()\nwill fail to find and free the netdev, resulting in a memory leak.\n\nFix this by initializing oct-\u003eprops[i].netdev before calling the queue\nsetup functions. This ensures that the netdev is properly accessible for\ncleanup in case of errors.\n\nCompile tested only. Issue found using a prototype static analysis tool\nand code review.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23258", "https://git.kernel.org/linus/926ede0c85e1e57c97d64d9612455267d597bb2c (6.19)", "https://git.kernel.org/stable/c/1d4590fde856cb94bd9a46e795c29d8288c238fc", "https://git.kernel.org/stable/c/926ede0c85e1e57c97d64d9612455267d597bb2c", "https://git.kernel.org/stable/c/a0e57c0b68c9e6f9a8fd7c1167861a5a730eb2f4", "https://git.kernel.org/stable/c/be109646cdaecab262f6276303b1763468c94378", "https://git.kernel.org/stable/c/c0ed6c77ec34050971fd0df2a94dfdea66d09331", "https://git.kernel.org/stable/c/c81a8515fb8c8fb5d0dbc21f48337494bf1d60df", "https://git.kernel.org/stable/c/d028147ae06407cb355245db1774793600670169", "https://lore.kernel.org/linux-cve-announce/2026031818-CVE-2026-23258-d181@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23258", "https://www.cve.org/CVERecord?id=CVE-2026-23258" ], "PublishedDate": "2026-03-18T18:16:24.167Z", "LastModifiedDate": "2026-03-19T13:25:00.57Z" }, { "VulnerabilityID": "CVE-2026-23259", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23259", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:daa30fe9b3f4aa4c1a8330056fb268013193af60854642f2ebbfe918748a577e", "Title": "kernel: io_uring/rw: free potentially allocated iovec on cache put failure", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/rw: free potentially allocated iovec on cache put failure\n\nIf a read/write request goes through io_req_rw_cleanup() and has an\nallocated iovec attached and fails to put to the rw_cache, then it may\nend up with an unaccounted iovec pointer. Have io_rw_recycle() return\nwhether it recycled the request or not, and use that to gauge whether to\nfree a potential iovec or not.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23259", "https://git.kernel.org/linus/4b9748055457ac3a0710bf210c229d01ea1b01b9 (6.19-rc7)", "https://git.kernel.org/stable/c/1d5f2329ab4df65c2ee011b986d8a6e05ad0f67c", "https://git.kernel.org/stable/c/4b9748055457ac3a0710bf210c229d01ea1b01b9", "https://lore.kernel.org/linux-cve-announce/2026031819-CVE-2026-23259-5bd7@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23259", "https://www.cve.org/CVERecord?id=CVE-2026-23259" ], "PublishedDate": "2026-03-18T18:16:24.353Z", "LastModifiedDate": "2026-03-19T13:25:00.57Z" }, { "VulnerabilityID": "CVE-2026-23260", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23260", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:de99bb76cb40f85b506fa097f6691d118e4791b99515166779c471e04d33a357", "Title": "kernel: regmap: maple: free entry on mas_store_gfp() failure", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nregmap: maple: free entry on mas_store_gfp() failure\n\nregcache_maple_write() allocates a new block ('entry') to merge\nadjacent ranges and then stores it with mas_store_gfp().\nWhen mas_store_gfp() fails, the new 'entry' remains allocated and\nis never freed, leaking memory.\n\nFree 'entry' on the failure path; on success continue freeing the\nreplaced neighbor blocks ('lower', 'upper').", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23260", "https://git.kernel.org/linus/f3f380ce6b3d5c9805c7e0b3d5bc28d9ec41e2e8 (6.19-rc7)", "https://git.kernel.org/stable/c/811b45e2d795d955bb7fd9c816b40036f4fde350", "https://git.kernel.org/stable/c/d61171cf097156030142643942c217759a9cc806", "https://git.kernel.org/stable/c/f08f2d2907675926ac5657b25f86d921f269602a", "https://git.kernel.org/stable/c/f3f380ce6b3d5c9805c7e0b3d5bc28d9ec41e2e8", "https://lore.kernel.org/linux-cve-announce/2026031819-CVE-2026-23260-6464@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23260", "https://www.cve.org/CVERecord?id=CVE-2026-23260" ], "PublishedDate": "2026-03-18T18:16:24.477Z", "LastModifiedDate": "2026-03-19T13:25:00.57Z" }, { "VulnerabilityID": "CVE-2026-23261", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23261", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ff0234af29619cc6c6bde5b4d094527061d62fe8561d116e0efee348449d6793", "Title": "kernel: nvme-fc: release admin tagset if init fails", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-fc: release admin tagset if init fails\n\nnvme_fabrics creates an NVMe/FC controller in following path:\n\n nvmf_dev_write()\n -\u003e nvmf_create_ctrl()\n -\u003e nvme_fc_create_ctrl()\n -\u003e nvme_fc_init_ctrl()\n\nnvme_fc_init_ctrl() allocates the admin blk-mq resources right after\nnvme_add_ctrl() succeeds. If any of the subsequent steps fail (changing\nthe controller state, scheduling connect work, etc.), we jump to the\nfail_ctrl path, which tears down the controller references but never\nfrees the admin queue/tag set. The leaked blk-mq allocations match the\nkmemleak report seen during blktests nvme/fc.\n\nCheck ctrl-\u003ectrl.admin_tagset in the fail_ctrl path and call\nnvme_remove_admin_tag_set() when it is set so that all admin queue\nallocations are reclaimed whenever controller setup aborts.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23261", "https://git.kernel.org/linus/d1877cc7270302081a315a81a0ee8331f19f95c8 (6.19-rc6)", "https://git.kernel.org/stable/c/7c54d3f5ebbc5982daaa004260242dc07ac943ea", "https://git.kernel.org/stable/c/b134dead095bc5a58fa2b98b90ae93428cb4b328", "https://git.kernel.org/stable/c/d1877cc7270302081a315a81a0ee8331f19f95c8", "https://git.kernel.org/stable/c/e810b290922c535feb34bc90ab549446fe94d2a3", "https://git.kernel.org/stable/c/fa301aef50e3f3b5be6ee53457608beae5aa7a01", "https://lore.kernel.org/linux-cve-announce/2026031819-CVE-2026-23261-f757@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23261", "https://www.cve.org/CVERecord?id=CVE-2026-23261" ], "PublishedDate": "2026-03-18T18:16:24.623Z", "LastModifiedDate": "2026-03-19T17:16:22.743Z" }, { "VulnerabilityID": "CVE-2026-23262", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23262", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ee08520ce917580041860babe9050a1134b2f5e711d85ba37a1860b8524ac73c", "Title": "kernel: gve: Fix stats report corruption on queue count change", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ngve: Fix stats report corruption on queue count change\n\nThe driver and the NIC share a region in memory for stats reporting.\nThe NIC calculates its offset into this region based on the total size\nof the stats region and the size of the NIC's stats.\n\nWhen the number of queues is changed, the driver's stats region is\nresized. If the queue count is increased, the NIC can write past\nthe end of the allocated stats region, causing memory corruption.\nIf the queue count is decreased, there is a gap between the driver\nand NIC stats, leading to incorrect stats reporting.\n\nThis change fixes the issue by allocating stats region with maximum\nsize, and the offset calculation for NIC stats is changed to match\nwith the calculation of the NIC.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23262", "https://git.kernel.org/linus/7b9ebcce0296e104a0d82a6b09d68564806158ff (6.19)", "https://git.kernel.org/stable/c/11f8311f69e4c361717371b4901ff92daeb76e9c", "https://git.kernel.org/stable/c/7b9ebcce0296e104a0d82a6b09d68564806158ff", "https://git.kernel.org/stable/c/837c662f47dac43efa1aef2dd433c6b4b4c073af", "https://git.kernel.org/stable/c/9d93332397405b62a3300b22d04ac65d990b91ff", "https://git.kernel.org/stable/c/9fa0a755db3e1945fe00f73fe27d85ef6c8818b7", "https://git.kernel.org/stable/c/df54838ab61826ecc1a562ffa5e280c3ab7289a7", "https://git.kernel.org/stable/c/f432f7613c220db32c2c6942420daf7b3f2e7d7e", "https://lore.kernel.org/linux-cve-announce/2026031820-CVE-2026-23262-a421@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23262", "https://www.cve.org/CVERecord?id=CVE-2026-23262" ], "PublishedDate": "2026-03-18T18:16:24.77Z", "LastModifiedDate": "2026-03-19T13:25:00.57Z" }, { "VulnerabilityID": "CVE-2026-23264", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23264", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:cb99104be11c231c98baa19fabb3bb7d553bc3163615d677b4cdd00152957cac", "Title": "kernel: Revert \"drm/amd: Check if ASPM is enabled from PCIe subsystem\"", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"drm/amd: Check if ASPM is enabled from PCIe subsystem\"\n\nThis reverts commit 7294863a6f01248d72b61d38478978d638641bee.\n\nThis commit was erroneously applied again after commit 0ab5d711ec74\n(\"drm/amd: Refactor `amdgpu_aspm` to be evaluated per device\")\nremoved it, leading to very hard to debug crashes, when used with a system with two\nAMD GPUs of which only one supports ASPM.\n\n(cherry picked from commit 97a9689300eb2b393ba5efc17c8e5db835917080)", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23264", "https://git.kernel.org/linus/243b467dea1735fed904c2e54d248a46fa417a2d (6.19)", "https://git.kernel.org/stable/c/243b467dea1735fed904c2e54d248a46fa417a2d", "https://git.kernel.org/stable/c/5b794951541e84d2968980a68dd1ac38420f75f3", "https://git.kernel.org/stable/c/5f645222eb30c91135119e12eccfd1b8ea88140e", "https://git.kernel.org/stable/c/d2bddc2da2b3ba5d738877c476bf97932dba32e8", "https://git.kernel.org/stable/c/f02c9052aaa031ef3c2285d86a155d4263180ddd", "https://lore.kernel.org/linux-cve-announce/2026031820-CVE-2026-23264-fe5b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23264", "https://www.cve.org/CVERecord?id=CVE-2026-23264" ], "PublishedDate": "2026-03-18T18:16:25.073Z", "LastModifiedDate": "2026-03-19T13:25:00.57Z" }, { "VulnerabilityID": "CVE-2026-23265", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23265", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d6731b6af2f536d34f3d41770a8fbf0018d3e1bae3d71343fbe6bef1bbef4dcc", "Title": "kernel: f2fs: fix to do sanity check on node footer in {read,write}_end_io", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on node footer in {read,write}_end_io\n\n-----------[ cut here ]------------\nkernel BUG at fs/f2fs/data.c:358!\nCall Trace:\n \u003cIRQ\u003e\n blk_update_request+0x5eb/0xe70 block/blk-mq.c:987\n blk_mq_end_request+0x3e/0x70 block/blk-mq.c:1149\n blk_complete_reqs block/blk-mq.c:1224 [inline]\n blk_done_softirq+0x107/0x160 block/blk-mq.c:1229\n handle_softirqs+0x283/0x870 kernel/softirq.c:579\n __do_softirq kernel/softirq.c:613 [inline]\n invoke_softirq kernel/softirq.c:453 [inline]\n __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:696\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]\n sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1050\n \u003c/IRQ\u003e\n\nIn f2fs_write_end_io(), it detects there is inconsistency in between\nnode page index (nid) and footer.nid of node page.\n\nIf footer of node page is corrupted in fuzzed image, then we load corrupted\nnode page w/ async method, e.g. f2fs_ra_node_pages() or f2fs_ra_node_page(),\nin where we won't do sanity check on node footer, once node page becomes\ndirty, we will encounter this bug after node page writeback.", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23265", "https://git.kernel.org/linus/50ac3ecd8e05b6bcc350c71a4307d40c030ec7e4 (7.0-rc1)", "https://git.kernel.org/stable/c/50ac3ecd8e05b6bcc350c71a4307d40c030ec7e4", "https://git.kernel.org/stable/c/855c54f1803e3ebc613677b4f389c7f92656a1fc", "https://git.kernel.org/stable/c/c386753db52b3a80afa6612bfdcb925aa5ca260f", "https://lore.kernel.org/linux-cve-announce/2026031853-CVE-2026-23265-6d01@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23265", "https://www.cve.org/CVERecord?id=CVE-2026-23265" ], "PublishedDate": "2026-03-18T18:16:25.233Z", "LastModifiedDate": "2026-03-19T13:25:00.57Z" }, { "VulnerabilityID": "CVE-2026-23266", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23266", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9a0c06e19a816924748b63231378884b0eba89a257eb21bc5ad64fa9e40c8e46", "Title": "kernel: fbdev: rivafb: fix divide error in nv3_arb()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: rivafb: fix divide error in nv3_arb()\n\nA userspace program can trigger the RIVA NV3 arbitration code by calling\nthe FBIOPUT_VSCREENINFO ioctl on /dev/fb*. When doing so, the driver\nrecomputes FIFO arbitration parameters in nv3_arb(), using state-\u003emclk_khz\n(derived from the PRAMDAC MCLK PLL) as a divisor without validating it\nfirst.\n\nIn a normal setup, state-\u003emclk_khz is provided by the real hardware and is\nnon-zero. However, an attacker can construct a malicious or misconfigured\ndevice (e.g. a crafted/emulated PCI device) that exposes a bogus PLL\nconfiguration, causing state-\u003emclk_khz to become zero. Once\nnv3_get_param() calls nv3_arb(), the division by state-\u003emclk_khz in the gns\ncalculation causes a divide error and crashes the kernel.\n\nFix this by checking whether state-\u003emclk_khz is zero and bailing out before\ndoing the division.\n\nThe following log reveals it:\n\nrivafb: setting virtual Y resolution to 2184\ndivide error: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 0 PID: 2187 Comm: syz-executor.0 Not tainted 5.18.0-rc1+ #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014\nRIP: 0010:nv3_arb drivers/video/fbdev/riva/riva_hw.c:439 [inline]\nRIP: 0010:nv3_get_param+0x3ab/0x13b0 drivers/video/fbdev/riva/riva_hw.c:546\nCall Trace:\n nv3CalcArbitration.constprop.0+0x255/0x460 drivers/video/fbdev/riva/riva_hw.c:603\n nv3UpdateArbitrationSettings drivers/video/fbdev/riva/riva_hw.c:637 [inline]\n CalcStateExt+0x447/0x1b90 drivers/video/fbdev/riva/riva_hw.c:1246\n riva_load_video_mode+0x8a9/0xea0 drivers/video/fbdev/riva/fbdev.c:779\n rivafb_set_par+0xc0/0x5f0 drivers/video/fbdev/riva/fbdev.c:1196\n fb_set_var+0x604/0xeb0 drivers/video/fbdev/core/fbmem.c:1033\n do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1109\n fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1188\n __x64_sys_ioctl+0x122/0x190 fs/ioctl.c:856", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23266", "https://git.kernel.org/linus/0209e21e3c372fa2da04c39214bec0b64e4eb5f4 (7.0-rc1)", "https://git.kernel.org/stable/c/0209e21e3c372fa2da04c39214bec0b64e4eb5f4", "https://git.kernel.org/stable/c/3e4cbd1d46c246dfa684c8e9d8c20ae0b960c50a", "https://git.kernel.org/stable/c/526460a96c5443e2fc0fd231edd1f9c49d2de26b", "https://git.kernel.org/stable/c/52916878db2b8e3769743a94484729f0844352df", "https://git.kernel.org/stable/c/73f0391e92d404da68f7484e57c106c5e673dc7e", "https://git.kernel.org/stable/c/78daf5984d96edec3b920c72a93bd6821b8710b7", "https://git.kernel.org/stable/c/9efa0dc46270a8723c158c64afbcf1dead72b28c", "https://git.kernel.org/stable/c/ec5a58f4fd581875593ea92a65485e1906a53c0f", "https://lore.kernel.org/linux-cve-announce/2026031853-CVE-2026-23266-b57b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23266", "https://www.cve.org/CVERecord?id=CVE-2026-23266" ], "PublishedDate": "2026-03-18T18:16:25.37Z", "LastModifiedDate": "2026-03-19T13:25:00.57Z" }, { "VulnerabilityID": "CVE-2026-23267", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23267", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:eadf21fb0de8030394ca136aafa074d5ea77b881917d000cdd3efb26af93d764", "Title": "kernel: f2fs: fix IS_CHECKPOINTED flag inconsistency issue caused by concurrent atomic commit and checkpoint writes", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix IS_CHECKPOINTED flag inconsistency issue caused by concurrent atomic commit and checkpoint writes\n\nDuring SPO tests, when mounting F2FS, an -EINVAL error was returned from\nf2fs_recover_inode_page. The issue occurred under the following scenario\n\nThread A Thread B\nf2fs_ioc_commit_atomic_write\n - f2fs_do_sync_file // atomic = true\n - f2fs_fsync_node_pages\n : last_folio = inode folio\n : schedule before folio_lock(last_folio) f2fs_write_checkpoint\n - block_operations// writeback last_folio\n - schedule before f2fs_flush_nat_entries\n : set_fsync_mark(last_folio, 1)\n : set_dentry_mark(last_folio, 1)\n : folio_mark_dirty(last_folio)\n - __write_node_folio(last_folio)\n : f2fs_down_read(\u0026sbi-\u003enode_write)//block\n - f2fs_flush_nat_entries\n : {struct nat_entry}-\u003eflag |= BIT(IS_CHECKPOINTED)\n - unblock_operations\n : f2fs_up_write(\u0026sbi-\u003enode_write)\n f2fs_write_checkpoint//return\n : f2fs_do_write_node_page()\nf2fs_ioc_commit_atomic_write//return\n SPO\n\nThread A calls f2fs_need_dentry_mark(sbi, ino), and the last_folio has\nalready been written once. However, the {struct nat_entry}-\u003eflag did not\nhave the IS_CHECKPOINTED set, causing set_dentry_mark(last_folio, 1) and\nwrite last_folio again after Thread B finishes f2fs_write_checkpoint.\n\nAfter SPO and reboot, it was detected that {struct node_info}-\u003eblk_addr\nwas not NULL_ADDR because Thread B successfully write the checkpoint.\n\nThis issue only occurs in atomic write scenarios. For regular file\nfsync operations, the folio must be dirty. If\nblock_operations-\u003ef2fs_sync_node_pages successfully submit the folio\nwrite, this path will not be executed. Otherwise, the\nf2fs_write_checkpoint will need to wait for the folio write submission\nto complete, as sbi-\u003enr_pages[F2FS_DIRTY_NODES] \u003e 0. Therefore, the\nsituation where f2fs_need_dentry_mark checks that the {struct\nnat_entry}-\u003eflag /wo the IS_CHECKPOINTED flag, but the folio write has\nalready been submitted, will not occur.\n\nTherefore, for atomic file fsync, sbi-\u003enode_write should be acquired\nthrough __write_node_folio to ensure that the IS_CHECKPOINTED flag\ncorrectly indicates that the checkpoint write has been completed.", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23267", "https://git.kernel.org/linus/7633a7387eb4d0259d6bea945e1d3469cd135bbc (7.0-rc1)", "https://git.kernel.org/stable/c/32bc3c9fe18881d50dd51fd5f26d19fe1190dc0d", "https://git.kernel.org/stable/c/75e19da068adf0dc5dd269dd157392434b9117d4", "https://git.kernel.org/stable/c/7633a7387eb4d0259d6bea945e1d3469cd135bbc", "https://git.kernel.org/stable/c/962c167b0f262b9962207fbeaa531721d55ea00e", "https://git.kernel.org/stable/c/bd66b4c487d5091d2a65d6089e0de36f0c26a4c7", "https://git.kernel.org/stable/c/ed81bc5885460905f9160e7b463e5708fd056324", "https://lore.kernel.org/linux-cve-announce/2026031811-CVE-2026-23267-ff55@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23267", "https://www.cve.org/CVERecord?id=CVE-2026-23267" ], "PublishedDate": "2026-03-18T18:16:25.573Z", "LastModifiedDate": "2026-03-19T13:25:00.57Z" }, { "VulnerabilityID": "CVE-2026-23269", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23269", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:12ca4ae0ed4831ba6551547d8c960f8b0448461cb5a97d1c83ae297954995549", "Title": "kernel: apparmor: validate DFA start states are in bounds in unpack_pdb", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: validate DFA start states are in bounds in unpack_pdb\n\nStart states are read from untrusted data and used as indexes into the\nDFA state tables. The aa_dfa_next() function call in unpack_pdb() will\naccess dfa-\u003etables[YYTD_ID_BASE][start], and if the start state exceeds\nthe number of states in the DFA, this results in an out-of-bound read.\n\n==================================================================\n BUG: KASAN: slab-out-of-bounds in aa_dfa_next+0x2a1/0x360\n Read of size 4 at addr ffff88811956fb90 by task su/1097\n ...\n\nReject policies with out-of-bounds start states during unpacking\nto prevent the issue.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23269", "https://cdn2.qualys.com/advisory/2026/03/10/crack-armor.txt", "https://git.kernel.org/stable/c/07cf6320f40ea2ccfad63728cff34ecb309d03da", "https://git.kernel.org/stable/c/0baadb0eece2c4d939db10d3c323b4652ac79a58", "https://git.kernel.org/stable/c/15c3eb8916e7db01cb246d04a1fe6f0fdc065b0c", "https://git.kernel.org/stable/c/3bb7db43e32190c973d4019037cedb7895920184", "https://git.kernel.org/stable/c/9063d7e2615f4a7ab321de6b520e23d370e58816", "https://lore.kernel.org/linux-cve-announce/2026031846-CVE-2026-23269-2bf7@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23269", "https://ubuntu.com/blog/apparmor-vulnerability-fixes-available", "https://ubuntu.com/security/notices/USN-8141-1", "https://ubuntu.com/security/vulnerabilities/crackarmor", "https://www.cve.org/CVERecord?id=CVE-2026-23269", "https://www.qualys.com/2026/03/10/crack-armor.txt" ], "PublishedDate": "2026-03-18T18:16:25.907Z", "LastModifiedDate": "2026-04-02T15:16:27.75Z" }, { "VulnerabilityID": "CVE-2026-23270", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23270", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a73cc8ff508f22f459a4e3132bbc13500cee06571e9ac5f8f2de93f495d622f5", "Title": "kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks\n\nAs Paolo said earlier [1]:\n\n\"Since the blamed commit below, classify can return TC_ACT_CONSUMED while\nthe current skb being held by the defragmentation engine. As reported by\nGangMin Kim, if such packet is that may cause a UaF when the defrag engine\nlater on tries to tuch again such packet.\"\n\nact_ct was never meant to be used in the egress path, however some users\nare attaching it to egress today [2]. Attempting to reach a middle\nground, we noticed that, while most qdiscs are not handling\nTC_ACT_CONSUMED, clsact/ingress qdiscs are. With that in mind, we\naddress the issue by only allowing act_ct to bind to clsact/ingress\nqdiscs and shared blocks. That way it's still possible to attach act_ct to\negress (albeit only with clsact).\n\n[1] https://lore.kernel.org/netdev/674b8cbfc385c6f37fb29a1de08d8fe5c2b0fbee.1771321118.git.pabeni@redhat.com/\n[2] https://lore.kernel.org/netdev/cc6bfb4a-4a2b-42d8-b9ce-7ef6644fb22b@ovn.org/", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23270", "https://git.kernel.org/linus/11cb63b0d1a0685e0831ae3c77223e002ef18189 (7.0-rc3)", "https://git.kernel.org/stable/c/11cb63b0d1a0685e0831ae3c77223e002ef18189", "https://git.kernel.org/stable/c/380ad8b7c65ea7aa10ef2258297079ed5ac1f5b6", "https://git.kernel.org/stable/c/524ce8b4ea8f64900b6c52b6a28df74f6bc0801e", "https://git.kernel.org/stable/c/5a110ddcc99bda77a28598b3555fe009eaab3828", "https://git.kernel.org/stable/c/9deda0fcda5c1f388c5e279541850b71a2ccfcf4", "https://git.kernel.org/stable/c/fb3c380a54e33d1fd272cc342faa906d787d7ef1", "https://lore.kernel.org/linux-cve-announce/2026031847-CVE-2026-23270-cb9a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23270", "https://www.cve.org/CVERecord?id=CVE-2026-23270" ], "PublishedDate": "2026-03-18T18:16:26.053Z", "LastModifiedDate": "2026-04-02T15:16:27.953Z" }, { "VulnerabilityID": "CVE-2026-23271", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23271", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a5e7fb099f5d5110909f93ceeb729fe759761cb71ec73e1f9f9578a79b8321a5", "Title": "kernel: perf: Fix __perf_event_overflow() vs perf_remove_from_context() race", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix __perf_event_overflow() vs perf_remove_from_context() race\n\nMake sure that __perf_event_overflow() runs with IRQs disabled for all\npossible callchains. Specifically the software events can end up running\nit with only preemption disabled.\n\nThis opens up a race vs perf_event_exit_event() and friends that will go\nand free various things the overflow path expects to be present, like\nthe BPF program.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23271", "https://git.kernel.org/stable/c/3f89b61dd504c5b6711de9759e053b082f9abf12", "https://git.kernel.org/stable/c/4df1a45819e50993cb351682a6ae8e7ed2d233a0", "https://git.kernel.org/stable/c/4f8d5812337871227bb2c98669a87c306a2f86ef", "https://git.kernel.org/stable/c/5c48fdc4b4623533d86e279f51531a7ba212eb87", "https://git.kernel.org/stable/c/bb190628fe5f2a73ba762a9972ba16c5e895f73e", "https://git.kernel.org/stable/c/c9bc1753b3cc41d0e01fbca7f035258b5f4db0ae", "https://lore.kernel.org/linux-cve-announce/2026032031-CVE-2026-23271-657a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23271", "https://www.cve.org/CVERecord?id=CVE-2026-23271" ], "PublishedDate": "2026-03-20T09:16:11.773Z", "LastModifiedDate": "2026-04-02T15:16:28.19Z" }, { "VulnerabilityID": "CVE-2026-23272", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23272", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a75dc72ed95906456ba842d261cd30dcc1b04ed0f50cddfd22d14ddd9c0986ee", "Title": "kernel: netfilter: nf_tables: unconditionally bump set-\u003enelems before insertion", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: unconditionally bump set-\u003enelems before insertion\n\nIn case that the set is full, a new element gets published then removed\nwithout waiting for the RCU grace period, while RCU reader can be\nwalking over it already.\n\nTo address this issue, add the element transaction even if set is full,\nbut toggle the set_full flag to report -ENFILE so the abort path safely\nunwinds the set to its previous state.\n\nAs for element updates, decrement set-\u003enelems to restore it.\n\nA simpler fix is to call synchronize_rcu() in the error path.\nHowever, with a large batch adding elements to already maxed-out set,\nthis could cause noticeable slowdown of such batches.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23272", "https://git.kernel.org/stable/c/6826131c7674329335ca25df2550163eb8a1fd0c", "https://git.kernel.org/stable/c/ccb8c8f3c1127cf34d18c737309897c68046bf21", "https://git.kernel.org/stable/c/def602e498a4f951da95c95b1b8ce8ae68aa733a", "https://lore.kernel.org/linux-cve-announce/2026032034-CVE-2026-23272-8ad1@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23272", "https://www.cve.org/CVERecord?id=CVE-2026-23272" ], "PublishedDate": "2026-03-20T09:16:12.7Z", "LastModifiedDate": "2026-04-02T15:16:28.417Z" }, { "VulnerabilityID": "CVE-2026-23273", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23273", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5a58a9ad91bedd4c7a782772c58f4b0613f94a0479b56d97dc1f3c6eb31b8252", "Title": "kernel: macvlan: observe an RCU grace period in macvlan_common_newlink() error path", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmacvlan: observe an RCU grace period in macvlan_common_newlink() error path\n\nvalis reported that a race condition still happens after my prior patch.\n\nmacvlan_common_newlink() might have made @dev visible before\ndetecting an error, and its caller will directly call free_netdev(dev).\n\nWe must respect an RCU period, either in macvlan or the core networking\nstack.\n\nAfter adding a temporary mdelay(1000) in macvlan_forward_source_one()\nto open the race window, valis repro was:\n\nip link add p1 type veth peer p2\nip link set address 00:00:00:00:00:20 dev p1\nip link set up dev p1\nip link set up dev p2\nip link add mv0 link p2 type macvlan mode source\n\n(ip link add invalid% link p2 type macvlan mode source macaddr add\n00:00:00:00:00:20 \u0026) ; sleep 0.5 ; ping -c1 -I p1 1.2.3.4\nPING 1.2.3.4 (1.2.3.4): 56 data bytes\nRTNETLINK answers: Invalid argument\n\nBUG: KASAN: slab-use-after-free in macvlan_forward_source\n(drivers/net/macvlan.c:408 drivers/net/macvlan.c:444)\nRead of size 8 at addr ffff888016bb89c0 by task e/175\n\nCPU: 1 UID: 1000 PID: 175 Comm: e Not tainted 6.19.0-rc8+ #33 NONE\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014\nCall Trace:\n\u003cIRQ\u003e\ndump_stack_lvl (lib/dump_stack.c:123)\nprint_report (mm/kasan/report.c:379 mm/kasan/report.c:482)\n? macvlan_forward_source (drivers/net/macvlan.c:408 drivers/net/macvlan.c:444)\nkasan_report (mm/kasan/report.c:597)\n? macvlan_forward_source (drivers/net/macvlan.c:408 drivers/net/macvlan.c:444)\nmacvlan_forward_source (drivers/net/macvlan.c:408 drivers/net/macvlan.c:444)\n? tasklet_init (kernel/softirq.c:983)\nmacvlan_handle_frame (drivers/net/macvlan.c:501)\n\nAllocated by task 169:\nkasan_save_stack (mm/kasan/common.c:58)\nkasan_save_track (./arch/x86/include/asm/current.h:25\nmm/kasan/common.c:70 mm/kasan/common.c:79)\n__kasan_kmalloc (mm/kasan/common.c:419)\n__kvmalloc_node_noprof (./include/linux/kasan.h:263 mm/slub.c:5657\nmm/slub.c:7140)\nalloc_netdev_mqs (net/core/dev.c:12012)\nrtnl_create_link (net/core/rtnetlink.c:3648)\nrtnl_newlink (net/core/rtnetlink.c:3830 net/core/rtnetlink.c:3957\nnet/core/rtnetlink.c:4072)\nrtnetlink_rcv_msg (net/core/rtnetlink.c:6958)\nnetlink_rcv_skb (net/netlink/af_netlink.c:2550)\nnetlink_unicast (net/netlink/af_netlink.c:1319 net/netlink/af_netlink.c:1344)\nnetlink_sendmsg (net/netlink/af_netlink.c:1894)\n__sys_sendto (net/socket.c:727 net/socket.c:742 net/socket.c:2206)\n__x64_sys_sendto (net/socket.c:2209)\ndo_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:131)\n\nFreed by task 169:\nkasan_save_stack (mm/kasan/common.c:58)\nkasan_save_track (./arch/x86/include/asm/current.h:25\nmm/kasan/common.c:70 mm/kasan/common.c:79)\nkasan_save_free_info (mm/kasan/generic.c:587)\n__kasan_slab_free (mm/kasan/common.c:287)\nkfree (mm/slub.c:6674 mm/slub.c:6882)\nrtnl_newlink (net/core/rtnetlink.c:3845 net/core/rtnetlink.c:3957\nnet/core/rtnetlink.c:4072)\nrtnetlink_rcv_msg (net/core/rtnetlink.c:6958)\nnetlink_rcv_skb (net/netlink/af_netlink.c:2550)\nnetlink_unicast (net/netlink/af_netlink.c:1319 net/netlink/af_netlink.c:1344)\nnetlink_sendmsg (net/netlink/af_netlink.c:1894)\n__sys_sendto (net/socket.c:727 net/socket.c:742 net/socket.c:2206)\n__x64_sys_sendto (net/socket.c:2209)\ndo_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:131)", "Severity": "MEDIUM", "VendorSeverity": { "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23273", "https://git.kernel.org/stable/c/19c7d8ac51988d053709c1e85bd8482076af845d", "https://git.kernel.org/stable/c/1e58ae87ad1e6e24368dea9aec9048c758cd0e2b", "https://git.kernel.org/stable/c/3d94323c80d7fc4da5f10f9bb06a45d39d5d3cc4", "https://git.kernel.org/stable/c/721eb342d9ba19bad5c4815ea3921465158b7362", "https://git.kernel.org/stable/c/91e4ff8d966978901630fc29582c1a76d3c6e46c", "https://git.kernel.org/stable/c/a1f686d273d129b45712d95f4095843b864466bd", "https://git.kernel.org/stable/c/d34f7a8aa9a25b7e64e0e46e444697c0f702374d", "https://git.kernel.org/stable/c/e3f000f0dee1bfab52e2e61ca6a3835d9e187e35", "https://lore.kernel.org/linux-cve-announce/2026032034-CVE-2026-23273-3669@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23273", "https://www.cve.org/CVERecord?id=CVE-2026-23273" ], "PublishedDate": "2026-03-20T09:16:12.847Z", "LastModifiedDate": "2026-04-02T15:16:29.503Z" }, { "VulnerabilityID": "CVE-2026-23274", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23274", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c568e81715f365e243314b7f2621fd362e59dad9c40893c27058f50cc40db9bc", "Title": "kernel: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels\n\nIDLETIMER revision 0 rules reuse existing timers by label and always call\nmod_timer() on timer-\u003etimer.\n\nIf the label was created first by revision 1 with XT_IDLETIMER_ALARM,\nthe object uses alarm timer semantics and timer-\u003etimer is never initialized.\nReusing that object from revision 0 causes mod_timer() on an uninitialized\ntimer_list, triggering debugobjects warnings and possible panic when\npanic_on_warn=1.\n\nFix this by rejecting revision 0 rule insertion when an existing timer with\nthe same label is of ALARM type.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23274", "https://git.kernel.org/stable/c/28c7cfaf0c0ab17cbd7754092116fd1af45271f9", "https://git.kernel.org/stable/c/329f0b9b48ee6ab59d1ab72fef55fe8c6463a6cf", "https://git.kernel.org/stable/c/54080355999381fed4a26129579a5765bab87491", "https://git.kernel.org/stable/c/5e7ece24c5cb75a60402aad4d803c7898ea40aa9", "https://git.kernel.org/stable/c/f228b9ae2a7e84d1153616d8e71c4236cb1f1309", "https://git.kernel.org/stable/c/f5ef97c13165542480a6ffdbe6f09f40bbb7cbf1", "https://lore.kernel.org/linux-cve-announce/2026032034-CVE-2026-23274-ba1d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23274", "https://www.cve.org/CVERecord?id=CVE-2026-23274" ], "PublishedDate": "2026-03-20T09:16:13.077Z", "LastModifiedDate": "2026-04-02T15:16:29.783Z" }, { "VulnerabilityID": "CVE-2026-23276", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23276", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6f6bfbd3fce3058b4625ce9b1438024f76bfcc1148275941a0d0e45e3572f618", "Title": "kernel: net: add xmit recursion limit to tunnel xmit functions", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: add xmit recursion limit to tunnel xmit functions\n\nTunnel xmit functions (iptunnel_xmit, ip6tunnel_xmit) lack their own\nrecursion limit. When a bond device in broadcast mode has GRE tap\ninterfaces as slaves, and those GRE tunnels route back through the\nbond, multicast/broadcast traffic triggers infinite recursion between\nbond_xmit_broadcast() and ip_tunnel_xmit()/ip6_tnl_xmit(), causing\nkernel stack overflow.\n\nThe existing XMIT_RECURSION_LIMIT (8) in the no-qdisc path is not\nsufficient because tunnel recursion involves route lookups and full IP\noutput, consuming much more stack per level. Use a lower limit of 4\n(IP_TUNNEL_RECURSION_LIMIT) to prevent overflow.\n\nAdd recursion detection using dev_xmit_recursion helpers directly in\niptunnel_xmit() and ip6tunnel_xmit() to cover all IPv4/IPv6 tunnel\npaths including UDP encapsulated tunnels (VXLAN, Geneve, etc.).\n\nMove dev_xmit_recursion helpers from net/core/dev.h to public header\ninclude/linux/netdevice.h so they can be used by tunnel code.\n\n BUG: KASAN: stack-out-of-bounds in blake2s.constprop.0+0xe7/0x160\n Write of size 32 at addr ffff88810033fed0 by task kworker/0:1/11\n Workqueue: mld mld_ifc_work\n Call Trace:\n \u003cTASK\u003e\n __build_flow_key.constprop.0 (net/ipv4/route.c:515)\n ip_rt_update_pmtu (net/ipv4/route.c:1073)\n iptunnel_xmit (net/ipv4/ip_tunnel_core.c:84)\n ip_tunnel_xmit (net/ipv4/ip_tunnel.c:847)\n gre_tap_xmit (net/ipv4/ip_gre.c:779)\n dev_hard_start_xmit (net/core/dev.c:3887)\n sch_direct_xmit (net/sched/sch_generic.c:347)\n __dev_queue_xmit (net/core/dev.c:4802)\n bond_dev_queue_xmit (drivers/net/bonding/bond_main.c:312)\n bond_xmit_broadcast (drivers/net/bonding/bond_main.c:5279)\n bond_start_xmit (drivers/net/bonding/bond_main.c:5530)\n dev_hard_start_xmit (net/core/dev.c:3887)\n __dev_queue_xmit (net/core/dev.c:4841)\n ip_finish_output2 (net/ipv4/ip_output.c:237)\n ip_output (net/ipv4/ip_output.c:438)\n iptunnel_xmit (net/ipv4/ip_tunnel_core.c:86)\n gre_tap_xmit (net/ipv4/ip_gre.c:779)\n dev_hard_start_xmit (net/core/dev.c:3887)\n sch_direct_xmit (net/sched/sch_generic.c:347)\n __dev_queue_xmit (net/core/dev.c:4802)\n bond_dev_queue_xmit (drivers/net/bonding/bond_main.c:312)\n bond_xmit_broadcast (drivers/net/bonding/bond_main.c:5279)\n bond_start_xmit (drivers/net/bonding/bond_main.c:5530)\n dev_hard_start_xmit (net/core/dev.c:3887)\n __dev_queue_xmit (net/core/dev.c:4841)\n ip_finish_output2 (net/ipv4/ip_output.c:237)\n ip_output (net/ipv4/ip_output.c:438)\n iptunnel_xmit (net/ipv4/ip_tunnel_core.c:86)\n ip_tunnel_xmit (net/ipv4/ip_tunnel.c:847)\n gre_tap_xmit (net/ipv4/ip_gre.c:779)\n dev_hard_start_xmit (net/core/dev.c:3887)\n sch_direct_xmit (net/sched/sch_generic.c:347)\n __dev_queue_xmit (net/core/dev.c:4802)\n bond_dev_queue_xmit (drivers/net/bonding/bond_main.c:312)\n bond_xmit_broadcast (drivers/net/bonding/bond_main.c:5279)\n bond_start_xmit (drivers/net/bonding/bond_main.c:5530)\n dev_hard_start_xmit (net/core/dev.c:3887)\n __dev_queue_xmit (net/core/dev.c:4841)\n mld_sendpack\n mld_ifc_work\n process_one_work\n worker_thread\n \u003c/TASK\u003e", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23276", "https://git.kernel.org/stable/c/6f1a9140ecda3baba3d945b9a6155af4268aafc4", "https://git.kernel.org/stable/c/834c4f645726a25fd71ea50cdfb5c135f8f95d85", "https://git.kernel.org/stable/c/8a57deeb256069f262957d8012418559ff66c385", "https://git.kernel.org/stable/c/b56b8d19bd05e2a8338385c770bc2b60590bc81e", "https://lore.kernel.org/linux-cve-announce/2026032035-CVE-2026-23276-7fd3@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23276", "https://www.cve.org/CVERecord?id=CVE-2026-23276" ], "PublishedDate": "2026-03-20T09:16:13.37Z", "LastModifiedDate": "2026-03-25T11:16:21.82Z" }, { "VulnerabilityID": "CVE-2026-23277", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23277", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:65e671a7bcfe713ef4c13e940218ef00501eea9a18ae8dc335395a4095a1fe62", "Title": "kernel: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit\n\nteql_master_xmit() calls netdev_start_xmit(skb, slave) to transmit\nthrough slave devices, but does not update skb-\u003edev to the slave device\nbeforehand.\n\nWhen a gretap tunnel is a TEQL slave, the transmit path reaches\niptunnel_xmit() which saves dev = skb-\u003edev (still pointing to teql0\nmaster) and later calls iptunnel_xmit_stats(dev, pkt_len). This\nfunction does:\n\n get_cpu_ptr(dev-\u003etstats)\n\nSince teql_master_setup() does not set dev-\u003epcpu_stat_type to\nNETDEV_PCPU_STAT_TSTATS, the core network stack never allocates tstats\nfor teql0, so dev-\u003etstats is NULL. get_cpu_ptr(NULL) computes\nNULL + __per_cpu_offset[cpu], resulting in a page fault.\n\n BUG: unable to handle page fault for address: ffff8880e6659018\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD 68bc067 P4D 68bc067 PUD 0\n Oops: Oops: 0002 [#1] SMP KASAN PTI\n RIP: 0010:iptunnel_xmit (./include/net/ip_tunnels.h:664 net/ipv4/ip_tunnel_core.c:89)\n Call Trace:\n \u003cTASK\u003e\n ip_tunnel_xmit (net/ipv4/ip_tunnel.c:847)\n __gre_xmit (net/ipv4/ip_gre.c:478)\n gre_tap_xmit (net/ipv4/ip_gre.c:779)\n teql_master_xmit (net/sched/sch_teql.c:319)\n dev_hard_start_xmit (net/core/dev.c:3887)\n sch_direct_xmit (net/sched/sch_generic.c:347)\n __dev_queue_xmit (net/core/dev.c:4802)\n neigh_direct_output (net/core/neighbour.c:1660)\n ip_finish_output2 (net/ipv4/ip_output.c:237)\n __ip_finish_output.part.0 (net/ipv4/ip_output.c:315)\n ip_mc_output (net/ipv4/ip_output.c:369)\n ip_send_skb (net/ipv4/ip_output.c:1508)\n udp_send_skb (net/ipv4/udp.c:1195)\n udp_sendmsg (net/ipv4/udp.c:1485)\n inet_sendmsg (net/ipv4/af_inet.c:859)\n __sys_sendto (net/socket.c:2206)\n\nFix this by setting skb-\u003edev = slave before calling\nnetdev_start_xmit(), so that tunnel xmit functions see the correct\nslave device with properly allocated tstats.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23277", "https://git.kernel.org/stable/c/0bad9c86edd22dec4df83c2b29872d66fd8a2ff4", "https://git.kernel.org/stable/c/0cc0c2e661af418bbf7074179ea5cfffc0a5c466", "https://git.kernel.org/stable/c/21ea283c2750c8307aa35ee832b0951cc993c27d", "https://git.kernel.org/stable/c/57c153249143333bbf4ecf927bdf8aa2696ee397", "https://git.kernel.org/stable/c/59b06d8b9bdb6b64b3c534c18da68bce5ccd31be", "https://git.kernel.org/stable/c/81a43e8005366f16e629d8c95dfe05beaa8d36a7", "https://lore.kernel.org/linux-cve-announce/2026032036-CVE-2026-23277-e478@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23277", "https://www.cve.org/CVERecord?id=CVE-2026-23277" ], "PublishedDate": "2026-03-20T09:16:13.533Z", "LastModifiedDate": "2026-03-25T11:16:21.993Z" }, { "VulnerabilityID": "CVE-2026-23278", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23278", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9573d59361cc91b326340596ed1ad469e4a0ab74ac98c7df22a53db49c9a8a39", "Title": "kernel: netfilter: nf_tables: always walk all pending catchall elements", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: always walk all pending catchall elements\n\nDuring transaction processing we might have more than one catchall element:\n1 live catchall element and 1 pending element that is coming as part of the\nnew batch.\n\nIf the map holding the catchall elements is also going away, its\nrequired to toggle all catchall elements and not just the first viable\ncandidate.\n\nOtherwise, we get:\n WARNING: ./include/net/netfilter/nf_tables.h:1281 at nft_data_release+0xb7/0xe0 [nf_tables], CPU#2: nft/1404\n RIP: 0010:nft_data_release+0xb7/0xe0 [nf_tables]\n [..]\n __nft_set_elem_destroy+0x106/0x380 [nf_tables]\n nf_tables_abort_release+0x348/0x8d0 [nf_tables]\n nf_tables_abort+0xcf2/0x3ac0 [nf_tables]\n nfnetlink_rcv_batch+0x9c9/0x20e0 [..]", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23278", "https://git.kernel.org/stable/c/77c26b5056d693ffe5e9f040e946251cdb55ae55", "https://git.kernel.org/stable/c/7cb9a23d7ae40a702577d3d8bacb7026f04ac2a9", "https://git.kernel.org/stable/c/de47a88c6b807910f05703fb6605f7efdaa11417", "https://git.kernel.org/stable/c/eb0948fa13298212c5f8b30ee48efdae4389ab09", "https://lore.kernel.org/linux-cve-announce/2026032036-CVE-2026-23278-4dcc@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23278", "https://www.cve.org/CVERecord?id=CVE-2026-23278" ], "PublishedDate": "2026-03-20T09:16:13.69Z", "LastModifiedDate": "2026-04-02T09:16:20.537Z" }, { "VulnerabilityID": "CVE-2026-23279", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23279", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f689f42b5cf38e435a885f10b6a7f02fc40fe52db34aa14b79f073dfeb1b17f3", "Title": "kernel: wifi: mac80211: fix NULL pointer dereference in mesh_rx_csa_frame()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix NULL pointer dereference in mesh_rx_csa_frame()\n\nIn mesh_rx_csa_frame(), elems-\u003emesh_chansw_params_ie is dereferenced\nat lines 1638 and 1642 without a prior NULL check:\n\n ifmsh-\u003echsw_ttl = elems-\u003emesh_chansw_params_ie-\u003emesh_ttl;\n ...\n pre_value = le16_to_cpu(elems-\u003emesh_chansw_params_ie-\u003emesh_pre_value);\n\nThe mesh_matches_local() check above only validates the Mesh ID,\nMesh Configuration, and Supported Rates IEs. It does not verify the\npresence of the Mesh Channel Switch Parameters IE (element ID 118).\nWhen a received CSA action frame omits that IE, ieee802_11_parse_elems()\nleaves elems-\u003emesh_chansw_params_ie as NULL, and the unconditional\ndereference causes a kernel NULL pointer dereference.\n\nA remote mesh peer with an established peer link (PLINK_ESTAB) can\ntrigger this by sending a crafted SPECTRUM_MGMT/CHL_SWITCH action frame\nthat includes a matching Mesh ID and Mesh Configuration IE but omits the\nMesh Channel Switch Parameters IE. No authentication beyond the default\nopen mesh peering is required.\n\nCrash confirmed on kernel 6.17.0-5-generic via mac80211_hwsim:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n Oops: Oops: 0000 [#1] SMP NOPTI\n RIP: 0010:ieee80211_mesh_rx_queued_mgmt+0x143/0x2a0 [mac80211]\n CR2: 0000000000000000\n\nFix by adding a NULL check for mesh_chansw_params_ie after\nmesh_matches_local() returns, consistent with how other optional IEs\nare guarded throughout the mesh code.\n\nThe bug has been present since v3.13 (released 2014-01-19).", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23279", "https://git.kernel.org/linus/017c1792525064a723971f0216e6ef86a8c7af11 (7.0-rc2)", "https://git.kernel.org/stable/c/017c1792525064a723971f0216e6ef86a8c7af11", "https://git.kernel.org/stable/c/22a9adea7e26d236406edc0ea00b54351dd56b9c", "https://git.kernel.org/stable/c/2b5f282b1b7241ef624c3399a1cdff0bb1a3eeab", "https://git.kernel.org/stable/c/be8b82c567fda86f2cbb43b7208825125bb31421", "https://git.kernel.org/stable/c/cc6d5a3c0a854aeae00915fc5386570c86029c60", "https://git.kernel.org/stable/c/f5d8af683410a8c82e48b51291915bd612523d9a", "https://lore.kernel.org/linux-cve-announce/2026032522-CVE-2026-23279-cf34@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23279", "https://www.cve.org/CVERecord?id=CVE-2026-23279" ], "PublishedDate": "2026-03-25T11:16:22.333Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23281", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23281", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6ec1aeb35059ddbc8655bb77b333106cc7b8e00f9af985406962461dd0c70b4b", "Title": "kernel: wifi: libertas: fix use-after-free in lbs_free_adapter()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: libertas: fix use-after-free in lbs_free_adapter()\n\nThe lbs_free_adapter() function uses timer_delete() (non-synchronous)\nfor both command_timer and tx_lockup_timer before the structure is\nfreed. This is incorrect because timer_delete() does not wait for\nany running timer callback to complete.\n\nIf a timer callback is executing when lbs_free_adapter() is called,\nthe callback will access freed memory since lbs_cfg_free() frees the\ncontaining structure immediately after lbs_free_adapter() returns.\n\nBoth timer callbacks (lbs_cmd_timeout_handler and lbs_tx_lockup_handler)\naccess priv-\u003edriver_lock, priv-\u003ecur_cmd, priv-\u003edev, and other fields,\nwhich would all be use-after-free violations.\n\nUse timer_delete_sync() instead to ensure any running timer callback\nhas completed before returning.\n\nThis bug was introduced in commit 8f641d93c38a (\"libertas: detect TX\nlockups and reset hardware\") where del_timer() was used instead of\ndel_timer_sync() in the cleanup path. The command_timer has had the\nsame issue since the driver was first written.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 3, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23281", "https://git.kernel.org/linus/03cc8f90d0537fcd4985c3319b4fafbf2e3fb1f0 (7.0-rc2)", "https://git.kernel.org/stable/c/03cc8f90d0537fcd4985c3319b4fafbf2e3fb1f0", "https://git.kernel.org/stable/c/3c5c818c78b03a1725f3dcd566865c77b48dd3a6", "https://git.kernel.org/stable/c/3f9dec4a6d95d7f1f5e9e9dfdfa173c053bba8dc", "https://git.kernel.org/stable/c/a9f55b14486426d907459bced5825a25063bd922", "https://git.kernel.org/stable/c/d0155fe68f31b339961cf2d4f92937d57e9384e6", "https://git.kernel.org/stable/c/ed7d30f90b77f73a47498686ede83f622b7e4f0d", "https://lore.kernel.org/linux-cve-announce/2026032523-CVE-2026-23281-2e62@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23281", "https://www.cve.org/CVERecord?id=CVE-2026-23281" ], "PublishedDate": "2026-03-25T11:16:22.657Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23285", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23285", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d16523974e9b5bc0cd06ac7e394a0884bd32ce21ed4dc3b799a78ed07cd4a490", "Title": "kernel: drbd: fix null-pointer dereference on local read error", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrbd: fix null-pointer dereference on local read error\n\nIn drbd_request_endio(), READ_COMPLETED_WITH_ERROR is passed to\n__req_mod() with a NULL peer_device:\n\n __req_mod(req, what, NULL, \u0026m);\n\nThe READ_COMPLETED_WITH_ERROR handler then unconditionally passes this\nNULL peer_device to drbd_set_out_of_sync(), which dereferences it,\ncausing a null-pointer dereference.\n\nFix this by obtaining the peer_device via first_peer_device(device),\nmatching how drbd_req_destroy() handles the same situation.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "redhat": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23285", "https://git.kernel.org/linus/0d195d3b205ca90db30d70d09d7bb6909aac178f (7.0-rc2)", "https://git.kernel.org/stable/c/0d195d3b205ca90db30d70d09d7bb6909aac178f", "https://git.kernel.org/stable/c/1e906c08594c8f9a6a524f38ede2c4e051196106", "https://git.kernel.org/stable/c/4e8935053ba389ae8d6685c10854d8021931bd89", "https://git.kernel.org/stable/c/6f1d1614f841d91a4169db65812ffd1271735b42", "https://git.kernel.org/stable/c/91df51d2df0ca4fd3281f73626341563d64a98a5", "https://lore.kernel.org/linux-cve-announce/2026032524-CVE-2026-23285-ad41@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23285", "https://www.cve.org/CVERecord?id=CVE-2026-23285" ], "PublishedDate": "2026-03-25T11:16:23.247Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23286", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23286", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:72dec48fbf83cd6128bd67b953a7635b22cd45139dc0f9a95df711c05ef3a1f0", "Title": "kernel: atm: lec: fix null-ptr-deref in lec_arp_clear_vccs", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: lec: fix null-ptr-deref in lec_arp_clear_vccs\n\nsyzkaller reported a null-ptr-deref in lec_arp_clear_vccs().\nThis issue can be easily reproduced using the syzkaller reproducer.\n\nIn the ATM LANE (LAN Emulation) module, the same atm_vcc can be shared by\nmultiple lec_arp_table entries (e.g., via entry-\u003evcc or entry-\u003erecv_vcc).\nWhen the underlying VCC is closed, lec_vcc_close() iterates over all\nARP entries and calls lec_arp_clear_vccs() for each matched entry.\n\nFor example, when lec_vcc_close() iterates through the hlists in\npriv-\u003elec_arp_empty_ones or other ARP tables:\n\n1. In the first iteration, for the first matched ARP entry sharing the VCC,\nlec_arp_clear_vccs() frees the associated vpriv (which is vcc-\u003euser_back)\nand sets vcc-\u003euser_back to NULL.\n2. In the second iteration, for the next matched ARP entry sharing the same\nVCC, lec_arp_clear_vccs() is called again. It obtains a NULL vpriv from\nvcc-\u003euser_back (via LEC_VCC_PRIV(vcc)) and then attempts to dereference it\nvia `vcc-\u003epop = vpriv-\u003eold_pop`, leading to a null-ptr-deref crash.\n\nFix this by adding a null check for vpriv before dereferencing\nit. If vpriv is already NULL, it means the VCC has been cleared\nby a previous call, so we can safely skip the cleanup and just\nclear the entry's vcc/recv_vcc pointers.\n\nThe entire cleanup block (including vcc_release_async()) is placed inside\nthe vpriv guard because a NULL vpriv indicates the VCC has already been\nfully released by a prior iteration — repeating the teardown would\nredundantly set flags and trigger callbacks on an already-closing socket.\n\nThe Fixes tag points to the initial commit because the entry-\u003evcc path has\nbeen vulnerable since the original code. The entry-\u003erecv_vcc path was later\nadded by commit 8d9f73c0ad2f (\"atm: fix a memory leak of vcc-\u003euser_back\")\nwith the same pattern, and both paths are fixed here.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23286", "https://git.kernel.org/linus/101bacb303e89dc2e0640ae6a5e0fb97c4eb45bb (7.0-rc3)", "https://git.kernel.org/stable/c/101bacb303e89dc2e0640ae6a5e0fb97c4eb45bb", "https://git.kernel.org/stable/c/2d9f57ea29a1f1772373b98a509b44d49fda609e", "https://git.kernel.org/stable/c/5f1cfea7921f5c126a441d973690eeba52677b64", "https://git.kernel.org/stable/c/622062f24644b4536d3f437e0cf7a8c4bb421665", "https://git.kernel.org/stable/c/7ea92ab075d809ec8a96669a5ecf00f752057875", "https://git.kernel.org/stable/c/e9665986eb127290ceb535bd5d04d7a84265d94f", "https://lore.kernel.org/linux-cve-announce/2026032524-CVE-2026-23286-8a7e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23286", "https://www.cve.org/CVERecord?id=CVE-2026-23286" ], "PublishedDate": "2026-03-25T11:16:23.393Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23287", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23287", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:096cffd089b9b8658281f89443c47aacfdc562d17b8bf30dda753dac71feaa53", "Title": "kernel: irqchip/sifive-plic: Fix frozen interrupt due to affinity setting", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/sifive-plic: Fix frozen interrupt due to affinity setting\n\nPLIC ignores interrupt completion message for disabled interrupt, explained\nby the specification:\n\n The PLIC signals it has completed executing an interrupt handler by\n writing the interrupt ID it received from the claim to the\n claim/complete register. The PLIC does not check whether the completion\n ID is the same as the last claim ID for that target. If the completion\n ID does not match an interrupt source that is currently enabled for\n the target, the completion is silently ignored.\n\nThis caused problems in the past, because an interrupt can be disabled\nwhile still being handled and plic_irq_eoi() had no effect. That was fixed\nby checking if the interrupt is disabled, and if so enable it, before\nsending the completion message. That check is done with irqd_irq_disabled().\n\nHowever, that is not sufficient because the enable bit for the handling\nhart can be zero despite irqd_irq_disabled(d) being false. This can happen\nwhen affinity setting is changed while a hart is still handling the\ninterrupt.\n\nThis problem is easily reproducible by dumping a large file to uart (which\ngenerates lots of interrupts) and at the same time keep changing the uart\ninterrupt's affinity setting. The uart port becomes frozen almost\ninstantaneously.\n\nFix this by checking PLIC's enable bit instead of irqd_irq_disabled().", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23287", "https://git.kernel.org/linus/1072020685f4b81f6efad3b412cdae0bd62bb043 (7.0-rc2)", "https://git.kernel.org/stable/c/1072020685f4b81f6efad3b412cdae0bd62bb043", "https://git.kernel.org/stable/c/1883332bf21feb8871af09daf604fc4836a76925", "https://git.kernel.org/stable/c/2edbd173309165d103be6c73bd83e459dc45ae7b", "https://git.kernel.org/stable/c/686eb378a4a51aa967e08337dd59daade16aec0f", "https://git.kernel.org/stable/c/8942fb1a5bc2dcbd88f7e656d109d42f778f298f", "https://git.kernel.org/stable/c/f611791a927141d05d7030607dea6372311c1413", "https://lore.kernel.org/linux-cve-announce/2026032524-CVE-2026-23287-93b2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23287", "https://www.cve.org/CVERecord?id=CVE-2026-23287" ], "PublishedDate": "2026-03-25T11:16:23.583Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23289", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23289", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:08cdb6363849f5cf112cc6f38c8bc0035a82b01cb4304ad551d0697ef81219d0", "Title": "kernel: IB/mthca: Add missed mthca_unmap_user_db() for mthca_create_srq()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/mthca: Add missed mthca_unmap_user_db() for mthca_create_srq()\n\nFix a user triggerable leak on the system call failure path.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23289", "https://git.kernel.org/linus/117942ca43e2e3c3d121faae530989931b7f67e1 (7.0-rc2)", "https://git.kernel.org/stable/c/117942ca43e2e3c3d121faae530989931b7f67e1", "https://git.kernel.org/stable/c/972b72d7e2d8fe1400f1c7a8304c282c539b7e02", "https://git.kernel.org/stable/c/d0148965dbca8cc8efa7e3d6e99940487bf661c0", "https://git.kernel.org/stable/c/da8eaa73bc37d004350ba68eb18b6ade8e49db52", "https://git.kernel.org/stable/c/deee46b37ebd8cc5ff810127883fca90f2412a7b", "https://git.kernel.org/stable/c/f67f1ad4029e9fa183141546de31987b254c9292", "https://lore.kernel.org/linux-cve-announce/2026032524-CVE-2026-23289-aa54@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23289", "https://www.cve.org/CVERecord?id=CVE-2026-23289" ], "PublishedDate": "2026-03-25T11:16:23.887Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23290", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23290", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2e89cb5d20b00931801f25d0bb98e908c7b462558d23c057e898226ea7a18540", "Title": "kernel: net: usb: pegasus: validate USB endpoints", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: pegasus: validate USB endpoints\n\nThe pegasus driver should validate that the device it is probing has the\nproper number and types of USB endpoints it is expecting before it binds\nto it. If a malicious device were to not have the same urbs the driver\nwill crash later on when it blindly accesses these endpoints.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23290", "https://git.kernel.org/linus/11de1d3ae5565ed22ef1f89d73d8f2d00322c699 (7.0-rc2)", "https://git.kernel.org/stable/c/11de1d3ae5565ed22ef1f89d73d8f2d00322c699", "https://git.kernel.org/stable/c/43d7c4114b1ec14f41f09306525d3b9382286fc1", "https://git.kernel.org/stable/c/7f8505c7ce3f186ef9d2495f3c0bd6ad6fce999f", "https://git.kernel.org/stable/c/95556b4e879711693c9865ba0938c148f62d5ea4", "https://git.kernel.org/stable/c/c3f1672eaea68c5cb6e1ec081cdb92045453218f", "https://git.kernel.org/stable/c/ee31ec8cf1eafeefa85ef934ba688d27f88bf0e2", "https://lore.kernel.org/linux-cve-announce/2026032525-CVE-2026-23290-af97@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23290", "https://www.cve.org/CVERecord?id=CVE-2026-23290" ], "PublishedDate": "2026-03-25T11:16:24.043Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23291", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23291", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2067d1dda385daef66c977a6f6b99a590a5eb7eccec949e7d49c73116e2354a3", "Title": "kernel: nfc: pn533: properly drop the usb interface reference on disconnect", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: pn533: properly drop the usb interface reference on disconnect\n\nWhen the device is disconnected from the driver, there is a \"dangling\"\nreference count on the usb interface that was grabbed in the probe\ncallback. Fix this up by properly dropping the reference after we are\ndone with it.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23291", "https://git.kernel.org/linus/12133a483dfa832241fbbf09321109a0ea8a520e (7.0-rc2)", "https://git.kernel.org/stable/c/00477cab053dc4816b99141d8fcca7a479cfebeb", "https://git.kernel.org/stable/c/12133a483dfa832241fbbf09321109a0ea8a520e", "https://git.kernel.org/stable/c/4551d6cea00224ab65a0ef35e4e6da0e9c0a2d74", "https://git.kernel.org/stable/c/7398d6570501edc55a50ece820f369ab3c1df2e7", "https://git.kernel.org/stable/c/7ff14eb070f0efecb2606f8d7aa01b77d188e886", "https://git.kernel.org/stable/c/d1f6d20b3c2642ec85ce6ea5da7155746c31c6d0", "https://lore.kernel.org/linux-cve-announce/2026032525-CVE-2026-23291-eae3@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23291", "https://www.cve.org/CVERecord?id=CVE-2026-23291" ], "PublishedDate": "2026-03-25T11:16:24.197Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23292", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23292", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:69bcd5d1d102a98c890552191988cee64e712982d10541ed6e9105668ad9ffe0", "Title": "kernel: scsi: target: Fix recursive locking in __configfs_open_file()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: Fix recursive locking in __configfs_open_file()\n\nIn flush_write_buffer, \u0026p-\u003efrag_sem is acquired and then the loaded store\nfunction is called, which, here, is target_core_item_dbroot_store(). This\nfunction called filp_open(), following which these functions were called\n(in reverse order), according to the call trace:\n\n down_read\n __configfs_open_file\n do_dentry_open\n vfs_open\n do_open\n path_openat\n do_filp_open\n file_open_name\n filp_open\n target_core_item_dbroot_store\n flush_write_buffer\n configfs_write_iter\n\ntarget_core_item_dbroot_store() tries to validate the new file path by\ntrying to open the file path provided to it; however, in this case, the bug\nreport shows:\n\ndb_root: not a directory: /sys/kernel/config/target/dbroot\n\nindicating that the same configfs file was tried to be opened, on which it\nis currently working on. Thus, it is trying to acquire frag_sem semaphore\nof the same file of which it already holds the semaphore obtained in\nflush_write_buffer(), leading to acquiring the semaphore in a nested manner\nand a possibility of recursive locking.\n\nFix this by modifying target_core_item_dbroot_store() to use kern_path()\ninstead of filp_open() to avoid opening the file using filesystem-specific\nfunction __configfs_open_file(), and further modifying it to make this fix\ncompatible.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23292", "https://git.kernel.org/linus/14d4ac19d1895397532eec407433c5d74d9da53b (7.0-rc3)", "https://git.kernel.org/stable/c/142eacb50fb903a4c10dee7e67b6e79ebb36a582", "https://git.kernel.org/stable/c/14d4ac19d1895397532eec407433c5d74d9da53b", "https://git.kernel.org/stable/c/3161ef61f121d4573cad5b57c92188dcd9b284b3", "https://git.kernel.org/stable/c/4fcfa424a581d823cb1a9676e3eefe6ca17e453a", "https://git.kernel.org/stable/c/9a5641024fbfd9b24fe65984ad85fea10a3ae438", "https://git.kernel.org/stable/c/e8ef82cb6443d5f3260b1b830e17f03dda4229ea", "https://lore.kernel.org/linux-cve-announce/2026032525-CVE-2026-23292-67e8@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23292", "https://www.cve.org/CVERecord?id=CVE-2026-23292" ], "PublishedDate": "2026-03-25T11:16:24.357Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23293", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23293", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f8ab8ca2427ecf4f9ab9f5436d3dbbb9f362839a35450a0b86943be94b6398b4", "Title": "kernel: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled\n\nWhen booting with the 'ipv6.disable=1' parameter, the nd_tbl is never\ninitialized because inet6_init() exits before ndisc_init() is called\nwhich initializes it. If an IPv6 packet is injected into the interface,\nroute_shortcircuit() is called and a NULL pointer dereference happens on\nneigh_lookup().\n\n BUG: kernel NULL pointer dereference, address: 0000000000000380\n Oops: Oops: 0000 [#1] SMP NOPTI\n [...]\n RIP: 0010:neigh_lookup+0x20/0x270\n [...]\n Call Trace:\n \u003cTASK\u003e\n vxlan_xmit+0x638/0x1ef0 [vxlan]\n dev_hard_start_xmit+0x9e/0x2e0\n __dev_queue_xmit+0xbee/0x14e0\n packet_sendmsg+0x116f/0x1930\n __sys_sendto+0x1f5/0x200\n __x64_sys_sendto+0x24/0x30\n do_syscall_64+0x12f/0x1590\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFix this by adding an early check on route_shortcircuit() when protocol\nis ETH_P_IPV6. Note that ipv6_mod_enabled() cannot be used here because\nVXLAN can be built-in even when IPv6 is built as a module.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23293", "https://git.kernel.org/linus/168ff39e4758897d2eee4756977d036d52884c7e (7.0-rc3)", "https://git.kernel.org/stable/c/168ff39e4758897d2eee4756977d036d52884c7e", "https://git.kernel.org/stable/c/5f93e6b4d12bd3a4517a6d447ea675f448f21434", "https://git.kernel.org/stable/c/abcd48ecdeb2e12eccb8339a35534c757782afcd", "https://git.kernel.org/stable/c/b5190fcd75a1f1785c766a8d1e44d3938e168f45", "https://git.kernel.org/stable/c/f0373e9317bc904e7bdb123d3106fe4f3cea2fb7", "https://git.kernel.org/stable/c/fbbd2118982c55fb9b0a753ae0cf7194e77149fb", "https://lore.kernel.org/linux-cve-announce/2026032525-CVE-2026-23293-b422@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23293", "https://www.cve.org/CVERecord?id=CVE-2026-23293" ], "PublishedDate": "2026-03-25T11:16:24.52Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23296", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23296", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3292f66ecf3d9b792c961dc392f0d33dbd28bf34145e3717a68259062887dafe", "Title": "kernel: scsi: core: Fix refcount leak for tagset_refcnt", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: core: Fix refcount leak for tagset_refcnt\n\nThis leak will cause a hang when tearing down the SCSI host. For example,\niscsid hangs with the following call trace:\n\n[130120.652718] scsi_alloc_sdev: Allocation failure during SCSI scanning, some SCSI devices might not be configured\n\nPID: 2528 TASK: ffff9d0408974e00 CPU: 3 COMMAND: \"iscsid\"\n #0 [ffffb5b9c134b9e0] __schedule at ffffffff860657d4\n #1 [ffffb5b9c134ba28] schedule at ffffffff86065c6f\n #2 [ffffb5b9c134ba40] schedule_timeout at ffffffff86069fb0\n #3 [ffffb5b9c134bab0] __wait_for_common at ffffffff8606674f\n #4 [ffffb5b9c134bb10] scsi_remove_host at ffffffff85bfe84b\n #5 [ffffb5b9c134bb30] iscsi_sw_tcp_session_destroy at ffffffffc03031c4 [iscsi_tcp]\n #6 [ffffb5b9c134bb48] iscsi_if_recv_msg at ffffffffc0292692 [scsi_transport_iscsi]\n #7 [ffffb5b9c134bb98] iscsi_if_rx at ffffffffc02929c2 [scsi_transport_iscsi]\n #8 [ffffb5b9c134bbf0] netlink_unicast at ffffffff85e551d6\n #9 [ffffb5b9c134bc38] netlink_sendmsg at ffffffff85e554ef", "Severity": "MEDIUM", "VendorSeverity": { "azure": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23296", "https://git.kernel.org/linus/1ac22c8eae81366101597d48360718dff9b9d980 (7.0-rc3)", "https://git.kernel.org/stable/c/1ac22c8eae81366101597d48360718dff9b9d980", "https://git.kernel.org/stable/c/7c01b680beaf4d3143866b062b8e770e8b237fb8", "https://git.kernel.org/stable/c/944a333c8e4d42256556c1d2ebb6d773a33e0dcd", "https://git.kernel.org/stable/c/9f5e4abed9248448aa1b45b12ab0bea4d329b56a", "https://git.kernel.org/stable/c/a03d96598d39fdf605d90731db3ef3b13fb8bdc8", "https://git.kernel.org/stable/c/ec5c17c687b189dbc09dfdec11b669caa40bc395", "https://lore.kernel.org/linux-cve-announce/2026032526-CVE-2026-23296-eb4a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23296", "https://www.cve.org/CVERecord?id=CVE-2026-23296" ], "PublishedDate": "2026-03-25T11:16:24.98Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23298", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23298", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:88ae49582d0bb04fb1a3588bd071ad65003d819bc135aa868da21399faca5354", "Title": "kernel: can: ucan: Fix infinite loop from zero-length messages", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: ucan: Fix infinite loop from zero-length messages\n\nIf a broken ucan device gets a message with the message length field set\nto 0, then the driver will loop for forever in\nucan_read_bulk_callback(), hanging the system. If the length is 0, just\nskip the message and go on to the next one.\n\nThis has been fixed in the kvaser_usb driver in the past in commit\n0c73772cd2b8 (\"can: kvaser_usb: leaf: Fix potential infinite loop in\ncommand parsers\"), so there must be some broken devices out there like\nthis somewhere.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23298", "https://git.kernel.org/linus/1e446fd0582ad8be9f6dafb115fc2e7245f9bea7 (7.0-rc3)", "https://git.kernel.org/stable/c/13b646eec3ba1131180803f5aaf1fee23540ad8f", "https://git.kernel.org/stable/c/1e446fd0582ad8be9f6dafb115fc2e7245f9bea7", "https://git.kernel.org/stable/c/aa9e0a7fe5efc2f74327fd37d828e9a51d9ff588", "https://git.kernel.org/stable/c/ab6f075492d37368b4c7b0df7f7fdc2b666887fc", "https://git.kernel.org/stable/c/bd85f21a6219aeae4389d700c54f1799f4b814e0", "https://git.kernel.org/stable/c/c7bc62be6c1a60bb21301692009590b1ffda91d9", "https://lore.kernel.org/linux-cve-announce/2026032526-CVE-2026-23298-fad9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23298", "https://www.cve.org/CVERecord?id=CVE-2026-23298" ], "PublishedDate": "2026-03-25T11:16:25.32Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23300", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23300", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d073027ad68839df5ddd6840c2836a0ea4242103528b87949ec0a2682e0b9a2c", "Title": "kernel: net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop\n\nWhen a standalone IPv6 nexthop object is created with a loopback device\n(e.g., \"ip -6 nexthop add id 100 dev lo\"), fib6_nh_init() misclassifies\nit as a reject route. This is because nexthop objects have no destination\nprefix (fc_dst=::), causing fib6_is_reject() to match any loopback\nnexthop. The reject path skips fib_nh_common_init(), leaving\nnhc_pcpu_rth_output unallocated. If an IPv4 route later references this\nnexthop, __mkroute_output() dereferences NULL nhc_pcpu_rth_output and\npanics.\n\nSimplify the check in fib6_nh_init() to only match explicit reject\nroutes (RTF_REJECT) instead of using fib6_is_reject(). The loopback\npromotion heuristic in fib6_is_reject() is handled separately by\nip6_route_info_create_nh(). After this change, the three cases behave\nas follows:\n\n1. Explicit reject route (\"ip -6 route add unreachable 2001:db8::/64\"):\n RTF_REJECT is set, enters reject path, skips fib_nh_common_init().\n No behavior change.\n\n2. Implicit loopback reject route (\"ip -6 route add 2001:db8::/32 dev lo\"):\n RTF_REJECT is not set, takes normal path, fib_nh_common_init() is\n called. ip6_route_info_create_nh() still promotes it to reject\n afterward. nhc_pcpu_rth_output is allocated but unused, which is\n harmless.\n\n3. Standalone nexthop object (\"ip -6 nexthop add id 100 dev lo\"):\n RTF_REJECT is not set, takes normal path, fib_nh_common_init() is\n called. nhc_pcpu_rth_output is properly allocated, fixing the crash\n when IPv4 routes reference this nexthop.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23300", "https://git.kernel.org/linus/21ec92774d1536f71bdc90b0e3d052eff99cf093 (7.0-rc3)", "https://git.kernel.org/stable/c/21ec92774d1536f71bdc90b0e3d052eff99cf093", "https://git.kernel.org/stable/c/8650db85b4259d2885d2a80fbc2317ce24194133", "https://git.kernel.org/stable/c/b299121e7453d23faddf464087dff513a495b4fc", "https://git.kernel.org/stable/c/b3b5a037d520afe3d5276e653bc0ff516bbda34c", "https://git.kernel.org/stable/c/b5062fc2150614c9ea8a611c2e0cb6e047ebfa3a", "https://git.kernel.org/stable/c/f7c9f8e3607440fe39300efbaf46cf7b5eecb23f", "https://lore.kernel.org/linux-cve-announce/2026032526-CVE-2026-23300-9bc4@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23300", "https://www.cve.org/CVERecord?id=CVE-2026-23300" ], "PublishedDate": "2026-03-25T11:16:25.623Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23302", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23302", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a7305b52002ae373b253c0f73f313a1636c4c7b29b8b2c0e1e26d63de8fae368", "Title": "kernel: net: annotate data-races around sk-\u003esk_{data_ready,write_space}", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: annotate data-races around sk-\u003esk_{data_ready,write_space}\n\nskmsg (and probably other layers) are changing these pointers\nwhile other cpus might read them concurrently.\n\nAdd corresponding READ_ONCE()/WRITE_ONCE() annotations\nfor UDP, TCP and AF_UNIX.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23302", "https://git.kernel.org/linus/2ef2b20cf4e04ac8a6ba68493f8780776ff84300 (7.0-rc3)", "https://git.kernel.org/stable/c/27fccdbcbbfc4651b6f66756e6fa3f52e051ec23", "https://git.kernel.org/stable/c/2ef2b20cf4e04ac8a6ba68493f8780776ff84300", "https://git.kernel.org/stable/c/f17c1c4acbe2bd702abce73a847a04a196fab2c5", "https://lore.kernel.org/linux-cve-announce/2026032527-CVE-2026-23302-e03d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23302", "https://www.cve.org/CVERecord?id=CVE-2026-23302" ], "PublishedDate": "2026-03-25T11:16:25.923Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23303", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23303", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:165f5242db209ca5161f7510cf23e43c35f246fdc4a7106ac059cffa4d0f47be", "Title": "kernel: smb: client: Don't log plaintext credentials in cifs_set_cifscreds", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: Don't log plaintext credentials in cifs_set_cifscreds\n\nWhen debug logging is enabled, cifs_set_cifscreds() logs the key\npayload and exposes the plaintext username and password. Remove the\ndebug log to avoid exposing credentials.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23303", "https://git.kernel.org/linus/2f37dc436d4e61ff7ae0b0353cf91b8c10396e4d (7.0-rc2)", "https://git.kernel.org/stable/c/2ef0fc3bf49db2b9df36d5f44508c9e384bfa2a1", "https://git.kernel.org/stable/c/2f37dc436d4e61ff7ae0b0353cf91b8c10396e4d", "https://git.kernel.org/stable/c/3990f352bb0adc8688d0949a9c13e3110570eb61", "https://git.kernel.org/stable/c/3e182701db612ddd794ccd5ed822e6cc1db2b972", "https://git.kernel.org/stable/c/b746a357abfb8fdb0a171d51ec5091e786d34be1", "https://git.kernel.org/stable/c/ff0ece8ed04180c52167c003362284b23cf54e8d", "https://lore.kernel.org/linux-cve-announce/2026032527-CVE-2026-23303-8e38@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23303", "https://www.cve.org/CVERecord?id=CVE-2026-23303" ], "PublishedDate": "2026-03-25T11:16:26.06Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23304", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23304", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2933dd9106fc1d54dd93f47d8b203062c811140dd514c34e436404a227e418b7", "Title": "kernel: ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu()\n\nl3mdev_master_dev_rcu() can return NULL when the slave device is being\nun-slaved from a VRF. All other callers deal with this, but we lost\nthe fallback to loopback in ip6_rt_pcpu_alloc() -\u003e ip6_rt_get_dev_rcu()\nwith commit 4832c30d5458 (\"net: ipv6: put host and anycast routes on\ndevice with address\").\n\n KASAN: null-ptr-deref in range [0x0000000000000108-0x000000000000010f]\n RIP: 0010:ip6_rt_pcpu_alloc (net/ipv6/route.c:1418)\n Call Trace:\n ip6_pol_route (net/ipv6/route.c:2318)\n fib6_rule_lookup (net/ipv6/fib6_rules.c:115)\n ip6_route_output_flags (net/ipv6/route.c:2607)\n vrf_process_v6_outbound (drivers/net/vrf.c:437)\n\nI was tempted to rework the un-slaving code to clear the flag first\nand insert synchronize_rcu() before we remove the upper. But looks like\nthe explicit fallback to loopback_dev is an established pattern.\nAnd I guess avoiding the synchronize_rcu() is nice, too.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23304", "https://git.kernel.org/linus/2ffb4f5c2ccb2fa1c049dd11899aee7967deef5a (7.0-rc3)", "https://git.kernel.org/stable/c/0b5a7826020706057cc5a9d9009e667027f221ee", "https://git.kernel.org/stable/c/2ffb4f5c2ccb2fa1c049dd11899aee7967deef5a", "https://git.kernel.org/stable/c/3310fc11fc47387d1dd4759b0bc961643ea11c7f", "https://git.kernel.org/stable/c/4a48fe59f29f673a3d042d679f26629a9c3e29d4", "https://git.kernel.org/stable/c/581800298313c9fd75e94985e6d37d21b7e35d34", "https://git.kernel.org/stable/c/ae88c8256547b63980770a9ea7be73a15900d27e", "https://lore.kernel.org/linux-cve-announce/2026032527-CVE-2026-23304-485b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23304", "https://www.cve.org/CVERecord?id=CVE-2026-23304" ], "PublishedDate": "2026-03-25T11:16:26.18Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23307", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23307", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:fc28e2a6190fac705113141dd24f686c4e2e56ea410af6d0969d055d91737c30", "Title": "kernel: can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message\n\nWhen looking at the data in a USB urb, the actual_length is the size of\nthe buffer passed to the driver, not the transfer_buffer_length which is\nset by the driver as the max size of the buffer.\n\nWhen parsing the messages in ems_usb_read_bulk_callback() properly check\nthe size both at the beginning of parsing the message to make sure it is\nbig enough for the expected structure, and at the end of the message to\nmake sure we don't overflow past the end of the buffer for the next\nmessage.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23307", "https://git.kernel.org/linus/38a01c9700b0dcafe97dfa9dc7531bf4a245deff (7.0-rc3)", "https://git.kernel.org/stable/c/1818974e1b5ef200e27f144c8cb8a246420bb54d", "https://git.kernel.org/stable/c/18f75b9cbdc3703f15965425ab69dee509b07785", "https://git.kernel.org/stable/c/1cf469026d4a2308eaa91d04dca4a900d07a5c2e", "https://git.kernel.org/stable/c/2833e13e2b099546abf5d40a483b4eb04ddd1f7b", "https://git.kernel.org/stable/c/38a01c9700b0dcafe97dfa9dc7531bf4a245deff", "https://git.kernel.org/stable/c/c703bbf8e9b4947e111c88d2ed09236a6772a471", "https://lore.kernel.org/linux-cve-announce/2026032528-CVE-2026-23307-60f2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23307", "https://www.cve.org/CVERecord?id=CVE-2026-23307" ], "PublishedDate": "2026-03-25T11:16:26.657Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23310", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23310", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:96c23341fc3175b94d4529875fa65a9c288d4939ee5a8ad00d17c5f94dc8a4d2", "Title": "kernel: bpf/bonding: reject vlan+srcmac xmit_hash_policy change when XDP is loaded", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf/bonding: reject vlan+srcmac xmit_hash_policy change when XDP is loaded\n\nbond_option_mode_set() already rejects mode changes that would make a\nloaded XDP program incompatible via bond_xdp_check(). However,\nbond_option_xmit_hash_policy_set() has no such guard.\n\nFor 802.3ad and balance-xor modes, bond_xdp_check() returns false when\nxmit_hash_policy is vlan+srcmac, because the 802.1q payload is usually\nabsent due to hardware offload. This means a user can:\n\n1. Attach a native XDP program to a bond in 802.3ad/balance-xor mode\n with a compatible xmit_hash_policy (e.g. layer2+3).\n2. Change xmit_hash_policy to vlan+srcmac while XDP remains loaded.\n\nThis leaves bond-\u003exdp_prog set but bond_xdp_check() now returning false\nfor the same device. When the bond is later destroyed, dev_xdp_uninstall()\ncalls bond_xdp_set(dev, NULL, NULL) to remove the program, which hits\nthe bond_xdp_check() guard and returns -EOPNOTSUPP, triggering:\n\nWARN_ON(dev_xdp_install(dev, mode, bpf_op, NULL, 0, NULL))\n\nFix this by rejecting xmit_hash_policy changes to vlan+srcmac when an\nXDP program is loaded on a bond in 802.3ad or balance-xor mode.\n\ncommit 39a0876d595b (\"net, bonding: Disallow vlan+srcmac with XDP\")\nintroduced bond_xdp_check() which returns false for 802.3ad/balance-xor\nmodes when xmit_hash_policy is vlan+srcmac. The check was wired into\nbond_xdp_set() to reject XDP attachment with an incompatible policy, but\nthe symmetric path -- preventing xmit_hash_policy from being changed to an\nincompatible value after XDP is already loaded -- was left unguarded in\nbond_option_xmit_hash_policy_set().\n\nNote:\ncommit 094ee6017ea0 (\"bonding: check xdp prog when set bond mode\")\nlater added a similar guard to bond_option_mode_set(), but\nbond_option_xmit_hash_policy_set() remained unprotected.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23310", "https://git.kernel.org/linus/479d589b40b836442bbdadc3fdb37f001bb67f26 (7.0-rc3)", "https://git.kernel.org/stable/c/0ace8027e41f6f094ef6c1aca42d2ed6cd7af54e", "https://git.kernel.org/stable/c/479d589b40b836442bbdadc3fdb37f001bb67f26", "https://git.kernel.org/stable/c/5c262bd0e39320a6d6c8277cb8349ce21c01b8c1", "https://git.kernel.org/stable/c/d36ad7e126c6a0c5f699583309ccc37e3a3263ea", "https://git.kernel.org/stable/c/e85fa809e507b9d8eff4840888b8c727e4e8448c", "https://lore.kernel.org/linux-cve-announce/2026032528-CVE-2026-23310-9b67@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23310", "https://www.cve.org/CVERecord?id=CVE-2026-23310" ], "PublishedDate": "2026-03-25T11:16:27.16Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23312", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23312", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:052aeed8ac3f3ad772a485483eea45a859e4c991b9dbf015ec0ef6d4ae034a12", "Title": "kernel: net: usb: kaweth: validate USB endpoints", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: kaweth: validate USB endpoints\n\nThe kaweth driver should validate that the device it is probing has the\nproper number and types of USB endpoints it is expecting before it binds\nto it. If a malicious device were to not have the same urbs the driver\nwill crash later on when it blindly accesses these endpoints.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23312", "https://git.kernel.org/linus/4b063c002ca759d1b299988ee23f564c9609c875 (7.0-rc2)", "https://git.kernel.org/stable/c/0aae18e4638a7c1c579df92bc6edc36cedfaaa8c", "https://git.kernel.org/stable/c/2795fc06e7652c0ba299d936c584d5e08b6b57a1", "https://git.kernel.org/stable/c/4b063c002ca759d1b299988ee23f564c9609c875", "https://git.kernel.org/stable/c/72f90f481c6a059680b9b976695d4cfb04fba1f3", "https://git.kernel.org/stable/c/7c7ebf5e45d2504d92ea294ac3828d58586491df", "https://git.kernel.org/stable/c/f33e80d195a003b384620ee240f69092b519146b", "https://lore.kernel.org/linux-cve-announce/2026032529-CVE-2026-23312-2b11@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23312", "https://www.cve.org/CVERecord?id=CVE-2026-23312" ], "PublishedDate": "2026-03-25T11:16:27.463Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23315", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23315", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2b7c51d5ead3142ca56c10f48f090866b553a694b2619de0b16efb28294dc099", "Title": "kernel: wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211()\n\nCheck frame length before accessing the mgmt fields in\nmt76_connac2_mac_write_txwi_80211 in order to avoid a possible oob\naccess.\n\n[fix check to also cover mgmt-\u003eu.action.u.addba_req.capab,\ncorrect Fixes tag]", "Severity": "MEDIUM", "VendorSeverity": { "azure": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23315", "https://git.kernel.org/linus/4e10a730d1b511ff49723371ed6d694dd1b2c785 (7.0-rc3)", "https://git.kernel.org/stable/c/0fb3b94a9431a3800717e5c3b6fa2e1045a15029", "https://git.kernel.org/stable/c/4e10a730d1b511ff49723371ed6d694dd1b2c785", "https://git.kernel.org/stable/c/7ae7b093b7dba9548a3bc4766b9364b97db4732d", "https://git.kernel.org/stable/c/7b692dff8df0ba5feb8df00f27d906d6eb1fe627", "https://git.kernel.org/stable/c/84419556359bc96d3fe1623d47a64c86542566cc", "https://git.kernel.org/stable/c/9612d91f617231e03c49cb9b0c02f975a3b4f51f", "https://lore.kernel.org/linux-cve-announce/2026032529-CVE-2026-23315-9ac1@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23315", "https://www.cve.org/CVERecord?id=CVE-2026-23315" ], "PublishedDate": "2026-03-25T11:16:27.897Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23318", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23318", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:69b80704ffeb413628995ff8a969561ac4a66e123ada280a91e66f5f978b9249", "Title": "kernel: ALSA: usb-audio: Use correct version for UAC3 header validation", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Use correct version for UAC3 header validation\n\nThe entry of the validators table for UAC3 AC header descriptor is\ndefined with the wrong protocol version UAC_VERSION_2, while it should\nhave been UAC_VERSION_3. This results in the validator never matching\nfor actual UAC3 devices (protocol == UAC_VERSION_3), causing their\nheader descriptors to bypass validation entirely. A malicious USB\ndevice presenting a truncated UAC3 header could exploit this to cause\nout-of-bounds reads when the driver later accesses unvalidated\ndescriptor fields.\n\nThe bug was introduced in the same commit as the recently fixed UAC3\nfeature unit sub-type typo, and appears to be from the same copy-paste\nerror when the UAC3 section was created from the UAC2 section.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "V3Score": 6.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23318", "https://git.kernel.org/linus/54f9d645a5453d0bfece0c465d34aaf072ea99fa (7.0-rc2)", "https://git.kernel.org/stable/c/0dcd1ed96c03459cf14706885c9dd3c1fd8bd29f", "https://git.kernel.org/stable/c/1e5753ff4c2e86aa88516f97a224c90a3d0b133e", "https://git.kernel.org/stable/c/499ffd15b00dc91ac95c28f76959dfb5cdcc84d5", "https://git.kernel.org/stable/c/54f9d645a5453d0bfece0c465d34aaf072ea99fa", "https://git.kernel.org/stable/c/a0c6ae2ea84528f198bf7fd0117f12fd0cf6d7cc", "https://git.kernel.org/stable/c/d3904ca40515272681ae61ad6f561c24f190957f", "https://lore.kernel.org/linux-cve-announce/2026032530-CVE-2026-23318-bef0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23318", "https://www.cve.org/CVERecord?id=CVE-2026-23318" ], "PublishedDate": "2026-03-25T11:16:28.39Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23324", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23324", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:382b42e43ad0abc6c08c525f2ead7fe8edd515a22f9d2310bf6c5f007c24e178", "Title": "kernel: can: usb: etas_es58x: correctly anchor the urb in the read bulk callback", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: usb: etas_es58x: correctly anchor the urb in the read bulk callback\n\nWhen submitting an urb, that is using the anchor pattern, it needs to be\nanchored before submitting it otherwise it could be leaked if\nusb_kill_anchored_urbs() is called. This logic is correctly done\nelsewhere in the driver, except in the read bulk callback so do that\nhere also.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23324", "https://git.kernel.org/linus/5eaad4f768266f1f17e01232ffe2ef009f8129b7 (7.0-rc3)", "https://git.kernel.org/stable/c/18eee279e9b5bff0db1aca9475ae4bc12804f05c", "https://git.kernel.org/stable/c/2185ea6e4ebcb61d1224dc7d187c59723cb5ad59", "https://git.kernel.org/stable/c/5eaad4f768266f1f17e01232ffe2ef009f8129b7", "https://git.kernel.org/stable/c/b878444519fa03a3edd287d1963cf79ef78be2f1", "https://git.kernel.org/stable/c/b8f9ca88253574638bcff38900a4c28d570b1919", "https://git.kernel.org/stable/c/f6e90c113c92e83fc0963d5e60e16b0e8a268981", "https://lore.kernel.org/linux-cve-announce/2026032531-CVE-2026-23324-bc9e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23324", "https://www.cve.org/CVERecord?id=CVE-2026-23324" ], "PublishedDate": "2026-03-25T11:16:29.377Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23330", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23330", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:024c02fa29c80c79909c9c6014ec1edfb73fe0e2c60453769a512acb15975700", "Title": "kernel: nfc: nci: complete pending data exchange on device close", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nci: complete pending data exchange on device close\n\nIn nci_close_device(), complete any pending data exchange before\nclosing. The data exchange callback (e.g.\nrawsock_data_exchange_complete) holds a socket reference.\n\nNIPA occasionally hits this leak:\n\nunreferenced object 0xff1100000f435000 (size 2048):\n comm \"nci_dev\", pid 3954, jiffies 4295441245\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 27 00 01 40 00 00 00 00 00 00 00 00 00 00 00 00 '..@............\n backtrace (crc ec2b3c5):\n __kmalloc_noprof+0x4db/0x730\n sk_prot_alloc.isra.0+0xe4/0x1d0\n sk_alloc+0x36/0x760\n rawsock_create+0xd1/0x540\n nfc_sock_create+0x11f/0x280\n __sock_create+0x22d/0x630\n __sys_socket+0x115/0x1d0\n __x64_sys_socket+0x72/0xd0\n do_syscall_64+0x117/0xfc0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23330", "https://git.kernel.org/linus/66083581945bd5b8e99fe49b5aeb83d03f62d053 (7.0-rc3)", "https://git.kernel.org/stable/c/66083581945bd5b8e99fe49b5aeb83d03f62d053", "https://git.kernel.org/stable/c/91ff0d8c3464da7f0c43da38c195e60b660128bf", "https://git.kernel.org/stable/c/d05f55d68ebdebb2b0a8480d766eaae88c8c92de", "https://lore.kernel.org/linux-cve-announce/2026032532-CVE-2026-23330-00fd@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23330", "https://www.cve.org/CVERecord?id=CVE-2026-23330" ], "PublishedDate": "2026-03-25T11:16:30.263Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23333", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23333", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:128f4d84a3942f8984992a16e3bd9ff7be5006d76cca95eac8a531f62f6f2be2", "Title": "kernel: netfilter: nft_set_rbtree: validate open interval overlap", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_rbtree: validate open interval overlap\n\nOpen intervals do not have an end element, in particular an open\ninterval at the end of the set is hard to validate because of it is\nlacking the end element, and interval validation relies on such end\nelement to perform the checks.\n\nThis patch adds a new flag field to struct nft_set_elem, this is not an\nissue because this is a temporary object that is allocated in the stack\nfrom the insert/deactivate path. This flag field is used to specify that\nthis is the last element in this add/delete command.\n\nThe last flag is used, in combination with the start element cookie, to\ncheck if there is a partial overlap, eg.\n\n Already exists: 255.255.255.0-255.255.255.254\n Add interval: 255.255.255.0-255.255.255.255\n ~~~~~~~~~~~~~\n start element overlap\n\nBasically, the idea is to check for an existing end element in the set\nif there is an overlap with an existing start element.\n\nHowever, the last open interval can come in any position in the add\ncommand, the corner case can get a bit more complicated:\n\n Already exists: 255.255.255.0-255.255.255.254\n Add intervals: 255.255.255.0-255.255.255.255,255.255.255.0-255.255.255.254\n ~~~~~~~~~~~~~\n start element overlap\n\nTo catch this overlap, annotate that the new start element is a possible\noverlap, then report the overlap if the next element is another start\nelement that confirms that previous element in an open interval at the\nend of the set.\n\nFor deletions, do not update the start cookie when deleting an open\ninterval, otherwise this can trigger spurious EEXIST when adding new\nelements.\n\nUnfortunately, there is no NFT_SET_ELEM_INTERVAL_OPEN flag which would\nmake easier to detect open interval overlaps.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23333", "https://git.kernel.org/linus/", "https://git.kernel.org/stable/c/648946966a08e4cb1a71619e3d1b12bd7642de7b", "https://git.kernel.org/stable/c/6db2be971e3d70c9e3f85d39eff7103c2ee2f579", "https://lore.kernel.org/linux-cve-announce/2026032533-CVE-2026-23333-417f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23333", "https://www.cve.org/CVERecord?id=CVE-2026-23333" ], "PublishedDate": "2026-03-25T11:16:30.78Z", "LastModifiedDate": "2026-04-03T16:16:23.667Z" }, { "VulnerabilityID": "CVE-2026-23334", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23334", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e455acdb7ee1af9dcf7ff8a56d405aca9a14329cc61b1546f81526ae4991300c", "Title": "kernel: can: usb: f81604: handle short interrupt urb messages properly", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: usb: f81604: handle short interrupt urb messages properly\n\nIf an interrupt urb is received that is not the correct length, properly\ndetect it and don't attempt to treat the data as valid.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23334", "https://git.kernel.org/linus/7299b1b39a255f6092ce4ec0b65f66e9d6a357af (7.0-rc3)", "https://git.kernel.org/stable/c/36ead57443146e6b730ce1f48ca3e9b17e19a3d2", "https://git.kernel.org/stable/c/66615e6293388f75a56226d1216fd9cfb3d95e05", "https://git.kernel.org/stable/c/7299b1b39a255f6092ce4ec0b65f66e9d6a357af", "https://git.kernel.org/stable/c/9b740ff5bc649575a5e14ca8ee54e3dd5010aaf0", "https://git.kernel.org/stable/c/c5d69da6c919648838734097861e979677eedcde", "https://lore.kernel.org/linux-cve-announce/2026032533-CVE-2026-23334-1b12@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23334", "https://www.cve.org/CVERecord?id=CVE-2026-23334" ], "PublishedDate": "2026-03-25T11:16:30.903Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23335", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23335", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9597167b8590d53094c68d8d7e1478dd7f99b26225238f0c10106d2a501e5435", "Title": "kernel: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()\n\nstruct irdma_create_ah_resp { // 8 bytes, no padding\n __u32 ah_id; // offset 0 - SET (uresp.ah_id = ah-\u003esc_ah.ah_info.ah_idx)\n __u8 rsvd[4]; // offset 4 - NEVER SET \u003c- LEAK\n};\n\nrsvd[4]: 4 bytes of stack memory leaked unconditionally. Only ah_id is assigned before ib_respond_udata().\n\nThe reserved members of the structure were not zeroed.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23335", "https://git.kernel.org/linus/74586c6da9ea222a61c98394f2fc0a604748438c (7.0-rc2)", "https://git.kernel.org/stable/c/14b47c07c69930254f549a17ee245c80a65b1609", "https://git.kernel.org/stable/c/1b1fac4c7a3ab7f52e9cfb91e5c91216646ca4d8", "https://git.kernel.org/stable/c/2fd37450d271d74b3847baed284f9cfdf198c6f8", "https://git.kernel.org/stable/c/74586c6da9ea222a61c98394f2fc0a604748438c", "https://git.kernel.org/stable/c/c9bd0007c4bdb7806bbd323287e50f9cf467c51a", "https://git.kernel.org/stable/c/cfe962216c164fe2b1c1fb6ac925a7413f5abc84", "https://lore.kernel.org/linux-cve-announce/2026032533-CVE-2026-23335-602d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23335", "https://www.cve.org/CVERecord?id=CVE-2026-23335" ], "PublishedDate": "2026-03-25T11:16:31.05Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23336", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23336", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:076bfd9d99bde5721739f90186e0080dacb26610a3b148114f27caeb2ab4353e", "Title": "kernel: wifi: cfg80211: cancel rfkill_block work in wiphy_unregister()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: cancel rfkill_block work in wiphy_unregister()\n\nThere is a use-after-free error in cfg80211_shutdown_all_interfaces found\nby syzkaller:\n\nBUG: KASAN: use-after-free in cfg80211_shutdown_all_interfaces+0x213/0x220\nRead of size 8 at addr ffff888112a78d98 by task kworker/0:5/5326\nCPU: 0 UID: 0 PID: 5326 Comm: kworker/0:5 Not tainted 6.19.0-rc2 #2 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nWorkqueue: events cfg80211_rfkill_block_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x116/0x1f0\n print_report+0xcd/0x630\n kasan_report+0xe0/0x110\n cfg80211_shutdown_all_interfaces+0x213/0x220\n cfg80211_rfkill_block_work+0x1e/0x30\n process_one_work+0x9cf/0x1b70\n worker_thread+0x6c8/0xf10\n kthread+0x3c5/0x780\n ret_from_fork+0x56d/0x700\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nThe problem arises due to the rfkill_block work is not cancelled when wiphy\nis being unregistered. In order to fix the issue cancel the corresponding\nwork in wiphy_unregister().\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23336", "https://git.kernel.org/linus/767d23ade706d5fa51c36168e92a9c5533c351a1 (7.0-rc2)", "https://git.kernel.org/stable/c/57e39fe8da573435fa35975f414f4dc17d9f8449", "https://git.kernel.org/stable/c/584279ad9ff1e8e7c5494b9fce286201f7d1f9e2", "https://git.kernel.org/stable/c/767d23ade706d5fa51c36168e92a9c5533c351a1", "https://git.kernel.org/stable/c/cd2f52944c7b95dcdfe0d87f385a2d96458a3ae5", "https://git.kernel.org/stable/c/eeea8da43ab86ac0a6b9cec225eec91564346940", "https://git.kernel.org/stable/c/fa18639deab4a3662d543200c5bfc29bf4e23173", "https://lore.kernel.org/linux-cve-announce/2026032533-CVE-2026-23336-d365@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23336", "https://www.cve.org/CVERecord?id=CVE-2026-23336" ], "PublishedDate": "2026-03-25T11:16:31.21Z", "LastModifiedDate": "2026-04-02T15:16:31.13Z" }, { "VulnerabilityID": "CVE-2026-23339", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23339", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:45f7be35eea1b4dbed04f4d1b7dc37a699313c01a7a742145c6742facc9bbc03", "Title": "kernel: nfc: nci: free skb on nci_transceive early error paths", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nci: free skb on nci_transceive early error paths\n\nnci_transceive() takes ownership of the skb passed by the caller,\nbut the -EPROTO, -EINVAL, and -EBUSY error paths return without\nfreeing it.\n\nDue to issues clearing NCI_DATA_EXCHANGE fixed by subsequent changes\nthe nci/nci_dev selftest hits the error path occasionally in NIPA,\nand kmemleak detects leaks:\n\nunreferenced object 0xff11000015ce6a40 (size 640):\n comm \"nci_dev\", pid 3954, jiffies 4295441246\n hex dump (first 32 bytes):\n 6b 6b 6b 6b 00 a4 00 0c 02 e1 03 6b 6b 6b 6b 6b kkkk.......kkkkk\n 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk\n backtrace (crc 7c40cc2a):\n kmem_cache_alloc_node_noprof+0x492/0x630\n __alloc_skb+0x11e/0x5f0\n alloc_skb_with_frags+0xc6/0x8f0\n sock_alloc_send_pskb+0x326/0x3f0\n nfc_alloc_send_skb+0x94/0x1d0\n rawsock_sendmsg+0x162/0x4c0\n do_syscall_64+0x117/0xfc0", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23339", "https://git.kernel.org/linus/7bd4b0c4779f978a6528c9b7937d2ca18e936e2c (7.0-rc3)", "https://git.kernel.org/stable/c/3245801d44a44c090acefe19a12d22d12cac45c5", "https://git.kernel.org/stable/c/33f6b8a96dda045789796c3bcb451c74ac158039", "https://git.kernel.org/stable/c/54f7f0eaafa56b5994cdb5c7967946922c2e1d22", "https://git.kernel.org/stable/c/7bd4b0c4779f978a6528c9b7937d2ca18e936e2c", "https://git.kernel.org/stable/c/9d448bbab724b94d6c561e1f314656f5b88a7cb3", "https://git.kernel.org/stable/c/dcbcccfc5195c9caaa4bb8d31f23c345f00a9e89", "https://lore.kernel.org/linux-cve-announce/2026032534-CVE-2026-23339-263f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23339", "https://www.cve.org/CVERecord?id=CVE-2026-23339" ], "PublishedDate": "2026-03-25T11:16:31.67Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23340", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23340", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9816ab84ad439a3a92e23b898b618e08f4e5f5f69358609bb30453bd1d960ce4", "Title": "kernel: net: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscs", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscs\n\nWhen shrinking the number of real tx queues,\nnetif_set_real_num_tx_queues() calls qdisc_reset_all_tx_gt() to flush\nqdiscs for queues which will no longer be used.\n\nqdisc_reset_all_tx_gt() currently serializes qdisc_reset() with\nqdisc_lock(). However, for lockless qdiscs, the dequeue path is\nserialized by qdisc_run_begin/end() using qdisc-\u003eseqlock instead, so\nqdisc_reset() can run concurrently with __qdisc_run() and free skbs\nwhile they are still being dequeued, leading to UAF.\n\nThis can easily be reproduced on e.g. virtio-net by imposing heavy\ntraffic while frequently changing the number of queue pairs:\n\n iperf3 -ub0 -c $peer -t 0 \u0026\n while :; do\n ethtool -L eth0 combined 1\n ethtool -L eth0 combined 2\n done\n\nWith KASAN enabled, this leads to reports like:\n\n BUG: KASAN: slab-use-after-free in __qdisc_run+0x133f/0x1760\n ...\n Call Trace:\n \u003cTASK\u003e\n ...\n __qdisc_run+0x133f/0x1760\n __dev_queue_xmit+0x248f/0x3550\n ip_finish_output2+0xa42/0x2110\n ip_output+0x1a7/0x410\n ip_send_skb+0x2e6/0x480\n udp_send_skb+0xb0a/0x1590\n udp_sendmsg+0x13c9/0x1fc0\n ...\n \u003c/TASK\u003e\n\n Allocated by task 1270 on cpu 5 at 44.558414s:\n ...\n alloc_skb_with_frags+0x84/0x7c0\n sock_alloc_send_pskb+0x69a/0x830\n __ip_append_data+0x1b86/0x48c0\n ip_make_skb+0x1e8/0x2b0\n udp_sendmsg+0x13a6/0x1fc0\n ...\n\n Freed by task 1306 on cpu 3 at 44.558445s:\n ...\n kmem_cache_free+0x117/0x5e0\n pfifo_fast_reset+0x14d/0x580\n qdisc_reset+0x9e/0x5f0\n netif_set_real_num_tx_queues+0x303/0x840\n virtnet_set_channels+0x1bf/0x260 [virtio_net]\n ethnl_set_channels+0x684/0xae0\n ethnl_default_set_doit+0x31a/0x890\n ...\n\nSerialize qdisc_reset_all_tx_gt() against the lockless dequeue path by\ntaking qdisc-\u003eseqlock for TCQ_F_NOLOCK qdiscs, matching the\nserialization model already used by dev_reset_queue().\n\nAdditionally clear QDISC_STATE_NON_EMPTY after reset so the qdisc state\nreflects an empty queue, avoiding needless re-scheduling.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23340", "https://git.kernel.org/linus/7f083faf59d14c04e01ec05a7507f036c965acf8 (7.0-rc3)", "https://git.kernel.org/stable/c/5bc4e69306ed7ae02232eb4c0b23ed621a26d504", "https://git.kernel.org/stable/c/7594467c49bfc2f4644dee0415ac2290db11fa0d", "https://git.kernel.org/stable/c/7f083faf59d14c04e01ec05a7507f036c965acf8", "https://git.kernel.org/stable/c/8314944cc3bdeaa5a73e6f8a8cf0d94822e625cb", "https://git.kernel.org/stable/c/c69df4e0524f8de8e176ba389acd83e85f5f49d0", "https://git.kernel.org/stable/c/dbd58b0730aa06ab6ad26079cf9a5b6b58e7e750", "https://lore.kernel.org/linux-cve-announce/2026032534-CVE-2026-23340-1aa9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23340", "https://www.cve.org/CVERecord?id=CVE-2026-23340" ], "PublishedDate": "2026-03-25T11:16:31.837Z", "LastModifiedDate": "2026-04-02T15:16:31.38Z" }, { "VulnerabilityID": "CVE-2026-23344", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23344", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:daebae4993db94da62c3971cdb56bbdf414e3feef62fde6e2357e12e5dda9785", "Title": "kernel: crypto: ccp - Fix use-after-free on error path", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ccp - Fix use-after-free on error path\n\nIn the error path of sev_tsm_init_locked(), the code dereferences 't'\nafter it has been freed with kfree(). The pr_err() statement attempts\nto access t-\u003etio_en and t-\u003etio_init_done after the memory has been\nreleased.\n\nMove the pr_err() call before kfree(t) to access the fields while the\nmemory is still valid.\n\nThis issue reported by Smatch static analyser", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23344", "https://git.kernel.org/linus/889b0e2721e793eb46cf7d17b965aa3252af3ec8 (7.0-rc3)", "https://git.kernel.org/stable/c/79a26fe3175b9ed7c0c9541b197cb9786237c0f7", "https://git.kernel.org/stable/c/889b0e2721e793eb46cf7d17b965aa3252af3ec8", "https://lore.kernel.org/linux-cve-announce/2026032535-CVE-2026-23344-0279@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23344", "https://www.cve.org/CVERecord?id=CVE-2026-23344" ], "PublishedDate": "2026-03-25T11:16:32.493Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23347", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23347", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:591fd8f4e71ed9c1fbb5a433c6001d11c02ce14e4a81333e78974761aa39e093", "Title": "kernel: can: usb: f81604: correctly anchor the urb in the read bulk callback", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: usb: f81604: correctly anchor the urb in the read bulk callback\n\nWhen submitting an urb, that is using the anchor pattern, it needs to be\nanchored before submitting it otherwise it could be leaked if\nusb_kill_anchored_urbs() is called. This logic is correctly done\nelsewhere in the driver, except in the read bulk callback so do that\nhere also.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23347", "https://git.kernel.org/linus/952caa5da10bed22be09612433964f6877ba0dde (7.0-rc3)", "https://git.kernel.org/stable/c/54ee74307165b348b2fddcd7942eb48fb4ee1237", "https://git.kernel.org/stable/c/7724645c4792914cd07f36718816c5369cc57970", "https://git.kernel.org/stable/c/952caa5da10bed22be09612433964f6877ba0dde", "https://git.kernel.org/stable/c/c001214e12202338425d6dda5d2a1919d674282d", "https://git.kernel.org/stable/c/f6d80b104f904a6da922907394eec66d3e2ffc57", "https://lore.kernel.org/linux-cve-announce/2026032536-CVE-2026-23347-fa08@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23347", "https://www.cve.org/CVERecord?id=CVE-2026-23347" ], "PublishedDate": "2026-03-25T11:16:32.903Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23348", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23348", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:90c3bf6c5d6799f0ab53ae48c878db3602cc6e6ced270047c4f3cbc05e8461c3", "Title": "kernel: cxl: Fix race of nvdimm_bus object when creating nvdimm objects", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl: Fix race of nvdimm_bus object when creating nvdimm objects\n\nFound issue during running of cxl-translate.sh unit test. Adding a 3s\nsleep right before the test seems to make the issue reproduce fairly\nconsistently. The cxl_translate module has dependency on cxl_acpi and\ncauses orphaned nvdimm objects to reprobe after cxl_acpi is removed.\nThe nvdimm_bus object is registered by the cxl_nvb object when\ncxl_acpi_probe() is called. With the nvdimm_bus object missing,\n__nd_device_register() will trigger NULL pointer dereference when\naccessing the dev-\u003eparent that points to \u0026nvdimm_bus-\u003edev.\n\n[ 192.884510] BUG: kernel NULL pointer dereference, address: 000000000000006c\n[ 192.895383] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS edk2-20250812-19.fc42 08/12/2025\n[ 192.897721] Workqueue: cxl_port cxl_bus_rescan_queue [cxl_core]\n[ 192.899459] RIP: 0010:kobject_get+0xc/0x90\n[ 192.924871] Call Trace:\n[ 192.925959] \u003cTASK\u003e\n[ 192.926976] ? pm_runtime_init+0xb9/0xe0\n[ 192.929712] __nd_device_register.part.0+0x4d/0xc0 [libnvdimm]\n[ 192.933314] __nvdimm_create+0x206/0x290 [libnvdimm]\n[ 192.936662] cxl_nvdimm_probe+0x119/0x1d0 [cxl_pmem]\n[ 192.940245] cxl_bus_probe+0x1a/0x60 [cxl_core]\n[ 192.943349] really_probe+0xde/0x380\n\nThis patch also relies on the previous change where\ndevm_cxl_add_nvdimm_bridge() is called from drivers/cxl/pmem.c instead\nof drivers/cxl/core.c to ensure the dependency of cxl_acpi on cxl_pmem.\n\n1. Set probe_type of cxl_nvb to PROBE_FORCE_SYNCHRONOUS to ensure the\n driver is probed synchronously when add_device() is called.\n2. Add a check in __devm_cxl_add_nvdimm_bridge() to ensure that the\n cxl_nvb driver is attached during cxl_acpi_probe().\n3. Take the cxl_root uport_dev lock and the cxl_nvb-\u003edev lock in\n devm_cxl_add_nvdimm() before checking nvdimm_bus is valid.\n4. Set cxl_nvdimm flag to CXL_NVD_F_INVALIDATED so cxl_nvdimm_probe()\n will exit with -EBUSY.\n\nThe removal of cxl_nvdimm devices should prevent any orphaned devices\nfrom probing once the nvdimm_bus is gone.\n\n[ dj: Fixed 0-day reported kdoc issue. ]\n[ dj: Fix cxl_nvb reference leak on error. Gregory (kreview-0811365) ]", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23348", "https://git.kernel.org/linus/96a1fd0d84b17360840f344826897fa71049870e (7.0-rc2)", "https://git.kernel.org/stable/c/5b230daeee420833287cc77314439903e5312f10", "https://git.kernel.org/stable/c/5fc4e150c5ada5f7d20d8f9f1b351f10481fbdf7", "https://git.kernel.org/stable/c/96a1fd0d84b17360840f344826897fa71049870e", "https://lore.kernel.org/linux-cve-announce/2026032536-CVE-2026-23348-e792@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23348", "https://www.cve.org/CVERecord?id=CVE-2026-23348" ], "PublishedDate": "2026-03-25T11:16:33.05Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23351", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23351", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d6fde19c832571bb946de3fac7e1a9618d9523ddab9a0e1649a1f234b7541f61", "Title": "kernel: netfilter: nft_set_pipapo: split gc into unlink and reclaim phase", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo: split gc into unlink and reclaim phase\n\nYiming Qian reports Use-after-free in the pipapo set type:\n Under a large number of expired elements, commit-time GC can run for a very\n long time in a non-preemptible context, triggering soft lockup warnings and\n RCU stall reports (local denial of service).\n\nWe must split GC in an unlink and a reclaim phase.\n\nWe cannot queue elements for freeing until pointers have been swapped.\nExpired elements are still exposed to both the packet path and userspace\ndumpers via the live copy of the data structure.\n\ncall_rcu() does not protect us: dump operations or element lookups starting\nafter call_rcu has fired can still observe the free'd element, unless the\ncommit phase has made enough progress to swap the clone and live pointers\nbefore any new reader has picked up the old version.\n\nThis a similar approach as done recently for the rbtree backend in commit\n35f83a75529a (\"netfilter: nft_set_rbtree: don't gc elements on insert\").", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23351", "https://git.kernel.org/linus/9df95785d3d8302f7c066050117b04cd3c2048c2 (7.0-rc3)", "https://git.kernel.org/stable/c/16f3595c0441d87dfa005c47d8f95be213afaa9e", "https://git.kernel.org/stable/c/500a50a301ce962b019ab95053ac70264fec2c21", "https://git.kernel.org/stable/c/7864c667aed01a58b87ca518a631322cd0ac34c0", "https://git.kernel.org/stable/c/9df95785d3d8302f7c066050117b04cd3c2048c2", "https://git.kernel.org/stable/c/aff13667708dfa0dce136b8efd81baa9fa6ef261", "https://git.kernel.org/stable/c/c12d570d71920903a1a0468b7d13b085203d0c93", "https://lore.kernel.org/linux-cve-announce/2026032536-CVE-2026-23351-637f@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23351", "https://www.cve.org/CVERecord?id=CVE-2026-23351" ], "PublishedDate": "2026-03-25T11:16:33.45Z", "LastModifiedDate": "2026-04-02T15:16:31.79Z" }, { "VulnerabilityID": "CVE-2026-23352", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23352", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b766adf076083302c243706328381d45278eec46b459b4fd122090236bd6e8ec", "Title": "kernel: x86/efi: defer freeing of boot services memory", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/efi: defer freeing of boot services memory\n\nefi_free_boot_services() frees memory occupied by EFI_BOOT_SERVICES_CODE\nand EFI_BOOT_SERVICES_DATA using memblock_free_late().\n\nThere are two issue with that: memblock_free_late() should be used for\nmemory allocated with memblock_alloc() while the memory reserved with\nmemblock_reserve() should be freed with free_reserved_area().\n\nMore acutely, with CONFIG_DEFERRED_STRUCT_PAGE_INIT=y\nefi_free_boot_services() is called before deferred initialization of the\nmemory map is complete.\n\nBenjamin Herrenschmidt reports that this causes a leak of ~140MB of\nRAM on EC2 t3a.nano instances which only have 512MB or RAM.\n\nIf the freed memory resides in the areas that memory map for them is\nstill uninitialized, they won't be actually freed because\nmemblock_free_late() calls memblock_free_pages() and the latter skips\nuninitialized pages.\n\nUsing free_reserved_area() at this point is also problematic because\n__free_page() accesses the buddy of the freed page and that again might\nend up in uninitialized part of the memory map.\n\nDelaying the entire efi_free_boot_services() could be problematic\nbecause in addition to freeing boot services memory it updates\nefi.memmap without any synchronization and that's undesirable late in\nboot when there is concurrency.\n\nMore robust approach is to only defer freeing of the EFI boot services\nmemory.\n\nSplit efi_free_boot_services() in two. First efi_unmap_boot_services()\ncollects ranges that should be freed into an array then\nefi_free_boot_services() later frees them after deferred init is complete.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23352", "https://git.kernel.org/linus/a4b0bf6a40f3c107c67a24fbc614510ef5719980 (7.0-rc3)", "https://git.kernel.org/stable/c/227688312fece0026fc67a00ba9a0b3611ebe95d", "https://git.kernel.org/stable/c/399da820ecfe6f4f10c143e5c453d3559a04db9c", "https://git.kernel.org/stable/c/4a2cb90c538f06c873a187aa743575d48685d7a6", "https://git.kernel.org/stable/c/6a25e25279282c5c8ade554c04c6ab9dc7902c64", "https://git.kernel.org/stable/c/7dcf59422a3b0d20ddda844f856b4a1e0608a326", "https://git.kernel.org/stable/c/a4b0bf6a40f3c107c67a24fbc614510ef5719980", "https://git.kernel.org/stable/c/f9e9cc320854a76a39e7bc92d144554f3a727fad", "https://lore.kernel.org/linux-cve-announce/2026032537-CVE-2026-23352-18f2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23352", "https://www.cve.org/CVERecord?id=CVE-2026-23352" ], "PublishedDate": "2026-03-25T11:16:33.627Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23356", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23356", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a8f4f14d22619277c63b326bbb5f33b2d706cd04a457321178ffc0902d6fc739", "Title": "kernel: drbd: fix \"LOGIC BUG\" in drbd_al_begin_io_nonblock()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrbd: fix \"LOGIC BUG\" in drbd_al_begin_io_nonblock()\n\nEven though we check that we \"should\" be able to do lc_get_cumulative()\nwhile holding the device-\u003eal_lock spinlock, it may still fail,\nif some other code path decided to do lc_try_lock() with bad timing.\n\nIf that happened, we logged \"LOGIC BUG for enr=...\",\nbut still did not return an error.\n\nThe rest of the code now assumed that this request has references\nfor the relevant activity log extents.\n\nThe implcations are that during an active resync, mutual exclusivity of\nresync versus application IO is not guaranteed. And a potential crash\nat this point may not realizs that these extents could have been target\nof in-flight IO and would need to be resynced just in case.\n\nAlso, once the request completes, it will give up activity log references it\ndoes not even hold, which will trigger a BUG_ON(refcnt == 0) in lc_put().\n\nFix:\n\nDo not crash the kernel for a condition that is harmless during normal\noperation: also catch \"e-\u003erefcnt == 0\", not only \"e == NULL\"\nwhen being noisy about \"al_complete_io() called on inactive extent %u\\n\".\n\nAnd do not try to be smart and \"guess\" whether something will work, then\nbe surprised when it does not.\nDeal with the fact that it may or may not work. If it does not, remember a\npossible \"partially in activity log\" state (only possible for requests that\ncross extent boundaries), and return an error code from\ndrbd_al_begin_io_nonblock().\n\nA latter call for the same request will then resume from where we left off.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23356", "https://git.kernel.org/linus/ab140365fb62c0bdab22b2f516aff563b2559e3b (7.0-rc2)", "https://git.kernel.org/stable/c/7752569fc78e89794ce28946529850282233f99d", "https://git.kernel.org/stable/c/ab140365fb62c0bdab22b2f516aff563b2559e3b", "https://git.kernel.org/stable/c/d1ef3aed4df2ef1fe46befd8f2da9a6ec5445508", "https://git.kernel.org/stable/c/e91d8d6565b7819d13dab21d4dbed5b45efba59b", "https://git.kernel.org/stable/c/eef1390125b660b8b61f9f227a03bb9c5e6d36a5", "https://git.kernel.org/stable/c/f558e5404a72054b525dced1a0c66aa95a144153", "https://lore.kernel.org/linux-cve-announce/2026032537-CVE-2026-23356-0014@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23356", "https://www.cve.org/CVERecord?id=CVE-2026-23356" ], "PublishedDate": "2026-03-25T11:16:34.27Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23357", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23357", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:131b26df6fffe86247abde7a262b788564f82eb3ac23c1a1705134948da91eac", "Title": "kernel: can: mcp251x: fix deadlock in error path of mcp251x_open", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcp251x: fix deadlock in error path of mcp251x_open\n\nThe mcp251x_open() function call free_irq() in its error path with the\nmpc_lock mutex held. But if an interrupt already occurred the\ninterrupt handler will be waiting for the mpc_lock and free_irq() will\ndeadlock waiting for the handler to finish.\n\nThis issue is similar to the one fixed in commit 7dd9c26bd6cf (\"can:\nmcp251x: fix deadlock if an interrupt occurs during mcp251x_open\") but\nfor the error path.\n\nTo solve this issue move the call to free_irq() after the lock is\nreleased. Setting `priv-\u003eforce_quit = 1` beforehand ensure that the IRQ\nhandler will exit right away once it acquired the lock.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23357", "https://git.kernel.org/linus/ab3f894de216f4a62adc3b57e9191888cbf26885 (7.0-rc3)", "https://git.kernel.org/stable/c/256f0cff6e946c570392bda1d01a65e789a7afd0", "https://git.kernel.org/stable/c/38063cc435b69d56e76f947c10d336fcb2953508", "https://git.kernel.org/stable/c/ab3f894de216f4a62adc3b57e9191888cbf26885", "https://git.kernel.org/stable/c/b73832292cd914e87a55e863ba4413a907e7db6b", "https://git.kernel.org/stable/c/d27f12c3f5e85efc479896af4a69eccb37f75e8e", "https://git.kernel.org/stable/c/e728f444c913a91d290d1824b4770780bbd6378e", "https://lore.kernel.org/linux-cve-announce/2026032538-CVE-2026-23357-605e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23357", "https://www.cve.org/CVERecord?id=CVE-2026-23357" ], "PublishedDate": "2026-03-25T11:16:34.45Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23359", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23359", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a85363a02cc5d966e691ebf5348b37a2ae34363c43385672e861a6294322b693", "Title": "kernel: bpf: Fix stack-out-of-bounds write in devmap", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix stack-out-of-bounds write in devmap\n\nget_upper_ifindexes() iterates over all upper devices and writes their\nindices into an array without checking bounds.\n\nAlso the callers assume that the max number of upper devices is\nMAX_NEST_DEV and allocate excluded_devices[1+MAX_NEST_DEV] on the stack,\nbut that assumption is not correct and the number of upper devices could\nbe larger than MAX_NEST_DEV (e.g., many macvlans), causing a\nstack-out-of-bounds write.\n\nAdd a max parameter to get_upper_ifindexes() to avoid the issue.\nWhen there are too many upper devices, return -EOVERFLOW and abort the\nredirect.\n\nTo reproduce, create more than MAX_NEST_DEV(8) macvlans on a device with\nan XDP program attached using BPF_F_BROADCAST | BPF_F_EXCLUDE_INGRESS.\nThen send a packet to the device to trigger the XDP redirect path.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23359", "https://git.kernel.org/linus/b7bf516c3ecd9a2aae2dc2635178ab87b734fef1 (7.0-rc2)", "https://git.kernel.org/stable/c/5000e40acc8d0c36ab709662e32120986ac22e7e", "https://git.kernel.org/stable/c/75d474702b2ba8b6bcb26eb3004dbc5e95ffd5d2", "https://git.kernel.org/stable/c/8a95fb9df1105b1618872c2846a6c01e3ba20b45", "https://git.kernel.org/stable/c/b7bf516c3ecd9a2aae2dc2635178ab87b734fef1", "https://git.kernel.org/stable/c/ca831567908fd3f73cf97d8a6c09a5054697a182", "https://git.kernel.org/stable/c/d2c31d8e03d05edc16656e5ffe187f0d1da763d7", "https://lore.kernel.org/linux-cve-announce/2026032538-CVE-2026-23359-35fd@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23359", "https://www.cve.org/CVERecord?id=CVE-2026-23359" ], "PublishedDate": "2026-03-25T11:16:34.74Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23361", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23361", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8303b46a1a4d50953a0ccd7fdaf38e5bd3e3840948c84ee1bbe346106ebf5d65", "Title": "kernel: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry\n\nEndpoint drivers use dw_pcie_ep_raise_msix_irq() to raise an MSI-X\ninterrupt to the host using a writel(), which generates a PCI posted write\ntransaction. There's no completion for posted writes, so the writel() may\nreturn before the PCI write completes. dw_pcie_ep_raise_msix_irq() also\nunmaps the outbound ATU entry used for the PCI write, so the write races\nwith the unmap.\n\nIf the PCI write loses the race with the ATU unmap, the write may corrupt\nhost memory or cause IOMMU errors, e.g., these when running fio with a\nlarger queue depth against nvmet-pci-epf:\n\n arm-smmu-v3 fc900000.iommu: 0x0000010000000010\n arm-smmu-v3 fc900000.iommu: 0x0000020000000000\n arm-smmu-v3 fc900000.iommu: 0x000000090000f040\n arm-smmu-v3 fc900000.iommu: 0x0000000000000000\n arm-smmu-v3 fc900000.iommu: event: F_TRANSLATION client: 0000:01:00.0 sid: 0x100 ssid: 0x0 iova: 0x90000f040 ipa: 0x0\n arm-smmu-v3 fc900000.iommu: unpriv data write s1 \"Input address caused fault\" stag: 0x0\n\nFlush the write by performing a readl() of the same address to ensure that\nthe write has reached the destination before the ATU entry is unmapped.\n\nThe same problem was solved for dw_pcie_ep_raise_msi_irq() in commit\n8719c64e76bf (\"PCI: dwc: ep: Cache MSI outbound iATU mapping\"), but there\nit was solved by dedicating an outbound iATU only for MSI. We can't do the\nsame for MSI-X because each vector can have a different msg_addr and the\nmsg_addr may be changed while the vector is masked.\n\n[bhelgaas: commit log]", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23361", "https://git.kernel.org/linus/c22533c66ccae10511ad6a7afc34bb26c47577e3 (7.0-rc2)", "https://git.kernel.org/stable/c/6f60a783860c77b309f7d81003b6a0c73feca49e", "https://git.kernel.org/stable/c/a7afb8f810c04845fdfc58c57d9cf0cc5f23ced0", "https://git.kernel.org/stable/c/c22533c66ccae10511ad6a7afc34bb26c47577e3", "https://git.kernel.org/stable/c/eaa6a56801ddd2d9b4980f19e7fe002b00994804", "https://lore.kernel.org/linux-cve-announce/2026032539-CVE-2026-23361-bd5c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23361", "https://www.cve.org/CVERecord?id=CVE-2026-23361" ], "PublishedDate": "2026-03-25T11:16:35.06Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23362", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23362", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2677afe573ad786e5f1a57aaec436a55693d9c83e3b5a49a85cb30b5a89bb602", "Title": "kernel: can: bcm: fix locking for bcm_op runtime updates", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: bcm: fix locking for bcm_op runtime updates\n\nCommit c2aba69d0c36 (\"can: bcm: add locking for bcm_op runtime updates\")\nadded a locking for some variables that can be modified at runtime when\nupdating the sending bcm_op with a new TX_SETUP command in bcm_tx_setup().\n\nUsually the RX_SETUP only handles and filters incoming traffic with one\nexception: When the RX_RTR_FRAME flag is set a predefined CAN frame is\nsent when a specific RTR frame is received. Therefore the rx bcm_op uses\nbcm_can_tx() which uses the bcm_tx_lock that was only initialized in\nbcm_tx_setup(). Add the missing spin_lock_init() when allocating the\nbcm_op in bcm_rx_setup() to handle the RTR case properly.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23362", "https://git.kernel.org/linus/c35636e91e392e1540949bbc67932167cb48bc3a (7.0-rc3)", "https://git.kernel.org/stable/c/70e951afad4c025261fe3c952d2b07237e320a01", "https://git.kernel.org/stable/c/800f26f11ae37b17f58e0001f28a47dd75c26557", "https://git.kernel.org/stable/c/8215ba7bc99e84e66fd6938874ec4330a9d96518", "https://git.kernel.org/stable/c/8bcf2d847adb82b2c617456f6da17ac5e6c75285", "https://git.kernel.org/stable/c/c35636e91e392e1540949bbc67932167cb48bc3a", "https://git.kernel.org/stable/c/f0c349b2c21b220af5ba19f29b885e222958d796", "https://lore.kernel.org/linux-cve-announce/2026032539-CVE-2026-23362-40bd@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23362", "https://www.cve.org/CVERecord?id=CVE-2026-23362" ], "PublishedDate": "2026-03-25T11:16:35.22Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23364", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23364", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f4d46571f21c64430666a27aa47c5031cd133f447a94ae1e523b2be6fd724a28", "Title": "kernel: ksmbd: Compare MACs in constant time", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: Compare MACs in constant time\n\nTo prevent timing attacks, MAC comparisons need to be constant-time.\nReplace the memcmp() with the correct function, crypto_memneq().", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23364", "https://git.kernel.org/linus/c5794709bc9105935dbedef8b9cf9c06f2b559fa (7.0-rc2)", "https://git.kernel.org/stable/c/2cdc56ed67615ba0921383a688f24415ebe065f3", "https://git.kernel.org/stable/c/307afccb751f542246bd5dc68a2c1ffe1a78418c", "https://git.kernel.org/stable/c/93c0a22fec914ec4b697e464895a0f594e29fb28", "https://git.kernel.org/stable/c/c5794709bc9105935dbedef8b9cf9c06f2b559fa", "https://git.kernel.org/stable/c/cd52a0e309659537048a864211abc3ea4c5caa63", "https://git.kernel.org/stable/c/f4588b85efd6007d46b80aa1b9fb746628ffb3dc", "https://lore.kernel.org/linux-cve-announce/2026032539-CVE-2026-23364-4267@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23364", "https://www.cve.org/CVERecord?id=CVE-2026-23364" ], "PublishedDate": "2026-03-25T11:16:35.547Z", "LastModifiedDate": "2026-04-02T15:16:32.013Z" }, { "VulnerabilityID": "CVE-2026-23365", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23365", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1a91f9a9d8cf68216b473717e47f8a3b3d76483b6882ac881262956fc99eeac0", "Title": "kernel: net: usb: kalmia: validate USB endpoints", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: kalmia: validate USB endpoints\n\nThe kalmia driver should validate that the device it is probing has the\nproper number and types of USB endpoints it is expecting before it binds\nto it. If a malicious device were to not have the same urbs the driver\nwill crash later on when it blindly accesses these endpoints.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23365", "https://git.kernel.org/linus/c58b6c29a4c9b8125e8ad3bca0637e00b71e2693 (7.0-rc2)", "https://git.kernel.org/stable/c/011684cd18349aa4c52167c8ac37a0524169f48c", "https://git.kernel.org/stable/c/12c0243de0aee0ab27cc00932fd5edae65c1e3a2", "https://git.kernel.org/stable/c/28a380bfa5bc7f6a9380b85e8eab919ee6ac1701", "https://git.kernel.org/stable/c/51c20ea5f1555a984c041b0dbf56f00d41b9e652", "https://git.kernel.org/stable/c/7bfda1a0be4caec3263753d567678451cef73a85", "https://git.kernel.org/stable/c/c58b6c29a4c9b8125e8ad3bca0637e00b71e2693", "https://lore.kernel.org/linux-cve-announce/2026032539-CVE-2026-23365-76d3@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23365", "https://www.cve.org/CVERecord?id=CVE-2026-23365" ], "PublishedDate": "2026-03-25T11:16:35.71Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23367", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23367", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:88a129b410db8250508b2806519e28fe7cacb5c2120b5df67d299a6d82146b47", "Title": "In the Linux kernel, the following vulnerability has been resolved: w ...", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: radiotap: reject radiotap with unknown bits\n\nThe radiotap parser is currently only used with the radiotap\nnamespace (not with vendor namespaces), but if the undefined\nfield 18 is used, the alignment/size is unknown as well. In\nthis case, iterator-\u003e_next_ns_data isn't initialized (it's\nonly set for skipping vendor namespaces), and syzbot points\nout that we later compare against this uninitialized value.\n\nFix this by moving the rejection of unknown radiotap fields\ndown to after the in-namespace lookup, so it will really use\niterator-\u003e_next_ns_data only for vendor namespaces, even in\ncase undefined fields are present.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23367", "https://git.kernel.org/linus/c854758abe0b8d86f9c43dc060ff56a0ee5b31e0 (7.0-rc2)", "https://git.kernel.org/stable/c/129c8bb320a7cef692c78056ef8e89a2a12ba448", "https://git.kernel.org/stable/c/2a60c588d5d39ad187628f58395c776a97fd4323", "https://git.kernel.org/stable/c/2f8ceeba670610d66f77def32011f48de951d781", "https://git.kernel.org/stable/c/703fa979badbba83d31cd011606d060bfb8b0d1d", "https://git.kernel.org/stable/c/c854758abe0b8d86f9c43dc060ff56a0ee5b31e0", "https://git.kernel.org/stable/c/e664971759a0e5570b50c6592e58a7f97d55e992", "https://lore.kernel.org/linux-cve-announce/2026032540-CVE-2026-23367-6e44@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23367", "https://www.cve.org/CVERecord?id=CVE-2026-23367" ], "PublishedDate": "2026-03-25T11:16:36Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23368", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23368", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:57e5416ee3ec6cc9e98395670d0ba7936568bc37bad7c528e7cd1389e7681c4f", "Title": "kernel: net: phy: register phy led_triggers during probe to avoid AB-BA deadlock", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: register phy led_triggers during probe to avoid AB-BA deadlock\n\nThere is an AB-BA deadlock when both LEDS_TRIGGER_NETDEV and\nLED_TRIGGER_PHY are enabled:\n\n[ 1362.049207] [\u003c8054e4b8\u003e] led_trigger_register+0x5c/0x1fc \u003c-- Trying to get lock \"triggers_list_lock\" via down_write(\u0026triggers_list_lock);\n[ 1362.054536] [\u003c80662830\u003e] phy_led_triggers_register+0xd0/0x234\n[ 1362.060329] [\u003c8065e200\u003e] phy_attach_direct+0x33c/0x40c\n[ 1362.065489] [\u003c80651fc4\u003e] phylink_fwnode_phy_connect+0x15c/0x23c\n[ 1362.071480] [\u003c8066ee18\u003e] mtk_open+0x7c/0xba0\n[ 1362.075849] [\u003c806d714c\u003e] __dev_open+0x280/0x2b0\n[ 1362.080384] [\u003c806d7668\u003e] __dev_change_flags+0x244/0x24c\n[ 1362.085598] [\u003c806d7698\u003e] dev_change_flags+0x28/0x78\n[ 1362.090528] [\u003c807150e4\u003e] dev_ioctl+0x4c0/0x654 \u003c-- Hold lock \"rtnl_mutex\" by calling rtnl_lock();\n[ 1362.094985] [\u003c80694360\u003e] sock_ioctl+0x2f4/0x4e0\n[ 1362.099567] [\u003c802e9c4c\u003e] sys_ioctl+0x32c/0xd8c\n[ 1362.104022] [\u003c80014504\u003e] syscall_common+0x34/0x58\n\nHere LED_TRIGGER_PHY is registering LED triggers during phy_attach\nwhile holding RTNL and then taking triggers_list_lock.\n\n[ 1362.191101] [\u003c806c2640\u003e] register_netdevice_notifier+0x60/0x168 \u003c-- Trying to get lock \"rtnl_mutex\" via rtnl_lock();\n[ 1362.197073] [\u003c805504ac\u003e] netdev_trig_activate+0x194/0x1e4\n[ 1362.202490] [\u003c8054e28c\u003e] led_trigger_set+0x1d4/0x360 \u003c-- Hold lock \"triggers_list_lock\" by down_read(\u0026triggers_list_lock);\n[ 1362.207511] [\u003c8054eb38\u003e] led_trigger_write+0xd8/0x14c\n[ 1362.212566] [\u003c80381d98\u003e] sysfs_kf_bin_write+0x80/0xbc\n[ 1362.217688] [\u003c8037fcd8\u003e] kernfs_fop_write_iter+0x17c/0x28c\n[ 1362.223174] [\u003c802cbd70\u003e] vfs_write+0x21c/0x3c4\n[ 1362.227712] [\u003c802cc0c4\u003e] ksys_write+0x78/0x12c\n[ 1362.232164] [\u003c80014504\u003e] syscall_common+0x34/0x58\n\nHere LEDS_TRIGGER_NETDEV is being enabled on an LED. It first takes\ntriggers_list_lock and then RTNL. A classical AB-BA deadlock.\n\nphy_led_triggers_registers() does not require the RTNL, it does not\nmake any calls into the network stack which require protection. There\nis also no requirement the PHY has been attached to a MAC, the\ntriggers only make use of phydev state. This allows the call to\nphy_led_triggers_registers() to be placed elsewhere. PHY probe() and\nrelease() don't hold RTNL, so solving the AB-BA deadlock.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23368", "https://git.kernel.org/linus/c8dbdc6e380e7e96a51706db3e4b7870d8a9402d (7.0-rc2)", "https://git.kernel.org/stable/c/241cd64cf2e32b28ead151b1795cd8fef2b6e482", "https://git.kernel.org/stable/c/2764dcb3c35de4410f642afc62cf979727470575", "https://git.kernel.org/stable/c/c33523b8fd2d4c504ada18cd93f511f2a8f84217", "https://git.kernel.org/stable/c/c6ffc2d2338d325e1edd0c702e3ee623aa5fdc6a", "https://git.kernel.org/stable/c/c8dbdc6e380e7e96a51706db3e4b7870d8a9402d", "https://git.kernel.org/stable/c/cde2d0b5ab5d03b5b6f17d4f654d8b30ccf36757", "https://lore.kernel.org/linux-cve-announce/2026032540-CVE-2026-23368-c240@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23368", "https://www.cve.org/CVERecord?id=CVE-2026-23368" ], "PublishedDate": "2026-03-25T11:16:36.167Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23370", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23370", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0656df85ce13b11d3b7bcf4a79060a9c46d11d6c7ce9861022fab12e77c134fa", "Title": "kernel: platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: dell-wmi-sysman: Don't hex dump plaintext password data\n\nset_new_password() hex dumps the entire buffer, which contains plaintext\npassword data, including current and new passwords. Remove the hex dump\nto avoid leaking credentials.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23370", "https://git.kernel.org/linus/d1a196e0a6dcddd03748468a0e9e3100790fc85c (7.0-rc3)", "https://git.kernel.org/stable/c/0e6115c2f2facaed9593c16ad2e5accd487f5c52", "https://git.kernel.org/stable/c/411ba3cd837f7825c0e648e155bc505641f95854", "https://git.kernel.org/stable/c/5de34126fb2edf8ab7f25d677b132e92d8bf9ede", "https://git.kernel.org/stable/c/d1a196e0a6dcddd03748468a0e9e3100790fc85c", "https://git.kernel.org/stable/c/d78e74adc5cfff7afd9d03b9da8058a7e435f9bc", "https://git.kernel.org/stable/c/d9e785bd62d2ac23cf29a75dcfea8c8087fd3870", "https://lore.kernel.org/linux-cve-announce/2026032540-CVE-2026-23370-02d2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23370", "https://www.cve.org/CVERecord?id=CVE-2026-23370" ], "PublishedDate": "2026-03-25T11:16:36.527Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23371", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23371", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:41b4f9a71b0b3535da5c21c84b431d952400019c623ae8e8907e6f6c8c532bd8", "Title": "kernel: sched/deadline: Fix missing ENQUEUE_REPLENISH during PI de-boosting", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/deadline: Fix missing ENQUEUE_REPLENISH during PI de-boosting\n\nRunning stress-ng --schedpolicy 0 on an RT kernel on a big machine\nmight lead to the following WARNINGs (edited).\n\n sched: DL de-boosted task PID 22725: REPLENISH flag missing\n\n WARNING: CPU: 93 PID: 0 at kernel/sched/deadline.c:239 dequeue_task_dl+0x15c/0x1f8\n ... (running_bw underflow)\n Call trace:\n dequeue_task_dl+0x15c/0x1f8 (P)\n dequeue_task+0x80/0x168\n deactivate_task+0x24/0x50\n push_dl_task+0x264/0x2e0\n dl_task_timer+0x1b0/0x228\n __hrtimer_run_queues+0x188/0x378\n hrtimer_interrupt+0xfc/0x260\n ...\n\nThe problem is that when a SCHED_DEADLINE task (lock holder) is\nchanged to a lower priority class via sched_setscheduler(), it may\nfail to properly inherit the parameters of potential DEADLINE donors\nif it didn't already inherit them in the past (shorter deadline than\ndonor's at that time). This might lead to bandwidth accounting\ncorruption, as enqueue_task_dl() won't recognize the lock holder as\nboosted.\n\nThe scenario occurs when:\n1. A DEADLINE task (donor) blocks on a PI mutex held by another\n DEADLINE task (holder), but the holder doesn't inherit parameters\n (e.g., it already has a shorter deadline)\n2. sched_setscheduler() changes the holder from DEADLINE to a lower\n class while still holding the mutex\n3. The holder should now inherit DEADLINE parameters from the donor\n and be enqueued with ENQUEUE_REPLENISH, but this doesn't happen\n\nFix the issue by introducing __setscheduler_dl_pi(), which detects when\na DEADLINE (proper or boosted) task gets setscheduled to a lower\npriority class. In case, the function makes the task inherit DEADLINE\nparameters of the donoer (pi_se) and sets ENQUEUE_REPLENISH flag to\nensure proper bandwidth accounting during the next enqueue operation.", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23371", "https://git.kernel.org/linus/d658686a1331db3bb108ca079d76deb3208ed949 (7.0-rc3)", "https://git.kernel.org/stable/c/ba1c22924ddcc280672a2a06a9ca99ee3a1b92c3", "https://git.kernel.org/stable/c/d658686a1331db3bb108ca079d76deb3208ed949", "https://lore.kernel.org/linux-cve-announce/2026032541-CVE-2026-23371-1b32@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23371", "https://www.cve.org/CVERecord?id=CVE-2026-23371" ], "PublishedDate": "2026-03-25T11:16:36.637Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23372", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23372", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:47d7e919d90138334ec0d6cceffd697cfff9e3217e038ce6a12b81f25b9e5baa", "Title": "kernel: nfc: rawsock: cancel tx_work before socket teardown", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: rawsock: cancel tx_work before socket teardown\n\nIn rawsock_release(), cancel any pending tx_work and purge the write\nqueue before orphaning the socket. rawsock_tx_work runs on the system\nworkqueue and calls nfc_data_exchange which dereferences the NCI\ndevice. Without synchronization, tx_work can race with socket and\ndevice teardown when a process is killed (e.g. by SIGKILL), leading\nto use-after-free or leaked references.\n\nSet SEND_SHUTDOWN first so that if tx_work is already running it will\nsee the flag and skip transmitting, then use cancel_work_sync to wait\nfor any in-progress execution to finish, and finally purge any\nremaining queued skbs.", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23372", "https://git.kernel.org/linus/d793458c45df2aed498d7f74145eab7ee22d25aa (7.0-rc3)", "https://git.kernel.org/stable/c/3ae592ed91bb4b6b51df256b51045c13d2656049", "https://git.kernel.org/stable/c/722a28b635ec281bb08a23885223526d8e7d6526", "https://git.kernel.org/stable/c/78141b8832e16d80d09cbefb4258612db0777a24", "https://git.kernel.org/stable/c/d793458c45df2aed498d7f74145eab7ee22d25aa", "https://git.kernel.org/stable/c/da4515fc8263c5933ed605e396af91079806dc45", "https://git.kernel.org/stable/c/edc988613def90c5b558e025b1b423f48007be06", "https://lore.kernel.org/linux-cve-announce/2026032541-CVE-2026-23372-7bc9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23372", "https://www.cve.org/CVERecord?id=CVE-2026-23372" ], "PublishedDate": "2026-03-25T11:16:36.78Z", "LastModifiedDate": "2026-04-02T15:16:32.22Z" }, { "VulnerabilityID": "CVE-2026-23374", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23374", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9224b397f0623eeab28f7624d742a2d5a6e63e26f25a9fb387cc5c73aee15d8f", "Title": "kernel: blktrace: fix __this_cpu_read/write in preemptible context", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nblktrace: fix __this_cpu_read/write in preemptible context\n\ntracing_record_cmdline() internally uses __this_cpu_read() and\n__this_cpu_write() on the per-CPU variable trace_cmdline_save, and\ntrace_save_cmdline() explicitly asserts preemption is disabled via\nlockdep_assert_preemption_disabled(). These operations are only safe\nwhen preemption is off, as they were designed to be called from the\nscheduler context (probe_wakeup_sched_switch() / probe_wakeup()).\n\n__blk_add_trace() was calling tracing_record_cmdline(current) early in\nthe blk_tracer path, before ring buffer reservation, from process\ncontext where preemption is fully enabled. This triggers the following\nusing blktests/blktrace/002:\n\nblktrace/002 (blktrace ftrace corruption with sysfs trace) [failed]\n runtime 0.367s ... 0.437s\n something found in dmesg:\n [ 81.211018] run blktests blktrace/002 at 2026-02-25 22:24:33\n [ 81.239580] null_blk: disk nullb1 created\n [ 81.357294] BUG: using __this_cpu_read() in preemptible [00000000] code: dd/2516\n [ 81.362842] caller is tracing_record_cmdline+0x10/0x40\n [ 81.362872] CPU: 16 UID: 0 PID: 2516 Comm: dd Tainted: G N 7.0.0-rc1lblk+ #84 PREEMPT(full)\n [ 81.362877] Tainted: [N]=TEST\n [ 81.362878] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.17.0-0-gb52ca86e094d-prebuilt.qemu.org 04/01/2014\n [ 81.362881] Call Trace:\n [ 81.362884] \u003cTASK\u003e\n [ 81.362886] dump_stack_lvl+0x8d/0xb0\n ...\n (See '/mnt/sda/blktests/results/nodev/blktrace/002.dmesg' for the entire message)\n\n[ 81.211018] run blktests blktrace/002 at 2026-02-25 22:24:33\n[ 81.239580] null_blk: disk nullb1 created\n[ 81.357294] BUG: using __this_cpu_read() in preemptible [00000000] code: dd/2516\n[ 81.362842] caller is tracing_record_cmdline+0x10/0x40\n[ 81.362872] CPU: 16 UID: 0 PID: 2516 Comm: dd Tainted: G N 7.0.0-rc1lblk+ #84 PREEMPT(full)\n[ 81.362877] Tainted: [N]=TEST\n[ 81.362878] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.17.0-0-gb52ca86e094d-prebuilt.qemu.org 04/01/2014\n[ 81.362881] Call Trace:\n[ 81.362884] \u003cTASK\u003e\n[ 81.362886] dump_stack_lvl+0x8d/0xb0\n[ 81.362895] check_preemption_disabled+0xce/0xe0\n[ 81.362902] tracing_record_cmdline+0x10/0x40\n[ 81.362923] __blk_add_trace+0x307/0x5d0\n[ 81.362934] ? lock_acquire+0xe0/0x300\n[ 81.362940] ? iov_iter_extract_pages+0x101/0xa30\n[ 81.362959] blk_add_trace_bio+0x106/0x1e0\n[ 81.362968] submit_bio_noacct_nocheck+0x24b/0x3a0\n[ 81.362979] ? lockdep_init_map_type+0x58/0x260\n[ 81.362988] submit_bio_wait+0x56/0x90\n[ 81.363009] __blkdev_direct_IO_simple+0x16c/0x250\n[ 81.363026] ? __pfx_submit_bio_wait_endio+0x10/0x10\n[ 81.363038] ? rcu_read_lock_any_held+0x73/0xa0\n[ 81.363051] blkdev_read_iter+0xc1/0x140\n[ 81.363059] vfs_read+0x20b/0x330\n[ 81.363083] ksys_read+0x67/0xe0\n[ 81.363090] do_syscall_64+0xbf/0xf00\n[ 81.363102] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 81.363106] RIP: 0033:0x7f281906029d\n[ 81.363111] Code: 31 c0 e9 c6 fe ff ff 50 48 8d 3d 66 63 0a 00 e8 59 ff 01 00 66 0f 1f 84 00 00 00 00 00 80 3d 41 33 0e 00 00 74 17 31 c0 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 5b c3 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec\n[ 81.363113] RSP: 002b:00007ffca127dd48 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\n[ 81.363120] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f281906029d\n[ 81.363122] RDX: 0000000000001000 RSI: 0000559f8bfae000 RDI: 0000000000000000\n[ 81.363123] RBP: 0000000000001000 R08: 0000002863a10a81 R09: 00007f281915f000\n[ 81.363124] R10: 00007f2818f77b60 R11: 0000000000000246 R12: 0000559f8bfae000\n[ 81.363126] R13: 0000000000000000 R14: 0000000000000000 R15: 000000000000000a\n[ 81.363142] \u003c/TASK\u003e\n\nThe same BUG fires from blk_add_trace_plug(), blk_add_trace_unplug(),\nand blk_add_trace_rq() paths as well.\n\nThe purpose of tracin\n---truncated---", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23374", "https://git.kernel.org/linus/da46b5dfef48658d03347cda21532bcdbb521e67 (7.0-rc3)", "https://git.kernel.org/stable/c/59efa088752b1c380a0475974679850cc8aef907", "https://git.kernel.org/stable/c/da46b5dfef48658d03347cda21532bcdbb521e67", "https://lore.kernel.org/linux-cve-announce/2026032541-CVE-2026-23374-9345@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23374", "https://www.cve.org/CVERecord?id=CVE-2026-23374" ], "PublishedDate": "2026-03-25T11:16:37.077Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23378", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23378", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:602624b6b7a16c183115364c458dfbd609d229465513d7c0558e1ebf3bb50891", "Title": "kernel: net/sched: act_ife: Fix metalist update behavior", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_ife: Fix metalist update behavior\n\nWhenever an ife action replace changes the metalist, instead of\nreplacing the old data on the metalist, the current ife code is appending\nthe new metadata. Aside from being innapropriate behavior, this may lead\nto an unbounded addition of metadata to the metalist which might cause an\nout of bounds error when running the encode op:\n\n[ 138.423369][ C1] ==================================================================\n[ 138.424317][ C1] BUG: KASAN: slab-out-of-bounds in ife_tlv_meta_encode (net/ife/ife.c:168)\n[ 138.424906][ C1] Write of size 4 at addr ffff8880077f4ffe by task ife_out_out_bou/255\n[ 138.425778][ C1] CPU: 1 UID: 0 PID: 255 Comm: ife_out_out_bou Not tainted 7.0.0-rc1-00169-gfbdfa8da05b6 #624 PREEMPT(full)\n[ 138.425795][ C1] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011\n[ 138.425800][ C1] Call Trace:\n[ 138.425804][ C1] \u003cIRQ\u003e\n[ 138.425808][ C1] dump_stack_lvl (lib/dump_stack.c:122)\n[ 138.425828][ C1] print_report (mm/kasan/report.c:379 mm/kasan/report.c:482)\n[ 138.425839][ C1] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221)\n[ 138.425844][ C1] ? __virt_addr_valid (./arch/x86/include/asm/preempt.h:95 (discriminator 1) ./include/linux/rcupdate.h:975 (discriminator 1) ./include/linux/mmzone.h:2207 (discriminator 1) arch/x86/mm/physaddr.c:54 (discriminator 1))\n[ 138.425853][ C1] ? ife_tlv_meta_encode (net/ife/ife.c:168)\n[ 138.425859][ C1] kasan_report (mm/kasan/report.c:221 mm/kasan/report.c:597)\n[ 138.425868][ C1] ? ife_tlv_meta_encode (net/ife/ife.c:168)\n[ 138.425878][ C1] kasan_check_range (mm/kasan/generic.c:186 (discriminator 1) mm/kasan/generic.c:200 (discriminator 1))\n[ 138.425884][ C1] __asan_memset (mm/kasan/shadow.c:84 (discriminator 2))\n[ 138.425889][ C1] ife_tlv_meta_encode (net/ife/ife.c:168)\n[ 138.425893][ C1] ? ife_tlv_meta_encode (net/ife/ife.c:171)\n[ 138.425898][ C1] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221)\n[ 138.425903][ C1] ife_encode_meta_u16 (net/sched/act_ife.c:57)\n[ 138.425910][ C1] ? __pfx_do_raw_spin_lock (kernel/locking/spinlock_debug.c:114)\n[ 138.425916][ C1] ? __asan_memcpy (mm/kasan/shadow.c:105 (discriminator 3))\n[ 138.425921][ C1] ? __pfx_ife_encode_meta_u16 (net/sched/act_ife.c:45)\n[ 138.425927][ C1] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:221)\n[ 138.425931][ C1] tcf_ife_act (net/sched/act_ife.c:847 net/sched/act_ife.c:879)\n\nTo solve this issue, fix the replace behavior by adding the metalist to\nthe ife rcu data structure.", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23378", "https://git.kernel.org/linus/e2cedd400c3ec0302ffca2490e8751772906ac23 (7.0-rc3)", "https://git.kernel.org/stable/c/56ade7ddea6ce605552341785d08e365c3f61861", "https://git.kernel.org/stable/c/5b1449301ca070814d866990b46f48d3f39ea4ee", "https://git.kernel.org/stable/c/691866c4cca54dc4df762276b49e89b36e046947", "https://git.kernel.org/stable/c/91a89d3bdc2f63d983adc13d1771631663c5dc1b", "https://git.kernel.org/stable/c/cd888c3966672239f2e0707b846a5a936ac9038a", "https://git.kernel.org/stable/c/e2cedd400c3ec0302ffca2490e8751772906ac23", "https://lore.kernel.org/linux-cve-announce/2026032542-CVE-2026-23378-f329@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23378", "https://www.cve.org/CVERecord?id=CVE-2026-23378" ], "PublishedDate": "2026-03-25T11:16:37.643Z", "LastModifiedDate": "2026-04-02T15:16:32.44Z" }, { "VulnerabilityID": "CVE-2026-23379", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23379", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2f0504ce6e0078b5720ad874060c20e00a9d54ba30e636cc526ae13f39d1a5ae", "Title": "kernel: net/sched: ets: fix divide by zero in the offload path", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: ets: fix divide by zero in the offload path\n\nOffloading ETS requires computing each class' WRR weight: this is done by\naveraging over the sums of quanta as 'q_sum' and 'q_psum'. Using unsigned\nint, the same integer size as the individual DRR quanta, can overflow and\neven cause division by zero, like it happened in the following splat:\n\n Oops: divide error: 0000 [#1] SMP PTI\n CPU: 13 UID: 0 PID: 487 Comm: tc Tainted: G E 6.19.0-virtme #45 PREEMPT(full)\n Tainted: [E]=UNSIGNED_MODULE\n Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011\n RIP: 0010:ets_offload_change+0x11f/0x290 [sch_ets]\n Code: e4 45 31 ff eb 03 41 89 c7 41 89 cb 89 ce 83 f9 0f 0f 87 b7 00 00 00 45 8b 08 31 c0 45 01 cc 45 85 c9 74 09 41 6b c4 64 31 d2 \u003c41\u003e f7 f2 89 c2 44 29 fa 45 89 df 41 83 fb 0f 0f 87 c7 00 00 00 44\n RSP: 0018:ffffd0a180d77588 EFLAGS: 00010246\n RAX: 00000000ffffff38 RBX: ffff8d3d482ca000 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffd0a180d77660\n RBP: ffffd0a180d77690 R08: ffff8d3d482ca2d8 R09: 00000000fffffffe\n R10: 0000000000000000 R11: 0000000000000000 R12: 00000000fffffffe\n R13: ffff8d3d472f2000 R14: 0000000000000003 R15: 0000000000000000\n FS: 00007f440b6c2740(0000) GS:ffff8d3dc9803000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000003cdd2000 CR3: 0000000007b58002 CR4: 0000000000172ef0\n Call Trace:\n \u003cTASK\u003e\n ets_qdisc_change+0x870/0xf40 [sch_ets]\n qdisc_create+0x12b/0x540\n tc_modify_qdisc+0x6d7/0xbd0\n rtnetlink_rcv_msg+0x168/0x6b0\n netlink_rcv_skb+0x5c/0x110\n netlink_unicast+0x1d6/0x2b0\n netlink_sendmsg+0x22e/0x470\n ____sys_sendmsg+0x38a/0x3c0\n ___sys_sendmsg+0x99/0xe0\n __sys_sendmsg+0x8a/0xf0\n do_syscall_64+0x111/0xf80\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f440b81c77e\n Code: 4d 89 d8 e8 d4 bc 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 \u003cc9\u003e c3 83 e2 39 83 fa 08 75 e7 e8 13 ff ff ff 0f 1f 00 f3 0f 1e fa\n RSP: 002b:00007fff951e4c10 EFLAGS: 00000202 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 0000000000481820 RCX: 00007f440b81c77e\n RDX: 0000000000000000 RSI: 00007fff951e4cd0 RDI: 0000000000000003\n RBP: 00007fff951e4c20 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000202 R12: 00007fff951f4fa8\n R13: 00000000699ddede R14: 00007f440bb01000 R15: 0000000000486980\n \u003c/TASK\u003e\n Modules linked in: sch_ets(E) netdevsim(E)\n ---[ end trace 0000000000000000 ]---\n RIP: 0010:ets_offload_change+0x11f/0x290 [sch_ets]\n Code: e4 45 31 ff eb 03 41 89 c7 41 89 cb 89 ce 83 f9 0f 0f 87 b7 00 00 00 45 8b 08 31 c0 45 01 cc 45 85 c9 74 09 41 6b c4 64 31 d2 \u003c41\u003e f7 f2 89 c2 44 29 fa 45 89 df 41 83 fb 0f 0f 87 c7 00 00 00 44\n RSP: 0018:ffffd0a180d77588 EFLAGS: 00010246\n RAX: 00000000ffffff38 RBX: ffff8d3d482ca000 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffd0a180d77660\n RBP: ffffd0a180d77690 R08: ffff8d3d482ca2d8 R09: 00000000fffffffe\n R10: 0000000000000000 R11: 0000000000000000 R12: 00000000fffffffe\n R13: ffff8d3d472f2000 R14: 0000000000000003 R15: 0000000000000000\n FS: 00007f440b6c2740(0000) GS:ffff8d3dc9803000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000003cdd2000 CR3: 0000000007b58002 CR4: 0000000000172ef0\n Kernel panic - not syncing: Fatal exception\n Kernel Offset: 0x30000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)\n ---[ end Kernel panic - not syncing: Fatal exception ]---\n\nFix this using 64-bit integers for 'q_sum' and 'q_psum'.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23379", "https://git.kernel.org/linus/e35626f610f3d2b7953ccddf6a77453da22b3a9e (7.0-rc3)", "https://git.kernel.org/stable/c/3912871344d6a0f1f572a7af2716968182d1e536", "https://git.kernel.org/stable/c/78b8d2f55a564236435649fbd8bd6a103f30acf5", "https://git.kernel.org/stable/c/7dbffffd5761687e168fb2f4aaa7a2c47e067efc", "https://git.kernel.org/stable/c/a6677e23b313cd9fd03690c589c6452cb6fffb97", "https://git.kernel.org/stable/c/abe1d5cb7fe135c0862c58db32bc29e04cf1c906", "https://git.kernel.org/stable/c/e35626f610f3d2b7953ccddf6a77453da22b3a9e", "https://lore.kernel.org/linux-cve-announce/2026032542-CVE-2026-23379-3b2d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23379", "https://www.cve.org/CVERecord?id=CVE-2026-23379" ], "PublishedDate": "2026-03-25T11:16:37.827Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23381", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23381", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:251f789e7a2f11416cc703bacde93e1286fd1883924239748ede57aa73e05567", "Title": "kernel: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: fix nd_tbl NULL dereference when IPv6 is disabled\n\nWhen booting with the 'ipv6.disable=1' parameter, the nd_tbl is never\ninitialized because inet6_init() exits before ndisc_init() is called\nwhich initializes it. Then, if neigh_suppress is enabled and an ICMPv6\nNeighbor Discovery packet reaches the bridge, br_do_suppress_nd() will\ndereference ipv6_stub-\u003end_tbl which is NULL, passing it to\nneigh_lookup(). This causes a kernel NULL pointer dereference.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000268\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n [...]\n RIP: 0010:neigh_lookup+0x16/0xe0\n [...]\n Call Trace:\n \u003cIRQ\u003e\n ? neigh_lookup+0x16/0xe0\n br_do_suppress_nd+0x160/0x290 [bridge]\n br_handle_frame_finish+0x500/0x620 [bridge]\n br_handle_frame+0x353/0x440 [bridge]\n __netif_receive_skb_core.constprop.0+0x298/0x1110\n __netif_receive_skb_one_core+0x3d/0xa0\n process_backlog+0xa0/0x140\n __napi_poll+0x2c/0x170\n net_rx_action+0x2c4/0x3a0\n handle_softirqs+0xd0/0x270\n do_softirq+0x3f/0x60\n\nFix this by replacing IS_ENABLED(IPV6) call with ipv6_mod_enabled() in\nthe callers. This is in essence disabling NS/NA suppression when IPv6 is\ndisabled.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23381", "https://git.kernel.org/linus/e5e890630533bdc15b26a34bb8e7ef539bdf1322 (7.0-rc3)", "https://git.kernel.org/stable/c/20ef5c25422f97dd09d751e5ae6c18406cdc78e6", "https://git.kernel.org/stable/c/33dec6f10777d5a8f71c0a200f690da5ae3c2e55", "https://git.kernel.org/stable/c/7a894eb5de246d79f13105c55a67381039a24d44", "https://git.kernel.org/stable/c/a12cdaa3375f0bd3c8f4e564be7c143529abfe5b", "https://git.kernel.org/stable/c/aa73deb3b6b730ec280d45b3f423bfa9e17bc122", "https://git.kernel.org/stable/c/e5e890630533bdc15b26a34bb8e7ef539bdf1322", "https://lore.kernel.org/linux-cve-announce/2026032543-CVE-2026-23381-378d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23381", "https://www.cve.org/CVERecord?id=CVE-2026-23381" ], "PublishedDate": "2026-03-25T11:16:38.16Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23382", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23382", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f41e2efe61d70e382adbb9e0d0c6dfc1a72a262badf73329777f4608b7ed38dd", "Title": "kernel: HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them\n\nIn commit 2ff5baa9b527 (\"HID: appleir: Fix potential NULL dereference at\nraw event handle\"), we handle the fact that raw event callbacks\ncan happen even for a HID device that has not been \"claimed\" causing a\ncrash if a broken device were attempted to be connected to the system.\n\nFix up the remaining in-tree HID drivers that forgot to add this same\ncheck to resolve the same issue.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23382", "https://git.kernel.org/linus/ecfa6f34492c493a9a1dc2900f3edeb01c79946b (7.0-rc3)", "https://git.kernel.org/stable/c/20864e3e41c74cda253a9fa6b6fe093c1461a6a9", "https://git.kernel.org/stable/c/575122cd6569c4c4aa13c4c9958fea506724c788", "https://git.kernel.org/stable/c/6e330889e6c8db99f04d4feb861d23de4e8fbb13", "https://git.kernel.org/stable/c/892dbaf46bb738dacf1fa663eadb3712c85868f0", "https://git.kernel.org/stable/c/ac83b0d91a3f4f0c012ba9c85fb99436cddb1208", "https://git.kernel.org/stable/c/ecfa6f34492c493a9a1dc2900f3edeb01c79946b", "https://lore.kernel.org/linux-cve-announce/2026032543-CVE-2026-23382-26fe@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23382", "https://www.cve.org/CVERecord?id=CVE-2026-23382" ], "PublishedDate": "2026-03-25T11:16:38.33Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23388", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23388", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:14fa05939080e0d29fc54164bd728737791d63e11d19e6ea6b3cda422d0ee62a", "Title": "kernel: Squashfs: check metadata block offset is within range", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: check metadata block offset is within range\n\nSyzkaller reports a \"general protection fault in squashfs_copy_data\"\n\nThis is ultimately caused by a corrupted index look-up table, which\nproduces a negative metadata block offset.\n\nThis is subsequently passed to squashfs_copy_data (via\nsquashfs_read_metadata) where the negative offset causes an out of bounds\naccess.\n\nThe fix is to check that the offset is within range in\nsquashfs_read_metadata. This will trap this and other cases.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 6.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23388", "https://git.kernel.org/linus/fdb24a820a5832ec4532273282cbd4f22c291a0d (7.0-rc2)", "https://git.kernel.org/stable/c/01ee0bcc29864b78249308e8b35042b09bbf5fe3", "https://git.kernel.org/stable/c/0c8ab092aec3ac4294940054772d30b511b16713", "https://git.kernel.org/stable/c/3b9499e7d677dd4366239a292238489a804936b2", "https://git.kernel.org/stable/c/6b847d65f5b0065e02080c61fad93d57d6686383", "https://git.kernel.org/stable/c/9e9fa5ad37c9cbad73c165c7ff1e76e650825e7c", "https://git.kernel.org/stable/c/fdb24a820a5832ec4532273282cbd4f22c291a0d", "https://lore.kernel.org/linux-cve-announce/2026032544-CVE-2026-23388-9e71@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23388", "https://www.cve.org/CVERecord?id=CVE-2026-23388" ], "PublishedDate": "2026-03-25T11:16:39.28Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23389", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23389", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e6008e9b5018388bc3ea91946f6d4ed563e55465def7ff12f5eca7757287f56d", "Title": "kernel: ice: Fix memory leak in ice_set_ringparam()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix memory leak in ice_set_ringparam()\n\nIn ice_set_ringparam, tx_rings and xdp_rings are allocated before\nrx_rings. If the allocation of rx_rings fails, the code jumps to\nthe done label leaking both tx_rings and xdp_rings. Furthermore, if\nthe setup of an individual Rx ring fails during the loop, the code jumps\nto the free_tx label which releases tx_rings but leaks xdp_rings.\n\nFix this by introducing a free_xdp label and updating the error paths to\nensure both xdp_rings and tx_rings are properly freed if rx_rings\nallocation or setup fails.\n\nCompile tested only. Issue found using a prototype static analysis tool\nand code review.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23389", "https://git.kernel.org/linus/fe868b499d16f55bbeea89992edb98043c9de416 (7.0-rc3)", "https://git.kernel.org/stable/c/44ba32a892b72de3faa04b8cfb1f2f1418fdd580", "https://git.kernel.org/stable/c/fe868b499d16f55bbeea89992edb98043c9de416", "https://lore.kernel.org/linux-cve-announce/2026032544-CVE-2026-23389-2056@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23389", "https://www.cve.org/CVERecord?id=CVE-2026-23389" ], "PublishedDate": "2026-03-25T11:16:39.44Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23390", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23390", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c4feead4f4dd290a26a3d6c5b157a8a60bb5797e0f469cc4ae45b4645c275f2c", "Title": "kernel: tracing/dma: Cap dma_map_sg tracepoint arrays to prevent buffer overflow", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/dma: Cap dma_map_sg tracepoint arrays to prevent buffer overflow\n\nThe dma_map_sg tracepoint can trigger a perf buffer overflow when\ntracing large scatter-gather lists. With devices like virtio-gpu\ncreating large DRM buffers, nents can exceed 1000 entries, resulting\nin:\n\n phys_addrs: 1000 * 8 bytes = 8,000 bytes\n dma_addrs: 1000 * 8 bytes = 8,000 bytes\n lengths: 1000 * 4 bytes = 4,000 bytes\n Total: ~20,000 bytes\n\nThis exceeds PERF_MAX_TRACE_SIZE (8192 bytes), causing:\n\n WARNING: CPU: 0 PID: 5497 at kernel/trace/trace_event_perf.c:405\n perf buffer not large enough, wanted 24620, have 8192\n\nCap all three dynamic arrays at 128 entries using min() in the array\nsize calculation. This ensures arrays are only as large as needed\n(up to the cap), avoiding unnecessary memory allocation for small\noperations while preventing overflow for large ones.\n\nThe tracepoint now records the full nents/ents counts and a truncated\nflag so users can see when data has been capped.\n\nChanges in v2:\n- Use min(nents, DMA_TRACE_MAX_ENTRIES) for dynamic array sizing\n instead of fixed DMA_TRACE_MAX_ENTRIES allocation (feedback from\n Steven Rostedt)\n- This allocates only what's needed up to the cap, avoiding waste\n for small operations\n\nReviwed-by: Sean Anderson \u003csean.anderson@linux.dev\u003e", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23390", "https://git.kernel.org/linus/daafcc0ef0b358d9d622b6e3b7c43767aa3814ee (6.19)", "https://git.kernel.org/stable/c/02d209bb018a40dee9eac89e91860253dee9605b", "https://git.kernel.org/stable/c/daafcc0ef0b358d9d622b6e3b7c43767aa3814ee", "https://git.kernel.org/stable/c/f2584f791a10343bdc995ff6ff402db45b95de69", "https://lore.kernel.org/linux-cve-announce/2026032537-CVE-2026-23390-7146@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23390", "https://www.cve.org/CVERecord?id=CVE-2026-23390" ], "PublishedDate": "2026-03-25T11:16:39.567Z", "LastModifiedDate": "2026-03-25T15:41:33.977Z" }, { "VulnerabilityID": "CVE-2026-23391", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23391", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1635372310baef3452d347e5e259394ec9f59ee3cd6f7b24583fd64395602082", "Title": "kernel: netfilter: xt_CT: drop pending enqueued packets on template removal", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: xt_CT: drop pending enqueued packets on template removal\n\nTemplates refer to objects that can go away while packets are sitting in\nnfqueue refer to:\n\n- helper, this can be an issue on module removal.\n- timeout policy, nfnetlink_cttimeout might remove it.\n\nThe use of templates with zone and event cache filter are safe, since\nthis just copies values.\n\nFlush these enqueued packets in case the template rule gets removed.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23391", "https://git.kernel.org/linus/f62a218a946b19bb59abdd5361da85fa4606b96b (7.0-rc5)", "https://git.kernel.org/stable/c/19a230dec6bb8928e3f96387f9085cf2c79bcef9", "https://git.kernel.org/stable/c/63b8097cea1923fe82cd598068d0796da8c015ec", "https://git.kernel.org/stable/c/777d02efe3d630cca4c1b63962cec17c57711325", "https://git.kernel.org/stable/c/cb549925875fa06dd155e49db4ac2c5044c30f9c", "https://git.kernel.org/stable/c/d2d0bae0c9a2a17b6990a2966f5cdce0813d6256", "https://git.kernel.org/stable/c/f62a218a946b19bb59abdd5361da85fa4606b96b", "https://lore.kernel.org/linux-cve-announce/2026032548-CVE-2026-23391-bb43@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23391", "https://www.cve.org/CVERecord?id=CVE-2026-23391" ], "PublishedDate": "2026-03-25T11:16:39.707Z", "LastModifiedDate": "2026-04-02T15:16:32.883Z" }, { "VulnerabilityID": "CVE-2026-23392", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23392", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c772ef381ceafb9a4613e2b297e53bf70eef94d60c31d4679a79c52b92fca11c", "Title": "kernel: netfilter: nf_tables: release flowtable after rcu grace period on error", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: release flowtable after rcu grace period on error\n\nCall synchronize_rcu() after unregistering the hooks from error path,\nsince a hook that already refers to this flowtable can be already\nregistered, exposing this flowtable to packet path and nfnetlink_hook\ncontrol plane.\n\nThis error path is rare, it should only happen by reaching the maximum\nnumber hooks or by failing to set up to hardware offload, just call\nsynchronize_rcu().\n\nThere is a check for already used device hooks by different flowtable\nthat could result in EEXIST at this late stage. The hook parser can be\nupdated to perform this check earlier to this error path really becomes\nrarely exercised.\n\nUncovered by KASAN reported as use-after-free from nfnetlink_hook path\nwhen dumping hooks.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23392", "https://git.kernel.org/linus/d73f4b53aaaea4c95f245e491aa5eeb8a21874ce (7.0-rc5)", "https://git.kernel.org/stable/c/7e3955b282eae20d61c75e499c75eade51c20060", "https://git.kernel.org/stable/c/adee3436ccd29f1e514c028899e400cbc6d84065", "https://git.kernel.org/stable/c/c8092edb9a11f20f95ccceeb9422b7dd0df337bd", "https://git.kernel.org/stable/c/d2632de96ccb066e0131ad1494241b9c281c60b8", "https://git.kernel.org/stable/c/d73f4b53aaaea4c95f245e491aa5eeb8a21874ce", "https://git.kernel.org/stable/c/e78a2dcc7cfb87b64a631441ca7681492b347ef6", "https://lore.kernel.org/linux-cve-announce/2026032548-CVE-2026-23392-fd9d@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23392", "https://www.cve.org/CVERecord?id=CVE-2026-23392" ], "PublishedDate": "2026-03-25T11:16:39.873Z", "LastModifiedDate": "2026-04-02T15:16:33.093Z" }, { "VulnerabilityID": "CVE-2026-23393", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23393", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:fdabbb4dae4c8be61d913f85e2c16cab1de4ad439093f71817f596de4ccb0e3f", "Title": "kernel: bridge: cfm: Fix race condition in peer_mep deletion", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbridge: cfm: Fix race condition in peer_mep deletion\n\nWhen a peer MEP is being deleted, cancel_delayed_work_sync() is called\non ccm_rx_dwork before freeing. However, br_cfm_frame_rx() runs in\nsoftirq context under rcu_read_lock (without RTNL) and can re-schedule\nccm_rx_dwork via ccm_rx_timer_start() between cancel_delayed_work_sync()\nreturning and kfree_rcu() being called.\n\nThe following is a simple race scenario:\n\n cpu0 cpu1\n\nmep_delete_implementation()\n cancel_delayed_work_sync(ccm_rx_dwork);\n br_cfm_frame_rx()\n // peer_mep still in hlist\n if (peer_mep-\u003eccm_defect)\n ccm_rx_timer_start()\n queue_delayed_work(ccm_rx_dwork)\n hlist_del_rcu(\u0026peer_mep-\u003ehead);\n kfree_rcu(peer_mep, rcu);\n ccm_rx_work_expired()\n // on freed peer_mep\n\nTo prevent this, cancel_delayed_work_sync() is replaced with\ndisable_delayed_work_sync() in both peer MEP deletion paths, so\nthat subsequent queue_delayed_work() calls from br_cfm_frame_rx()\nare silently rejected.\n\nThe cc_peer_disable() helper retains cancel_delayed_work_sync()\nbecause it is also used for the CC enable/disable toggle path where\nthe work must remain re-schedulable.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23393", "https://git.kernel.org/linus/3715a00855316066cdda69d43648336367422127 (7.0-rc5)", "https://git.kernel.org/stable/c/1fd81151f65927fd9edb8ecd12ad45527dbbe5ab", "https://git.kernel.org/stable/c/3715a00855316066cdda69d43648336367422127", "https://git.kernel.org/stable/c/d8f35767bacb3c7769d470a41cf161e3f3c07e70", "https://git.kernel.org/stable/c/e89dbd2736a45f0507949af4748cbbf3ff793146", "https://lore.kernel.org/linux-cve-announce/2026032548-CVE-2026-23393-c395@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23393", "https://www.cve.org/CVERecord?id=CVE-2026-23393" ], "PublishedDate": "2026-03-25T11:16:40.04Z", "LastModifiedDate": "2026-04-02T15:16:33.303Z" }, { "VulnerabilityID": "CVE-2026-23395", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23395", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:cd88a353c95ec98c77253f934ee7ba9b8c6c893a53126c72beeeab4ef5961080", "Title": "kernel: Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ\n\nCurrently the code attempts to accept requests regardless of the\ncommand identifier which may cause multiple requests to be marked\nas pending (FLAG_DEFER_SETUP) which can cause more than\nL2CAP_ECRED_MAX_CID(5) to be allocated in l2cap_ecred_rsp_defer\ncausing an overflow.\n\nThe spec is quite clear that the same identifier shall not be used on\nsubsequent requests:\n\n'Within each signaling channel a different Identifier shall be used\nfor each successive request or indication.'\nhttps://www.bluetooth.com/wp-content/uploads/Files/Specification/HTML/Core-62/out/en/host/logical-link-control-and-adaptation-protocol-specification.html#UUID-32a25a06-4aa4-c6c7-77c5-dcfe3682355d\n\nSo this attempts to check if there are any channels pending with the\nsame identifier and rejects if any are found.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 4, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H", "V3Score": 6.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23395", "https://git.kernel.org/linus/5b3e2052334f2ff6d5200e952f4aa66994d09899 (7.0-rc5)", "https://git.kernel.org/stable/c/2124d82fd25e1671bb3ceb37998af5aae5903e06", "https://git.kernel.org/stable/c/5b3e2052334f2ff6d5200e952f4aa66994d09899", "https://git.kernel.org/stable/c/6b949a6b33cbdf621d9fc6f0c48ac00915dbf514", "https://git.kernel.org/stable/c/8d0d94f8ba5b3a0beec3b0da558b9bea48018117", "https://git.kernel.org/stable/c/e72ee455297b794b852e5cea8d2d7bb17312172a", "https://git.kernel.org/stable/c/fb4a3a26483f3ea2cd21c7a2f7c45d5670600465", "https://lore.kernel.org/linux-cve-announce/2026032549-CVE-2026-23395-5e50@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23395", "https://www.cve.org/CVERecord?id=CVE-2026-23395" ], "PublishedDate": "2026-03-25T11:16:40.347Z", "LastModifiedDate": "2026-04-02T09:16:20.763Z" }, { "VulnerabilityID": "CVE-2026-23396", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23396", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:acb95e9700914b3617e683f1b27710c1ed26bd89f2398aa4818b4c8ba99853cf", "Title": "kernel: wifi: mac80211: fix NULL deref in mesh_matches_local()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix NULL deref in mesh_matches_local()\n\nmesh_matches_local() unconditionally dereferences ie-\u003emesh_config to\ncompare mesh configuration parameters. When called from\nmesh_rx_csa_frame(), the parsed action-frame elements may not contain a\nMesh Configuration IE, leaving ie-\u003emesh_config NULL and triggering a\nkernel NULL pointer dereference.\n\nThe other two callers are already safe:\n - ieee80211_mesh_rx_bcn_presp() checks !elems-\u003emesh_config before\n calling mesh_matches_local()\n - mesh_plink_get_event() is only reached through\n mesh_process_plink_frame(), which checks !elems-\u003emesh_config, too\n\nmesh_rx_csa_frame() is the only caller that passes raw parsed elements\nto mesh_matches_local() without guarding mesh_config. An adjacent\nattacker can exploit this by sending a crafted CSA action frame that\nincludes a valid Mesh ID IE but omits the Mesh Configuration IE,\ncrashing the kernel.\n\nThe captured crash log:\n\nOops: general protection fault, probably for non-canonical address ...\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nWorkqueue: events_unbound cfg80211_wiphy_work\n[...]\nCall Trace:\n \u003cTASK\u003e\n ? __pfx_mesh_matches_local (net/mac80211/mesh.c:65)\n ieee80211_mesh_rx_queued_mgmt (net/mac80211/mesh.c:1686)\n [...]\n ieee80211_iface_work (net/mac80211/iface.c:1754 net/mac80211/iface.c:1802)\n [...]\n cfg80211_wiphy_work (net/wireless/core.c:426)\n process_one_work (net/kernel/workqueue.c:3280)\n ? assign_work (net/kernel/workqueue.c:1219)\n worker_thread (net/kernel/workqueue.c:3352)\n ? __pfx_worker_thread (net/kernel/workqueue.c:3385)\n kthread (net/kernel/kthread.c:436)\n [...]\n ret_from_fork_asm (net/arch/x86/entry/entry_64.S:255)\n \u003c/TASK\u003e\n\nThis patch adds a NULL check for ie-\u003emesh_config at the top of\nmesh_matches_local() to return false early when the Mesh Configuration\nIE is absent.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23396", "https://git.kernel.org/linus/c73bb9a2d33bf81f6eecaa0f474b6c6dbe9855bd (7.0-rc5)", "https://git.kernel.org/stable/c/0a4da176ae4b4e075a19c00d3e269cfd5e05a813", "https://git.kernel.org/stable/c/44699c6cdfce80a0f296b54ae9314461e3e41b3d", "https://git.kernel.org/stable/c/7c55a3deaf7eaaafa2546f8de7fed19382a0a116", "https://git.kernel.org/stable/c/a90279e7f7ea0b7e923a1c5ebee9a6b78b6d1004", "https://git.kernel.org/stable/c/c1e3f2416fb27c816ce96d747d3e784e31f4d95c", "https://git.kernel.org/stable/c/c73bb9a2d33bf81f6eecaa0f474b6c6dbe9855bd", "https://lore.kernel.org/linux-cve-announce/2026032631-CVE-2026-23396-6447@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23396", "https://www.cve.org/CVERecord?id=CVE-2026-23396" ], "PublishedDate": "2026-03-26T11:16:18.75Z", "LastModifiedDate": "2026-03-30T13:26:50.827Z" }, { "VulnerabilityID": "CVE-2026-23397", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23397", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:fb6297e451538e2c5e390219b47f6876c6c18673f8b14cf1c633c6d2beb3303b", "Title": "Linux kernel: nfnetlink_osf: Linux kernel: Denial of Service in nfnetlink_osf via crafted network packets", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfnetlink_osf: validate individual option lengths in fingerprints\n\nnfnl_osf_add_callback() validates opt_num bounds and string\nNUL-termination but does not check individual option length fields.\nA zero-length option causes nf_osf_match_one() to enter the option\nmatching loop even when foptsize sums to zero, which matches packets\nwith no TCP options where ctx-\u003eoptp is NULL:\n\n Oops: general protection fault\n KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\n RIP: 0010:nf_osf_match_one (net/netfilter/nfnetlink_osf.c:98)\n Call Trace:\n nf_osf_match (net/netfilter/nfnetlink_osf.c:227)\n xt_osf_match_packet (net/netfilter/xt_osf.c:32)\n ipt_do_table (net/ipv4/netfilter/ip_tables.c:293)\n nf_hook_slow (net/netfilter/core.c:623)\n ip_local_deliver (net/ipv4/ip_input.c:262)\n ip_rcv (net/ipv4/ip_input.c:573)\n\nAdditionally, an MSS option (kind=2) with length \u003c 4 causes\nout-of-bounds reads when nf_osf_match_one() unconditionally accesses\noptp[2] and optp[3] for MSS value extraction. While RFC 9293\nsection 3.2 specifies that the MSS option is always exactly 4\nbytes (Kind=2, Length=4), the check uses \"\u003c 4\" rather than\n\"!= 4\" because lengths greater than 4 do not cause memory\nsafety issues -- the buffer is guaranteed to be at least\nfoptsize bytes by the ctx-\u003eoptsize == foptsize check.\n\nReject fingerprints where any option has zero length, or where an MSS\noption has length less than 4, at add time rather than trusting these\nvalues in the packet matching hot path.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23397", "https://git.kernel.org/linus/dbdfaae9609629a9569362e3b8f33d0a20fd783c (7.0-rc5)", "https://git.kernel.org/stable/c/224f4678812e1a7bc8341bcb666773a0aec5ea6f", "https://git.kernel.org/stable/c/3932620c04c2938c93c0890c225960d3d34ba355", "https://git.kernel.org/stable/c/4c6aa008b913e808c4f4d3cde36cb1d9bb5967c6", "https://git.kernel.org/stable/c/aa0574182c46963c3cdb8cde46ec93aca21100d8", "https://git.kernel.org/stable/c/dbdfaae9609629a9569362e3b8f33d0a20fd783c", "https://git.kernel.org/stable/c/ec8bf0571b142f29dc0b68ae2ac3952f7a464b38", "https://lore.kernel.org/linux-cve-announce/2026032634-CVE-2026-23397-d4f0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23397", "https://www.cve.org/CVERecord?id=CVE-2026-23397" ], "PublishedDate": "2026-03-26T11:16:19.72Z", "LastModifiedDate": "2026-03-30T13:26:50.827Z" }, { "VulnerabilityID": "CVE-2026-23398", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23398", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:dca8b1f853843bf5d37e0a38f9f4dbc058398beaa4cc9985440e9826859110f0", "Title": "kernel: icmp: fix NULL pointer dereference in icmp_tag_validation()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nicmp: fix NULL pointer dereference in icmp_tag_validation()\n\nicmp_tag_validation() unconditionally dereferences the result of\nrcu_dereference(inet_protos[proto]) without checking for NULL.\nThe inet_protos[] array is sparse -- only about 15 of 256 protocol\nnumbers have registered handlers. When ip_no_pmtu_disc is set to 3\n(hardened PMTU mode) and the kernel receives an ICMP Fragmentation\nNeeded error with a quoted inner IP header containing an unregistered\nprotocol number, the NULL dereference causes a kernel panic in\nsoftirq context.\n\n Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN NOPTI\n KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\n RIP: 0010:icmp_unreach (net/ipv4/icmp.c:1085 net/ipv4/icmp.c:1143)\n Call Trace:\n \u003cIRQ\u003e\n icmp_rcv (net/ipv4/icmp.c:1527)\n ip_protocol_deliver_rcu (net/ipv4/ip_input.c:207)\n ip_local_deliver_finish (net/ipv4/ip_input.c:242)\n ip_local_deliver (net/ipv4/ip_input.c:262)\n ip_rcv (net/ipv4/ip_input.c:573)\n __netif_receive_skb_one_core (net/core/dev.c:6164)\n process_backlog (net/core/dev.c:6628)\n handle_softirqs (kernel/softirq.c:561)\n \u003c/IRQ\u003e\n\nAdd a NULL check before accessing icmp_strict_tag_validation. If the\nprotocol has no registered handler, return false since it cannot\nperform strict tag validation.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23398", "https://git.kernel.org/linus/614aefe56af8e13331e50220c936fc0689cf5675 (7.0-rc5)", "https://git.kernel.org/stable/c/1e4e2f5e48cec0cccaea9815fb9486c084ba41e2", "https://git.kernel.org/stable/c/1f9f2c6d4b2a613b7756fc5679c5116ba2ca0161", "https://git.kernel.org/stable/c/614aefe56af8e13331e50220c936fc0689cf5675", "https://git.kernel.org/stable/c/9647e99d2a617c355d2b378be0ff6d0e848fd579", "https://git.kernel.org/stable/c/b61529c357f1ee4d64836eb142a542d2e7ad67ce", "https://git.kernel.org/stable/c/d938dd5a0ad780c891ea3bc94cae7405f11e618a", "https://lore.kernel.org/linux-cve-announce/2026032634-CVE-2026-23398-df1e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23398", "https://www.cve.org/CVERecord?id=CVE-2026-23398" ], "PublishedDate": "2026-03-26T11:16:19.91Z", "LastModifiedDate": "2026-03-30T13:26:50.827Z" }, { "VulnerabilityID": "CVE-2026-23399", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23399", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8b746d95854d8a95147eea7350e963d7d71670c160f4d08514da3a2d9f4f43c8", "Title": "kernel: nf_tables: nft_dynset: fix possible stateful expression memleak in error path", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnf_tables: nft_dynset: fix possible stateful expression memleak in error path\n\nIf cloning the second stateful expression in the element via GFP_ATOMIC\nfails, then the first stateful expression remains in place without being\nreleased.\n\n   unreferenced object (percpu) 0x607b97e9cab8 (size 16):\n     comm \"softirq\", pid 0, jiffies 4294931867\n     hex dump (first 16 bytes on cpu 3):\n       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n     backtrace (crc 0):\n       pcpu_alloc_noprof+0x453/0xd80\n       nft_counter_clone+0x9c/0x190 [nf_tables]\n       nft_expr_clone+0x8f/0x1b0 [nf_tables]\n       nft_dynset_new+0x2cb/0x5f0 [nf_tables]\n       nft_rhash_update+0x236/0x11c0 [nf_tables]\n       nft_dynset_eval+0x11f/0x670 [nf_tables]\n       nft_do_chain+0x253/0x1700 [nf_tables]\n       nft_do_chain_ipv4+0x18d/0x270 [nf_tables]\n       nf_hook_slow+0xaa/0x1e0\n       ip_local_deliver+0x209/0x330", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23399", "https://git.kernel.org/linus/0548a13b5a145b16e4da0628b5936baf35f51b43 (7.0-rc5)", "https://git.kernel.org/stable/c/0548a13b5a145b16e4da0628b5936baf35f51b43", "https://git.kernel.org/stable/c/31641c682db73353e4647e40735c7f2a75ff58ef", "https://git.kernel.org/stable/c/c88a9fd26cee365bec932196f76175772a941cca", "https://git.kernel.org/stable/c/d1354873cbe3b344899c4311ac05897fd83e3f21", "https://lore.kernel.org/linux-cve-announce/2026032820-CVE-2026-23399-60d0@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23399", "https://www.cve.org/CVERecord?id=CVE-2026-23399" ], "PublishedDate": "2026-03-28T08:15:56.72Z", "LastModifiedDate": "2026-03-30T13:26:07.647Z" }, { "VulnerabilityID": "CVE-2026-23401", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23401", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d8ffa4c34a8efb9884e2f816c34764d6ff2812556df2a6d6e6e716141e096dbc", "Title": "In the Linux kernel, the following vulnerability has been resolved: K ...", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE\n\nWhen installing an emulated MMIO SPTE, do so *after* dropping/zapping the\nexisting SPTE (if it's shadow-present). While commit a54aa15c6bda3 was\nright about it being impossible to convert a shadow-present SPTE to an\nMMIO SPTE due to a _guest_ write, it failed to account for writes to guest\nmemory that are outside the scope of KVM.\n\nE.g. if host userspace modifies a shadowed gPTE to switch from a memslot\nto emulted MMIO and then the guest hits a relevant page fault, KVM will\ninstall the MMIO SPTE without first zapping the shadow-present SPTE.\n\n ------------[ cut here ]------------\n is_shadow_present_pte(*sptep)\n WARNING: arch/x86/kvm/mmu/mmu.c:484 at mark_mmio_spte+0xb2/0xc0 [kvm], CPU#0: vmx_ept_stale_r/4292\n Modules linked in: kvm_intel kvm irqbypass\n CPU: 0 UID: 1000 PID: 4292 Comm: vmx_ept_stale_r Not tainted 7.0.0-rc2-eafebd2d2ab0-sink-vm #319 PREEMPT\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n RIP: 0010:mark_mmio_spte+0xb2/0xc0 [kvm]\n Call Trace:\n \u003cTASK\u003e\n mmu_set_spte+0x237/0x440 [kvm]\n ept_page_fault+0x535/0x7f0 [kvm]\n kvm_mmu_do_page_fault+0xee/0x1f0 [kvm]\n kvm_mmu_page_fault+0x8d/0x620 [kvm]\n vmx_handle_exit+0x18c/0x5a0 [kvm_intel]\n kvm_arch_vcpu_ioctl_run+0xc55/0x1c20 [kvm]\n kvm_vcpu_ioctl+0x2d5/0x980 [kvm]\n __x64_sys_ioctl+0x8a/0xd0\n do_syscall_64+0xb5/0x730\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n RIP: 0033:0x47fa3f\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://git.kernel.org/linus/aad885e774966e97b675dfe928da164214a71605 (7.0-rc6)", "https://git.kernel.org/stable/c/459158151a158a6703b49f3c9de0e536d8bd553f", "https://git.kernel.org/stable/c/695320de6eadb75aaed8be1787c4ce4c189e4c7b", "https://git.kernel.org/stable/c/aad885e774966e97b675dfe928da164214a71605", "https://git.kernel.org/stable/c/bce7fe59d43531623f3e43779127bfb33804925d", "https://git.kernel.org/stable/c/fd28c5618699180cd69619801e9ae6a5266c0a22", "https://linux.oracle.com/cve/CVE-2026-23401.html", "https://linux.oracle.com/errata/ELSA-2026-50171.html", "https://www.cve.org/CVERecord?id=CVE-2026-23401" ], "PublishedDate": "2026-04-01T09:16:15.26Z", "LastModifiedDate": "2026-04-02T12:16:19.97Z" }, { "VulnerabilityID": "CVE-2026-23403", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23403", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9e15e553ecc67c519c555ad0da2b615b2741ae99aa83d6a69633ed86d1213d80", "Title": "kernel: apparmor: fix memory leak in verify_header", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix memory leak in verify_header\n\nThe function sets `*ns = NULL` on every call, leaking the namespace\nstring allocated in previous iterations when multiple profiles are\nunpacked. This also breaks namespace consistency checking since *ns\nis always NULL when the comparison is made.\n\nRemove the incorrect assignment.\nThe caller (aa_unpack) initializes *ns to NULL once before the loop,\nwhich is sufficient.", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23403", "https://cdn2.qualys.com/advisory/2026/03/10/crack-armor.txt", "https://git.kernel.org/stable/c/42fd831abfc15d0643c14688f0522556b347e7e6", "https://git.kernel.org/stable/c/4f0889f2df1ab99224a5e1ac4e20437eea5fe38e", "https://git.kernel.org/stable/c/663ce34786e759ebcbeb3060685c20bcc886d51a", "https://git.kernel.org/stable/c/786e2c2a87d9c505f33321d1fd23a176aa8ddeb1", "https://git.kernel.org/stable/c/e38c55d9f834e5b848bfed0f5c586aaf45acb825", "https://lore.kernel.org/linux-cve-announce/2026040111-CVE-2026-23403-f22c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23403", "https://ubuntu.com/blog/apparmor-vulnerability-fixes-available", "https://ubuntu.com/security/vulnerabilities/crackarmor", "https://www.cve.org/CVERecord?id=CVE-2026-23403", "https://www.openwall.com/lists/oss-security/2026/04/01/3" ], "PublishedDate": "2026-04-01T09:16:15.803Z", "LastModifiedDate": "2026-04-01T14:23:37.727Z" }, { "VulnerabilityID": "CVE-2026-23404", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23404", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6baadfd031c2dd05c3d5b48051c6cd27f79747c866c0ad2dfa2bd4d2e9887eaf", "Title": "kernel: apparmor: replace recursive profile removal with iterative approach", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: replace recursive profile removal with iterative approach\n\nThe profile removal code uses recursion when removing nested profiles,\nwhich can lead to kernel stack exhaustion and system crashes.\n\nReproducer:\n $ pf='a'; for ((i=0; i\u003c1024; i++)); do\n echo -e \"profile $pf { \\n }\" | apparmor_parser -K -a;\n pf=\"$pf//x\";\n done\n $ echo -n a \u003e /sys/kernel/security/apparmor/.remove\n\nReplace the recursive __aa_profile_list_release() approach with an\niterative approach in __remove_profile(). The function repeatedly\nfinds and removes leaf profiles until the entire subtree is removed,\nmaintaining the same removal semantic without recursion.", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23404", "https://cdn2.qualys.com/advisory/2026/03/10/crack-armor.txt", "https://git.kernel.org/stable/c/33959a491e9fd557abfa5fce5ae4637d400915d3", "https://git.kernel.org/stable/c/7eade846e013cbe8d2dc4a484463aa19e6515c7f", "https://git.kernel.org/stable/c/999bd704b0b641527a5ed46f0d969deff8cfa68b", "https://git.kernel.org/stable/c/a6a941a1294ac5abe22053dc501d25aed96e48fe", "https://git.kernel.org/stable/c/ab09264660f9de5d05d1ef4e225aa447c63a8747", "https://lore.kernel.org/linux-cve-announce/2026040111-CVE-2026-23404-8b0b@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23404", "https://ubuntu.com/blog/apparmor-vulnerability-fixes-available", "https://ubuntu.com/security/vulnerabilities/crackarmor", "https://www.cve.org/CVERecord?id=CVE-2026-23404", "https://www.openwall.com/lists/oss-security/2026/04/01/3" ], "PublishedDate": "2026-04-01T09:16:15.977Z", "LastModifiedDate": "2026-04-01T14:23:37.727Z" }, { "VulnerabilityID": "CVE-2026-23405", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23405", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a815d2948326d0d830d9501942a7adea8804df65d84b66d951a80aa83748aa7f", "Title": "kernel: apparmor: fix: limit the number of levels of policy namespaces", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix: limit the number of levels of policy namespaces\n\nCurrently the number of policy namespaces is not bounded relying on\nthe user namespace limit. However policy namespaces aren't strictly\ntied to user namespaces and it is possible to create them and nest\nthem arbitrarily deep which can be used to exhaust system resource.\n\nHard cap policy namespaces to the same depth as user namespaces.", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23405", "https://cdn2.qualys.com/advisory/2026/03/10/crack-armor.txt", "https://git.kernel.org/stable/c/306039414932c80f8420695a24d4fe10c84ccfb2", "https://git.kernel.org/stable/c/3f8699b3ee0c04b4b9bc27b82cd89a40e81e1d2e", "https://git.kernel.org/stable/c/7b6495ead2c611647f6b11441a852324e3eb8616", "https://git.kernel.org/stable/c/853ce31ca72097d23991a06876a2ccb5cb64b603", "https://git.kernel.org/stable/c/d42b2b6bb77ca40ee34ab74ad79305840b5f315d", "https://lore.kernel.org/linux-cve-announce/2026040111-CVE-2026-23405-0e7a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23405", "https://ubuntu.com/blog/apparmor-vulnerability-fixes-available", "https://ubuntu.com/security/vulnerabilities/crackarmor", "https://www.cve.org/CVERecord?id=CVE-2026-23405", "https://www.openwall.com/lists/oss-security/2026/04/01/3" ], "PublishedDate": "2026-04-01T09:16:16.153Z", "LastModifiedDate": "2026-04-01T14:23:37.727Z" }, { "VulnerabilityID": "CVE-2026-23406", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23406", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3a45410d6fed496cdf653ee5a8722c78c0e16b78abb7c88b9f47efa9ec0a04c8", "Title": "kernel: apparmor: fix side-effect bug in match_char() macro usage", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix side-effect bug in match_char() macro usage\n\nThe match_char() macro evaluates its character parameter multiple\ntimes when traversing differential encoding chains. When invoked\nwith *str++, the string pointer advances on each iteration of the\ninner do-while loop, causing the DFA to check different characters\nat each iteration and therefore skip input characters.\nThis results in out-of-bounds reads when the pointer advances past\nthe input buffer boundary.\n\n[ 94.984676] ==================================================================\n[ 94.985301] BUG: KASAN: slab-out-of-bounds in aa_dfa_match+0x5ae/0x760\n[ 94.985655] Read of size 1 at addr ffff888100342000 by task file/976\n\n[ 94.986319] CPU: 7 UID: 1000 PID: 976 Comm: file Not tainted 6.19.0-rc7-next-20260127 #1 PREEMPT(lazy)\n[ 94.986322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 94.986329] Call Trace:\n[ 94.986341] \u003cTASK\u003e\n[ 94.986347] dump_stack_lvl+0x5e/0x80\n[ 94.986374] print_report+0xc8/0x270\n[ 94.986384] ? aa_dfa_match+0x5ae/0x760\n[ 94.986388] kasan_report+0x118/0x150\n[ 94.986401] ? aa_dfa_match+0x5ae/0x760\n[ 94.986405] aa_dfa_match+0x5ae/0x760\n[ 94.986408] __aa_path_perm+0x131/0x400\n[ 94.986418] aa_path_perm+0x219/0x2f0\n[ 94.986424] apparmor_file_open+0x345/0x570\n[ 94.986431] security_file_open+0x5c/0x140\n[ 94.986442] do_dentry_open+0x2f6/0x1120\n[ 94.986450] vfs_open+0x38/0x2b0\n[ 94.986453] ? may_open+0x1e2/0x2b0\n[ 94.986466] path_openat+0x231b/0x2b30\n[ 94.986469] ? __x64_sys_openat+0xf8/0x130\n[ 94.986477] do_file_open+0x19d/0x360\n[ 94.986487] do_sys_openat2+0x98/0x100\n[ 94.986491] __x64_sys_openat+0xf8/0x130\n[ 94.986499] do_syscall_64+0x8e/0x660\n[ 94.986515] ? count_memcg_events+0x15f/0x3c0\n[ 94.986526] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 94.986540] ? handle_mm_fault+0x1639/0x1ef0\n[ 94.986551] ? vma_start_read+0xf0/0x320\n[ 94.986558] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 94.986561] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 94.986563] ? fpregs_assert_state_consistent+0x50/0xe0\n[ 94.986572] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 94.986574] ? arch_exit_to_user_mode_prepare+0x9/0xb0\n[ 94.986587] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 94.986588] ? irqentry_exit+0x3c/0x590\n[ 94.986595] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 94.986597] RIP: 0033:0x7fda4a79c3ea\n\nFix by extracting the character value before invoking match_char,\nensuring single evaluation per outer loop.", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23406", "https://cdn2.qualys.com/advisory/2026/03/10/crack-armor.txt", "https://git.kernel.org/stable/c/0510d1ba0976f97f521feb2b75b0572ea5df3ceb", "https://git.kernel.org/stable/c/383b7270faf42564f133134c2fc3c24bbae52615", "https://git.kernel.org/stable/c/5a184f7cbdeaad17e16dedf3c17d0cd622edfed8", "https://git.kernel.org/stable/c/8756b68edae37ff546c02091989a4ceab3f20abd", "https://git.kernel.org/stable/c/b73c1dff8a9d7eeaebabf8097a5b2de192f40913", "https://lore.kernel.org/linux-cve-announce/2026040112-CVE-2026-23406-0cb2@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23406", "https://ubuntu.com/blog/apparmor-vulnerability-fixes-available", "https://ubuntu.com/security/vulnerabilities/crackarmor", "https://www.cve.org/CVERecord?id=CVE-2026-23406", "https://www.openwall.com/lists/oss-security/2026/04/01/3" ], "PublishedDate": "2026-04-01T09:16:16.327Z", "LastModifiedDate": "2026-04-02T15:16:33.503Z" }, { "VulnerabilityID": "CVE-2026-23407", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23407", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1c5df06b466c026f1e49bc22948ff8c15412d05aa198efceedbeea4d336ff9e8", "Title": "kernel: apparmor: fix missing bounds check on DEFAULT table in verify_dfa()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix missing bounds check on DEFAULT table in verify_dfa()\n\nThe verify_dfa() function only checks DEFAULT_TABLE bounds when the state\nis not differentially encoded.\n\nWhen the verification loop traverses the differential encoding chain,\nit reads k = DEFAULT_TABLE[j] and uses k as an array index without\nvalidation. A malformed DFA with DEFAULT_TABLE[j] \u003e= state_count,\ntherefore, causes both out-of-bounds reads and writes.\n\n[ 57.179855] ==================================================================\n[ 57.180549] BUG: KASAN: slab-out-of-bounds in verify_dfa+0x59a/0x660\n[ 57.180904] Read of size 4 at addr ffff888100eadec4 by task su/993\n\n[ 57.181554] CPU: 1 UID: 0 PID: 993 Comm: su Not tainted 6.19.0-rc7-next-20260127 #1 PREEMPT(lazy)\n[ 57.181558] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 57.181563] Call Trace:\n[ 57.181572] \u003cTASK\u003e\n[ 57.181577] dump_stack_lvl+0x5e/0x80\n[ 57.181596] print_report+0xc8/0x270\n[ 57.181605] ? verify_dfa+0x59a/0x660\n[ 57.181608] kasan_report+0x118/0x150\n[ 57.181620] ? verify_dfa+0x59a/0x660\n[ 57.181623] verify_dfa+0x59a/0x660\n[ 57.181627] aa_dfa_unpack+0x1610/0x1740\n[ 57.181629] ? __kmalloc_cache_noprof+0x1d0/0x470\n[ 57.181640] unpack_pdb+0x86d/0x46b0\n[ 57.181647] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 57.181653] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 57.181656] ? aa_unpack_nameX+0x1a8/0x300\n[ 57.181659] aa_unpack+0x20b0/0x4c30\n[ 57.181662] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 57.181664] ? stack_depot_save_flags+0x33/0x700\n[ 57.181681] ? kasan_save_track+0x4f/0x80\n[ 57.181683] ? kasan_save_track+0x3e/0x80\n[ 57.181686] ? __kasan_kmalloc+0x93/0xb0\n[ 57.181688] ? __kvmalloc_node_noprof+0x44a/0x780\n[ 57.181693] ? aa_simple_write_to_buffer+0x54/0x130\n[ 57.181697] ? policy_update+0x154/0x330\n[ 57.181704] aa_replace_profiles+0x15a/0x1dd0\n[ 57.181707] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 57.181710] ? __kvmalloc_node_noprof+0x44a/0x780\n[ 57.181712] ? aa_loaddata_alloc+0x77/0x140\n[ 57.181715] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 57.181717] ? _copy_from_user+0x2a/0x70\n[ 57.181730] policy_update+0x17a/0x330\n[ 57.181733] profile_replace+0x153/0x1a0\n[ 57.181735] ? rw_verify_area+0x93/0x2d0\n[ 57.181740] vfs_write+0x235/0xab0\n[ 57.181745] ksys_write+0xb0/0x170\n[ 57.181748] do_syscall_64+0x8e/0x660\n[ 57.181762] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 57.181765] RIP: 0033:0x7f6192792eb2\n\nRemove the MATCH_FLAG_DIFF_ENCODE condition to validate all DEFAULT_TABLE\nentries unconditionally.", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23407", "https://cdn2.qualys.com/advisory/2026/03/10/crack-armor.txt", "https://git.kernel.org/stable/c/5a68e46dfe0c8c8ffc6f425ebc4cae6238566ecc", "https://git.kernel.org/stable/c/76b4d36c5122866452d34d8f79985e191f9c3831", "https://git.kernel.org/stable/c/7c7cf05e0606f554c467e3a4dc49e2e578a755b4", "https://git.kernel.org/stable/c/d352873bbefa7eb39995239d0b44ccdf8aaa79a4", "https://git.kernel.org/stable/c/f39e126e56c6ec1930fae51ad6bca3dae2a4c3ed", "https://lore.kernel.org/linux-cve-announce/2026040112-CVE-2026-23407-297e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23407", "https://ubuntu.com/blog/apparmor-vulnerability-fixes-available", "https://ubuntu.com/security/vulnerabilities/crackarmor", "https://www.cve.org/CVERecord?id=CVE-2026-23407", "https://www.openwall.com/lists/oss-security/2026/04/01/3" ], "PublishedDate": "2026-04-01T09:16:16.527Z", "LastModifiedDate": "2026-04-02T15:16:33.72Z" }, { "VulnerabilityID": "CVE-2026-23408", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23408", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8f240b3a520436409e1927aa9d4f5782b43a682a516ade4683e904a05f9c395f", "Title": "kernel: apparmor: Fix double free of ns_name in aa_replace_profiles()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: Fix double free of ns_name in aa_replace_profiles()\n\nif ns_name is NULL after\n1071 error = aa_unpack(udata, \u0026lh, \u0026ns_name);\n\nand if ent-\u003ens_name contains an ns_name in\n1089 } else if (ent-\u003ens_name) {\n\nthen ns_name is assigned the ent-\u003ens_name\n1095 ns_name = ent-\u003ens_name;\n\nhowever ent-\u003ens_name is freed at\n1262 aa_load_ent_free(ent);\n\nand then again when freeing ns_name at\n1270 kfree(ns_name);\n\nFix this by NULLing out ent-\u003ens_name after it is transferred to ns_name\n\n\")", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23408", "https://cdn2.qualys.com/advisory/2026/03/10/crack-armor.txt", "https://git.kernel.org/stable/c/18b5233e860c294a847ee07869d93c0b8673a54b", "https://git.kernel.org/stable/c/55ef2af7490aaf72f8ffe11ec44c6bcb7eb2162a", "https://git.kernel.org/stable/c/5df0c44e8f5f619d3beb871207aded7c78414502", "https://git.kernel.org/stable/c/7998ab3010d2317643f91828f1853d954ef31387", "https://git.kernel.org/stable/c/86feeccd6b93ed94bd6655f30de80f163f8d5a45", "https://lore.kernel.org/linux-cve-announce/2026040113-CVE-2026-23408-1932@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23408", "https://ubuntu.com/blog/apparmor-vulnerability-fixes-available", "https://ubuntu.com/security/vulnerabilities/crackarmor", "https://www.cve.org/CVERecord?id=CVE-2026-23408", "https://www.openwall.com/lists/oss-security/2026/04/01/3" ], "PublishedDate": "2026-04-01T09:16:16.747Z", "LastModifiedDate": "2026-04-02T15:16:33.94Z" }, { "VulnerabilityID": "CVE-2026-23409", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23409", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:59b6917e58de3776df92b22862b1ccbaa5bb87d578e2ee20b6b9436e233a98d6", "Title": "kernel: apparmor: fix differential encoding verification", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix differential encoding verification\n\nDifferential encoding allows loops to be created if it is abused. To\nprevent this the unpack should verify that a diff-encode chain\nterminates.\n\nUnfortunately the differential encode verification had two bugs.\n\n1. it conflated states that had gone through check and already been\n marked, with states that were currently being checked and marked.\n This means that loops in the current chain being verified are treated\n as a chain that has already been verified.\n\n2. the order bailout on already checked states compared current chain\n check iterators j,k instead of using the outer loop iterator i.\n Meaning a step backwards in states in the current chain verification\n was being mistaken for moving to an already verified state.\n\nMove to a double mark scheme where already verified states get a\ndifferent mark, than the current chain being kept. This enables us\nto also drop the backwards verification check that was the cause of\nthe second error as any already verified state is already marked.", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23409", "https://cdn2.qualys.com/advisory/2026/03/10/crack-armor.txt", "https://git.kernel.org/stable/c/1ff4857fac56ac5a90ee63b24db05fa5e91a45aa", "https://git.kernel.org/stable/c/34fc60b125ed1d4eb002c76b0664bf0619492167", "https://git.kernel.org/stable/c/39440b137546a3aa383cfdabc605fb73811b6093", "https://git.kernel.org/stable/c/623a9d211bbbb031bb1cbdb38b23487648167f8a", "https://git.kernel.org/stable/c/f90e3ecd9e1ed69f1a370f866ceed1f104f3ab4a", "https://lore.kernel.org/linux-cve-announce/2026040113-CVE-2026-23409-ae18@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-23409", "https://ubuntu.com/blog/apparmor-vulnerability-fixes-available", "https://ubuntu.com/security/vulnerabilities/crackarmor", "https://www.cve.org/CVERecord?id=CVE-2026-23409", "https://www.openwall.com/lists/oss-security/2026/04/01/3" ], "PublishedDate": "2026-04-01T09:16:16.913Z", "LastModifiedDate": "2026-04-01T14:23:37.727Z" }, { "VulnerabilityID": "CVE-2026-31788", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31788", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:24e2c6c3f64e91d27ecfddb0a0ca6e202d0fa23161197b33a1f369482cc45a79", "Title": "kernel: xen/privcmd: restrict usage in unprivileged domU", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen/privcmd: restrict usage in unprivileged domU\n\nThe Xen privcmd driver allows to issue arbitrary hypercalls from\nuser space processes. This is normally no problem, as access is\nusually limited to root and the hypervisor will deny any hypercalls\naffecting other domains.\n\nIn case the guest is booted using secure boot, however, the privcmd\ndriver would be enabling a root user process to modify e.g. kernel\nmemory contents, thus breaking the secure boot feature.\n\nThe only known case where an unprivileged domU is really needing to\nuse the privcmd driver is the case when it is acting as the device\nmodel for another guest. In this case all hypercalls issued via the\nprivcmd driver will target that other guest.\n\nFortunately the privcmd driver can already be locked down to allow\nonly hypercalls targeting a specific domain, but this mode can be\nactivated from user land only today.\n\nThe target domain can be obtained from Xenstore, so when not running\nin dom0 restrict the privcmd driver to that target domain from the\nbeginning, resolving the potential problem of breaking secure boot.\n\nThis is XSA-482\n\n---\nV2:\n- defer reading from Xenstore if Xenstore isn't ready yet (Jan Beulich)\n- wait in open() if target domain isn't known yet\n- issue message in case no target domain found (Jan Beulich)", "Severity": "MEDIUM", "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/24/2", "http://www.openwall.com/lists/oss-security/2026/03/24/3", "http://www.openwall.com/lists/oss-security/2026/03/24/4", "http://www.openwall.com/lists/oss-security/2026/03/24/5", "http://www.openwall.com/lists/oss-security/2026/03/26/4", "http://xenbits.xen.org/xsa/advisory-482.html", "https://access.redhat.com/security/cve/CVE-2026-31788", "https://git.kernel.org/linus/1613462be621ad5103ec338a7b0ca0746ec4e5f1", "https://git.kernel.org/linus/453b8fb68f3641fea970db88b7d9a153ed2a37e8", "https://git.kernel.org/stable/c/1879319d790f7d57622cdc22807b60ea78b56b6d", "https://git.kernel.org/stable/c/389bae9a4409934e8b8d4dbdaaf02a3ae71cf8e4", "https://git.kernel.org/stable/c/453b8fb68f3641fea970db88b7d9a153ed2a37e8", "https://git.kernel.org/stable/c/78432d8f0372c71c518096395537fa12be7ff24e", "https://git.kernel.org/stable/c/87a803edb2ded911cb587c53bff179d2a2ed2a28", "https://git.kernel.org/stable/c/cbede2e833da1893afbea9b3ff29b5dda23a4a91", "https://lore.kernel.org/linux-cve-announce/2026032548-CVE-2026-31788-032c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2026-31788", "https://www.cve.org/CVERecord?id=CVE-2026-31788", "https://xenbits.xen.org/xsa/advisory-482.html" ], "PublishedDate": "2026-03-25T11:16:40.513Z", "LastModifiedDate": "2026-04-02T15:16:37.137Z" }, { "VulnerabilityID": "CVE-2017-0537", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-0537", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a7d15201f87cbe74f2b797facd2730a9c3f5d6cd766ef2ba084eef8dc1eac29f", "Description": "An information disclosure vulnerability in the kernel USB gadget driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-31614969.", "Severity": "LOW", "CweIDs": [ "CWE-200" ], "VendorSeverity": { "nvd": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "V2Score": 2.6, "V3Score": 4.7 } }, "References": [ "http://www.securityfocus.com/bid/96831", "http://www.securitytracker.com/id/1037968", "https://android.googlesource.com/kernel/tegra.git/+/389b185cb2f17fff994dbdf8d4bac003d4b2b6b3%5E%21/#F0", "https://lore.kernel.org/lkml/1484647168-30135-1-git-send-email-jilin@nvidia.com/#t", "https://source.android.com/security/bulletin/2017-01-01.html", "https://source.android.com/security/bulletin/2017-03-01", "https://source.android.com/security/bulletin/2017-03-01.html", "https://www.cve.org/CVERecord?id=CVE-2017-0537" ], "PublishedDate": "2017-03-08T01:59:03.127Z", "LastModifiedDate": "2025-04-20T01:37:25.86Z" }, { "VulnerabilityID": "CVE-2017-13165", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13165", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:feeef126fd308b067f14eb1bf344937e39b48bd848784343e6bb552894df61f0", "Description": "An elevation of privilege vulnerability in the kernel file system. Product: Android. Versions: Android kernel. Android ID A-31269937.", "Severity": "LOW", "VendorSeverity": { "nvd": 3, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V2Score": 4.6, "V3Score": 7.8 } }, "References": [ "https://github.com/aosp-mirror/platform_system_core/commit/15ffc53f6d57a46e3041453865311035a18e047a", "https://source.android.com/security/bulletin/pixel/2017-12-01", "https://www.cve.org/CVERecord?id=CVE-2017-13165" ], "PublishedDate": "2017-12-06T14:29:01.333Z", "LastModifiedDate": "2025-04-20T01:37:25.86Z" }, { "VulnerabilityID": "CVE-2017-13693", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13693", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:041ebacc776ec8eba6fdb0b8066d7ba17d031daf74c571218686a74757f373e3", "Title": "kernel: ACPI operand cache leak in dsutils.c", "Description": "The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.", "Severity": "LOW", "CweIDs": [ "CWE-200" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V2Score": 4.9, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "V3Score": 3.3 } }, "References": [ "http://www.securityfocus.com/bid/100502", "https://access.redhat.com/security/cve/CVE-2017-13693", "https://github.com/acpica/acpica/pull/295", "https://github.com/acpica/acpica/pull/295/commits/987a3b5cf7175916e2a4b6ea5b8e70f830dfe732", "https://nvd.nist.gov/vuln/detail/CVE-2017-13693", "https://patchwork.kernel.org/patch/9919053/", "https://www.cve.org/CVERecord?id=CVE-2017-13693" ], "PublishedDate": "2017-08-25T08:29:00.273Z", "LastModifiedDate": "2025-04-20T01:37:25.86Z" }, { "VulnerabilityID": "CVE-2018-1121", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1121", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:55845e52b4d510171a1a4a65a62e4e71d5667732750d82534cb54efc71722f7a", "Title": "procps: process hiding through race condition enumerating /proc", "Description": "procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.", "Severity": "LOW", "CweIDs": [ "CWE-367", "CWE-362" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V2Score": 4.3, "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "V3Score": 3.9 } }, "References": [ "http://seclists.org/oss-sec/2018/q2/122", "http://www.securityfocus.com/bid/104214", "https://access.redhat.com/security/cve/CVE-2018-1121", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1121", "https://nvd.nist.gov/vuln/detail/CVE-2018-1121", "https://www.cve.org/CVERecord?id=CVE-2018-1121", "https://www.exploit-db.com/exploits/44806/", "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" ], "PublishedDate": "2018-06-13T20:29:00.337Z", "LastModifiedDate": "2024-11-21T03:59:13.5Z" }, { "VulnerabilityID": "CVE-2018-12928", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12928", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:57edf168b5681c5133c665d633e3ba1bf27d1a975dafb94e3cd4e2c12d98394b", "Title": "kernel: NULL pointer dereference in hfs_ext_read_extent in hfs.ko", "Description": "In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. This can occur during a mount of a crafted hfs filesystem.", "Severity": "LOW", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V2Score": 4.9, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5 } }, "References": [ "http://www.securityfocus.com/bid/104593", "https://access.redhat.com/security/cve/CVE-2018-12928", "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763384", "https://groups.google.com/forum/#!msg/syzkaller-bugs/9SgQk_6tSZ4/zLhTm4r1AwAJ", "https://linux.oracle.com/cve/CVE-2018-12928.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-fsdevel/20180418173028.GA30953@bombadil.infradead.org/", "https://marc.info/?l=linux-fsdevel\u0026m=152407263325766\u0026w=2", "https://nvd.nist.gov/vuln/detail/CVE-2018-12928", "https://www.cve.org/CVERecord?id=CVE-2018-12928" ], "PublishedDate": "2018-06-28T14:29:00.353Z", "LastModifiedDate": "2024-11-21T03:46:07.97Z" }, { "VulnerabilityID": "CVE-2018-12929", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12929", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:64a5d7ada802cd034f337e13ecf3efae3db2b3a342027dbc14e4951bd43772ac", "Title": "kernel: use-after-free in ntfs_read_locked_inode in the ntfs.ko", "Description": "ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service (kernel oops or panic) via a crafted ntfs filesystem.", "Severity": "LOW", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V2Score": 4.9, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.6 } }, "References": [ "http://www.securityfocus.com/bid/104588", "https://access.redhat.com/errata/RHSA-2019:0641", "https://access.redhat.com/security/cve/CVE-2018-12929", "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403", "https://marc.info/?l=linux-ntfs-dev\u0026m=152413769810234\u0026w=2", "https://nvd.nist.gov/vuln/detail/CVE-2018-12929", "https://www.cve.org/CVERecord?id=CVE-2018-12929" ], "PublishedDate": "2018-06-28T14:29:00.417Z", "LastModifiedDate": "2024-11-21T03:46:08.123Z" }, { "VulnerabilityID": "CVE-2018-12930", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12930", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:019cdba6c0f16d4f167c730ec7c94e0d17310efb8f727f64e445b0394a5a5507", "Title": "kernel: stack-based out-of-bounds write in ntfs_end_buffer_async_read in the ntfs.ko", "Description": "ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.", "Severity": "LOW", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "nvd": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V2Score": 7.2, "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.6 } }, "References": [ "http://www.securityfocus.com/bid/104588", "https://access.redhat.com/errata/RHSA-2019:0641", "https://access.redhat.com/security/cve/CVE-2018-12930", "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403", "https://marc.info/?l=linux-ntfs-dev\u0026m=152413769810234\u0026w=2", "https://nvd.nist.gov/vuln/detail/CVE-2018-12930", "https://www.cve.org/CVERecord?id=CVE-2018-12930" ], "PublishedDate": "2018-06-28T14:29:00.463Z", "LastModifiedDate": "2024-11-21T03:46:08.27Z" }, { "VulnerabilityID": "CVE-2018-12931", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12931", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c1863ccf32a5129c8da084bca4ae49fc1c2f7089aabdde2a39844ff949e6df16", "Title": "kernel: stack-based out-of-bounds write in ntfs_attr_find in the ntfs.ko", "Description": "ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.", "Severity": "LOW", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "nvd": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V2Score": 7.2, "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.6 } }, "References": [ "http://www.securityfocus.com/bid/104588", "https://access.redhat.com/errata/RHSA-2019:0641", "https://access.redhat.com/security/cve/CVE-2018-12931", "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403", "https://marc.info/?l=linux-ntfs-dev\u0026m=152413769810234\u0026w=2", "https://nvd.nist.gov/vuln/detail/CVE-2018-12931", "https://www.cve.org/CVERecord?id=CVE-2018-12931" ], "PublishedDate": "2018-06-28T14:29:00.51Z", "LastModifiedDate": "2024-11-21T03:46:08.427Z" }, { "VulnerabilityID": "CVE-2019-14899", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14899", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ff9e916015f68daa03c73a6da0fcecc9c0dfd425cdba17a004f96c85ccce3c6c", "Title": "VPN: an attacker can inject data into the TCP stream which allows a hijack of active connections inside the VPN tunnel", "Description": "A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.", "Severity": "LOW", "CweIDs": [ "CWE-300" ], "VendorSeverity": { "nvd": 3, "redhat": 3, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:A/AC:M/Au:S/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "V2Score": 4.9, "V3Score": 7.4 }, "redhat": { "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.4 } }, "References": [ "http://seclists.org/fulldisclosure/2020/Dec/32", "http://seclists.org/fulldisclosure/2020/Jul/23", "http://seclists.org/fulldisclosure/2020/Jul/24", "http://seclists.org/fulldisclosure/2020/Jul/25", "http://seclists.org/fulldisclosure/2020/Nov/20", "http://www.openwall.com/lists/oss-security/2020/08/13/2", "http://www.openwall.com/lists/oss-security/2020/10/07/3", "http://www.openwall.com/lists/oss-security/2021/07/05/1", "https://access.redhat.com/security/cve/CVE-2019-14899", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14899", "https://nvd.nist.gov/vuln/detail/CVE-2019-14899", "https://openvpn.net/security-advisory/no-flaws-found-in-openvpn-software/", "https://support.apple.com/kb/HT211288", "https://support.apple.com/kb/HT211289", "https://support.apple.com/kb/HT211290", "https://support.apple.com/kb/HT211850", "https://support.apple.com/kb/HT211931", "https://www.cve.org/CVERecord?id=CVE-2019-14899", "https://www.openwall.com/lists/oss-security/2019/12/05/1" ], "PublishedDate": "2019-12-11T15:15:14.263Z", "LastModifiedDate": "2024-11-21T04:27:38.59Z" }, { "VulnerabilityID": "CVE-2019-15213", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-15213", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:942c22f36b9338fffc5aebead49ff5a4e652263624928064c595ca2c9e517546", "Title": "kernel: use-after-free caused by malicious USB device in drivers/media/usb/dvb-usb/dvb-usb-init.c", "Description": "An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.", "Severity": "LOW", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 4.9, "V3Score": 4.6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 4.3 } }, "References": [ "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html", "http://www.openwall.com/lists/oss-security/2019/08/20/2", "https://access.redhat.com/security/cve/CVE-2019-15213", "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3", "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cf97230cd5f36b7665099083272595c55d72be7", "https://linux.oracle.com/cve/CVE-2019-15213.html", "https://linux.oracle.com/errata/ELSA-2019-4872.html", "https://lore.kernel.org/linux-media/fe983331d14442a96db3f71066ca0488a8921840.camel@decadent.org.uk/", "https://nvd.nist.gov/vuln/detail/CVE-2019-15213", "https://security.netapp.com/advisory/ntap-20190905-0002/", "https://syzkaller.appspot.com/bug?id=a53c9c9dd2981bfdbfbcbc1ddbd35595eda8bced", "https://www.cve.org/CVERecord?id=CVE-2019-15213" ], "PublishedDate": "2019-08-19T22:15:11.253Z", "LastModifiedDate": "2024-11-21T04:28:12.273Z" }, { "VulnerabilityID": "CVE-2019-19378", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19378", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:52e452c025a3b45dac5d2d7cd397f27fa8ec16e26ab91a6e6b5ee107cd9a8ba2", "Title": "kernel: out-of-bounds write in index_rbio_pages in fs/btrfs/raid56.c", "Description": "In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c.", "Severity": "LOW", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "nvd": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V2Score": 6.8, "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2019-19378", "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19378", "https://nvd.nist.gov/vuln/detail/CVE-2019-19378", "https://security.netapp.com/advisory/ntap-20200103-0001/", "https://www.cve.org/CVERecord?id=CVE-2019-19378" ], "PublishedDate": "2019-11-29T17:15:11.84Z", "LastModifiedDate": "2024-11-21T04:34:40.707Z" }, { "VulnerabilityID": "CVE-2019-19814", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19814", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b56da6702fb9694d251f4395e3feaecd870a07feab282ac50b5a0b05b895976b", "Title": "kernel: out-of-bounds write in __remove_dirty_segment in fs/f2fs/segment.c", "Description": "In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this.", "Severity": "LOW", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "nvd": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V2Score": 9.3, "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H", "V3Score": 7.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2019-19814", "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19814", "https://nvd.nist.gov/vuln/detail/CVE-2019-19814", "https://security.netapp.com/advisory/ntap-20200103-0001/", "https://www.cve.org/CVERecord?id=CVE-2019-19814" ], "PublishedDate": "2019-12-17T06:15:12.843Z", "LastModifiedDate": "2024-11-21T04:35:26.68Z" }, { "VulnerabilityID": "CVE-2019-20426", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20426", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:831bfd76c88cf6cb6a5aedcb9b619d4a38e8ad5495ea3c5c3c1f824fa1bedc85", "Description": "In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function ldlm_cancel_hpreq_check, there is no lock_count bounds check.", "Severity": "LOW", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "nvd": 3, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 7.8, "V3Score": 7.5 } }, "References": [ "http://lustre.org/", "http://wiki.lustre.org/Lustre_2.12.3_Changelog", "https://jira.whamcloud.com/browse/LU-12614", "https://review.whamcloud.com/#/c/36107/", "https://www.cve.org/CVERecord?id=CVE-2019-20426" ], "PublishedDate": "2020-01-27T05:15:11.873Z", "LastModifiedDate": "2024-11-21T04:38:26.733Z" }, { "VulnerabilityID": "CVE-2020-14304", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-14304", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:676584677aac0686bb54202cdb2f9344e0433f4f4fb256bad941a41474f8cfc4", "Title": "kernel: ethtool when reading eeprom of device could lead to memory leak", "Description": "A memory disclosure flaw was found in the Linux kernel's ethernet drivers, in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality.", "Severity": "LOW", "CweIDs": [ "CWE-460", "CWE-755" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "V2Score": 2.1, "V3Score": 4.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2020-14304", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960702", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14304", "https://linux.oracle.com/cve/CVE-2020-14304.html", "https://linux.oracle.com/errata/ELSA-2021-9410.html", "https://lore.kernel.org/netdev/20200517172053.GA734488@decadent.org.uk/T/", "https://nvd.nist.gov/vuln/detail/CVE-2020-14304", "https://www.cve.org/CVERecord?id=CVE-2020-14304" ], "PublishedDate": "2020-09-15T20:15:13.103Z", "LastModifiedDate": "2024-11-21T05:02:57.97Z" }, { "VulnerabilityID": "CVE-2020-35501", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-35501", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:756090ffe80b4f41b84e3a5e5e23a284f68d524bc65fcde2cdd5c7f58230affb", "Title": "kernel: audit not logging access to syscall open_by_handle_at for users with CAP_DAC_READ_SEARCH capability", "Description": "A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem", "Severity": "LOW", "CweIDs": [ "CWE-863" ], "VendorSeverity": { "cbl-mariner": 1, "nvd": 1, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "V2Score": 3.6, "V3Score": 3.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "V3Score": 3.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2020-35501", "https://bugzilla.redhat.com/show_bug.cgi?id=1908577", "https://listman.redhat.com/archives/linux-audit/2018-July/msg00041.html", "https://nvd.nist.gov/vuln/detail/CVE-2020-35501", "https://www.cve.org/CVERecord?id=CVE-2020-35501", "https://www.openwall.com/lists/oss-security/2021/02/18/1" ], "PublishedDate": "2022-03-30T16:15:08.673Z", "LastModifiedDate": "2024-11-21T05:27:26.22Z" }, { "VulnerabilityID": "CVE-2021-26934", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-26934", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:09a904883ecbbdb7f44e31fc90437a3cc60ba2998246d2ee9713b32dda2d3d32", "Title": "An issue was discovered in the Linux kernel 4.18 through 5.10.16, as u ...", "Description": "An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn't stated accordingly in its support status entry.", "Severity": "LOW", "VendorSeverity": { "cbl-mariner": 3, "nvd": 3, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V2Score": 4.6, "V3Score": 7.8 } }, "References": [ "http://xenbits.xen.org/xsa/advisory-363.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GELN5E6MDR5KQBJF5M5COUUED3YFZTD/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOAJBVAVR6RSCUCHNXPVSNRPSFM7INMP/", "https://nvd.nist.gov/vuln/detail/CVE-2021-26934", "https://security.netapp.com/advisory/ntap-20210326-0001/", "https://www.cve.org/CVERecord?id=CVE-2021-26934", "https://www.openwall.com/lists/oss-security/2021/02/16/2", "https://xenbits.xen.org/xsa/advisory-363.html" ], "PublishedDate": "2021-02-17T02:15:13.143Z", "LastModifiedDate": "2024-11-21T05:57:04.8Z" }, { "VulnerabilityID": "CVE-2022-3114", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3114", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d2fee58c9a0f282601f97e500104a11f2f29609eb783cfd73bdecb22133a3aea", "Title": "kernel: clk: imx: NULL pointer dereference in imx_register_uart_clocks()", "Description": "An issue was discovered in the Linux kernel through 5.16-rc6. imx_register_uart_clocks in drivers/clk/imx/clk.c lacks check of the return value of kcalloc() and will cause the null pointer dereference.", "Severity": "LOW", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "cbl-mariner": 2, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-3114", "https://bugzilla.redhat.com/show_bug.cgi?id=2153054", "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2\u0026id=ed713e2bc093239ccd380c2ce8ae9e4162f5c037", "https://nvd.nist.gov/vuln/detail/CVE-2022-3114", "https://www.cve.org/CVERecord?id=CVE-2022-3114" ], "PublishedDate": "2022-12-14T21:15:12.783Z", "LastModifiedDate": "2025-04-22T14:15:21.347Z" }, { "VulnerabilityID": "CVE-2022-41848", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41848", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a5e2574d511e668c61e801ff30c7c20ba427f296f48c98e0a6d2943aaad864a5", "Title": "kernel: Race condition between mgslpc_ioctl and mgslpc_detach", "Description": "drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach.", "Severity": "LOW", "CweIDs": [ "CWE-362", "CWE-416" ], "VendorSeverity": { "cbl-mariner": 2, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.2 }, "redhat": { "V3Vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-41848", "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/char/pcmcia/synclink_cs.c", "https://lore.kernel.org/lkml/20220919040251.GA302541%40ubuntu/T/#rc85e751f467b3e6f9ccef92cfa7fb8a6cc50c270", "https://lore.kernel.org/lkml/20220919040251.GA302541@ubuntu/T/#rc85e751f467b3e6f9ccef92cfa7fb8a6cc50c270", "https://nvd.nist.gov/vuln/detail/CVE-2022-41848", "https://www.cve.org/CVERecord?id=CVE-2022-41848" ], "PublishedDate": "2022-09-30T06:15:11.58Z", "LastModifiedDate": "2025-05-20T20:15:27.49Z" }, { "VulnerabilityID": "CVE-2022-44032", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-44032", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6dde1ade100d1a2eaec1aa38d833ecdc2411ba312151eb4ef43b80e11cffc63a", "Title": "Kernel: Race between cmm_open() and cm4000_detach() result in UAF", "Description": "An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4000_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cmm_open() and cm4000_detach().", "Severity": "LOW", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "cbl-mariner": 2, "nvd": 2, "redhat": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-44032", "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b12f050c76f090cc6d0aebe0ef76fed79ec3f15", "https://lore.kernel.org/lkml/20220915020834.GA110086%40ubuntu/", "https://lore.kernel.org/lkml/20220915020834.GA110086@ubuntu/", "https://lore.kernel.org/lkml/20220919040701.GA302806%40ubuntu/", "https://lore.kernel.org/lkml/20220919040701.GA302806@ubuntu/", "https://nvd.nist.gov/vuln/detail/CVE-2022-44032", "https://www.cve.org/CVERecord?id=CVE-2022-44032" ], "PublishedDate": "2022-10-30T01:15:08.823Z", "LastModifiedDate": "2024-11-21T07:27:34.457Z" }, { "VulnerabilityID": "CVE-2022-44033", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-44033", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9ed13ce01b19eb3ea5a45fe5bd9834198bedf2d22191ed89e7659883130de5ab", "Title": "Kernel: A race condition between cm4040_open() and reader_detach() may result in UAF", "Description": "An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cm4040_open() and reader_detach().", "Severity": "LOW", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "cbl-mariner": 2, "nvd": 2, "redhat": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-44033", "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b12f050c76f090cc6d0aebe0ef76fed79ec3f15", "https://lore.kernel.org/lkml/20220915020834.GA110086%40ubuntu/", "https://lore.kernel.org/lkml/20220915020834.GA110086@ubuntu/", "https://lore.kernel.org/lkml/20220919040457.GA302681%40ubuntu/", "https://lore.kernel.org/lkml/20220919040457.GA302681@ubuntu/", "https://nvd.nist.gov/vuln/detail/CVE-2022-44033", "https://www.cve.org/CVERecord?id=CVE-2022-44033" ], "PublishedDate": "2022-10-30T01:15:08.88Z", "LastModifiedDate": "2024-11-21T07:27:34.69Z" }, { "VulnerabilityID": "CVE-2022-44034", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-44034", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b3c28f3d70a2a18ad88b2ee8f04f920be874bb37846fd5c1e49015f873df5871", "Title": "Kernel: A use-after-free due to race between scr24x_open() and scr24x_remove()", "Description": "An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/scr24x_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between scr24x_open() and scr24x_remove().", "Severity": "LOW", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "cbl-mariner": 2, "nvd": 2, "redhat": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-44034", "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b12f050c76f090cc6d0aebe0ef76fed79ec3f15", "https://lore.kernel.org/lkml/20220916050333.GA188358%40ubuntu/", "https://lore.kernel.org/lkml/20220916050333.GA188358@ubuntu/", "https://lore.kernel.org/lkml/20220919101825.GA313940%40ubuntu/", "https://lore.kernel.org/lkml/20220919101825.GA313940@ubuntu/", "https://nvd.nist.gov/vuln/detail/CVE-2022-44034", "https://www.cve.org/CVERecord?id=CVE-2022-44034" ], "PublishedDate": "2022-10-30T01:15:08.937Z", "LastModifiedDate": "2024-11-21T07:27:34.847Z" }, { "VulnerabilityID": "CVE-2022-45885", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-45885", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a8610740231992458692484c38b1188fd92b8f7b065cec4d52bcf133bd3dba59", "Title": "kernel: use-after-free due to race condition occurring in dvb_frontend.c", "Description": "An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.", "Severity": "LOW", "CweIDs": [ "CWE-362", "CWE-416" ], "VendorSeverity": { "cbl-mariner": 3, "nvd": 3, "oracle-oval": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-45885", "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6769a0b7ee0c3b31e1b22c3fadff2bfb642de23f", "https://linux.oracle.com/cve/CVE-2022-45885.html", "https://linux.oracle.com/errata/ELSA-2023-12207.html", "https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com/", "https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel@gmail.com/", "https://lore.kernel.org/linux-media/20221115131822.6640-2-imv4bel%40gmail.com/", "https://lore.kernel.org/linux-media/20221115131822.6640-2-imv4bel@gmail.com/", "https://lore.kernel.org/linux-media/20221117045925.14297-2-imv4bel@gmail.com/", "https://nvd.nist.gov/vuln/detail/CVE-2022-45885", "https://security.netapp.com/advisory/ntap-20230113-0006/", "https://www.cve.org/CVERecord?id=CVE-2022-45885" ], "PublishedDate": "2022-11-25T04:15:09.23Z", "LastModifiedDate": "2025-04-29T14:15:28.103Z" }, { "VulnerabilityID": "CVE-2022-45888", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-45888", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e53e50b434b20d80605a5d1d09f64cd2b339fc59fb847d16c5287963137e2bea", "Title": "kernel: use-after-free due to race condition in drivers/char/xillybus/xillyusb.c", "Description": "An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device.", "Severity": "LOW", "CweIDs": [ "CWE-362", "CWE-416" ], "VendorSeverity": { "cbl-mariner": 2, "nvd": 2, "redhat": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-45888", "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=282a4b71816b6076029017a7bab3a9dcee12a920", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/all/20221022175404.GA375335%40ubuntu/", "https://lore.kernel.org/all/20221022175404.GA375335@ubuntu/", "https://nvd.nist.gov/vuln/detail/CVE-2022-45888", "https://security.netapp.com/advisory/ntap-20230113-0006/", "https://www.cve.org/CVERecord?id=CVE-2022-45888" ], "PublishedDate": "2022-11-25T04:15:09.36Z", "LastModifiedDate": "2025-11-03T22:16:01.383Z" }, { "VulnerabilityID": "CVE-2023-33053", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-33053", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ba55112094b3caf4ec8e5eab0f05bea724b5893bb04f2b54b21d298b69916464", "Description": "Memory corruption in Kernel while parsing metadata.", "Severity": "LOW", "CweIDs": [ "CWE-129" ], "VendorSeverity": { "nvd": 3, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://git.codelinaro.org/clo/la/kernel/msm-5.4/-/commit/06426824a281c9aef5bf0c50927eae9c7431db1e", "https://www.cve.org/CVERecord?id=CVE-2023-33053", "https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin" ], "PublishedDate": "2023-12-05T03:15:11.707Z", "LastModifiedDate": "2025-08-11T15:06:17.607Z" }, { "VulnerabilityID": "CVE-2023-4010", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-4010", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c3dc0caa2f0ad38b27b07836fa3494d5ef2ec09b865d90225094b8cf95b8e7b0", "Title": "kernel: usb: hcd: malformed USB descriptor leads to infinite loop in usb_giveback_urb()", "Description": "A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usb_giveback_urb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descriptor file, so it falls into an endless loop, resulting in a denial of service.", "Severity": "LOW", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-4010", "https://bugzilla.redhat.com/show_bug.cgi?id=2227726", "https://github.com/wanrenmi/a-usb-kernel-bug", "https://github.com/wanrenmi/a-usb-kernel-bug/issues/1", "https://nvd.nist.gov/vuln/detail/CVE-2023-4010", "https://www.cve.org/CVERecord?id=CVE-2023-4010" ], "PublishedDate": "2023-07-31T17:15:10.277Z", "LastModifiedDate": "2024-11-21T08:34:13.383Z" }, { "VulnerabilityID": "CVE-2023-4133", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-4133", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d2270d0de860923ca97d0497c1c273dd12f8719b87a7616e789c848b746c7762", "Title": "kernel: cxgb4: use-after-free in ch_flower_stats_cb()", "Description": "A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition.", "Severity": "LOW", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "alma": 3, "nvd": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2394", "https://access.redhat.com/errata/RHSA-2024:2950", "https://access.redhat.com/errata/RHSA-2024:3138", "https://access.redhat.com/security/cve/CVE-2023-4133", "https://bugzilla.redhat.com/1918601", "https://bugzilla.redhat.com/2049700", "https://bugzilla.redhat.com/2133452", "https://bugzilla.redhat.com/2151959", "https://bugzilla.redhat.com/2177759", "https://bugzilla.redhat.com/2185519", "https://bugzilla.redhat.com/2188102", "https://bugzilla.redhat.com/2210024", "https://bugzilla.redhat.com/2213132", "https://bugzilla.redhat.com/2218332", "https://bugzilla.redhat.com/2219359", "https://bugzilla.redhat.com/2221039", "https://bugzilla.redhat.com/2221463", "https://bugzilla.redhat.com/2221702", "https://bugzilla.redhat.com/2226777", "https://bugzilla.redhat.com/2226787", "https://bugzilla.redhat.com/2226788", "https://bugzilla.redhat.com/2231410", "https://bugzilla.redhat.com/2239845", "https://bugzilla.redhat.com/2239848", "https://bugzilla.redhat.com/2244720", "https://bugzilla.redhat.com/2246980", "https://bugzilla.redhat.com/2250043", "https://bugzilla.redhat.com/2252731", "https://bugzilla.redhat.com/2253034", "https://bugzilla.redhat.com/2253632", "https://bugzilla.redhat.com/2254961", "https://bugzilla.redhat.com/2254982", "https://bugzilla.redhat.com/2255283", "https://bugzilla.redhat.com/2255498", "https://bugzilla.redhat.com/2256490", "https://bugzilla.redhat.com/2256822", "https://bugzilla.redhat.com/2257682", "https://bugzilla.redhat.com/2258013", "https://bugzilla.redhat.com/2258518", "https://bugzilla.redhat.com/2260005", "https://bugzilla.redhat.com/2262126", "https://bugzilla.redhat.com/2262127", "https://bugzilla.redhat.com/2265285", "https://bugzilla.redhat.com/2265517", "https://bugzilla.redhat.com/2265518", "https://bugzilla.redhat.com/2265519", "https://bugzilla.redhat.com/2265520", "https://bugzilla.redhat.com/2265645", "https://bugzilla.redhat.com/2265646", "https://bugzilla.redhat.com/2265653", "https://bugzilla.redhat.com/2267041", "https://bugzilla.redhat.com/2267695", "https://bugzilla.redhat.com/2267750", "https://bugzilla.redhat.com/2267758", "https://bugzilla.redhat.com/2267760", "https://bugzilla.redhat.com/2267761", "https://bugzilla.redhat.com/2267788", "https://bugzilla.redhat.com/2267795", "https://bugzilla.redhat.com/2269189", "https://bugzilla.redhat.com/2269217", "https://bugzilla.redhat.com/2270080", "https://bugzilla.redhat.com/2270118", "https://bugzilla.redhat.com/2270883", "https://bugzilla.redhat.com/show_bug.cgi?id=1731000", "https://bugzilla.redhat.com/show_bug.cgi?id=1746732", "https://bugzilla.redhat.com/show_bug.cgi?id=1888726", "https://bugzilla.redhat.com/show_bug.cgi?id=1930388", "https://bugzilla.redhat.com/show_bug.cgi?id=1999589", "https://bugzilla.redhat.com/show_bug.cgi?id=2039178", "https://bugzilla.redhat.com/show_bug.cgi?id=2043520", "https://bugzilla.redhat.com/show_bug.cgi?id=2044578", "https://bugzilla.redhat.com/show_bug.cgi?id=2150953", "https://bugzilla.redhat.com/show_bug.cgi?id=2151959", "https://bugzilla.redhat.com/show_bug.cgi?id=2177759", "https://bugzilla.redhat.com/show_bug.cgi?id=2179892", "https://bugzilla.redhat.com/show_bug.cgi?id=2213132", "https://bugzilla.redhat.com/show_bug.cgi?id=2218332", "https://bugzilla.redhat.com/show_bug.cgi?id=2219359", "https://bugzilla.redhat.com/show_bug.cgi?id=2221039", "https://bugzilla.redhat.com/show_bug.cgi?id=2221463", "https://bugzilla.redhat.com/show_bug.cgi?id=2221702", "https://bugzilla.redhat.com/show_bug.cgi?id=2226777", "https://bugzilla.redhat.com/show_bug.cgi?id=2226784", "https://bugzilla.redhat.com/show_bug.cgi?id=2226787", "https://bugzilla.redhat.com/show_bug.cgi?id=2226788", "https://bugzilla.redhat.com/show_bug.cgi?id=2230042", "https://bugzilla.redhat.com/show_bug.cgi?id=2231130", "https://bugzilla.redhat.com/show_bug.cgi?id=2231410", "https://bugzilla.redhat.com/show_bug.cgi?id=2235306", "https://bugzilla.redhat.com/show_bug.cgi?id=2239845", "https://bugzilla.redhat.com/show_bug.cgi?id=2239847", "https://bugzilla.redhat.com/show_bug.cgi?id=2244720", "https://bugzilla.redhat.com/show_bug.cgi?id=2250043", "https://bugzilla.redhat.com/show_bug.cgi?id=2253632", "https://bugzilla.redhat.com/show_bug.cgi?id=2254961", "https://bugzilla.redhat.com/show_bug.cgi?id=2254982", "https://bugzilla.redhat.com/show_bug.cgi?id=2255283", "https://bugzilla.redhat.com/show_bug.cgi?id=2256490", "https://bugzilla.redhat.com/show_bug.cgi?id=2256822", "https://bugzilla.redhat.com/show_bug.cgi?id=2257682", "https://bugzilla.redhat.com/show_bug.cgi?id=2257979", "https://bugzilla.redhat.com/show_bug.cgi?id=2265285", "https://bugzilla.redhat.com/show_bug.cgi?id=2265653", "https://bugzilla.redhat.com/show_bug.cgi?id=2267695", "https://bugzilla.redhat.com/show_bug.cgi?id=2267750", "https://bugzilla.redhat.com/show_bug.cgi?id=2267760", "https://bugzilla.redhat.com/show_bug.cgi?id=2267761", "https://bugzilla.redhat.com/show_bug.cgi?id=2269189", "https://bugzilla.redhat.com/show_bug.cgi?id=2269217", "https://bugzilla.redhat.com/show_bug.cgi?id=2270836", "https://bugzilla.redhat.com/show_bug.cgi?id=2270883", "https://bugzilla.redhat.com/show_bug.cgi?id=2272811", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15505", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25656", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3753", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4204", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0500", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23222", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3565", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45934", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1513", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24023", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25775", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28464", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31083", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3567", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37453", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38409", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39189", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39192", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39193", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39194", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39198", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4133", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4244", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42754", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42755", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45863", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51779", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51780", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52340", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52434", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52448", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52489", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52574", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52580", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52581", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52620", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6121", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6176", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6622", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6915", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6932", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0841", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25742", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25743", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26602", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26609", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26671", "https://errata.almalinux.org/9/ALSA-2024-2394.html", "https://errata.rockylinux.org/RLSA-2024:3138", "https://git.kernel.org/linus/e50b9b9e8610d47b7c22529443e45a16b1ea3a15 (6.3)", "https://linux.oracle.com/cve/CVE-2023-4133.html", "https://linux.oracle.com/errata/ELSA-2024-3138.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-4133", "https://www.cve.org/CVERecord?id=CVE-2023-4133" ], "PublishedDate": "2023-08-03T15:15:33.94Z", "LastModifiedDate": "2024-11-21T08:34:27.58Z" }, { "VulnerabilityID": "CVE-2023-52749", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52749", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:090fd7fb2010651ef05b07ebf536b996e75947d53eebc6b6d1d72a76a5dc7072", "Title": "kernel: spi: Fix null dereference on suspend", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: Fix null dereference on suspend\n\nA race condition exists where a synchronous (noqueue) transfer can be\nactive during a system suspend. This can cause a null pointer\ndereference exception to occur when the system resumes.\n\nExample order of events leading to the exception:\n1. spi_sync() calls __spi_transfer_message_noqueue() which sets\n ctlr-\u003ecur_msg\n2. Spi transfer begins via spi_transfer_one_message()\n3. System is suspended interrupting the transfer context\n4. System is resumed\n6. spi_controller_resume() calls spi_start_queue() which resets cur_msg\n to NULL\n7. Spi transfer context resumes and spi_finalize_current_message() is\n called which dereferences cur_msg (which is now NULL)\n\nWait for synchronous transfers to complete before suspending by\nacquiring the bus mutex and setting/checking a suspend flag.", "Severity": "LOW", "CweIDs": [ "CWE-362", "CWE-476" ], "VendorSeverity": { "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-52749", "https://git.kernel.org/linus/bef4a48f4ef798c4feddf045d49e53c8a97d5e37 (6.7-rc1)", "https://git.kernel.org/stable/c/4ec4508db97502a12daee88c74782e8d35ced068", "https://git.kernel.org/stable/c/96474ea47dc67b0704392d59192b233c8197db0e", "https://git.kernel.org/stable/c/bef4a48f4ef798c4feddf045d49e53c8a97d5e37", "https://linux.oracle.com/cve/CVE-2023-52749.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lore.kernel.org/linux-cve-announce/2024052144-CVE-2023-52749-684e@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-52749", "https://www.cve.org/CVERecord?id=CVE-2023-52749" ], "PublishedDate": "2024-05-21T16:15:14.587Z", "LastModifiedDate": "2025-01-06T20:41:06.263Z" }, { "VulnerabilityID": "CVE-2023-53052", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-53052", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6b7f6de3683f0e08107961bcfc47378b639f3cc373ef712d68aff7b7ac3eff44", "Title": "kernel: cifs: fix use-after-free bug in refresh_cache_worker()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix use-after-free bug in refresh_cache_worker()\n\nThe UAF bug occurred because we were putting DFS root sessions in\ncifs_umount() while DFS cache refresher was being executed.\n\nMake DFS root sessions have same lifetime as DFS tcons so we can avoid\nthe use-after-free bug is DFS cache refresher and other places that\nrequire IPCs to get new DFS referrals on. Also, get rid of mount\ngroup handling in DFS cache as we no longer need it.\n\nThis fixes below use-after-free bug catched by KASAN\n\n[ 379.946955] BUG: KASAN: use-after-free in __refresh_tcon.isra.0+0x10b/0xc10 [cifs]\n[ 379.947642] Read of size 8 at addr ffff888018f57030 by task kworker/u4:3/56\n[ 379.948096]\n[ 379.948208] CPU: 0 PID: 56 Comm: kworker/u4:3 Not tainted 6.2.0-rc7-lku #23\n[ 379.948661] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS\nrel-1.16.0-0-gd239552-rebuilt.opensuse.org 04/01/2014\n[ 379.949368] Workqueue: cifs-dfscache refresh_cache_worker [cifs]\n[ 379.949942] Call Trace:\n[ 379.950113] \u003cTASK\u003e\n[ 379.950260] dump_stack_lvl+0x50/0x67\n[ 379.950510] print_report+0x16a/0x48e\n[ 379.950759] ? __virt_addr_valid+0xd8/0x160\n[ 379.951040] ? __phys_addr+0x41/0x80\n[ 379.951285] kasan_report+0xdb/0x110\n[ 379.951533] ? __refresh_tcon.isra.0+0x10b/0xc10 [cifs]\n[ 379.952056] ? __refresh_tcon.isra.0+0x10b/0xc10 [cifs]\n[ 379.952585] __refresh_tcon.isra.0+0x10b/0xc10 [cifs]\n[ 379.953096] ? __pfx___refresh_tcon.isra.0+0x10/0x10 [cifs]\n[ 379.953637] ? __pfx___mutex_lock+0x10/0x10\n[ 379.953915] ? lock_release+0xb6/0x720\n[ 379.954167] ? __pfx_lock_acquire+0x10/0x10\n[ 379.954443] ? refresh_cache_worker+0x34e/0x6d0 [cifs]\n[ 379.954960] ? __pfx_wb_workfn+0x10/0x10\n[ 379.955239] refresh_cache_worker+0x4ad/0x6d0 [cifs]\n[ 379.955755] ? __pfx_refresh_cache_worker+0x10/0x10 [cifs]\n[ 379.956323] ? __pfx_lock_acquired+0x10/0x10\n[ 379.956615] ? read_word_at_a_time+0xe/0x20\n[ 379.956898] ? lockdep_hardirqs_on_prepare+0x12/0x220\n[ 379.957235] process_one_work+0x535/0x990\n[ 379.957509] ? __pfx_process_one_work+0x10/0x10\n[ 379.957812] ? lock_acquired+0xb7/0x5f0\n[ 379.958069] ? __list_add_valid+0x37/0xd0\n[ 379.958341] ? __list_add_valid+0x37/0xd0\n[ 379.958611] worker_thread+0x8e/0x630\n[ 379.958861] ? __pfx_worker_thread+0x10/0x10\n[ 379.959148] kthread+0x17d/0x1b0\n[ 379.959369] ? __pfx_kthread+0x10/0x10\n[ 379.959630] ret_from_fork+0x2c/0x50\n[ 379.959879] \u003c/TASK\u003e", "Severity": "LOW", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-53052", "https://git.kernel.org/linus/396935de145589c8bfe552fa03a5e38604071829 (6.3-rc3)", "https://git.kernel.org/stable/c/396935de145589c8bfe552fa03a5e38604071829", "https://git.kernel.org/stable/c/5a89d81c1a3c152837ea204fd29572228e54ce0b", "https://lore.kernel.org/linux-cve-announce/2025050206-CVE-2023-53052-41f8@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2023-53052", "https://www.cve.org/CVERecord?id=CVE-2023-53052" ], "PublishedDate": "2025-05-02T16:15:24.283Z", "LastModifiedDate": "2025-11-12T18:17:26.533Z" }, { "VulnerabilityID": "CVE-2024-0564", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-0564", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b13a404514fcff7c7907a7a8b2da9d081f0e035cd5243154ca500790da2eeff7", "Title": "kernel: max page sharing of Kernel Samepage Merging (KSM) may cause memory deduplication", "Description": "A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is \"max page sharing=256\", it is possible for the attacker to time the unmap to merge with the victim's page. The unmapping time depends on whether it merges with the victim's page and additional physical pages are created beyond the KSM's \"max page share\". Through these operations, the attacker can leak the victim's page.", "Severity": "LOW", "CweIDs": [ "CWE-203" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-0564", "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1680513", "https://bugzilla.redhat.com/show_bug.cgi?id=2258514", "https://link.springer.com/conference/wisa", "https://nvd.nist.gov/vuln/detail/CVE-2024-0564", "https://wisa.or.kr/accepted", "https://www.cve.org/CVERecord?id=CVE-2024-0564" ], "PublishedDate": "2024-01-30T15:15:08.687Z", "LastModifiedDate": "2024-11-25T09:15:05.7Z" }, { "VulnerabilityID": "CVE-2024-26983", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-26983", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4bba3576c096bf89c1f1b1e698d216374082c6ec391352588696fa2f0806271e", "Title": "kernel: bootconfig: use memblock_free_late to free xbc memory to buddy", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbootconfig: use memblock_free_late to free xbc memory to buddy\n\nOn the time to free xbc memory in xbc_exit(), memblock may has handed\nover memory to buddy allocator. So it doesn't make sense to free memory\nback to memblock. memblock_free() called by xbc_exit() even causes UAF bugs\non architectures with CONFIG_ARCH_KEEP_MEMBLOCK disabled like x86.\nFollowing KASAN logs shows this case.\n\nThis patch fixes the xbc memory free problem by calling memblock_free()\nin early xbc init error rewind path and calling memblock_free_late() in\nxbc exit path to free memory to buddy allocator.\n\n[ 9.410890] ==================================================================\n[ 9.418962] BUG: KASAN: use-after-free in memblock_isolate_range+0x12d/0x260\n[ 9.426850] Read of size 8 at addr ffff88845dd30000 by task swapper/0/1\n\n[ 9.435901] CPU: 9 PID: 1 Comm: swapper/0 Tainted: G U 6.9.0-rc3-00208-g586b5dfb51b9 #5\n[ 9.446403] Hardware name: Intel Corporation RPLP LP5 (CPU:RaptorLake)/RPLP LP5 (ID:13), BIOS IRPPN02.01.01.00.00.19.015.D-00000000 Dec 28 2023\n[ 9.460789] Call Trace:\n[ 9.463518] \u003cTASK\u003e\n[ 9.465859] dump_stack_lvl+0x53/0x70\n[ 9.469949] print_report+0xce/0x610\n[ 9.473944] ? __virt_addr_valid+0xf5/0x1b0\n[ 9.478619] ? memblock_isolate_range+0x12d/0x260\n[ 9.483877] kasan_report+0xc6/0x100\n[ 9.487870] ? memblock_isolate_range+0x12d/0x260\n[ 9.493125] memblock_isolate_range+0x12d/0x260\n[ 9.498187] memblock_phys_free+0xb4/0x160\n[ 9.502762] ? __pfx_memblock_phys_free+0x10/0x10\n[ 9.508021] ? mutex_unlock+0x7e/0xd0\n[ 9.512111] ? __pfx_mutex_unlock+0x10/0x10\n[ 9.516786] ? kernel_init_freeable+0x2d4/0x430\n[ 9.521850] ? __pfx_kernel_init+0x10/0x10\n[ 9.526426] xbc_exit+0x17/0x70\n[ 9.529935] kernel_init+0x38/0x1e0\n[ 9.533829] ? _raw_spin_unlock_irq+0xd/0x30\n[ 9.538601] ret_from_fork+0x2c/0x50\n[ 9.542596] ? __pfx_kernel_init+0x10/0x10\n[ 9.547170] ret_from_fork_asm+0x1a/0x30\n[ 9.551552] \u003c/TASK\u003e\n\n[ 9.555649] The buggy address belongs to the physical page:\n[ 9.561875] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x45dd30\n[ 9.570821] flags: 0x200000000000000(node=0|zone=2)\n[ 9.576271] page_type: 0xffffffff()\n[ 9.580167] raw: 0200000000000000 ffffea0011774c48 ffffea0012ba1848 0000000000000000\n[ 9.588823] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000\n[ 9.597476] page dumped because: kasan: bad access detected\n\n[ 9.605362] Memory state around the buggy address:\n[ 9.610714] ffff88845dd2ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 9.618786] ffff88845dd2ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 9.626857] \u003effff88845dd30000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n[ 9.634930] ^\n[ 9.638534] ffff88845dd30080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n[ 9.646605] ffff88845dd30100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n[ 9.654675] ==================================================================", "Severity": "LOW", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "azure": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-26983", "https://git.kernel.org/linus/89f9a1e876b5a7ad884918c03a46831af202c8a0 (6.9-rc5)", "https://git.kernel.org/stable/c/1e7feb31a18c197d63a5e606025ed63c762f8918", "https://git.kernel.org/stable/c/5a7dfb8fcd3f29fc93161100179b27f24f3d5f35", "https://git.kernel.org/stable/c/89f9a1e876b5a7ad884918c03a46831af202c8a0", "https://git.kernel.org/stable/c/e46d3be714ad9652480c6db129ab8125e2d20ab7", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/", "https://lore.kernel.org/linux-cve-announce/2024050142-CVE-2024-26983-9424@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-26983", "https://ubuntu.com/security/notices/USN-6893-1", "https://ubuntu.com/security/notices/USN-6893-2", "https://ubuntu.com/security/notices/USN-6893-3", "https://ubuntu.com/security/notices/USN-6918-1", "https://www.cve.org/CVERecord?id=CVE-2024-26983" ], "PublishedDate": "2024-05-01T06:15:15.747Z", "LastModifiedDate": "2025-11-04T18:16:00.11Z" }, { "VulnerabilityID": "CVE-2024-27010", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-27010", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:67bd93dc869ed18d129621e827498c07d1ea4028f442c6e412cbf910211c01eb", "Title": "kernel: net/sched: Fix mirred deadlock on device recursion", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Fix mirred deadlock on device recursion\n\nWhen the mirred action is used on a classful egress qdisc and a packet is\nmirrored or redirected to self we hit a qdisc lock deadlock.\nSee trace below.\n\n[..... other info removed for brevity....]\n[ 82.890906]\n[ 82.890906] ============================================\n[ 82.890906] WARNING: possible recursive locking detected\n[ 82.890906] 6.8.0-05205-g77fadd89fe2d-dirty #213 Tainted: G W\n[ 82.890906] --------------------------------------------\n[ 82.890906] ping/418 is trying to acquire lock:\n[ 82.890906] ffff888006994110 (\u0026sch-\u003eq.lock){+.-.}-{3:3}, at:\n__dev_queue_xmit+0x1778/0x3550\n[ 82.890906]\n[ 82.890906] but task is already holding lock:\n[ 82.890906] ffff888006994110 (\u0026sch-\u003eq.lock){+.-.}-{3:3}, at:\n__dev_queue_xmit+0x1778/0x3550\n[ 82.890906]\n[ 82.890906] other info that might help us debug this:\n[ 82.890906] Possible unsafe locking scenario:\n[ 82.890906]\n[ 82.890906] CPU0\n[ 82.890906] ----\n[ 82.890906] lock(\u0026sch-\u003eq.lock);\n[ 82.890906] lock(\u0026sch-\u003eq.lock);\n[ 82.890906]\n[ 82.890906] *** DEADLOCK ***\n[ 82.890906]\n[..... other info removed for brevity....]\n\nExample setup (eth0-\u003eeth0) to recreate\ntc qdisc add dev eth0 root handle 1: htb default 30\ntc filter add dev eth0 handle 1: protocol ip prio 2 matchall \\\n action mirred egress redirect dev eth0\n\nAnother example(eth0-\u003eeth1-\u003eeth0) to recreate\ntc qdisc add dev eth0 root handle 1: htb default 30\ntc filter add dev eth0 handle 1: protocol ip prio 2 matchall \\\n action mirred egress redirect dev eth1\n\ntc qdisc add dev eth1 root handle 1: htb default 30\ntc filter add dev eth1 handle 1: protocol ip prio 2 matchall \\\n action mirred egress redirect dev eth0\n\nWe fix this by adding an owner field (CPU id) to struct Qdisc set after\nroot qdisc is entered. When the softirq enters it a second time, if the\nqdisc owner is the same CPU, the packet is dropped to break the loop.", "Severity": "LOW", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "alma": 3, "nvd": 2, "oracle-oval": 2, "redhat": 1, "rocky": 3, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:5102", "https://access.redhat.com/security/cve/CVE-2024-27010", "https://bugzilla.redhat.com/2263879", "https://bugzilla.redhat.com/2265645", "https://bugzilla.redhat.com/2265797", "https://bugzilla.redhat.com/2266341", "https://bugzilla.redhat.com/2266347", "https://bugzilla.redhat.com/2266497", "https://bugzilla.redhat.com/2267787", "https://bugzilla.redhat.com/2268118", "https://bugzilla.redhat.com/2269070", "https://bugzilla.redhat.com/2269211", "https://bugzilla.redhat.com/2270084", "https://bugzilla.redhat.com/2270100", "https://bugzilla.redhat.com/2271686", "https://bugzilla.redhat.com/2271688", "https://bugzilla.redhat.com/2272782", "https://bugzilla.redhat.com/2272795", "https://bugzilla.redhat.com/2273109", "https://bugzilla.redhat.com/2273174", "https://bugzilla.redhat.com/2273236", "https://bugzilla.redhat.com/2273242", "https://bugzilla.redhat.com/2273247", "https://bugzilla.redhat.com/2273268", "https://bugzilla.redhat.com/2273427", "https://bugzilla.redhat.com/2273654", "https://bugzilla.redhat.com/2275565", "https://bugzilla.redhat.com/2275573", "https://bugzilla.redhat.com/2275580", "https://bugzilla.redhat.com/2275694", "https://bugzilla.redhat.com/2275711", "https://bugzilla.redhat.com/2275748", "https://bugzilla.redhat.com/2275761", "https://bugzilla.redhat.com/2275928", "https://bugzilla.redhat.com/2277166", "https://bugzilla.redhat.com/2277238", "https://bugzilla.redhat.com/2277840", "https://bugzilla.redhat.com/2278176", "https://bugzilla.redhat.com/2278178", "https://bugzilla.redhat.com/2278182", "https://bugzilla.redhat.com/2278218", "https://bugzilla.redhat.com/2278256", "https://bugzilla.redhat.com/2278258", "https://bugzilla.redhat.com/2278277", "https://bugzilla.redhat.com/2278279", "https://bugzilla.redhat.com/2278380", "https://bugzilla.redhat.com/2278484", "https://bugzilla.redhat.com/2278515", "https://bugzilla.redhat.com/2278535", "https://bugzilla.redhat.com/2278539", "https://bugzilla.redhat.com/2278989", "https://bugzilla.redhat.com/2280440", "https://bugzilla.redhat.com/2281054", "https://bugzilla.redhat.com/2281133", "https://bugzilla.redhat.com/2281149", "https://bugzilla.redhat.com/2281207", "https://bugzilla.redhat.com/2281215", "https://bugzilla.redhat.com/2281221", "https://bugzilla.redhat.com/2281235", "https://bugzilla.redhat.com/2281268", "https://bugzilla.redhat.com/2281326", "https://bugzilla.redhat.com/2281360", "https://bugzilla.redhat.com/2281510", "https://bugzilla.redhat.com/2281519", "https://bugzilla.redhat.com/2281636", "https://bugzilla.redhat.com/2281641", "https://bugzilla.redhat.com/2281664", "https://bugzilla.redhat.com/2281667", "https://bugzilla.redhat.com/2281672", "https://bugzilla.redhat.com/2281675", "https://bugzilla.redhat.com/2281682", "https://bugzilla.redhat.com/2281725", "https://bugzilla.redhat.com/2281752", "https://bugzilla.redhat.com/2281758", "https://bugzilla.redhat.com/2281819", "https://bugzilla.redhat.com/2281821", "https://bugzilla.redhat.com/2281833", "https://bugzilla.redhat.com/2281938", "https://bugzilla.redhat.com/2281949", "https://bugzilla.redhat.com/2281968", "https://bugzilla.redhat.com/2281989", "https://bugzilla.redhat.com/2282328", "https://bugzilla.redhat.com/2282373", "https://bugzilla.redhat.com/2282479", "https://bugzilla.redhat.com/2282553", "https://bugzilla.redhat.com/2282615", "https://bugzilla.redhat.com/2282623", "https://bugzilla.redhat.com/2282640", "https://bugzilla.redhat.com/2282642", "https://bugzilla.redhat.com/2282645", "https://bugzilla.redhat.com/2282717", "https://bugzilla.redhat.com/2282719", "https://bugzilla.redhat.com/2282727", "https://bugzilla.redhat.com/2282742", "https://bugzilla.redhat.com/2282743", "https://bugzilla.redhat.com/2282744", "https://bugzilla.redhat.com/2282759", "https://bugzilla.redhat.com/2282763", "https://bugzilla.redhat.com/2282766", "https://bugzilla.redhat.com/2282772", "https://bugzilla.redhat.com/2282780", "https://bugzilla.redhat.com/2282887", "https://bugzilla.redhat.com/2282896", "https://bugzilla.redhat.com/2282923", "https://bugzilla.redhat.com/2282925", "https://bugzilla.redhat.com/2282950", "https://bugzilla.redhat.com/2283401", "https://bugzilla.redhat.com/2283894", "https://bugzilla.redhat.com/2284400", "https://bugzilla.redhat.com/2284417", "https://bugzilla.redhat.com/2284421", "https://bugzilla.redhat.com/2284474", "https://bugzilla.redhat.com/2284477", "https://bugzilla.redhat.com/2284488", "https://bugzilla.redhat.com/2284496", "https://bugzilla.redhat.com/2284500", "https://bugzilla.redhat.com/2284513", "https://bugzilla.redhat.com/2284519", "https://bugzilla.redhat.com/2284539", "https://bugzilla.redhat.com/2284541", "https://bugzilla.redhat.com/2284556", "https://bugzilla.redhat.com/2284571", "https://bugzilla.redhat.com/2284590", "https://bugzilla.redhat.com/2284625", "https://bugzilla.redhat.com/2290408", "https://bugzilla.redhat.com/2292331", "https://bugzilla.redhat.com/2293078", "https://bugzilla.redhat.com/2293250", "https://bugzilla.redhat.com/2293276", "https://bugzilla.redhat.com/2293312", "https://bugzilla.redhat.com/2293316", "https://bugzilla.redhat.com/2293348", "https://bugzilla.redhat.com/2293371", "https://bugzilla.redhat.com/2293383", "https://bugzilla.redhat.com/2293418", "https://bugzilla.redhat.com/2293420", "https://bugzilla.redhat.com/2293444", "https://bugzilla.redhat.com/2293461", "https://bugzilla.redhat.com/2293653", "https://bugzilla.redhat.com/2293657", "https://bugzilla.redhat.com/2293684", "https://bugzilla.redhat.com/2293687", "https://bugzilla.redhat.com/2293700", "https://bugzilla.redhat.com/2293711", "https://bugzilla.redhat.com/2294274", "https://bugzilla.redhat.com/2295914", "https://bugzilla.redhat.com/2296067", "https://bugzilla.redhat.com/2297056", "https://bugzilla.redhat.com/2297474", "https://bugzilla.redhat.com/2297511", "https://bugzilla.redhat.com/2298108", "https://bugzilla.redhat.com/show_bug.cgi?id=2263879", "https://bugzilla.redhat.com/show_bug.cgi?id=2265645", "https://bugzilla.redhat.com/show_bug.cgi?id=2265650", "https://bugzilla.redhat.com/show_bug.cgi?id=2265797", "https://bugzilla.redhat.com/show_bug.cgi?id=2266341", "https://bugzilla.redhat.com/show_bug.cgi?id=2266347", "https://bugzilla.redhat.com/show_bug.cgi?id=2266497", "https://bugzilla.redhat.com/show_bug.cgi?id=2266594", "https://bugzilla.redhat.com/show_bug.cgi?id=2267787", "https://bugzilla.redhat.com/show_bug.cgi?id=2268118", "https://bugzilla.redhat.com/show_bug.cgi?id=2269070", "https://bugzilla.redhat.com/show_bug.cgi?id=2269211", "https://bugzilla.redhat.com/show_bug.cgi?id=2270084", "https://bugzilla.redhat.com/show_bug.cgi?id=2270100", "https://bugzilla.redhat.com/show_bug.cgi?id=2270700", "https://bugzilla.redhat.com/show_bug.cgi?id=2271686", "https://bugzilla.redhat.com/show_bug.cgi?id=2271688", "https://bugzilla.redhat.com/show_bug.cgi?id=2272782", "https://bugzilla.redhat.com/show_bug.cgi?id=2272795", "https://bugzilla.redhat.com/show_bug.cgi?id=2273109", "https://bugzilla.redhat.com/show_bug.cgi?id=2273117", "https://bugzilla.redhat.com/show_bug.cgi?id=2273174", "https://bugzilla.redhat.com/show_bug.cgi?id=2273236", "https://bugzilla.redhat.com/show_bug.cgi?id=2273242", "https://bugzilla.redhat.com/show_bug.cgi?id=2273247", "https://bugzilla.redhat.com/show_bug.cgi?id=2273268", "https://bugzilla.redhat.com/show_bug.cgi?id=2273427", "https://bugzilla.redhat.com/show_bug.cgi?id=2273654", "https://bugzilla.redhat.com/show_bug.cgi?id=2275565", "https://bugzilla.redhat.com/show_bug.cgi?id=2275573", "https://bugzilla.redhat.com/show_bug.cgi?id=2275580", "https://bugzilla.redhat.com/show_bug.cgi?id=2275694", "https://bugzilla.redhat.com/show_bug.cgi?id=2275711", "https://bugzilla.redhat.com/show_bug.cgi?id=2275744", "https://bugzilla.redhat.com/show_bug.cgi?id=2275748", "https://bugzilla.redhat.com/show_bug.cgi?id=2275761", "https://bugzilla.redhat.com/show_bug.cgi?id=2275928", "https://bugzilla.redhat.com/show_bug.cgi?id=2277166", "https://bugzilla.redhat.com/show_bug.cgi?id=2277238", "https://bugzilla.redhat.com/show_bug.cgi?id=2277840", "https://bugzilla.redhat.com/show_bug.cgi?id=2278176", "https://bugzilla.redhat.com/show_bug.cgi?id=2278178", "https://bugzilla.redhat.com/show_bug.cgi?id=2278182", "https://bugzilla.redhat.com/show_bug.cgi?id=2278218", "https://bugzilla.redhat.com/show_bug.cgi?id=2278256", "https://bugzilla.redhat.com/show_bug.cgi?id=2278258", "https://bugzilla.redhat.com/show_bug.cgi?id=2278277", "https://bugzilla.redhat.com/show_bug.cgi?id=2278279", "https://bugzilla.redhat.com/show_bug.cgi?id=2278380", "https://bugzilla.redhat.com/show_bug.cgi?id=2278484", "https://bugzilla.redhat.com/show_bug.cgi?id=2278515", "https://bugzilla.redhat.com/show_bug.cgi?id=2278535", "https://bugzilla.redhat.com/show_bug.cgi?id=2278539", "https://bugzilla.redhat.com/show_bug.cgi?id=2278989", "https://bugzilla.redhat.com/show_bug.cgi?id=2280440", "https://bugzilla.redhat.com/show_bug.cgi?id=2281054", "https://bugzilla.redhat.com/show_bug.cgi?id=2281133", "https://bugzilla.redhat.com/show_bug.cgi?id=2281149", "https://bugzilla.redhat.com/show_bug.cgi?id=2281189", "https://bugzilla.redhat.com/show_bug.cgi?id=2281190", "https://bugzilla.redhat.com/show_bug.cgi?id=2281207", "https://bugzilla.redhat.com/show_bug.cgi?id=2281215", "https://bugzilla.redhat.com/show_bug.cgi?id=2281221", "https://bugzilla.redhat.com/show_bug.cgi?id=2281235", "https://bugzilla.redhat.com/show_bug.cgi?id=2281268", "https://bugzilla.redhat.com/show_bug.cgi?id=2281326", "https://bugzilla.redhat.com/show_bug.cgi?id=2281360", "https://bugzilla.redhat.com/show_bug.cgi?id=2281510", "https://bugzilla.redhat.com/show_bug.cgi?id=2281519", "https://bugzilla.redhat.com/show_bug.cgi?id=2281636", "https://bugzilla.redhat.com/show_bug.cgi?id=2281641", "https://bugzilla.redhat.com/show_bug.cgi?id=2281664", "https://bugzilla.redhat.com/show_bug.cgi?id=2281667", "https://bugzilla.redhat.com/show_bug.cgi?id=2281672", "https://bugzilla.redhat.com/show_bug.cgi?id=2281675", "https://bugzilla.redhat.com/show_bug.cgi?id=2281682", "https://bugzilla.redhat.com/show_bug.cgi?id=2281725", "https://bugzilla.redhat.com/show_bug.cgi?id=2281752", "https://bugzilla.redhat.com/show_bug.cgi?id=2281758", "https://bugzilla.redhat.com/show_bug.cgi?id=2281819", "https://bugzilla.redhat.com/show_bug.cgi?id=2281821", "https://bugzilla.redhat.com/show_bug.cgi?id=2281833", "https://bugzilla.redhat.com/show_bug.cgi?id=2281938", "https://bugzilla.redhat.com/show_bug.cgi?id=2281949", "https://bugzilla.redhat.com/show_bug.cgi?id=2281968", "https://bugzilla.redhat.com/show_bug.cgi?id=2281989", "https://bugzilla.redhat.com/show_bug.cgi?id=2282328", "https://bugzilla.redhat.com/show_bug.cgi?id=2282373", "https://bugzilla.redhat.com/show_bug.cgi?id=2282479", "https://bugzilla.redhat.com/show_bug.cgi?id=2282553", "https://bugzilla.redhat.com/show_bug.cgi?id=2282615", "https://bugzilla.redhat.com/show_bug.cgi?id=2282623", "https://bugzilla.redhat.com/show_bug.cgi?id=2282640", "https://bugzilla.redhat.com/show_bug.cgi?id=2282642", "https://bugzilla.redhat.com/show_bug.cgi?id=2282645", "https://bugzilla.redhat.com/show_bug.cgi?id=2282690", "https://bugzilla.redhat.com/show_bug.cgi?id=2282717", "https://bugzilla.redhat.com/show_bug.cgi?id=2282719", "https://bugzilla.redhat.com/show_bug.cgi?id=2282727", "https://bugzilla.redhat.com/show_bug.cgi?id=2282742", "https://bugzilla.redhat.com/show_bug.cgi?id=2282743", "https://bugzilla.redhat.com/show_bug.cgi?id=2282744", "https://bugzilla.redhat.com/show_bug.cgi?id=2282759", "https://bugzilla.redhat.com/show_bug.cgi?id=2282763", "https://bugzilla.redhat.com/show_bug.cgi?id=2282766", "https://bugzilla.redhat.com/show_bug.cgi?id=2282772", "https://bugzilla.redhat.com/show_bug.cgi?id=2282780", "https://bugzilla.redhat.com/show_bug.cgi?id=2282887", "https://bugzilla.redhat.com/show_bug.cgi?id=2282896", "https://bugzilla.redhat.com/show_bug.cgi?id=2282923", "https://bugzilla.redhat.com/show_bug.cgi?id=2282925", "https://bugzilla.redhat.com/show_bug.cgi?id=2282950", "https://bugzilla.redhat.com/show_bug.cgi?id=2283401", "https://bugzilla.redhat.com/show_bug.cgi?id=2283894", "https://bugzilla.redhat.com/show_bug.cgi?id=2284400", "https://bugzilla.redhat.com/show_bug.cgi?id=2284417", "https://bugzilla.redhat.com/show_bug.cgi?id=2284421", "https://bugzilla.redhat.com/show_bug.cgi?id=2284465", "https://bugzilla.redhat.com/show_bug.cgi?id=2284474", "https://bugzilla.redhat.com/show_bug.cgi?id=2284477", "https://bugzilla.redhat.com/show_bug.cgi?id=2284488", "https://bugzilla.redhat.com/show_bug.cgi?id=2284496", "https://bugzilla.redhat.com/show_bug.cgi?id=2284500", "https://bugzilla.redhat.com/show_bug.cgi?id=2284513", "https://bugzilla.redhat.com/show_bug.cgi?id=2284519", "https://bugzilla.redhat.com/show_bug.cgi?id=2284539", "https://bugzilla.redhat.com/show_bug.cgi?id=2284541", "https://bugzilla.redhat.com/show_bug.cgi?id=2284556", "https://bugzilla.redhat.com/show_bug.cgi?id=2284571", "https://bugzilla.redhat.com/show_bug.cgi?id=2284590", "https://bugzilla.redhat.com/show_bug.cgi?id=2284625", "https://bugzilla.redhat.com/show_bug.cgi?id=2290408", "https://bugzilla.redhat.com/show_bug.cgi?id=2292331", "https://bugzilla.redhat.com/show_bug.cgi?id=2293078", "https://bugzilla.redhat.com/show_bug.cgi?id=2293250", "https://bugzilla.redhat.com/show_bug.cgi?id=2293276", "https://bugzilla.redhat.com/show_bug.cgi?id=2293312", "https://bugzilla.redhat.com/show_bug.cgi?id=2293316", "https://bugzilla.redhat.com/show_bug.cgi?id=2293348", "https://bugzilla.redhat.com/show_bug.cgi?id=2293367", "https://bugzilla.redhat.com/show_bug.cgi?id=2293371", "https://bugzilla.redhat.com/show_bug.cgi?id=2293383", "https://bugzilla.redhat.com/show_bug.cgi?id=2293418", "https://bugzilla.redhat.com/show_bug.cgi?id=2293420", "https://bugzilla.redhat.com/show_bug.cgi?id=2293444", "https://bugzilla.redhat.com/show_bug.cgi?id=2293461", "https://bugzilla.redhat.com/show_bug.cgi?id=2293653", "https://bugzilla.redhat.com/show_bug.cgi?id=2293657", "https://bugzilla.redhat.com/show_bug.cgi?id=2293684", "https://bugzilla.redhat.com/show_bug.cgi?id=2293687", "https://bugzilla.redhat.com/show_bug.cgi?id=2293700", "https://bugzilla.redhat.com/show_bug.cgi?id=2293711", "https://bugzilla.redhat.com/show_bug.cgi?id=2294274", "https://bugzilla.redhat.com/show_bug.cgi?id=2295914", "https://bugzilla.redhat.com/show_bug.cgi?id=2296067", "https://bugzilla.redhat.com/show_bug.cgi?id=2297056", "https://bugzilla.redhat.com/show_bug.cgi?id=2297474", "https://bugzilla.redhat.com/show_bug.cgi?id=2297558", "https://bugzilla.redhat.com/show_bug.cgi?id=2298108", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974", "https://errata.almalinux.org/8/ALSA-2024-5102.html", "https://errata.rockylinux.org/RLSA-2024:5101", "https://git.kernel.org/linus/0f022d32c3eca477fbf79a205243a6123ed0fe11 (6.9-rc5)", "https://git.kernel.org/stable/c/0f022d32c3eca477fbf79a205243a6123ed0fe11", "https://git.kernel.org/stable/c/e6b90468da4dae2281a6e381107f411efb48b0ef", "https://linux.oracle.com/cve/CVE-2024-27010.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/", "https://lore.kernel.org/linux-cve-announce/2024050148-CVE-2024-27010-5a68@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-27010", "https://ubuntu.com/security/notices/USN-6893-1", "https://ubuntu.com/security/notices/USN-6893-2", "https://ubuntu.com/security/notices/USN-6893-3", "https://ubuntu.com/security/notices/USN-6918-1", "https://www.cve.org/CVERecord?id=CVE-2024-27010" ], "PublishedDate": "2024-05-01T06:15:19.467Z", "LastModifiedDate": "2025-11-04T18:16:10.637Z" }, { "VulnerabilityID": "CVE-2024-27011", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-27011", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9660e28cb412b73f48cbfbee4f92fc49f199e7a6370e3b022027b6c251987fac", "Title": "kernel: netfilter: nf_tables: fix memleak in map from abort path", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fix memleak in map from abort path\n\nThe delete set command does not rely on the transaction object for\nelement removal, therefore, a combination of delete element + delete set\nfrom the abort path could result in restoring twice the refcount of the\nmapping.\n\nCheck for inactive element in the next generation for the delete element\ncommand in the abort path, skip restoring state if next generation bit\nhas been already cleared. This is similar to the activate logic using\nthe set walk iterator.\n\n[ 6170.286929] ------------[ cut here ]------------\n[ 6170.286939] WARNING: CPU: 6 PID: 790302 at net/netfilter/nf_tables_api.c:2086 nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]\n[ 6170.287071] Modules linked in: [...]\n[ 6170.287633] CPU: 6 PID: 790302 Comm: kworker/6:2 Not tainted 6.9.0-rc3+ #365\n[ 6170.287768] RIP: 0010:nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]\n[ 6170.287886] Code: df 48 8d 7d 58 e8 69 2e 3b df 48 8b 7d 58 e8 80 1b 37 df 48 8d 7d 68 e8 57 2e 3b df 48 8b 7d 68 e8 6e 1b 37 df 48 89 ef eb c4 \u003c0f\u003e 0b 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 0f\n[ 6170.287895] RSP: 0018:ffff888134b8fd08 EFLAGS: 00010202\n[ 6170.287904] RAX: 0000000000000001 RBX: ffff888125bffb28 RCX: dffffc0000000000\n[ 6170.287912] RDX: 0000000000000003 RSI: ffffffffa20298ab RDI: ffff88811ebe4750\n[ 6170.287919] RBP: ffff88811ebe4700 R08: ffff88838e812650 R09: fffffbfff0623a55\n[ 6170.287926] R10: ffffffff8311d2af R11: 0000000000000001 R12: ffff888125bffb10\n[ 6170.287933] R13: ffff888125bffb10 R14: dead000000000122 R15: dead000000000100\n[ 6170.287940] FS: 0000000000000000(0000) GS:ffff888390b00000(0000) knlGS:0000000000000000\n[ 6170.287948] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 6170.287955] CR2: 00007fd31fc00710 CR3: 0000000133f60004 CR4: 00000000001706f0\n[ 6170.287962] Call Trace:\n[ 6170.287967] \u003cTASK\u003e\n[ 6170.287973] ? __warn+0x9f/0x1a0\n[ 6170.287986] ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]\n[ 6170.288092] ? report_bug+0x1b1/0x1e0\n[ 6170.287986] ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]\n[ 6170.288092] ? report_bug+0x1b1/0x1e0\n[ 6170.288104] ? handle_bug+0x3c/0x70\n[ 6170.288112] ? exc_invalid_op+0x17/0x40\n[ 6170.288120] ? asm_exc_invalid_op+0x1a/0x20\n[ 6170.288132] ? nf_tables_chain_destroy+0x2b/0x220 [nf_tables]\n[ 6170.288243] ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]\n[ 6170.288366] ? nf_tables_chain_destroy+0x2b/0x220 [nf_tables]\n[ 6170.288483] nf_tables_trans_destroy_work+0x588/0x590 [nf_tables]", "Severity": "LOW", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "alma": 3, "azure": 2, "nvd": 2, "oracle-oval": 2, "redhat": 1, "rocky": 3, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:5102", "https://access.redhat.com/security/cve/CVE-2024-27011", "https://bugzilla.redhat.com/2263879", "https://bugzilla.redhat.com/2265645", "https://bugzilla.redhat.com/2265797", "https://bugzilla.redhat.com/2266341", "https://bugzilla.redhat.com/2266347", "https://bugzilla.redhat.com/2266497", "https://bugzilla.redhat.com/2267787", "https://bugzilla.redhat.com/2268118", "https://bugzilla.redhat.com/2269070", "https://bugzilla.redhat.com/2269211", "https://bugzilla.redhat.com/2270084", "https://bugzilla.redhat.com/2270100", "https://bugzilla.redhat.com/2271686", "https://bugzilla.redhat.com/2271688", "https://bugzilla.redhat.com/2272782", "https://bugzilla.redhat.com/2272795", "https://bugzilla.redhat.com/2273109", "https://bugzilla.redhat.com/2273174", "https://bugzilla.redhat.com/2273236", "https://bugzilla.redhat.com/2273242", "https://bugzilla.redhat.com/2273247", "https://bugzilla.redhat.com/2273268", "https://bugzilla.redhat.com/2273427", "https://bugzilla.redhat.com/2273654", "https://bugzilla.redhat.com/2275565", "https://bugzilla.redhat.com/2275573", "https://bugzilla.redhat.com/2275580", "https://bugzilla.redhat.com/2275694", "https://bugzilla.redhat.com/2275711", "https://bugzilla.redhat.com/2275748", "https://bugzilla.redhat.com/2275761", "https://bugzilla.redhat.com/2275928", "https://bugzilla.redhat.com/2277166", "https://bugzilla.redhat.com/2277238", "https://bugzilla.redhat.com/2277840", "https://bugzilla.redhat.com/2278176", "https://bugzilla.redhat.com/2278178", "https://bugzilla.redhat.com/2278182", "https://bugzilla.redhat.com/2278218", "https://bugzilla.redhat.com/2278256", "https://bugzilla.redhat.com/2278258", "https://bugzilla.redhat.com/2278277", "https://bugzilla.redhat.com/2278279", "https://bugzilla.redhat.com/2278380", "https://bugzilla.redhat.com/2278484", "https://bugzilla.redhat.com/2278515", "https://bugzilla.redhat.com/2278535", "https://bugzilla.redhat.com/2278539", "https://bugzilla.redhat.com/2278989", "https://bugzilla.redhat.com/2280440", "https://bugzilla.redhat.com/2281054", "https://bugzilla.redhat.com/2281133", "https://bugzilla.redhat.com/2281149", "https://bugzilla.redhat.com/2281207", "https://bugzilla.redhat.com/2281215", "https://bugzilla.redhat.com/2281221", "https://bugzilla.redhat.com/2281235", "https://bugzilla.redhat.com/2281268", "https://bugzilla.redhat.com/2281326", "https://bugzilla.redhat.com/2281360", "https://bugzilla.redhat.com/2281510", "https://bugzilla.redhat.com/2281519", "https://bugzilla.redhat.com/2281636", "https://bugzilla.redhat.com/2281641", "https://bugzilla.redhat.com/2281664", "https://bugzilla.redhat.com/2281667", "https://bugzilla.redhat.com/2281672", "https://bugzilla.redhat.com/2281675", "https://bugzilla.redhat.com/2281682", "https://bugzilla.redhat.com/2281725", "https://bugzilla.redhat.com/2281752", "https://bugzilla.redhat.com/2281758", "https://bugzilla.redhat.com/2281819", "https://bugzilla.redhat.com/2281821", "https://bugzilla.redhat.com/2281833", "https://bugzilla.redhat.com/2281938", "https://bugzilla.redhat.com/2281949", "https://bugzilla.redhat.com/2281968", "https://bugzilla.redhat.com/2281989", "https://bugzilla.redhat.com/2282328", "https://bugzilla.redhat.com/2282373", "https://bugzilla.redhat.com/2282479", "https://bugzilla.redhat.com/2282553", "https://bugzilla.redhat.com/2282615", "https://bugzilla.redhat.com/2282623", "https://bugzilla.redhat.com/2282640", "https://bugzilla.redhat.com/2282642", "https://bugzilla.redhat.com/2282645", "https://bugzilla.redhat.com/2282717", "https://bugzilla.redhat.com/2282719", "https://bugzilla.redhat.com/2282727", "https://bugzilla.redhat.com/2282742", "https://bugzilla.redhat.com/2282743", "https://bugzilla.redhat.com/2282744", "https://bugzilla.redhat.com/2282759", "https://bugzilla.redhat.com/2282763", "https://bugzilla.redhat.com/2282766", "https://bugzilla.redhat.com/2282772", "https://bugzilla.redhat.com/2282780", "https://bugzilla.redhat.com/2282887", "https://bugzilla.redhat.com/2282896", "https://bugzilla.redhat.com/2282923", "https://bugzilla.redhat.com/2282925", "https://bugzilla.redhat.com/2282950", "https://bugzilla.redhat.com/2283401", "https://bugzilla.redhat.com/2283894", "https://bugzilla.redhat.com/2284400", "https://bugzilla.redhat.com/2284417", "https://bugzilla.redhat.com/2284421", "https://bugzilla.redhat.com/2284474", "https://bugzilla.redhat.com/2284477", "https://bugzilla.redhat.com/2284488", "https://bugzilla.redhat.com/2284496", "https://bugzilla.redhat.com/2284500", "https://bugzilla.redhat.com/2284513", "https://bugzilla.redhat.com/2284519", "https://bugzilla.redhat.com/2284539", "https://bugzilla.redhat.com/2284541", "https://bugzilla.redhat.com/2284556", "https://bugzilla.redhat.com/2284571", "https://bugzilla.redhat.com/2284590", "https://bugzilla.redhat.com/2284625", "https://bugzilla.redhat.com/2290408", "https://bugzilla.redhat.com/2292331", "https://bugzilla.redhat.com/2293078", "https://bugzilla.redhat.com/2293250", "https://bugzilla.redhat.com/2293276", "https://bugzilla.redhat.com/2293312", "https://bugzilla.redhat.com/2293316", "https://bugzilla.redhat.com/2293348", "https://bugzilla.redhat.com/2293371", "https://bugzilla.redhat.com/2293383", "https://bugzilla.redhat.com/2293418", "https://bugzilla.redhat.com/2293420", "https://bugzilla.redhat.com/2293444", "https://bugzilla.redhat.com/2293461", "https://bugzilla.redhat.com/2293653", "https://bugzilla.redhat.com/2293657", "https://bugzilla.redhat.com/2293684", "https://bugzilla.redhat.com/2293687", "https://bugzilla.redhat.com/2293700", "https://bugzilla.redhat.com/2293711", "https://bugzilla.redhat.com/2294274", "https://bugzilla.redhat.com/2295914", "https://bugzilla.redhat.com/2296067", "https://bugzilla.redhat.com/2297056", "https://bugzilla.redhat.com/2297474", "https://bugzilla.redhat.com/2297511", "https://bugzilla.redhat.com/2298108", "https://bugzilla.redhat.com/show_bug.cgi?id=2263879", "https://bugzilla.redhat.com/show_bug.cgi?id=2265645", "https://bugzilla.redhat.com/show_bug.cgi?id=2265650", "https://bugzilla.redhat.com/show_bug.cgi?id=2265797", "https://bugzilla.redhat.com/show_bug.cgi?id=2266341", "https://bugzilla.redhat.com/show_bug.cgi?id=2266347", "https://bugzilla.redhat.com/show_bug.cgi?id=2266497", "https://bugzilla.redhat.com/show_bug.cgi?id=2266594", "https://bugzilla.redhat.com/show_bug.cgi?id=2267787", "https://bugzilla.redhat.com/show_bug.cgi?id=2268118", "https://bugzilla.redhat.com/show_bug.cgi?id=2269070", "https://bugzilla.redhat.com/show_bug.cgi?id=2269211", "https://bugzilla.redhat.com/show_bug.cgi?id=2270084", "https://bugzilla.redhat.com/show_bug.cgi?id=2270100", "https://bugzilla.redhat.com/show_bug.cgi?id=2270700", "https://bugzilla.redhat.com/show_bug.cgi?id=2271686", "https://bugzilla.redhat.com/show_bug.cgi?id=2271688", "https://bugzilla.redhat.com/show_bug.cgi?id=2272782", "https://bugzilla.redhat.com/show_bug.cgi?id=2272795", "https://bugzilla.redhat.com/show_bug.cgi?id=2273109", "https://bugzilla.redhat.com/show_bug.cgi?id=2273117", "https://bugzilla.redhat.com/show_bug.cgi?id=2273174", "https://bugzilla.redhat.com/show_bug.cgi?id=2273236", "https://bugzilla.redhat.com/show_bug.cgi?id=2273242", "https://bugzilla.redhat.com/show_bug.cgi?id=2273247", "https://bugzilla.redhat.com/show_bug.cgi?id=2273268", "https://bugzilla.redhat.com/show_bug.cgi?id=2273427", "https://bugzilla.redhat.com/show_bug.cgi?id=2273654", "https://bugzilla.redhat.com/show_bug.cgi?id=2275565", "https://bugzilla.redhat.com/show_bug.cgi?id=2275573", "https://bugzilla.redhat.com/show_bug.cgi?id=2275580", "https://bugzilla.redhat.com/show_bug.cgi?id=2275694", "https://bugzilla.redhat.com/show_bug.cgi?id=2275711", "https://bugzilla.redhat.com/show_bug.cgi?id=2275744", "https://bugzilla.redhat.com/show_bug.cgi?id=2275748", "https://bugzilla.redhat.com/show_bug.cgi?id=2275761", "https://bugzilla.redhat.com/show_bug.cgi?id=2275928", "https://bugzilla.redhat.com/show_bug.cgi?id=2277166", "https://bugzilla.redhat.com/show_bug.cgi?id=2277238", "https://bugzilla.redhat.com/show_bug.cgi?id=2277840", "https://bugzilla.redhat.com/show_bug.cgi?id=2278176", "https://bugzilla.redhat.com/show_bug.cgi?id=2278178", "https://bugzilla.redhat.com/show_bug.cgi?id=2278182", "https://bugzilla.redhat.com/show_bug.cgi?id=2278218", "https://bugzilla.redhat.com/show_bug.cgi?id=2278256", "https://bugzilla.redhat.com/show_bug.cgi?id=2278258", "https://bugzilla.redhat.com/show_bug.cgi?id=2278277", "https://bugzilla.redhat.com/show_bug.cgi?id=2278279", "https://bugzilla.redhat.com/show_bug.cgi?id=2278380", "https://bugzilla.redhat.com/show_bug.cgi?id=2278484", "https://bugzilla.redhat.com/show_bug.cgi?id=2278515", "https://bugzilla.redhat.com/show_bug.cgi?id=2278535", "https://bugzilla.redhat.com/show_bug.cgi?id=2278539", "https://bugzilla.redhat.com/show_bug.cgi?id=2278989", "https://bugzilla.redhat.com/show_bug.cgi?id=2280440", "https://bugzilla.redhat.com/show_bug.cgi?id=2281054", "https://bugzilla.redhat.com/show_bug.cgi?id=2281133", "https://bugzilla.redhat.com/show_bug.cgi?id=2281149", "https://bugzilla.redhat.com/show_bug.cgi?id=2281189", "https://bugzilla.redhat.com/show_bug.cgi?id=2281190", "https://bugzilla.redhat.com/show_bug.cgi?id=2281207", "https://bugzilla.redhat.com/show_bug.cgi?id=2281215", "https://bugzilla.redhat.com/show_bug.cgi?id=2281221", "https://bugzilla.redhat.com/show_bug.cgi?id=2281235", "https://bugzilla.redhat.com/show_bug.cgi?id=2281268", "https://bugzilla.redhat.com/show_bug.cgi?id=2281326", "https://bugzilla.redhat.com/show_bug.cgi?id=2281360", "https://bugzilla.redhat.com/show_bug.cgi?id=2281510", "https://bugzilla.redhat.com/show_bug.cgi?id=2281519", "https://bugzilla.redhat.com/show_bug.cgi?id=2281636", "https://bugzilla.redhat.com/show_bug.cgi?id=2281641", "https://bugzilla.redhat.com/show_bug.cgi?id=2281664", "https://bugzilla.redhat.com/show_bug.cgi?id=2281667", "https://bugzilla.redhat.com/show_bug.cgi?id=2281672", "https://bugzilla.redhat.com/show_bug.cgi?id=2281675", "https://bugzilla.redhat.com/show_bug.cgi?id=2281682", "https://bugzilla.redhat.com/show_bug.cgi?id=2281725", "https://bugzilla.redhat.com/show_bug.cgi?id=2281752", "https://bugzilla.redhat.com/show_bug.cgi?id=2281758", "https://bugzilla.redhat.com/show_bug.cgi?id=2281819", "https://bugzilla.redhat.com/show_bug.cgi?id=2281821", "https://bugzilla.redhat.com/show_bug.cgi?id=2281833", "https://bugzilla.redhat.com/show_bug.cgi?id=2281938", "https://bugzilla.redhat.com/show_bug.cgi?id=2281949", "https://bugzilla.redhat.com/show_bug.cgi?id=2281968", "https://bugzilla.redhat.com/show_bug.cgi?id=2281989", "https://bugzilla.redhat.com/show_bug.cgi?id=2282328", "https://bugzilla.redhat.com/show_bug.cgi?id=2282373", "https://bugzilla.redhat.com/show_bug.cgi?id=2282479", "https://bugzilla.redhat.com/show_bug.cgi?id=2282553", "https://bugzilla.redhat.com/show_bug.cgi?id=2282615", "https://bugzilla.redhat.com/show_bug.cgi?id=2282623", "https://bugzilla.redhat.com/show_bug.cgi?id=2282640", "https://bugzilla.redhat.com/show_bug.cgi?id=2282642", "https://bugzilla.redhat.com/show_bug.cgi?id=2282645", "https://bugzilla.redhat.com/show_bug.cgi?id=2282690", "https://bugzilla.redhat.com/show_bug.cgi?id=2282717", "https://bugzilla.redhat.com/show_bug.cgi?id=2282719", "https://bugzilla.redhat.com/show_bug.cgi?id=2282727", "https://bugzilla.redhat.com/show_bug.cgi?id=2282742", "https://bugzilla.redhat.com/show_bug.cgi?id=2282743", "https://bugzilla.redhat.com/show_bug.cgi?id=2282744", "https://bugzilla.redhat.com/show_bug.cgi?id=2282759", "https://bugzilla.redhat.com/show_bug.cgi?id=2282763", "https://bugzilla.redhat.com/show_bug.cgi?id=2282766", "https://bugzilla.redhat.com/show_bug.cgi?id=2282772", "https://bugzilla.redhat.com/show_bug.cgi?id=2282780", "https://bugzilla.redhat.com/show_bug.cgi?id=2282887", "https://bugzilla.redhat.com/show_bug.cgi?id=2282896", "https://bugzilla.redhat.com/show_bug.cgi?id=2282923", "https://bugzilla.redhat.com/show_bug.cgi?id=2282925", "https://bugzilla.redhat.com/show_bug.cgi?id=2282950", "https://bugzilla.redhat.com/show_bug.cgi?id=2283401", "https://bugzilla.redhat.com/show_bug.cgi?id=2283894", "https://bugzilla.redhat.com/show_bug.cgi?id=2284400", "https://bugzilla.redhat.com/show_bug.cgi?id=2284417", "https://bugzilla.redhat.com/show_bug.cgi?id=2284421", "https://bugzilla.redhat.com/show_bug.cgi?id=2284465", "https://bugzilla.redhat.com/show_bug.cgi?id=2284474", "https://bugzilla.redhat.com/show_bug.cgi?id=2284477", "https://bugzilla.redhat.com/show_bug.cgi?id=2284488", "https://bugzilla.redhat.com/show_bug.cgi?id=2284496", "https://bugzilla.redhat.com/show_bug.cgi?id=2284500", "https://bugzilla.redhat.com/show_bug.cgi?id=2284513", "https://bugzilla.redhat.com/show_bug.cgi?id=2284519", "https://bugzilla.redhat.com/show_bug.cgi?id=2284539", "https://bugzilla.redhat.com/show_bug.cgi?id=2284541", "https://bugzilla.redhat.com/show_bug.cgi?id=2284556", "https://bugzilla.redhat.com/show_bug.cgi?id=2284571", "https://bugzilla.redhat.com/show_bug.cgi?id=2284590", "https://bugzilla.redhat.com/show_bug.cgi?id=2284625", "https://bugzilla.redhat.com/show_bug.cgi?id=2290408", "https://bugzilla.redhat.com/show_bug.cgi?id=2292331", "https://bugzilla.redhat.com/show_bug.cgi?id=2293078", "https://bugzilla.redhat.com/show_bug.cgi?id=2293250", "https://bugzilla.redhat.com/show_bug.cgi?id=2293276", "https://bugzilla.redhat.com/show_bug.cgi?id=2293312", "https://bugzilla.redhat.com/show_bug.cgi?id=2293316", "https://bugzilla.redhat.com/show_bug.cgi?id=2293348", "https://bugzilla.redhat.com/show_bug.cgi?id=2293367", "https://bugzilla.redhat.com/show_bug.cgi?id=2293371", "https://bugzilla.redhat.com/show_bug.cgi?id=2293383", "https://bugzilla.redhat.com/show_bug.cgi?id=2293418", "https://bugzilla.redhat.com/show_bug.cgi?id=2293420", "https://bugzilla.redhat.com/show_bug.cgi?id=2293444", "https://bugzilla.redhat.com/show_bug.cgi?id=2293461", "https://bugzilla.redhat.com/show_bug.cgi?id=2293653", "https://bugzilla.redhat.com/show_bug.cgi?id=2293657", "https://bugzilla.redhat.com/show_bug.cgi?id=2293684", "https://bugzilla.redhat.com/show_bug.cgi?id=2293687", "https://bugzilla.redhat.com/show_bug.cgi?id=2293700", "https://bugzilla.redhat.com/show_bug.cgi?id=2293711", "https://bugzilla.redhat.com/show_bug.cgi?id=2294274", "https://bugzilla.redhat.com/show_bug.cgi?id=2295914", "https://bugzilla.redhat.com/show_bug.cgi?id=2296067", "https://bugzilla.redhat.com/show_bug.cgi?id=2297056", "https://bugzilla.redhat.com/show_bug.cgi?id=2297474", "https://bugzilla.redhat.com/show_bug.cgi?id=2297558", "https://bugzilla.redhat.com/show_bug.cgi?id=2298108", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46939", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47018", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47257", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47284", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47373", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47408", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47461", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47491", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47548", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47579", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47624", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48743", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48747", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48757", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52451", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52463", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52471", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52486", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52530", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52619", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52622", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52623", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52653", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52658", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52662", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52679", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52707", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52730", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52756", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52762", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52764", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52775", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52777", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52784", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52811", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52832", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52834", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52845", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21823", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26586", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26614", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26660", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26669", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26686", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26698", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26704", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26733", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26740", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26772", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26773", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26802", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26810", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26837", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26840", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26843", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26852", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26870", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26878", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26908", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26921", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26925", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26940", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26958", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26960", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27011", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27019", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27020", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27025", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27065", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27388", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31076", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33621", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35801", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35807", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35810", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35814", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35823", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35824", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35876", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35893", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35896", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35897", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35899", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35900", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35910", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35912", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35924", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35925", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35930", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35937", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35938", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35946", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35947", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35952", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36000", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36005", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36006", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36010", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36016", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36017", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36020", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36025", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36270", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36489", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36886", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36889", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36896", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36904", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36905", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36917", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36921", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36927", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36929", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36933", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36940", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36941", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36945", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36950", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36954", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36960", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36971", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36978", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36979", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38555", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38573", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38596", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38598", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38615", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38627", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39276", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39476", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39487", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39502", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40927", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40974", "https://errata.almalinux.org/8/ALSA-2024-5102.html", "https://errata.rockylinux.org/RLSA-2024:5101", "https://git.kernel.org/linus/86a1471d7cde792941109b93b558b5dc078b9ee9 (6.9-rc5)", "https://git.kernel.org/stable/c/49d0e656d19dfb2d4d7c230e4a720d37b3decff6", "https://git.kernel.org/stable/c/86a1471d7cde792941109b93b558b5dc078b9ee9", "https://git.kernel.org/stable/c/a1bd2a38a1c6388fc8556816dc203c3e9dc52237", "https://linux.oracle.com/cve/CVE-2024-27011.html", "https://linux.oracle.com/errata/ELSA-2024-9315.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/", "https://lore.kernel.org/linux-cve-announce/2024050148-CVE-2024-27011-2c70@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-27011", "https://ubuntu.com/security/notices/USN-6893-1", "https://ubuntu.com/security/notices/USN-6893-2", "https://ubuntu.com/security/notices/USN-6893-3", "https://ubuntu.com/security/notices/USN-6918-1", "https://www.cve.org/CVERecord?id=CVE-2024-27011" ], "PublishedDate": "2024-05-01T06:15:19.583Z", "LastModifiedDate": "2025-11-04T18:16:10.753Z" }, { "VulnerabilityID": "CVE-2024-35868", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-35868", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:158a72ea2e90831e7c63c177a7e0c34b1a711697ca847474420703408f9e4682", "Title": "kernel: smb: client: fix potential UAF in cifs_stats_proc_write()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF in cifs_stats_proc_write()\n\nSkip sessions that are being teared down (status == SES_EXITING) to\navoid UAF.", "Severity": "LOW", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 2, "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-35868", "https://git.kernel.org/linus/d3da25c5ac84430f89875ca7485a3828150a7e0a (6.9-rc3)", "https://git.kernel.org/stable/c/5b5475ce69f02ecc1b13ea23106e5b89c690429b", "https://git.kernel.org/stable/c/8fefd166fcb368c5fcf48238e3f7c8af829e0a72", "https://git.kernel.org/stable/c/cf03020c56d3ed28c4942280957a007b5e9544f7", "https://git.kernel.org/stable/c/d3da25c5ac84430f89875ca7485a3828150a7e0a", "https://lore.kernel.org/linux-cve-announce/2024051940-CVE-2024-35868-be7a@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-35868", "https://ubuntu.com/security/notices/USN-6893-1", "https://ubuntu.com/security/notices/USN-6893-2", "https://ubuntu.com/security/notices/USN-6893-3", "https://ubuntu.com/security/notices/USN-6918-1", "https://www.cve.org/CVERecord?id=CVE-2024-35868" ], "PublishedDate": "2024-05-19T09:15:08.267Z", "LastModifiedDate": "2024-12-30T17:37:00.887Z" }, { "VulnerabilityID": "CVE-2024-41014", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-41014", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2fb51a7ce07d95746acda2cb84f80b6e60667dcd34ee07614df980b624bb5a2f", "Title": "kernel: xfs: add bounds checking to xlog_recover_process_data", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: add bounds checking to xlog_recover_process_data\n\nThere is a lack of verification of the space occupied by fixed members\nof xlog_op_header in the xlog_recover_process_data.\n\nWe can create a crafted image to trigger an out of bounds read by\nfollowing these steps:\n 1) Mount an image of xfs, and do some file operations to leave records\n 2) Before umounting, copy the image for subsequent steps to simulate\n abnormal exit. Because umount will ensure that tail_blk and\n head_blk are the same, which will result in the inability to enter\n xlog_recover_process_data\n 3) Write a tool to parse and modify the copied image in step 2\n 4) Make the end of the xlog_op_header entries only 1 byte away from\n xlog_rec_header-\u003eh_size\n 5) xlog_rec_header-\u003eh_num_logops++\n 6) Modify xlog_rec_header-\u003eh_crc\n\nFix:\nAdd a check to make sure there is sufficient space to access fixed members\nof xlog_op_header.", "Severity": "LOW", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "alma": 2, "amazon": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:8617", "https://access.redhat.com/security/cve/CVE-2024-41014", "https://bugzilla.redhat.com/2268118", "https://bugzilla.redhat.com/2270100", "https://bugzilla.redhat.com/2275604", "https://bugzilla.redhat.com/2277171", "https://bugzilla.redhat.com/2278176", "https://bugzilla.redhat.com/2278235", "https://bugzilla.redhat.com/2282357", "https://bugzilla.redhat.com/2293654", "https://bugzilla.redhat.com/2296067", "https://bugzilla.redhat.com/2297476", "https://bugzilla.redhat.com/2297488", "https://bugzilla.redhat.com/2297515", "https://bugzilla.redhat.com/2297544", "https://bugzilla.redhat.com/2297556", "https://bugzilla.redhat.com/2297561", "https://bugzilla.redhat.com/2297579", "https://bugzilla.redhat.com/2297582", "https://bugzilla.redhat.com/2297589", "https://bugzilla.redhat.com/2300296", "https://bugzilla.redhat.com/2300297", "https://bugzilla.redhat.com/2311715", "https://bugzilla.redhat.com/show_bug.cgi?id=2268118", "https://bugzilla.redhat.com/show_bug.cgi?id=2270100", "https://bugzilla.redhat.com/show_bug.cgi?id=2275604", "https://bugzilla.redhat.com/show_bug.cgi?id=2277171", "https://bugzilla.redhat.com/show_bug.cgi?id=2278176", "https://bugzilla.redhat.com/show_bug.cgi?id=2278235", "https://bugzilla.redhat.com/show_bug.cgi?id=2282357", "https://bugzilla.redhat.com/show_bug.cgi?id=2293654", "https://bugzilla.redhat.com/show_bug.cgi?id=2296067", "https://bugzilla.redhat.com/show_bug.cgi?id=2297476", "https://bugzilla.redhat.com/show_bug.cgi?id=2297488", "https://bugzilla.redhat.com/show_bug.cgi?id=2297515", "https://bugzilla.redhat.com/show_bug.cgi?id=2297544", "https://bugzilla.redhat.com/show_bug.cgi?id=2297556", "https://bugzilla.redhat.com/show_bug.cgi?id=2297561", "https://bugzilla.redhat.com/show_bug.cgi?id=2297579", "https://bugzilla.redhat.com/show_bug.cgi?id=2297582", "https://bugzilla.redhat.com/show_bug.cgi?id=2297589", "https://bugzilla.redhat.com/show_bug.cgi?id=2300296", "https://bugzilla.redhat.com/show_bug.cgi?id=2300297", "https://bugzilla.redhat.com/show_bug.cgi?id=2311715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47383", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2201", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26640", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26923", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26935", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36244", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39472", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39504", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40904", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40931", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40960", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40972", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40977", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40995", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40998", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41005", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41013", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43854", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45018", "https://errata.almalinux.org/9/ALSA-2024-8617.html", "https://errata.rockylinux.org/RLSA-2024:8617", "https://git.kernel.org/linus/fb63435b7c7dc112b1ae1baea5486e0a6e27b196 (6.11-rc1)", "https://git.kernel.org/stable/c/7cd9f0a33e738cd58876f1bc8d6c1aa5bc4fc8c1", "https://git.kernel.org/stable/c/d1e3efe783365db59da88f08a2e0bfe1cc95b143", "https://git.kernel.org/stable/c/fb63435b7c7dc112b1ae1baea5486e0a6e27b196", "https://linux.oracle.com/cve/CVE-2024-41014.html", "https://linux.oracle.com/errata/ELSA-2024-8617.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024072910-CVE-2024-41014-9186@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-41014", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2024-41014" ], "PublishedDate": "2024-07-29T07:15:05.81Z", "LastModifiedDate": "2025-11-03T21:16:16.867Z" }, { "VulnerabilityID": "CVE-2024-47691", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-164.174", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-47691", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:49bd8b74bbb15dd66e3c31aeb342230ff3ef6a29afa7c1f87fc9d53aa573fcd2", "Title": "kernel: f2fs: fix to avoid use-after-free in f2fs_stop_gc_thread()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid use-after-free in f2fs_stop_gc_thread()\n\nsyzbot reports a f2fs bug as below:\n\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n print_report+0xe8/0x550 mm/kasan/report.c:491\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n kasan_check_range+0x282/0x290 mm/kasan/generic.c:189\n instrument_atomic_read_write include/linux/instrumented.h:96 [inline]\n atomic_fetch_add_relaxed include/linux/atomic/atomic-instrumented.h:252 [inline]\n __refcount_add include/linux/refcount.h:184 [inline]\n __refcount_inc include/linux/refcount.h:241 [inline]\n refcount_inc include/linux/refcount.h:258 [inline]\n get_task_struct include/linux/sched/task.h:118 [inline]\n kthread_stop+0xca/0x630 kernel/kthread.c:704\n f2fs_stop_gc_thread+0x65/0xb0 fs/f2fs/gc.c:210\n f2fs_do_shutdown+0x192/0x540 fs/f2fs/file.c:2283\n f2fs_ioc_shutdown fs/f2fs/file.c:2325 [inline]\n __f2fs_ioctl+0x443a/0xbe60 fs/f2fs/file.c:4325\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nThe root cause is below race condition, it may cause use-after-free\nissue in sbi-\u003egc_th pointer.\n\n- remount\n - f2fs_remount\n - f2fs_stop_gc_thread\n - kfree(gc_th)\n\t\t\t\t- f2fs_ioc_shutdown\n\t\t\t\t - f2fs_do_shutdown\n\t\t\t\t - f2fs_stop_gc_thread\n\t\t\t\t - kthread_stop(gc_th-\u003ef2fs_gc_task)\n : sbi-\u003egc_thread = NULL;\n\nWe will call f2fs_do_shutdown() in two paths:\n- for f2fs_ioc_shutdown() path, we should grab sb-\u003es_umount semaphore\nfor fixing.\n- for f2fs_shutdown() path, it's safe since caller has already grabbed\nsb-\u003es_umount semaphore.", "Severity": "LOW", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 3, "nvd": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-47691", "https://git.kernel.org/linus/c7f114d864ac91515bb07ac271e9824a20f5ed95 (6.12-rc1)", "https://git.kernel.org/stable/c/7c339dee7eb0f8e4cadc317c595f898ef04dae30", "https://git.kernel.org/stable/c/c7f114d864ac91515bb07ac271e9824a20f5ed95", "https://git.kernel.org/stable/c/d79343cd66343709e409d96b2abb139a0a55ce34", "https://git.kernel.org/stable/c/fc18e655b62ac6bc9f12f5de0d749b4a3fe1e812", "https://lore.kernel.org/linux-cve-announce/2024102111-CVE-2024-47691-ab21@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-47691", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7301-1", "https://ubuntu.com/security/notices/USN-7303-1", "https://ubuntu.com/security/notices/USN-7303-2", "https://ubuntu.com/security/notices/USN-7303-3", "https://ubuntu.com/security/notices/USN-7304-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7311-1", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7922-1", "https://ubuntu.com/security/notices/USN-7922-2", "https://ubuntu.com/security/notices/USN-7922-3", "https://ubuntu.com/security/notices/USN-7922-4", "https://ubuntu.com/security/notices/USN-7922-5", "https://ubuntu.com/security/notices/USN-7928-1", "https://ubuntu.com/security/notices/USN-7928-2", "https://ubuntu.com/security/notices/USN-7928-3", "https://ubuntu.com/security/notices/USN-7928-4", "https://ubuntu.com/security/notices/USN-7928-5", "https://ubuntu.com/security/notices/USN-7938-1", "https://ubuntu.com/security/notices/USN-7939-1", "https://ubuntu.com/security/notices/USN-7939-2", "https://www.cve.org/CVERecord?id=CVE-2024-47691" ], "PublishedDate": "2024-10-21T12:15:05.88Z", "LastModifiedDate": "2024-10-23T20:42:31.223Z" }, { "VulnerabilityID": "CVE-2024-49934", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49934", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:54879ea48ec3c042f54bdf409eed87a7df50a985efb5e80d567e6163cb7d2f22", "Title": "kernel: fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name\n\nIt's observed that a crash occurs during hot-remove a memory device,\nin which user is accessing the hugetlb. See calltrace as following:\n\n------------[ cut here ]------------\nWARNING: CPU: 1 PID: 14045 at arch/x86/mm/fault.c:1278 do_user_addr_fault+0x2a0/0x790\nModules linked in: kmem device_dax cxl_mem cxl_pmem cxl_port cxl_pci dax_hmem dax_pmem nd_pmem cxl_acpi nd_btt cxl_core crc32c_intel nvme virtiofs fuse nvme_core nfit libnvdimm dm_multipath scsi_dh_rdac scsi_dh_emc s\nmirror dm_region_hash dm_log dm_mod\nCPU: 1 PID: 14045 Comm: daxctl Not tainted 6.10.0-rc2-lizhijian+ #492\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nRIP: 0010:do_user_addr_fault+0x2a0/0x790\nCode: 48 8b 00 a8 04 0f 84 b5 fe ff ff e9 1c ff ff ff 4c 89 e9 4c 89 e2 be 01 00 00 00 bf 02 00 00 00 e8 b5 ef 24 00 e9 42 fe ff ff \u003c0f\u003e 0b 48 83 c4 08 4c 89 ea 48 89 ee 4c 89 e7 5b 5d 41 5c 41 5d 41\nRSP: 0000:ffffc90000a575f0 EFLAGS: 00010046\nRAX: ffff88800c303600 RBX: 0000000000000000 RCX: 0000000000000000\nRDX: 0000000000001000 RSI: ffffffff82504162 RDI: ffffffff824b2c36\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffc90000a57658\nR13: 0000000000001000 R14: ffff88800bc2e040 R15: 0000000000000000\nFS: 00007f51cb57d880(0000) GS:ffff88807fd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000001000 CR3: 00000000072e2004 CR4: 00000000001706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? __warn+0x8d/0x190\n ? do_user_addr_fault+0x2a0/0x790\n ? report_bug+0x1c3/0x1d0\n ? handle_bug+0x3c/0x70\n ? exc_invalid_op+0x14/0x70\n ? asm_exc_invalid_op+0x16/0x20\n ? do_user_addr_fault+0x2a0/0x790\n ? exc_page_fault+0x31/0x200\n exc_page_fault+0x68/0x200\n\u003c...snip...\u003e\nBUG: unable to handle page fault for address: 0000000000001000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 800000000ad92067 P4D 800000000ad92067 PUD 7677067 PMD 0\n Oops: Oops: 0000 [#1] PREEMPT SMP PTI\n ---[ end trace 0000000000000000 ]---\n BUG: unable to handle page fault for address: 0000000000001000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 800000000ad92067 P4D 800000000ad92067 PUD 7677067 PMD 0\n Oops: Oops: 0000 [#1] PREEMPT SMP PTI\n CPU: 1 PID: 14045 Comm: daxctl Kdump: loaded Tainted: G W 6.10.0-rc2-lizhijian+ #492\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\n RIP: 0010:dentry_name+0x1f4/0x440\n\u003c...snip...\u003e\n? dentry_name+0x2fa/0x440\nvsnprintf+0x1f3/0x4f0\nvprintk_store+0x23a/0x540\nvprintk_emit+0x6d/0x330\n_printk+0x58/0x80\ndump_mapping+0x10b/0x1a0\n? __pfx_free_object_rcu+0x10/0x10\n__dump_page+0x26b/0x3e0\n? vprintk_emit+0xe0/0x330\n? _printk+0x58/0x80\n? dump_page+0x17/0x50\ndump_page+0x17/0x50\ndo_migrate_range+0x2f7/0x7f0\n? do_migrate_range+0x42/0x7f0\n? offline_pages+0x2f4/0x8c0\noffline_pages+0x60a/0x8c0\nmemory_subsys_offline+0x9f/0x1c0\n? lockdep_hardirqs_on+0x77/0x100\n? _raw_spin_unlock_irqrestore+0x38/0x60\ndevice_offline+0xe3/0x110\nstate_store+0x6e/0xc0\nkernfs_fop_write_iter+0x143/0x200\nvfs_write+0x39f/0x560\nksys_write+0x65/0xf0\ndo_syscall_64+0x62/0x130\n\nPreviously, some sanity check have been done in dump_mapping() before\nthe print facility parsing '%pd' though, it's still possible to run into\nan invalid dentry.d_name.name.\n\nSince dump_mapping() only needs to dump the filename only, retrieve it\nby itself in a safer way to prevent an unnecessary crash.\n\nNote that either retrieving the filename with '%pd' or\nstrncpy_from_kernel_nofault(), the filename could be unreliable.", "Severity": "LOW", "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49934", "https://git.kernel.org/linus/7f7b850689ac06a62befe26e1fd1806799e7f152 (6.12-rc1)", "https://git.kernel.org/stable/c/1a4159138e718db6199f0abf376ad52f726dcc5c", "https://git.kernel.org/stable/c/7f7b850689ac06a62befe26e1fd1806799e7f152", "https://git.kernel.org/stable/c/e0f6ee75f50476607ca82fc7c3711c795ce09b52", "https://git.kernel.org/stable/c/ef921bc72328b577cb45772ff7921cba4773b74a", "https://git.kernel.org/stable/c/f92b8829c6e75632de4e2b9f70e7a7e6c5c2ba98", "https://linux.oracle.com/cve/CVE-2024-49934.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024102126-CVE-2024-49934-0ac9@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49934", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7301-1", "https://ubuntu.com/security/notices/USN-7303-1", "https://ubuntu.com/security/notices/USN-7303-2", "https://ubuntu.com/security/notices/USN-7303-3", "https://ubuntu.com/security/notices/USN-7304-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7311-1", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://www.cve.org/CVERecord?id=CVE-2024-49934" ], "PublishedDate": "2024-10-21T18:15:15.273Z", "LastModifiedDate": "2025-11-03T21:16:38.32Z" }, { "VulnerabilityID": "CVE-2024-49968", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-173.183", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-49968", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d4d36de5aaf307ba539ee1b39f9647d7e5086a0d5cfdad63c08cb640220ab3b9", "Title": "kernel: ext4: filesystems without casefold feature cannot be mounted with siphash", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: filesystems without casefold feature cannot be mounted with siphash\n\nWhen mounting the ext4 filesystem, if the default hash version is set to\nDX_HASH_SIPHASH but the casefold feature is not set, exit the mounting.", "Severity": "LOW", "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-49968", "https://git.kernel.org/linus/985b67cd86392310d9e9326de941c22fc9340eec (6.12-rc1)", "https://git.kernel.org/stable/c/11bd1c279bac701ba91119875796ffff3b98250e", "https://git.kernel.org/stable/c/52c4538a92da6f3242d4140c03ddc5ee71b39ba8", "https://git.kernel.org/stable/c/86b81d4eab1cd4c56f7447896232cf33472c2395", "https://git.kernel.org/stable/c/985b67cd86392310d9e9326de941c22fc9340eec", "https://git.kernel.org/stable/c/e1373903db6c4ac994de0d18076280ad88e12dee", "https://linux.oracle.com/cve/CVE-2024-49968.html", "https://linux.oracle.com/errata/ELSA-2026-50145.html", "https://lore.kernel.org/linux-cve-announce/2024102133-CVE-2024-49968-ce10@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-49968", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7383-1", "https://ubuntu.com/security/notices/USN-7383-2", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://ubuntu.com/security/notices/USN-8096-1", "https://ubuntu.com/security/notices/USN-8096-2", "https://ubuntu.com/security/notices/USN-8096-3", "https://ubuntu.com/security/notices/USN-8096-4", "https://ubuntu.com/security/notices/USN-8096-5", "https://ubuntu.com/security/notices/USN-8116-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2024-49968" ], "PublishedDate": "2024-10-21T18:15:17.833Z", "LastModifiedDate": "2026-01-19T13:16:07.507Z" }, { "VulnerabilityID": "CVE-2024-50009", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-50009", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5a66cea280678382cb0226041ba73469381a4de24f69409da68758b32fe83e81", "Title": "kernel: cpufreq: amd-pstate: add check for cpufreq_cpu_get\u0026#39;s return value", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: amd-pstate: add check for cpufreq_cpu_get's return value\n\ncpufreq_cpu_get may return NULL. To avoid NULL-dereference check it\nand return in case of error.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", "Severity": "LOW", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 2, "redhat": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-50009", "https://git.kernel.org/linus/5493f9714e4cdaf0ee7cec15899a231400cb1a9f (6.12-rc1)", "https://git.kernel.org/stable/c/5493f9714e4cdaf0ee7cec15899a231400cb1a9f", "https://git.kernel.org/stable/c/5f250d44b8191d612355dd97b89b37bbc1b5d2cb", "https://git.kernel.org/stable/c/cd9f7bf6cad8b2d3876105ce3c9fc63460a046f6", "https://linux.oracle.com/cve/CVE-2024-50009.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lore.kernel.org/linux-cve-announce/2024102109-CVE-2024-50009-1b62@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-50009", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7383-1", "https://ubuntu.com/security/notices/USN-7383-2", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-50009" ], "PublishedDate": "2024-10-21T19:15:04.437Z", "LastModifiedDate": "2025-02-02T11:15:10.45Z" }, { "VulnerabilityID": "CVE-2024-50183", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-50183", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:26228159bdaca4a124742ba43f00877a30056116ad5f3e9ef7b17fffad94dc98", "Title": "kernel: scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance\n\nDeleting an NPIV instance requires all fabric ndlps to be released before\nan NPIV's resources can be torn down. Failure to release fabric ndlps\nbeforehand opens kref imbalance race conditions. Fix by forcing the DA_ID\nto complete synchronously with usage of wait_queue.", "Severity": "LOW", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-50183", "https://git.kernel.org/linus/0a3c84f71680684c1d41abb92db05f95c09111e8 (6.12-rc1)", "https://git.kernel.org/stable/c/0857b1c573c0b095aa778bb26d8b3378172471b6", "https://git.kernel.org/stable/c/0a3c84f71680684c1d41abb92db05f95c09111e8", "https://git.kernel.org/stable/c/0ef6e016eb53fad6dc44c3253945efb43a3486b9", "https://git.kernel.org/stable/c/bbc525409bfe8e5bff12f5d18d550ab3e52cdbef", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024110833-CVE-2024-50183-8165@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-50183", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7383-1", "https://ubuntu.com/security/notices/USN-7383-2", "https://ubuntu.com/security/notices/USN-7384-1", "https://ubuntu.com/security/notices/USN-7384-2", "https://ubuntu.com/security/notices/USN-7385-1", "https://ubuntu.com/security/notices/USN-7386-1", "https://ubuntu.com/security/notices/USN-7403-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-50183" ], "PublishedDate": "2024-11-08T06:15:15.52Z", "LastModifiedDate": "2025-11-03T23:16:58.697Z" }, { "VulnerabilityID": "CVE-2024-50217", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-50217", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ec2e383340dbb53c89e92e33c81f85f2790cec4db090f7785fb3291ec1d3be15", "Title": "kernel: btrfs: fix use-after-free of block device file in __btrfs_free_extra_devids()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix use-after-free of block device file in __btrfs_free_extra_devids()\n\nMounting btrfs from two images (which have the same one fsid and two\ndifferent dev_uuids) in certain executing order may trigger an UAF for\nvariable 'device-\u003ebdev_file' in __btrfs_free_extra_devids(). And\nfollowing are the details:\n\n1. Attach image_1 to loop0, attach image_2 to loop1, and scan btrfs\n devices by ioctl(BTRFS_IOC_SCAN_DEV):\n\n / btrfs_device_1 → loop0\n fs_device\n \\ btrfs_device_2 → loop1\n2. mount /dev/loop0 /mnt\n btrfs_open_devices\n btrfs_device_1-\u003ebdev_file = btrfs_get_bdev_and_sb(loop0)\n btrfs_device_2-\u003ebdev_file = btrfs_get_bdev_and_sb(loop1)\n btrfs_fill_super\n open_ctree\n fail: btrfs_close_devices // -ENOMEM\n\t btrfs_close_bdev(btrfs_device_1)\n fput(btrfs_device_1-\u003ebdev_file)\n\t // btrfs_device_1-\u003ebdev_file is freed\n\t btrfs_close_bdev(btrfs_device_2)\n fput(btrfs_device_2-\u003ebdev_file)\n\n3. mount /dev/loop1 /mnt\n btrfs_open_devices\n btrfs_get_bdev_and_sb(\u0026bdev_file)\n // EIO, btrfs_device_1-\u003ebdev_file is not assigned,\n // which points to a freed memory area\n btrfs_device_2-\u003ebdev_file = btrfs_get_bdev_and_sb(loop1)\n btrfs_fill_super\n open_ctree\n btrfs_free_extra_devids\n if (btrfs_device_1-\u003ebdev_file)\n fput(btrfs_device_1-\u003ebdev_file) // UAF !\n\nFix it by setting 'device-\u003ebdev_file' as 'NULL' after closing the\nbtrfs_device in btrfs_close_one_device().", "Severity": "LOW", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/10/4", "http://www.openwall.com/lists/oss-security/2025/04/10/5", "http://www.openwall.com/lists/oss-security/2025/04/10/6", "https://access.redhat.com/security/cve/CVE-2024-50217", "https://git.kernel.org/linus/aec8e6bf839101784f3ef037dcdb9432c3f32343 (6.12-rc6)", "https://git.kernel.org/stable/c/47a83f8df39545f3f552bb6a1b6d9c30e37621dd", "https://git.kernel.org/stable/c/aec8e6bf839101784f3ef037dcdb9432c3f32343", "https://lore.kernel.org/linux-cve-announce/2024110924-CVE-2024-50217-2815@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-50217", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://www.cve.org/CVERecord?id=CVE-2024-50217" ], "PublishedDate": "2024-11-09T11:15:07.103Z", "LastModifiedDate": "2025-04-11T01:15:52.283Z" }, { "VulnerabilityID": "CVE-2024-53093", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-53093", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:dc4389af11d113033a0ee83409b8940625be0869e7e53d5bae2d84a5a2851ceb", "Title": "kernel: nvme-multipath: defer partition scanning", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-multipath: defer partition scanning\n\nWe need to suppress the partition scan from occuring within the\ncontroller's scan_work context. If a path error occurs here, the IO will\nwait until a path becomes available or all paths are torn down, but that\naction also occurs within scan_work, so it would deadlock. Defer the\npartion scan to a different context that does not block scan_work.", "Severity": "LOW", "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-53093", "https://git.kernel.org/linus/1f021341eef41e77a633186e9be5223de2ce5d48 (6.12-rc4)", "https://git.kernel.org/stable/c/1f021341eef41e77a633186e9be5223de2ce5d48", "https://git.kernel.org/stable/c/4a57f42e5ed42cb8f1beb262c4f6d3e698939e4e", "https://git.kernel.org/stable/c/60de2e03f984cfbcdc12fa552f95087c35a05a98", "https://git.kernel.org/stable/c/a91b7eddf45afeeb9c5ece11dddff5de0921b00f", "https://linux.oracle.com/cve/CVE-2024-53093.html", "https://linux.oracle.com/errata/ELSA-2025-6966.html", "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "https://lore.kernel.org/linux-cve-announce/2024112152-CVE-2024-53093-f854@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-53093", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-53093" ], "PublishedDate": "2024-11-21T19:15:12.53Z", "LastModifiedDate": "2025-11-03T23:17:19.277Z" }, { "VulnerabilityID": "CVE-2024-53218", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-164.174", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-53218", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5f3d7571f4b29af52c78d44408b4cb1cabde255016a20bb42b90961630472f25", "Title": "kernel: f2fs: fix race in concurrent f2fs_stop_gc_thread", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix race in concurrent f2fs_stop_gc_thread\n\nIn my test case, concurrent calls to f2fs shutdown report the following\nstack trace:\n\n Oops: general protection fault, probably for non-canonical address 0xc6cfff63bb5513fc: 0000 [#1] PREEMPT SMP PTI\n CPU: 0 UID: 0 PID: 678 Comm: f2fs_rep_shutdo Not tainted 6.12.0-rc5-next-20241029-g6fb2fa9805c5-dirty #85\n Call Trace:\n \u003cTASK\u003e\n ? show_regs+0x8b/0xa0\n ? __die_body+0x26/0xa0\n ? die_addr+0x54/0x90\n ? exc_general_protection+0x24b/0x5c0\n ? asm_exc_general_protection+0x26/0x30\n ? kthread_stop+0x46/0x390\n f2fs_stop_gc_thread+0x6c/0x110\n f2fs_do_shutdown+0x309/0x3a0\n f2fs_ioc_shutdown+0x150/0x1c0\n __f2fs_ioctl+0xffd/0x2ac0\n f2fs_ioctl+0x76/0xe0\n vfs_ioctl+0x23/0x60\n __x64_sys_ioctl+0xce/0xf0\n x64_sys_call+0x2b1b/0x4540\n do_syscall_64+0xa7/0x240\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe root cause is a race condition in f2fs_stop_gc_thread() called from\ndifferent f2fs shutdown paths:\n\n [CPU0] [CPU1]\n ---------------------- -----------------------\n f2fs_stop_gc_thread f2fs_stop_gc_thread\n gc_th = sbi-\u003egc_thread\n gc_th = sbi-\u003egc_thread\n kfree(gc_th)\n sbi-\u003egc_thread = NULL\n \u003c gc_th != NULL \u003e\n kthread_stop(gc_th-\u003ef2fs_gc_task) //UAF\n\nThe commit c7f114d864ac (\"f2fs: fix to avoid use-after-free in\nf2fs_stop_gc_thread()\") attempted to fix this issue by using a read\nsemaphore to prevent races between shutdown and remount threads, but\nit fails to prevent all race conditions.\n\nFix it by converting to write lock of s_umount in f2fs_do_shutdown().", "Severity": "LOW", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "oracle-oval": 3, "redhat": 3, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-53218", "https://git.kernel.org/linus/7b0033dbc48340a1c1c3f12448ba17d6587ca092 (6.13-rc1)", "https://git.kernel.org/stable/c/60457ed6c67625c87861f96912b4179dc2293896", "https://git.kernel.org/stable/c/794fa8792d4eacac191f1cbcc2e81b7369e4662a", "https://git.kernel.org/stable/c/7b0033dbc48340a1c1c3f12448ba17d6587ca092", "https://git.kernel.org/stable/c/c631207897a9b3d41167ceca58e07f8f94720e42", "https://linux.oracle.com/cve/CVE-2024-53218.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2024122732-CVE-2024-53218-4330@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-53218", "https://ubuntu.com/security/notices/USN-7276-1", "https://ubuntu.com/security/notices/USN-7277-1", "https://ubuntu.com/security/notices/USN-7310-1", "https://ubuntu.com/security/notices/USN-7449-1", "https://ubuntu.com/security/notices/USN-7449-2", "https://ubuntu.com/security/notices/USN-7450-1", "https://ubuntu.com/security/notices/USN-7451-1", "https://ubuntu.com/security/notices/USN-7452-1", "https://ubuntu.com/security/notices/USN-7453-1", "https://ubuntu.com/security/notices/USN-7468-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://ubuntu.com/security/notices/USN-7922-1", "https://ubuntu.com/security/notices/USN-7922-2", "https://ubuntu.com/security/notices/USN-7922-3", "https://ubuntu.com/security/notices/USN-7922-4", "https://ubuntu.com/security/notices/USN-7922-5", "https://ubuntu.com/security/notices/USN-7928-1", "https://ubuntu.com/security/notices/USN-7928-2", "https://ubuntu.com/security/notices/USN-7928-3", "https://ubuntu.com/security/notices/USN-7928-4", "https://ubuntu.com/security/notices/USN-7928-5", "https://ubuntu.com/security/notices/USN-7938-1", "https://ubuntu.com/security/notices/USN-7939-1", "https://ubuntu.com/security/notices/USN-7939-2", "https://www.cve.org/CVERecord?id=CVE-2024-53218" ], "PublishedDate": "2024-12-27T14:15:29.84Z", "LastModifiedDate": "2025-03-24T17:33:42.043Z" }, { "VulnerabilityID": "CVE-2024-58237", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58237", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2a4d5cc63656697da09e9178f70b080e05b43c54d909fb4e68f549c3eb1e4957", "Title": "kernel: bpf: consider that tail calls invalidate packet pointers", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: consider that tail calls invalidate packet pointers\n\nTail-called programs could execute any of the helpers that invalidate\npacket pointers. Hence, conservatively assume that each tail call\ninvalidates packet pointers.\n\nMaking the change in bpf_helper_changes_pkt_data() automatically makes\nuse of check_cfg() logic that computes 'changes_pkt_data' effect for\nglobal sub-programs, such that the following program could be\nrejected:\n\n int tail_call(struct __sk_buff *sk)\n {\n \tbpf_tail_call_static(sk, \u0026jmp_table, 0);\n \treturn 0;\n }\n\n SEC(\"tc\")\n int not_safe(struct __sk_buff *sk)\n {\n \tint *p = (void *)(long)sk-\u003edata;\n \t... make p valid ...\n \ttail_call(sk);\n \t*p = 42; /* this is unsafe */\n \t...\n }\n\nThe tc_bpf2bpf.c:subprog_tc() needs change: mark it as a function that\ncan invalidate packet pointers. Otherwise, it can't be freplaced with\ntailcall_freplace.c:entry_freplace() that does a tail call.", "Severity": "LOW", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "V3Score": 6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-58237", "https://git.kernel.org/linus/1a4607ffba35bf2a630aab299e34dd3f6e658d70 (6.13-rc3)", "https://git.kernel.org/stable/c/1a4607ffba35bf2a630aab299e34dd3f6e658d70", "https://git.kernel.org/stable/c/1c2244437f9ad3dd91215f920401a14f2542dbfc", "https://git.kernel.org/stable/c/f1692ee23dcaaddc24ba407b269707ee5df1301f", "https://linux.oracle.com/cve/CVE-2024-58237.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025050540-CVE-2024-58237-e263@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2024-58237", "https://ubuntu.com/security/notices/USN-7513-1", "https://ubuntu.com/security/notices/USN-7513-2", "https://ubuntu.com/security/notices/USN-7513-3", "https://ubuntu.com/security/notices/USN-7513-4", "https://ubuntu.com/security/notices/USN-7513-5", "https://ubuntu.com/security/notices/USN-7514-1", "https://ubuntu.com/security/notices/USN-7515-1", "https://ubuntu.com/security/notices/USN-7515-2", "https://ubuntu.com/security/notices/USN-7522-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2024-58237" ], "PublishedDate": "2025-05-05T15:15:54.01Z", "LastModifiedDate": "2025-11-10T17:35:27.92Z" }, { "VulnerabilityID": "CVE-2025-21645", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21645", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4722251a3ac0d316af2f71fcf24069090c8fe3dd05a633cf69f3de7b200f216c", "Title": "kernel: platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually enabled it", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually enabled it\n\nWakeup for IRQ1 should be disabled only in cases where i8042 had\nactually enabled it, otherwise \"wake_depth\" for this IRQ will try to\ndrop below zero and there will be an unpleasant WARN() logged:\n\nkernel: atkbd serio0: Disabling IRQ1 wakeup source to avoid platform firmware bug\nkernel: ------------[ cut here ]------------\nkernel: Unbalanced IRQ 1 wake disable\nkernel: WARNING: CPU: 10 PID: 6431 at kernel/irq/manage.c:920 irq_set_irq_wake+0x147/0x1a0\n\nThe PMC driver uses DEFINE_SIMPLE_DEV_PM_OPS() to define its dev_pm_ops\nwhich sets amd_pmc_suspend_handler() to the .suspend, .freeze, and\n.poweroff handlers. i8042_pm_suspend(), however, is only set as\nthe .suspend handler.\n\nFix the issue by call PMC suspend handler only from the same set of\ndev_pm_ops handlers as i8042_pm_suspend(), which currently means just\nthe .suspend handler.\n\nTo reproduce this issue try hibernating (S4) the machine after a fresh boot\nwithout putting it into s2idle first.\n\n[ij: edited the commit message.]", "Severity": "LOW", "VendorSeverity": { "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-21645", "https://git.kernel.org/linus/dd410d784402c5775f66faf8b624e85e41c38aaf (6.13-rc7)", "https://git.kernel.org/stable/c/5cc621085e2b7a9b1905a98f8e5a86bb4aea2016", "https://git.kernel.org/stable/c/ab47d72b736e78d3c2370b26e0bfc46eb0918391", "https://git.kernel.org/stable/c/b25778c87a6bce40c31e92364f08aa6240309e25", "https://git.kernel.org/stable/c/dd410d784402c5775f66faf8b624e85e41c38aaf", "https://linux.oracle.com/cve/CVE-2025-21645.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html", "https://lore.kernel.org/linux-cve-announce/2025011945-CVE-2025-21645-e342@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21645", "https://ubuntu.com/security/notices/USN-7379-1", "https://ubuntu.com/security/notices/USN-7379-2", "https://ubuntu.com/security/notices/USN-7380-1", "https://ubuntu.com/security/notices/USN-7381-1", "https://ubuntu.com/security/notices/USN-7382-1", "https://ubuntu.com/security/notices/USN-7513-1", "https://ubuntu.com/security/notices/USN-7513-2", "https://ubuntu.com/security/notices/USN-7513-3", "https://ubuntu.com/security/notices/USN-7513-4", "https://ubuntu.com/security/notices/USN-7513-5", "https://ubuntu.com/security/notices/USN-7514-1", "https://ubuntu.com/security/notices/USN-7515-1", "https://ubuntu.com/security/notices/USN-7515-2", "https://ubuntu.com/security/notices/USN-7522-1", "https://ubuntu.com/security/notices/USN-7523-1", "https://ubuntu.com/security/notices/USN-7524-1", "https://www.cve.org/CVERecord?id=CVE-2025-21645" ], "PublishedDate": "2025-01-19T11:15:10.09Z", "LastModifiedDate": "2025-11-03T20:17:08.92Z" }, { "VulnerabilityID": "CVE-2025-21714", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-21714", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ce9626340ea7dad49661e29288fe90d88a43acb4088652377283f241b47ebc66", "Title": "kernel: RDMA/mlx5: Fix implicit ODP use after free", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix implicit ODP use after free\n\nPrevent double queueing of implicit ODP mr destroy work by using\n__xa_cmpxchg() to make sure this is the only time we are destroying this\nspecific mr.\n\nWithout this change, we could try to invalidate this mr twice, which in\nturn could result in queuing a MR work destroy twice, and eventually the\nsecond work could execute after the MR was freed due to the first work,\ncausing a user after free and trace below.\n\n refcount_t: underflow; use-after-free.\n WARNING: CPU: 2 PID: 12178 at lib/refcount.c:28 refcount_warn_saturate+0x12b/0x130\n Modules linked in: bonding ib_ipoib vfio_pci ip_gre geneve nf_tables ip6_gre gre ip6_tunnel tunnel6 ipip tunnel4 ib_umad rdma_ucm mlx5_vfio_pci vfio_pci_core vfio_iommu_type1 mlx5_ib vfio ib_uverbs mlx5_core iptable_raw openvswitch nsh rpcrdma ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_cm ib_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay zram zsmalloc fuse [last unloaded: ib_uverbs]\n CPU: 2 PID: 12178 Comm: kworker/u20:5 Not tainted 6.5.0-rc1_net_next_mlx5_58c644e #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Workqueue: events_unbound free_implicit_child_mr_work [mlx5_ib]\n RIP: 0010:refcount_warn_saturate+0x12b/0x130\n Code: 48 c7 c7 38 95 2a 82 c6 05 bc c6 fe 00 01 e8 0c 66 aa ff 0f 0b 5b c3 48 c7 c7 e0 94 2a 82 c6 05 a7 c6 fe 00 01 e8 f5 65 aa ff \u003c0f\u003e 0b 5b c3 90 8b 07 3d 00 00 00 c0 74 12 83 f8 01 74 13 8d 50 ff\n RSP: 0018:ffff8881008e3e40 EFLAGS: 00010286\n RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000027\n RDX: ffff88852c91b5c8 RSI: 0000000000000001 RDI: ffff88852c91b5c0\n RBP: ffff8881dacd4e00 R08: 00000000ffffffff R09: 0000000000000019\n R10: 000000000000072e R11: 0000000063666572 R12: ffff88812bfd9e00\n R13: ffff8881c792d200 R14: ffff88810011c005 R15: ffff8881002099c0\n FS: 0000000000000000(0000) GS:ffff88852c900000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f5694b5e000 CR3: 00000001153f6003 CR4: 0000000000370ea0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n ? refcount_warn_saturate+0x12b/0x130\n free_implicit_child_mr_work+0x180/0x1b0 [mlx5_ib]\n process_one_work+0x1cc/0x3c0\n worker_thread+0x218/0x3c0\n kthread+0xc6/0xf0\n ret_from_fork+0x1f/0x30\n \u003c/TASK\u003e", "Severity": "LOW", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "alma": 2, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:20518", "https://access.redhat.com/security/cve/CVE-2025-21714", "https://bugzilla.redhat.com/2298169", "https://bugzilla.redhat.com/2312077", "https://bugzilla.redhat.com/2313092", "https://bugzilla.redhat.com/2320172", "https://bugzilla.redhat.com/2320259", "https://bugzilla.redhat.com/2320455", "https://bugzilla.redhat.com/2320616", "https://bugzilla.redhat.com/2320722", "https://bugzilla.redhat.com/2324549", "https://bugzilla.redhat.com/2327203", "https://bugzilla.redhat.com/2327374", "https://bugzilla.redhat.com/2327887", "https://bugzilla.redhat.com/2329918", "https://bugzilla.redhat.com/2330341", "https://bugzilla.redhat.com/2331326", "https://bugzilla.redhat.com/2334357", "https://bugzilla.redhat.com/2334396", "https://bugzilla.redhat.com/2334415", "https://bugzilla.redhat.com/2334439", "https://bugzilla.redhat.com/2334537", "https://bugzilla.redhat.com/2334547", "https://bugzilla.redhat.com/2334548", "https://bugzilla.redhat.com/2334560", "https://bugzilla.redhat.com/2334676", "https://bugzilla.redhat.com/2334795", "https://bugzilla.redhat.com/2334829", "https://bugzilla.redhat.com/2336541", "https://bugzilla.redhat.com/2337121", "https://bugzilla.redhat.com/2337124", "https://bugzilla.redhat.com/2338814", "https://bugzilla.redhat.com/2338828", "https://bugzilla.redhat.com/2338832", "https://bugzilla.redhat.com/2343172", "https://bugzilla.redhat.com/2343175", "https://bugzilla.redhat.com/2344684", "https://bugzilla.redhat.com/2344687", "https://bugzilla.redhat.com/2345240", "https://bugzilla.redhat.com/2346272", "https://bugzilla.redhat.com/2347707", "https://bugzilla.redhat.com/2347753", "https://bugzilla.redhat.com/2347759", "https://bugzilla.redhat.com/2347781", "https://bugzilla.redhat.com/2347807", "https://bugzilla.redhat.com/2347859", "https://bugzilla.redhat.com/2347919", "https://bugzilla.redhat.com/2347968", "https://bugzilla.redhat.com/2348022", "https://bugzilla.redhat.com/2348071", "https://bugzilla.redhat.com/2348238", "https://bugzilla.redhat.com/2348240", "https://bugzilla.redhat.com/2348279", "https://bugzilla.redhat.com/2348515", "https://bugzilla.redhat.com/2348523", "https://bugzilla.redhat.com/2348528", "https://bugzilla.redhat.com/2348541", "https://bugzilla.redhat.com/2348543", "https://bugzilla.redhat.com/2348547", "https://bugzilla.redhat.com/2348550", "https://bugzilla.redhat.com/2348554", "https://bugzilla.redhat.com/2348556", "https://bugzilla.redhat.com/2348566", "https://bugzilla.redhat.com/2348573", "https://bugzilla.redhat.com/2348574", "https://bugzilla.redhat.com/2348577", "https://bugzilla.redhat.com/2348578", "https://bugzilla.redhat.com/2348581", "https://bugzilla.redhat.com/2348584", "https://bugzilla.redhat.com/2348585", "https://bugzilla.redhat.com/2348587", "https://bugzilla.redhat.com/2348595", "https://bugzilla.redhat.com/2348597", "https://bugzilla.redhat.com/2348600", "https://bugzilla.redhat.com/2348601", "https://bugzilla.redhat.com/2348615", "https://bugzilla.redhat.com/2348620", "https://bugzilla.redhat.com/2348625", "https://bugzilla.redhat.com/2348634", "https://bugzilla.redhat.com/2348645", "https://bugzilla.redhat.com/2348650", "https://bugzilla.redhat.com/2348654", "https://bugzilla.redhat.com/2348901", "https://bugzilla.redhat.com/2350363", "https://bugzilla.redhat.com/2350367", "https://bugzilla.redhat.com/2350374", "https://bugzilla.redhat.com/2350375", "https://bugzilla.redhat.com/2350386", "https://bugzilla.redhat.com/2350388", "https://bugzilla.redhat.com/2350392", "https://bugzilla.redhat.com/2350396", "https://bugzilla.redhat.com/2350397", "https://bugzilla.redhat.com/2350400", "https://bugzilla.redhat.com/2350585", "https://bugzilla.redhat.com/2350589", "https://bugzilla.redhat.com/2350725", "https://bugzilla.redhat.com/2350726", "https://bugzilla.redhat.com/2351606", "https://bugzilla.redhat.com/2351608", "https://bugzilla.redhat.com/2351612", "https://bugzilla.redhat.com/2351613", "https://bugzilla.redhat.com/2351616", "https://bugzilla.redhat.com/2351618", "https://bugzilla.redhat.com/2351620", "https://bugzilla.redhat.com/2351624", "https://bugzilla.redhat.com/2351625", "https://bugzilla.redhat.com/2351629", "https://bugzilla.redhat.com/2351633", "https://bugzilla.redhat.com/2360215", "https://bugzilla.redhat.com/2363380", "https://bugzilla.redhat.com/2369184", "https://bugzilla.redhat.com/2376076", "https://bugzilla.redhat.com/2383441", "https://bugzilla.redhat.com/show_bug.cgi?id=2298169", "https://bugzilla.redhat.com/show_bug.cgi?id=2312077", "https://bugzilla.redhat.com/show_bug.cgi?id=2313092", "https://bugzilla.redhat.com/show_bug.cgi?id=2320172", "https://bugzilla.redhat.com/show_bug.cgi?id=2320259", "https://bugzilla.redhat.com/show_bug.cgi?id=2320455", "https://bugzilla.redhat.com/show_bug.cgi?id=2320616", "https://bugzilla.redhat.com/show_bug.cgi?id=2320722", "https://bugzilla.redhat.com/show_bug.cgi?id=2324549", "https://bugzilla.redhat.com/show_bug.cgi?id=2327203", "https://bugzilla.redhat.com/show_bug.cgi?id=2327374", "https://bugzilla.redhat.com/show_bug.cgi?id=2327887", "https://bugzilla.redhat.com/show_bug.cgi?id=2329918", "https://bugzilla.redhat.com/show_bug.cgi?id=2330341", "https://bugzilla.redhat.com/show_bug.cgi?id=2331326", "https://bugzilla.redhat.com/show_bug.cgi?id=2334357", "https://bugzilla.redhat.com/show_bug.cgi?id=2334396", "https://bugzilla.redhat.com/show_bug.cgi?id=2334415", "https://bugzilla.redhat.com/show_bug.cgi?id=2334439", "https://bugzilla.redhat.com/show_bug.cgi?id=2334537", "https://bugzilla.redhat.com/show_bug.cgi?id=2334547", "https://bugzilla.redhat.com/show_bug.cgi?id=2334548", "https://bugzilla.redhat.com/show_bug.cgi?id=2334560", "https://bugzilla.redhat.com/show_bug.cgi?id=2334676", "https://bugzilla.redhat.com/show_bug.cgi?id=2334795", "https://bugzilla.redhat.com/show_bug.cgi?id=2334829", "https://bugzilla.redhat.com/show_bug.cgi?id=2336541", "https://bugzilla.redhat.com/show_bug.cgi?id=2337121", "https://bugzilla.redhat.com/show_bug.cgi?id=2337124", "https://bugzilla.redhat.com/show_bug.cgi?id=2338814", "https://bugzilla.redhat.com/show_bug.cgi?id=2338828", "https://bugzilla.redhat.com/show_bug.cgi?id=2338832", "https://bugzilla.redhat.com/show_bug.cgi?id=2343172", "https://bugzilla.redhat.com/show_bug.cgi?id=2343175", "https://bugzilla.redhat.com/show_bug.cgi?id=2344684", "https://bugzilla.redhat.com/show_bug.cgi?id=2344687", "https://bugzilla.redhat.com/show_bug.cgi?id=2345240", "https://bugzilla.redhat.com/show_bug.cgi?id=2346272", "https://bugzilla.redhat.com/show_bug.cgi?id=2347707", "https://bugzilla.redhat.com/show_bug.cgi?id=2347753", "https://bugzilla.redhat.com/show_bug.cgi?id=2347759", "https://bugzilla.redhat.com/show_bug.cgi?id=2347781", "https://bugzilla.redhat.com/show_bug.cgi?id=2347807", "https://bugzilla.redhat.com/show_bug.cgi?id=2347859", "https://bugzilla.redhat.com/show_bug.cgi?id=2347919", "https://bugzilla.redhat.com/show_bug.cgi?id=2347968", "https://bugzilla.redhat.com/show_bug.cgi?id=2348022", "https://bugzilla.redhat.com/show_bug.cgi?id=2348071", "https://bugzilla.redhat.com/show_bug.cgi?id=2348238", "https://bugzilla.redhat.com/show_bug.cgi?id=2348240", "https://bugzilla.redhat.com/show_bug.cgi?id=2348279", "https://bugzilla.redhat.com/show_bug.cgi?id=2348515", "https://bugzilla.redhat.com/show_bug.cgi?id=2348523", "https://bugzilla.redhat.com/show_bug.cgi?id=2348528", "https://bugzilla.redhat.com/show_bug.cgi?id=2348541", "https://bugzilla.redhat.com/show_bug.cgi?id=2348543", "https://bugzilla.redhat.com/show_bug.cgi?id=2348547", "https://bugzilla.redhat.com/show_bug.cgi?id=2348550", "https://bugzilla.redhat.com/show_bug.cgi?id=2348554", "https://bugzilla.redhat.com/show_bug.cgi?id=2348556", "https://bugzilla.redhat.com/show_bug.cgi?id=2348566", "https://bugzilla.redhat.com/show_bug.cgi?id=2348573", "https://bugzilla.redhat.com/show_bug.cgi?id=2348574", "https://bugzilla.redhat.com/show_bug.cgi?id=2348577", "https://bugzilla.redhat.com/show_bug.cgi?id=2348578", "https://bugzilla.redhat.com/show_bug.cgi?id=2348581", "https://bugzilla.redhat.com/show_bug.cgi?id=2348584", "https://bugzilla.redhat.com/show_bug.cgi?id=2348585", "https://bugzilla.redhat.com/show_bug.cgi?id=2348587", "https://bugzilla.redhat.com/show_bug.cgi?id=2348595", "https://bugzilla.redhat.com/show_bug.cgi?id=2348597", "https://bugzilla.redhat.com/show_bug.cgi?id=2348600", "https://bugzilla.redhat.com/show_bug.cgi?id=2348601", "https://bugzilla.redhat.com/show_bug.cgi?id=2348615", "https://bugzilla.redhat.com/show_bug.cgi?id=2348620", "https://bugzilla.redhat.com/show_bug.cgi?id=2348625", "https://bugzilla.redhat.com/show_bug.cgi?id=2348634", "https://bugzilla.redhat.com/show_bug.cgi?id=2348645", "https://bugzilla.redhat.com/show_bug.cgi?id=2348650", "https://bugzilla.redhat.com/show_bug.cgi?id=2348654", "https://bugzilla.redhat.com/show_bug.cgi?id=2348901", "https://bugzilla.redhat.com/show_bug.cgi?id=2350363", "https://bugzilla.redhat.com/show_bug.cgi?id=2350367", "https://bugzilla.redhat.com/show_bug.cgi?id=2350374", "https://bugzilla.redhat.com/show_bug.cgi?id=2350375", "https://bugzilla.redhat.com/show_bug.cgi?id=2350386", "https://bugzilla.redhat.com/show_bug.cgi?id=2350388", "https://bugzilla.redhat.com/show_bug.cgi?id=2350392", "https://bugzilla.redhat.com/show_bug.cgi?id=2350396", "https://bugzilla.redhat.com/show_bug.cgi?id=2350397", "https://bugzilla.redhat.com/show_bug.cgi?id=2350400", "https://bugzilla.redhat.com/show_bug.cgi?id=2350585", "https://bugzilla.redhat.com/show_bug.cgi?id=2350589", "https://bugzilla.redhat.com/show_bug.cgi?id=2350725", "https://bugzilla.redhat.com/show_bug.cgi?id=2350726", "https://bugzilla.redhat.com/show_bug.cgi?id=2351606", "https://bugzilla.redhat.com/show_bug.cgi?id=2351608", "https://bugzilla.redhat.com/show_bug.cgi?id=2351612", "https://bugzilla.redhat.com/show_bug.cgi?id=2351613", "https://bugzilla.redhat.com/show_bug.cgi?id=2351616", "https://bugzilla.redhat.com/show_bug.cgi?id=2351618", "https://bugzilla.redhat.com/show_bug.cgi?id=2351620", "https://bugzilla.redhat.com/show_bug.cgi?id=2351624", "https://bugzilla.redhat.com/show_bug.cgi?id=2351625", "https://bugzilla.redhat.com/show_bug.cgi?id=2351629", "https://bugzilla.redhat.com/show_bug.cgi?id=2351633", "https://bugzilla.redhat.com/show_bug.cgi?id=2356647", "https://bugzilla.redhat.com/show_bug.cgi?id=2360215", "https://bugzilla.redhat.com/show_bug.cgi?id=2360223", "https://bugzilla.redhat.com/show_bug.cgi?id=2363380", "https://bugzilla.redhat.com/show_bug.cgi?id=2369184", "https://bugzilla.redhat.com/show_bug.cgi?id=2376076", "https://bugzilla.redhat.com/show_bug.cgi?id=2383441", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48830", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49024", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49269", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49353", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49432", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49437", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49443", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49623", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49627", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49643", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49657", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49670", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49845", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36350", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36357", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46744", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47679", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47727", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49570", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50060", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50195", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50294", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52332", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53052", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53090", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53119", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53135", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53170", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53229", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53241", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53680", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54456", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56603", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56645", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56662", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56690", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56709", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57981", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57986", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57987", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57988", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57990", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57993", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57995", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57998", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58012", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58014", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58015", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58057", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58062", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58068", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58072", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58075", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58077", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58083", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58088", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21647", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21671", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21672", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21693", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21696", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21702", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21714", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21728", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21738", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21739", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21745", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21746", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21765", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21787", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21806", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21826", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21828", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21829", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21837", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21839", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21844", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21846", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21847", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21848", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21851", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21853", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21855", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21861", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21863", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21864", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21902", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22056", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37994", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38116", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38396", "https://errata.almalinux.org/9/ALSA-2025-20518.html", "https://errata.rockylinux.org/RLSA-2025:20518", "https://git.kernel.org/linus/d3d930411ce390e532470194296658a960887773 (6.14-rc1)", "https://git.kernel.org/stable/c/7cc8f681f6d4ae4478ae0f60485fc768f2b450da", "https://git.kernel.org/stable/c/d3d930411ce390e532470194296658a960887773", "https://git.kernel.org/stable/c/edfb65dbb9ffd3102f3ff4dd21316158e56f1976", "https://linux.oracle.com/cve/CVE-2025-21714.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025022645-CVE-2025-21714-8169@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-21714", "https://ubuntu.com/security/notices/USN-7651-1", "https://ubuntu.com/security/notices/USN-7651-2", "https://ubuntu.com/security/notices/USN-7651-3", "https://ubuntu.com/security/notices/USN-7651-4", "https://ubuntu.com/security/notices/USN-7651-5", "https://ubuntu.com/security/notices/USN-7651-6", "https://ubuntu.com/security/notices/USN-7652-1", "https://ubuntu.com/security/notices/USN-7653-1", "https://ubuntu.com/security/notices/USN-7737-1", "https://www.cve.org/CVERecord?id=CVE-2025-21714" ], "PublishedDate": "2025-02-27T02:15:15.05Z", "LastModifiedDate": "2025-03-24T17:50:26.843Z" }, { "VulnerabilityID": "CVE-2025-37800", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37800", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:11bff3812337f43d01e61cc02893914bb0f8fe26a8fc2153e88503267eb5c09d", "Title": "kernel: driver core: fix potential NULL pointer dereference in dev_uevent()", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: fix potential NULL pointer dereference in dev_uevent()\n\nIf userspace reads \"uevent\" device attribute at the same time as another\nthreads unbinds the device from its driver, change to dev-\u003edriver from a\nvalid pointer to NULL may result in crash. Fix this by using READ_ONCE()\nwhen fetching the pointer, and take bus' drivers klist lock to make sure\ndriver instance will not disappear while we access it.\n\nUse WRITE_ONCE() when setting the driver pointer to ensure there is no\ntearing.", "Severity": "LOW", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37800", "https://git.kernel.org/linus/18daa52418e7e4629ed1703b64777294209d2622 (6.15-rc4)", "https://git.kernel.org/stable/c/18daa52418e7e4629ed1703b64777294209d2622", "https://git.kernel.org/stable/c/2b344e779d9afd0fcb5ee4000e4d0fc7d8d867eb", "https://git.kernel.org/stable/c/3781e4b83e174364998855de777e184cf0b62c40", "https://git.kernel.org/stable/c/abe56be73eb10a677d16066f65ff9d30251f5eee", "https://linux.oracle.com/cve/CVE-2025-37800.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025050808-CVE-2025-37800-ea7c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37800", "https://ubuntu.com/security/notices/USN-7594-1", "https://ubuntu.com/security/notices/USN-7594-2", "https://ubuntu.com/security/notices/USN-7594-3", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-37800" ], "PublishedDate": "2025-05-08T07:15:50.42Z", "LastModifiedDate": "2025-06-05T14:32:50.747Z" }, { "VulnerabilityID": "CVE-2025-37957", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-37957", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f52e0fdf502850031fa79e50a1996c25e96cb4916fc2da5ef04dac9ebee1c269", "Title": "kernel: KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception\n\nPreviously, commit ed129ec9057f (\"KVM: x86: forcibly leave nested mode\non vCPU reset\") addressed an issue where a triple fault occurring in\nnested mode could lead to use-after-free scenarios. However, the commit\ndid not handle the analogous situation for System Management Mode (SMM).\n\nThis omission results in triggering a WARN when KVM forces a vCPU INIT\nafter SHUTDOWN interception while the vCPU is in SMM. This situation was\nreprodused using Syzkaller by:\n\n 1) Creating a KVM VM and vCPU\n 2) Sending a KVM_SMI ioctl to explicitly enter SMM\n 3) Executing invalid instructions causing consecutive exceptions and\n eventually a triple fault\n\nThe issue manifests as follows:\n\n WARNING: CPU: 0 PID: 25506 at arch/x86/kvm/x86.c:12112\n kvm_vcpu_reset+0x1d2/0x1530 arch/x86/kvm/x86.c:12112\n Modules linked in:\n CPU: 0 PID: 25506 Comm: syz-executor.0 Not tainted\n 6.1.130-syzkaller-00157-g164fe5dde9b6 #0\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),\n BIOS 1.12.0-1 04/01/2014\n RIP: 0010:kvm_vcpu_reset+0x1d2/0x1530 arch/x86/kvm/x86.c:12112\n Call Trace:\n \u003cTASK\u003e\n shutdown_interception+0x66/0xb0 arch/x86/kvm/svm/svm.c:2136\n svm_invoke_exit_handler+0x110/0x530 arch/x86/kvm/svm/svm.c:3395\n svm_handle_exit+0x424/0x920 arch/x86/kvm/svm/svm.c:3457\n vcpu_enter_guest arch/x86/kvm/x86.c:10959 [inline]\n vcpu_run+0x2c43/0x5a90 arch/x86/kvm/x86.c:11062\n kvm_arch_vcpu_ioctl_run+0x50f/0x1cf0 arch/x86/kvm/x86.c:11283\n kvm_vcpu_ioctl+0x570/0xf00 arch/x86/kvm/../../../virt/kvm/kvm_main.c:4122\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:870 [inline]\n __se_sys_ioctl fs/ioctl.c:856 [inline]\n __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:856\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x35/0x80 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\nArchitecturally, INIT is blocked when the CPU is in SMM, hence KVM's WARN()\nin kvm_vcpu_reset() to guard against KVM bugs, e.g. to detect improper\nemulation of INIT. SHUTDOWN on SVM is a weird edge case where KVM needs to\ndo _something_ sane with the VMCB, since it's technically undefined, and\nINIT is the least awful choice given KVM's ABI.\n\nSo, double down on stuffing INIT on SHUTDOWN, and force the vCPU out of\nSMM to avoid any weirdness (and the WARN).\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.\n\n[sean: massage changelog, make it clear this isn't architectural behavior]", "Severity": "LOW", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "azure": 2, "nvd": 3, "oracle-oval": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-37957", "https://git.kernel.org/linus/a2620f8932fa9fdabc3d78ed6efb004ca409019f (6.15-rc6)", "https://git.kernel.org/stable/c/a2620f8932fa9fdabc3d78ed6efb004ca409019f", "https://git.kernel.org/stable/c/d362b21fefcef7eda8f1cd78a5925735d2b3287c", "https://git.kernel.org/stable/c/e9b28bc65fd3a56755ba503258024608292b4ab1", "https://git.kernel.org/stable/c/ec24e62a1dd3540ee696314422040180040c1e4a", "https://linux.oracle.com/cve/CVE-2025-37957.html", "https://linux.oracle.com/errata/ELSA-2025-20530.html", "https://lore.kernel.org/linux-cve-announce/2025052003-CVE-2025-37957-e23c@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-37957", "https://ubuntu.com/security/notices/USN-7699-1", "https://ubuntu.com/security/notices/USN-7699-2", "https://ubuntu.com/security/notices/USN-7721-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://www.cve.org/CVERecord?id=CVE-2025-37957" ], "PublishedDate": "2025-05-20T16:15:33.917Z", "LastModifiedDate": "2025-11-14T17:03:02.49Z" }, { "VulnerabilityID": "CVE-2025-38584", "PkgID": "linux-libc-dev@5.15.0-163.173", "PkgName": "linux-libc-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04", "UID": "2d63c7f98bcda7cd", "BOMRef": "pkg:deb/ubuntu/linux-libc-dev@5.15.0-163.173?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "5.15.0-163.173", "FixedVersion": "5.15.0-170.180", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-38584", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6205fb21ac66a540760235817d51d5328fc30ad8074e4094ad6451e748101f89", "Title": "kernel: padata: Fix pd UAF once and for all", "Description": "In the Linux kernel, the following vulnerability has been resolved:\n\npadata: Fix pd UAF once and for all\n\nThere is a race condition/UAF in padata_reorder that goes back\nto the initial commit. A reference count is taken at the start\nof the process in padata_do_parallel, and released at the end in\npadata_serial_worker.\n\nThis reference count is (and only is) required for padata_replace\nto function correctly. If padata_replace is never called then\nthere is no issue.\n\nIn the function padata_reorder which serves as the core of padata,\nas soon as padata is added to queue-\u003eserial.list, and the associated\nspin lock released, that padata may be processed and the reference\ncount on pd would go away.\n\nFix this by getting the next padata before the squeue-\u003eserial lock\nis released.\n\nIn order to make this possible, simplify padata_reorder by only\ncalling it once the next padata arrives.", "Severity": "LOW", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-38584", "https://git.kernel.org/linus/71203f68c7749609d7fc8ae6ad054bdedeb24f91 (6.17-rc1)", "https://git.kernel.org/stable/c/71203f68c7749609d7fc8ae6ad054bdedeb24f91", "https://git.kernel.org/stable/c/cdf79bd2e1ecb3cc75631c73d8f4149be6019a52", "https://git.kernel.org/stable/c/dbe3e911a59bda6de96e7cae387ff882c2c177fa", "https://lore.kernel.org/linux-cve-announce/2025081914-CVE-2025-38584-2648@gregkh/T", "https://nvd.nist.gov/vuln/detail/CVE-2025-38584", "https://ubuntu.com/security/notices/USN-7879-1", "https://ubuntu.com/security/notices/USN-7879-2", "https://ubuntu.com/security/notices/USN-7879-3", "https://ubuntu.com/security/notices/USN-7879-4", "https://ubuntu.com/security/notices/USN-7880-1", "https://ubuntu.com/security/notices/USN-7934-1", "https://ubuntu.com/security/notices/USN-8028-1", "https://ubuntu.com/security/notices/USN-8028-2", "https://ubuntu.com/security/notices/USN-8028-3", "https://ubuntu.com/security/notices/USN-8028-4", "https://ubuntu.com/security/notices/USN-8028-5", "https://ubuntu.com/security/notices/USN-8028-6", "https://ubuntu.com/security/notices/USN-8028-7", "https://ubuntu.com/security/notices/USN-8028-8", "https://ubuntu.com/security/notices/USN-8031-1", "https://ubuntu.com/security/notices/USN-8031-2", "https://ubuntu.com/security/notices/USN-8031-3", "https://ubuntu.com/security/notices/USN-8033-1", "https://ubuntu.com/security/notices/USN-8033-2", "https://ubuntu.com/security/notices/USN-8033-3", "https://ubuntu.com/security/notices/USN-8033-4", "https://ubuntu.com/security/notices/USN-8033-5", "https://ubuntu.com/security/notices/USN-8033-6", "https://ubuntu.com/security/notices/USN-8033-7", "https://ubuntu.com/security/notices/USN-8033-8", "https://ubuntu.com/security/notices/USN-8034-1", "https://ubuntu.com/security/notices/USN-8034-2", "https://ubuntu.com/security/notices/USN-8052-1", "https://ubuntu.com/security/notices/USN-8052-2", "https://ubuntu.com/security/notices/USN-8074-1", "https://ubuntu.com/security/notices/USN-8074-2", "https://ubuntu.com/security/notices/USN-8126-1", "https://ubuntu.com/security/notices/USN-8141-1", "https://www.cve.org/CVERecord?id=CVE-2025-38584" ], "PublishedDate": "2025-08-19T17:15:35.723Z", "LastModifiedDate": "2025-11-26T17:57:27.84Z" }, { "VulnerabilityID": "CVE-2023-29383", "PkgID": "login@1:4.8.1-2ubuntu2.2", "PkgName": "login", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/login@4.8.1-2ubuntu2.2?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1", "UID": "affc8fb45548de91", "BOMRef": "pkg:deb/ubuntu/login@4.8.1-2ubuntu2.2?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1" }, "InstalledVersion": "1:4.8.1-2ubuntu2.2", "Status": "affected", "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29383", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:957edd6efa86f55dfaefb5e230499377388fefc672d36a7f6c74ed24393eb423", "Title": "shadow: Improper input validation in shadow-utils package utility chfn", "Description": "In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \\n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \\r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that \"cat /etc/passwd\" shows a rogue user account.", "Severity": "LOW", "CweIDs": [ "CWE-74", "CWE-125" ], "VendorSeverity": { "cbl-mariner": 1, "nvd": 1, "photon": 1, "redhat": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-29383", "https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d", "https://github.com/shadow-maint/shadow/pull/687", "https://lists.debian.org/debian-lts-announce/2025/04/msg00026.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-29383", "https://www.cve.org/CVERecord?id=CVE-2023-29383", "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd/", "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797" ], "PublishedDate": "2023-04-14T22:15:07.68Z", "LastModifiedDate": "2025-11-03T20:16:01.283Z" }, { "VulnerabilityID": "CVE-2024-56433", "PkgID": "login@1:4.8.1-2ubuntu2.2", "PkgName": "login", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/login@4.8.1-2ubuntu2.2?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1", "UID": "affc8fb45548de91", "BOMRef": "pkg:deb/ubuntu/login@4.8.1-2ubuntu2.2?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1" }, "InstalledVersion": "1:4.8.1-2ubuntu2.2", "Status": "affected", "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56433", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6663c0d4fad4a0dbc687a924d483f1e6c0f6c732833c6b5423acb648e29f485c", "Title": "shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise", "Description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "Severity": "LOW", "CweIDs": [ "CWE-1188" ], "VendorSeverity": { "alma": 1, "azure": 1, "oracle-oval": 1, "redhat": 1, "rocky": 1, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 3.6 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:20559", "https://access.redhat.com/security/cve/CVE-2024-56433", "https://bugzilla.redhat.com/2334165", "https://bugzilla.redhat.com/show_bug.cgi?id=2334165", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433", "https://errata.almalinux.org/9/ALSA-2025-20559.html", "https://errata.rockylinux.org/RLSA-2025:20559", "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", "https://github.com/shadow-maint/shadow/issues/1157", "https://github.com/shadow-maint/shadow/releases/tag/4.4", "https://linux.oracle.com/cve/CVE-2024-56433.html", "https://linux.oracle.com/errata/ELSA-2025-20559-0.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", "https://www.cve.org/CVERecord?id=CVE-2024-56433" ], "PublishedDate": "2024-12-26T09:15:07.267Z", "LastModifiedDate": "2024-12-26T09:15:07.267Z" }, { "VulnerabilityID": "CVE-2023-50495", "PkgID": "ncurses-base@6.3-2ubuntu0.1", "PkgName": "ncurses-base", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/ncurses-base@6.3-2ubuntu0.1?arch=all\u0026distro=ubuntu-22.04", "UID": "6d396ec1ddf9c44d", "BOMRef": "pkg:deb/ubuntu/ncurses-base@6.3-2ubuntu0.1?arch=all\u0026distro=ubuntu-22.04" }, "InstalledVersion": "6.3-2ubuntu0.1", "Status": "affected", "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-50495", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d9593f994fec16333e0f908e8b960933b9247faff59061ee685ad1259e87e47d", "Title": "ncurses: segmentation fault via _nc_wrap_entry()", "Description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "Severity": "LOW", "VendorSeverity": { "amazon": 2, "cbl-mariner": 2, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-50495", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "https://security.netapp.com/advisory/ntap-20240119-0008/", "https://ubuntu.com/security/notices/USN-6684-1", "https://www.cve.org/CVERecord?id=CVE-2023-50495" ], "PublishedDate": "2023-12-12T15:15:07.867Z", "LastModifiedDate": "2025-11-04T19:16:14.45Z" }, { "VulnerabilityID": "CVE-2023-50495", "PkgID": "ncurses-bin@6.3-2ubuntu0.1", "PkgName": "ncurses-bin", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/ncurses-bin@6.3-2ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04", "UID": "8720ec09686c7e55", "BOMRef": "pkg:deb/ubuntu/ncurses-bin@6.3-2ubuntu0.1?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "6.3-2ubuntu0.1", "Status": "affected", "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-50495", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:25ecd6afa406ebca2ff038cf8c296f934f5fb9ce1174393acaefb5bb32cfb017", "Title": "ncurses: segmentation fault via _nc_wrap_entry()", "Description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "Severity": "LOW", "VendorSeverity": { "amazon": 2, "cbl-mariner": 2, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-50495", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "https://security.netapp.com/advisory/ntap-20240119-0008/", "https://ubuntu.com/security/notices/USN-6684-1", "https://www.cve.org/CVERecord?id=CVE-2023-50495" ], "PublishedDate": "2023-12-12T15:15:07.867Z", "LastModifiedDate": "2025-11-04T19:16:14.45Z" }, { "VulnerabilityID": "CVE-2025-15467", "PkgID": "openssl@3.0.2-0ubuntu1.20", "PkgName": "openssl", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/openssl@3.0.2-0ubuntu1.20?arch=amd64\u0026distro=ubuntu-22.04", "UID": "67515f12d3671d54", "BOMRef": "pkg:deb/ubuntu/openssl@3.0.2-0ubuntu1.20?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.0.2-0ubuntu1.20", "FixedVersion": "3.0.2-0ubuntu1.21", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3838b74a535403c67ba022bb47b38913f35f36f115232afb1e61ea42ff394a65", "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 4, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/27/10", "http://www.openwall.com/lists/oss-security/2026/02/25/6", "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-15467", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/guiimoraes/CVE-2025-15467", "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://linux.oracle.com/cve/CVE-2025-15467.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://www.cve.org/CVERecord?id=CVE-2025-15467" ], "PublishedDate": "2026-01-27T16:16:14.257Z", "LastModifiedDate": "2026-03-19T19:16:19.23Z" }, { "VulnerabilityID": "CVE-2025-68160", "PkgID": "openssl@3.0.2-0ubuntu1.20", "PkgName": "openssl", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/openssl@3.0.2-0ubuntu1.20?arch=amd64\u0026distro=ubuntu-22.04", "UID": "67515f12d3671d54", "BOMRef": "pkg:deb/ubuntu/openssl@3.0.2-0ubuntu1.20?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.0.2-0ubuntu1.20", "FixedVersion": "3.0.2-0ubuntu1.21", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68160", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f3cca8f0f36b76066875764a2267c4f94ae8f9d5201a4eb63f95bcb01fa36bad", "Title": "openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter", "Description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "Severity": "LOW", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "rocky": 3, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-68160", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", "https://linux.oracle.com/cve/CVE-2025-68160.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-68160" ], "PublishedDate": "2026-01-27T16:16:15.9Z", "LastModifiedDate": "2026-02-02T18:36:57.727Z" }, { "VulnerabilityID": "CVE-2025-69418", "PkgID": "openssl@3.0.2-0ubuntu1.20", "PkgName": "openssl", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/openssl@3.0.2-0ubuntu1.20?arch=amd64\u0026distro=ubuntu-22.04", "UID": "67515f12d3671d54", "BOMRef": "pkg:deb/ubuntu/openssl@3.0.2-0ubuntu1.20?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.0.2-0ubuntu1.20", "FixedVersion": "3.0.2-0ubuntu1.21", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69418", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:24b50b3ee4800f4616232704f509f0dde27a55798f6f591afc8ac55d58df86ca", "Title": "openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls", "Description": "Issue summary: When using the low-level OCB API directly with AES-NI or\u003cbr\u003eother hardware-accelerated code paths, inputs whose length is not a multiple\u003cbr\u003eof 16 bytes can leave the final partial block unencrypted and unauthenticated.\u003cbr\u003e\u003cbr\u003eImpact summary: The trailing 1-15 bytes of a message may be exposed in\u003cbr\u003ecleartext on encryption and are not covered by the authentication tag,\u003cbr\u003eallowing an attacker to read or tamper with those bytes without detection.\u003cbr\u003e\u003cbr\u003eThe low-level OCB encrypt and decrypt routines in the hardware-accelerated\u003cbr\u003estream path process full 16-byte blocks but do not advance the input/output\u003cbr\u003epointers. The subsequent tail-handling code then operates on the original\u003cbr\u003ebase pointers, effectively reprocessing the beginning of the buffer while\u003cbr\u003eleaving the actual trailing bytes unprocessed. The authentication checksum\u003cbr\u003ealso excludes the true tail bytes.\u003cbr\u003e\u003cbr\u003eHowever, typical OpenSSL consumers using EVP are not affected because the\u003cbr\u003ehigher-level EVP and provider OCB implementations split inputs so that full\u003cbr\u003eblocks and trailing partial blocks are processed in separate calls, avoiding\u003cbr\u003ethe problematic code path. Additionally, TLS does not use OCB ciphersuites.\u003cbr\u003eThe vulnerability only affects applications that call the low-level\u003cbr\u003eCRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with\u003cbr\u003enon-block-aligned lengths in a single call on hardware-accelerated builds.\u003cbr\u003eFor these reasons the issue was assessed as Low severity.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected\u003cbr\u003eby this issue, as OCB mode is not a FIPS-approved algorithm.\u003cbr\u003e\u003cbr\u003eOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\u003cbr\u003e\u003cbr\u003eOpenSSL 1.0.2 is not affected by this issue.", "Severity": "LOW", "CweIDs": [ "CWE-325" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "rocky": 3, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-69418", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", "https://linux.oracle.com/cve/CVE-2025-69418.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69418" ], "PublishedDate": "2026-01-27T16:16:33.253Z", "LastModifiedDate": "2026-02-02T18:36:03.557Z" }, { "VulnerabilityID": "CVE-2025-69419", "PkgID": "openssl@3.0.2-0ubuntu1.20", "PkgName": "openssl", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/openssl@3.0.2-0ubuntu1.20?arch=amd64\u0026distro=ubuntu-22.04", "UID": "67515f12d3671d54", "BOMRef": "pkg:deb/ubuntu/openssl@3.0.2-0ubuntu1.20?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.0.2-0ubuntu1.20", "FixedVersion": "3.0.2-0ubuntu1.21", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c1f0238bccbafefa724c4a85c98fbc3e394b77cf088da5e2a5b4219fd146dcfc", "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "Severity": "LOW", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "cbl-mariner": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4472", "https://access.redhat.com/security/cve/CVE-2025-69419", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-4472.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", "https://linux.oracle.com/cve/CVE-2025-69419.html", "https://linux.oracle.com/errata/ELSA-2026-50131.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69419" ], "PublishedDate": "2026-01-27T16:16:34.113Z", "LastModifiedDate": "2026-02-02T18:35:02.177Z" }, { "VulnerabilityID": "CVE-2025-69420", "PkgID": "openssl@3.0.2-0ubuntu1.20", "PkgName": "openssl", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/openssl@3.0.2-0ubuntu1.20?arch=amd64\u0026distro=ubuntu-22.04", "UID": "67515f12d3671d54", "BOMRef": "pkg:deb/ubuntu/openssl@3.0.2-0ubuntu1.20?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.0.2-0ubuntu1.20", "FixedVersion": "3.0.2-0ubuntu1.21", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69420", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:86d4265e093a6a942470a1c755e238fe135bd31dd3ee1c4bc68913713561d31d", "Title": "openssl: OpenSSL: Denial of Service via malformed TimeStamp Response", "Description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "Severity": "LOW", "CweIDs": [ "CWE-754" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "rocky": 3, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-69420", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", "https://linux.oracle.com/cve/CVE-2025-69420.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69420" ], "PublishedDate": "2026-01-27T16:16:34.317Z", "LastModifiedDate": "2026-02-02T18:33:30.557Z" }, { "VulnerabilityID": "CVE-2025-69421", "PkgID": "openssl@3.0.2-0ubuntu1.20", "PkgName": "openssl", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/openssl@3.0.2-0ubuntu1.20?arch=amd64\u0026distro=ubuntu-22.04", "UID": "67515f12d3671d54", "BOMRef": "pkg:deb/ubuntu/openssl@3.0.2-0ubuntu1.20?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.0.2-0ubuntu1.20", "FixedVersion": "3.0.2-0ubuntu1.21", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:5923580e560dd05001b4dfb6081c07d762880789f01a5eba311a90c60a1cd96f", "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "Severity": "LOW", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "rocky": 3, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-69421", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://linux.oracle.com/cve/CVE-2025-69421.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69421" ], "PublishedDate": "2026-01-27T16:16:34.437Z", "LastModifiedDate": "2026-02-28T04:16:17.457Z" }, { "VulnerabilityID": "CVE-2026-22795", "PkgID": "openssl@3.0.2-0ubuntu1.20", "PkgName": "openssl", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/openssl@3.0.2-0ubuntu1.20?arch=amd64\u0026distro=ubuntu-22.04", "UID": "67515f12d3671d54", "BOMRef": "pkg:deb/ubuntu/openssl@3.0.2-0ubuntu1.20?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.0.2-0ubuntu1.20", "FixedVersion": "3.0.2-0ubuntu1.21", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22795", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f774c6409441b3979f45340966ee534db6a781cb9c723733ac02306912e3ce57", "Title": "openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing", "Description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "Severity": "LOW", "CweIDs": [ "CWE-754" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "rocky": 3, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2026-22795", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", "https://linux.oracle.com/cve/CVE-2026-22795.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2026-22795" ], "PublishedDate": "2026-01-27T16:16:35.43Z", "LastModifiedDate": "2026-02-02T18:41:14.917Z" }, { "VulnerabilityID": "CVE-2026-22796", "PkgID": "openssl@3.0.2-0ubuntu1.20", "PkgName": "openssl", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/openssl@3.0.2-0ubuntu1.20?arch=amd64\u0026distro=ubuntu-22.04", "UID": "67515f12d3671d54", "BOMRef": "pkg:deb/ubuntu/openssl@3.0.2-0ubuntu1.20?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.0.2-0ubuntu1.20", "FixedVersion": "3.0.2-0ubuntu1.21", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22796", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:564d575a07e825d62e491f2ae85a4f87f6edfde51fabb388748e578551e534ca", "Title": "openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification", "Description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "Severity": "LOW", "CweIDs": [ "CWE-754" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "oracle-oval": 3, "photon": 2, "redhat": 1, "rocky": 3, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2026-22796", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", "https://linux.oracle.com/cve/CVE-2026-22796.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2026-22796" ], "PublishedDate": "2026-01-27T16:16:35.543Z", "LastModifiedDate": "2026-02-02T18:40:27.467Z" }, { "VulnerabilityID": "CVE-2023-29383", "PkgID": "passwd@1:4.8.1-2ubuntu2.2", "PkgName": "passwd", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/passwd@4.8.1-2ubuntu2.2?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1", "UID": "63fa6f86238e7bc4", "BOMRef": "pkg:deb/ubuntu/passwd@4.8.1-2ubuntu2.2?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1" }, "InstalledVersion": "1:4.8.1-2ubuntu2.2", "Status": "affected", "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29383", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0b0e21715b40a9633bcc26cc8d929883e02464adf156f538d6c81db4143bc311", "Title": "shadow: Improper input validation in shadow-utils package utility chfn", "Description": "In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \\n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \\r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that \"cat /etc/passwd\" shows a rogue user account.", "Severity": "LOW", "CweIDs": [ "CWE-74", "CWE-125" ], "VendorSeverity": { "cbl-mariner": 1, "nvd": 1, "photon": 1, "redhat": 2, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-29383", "https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d", "https://github.com/shadow-maint/shadow/pull/687", "https://lists.debian.org/debian-lts-announce/2025/04/msg00026.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-29383", "https://www.cve.org/CVERecord?id=CVE-2023-29383", "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd/", "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797" ], "PublishedDate": "2023-04-14T22:15:07.68Z", "LastModifiedDate": "2025-11-03T20:16:01.283Z" }, { "VulnerabilityID": "CVE-2024-56433", "PkgID": "passwd@1:4.8.1-2ubuntu2.2", "PkgName": "passwd", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/passwd@4.8.1-2ubuntu2.2?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1", "UID": "63fa6f86238e7bc4", "BOMRef": "pkg:deb/ubuntu/passwd@4.8.1-2ubuntu2.2?arch=amd64\u0026distro=ubuntu-22.04\u0026epoch=1" }, "InstalledVersion": "1:4.8.1-2ubuntu2.2", "Status": "affected", "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-56433", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a29c7a6d6341e59b7927484920d73f9a734865da452d60599610c453a5d17887", "Title": "shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise", "Description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "Severity": "LOW", "CweIDs": [ "CWE-1188" ], "VendorSeverity": { "alma": 1, "azure": 1, "oracle-oval": 1, "redhat": 1, "rocky": 1, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 3.6 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:20559", "https://access.redhat.com/security/cve/CVE-2024-56433", "https://bugzilla.redhat.com/2334165", "https://bugzilla.redhat.com/show_bug.cgi?id=2334165", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56433", "https://errata.almalinux.org/9/ALSA-2025-20559.html", "https://errata.rockylinux.org/RLSA-2025:20559", "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241", "https://github.com/shadow-maint/shadow/issues/1157", "https://github.com/shadow-maint/shadow/releases/tag/4.4", "https://linux.oracle.com/cve/CVE-2024-56433.html", "https://linux.oracle.com/errata/ELSA-2025-20559-0.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-56433", "https://www.cve.org/CVERecord?id=CVE-2024-56433" ], "PublishedDate": "2024-12-26T09:15:07.267Z", "LastModifiedDate": "2024-12-26T09:15:07.267Z" }, { "VulnerabilityID": "CVE-2018-6952", "PkgID": "patch@2.7.6-7build2", "PkgName": "patch", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/patch@2.7.6-7build2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "bfb90b2da486d9ea", "BOMRef": "pkg:deb/ubuntu/patch@2.7.6-7build2?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.7.6-7build2", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6952", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:405acbcc698816cdb048c611e4f469515eb1cd94be5815adf0453583a9aa004b", "Title": "patch: Double free of memory in pch.c:another_hunk() causes a crash", "Description": "A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.", "Severity": "LOW", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "amazon": 3, "azure": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 1, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "http://www.securityfocus.com/bid/103047", "https://access.redhat.com/errata/RHSA-2019:2033", "https://access.redhat.com/security/cve/CVE-2018-6952", "https://linux.oracle.com/cve/CVE-2018-6952.html", "https://linux.oracle.com/errata/ELSA-2019-2033.html", "https://nvd.nist.gov/vuln/detail/CVE-2018-6952", "https://savannah.gnu.org/bugs/index.php?53133", "https://security.gentoo.org/glsa/201904-17", "https://www.cve.org/CVERecord?id=CVE-2018-6952" ], "PublishedDate": "2018-02-13T19:29:00.573Z", "LastModifiedDate": "2024-11-21T04:11:28.42Z" }, { "VulnerabilityID": "CVE-2021-45261", "PkgID": "patch@2.7.6-7build2", "PkgName": "patch", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/patch@2.7.6-7build2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "bfb90b2da486d9ea", "BOMRef": "pkg:deb/ubuntu/patch@2.7.6-7build2?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "2.7.6-7build2", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-45261", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:833dfef84c95dd250eea4bd643f9576baa5b156acca8bf04cb1800904d0540a9", "Title": "patch: Invalid Pointer via another_hunk function", "Description": "An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.", "Severity": "LOW", "CweIDs": [ "CWE-763" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V2Score": 4.3, "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-45261", "https://nvd.nist.gov/vuln/detail/CVE-2021-45261", "https://savannah.gnu.org/bugs/?61685", "https://www.cve.org/CVERecord?id=CVE-2021-45261" ], "PublishedDate": "2021-12-22T18:15:08.1Z", "LastModifiedDate": "2024-11-21T06:32:02.633Z" }, { "VulnerabilityID": "CVE-2024-35195", "PkgID": "python3-pip@22.0.2+dfsg-1ubuntu0.7", "PkgName": "python3-pip", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/python3-pip@22.0.2%2Bdfsg-1ubuntu0.7?arch=all\u0026distro=ubuntu-22.04", "UID": "bf18903d38ed7866", "BOMRef": "pkg:deb/ubuntu/python3-pip@22.0.2%2Bdfsg-1ubuntu0.7?arch=all\u0026distro=ubuntu-22.04" }, "InstalledVersion": "22.0.2+dfsg-1ubuntu0.7", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-35195", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:4aa0f1cec146916002c2b96197411746eae6413fa237be62e460dffce7031f67", "Title": "requests: subsequent requests to the same host ignore cert verification", "Description": "Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0.", "Severity": "MEDIUM", "CweIDs": [ "CWE-670" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", "V3Score": 5.6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", "V3Score": 5.6 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:7049", "https://access.redhat.com/security/cve/CVE-2024-35195", "https://bugzilla.redhat.com/2282114", "https://bugzilla.redhat.com/show_bug.cgi?id=2282114", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35195", "https://errata.almalinux.org/9/ALSA-2025-7049.html", "https://errata.rockylinux.org/RLSA-2025:7049", "https://github.com/psf/requests", "https://github.com/psf/requests/commit/a58d7f2ffb4d00b46dca2d70a3932a0b37e22fac", "https://github.com/psf/requests/pull/6655", "https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56", "https://linux.oracle.com/cve/CVE-2024-35195.html", "https://linux.oracle.com/errata/ELSA-2025-7049.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYLSNK5TL46Q6XPRVMHVWS63MVJQOK4Q", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYLSNK5TL46Q6XPRVMHVWS63MVJQOK4Q/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7WP6EYDSUOCOJYHDK5NX43PYZ4SNHGZ", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7WP6EYDSUOCOJYHDK5NX43PYZ4SNHGZ/", "https://nvd.nist.gov/vuln/detail/CVE-2024-35195", "https://www.cve.org/CVERecord?id=CVE-2024-35195" ], "PublishedDate": "2024-05-20T21:15:09.99Z", "LastModifiedDate": "2024-11-21T09:19:54.51Z" }, { "VulnerabilityID": "CVE-2025-66418", "PkgID": "python3-pip@22.0.2+dfsg-1ubuntu0.7", "PkgName": "python3-pip", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/python3-pip@22.0.2%2Bdfsg-1ubuntu0.7?arch=all\u0026distro=ubuntu-22.04", "UID": "bf18903d38ed7866", "BOMRef": "pkg:deb/ubuntu/python3-pip@22.0.2%2Bdfsg-1ubuntu0.7?arch=all\u0026distro=ubuntu-22.04" }, "InstalledVersion": "22.0.2+dfsg-1ubuntu0.7", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-66418", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:af7bbf2503ceff1eff0ecc9d44ac465c80b5ea853406fb08779bf6563737f865", "Title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion", "Description": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H", "V40Score": 8.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1239", "https://access.redhat.com/security/cve/CVE-2025-66418", "https://bugzilla.redhat.com/2419455", "https://bugzilla.redhat.com/2419467", "https://bugzilla.redhat.com/2427726", "https://bugzilla.redhat.com/show_bug.cgi?id=2419455", "https://bugzilla.redhat.com/show_bug.cgi?id=2419467", "https://bugzilla.redhat.com/show_bug.cgi?id=2427726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66471", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21441", "https://errata.almalinux.org/9/ALSA-2026-1239.html", "https://errata.rockylinux.org/RLSA-2026:1087", "https://github.com/urllib3/urllib3", "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8", "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53", "https://linux.oracle.com/cve/CVE-2025-66418.html", "https://linux.oracle.com/errata/ELSA-2026-1254.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-66418", "https://ubuntu.com/security/notices/USN-7927-1", "https://ubuntu.com/security/notices/USN-8010-1", "https://www.cve.org/CVERecord?id=CVE-2025-66418", "https://www.openwall.com/lists/oss-security/2025/12/05/4" ], "PublishedDate": "2025-12-05T16:15:51.053Z", "LastModifiedDate": "2025-12-10T16:08:32.193Z" }, { "VulnerabilityID": "CVE-2026-21441", "PkgID": "python3-pip@22.0.2+dfsg-1ubuntu0.7", "PkgName": "python3-pip", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/python3-pip@22.0.2%2Bdfsg-1ubuntu0.7?arch=all\u0026distro=ubuntu-22.04", "UID": "bf18903d38ed7866", "BOMRef": "pkg:deb/ubuntu/python3-pip@22.0.2%2Bdfsg-1ubuntu0.7?arch=all\u0026distro=ubuntu-22.04" }, "InstalledVersion": "22.0.2+dfsg-1ubuntu0.7", "Status": "affected", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-21441", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3644671b14e54ccd5427f51d0aadf8b0ee8c36fd997fef58fb24132626af0af5", "Title": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)", "Description": "urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.", "Severity": "MEDIUM", "CweIDs": [ "CWE-409" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H", "V3Score": 7.5, "V40Score": 8.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1239", "https://access.redhat.com/security/cve/CVE-2026-21441", "https://bugzilla.redhat.com/2419455", "https://bugzilla.redhat.com/2419467", "https://bugzilla.redhat.com/2427726", "https://bugzilla.redhat.com/show_bug.cgi?id=2419455", "https://bugzilla.redhat.com/show_bug.cgi?id=2419467", "https://bugzilla.redhat.com/show_bug.cgi?id=2427726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66471", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21441", "https://errata.almalinux.org/9/ALSA-2026-1239.html", "https://errata.rockylinux.org/RLSA-2026:1087", "https://github.com/urllib3/urllib3", "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b", "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99", "https://linux.oracle.com/cve/CVE-2026-21441.html", "https://linux.oracle.com/errata/ELSA-2026-1254.html", "https://lists.debian.org/debian-lts-announce/2026/01/msg00017.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-21441", "https://ubuntu.com/security/notices/USN-7955-1", "https://ubuntu.com/security/notices/USN-7955-2", "https://ubuntu.com/security/notices/USN-8010-1", "https://www.cve.org/CVERecord?id=CVE-2026-21441" ], "PublishedDate": "2026-01-07T22:15:44.04Z", "LastModifiedDate": "2026-01-23T09:15:47.823Z" }, { "VulnerabilityID": "CVE-2025-11468", "PkgID": "python3.10@3.10.12-1~22.04.12", "PkgName": "python3.10", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/python3.10@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "a4385a63969fd344", "BOMRef": "pkg:deb/ubuntu/python3.10@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.14", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11468", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:cd25bb747852f5139ad139680e6534fba6e5be5802ec3ecb3e5d9b7ca3ae3d6c", "Title": "cpython: Missing character filtering in Python", "Description": "When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized.", "Severity": "MEDIUM", "CweIDs": [ "CWE-93" ], "VendorSeverity": { "amazon": 2, "azure": 2, "bitnami": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 5.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "V3Score": 4.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11468", "https://github.com/python/cpython/commit/003b8315669b9f08b1010a49071f73f15f818094", "https://github.com/python/cpython/commit/17d1490aa97bd6b98a42b1a9b324ead84e7fd8a2", "https://github.com/python/cpython/commit/61614a5e5056e4f61ced65008d4576f3df34acb6", "https://github.com/python/cpython/commit/a76e4cd62dd68e7cbe86e37e6ed988495a646b66", "https://github.com/python/cpython/commit/e9970f077240c7c670e8a6fc6662f2b30d3b6ad0", "https://github.com/python/cpython/commit/f738386838021c762efea6c9802c82de65e87796", "https://github.com/python/cpython/issues/143935", "https://github.com/python/cpython/pull/143936", "https://mail.python.org/archives/list/security-announce@python.org/thread/FELSEOLBI2QR6YLG6Q7VYF7FWSGQTKLI/", "https://nvd.nist.gov/vuln/detail/CVE-2025-11468", "https://ubuntu.com/security/notices/USN-8018-1", "https://www.cve.org/CVERecord?id=CVE-2025-11468" ], "PublishedDate": "2026-01-20T22:15:50.69Z", "LastModifiedDate": "2026-03-03T15:16:13.803Z" }, { "VulnerabilityID": "CVE-2025-12084", "PkgID": "python3.10@3.10.12-1~22.04.12", "PkgName": "python3.10", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/python3.10@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "a4385a63969fd344", "BOMRef": "pkg:deb/ubuntu/python3.10@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.14", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-12084", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f89b614e98ce8ccb9ca48998d2a2f051b8cdfe8a6fb297aed13a145fe52e7fc6", "Title": "cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service", "Description": "When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.", "Severity": "MEDIUM", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "V40Score": 6.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1478", "https://access.redhat.com/security/cve/CVE-2025-12084", "https://bugzilla.redhat.com/2418655", "https://bugzilla.redhat.com/show_bug.cgi?id=2418655", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12084", "https://errata.almalinux.org/9/ALSA-2026-1478.html", "https://errata.rockylinux.org/RLSA-2026:1478", "https://github.com/python/cpython/commit/027f21e417b26eed4505ac2db101a4352b7c51a0", "https://github.com/python/cpython/commit/08d8e18ad81cd45bc4a27d6da478b51ea49486e4", "https://github.com/python/cpython/commit/27648a1818749ef44c420afe6173af6868715437", "https://github.com/python/cpython/commit/41f468786762348960486c166833a218a0a436af", "https://github.com/python/cpython/commit/57937a8e5e293f0dcba5115f7b7a11b1e0c9a273", "https://github.com/python/cpython/commit/8d2d7bb2e754f8649a68ce4116271a4932f76907", "https://github.com/python/cpython/commit/9c9dda6625a2a90d2a06c657eee021d6be19842d", "https://github.com/python/cpython/commit/a46c10ec9d4050ab67b8a932e0859a2ea60c3cb8", "https://github.com/python/cpython/commit/a696ba8b4d42fd632afc9bc88ad830a2e4cceed8", "https://github.com/python/cpython/commit/c97e87593063d84a2bd9fe7068b30eb44de23dc0", "https://github.com/python/cpython/commit/ddcd2acd85d891a53e281c773b3093f9db953964", "https://github.com/python/cpython/commit/e91c11449cad34bac3ea55ee09ca557691d92b53", "https://github.com/python/cpython/issues/142145", "https://github.com/python/cpython/pull/142146", "https://linux.oracle.com/cve/CVE-2025-12084.html", "https://linux.oracle.com/errata/ELSA-2026-2713.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-12084", "https://ubuntu.com/security/notices/USN-8018-1", "https://ubuntu.com/security/notices/USN-8018-3", "https://www.cve.org/CVERecord?id=CVE-2025-12084" ], "PublishedDate": "2025-12-03T19:15:55.05Z", "LastModifiedDate": "2026-01-26T15:16:05.95Z" }, { "VulnerabilityID": "CVE-2025-13836", "PkgID": "python3.10@3.10.12-1~22.04.12", "PkgName": "python3.10", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/python3.10@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "a4385a63969fd344", "BOMRef": "pkg:deb/ubuntu/python3.10@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.13", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-13836", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b30908caf4dc491d461f03e60a6627917cad0275b305fdafa1e4310b92a7d54c", "Title": "cpython: Excessive read buffering DoS in http.client", "Description": "When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "bitnami": 2, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L", "V40Score": 6.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "V3Score": 6.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1410", "https://access.redhat.com/security/cve/CVE-2025-13836", "https://bugzilla.redhat.com/2418078", "https://bugzilla.redhat.com/2418655", "https://bugzilla.redhat.com/show_bug.cgi?id=2418078", "https://bugzilla.redhat.com/show_bug.cgi?id=2418655", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12084", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13836", "https://errata.almalinux.org/9/ALSA-2026-1410.html", "https://errata.rockylinux.org/RLSA-2026:1410", "https://github.com/python/cpython/commit/14b1fdb0a94b96f86fc7b86671ea9582b8676628", "https://github.com/python/cpython/commit/289f29b0fe38baf2d7cb5854f4bb573cc34a6a15", "https://github.com/python/cpython/commit/4ce27904b597c77d74dd93f2c912676021a99155", "https://github.com/python/cpython/commit/4ce27904b597c77d74dd93f2c912676021a99155 (3.14 branch)", "https://github.com/python/cpython/commit/5a4c4a033a4a54481be6870aa1896fad732555b5", "https://github.com/python/cpython/commit/5a4c4a033a4a54481be6870aa1896fad732555b5 (main)", "https://github.com/python/cpython/commit/5dc101675fd22918facbbe0fecdc821502beaaf0", "https://github.com/python/cpython/commit/afc40bdd3dd71f343fd9016f6d8eebbacbd6587c", "https://github.com/python/cpython/issues/119451", "https://github.com/python/cpython/pull/119454", "https://linux.oracle.com/cve/CVE-2025-13836.html", "https://linux.oracle.com/errata/ELSA-2026-2419.html", "https://mail.python.org/archives/list/security-announce@python.org/thread/OQ6G7MKRQIS3OAREC3HNG3D2DPOU34XO/", "https://nvd.nist.gov/vuln/detail/CVE-2025-13836", "https://ubuntu.com/security/notices/USN-7951-1", "https://www.cve.org/CVERecord?id=CVE-2025-13836" ], "PublishedDate": "2025-12-01T18:16:04.2Z", "LastModifiedDate": "2026-02-10T19:58:12.13Z" }, { "VulnerabilityID": "CVE-2025-13837", "PkgID": "python3.10@3.10.12-1~22.04.12", "PkgName": "python3.10", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/python3.10@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "a4385a63969fd344", "BOMRef": "pkg:deb/ubuntu/python3.10@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.14", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-13837", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f2587db8c3a80082258a51a87cb763088eb974a6e0318581b441e46799b18258", "Title": "cpython: Out-of-memory when loading Plist", "Description": "When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "amazon": 2, "azure": 1, "bitnami": 1, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N", "V40Score": 2.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-13837", "https://github.com/python/cpython/commit/568342cfc8f002d9a15f30238f26b9d2e0e79036", "https://github.com/python/cpython/commit/5a8b19677d818fb41ee55f310233772e15aa1a2b", "https://github.com/python/cpython/commit/694922cf40aa3a28f898b5f5ee08b71b4922df70", "https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba", "https://github.com/python/cpython/commit/b64441e4852383645af5b435411a6f849dd1b4cb", "https://github.com/python/cpython/commit/cefee7d118a26ef6cd43db59bb9d98ca9a331111", "https://github.com/python/cpython/issues/119342", "https://github.com/python/cpython/pull/119343", "https://mail.python.org/archives/list/security-announce@python.org/thread/2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C/", "https://nvd.nist.gov/vuln/detail/CVE-2025-13837", "https://ubuntu.com/security/notices/USN-8018-1", "https://www.cve.org/CVERecord?id=CVE-2025-13837" ], "PublishedDate": "2025-12-01T18:16:04.38Z", "LastModifiedDate": "2026-03-03T15:16:14.483Z" }, { "VulnerabilityID": "CVE-2025-15282", "PkgID": "python3.10@3.10.12-1~22.04.12", "PkgName": "python3.10", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/python3.10@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "a4385a63969fd344", "BOMRef": "pkg:deb/ubuntu/python3.10@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.14", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15282", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:0adb35df2aae8453b29458a28f26b0f2391ef55c87e81fafe7b71bb238cd314c", "Title": "cpython: Header injection via newlines in data URL mediatype in Python", "Description": "User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.", "Severity": "MEDIUM", "CweIDs": [ "CWE-93" ], "VendorSeverity": { "amazon": 2, "bitnami": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N", "V40Score": 6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "V3Score": 4.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-15282", "https://github.com/python/cpython/commit/05356b1cc153108aaf27f3b72ce438af4aa218c0", "https://github.com/python/cpython/commit/34d76b00dabde81a793bd06dd8ecb057838c4b38", "https://github.com/python/cpython/commit/3f396ca9d7bbe2a50ea6b8c9b27c0082884d9f80", "https://github.com/python/cpython/commit/4ed11d3cd288e6b90196a15c5a825a45d318fe47", "https://github.com/python/cpython/commit/a35ca3be5842505dab74dc0b90b89cde0405017a", "https://github.com/python/cpython/commit/f25509e78e8be6ea73c811ac2b8c928c28841b9f", "https://github.com/python/cpython/issues/143925", "https://github.com/python/cpython/pull/143926", "https://mail.python.org/archives/list/security-announce@python.org/thread/X66HL7SISGJT33J53OHXMZT4DFLMHVKF/", "https://nvd.nist.gov/vuln/detail/CVE-2025-15282", "https://ubuntu.com/security/notices/USN-8018-1", "https://ubuntu.com/security/notices/USN-8018-3", "https://www.cve.org/CVERecord?id=CVE-2025-15282" ], "PublishedDate": "2026-01-20T22:15:50.883Z", "LastModifiedDate": "2026-01-26T15:16:06.62Z" }, { "VulnerabilityID": "CVE-2026-0672", "PkgID": "python3.10@3.10.12-1~22.04.12", "PkgName": "python3.10", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/python3.10@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "a4385a63969fd344", "BOMRef": "pkg:deb/ubuntu/python3.10@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.14", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-0672", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:90e01e8f7df86a2c232636d5b5896f5f7d1c2286a7a653696d16220bceca03bb", "Title": "cpython: Header injection in http.cookies.Morsel in Python", "Description": "When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.", "Severity": "MEDIUM", "CweIDs": [ "CWE-93" ], "VendorSeverity": { "amazon": 2, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "V3Score": 4.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-0672", "https://github.com/python/cpython/commit/62700107418eb2cca3fc88da036a243ea975f172", "https://github.com/python/cpython/commit/712452e6f1d4b9f7f8c4c92ebfcaac1705faa440", "https://github.com/python/cpython/commit/7852d72b653fea0199acf5fc2a84f6f8b84eba8d", "https://github.com/python/cpython/commit/918387e4912d12ffc166c8f2a38df92b6ec756ca", "https://github.com/python/cpython/commit/95746b3a13a985787ef53b977129041971ed7f70", "https://github.com/python/cpython/commit/b1869ff648bbee0717221d09e6deff46617f3e85", "https://github.com/python/cpython/issues/143919", "https://github.com/python/cpython/pull/143920", "https://mail.python.org/archives/list/security-announce@python.org/thread/6VFLQQEIX673KXKFUZXCUNE5AZOGZ45M/", "https://nvd.nist.gov/vuln/detail/CVE-2026-0672", "https://ubuntu.com/security/notices/USN-8018-1", "https://ubuntu.com/security/notices/USN-8018-3", "https://www.cve.org/CVERecord?id=CVE-2026-0672" ], "PublishedDate": "2026-01-20T22:15:52.68Z", "LastModifiedDate": "2026-01-26T15:16:07.033Z" }, { "VulnerabilityID": "CVE-2026-0865", "PkgID": "python3.10@3.10.12-1~22.04.12", "PkgName": "python3.10", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/python3.10@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "a4385a63969fd344", "BOMRef": "pkg:deb/ubuntu/python3.10@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.14", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-0865", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9d1487c64cfa31ee10a555e1089451ff65986d8a86d22e43288cb9b8a897ac54", "Title": "cpython: wsgiref.headers.Headers allows header newline injection in Python", "Description": "User-controlled header names and values containing newlines can allow injecting HTTP headers.", "Severity": "MEDIUM", "CweIDs": [ "CWE-74" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "V3Score": 4.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4168", "https://access.redhat.com/security/cve/CVE-2026-0865", "https://bugzilla.redhat.com/2431368", "https://bugzilla.redhat.com/2431373", "https://bugzilla.redhat.com/2432437", "https://bugzilla.redhat.com/show_bug.cgi?id=2431367", "https://bugzilla.redhat.com/show_bug.cgi?id=2431368", "https://bugzilla.redhat.com/show_bug.cgi?id=2431373", "https://bugzilla.redhat.com/show_bug.cgi?id=2432437", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15366", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15367", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0865", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1299", "https://errata.almalinux.org/9/ALSA-2026-4168.html", "https://errata.rockylinux.org/RLSA-2026:4168", "https://github.com/python/cpython/commit/22e4d55285cee52bc4dbe061324e5f30bd4dee58", "https://github.com/python/cpython/commit/23e3c0ae867cca0130e441e776c9955b9027c510", "https://github.com/python/cpython/commit/286e3ac39984fe85a17f4ab39c64d382137aae5f", "https://github.com/python/cpython/commit/2f840249550e082dc351743f474ba56da10478d2", "https://github.com/python/cpython/commit/4802b96a2cde58570c24c13ef3289490980961c5", "https://github.com/python/cpython/commit/66da7bf6fe7b81e3ecc9c0a25bd47d4616c8d1a6", "https://github.com/python/cpython/commit/83ecd18779f286d872f68bfce175651e407d9fff", "https://github.com/python/cpython/commit/8bb044d29310bb05d15086cdaa8bf64867d61a97", "https://github.com/python/cpython/commit/bfba660085767f8c2d582134e9d511a85eda04cf", "https://github.com/python/cpython/commit/c592227ffb48679af9845a45dbb0875d975bb219", "https://github.com/python/cpython/commit/e4846a93ac07a8ae9aa18203af0dd13d6e7a6995", "https://github.com/python/cpython/commit/f7fceed79ca1bceae8dbe5ba5bc8928564da7211", "https://github.com/python/cpython/issues/143916", "https://github.com/python/cpython/pull/143917", "https://linux.oracle.com/cve/CVE-2026-0865.html", "https://linux.oracle.com/errata/ELSA-2026-4713.html", "https://mail.python.org/archives/list/security-announce@python.org/thread/BJ6QPHNSHJTS3A7CFV6IBMCAP2DWRVNT/", "https://nvd.nist.gov/vuln/detail/CVE-2026-0865", "https://ubuntu.com/security/notices/USN-8018-1", "https://ubuntu.com/security/notices/USN-8018-3", "https://www.cve.org/CVERecord?id=CVE-2026-0865" ], "PublishedDate": "2026-01-20T22:15:52.8Z", "LastModifiedDate": "2026-03-03T15:16:17.59Z" }, { "VulnerabilityID": "CVE-2025-11468", "PkgID": "python3.10-dev@3.10.12-1~22.04.12", "PkgName": "python3.10-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/python3.10-dev@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "9f2e6dca0dac353", "BOMRef": "pkg:deb/ubuntu/python3.10-dev@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.14", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11468", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:65304a6db104972f7e95fa26101b17887bf212e491d28afe2f6a68f07303d7e1", "Title": "cpython: Missing character filtering in Python", "Description": "When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized.", "Severity": "MEDIUM", "CweIDs": [ "CWE-93" ], "VendorSeverity": { "amazon": 2, "azure": 2, "bitnami": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 5.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "V3Score": 4.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11468", "https://github.com/python/cpython/commit/003b8315669b9f08b1010a49071f73f15f818094", "https://github.com/python/cpython/commit/17d1490aa97bd6b98a42b1a9b324ead84e7fd8a2", "https://github.com/python/cpython/commit/61614a5e5056e4f61ced65008d4576f3df34acb6", "https://github.com/python/cpython/commit/a76e4cd62dd68e7cbe86e37e6ed988495a646b66", "https://github.com/python/cpython/commit/e9970f077240c7c670e8a6fc6662f2b30d3b6ad0", "https://github.com/python/cpython/commit/f738386838021c762efea6c9802c82de65e87796", "https://github.com/python/cpython/issues/143935", "https://github.com/python/cpython/pull/143936", "https://mail.python.org/archives/list/security-announce@python.org/thread/FELSEOLBI2QR6YLG6Q7VYF7FWSGQTKLI/", "https://nvd.nist.gov/vuln/detail/CVE-2025-11468", "https://ubuntu.com/security/notices/USN-8018-1", "https://www.cve.org/CVERecord?id=CVE-2025-11468" ], "PublishedDate": "2026-01-20T22:15:50.69Z", "LastModifiedDate": "2026-03-03T15:16:13.803Z" }, { "VulnerabilityID": "CVE-2025-12084", "PkgID": "python3.10-dev@3.10.12-1~22.04.12", "PkgName": "python3.10-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/python3.10-dev@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "9f2e6dca0dac353", "BOMRef": "pkg:deb/ubuntu/python3.10-dev@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.14", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-12084", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f489ae44a9aae8f74030364357415df8b8c113184204d6cd7875aee401b0ebd2", "Title": "cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service", "Description": "When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.", "Severity": "MEDIUM", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "V40Score": 6.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1478", "https://access.redhat.com/security/cve/CVE-2025-12084", "https://bugzilla.redhat.com/2418655", "https://bugzilla.redhat.com/show_bug.cgi?id=2418655", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12084", "https://errata.almalinux.org/9/ALSA-2026-1478.html", "https://errata.rockylinux.org/RLSA-2026:1478", "https://github.com/python/cpython/commit/027f21e417b26eed4505ac2db101a4352b7c51a0", "https://github.com/python/cpython/commit/08d8e18ad81cd45bc4a27d6da478b51ea49486e4", "https://github.com/python/cpython/commit/27648a1818749ef44c420afe6173af6868715437", "https://github.com/python/cpython/commit/41f468786762348960486c166833a218a0a436af", "https://github.com/python/cpython/commit/57937a8e5e293f0dcba5115f7b7a11b1e0c9a273", "https://github.com/python/cpython/commit/8d2d7bb2e754f8649a68ce4116271a4932f76907", "https://github.com/python/cpython/commit/9c9dda6625a2a90d2a06c657eee021d6be19842d", "https://github.com/python/cpython/commit/a46c10ec9d4050ab67b8a932e0859a2ea60c3cb8", "https://github.com/python/cpython/commit/a696ba8b4d42fd632afc9bc88ad830a2e4cceed8", "https://github.com/python/cpython/commit/c97e87593063d84a2bd9fe7068b30eb44de23dc0", "https://github.com/python/cpython/commit/ddcd2acd85d891a53e281c773b3093f9db953964", "https://github.com/python/cpython/commit/e91c11449cad34bac3ea55ee09ca557691d92b53", "https://github.com/python/cpython/issues/142145", "https://github.com/python/cpython/pull/142146", "https://linux.oracle.com/cve/CVE-2025-12084.html", "https://linux.oracle.com/errata/ELSA-2026-2713.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-12084", "https://ubuntu.com/security/notices/USN-8018-1", "https://ubuntu.com/security/notices/USN-8018-3", "https://www.cve.org/CVERecord?id=CVE-2025-12084" ], "PublishedDate": "2025-12-03T19:15:55.05Z", "LastModifiedDate": "2026-01-26T15:16:05.95Z" }, { "VulnerabilityID": "CVE-2025-13836", "PkgID": "python3.10-dev@3.10.12-1~22.04.12", "PkgName": "python3.10-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/python3.10-dev@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "9f2e6dca0dac353", "BOMRef": "pkg:deb/ubuntu/python3.10-dev@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.13", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-13836", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b3f3efb17bea64ff35e4ac94c8d51acf565ebbb404674a05201e675d43555166", "Title": "cpython: Excessive read buffering DoS in http.client", "Description": "When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "bitnami": 2, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L", "V40Score": 6.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "V3Score": 6.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1410", "https://access.redhat.com/security/cve/CVE-2025-13836", "https://bugzilla.redhat.com/2418078", "https://bugzilla.redhat.com/2418655", "https://bugzilla.redhat.com/show_bug.cgi?id=2418078", "https://bugzilla.redhat.com/show_bug.cgi?id=2418655", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12084", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13836", "https://errata.almalinux.org/9/ALSA-2026-1410.html", "https://errata.rockylinux.org/RLSA-2026:1410", "https://github.com/python/cpython/commit/14b1fdb0a94b96f86fc7b86671ea9582b8676628", "https://github.com/python/cpython/commit/289f29b0fe38baf2d7cb5854f4bb573cc34a6a15", "https://github.com/python/cpython/commit/4ce27904b597c77d74dd93f2c912676021a99155", "https://github.com/python/cpython/commit/4ce27904b597c77d74dd93f2c912676021a99155 (3.14 branch)", "https://github.com/python/cpython/commit/5a4c4a033a4a54481be6870aa1896fad732555b5", "https://github.com/python/cpython/commit/5a4c4a033a4a54481be6870aa1896fad732555b5 (main)", "https://github.com/python/cpython/commit/5dc101675fd22918facbbe0fecdc821502beaaf0", "https://github.com/python/cpython/commit/afc40bdd3dd71f343fd9016f6d8eebbacbd6587c", "https://github.com/python/cpython/issues/119451", "https://github.com/python/cpython/pull/119454", "https://linux.oracle.com/cve/CVE-2025-13836.html", "https://linux.oracle.com/errata/ELSA-2026-2419.html", "https://mail.python.org/archives/list/security-announce@python.org/thread/OQ6G7MKRQIS3OAREC3HNG3D2DPOU34XO/", "https://nvd.nist.gov/vuln/detail/CVE-2025-13836", "https://ubuntu.com/security/notices/USN-7951-1", "https://www.cve.org/CVERecord?id=CVE-2025-13836" ], "PublishedDate": "2025-12-01T18:16:04.2Z", "LastModifiedDate": "2026-02-10T19:58:12.13Z" }, { "VulnerabilityID": "CVE-2025-13837", "PkgID": "python3.10-dev@3.10.12-1~22.04.12", "PkgName": "python3.10-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/python3.10-dev@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "9f2e6dca0dac353", "BOMRef": "pkg:deb/ubuntu/python3.10-dev@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.14", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-13837", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f9f74ffaa485969715759b97769708528181b2694302e2edd8559b9bb5031a35", "Title": "cpython: Out-of-memory when loading Plist", "Description": "When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "amazon": 2, "azure": 1, "bitnami": 1, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N", "V40Score": 2.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-13837", "https://github.com/python/cpython/commit/568342cfc8f002d9a15f30238f26b9d2e0e79036", "https://github.com/python/cpython/commit/5a8b19677d818fb41ee55f310233772e15aa1a2b", "https://github.com/python/cpython/commit/694922cf40aa3a28f898b5f5ee08b71b4922df70", "https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba", "https://github.com/python/cpython/commit/b64441e4852383645af5b435411a6f849dd1b4cb", "https://github.com/python/cpython/commit/cefee7d118a26ef6cd43db59bb9d98ca9a331111", "https://github.com/python/cpython/issues/119342", "https://github.com/python/cpython/pull/119343", "https://mail.python.org/archives/list/security-announce@python.org/thread/2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C/", "https://nvd.nist.gov/vuln/detail/CVE-2025-13837", "https://ubuntu.com/security/notices/USN-8018-1", "https://www.cve.org/CVERecord?id=CVE-2025-13837" ], "PublishedDate": "2025-12-01T18:16:04.38Z", "LastModifiedDate": "2026-03-03T15:16:14.483Z" }, { "VulnerabilityID": "CVE-2025-15282", "PkgID": "python3.10-dev@3.10.12-1~22.04.12", "PkgName": "python3.10-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/python3.10-dev@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "9f2e6dca0dac353", "BOMRef": "pkg:deb/ubuntu/python3.10-dev@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.14", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15282", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:348b2b3328afeb2bc18fb1d8b2970364ba5c6b3a413d8bfe909305962c03577f", "Title": "cpython: Header injection via newlines in data URL mediatype in Python", "Description": "User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.", "Severity": "MEDIUM", "CweIDs": [ "CWE-93" ], "VendorSeverity": { "amazon": 2, "bitnami": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N", "V40Score": 6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "V3Score": 4.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-15282", "https://github.com/python/cpython/commit/05356b1cc153108aaf27f3b72ce438af4aa218c0", "https://github.com/python/cpython/commit/34d76b00dabde81a793bd06dd8ecb057838c4b38", "https://github.com/python/cpython/commit/3f396ca9d7bbe2a50ea6b8c9b27c0082884d9f80", "https://github.com/python/cpython/commit/4ed11d3cd288e6b90196a15c5a825a45d318fe47", "https://github.com/python/cpython/commit/a35ca3be5842505dab74dc0b90b89cde0405017a", "https://github.com/python/cpython/commit/f25509e78e8be6ea73c811ac2b8c928c28841b9f", "https://github.com/python/cpython/issues/143925", "https://github.com/python/cpython/pull/143926", "https://mail.python.org/archives/list/security-announce@python.org/thread/X66HL7SISGJT33J53OHXMZT4DFLMHVKF/", "https://nvd.nist.gov/vuln/detail/CVE-2025-15282", "https://ubuntu.com/security/notices/USN-8018-1", "https://ubuntu.com/security/notices/USN-8018-3", "https://www.cve.org/CVERecord?id=CVE-2025-15282" ], "PublishedDate": "2026-01-20T22:15:50.883Z", "LastModifiedDate": "2026-01-26T15:16:06.62Z" }, { "VulnerabilityID": "CVE-2026-0672", "PkgID": "python3.10-dev@3.10.12-1~22.04.12", "PkgName": "python3.10-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/python3.10-dev@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "9f2e6dca0dac353", "BOMRef": "pkg:deb/ubuntu/python3.10-dev@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.14", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-0672", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:37b20fc4a93fb089458d741895626c8d11efbee083c0b255e688978edfb6daa5", "Title": "cpython: Header injection in http.cookies.Morsel in Python", "Description": "When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.", "Severity": "MEDIUM", "CweIDs": [ "CWE-93" ], "VendorSeverity": { "amazon": 2, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "V3Score": 4.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-0672", "https://github.com/python/cpython/commit/62700107418eb2cca3fc88da036a243ea975f172", "https://github.com/python/cpython/commit/712452e6f1d4b9f7f8c4c92ebfcaac1705faa440", "https://github.com/python/cpython/commit/7852d72b653fea0199acf5fc2a84f6f8b84eba8d", "https://github.com/python/cpython/commit/918387e4912d12ffc166c8f2a38df92b6ec756ca", "https://github.com/python/cpython/commit/95746b3a13a985787ef53b977129041971ed7f70", "https://github.com/python/cpython/commit/b1869ff648bbee0717221d09e6deff46617f3e85", "https://github.com/python/cpython/issues/143919", "https://github.com/python/cpython/pull/143920", "https://mail.python.org/archives/list/security-announce@python.org/thread/6VFLQQEIX673KXKFUZXCUNE5AZOGZ45M/", "https://nvd.nist.gov/vuln/detail/CVE-2026-0672", "https://ubuntu.com/security/notices/USN-8018-1", "https://ubuntu.com/security/notices/USN-8018-3", "https://www.cve.org/CVERecord?id=CVE-2026-0672" ], "PublishedDate": "2026-01-20T22:15:52.68Z", "LastModifiedDate": "2026-01-26T15:16:07.033Z" }, { "VulnerabilityID": "CVE-2026-0865", "PkgID": "python3.10-dev@3.10.12-1~22.04.12", "PkgName": "python3.10-dev", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/python3.10-dev@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "9f2e6dca0dac353", "BOMRef": "pkg:deb/ubuntu/python3.10-dev@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.14", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-0865", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:badab18ef3a943a3ecd42552a25384bc4bca28f5c331076fefc512c5103f8e0a", "Title": "cpython: wsgiref.headers.Headers allows header newline injection in Python", "Description": "User-controlled header names and values containing newlines can allow injecting HTTP headers.", "Severity": "MEDIUM", "CweIDs": [ "CWE-74" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "V3Score": 4.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4168", "https://access.redhat.com/security/cve/CVE-2026-0865", "https://bugzilla.redhat.com/2431368", "https://bugzilla.redhat.com/2431373", "https://bugzilla.redhat.com/2432437", "https://bugzilla.redhat.com/show_bug.cgi?id=2431367", "https://bugzilla.redhat.com/show_bug.cgi?id=2431368", "https://bugzilla.redhat.com/show_bug.cgi?id=2431373", "https://bugzilla.redhat.com/show_bug.cgi?id=2432437", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15366", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15367", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0865", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1299", "https://errata.almalinux.org/9/ALSA-2026-4168.html", "https://errata.rockylinux.org/RLSA-2026:4168", "https://github.com/python/cpython/commit/22e4d55285cee52bc4dbe061324e5f30bd4dee58", "https://github.com/python/cpython/commit/23e3c0ae867cca0130e441e776c9955b9027c510", "https://github.com/python/cpython/commit/286e3ac39984fe85a17f4ab39c64d382137aae5f", "https://github.com/python/cpython/commit/2f840249550e082dc351743f474ba56da10478d2", "https://github.com/python/cpython/commit/4802b96a2cde58570c24c13ef3289490980961c5", "https://github.com/python/cpython/commit/66da7bf6fe7b81e3ecc9c0a25bd47d4616c8d1a6", "https://github.com/python/cpython/commit/83ecd18779f286d872f68bfce175651e407d9fff", "https://github.com/python/cpython/commit/8bb044d29310bb05d15086cdaa8bf64867d61a97", "https://github.com/python/cpython/commit/bfba660085767f8c2d582134e9d511a85eda04cf", "https://github.com/python/cpython/commit/c592227ffb48679af9845a45dbb0875d975bb219", "https://github.com/python/cpython/commit/e4846a93ac07a8ae9aa18203af0dd13d6e7a6995", "https://github.com/python/cpython/commit/f7fceed79ca1bceae8dbe5ba5bc8928564da7211", "https://github.com/python/cpython/issues/143916", "https://github.com/python/cpython/pull/143917", "https://linux.oracle.com/cve/CVE-2026-0865.html", "https://linux.oracle.com/errata/ELSA-2026-4713.html", "https://mail.python.org/archives/list/security-announce@python.org/thread/BJ6QPHNSHJTS3A7CFV6IBMCAP2DWRVNT/", "https://nvd.nist.gov/vuln/detail/CVE-2026-0865", "https://ubuntu.com/security/notices/USN-8018-1", "https://ubuntu.com/security/notices/USN-8018-3", "https://www.cve.org/CVERecord?id=CVE-2026-0865" ], "PublishedDate": "2026-01-20T22:15:52.8Z", "LastModifiedDate": "2026-03-03T15:16:17.59Z" }, { "VulnerabilityID": "CVE-2025-11468", "PkgID": "python3.10-minimal@3.10.12-1~22.04.12", "PkgName": "python3.10-minimal", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/python3.10-minimal@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "1ddcbfcaee4d2a7e", "BOMRef": "pkg:deb/ubuntu/python3.10-minimal@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.14", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11468", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:379b420098a10c3b5540a23db39d3a2b950fde5bfbfcc1b52ef57968bba9411f", "Title": "cpython: Missing character filtering in Python", "Description": "When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized.", "Severity": "MEDIUM", "CweIDs": [ "CWE-93" ], "VendorSeverity": { "amazon": 2, "azure": 2, "bitnami": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 5.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "V3Score": 4.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-11468", "https://github.com/python/cpython/commit/003b8315669b9f08b1010a49071f73f15f818094", "https://github.com/python/cpython/commit/17d1490aa97bd6b98a42b1a9b324ead84e7fd8a2", "https://github.com/python/cpython/commit/61614a5e5056e4f61ced65008d4576f3df34acb6", "https://github.com/python/cpython/commit/a76e4cd62dd68e7cbe86e37e6ed988495a646b66", "https://github.com/python/cpython/commit/e9970f077240c7c670e8a6fc6662f2b30d3b6ad0", "https://github.com/python/cpython/commit/f738386838021c762efea6c9802c82de65e87796", "https://github.com/python/cpython/issues/143935", "https://github.com/python/cpython/pull/143936", "https://mail.python.org/archives/list/security-announce@python.org/thread/FELSEOLBI2QR6YLG6Q7VYF7FWSGQTKLI/", "https://nvd.nist.gov/vuln/detail/CVE-2025-11468", "https://ubuntu.com/security/notices/USN-8018-1", "https://www.cve.org/CVERecord?id=CVE-2025-11468" ], "PublishedDate": "2026-01-20T22:15:50.69Z", "LastModifiedDate": "2026-03-03T15:16:13.803Z" }, { "VulnerabilityID": "CVE-2025-12084", "PkgID": "python3.10-minimal@3.10.12-1~22.04.12", "PkgName": "python3.10-minimal", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/python3.10-minimal@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "1ddcbfcaee4d2a7e", "BOMRef": "pkg:deb/ubuntu/python3.10-minimal@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.14", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-12084", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ea5cc0bb7ce8315d816291615fff50ad5479decfb8466d4a85b23b91404a3dbc", "Title": "cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service", "Description": "When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.", "Severity": "MEDIUM", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "V40Score": 6.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1478", "https://access.redhat.com/security/cve/CVE-2025-12084", "https://bugzilla.redhat.com/2418655", "https://bugzilla.redhat.com/show_bug.cgi?id=2418655", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12084", "https://errata.almalinux.org/9/ALSA-2026-1478.html", "https://errata.rockylinux.org/RLSA-2026:1478", "https://github.com/python/cpython/commit/027f21e417b26eed4505ac2db101a4352b7c51a0", "https://github.com/python/cpython/commit/08d8e18ad81cd45bc4a27d6da478b51ea49486e4", "https://github.com/python/cpython/commit/27648a1818749ef44c420afe6173af6868715437", "https://github.com/python/cpython/commit/41f468786762348960486c166833a218a0a436af", "https://github.com/python/cpython/commit/57937a8e5e293f0dcba5115f7b7a11b1e0c9a273", "https://github.com/python/cpython/commit/8d2d7bb2e754f8649a68ce4116271a4932f76907", "https://github.com/python/cpython/commit/9c9dda6625a2a90d2a06c657eee021d6be19842d", "https://github.com/python/cpython/commit/a46c10ec9d4050ab67b8a932e0859a2ea60c3cb8", "https://github.com/python/cpython/commit/a696ba8b4d42fd632afc9bc88ad830a2e4cceed8", "https://github.com/python/cpython/commit/c97e87593063d84a2bd9fe7068b30eb44de23dc0", "https://github.com/python/cpython/commit/ddcd2acd85d891a53e281c773b3093f9db953964", "https://github.com/python/cpython/commit/e91c11449cad34bac3ea55ee09ca557691d92b53", "https://github.com/python/cpython/issues/142145", "https://github.com/python/cpython/pull/142146", "https://linux.oracle.com/cve/CVE-2025-12084.html", "https://linux.oracle.com/errata/ELSA-2026-2713.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-12084", "https://ubuntu.com/security/notices/USN-8018-1", "https://ubuntu.com/security/notices/USN-8018-3", "https://www.cve.org/CVERecord?id=CVE-2025-12084" ], "PublishedDate": "2025-12-03T19:15:55.05Z", "LastModifiedDate": "2026-01-26T15:16:05.95Z" }, { "VulnerabilityID": "CVE-2025-13836", "PkgID": "python3.10-minimal@3.10.12-1~22.04.12", "PkgName": "python3.10-minimal", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/python3.10-minimal@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "1ddcbfcaee4d2a7e", "BOMRef": "pkg:deb/ubuntu/python3.10-minimal@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.13", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-13836", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3fa50b2ab5af928990a806f07c83ac587910c749666ff8d8e34ad4292eeba057", "Title": "cpython: Excessive read buffering DoS in http.client", "Description": "When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "bitnami": 2, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L", "V40Score": 6.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "V3Score": 6.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1410", "https://access.redhat.com/security/cve/CVE-2025-13836", "https://bugzilla.redhat.com/2418078", "https://bugzilla.redhat.com/2418655", "https://bugzilla.redhat.com/show_bug.cgi?id=2418078", "https://bugzilla.redhat.com/show_bug.cgi?id=2418655", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12084", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13836", "https://errata.almalinux.org/9/ALSA-2026-1410.html", "https://errata.rockylinux.org/RLSA-2026:1410", "https://github.com/python/cpython/commit/14b1fdb0a94b96f86fc7b86671ea9582b8676628", "https://github.com/python/cpython/commit/289f29b0fe38baf2d7cb5854f4bb573cc34a6a15", "https://github.com/python/cpython/commit/4ce27904b597c77d74dd93f2c912676021a99155", "https://github.com/python/cpython/commit/4ce27904b597c77d74dd93f2c912676021a99155 (3.14 branch)", "https://github.com/python/cpython/commit/5a4c4a033a4a54481be6870aa1896fad732555b5", "https://github.com/python/cpython/commit/5a4c4a033a4a54481be6870aa1896fad732555b5 (main)", "https://github.com/python/cpython/commit/5dc101675fd22918facbbe0fecdc821502beaaf0", "https://github.com/python/cpython/commit/afc40bdd3dd71f343fd9016f6d8eebbacbd6587c", "https://github.com/python/cpython/issues/119451", "https://github.com/python/cpython/pull/119454", "https://linux.oracle.com/cve/CVE-2025-13836.html", "https://linux.oracle.com/errata/ELSA-2026-2419.html", "https://mail.python.org/archives/list/security-announce@python.org/thread/OQ6G7MKRQIS3OAREC3HNG3D2DPOU34XO/", "https://nvd.nist.gov/vuln/detail/CVE-2025-13836", "https://ubuntu.com/security/notices/USN-7951-1", "https://www.cve.org/CVERecord?id=CVE-2025-13836" ], "PublishedDate": "2025-12-01T18:16:04.2Z", "LastModifiedDate": "2026-02-10T19:58:12.13Z" }, { "VulnerabilityID": "CVE-2025-13837", "PkgID": "python3.10-minimal@3.10.12-1~22.04.12", "PkgName": "python3.10-minimal", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/python3.10-minimal@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "1ddcbfcaee4d2a7e", "BOMRef": "pkg:deb/ubuntu/python3.10-minimal@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.14", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-13837", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:27299bd42c5412e5ac4df7bfb1a2ae90bee0536652fa8b1aa2457b91ac1f7c04", "Title": "cpython: Out-of-memory when loading Plist", "Description": "When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "amazon": 2, "azure": 1, "bitnami": 1, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N", "V40Score": 2.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-13837", "https://github.com/python/cpython/commit/568342cfc8f002d9a15f30238f26b9d2e0e79036", "https://github.com/python/cpython/commit/5a8b19677d818fb41ee55f310233772e15aa1a2b", "https://github.com/python/cpython/commit/694922cf40aa3a28f898b5f5ee08b71b4922df70", "https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba", "https://github.com/python/cpython/commit/b64441e4852383645af5b435411a6f849dd1b4cb", "https://github.com/python/cpython/commit/cefee7d118a26ef6cd43db59bb9d98ca9a331111", "https://github.com/python/cpython/issues/119342", "https://github.com/python/cpython/pull/119343", "https://mail.python.org/archives/list/security-announce@python.org/thread/2X5IBCJXRQAZ5PSERLHMSJFBHFR3QM2C/", "https://nvd.nist.gov/vuln/detail/CVE-2025-13837", "https://ubuntu.com/security/notices/USN-8018-1", "https://www.cve.org/CVERecord?id=CVE-2025-13837" ], "PublishedDate": "2025-12-01T18:16:04.38Z", "LastModifiedDate": "2026-03-03T15:16:14.483Z" }, { "VulnerabilityID": "CVE-2025-15282", "PkgID": "python3.10-minimal@3.10.12-1~22.04.12", "PkgName": "python3.10-minimal", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/python3.10-minimal@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "1ddcbfcaee4d2a7e", "BOMRef": "pkg:deb/ubuntu/python3.10-minimal@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.14", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15282", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b56099e33a0083d1384d81bd4e90b939504634f7f630de080e796e0ce1f012cf", "Title": "cpython: Header injection via newlines in data URL mediatype in Python", "Description": "User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.", "Severity": "MEDIUM", "CweIDs": [ "CWE-93" ], "VendorSeverity": { "amazon": 2, "bitnami": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N", "V40Score": 6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "V3Score": 4.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-15282", "https://github.com/python/cpython/commit/05356b1cc153108aaf27f3b72ce438af4aa218c0", "https://github.com/python/cpython/commit/34d76b00dabde81a793bd06dd8ecb057838c4b38", "https://github.com/python/cpython/commit/3f396ca9d7bbe2a50ea6b8c9b27c0082884d9f80", "https://github.com/python/cpython/commit/4ed11d3cd288e6b90196a15c5a825a45d318fe47", "https://github.com/python/cpython/commit/a35ca3be5842505dab74dc0b90b89cde0405017a", "https://github.com/python/cpython/commit/f25509e78e8be6ea73c811ac2b8c928c28841b9f", "https://github.com/python/cpython/issues/143925", "https://github.com/python/cpython/pull/143926", "https://mail.python.org/archives/list/security-announce@python.org/thread/X66HL7SISGJT33J53OHXMZT4DFLMHVKF/", "https://nvd.nist.gov/vuln/detail/CVE-2025-15282", "https://ubuntu.com/security/notices/USN-8018-1", "https://ubuntu.com/security/notices/USN-8018-3", "https://www.cve.org/CVERecord?id=CVE-2025-15282" ], "PublishedDate": "2026-01-20T22:15:50.883Z", "LastModifiedDate": "2026-01-26T15:16:06.62Z" }, { "VulnerabilityID": "CVE-2026-0672", "PkgID": "python3.10-minimal@3.10.12-1~22.04.12", "PkgName": "python3.10-minimal", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/python3.10-minimal@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "1ddcbfcaee4d2a7e", "BOMRef": "pkg:deb/ubuntu/python3.10-minimal@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.14", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-0672", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:818a70873a5db4dda1ee22abbe62e83c87f95b7089236a7daf20c5a6cd3b6b9b", "Title": "cpython: Header injection in http.cookies.Morsel in Python", "Description": "When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.", "Severity": "MEDIUM", "CweIDs": [ "CWE-93" ], "VendorSeverity": { "amazon": 2, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "V3Score": 4.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-0672", "https://github.com/python/cpython/commit/62700107418eb2cca3fc88da036a243ea975f172", "https://github.com/python/cpython/commit/712452e6f1d4b9f7f8c4c92ebfcaac1705faa440", "https://github.com/python/cpython/commit/7852d72b653fea0199acf5fc2a84f6f8b84eba8d", "https://github.com/python/cpython/commit/918387e4912d12ffc166c8f2a38df92b6ec756ca", "https://github.com/python/cpython/commit/95746b3a13a985787ef53b977129041971ed7f70", "https://github.com/python/cpython/commit/b1869ff648bbee0717221d09e6deff46617f3e85", "https://github.com/python/cpython/issues/143919", "https://github.com/python/cpython/pull/143920", "https://mail.python.org/archives/list/security-announce@python.org/thread/6VFLQQEIX673KXKFUZXCUNE5AZOGZ45M/", "https://nvd.nist.gov/vuln/detail/CVE-2026-0672", "https://ubuntu.com/security/notices/USN-8018-1", "https://ubuntu.com/security/notices/USN-8018-3", "https://www.cve.org/CVERecord?id=CVE-2026-0672" ], "PublishedDate": "2026-01-20T22:15:52.68Z", "LastModifiedDate": "2026-01-26T15:16:07.033Z" }, { "VulnerabilityID": "CVE-2026-0865", "PkgID": "python3.10-minimal@3.10.12-1~22.04.12", "PkgName": "python3.10-minimal", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/python3.10-minimal@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04", "UID": "1ddcbfcaee4d2a7e", "BOMRef": "pkg:deb/ubuntu/python3.10-minimal@3.10.12-1~22.04.12?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "3.10.12-1~22.04.12", "FixedVersion": "3.10.12-1~22.04.14", "Status": "fixed", "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-0865", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:fbfb1ee4a5510878980839d2c0124c6fd03e0373947fa7eed10efbd66539931c", "Title": "cpython: wsgiref.headers.Headers allows header newline injection in Python", "Description": "User-controlled header names and values containing newlines can allow injecting HTTP headers.", "Severity": "MEDIUM", "CweIDs": [ "CWE-74" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "V3Score": 4.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4168", "https://access.redhat.com/security/cve/CVE-2026-0865", "https://bugzilla.redhat.com/2431368", "https://bugzilla.redhat.com/2431373", "https://bugzilla.redhat.com/2432437", "https://bugzilla.redhat.com/show_bug.cgi?id=2431367", "https://bugzilla.redhat.com/show_bug.cgi?id=2431368", "https://bugzilla.redhat.com/show_bug.cgi?id=2431373", "https://bugzilla.redhat.com/show_bug.cgi?id=2432437", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15366", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15367", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0865", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1299", "https://errata.almalinux.org/9/ALSA-2026-4168.html", "https://errata.rockylinux.org/RLSA-2026:4168", "https://github.com/python/cpython/commit/22e4d55285cee52bc4dbe061324e5f30bd4dee58", "https://github.com/python/cpython/commit/23e3c0ae867cca0130e441e776c9955b9027c510", "https://github.com/python/cpython/commit/286e3ac39984fe85a17f4ab39c64d382137aae5f", "https://github.com/python/cpython/commit/2f840249550e082dc351743f474ba56da10478d2", "https://github.com/python/cpython/commit/4802b96a2cde58570c24c13ef3289490980961c5", "https://github.com/python/cpython/commit/66da7bf6fe7b81e3ecc9c0a25bd47d4616c8d1a6", "https://github.com/python/cpython/commit/83ecd18779f286d872f68bfce175651e407d9fff", "https://github.com/python/cpython/commit/8bb044d29310bb05d15086cdaa8bf64867d61a97", "https://github.com/python/cpython/commit/bfba660085767f8c2d582134e9d511a85eda04cf", "https://github.com/python/cpython/commit/c592227ffb48679af9845a45dbb0875d975bb219", "https://github.com/python/cpython/commit/e4846a93ac07a8ae9aa18203af0dd13d6e7a6995", "https://github.com/python/cpython/commit/f7fceed79ca1bceae8dbe5ba5bc8928564da7211", "https://github.com/python/cpython/issues/143916", "https://github.com/python/cpython/pull/143917", "https://linux.oracle.com/cve/CVE-2026-0865.html", "https://linux.oracle.com/errata/ELSA-2026-4713.html", "https://mail.python.org/archives/list/security-announce@python.org/thread/BJ6QPHNSHJTS3A7CFV6IBMCAP2DWRVNT/", "https://nvd.nist.gov/vuln/detail/CVE-2026-0865", "https://ubuntu.com/security/notices/USN-8018-1", "https://ubuntu.com/security/notices/USN-8018-3", "https://www.cve.org/CVERecord?id=CVE-2026-0865" ], "PublishedDate": "2026-01-20T22:15:52.8Z", "LastModifiedDate": "2026-03-03T15:16:17.59Z" }, { "VulnerabilityID": "CVE-2025-45582", "PkgID": "tar@1.34+dfsg-1ubuntu0.1.22.04.2", "PkgName": "tar", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/tar@1.34%2Bdfsg-1ubuntu0.1.22.04.2?arch=amd64\u0026distro=ubuntu-22.04", "UID": "72ee54558d78e3e4", "BOMRef": "pkg:deb/ubuntu/tar@1.34%2Bdfsg-1ubuntu0.1.22.04.2?arch=amd64\u0026distro=ubuntu-22.04" }, "InstalledVersion": "1.34+dfsg-1ubuntu0.1.22.04.2", "Status": "affected", "Layer": { "Digest": "sha256:7e49dc6156b0b532730614d83a65ae5e7ce61e966b0498703d333b4d03505e4f", "DiffID": "sha256:73974f74b436f39a2fdb6461b1e3f7c3e41c73325776fa71d16b942a5b4a365b" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-45582", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b5df933b7d3af082bf3b6d4a0bf6e54a43a0d0c04ea367a125d3dd665ea3cc35", "Title": "tar: Tar path traversal", "Description": "GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file's name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of \"Member name contains '..'\" that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain \"x -\u003e ../../../../../home/victim/.ssh\" and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which \"tar xf\" is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages). NOTE: the official GNU Tar manual has an otherwise-empty directory for each \"tar xf\" in its Security Rules of Thumb; however, third-party advice leads users to run \"tar xf\" more than once into the same directory.", "Severity": "MEDIUM", "CweIDs": [ "CWE-24" ], "VendorSeverity": { "alma": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.6 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/11/01/6", "https://access.redhat.com/errata/RHSA-2026:0067", "https://access.redhat.com/security/cve/CVE-2025-45582", "https://bugzilla.redhat.com/2379592", "https://bugzilla.redhat.com/show_bug.cgi?id=2379592", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-45582", "https://errata.almalinux.org/9/ALSA-2026-0067.html", "https://errata.rockylinux.org/RLSA-2026:0067", "https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md", "https://linux.oracle.com/cve/CVE-2025-45582.html", "https://linux.oracle.com/errata/ELSA-2026-0067.html", "https://lists.gnu.org/archive/html/bug-tar/2025-08/msg00012.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-45582", "https://www.cve.org/CVERecord?id=CVE-2025-45582", "https://www.gnu.org/software/tar/", "https://www.gnu.org/software/tar/manual/html_node/Integrity.html", "https://www.gnu.org/software/tar/manual/html_node/Integrity.html#Integrity", "https://www.gnu.org/software/tar/manual/html_node/Security-rules-of-thumb.html" ], "PublishedDate": "2025-07-11T17:15:37.183Z", "LastModifiedDate": "2025-11-02T01:15:32.307Z" } ] }, { "Target": "Node.js", "Class": "lang-pkgs", "Type": "node-pkg", "Packages": [ { "ID": "@adobe/css-tools@4.4.3", "Name": "@adobe/css-tools", "Identifier": { "PURL": "pkg:npm/%40adobe/css-tools@4.4.3", "UID": "a2f8f2782e309ee4", "BOMRef": "pkg:npm/%40adobe/css-tools@4.4.3" }, "Version": "4.4.3", "Licenses": [ "MIT" ], "DependsOn": [ "@testing-library/jest-dom@5.17.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@ampproject/remapping@2.3.0", "Name": "@ampproject/remapping", "Identifier": { "PURL": "pkg:npm/%40ampproject/remapping@2.3.0", "UID": "a9772eabbab507a1", "BOMRef": "pkg:npm/%40ampproject/remapping@2.3.0" }, "Version": "2.3.0", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "@babel/core@7.28.0", "@tailwindcss/node@4.1.11" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@babel/code-frame@7.27.1", "Name": "@babel/code-frame", "Identifier": { "PURL": "pkg:npm/%40babel/code-frame@7.27.1", "UID": "f16c956e3b061cb", "BOMRef": "pkg:npm/%40babel/code-frame@7.27.1" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "DependsOn": [ "@babel/core@7.28.0", "@babel/template@7.27.2", "@babel/traverse@7.28.0", "@testing-library/dom@10.4.0", "@testing-library/dom@8.20.1", "jest-message-util@30.0.2", "parse-json@5.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@babel/compat-data@7.28.0", "Name": "@babel/compat-data", "Identifier": { "PURL": "pkg:npm/%40babel/compat-data@7.28.0", "UID": "1ab6097594fafea2", "BOMRef": "pkg:npm/%40babel/compat-data@7.28.0" }, "Version": "7.28.0", "Licenses": [ "MIT" ], "DependsOn": [ "@babel/helper-compilation-targets@7.27.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@babel/core@7.28.0", "Name": "@babel/core", "Identifier": { "PURL": "pkg:npm/%40babel/core@7.28.0", "UID": "137e9e4091e7f185", "BOMRef": "pkg:npm/%40babel/core@7.28.0" }, "Version": "7.28.0", "Licenses": [ "MIT" ], "DependsOn": [ "@babel/helper-module-transforms@7.27.3", "@babel/plugin-transform-react-jsx-self@7.27.1", "@babel/plugin-transform-react-jsx-source@7.27.1", "@svgr/babel-plugin-add-jsx-attribute@8.0.0", "@svgr/babel-plugin-remove-jsx-attribute@8.0.0", "@svgr/babel-plugin-remove-jsx-empty-expression@8.0.0", "@svgr/babel-plugin-replace-jsx-attribute-value@8.0.0", "@svgr/babel-plugin-svg-dynamic-title@8.0.0", "@svgr/babel-plugin-svg-em-dimensions@8.0.0", "@svgr/babel-plugin-transform-react-native-svg@8.1.0", "@svgr/babel-plugin-transform-svg-component@8.0.0", "@svgr/babel-preset@8.1.0", "@svgr/core@8.1.0", "@svgr/plugin-jsx@8.1.0", "@vitejs/plugin-react@4.6.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@babel/generator@7.28.0", "Name": "@babel/generator", "Identifier": { "PURL": "pkg:npm/%40babel/generator@7.28.0", "UID": "912523586523308b", "BOMRef": "pkg:npm/%40babel/generator@7.28.0" }, "Version": "7.28.0", "Licenses": [ "MIT" ], "DependsOn": [ "@babel/core@7.28.0", "@babel/traverse@7.28.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@babel/helper-compilation-targets@7.27.2", "Name": "@babel/helper-compilation-targets", "Identifier": { "PURL": "pkg:npm/%40babel/helper-compilation-targets@7.27.2", "UID": "775e8ac0b4377bdc", "BOMRef": "pkg:npm/%40babel/helper-compilation-targets@7.27.2" }, "Version": "7.27.2", "Licenses": [ "MIT" ], "DependsOn": [ "@babel/core@7.28.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@babel/helper-globals@7.28.0", "Name": "@babel/helper-globals", "Identifier": { "PURL": "pkg:npm/%40babel/helper-globals@7.28.0", "UID": "6557f48f3882a141", "BOMRef": "pkg:npm/%40babel/helper-globals@7.28.0" }, "Version": "7.28.0", "Licenses": [ "MIT" ], "DependsOn": [ "@babel/traverse@7.28.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@babel/helper-module-imports@7.27.1", "Name": "@babel/helper-module-imports", "Identifier": { "PURL": "pkg:npm/%40babel/helper-module-imports@7.27.1", "UID": "9616319a0365b76e", "BOMRef": "pkg:npm/%40babel/helper-module-imports@7.27.1" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "DependsOn": [ "@babel/helper-module-transforms@7.27.3", "@emotion/babel-plugin@11.13.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@babel/helper-module-transforms@7.27.3", "Name": "@babel/helper-module-transforms", "Identifier": { "PURL": "pkg:npm/%40babel/helper-module-transforms@7.27.3", "UID": "c307080aac9d7afc", "BOMRef": "pkg:npm/%40babel/helper-module-transforms@7.27.3" }, "Version": "7.27.3", "Licenses": [ "MIT" ], "DependsOn": [ "@babel/core@7.28.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@babel/helper-plugin-utils@7.27.1", "Name": "@babel/helper-plugin-utils", "Identifier": { "PURL": "pkg:npm/%40babel/helper-plugin-utils@7.27.1", "UID": "c78507439ac951a0", "BOMRef": "pkg:npm/%40babel/helper-plugin-utils@7.27.1" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "DependsOn": [ "@babel/plugin-transform-react-jsx-self@7.27.1", "@babel/plugin-transform-react-jsx-source@7.27.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@babel/helper-string-parser@7.27.1", "Name": "@babel/helper-string-parser", "Identifier": { "PURL": "pkg:npm/%40babel/helper-string-parser@7.27.1", "UID": "66c3ebc2f16e1ddc", "BOMRef": "pkg:npm/%40babel/helper-string-parser@7.27.1" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "DependsOn": [ "@babel/types@7.28.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@babel/helper-validator-identifier@7.27.1", "Name": "@babel/helper-validator-identifier", "Identifier": { "PURL": "pkg:npm/%40babel/helper-validator-identifier@7.27.1", "UID": "63987bf3d57a40e4", "BOMRef": "pkg:npm/%40babel/helper-validator-identifier@7.27.1" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "DependsOn": [ "@babel/code-frame@7.27.1", "@babel/helper-module-transforms@7.27.3", "@babel/types@7.28.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@babel/helper-validator-option@7.27.1", "Name": "@babel/helper-validator-option", "Identifier": { "PURL": "pkg:npm/%40babel/helper-validator-option@7.27.1", "UID": "a1621813833b32be", "BOMRef": "pkg:npm/%40babel/helper-validator-option@7.27.1" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "DependsOn": [ "@babel/helper-compilation-targets@7.27.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@babel/helpers@7.27.6", "Name": "@babel/helpers", "Identifier": { "PURL": "pkg:npm/%40babel/helpers@7.27.6", "UID": "599666fd1cb9862c", "BOMRef": "pkg:npm/%40babel/helpers@7.27.6" }, "Version": "7.27.6", "Licenses": [ "MIT" ], "DependsOn": [ "@babel/core@7.28.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@babel/parser@7.28.0", "Name": "@babel/parser", "Identifier": { "PURL": "pkg:npm/%40babel/parser@7.28.0", "UID": "6e0387739022c8fa", "BOMRef": "pkg:npm/%40babel/parser@7.28.0" }, "Version": "7.28.0", "Licenses": [ "MIT" ], "DependsOn": [ "@babel/core@7.28.0", "@babel/generator@7.28.0", "@babel/template@7.27.2", "@babel/traverse@7.28.0", "@types/babel__core@7.20.5", "@types/babel__template@7.4.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@babel/plugin-transform-react-jsx-self@7.27.1", "Name": "@babel/plugin-transform-react-jsx-self", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-react-jsx-self@7.27.1", "UID": "5a4c62e27bc45985", "BOMRef": "pkg:npm/%40babel/plugin-transform-react-jsx-self@7.27.1" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "DependsOn": [ "@vitejs/plugin-react@4.6.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@babel/plugin-transform-react-jsx-source@7.27.1", "Name": "@babel/plugin-transform-react-jsx-source", "Identifier": { "PURL": "pkg:npm/%40babel/plugin-transform-react-jsx-source@7.27.1", "UID": "e923ae8b39ef75d6", "BOMRef": "pkg:npm/%40babel/plugin-transform-react-jsx-source@7.27.1" }, "Version": "7.27.1", "Licenses": [ "MIT" ], "DependsOn": [ "@vitejs/plugin-react@4.6.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@babel/runtime@7.27.6", "Name": "@babel/runtime", "Identifier": { "PURL": "pkg:npm/%40babel/runtime@7.27.6", "UID": "221912dd5af3bad2", "BOMRef": "pkg:npm/%40babel/runtime@7.27.6" }, "Version": "7.27.6", "Licenses": [ "MIT" ], "DependsOn": [ "@emotion/babel-plugin@11.13.5", "@emotion/react@11.14.0", "@emotion/styled@11.14.1", "@mui/icons-material@7.2.0", "@mui/material@5.17.1", "@mui/material@7.2.0", "@mui/private-theming@5.17.1", "@mui/private-theming@7.2.0", "@mui/styled-engine@5.16.14", "@mui/styled-engine@7.2.0", "@mui/system@5.17.1", "@mui/system@7.2.0", "@mui/types@7.4.4", "@mui/utils@5.17.1", "@mui/utils@7.2.0", "@mui/x-data-grid@7.29.8", "@mui/x-internals@7.29.0", "@testing-library/dom@10.4.0", "@testing-library/dom@8.20.1", "@testing-library/jest-dom@5.17.0", "@testing-library/react@13.4.0", "@testing-library/user-event@13.5.0", "babel-plugin-macros@3.1.0", "dom-helpers@5.2.1", "react-transition-group@4.4.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@babel/template@7.27.2", "Name": "@babel/template", "Identifier": { "PURL": "pkg:npm/%40babel/template@7.27.2", "UID": "8b8315cccbc40bbd", "BOMRef": "pkg:npm/%40babel/template@7.27.2" }, "Version": "7.27.2", "Licenses": [ "MIT" ], "DependsOn": [ "@babel/core@7.28.0", "@babel/helpers@7.27.6", "@babel/traverse@7.28.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@babel/traverse@7.28.0", "Name": "@babel/traverse", "Identifier": { "PURL": "pkg:npm/%40babel/traverse@7.28.0", "UID": "dfabe4334f496b24", "BOMRef": "pkg:npm/%40babel/traverse@7.28.0" }, "Version": "7.28.0", "Licenses": [ "MIT" ], "DependsOn": [ "@babel/core@7.28.0", "@babel/helper-module-imports@7.27.1", "@babel/helper-module-transforms@7.27.3" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@babel/types@7.28.0", "Name": "@babel/types", "Identifier": { "PURL": "pkg:npm/%40babel/types@7.28.0", "UID": "5c85dc7d335d035a", "BOMRef": "pkg:npm/%40babel/types@7.28.0" }, "Version": "7.28.0", "Licenses": [ "MIT" ], "DependsOn": [ "@babel/core@7.28.0", "@babel/generator@7.28.0", "@babel/helper-module-imports@7.27.1", "@babel/helpers@7.27.6", "@babel/parser@7.28.0", "@babel/template@7.27.2", "@babel/traverse@7.28.0", "@svgr/hast-util-to-babel-ast@8.0.0", "@types/babel__core@7.20.5", "@types/babel__generator@7.27.0", "@types/babel__template@7.4.4", "@types/babel__traverse@7.20.7" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@emotion/babel-plugin@11.13.5", "Name": "@emotion/babel-plugin", "Identifier": { "PURL": "pkg:npm/%40emotion/babel-plugin@11.13.5", "UID": "cd61af3855a1e103", "BOMRef": "pkg:npm/%40emotion/babel-plugin@11.13.5" }, "Version": "11.13.5", "Licenses": [ "MIT" ], "DependsOn": [ "@emotion/css@11.13.5", "@emotion/react@11.14.0", "@emotion/styled@11.14.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@emotion/cache@11.14.0", "Name": "@emotion/cache", "Identifier": { "PURL": "pkg:npm/%40emotion/cache@11.14.0", "UID": "a105995c7a07b684", "BOMRef": "pkg:npm/%40emotion/cache@11.14.0" }, "Version": "11.14.0", "Licenses": [ "MIT" ], "DependsOn": [ "@emotion/css@11.13.5", "@emotion/react@11.14.0", "@mui/styled-engine@5.16.14", "@mui/styled-engine@7.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@emotion/css@11.13.5", "Name": "@emotion/css", "Identifier": { "PURL": "pkg:npm/%40emotion/css@11.13.5", "UID": "9c3fb603b2702414", "BOMRef": "pkg:npm/%40emotion/css@11.13.5" }, "Version": "11.13.5", "Licenses": [ "MIT" ], "DependsOn": [ "react-diff-viewer-continued@3.4.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@emotion/hash@0.9.2", "Name": "@emotion/hash", "Identifier": { "PURL": "pkg:npm/%40emotion/hash@0.9.2", "UID": "5f832f2b3ed846f1", "BOMRef": "pkg:npm/%40emotion/hash@0.9.2" }, "Version": "0.9.2", "Licenses": [ "MIT" ], "DependsOn": [ "@emotion/babel-plugin@11.13.5", "@emotion/serialize@1.3.3" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@emotion/is-prop-valid@1.3.1", "Name": "@emotion/is-prop-valid", "Identifier": { "PURL": "pkg:npm/%40emotion/is-prop-valid@1.3.1", "UID": "2917a8982d61c150", "BOMRef": "pkg:npm/%40emotion/is-prop-valid@1.3.1" }, "Version": "1.3.1", "Licenses": [ "MIT" ], "DependsOn": [ "@emotion/styled@11.14.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@emotion/memoize@0.9.0", "Name": "@emotion/memoize", "Identifier": { "PURL": "pkg:npm/%40emotion/memoize@0.9.0", "UID": "9f6df66026066821", "BOMRef": "pkg:npm/%40emotion/memoize@0.9.0" }, "Version": "0.9.0", "Licenses": [ "MIT" ], "DependsOn": [ "@emotion/babel-plugin@11.13.5", "@emotion/cache@11.14.0", "@emotion/is-prop-valid@1.3.1", "@emotion/serialize@1.3.3" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@emotion/react@11.14.0", "Name": "@emotion/react", "Identifier": { "PURL": "pkg:npm/%40emotion/react@11.14.0", "UID": "ed04af03f5c50fc1", "BOMRef": "pkg:npm/%40emotion/react@11.14.0" }, "Version": "11.14.0", "Licenses": [ "MIT" ], "DependsOn": [ "@emotion/styled@11.14.1", "@mui/material@5.17.1", "@mui/material@7.2.0", "@mui/styled-engine@5.16.14", "@mui/styled-engine@7.2.0", "@mui/system@5.17.1", "@mui/system@7.2.0", "@mui/x-data-grid@7.29.8", "@textea/json-viewer@2.17.2", "create-collection-form@0.0.0", "mui-chips-input@7.0.1", "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@emotion/serialize@1.3.3", "Name": "@emotion/serialize", "Identifier": { "PURL": "pkg:npm/%40emotion/serialize@1.3.3", "UID": "4833c5e98272c70b", "BOMRef": "pkg:npm/%40emotion/serialize@1.3.3" }, "Version": "1.3.3", "Licenses": [ "MIT" ], "DependsOn": [ "@emotion/babel-plugin@11.13.5", "@emotion/css@11.13.5", "@emotion/react@11.14.0", "@emotion/styled@11.14.1", "@mui/styled-engine@7.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@emotion/sheet@1.4.0", "Name": "@emotion/sheet", "Identifier": { "PURL": "pkg:npm/%40emotion/sheet@1.4.0", "UID": "3eeaad1da82e9496", "BOMRef": "pkg:npm/%40emotion/sheet@1.4.0" }, "Version": "1.4.0", "Licenses": [ "MIT" ], "DependsOn": [ "@emotion/cache@11.14.0", "@emotion/css@11.13.5", "@mui/styled-engine@7.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@emotion/styled@11.14.1", "Name": "@emotion/styled", "Identifier": { "PURL": "pkg:npm/%40emotion/styled@11.14.1", "UID": "8cba092434f53fd1", "BOMRef": "pkg:npm/%40emotion/styled@11.14.1" }, "Version": "11.14.1", "Licenses": [ "MIT" ], "DependsOn": [ "@mui/material@5.17.1", "@mui/material@7.2.0", "@mui/styled-engine@5.16.14", "@mui/styled-engine@7.2.0", "@mui/system@5.17.1", "@mui/system@7.2.0", "@mui/x-data-grid@7.29.8", "@textea/json-viewer@2.17.2", "create-collection-form@0.0.0", "mui-chips-input@7.0.1", "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@emotion/unitless@0.10.0", "Name": "@emotion/unitless", "Identifier": { "PURL": "pkg:npm/%40emotion/unitless@0.10.0", "UID": "1dbef4efc0b35679", "BOMRef": "pkg:npm/%40emotion/unitless@0.10.0" }, "Version": "0.10.0", "Licenses": [ "MIT" ], "DependsOn": [ "@emotion/serialize@1.3.3" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@emotion/use-insertion-effect-with-fallbacks@1.2.0", "Name": "@emotion/use-insertion-effect-with-fallbacks", "Identifier": { "PURL": "pkg:npm/%40emotion/use-insertion-effect-with-fallbacks@1.2.0", "UID": "7aa67e74489a59c4", "BOMRef": "pkg:npm/%40emotion/use-insertion-effect-with-fallbacks@1.2.0" }, "Version": "1.2.0", "Licenses": [ "MIT" ], "DependsOn": [ "@emotion/react@11.14.0", "@emotion/styled@11.14.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@emotion/utils@1.4.2", "Name": "@emotion/utils", "Identifier": { "PURL": "pkg:npm/%40emotion/utils@1.4.2", "UID": "60a1416bfbbce492", "BOMRef": "pkg:npm/%40emotion/utils@1.4.2" }, "Version": "1.4.2", "Licenses": [ "MIT" ], "DependsOn": [ "@emotion/cache@11.14.0", "@emotion/css@11.13.5", "@emotion/react@11.14.0", "@emotion/serialize@1.3.3", "@emotion/styled@11.14.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@emotion/weak-memoize@0.4.0", "Name": "@emotion/weak-memoize", "Identifier": { "PURL": "pkg:npm/%40emotion/weak-memoize@0.4.0", "UID": "39a0e2d561686153", "BOMRef": "pkg:npm/%40emotion/weak-memoize@0.4.0" }, "Version": "0.4.0", "Licenses": [ "MIT" ], "DependsOn": [ "@emotion/cache@11.14.0", "@emotion/react@11.14.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@eslint-community/eslint-utils@4.7.0", "Name": "@eslint-community/eslint-utils", "Identifier": { "PURL": "pkg:npm/%40eslint-community/eslint-utils@4.7.0", "UID": "e9fb5fae5bdd2eb0", "BOMRef": "pkg:npm/%40eslint-community/eslint-utils@4.7.0" }, "Version": "4.7.0", "Licenses": [ "MIT" ], "DependsOn": [ "eslint@8.57.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@eslint-community/regexpp@4.12.1", "Name": "@eslint-community/regexpp", "Identifier": { "PURL": "pkg:npm/%40eslint-community/regexpp@4.12.1", "UID": "5fb7c14988113935", "BOMRef": "pkg:npm/%40eslint-community/regexpp@4.12.1" }, "Version": "4.12.1", "Licenses": [ "MIT" ], "DependsOn": [ "eslint@8.57.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@eslint/eslintrc@2.1.4", "Name": "@eslint/eslintrc", "Identifier": { "PURL": "pkg:npm/%40eslint/eslintrc@2.1.4", "UID": "86f06b7ea63ba1b2", "BOMRef": "pkg:npm/%40eslint/eslintrc@2.1.4" }, "Version": "2.1.4", "Licenses": [ "MIT" ], "DependsOn": [ "eslint@8.57.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@eslint/js@8.57.1", "Name": "@eslint/js", "Identifier": { "PURL": "pkg:npm/%40eslint/js@8.57.1", "UID": "543d3825ad3e7a97", "BOMRef": "pkg:npm/%40eslint/js@8.57.1" }, "Version": "8.57.1", "Licenses": [ "MIT" ], "DependsOn": [ "eslint@8.57.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@humanwhocodes/config-array@0.13.0", "Name": "@humanwhocodes/config-array", "Identifier": { "PURL": "pkg:npm/%40humanwhocodes/config-array@0.13.0", "UID": "3fe0419fb4e92c39", "BOMRef": "pkg:npm/%40humanwhocodes/config-array@0.13.0" }, "Version": "0.13.0", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "eslint@8.57.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@humanwhocodes/module-importer@1.0.1", "Name": "@humanwhocodes/module-importer", "Identifier": { "PURL": "pkg:npm/%40humanwhocodes/module-importer@1.0.1", "UID": "3b6039d0d6b70c27", "BOMRef": "pkg:npm/%40humanwhocodes/module-importer@1.0.1" }, "Version": "1.0.1", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "eslint@8.57.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@humanwhocodes/object-schema@2.0.3", "Name": "@humanwhocodes/object-schema", "Identifier": { "PURL": "pkg:npm/%40humanwhocodes/object-schema@2.0.3", "UID": "e136e4702a4e7e96", "BOMRef": "pkg:npm/%40humanwhocodes/object-schema@2.0.3" }, "Version": "2.0.3", "Licenses": [ "BSD-3-Clause" ], "DependsOn": [ "@humanwhocodes/config-array@0.13.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@isaacs/fs-minipass@4.0.1", "Name": "@isaacs/fs-minipass", "Identifier": { "PURL": "pkg:npm/%40isaacs/fs-minipass@4.0.1", "UID": "6945b9e16e96a729", "BOMRef": "pkg:npm/%40isaacs/fs-minipass@4.0.1" }, "Version": "4.0.1", "Licenses": [ "ISC" ], "DependsOn": [ "tar@7.4.3" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@jest/diff-sequences@30.0.1", "Name": "@jest/diff-sequences", "Identifier": { "PURL": "pkg:npm/%40jest/diff-sequences@30.0.1", "UID": "f1d179a79cb18b69", "BOMRef": "pkg:npm/%40jest/diff-sequences@30.0.1" }, "Version": "30.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "jest-diff@30.0.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@jest/expect-utils@30.0.4", "Name": "@jest/expect-utils", "Identifier": { "PURL": "pkg:npm/%40jest/expect-utils@30.0.4", "UID": "ae85466768de6051", "BOMRef": "pkg:npm/%40jest/expect-utils@30.0.4" }, "Version": "30.0.4", "Licenses": [ "MIT" ], "DependsOn": [ "expect@30.0.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@jest/get-type@30.0.1", "Name": "@jest/get-type", "Identifier": { "PURL": "pkg:npm/%40jest/get-type@30.0.1", "UID": "f69ea4e5d884efbc", "BOMRef": "pkg:npm/%40jest/get-type@30.0.1" }, "Version": "30.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "@jest/expect-utils@30.0.4", "expect@30.0.4", "jest-diff@30.0.4", "jest-matcher-utils@30.0.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@jest/pattern@30.0.1", "Name": "@jest/pattern", "Identifier": { "PURL": "pkg:npm/%40jest/pattern@30.0.1", "UID": "70f96a365d2f7135", "BOMRef": "pkg:npm/%40jest/pattern@30.0.1" }, "Version": "30.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "@jest/types@30.0.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@jest/schemas@30.0.1", "Name": "@jest/schemas", "Identifier": { "PURL": "pkg:npm/%40jest/schemas@30.0.1", "UID": "388bd413aa2a15bb", "BOMRef": "pkg:npm/%40jest/schemas@30.0.1" }, "Version": "30.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "pretty-format@30.0.2", "pretty-format@30.0.2", "pretty-format@30.0.2", "pretty-format@30.0.2", "@jest/types@30.0.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@jest/types@30.0.1", "Name": "@jest/types", "Identifier": { "PURL": "pkg:npm/%40jest/types@30.0.1", "UID": "1ffd2d1aaacdfc", "BOMRef": "pkg:npm/%40jest/types@30.0.1" }, "Version": "30.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "jest-message-util@30.0.2", "jest-mock@30.0.2", "jest-util@30.0.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@jridgewell/gen-mapping@0.3.12", "Name": "@jridgewell/gen-mapping", "Identifier": { "PURL": "pkg:npm/%40jridgewell/gen-mapping@0.3.12", "UID": "e1368451cbec754a", "BOMRef": "pkg:npm/%40jridgewell/gen-mapping@0.3.12" }, "Version": "0.3.12", "Licenses": [ "MIT" ], "DependsOn": [ "@ampproject/remapping@2.3.0", "@babel/generator@7.28.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@jridgewell/resolve-uri@3.1.2", "Name": "@jridgewell/resolve-uri", "Identifier": { "PURL": "pkg:npm/%40jridgewell/resolve-uri@3.1.2", "UID": "3362ea2f8db3731f", "BOMRef": "pkg:npm/%40jridgewell/resolve-uri@3.1.2" }, "Version": "3.1.2", "Licenses": [ "MIT" ], "DependsOn": [ "@jridgewell/trace-mapping@0.3.29" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@jridgewell/sourcemap-codec@1.5.4", "Name": "@jridgewell/sourcemap-codec", "Identifier": { "PURL": "pkg:npm/%40jridgewell/sourcemap-codec@1.5.4", "UID": "a18d1c7307a72a67", "BOMRef": "pkg:npm/%40jridgewell/sourcemap-codec@1.5.4" }, "Version": "1.5.4", "Licenses": [ "MIT" ], "DependsOn": [ "@jridgewell/gen-mapping@0.3.12", "@jridgewell/trace-mapping@0.3.29", "magic-string@0.30.17" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@jridgewell/trace-mapping@0.3.29", "Name": "@jridgewell/trace-mapping", "Identifier": { "PURL": "pkg:npm/%40jridgewell/trace-mapping@0.3.29", "UID": "90008a36953315a6", "BOMRef": "pkg:npm/%40jridgewell/trace-mapping@0.3.29" }, "Version": "0.3.29", "Licenses": [ "MIT" ], "DependsOn": [ "@ampproject/remapping@2.3.0", "@babel/generator@7.28.0", "@jridgewell/gen-mapping@0.3.12" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@kurkle/color@0.3.4", "Name": "@kurkle/color", "Identifier": { "PURL": "pkg:npm/%40kurkle/color@0.3.4", "UID": "13dc1fd0fcf3470", "BOMRef": "pkg:npm/%40kurkle/color@0.3.4" }, "Version": "0.3.4", "Licenses": [ "MIT" ], "DependsOn": [ "chart.js@4.5.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@mdx-js/mdx@2.3.0", "Name": "@mdx-js/mdx", "Identifier": { "PURL": "pkg:npm/%40mdx-js/mdx@2.3.0", "UID": "b9914d54d4db7ca", "BOMRef": "pkg:npm/%40mdx-js/mdx@2.3.0" }, "Version": "2.3.0", "Licenses": [ "MIT" ], "DependsOn": [ "@mdx-js/rollup@2.3.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@mdx-js/react@2.3.0", "Name": "@mdx-js/react", "Identifier": { "PURL": "pkg:npm/%40mdx-js/react@2.3.0", "UID": "4feee0cfdb9cebb0", "BOMRef": "pkg:npm/%40mdx-js/react@2.3.0" }, "Version": "2.3.0", "Licenses": [ "MIT" ], "DependsOn": [ "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@mdx-js/rollup@2.3.0", "Name": "@mdx-js/rollup", "Identifier": { "PURL": "pkg:npm/%40mdx-js/rollup@2.3.0", "UID": "4f47894d95b4ddeb", "BOMRef": "pkg:npm/%40mdx-js/rollup@2.3.0" }, "Version": "2.3.0", "Licenses": [ "MIT" ], "DependsOn": [ "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@monaco-editor/loader@1.5.0", "Name": "@monaco-editor/loader", "Identifier": { "PURL": "pkg:npm/%40monaco-editor/loader@1.5.0", "UID": "eb8e0fafd76411ac", "BOMRef": "pkg:npm/%40monaco-editor/loader@1.5.0" }, "Version": "1.5.0", "Licenses": [ "MIT" ], "DependsOn": [ "@monaco-editor/react@4.7.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@monaco-editor/react@4.7.0", "Name": "@monaco-editor/react", "Identifier": { "PURL": "pkg:npm/%40monaco-editor/react@4.7.0", "UID": "2a1c2775c5750d6a", "BOMRef": "pkg:npm/%40monaco-editor/react@4.7.0" }, "Version": "4.7.0", "Licenses": [ "MIT" ], "DependsOn": [ "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@mui/core-downloads-tracker@5.17.1", "Name": "@mui/core-downloads-tracker", "Identifier": { "PURL": "pkg:npm/%40mui/core-downloads-tracker@5.17.1", "UID": "cfe15bd0aaf3b31", "BOMRef": "pkg:npm/%40mui/core-downloads-tracker@5.17.1" }, "Version": "5.17.1", "Licenses": [ "MIT" ], "DependsOn": [ "@mui/material@5.17.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@mui/core-downloads-tracker@7.2.0", "Name": "@mui/core-downloads-tracker", "Identifier": { "PURL": "pkg:npm/%40mui/core-downloads-tracker@7.2.0", "UID": "41818a668da0d85c", "BOMRef": "pkg:npm/%40mui/core-downloads-tracker@7.2.0" }, "Version": "7.2.0", "Licenses": [ "MIT" ], "DependsOn": [ "@mui/material@7.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@mui/icons-material@7.2.0", "Name": "@mui/icons-material", "Identifier": { "PURL": "pkg:npm/%40mui/icons-material@7.2.0", "UID": "af8654a7fab2e840", "BOMRef": "pkg:npm/%40mui/icons-material@7.2.0" }, "Version": "7.2.0", "Licenses": [ "MIT" ], "DependsOn": [ "create-collection-form@0.0.0", "mui-chips-input@7.0.1", "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@mui/material@5.17.1", "Name": "@mui/material", "Identifier": { "PURL": "pkg:npm/%40mui/material@5.17.1", "UID": "bbe8c2cd0df331d1", "BOMRef": "pkg:npm/%40mui/material@5.17.1" }, "Version": "5.17.1", "Licenses": [ "MIT" ], "DependsOn": [ "@textea/json-viewer@2.17.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@mui/material@7.2.0", "Name": "@mui/material", "Identifier": { "PURL": "pkg:npm/%40mui/material@7.2.0", "UID": "35fcf372e73ec065", "BOMRef": "pkg:npm/%40mui/material@7.2.0" }, "Version": "7.2.0", "Licenses": [ "MIT" ], "DependsOn": [ "@mui/icons-material@7.2.0", "@mui/x-data-grid@7.29.8", "create-collection-form@0.0.0", "mui-chips-input@7.0.1", "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@mui/private-theming@5.17.1", "Name": "@mui/private-theming", "Identifier": { "PURL": "pkg:npm/%40mui/private-theming@5.17.1", "UID": "e820531d345af9b9", "BOMRef": "pkg:npm/%40mui/private-theming@5.17.1" }, "Version": "5.17.1", "Licenses": [ "MIT" ], "DependsOn": [ "@mui/system@5.17.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@mui/private-theming@7.2.0", "Name": "@mui/private-theming", "Identifier": { "PURL": "pkg:npm/%40mui/private-theming@7.2.0", "UID": "4210c3bc258bc01c", "BOMRef": "pkg:npm/%40mui/private-theming@7.2.0" }, "Version": "7.2.0", "Licenses": [ "MIT" ], "DependsOn": [ "@mui/system@7.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@mui/styled-engine@5.16.14", "Name": "@mui/styled-engine", "Identifier": { "PURL": "pkg:npm/%40mui/styled-engine@5.16.14", "UID": "328d9c9e02174ed5", "BOMRef": "pkg:npm/%40mui/styled-engine@5.16.14" }, "Version": "5.16.14", "Licenses": [ "MIT" ], "DependsOn": [ "@mui/system@5.17.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@mui/styled-engine@7.2.0", "Name": "@mui/styled-engine", "Identifier": { "PURL": "pkg:npm/%40mui/styled-engine@7.2.0", "UID": "47a8ccc049e3580f", "BOMRef": "pkg:npm/%40mui/styled-engine@7.2.0" }, "Version": "7.2.0", "Licenses": [ "MIT" ], "DependsOn": [ "@mui/system@7.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@mui/system@5.17.1", "Name": "@mui/system", "Identifier": { "PURL": "pkg:npm/%40mui/system@5.17.1", "UID": "d4b36a8404f45e13", "BOMRef": "pkg:npm/%40mui/system@5.17.1" }, "Version": "5.17.1", "Licenses": [ "MIT" ], "DependsOn": [ "@mui/material@5.17.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@mui/system@7.2.0", "Name": "@mui/system", "Identifier": { "PURL": "pkg:npm/%40mui/system@7.2.0", "UID": "c1f7b455d7232d6c", "BOMRef": "pkg:npm/%40mui/system@7.2.0" }, "Version": "7.2.0", "Licenses": [ "MIT" ], "DependsOn": [ "@mui/material@7.2.0", "@mui/x-data-grid@7.29.8" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@mui/types@7.2.24", "Name": "@mui/types", "Identifier": { "PURL": "pkg:npm/%40mui/types@7.2.24", "UID": "4dce38f4279f5d6f", "BOMRef": "pkg:npm/%40mui/types@7.2.24" }, "Version": "7.2.24", "Licenses": [ "MIT" ], "DependsOn": [ "@mui/material@5.17.1", "@mui/system@5.17.1", "@mui/utils@5.17.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@mui/types@7.4.4", "Name": "@mui/types", "Identifier": { "PURL": "pkg:npm/%40mui/types@7.4.4", "UID": "9a676f1c89a4b041", "BOMRef": "pkg:npm/%40mui/types@7.4.4" }, "Version": "7.4.4", "Licenses": [ "MIT" ], "DependsOn": [ "@mui/material@7.2.0", "@mui/system@7.2.0", "@mui/utils@7.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@mui/utils@5.17.1", "Name": "@mui/utils", "Identifier": { "PURL": "pkg:npm/%40mui/utils@5.17.1", "UID": "83a5f57c1fe4a381", "BOMRef": "pkg:npm/%40mui/utils@5.17.1" }, "Version": "5.17.1", "Licenses": [ "MIT" ], "DependsOn": [ "@mui/material@5.17.1", "@mui/private-theming@5.17.1", "@mui/system@5.17.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@mui/utils@7.2.0", "Name": "@mui/utils", "Identifier": { "PURL": "pkg:npm/%40mui/utils@7.2.0", "UID": "da53b0d2a6bfd53e", "BOMRef": "pkg:npm/%40mui/utils@7.2.0" }, "Version": "7.2.0", "Licenses": [ "MIT" ], "DependsOn": [ "@mui/material@7.2.0", "@mui/private-theming@7.2.0", "@mui/system@7.2.0", "@mui/x-data-grid@7.29.8", "@mui/x-internals@7.29.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@mui/x-data-grid@7.29.8", "Name": "@mui/x-data-grid", "Identifier": { "PURL": "pkg:npm/%40mui/x-data-grid@7.29.8", "UID": "10daecb82ca99525", "BOMRef": "pkg:npm/%40mui/x-data-grid@7.29.8" }, "Version": "7.29.8", "Licenses": [ "MIT" ], "DependsOn": [ "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@mui/x-internals@7.29.0", "Name": "@mui/x-internals", "Identifier": { "PURL": "pkg:npm/%40mui/x-internals@7.29.0", "UID": "c19a49d0399c63ed", "BOMRef": "pkg:npm/%40mui/x-internals@7.29.0" }, "Version": "7.29.0", "Licenses": [ "MIT" ], "DependsOn": [ "@mui/x-data-grid@7.29.8" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@nodelib/fs.scandir@2.1.5", "Name": "@nodelib/fs.scandir", "Identifier": { "PURL": "pkg:npm/%40nodelib/fs.scandir@2.1.5", "UID": "51f0aefa9889273e", "BOMRef": "pkg:npm/%40nodelib/fs.scandir@2.1.5" }, "Version": "2.1.5", "Licenses": [ "MIT" ], "DependsOn": [ "@nodelib/fs.walk@1.2.8" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@nodelib/fs.stat@2.0.5", "Name": "@nodelib/fs.stat", "Identifier": { "PURL": "pkg:npm/%40nodelib/fs.stat@2.0.5", "UID": "7f5ccbd61fb20148", "BOMRef": "pkg:npm/%40nodelib/fs.stat@2.0.5" }, "Version": "2.0.5", "Licenses": [ "MIT" ], "DependsOn": [ "@nodelib/fs.scandir@2.1.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@nodelib/fs.walk@1.2.8", "Name": "@nodelib/fs.walk", "Identifier": { "PURL": "pkg:npm/%40nodelib/fs.walk@1.2.8", "UID": "92b8462fec077662", "BOMRef": "pkg:npm/%40nodelib/fs.walk@1.2.8" }, "Version": "1.2.8", "Licenses": [ "MIT" ], "DependsOn": [ "eslint@8.57.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@parcel/watcher@2.5.1", "Name": "@parcel/watcher", "Identifier": { "PURL": "pkg:npm/%40parcel/watcher@2.5.1", "UID": "e88b5508a8f726b6", "BOMRef": "pkg:npm/%40parcel/watcher@2.5.1" }, "Version": "2.5.1", "Licenses": [ "MIT" ], "DependsOn": [ "@tailwindcss/cli@4.1.11" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@popperjs/core@2.11.8", "Name": "@popperjs/core", "Identifier": { "PURL": "pkg:npm/%40popperjs/core@2.11.8", "UID": "db499fe2d1935762", "BOMRef": "pkg:npm/%40popperjs/core@2.11.8" }, "Version": "2.11.8", "Licenses": [ "MIT" ], "DependsOn": [ "@mui/material@5.17.1", "@mui/material@7.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@qdrant/js-client-rest@1.15.1", "Name": "@qdrant/js-client-rest", "Identifier": { "PURL": "pkg:npm/%40qdrant/js-client-rest@1.15.1", "UID": "2b8cf489861780ed", "BOMRef": "pkg:npm/%40qdrant/js-client-rest@1.15.1" }, "Version": "1.15.1", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@qdrant/openapi-typescript-fetch@1.2.6", "Name": "@qdrant/openapi-typescript-fetch", "Identifier": { "PURL": "pkg:npm/%40qdrant/openapi-typescript-fetch@1.2.6", "UID": "49c39b1b9d22006c", "BOMRef": "pkg:npm/%40qdrant/openapi-typescript-fetch@1.2.6" }, "Version": "1.2.6", "Licenses": [ "MIT" ], "DependsOn": [ "@qdrant/js-client-rest@1.15.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@remix-run/router@1.23.0", "Name": "@remix-run/router", "Identifier": { "PURL": "pkg:npm/%40remix-run/router@1.23.0", "UID": "3e1ca131c0d76fe6", "BOMRef": "pkg:npm/%40remix-run/router@1.23.0" }, "Version": "1.23.0", "Licenses": [ "MIT" ], "DependsOn": [ "react-router-dom@6.30.1", "react-router@6.30.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@rolldown/pluginutils@1.0.0-beta.19", "Name": "@rolldown/pluginutils", "Identifier": { "PURL": "pkg:npm/%40rolldown/pluginutils@1.0.0-beta.19", "UID": "38d5eab2af901ea0", "BOMRef": "pkg:npm/%40rolldown/pluginutils@1.0.0-beta.19" }, "Version": "1.0.0-beta.19", "Licenses": [ "MIT" ], "DependsOn": [ "@vitejs/plugin-react@4.6.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@rollup/pluginutils@4.2.1", "Name": "@rollup/pluginutils", "Identifier": { "PURL": "pkg:npm/%40rollup/pluginutils@4.2.1", "UID": "962e79a1501320b9", "BOMRef": "pkg:npm/%40rollup/pluginutils@4.2.1" }, "Version": "4.2.1", "Licenses": [ "MIT" ], "DependsOn": [ "vite-plugin-eslint@1.8.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@rollup/pluginutils@5.2.0", "Name": "@rollup/pluginutils", "Identifier": { "PURL": "pkg:npm/%40rollup/pluginutils@5.2.0", "UID": "144a809925d269bc", "BOMRef": "pkg:npm/%40rollup/pluginutils@5.2.0" }, "Version": "5.2.0", "Licenses": [ "MIT" ], "DependsOn": [ "@mdx-js/rollup@2.3.0", "vite-plugin-svgr@4.3.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@rollup/rollup-linux-x64-gnu@4.44.2", "Name": "@rollup/rollup-linux-x64-gnu", "Identifier": { "PURL": "pkg:npm/%40rollup/rollup-linux-x64-gnu@4.44.2", "UID": "a94e5879f404da2a", "BOMRef": "pkg:npm/%40rollup/rollup-linux-x64-gnu@4.44.2" }, "Version": "4.44.2", "Licenses": [ "MIT" ], "DependsOn": [ "rollup@4.44.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@rollup/rollup-linux-x64-gnu@4.52.4", "Name": "@rollup/rollup-linux-x64-gnu", "Identifier": { "PURL": "pkg:npm/%40rollup/rollup-linux-x64-gnu@4.52.4", "UID": "e7068879af6df3f7", "BOMRef": "pkg:npm/%40rollup/rollup-linux-x64-gnu@4.52.4" }, "Version": "4.52.4", "Licenses": [ "MIT" ], "DependsOn": [ "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@rollup/rollup-linux-x64-musl@4.44.2", "Name": "@rollup/rollup-linux-x64-musl", "Identifier": { "PURL": "pkg:npm/%40rollup/rollup-linux-x64-musl@4.44.2", "UID": "29ff9a3efa78b5af", "BOMRef": "pkg:npm/%40rollup/rollup-linux-x64-musl@4.44.2" }, "Version": "4.44.2", "Licenses": [ "MIT" ], "DependsOn": [ "rollup@4.44.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@saehrimnir/druidjs@0.6.3", "Name": "@saehrimnir/druidjs", "Identifier": { "PURL": "pkg:npm/%40saehrimnir/druidjs@0.6.3", "UID": "1c67882bdee534a7", "BOMRef": "pkg:npm/%40saehrimnir/druidjs@0.6.3" }, "Version": "0.6.3", "Licenses": [ "BSD-3-Clause" ], "DependsOn": [ "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@sevinf/maybe@0.5.0", "Name": "@sevinf/maybe", "Identifier": { "PURL": "pkg:npm/%40sevinf/maybe@0.5.0", "UID": "fab614f48cb076d1", "BOMRef": "pkg:npm/%40sevinf/maybe@0.5.0" }, "Version": "0.5.0", "Licenses": [ "MIT" ], "DependsOn": [ "@qdrant/js-client-rest@1.15.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@sinclair/typebox@0.34.37", "Name": "@sinclair/typebox", "Identifier": { "PURL": "pkg:npm/%40sinclair/typebox@0.34.37", "UID": "d6ac7f3fd6926eb7", "BOMRef": "pkg:npm/%40sinclair/typebox@0.34.37" }, "Version": "0.34.37", "Licenses": [ "MIT" ], "DependsOn": [ "@jest/schemas@30.0.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@svgr/babel-plugin-add-jsx-attribute@8.0.0", "Name": "@svgr/babel-plugin-add-jsx-attribute", "Identifier": { "PURL": "pkg:npm/%40svgr/babel-plugin-add-jsx-attribute@8.0.0", "UID": "ae03beb9b72ecf96", "BOMRef": "pkg:npm/%40svgr/babel-plugin-add-jsx-attribute@8.0.0" }, "Version": "8.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "@svgr/babel-preset@8.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@svgr/babel-plugin-remove-jsx-attribute@8.0.0", "Name": "@svgr/babel-plugin-remove-jsx-attribute", "Identifier": { "PURL": "pkg:npm/%40svgr/babel-plugin-remove-jsx-attribute@8.0.0", "UID": "aff8d77bab6b4a94", "BOMRef": "pkg:npm/%40svgr/babel-plugin-remove-jsx-attribute@8.0.0" }, "Version": "8.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "@svgr/babel-preset@8.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@svgr/babel-plugin-remove-jsx-empty-expression@8.0.0", "Name": "@svgr/babel-plugin-remove-jsx-empty-expression", "Identifier": { "PURL": "pkg:npm/%40svgr/babel-plugin-remove-jsx-empty-expression@8.0.0", "UID": "3e62cd2279925435", "BOMRef": "pkg:npm/%40svgr/babel-plugin-remove-jsx-empty-expression@8.0.0" }, "Version": "8.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "@svgr/babel-preset@8.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@svgr/babel-plugin-replace-jsx-attribute-value@8.0.0", "Name": "@svgr/babel-plugin-replace-jsx-attribute-value", "Identifier": { "PURL": "pkg:npm/%40svgr/babel-plugin-replace-jsx-attribute-value@8.0.0", "UID": "8974a299637ed7d7", "BOMRef": "pkg:npm/%40svgr/babel-plugin-replace-jsx-attribute-value@8.0.0" }, "Version": "8.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "@svgr/babel-preset@8.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@svgr/babel-plugin-svg-dynamic-title@8.0.0", "Name": "@svgr/babel-plugin-svg-dynamic-title", "Identifier": { "PURL": "pkg:npm/%40svgr/babel-plugin-svg-dynamic-title@8.0.0", "UID": "5e129cab156e23b1", "BOMRef": "pkg:npm/%40svgr/babel-plugin-svg-dynamic-title@8.0.0" }, "Version": "8.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "@svgr/babel-preset@8.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@svgr/babel-plugin-svg-em-dimensions@8.0.0", "Name": "@svgr/babel-plugin-svg-em-dimensions", "Identifier": { "PURL": "pkg:npm/%40svgr/babel-plugin-svg-em-dimensions@8.0.0", "UID": "f405eead784bb04b", "BOMRef": "pkg:npm/%40svgr/babel-plugin-svg-em-dimensions@8.0.0" }, "Version": "8.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "@svgr/babel-preset@8.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@svgr/babel-plugin-transform-react-native-svg@8.1.0", "Name": "@svgr/babel-plugin-transform-react-native-svg", "Identifier": { "PURL": "pkg:npm/%40svgr/babel-plugin-transform-react-native-svg@8.1.0", "UID": "de014126e75a6546", "BOMRef": "pkg:npm/%40svgr/babel-plugin-transform-react-native-svg@8.1.0" }, "Version": "8.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "@svgr/babel-preset@8.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@svgr/babel-plugin-transform-svg-component@8.0.0", "Name": "@svgr/babel-plugin-transform-svg-component", "Identifier": { "PURL": "pkg:npm/%40svgr/babel-plugin-transform-svg-component@8.0.0", "UID": "fc7e3cc5a34bc75d", "BOMRef": "pkg:npm/%40svgr/babel-plugin-transform-svg-component@8.0.0" }, "Version": "8.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "@svgr/babel-preset@8.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@svgr/babel-preset@8.1.0", "Name": "@svgr/babel-preset", "Identifier": { "PURL": "pkg:npm/%40svgr/babel-preset@8.1.0", "UID": "8fd108f141f515f0", "BOMRef": "pkg:npm/%40svgr/babel-preset@8.1.0" }, "Version": "8.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "@svgr/core@8.1.0", "@svgr/plugin-jsx@8.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@svgr/core@8.1.0", "Name": "@svgr/core", "Identifier": { "PURL": "pkg:npm/%40svgr/core@8.1.0", "UID": "1b58aac7a88ef1b7", "BOMRef": "pkg:npm/%40svgr/core@8.1.0" }, "Version": "8.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "@svgr/plugin-jsx@8.1.0", "vite-plugin-svgr@4.3.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@svgr/hast-util-to-babel-ast@8.0.0", "Name": "@svgr/hast-util-to-babel-ast", "Identifier": { "PURL": "pkg:npm/%40svgr/hast-util-to-babel-ast@8.0.0", "UID": "2cbc2e00297bee2b", "BOMRef": "pkg:npm/%40svgr/hast-util-to-babel-ast@8.0.0" }, "Version": "8.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "@svgr/plugin-jsx@8.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@svgr/plugin-jsx@8.1.0", "Name": "@svgr/plugin-jsx", "Identifier": { "PURL": "pkg:npm/%40svgr/plugin-jsx@8.1.0", "UID": "e560de0a3ddb4316", "BOMRef": "pkg:npm/%40svgr/plugin-jsx@8.1.0" }, "Version": "8.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "vite-plugin-svgr@4.3.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@tailwindcss/cli@4.1.11", "Name": "@tailwindcss/cli", "Identifier": { "PURL": "pkg:npm/%40tailwindcss/cli@4.1.11", "UID": "f2c8dace5758eb1c", "BOMRef": "pkg:npm/%40tailwindcss/cli@4.1.11" }, "Version": "4.1.11", "Licenses": [ "MIT" ], "DependsOn": [ "@uppy/components@0.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@tailwindcss/node@4.1.11", "Name": "@tailwindcss/node", "Identifier": { "PURL": "pkg:npm/%40tailwindcss/node@4.1.11", "UID": "8bae5eb58c75897a", "BOMRef": "pkg:npm/%40tailwindcss/node@4.1.11" }, "Version": "4.1.11", "Licenses": [ "MIT" ], "DependsOn": [ "@tailwindcss/cli@4.1.11" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@tailwindcss/oxide@4.1.11", "Name": "@tailwindcss/oxide", "Identifier": { "PURL": "pkg:npm/%40tailwindcss/oxide@4.1.11", "UID": "ca1c920c991bfe15", "BOMRef": "pkg:npm/%40tailwindcss/oxide@4.1.11" }, "Version": "4.1.11", "Licenses": [ "MIT" ], "DependsOn": [ "@tailwindcss/cli@4.1.11" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@tailwindcss/oxide-linux-x64-gnu@4.1.11", "Name": "@tailwindcss/oxide-linux-x64-gnu", "Identifier": { "PURL": "pkg:npm/%40tailwindcss/oxide-linux-x64-gnu@4.1.11", "UID": "9926a3a5365b1d34", "BOMRef": "pkg:npm/%40tailwindcss/oxide-linux-x64-gnu@4.1.11" }, "Version": "4.1.11", "Licenses": [ "MIT" ], "DependsOn": [ "@tailwindcss/oxide@4.1.11" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@testing-library/dom@10.4.0", "Name": "@testing-library/dom", "Identifier": { "PURL": "pkg:npm/%40testing-library/dom@10.4.0", "UID": "2e1c2b9689d65f63", "BOMRef": "pkg:npm/%40testing-library/dom@10.4.0" }, "Version": "10.4.0", "Licenses": [ "MIT" ], "DependsOn": [ "@testing-library/user-event@13.5.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@testing-library/dom@8.20.1", "Name": "@testing-library/dom", "Identifier": { "PURL": "pkg:npm/%40testing-library/dom@8.20.1", "UID": "7df7cffa8f36b60b", "BOMRef": "pkg:npm/%40testing-library/dom@8.20.1" }, "Version": "8.20.1", "Licenses": [ "MIT" ], "DependsOn": [ "@testing-library/react@13.4.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@testing-library/jest-dom@5.17.0", "Name": "@testing-library/jest-dom", "Identifier": { "PURL": "pkg:npm/%40testing-library/jest-dom@5.17.0", "UID": "9edf4c02e8707964", "BOMRef": "pkg:npm/%40testing-library/jest-dom@5.17.0" }, "Version": "5.17.0", "Licenses": [ "MIT" ], "DependsOn": [ "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@testing-library/react@13.4.0", "Name": "@testing-library/react", "Identifier": { "PURL": "pkg:npm/%40testing-library/react@13.4.0", "UID": "4c514e13e83e34ee", "BOMRef": "pkg:npm/%40testing-library/react@13.4.0" }, "Version": "13.4.0", "Licenses": [ "MIT" ], "DependsOn": [ "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@testing-library/user-event@13.5.0", "Name": "@testing-library/user-event", "Identifier": { "PURL": "pkg:npm/%40testing-library/user-event@13.5.0", "UID": "f3a6b8194a5215e1", "BOMRef": "pkg:npm/%40testing-library/user-event@13.5.0" }, "Version": "13.5.0", "Licenses": [ "MIT" ], "DependsOn": [ "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@textea/json-viewer@2.17.2", "Name": "@textea/json-viewer", "Identifier": { "PURL": "pkg:npm/%40textea/json-viewer@2.17.2", "UID": "cbdf0a0294024665", "BOMRef": "pkg:npm/%40textea/json-viewer@2.17.2" }, "Version": "2.17.2", "Licenses": [ "MIT" ], "DependsOn": [ "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@tootallnate/once@2.0.0", "Name": "@tootallnate/once", "Identifier": { "PURL": "pkg:npm/%40tootallnate/once@2.0.0", "UID": "7915f0892cb87e97", "BOMRef": "pkg:npm/%40tootallnate/once@2.0.0" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "http-proxy-agent@5.0.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@transloadit/prettier-bytes@0.3.5", "Name": "@transloadit/prettier-bytes", "Identifier": { "PURL": "pkg:npm/%40transloadit/prettier-bytes@0.3.5", "UID": "6fa1ed6b702f72be", "BOMRef": "pkg:npm/%40transloadit/prettier-bytes@0.3.5" }, "Version": "0.3.5", "Licenses": [ "MIT" ], "DependsOn": [ "@uppy/core@4.4.7", "@uppy/dashboard@4.3.4", "@uppy/status-bar@4.1.3" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@tweenjs/tween.js@25.0.0", "Name": "@tweenjs/tween.js", "Identifier": { "PURL": "pkg:npm/%40tweenjs/tween.js@25.0.0", "UID": "c12fa02a2b837ef2", "BOMRef": "pkg:npm/%40tweenjs/tween.js@25.0.0" }, "Version": "25.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "force-graph@1.50.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@types/acorn@4.0.6", "Name": "@types/acorn", "Identifier": { "PURL": "pkg:npm/%40types/acorn@4.0.6", "UID": "7feaa3a8ac428e18", "BOMRef": "pkg:npm/%40types/acorn@4.0.6" }, "Version": "4.0.6", "Licenses": [ "MIT" ], "DependsOn": [ "micromark-extension-mdx-jsx@1.0.5", "micromark-util-events-to-acorn@1.2.3" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@types/aria-query@5.0.4", "Name": "@types/aria-query", "Identifier": { "PURL": "pkg:npm/%40types/aria-query@5.0.4", "UID": "a317905fd2d032ac", "BOMRef": "pkg:npm/%40types/aria-query@5.0.4" }, "Version": "5.0.4", "Licenses": [ "MIT" ], "DependsOn": [ "@testing-library/dom@10.4.0", "@testing-library/dom@8.20.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@types/babel__core@7.20.5", "Name": "@types/babel__core", "Identifier": { "PURL": "pkg:npm/%40types/babel__core@7.20.5", "UID": "2d2d44fe810acf85", "BOMRef": "pkg:npm/%40types/babel__core@7.20.5" }, "Version": "7.20.5", "Licenses": [ "MIT" ], "DependsOn": [ "@vitejs/plugin-react@4.6.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@types/babel__generator@7.27.0", "Name": "@types/babel__generator", "Identifier": { "PURL": "pkg:npm/%40types/babel__generator@7.27.0", "UID": "3be150daa7317925", "BOMRef": "pkg:npm/%40types/babel__generator@7.27.0" }, "Version": "7.27.0", "Licenses": [ "MIT" ], "DependsOn": [ "@types/babel__core@7.20.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@types/babel__template@7.4.4", "Name": "@types/babel__template", "Identifier": { "PURL": "pkg:npm/%40types/babel__template@7.4.4", "UID": "46f888e59ad853bd", "BOMRef": "pkg:npm/%40types/babel__template@7.4.4" }, "Version": "7.4.4", "Licenses": [ "MIT" ], "DependsOn": [ "@types/babel__core@7.20.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@types/babel__traverse@7.20.7", "Name": "@types/babel__traverse", "Identifier": { "PURL": "pkg:npm/%40types/babel__traverse@7.20.7", "UID": "7d4f8277a1ca57d3", "BOMRef": "pkg:npm/%40types/babel__traverse@7.20.7" }, "Version": "7.20.7", "Licenses": [ "MIT" ], "DependsOn": [ "@types/babel__core@7.20.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@types/chai@5.2.2", "Name": "@types/chai", "Identifier": { "PURL": "pkg:npm/%40types/chai@5.2.2", "UID": "4a6fd86674e46d4c", "BOMRef": "pkg:npm/%40types/chai@5.2.2" }, "Version": "5.2.2", "Licenses": [ "MIT" ], "DependsOn": [ "@vitest/expect@3.2.4", "vitest@3.2.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@types/debug@4.1.12", "Name": "@types/debug", "Identifier": { "PURL": "pkg:npm/%40types/debug@4.1.12", "UID": "be90161f09fd58b", "BOMRef": "pkg:npm/%40types/debug@4.1.12" }, "Version": "4.1.12", "Licenses": [ "MIT" ], "DependsOn": [ "micromark@3.2.0", "vitest@3.2.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@types/deep-eql@4.0.2", "Name": "@types/deep-eql", "Identifier": { "PURL": "pkg:npm/%40types/deep-eql@4.0.2", "UID": "5b890bd8ee6ed05b", "BOMRef": "pkg:npm/%40types/deep-eql@4.0.2" }, "Version": "4.0.2", "Licenses": [ "MIT" ], "DependsOn": [ "@types/chai@5.2.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@types/eslint@8.56.12", "Name": "@types/eslint", "Identifier": { "PURL": "pkg:npm/%40types/eslint@8.56.12", "UID": "9d5c4085ea1c3192", "BOMRef": "pkg:npm/%40types/eslint@8.56.12" }, "Version": "8.56.12", "Licenses": [ "MIT" ], "DependsOn": [ "vite-plugin-eslint@1.8.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@types/estree@1.0.8", "Name": "@types/estree", "Identifier": { "PURL": "pkg:npm/%40types/estree@1.0.8", "UID": "6e7232fe9ae1096b", "BOMRef": "pkg:npm/%40types/estree@1.0.8" }, "Version": "1.0.8", "Licenses": [ "MIT" ], "DependsOn": [ "@rollup/pluginutils@5.2.0", "@types/acorn@4.0.6", "@types/eslint@8.56.12", "@types/estree-jsx@1.0.5", "estree-util-attach-comments@2.1.1", "estree-walker@3.0.3", "hast-util-to-estree@2.3.3", "is-reference@3.0.3", "micromark-extension-mdx-expression@1.0.8", "micromark-extension-mdx-jsx@1.0.5", "micromark-extension-mdxjs-esm@1.0.5", "micromark-factory-mdx-expression@1.0.9", "micromark-util-events-to-acorn@1.2.3", "periscopic@3.1.0", "rollup@4.44.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@types/estree-jsx@1.0.5", "Name": "@types/estree-jsx", "Identifier": { "PURL": "pkg:npm/%40types/estree-jsx@1.0.5", "UID": "bb16cffee6adcc20", "BOMRef": "pkg:npm/%40types/estree-jsx@1.0.5" }, "Version": "1.0.5", "Licenses": [ "MIT" ], "DependsOn": [ "@mdx-js/mdx@2.3.0", "estree-util-build-jsx@2.2.2", "estree-util-to-js@1.2.0", "estree-util-visit@1.2.1", "hast-util-to-estree@2.3.3", "mdast-util-mdx-expression@1.3.2", "mdast-util-mdx-jsx@2.1.4", "mdast-util-mdxjs-esm@1.3.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@types/hast@2.3.10", "Name": "@types/hast", "Identifier": { "PURL": "pkg:npm/%40types/hast@2.3.10", "UID": "d324cf50b3a4834", "BOMRef": "pkg:npm/%40types/hast@2.3.10" }, "Version": "2.3.10", "Licenses": [ "MIT" ], "DependsOn": [ "hast-util-to-estree@2.3.3", "mdast-util-mdx-expression@1.3.2", "mdast-util-mdx-jsx@2.1.4", "mdast-util-mdxjs-esm@1.3.1", "mdast-util-to-hast@12.3.0", "remark-rehype@10.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@types/istanbul-lib-coverage@2.0.6", "Name": "@types/istanbul-lib-coverage", "Identifier": { "PURL": "pkg:npm/%40types/istanbul-lib-coverage@2.0.6", "UID": "f069f722a5cce67d", "BOMRef": "pkg:npm/%40types/istanbul-lib-coverage@2.0.6" }, "Version": "2.0.6", "Licenses": [ "MIT" ], "DependsOn": [ "@jest/types@30.0.1", "@types/istanbul-lib-report@3.0.3" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@types/istanbul-lib-report@3.0.3", "Name": "@types/istanbul-lib-report", "Identifier": { "PURL": "pkg:npm/%40types/istanbul-lib-report@3.0.3", "UID": "9fa7df152303bb6", "BOMRef": "pkg:npm/%40types/istanbul-lib-report@3.0.3" }, "Version": "3.0.3", "Licenses": [ "MIT" ], "DependsOn": [ "@types/istanbul-reports@3.0.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@types/istanbul-reports@3.0.4", "Name": "@types/istanbul-reports", "Identifier": { "PURL": "pkg:npm/%40types/istanbul-reports@3.0.4", "UID": "ed0f82f9451387d9", "BOMRef": "pkg:npm/%40types/istanbul-reports@3.0.4" }, "Version": "3.0.4", "Licenses": [ "MIT" ], "DependsOn": [ "@jest/types@30.0.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@types/jest@30.0.0", "Name": "@types/jest", "Identifier": { "PURL": "pkg:npm/%40types/jest@30.0.0", "UID": "65274e89035c358a", "BOMRef": "pkg:npm/%40types/jest@30.0.0" }, "Version": "30.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "@types/testing-library__jest-dom@5.14.9" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@types/json-schema@7.0.15", "Name": "@types/json-schema", "Identifier": { "PURL": "pkg:npm/%40types/json-schema@7.0.15", "UID": "12b1ef050427b05f", "BOMRef": "pkg:npm/%40types/json-schema@7.0.15" }, "Version": "7.0.15", "Licenses": [ "MIT" ], "DependsOn": [ "@types/eslint@8.56.12" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@types/mdast@3.0.15", "Name": "@types/mdast", "Identifier": { "PURL": "pkg:npm/%40types/mdast@3.0.15", "UID": "873969f202950c14", "BOMRef": "pkg:npm/%40types/mdast@3.0.15" }, "Version": "3.0.15", "Licenses": [ "MIT" ], "DependsOn": [ "mdast-util-definitions@5.1.2", "mdast-util-from-markdown@1.3.1", "mdast-util-mdx-expression@1.3.2", "mdast-util-mdx-jsx@2.1.4", "mdast-util-mdxjs-esm@1.3.1", "mdast-util-phrasing@3.0.1", "mdast-util-to-hast@12.3.0", "mdast-util-to-markdown@1.5.0", "mdast-util-to-string@3.2.0", "remark-parse@10.0.2", "remark-rehype@10.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@types/mdx@2.0.13", "Name": "@types/mdx", "Identifier": { "PURL": "pkg:npm/%40types/mdx@2.0.13", "UID": "57598f55b26eb271", "BOMRef": "pkg:npm/%40types/mdx@2.0.13" }, "Version": "2.0.13", "Licenses": [ "MIT" ], "DependsOn": [ "@mdx-js/mdx@2.3.0", "@mdx-js/react@2.3.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@types/ms@2.1.0", "Name": "@types/ms", "Identifier": { "PURL": "pkg:npm/%40types/ms@2.1.0", "UID": "3d52cac4130b20a5", "BOMRef": "pkg:npm/%40types/ms@2.1.0" }, "Version": "2.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "@types/debug@4.1.12" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@types/node@24.0.10", "Name": "@types/node", "Identifier": { "PURL": "pkg:npm/%40types/node@24.0.10", "UID": "f400c1e60b0b8e78", "BOMRef": "pkg:npm/%40types/node@24.0.10" }, "Version": "24.0.10", "Licenses": [ "MIT" ], "DependsOn": [ "@jest/pattern@30.0.1", "@jest/types@30.0.1", "jest-mock@30.0.2", "jest-util@30.0.2", "vite@6.4.1", "vitest@3.2.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@types/parse-json@4.0.2", "Name": "@types/parse-json", "Identifier": { "PURL": "pkg:npm/%40types/parse-json@4.0.2", "UID": "6fec030e44165e4f", "BOMRef": "pkg:npm/%40types/parse-json@4.0.2" }, "Version": "4.0.2", "Licenses": [ "MIT" ], "DependsOn": [ "cosmiconfig@7.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@types/prismjs@1.26.5", "Name": "@types/prismjs", "Identifier": { "PURL": "pkg:npm/%40types/prismjs@1.26.5", "UID": "45bc469b10a48426", "BOMRef": "pkg:npm/%40types/prismjs@1.26.5" }, "Version": "1.26.5", "Licenses": [ "MIT" ], "DependsOn": [ "prism-react-renderer@2.4.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@types/prop-types@15.7.15", "Name": "@types/prop-types", "Identifier": { "PURL": "pkg:npm/%40types/prop-types@15.7.15", "UID": "53f7dca418ea36c3", "BOMRef": "pkg:npm/%40types/prop-types@15.7.15" }, "Version": "15.7.15", "Licenses": [ "MIT" ], "DependsOn": [ "@mui/utils@5.17.1", "@mui/utils@7.2.0", "@types/react@18.3.23" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@types/react@18.3.23", "Name": "@types/react", "Identifier": { "PURL": "pkg:npm/%40types/react@18.3.23", "UID": "cf5bb3de4fbb3471", "BOMRef": "pkg:npm/%40types/react@18.3.23" }, "Version": "18.3.23", "Licenses": [ "MIT" ], "DependsOn": [ "@mdx-js/react@2.3.0", "@mui/icons-material@7.2.0", "@mui/material@5.17.1", "@mui/material@7.2.0", "@mui/private-theming@5.17.1", "@mui/private-theming@7.2.0", "@mui/system@5.17.1", "@mui/system@7.2.0", "@mui/types@7.2.24", "@mui/types@7.4.4", "@mui/utils@5.17.1", "@mui/utils@7.2.0", "@types/react-dom@18.3.7", "@types/react-transition-group@4.4.12", "mui-chips-input@7.0.1", "react-archer@4.4.0", "zustand@4.5.7" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@types/react-dom@18.3.7", "Name": "@types/react-dom", "Identifier": { "PURL": "pkg:npm/%40types/react-dom@18.3.7", "UID": "7072944de8274556", "BOMRef": "pkg:npm/%40types/react-dom@18.3.7" }, "Version": "18.3.7", "Licenses": [ "MIT" ], "DependsOn": [ "@testing-library/react@13.4.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@types/react-transition-group@4.4.12", "Name": "@types/react-transition-group", "Identifier": { "PURL": "pkg:npm/%40types/react-transition-group@4.4.12", "UID": "5c091d48bae15eb5", "BOMRef": "pkg:npm/%40types/react-transition-group@4.4.12" }, "Version": "4.4.12", "Licenses": [ "MIT" ], "DependsOn": [ "@mui/material@5.17.1", "@mui/material@7.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@types/retry@0.12.2", "Name": "@types/retry", "Identifier": { "PURL": "pkg:npm/%40types/retry@0.12.2", "UID": "bc2eccd63df3b043", "BOMRef": "pkg:npm/%40types/retry@0.12.2" }, "Version": "0.12.2", "Licenses": [ "MIT" ], "DependsOn": [ "p-retry@6.2.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@types/stack-utils@2.0.3", "Name": "@types/stack-utils", "Identifier": { "PURL": "pkg:npm/%40types/stack-utils@2.0.3", "UID": "5463fd34a6d09763", "BOMRef": "pkg:npm/%40types/stack-utils@2.0.3" }, "Version": "2.0.3", "Licenses": [ "MIT" ], "DependsOn": [ "jest-message-util@30.0.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@types/testing-library__jest-dom@5.14.9", "Name": "@types/testing-library__jest-dom", "Identifier": { "PURL": "pkg:npm/%40types/testing-library__jest-dom@5.14.9", "UID": "6896e81202083fde", "BOMRef": "pkg:npm/%40types/testing-library__jest-dom@5.14.9" }, "Version": "5.14.9", "Licenses": [ "MIT" ], "DependsOn": [ "@testing-library/jest-dom@5.17.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@types/unist@2.0.11", "Name": "@types/unist", "Identifier": { "PURL": "pkg:npm/%40types/unist@2.0.11", "UID": "f713a9d185547414", "BOMRef": "pkg:npm/%40types/unist@2.0.11" }, "Version": "2.0.11", "Licenses": [ "MIT" ], "DependsOn": [ "unist-util-visit-parents@5.1.3", "unist-util-visit-parents@5.1.3", "unist-util-visit-parents@5.1.3", "unist-util-visit-parents@5.1.3", "unist-util-visit-parents@5.1.3", "unist-util-visit@4.1.2", "unist-util-visit@4.1.2", "unist-util-visit@4.1.2", "unist-util-visit@4.1.2", "unist-util-visit@4.1.2", "@types/hast@2.3.10", "@types/mdast@3.0.15", "estree-util-visit@1.2.1", "hast-util-to-estree@2.3.3", "mdast-util-definitions@5.1.2", "mdast-util-from-markdown@1.3.1", "mdast-util-mdx-jsx@2.1.4", "mdast-util-to-markdown@1.5.0", "micromark-util-events-to-acorn@1.2.3", "parse-entities@4.0.2", "unified@10.1.2", "unist-util-is@5.2.1", "unist-util-position-from-estree@1.1.2", "unist-util-position@4.0.4", "unist-util-remove-position@4.0.2", "unist-util-stringify-position@3.0.3", "vfile-message@3.1.4", "vfile@5.3.7" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@types/unist@3.0.3", "Name": "@types/unist", "Identifier": { "PURL": "pkg:npm/%40types/unist@3.0.3", "UID": "86ed771fc7f3c6f0", "BOMRef": "fe7124ea-6185-4835-9435-c82da8fb99c7" }, "Version": "3.0.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@types/unist@3.0.3", "Name": "@types/unist", "Identifier": { "PURL": "pkg:npm/%40types/unist@3.0.3", "UID": "1b8b07ac7cb3f484", "BOMRef": "5bce7a76-d252-4ba6-9c70-b0948d3c394d" }, "Version": "3.0.3", "Licenses": [ "MIT" ], "DependsOn": [ "unist-util-is@6.0.0", "unist-util-is@6.0.0", "unist-util-visit-parents@6.0.1", "unist-util-visit@5.0.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@types/yargs@17.0.33", "Name": "@types/yargs", "Identifier": { "PURL": "pkg:npm/%40types/yargs@17.0.33", "UID": "a51e2afe6b0d7baf", "BOMRef": "pkg:npm/%40types/yargs@17.0.33" }, "Version": "17.0.33", "Licenses": [ "MIT" ], "DependsOn": [ "@jest/types@30.0.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@types/yargs-parser@21.0.3", "Name": "@types/yargs-parser", "Identifier": { "PURL": "pkg:npm/%40types/yargs-parser@21.0.3", "UID": "41fbd6943d75a72e", "BOMRef": "pkg:npm/%40types/yargs-parser@21.0.3" }, "Version": "21.0.3", "Licenses": [ "MIT" ], "DependsOn": [ "@types/yargs@17.0.33" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@ungap/structured-clone@1.3.0", "Name": "@ungap/structured-clone", "Identifier": { "PURL": "pkg:npm/%40ungap/structured-clone@1.3.0", "UID": "cb25162fe0c6dea6", "BOMRef": "pkg:npm/%40ungap/structured-clone@1.3.0" }, "Version": "1.3.0", "Licenses": [ "ISC" ], "DependsOn": [ "eslint@8.57.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@uppy/companion-client@4.4.2", "Name": "@uppy/companion-client", "Identifier": { "PURL": "pkg:npm/%40uppy/companion-client@4.4.2", "UID": "9935488335c45cab", "BOMRef": "pkg:npm/%40uppy/companion-client@4.4.2" }, "Version": "4.4.2", "Licenses": [ "MIT" ], "DependsOn": [ "@uppy/xhr-upload@4.3.3" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@uppy/components@0.2.0", "Name": "@uppy/components", "Identifier": { "PURL": "pkg:npm/%40uppy/components@0.2.0", "UID": "92e15f915a08d500", "BOMRef": "pkg:npm/%40uppy/components@0.2.0" }, "Version": "0.2.0", "Licenses": [ "MIT" ], "DependsOn": [ "@uppy/react@4.4.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@uppy/core@4.4.7", "Name": "@uppy/core", "Identifier": { "PURL": "pkg:npm/%40uppy/core@4.4.7", "UID": "79fac391ae0721ef", "BOMRef": "pkg:npm/%40uppy/core@4.4.7" }, "Version": "4.4.7", "Licenses": [ "MIT" ], "DependsOn": [ "@uppy/companion-client@4.4.2", "@uppy/components@0.2.0", "@uppy/dashboard@4.3.4", "@uppy/drag-drop@4.1.3", "@uppy/informer@4.2.1", "@uppy/progress-bar@4.2.1", "@uppy/provider-views@4.4.5", "@uppy/react@4.4.0", "@uppy/status-bar@4.1.3", "@uppy/thumbnail-generator@4.1.1", "@uppy/xhr-upload@4.3.3", "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@uppy/dashboard@4.3.4", "Name": "@uppy/dashboard", "Identifier": { "PURL": "pkg:npm/%40uppy/dashboard@4.3.4", "UID": "f87874811db26e93", "BOMRef": "pkg:npm/%40uppy/dashboard@4.3.4" }, "Version": "4.3.4", "Licenses": [ "MIT" ], "DependsOn": [ "@uppy/react@4.4.0", "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@uppy/drag-drop@4.1.3", "Name": "@uppy/drag-drop", "Identifier": { "PURL": "pkg:npm/%40uppy/drag-drop@4.1.3", "UID": "96a7bf86967b3d77", "BOMRef": "pkg:npm/%40uppy/drag-drop@4.1.3" }, "Version": "4.1.3", "Licenses": [ "MIT" ], "DependsOn": [ "@uppy/react@4.4.0", "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@uppy/informer@4.2.1", "Name": "@uppy/informer", "Identifier": { "PURL": "pkg:npm/%40uppy/informer@4.2.1", "UID": "6ea3649663bd5abe", "BOMRef": "pkg:npm/%40uppy/informer@4.2.1" }, "Version": "4.2.1", "Licenses": [ "MIT" ], "DependsOn": [ "@uppy/dashboard@4.3.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@uppy/progress-bar@4.2.1", "Name": "@uppy/progress-bar", "Identifier": { "PURL": "pkg:npm/%40uppy/progress-bar@4.2.1", "UID": "2362771339231f6b", "BOMRef": "pkg:npm/%40uppy/progress-bar@4.2.1" }, "Version": "4.2.1", "Licenses": [ "MIT" ], "DependsOn": [ "@uppy/react@4.4.0", "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@uppy/provider-views@4.4.5", "Name": "@uppy/provider-views", "Identifier": { "PURL": "pkg:npm/%40uppy/provider-views@4.4.5", "UID": "d1f08deedef9aac7", "BOMRef": "pkg:npm/%40uppy/provider-views@4.4.5" }, "Version": "4.4.5", "Licenses": [ "MIT" ], "DependsOn": [ "@uppy/dashboard@4.3.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@uppy/react@4.4.0", "Name": "@uppy/react", "Identifier": { "PURL": "pkg:npm/%40uppy/react@4.4.0", "UID": "20c8fc2821cdffb1", "BOMRef": "pkg:npm/%40uppy/react@4.4.0" }, "Version": "4.4.0", "Licenses": [ "MIT" ], "DependsOn": [ "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@uppy/status-bar@4.1.3", "Name": "@uppy/status-bar", "Identifier": { "PURL": "pkg:npm/%40uppy/status-bar@4.1.3", "UID": "a0fe2fd572203c7a", "BOMRef": "pkg:npm/%40uppy/status-bar@4.1.3" }, "Version": "4.1.3", "Licenses": [ "MIT" ], "DependsOn": [ "@uppy/dashboard@4.3.4", "@uppy/react@4.4.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@uppy/store-default@4.2.0", "Name": "@uppy/store-default", "Identifier": { "PURL": "pkg:npm/%40uppy/store-default@4.2.0", "UID": "dcebfdc260925c8b", "BOMRef": "pkg:npm/%40uppy/store-default@4.2.0" }, "Version": "4.2.0", "Licenses": [ "MIT" ], "DependsOn": [ "@uppy/core@4.4.7" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@uppy/thumbnail-generator@4.1.1", "Name": "@uppy/thumbnail-generator", "Identifier": { "PURL": "pkg:npm/%40uppy/thumbnail-generator@4.1.1", "UID": "19b848a6f9dbea45", "BOMRef": "pkg:npm/%40uppy/thumbnail-generator@4.1.1" }, "Version": "4.1.1", "Licenses": [ "MIT" ], "DependsOn": [ "@uppy/dashboard@4.3.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@uppy/utils@6.1.5", "Name": "@uppy/utils", "Identifier": { "PURL": "pkg:npm/%40uppy/utils@6.1.5", "UID": "3717cf259d60ac0", "BOMRef": "pkg:npm/%40uppy/utils@6.1.5" }, "Version": "6.1.5", "Licenses": [ "MIT" ], "DependsOn": [ "@uppy/companion-client@4.4.2", "@uppy/core@4.4.7", "@uppy/dashboard@4.3.4", "@uppy/drag-drop@4.1.3", "@uppy/informer@4.2.1", "@uppy/progress-bar@4.2.1", "@uppy/provider-views@4.4.5", "@uppy/react@4.4.0", "@uppy/status-bar@4.1.3", "@uppy/thumbnail-generator@4.1.1", "@uppy/xhr-upload@4.3.3" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@uppy/xhr-upload@4.3.3", "Name": "@uppy/xhr-upload", "Identifier": { "PURL": "pkg:npm/%40uppy/xhr-upload@4.3.3", "UID": "46ad1e7cefffb341", "BOMRef": "pkg:npm/%40uppy/xhr-upload@4.3.3" }, "Version": "4.3.3", "Licenses": [ "MIT" ], "DependsOn": [ "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@vitejs/plugin-react@4.6.0", "Name": "@vitejs/plugin-react", "Identifier": { "PURL": "pkg:npm/%40vitejs/plugin-react@4.6.0", "UID": "9a58bdb39fb0ef6", "BOMRef": "pkg:npm/%40vitejs/plugin-react@4.6.0" }, "Version": "4.6.0", "Licenses": [ "MIT" ], "DependsOn": [ "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@vitest/expect@3.2.4", "Name": "@vitest/expect", "Identifier": { "PURL": "pkg:npm/%40vitest/expect@3.2.4", "UID": "100757e4b7d36cae", "BOMRef": "pkg:npm/%40vitest/expect@3.2.4" }, "Version": "3.2.4", "Licenses": [ "MIT" ], "DependsOn": [ "vitest@3.2.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@vitest/mocker@3.2.4", "Name": "@vitest/mocker", "Identifier": { "PURL": "pkg:npm/%40vitest/mocker@3.2.4", "UID": "d48f19205b9f1ebc", "BOMRef": "pkg:npm/%40vitest/mocker@3.2.4" }, "Version": "3.2.4", "Licenses": [ "MIT" ], "DependsOn": [ "vitest@3.2.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@vitest/pretty-format@3.2.4", "Name": "@vitest/pretty-format", "Identifier": { "PURL": "pkg:npm/%40vitest/pretty-format@3.2.4", "UID": "e8ffc056b0b0d238", "BOMRef": "pkg:npm/%40vitest/pretty-format@3.2.4" }, "Version": "3.2.4", "Licenses": [ "MIT" ], "DependsOn": [ "@vitest/snapshot@3.2.4", "@vitest/utils@3.2.4", "vitest@3.2.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@vitest/runner@3.2.4", "Name": "@vitest/runner", "Identifier": { "PURL": "pkg:npm/%40vitest/runner@3.2.4", "UID": "a0a20a9d418d067", "BOMRef": "pkg:npm/%40vitest/runner@3.2.4" }, "Version": "3.2.4", "Licenses": [ "MIT" ], "DependsOn": [ "vitest@3.2.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@vitest/snapshot@3.2.4", "Name": "@vitest/snapshot", "Identifier": { "PURL": "pkg:npm/%40vitest/snapshot@3.2.4", "UID": "e81a1f8b913aaf75", "BOMRef": "pkg:npm/%40vitest/snapshot@3.2.4" }, "Version": "3.2.4", "Licenses": [ "MIT" ], "DependsOn": [ "vitest@3.2.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@vitest/spy@3.2.4", "Name": "@vitest/spy", "Identifier": { "PURL": "pkg:npm/%40vitest/spy@3.2.4", "UID": "205cee3d010f9827", "BOMRef": "pkg:npm/%40vitest/spy@3.2.4" }, "Version": "3.2.4", "Licenses": [ "MIT" ], "DependsOn": [ "@vitest/expect@3.2.4", "@vitest/mocker@3.2.4", "vitest@3.2.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@vitest/utils@3.2.4", "Name": "@vitest/utils", "Identifier": { "PURL": "pkg:npm/%40vitest/utils@3.2.4", "UID": "f97ae9734989f595", "BOMRef": "pkg:npm/%40vitest/utils@3.2.4" }, "Version": "3.2.4", "Licenses": [ "MIT" ], "DependsOn": [ "@vitest/expect@3.2.4", "@vitest/runner@3.2.4", "vitest@3.2.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "@webcam/core@1.0.1", "Name": "@webcam/core", "Identifier": { "PURL": "pkg:npm/%40webcam/core@1.0.1", "UID": "7754d05ab2c84ca1", "BOMRef": "pkg:npm/%40webcam/core@1.0.1" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "@uppy/components@0.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "abab@2.0.6", "Name": "abab", "Identifier": { "PURL": "pkg:npm/abab@2.0.6", "UID": "f5aa500acb3f34d0", "BOMRef": "pkg:npm/abab@2.0.6" }, "Version": "2.0.6", "Licenses": [ "BSD-3-Clause" ], "DependsOn": [ "data-urls@4.0.0", "jsdom@22.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "accessor-fn@1.5.3", "Name": "accessor-fn", "Identifier": { "PURL": "pkg:npm/accessor-fn@1.5.3", "UID": "4e4eb7f40b303178", "BOMRef": "pkg:npm/accessor-fn@1.5.3" }, "Version": "1.5.3", "Licenses": [ "MIT" ], "DependsOn": [ "force-graph@1.50.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "acorn@8.15.0", "Name": "acorn", "Identifier": { "PURL": "pkg:npm/acorn@8.15.0", "UID": "8d33c0abdab48ad3", "BOMRef": "pkg:npm/acorn@8.15.0" }, "Version": "8.15.0", "Licenses": [ "MIT" ], "DependsOn": [ "acorn-jsx@5.3.2", "espree@9.6.1", "micromark-extension-mdxjs@1.0.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "acorn-jsx@5.3.2", "Name": "acorn-jsx", "Identifier": { "PURL": "pkg:npm/acorn-jsx@5.3.2", "UID": "8b279ff51e21e74a", "BOMRef": "pkg:npm/acorn-jsx@5.3.2" }, "Version": "5.3.2", "Licenses": [ "MIT" ], "DependsOn": [ "espree@9.6.1", "micromark-extension-mdxjs@1.0.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "agent-base@6.0.2", "Name": "agent-base", "Identifier": { "PURL": "pkg:npm/agent-base@6.0.2", "UID": "d8f4bb121765f732", "BOMRef": "pkg:npm/agent-base@6.0.2" }, "Version": "6.0.2", "Licenses": [ "MIT" ], "DependsOn": [ "http-proxy-agent@5.0.0", "https-proxy-agent@5.0.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "ajv@6.12.6", "Name": "ajv", "Identifier": { "PURL": "pkg:npm/ajv@6.12.6", "UID": "6afce0e3fb938715", "BOMRef": "pkg:npm/ajv@6.12.6" }, "Version": "6.12.6", "Licenses": [ "MIT" ], "DependsOn": [ "@eslint/eslintrc@2.1.4", "eslint@8.57.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "ansi-regex@5.0.1", "Name": "ansi-regex", "Identifier": { "PURL": "pkg:npm/ansi-regex@5.0.1", "UID": "b6c6252abdf42daa", "BOMRef": "pkg:npm/ansi-regex@5.0.1" }, "Version": "5.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "pretty-format@27.5.1", "strip-ansi@6.0.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "ansi-styles@4.3.0", "Name": "ansi-styles", "Identifier": { "PURL": "pkg:npm/ansi-styles@4.3.0", "UID": "7b623e40e193e12d", "BOMRef": "pkg:npm/ansi-styles@4.3.0" }, "Version": "4.3.0", "Licenses": [ "MIT" ], "DependsOn": [ "chalk@3.0.0", "chalk@4.1.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "ansi-styles@5.2.0", "Name": "ansi-styles", "Identifier": { "PURL": "pkg:npm/ansi-styles@5.2.0", "UID": "c9c0785b1fbf116c", "BOMRef": "631d96f2-c606-4adc-a79a-a3b7d203c501" }, "Version": "5.2.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "ansi-styles@5.2.0", "Name": "ansi-styles", "Identifier": { "PURL": "pkg:npm/ansi-styles@5.2.0", "UID": "9084549c4729baa8", "BOMRef": "6f9db6ac-5aa4-49ad-99ac-7b33a29ee35d" }, "Version": "5.2.0", "Licenses": [ "MIT" ], "DependsOn": [ "pretty-format@30.0.2", "pretty-format@30.0.2", "pretty-format@30.0.2", "pretty-format@30.0.2", "pretty-format@27.5.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "ansi-styles@5.2.0", "Name": "ansi-styles", "Identifier": { "PURL": "pkg:npm/ansi-styles@5.2.0", "UID": "b741a411ef30035", "BOMRef": "9cf9b4f0-8005-4e79-972c-dba08e6069b5" }, "Version": "5.2.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "ansi-styles@5.2.0", "Name": "ansi-styles", "Identifier": { "PURL": "pkg:npm/ansi-styles@5.2.0", "UID": "cff1edc10a672cd4", "BOMRef": "31e2a0e7-519e-4734-b23e-bad399fa2a0a" }, "Version": "5.2.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "ansi-styles@5.2.0", "Name": "ansi-styles", "Identifier": { "PURL": "pkg:npm/ansi-styles@5.2.0", "UID": "a7a741577adfbce3", "BOMRef": "889061e6-6c77-4637-b9ce-0ac19e316b61" }, "Version": "5.2.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "argparse@2.0.1", "Name": "argparse", "Identifier": { "PURL": "pkg:npm/argparse@2.0.1", "UID": "7eae7bbaf05d1a78", "BOMRef": "pkg:npm/argparse@2.0.1" }, "Version": "2.0.1", "Licenses": [ "Python-2.0" ], "DependsOn": [ "js-yaml@4.1.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "aria-query@5.1.3", "Name": "aria-query", "Identifier": { "PURL": "pkg:npm/aria-query@5.1.3", "UID": "38d74edad4779fc8", "BOMRef": "pkg:npm/aria-query@5.1.3" }, "Version": "5.1.3", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "@testing-library/dom@8.20.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "aria-query@5.3.0", "Name": "aria-query", "Identifier": { "PURL": "pkg:npm/aria-query@5.3.0", "UID": "75c589ce9eaa1403", "BOMRef": "pkg:npm/aria-query@5.3.0" }, "Version": "5.3.0", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "@testing-library/dom@10.4.0", "@testing-library/jest-dom@5.17.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "array-buffer-byte-length@1.0.2", "Name": "array-buffer-byte-length", "Identifier": { "PURL": "pkg:npm/array-buffer-byte-length@1.0.2", "UID": "e26a1869bb2484dd", "BOMRef": "pkg:npm/array-buffer-byte-length@1.0.2" }, "Version": "1.0.2", "Licenses": [ "MIT" ], "DependsOn": [ "arraybuffer.prototype.slice@1.0.4", "deep-equal@2.2.3", "es-abstract@1.24.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "array-includes@3.1.9", "Name": "array-includes", "Identifier": { "PURL": "pkg:npm/array-includes@3.1.9", "UID": "e71451c75c0c44d5", "BOMRef": "pkg:npm/array-includes@3.1.9" }, "Version": "3.1.9", "Licenses": [ "MIT" ], "DependsOn": [ "eslint-plugin-react@7.37.5", "jsx-ast-utils@3.3.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "array.prototype.findlast@1.2.5", "Name": "array.prototype.findlast", "Identifier": { "PURL": "pkg:npm/array.prototype.findlast@1.2.5", "UID": "dcc063d0b25b674a", "BOMRef": "pkg:npm/array.prototype.findlast@1.2.5" }, "Version": "1.2.5", "Licenses": [ "MIT" ], "DependsOn": [ "eslint-plugin-react@7.37.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "array.prototype.flat@1.3.3", "Name": "array.prototype.flat", "Identifier": { "PURL": "pkg:npm/array.prototype.flat@1.3.3", "UID": "39235b772c82aad2", "BOMRef": "pkg:npm/array.prototype.flat@1.3.3" }, "Version": "1.3.3", "Licenses": [ "MIT" ], "DependsOn": [ "jsx-ast-utils@3.3.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "array.prototype.flatmap@1.3.3", "Name": "array.prototype.flatmap", "Identifier": { "PURL": "pkg:npm/array.prototype.flatmap@1.3.3", "UID": "758f81f10c13b98e", "BOMRef": "pkg:npm/array.prototype.flatmap@1.3.3" }, "Version": "1.3.3", "Licenses": [ "MIT" ], "DependsOn": [ "eslint-plugin-react@7.37.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "array.prototype.tosorted@1.1.4", "Name": "array.prototype.tosorted", "Identifier": { "PURL": "pkg:npm/array.prototype.tosorted@1.1.4", "UID": "5e5fe11ef3e92bb8", "BOMRef": "pkg:npm/array.prototype.tosorted@1.1.4" }, "Version": "1.1.4", "Licenses": [ "MIT" ], "DependsOn": [ "eslint-plugin-react@7.37.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "arraybuffer.prototype.slice@1.0.4", "Name": "arraybuffer.prototype.slice", "Identifier": { "PURL": "pkg:npm/arraybuffer.prototype.slice@1.0.4", "UID": "2a0e778e6c7e8f3a", "BOMRef": "pkg:npm/arraybuffer.prototype.slice@1.0.4" }, "Version": "1.0.4", "Licenses": [ "MIT" ], "DependsOn": [ "es-abstract@1.24.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "assertion-error@2.0.1", "Name": "assertion-error", "Identifier": { "PURL": "pkg:npm/assertion-error@2.0.1", "UID": "8f4abe56ebe3892a", "BOMRef": "pkg:npm/assertion-error@2.0.1" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "chai@5.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "astring@1.9.0", "Name": "astring", "Identifier": { "PURL": "pkg:npm/astring@1.9.0", "UID": "af6c95fd985cd466", "BOMRef": "pkg:npm/astring@1.9.0" }, "Version": "1.9.0", "Licenses": [ "MIT" ], "DependsOn": [ "estree-util-to-js@1.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "async-function@1.0.0", "Name": "async-function", "Identifier": { "PURL": "pkg:npm/async-function@1.0.0", "UID": "5154e8ed7fb3e536", "BOMRef": "pkg:npm/async-function@1.0.0" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "is-async-function@2.1.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "asynckit@0.4.0", "Name": "asynckit", "Identifier": { "PURL": "pkg:npm/asynckit@0.4.0", "UID": "10004d4c7a5df134", "BOMRef": "pkg:npm/asynckit@0.4.0" }, "Version": "0.4.0", "Licenses": [ "MIT" ], "DependsOn": [ "form-data@4.0.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "autocomplete-openapi@0.1.6", "Name": "autocomplete-openapi", "Identifier": { "PURL": "pkg:npm/autocomplete-openapi@0.1.6", "UID": "36c6b06153e72fcc", "BOMRef": "pkg:npm/autocomplete-openapi@0.1.6" }, "Version": "0.1.6", "Licenses": [ "ISC" ], "DependsOn": [ "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "available-typed-arrays@1.0.7", "Name": "available-typed-arrays", "Identifier": { "PURL": "pkg:npm/available-typed-arrays@1.0.7", "UID": "38a546f196d48974", "BOMRef": "pkg:npm/available-typed-arrays@1.0.7" }, "Version": "1.0.7", "Licenses": [ "MIT" ], "DependsOn": [ "es-abstract@1.24.0", "typed-array-byte-offset@1.0.4", "which-typed-array@1.1.19" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "axios@1.12.2", "Name": "axios", "Identifier": { "PURL": "pkg:npm/axios@1.12.2", "UID": "a61e859244c5db3d", "BOMRef": "pkg:npm/axios@1.12.2" }, "Version": "1.12.2", "Licenses": [ "MIT" ], "DependsOn": [ "openapi-client-axios@7.6.0", "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "babel-plugin-macros@3.1.0", "Name": "babel-plugin-macros", "Identifier": { "PURL": "pkg:npm/babel-plugin-macros@3.1.0", "UID": "2f37f0b1f0f2ddd7", "BOMRef": "pkg:npm/babel-plugin-macros@3.1.0" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "@emotion/babel-plugin@11.13.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "bail@2.0.2", "Name": "bail", "Identifier": { "PURL": "pkg:npm/bail@2.0.2", "UID": "84dd106d41a247fe", "BOMRef": "pkg:npm/bail@2.0.2" }, "Version": "2.0.2", "Licenses": [ "MIT" ], "DependsOn": [ "unified@10.1.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "balanced-match@1.0.2", "Name": "balanced-match", "Identifier": { "PURL": "pkg:npm/balanced-match@1.0.2", "UID": "c4912e720d8cc742", "BOMRef": "pkg:npm/balanced-match@1.0.2" }, "Version": "1.0.2", "Licenses": [ "MIT" ], "DependsOn": [ "brace-expansion@1.1.12" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "bath-es5@3.0.3", "Name": "bath-es5", "Identifier": { "PURL": "pkg:npm/bath-es5@3.0.3", "UID": "e4af111feda07a7b", "BOMRef": "pkg:npm/bath-es5@3.0.3" }, "Version": "3.0.3", "Licenses": [ "MIT" ], "DependsOn": [ "openapi-client-axios@7.6.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "bezier-js@6.1.4", "Name": "bezier-js", "Identifier": { "PURL": "pkg:npm/bezier-js@6.1.4", "UID": "ea5015cf86c4c7b9", "BOMRef": "pkg:npm/bezier-js@6.1.4" }, "Version": "6.1.4", "Licenses": [ "MIT" ], "DependsOn": [ "force-graph@1.50.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "brace-expansion@1.1.12", "Name": "brace-expansion", "Identifier": { "PURL": "pkg:npm/brace-expansion@1.1.12", "UID": "4683577cbf9aa70f", "BOMRef": "pkg:npm/brace-expansion@1.1.12" }, "Version": "1.1.12", "Licenses": [ "MIT" ], "DependsOn": [ "minimatch@3.1.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "braces@3.0.3", "Name": "braces", "Identifier": { "PURL": "pkg:npm/braces@3.0.3", "UID": "d9743a9bcd3a1aef", "BOMRef": "pkg:npm/braces@3.0.3" }, "Version": "3.0.3", "Licenses": [ "MIT" ], "DependsOn": [ "micromatch@4.0.8" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "browserslist@4.25.1", "Name": "browserslist", "Identifier": { "PURL": "pkg:npm/browserslist@4.25.1", "UID": "e50b0585920fee31", "BOMRef": "pkg:npm/browserslist@4.25.1" }, "Version": "4.25.1", "Licenses": [ "MIT" ], "DependsOn": [ "@babel/helper-compilation-targets@7.27.2", "update-browserslist-db@1.1.3" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "cac@6.7.14", "Name": "cac", "Identifier": { "PURL": "pkg:npm/cac@6.7.14", "UID": "b30ef191b6b4c5cd", "BOMRef": "pkg:npm/cac@6.7.14" }, "Version": "6.7.14", "Licenses": [ "MIT" ], "DependsOn": [ "vite-node@3.2.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "call-bind@1.0.8", "Name": "call-bind", "Identifier": { "PURL": "pkg:npm/call-bind@1.0.8", "UID": "29bb30094224f661", "BOMRef": "pkg:npm/call-bind@1.0.8" }, "Version": "1.0.8", "Licenses": [ "MIT" ], "DependsOn": [ "array-includes@3.1.9", "array.prototype.findlast@1.2.5", "array.prototype.flat@1.3.3", "array.prototype.flatmap@1.3.3", "array.prototype.tosorted@1.1.4", "arraybuffer.prototype.slice@1.0.4", "deep-equal@2.2.3", "es-abstract@1.24.0", "es-get-iterator@1.1.3", "es-iterator-helpers@1.2.1", "function.prototype.name@1.1.8", "is-array-buffer@3.0.5", "object-is@1.1.6", "object.assign@4.1.7", "object.entries@1.1.9", "object.fromentries@2.0.8", "object.values@1.2.1", "reflect.getprototypeof@1.0.10", "regexp.prototype.flags@1.5.4", "safe-array-concat@1.1.3", "string.prototype.matchall@4.0.12", "string.prototype.trim@1.2.10", "string.prototype.trimend@1.0.9", "string.prototype.trimstart@1.0.8", "typed-array-byte-length@1.0.3", "typed-array-byte-offset@1.0.4", "typed-array-length@1.0.7", "which-typed-array@1.1.19" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "call-bind-apply-helpers@1.0.2", "Name": "call-bind-apply-helpers", "Identifier": { "PURL": "pkg:npm/call-bind-apply-helpers@1.0.2", "UID": "66ddf3ee8ea3e5bf", "BOMRef": "pkg:npm/call-bind-apply-helpers@1.0.2" }, "Version": "1.0.2", "Licenses": [ "MIT" ], "DependsOn": [ "call-bind@1.0.8", "call-bound@1.0.4", "dunder-proto@1.0.1", "get-intrinsic@1.3.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "call-bound@1.0.4", "Name": "call-bound", "Identifier": { "PURL": "pkg:npm/call-bound@1.0.4", "UID": "4d8487b55851edcf", "BOMRef": "pkg:npm/call-bound@1.0.4" }, "Version": "1.0.4", "Licenses": [ "MIT" ], "DependsOn": [ "array-buffer-byte-length@1.0.2", "array-includes@3.1.9", "data-view-buffer@1.0.2", "data-view-byte-length@1.0.2", "data-view-byte-offset@1.0.1", "es-abstract@1.24.0", "es-iterator-helpers@1.2.1", "function.prototype.name@1.1.8", "get-symbol-description@1.1.0", "is-arguments@1.2.0", "is-array-buffer@3.0.5", "is-async-function@2.1.1", "is-boolean-object@1.2.2", "is-data-view@1.0.2", "is-date-object@1.1.0", "is-finalizationregistry@1.1.1", "is-generator-function@1.1.0", "is-number-object@1.1.1", "is-regex@1.2.1", "is-shared-array-buffer@1.0.4", "is-string@1.1.1", "is-symbol@1.1.1", "is-weakref@1.1.1", "is-weakset@2.0.4", "object.assign@4.1.7", "object.entries@1.1.9", "object.values@1.2.1", "safe-array-concat@1.1.3", "safe-regex-test@1.1.0", "side-channel-map@1.0.1", "side-channel-weakmap@1.0.2", "string.prototype.matchall@4.0.12", "string.prototype.trim@1.2.10", "string.prototype.trimend@1.0.9", "typed-array-buffer@1.0.3", "unbox-primitive@1.1.0", "which-builtin-type@1.2.1", "which-typed-array@1.1.19" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "callsites@3.1.0", "Name": "callsites", "Identifier": { "PURL": "pkg:npm/callsites@3.1.0", "UID": "616d8fee594cda51", "BOMRef": "pkg:npm/callsites@3.1.0" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "parent-module@1.0.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "camelcase@6.3.0", "Name": "camelcase", "Identifier": { "PURL": "pkg:npm/camelcase@6.3.0", "UID": "3894482d685bfed5", "BOMRef": "pkg:npm/camelcase@6.3.0" }, "Version": "6.3.0", "Licenses": [ "MIT" ], "DependsOn": [ "@svgr/core@8.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "caniuse-lite@1.0.30001726", "Name": "caniuse-lite", "Identifier": { "PURL": "pkg:npm/caniuse-lite@1.0.30001726", "UID": "32105579493028df", "BOMRef": "pkg:npm/caniuse-lite@1.0.30001726" }, "Version": "1.0.30001726", "Licenses": [ "CC-BY-4.0" ], "DependsOn": [ "browserslist@4.25.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "canvas-color-tracker@1.3.2", "Name": "canvas-color-tracker", "Identifier": { "PURL": "pkg:npm/canvas-color-tracker@1.3.2", "UID": "3a76b7661d64e434", "BOMRef": "pkg:npm/canvas-color-tracker@1.3.2" }, "Version": "1.3.2", "Licenses": [ "MIT" ], "DependsOn": [ "force-graph@1.50.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "ccount@2.0.1", "Name": "ccount", "Identifier": { "PURL": "pkg:npm/ccount@2.0.1", "UID": "d54bec52f1d81cf4", "BOMRef": "pkg:npm/ccount@2.0.1" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "mdast-util-mdx-jsx@2.1.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "chai@5.2.0", "Name": "chai", "Identifier": { "PURL": "pkg:npm/chai@5.2.0", "UID": "b5fb8644e642f05a", "BOMRef": "pkg:npm/chai@5.2.0" }, "Version": "5.2.0", "Licenses": [ "MIT" ], "DependsOn": [ "@vitest/expect@3.2.4", "vitest@3.2.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "chalk@3.0.0", "Name": "chalk", "Identifier": { "PURL": "pkg:npm/chalk@3.0.0", "UID": "f935775923b488a7", "BOMRef": "pkg:npm/chalk@3.0.0" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "@testing-library/jest-dom@5.17.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "chalk@4.1.2", "Name": "chalk", "Identifier": { "PURL": "pkg:npm/chalk@4.1.2", "UID": "5f971732725d4148", "BOMRef": "pkg:npm/chalk@4.1.2" }, "Version": "4.1.2", "Licenses": [ "MIT" ], "DependsOn": [ "@jest/types@30.0.1", "@testing-library/dom@10.4.0", "@testing-library/dom@8.20.1", "eslint@8.57.1", "jest-diff@30.0.4", "jest-matcher-utils@30.0.4", "jest-message-util@30.0.2", "jest-util@30.0.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "character-entities@2.0.2", "Name": "character-entities", "Identifier": { "PURL": "pkg:npm/character-entities@2.0.2", "UID": "47dde095377be0f2", "BOMRef": "pkg:npm/character-entities@2.0.2" }, "Version": "2.0.2", "Licenses": [ "MIT" ], "DependsOn": [ "decode-named-character-reference@1.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "character-entities-html4@2.1.0", "Name": "character-entities-html4", "Identifier": { "PURL": "pkg:npm/character-entities-html4@2.1.0", "UID": "1862a91ec2e649d", "BOMRef": "pkg:npm/character-entities-html4@2.1.0" }, "Version": "2.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "stringify-entities@4.0.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "character-entities-legacy@3.0.0", "Name": "character-entities-legacy", "Identifier": { "PURL": "pkg:npm/character-entities-legacy@3.0.0", "UID": "eea1b4e3760afc1a", "BOMRef": "pkg:npm/character-entities-legacy@3.0.0" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "parse-entities@4.0.2", "stringify-entities@4.0.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "character-reference-invalid@2.0.1", "Name": "character-reference-invalid", "Identifier": { "PURL": "pkg:npm/character-reference-invalid@2.0.1", "UID": "d80247452fb3524e", "BOMRef": "pkg:npm/character-reference-invalid@2.0.1" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "parse-entities@4.0.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "chart.js@4.5.0", "Name": "chart.js", "Identifier": { "PURL": "pkg:npm/chart.js@4.5.0", "UID": "2137b5968c9552c8", "BOMRef": "pkg:npm/chart.js@4.5.0" }, "Version": "4.5.0", "Licenses": [ "MIT" ], "DependsOn": [ "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "check-error@2.1.1", "Name": "check-error", "Identifier": { "PURL": "pkg:npm/check-error@2.1.1", "UID": "d45f5c85acc6d7d9", "BOMRef": "pkg:npm/check-error@2.1.1" }, "Version": "2.1.1", "Licenses": [ "MIT" ], "DependsOn": [ "chai@5.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "chownr@3.0.0", "Name": "chownr", "Identifier": { "PURL": "pkg:npm/chownr@3.0.0", "UID": "fd8b470aa34bad82", "BOMRef": "pkg:npm/chownr@3.0.0" }, "Version": "3.0.0", "Licenses": [ "BlueOak-1.0.0" ], "DependsOn": [ "tar@7.4.3" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "chroma-js@2.6.0", "Name": "chroma-js", "Identifier": { "PURL": "pkg:npm/chroma-js@2.6.0", "UID": "a965f8399aa8aa5c", "BOMRef": "pkg:npm/chroma-js@2.6.0" }, "Version": "2.6.0", "Licenses": [ "BSD-3-Clause AND Apache-2.0" ], "DependsOn": [ "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "ci-info@4.2.0", "Name": "ci-info", "Identifier": { "PURL": "pkg:npm/ci-info@4.2.0", "UID": "1538a3f899393803", "BOMRef": "pkg:npm/ci-info@4.2.0" }, "Version": "4.2.0", "Licenses": [ "MIT" ], "DependsOn": [ "jest-util@30.0.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "classnames@2.5.1", "Name": "classnames", "Identifier": { "PURL": "pkg:npm/classnames@2.5.1", "UID": "cf110cc1896e6bd3", "BOMRef": "pkg:npm/classnames@2.5.1" }, "Version": "2.5.1", "Licenses": [ "MIT" ], "DependsOn": [ "@uppy/dashboard@4.3.4", "@uppy/provider-views@4.4.5", "@uppy/status-bar@4.1.3", "react-diff-viewer-continued@3.4.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "clsx@1.2.1", "Name": "clsx", "Identifier": { "PURL": "pkg:npm/clsx@1.2.1", "UID": "8cf7593c12dd2c9", "BOMRef": "30842de0-286b-4518-8393-6d62a1b2d5c6" }, "Version": "1.2.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "clsx@1.2.1", "Name": "clsx", "Identifier": { "PURL": "pkg:npm/clsx@1.2.1", "UID": "fa942022373a322b", "BOMRef": "925eb528-79fd-46fd-ac41-dce822ea3de6" }, "Version": "1.2.1", "Licenses": [ "MIT" ], "DependsOn": [ "@textea/json-viewer@2.17.2", "notistack@3.0.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "clsx@2.1.1", "Name": "clsx", "Identifier": { "PURL": "pkg:npm/clsx@2.1.1", "UID": "b4feb2a1a69e015d", "BOMRef": "311719ef-6db9-4300-8053-a28f3151a4f0" }, "Version": "2.1.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "clsx@2.1.1", "Name": "clsx", "Identifier": { "PURL": "pkg:npm/clsx@2.1.1", "UID": "4b98bc7e3d5ce85a", "BOMRef": "a5824ed8-8da7-409f-b07f-0fa6096f4473" }, "Version": "2.1.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "clsx@2.1.1", "Name": "clsx", "Identifier": { "PURL": "pkg:npm/clsx@2.1.1", "UID": "53a7b199e4708d09", "BOMRef": "db55098d-6d41-4bb1-a207-1757b128b3db" }, "Version": "2.1.1", "Licenses": [ "MIT" ], "DependsOn": [ "@mui/material@5.17.1", "@mui/material@7.2.0", "@mui/system@5.17.1", "@mui/system@7.2.0", "@mui/utils@5.17.1", "@mui/utils@7.2.0", "@mui/x-data-grid@7.29.8", "@uppy/components@0.2.0", "prism-react-renderer@2.4.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "clsx@2.1.1", "Name": "clsx", "Identifier": { "PURL": "pkg:npm/clsx@2.1.1", "UID": "5a3477dea32b9719", "BOMRef": "bb9edc85-559d-4091-9cf2-04a93ae28051" }, "Version": "2.1.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "color-convert@2.0.1", "Name": "color-convert", "Identifier": { "PURL": "pkg:npm/color-convert@2.0.1", "UID": "a0170c86e07b3997", "BOMRef": "pkg:npm/color-convert@2.0.1" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "ansi-styles@4.3.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "color-name@1.1.4", "Name": "color-name", "Identifier": { "PURL": "pkg:npm/color-name@1.1.4", "UID": "5f79b423da5190ad", "BOMRef": "pkg:npm/color-name@1.1.4" }, "Version": "1.1.4", "Licenses": [ "MIT" ], "DependsOn": [ "color-convert@2.0.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "combined-stream@1.0.8", "Name": "combined-stream", "Identifier": { "PURL": "pkg:npm/combined-stream@1.0.8", "UID": "851eef98d5e3c1f8", "BOMRef": "pkg:npm/combined-stream@1.0.8" }, "Version": "1.0.8", "Licenses": [ "MIT" ], "DependsOn": [ "form-data@4.0.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "comma-separated-tokens@2.0.3", "Name": "comma-separated-tokens", "Identifier": { "PURL": "pkg:npm/comma-separated-tokens@2.0.3", "UID": "c42485895c9f65ac", "BOMRef": "pkg:npm/comma-separated-tokens@2.0.3" }, "Version": "2.0.3", "Licenses": [ "MIT" ], "DependsOn": [ "hast-util-to-estree@2.3.3" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "concat-map@0.0.1", "Name": "concat-map", "Identifier": { "PURL": "pkg:npm/concat-map@0.0.1", "UID": "2cba6efe54129dc3", "BOMRef": "pkg:npm/concat-map@0.0.1" }, "Version": "0.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "brace-expansion@1.1.12" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "convert-source-map@1.9.0", "Name": "convert-source-map", "Identifier": { "PURL": "pkg:npm/convert-source-map@1.9.0", "UID": "79316cdb71900ce0", "BOMRef": "pkg:npm/convert-source-map@1.9.0" }, "Version": "1.9.0", "Licenses": [ "MIT" ], "DependsOn": [ "@emotion/babel-plugin@11.13.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "convert-source-map@2.0.0", "Name": "convert-source-map", "Identifier": { "PURL": "pkg:npm/convert-source-map@2.0.0", "UID": "4fbd0a4515ee9fcf", "BOMRef": "pkg:npm/convert-source-map@2.0.0" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "@babel/core@7.28.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "copy-to-clipboard@3.3.3", "Name": "copy-to-clipboard", "Identifier": { "PURL": "pkg:npm/copy-to-clipboard@3.3.3", "UID": "ccd7496a74099a6b", "BOMRef": "pkg:npm/copy-to-clipboard@3.3.3" }, "Version": "3.3.3", "Licenses": [ "MIT" ], "DependsOn": [ "@textea/json-viewer@2.17.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "cosmiconfig@7.1.0", "Name": "cosmiconfig", "Identifier": { "PURL": "pkg:npm/cosmiconfig@7.1.0", "UID": "5403745616e22428", "BOMRef": "pkg:npm/cosmiconfig@7.1.0" }, "Version": "7.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "babel-plugin-macros@3.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "cosmiconfig@8.3.6", "Name": "cosmiconfig", "Identifier": { "PURL": "pkg:npm/cosmiconfig@8.3.6", "UID": "a4cb7dc1195d097a", "BOMRef": "pkg:npm/cosmiconfig@8.3.6" }, "Version": "8.3.6", "Licenses": [ "MIT" ], "DependsOn": [ "@svgr/core@8.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "create-collection-form@0.0.0", "Name": "create-collection-form", "Identifier": { "PURL": "pkg:npm/create-collection-form@0.0.0?vcs_url=git+ssh%3A%2F%2Fgit%40github.com%2Fqdrant%2Fcreate-collection-form.git#a3f1e13059f334bf0c9eb2514fcd26bd01cfc59b", "UID": "bae520d148b04915", "BOMRef": "pkg:npm/create-collection-form@0.0.0?vcs_url=git+ssh%3A%2F%2Fgit%40github.com%2Fqdrant%2Fcreate-collection-form.git#a3f1e13059f334bf0c9eb2514fcd26bd01cfc59b" }, "Version": "0.0.0", "Licenses": [ "NOASSERTION" ], "DependsOn": [ "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "cross-spawn@7.0.6", "Name": "cross-spawn", "Identifier": { "PURL": "pkg:npm/cross-spawn@7.0.6", "UID": "92349c25171de31a", "BOMRef": "pkg:npm/cross-spawn@7.0.6" }, "Version": "7.0.6", "Licenses": [ "MIT" ], "DependsOn": [ "eslint@8.57.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "css.escape@1.5.1", "Name": "css.escape", "Identifier": { "PURL": "pkg:npm/css.escape@1.5.1", "UID": "ac8af7bc0b6e278f", "BOMRef": "pkg:npm/css.escape@1.5.1" }, "Version": "1.5.1", "Licenses": [ "MIT" ], "DependsOn": [ "@testing-library/jest-dom@5.17.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "cssstyle@3.0.0", "Name": "cssstyle", "Identifier": { "PURL": "pkg:npm/cssstyle@3.0.0", "UID": "c2c7de60523bb55f", "BOMRef": "pkg:npm/cssstyle@3.0.0" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "jsdom@22.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "csstype@3.1.3", "Name": "csstype", "Identifier": { "PURL": "pkg:npm/csstype@3.1.3", "UID": "cf5c3d55d69b1ad0", "BOMRef": "pkg:npm/csstype@3.1.3" }, "Version": "3.1.3", "Licenses": [ "MIT" ], "DependsOn": [ "@emotion/serialize@1.3.3", "@mui/material@5.17.1", "@mui/material@7.2.0", "@mui/styled-engine@5.16.14", "@mui/styled-engine@7.2.0", "@mui/system@5.17.1", "@mui/system@7.2.0", "@types/react@18.3.23", "dom-helpers@5.2.1", "goober@2.1.16" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "d3-array@3.2.4", "Name": "d3-array", "Identifier": { "PURL": "pkg:npm/d3-array@3.2.4", "UID": "56cffec94f5bd568", "BOMRef": "pkg:npm/d3-array@3.2.4" }, "Version": "3.2.4", "Licenses": [ "ISC" ], "DependsOn": [ "d3-scale@4.0.2", "d3-time@3.1.0", "force-graph@1.50.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "d3-binarytree@1.0.2", "Name": "d3-binarytree", "Identifier": { "PURL": "pkg:npm/d3-binarytree@1.0.2", "UID": "4d6e957243c69a1c", "BOMRef": "pkg:npm/d3-binarytree@1.0.2" }, "Version": "1.0.2", "Licenses": [ "MIT" ], "DependsOn": [ "d3-force-3d@3.0.6" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "d3-color@3.1.0", "Name": "d3-color", "Identifier": { "PURL": "pkg:npm/d3-color@3.1.0", "UID": "19670dc27bf4aa8a", "BOMRef": "pkg:npm/d3-color@3.1.0" }, "Version": "3.1.0", "Licenses": [ "ISC" ], "DependsOn": [ "d3-interpolate@3.0.1", "d3-scale-chromatic@3.1.0", "d3-transition@3.0.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "d3-dispatch@3.0.1", "Name": "d3-dispatch", "Identifier": { "PURL": "pkg:npm/d3-dispatch@3.0.1", "UID": "1f8f0446f6355a9", "BOMRef": "pkg:npm/d3-dispatch@3.0.1" }, "Version": "3.0.1", "Licenses": [ "ISC" ], "DependsOn": [ "d3-drag@3.0.0", "d3-force-3d@3.0.6", "d3-transition@3.0.1", "d3-zoom@3.0.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "d3-drag@3.0.0", "Name": "d3-drag", "Identifier": { "PURL": "pkg:npm/d3-drag@3.0.0", "UID": "1d57d7bf9e561769", "BOMRef": "pkg:npm/d3-drag@3.0.0" }, "Version": "3.0.0", "Licenses": [ "ISC" ], "DependsOn": [ "d3-zoom@3.0.0", "force-graph@1.50.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "d3-ease@3.0.1", "Name": "d3-ease", "Identifier": { "PURL": "pkg:npm/d3-ease@3.0.1", "UID": "12c798922b95ec50", "BOMRef": "pkg:npm/d3-ease@3.0.1" }, "Version": "3.0.1", "Licenses": [ "BSD-3-Clause" ], "DependsOn": [ "d3-transition@3.0.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "d3-force-3d@3.0.6", "Name": "d3-force-3d", "Identifier": { "PURL": "pkg:npm/d3-force-3d@3.0.6", "UID": "3d7da0d57b7d2b79", "BOMRef": "pkg:npm/d3-force-3d@3.0.6" }, "Version": "3.0.6", "Licenses": [ "MIT" ], "DependsOn": [ "force-graph@1.50.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "d3-format@3.1.0", "Name": "d3-format", "Identifier": { "PURL": "pkg:npm/d3-format@3.1.0", "UID": "6818fdc824e09c76", "BOMRef": "pkg:npm/d3-format@3.1.0" }, "Version": "3.1.0", "Licenses": [ "ISC" ], "DependsOn": [ "d3-scale@4.0.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "d3-interpolate@3.0.1", "Name": "d3-interpolate", "Identifier": { "PURL": "pkg:npm/d3-interpolate@3.0.1", "UID": "92c2aacbd3afcf21", "BOMRef": "pkg:npm/d3-interpolate@3.0.1" }, "Version": "3.0.1", "Licenses": [ "ISC" ], "DependsOn": [ "d3-scale-chromatic@3.1.0", "d3-scale@4.0.2", "d3-transition@3.0.1", "d3-zoom@3.0.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "d3-octree@1.1.0", "Name": "d3-octree", "Identifier": { "PURL": "pkg:npm/d3-octree@1.1.0", "UID": "78ebfc37230bac8a", "BOMRef": "pkg:npm/d3-octree@1.1.0" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "d3-force-3d@3.0.6" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "d3-quadtree@3.0.1", "Name": "d3-quadtree", "Identifier": { "PURL": "pkg:npm/d3-quadtree@3.0.1", "UID": "2c656201fdc70fea", "BOMRef": "pkg:npm/d3-quadtree@3.0.1" }, "Version": "3.0.1", "Licenses": [ "ISC" ], "DependsOn": [ "d3-force-3d@3.0.6" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "d3-scale@4.0.2", "Name": "d3-scale", "Identifier": { "PURL": "pkg:npm/d3-scale@4.0.2", "UID": "818c8cad1e03d4da", "BOMRef": "pkg:npm/d3-scale@4.0.2" }, "Version": "4.0.2", "Licenses": [ "ISC" ], "DependsOn": [ "force-graph@1.50.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "d3-scale-chromatic@3.1.0", "Name": "d3-scale-chromatic", "Identifier": { "PURL": "pkg:npm/d3-scale-chromatic@3.1.0", "UID": "d0f124772b18cedd", "BOMRef": "pkg:npm/d3-scale-chromatic@3.1.0" }, "Version": "3.1.0", "Licenses": [ "ISC" ], "DependsOn": [ "force-graph@1.50.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "d3-selection@3.0.0", "Name": "d3-selection", "Identifier": { "PURL": "pkg:npm/d3-selection@3.0.0", "UID": "9adb771af9404c08", "BOMRef": "pkg:npm/d3-selection@3.0.0" }, "Version": "3.0.0", "Licenses": [ "ISC" ], "DependsOn": [ "d3-drag@3.0.0", "d3-transition@3.0.1", "d3-zoom@3.0.0", "float-tooltip@1.7.5", "force-graph@1.50.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "d3-time@3.1.0", "Name": "d3-time", "Identifier": { "PURL": "pkg:npm/d3-time@3.1.0", "UID": "eebb204772293034", "BOMRef": "pkg:npm/d3-time@3.1.0" }, "Version": "3.1.0", "Licenses": [ "ISC" ], "DependsOn": [ "d3-scale@4.0.2", "d3-time-format@4.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "d3-time-format@4.1.0", "Name": "d3-time-format", "Identifier": { "PURL": "pkg:npm/d3-time-format@4.1.0", "UID": "6a264672657b4d57", "BOMRef": "pkg:npm/d3-time-format@4.1.0" }, "Version": "4.1.0", "Licenses": [ "ISC" ], "DependsOn": [ "d3-scale@4.0.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "d3-timer@3.0.1", "Name": "d3-timer", "Identifier": { "PURL": "pkg:npm/d3-timer@3.0.1", "UID": "eb480767b101eefa", "BOMRef": "pkg:npm/d3-timer@3.0.1" }, "Version": "3.0.1", "Licenses": [ "ISC" ], "DependsOn": [ "d3-force-3d@3.0.6", "d3-transition@3.0.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "d3-transition@3.0.1", "Name": "d3-transition", "Identifier": { "PURL": "pkg:npm/d3-transition@3.0.1", "UID": "820fb10a6c980d03", "BOMRef": "pkg:npm/d3-transition@3.0.1" }, "Version": "3.0.1", "Licenses": [ "ISC" ], "DependsOn": [ "d3-zoom@3.0.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "d3-zoom@3.0.0", "Name": "d3-zoom", "Identifier": { "PURL": "pkg:npm/d3-zoom@3.0.0", "UID": "dc54f27624f7d890", "BOMRef": "pkg:npm/d3-zoom@3.0.0" }, "Version": "3.0.0", "Licenses": [ "ISC" ], "DependsOn": [ "force-graph@1.50.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "data-urls@4.0.0", "Name": "data-urls", "Identifier": { "PURL": "pkg:npm/data-urls@4.0.0", "UID": "8241ca40125fd391", "BOMRef": "pkg:npm/data-urls@4.0.0" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "jsdom@22.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "data-view-buffer@1.0.2", "Name": "data-view-buffer", "Identifier": { "PURL": "pkg:npm/data-view-buffer@1.0.2", "UID": "95763f645b3dc0fe", "BOMRef": "pkg:npm/data-view-buffer@1.0.2" }, "Version": "1.0.2", "Licenses": [ "MIT" ], "DependsOn": [ "es-abstract@1.24.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "data-view-byte-length@1.0.2", "Name": "data-view-byte-length", "Identifier": { "PURL": "pkg:npm/data-view-byte-length@1.0.2", "UID": "34c5f8702530443d", "BOMRef": "pkg:npm/data-view-byte-length@1.0.2" }, "Version": "1.0.2", "Licenses": [ "MIT" ], "DependsOn": [ "es-abstract@1.24.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "data-view-byte-offset@1.0.1", "Name": "data-view-byte-offset", "Identifier": { "PURL": "pkg:npm/data-view-byte-offset@1.0.1", "UID": "513a97e68292832a", "BOMRef": "pkg:npm/data-view-byte-offset@1.0.1" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "es-abstract@1.24.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "debug@4.4.1", "Name": "debug", "Identifier": { "PURL": "pkg:npm/debug@4.4.1", "UID": "f81c0be03f6d453", "BOMRef": "pkg:npm/debug@4.4.1" }, "Version": "4.4.1", "Licenses": [ "MIT" ], "DependsOn": [ "@babel/core@7.28.0", "@babel/traverse@7.28.0", "@eslint/eslintrc@2.1.4", "@humanwhocodes/config-array@0.13.0", "agent-base@6.0.2", "eslint@8.57.1", "http-proxy-agent@5.0.0", "https-proxy-agent@5.0.1", "micromark@3.2.0", "vite-node@3.2.4", "vitest@3.2.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "decimal.js@10.5.0", "Name": "decimal.js", "Identifier": { "PURL": "pkg:npm/decimal.js@10.5.0", "UID": "7828e3872e477590", "BOMRef": "pkg:npm/decimal.js@10.5.0" }, "Version": "10.5.0", "Licenses": [ "MIT" ], "DependsOn": [ "jsdom@22.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "decode-named-character-reference@1.2.0", "Name": "decode-named-character-reference", "Identifier": { "PURL": "pkg:npm/decode-named-character-reference@1.2.0", "UID": "fd5a3dd207e14bdb", "BOMRef": "pkg:npm/decode-named-character-reference@1.2.0" }, "Version": "1.2.0", "Licenses": [ "MIT" ], "DependsOn": [ "mdast-util-from-markdown@1.3.1", "micromark-core-commonmark@1.1.0", "micromark-util-decode-string@1.1.0", "micromark@3.2.0", "parse-entities@4.0.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "deep-eql@5.0.2", "Name": "deep-eql", "Identifier": { "PURL": "pkg:npm/deep-eql@5.0.2", "UID": "c37035c8f39d2a8", "BOMRef": "pkg:npm/deep-eql@5.0.2" }, "Version": "5.0.2", "Licenses": [ "MIT" ], "DependsOn": [ "chai@5.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "deep-equal@2.2.3", "Name": "deep-equal", "Identifier": { "PURL": "pkg:npm/deep-equal@2.2.3", "UID": "63e94d3c874b8908", "BOMRef": "pkg:npm/deep-equal@2.2.3" }, "Version": "2.2.3", "Licenses": [ "MIT" ], "DependsOn": [ "aria-query@5.1.3" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "deep-is@0.1.4", "Name": "deep-is", "Identifier": { "PURL": "pkg:npm/deep-is@0.1.4", "UID": "af75d4d056eda2fd", "BOMRef": "pkg:npm/deep-is@0.1.4" }, "Version": "0.1.4", "Licenses": [ "MIT" ], "DependsOn": [ "optionator@0.9.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "define-data-property@1.1.4", "Name": "define-data-property", "Identifier": { "PURL": "pkg:npm/define-data-property@1.1.4", "UID": "ca8fce15bd0b4036", "BOMRef": "pkg:npm/define-data-property@1.1.4" }, "Version": "1.1.4", "Licenses": [ "MIT" ], "DependsOn": [ "define-properties@1.2.1", "iterator.prototype@1.1.5", "set-function-length@1.2.2", "set-function-name@2.0.2", "string.prototype.trim@1.2.10" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "define-properties@1.2.1", "Name": "define-properties", "Identifier": { "PURL": "pkg:npm/define-properties@1.2.1", "UID": "38fcf6df0a0e71b1", "BOMRef": "pkg:npm/define-properties@1.2.1" }, "Version": "1.2.1", "Licenses": [ "MIT" ], "DependsOn": [ "array-includes@3.1.9", "array.prototype.findlast@1.2.5", "array.prototype.flat@1.3.3", "array.prototype.flatmap@1.3.3", "array.prototype.tosorted@1.1.4", "arraybuffer.prototype.slice@1.0.4", "es-iterator-helpers@1.2.1", "function.prototype.name@1.1.8", "globalthis@1.0.4", "object-is@1.1.6", "object.assign@4.1.7", "object.entries@1.1.9", "object.fromentries@2.0.8", "object.values@1.2.1", "reflect.getprototypeof@1.0.10", "regexp.prototype.flags@1.5.4", "string.prototype.matchall@4.0.12", "string.prototype.repeat@1.0.0", "string.prototype.trim@1.2.10", "string.prototype.trimend@1.0.9", "string.prototype.trimstart@1.0.8" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "delayed-stream@1.0.0", "Name": "delayed-stream", "Identifier": { "PURL": "pkg:npm/delayed-stream@1.0.0", "UID": "4b7f75aab2de6538", "BOMRef": "pkg:npm/delayed-stream@1.0.0" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "combined-stream@1.0.8" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "dequal@2.0.3", "Name": "dequal", "Identifier": { "PURL": "pkg:npm/dequal@2.0.3", "UID": "a411a277dd7da661", "BOMRef": "pkg:npm/dequal@2.0.3" }, "Version": "2.0.3", "Licenses": [ "MIT" ], "DependsOn": [ "@uppy/components@0.2.0", "aria-query@5.3.0", "uvu@0.5.6" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "dereference-json-schema@0.2.1", "Name": "dereference-json-schema", "Identifier": { "PURL": "pkg:npm/dereference-json-schema@0.2.1", "UID": "7fc81b4e1843d6dd", "BOMRef": "pkg:npm/dereference-json-schema@0.2.1" }, "Version": "0.2.1", "Licenses": [ "MIT" ], "DependsOn": [ "openapi-client-axios@7.6.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "detect-libc@1.0.3", "Name": "detect-libc", "Identifier": { "PURL": "pkg:npm/detect-libc@1.0.3", "UID": "aac6e4051bf02f04", "BOMRef": "pkg:npm/detect-libc@1.0.3" }, "Version": "1.0.3", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "@parcel/watcher@2.5.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "detect-libc@2.0.4", "Name": "detect-libc", "Identifier": { "PURL": "pkg:npm/detect-libc@2.0.4", "UID": "e74ffa6bd5d46152", "BOMRef": "ee9a3b84-948d-4803-ac0c-b73e727fde64" }, "Version": "2.0.4", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "detect-libc@2.0.4", "Name": "detect-libc", "Identifier": { "PURL": "pkg:npm/detect-libc@2.0.4", "UID": "bc387e0c99c398d3", "BOMRef": "eb507374-2598-4c3f-9b46-45a46a29a2d6" }, "Version": "2.0.4", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "@tailwindcss/oxide@4.1.11", "lightningcss@1.30.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "diff@5.2.0", "Name": "diff", "Identifier": { "PURL": "pkg:npm/diff@5.2.0", "UID": "d674b3f4e198d7cd", "BOMRef": "pkg:npm/diff@5.2.0" }, "Version": "5.2.0", "Licenses": [ "BSD-3-Clause" ], "DependsOn": [ "react-diff-viewer-continued@3.4.0", "uvu@0.5.6" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "doctrine@2.1.0", "Name": "doctrine", "Identifier": { "PURL": "pkg:npm/doctrine@2.1.0", "UID": "217307cafe1a840c", "BOMRef": "pkg:npm/doctrine@2.1.0" }, "Version": "2.1.0", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "eslint-plugin-react@7.37.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "doctrine@3.0.0", "Name": "doctrine", "Identifier": { "PURL": "pkg:npm/doctrine@3.0.0", "UID": "590f118506b8bdb3", "BOMRef": "pkg:npm/doctrine@3.0.0" }, "Version": "3.0.0", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "eslint@8.57.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "dom-accessibility-api@0.5.16", "Name": "dom-accessibility-api", "Identifier": { "PURL": "pkg:npm/dom-accessibility-api@0.5.16", "UID": "4da29ede5314a3ea", "BOMRef": "pkg:npm/dom-accessibility-api@0.5.16" }, "Version": "0.5.16", "Licenses": [ "MIT" ], "DependsOn": [ "@testing-library/dom@10.4.0", "@testing-library/dom@8.20.1", "@testing-library/jest-dom@5.17.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "dom-helpers@5.2.1", "Name": "dom-helpers", "Identifier": { "PURL": "pkg:npm/dom-helpers@5.2.1", "UID": "2a9d056311bc73b6", "BOMRef": "pkg:npm/dom-helpers@5.2.1" }, "Version": "5.2.1", "Licenses": [ "MIT" ], "DependsOn": [ "react-transition-group@4.4.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "domexception@4.0.0", "Name": "domexception", "Identifier": { "PURL": "pkg:npm/domexception@4.0.0", "UID": "cf040894a3067427", "BOMRef": "pkg:npm/domexception@4.0.0" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "jsdom@22.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "dot-case@3.0.4", "Name": "dot-case", "Identifier": { "PURL": "pkg:npm/dot-case@3.0.4", "UID": "2787696e63750fdf", "BOMRef": "pkg:npm/dot-case@3.0.4" }, "Version": "3.0.4", "Licenses": [ "MIT" ], "DependsOn": [ "snake-case@3.0.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "dunder-proto@1.0.1", "Name": "dunder-proto", "Identifier": { "PURL": "pkg:npm/dunder-proto@1.0.1", "UID": "98b4be77adec37b7", "BOMRef": "pkg:npm/dunder-proto@1.0.1" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "get-proto@1.0.1", "has-proto@1.2.0", "set-proto@1.0.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "electron-to-chromium@1.5.179", "Name": "electron-to-chromium", "Identifier": { "PURL": "pkg:npm/electron-to-chromium@1.5.179", "UID": "10e88f58c6b0ee04", "BOMRef": "pkg:npm/electron-to-chromium@1.5.179" }, "Version": "1.5.179", "Licenses": [ "ISC" ], "DependsOn": [ "browserslist@4.25.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "enhanced-resolve@5.18.2", "Name": "enhanced-resolve", "Identifier": { "PURL": "pkg:npm/enhanced-resolve@5.18.2", "UID": "183d80276ebcb199", "BOMRef": "pkg:npm/enhanced-resolve@5.18.2" }, "Version": "5.18.2", "Licenses": [ "MIT" ], "DependsOn": [ "@tailwindcss/cli@4.1.11", "@tailwindcss/node@4.1.11" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "entities@4.5.0", "Name": "entities", "Identifier": { "PURL": "pkg:npm/entities@4.5.0", "UID": "a3960c124371fb4d", "BOMRef": "pkg:npm/entities@4.5.0" }, "Version": "4.5.0", "Licenses": [ "BSD-2-Clause" ], "DependsOn": [ "@svgr/hast-util-to-babel-ast@8.0.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "entities@6.0.1", "Name": "entities", "Identifier": { "PURL": "pkg:npm/entities@6.0.1", "UID": "9318c963af363b71", "BOMRef": "pkg:npm/entities@6.0.1" }, "Version": "6.0.1", "Licenses": [ "BSD-2-Clause" ], "DependsOn": [ "parse5@7.3.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "error-ex@1.3.2", "Name": "error-ex", "Identifier": { "PURL": "pkg:npm/error-ex@1.3.2", "UID": "25cb50b0fef7bba9", "BOMRef": "pkg:npm/error-ex@1.3.2" }, "Version": "1.3.2", "Licenses": [ "MIT" ], "DependsOn": [ "parse-json@5.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "es-abstract@1.24.0", "Name": "es-abstract", "Identifier": { "PURL": "pkg:npm/es-abstract@1.24.0", "UID": "4ad12b217127f55a", "BOMRef": "pkg:npm/es-abstract@1.24.0" }, "Version": "1.24.0", "Licenses": [ "MIT" ], "DependsOn": [ "array-includes@3.1.9", "array.prototype.findlast@1.2.5", "array.prototype.flat@1.3.3", "array.prototype.flatmap@1.3.3", "array.prototype.tosorted@1.1.4", "arraybuffer.prototype.slice@1.0.4", "es-iterator-helpers@1.2.1", "object.fromentries@2.0.8", "reflect.getprototypeof@1.0.10", "string.prototype.matchall@4.0.12", "string.prototype.repeat@1.0.0", "string.prototype.trim@1.2.10" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "es-define-property@1.0.1", "Name": "es-define-property", "Identifier": { "PURL": "pkg:npm/es-define-property@1.0.1", "UID": "37d65ad9f91e3563", "BOMRef": "pkg:npm/es-define-property@1.0.1" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "call-bind@1.0.8", "define-data-property@1.1.4", "es-abstract@1.24.0", "get-intrinsic@1.3.0", "has-property-descriptors@1.0.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "es-errors@1.3.0", "Name": "es-errors", "Identifier": { "PURL": "pkg:npm/es-errors@1.3.0", "UID": "750d86c6c6435677", "BOMRef": "pkg:npm/es-errors@1.3.0" }, "Version": "1.3.0", "Licenses": [ "MIT" ], "DependsOn": [ "array.prototype.findlast@1.2.5", "array.prototype.tosorted@1.1.4", "arraybuffer.prototype.slice@1.0.4", "call-bind-apply-helpers@1.0.2", "data-view-buffer@1.0.2", "data-view-byte-length@1.0.2", "data-view-byte-offset@1.0.1", "define-data-property@1.1.4", "dunder-proto@1.0.1", "es-abstract@1.24.0", "es-iterator-helpers@1.2.1", "es-object-atoms@1.1.1", "es-set-tostringtag@2.1.0", "get-intrinsic@1.3.0", "get-symbol-description@1.1.0", "internal-slot@1.1.0", "reflect.getprototypeof@1.0.10", "regexp.prototype.flags@1.5.4", "safe-push-apply@1.0.0", "safe-regex-test@1.1.0", "set-function-length@1.2.2", "set-function-name@2.0.2", "set-proto@1.0.0", "side-channel-list@1.0.0", "side-channel-map@1.0.1", "side-channel-weakmap@1.0.2", "side-channel@1.1.0", "stop-iteration-iterator@1.1.0", "string.prototype.matchall@4.0.12", "typed-array-buffer@1.0.3" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "es-get-iterator@1.1.3", "Name": "es-get-iterator", "Identifier": { "PURL": "pkg:npm/es-get-iterator@1.1.3", "UID": "fd57676e91a40bd7", "BOMRef": "pkg:npm/es-get-iterator@1.1.3" }, "Version": "1.1.3", "Licenses": [ "MIT" ], "DependsOn": [ "deep-equal@2.2.3" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "es-iterator-helpers@1.2.1", "Name": "es-iterator-helpers", "Identifier": { "PURL": "pkg:npm/es-iterator-helpers@1.2.1", "UID": "f650196e8c673de2", "BOMRef": "pkg:npm/es-iterator-helpers@1.2.1" }, "Version": "1.2.1", "Licenses": [ "MIT" ], "DependsOn": [ "eslint-plugin-react@7.37.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "es-module-lexer@1.7.0", "Name": "es-module-lexer", "Identifier": { "PURL": "pkg:npm/es-module-lexer@1.7.0", "UID": "b7e76a7f52bd1ef7", "BOMRef": "pkg:npm/es-module-lexer@1.7.0" }, "Version": "1.7.0", "Licenses": [ "MIT" ], "DependsOn": [ "vite-node@3.2.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "es-object-atoms@1.1.1", "Name": "es-object-atoms", "Identifier": { "PURL": "pkg:npm/es-object-atoms@1.1.1", "UID": "ce534dec16086ec2", "BOMRef": "pkg:npm/es-object-atoms@1.1.1" }, "Version": "1.1.1", "Licenses": [ "MIT" ], "DependsOn": [ "array-includes@3.1.9", "array.prototype.findlast@1.2.5", "es-abstract@1.24.0", "get-intrinsic@1.3.0", "get-proto@1.0.1", "iterator.prototype@1.1.5", "object.assign@4.1.7", "object.entries@1.1.9", "object.fromentries@2.0.8", "object.values@1.2.1", "reflect.getprototypeof@1.0.10", "set-proto@1.0.0", "string.prototype.matchall@4.0.12", "string.prototype.trim@1.2.10", "string.prototype.trimend@1.0.9", "string.prototype.trimstart@1.0.8" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "es-set-tostringtag@2.1.0", "Name": "es-set-tostringtag", "Identifier": { "PURL": "pkg:npm/es-set-tostringtag@2.1.0", "UID": "73491ba4e5f6b78c", "BOMRef": "pkg:npm/es-set-tostringtag@2.1.0" }, "Version": "2.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "es-abstract@1.24.0", "es-iterator-helpers@1.2.1", "form-data@4.0.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "es-shim-unscopables@1.1.0", "Name": "es-shim-unscopables", "Identifier": { "PURL": "pkg:npm/es-shim-unscopables@1.1.0", "UID": "8816b98a06ca4fac", "BOMRef": "pkg:npm/es-shim-unscopables@1.1.0" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "array.prototype.findlast@1.2.5", "array.prototype.flat@1.3.3", "array.prototype.flatmap@1.3.3", "array.prototype.tosorted@1.1.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "es-to-primitive@1.3.0", "Name": "es-to-primitive", "Identifier": { "PURL": "pkg:npm/es-to-primitive@1.3.0", "UID": "1ba690321565a0df", "BOMRef": "pkg:npm/es-to-primitive@1.3.0" }, "Version": "1.3.0", "Licenses": [ "MIT" ], "DependsOn": [ "es-abstract@1.24.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "esbuild@0.25.5", "Name": "esbuild", "Identifier": { "PURL": "pkg:npm/esbuild@0.25.5", "UID": "433d4f671727a631", "BOMRef": "pkg:npm/esbuild@0.25.5" }, "Version": "0.25.5", "Licenses": [ "MIT" ], "DependsOn": [ "vite@6.4.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "escalade@3.2.0", "Name": "escalade", "Identifier": { "PURL": "pkg:npm/escalade@3.2.0", "UID": "87f98c2ef4ce234c", "BOMRef": "pkg:npm/escalade@3.2.0" }, "Version": "3.2.0", "Licenses": [ "MIT" ], "DependsOn": [ "update-browserslist-db@1.1.3" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "escape-string-regexp@2.0.0", "Name": "escape-string-regexp", "Identifier": { "PURL": "pkg:npm/escape-string-regexp@2.0.0", "UID": "6f48f85be1df2d82", "BOMRef": "pkg:npm/escape-string-regexp@2.0.0" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "stack-utils@2.0.6" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "escape-string-regexp@4.0.0", "Name": "escape-string-regexp", "Identifier": { "PURL": "pkg:npm/escape-string-regexp@4.0.0", "UID": "8c2a38db63417ce1", "BOMRef": "pkg:npm/escape-string-regexp@4.0.0" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "@emotion/babel-plugin@11.13.5", "eslint@8.57.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "eslint@8.57.1", "Name": "eslint", "Identifier": { "PURL": "pkg:npm/eslint@8.57.1", "UID": "d2eb0cd61c1dc507", "BOMRef": "pkg:npm/eslint@8.57.1" }, "Version": "8.57.1", "Licenses": [ "MIT" ], "DependsOn": [ "@eslint-community/eslint-utils@4.7.0", "eslint-config-google@0.14.0", "eslint-config-prettier@8.10.0", "eslint-plugin-react@7.37.5", "qdrant-web-ui@0.2.5", "vite-plugin-eslint@1.8.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "eslint-config-google@0.14.0", "Name": "eslint-config-google", "Identifier": { "PURL": "pkg:npm/eslint-config-google@0.14.0", "UID": "d0d74f384e390ebc", "BOMRef": "pkg:npm/eslint-config-google@0.14.0" }, "Version": "0.14.0", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "eslint-config-prettier@8.10.0", "Name": "eslint-config-prettier", "Identifier": { "PURL": "pkg:npm/eslint-config-prettier@8.10.0", "UID": "f9a6f342d196bc72", "BOMRef": "pkg:npm/eslint-config-prettier@8.10.0" }, "Version": "8.10.0", "Licenses": [ "MIT" ], "DependsOn": [ "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "eslint-plugin-react@7.37.5", "Name": "eslint-plugin-react", "Identifier": { "PURL": "pkg:npm/eslint-plugin-react@7.37.5", "UID": "b3c0ec23a0f6cd7", "BOMRef": "pkg:npm/eslint-plugin-react@7.37.5" }, "Version": "7.37.5", "Licenses": [ "MIT" ], "DependsOn": [ "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "eslint-scope@7.2.2", "Name": "eslint-scope", "Identifier": { "PURL": "pkg:npm/eslint-scope@7.2.2", "UID": "85f8d47882ba3924", "BOMRef": "pkg:npm/eslint-scope@7.2.2" }, "Version": "7.2.2", "Licenses": [ "BSD-2-Clause" ], "DependsOn": [ "eslint@8.57.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "eslint-visitor-keys@3.4.3", "Name": "eslint-visitor-keys", "Identifier": { "PURL": "pkg:npm/eslint-visitor-keys@3.4.3", "UID": "8e9f9666255451a8", "BOMRef": "pkg:npm/eslint-visitor-keys@3.4.3" }, "Version": "3.4.3", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "@eslint-community/eslint-utils@4.7.0", "eslint@8.57.1", "espree@9.6.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "espree@9.6.1", "Name": "espree", "Identifier": { "PURL": "pkg:npm/espree@9.6.1", "UID": "7b221ab19a9732dc", "BOMRef": "pkg:npm/espree@9.6.1" }, "Version": "9.6.1", "Licenses": [ "BSD-2-Clause" ], "DependsOn": [ "@eslint/eslintrc@2.1.4", "eslint@8.57.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "esquery@1.6.0", "Name": "esquery", "Identifier": { "PURL": "pkg:npm/esquery@1.6.0", "UID": "2e0143ab13b95f99", "BOMRef": "pkg:npm/esquery@1.6.0" }, "Version": "1.6.0", "Licenses": [ "BSD-3-Clause" ], "DependsOn": [ "eslint@8.57.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "esrecurse@4.3.0", "Name": "esrecurse", "Identifier": { "PURL": "pkg:npm/esrecurse@4.3.0", "UID": "6a34f41a9e69178f", "BOMRef": "pkg:npm/esrecurse@4.3.0" }, "Version": "4.3.0", "Licenses": [ "BSD-2-Clause" ], "DependsOn": [ "eslint-scope@7.2.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "estraverse@5.3.0", "Name": "estraverse", "Identifier": { "PURL": "pkg:npm/estraverse@5.3.0", "UID": "3ead121da4953921", "BOMRef": "pkg:npm/estraverse@5.3.0" }, "Version": "5.3.0", "Licenses": [ "BSD-2-Clause" ], "DependsOn": [ "eslint-plugin-react@7.37.5", "eslint-scope@7.2.2", "esquery@1.6.0", "esrecurse@4.3.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "estree-util-attach-comments@2.1.1", "Name": "estree-util-attach-comments", "Identifier": { "PURL": "pkg:npm/estree-util-attach-comments@2.1.1", "UID": "d9746d5ce1f18cf3", "BOMRef": "pkg:npm/estree-util-attach-comments@2.1.1" }, "Version": "2.1.1", "Licenses": [ "MIT" ], "DependsOn": [ "hast-util-to-estree@2.3.3" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "estree-util-build-jsx@2.2.2", "Name": "estree-util-build-jsx", "Identifier": { "PURL": "pkg:npm/estree-util-build-jsx@2.2.2", "UID": "de7ee760bec0d245", "BOMRef": "pkg:npm/estree-util-build-jsx@2.2.2" }, "Version": "2.2.2", "Licenses": [ "MIT" ], "DependsOn": [ "@mdx-js/mdx@2.3.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "estree-util-is-identifier-name@2.1.0", "Name": "estree-util-is-identifier-name", "Identifier": { "PURL": "pkg:npm/estree-util-is-identifier-name@2.1.0", "UID": "c3c7c557f38bac83", "BOMRef": "pkg:npm/estree-util-is-identifier-name@2.1.0" }, "Version": "2.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "@mdx-js/mdx@2.3.0", "estree-util-build-jsx@2.2.2", "hast-util-to-estree@2.3.3", "micromark-extension-mdx-jsx@1.0.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "estree-util-to-js@1.2.0", "Name": "estree-util-to-js", "Identifier": { "PURL": "pkg:npm/estree-util-to-js@1.2.0", "UID": "4b095e432f01173f", "BOMRef": "pkg:npm/estree-util-to-js@1.2.0" }, "Version": "1.2.0", "Licenses": [ "MIT" ], "DependsOn": [ "@mdx-js/mdx@2.3.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "estree-util-visit@1.2.1", "Name": "estree-util-visit", "Identifier": { "PURL": "pkg:npm/estree-util-visit@1.2.1", "UID": "7db72908f98574f0", "BOMRef": "pkg:npm/estree-util-visit@1.2.1" }, "Version": "1.2.1", "Licenses": [ "MIT" ], "DependsOn": [ "micromark-util-events-to-acorn@1.2.3" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "estree-walker@2.0.2", "Name": "estree-walker", "Identifier": { "PURL": "pkg:npm/estree-walker@2.0.2", "UID": "78edce535ef8c195", "BOMRef": "9e29d566-9325-4ab8-8dcf-3d80a25d7247" }, "Version": "2.0.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "estree-walker@2.0.2", "Name": "estree-walker", "Identifier": { "PURL": "pkg:npm/estree-walker@2.0.2", "UID": "3a3f88a14dc28cfe", "BOMRef": "c59646ff-b6a0-4575-b4ef-4d7cb0f3fa57" }, "Version": "2.0.2", "Licenses": [ "MIT" ], "DependsOn": [ "@rollup/pluginutils@4.2.1", "@rollup/pluginutils@5.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "estree-walker@3.0.3", "Name": "estree-walker", "Identifier": { "PURL": "pkg:npm/estree-walker@3.0.3", "UID": "575f688b70888f83", "BOMRef": "pkg:npm/estree-walker@3.0.3" }, "Version": "3.0.3", "Licenses": [ "MIT" ], "DependsOn": [ "@mdx-js/mdx@2.3.0", "@vitest/mocker@3.2.4", "estree-util-build-jsx@2.2.2", "periscopic@3.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "esutils@2.0.3", "Name": "esutils", "Identifier": { "PURL": "pkg:npm/esutils@2.0.3", "UID": "2afe36d2120ac1f", "BOMRef": "pkg:npm/esutils@2.0.3" }, "Version": "2.0.3", "Licenses": [ "BSD-2-Clause" ], "DependsOn": [ "doctrine@2.1.0", "doctrine@3.0.0", "eslint@8.57.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "eventemitter3@5.0.1", "Name": "eventemitter3", "Identifier": { "PURL": "pkg:npm/eventemitter3@5.0.1", "UID": "6d3402649d932a11", "BOMRef": "pkg:npm/eventemitter3@5.0.1" }, "Version": "5.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "p-queue@8.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "exifr@7.1.3", "Name": "exifr", "Identifier": { "PURL": "pkg:npm/exifr@7.1.3", "UID": "5b44849f5f7768bb", "BOMRef": "pkg:npm/exifr@7.1.3" }, "Version": "7.1.3", "Licenses": [ "MIT" ], "DependsOn": [ "@uppy/thumbnail-generator@4.1.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "expect@30.0.4", "Name": "expect", "Identifier": { "PURL": "pkg:npm/expect@30.0.4", "UID": "ee17471d2ff56346", "BOMRef": "pkg:npm/expect@30.0.4" }, "Version": "30.0.4", "Licenses": [ "MIT" ], "DependsOn": [ "@types/jest@30.0.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "expect-type@1.2.1", "Name": "expect-type", "Identifier": { "PURL": "pkg:npm/expect-type@1.2.1", "UID": "718c550687660d0e", "BOMRef": "pkg:npm/expect-type@1.2.1" }, "Version": "1.2.1", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "vitest@3.2.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "extend@3.0.2", "Name": "extend", "Identifier": { "PURL": "pkg:npm/extend@3.0.2", "UID": "1b0a201eb3a4a2e2", "BOMRef": "pkg:npm/extend@3.0.2" }, "Version": "3.0.2", "Licenses": [ "MIT" ], "DependsOn": [ "unified@10.1.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "fast-deep-equal@3.1.3", "Name": "fast-deep-equal", "Identifier": { "PURL": "pkg:npm/fast-deep-equal@3.1.3", "UID": "a14737f1a8b1c296", "BOMRef": "pkg:npm/fast-deep-equal@3.1.3" }, "Version": "3.1.3", "Licenses": [ "MIT" ], "DependsOn": [ "ajv@6.12.6", "eslint@8.57.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "fast-json-stable-stringify@2.1.0", "Name": "fast-json-stable-stringify", "Identifier": { "PURL": "pkg:npm/fast-json-stable-stringify@2.1.0", "UID": "82ac7adf81d291b3", "BOMRef": "pkg:npm/fast-json-stable-stringify@2.1.0" }, "Version": "2.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "ajv@6.12.6" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "fast-levenshtein@2.0.6", "Name": "fast-levenshtein", "Identifier": { "PURL": "pkg:npm/fast-levenshtein@2.0.6", "UID": "bf1c223f28babf7", "BOMRef": "pkg:npm/fast-levenshtein@2.0.6" }, "Version": "2.0.6", "Licenses": [ "MIT" ], "DependsOn": [ "optionator@0.9.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "fastq@1.19.1", "Name": "fastq", "Identifier": { "PURL": "pkg:npm/fastq@1.19.1", "UID": "b9b22c62f574eb64", "BOMRef": "pkg:npm/fastq@1.19.1" }, "Version": "1.19.1", "Licenses": [ "ISC" ], "DependsOn": [ "@nodelib/fs.walk@1.2.8" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "fdir@6.4.6", "Name": "fdir", "Identifier": { "PURL": "pkg:npm/fdir@6.4.6", "UID": "fc5c55d98513ef88", "BOMRef": "pkg:npm/fdir@6.4.6" }, "Version": "6.4.6", "Licenses": [ "MIT" ], "DependsOn": [ "tinyglobby@0.2.14", "vite@6.4.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "file-entry-cache@6.0.1", "Name": "file-entry-cache", "Identifier": { "PURL": "pkg:npm/file-entry-cache@6.0.1", "UID": "7da71681f657423e", "BOMRef": "pkg:npm/file-entry-cache@6.0.1" }, "Version": "6.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "eslint@8.57.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "fill-range@7.1.1", "Name": "fill-range", "Identifier": { "PURL": "pkg:npm/fill-range@7.1.1", "UID": "8fe829780ba1c74e", "BOMRef": "pkg:npm/fill-range@7.1.1" }, "Version": "7.1.1", "Licenses": [ "MIT" ], "DependsOn": [ "braces@3.0.3" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "find-root@1.1.0", "Name": "find-root", "Identifier": { "PURL": "pkg:npm/find-root@1.1.0", "UID": "25cb321c6abfff3a", "BOMRef": "pkg:npm/find-root@1.1.0" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "@emotion/babel-plugin@11.13.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "find-up@5.0.0", "Name": "find-up", "Identifier": { "PURL": "pkg:npm/find-up@5.0.0", "UID": "274c5bf842d05581", "BOMRef": "pkg:npm/find-up@5.0.0" }, "Version": "5.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "eslint@8.57.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "flat-cache@3.2.0", "Name": "flat-cache", "Identifier": { "PURL": "pkg:npm/flat-cache@3.2.0", "UID": "206943cb10da8cce", "BOMRef": "pkg:npm/flat-cache@3.2.0" }, "Version": "3.2.0", "Licenses": [ "MIT" ], "DependsOn": [ "file-entry-cache@6.0.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "flatted@3.3.3", "Name": "flatted", "Identifier": { "PURL": "pkg:npm/flatted@3.3.3", "UID": "eacf8e537c68d754", "BOMRef": "pkg:npm/flatted@3.3.3" }, "Version": "3.3.3", "Licenses": [ "ISC" ], "DependsOn": [ "flat-cache@3.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "float-tooltip@1.7.5", "Name": "float-tooltip", "Identifier": { "PURL": "pkg:npm/float-tooltip@1.7.5", "UID": "a5cca7fe6987f550", "BOMRef": "pkg:npm/float-tooltip@1.7.5" }, "Version": "1.7.5", "Licenses": [ "MIT" ], "DependsOn": [ "force-graph@1.50.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "follow-redirects@1.15.9", "Name": "follow-redirects", "Identifier": { "PURL": "pkg:npm/follow-redirects@1.15.9", "UID": "bfb0d7bb176f2019", "BOMRef": "pkg:npm/follow-redirects@1.15.9" }, "Version": "1.15.9", "Licenses": [ "MIT" ], "DependsOn": [ "axios@1.12.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "for-each@0.3.5", "Name": "for-each", "Identifier": { "PURL": "pkg:npm/for-each@0.3.5", "UID": "88dab91ccaca4c2e", "BOMRef": "pkg:npm/for-each@0.3.5" }, "Version": "0.3.5", "Licenses": [ "MIT" ], "DependsOn": [ "typed-array-byte-length@1.0.3", "typed-array-byte-offset@1.0.4", "typed-array-length@1.0.7", "which-typed-array@1.1.19" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "force-graph@1.50.1", "Name": "force-graph", "Identifier": { "PURL": "pkg:npm/force-graph@1.50.1", "UID": "ecf6de560e4dbd4a", "BOMRef": "pkg:npm/force-graph@1.50.1" }, "Version": "1.50.1", "Licenses": [ "MIT" ], "DependsOn": [ "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "form-data@4.0.4", "Name": "form-data", "Identifier": { "PURL": "pkg:npm/form-data@4.0.4", "UID": "a4b651fd1c6ec73a", "BOMRef": "pkg:npm/form-data@4.0.4" }, "Version": "4.0.4", "Licenses": [ "MIT" ], "DependsOn": [ "axios@1.12.2", "jsdom@22.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "fs.realpath@1.0.0", "Name": "fs.realpath", "Identifier": { "PURL": "pkg:npm/fs.realpath@1.0.0", "UID": "f080e7d0f6f8cf23", "BOMRef": "pkg:npm/fs.realpath@1.0.0" }, "Version": "1.0.0", "Licenses": [ "ISC" ], "DependsOn": [ "glob@7.2.3" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "function-bind@1.1.2", "Name": "function-bind", "Identifier": { "PURL": "pkg:npm/function-bind@1.1.2", "UID": "3a79ddd95281222a", "BOMRef": "pkg:npm/function-bind@1.1.2" }, "Version": "1.1.2", "Licenses": [ "MIT" ], "DependsOn": [ "call-bind-apply-helpers@1.0.2", "es-iterator-helpers@1.2.1", "get-intrinsic@1.3.0", "hasown@2.0.2", "set-function-length@1.2.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "function.prototype.name@1.1.8", "Name": "function.prototype.name", "Identifier": { "PURL": "pkg:npm/function.prototype.name@1.1.8", "UID": "b0780aac3d05107d", "BOMRef": "pkg:npm/function.prototype.name@1.1.8" }, "Version": "1.1.8", "Licenses": [ "MIT" ], "DependsOn": [ "es-abstract@1.24.0", "which-builtin-type@1.2.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "functions-have-names@1.2.3", "Name": "functions-have-names", "Identifier": { "PURL": "pkg:npm/functions-have-names@1.2.3", "UID": "123f5a7408a3630e", "BOMRef": "pkg:npm/functions-have-names@1.2.3" }, "Version": "1.2.3", "Licenses": [ "MIT" ], "DependsOn": [ "function.prototype.name@1.1.8", "set-function-name@2.0.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "gensync@1.0.0-beta.2", "Name": "gensync", "Identifier": { "PURL": "pkg:npm/gensync@1.0.0-beta.2", "UID": "1f042dfdfc3b944f", "BOMRef": "pkg:npm/gensync@1.0.0-beta.2" }, "Version": "1.0.0-beta.2", "Licenses": [ "MIT" ], "DependsOn": [ "@babel/core@7.28.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "get-intrinsic@1.3.0", "Name": "get-intrinsic", "Identifier": { "PURL": "pkg:npm/get-intrinsic@1.3.0", "UID": "408641d6ade431a", "BOMRef": "pkg:npm/get-intrinsic@1.3.0" }, "Version": "1.3.0", "Licenses": [ "MIT" ], "DependsOn": [ "array-includes@3.1.9", "arraybuffer.prototype.slice@1.0.4", "call-bind@1.0.8", "call-bound@1.0.4", "deep-equal@2.2.3", "es-abstract@1.24.0", "es-get-iterator@1.1.3", "es-iterator-helpers@1.2.1", "es-set-tostringtag@2.1.0", "get-symbol-description@1.1.0", "is-array-buffer@3.0.5", "is-data-view@1.0.2", "is-weakset@2.0.4", "iterator.prototype@1.1.5", "own-keys@1.0.1", "reflect.getprototypeof@1.0.10", "safe-array-concat@1.1.3", "set-function-length@1.2.2", "side-channel-map@1.0.1", "side-channel-weakmap@1.0.2", "string.prototype.matchall@4.0.12" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "get-proto@1.0.1", "Name": "get-proto", "Identifier": { "PURL": "pkg:npm/get-proto@1.0.1", "UID": "59ba77f424e07f2e", "BOMRef": "pkg:npm/get-proto@1.0.1" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "es-abstract@1.24.0", "get-intrinsic@1.3.0", "is-async-function@2.1.1", "is-generator-function@1.1.0", "iterator.prototype@1.1.5", "reflect.getprototypeof@1.0.10", "regexp.prototype.flags@1.5.4", "which-typed-array@1.1.19" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "get-symbol-description@1.1.0", "Name": "get-symbol-description", "Identifier": { "PURL": "pkg:npm/get-symbol-description@1.1.0", "UID": "f6c5ccf0550e9176", "BOMRef": "pkg:npm/get-symbol-description@1.1.0" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "es-abstract@1.24.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "glob@7.2.3", "Name": "glob", "Identifier": { "PURL": "pkg:npm/glob@7.2.3", "UID": "ec1679ec77b06a82", "BOMRef": "pkg:npm/glob@7.2.3" }, "Version": "7.2.3", "Licenses": [ "ISC" ], "DependsOn": [ "rimraf@3.0.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "glob-parent@6.0.2", "Name": "glob-parent", "Identifier": { "PURL": "pkg:npm/glob-parent@6.0.2", "UID": "8abd63c61355867a", "BOMRef": "pkg:npm/glob-parent@6.0.2" }, "Version": "6.0.2", "Licenses": [ "ISC" ], "DependsOn": [ "eslint@8.57.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "globals@13.24.0", "Name": "globals", "Identifier": { "PURL": "pkg:npm/globals@13.24.0", "UID": "62293d069ce585a9", "BOMRef": "pkg:npm/globals@13.24.0" }, "Version": "13.24.0", "Licenses": [ "MIT" ], "DependsOn": [ "@eslint/eslintrc@2.1.4", "eslint@8.57.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "globalthis@1.0.4", "Name": "globalthis", "Identifier": { "PURL": "pkg:npm/globalthis@1.0.4", "UID": "fc8bfd07ea474282", "BOMRef": "pkg:npm/globalthis@1.0.4" }, "Version": "1.0.4", "Licenses": [ "MIT" ], "DependsOn": [ "es-abstract@1.24.0", "es-iterator-helpers@1.2.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "goober@2.1.16", "Name": "goober", "Identifier": { "PURL": "pkg:npm/goober@2.1.16", "UID": "31f7fee3466ce49b", "BOMRef": "pkg:npm/goober@2.1.16" }, "Version": "2.1.16", "Licenses": [ "MIT" ], "DependsOn": [ "notistack@3.0.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "gopd@1.2.0", "Name": "gopd", "Identifier": { "PURL": "pkg:npm/gopd@1.2.0", "UID": "ec59905a837c6213", "BOMRef": "pkg:npm/gopd@1.2.0" }, "Version": "1.2.0", "Licenses": [ "MIT" ], "DependsOn": [ "define-data-property@1.1.4", "dunder-proto@1.0.1", "es-abstract@1.24.0", "es-iterator-helpers@1.2.1", "get-intrinsic@1.3.0", "globalthis@1.0.4", "is-regex@1.2.1", "regexp.prototype.flags@1.5.4", "set-function-length@1.2.2", "string.prototype.matchall@4.0.12", "typed-array-byte-length@1.0.3", "typed-array-byte-offset@1.0.4", "typed-array-length@1.0.7", "which-typed-array@1.1.19" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "graceful-fs@4.2.11", "Name": "graceful-fs", "Identifier": { "PURL": "pkg:npm/graceful-fs@4.2.11", "UID": "475729c04f21f350", "BOMRef": "pkg:npm/graceful-fs@4.2.11" }, "Version": "4.2.11", "Licenses": [ "ISC" ], "DependsOn": [ "enhanced-resolve@5.18.2", "jest-message-util@30.0.2", "jest-util@30.0.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "graphemer@1.4.0", "Name": "graphemer", "Identifier": { "PURL": "pkg:npm/graphemer@1.4.0", "UID": "3b20eff7a8b075a0", "BOMRef": "pkg:npm/graphemer@1.4.0" }, "Version": "1.4.0", "Licenses": [ "MIT" ], "DependsOn": [ "eslint@8.57.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "has-bigints@1.1.0", "Name": "has-bigints", "Identifier": { "PURL": "pkg:npm/has-bigints@1.1.0", "UID": "b59e277aad9e3bc0", "BOMRef": "pkg:npm/has-bigints@1.1.0" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "is-bigint@1.1.0", "unbox-primitive@1.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "has-flag@4.0.0", "Name": "has-flag", "Identifier": { "PURL": "pkg:npm/has-flag@4.0.0", "UID": "486dfb03af9e2208", "BOMRef": "pkg:npm/has-flag@4.0.0" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "supports-color@7.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "has-property-descriptors@1.0.2", "Name": "has-property-descriptors", "Identifier": { "PURL": "pkg:npm/has-property-descriptors@1.0.2", "UID": "5149805c62982cd4", "BOMRef": "pkg:npm/has-property-descriptors@1.0.2" }, "Version": "1.0.2", "Licenses": [ "MIT" ], "DependsOn": [ "define-properties@1.2.1", "es-abstract@1.24.0", "es-iterator-helpers@1.2.1", "set-function-length@1.2.2", "set-function-name@2.0.2", "string.prototype.trim@1.2.10" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "has-proto@1.2.0", "Name": "has-proto", "Identifier": { "PURL": "pkg:npm/has-proto@1.2.0", "UID": "52b595be0b3ac9de", "BOMRef": "pkg:npm/has-proto@1.2.0" }, "Version": "1.2.0", "Licenses": [ "MIT" ], "DependsOn": [ "es-abstract@1.24.0", "es-iterator-helpers@1.2.1", "typed-array-byte-length@1.0.3", "typed-array-byte-offset@1.0.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "has-symbols@1.1.0", "Name": "has-symbols", "Identifier": { "PURL": "pkg:npm/has-symbols@1.1.0", "UID": "670a4155695a26c0", "BOMRef": "pkg:npm/has-symbols@1.1.0" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "es-abstract@1.24.0", "es-get-iterator@1.1.3", "es-iterator-helpers@1.2.1", "get-intrinsic@1.3.0", "has-tostringtag@1.0.2", "is-symbol@1.1.1", "iterator.prototype@1.1.5", "object.assign@4.1.7", "safe-array-concat@1.1.3", "string.prototype.matchall@4.0.12", "unbox-primitive@1.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "has-tostringtag@1.0.2", "Name": "has-tostringtag", "Identifier": { "PURL": "pkg:npm/has-tostringtag@1.0.2", "UID": "ed098511d815cb09", "BOMRef": "pkg:npm/has-tostringtag@1.0.2" }, "Version": "1.0.2", "Licenses": [ "MIT" ], "DependsOn": [ "es-set-tostringtag@2.1.0", "is-arguments@1.2.0", "is-async-function@2.1.1", "is-boolean-object@1.2.2", "is-date-object@1.1.0", "is-generator-function@1.1.0", "is-number-object@1.1.1", "is-regex@1.2.1", "is-string@1.1.1", "which-builtin-type@1.2.1", "which-typed-array@1.1.19" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "hasown@2.0.2", "Name": "hasown", "Identifier": { "PURL": "pkg:npm/hasown@2.0.2", "UID": "72cdcb6e863620cc", "BOMRef": "pkg:npm/hasown@2.0.2" }, "Version": "2.0.2", "Licenses": [ "MIT" ], "DependsOn": [ "es-abstract@1.24.0", "es-set-tostringtag@2.1.0", "es-shim-unscopables@1.1.0", "eslint-plugin-react@7.37.5", "form-data@4.0.4", "function.prototype.name@1.1.8", "get-intrinsic@1.3.0", "internal-slot@1.1.0", "is-core-module@2.16.1", "is-regex@1.2.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "hast-util-to-estree@2.3.3", "Name": "hast-util-to-estree", "Identifier": { "PURL": "pkg:npm/hast-util-to-estree@2.3.3", "UID": "20fb8435174eae24", "BOMRef": "pkg:npm/hast-util-to-estree@2.3.3" }, "Version": "2.3.3", "Licenses": [ "MIT" ], "DependsOn": [ "@mdx-js/mdx@2.3.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "hast-util-whitespace@2.0.1", "Name": "hast-util-whitespace", "Identifier": { "PURL": "pkg:npm/hast-util-whitespace@2.0.1", "UID": "b399e80dd288018f", "BOMRef": "pkg:npm/hast-util-whitespace@2.0.1" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "hast-util-to-estree@2.3.3" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "hoist-non-react-statics@3.3.2", "Name": "hoist-non-react-statics", "Identifier": { "PURL": "pkg:npm/hoist-non-react-statics@3.3.2", "UID": "83d5fe29d9e933bc", "BOMRef": "pkg:npm/hoist-non-react-statics@3.3.2" }, "Version": "3.3.2", "Licenses": [ "BSD-3-Clause" ], "DependsOn": [ "@emotion/react@11.14.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "html-encoding-sniffer@3.0.0", "Name": "html-encoding-sniffer", "Identifier": { "PURL": "pkg:npm/html-encoding-sniffer@3.0.0", "UID": "ad639e549654c1cf", "BOMRef": "pkg:npm/html-encoding-sniffer@3.0.0" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "jsdom@22.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "http-proxy-agent@5.0.0", "Name": "http-proxy-agent", "Identifier": { "PURL": "pkg:npm/http-proxy-agent@5.0.0", "UID": "b8183d68cc03fdd2", "BOMRef": "pkg:npm/http-proxy-agent@5.0.0" }, "Version": "5.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "jsdom@22.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "https-proxy-agent@5.0.1", "Name": "https-proxy-agent", "Identifier": { "PURL": "pkg:npm/https-proxy-agent@5.0.1", "UID": "2b9cee233285b4a7", "BOMRef": "pkg:npm/https-proxy-agent@5.0.1" }, "Version": "5.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "jsdom@22.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "iconv-lite@0.6.3", "Name": "iconv-lite", "Identifier": { "PURL": "pkg:npm/iconv-lite@0.6.3", "UID": "b4d8be77b8b5b018", "BOMRef": "pkg:npm/iconv-lite@0.6.3" }, "Version": "0.6.3", "Licenses": [ "MIT" ], "DependsOn": [ "whatwg-encoding@2.0.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "ignore@5.3.2", "Name": "ignore", "Identifier": { "PURL": "pkg:npm/ignore@5.3.2", "UID": "1de3dcbaad73e581", "BOMRef": "pkg:npm/ignore@5.3.2" }, "Version": "5.3.2", "Licenses": [ "MIT" ], "DependsOn": [ "@eslint/eslintrc@2.1.4", "eslint@8.57.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "import-fresh@3.3.1", "Name": "import-fresh", "Identifier": { "PURL": "pkg:npm/import-fresh@3.3.1", "UID": "c24363a8471e1d4a", "BOMRef": "pkg:npm/import-fresh@3.3.1" }, "Version": "3.3.1", "Licenses": [ "MIT" ], "DependsOn": [ "@eslint/eslintrc@2.1.4", "cosmiconfig@7.1.0", "cosmiconfig@8.3.6" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "imurmurhash@0.1.4", "Name": "imurmurhash", "Identifier": { "PURL": "pkg:npm/imurmurhash@0.1.4", "UID": "ad1818ee9abe278d", "BOMRef": "pkg:npm/imurmurhash@0.1.4" }, "Version": "0.1.4", "Licenses": [ "MIT" ], "DependsOn": [ "eslint@8.57.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "indent-string@4.0.0", "Name": "indent-string", "Identifier": { "PURL": "pkg:npm/indent-string@4.0.0", "UID": "774783b562aa8b45", "BOMRef": "pkg:npm/indent-string@4.0.0" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "redent@3.0.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "index-array-by@1.4.2", "Name": "index-array-by", "Identifier": { "PURL": "pkg:npm/index-array-by@1.4.2", "UID": "4949ac580270a058", "BOMRef": "pkg:npm/index-array-by@1.4.2" }, "Version": "1.4.2", "Licenses": [ "MIT" ], "DependsOn": [ "force-graph@1.50.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "inflight@1.0.6", "Name": "inflight", "Identifier": { "PURL": "pkg:npm/inflight@1.0.6", "UID": "17717ba662770253", "BOMRef": "pkg:npm/inflight@1.0.6" }, "Version": "1.0.6", "Licenses": [ "ISC" ], "DependsOn": [ "glob@7.2.3" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "inherits@2.0.4", "Name": "inherits", "Identifier": { "PURL": "pkg:npm/inherits@2.0.4", "UID": "30ad06273ad8634f", "BOMRef": "pkg:npm/inherits@2.0.4" }, "Version": "2.0.4", "Licenses": [ "ISC" ], "DependsOn": [ "glob@7.2.3" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "inline-style-parser@0.1.1", "Name": "inline-style-parser", "Identifier": { "PURL": "pkg:npm/inline-style-parser@0.1.1", "UID": "8ab8a794da45ba4b", "BOMRef": "pkg:npm/inline-style-parser@0.1.1" }, "Version": "0.1.1", "Licenses": [ "MIT" ], "DependsOn": [ "style-to-object@0.4.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "internal-slot@1.1.0", "Name": "internal-slot", "Identifier": { "PURL": "pkg:npm/internal-slot@1.1.0", "UID": "cfca6105e4db6e82", "BOMRef": "pkg:npm/internal-slot@1.1.0" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "es-abstract@1.24.0", "es-iterator-helpers@1.2.1", "stop-iteration-iterator@1.1.0", "string.prototype.matchall@4.0.12" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "internmap@2.0.3", "Name": "internmap", "Identifier": { "PURL": "pkg:npm/internmap@2.0.3", "UID": "90d603a023137958", "BOMRef": "pkg:npm/internmap@2.0.3" }, "Version": "2.0.3", "Licenses": [ "ISC" ], "DependsOn": [ "d3-array@3.2.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "is-alphabetical@2.0.1", "Name": "is-alphabetical", "Identifier": { "PURL": "pkg:npm/is-alphabetical@2.0.1", "UID": "d8ab6d7ef558297a", "BOMRef": "pkg:npm/is-alphabetical@2.0.1" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "is-alphanumerical@2.0.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "is-alphanumerical@2.0.1", "Name": "is-alphanumerical", "Identifier": { "PURL": "pkg:npm/is-alphanumerical@2.0.1", "UID": "a8e7333af9ee83b5", "BOMRef": "pkg:npm/is-alphanumerical@2.0.1" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "parse-entities@4.0.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "is-arguments@1.2.0", "Name": "is-arguments", "Identifier": { "PURL": "pkg:npm/is-arguments@1.2.0", "UID": "7d0d08ec8937e1ba", "BOMRef": "pkg:npm/is-arguments@1.2.0" }, "Version": "1.2.0", "Licenses": [ "MIT" ], "DependsOn": [ "deep-equal@2.2.3", "es-get-iterator@1.1.3" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "is-array-buffer@3.0.5", "Name": "is-array-buffer", "Identifier": { "PURL": "pkg:npm/is-array-buffer@3.0.5", "UID": "44f57088d1eb732b", "BOMRef": "pkg:npm/is-array-buffer@3.0.5" }, "Version": "3.0.5", "Licenses": [ "MIT" ], "DependsOn": [ "array-buffer-byte-length@1.0.2", "arraybuffer.prototype.slice@1.0.4", "deep-equal@2.2.3", "es-abstract@1.24.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "is-arrayish@0.2.1", "Name": "is-arrayish", "Identifier": { "PURL": "pkg:npm/is-arrayish@0.2.1", "UID": "3f96bd6473a7e2d0", "BOMRef": "pkg:npm/is-arrayish@0.2.1" }, "Version": "0.2.1", "Licenses": [ "MIT" ], "DependsOn": [ "error-ex@1.3.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "is-async-function@2.1.1", "Name": "is-async-function", "Identifier": { "PURL": "pkg:npm/is-async-function@2.1.1", "UID": "fbfbb404943d6cda", "BOMRef": "pkg:npm/is-async-function@2.1.1" }, "Version": "2.1.1", "Licenses": [ "MIT" ], "DependsOn": [ "which-builtin-type@1.2.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "is-bigint@1.1.0", "Name": "is-bigint", "Identifier": { "PURL": "pkg:npm/is-bigint@1.1.0", "UID": "4ad66c482a7282bb", "BOMRef": "pkg:npm/is-bigint@1.1.0" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "which-boxed-primitive@1.1.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "is-boolean-object@1.2.2", "Name": "is-boolean-object", "Identifier": { "PURL": "pkg:npm/is-boolean-object@1.2.2", "UID": "634de34329b14664", "BOMRef": "pkg:npm/is-boolean-object@1.2.2" }, "Version": "1.2.2", "Licenses": [ "MIT" ], "DependsOn": [ "which-boxed-primitive@1.1.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "is-buffer@2.0.5", "Name": "is-buffer", "Identifier": { "PURL": "pkg:npm/is-buffer@2.0.5", "UID": "d2a7950b77551d6", "BOMRef": "pkg:npm/is-buffer@2.0.5" }, "Version": "2.0.5", "Licenses": [ "MIT" ], "DependsOn": [ "unified@10.1.2", "vfile@5.3.7" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "is-callable@1.2.7", "Name": "is-callable", "Identifier": { "PURL": "pkg:npm/is-callable@1.2.7", "UID": "ee0e66fdcce1f7b5", "BOMRef": "pkg:npm/is-callable@1.2.7" }, "Version": "1.2.7", "Licenses": [ "MIT" ], "DependsOn": [ "es-abstract@1.24.0", "es-to-primitive@1.3.0", "for-each@0.3.5", "function.prototype.name@1.1.8" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "is-core-module@2.16.1", "Name": "is-core-module", "Identifier": { "PURL": "pkg:npm/is-core-module@2.16.1", "UID": "3945a4e351738797", "BOMRef": "pkg:npm/is-core-module@2.16.1" }, "Version": "2.16.1", "Licenses": [ "MIT" ], "DependsOn": [ "resolve@1.22.10", "resolve@2.0.0-next.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "is-data-view@1.0.2", "Name": "is-data-view", "Identifier": { "PURL": "pkg:npm/is-data-view@1.0.2", "UID": "477b34e1e61f38d6", "BOMRef": "pkg:npm/is-data-view@1.0.2" }, "Version": "1.0.2", "Licenses": [ "MIT" ], "DependsOn": [ "data-view-buffer@1.0.2", "data-view-byte-length@1.0.2", "data-view-byte-offset@1.0.1", "es-abstract@1.24.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "is-date-object@1.1.0", "Name": "is-date-object", "Identifier": { "PURL": "pkg:npm/is-date-object@1.1.0", "UID": "893a4a2b9bdbc8ef", "BOMRef": "pkg:npm/is-date-object@1.1.0" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "deep-equal@2.2.3", "es-to-primitive@1.3.0", "which-builtin-type@1.2.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "is-decimal@2.0.1", "Name": "is-decimal", "Identifier": { "PURL": "pkg:npm/is-decimal@2.0.1", "UID": "eb519799470713c3", "BOMRef": "pkg:npm/is-decimal@2.0.1" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "is-alphanumerical@2.0.1", "parse-entities@4.0.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "is-extglob@2.1.1", "Name": "is-extglob", "Identifier": { "PURL": "pkg:npm/is-extglob@2.1.1", "UID": "5b138455b269e5ab", "BOMRef": "pkg:npm/is-extglob@2.1.1" }, "Version": "2.1.1", "Licenses": [ "MIT" ], "DependsOn": [ "is-glob@4.0.3" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "is-finalizationregistry@1.1.1", "Name": "is-finalizationregistry", "Identifier": { "PURL": "pkg:npm/is-finalizationregistry@1.1.1", "UID": "99aaba2a77236dd3", "BOMRef": "pkg:npm/is-finalizationregistry@1.1.1" }, "Version": "1.1.1", "Licenses": [ "MIT" ], "DependsOn": [ "which-builtin-type@1.2.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "is-generator-function@1.1.0", "Name": "is-generator-function", "Identifier": { "PURL": "pkg:npm/is-generator-function@1.1.0", "UID": "b31b2166a19e0286", "BOMRef": "pkg:npm/is-generator-function@1.1.0" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "which-builtin-type@1.2.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "is-glob@4.0.3", "Name": "is-glob", "Identifier": { "PURL": "pkg:npm/is-glob@4.0.3", "UID": "9f073ab4b5d602a1", "BOMRef": "pkg:npm/is-glob@4.0.3" }, "Version": "4.0.3", "Licenses": [ "MIT" ], "DependsOn": [ "@parcel/watcher@2.5.1", "eslint@8.57.1", "glob-parent@6.0.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "is-hexadecimal@2.0.1", "Name": "is-hexadecimal", "Identifier": { "PURL": "pkg:npm/is-hexadecimal@2.0.1", "UID": "c46a39eeb7ae19bf", "BOMRef": "pkg:npm/is-hexadecimal@2.0.1" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "parse-entities@4.0.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "is-map@2.0.3", "Name": "is-map", "Identifier": { "PURL": "pkg:npm/is-map@2.0.3", "UID": "c250aa3151d06adc", "BOMRef": "pkg:npm/is-map@2.0.3" }, "Version": "2.0.3", "Licenses": [ "MIT" ], "DependsOn": [ "es-get-iterator@1.1.3", "which-collection@1.0.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "is-negative-zero@2.0.3", "Name": "is-negative-zero", "Identifier": { "PURL": "pkg:npm/is-negative-zero@2.0.3", "UID": "a9186e416d56f31", "BOMRef": "pkg:npm/is-negative-zero@2.0.3" }, "Version": "2.0.3", "Licenses": [ "MIT" ], "DependsOn": [ "es-abstract@1.24.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "is-network-error@1.1.0", "Name": "is-network-error", "Identifier": { "PURL": "pkg:npm/is-network-error@1.1.0", "UID": "ef860a7cef6afe2d", "BOMRef": "pkg:npm/is-network-error@1.1.0" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "p-retry@6.2.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "is-number@7.0.0", "Name": "is-number", "Identifier": { "PURL": "pkg:npm/is-number@7.0.0", "UID": "ffb6a01e66fbe7b6", "BOMRef": "pkg:npm/is-number@7.0.0" }, "Version": "7.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "to-regex-range@5.0.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "is-number-object@1.1.1", "Name": "is-number-object", "Identifier": { "PURL": "pkg:npm/is-number-object@1.1.1", "UID": "d5ad1a65d413c4fe", "BOMRef": "pkg:npm/is-number-object@1.1.1" }, "Version": "1.1.1", "Licenses": [ "MIT" ], "DependsOn": [ "which-boxed-primitive@1.1.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "is-path-inside@3.0.3", "Name": "is-path-inside", "Identifier": { "PURL": "pkg:npm/is-path-inside@3.0.3", "UID": "ad15000c7f4e2b51", "BOMRef": "pkg:npm/is-path-inside@3.0.3" }, "Version": "3.0.3", "Licenses": [ "MIT" ], "DependsOn": [ "eslint@8.57.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "is-plain-obj@4.1.0", "Name": "is-plain-obj", "Identifier": { "PURL": "pkg:npm/is-plain-obj@4.1.0", "UID": "5474c021d05a257a", "BOMRef": "pkg:npm/is-plain-obj@4.1.0" }, "Version": "4.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "unified@10.1.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "is-potential-custom-element-name@1.0.1", "Name": "is-potential-custom-element-name", "Identifier": { "PURL": "pkg:npm/is-potential-custom-element-name@1.0.1", "UID": "1382a0b390f26d00", "BOMRef": "pkg:npm/is-potential-custom-element-name@1.0.1" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "jsdom@22.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "is-reference@3.0.3", "Name": "is-reference", "Identifier": { "PURL": "pkg:npm/is-reference@3.0.3", "UID": "7a3aa5fa7ccad3ec", "BOMRef": "pkg:npm/is-reference@3.0.3" }, "Version": "3.0.3", "Licenses": [ "MIT" ], "DependsOn": [ "periscopic@3.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "is-regex@1.2.1", "Name": "is-regex", "Identifier": { "PURL": "pkg:npm/is-regex@1.2.1", "UID": "92e1edd9b92816eb", "BOMRef": "pkg:npm/is-regex@1.2.1" }, "Version": "1.2.1", "Licenses": [ "MIT" ], "DependsOn": [ "deep-equal@2.2.3", "es-abstract@1.24.0", "safe-regex-test@1.1.0", "which-builtin-type@1.2.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "is-set@2.0.3", "Name": "is-set", "Identifier": { "PURL": "pkg:npm/is-set@2.0.3", "UID": "3ceaead4dd0f9ed4", "BOMRef": "pkg:npm/is-set@2.0.3" }, "Version": "2.0.3", "Licenses": [ "MIT" ], "DependsOn": [ "es-abstract@1.24.0", "es-get-iterator@1.1.3", "which-collection@1.0.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "is-shared-array-buffer@1.0.4", "Name": "is-shared-array-buffer", "Identifier": { "PURL": "pkg:npm/is-shared-array-buffer@1.0.4", "UID": "e567ab581a8e3d57", "BOMRef": "pkg:npm/is-shared-array-buffer@1.0.4" }, "Version": "1.0.4", "Licenses": [ "MIT" ], "DependsOn": [ "deep-equal@2.2.3", "es-abstract@1.24.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "is-string@1.1.1", "Name": "is-string", "Identifier": { "PURL": "pkg:npm/is-string@1.1.1", "UID": "74e6b2f45a5be7ad", "BOMRef": "pkg:npm/is-string@1.1.1" }, "Version": "1.1.1", "Licenses": [ "MIT" ], "DependsOn": [ "array-includes@3.1.9", "es-abstract@1.24.0", "es-get-iterator@1.1.3", "which-boxed-primitive@1.1.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "is-symbol@1.1.1", "Name": "is-symbol", "Identifier": { "PURL": "pkg:npm/is-symbol@1.1.1", "UID": "a1c83fb9d3ba8cec", "BOMRef": "pkg:npm/is-symbol@1.1.1" }, "Version": "1.1.1", "Licenses": [ "MIT" ], "DependsOn": [ "es-to-primitive@1.3.0", "which-boxed-primitive@1.1.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "is-typed-array@1.1.15", "Name": "is-typed-array", "Identifier": { "PURL": "pkg:npm/is-typed-array@1.1.15", "UID": "8ffa1bf119964971", "BOMRef": "pkg:npm/is-typed-array@1.1.15" }, "Version": "1.1.15", "Licenses": [ "MIT" ], "DependsOn": [ "es-abstract@1.24.0", "is-data-view@1.0.2", "typed-array-buffer@1.0.3", "typed-array-byte-length@1.0.3", "typed-array-byte-offset@1.0.4", "typed-array-length@1.0.7" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "is-weakmap@2.0.2", "Name": "is-weakmap", "Identifier": { "PURL": "pkg:npm/is-weakmap@2.0.2", "UID": "ed867a431515ba42", "BOMRef": "pkg:npm/is-weakmap@2.0.2" }, "Version": "2.0.2", "Licenses": [ "MIT" ], "DependsOn": [ "which-collection@1.0.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "is-weakref@1.1.1", "Name": "is-weakref", "Identifier": { "PURL": "pkg:npm/is-weakref@1.1.1", "UID": "81c31877d97ade6c", "BOMRef": "pkg:npm/is-weakref@1.1.1" }, "Version": "1.1.1", "Licenses": [ "MIT" ], "DependsOn": [ "es-abstract@1.24.0", "which-builtin-type@1.2.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "is-weakset@2.0.4", "Name": "is-weakset", "Identifier": { "PURL": "pkg:npm/is-weakset@2.0.4", "UID": "7c3c000a1fba88e5", "BOMRef": "pkg:npm/is-weakset@2.0.4" }, "Version": "2.0.4", "Licenses": [ "MIT" ], "DependsOn": [ "which-collection@1.0.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "isarray@2.0.5", "Name": "isarray", "Identifier": { "PURL": "pkg:npm/isarray@2.0.5", "UID": "9e6f4fe7eca30052", "BOMRef": "pkg:npm/isarray@2.0.5" }, "Version": "2.0.5", "Licenses": [ "MIT" ], "DependsOn": [ "deep-equal@2.2.3", "es-get-iterator@1.1.3", "safe-array-concat@1.1.3", "safe-push-apply@1.0.0", "which-builtin-type@1.2.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "isexe@2.0.0", "Name": "isexe", "Identifier": { "PURL": "pkg:npm/isexe@2.0.0", "UID": "49aec8e3c41f009d", "BOMRef": "pkg:npm/isexe@2.0.0" }, "Version": "2.0.0", "Licenses": [ "ISC" ], "DependsOn": [ "which@2.0.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "iterator.prototype@1.1.5", "Name": "iterator.prototype", "Identifier": { "PURL": "pkg:npm/iterator.prototype@1.1.5", "UID": "e9aaface6d96c036", "BOMRef": "pkg:npm/iterator.prototype@1.1.5" }, "Version": "1.1.5", "Licenses": [ "MIT" ], "DependsOn": [ "es-iterator-helpers@1.2.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "jest-diff@30.0.4", "Name": "jest-diff", "Identifier": { "PURL": "pkg:npm/jest-diff@30.0.4", "UID": "71f2f91a04b86702", "BOMRef": "pkg:npm/jest-diff@30.0.4" }, "Version": "30.0.4", "Licenses": [ "MIT" ], "DependsOn": [ "jest-matcher-utils@30.0.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "jest-matcher-utils@30.0.4", "Name": "jest-matcher-utils", "Identifier": { "PURL": "pkg:npm/jest-matcher-utils@30.0.4", "UID": "45f3b3c4908f7912", "BOMRef": "pkg:npm/jest-matcher-utils@30.0.4" }, "Version": "30.0.4", "Licenses": [ "MIT" ], "DependsOn": [ "expect@30.0.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "jest-message-util@30.0.2", "Name": "jest-message-util", "Identifier": { "PURL": "pkg:npm/jest-message-util@30.0.2", "UID": "af698264a86bfb1f", "BOMRef": "pkg:npm/jest-message-util@30.0.2" }, "Version": "30.0.2", "Licenses": [ "MIT" ], "DependsOn": [ "expect@30.0.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "jest-mock@30.0.2", "Name": "jest-mock", "Identifier": { "PURL": "pkg:npm/jest-mock@30.0.2", "UID": "e7e2f6b9dfe200f4", "BOMRef": "pkg:npm/jest-mock@30.0.2" }, "Version": "30.0.2", "Licenses": [ "MIT" ], "DependsOn": [ "expect@30.0.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "jest-regex-util@30.0.1", "Name": "jest-regex-util", "Identifier": { "PURL": "pkg:npm/jest-regex-util@30.0.1", "UID": "519aa2d712433b4a", "BOMRef": "pkg:npm/jest-regex-util@30.0.1" }, "Version": "30.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "@jest/pattern@30.0.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "jest-util@30.0.2", "Name": "jest-util", "Identifier": { "PURL": "pkg:npm/jest-util@30.0.2", "UID": "dea2ca47c6580b32", "BOMRef": "pkg:npm/jest-util@30.0.2" }, "Version": "30.0.2", "Licenses": [ "MIT" ], "DependsOn": [ "expect@30.0.4", "jest-mock@30.0.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "jiti@2.4.2", "Name": "jiti", "Identifier": { "PURL": "pkg:npm/jiti@2.4.2", "UID": "298c100649f7c7df", "BOMRef": "pkg:npm/jiti@2.4.2" }, "Version": "2.4.2", "Licenses": [ "MIT" ], "DependsOn": [ "@tailwindcss/node@4.1.11", "vite@6.4.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "jose@5.10.0", "Name": "jose", "Identifier": { "PURL": "pkg:npm/jose@5.10.0", "UID": "d824c0828d91c9c4", "BOMRef": "pkg:npm/jose@5.10.0" }, "Version": "5.10.0", "Licenses": [ "MIT" ], "DependsOn": [ "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "js-tokens@4.0.0", "Name": "js-tokens", "Identifier": { "PURL": "pkg:npm/js-tokens@4.0.0", "UID": "ff7c14c347bd15db", "BOMRef": "pkg:npm/js-tokens@4.0.0" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "@babel/code-frame@7.27.1", "loose-envify@1.4.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "js-tokens@9.0.1", "Name": "js-tokens", "Identifier": { "PURL": "pkg:npm/js-tokens@9.0.1", "UID": "6c4d35e1209a95df", "BOMRef": "pkg:npm/js-tokens@9.0.1" }, "Version": "9.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "strip-literal@3.0.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "js-yaml@4.1.1", "Name": "js-yaml", "Identifier": { "PURL": "pkg:npm/js-yaml@4.1.1", "UID": "8615934954e8a7f0", "BOMRef": "pkg:npm/js-yaml@4.1.1" }, "Version": "4.1.1", "Licenses": [ "MIT" ], "DependsOn": [ "@eslint/eslintrc@2.1.4", "cosmiconfig@8.3.6", "eslint@8.57.1", "openapi-client-axios@7.6.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "jsdom@22.1.0", "Name": "jsdom", "Identifier": { "PURL": "pkg:npm/jsdom@22.1.0", "UID": "e305e88ca984a51e", "BOMRef": "pkg:npm/jsdom@22.1.0" }, "Version": "22.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "qdrant-web-ui@0.2.5", "vitest@3.2.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "jsesc@3.1.0", "Name": "jsesc", "Identifier": { "PURL": "pkg:npm/jsesc@3.1.0", "UID": "5e89926582bc0bc2", "BOMRef": "pkg:npm/jsesc@3.1.0" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "@babel/generator@7.28.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "json-buffer@3.0.1", "Name": "json-buffer", "Identifier": { "PURL": "pkg:npm/json-buffer@3.0.1", "UID": "f05932d702c3532d", "BOMRef": "pkg:npm/json-buffer@3.0.1" }, "Version": "3.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "keyv@4.5.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "json-parse-even-better-errors@2.3.1", "Name": "json-parse-even-better-errors", "Identifier": { "PURL": "pkg:npm/json-parse-even-better-errors@2.3.1", "UID": "ab2491eeffdc647", "BOMRef": "pkg:npm/json-parse-even-better-errors@2.3.1" }, "Version": "2.3.1", "Licenses": [ "MIT" ], "DependsOn": [ "parse-json@5.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "json-schema-traverse@0.4.1", "Name": "json-schema-traverse", "Identifier": { "PURL": "pkg:npm/json-schema-traverse@0.4.1", "UID": "39a580c325cb41fc", "BOMRef": "pkg:npm/json-schema-traverse@0.4.1" }, "Version": "0.4.1", "Licenses": [ "MIT" ], "DependsOn": [ "ajv@6.12.6" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "json-stable-stringify-without-jsonify@1.0.1", "Name": "json-stable-stringify-without-jsonify", "Identifier": { "PURL": "pkg:npm/json-stable-stringify-without-jsonify@1.0.1", "UID": "862d29963ddeebf", "BOMRef": "pkg:npm/json-stable-stringify-without-jsonify@1.0.1" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "eslint@8.57.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "json5@2.2.3", "Name": "json5", "Identifier": { "PURL": "pkg:npm/json5@2.2.3", "UID": "e1f9eeff6e1c381", "BOMRef": "pkg:npm/json5@2.2.3" }, "Version": "2.2.3", "Licenses": [ "MIT" ], "DependsOn": [ "@babel/core@7.28.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "jsonc-parser@3.3.1", "Name": "jsonc-parser", "Identifier": { "PURL": "pkg:npm/jsonc-parser@3.3.1", "UID": "511b68934b0010ad", "BOMRef": "pkg:npm/jsonc-parser@3.3.1" }, "Version": "3.3.1", "Licenses": [ "MIT" ], "DependsOn": [ "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "jsx-ast-utils@3.3.5", "Name": "jsx-ast-utils", "Identifier": { "PURL": "pkg:npm/jsx-ast-utils@3.3.5", "UID": "87ec249b3b55378", "BOMRef": "pkg:npm/jsx-ast-utils@3.3.5" }, "Version": "3.3.5", "Licenses": [ "MIT" ], "DependsOn": [ "eslint-plugin-react@7.37.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "jtd@0.1.1", "Name": "jtd", "Identifier": { "PURL": "pkg:npm/jtd@0.1.1", "UID": "a07d081740755590", "BOMRef": "pkg:npm/jtd@0.1.1" }, "Version": "0.1.1", "Licenses": [ "MIT" ], "DependsOn": [ "create-collection-form@0.0.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "kapsule@1.16.3", "Name": "kapsule", "Identifier": { "PURL": "pkg:npm/kapsule@1.16.3", "UID": "b3643a95fa1141d5", "BOMRef": "pkg:npm/kapsule@1.16.3" }, "Version": "1.16.3", "Licenses": [ "MIT" ], "DependsOn": [ "float-tooltip@1.7.5", "force-graph@1.50.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "keyv@4.5.4", "Name": "keyv", "Identifier": { "PURL": "pkg:npm/keyv@4.5.4", "UID": "245790affed79eb9", "BOMRef": "pkg:npm/keyv@4.5.4" }, "Version": "4.5.4", "Licenses": [ "MIT" ], "DependsOn": [ "flat-cache@3.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "kleur@4.1.5", "Name": "kleur", "Identifier": { "PURL": "pkg:npm/kleur@4.1.5", "UID": "c7ae4a00b945918c", "BOMRef": "pkg:npm/kleur@4.1.5" }, "Version": "4.1.5", "Licenses": [ "MIT" ], "DependsOn": [ "uvu@0.5.6" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "levn@0.4.1", "Name": "levn", "Identifier": { "PURL": "pkg:npm/levn@0.4.1", "UID": "513a617360026805", "BOMRef": "pkg:npm/levn@0.4.1" }, "Version": "0.4.1", "Licenses": [ "MIT" ], "DependsOn": [ "eslint@8.57.1", "optionator@0.9.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "lightningcss@1.30.1", "Name": "lightningcss", "Identifier": { "PURL": "pkg:npm/lightningcss@1.30.1", "UID": "89a2846bd1125b31", "BOMRef": "pkg:npm/lightningcss@1.30.1" }, "Version": "1.30.1", "Licenses": [ "MPL-2.0" ], "DependsOn": [ "@tailwindcss/node@4.1.11", "vite@6.4.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "lines-and-columns@1.2.4", "Name": "lines-and-columns", "Identifier": { "PURL": "pkg:npm/lines-and-columns@1.2.4", "UID": "50e184b6dfab223d", "BOMRef": "pkg:npm/lines-and-columns@1.2.4" }, "Version": "1.2.4", "Licenses": [ "MIT" ], "DependsOn": [ "parse-json@5.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "locate-path@6.0.0", "Name": "locate-path", "Identifier": { "PURL": "pkg:npm/locate-path@6.0.0", "UID": "7306b8a60dfb6499", "BOMRef": "pkg:npm/locate-path@6.0.0" }, "Version": "6.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "find-up@5.0.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "lodash@4.17.21", "Name": "lodash", "Identifier": { "PURL": "pkg:npm/lodash@4.17.21", "UID": "10f479cc7e576928", "BOMRef": "pkg:npm/lodash@4.17.21" }, "Version": "4.17.21", "Licenses": [ "MIT" ], "DependsOn": [ "@testing-library/jest-dom@5.17.0", "@uppy/core@4.4.7", "@uppy/dashboard@4.3.4", "@uppy/utils@6.1.5", "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "lodash-es@4.17.21", "Name": "lodash-es", "Identifier": { "PURL": "pkg:npm/lodash-es@4.17.21", "UID": "4ea9d8c1a6f6e4de", "BOMRef": "pkg:npm/lodash-es@4.17.21" }, "Version": "4.17.21", "Licenses": [ "MIT" ], "DependsOn": [ "force-graph@1.50.1", "kapsule@1.16.3" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "lodash.merge@4.6.2", "Name": "lodash.merge", "Identifier": { "PURL": "pkg:npm/lodash.merge@4.6.2", "UID": "2c7e279ae3955464", "BOMRef": "pkg:npm/lodash.merge@4.6.2" }, "Version": "4.6.2", "Licenses": [ "MIT" ], "DependsOn": [ "eslint@8.57.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "longest-streak@3.1.0", "Name": "longest-streak", "Identifier": { "PURL": "pkg:npm/longest-streak@3.1.0", "UID": "81bc2b2ff8b6c949", "BOMRef": "pkg:npm/longest-streak@3.1.0" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "mdast-util-to-markdown@1.5.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "loose-envify@1.4.0", "Name": "loose-envify", "Identifier": { "PURL": "pkg:npm/loose-envify@1.4.0", "UID": "b083c31299143da9", "BOMRef": "pkg:npm/loose-envify@1.4.0" }, "Version": "1.4.0", "Licenses": [ "MIT" ], "DependsOn": [ "prop-types@15.8.1", "react-dom@18.3.1", "react-transition-group@4.4.5", "react@18.3.1", "scheduler@0.23.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "loupe@3.1.4", "Name": "loupe", "Identifier": { "PURL": "pkg:npm/loupe@3.1.4", "UID": "9e2fa54432b1586e", "BOMRef": "pkg:npm/loupe@3.1.4" }, "Version": "3.1.4", "Licenses": [ "MIT" ], "DependsOn": [ "@vitest/utils@3.2.4", "chai@5.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "lower-case@2.0.2", "Name": "lower-case", "Identifier": { "PURL": "pkg:npm/lower-case@2.0.2", "UID": "f05450dd8d44e97a", "BOMRef": "pkg:npm/lower-case@2.0.2" }, "Version": "2.0.2", "Licenses": [ "MIT" ], "DependsOn": [ "no-case@3.0.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "lru-cache@5.1.1", "Name": "lru-cache", "Identifier": { "PURL": "pkg:npm/lru-cache@5.1.1", "UID": "aa631991161e160", "BOMRef": "pkg:npm/lru-cache@5.1.1" }, "Version": "5.1.1", "Licenses": [ "ISC" ], "DependsOn": [ "@babel/helper-compilation-targets@7.27.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "lucide-react@0.545.0", "Name": "lucide-react", "Identifier": { "PURL": "pkg:npm/lucide-react@0.545.0", "UID": "43122e684121ddc9", "BOMRef": "pkg:npm/lucide-react@0.545.0" }, "Version": "0.545.0", "Licenses": [ "ISC" ], "DependsOn": [ "create-collection-form@0.0.0", "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "lz-string@1.5.0", "Name": "lz-string", "Identifier": { "PURL": "pkg:npm/lz-string@1.5.0", "UID": "e9a531a8660c93b0", "BOMRef": "pkg:npm/lz-string@1.5.0" }, "Version": "1.5.0", "Licenses": [ "MIT" ], "DependsOn": [ "@testing-library/dom@10.4.0", "@testing-library/dom@8.20.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "magic-string@0.30.17", "Name": "magic-string", "Identifier": { "PURL": "pkg:npm/magic-string@0.30.17", "UID": "10611426c252c0c6", "BOMRef": "pkg:npm/magic-string@0.30.17" }, "Version": "0.30.17", "Licenses": [ "MIT" ], "DependsOn": [ "@tailwindcss/node@4.1.11", "@vitest/mocker@3.2.4", "@vitest/snapshot@3.2.4", "vitest@3.2.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "markdown-extensions@1.1.1", "Name": "markdown-extensions", "Identifier": { "PURL": "pkg:npm/markdown-extensions@1.1.1", "UID": "f470043b993a63fe", "BOMRef": "pkg:npm/markdown-extensions@1.1.1" }, "Version": "1.1.1", "Licenses": [ "MIT" ], "DependsOn": [ "@mdx-js/mdx@2.3.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "math-intrinsics@1.1.0", "Name": "math-intrinsics", "Identifier": { "PURL": "pkg:npm/math-intrinsics@1.1.0", "UID": "631adf58b6ce5ef2", "BOMRef": "pkg:npm/math-intrinsics@1.1.0" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "array-includes@3.1.9", "es-abstract@1.24.0", "get-intrinsic@1.3.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "mdast-util-definitions@5.1.2", "Name": "mdast-util-definitions", "Identifier": { "PURL": "pkg:npm/mdast-util-definitions@5.1.2", "UID": "94b43f7e0180778f", "BOMRef": "pkg:npm/mdast-util-definitions@5.1.2" }, "Version": "5.1.2", "Licenses": [ "MIT" ], "DependsOn": [ "mdast-util-to-hast@12.3.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "mdast-util-from-markdown@1.3.1", "Name": "mdast-util-from-markdown", "Identifier": { "PURL": "pkg:npm/mdast-util-from-markdown@1.3.1", "UID": "9258a9a08ce1c1a0", "BOMRef": "pkg:npm/mdast-util-from-markdown@1.3.1" }, "Version": "1.3.1", "Licenses": [ "MIT" ], "DependsOn": [ "mdast-util-mdx-expression@1.3.2", "mdast-util-mdx-jsx@2.1.4", "mdast-util-mdx@2.0.1", "mdast-util-mdxjs-esm@1.3.1", "remark-parse@10.0.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "mdast-util-mdx@2.0.1", "Name": "mdast-util-mdx", "Identifier": { "PURL": "pkg:npm/mdast-util-mdx@2.0.1", "UID": "c5571f4fb5683d72", "BOMRef": "pkg:npm/mdast-util-mdx@2.0.1" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "remark-mdx@2.3.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "mdast-util-mdx-expression@1.3.2", "Name": "mdast-util-mdx-expression", "Identifier": { "PURL": "pkg:npm/mdast-util-mdx-expression@1.3.2", "UID": "20ea64b4e58a662b", "BOMRef": "pkg:npm/mdast-util-mdx-expression@1.3.2" }, "Version": "1.3.2", "Licenses": [ "MIT" ], "DependsOn": [ "hast-util-to-estree@2.3.3", "mdast-util-mdx@2.0.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "mdast-util-mdx-jsx@2.1.4", "Name": "mdast-util-mdx-jsx", "Identifier": { "PURL": "pkg:npm/mdast-util-mdx-jsx@2.1.4", "UID": "5c21e1d4ebab9542", "BOMRef": "pkg:npm/mdast-util-mdx-jsx@2.1.4" }, "Version": "2.1.4", "Licenses": [ "MIT" ], "DependsOn": [ "mdast-util-mdx@2.0.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "mdast-util-mdxjs-esm@1.3.1", "Name": "mdast-util-mdxjs-esm", "Identifier": { "PURL": "pkg:npm/mdast-util-mdxjs-esm@1.3.1", "UID": "28117eac018d91cd", "BOMRef": "pkg:npm/mdast-util-mdxjs-esm@1.3.1" }, "Version": "1.3.1", "Licenses": [ "MIT" ], "DependsOn": [ "hast-util-to-estree@2.3.3", "mdast-util-mdx@2.0.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "mdast-util-phrasing@3.0.1", "Name": "mdast-util-phrasing", "Identifier": { "PURL": "pkg:npm/mdast-util-phrasing@3.0.1", "UID": "5907cd676daaebb5", "BOMRef": "pkg:npm/mdast-util-phrasing@3.0.1" }, "Version": "3.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "mdast-util-to-markdown@1.5.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "mdast-util-to-hast@12.3.0", "Name": "mdast-util-to-hast", "Identifier": { "PURL": "pkg:npm/mdast-util-to-hast@12.3.0", "UID": "289f9053638e49df", "BOMRef": "pkg:npm/mdast-util-to-hast@12.3.0" }, "Version": "12.3.0", "Licenses": [ "MIT" ], "DependsOn": [ "remark-rehype@10.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "mdast-util-to-markdown@1.5.0", "Name": "mdast-util-to-markdown", "Identifier": { "PURL": "pkg:npm/mdast-util-to-markdown@1.5.0", "UID": "3c265da5bf085381", "BOMRef": "pkg:npm/mdast-util-to-markdown@1.5.0" }, "Version": "1.5.0", "Licenses": [ "MIT" ], "DependsOn": [ "mdast-util-mdx-expression@1.3.2", "mdast-util-mdx-jsx@2.1.4", "mdast-util-mdx@2.0.1", "mdast-util-mdxjs-esm@1.3.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "mdast-util-to-string@3.2.0", "Name": "mdast-util-to-string", "Identifier": { "PURL": "pkg:npm/mdast-util-to-string@3.2.0", "UID": "db7584bfbce35a83", "BOMRef": "pkg:npm/mdast-util-to-string@3.2.0" }, "Version": "3.2.0", "Licenses": [ "MIT" ], "DependsOn": [ "mdast-util-from-markdown@1.3.1", "mdast-util-to-markdown@1.5.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "memoize-one@6.0.0", "Name": "memoize-one", "Identifier": { "PURL": "pkg:npm/memoize-one@6.0.0", "UID": "baa7e633d3bc6161", "BOMRef": "pkg:npm/memoize-one@6.0.0" }, "Version": "6.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "@uppy/dashboard@4.3.4", "react-diff-viewer-continued@3.4.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "micromark@3.2.0", "Name": "micromark", "Identifier": { "PURL": "pkg:npm/micromark@3.2.0", "UID": "7dd06f1c953dcdd4", "BOMRef": "pkg:npm/micromark@3.2.0" }, "Version": "3.2.0", "Licenses": [ "MIT" ], "DependsOn": [ "mdast-util-from-markdown@1.3.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "micromark-core-commonmark@1.1.0", "Name": "micromark-core-commonmark", "Identifier": { "PURL": "pkg:npm/micromark-core-commonmark@1.1.0", "UID": "c8869da5b1cbd74", "BOMRef": "pkg:npm/micromark-core-commonmark@1.1.0" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "micromark-extension-mdxjs-esm@1.0.5", "micromark@3.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "micromark-extension-mdx-expression@1.0.8", "Name": "micromark-extension-mdx-expression", "Identifier": { "PURL": "pkg:npm/micromark-extension-mdx-expression@1.0.8", "UID": "9ae8a5e2cb49da61", "BOMRef": "pkg:npm/micromark-extension-mdx-expression@1.0.8" }, "Version": "1.0.8", "Licenses": [ "MIT" ], "DependsOn": [ "micromark-extension-mdxjs@1.0.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "micromark-extension-mdx-jsx@1.0.5", "Name": "micromark-extension-mdx-jsx", "Identifier": { "PURL": "pkg:npm/micromark-extension-mdx-jsx@1.0.5", "UID": "16e5292d32a439ca", "BOMRef": "pkg:npm/micromark-extension-mdx-jsx@1.0.5" }, "Version": "1.0.5", "Licenses": [ "MIT" ], "DependsOn": [ "micromark-extension-mdxjs@1.0.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "micromark-extension-mdx-md@1.0.1", "Name": "micromark-extension-mdx-md", "Identifier": { "PURL": "pkg:npm/micromark-extension-mdx-md@1.0.1", "UID": "7d0ffef35d24c766", "BOMRef": "pkg:npm/micromark-extension-mdx-md@1.0.1" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "micromark-extension-mdxjs@1.0.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "micromark-extension-mdxjs@1.0.1", "Name": "micromark-extension-mdxjs", "Identifier": { "PURL": "pkg:npm/micromark-extension-mdxjs@1.0.1", "UID": "7155361b9968bed9", "BOMRef": "pkg:npm/micromark-extension-mdxjs@1.0.1" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "remark-mdx@2.3.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "micromark-extension-mdxjs-esm@1.0.5", "Name": "micromark-extension-mdxjs-esm", "Identifier": { "PURL": "pkg:npm/micromark-extension-mdxjs-esm@1.0.5", "UID": "78fb8bdcd38a45bd", "BOMRef": "pkg:npm/micromark-extension-mdxjs-esm@1.0.5" }, "Version": "1.0.5", "Licenses": [ "MIT" ], "DependsOn": [ "micromark-extension-mdxjs@1.0.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "micromark-factory-destination@1.1.0", "Name": "micromark-factory-destination", "Identifier": { "PURL": "pkg:npm/micromark-factory-destination@1.1.0", "UID": "56e93413c4d5dbd4", "BOMRef": "pkg:npm/micromark-factory-destination@1.1.0" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "micromark-core-commonmark@1.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "micromark-factory-label@1.1.0", "Name": "micromark-factory-label", "Identifier": { "PURL": "pkg:npm/micromark-factory-label@1.1.0", "UID": "352774e519b604f6", "BOMRef": "pkg:npm/micromark-factory-label@1.1.0" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "micromark-core-commonmark@1.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "micromark-factory-mdx-expression@1.0.9", "Name": "micromark-factory-mdx-expression", "Identifier": { "PURL": "pkg:npm/micromark-factory-mdx-expression@1.0.9", "UID": "f9c79e1eedac2a6a", "BOMRef": "pkg:npm/micromark-factory-mdx-expression@1.0.9" }, "Version": "1.0.9", "Licenses": [ "MIT" ], "DependsOn": [ "micromark-extension-mdx-expression@1.0.8", "micromark-extension-mdx-jsx@1.0.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "micromark-factory-space@1.1.0", "Name": "micromark-factory-space", "Identifier": { "PURL": "pkg:npm/micromark-factory-space@1.1.0", "UID": "36eca49662793273", "BOMRef": "pkg:npm/micromark-factory-space@1.1.0" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "micromark-core-commonmark@1.1.0", "micromark-extension-mdx-expression@1.0.8", "micromark-extension-mdx-jsx@1.0.5", "micromark-factory-title@1.1.0", "micromark-factory-whitespace@1.1.0", "micromark@3.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "micromark-factory-title@1.1.0", "Name": "micromark-factory-title", "Identifier": { "PURL": "pkg:npm/micromark-factory-title@1.1.0", "UID": "84bc99162c411940", "BOMRef": "pkg:npm/micromark-factory-title@1.1.0" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "micromark-core-commonmark@1.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "micromark-factory-whitespace@1.1.0", "Name": "micromark-factory-whitespace", "Identifier": { "PURL": "pkg:npm/micromark-factory-whitespace@1.1.0", "UID": "bb76a025abf74a89", "BOMRef": "pkg:npm/micromark-factory-whitespace@1.1.0" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "micromark-core-commonmark@1.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "micromark-util-character@1.2.0", "Name": "micromark-util-character", "Identifier": { "PURL": "pkg:npm/micromark-util-character@1.2.0", "UID": "806aee42327d8f8a", "BOMRef": "pkg:npm/micromark-util-character@1.2.0" }, "Version": "1.2.0", "Licenses": [ "MIT" ], "DependsOn": [ "micromark-core-commonmark@1.1.0", "micromark-extension-mdx-expression@1.0.8", "micromark-extension-mdx-jsx@1.0.5", "micromark-extension-mdxjs-esm@1.0.5", "micromark-factory-destination@1.1.0", "micromark-factory-label@1.1.0", "micromark-factory-mdx-expression@1.0.9", "micromark-factory-space@1.1.0", "micromark-factory-title@1.1.0", "micromark-factory-whitespace@1.1.0", "micromark-util-classify-character@1.1.0", "micromark-util-decode-string@1.1.0", "micromark-util-sanitize-uri@1.2.0", "micromark@3.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "micromark-util-chunked@1.1.0", "Name": "micromark-util-chunked", "Identifier": { "PURL": "pkg:npm/micromark-util-chunked@1.1.0", "UID": "ff7016a6406a89c3", "BOMRef": "pkg:npm/micromark-util-chunked@1.1.0" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "micromark-core-commonmark@1.1.0", "micromark-util-combine-extensions@1.1.0", "micromark-util-subtokenize@1.1.0", "micromark@3.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "micromark-util-classify-character@1.1.0", "Name": "micromark-util-classify-character", "Identifier": { "PURL": "pkg:npm/micromark-util-classify-character@1.1.0", "UID": "f1052d1da6f74a00", "BOMRef": "pkg:npm/micromark-util-classify-character@1.1.0" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "micromark-core-commonmark@1.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "micromark-util-combine-extensions@1.1.0", "Name": "micromark-util-combine-extensions", "Identifier": { "PURL": "pkg:npm/micromark-util-combine-extensions@1.1.0", "UID": "457f677b53626228", "BOMRef": "pkg:npm/micromark-util-combine-extensions@1.1.0" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "micromark-extension-mdxjs@1.0.1", "micromark@3.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "micromark-util-decode-numeric-character-reference@1.1.0", "Name": "micromark-util-decode-numeric-character-reference", "Identifier": { "PURL": "pkg:npm/micromark-util-decode-numeric-character-reference@1.1.0", "UID": "76e35dfe10cb4f0d", "BOMRef": "pkg:npm/micromark-util-decode-numeric-character-reference@1.1.0" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "mdast-util-from-markdown@1.3.1", "micromark-util-decode-string@1.1.0", "micromark@3.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "micromark-util-decode-string@1.1.0", "Name": "micromark-util-decode-string", "Identifier": { "PURL": "pkg:npm/micromark-util-decode-string@1.1.0", "UID": "c46c4ca7fe77503f", "BOMRef": "pkg:npm/micromark-util-decode-string@1.1.0" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "mdast-util-from-markdown@1.3.1", "mdast-util-to-markdown@1.5.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "micromark-util-encode@1.1.0", "Name": "micromark-util-encode", "Identifier": { "PURL": "pkg:npm/micromark-util-encode@1.1.0", "UID": "30ad5d989c79962a", "BOMRef": "pkg:npm/micromark-util-encode@1.1.0" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "micromark-util-sanitize-uri@1.2.0", "micromark@3.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "micromark-util-events-to-acorn@1.2.3", "Name": "micromark-util-events-to-acorn", "Identifier": { "PURL": "pkg:npm/micromark-util-events-to-acorn@1.2.3", "UID": "671d40806c80dca1", "BOMRef": "pkg:npm/micromark-util-events-to-acorn@1.2.3" }, "Version": "1.2.3", "Licenses": [ "MIT" ], "DependsOn": [ "micromark-extension-mdx-expression@1.0.8", "micromark-extension-mdxjs-esm@1.0.5", "micromark-factory-mdx-expression@1.0.9" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "micromark-util-html-tag-name@1.2.0", "Name": "micromark-util-html-tag-name", "Identifier": { "PURL": "pkg:npm/micromark-util-html-tag-name@1.2.0", "UID": "fcb8f180a8b1f66a", "BOMRef": "pkg:npm/micromark-util-html-tag-name@1.2.0" }, "Version": "1.2.0", "Licenses": [ "MIT" ], "DependsOn": [ "micromark-core-commonmark@1.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "micromark-util-normalize-identifier@1.1.0", "Name": "micromark-util-normalize-identifier", "Identifier": { "PURL": "pkg:npm/micromark-util-normalize-identifier@1.1.0", "UID": "b76d412b7193162", "BOMRef": "pkg:npm/micromark-util-normalize-identifier@1.1.0" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "mdast-util-from-markdown@1.3.1", "micromark-core-commonmark@1.1.0", "micromark@3.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "micromark-util-resolve-all@1.1.0", "Name": "micromark-util-resolve-all", "Identifier": { "PURL": "pkg:npm/micromark-util-resolve-all@1.1.0", "UID": "a4246c8ea5fcfd5f", "BOMRef": "pkg:npm/micromark-util-resolve-all@1.1.0" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "micromark-core-commonmark@1.1.0", "micromark@3.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "micromark-util-sanitize-uri@1.2.0", "Name": "micromark-util-sanitize-uri", "Identifier": { "PURL": "pkg:npm/micromark-util-sanitize-uri@1.2.0", "UID": "96327a199fcbd767", "BOMRef": "pkg:npm/micromark-util-sanitize-uri@1.2.0" }, "Version": "1.2.0", "Licenses": [ "MIT" ], "DependsOn": [ "mdast-util-to-hast@12.3.0", "micromark@3.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "micromark-util-subtokenize@1.1.0", "Name": "micromark-util-subtokenize", "Identifier": { "PURL": "pkg:npm/micromark-util-subtokenize@1.1.0", "UID": "a98f279f703ccb58", "BOMRef": "pkg:npm/micromark-util-subtokenize@1.1.0" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "micromark-core-commonmark@1.1.0", "micromark@3.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "micromark-util-symbol@1.1.0", "Name": "micromark-util-symbol", "Identifier": { "PURL": "pkg:npm/micromark-util-symbol@1.1.0", "UID": "f4ce327249e3cdbd", "BOMRef": "pkg:npm/micromark-util-symbol@1.1.0" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "mdast-util-from-markdown@1.3.1", "micromark-core-commonmark@1.1.0", "micromark-extension-mdx-expression@1.0.8", "micromark-extension-mdx-jsx@1.0.5", "micromark-extension-mdxjs-esm@1.0.5", "micromark-factory-destination@1.1.0", "micromark-factory-label@1.1.0", "micromark-factory-mdx-expression@1.0.9", "micromark-factory-title@1.1.0", "micromark-factory-whitespace@1.1.0", "micromark-util-character@1.2.0", "micromark-util-chunked@1.1.0", "micromark-util-classify-character@1.1.0", "micromark-util-decode-numeric-character-reference@1.1.0", "micromark-util-decode-string@1.1.0", "micromark-util-events-to-acorn@1.2.3", "micromark-util-normalize-identifier@1.1.0", "micromark-util-sanitize-uri@1.2.0", "micromark-util-subtokenize@1.1.0", "micromark@3.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "micromark-util-types@1.1.0", "Name": "micromark-util-types", "Identifier": { "PURL": "pkg:npm/micromark-util-types@1.1.0", "UID": "5e9aadaf713b9368", "BOMRef": "pkg:npm/micromark-util-types@1.1.0" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "mdast-util-from-markdown@1.3.1", "micromark-core-commonmark@1.1.0", "micromark-extension-mdx-expression@1.0.8", "micromark-extension-mdx-jsx@1.0.5", "micromark-extension-mdx-md@1.0.1", "micromark-extension-mdxjs-esm@1.0.5", "micromark-extension-mdxjs@1.0.1", "micromark-factory-destination@1.1.0", "micromark-factory-label@1.1.0", "micromark-factory-mdx-expression@1.0.9", "micromark-factory-space@1.1.0", "micromark-factory-title@1.1.0", "micromark-factory-whitespace@1.1.0", "micromark-util-character@1.2.0", "micromark-util-classify-character@1.1.0", "micromark-util-combine-extensions@1.1.0", "micromark-util-events-to-acorn@1.2.3", "micromark-util-resolve-all@1.1.0", "micromark-util-subtokenize@1.1.0", "micromark@3.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "micromatch@4.0.8", "Name": "micromatch", "Identifier": { "PURL": "pkg:npm/micromatch@4.0.8", "UID": "8b083ebcfefef29b", "BOMRef": "pkg:npm/micromatch@4.0.8" }, "Version": "4.0.8", "Licenses": [ "MIT" ], "DependsOn": [ "@parcel/watcher@2.5.1", "jest-message-util@30.0.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "mime-db@1.52.0", "Name": "mime-db", "Identifier": { "PURL": "pkg:npm/mime-db@1.52.0", "UID": "8f86459f3ce47252", "BOMRef": "pkg:npm/mime-db@1.52.0" }, "Version": "1.52.0", "Licenses": [ "MIT" ], "DependsOn": [ "mime-types@2.1.35" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "mime-match@1.0.2", "Name": "mime-match", "Identifier": { "PURL": "pkg:npm/mime-match@1.0.2", "UID": "309b5d77903cc9f1", "BOMRef": "pkg:npm/mime-match@1.0.2" }, "Version": "1.0.2", "Licenses": [ "ISC" ], "DependsOn": [ "@uppy/core@4.4.7" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "mime-types@2.1.35", "Name": "mime-types", "Identifier": { "PURL": "pkg:npm/mime-types@2.1.35", "UID": "dc7410210983b75d", "BOMRef": "pkg:npm/mime-types@2.1.35" }, "Version": "2.1.35", "Licenses": [ "MIT" ], "DependsOn": [ "form-data@4.0.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "min-indent@1.0.1", "Name": "min-indent", "Identifier": { "PURL": "pkg:npm/min-indent@1.0.1", "UID": "356173dd3868c2cf", "BOMRef": "pkg:npm/min-indent@1.0.1" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "strip-indent@3.0.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "minimatch@3.1.2", "Name": "minimatch", "Identifier": { "PURL": "pkg:npm/minimatch@3.1.2", "UID": "2d4384ee87c531e9", "BOMRef": "pkg:npm/minimatch@3.1.2" }, "Version": "3.1.2", "Licenses": [ "ISC" ], "DependsOn": [ "@eslint/eslintrc@2.1.4", "@humanwhocodes/config-array@0.13.0", "eslint-plugin-react@7.37.5", "eslint@8.57.1", "glob@7.2.3" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "minipass@7.1.2", "Name": "minipass", "Identifier": { "PURL": "pkg:npm/minipass@7.1.2", "UID": "74b74f88add39a39", "BOMRef": "pkg:npm/minipass@7.1.2" }, "Version": "7.1.2", "Licenses": [ "ISC" ], "DependsOn": [ "@isaacs/fs-minipass@4.0.1", "minizlib@3.0.2", "tar@7.4.3" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "minizlib@3.0.2", "Name": "minizlib", "Identifier": { "PURL": "pkg:npm/minizlib@3.0.2", "UID": "1e0970f32e6761dd", "BOMRef": "pkg:npm/minizlib@3.0.2" }, "Version": "3.0.2", "Licenses": [ "MIT" ], "DependsOn": [ "tar@7.4.3" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "mkdirp@3.0.1", "Name": "mkdirp", "Identifier": { "PURL": "pkg:npm/mkdirp@3.0.1", "UID": "407f9ca75d5d1568", "BOMRef": "pkg:npm/mkdirp@3.0.1" }, "Version": "3.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "tar@7.4.3" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "monaco-editor@0.44.0", "Name": "monaco-editor", "Identifier": { "PURL": "pkg:npm/monaco-editor@0.44.0", "UID": "c455ac197ad8a24d", "BOMRef": "pkg:npm/monaco-editor@0.44.0" }, "Version": "0.44.0", "Licenses": [ "MIT" ], "DependsOn": [ "@monaco-editor/react@4.7.0", "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "mri@1.2.0", "Name": "mri", "Identifier": { "PURL": "pkg:npm/mri@1.2.0", "UID": "372be143a740b9e1", "BOMRef": "pkg:npm/mri@1.2.0" }, "Version": "1.2.0", "Licenses": [ "MIT" ], "DependsOn": [ "@tailwindcss/cli@4.1.11", "sade@1.8.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "ms@2.1.3", "Name": "ms", "Identifier": { "PURL": "pkg:npm/ms@2.1.3", "UID": "46e0500e770fa0e0", "BOMRef": "pkg:npm/ms@2.1.3" }, "Version": "2.1.3", "Licenses": [ "MIT" ], "DependsOn": [ "debug@4.4.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "mui-chips-input@7.0.1", "Name": "mui-chips-input", "Identifier": { "PURL": "pkg:npm/mui-chips-input@7.0.1", "UID": "45fef2f7f7e20e69", "BOMRef": "pkg:npm/mui-chips-input@7.0.1" }, "Version": "7.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "namespace-emitter@2.0.1", "Name": "namespace-emitter", "Identifier": { "PURL": "pkg:npm/namespace-emitter@2.0.1", "UID": "4f1541d1c205b6b4", "BOMRef": "pkg:npm/namespace-emitter@2.0.1" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "@uppy/companion-client@4.4.2", "@uppy/core@4.4.7" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "nanoid@3.3.11", "Name": "nanoid", "Identifier": { "PURL": "pkg:npm/nanoid@3.3.11", "UID": "4f2a0141188ce2ec", "BOMRef": "pkg:npm/nanoid@3.3.11" }, "Version": "3.3.11", "Licenses": [ "MIT" ], "DependsOn": [ "postcss@8.5.6" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "nanoid@5.1.5", "Name": "nanoid", "Identifier": { "PURL": "pkg:npm/nanoid@5.1.5", "UID": "b08eac1aaa80714b", "BOMRef": "pkg:npm/nanoid@5.1.5" }, "Version": "5.1.5", "Licenses": [ "MIT" ], "DependsOn": [ "@uppy/core@4.4.7", "@uppy/dashboard@4.3.4", "@uppy/provider-views@4.4.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "natural-compare@1.4.0", "Name": "natural-compare", "Identifier": { "PURL": "pkg:npm/natural-compare@1.4.0", "UID": "cb1240e3b3303132", "BOMRef": "pkg:npm/natural-compare@1.4.0" }, "Version": "1.4.0", "Licenses": [ "MIT" ], "DependsOn": [ "eslint@8.57.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "no-case@3.0.4", "Name": "no-case", "Identifier": { "PURL": "pkg:npm/no-case@3.0.4", "UID": "45c7f64f2d3a89a6", "BOMRef": "pkg:npm/no-case@3.0.4" }, "Version": "3.0.4", "Licenses": [ "MIT" ], "DependsOn": [ "dot-case@3.0.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "node-addon-api@7.1.1", "Name": "node-addon-api", "Identifier": { "PURL": "pkg:npm/node-addon-api@7.1.1", "UID": "cc08d02808f79d5", "BOMRef": "pkg:npm/node-addon-api@7.1.1" }, "Version": "7.1.1", "Licenses": [ "MIT" ], "DependsOn": [ "@parcel/watcher@2.5.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "node-releases@2.0.19", "Name": "node-releases", "Identifier": { "PURL": "pkg:npm/node-releases@2.0.19", "UID": "72c13c3ff17e9ef0", "BOMRef": "pkg:npm/node-releases@2.0.19" }, "Version": "2.0.19", "Licenses": [ "MIT" ], "DependsOn": [ "browserslist@4.25.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "notistack@3.0.2", "Name": "notistack", "Identifier": { "PURL": "pkg:npm/notistack@3.0.2", "UID": "f9edd7c4c395c01c", "BOMRef": "pkg:npm/notistack@3.0.2" }, "Version": "3.0.2", "Licenses": [ "MIT" ], "DependsOn": [ "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "nwsapi@2.2.20", "Name": "nwsapi", "Identifier": { "PURL": "pkg:npm/nwsapi@2.2.20", "UID": "ebdc6ca4ad450370", "BOMRef": "pkg:npm/nwsapi@2.2.20" }, "Version": "2.2.20", "Licenses": [ "MIT" ], "DependsOn": [ "jsdom@22.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "object-assign@4.1.1", "Name": "object-assign", "Identifier": { "PURL": "pkg:npm/object-assign@4.1.1", "UID": "6a317c5855aa9929", "BOMRef": "pkg:npm/object-assign@4.1.1" }, "Version": "4.1.1", "Licenses": [ "MIT" ], "DependsOn": [ "prop-types@15.8.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "object-inspect@1.13.4", "Name": "object-inspect", "Identifier": { "PURL": "pkg:npm/object-inspect@1.13.4", "UID": "7c97683d2448214e", "BOMRef": "pkg:npm/object-inspect@1.13.4" }, "Version": "1.13.4", "Licenses": [ "MIT" ], "DependsOn": [ "es-abstract@1.24.0", "side-channel-list@1.0.0", "side-channel-map@1.0.1", "side-channel-weakmap@1.0.2", "side-channel@1.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "object-is@1.1.6", "Name": "object-is", "Identifier": { "PURL": "pkg:npm/object-is@1.1.6", "UID": "bfb758396c40ab5d", "BOMRef": "pkg:npm/object-is@1.1.6" }, "Version": "1.1.6", "Licenses": [ "MIT" ], "DependsOn": [ "deep-equal@2.2.3" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "object-keys@1.1.1", "Name": "object-keys", "Identifier": { "PURL": "pkg:npm/object-keys@1.1.1", "UID": "e3dbb25cc834419", "BOMRef": "pkg:npm/object-keys@1.1.1" }, "Version": "1.1.1", "Licenses": [ "MIT" ], "DependsOn": [ "deep-equal@2.2.3", "define-properties@1.2.1", "es-abstract@1.24.0", "object.assign@4.1.7", "own-keys@1.0.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "object.assign@4.1.7", "Name": "object.assign", "Identifier": { "PURL": "pkg:npm/object.assign@4.1.7", "UID": "1ca32435bd228041", "BOMRef": "pkg:npm/object.assign@4.1.7" }, "Version": "4.1.7", "Licenses": [ "MIT" ], "DependsOn": [ "deep-equal@2.2.3", "es-abstract@1.24.0", "jsx-ast-utils@3.3.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "object.entries@1.1.9", "Name": "object.entries", "Identifier": { "PURL": "pkg:npm/object.entries@1.1.9", "UID": "fbafb1a272e56695", "BOMRef": "pkg:npm/object.entries@1.1.9" }, "Version": "1.1.9", "Licenses": [ "MIT" ], "DependsOn": [ "eslint-plugin-react@7.37.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "object.fromentries@2.0.8", "Name": "object.fromentries", "Identifier": { "PURL": "pkg:npm/object.fromentries@2.0.8", "UID": "68b900b84c7e9310", "BOMRef": "pkg:npm/object.fromentries@2.0.8" }, "Version": "2.0.8", "Licenses": [ "MIT" ], "DependsOn": [ "eslint-plugin-react@7.37.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "object.values@1.2.1", "Name": "object.values", "Identifier": { "PURL": "pkg:npm/object.values@1.2.1", "UID": "2d1ffe24e20b6ca4", "BOMRef": "pkg:npm/object.values@1.2.1" }, "Version": "1.2.1", "Licenses": [ "MIT" ], "DependsOn": [ "eslint-plugin-react@7.37.5", "jsx-ast-utils@3.3.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "once@1.4.0", "Name": "once", "Identifier": { "PURL": "pkg:npm/once@1.4.0", "UID": "60867f596b7b37f0", "BOMRef": "pkg:npm/once@1.4.0" }, "Version": "1.4.0", "Licenses": [ "ISC" ], "DependsOn": [ "glob@7.2.3", "inflight@1.0.6" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "openapi-client-axios@7.6.0", "Name": "openapi-client-axios", "Identifier": { "PURL": "pkg:npm/openapi-client-axios@7.6.0", "UID": "7e40f7fe0fbdb570", "BOMRef": "pkg:npm/openapi-client-axios@7.6.0" }, "Version": "7.6.0", "Licenses": [ "MIT" ], "DependsOn": [ "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "openapi-types@12.1.3", "Name": "openapi-types", "Identifier": { "PURL": "pkg:npm/openapi-types@12.1.3", "UID": "d5f7adf6c68cdec", "BOMRef": "pkg:npm/openapi-types@12.1.3" }, "Version": "12.1.3", "Licenses": [ "MIT" ], "DependsOn": [ "openapi-client-axios@7.6.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "optionator@0.9.4", "Name": "optionator", "Identifier": { "PURL": "pkg:npm/optionator@0.9.4", "UID": "add674e9bfcf5ff4", "BOMRef": "pkg:npm/optionator@0.9.4" }, "Version": "0.9.4", "Licenses": [ "MIT" ], "DependsOn": [ "eslint@8.57.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "own-keys@1.0.1", "Name": "own-keys", "Identifier": { "PURL": "pkg:npm/own-keys@1.0.1", "UID": "c3f2886ce1fc224e", "BOMRef": "pkg:npm/own-keys@1.0.1" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "es-abstract@1.24.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "p-limit@3.1.0", "Name": "p-limit", "Identifier": { "PURL": "pkg:npm/p-limit@3.1.0", "UID": "d6a7e109f99e3951", "BOMRef": "pkg:npm/p-limit@3.1.0" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "p-locate@5.0.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "p-locate@5.0.0", "Name": "p-locate", "Identifier": { "PURL": "pkg:npm/p-locate@5.0.0", "UID": "e4bdf50ff8ee928c", "BOMRef": "pkg:npm/p-locate@5.0.0" }, "Version": "5.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "locate-path@6.0.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "p-queue@8.1.0", "Name": "p-queue", "Identifier": { "PURL": "pkg:npm/p-queue@8.1.0", "UID": "f58cb0d373b91241", "BOMRef": "pkg:npm/p-queue@8.1.0" }, "Version": "8.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "@uppy/provider-views@4.4.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "p-retry@6.2.1", "Name": "p-retry", "Identifier": { "PURL": "pkg:npm/p-retry@6.2.1", "UID": "41df63ffccfc5ba7", "BOMRef": "pkg:npm/p-retry@6.2.1" }, "Version": "6.2.1", "Licenses": [ "MIT" ], "DependsOn": [ "@uppy/companion-client@4.4.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "p-timeout@6.1.4", "Name": "p-timeout", "Identifier": { "PURL": "pkg:npm/p-timeout@6.1.4", "UID": "1bcdb890aae84c31", "BOMRef": "pkg:npm/p-timeout@6.1.4" }, "Version": "6.1.4", "Licenses": [ "MIT" ], "DependsOn": [ "p-queue@8.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "parent-module@1.0.1", "Name": "parent-module", "Identifier": { "PURL": "pkg:npm/parent-module@1.0.1", "UID": "d057a5e1e88d660f", "BOMRef": "pkg:npm/parent-module@1.0.1" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "import-fresh@3.3.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "parse-entities@4.0.2", "Name": "parse-entities", "Identifier": { "PURL": "pkg:npm/parse-entities@4.0.2", "UID": "459177492f8add21", "BOMRef": "pkg:npm/parse-entities@4.0.2" }, "Version": "4.0.2", "Licenses": [ "MIT" ], "DependsOn": [ "mdast-util-mdx-jsx@2.1.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "parse-json@5.2.0", "Name": "parse-json", "Identifier": { "PURL": "pkg:npm/parse-json@5.2.0", "UID": "cd6e12496b5651b6", "BOMRef": "pkg:npm/parse-json@5.2.0" }, "Version": "5.2.0", "Licenses": [ "MIT" ], "DependsOn": [ "cosmiconfig@7.1.0", "cosmiconfig@8.3.6" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "parse5@7.3.0", "Name": "parse5", "Identifier": { "PURL": "pkg:npm/parse5@7.3.0", "UID": "d2d4440e3559a5a8", "BOMRef": "pkg:npm/parse5@7.3.0" }, "Version": "7.3.0", "Licenses": [ "MIT" ], "DependsOn": [ "jsdom@22.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "path-exists@4.0.0", "Name": "path-exists", "Identifier": { "PURL": "pkg:npm/path-exists@4.0.0", "UID": "94a8d0913a888ebd", "BOMRef": "pkg:npm/path-exists@4.0.0" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "find-up@5.0.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "path-is-absolute@1.0.1", "Name": "path-is-absolute", "Identifier": { "PURL": "pkg:npm/path-is-absolute@1.0.1", "UID": "823096002b9ce02c", "BOMRef": "pkg:npm/path-is-absolute@1.0.1" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "glob@7.2.3" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "path-key@3.1.1", "Name": "path-key", "Identifier": { "PURL": "pkg:npm/path-key@3.1.1", "UID": "d1b25db96cdab3de", "BOMRef": "pkg:npm/path-key@3.1.1" }, "Version": "3.1.1", "Licenses": [ "MIT" ], "DependsOn": [ "cross-spawn@7.0.6" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "path-parse@1.0.7", "Name": "path-parse", "Identifier": { "PURL": "pkg:npm/path-parse@1.0.7", "UID": "620990b442f61c0c", "BOMRef": "pkg:npm/path-parse@1.0.7" }, "Version": "1.0.7", "Licenses": [ "MIT" ], "DependsOn": [ "resolve@1.22.10", "resolve@2.0.0-next.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "path-type@4.0.0", "Name": "path-type", "Identifier": { "PURL": "pkg:npm/path-type@4.0.0", "UID": "12bf68421e0efd6a", "BOMRef": "pkg:npm/path-type@4.0.0" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "cosmiconfig@7.1.0", "cosmiconfig@8.3.6" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "pathe@2.0.3", "Name": "pathe", "Identifier": { "PURL": "pkg:npm/pathe@2.0.3", "UID": "1bbc729624419c76", "BOMRef": "pkg:npm/pathe@2.0.3" }, "Version": "2.0.3", "Licenses": [ "MIT" ], "DependsOn": [ "@vitest/runner@3.2.4", "@vitest/snapshot@3.2.4", "vite-node@3.2.4", "vitest@3.2.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "pathval@2.0.1", "Name": "pathval", "Identifier": { "PURL": "pkg:npm/pathval@2.0.1", "UID": "7cd25cdee1531dd1", "BOMRef": "pkg:npm/pathval@2.0.1" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "chai@5.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "periscopic@3.1.0", "Name": "periscopic", "Identifier": { "PURL": "pkg:npm/periscopic@3.1.0", "UID": "77e5c5eff8438499", "BOMRef": "pkg:npm/periscopic@3.1.0" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "@mdx-js/mdx@2.3.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "picocolors@1.1.1", "Name": "picocolors", "Identifier": { "PURL": "pkg:npm/picocolors@1.1.1", "UID": "347e691d449c1fe6", "BOMRef": "pkg:npm/picocolors@1.1.1" }, "Version": "1.1.1", "Licenses": [ "ISC" ], "DependsOn": [ "@babel/code-frame@7.27.1", "@tailwindcss/cli@4.1.11", "postcss@8.5.6", "update-browserslist-db@1.1.3" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "picomatch@2.3.1", "Name": "picomatch", "Identifier": { "PURL": "pkg:npm/picomatch@2.3.1", "UID": "8030a8bb2e718b8b", "BOMRef": "2c8131b2-ba7f-4c8f-97bb-6649a03b4e30" }, "Version": "2.3.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "picomatch@2.3.1", "Name": "picomatch", "Identifier": { "PURL": "pkg:npm/picomatch@2.3.1", "UID": "6412db428448e6b3", "BOMRef": "da02ce66-49be-46e8-a8f9-c9accfa601df" }, "Version": "2.3.1", "Licenses": [ "MIT" ], "DependsOn": [ "@rollup/pluginutils@4.2.1", "micromatch@4.0.8" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "picomatch@4.0.2", "Name": "picomatch", "Identifier": { "PURL": "pkg:npm/picomatch@4.0.2", "UID": "702ad856852ece0", "BOMRef": "pkg:npm/picomatch@4.0.2" }, "Version": "4.0.2", "Licenses": [ "MIT" ], "DependsOn": [ "@rollup/pluginutils@5.2.0", "fdir@6.4.6", "jest-util@30.0.2", "tinyglobby@0.2.14", "vite@6.4.1", "vitest@3.2.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "possible-typed-array-names@1.1.0", "Name": "possible-typed-array-names", "Identifier": { "PURL": "pkg:npm/possible-typed-array-names@1.1.0", "UID": "ddea60d3d593b3cd", "BOMRef": "pkg:npm/possible-typed-array-names@1.1.0" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "available-typed-arrays@1.0.7", "typed-array-length@1.0.7" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "postcss@8.5.6", "Name": "postcss", "Identifier": { "PURL": "pkg:npm/postcss@8.5.6", "UID": "98bf552323ea6123", "BOMRef": "pkg:npm/postcss@8.5.6" }, "Version": "8.5.6", "Licenses": [ "MIT" ], "DependsOn": [ "vite@6.4.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "preact@10.26.9", "Name": "preact", "Identifier": { "PURL": "pkg:npm/preact@10.26.9", "UID": "69a85ebe217a8c6e", "BOMRef": "pkg:npm/preact@10.26.9" }, "Version": "10.26.9", "Licenses": [ "MIT" ], "DependsOn": [ "@uppy/components@0.2.0", "@uppy/core@4.4.7", "@uppy/dashboard@4.3.4", "@uppy/drag-drop@4.1.3", "@uppy/informer@4.2.1", "@uppy/progress-bar@4.2.1", "@uppy/provider-views@4.4.5", "@uppy/react@4.4.0", "@uppy/status-bar@4.1.3", "@uppy/utils@6.1.5", "float-tooltip@1.7.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "prelude-ls@1.2.1", "Name": "prelude-ls", "Identifier": { "PURL": "pkg:npm/prelude-ls@1.2.1", "UID": "689af7db2fe9c986", "BOMRef": "pkg:npm/prelude-ls@1.2.1" }, "Version": "1.2.1", "Licenses": [ "MIT" ], "DependsOn": [ "levn@0.4.1", "optionator@0.9.4", "type-check@0.4.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "prettier@2.8.7", "Name": "prettier", "Identifier": { "PURL": "pkg:npm/prettier@2.8.7", "UID": "5fde5a144c844620", "BOMRef": "pkg:npm/prettier@2.8.7" }, "Version": "2.8.7", "Licenses": [ "MIT" ], "DependsOn": [ "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "pretty-bytes@6.1.1", "Name": "pretty-bytes", "Identifier": { "PURL": "pkg:npm/pretty-bytes@6.1.1", "UID": "22420f4e8950538f", "BOMRef": "pkg:npm/pretty-bytes@6.1.1" }, "Version": "6.1.1", "Licenses": [ "MIT" ], "DependsOn": [ "@uppy/components@0.2.0", "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "pretty-format@27.5.1", "Name": "pretty-format", "Identifier": { "PURL": "pkg:npm/pretty-format@27.5.1", "UID": "7d928bae406f5bcd", "BOMRef": "pkg:npm/pretty-format@27.5.1" }, "Version": "27.5.1", "Licenses": [ "MIT" ], "DependsOn": [ "@testing-library/dom@10.4.0", "@testing-library/dom@8.20.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "pretty-format@30.0.2", "Name": "pretty-format", "Identifier": { "PURL": "pkg:npm/pretty-format@30.0.2", "UID": "69f584b717b485cf", "BOMRef": "9e17c2f9-4764-40ad-b801-5f84fa713715" }, "Version": "30.0.2", "Licenses": [ "MIT" ], "DependsOn": [ "@types/jest@30.0.0", "jest-diff@30.0.4", "jest-matcher-utils@30.0.4", "jest-message-util@30.0.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "pretty-format@30.0.2", "Name": "pretty-format", "Identifier": { "PURL": "pkg:npm/pretty-format@30.0.2", "UID": "f9bac00d63ac2b16", "BOMRef": "8325ed78-b0c8-4f79-8389-3626f119ecd0" }, "Version": "30.0.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "pretty-format@30.0.2", "Name": "pretty-format", "Identifier": { "PURL": "pkg:npm/pretty-format@30.0.2", "UID": "e002cc483c3a5039", "BOMRef": "b4d91995-90e7-43ed-8271-8cc565427171" }, "Version": "30.0.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "pretty-format@30.0.2", "Name": "pretty-format", "Identifier": { "PURL": "pkg:npm/pretty-format@30.0.2", "UID": "6aeb22ccb47e6ff1", "BOMRef": "a00bbce9-a3d5-40cd-8d73-cb0f4e3e1a0d" }, "Version": "30.0.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "prism-react-renderer@2.4.1", "Name": "prism-react-renderer", "Identifier": { "PURL": "pkg:npm/prism-react-renderer@2.4.1", "UID": "fb373a044d8609e", "BOMRef": "pkg:npm/prism-react-renderer@2.4.1" }, "Version": "2.4.1", "Licenses": [ "MIT" ], "DependsOn": [ "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "prismjs@1.30.0", "Name": "prismjs", "Identifier": { "PURL": "pkg:npm/prismjs@1.30.0", "UID": "be3ac92d46ddf01e", "BOMRef": "pkg:npm/prismjs@1.30.0" }, "Version": "1.30.0", "Licenses": [ "MIT" ], "DependsOn": [ "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "prop-types@15.8.1", "Name": "prop-types", "Identifier": { "PURL": "pkg:npm/prop-types@15.8.1", "UID": "d3bc9c7d4631ad8c", "BOMRef": "pkg:npm/prop-types@15.8.1" }, "Version": "15.8.1", "Licenses": [ "MIT" ], "DependsOn": [ "@mui/material@5.17.1", "@mui/material@7.2.0", "@mui/private-theming@5.17.1", "@mui/private-theming@7.2.0", "@mui/styled-engine@5.16.14", "@mui/styled-engine@7.2.0", "@mui/system@5.17.1", "@mui/system@7.2.0", "@mui/utils@5.17.1", "@mui/utils@7.2.0", "@mui/x-data-grid@7.29.8", "create-collection-form@0.0.0", "eslint-plugin-react@7.37.5", "qdrant-web-ui@0.2.5", "react-archer@4.4.0", "react-diff-viewer-continued@3.4.0", "react-transition-group@4.4.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "property-information@6.5.0", "Name": "property-information", "Identifier": { "PURL": "pkg:npm/property-information@6.5.0", "UID": "fee09c5841da8da7", "BOMRef": "pkg:npm/property-information@6.5.0" }, "Version": "6.5.0", "Licenses": [ "MIT" ], "DependsOn": [ "hast-util-to-estree@2.3.3" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "proxy-from-env@1.1.0", "Name": "proxy-from-env", "Identifier": { "PURL": "pkg:npm/proxy-from-env@1.1.0", "UID": "75c5c56731d14c47", "BOMRef": "pkg:npm/proxy-from-env@1.1.0" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "axios@1.12.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "psl@1.15.0", "Name": "psl", "Identifier": { "PURL": "pkg:npm/psl@1.15.0", "UID": "d21dace8033e1fea", "BOMRef": "pkg:npm/psl@1.15.0" }, "Version": "1.15.0", "Licenses": [ "MIT" ], "DependsOn": [ "tough-cookie@4.1.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "punycode@2.3.1", "Name": "punycode", "Identifier": { "PURL": "pkg:npm/punycode@2.3.1", "UID": "e8537e1bf6c81e79", "BOMRef": "pkg:npm/punycode@2.3.1" }, "Version": "2.3.1", "Licenses": [ "MIT" ], "DependsOn": [ "psl@1.15.0", "tough-cookie@4.1.4", "tr46@4.1.1", "uri-js@4.4.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "qdrant-web-ui@0.2.5", "Name": "qdrant-web-ui", "Identifier": { "PURL": "pkg:npm/qdrant-web-ui@0.2.5", "UID": "19d01090f20e5f3b", "BOMRef": "pkg:npm/qdrant-web-ui@0.2.5" }, "Version": "0.2.5", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "querystringify@2.2.0", "Name": "querystringify", "Identifier": { "PURL": "pkg:npm/querystringify@2.2.0", "UID": "7573484509ada60f", "BOMRef": "pkg:npm/querystringify@2.2.0" }, "Version": "2.2.0", "Licenses": [ "MIT" ], "DependsOn": [ "url-parse@1.5.10" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "queue-microtask@1.2.3", "Name": "queue-microtask", "Identifier": { "PURL": "pkg:npm/queue-microtask@1.2.3", "UID": "5843d45a58dedde4", "BOMRef": "pkg:npm/queue-microtask@1.2.3" }, "Version": "1.2.3", "Licenses": [ "MIT" ], "DependsOn": [ "run-parallel@1.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "react@18.3.1", "Name": "react", "Identifier": { "PURL": "pkg:npm/react@18.3.1", "UID": "991a856d34d75a44", "BOMRef": "pkg:npm/react@18.3.1" }, "Version": "18.3.1", "Licenses": [ "MIT" ], "DependsOn": [ "@emotion/react@11.14.0", "@emotion/styled@11.14.1", "@emotion/use-insertion-effect-with-fallbacks@1.2.0", "@mdx-js/react@2.3.0", "@monaco-editor/react@4.7.0", "@mui/icons-material@7.2.0", "@mui/material@5.17.1", "@mui/material@7.2.0", "@mui/private-theming@5.17.1", "@mui/private-theming@7.2.0", "@mui/styled-engine@5.16.14", "@mui/styled-engine@7.2.0", "@mui/system@5.17.1", "@mui/system@7.2.0", "@mui/utils@5.17.1", "@mui/utils@7.2.0", "@mui/x-data-grid@7.29.8", "@mui/x-internals@7.29.0", "@testing-library/react@13.4.0", "@textea/json-viewer@2.17.2", "@uppy/react@4.4.0", "lucide-react@0.545.0", "mui-chips-input@7.0.1", "notistack@3.0.2", "prism-react-renderer@2.4.1", "qdrant-web-ui@0.2.5", "react-archer@4.4.0", "react-diff-viewer-continued@3.4.0", "react-dom@18.3.1", "react-resizable-panels@0.0.51", "react-router-dom@6.30.1", "react-router@6.30.1", "react-simple-code-editor@0.13.1", "react-transition-group@4.4.5", "use-sync-external-store@1.5.0", "zustand@4.5.7" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "react-archer@4.4.0", "Name": "react-archer", "Identifier": { "PURL": "pkg:npm/react-archer@4.4.0", "UID": "76d6ac9a610bbadd", "BOMRef": "pkg:npm/react-archer@4.4.0" }, "Version": "4.4.0", "Licenses": [ "MIT" ], "DependsOn": [ "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "react-diff-viewer-continued@3.4.0", "Name": "react-diff-viewer-continued", "Identifier": { "PURL": "pkg:npm/react-diff-viewer-continued@3.4.0", "UID": "f0a9ce1ce20712ea", "BOMRef": "pkg:npm/react-diff-viewer-continued@3.4.0" }, "Version": "3.4.0", "Licenses": [ "MIT" ], "DependsOn": [ "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "react-dom@18.3.1", "Name": "react-dom", "Identifier": { "PURL": "pkg:npm/react-dom@18.3.1", "UID": "aa4721512e7e1770", "BOMRef": "pkg:npm/react-dom@18.3.1" }, "Version": "18.3.1", "Licenses": [ "MIT" ], "DependsOn": [ "@monaco-editor/react@4.7.0", "@mui/material@5.17.1", "@mui/material@7.2.0", "@mui/x-data-grid@7.29.8", "@testing-library/react@13.4.0", "@textea/json-viewer@2.17.2", "@uppy/react@4.4.0", "mui-chips-input@7.0.1", "notistack@3.0.2", "qdrant-web-ui@0.2.5", "react-diff-viewer-continued@3.4.0", "react-resizable-panels@0.0.51", "react-router-dom@6.30.1", "react-simple-code-editor@0.13.1", "react-transition-group@4.4.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "react-fast-compare@2.0.4", "Name": "react-fast-compare", "Identifier": { "PURL": "pkg:npm/react-fast-compare@2.0.4", "UID": "1c5f56144c2b1d66", "BOMRef": "pkg:npm/react-fast-compare@2.0.4" }, "Version": "2.0.4", "Licenses": [ "MIT" ], "DependsOn": [ "react-archer@4.4.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "react-is@16.13.1", "Name": "react-is", "Identifier": { "PURL": "pkg:npm/react-is@16.13.1", "UID": "9c3117456308b958", "BOMRef": "d4f7ab26-5435-40ae-805a-f4ca44a511bf" }, "Version": "16.13.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "react-is@16.13.1", "Name": "react-is", "Identifier": { "PURL": "pkg:npm/react-is@16.13.1", "UID": "2e99a19110c9f989", "BOMRef": "b9e2e4a6-902d-490e-8302-1fa83b2599ec" }, "Version": "16.13.1", "Licenses": [ "MIT" ], "DependsOn": [ "hoist-non-react-statics@3.3.2", "prop-types@15.8.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "react-is@17.0.2", "Name": "react-is", "Identifier": { "PURL": "pkg:npm/react-is@17.0.2", "UID": "429196e2ad3cf7cc", "BOMRef": "pkg:npm/react-is@17.0.2" }, "Version": "17.0.2", "Licenses": [ "MIT" ], "DependsOn": [ "pretty-format@27.5.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "react-is@18.3.1", "Name": "react-is", "Identifier": { "PURL": "pkg:npm/react-is@18.3.1", "UID": "4a1f216b60af8a37", "BOMRef": "eaf18023-4680-4185-b2b6-a01b2d336e79" }, "Version": "18.3.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "react-is@18.3.1", "Name": "react-is", "Identifier": { "PURL": "pkg:npm/react-is@18.3.1", "UID": "661e559219b8ac4f", "BOMRef": "9bf1c62f-2f0d-4c59-a03f-93a02fa4e4f3" }, "Version": "18.3.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "react-is@18.3.1", "Name": "react-is", "Identifier": { "PURL": "pkg:npm/react-is@18.3.1", "UID": "811d19c5e8713c6f", "BOMRef": "edc67322-c416-404b-b52e-c5babc102f56" }, "Version": "18.3.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "react-is@18.3.1", "Name": "react-is", "Identifier": { "PURL": "pkg:npm/react-is@18.3.1", "UID": "a4fd9e1a8e348583", "BOMRef": "eda813ca-4007-44db-a94e-7b66ac2d6dde" }, "Version": "18.3.1", "Licenses": [ "MIT" ], "DependsOn": [ "pretty-format@30.0.2", "pretty-format@30.0.2", "pretty-format@30.0.2", "pretty-format@30.0.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "react-is@19.1.0", "Name": "react-is", "Identifier": { "PURL": "pkg:npm/react-is@19.1.0", "UID": "aa8b1aa137da0e2", "BOMRef": "pkg:npm/react-is@19.1.0" }, "Version": "19.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "@mui/material@5.17.1", "@mui/material@7.2.0", "@mui/utils@5.17.1", "@mui/utils@7.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "react-refresh@0.17.0", "Name": "react-refresh", "Identifier": { "PURL": "pkg:npm/react-refresh@0.17.0", "UID": "6766dd2f8a4d9a72", "BOMRef": "pkg:npm/react-refresh@0.17.0" }, "Version": "0.17.0", "Licenses": [ "MIT" ], "DependsOn": [ "@vitejs/plugin-react@4.6.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "react-resizable-panels@0.0.51", "Name": "react-resizable-panels", "Identifier": { "PURL": "pkg:npm/react-resizable-panels@0.0.51", "UID": "5d51e1d0fff071b6", "BOMRef": "pkg:npm/react-resizable-panels@0.0.51" }, "Version": "0.0.51", "Licenses": [ "MIT" ], "DependsOn": [ "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "react-router@6.30.1", "Name": "react-router", "Identifier": { "PURL": "pkg:npm/react-router@6.30.1", "UID": "e551d39035993c1f", "BOMRef": "pkg:npm/react-router@6.30.1" }, "Version": "6.30.1", "Licenses": [ "MIT" ], "DependsOn": [ "react-router-dom@6.30.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "react-router-dom@6.30.1", "Name": "react-router-dom", "Identifier": { "PURL": "pkg:npm/react-router-dom@6.30.1", "UID": "a65b3f5eeec00537", "BOMRef": "pkg:npm/react-router-dom@6.30.1" }, "Version": "6.30.1", "Licenses": [ "MIT" ], "DependsOn": [ "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "react-simple-code-editor@0.13.1", "Name": "react-simple-code-editor", "Identifier": { "PURL": "pkg:npm/react-simple-code-editor@0.13.1", "UID": "d003d261de20e88d", "BOMRef": "pkg:npm/react-simple-code-editor@0.13.1" }, "Version": "0.13.1", "Licenses": [ "MIT" ], "DependsOn": [ "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "react-transition-group@4.4.5", "Name": "react-transition-group", "Identifier": { "PURL": "pkg:npm/react-transition-group@4.4.5", "UID": "18eedb05e32b8c95", "BOMRef": "pkg:npm/react-transition-group@4.4.5" }, "Version": "4.4.5", "Licenses": [ "BSD-3-Clause" ], "DependsOn": [ "@mui/material@5.17.1", "@mui/material@7.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "redent@3.0.0", "Name": "redent", "Identifier": { "PURL": "pkg:npm/redent@3.0.0", "UID": "172d35b683025cdd", "BOMRef": "pkg:npm/redent@3.0.0" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "@testing-library/jest-dom@5.17.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "reflect.getprototypeof@1.0.10", "Name": "reflect.getprototypeof", "Identifier": { "PURL": "pkg:npm/reflect.getprototypeof@1.0.10", "UID": "e976cff8f1207b5d", "BOMRef": "pkg:npm/reflect.getprototypeof@1.0.10" }, "Version": "1.0.10", "Licenses": [ "MIT" ], "DependsOn": [ "typed-array-byte-offset@1.0.4", "typed-array-length@1.0.7" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "regexp.prototype.flags@1.5.4", "Name": "regexp.prototype.flags", "Identifier": { "PURL": "pkg:npm/regexp.prototype.flags@1.5.4", "UID": "3e666f63d3c7be42", "BOMRef": "pkg:npm/regexp.prototype.flags@1.5.4" }, "Version": "1.5.4", "Licenses": [ "MIT" ], "DependsOn": [ "deep-equal@2.2.3", "es-abstract@1.24.0", "string.prototype.matchall@4.0.12" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "remark-mdx@2.3.0", "Name": "remark-mdx", "Identifier": { "PURL": "pkg:npm/remark-mdx@2.3.0", "UID": "498c3b99b78b03a7", "BOMRef": "pkg:npm/remark-mdx@2.3.0" }, "Version": "2.3.0", "Licenses": [ "MIT" ], "DependsOn": [ "@mdx-js/mdx@2.3.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "remark-parse@10.0.2", "Name": "remark-parse", "Identifier": { "PURL": "pkg:npm/remark-parse@10.0.2", "UID": "2cc7b5a62d6d4b91", "BOMRef": "pkg:npm/remark-parse@10.0.2" }, "Version": "10.0.2", "Licenses": [ "MIT" ], "DependsOn": [ "@mdx-js/mdx@2.3.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "remark-rehype@10.1.0", "Name": "remark-rehype", "Identifier": { "PURL": "pkg:npm/remark-rehype@10.1.0", "UID": "e90eae8df8608a03", "BOMRef": "pkg:npm/remark-rehype@10.1.0" }, "Version": "10.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "@mdx-js/mdx@2.3.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "requires-port@1.0.0", "Name": "requires-port", "Identifier": { "PURL": "pkg:npm/requires-port@1.0.0", "UID": "ab4629417488f66a", "BOMRef": "pkg:npm/requires-port@1.0.0" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "url-parse@1.5.10" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "reselect@5.1.1", "Name": "reselect", "Identifier": { "PURL": "pkg:npm/reselect@5.1.1", "UID": "ec2147e71f93eec", "BOMRef": "pkg:npm/reselect@5.1.1" }, "Version": "5.1.1", "Licenses": [ "MIT" ], "DependsOn": [ "@mui/x-data-grid@7.29.8" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "resize-observer-polyfill@1.5.0", "Name": "resize-observer-polyfill", "Identifier": { "PURL": "pkg:npm/resize-observer-polyfill@1.5.0", "UID": "599477bade535881", "BOMRef": "pkg:npm/resize-observer-polyfill@1.5.0" }, "Version": "1.5.0", "Licenses": [ "MIT" ], "DependsOn": [ "react-archer@4.4.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "resolve@1.22.10", "Name": "resolve", "Identifier": { "PURL": "pkg:npm/resolve@1.22.10", "UID": "a42c7e49c25179fc", "BOMRef": "pkg:npm/resolve@1.22.10" }, "Version": "1.22.10", "Licenses": [ "MIT" ], "DependsOn": [ "babel-plugin-macros@3.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "resolve@2.0.0-next.5", "Name": "resolve", "Identifier": { "PURL": "pkg:npm/resolve@2.0.0-next.5", "UID": "88f42c22db0cee1f", "BOMRef": "pkg:npm/resolve@2.0.0-next.5" }, "Version": "2.0.0-next.5", "Licenses": [ "MIT" ], "DependsOn": [ "eslint-plugin-react@7.37.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "resolve-from@4.0.0", "Name": "resolve-from", "Identifier": { "PURL": "pkg:npm/resolve-from@4.0.0", "UID": "9dad3ac7611c80a6", "BOMRef": "pkg:npm/resolve-from@4.0.0" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "import-fresh@3.3.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "retry@0.13.1", "Name": "retry", "Identifier": { "PURL": "pkg:npm/retry@0.13.1", "UID": "d588577fcfb45e23", "BOMRef": "pkg:npm/retry@0.13.1" }, "Version": "0.13.1", "Licenses": [ "MIT" ], "DependsOn": [ "p-retry@6.2.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "reusify@1.1.0", "Name": "reusify", "Identifier": { "PURL": "pkg:npm/reusify@1.1.0", "UID": "aef4b6e18c137fbd", "BOMRef": "pkg:npm/reusify@1.1.0" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "fastq@1.19.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "rimraf@3.0.2", "Name": "rimraf", "Identifier": { "PURL": "pkg:npm/rimraf@3.0.2", "UID": "88127b615d52ed44", "BOMRef": "pkg:npm/rimraf@3.0.2" }, "Version": "3.0.2", "Licenses": [ "ISC" ], "DependsOn": [ "flat-cache@3.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "rollup@2.79.2", "Name": "rollup", "Identifier": { "PURL": "pkg:npm/rollup@2.79.2", "UID": "b50113f8348303e2", "BOMRef": "pkg:npm/rollup@2.79.2" }, "Version": "2.79.2", "Licenses": [ "MIT" ], "DependsOn": [ "vite-plugin-eslint@1.8.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "rollup@4.44.2", "Name": "rollup", "Identifier": { "PURL": "pkg:npm/rollup@4.44.2", "UID": "ac6774b2279320b6", "BOMRef": "pkg:npm/rollup@4.44.2" }, "Version": "4.44.2", "Licenses": [ "MIT" ], "DependsOn": [ "@mdx-js/rollup@2.3.0", "@rollup/pluginutils@5.2.0", "vite@6.4.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "rrweb-cssom@0.6.0", "Name": "rrweb-cssom", "Identifier": { "PURL": "pkg:npm/rrweb-cssom@0.6.0", "UID": "398821ae2f4e2a70", "BOMRef": "pkg:npm/rrweb-cssom@0.6.0" }, "Version": "0.6.0", "Licenses": [ "MIT" ], "DependsOn": [ "cssstyle@3.0.0", "jsdom@22.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "run-parallel@1.2.0", "Name": "run-parallel", "Identifier": { "PURL": "pkg:npm/run-parallel@1.2.0", "UID": "79d413bcf8decffa", "BOMRef": "pkg:npm/run-parallel@1.2.0" }, "Version": "1.2.0", "Licenses": [ "MIT" ], "DependsOn": [ "@nodelib/fs.scandir@2.1.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "sade@1.8.1", "Name": "sade", "Identifier": { "PURL": "pkg:npm/sade@1.8.1", "UID": "1869b651050825c7", "BOMRef": "pkg:npm/sade@1.8.1" }, "Version": "1.8.1", "Licenses": [ "MIT" ], "DependsOn": [ "uvu@0.5.6" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "safe-array-concat@1.1.3", "Name": "safe-array-concat", "Identifier": { "PURL": "pkg:npm/safe-array-concat@1.1.3", "UID": "b68fc1feb522033e", "BOMRef": "pkg:npm/safe-array-concat@1.1.3" }, "Version": "1.1.3", "Licenses": [ "MIT" ], "DependsOn": [ "es-abstract@1.24.0", "es-iterator-helpers@1.2.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "safe-push-apply@1.0.0", "Name": "safe-push-apply", "Identifier": { "PURL": "pkg:npm/safe-push-apply@1.0.0", "UID": "96b04938bfcb143f", "BOMRef": "pkg:npm/safe-push-apply@1.0.0" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "es-abstract@1.24.0", "own-keys@1.0.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "safe-regex-test@1.1.0", "Name": "safe-regex-test", "Identifier": { "PURL": "pkg:npm/safe-regex-test@1.1.0", "UID": "b7ecf7852b01de85", "BOMRef": "pkg:npm/safe-regex-test@1.1.0" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "es-abstract@1.24.0", "is-async-function@2.1.1", "is-generator-function@1.1.0", "is-symbol@1.1.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "safer-buffer@2.1.2", "Name": "safer-buffer", "Identifier": { "PURL": "pkg:npm/safer-buffer@2.1.2", "UID": "4c3db0add76e8284", "BOMRef": "pkg:npm/safer-buffer@2.1.2" }, "Version": "2.1.2", "Licenses": [ "MIT" ], "DependsOn": [ "iconv-lite@0.6.3" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "saxes@6.0.0", "Name": "saxes", "Identifier": { "PURL": "pkg:npm/saxes@6.0.0", "UID": "20f9097648fba833", "BOMRef": "pkg:npm/saxes@6.0.0" }, "Version": "6.0.0", "Licenses": [ "ISC" ], "DependsOn": [ "jsdom@22.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "scheduler@0.23.2", "Name": "scheduler", "Identifier": { "PURL": "pkg:npm/scheduler@0.23.2", "UID": "4d4ab7b205a05bcf", "BOMRef": "pkg:npm/scheduler@0.23.2" }, "Version": "0.23.2", "Licenses": [ "MIT" ], "DependsOn": [ "react-dom@18.3.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "semver@6.3.1", "Name": "semver", "Identifier": { "PURL": "pkg:npm/semver@6.3.1", "UID": "2ba38aa37d2c9816", "BOMRef": "pkg:npm/semver@6.3.1" }, "Version": "6.3.1", "Licenses": [ "ISC" ], "DependsOn": [ "@babel/core@7.28.0", "@babel/helper-compilation-targets@7.27.2", "eslint-plugin-react@7.37.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "set-function-length@1.2.2", "Name": "set-function-length", "Identifier": { "PURL": "pkg:npm/set-function-length@1.2.2", "UID": "d4fe209bece8d899", "BOMRef": "pkg:npm/set-function-length@1.2.2" }, "Version": "1.2.2", "Licenses": [ "MIT" ], "DependsOn": [ "call-bind@1.0.8" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "set-function-name@2.0.2", "Name": "set-function-name", "Identifier": { "PURL": "pkg:npm/set-function-name@2.0.2", "UID": "7d0f857041363dfa", "BOMRef": "pkg:npm/set-function-name@2.0.2" }, "Version": "2.0.2", "Licenses": [ "MIT" ], "DependsOn": [ "iterator.prototype@1.1.5", "regexp.prototype.flags@1.5.4", "string.prototype.matchall@4.0.12" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "set-proto@1.0.0", "Name": "set-proto", "Identifier": { "PURL": "pkg:npm/set-proto@1.0.0", "UID": "426b98fa97caf5a3", "BOMRef": "pkg:npm/set-proto@1.0.0" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "es-abstract@1.24.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "shallow-equal@3.1.0", "Name": "shallow-equal", "Identifier": { "PURL": "pkg:npm/shallow-equal@3.1.0", "UID": "de3b879f7117d623", "BOMRef": "pkg:npm/shallow-equal@3.1.0" }, "Version": "3.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "@uppy/dashboard@4.3.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "shebang-command@2.0.0", "Name": "shebang-command", "Identifier": { "PURL": "pkg:npm/shebang-command@2.0.0", "UID": "3f608fae573fc478", "BOMRef": "pkg:npm/shebang-command@2.0.0" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "cross-spawn@7.0.6" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "shebang-regex@3.0.0", "Name": "shebang-regex", "Identifier": { "PURL": "pkg:npm/shebang-regex@3.0.0", "UID": "f0754133b1e0f754", "BOMRef": "pkg:npm/shebang-regex@3.0.0" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "shebang-command@2.0.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "side-channel@1.1.0", "Name": "side-channel", "Identifier": { "PURL": "pkg:npm/side-channel@1.1.0", "UID": "89269cbc12197b0f", "BOMRef": "pkg:npm/side-channel@1.1.0" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "deep-equal@2.2.3", "internal-slot@1.1.0", "string.prototype.matchall@4.0.12" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "side-channel-list@1.0.0", "Name": "side-channel-list", "Identifier": { "PURL": "pkg:npm/side-channel-list@1.0.0", "UID": "942210a9fbf93f4e", "BOMRef": "pkg:npm/side-channel-list@1.0.0" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "side-channel@1.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "side-channel-map@1.0.1", "Name": "side-channel-map", "Identifier": { "PURL": "pkg:npm/side-channel-map@1.0.1", "UID": "14dfd6222f29e84f", "BOMRef": "pkg:npm/side-channel-map@1.0.1" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "side-channel-weakmap@1.0.2", "side-channel@1.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "side-channel-weakmap@1.0.2", "Name": "side-channel-weakmap", "Identifier": { "PURL": "pkg:npm/side-channel-weakmap@1.0.2", "UID": "d690e735e0a724da", "BOMRef": "pkg:npm/side-channel-weakmap@1.0.2" }, "Version": "1.0.2", "Licenses": [ "MIT" ], "DependsOn": [ "side-channel@1.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "siginfo@2.0.0", "Name": "siginfo", "Identifier": { "PURL": "pkg:npm/siginfo@2.0.0", "UID": "743e3a3460ea8469", "BOMRef": "pkg:npm/siginfo@2.0.0" }, "Version": "2.0.0", "Licenses": [ "ISC" ], "DependsOn": [ "why-is-node-running@2.3.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "slash@3.0.0", "Name": "slash", "Identifier": { "PURL": "pkg:npm/slash@3.0.0", "UID": "8acaaf50a0c01cba", "BOMRef": "pkg:npm/slash@3.0.0" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "jest-message-util@30.0.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "snake-case@3.0.4", "Name": "snake-case", "Identifier": { "PURL": "pkg:npm/snake-case@3.0.4", "UID": "dfa5f4c49216b332", "BOMRef": "pkg:npm/snake-case@3.0.4" }, "Version": "3.0.4", "Licenses": [ "MIT" ], "DependsOn": [ "@svgr/core@8.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "source-map@0.5.7", "Name": "source-map", "Identifier": { "PURL": "pkg:npm/source-map@0.5.7", "UID": "aa260468bd26323d", "BOMRef": "pkg:npm/source-map@0.5.7" }, "Version": "0.5.7", "Licenses": [ "BSD-3-Clause" ], "DependsOn": [ "@emotion/babel-plugin@11.13.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "source-map@0.7.4", "Name": "source-map", "Identifier": { "PURL": "pkg:npm/source-map@0.7.4", "UID": "ea0c744bf0e746d3", "BOMRef": "30bc49f9-9a82-4d8c-b8f1-a75eba686c8b" }, "Version": "0.7.4", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "source-map@0.7.4", "Name": "source-map", "Identifier": { "PURL": "pkg:npm/source-map@0.7.4", "UID": "528a2ae96f6f45b", "BOMRef": "3ce381d6-5ff4-4f3c-a3d9-4db201a701ba" }, "Version": "0.7.4", "Licenses": [ "BSD-3-Clause" ], "DependsOn": [ "@mdx-js/rollup@2.3.0", "estree-util-to-js@1.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "source-map-js@1.2.1", "Name": "source-map-js", "Identifier": { "PURL": "pkg:npm/source-map-js@1.2.1", "UID": "18043cfa3a876d02", "BOMRef": "pkg:npm/source-map-js@1.2.1" }, "Version": "1.2.1", "Licenses": [ "BSD-3-Clause" ], "DependsOn": [ "@tailwindcss/node@4.1.11", "postcss@8.5.6" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "space-separated-tokens@2.0.2", "Name": "space-separated-tokens", "Identifier": { "PURL": "pkg:npm/space-separated-tokens@2.0.2", "UID": "5e12f89475580bfa", "BOMRef": "pkg:npm/space-separated-tokens@2.0.2" }, "Version": "2.0.2", "Licenses": [ "MIT" ], "DependsOn": [ "hast-util-to-estree@2.3.3" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "stack-utils@2.0.6", "Name": "stack-utils", "Identifier": { "PURL": "pkg:npm/stack-utils@2.0.6", "UID": "7c2b5b7917235e31", "BOMRef": "pkg:npm/stack-utils@2.0.6" }, "Version": "2.0.6", "Licenses": [ "MIT" ], "DependsOn": [ "jest-message-util@30.0.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "stackback@0.0.2", "Name": "stackback", "Identifier": { "PURL": "pkg:npm/stackback@0.0.2", "UID": "953150e1c9f8a6f4", "BOMRef": "pkg:npm/stackback@0.0.2" }, "Version": "0.0.2", "Licenses": [ "MIT" ], "DependsOn": [ "why-is-node-running@2.3.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "state-local@1.0.7", "Name": "state-local", "Identifier": { "PURL": "pkg:npm/state-local@1.0.7", "UID": "5030117be13b23d9", "BOMRef": "pkg:npm/state-local@1.0.7" }, "Version": "1.0.7", "Licenses": [ "MIT" ], "DependsOn": [ "@monaco-editor/loader@1.5.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "std-env@3.9.0", "Name": "std-env", "Identifier": { "PURL": "pkg:npm/std-env@3.9.0", "UID": "660a00a68b32b407", "BOMRef": "pkg:npm/std-env@3.9.0" }, "Version": "3.9.0", "Licenses": [ "MIT" ], "DependsOn": [ "vitest@3.2.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "stop-iteration-iterator@1.1.0", "Name": "stop-iteration-iterator", "Identifier": { "PURL": "pkg:npm/stop-iteration-iterator@1.1.0", "UID": "cb261083d15662c0", "BOMRef": "pkg:npm/stop-iteration-iterator@1.1.0" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "es-abstract@1.24.0", "es-get-iterator@1.1.3" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "string.prototype.matchall@4.0.12", "Name": "string.prototype.matchall", "Identifier": { "PURL": "pkg:npm/string.prototype.matchall@4.0.12", "UID": "e264e656eb55214", "BOMRef": "pkg:npm/string.prototype.matchall@4.0.12" }, "Version": "4.0.12", "Licenses": [ "MIT" ], "DependsOn": [ "eslint-plugin-react@7.37.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "string.prototype.repeat@1.0.0", "Name": "string.prototype.repeat", "Identifier": { "PURL": "pkg:npm/string.prototype.repeat@1.0.0", "UID": "c47dcef69413a93f", "BOMRef": "pkg:npm/string.prototype.repeat@1.0.0" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "eslint-plugin-react@7.37.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "string.prototype.trim@1.2.10", "Name": "string.prototype.trim", "Identifier": { "PURL": "pkg:npm/string.prototype.trim@1.2.10", "UID": "807cf00c56f8a5e", "BOMRef": "pkg:npm/string.prototype.trim@1.2.10" }, "Version": "1.2.10", "Licenses": [ "MIT" ], "DependsOn": [ "es-abstract@1.24.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "string.prototype.trimend@1.0.9", "Name": "string.prototype.trimend", "Identifier": { "PURL": "pkg:npm/string.prototype.trimend@1.0.9", "UID": "8f10976df12f0e0a", "BOMRef": "pkg:npm/string.prototype.trimend@1.0.9" }, "Version": "1.0.9", "Licenses": [ "MIT" ], "DependsOn": [ "es-abstract@1.24.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "string.prototype.trimstart@1.0.8", "Name": "string.prototype.trimstart", "Identifier": { "PURL": "pkg:npm/string.prototype.trimstart@1.0.8", "UID": "a4601a7f6cebba23", "BOMRef": "pkg:npm/string.prototype.trimstart@1.0.8" }, "Version": "1.0.8", "Licenses": [ "MIT" ], "DependsOn": [ "es-abstract@1.24.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "stringify-entities@4.0.4", "Name": "stringify-entities", "Identifier": { "PURL": "pkg:npm/stringify-entities@4.0.4", "UID": "5accddefb45be45f", "BOMRef": "pkg:npm/stringify-entities@4.0.4" }, "Version": "4.0.4", "Licenses": [ "MIT" ], "DependsOn": [ "mdast-util-mdx-jsx@2.1.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "strip-ansi@6.0.1", "Name": "strip-ansi", "Identifier": { "PURL": "pkg:npm/strip-ansi@6.0.1", "UID": "801101071304deee", "BOMRef": "pkg:npm/strip-ansi@6.0.1" }, "Version": "6.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "eslint@8.57.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "strip-indent@3.0.0", "Name": "strip-indent", "Identifier": { "PURL": "pkg:npm/strip-indent@3.0.0", "UID": "37d4618182b13ef8", "BOMRef": "pkg:npm/strip-indent@3.0.0" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "redent@3.0.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "strip-json-comments@3.1.1", "Name": "strip-json-comments", "Identifier": { "PURL": "pkg:npm/strip-json-comments@3.1.1", "UID": "8a0fc10ebbc0d035", "BOMRef": "pkg:npm/strip-json-comments@3.1.1" }, "Version": "3.1.1", "Licenses": [ "MIT" ], "DependsOn": [ "@eslint/eslintrc@2.1.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "strip-literal@3.0.0", "Name": "strip-literal", "Identifier": { "PURL": "pkg:npm/strip-literal@3.0.0", "UID": "13aea214ff7e016a", "BOMRef": "pkg:npm/strip-literal@3.0.0" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "@vitest/runner@3.2.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "style-to-object@0.4.4", "Name": "style-to-object", "Identifier": { "PURL": "pkg:npm/style-to-object@0.4.4", "UID": "83ef5122af243f68", "BOMRef": "pkg:npm/style-to-object@0.4.4" }, "Version": "0.4.4", "Licenses": [ "MIT" ], "DependsOn": [ "hast-util-to-estree@2.3.3" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "stylis@4.2.0", "Name": "stylis", "Identifier": { "PURL": "pkg:npm/stylis@4.2.0", "UID": "2b40131ce6a0b2d0", "BOMRef": "pkg:npm/stylis@4.2.0" }, "Version": "4.2.0", "Licenses": [ "MIT" ], "DependsOn": [ "@emotion/babel-plugin@11.13.5", "@emotion/cache@11.14.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "supports-color@7.2.0", "Name": "supports-color", "Identifier": { "PURL": "pkg:npm/supports-color@7.2.0", "UID": "14b6937cc4c3a735", "BOMRef": "pkg:npm/supports-color@7.2.0" }, "Version": "7.2.0", "Licenses": [ "MIT" ], "DependsOn": [ "chalk@3.0.0", "chalk@4.1.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "supports-preserve-symlinks-flag@1.0.0", "Name": "supports-preserve-symlinks-flag", "Identifier": { "PURL": "pkg:npm/supports-preserve-symlinks-flag@1.0.0", "UID": "d698b3cb1c8da76f", "BOMRef": "pkg:npm/supports-preserve-symlinks-flag@1.0.0" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "resolve@1.22.10", "resolve@2.0.0-next.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "svg-parser@2.0.4", "Name": "svg-parser", "Identifier": { "PURL": "pkg:npm/svg-parser@2.0.4", "UID": "4c8a0b12c16c440b", "BOMRef": "pkg:npm/svg-parser@2.0.4" }, "Version": "2.0.4", "Licenses": [ "MIT" ], "DependsOn": [ "@svgr/plugin-jsx@8.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "symbol-tree@3.2.4", "Name": "symbol-tree", "Identifier": { "PURL": "pkg:npm/symbol-tree@3.2.4", "UID": "321bd0373715de6b", "BOMRef": "pkg:npm/symbol-tree@3.2.4" }, "Version": "3.2.4", "Licenses": [ "MIT" ], "DependsOn": [ "jsdom@22.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "tailwindcss@4.1.11", "Name": "tailwindcss", "Identifier": { "PURL": "pkg:npm/tailwindcss@4.1.11", "UID": "534ba6b97c84d0f8", "BOMRef": "pkg:npm/tailwindcss@4.1.11" }, "Version": "4.1.11", "Licenses": [ "MIT" ], "DependsOn": [ "@tailwindcss/cli@4.1.11", "@tailwindcss/node@4.1.11", "@uppy/components@0.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "tapable@2.2.2", "Name": "tapable", "Identifier": { "PURL": "pkg:npm/tapable@2.2.2", "UID": "d99d20d700137c15", "BOMRef": "pkg:npm/tapable@2.2.2" }, "Version": "2.2.2", "Licenses": [ "MIT" ], "DependsOn": [ "enhanced-resolve@5.18.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "tar@7.4.3", "Name": "tar", "Identifier": { "PURL": "pkg:npm/tar@7.4.3", "UID": "8bfcd00e66b934fe", "BOMRef": "pkg:npm/tar@7.4.3" }, "Version": "7.4.3", "Licenses": [ "ISC" ], "DependsOn": [ "@tailwindcss/oxide@4.1.11" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "text-table@0.2.0", "Name": "text-table", "Identifier": { "PURL": "pkg:npm/text-table@0.2.0", "UID": "4542f5bc53788965", "BOMRef": "pkg:npm/text-table@0.2.0" }, "Version": "0.2.0", "Licenses": [ "MIT" ], "DependsOn": [ "eslint@8.57.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "tinybench@2.9.0", "Name": "tinybench", "Identifier": { "PURL": "pkg:npm/tinybench@2.9.0", "UID": "4ae96a9aa2c0137a", "BOMRef": "pkg:npm/tinybench@2.9.0" }, "Version": "2.9.0", "Licenses": [ "MIT" ], "DependsOn": [ "vitest@3.2.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "tinycolor2@1.6.0", "Name": "tinycolor2", "Identifier": { "PURL": "pkg:npm/tinycolor2@1.6.0", "UID": "432ad04da42dd8be", "BOMRef": "pkg:npm/tinycolor2@1.6.0" }, "Version": "1.6.0", "Licenses": [ "MIT" ], "DependsOn": [ "canvas-color-tracker@1.3.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "tinyexec@0.3.2", "Name": "tinyexec", "Identifier": { "PURL": "pkg:npm/tinyexec@0.3.2", "UID": "e22143179c8c091b", "BOMRef": "pkg:npm/tinyexec@0.3.2" }, "Version": "0.3.2", "Licenses": [ "MIT" ], "DependsOn": [ "vitest@3.2.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "tinyglobby@0.2.14", "Name": "tinyglobby", "Identifier": { "PURL": "pkg:npm/tinyglobby@0.2.14", "UID": "fbcc74d62a5a40c9", "BOMRef": "pkg:npm/tinyglobby@0.2.14" }, "Version": "0.2.14", "Licenses": [ "MIT" ], "DependsOn": [ "vite@6.4.1", "vitest@3.2.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "tinypool@1.1.1", "Name": "tinypool", "Identifier": { "PURL": "pkg:npm/tinypool@1.1.1", "UID": "2e27cbbf1dedb698", "BOMRef": "pkg:npm/tinypool@1.1.1" }, "Version": "1.1.1", "Licenses": [ "MIT" ], "DependsOn": [ "vitest@3.2.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "tinyrainbow@2.0.0", "Name": "tinyrainbow", "Identifier": { "PURL": "pkg:npm/tinyrainbow@2.0.0", "UID": "f38996fe8c37ca8c", "BOMRef": "pkg:npm/tinyrainbow@2.0.0" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "@vitest/expect@3.2.4", "@vitest/pretty-format@3.2.4", "@vitest/utils@3.2.4", "vitest@3.2.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "tinyspy@4.0.3", "Name": "tinyspy", "Identifier": { "PURL": "pkg:npm/tinyspy@4.0.3", "UID": "ee4446bbd11e0176", "BOMRef": "pkg:npm/tinyspy@4.0.3" }, "Version": "4.0.3", "Licenses": [ "MIT" ], "DependsOn": [ "@vitest/spy@3.2.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "to-regex-range@5.0.1", "Name": "to-regex-range", "Identifier": { "PURL": "pkg:npm/to-regex-range@5.0.1", "UID": "a335dece9a5a2337", "BOMRef": "pkg:npm/to-regex-range@5.0.1" }, "Version": "5.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "fill-range@7.1.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "toggle-selection@1.0.6", "Name": "toggle-selection", "Identifier": { "PURL": "pkg:npm/toggle-selection@1.0.6", "UID": "9dd81189f0b450c4", "BOMRef": "pkg:npm/toggle-selection@1.0.6" }, "Version": "1.0.6", "Licenses": [ "MIT" ], "DependsOn": [ "copy-to-clipboard@3.3.3" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "tough-cookie@4.1.4", "Name": "tough-cookie", "Identifier": { "PURL": "pkg:npm/tough-cookie@4.1.4", "UID": "6ad1bfdf9a7388ae", "BOMRef": "pkg:npm/tough-cookie@4.1.4" }, "Version": "4.1.4", "Licenses": [ "BSD-3-Clause" ], "DependsOn": [ "jsdom@22.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "tr46@4.1.1", "Name": "tr46", "Identifier": { "PURL": "pkg:npm/tr46@4.1.1", "UID": "a26e905f1212558d", "BOMRef": "pkg:npm/tr46@4.1.1" }, "Version": "4.1.1", "Licenses": [ "MIT" ], "DependsOn": [ "whatwg-url@12.0.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "trim-lines@3.0.1", "Name": "trim-lines", "Identifier": { "PURL": "pkg:npm/trim-lines@3.0.1", "UID": "e2a4fe50f956a066", "BOMRef": "pkg:npm/trim-lines@3.0.1" }, "Version": "3.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "mdast-util-to-hast@12.3.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "trough@2.2.0", "Name": "trough", "Identifier": { "PURL": "pkg:npm/trough@2.2.0", "UID": "48488431bd3d6a1e", "BOMRef": "pkg:npm/trough@2.2.0" }, "Version": "2.2.0", "Licenses": [ "MIT" ], "DependsOn": [ "unified@10.1.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "tslib@2.8.1", "Name": "tslib", "Identifier": { "PURL": "pkg:npm/tslib@2.8.1", "UID": "cc2041f5f8cf0b61", "BOMRef": "pkg:npm/tslib@2.8.1" }, "Version": "2.8.1", "Licenses": [ "0BSD" ], "DependsOn": [ "dot-case@3.0.4", "lower-case@2.0.2", "no-case@3.0.4", "snake-case@3.0.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "type-check@0.4.0", "Name": "type-check", "Identifier": { "PURL": "pkg:npm/type-check@0.4.0", "UID": "678c687f4956536b", "BOMRef": "pkg:npm/type-check@0.4.0" }, "Version": "0.4.0", "Licenses": [ "MIT" ], "DependsOn": [ "levn@0.4.1", "optionator@0.9.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "type-fest@0.20.2", "Name": "type-fest", "Identifier": { "PURL": "pkg:npm/type-fest@0.20.2", "UID": "d8cfdb63e8c9e4fd", "BOMRef": "pkg:npm/type-fest@0.20.2" }, "Version": "0.20.2", "Licenses": [ "MIT OR CC0-1.0" ], "DependsOn": [ "globals@13.24.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "typed-array-buffer@1.0.3", "Name": "typed-array-buffer", "Identifier": { "PURL": "pkg:npm/typed-array-buffer@1.0.3", "UID": "3984dd8bfe201726", "BOMRef": "pkg:npm/typed-array-buffer@1.0.3" }, "Version": "1.0.3", "Licenses": [ "MIT" ], "DependsOn": [ "es-abstract@1.24.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "typed-array-byte-length@1.0.3", "Name": "typed-array-byte-length", "Identifier": { "PURL": "pkg:npm/typed-array-byte-length@1.0.3", "UID": "efea4bd6774dfdc1", "BOMRef": "pkg:npm/typed-array-byte-length@1.0.3" }, "Version": "1.0.3", "Licenses": [ "MIT" ], "DependsOn": [ "es-abstract@1.24.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "typed-array-byte-offset@1.0.4", "Name": "typed-array-byte-offset", "Identifier": { "PURL": "pkg:npm/typed-array-byte-offset@1.0.4", "UID": "b8eb0e459fa07b71", "BOMRef": "pkg:npm/typed-array-byte-offset@1.0.4" }, "Version": "1.0.4", "Licenses": [ "MIT" ], "DependsOn": [ "es-abstract@1.24.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "typed-array-length@1.0.7", "Name": "typed-array-length", "Identifier": { "PURL": "pkg:npm/typed-array-length@1.0.7", "UID": "78078974a4868493", "BOMRef": "pkg:npm/typed-array-length@1.0.7" }, "Version": "1.0.7", "Licenses": [ "MIT" ], "DependsOn": [ "es-abstract@1.24.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "typescript@5.8.3", "Name": "typescript", "Identifier": { "PURL": "pkg:npm/typescript@5.8.3", "UID": "97da21c8defc10bd", "BOMRef": "pkg:npm/typescript@5.8.3" }, "Version": "5.8.3", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "@qdrant/js-client-rest@1.15.1", "cosmiconfig@8.3.6" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "unbox-primitive@1.1.0", "Name": "unbox-primitive", "Identifier": { "PURL": "pkg:npm/unbox-primitive@1.1.0", "UID": "4b4a9b8594586fad", "BOMRef": "pkg:npm/unbox-primitive@1.1.0" }, "Version": "1.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "es-abstract@1.24.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "undici@6.21.3", "Name": "undici", "Identifier": { "PURL": "pkg:npm/undici@6.21.3", "UID": "169b8c052eb1d39c", "BOMRef": "pkg:npm/undici@6.21.3" }, "Version": "6.21.3", "Licenses": [ "MIT" ], "DependsOn": [ "@qdrant/js-client-rest@1.15.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "undici-types@7.8.0", "Name": "undici-types", "Identifier": { "PURL": "pkg:npm/undici-types@7.8.0", "UID": "21148d3d058523ff", "BOMRef": "pkg:npm/undici-types@7.8.0" }, "Version": "7.8.0", "Licenses": [ "MIT" ], "DependsOn": [ "@types/node@24.0.10" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "unified@10.1.2", "Name": "unified", "Identifier": { "PURL": "pkg:npm/unified@10.1.2", "UID": "256c2bb133345c17", "BOMRef": "pkg:npm/unified@10.1.2" }, "Version": "10.1.2", "Licenses": [ "MIT" ], "DependsOn": [ "@mdx-js/mdx@2.3.0", "remark-parse@10.0.2", "remark-rehype@10.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "unist-util-generated@2.0.1", "Name": "unist-util-generated", "Identifier": { "PURL": "pkg:npm/unist-util-generated@2.0.1", "UID": "38dffebd9ae1b768", "BOMRef": "pkg:npm/unist-util-generated@2.0.1" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "mdast-util-to-hast@12.3.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "unist-util-is@5.2.1", "Name": "unist-util-is", "Identifier": { "PURL": "pkg:npm/unist-util-is@5.2.1", "UID": "14918507a652049", "BOMRef": "pkg:npm/unist-util-is@5.2.1" }, "Version": "5.2.1", "Licenses": [ "MIT" ], "DependsOn": [ "unist-util-visit-parents@5.1.3", "unist-util-visit-parents@5.1.3", "unist-util-visit-parents@5.1.3", "unist-util-visit-parents@5.1.3", "unist-util-visit-parents@5.1.3", "unist-util-visit@4.1.2", "unist-util-visit@4.1.2", "unist-util-visit@4.1.2", "unist-util-visit@4.1.2", "unist-util-visit@4.1.2", "mdast-util-phrasing@3.0.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "unist-util-is@6.0.0", "Name": "unist-util-is", "Identifier": { "PURL": "pkg:npm/unist-util-is@6.0.0", "UID": "41d1c6c41912535e", "BOMRef": "e1713029-798e-45bc-90a7-36d8f12481b1" }, "Version": "6.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "unist-util-visit-parents@6.0.1", "unist-util-visit@5.0.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "unist-util-is@6.0.0", "Name": "unist-util-is", "Identifier": { "PURL": "pkg:npm/unist-util-is@6.0.0", "UID": "cca4ee7fccb1eb3c", "BOMRef": "c37264c7-1e65-4cae-a48d-9e729bddf9df" }, "Version": "6.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "unist-util-position@4.0.4", "Name": "unist-util-position", "Identifier": { "PURL": "pkg:npm/unist-util-position@4.0.4", "UID": "a322cc7e123f37bf", "BOMRef": "pkg:npm/unist-util-position@4.0.4" }, "Version": "4.0.4", "Licenses": [ "MIT" ], "DependsOn": [ "hast-util-to-estree@2.3.3", "mdast-util-to-hast@12.3.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "unist-util-position-from-estree@1.1.2", "Name": "unist-util-position-from-estree", "Identifier": { "PURL": "pkg:npm/unist-util-position-from-estree@1.1.2", "UID": "ad392ac5a0b04f7a", "BOMRef": "pkg:npm/unist-util-position-from-estree@1.1.2" }, "Version": "1.1.2", "Licenses": [ "MIT" ], "DependsOn": [ "@mdx-js/mdx@2.3.0", "micromark-extension-mdxjs-esm@1.0.5", "micromark-factory-mdx-expression@1.0.9" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "unist-util-remove-position@4.0.2", "Name": "unist-util-remove-position", "Identifier": { "PURL": "pkg:npm/unist-util-remove-position@4.0.2", "UID": "d81ca78118fa0278", "BOMRef": "pkg:npm/unist-util-remove-position@4.0.2" }, "Version": "4.0.2", "Licenses": [ "MIT" ], "DependsOn": [ "mdast-util-mdx-jsx@2.1.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "unist-util-stringify-position@3.0.3", "Name": "unist-util-stringify-position", "Identifier": { "PURL": "pkg:npm/unist-util-stringify-position@3.0.3", "UID": "bf71a73cb36b1a66", "BOMRef": "pkg:npm/unist-util-stringify-position@3.0.3" }, "Version": "3.0.3", "Licenses": [ "MIT" ], "DependsOn": [ "@mdx-js/mdx@2.3.0", "mdast-util-from-markdown@1.3.1", "mdast-util-mdx-jsx@2.1.4", "vfile-message@3.1.4", "vfile@5.3.7" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "unist-util-visit@4.1.2", "Name": "unist-util-visit", "Identifier": { "PURL": "pkg:npm/unist-util-visit@4.1.2", "UID": "b8f737c011ef6e75", "BOMRef": "f84b3073-8d50-4ad3-9bb2-7184a9afb9a6" }, "Version": "4.1.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "unist-util-visit@4.1.2", "Name": "unist-util-visit", "Identifier": { "PURL": "pkg:npm/unist-util-visit@4.1.2", "UID": "ccb48727b37f700e", "BOMRef": "23fe7252-86b7-4cbe-8f96-00fd7952be42" }, "Version": "4.1.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "unist-util-visit@4.1.2", "Name": "unist-util-visit", "Identifier": { "PURL": "pkg:npm/unist-util-visit@4.1.2", "UID": "14c1d2468f8994b7", "BOMRef": "9a866145-2241-417a-b9b2-5a903c4dce93" }, "Version": "4.1.2", "Licenses": [ "MIT" ], "DependsOn": [ "@mdx-js/mdx@2.3.0", "mdast-util-definitions@5.1.2", "mdast-util-to-hast@12.3.0", "mdast-util-to-markdown@1.5.0", "unist-util-remove-position@4.0.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "unist-util-visit@4.1.2", "Name": "unist-util-visit", "Identifier": { "PURL": "pkg:npm/unist-util-visit@4.1.2", "UID": "5f4c2ee462697609", "BOMRef": "0e2ee6c9-b42e-4da9-8e34-ca3dad8bd15d" }, "Version": "4.1.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "unist-util-visit@4.1.2", "Name": "unist-util-visit", "Identifier": { "PURL": "pkg:npm/unist-util-visit@4.1.2", "UID": "76755d52838e3cf", "BOMRef": "2e4596f5-5fd9-4e00-b3ce-eb1635428796" }, "Version": "4.1.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "unist-util-visit@5.0.0", "Name": "unist-util-visit", "Identifier": { "PURL": "pkg:npm/unist-util-visit@5.0.0", "UID": "e324b998a5a577a1", "BOMRef": "pkg:npm/unist-util-visit@5.0.0" }, "Version": "5.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "unist-util-visit-parents@5.1.3", "Name": "unist-util-visit-parents", "Identifier": { "PURL": "pkg:npm/unist-util-visit-parents@5.1.3", "UID": "41f46ac75362f69b", "BOMRef": "ca05fb58-5311-46d9-8017-6ad6347cf174" }, "Version": "5.1.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "unist-util-visit-parents@5.1.3", "Name": "unist-util-visit-parents", "Identifier": { "PURL": "pkg:npm/unist-util-visit-parents@5.1.3", "UID": "e8a3a4c2e2a20310", "BOMRef": "4692cc73-b735-4200-b0fc-49a8f7e88c09" }, "Version": "5.1.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "unist-util-visit-parents@5.1.3", "Name": "unist-util-visit-parents", "Identifier": { "PURL": "pkg:npm/unist-util-visit-parents@5.1.3", "UID": "f081f7854f907876", "BOMRef": "0205adea-3998-4297-b6d0-b681fe3f4773" }, "Version": "5.1.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "unist-util-visit-parents@5.1.3", "Name": "unist-util-visit-parents", "Identifier": { "PURL": "pkg:npm/unist-util-visit-parents@5.1.3", "UID": "b023f09983c1ff48", "BOMRef": "ebda730d-9cee-4357-a311-40f2218a9b9f" }, "Version": "5.1.3", "Licenses": [ "MIT" ], "DependsOn": [ "unist-util-visit@4.1.2", "unist-util-visit@4.1.2", "unist-util-visit@4.1.2", "unist-util-visit@4.1.2", "unist-util-visit@4.1.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "unist-util-visit-parents@5.1.3", "Name": "unist-util-visit-parents", "Identifier": { "PURL": "pkg:npm/unist-util-visit-parents@5.1.3", "UID": "cc7a9e2d125931bf", "BOMRef": "8a35484e-3754-489b-b3dd-897bf01ecdd5" }, "Version": "5.1.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "unist-util-visit-parents@6.0.1", "Name": "unist-util-visit-parents", "Identifier": { "PURL": "pkg:npm/unist-util-visit-parents@6.0.1", "UID": "dab7a497bb36e818", "BOMRef": "pkg:npm/unist-util-visit-parents@6.0.1" }, "Version": "6.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "unist-util-visit@5.0.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "universalify@0.2.0", "Name": "universalify", "Identifier": { "PURL": "pkg:npm/universalify@0.2.0", "UID": "415da463bb2e9c08", "BOMRef": "pkg:npm/universalify@0.2.0" }, "Version": "0.2.0", "Licenses": [ "MIT" ], "DependsOn": [ "tough-cookie@4.1.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "update-browserslist-db@1.1.3", "Name": "update-browserslist-db", "Identifier": { "PURL": "pkg:npm/update-browserslist-db@1.1.3", "UID": "ed7a5b579a5a9942", "BOMRef": "pkg:npm/update-browserslist-db@1.1.3" }, "Version": "1.1.3", "Licenses": [ "MIT" ], "DependsOn": [ "browserslist@4.25.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "uri-js@4.4.1", "Name": "uri-js", "Identifier": { "PURL": "pkg:npm/uri-js@4.4.1", "UID": "9c95da890cf3673b", "BOMRef": "pkg:npm/uri-js@4.4.1" }, "Version": "4.4.1", "Licenses": [ "BSD-2-Clause" ], "DependsOn": [ "ajv@6.12.6" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "url-parse@1.5.10", "Name": "url-parse", "Identifier": { "PURL": "pkg:npm/url-parse@1.5.10", "UID": "649c833b84cdc2b3", "BOMRef": "pkg:npm/url-parse@1.5.10" }, "Version": "1.5.10", "Licenses": [ "MIT" ], "DependsOn": [ "tough-cookie@4.1.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "use-sync-external-store@1.5.0", "Name": "use-sync-external-store", "Identifier": { "PURL": "pkg:npm/use-sync-external-store@1.5.0", "UID": "6d6796d929a1d4cd", "BOMRef": "pkg:npm/use-sync-external-store@1.5.0" }, "Version": "1.5.0", "Licenses": [ "MIT" ], "DependsOn": [ "@mui/x-data-grid@7.29.8", "@uppy/react@4.4.0", "zustand@4.5.7" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "uvu@0.5.6", "Name": "uvu", "Identifier": { "PURL": "pkg:npm/uvu@0.5.6", "UID": "541c7a20793079ee", "BOMRef": "pkg:npm/uvu@0.5.6" }, "Version": "0.5.6", "Licenses": [ "MIT" ], "DependsOn": [ "mdast-util-from-markdown@1.3.1", "micromark-core-commonmark@1.1.0", "micromark-extension-mdx-expression@1.0.8", "micromark-extension-mdx-jsx@1.0.5", "micromark-extension-mdxjs-esm@1.0.5", "micromark-factory-label@1.1.0", "micromark-factory-mdx-expression@1.0.9", "micromark-util-events-to-acorn@1.2.3", "micromark-util-subtokenize@1.1.0", "micromark@3.2.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "vfile@5.3.7", "Name": "vfile", "Identifier": { "PURL": "pkg:npm/vfile@5.3.7", "UID": "f959d86956faeafd", "BOMRef": "pkg:npm/vfile@5.3.7" }, "Version": "5.3.7", "Licenses": [ "MIT" ], "DependsOn": [ "@mdx-js/mdx@2.3.0", "@mdx-js/rollup@2.3.0", "unified@10.1.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "vfile-message@3.1.4", "Name": "vfile-message", "Identifier": { "PURL": "pkg:npm/vfile-message@3.1.4", "UID": "60ee5f4d21fd0a6a", "BOMRef": "pkg:npm/vfile-message@3.1.4" }, "Version": "3.1.4", "Licenses": [ "MIT" ], "DependsOn": [ "mdast-util-mdx-jsx@2.1.4", "micromark-extension-mdx-jsx@1.0.5", "micromark-extension-mdxjs-esm@1.0.5", "micromark-factory-mdx-expression@1.0.9", "micromark-util-events-to-acorn@1.2.3", "vfile@5.3.7" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "vite@6.4.1", "Name": "vite", "Identifier": { "PURL": "pkg:npm/vite@6.4.1", "UID": "2b8d6bd6afcc7978", "BOMRef": "pkg:npm/vite@6.4.1" }, "Version": "6.4.1", "Licenses": [ "MIT" ], "DependsOn": [ "@vitejs/plugin-react@4.6.0", "@vitest/mocker@3.2.4", "qdrant-web-ui@0.2.5", "vite-node@3.2.4", "vite-plugin-eslint@1.8.1", "vite-plugin-svgr@4.3.0", "vitest@3.2.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "vite-node@3.2.4", "Name": "vite-node", "Identifier": { "PURL": "pkg:npm/vite-node@3.2.4", "UID": "6f74ba87ad461a2", "BOMRef": "pkg:npm/vite-node@3.2.4" }, "Version": "3.2.4", "Licenses": [ "MIT" ], "DependsOn": [ "vitest@3.2.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "vite-plugin-eslint@1.8.1", "Name": "vite-plugin-eslint", "Identifier": { "PURL": "pkg:npm/vite-plugin-eslint@1.8.1", "UID": "953343276cdae7e7", "BOMRef": "pkg:npm/vite-plugin-eslint@1.8.1" }, "Version": "1.8.1", "Licenses": [ "MIT" ], "DependsOn": [ "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "vite-plugin-svgr@4.3.0", "Name": "vite-plugin-svgr", "Identifier": { "PURL": "pkg:npm/vite-plugin-svgr@4.3.0", "UID": "8355e961f55211e", "BOMRef": "pkg:npm/vite-plugin-svgr@4.3.0" }, "Version": "4.3.0", "Licenses": [ "MIT" ], "DependsOn": [ "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "vitest@3.2.4", "Name": "vitest", "Identifier": { "PURL": "pkg:npm/vitest@3.2.4", "UID": "c872c5f82aa6bc1b", "BOMRef": "pkg:npm/vitest@3.2.4" }, "Version": "3.2.4", "Licenses": [ "MIT" ], "DependsOn": [ "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "w3c-xmlserializer@4.0.0", "Name": "w3c-xmlserializer", "Identifier": { "PURL": "pkg:npm/w3c-xmlserializer@4.0.0", "UID": "73f64a683b7f05ab", "BOMRef": "pkg:npm/w3c-xmlserializer@4.0.0" }, "Version": "4.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "jsdom@22.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "web-vitals@2.1.4", "Name": "web-vitals", "Identifier": { "PURL": "pkg:npm/web-vitals@2.1.4", "UID": "e20ac383368930a5", "BOMRef": "pkg:npm/web-vitals@2.1.4" }, "Version": "2.1.4", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "qdrant-web-ui@0.2.5" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "webidl-conversions@7.0.0", "Name": "webidl-conversions", "Identifier": { "PURL": "pkg:npm/webidl-conversions@7.0.0", "UID": "dd76e90fdcdde919", "BOMRef": "pkg:npm/webidl-conversions@7.0.0" }, "Version": "7.0.0", "Licenses": [ "BSD-2-Clause" ], "DependsOn": [ "domexception@4.0.0", "jsdom@22.1.0", "whatwg-url@12.0.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "whatwg-encoding@2.0.0", "Name": "whatwg-encoding", "Identifier": { "PURL": "pkg:npm/whatwg-encoding@2.0.0", "UID": "3eacf2a24698151d", "BOMRef": "pkg:npm/whatwg-encoding@2.0.0" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "html-encoding-sniffer@3.0.0", "jsdom@22.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "whatwg-mimetype@3.0.0", "Name": "whatwg-mimetype", "Identifier": { "PURL": "pkg:npm/whatwg-mimetype@3.0.0", "UID": "5ad519f221095e3c", "BOMRef": "pkg:npm/whatwg-mimetype@3.0.0" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "data-urls@4.0.0", "jsdom@22.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "whatwg-url@12.0.1", "Name": "whatwg-url", "Identifier": { "PURL": "pkg:npm/whatwg-url@12.0.1", "UID": "4b96d39bf5d0390a", "BOMRef": "pkg:npm/whatwg-url@12.0.1" }, "Version": "12.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "data-urls@4.0.0", "jsdom@22.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "which@2.0.2", "Name": "which", "Identifier": { "PURL": "pkg:npm/which@2.0.2", "UID": "1f9a92cd61ce3845", "BOMRef": "pkg:npm/which@2.0.2" }, "Version": "2.0.2", "Licenses": [ "ISC" ], "DependsOn": [ "cross-spawn@7.0.6" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "which-boxed-primitive@1.1.1", "Name": "which-boxed-primitive", "Identifier": { "PURL": "pkg:npm/which-boxed-primitive@1.1.1", "UID": "d032b2624dea3ab7", "BOMRef": "pkg:npm/which-boxed-primitive@1.1.1" }, "Version": "1.1.1", "Licenses": [ "MIT" ], "DependsOn": [ "deep-equal@2.2.3", "unbox-primitive@1.1.0", "which-builtin-type@1.2.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "which-builtin-type@1.2.1", "Name": "which-builtin-type", "Identifier": { "PURL": "pkg:npm/which-builtin-type@1.2.1", "UID": "d81b119f93a4f688", "BOMRef": "pkg:npm/which-builtin-type@1.2.1" }, "Version": "1.2.1", "Licenses": [ "MIT" ], "DependsOn": [ "reflect.getprototypeof@1.0.10" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "which-collection@1.0.2", "Name": "which-collection", "Identifier": { "PURL": "pkg:npm/which-collection@1.0.2", "UID": "bb537b074692ac32", "BOMRef": "pkg:npm/which-collection@1.0.2" }, "Version": "1.0.2", "Licenses": [ "MIT" ], "DependsOn": [ "deep-equal@2.2.3", "which-builtin-type@1.2.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "which-typed-array@1.1.19", "Name": "which-typed-array", "Identifier": { "PURL": "pkg:npm/which-typed-array@1.1.19", "UID": "d305104c9b053cb3", "BOMRef": "pkg:npm/which-typed-array@1.1.19" }, "Version": "1.1.19", "Licenses": [ "MIT" ], "DependsOn": [ "deep-equal@2.2.3", "es-abstract@1.24.0", "is-typed-array@1.1.15", "which-builtin-type@1.2.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "why-is-node-running@2.3.0", "Name": "why-is-node-running", "Identifier": { "PURL": "pkg:npm/why-is-node-running@2.3.0", "UID": "a53dde94ce2833d1", "BOMRef": "pkg:npm/why-is-node-running@2.3.0" }, "Version": "2.3.0", "Licenses": [ "MIT" ], "DependsOn": [ "vitest@3.2.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "wildcard@1.1.2", "Name": "wildcard", "Identifier": { "PURL": "pkg:npm/wildcard@1.1.2", "UID": "5bc7f8abb3ca3e05", "BOMRef": "pkg:npm/wildcard@1.1.2" }, "Version": "1.1.2", "Licenses": [ "MIT" ], "DependsOn": [ "mime-match@1.0.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "word-wrap@1.2.5", "Name": "word-wrap", "Identifier": { "PURL": "pkg:npm/word-wrap@1.2.5", "UID": "a0eea73d3e2497fa", "BOMRef": "pkg:npm/word-wrap@1.2.5" }, "Version": "1.2.5", "Licenses": [ "MIT" ], "DependsOn": [ "optionator@0.9.4" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "wrappy@1.0.2", "Name": "wrappy", "Identifier": { "PURL": "pkg:npm/wrappy@1.0.2", "UID": "b30727485d6a3982", "BOMRef": "pkg:npm/wrappy@1.0.2" }, "Version": "1.0.2", "Licenses": [ "ISC" ], "DependsOn": [ "inflight@1.0.6", "once@1.4.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "ws@8.18.3", "Name": "ws", "Identifier": { "PURL": "pkg:npm/ws@8.18.3", "UID": "de2c27d72c964c3b", "BOMRef": "pkg:npm/ws@8.18.3" }, "Version": "8.18.3", "Licenses": [ "MIT" ], "DependsOn": [ "jsdom@22.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "xml-name-validator@4.0.0", "Name": "xml-name-validator", "Identifier": { "PURL": "pkg:npm/xml-name-validator@4.0.0", "UID": "136718fb708d1c14", "BOMRef": "pkg:npm/xml-name-validator@4.0.0" }, "Version": "4.0.0", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "jsdom@22.1.0", "w3c-xmlserializer@4.0.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "xmlchars@2.2.0", "Name": "xmlchars", "Identifier": { "PURL": "pkg:npm/xmlchars@2.2.0", "UID": "e89b5e730bf8a485", "BOMRef": "pkg:npm/xmlchars@2.2.0" }, "Version": "2.2.0", "Licenses": [ "MIT" ], "DependsOn": [ "saxes@6.0.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "yallist@3.1.1", "Name": "yallist", "Identifier": { "PURL": "pkg:npm/yallist@3.1.1", "UID": "b2fa8996300c5eca", "BOMRef": "pkg:npm/yallist@3.1.1" }, "Version": "3.1.1", "Licenses": [ "ISC" ], "DependsOn": [ "lru-cache@5.1.1" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "yallist@5.0.0", "Name": "yallist", "Identifier": { "PURL": "pkg:npm/yallist@5.0.0", "UID": "75d284fc4232c750", "BOMRef": "pkg:npm/yallist@5.0.0" }, "Version": "5.0.0", "Licenses": [ "BlueOak-1.0.0" ], "DependsOn": [ "tar@7.4.3" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "yaml@1.10.2", "Name": "yaml", "Identifier": { "PURL": "pkg:npm/yaml@1.10.2", "UID": "c042626dec653818", "BOMRef": "pkg:npm/yaml@1.10.2" }, "Version": "1.10.2", "Licenses": [ "ISC" ], "DependsOn": [ "cosmiconfig@7.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "yocto-queue@0.1.0", "Name": "yocto-queue", "Identifier": { "PURL": "pkg:npm/yocto-queue@0.1.0", "UID": "41fa85f6fe7f854b", "BOMRef": "pkg:npm/yocto-queue@0.1.0" }, "Version": "0.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "p-limit@3.1.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "zustand@4.5.7", "Name": "zustand", "Identifier": { "PURL": "pkg:npm/zustand@4.5.7", "UID": "3c24a625263bb70a", "BOMRef": "pkg:npm/zustand@4.5.7" }, "Version": "4.5.7", "Licenses": [ "MIT" ], "DependsOn": [ "@textea/json-viewer@2.17.2" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } }, { "ID": "zwitch@2.0.4", "Name": "zwitch", "Identifier": { "PURL": "pkg:npm/zwitch@2.0.4", "UID": "a42b4cc22253a100", "BOMRef": "pkg:npm/zwitch@2.0.4" }, "Version": "2.0.4", "Licenses": [ "MIT" ], "DependsOn": [ "hast-util-to-estree@2.3.3", "mdast-util-to-markdown@1.5.0" ], "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" } } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2026-22029", "VendorIDs": [ "GHSA-2w69-qvjg-hvjx" ], "PkgID": "@remix-run/router@1.23.0", "PkgName": "@remix-run/router", "PkgIdentifier": { "PURL": "pkg:npm/%40remix-run/router@1.23.0", "UID": "3e1ca131c0d76fe6", "BOMRef": "pkg:npm/%40remix-run/router@1.23.0" }, "InstalledVersion": "1.23.0", "FixedVersion": "1.23.2", "Status": "fixed", "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22029", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:44a050cca15d427abe209d3516a947fd473f2e9fabfc9136b11cff0727cfc1cf", "Title": "@remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects", "Description": "React Router is a router for React. In @remix-run/router version prior to 1.23.2. and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if you are creating redirect paths from untrusted content or via an open redirect. There is no impact if Declarative Mode (\u003cBrowserRouter\u003e) is being used. This issue has been patched in @remix-run/router version 1.23.2 and react-router version 7.12.0.", "Severity": "HIGH", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "ghsa": 3, "nvd": 2, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "V3Score": 8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "V3Score": 8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-22029", "https://github.com/remix-run/react-router", "https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx", "https://nvd.nist.gov/vuln/detail/CVE-2026-22029", "https://www.cve.org/CVERecord?id=CVE-2026-22029" ], "PublishedDate": "2026-01-10T03:15:48.87Z", "LastModifiedDate": "2026-02-10T19:36:31.503Z" }, { "VulnerabilityID": "CVE-2026-3449", "VendorIDs": [ "GHSA-vpq2-c234-7xj6" ], "PkgID": "@tootallnate/once@2.0.0", "PkgName": "@tootallnate/once", "PkgIdentifier": { "PURL": "pkg:npm/%40tootallnate/once@2.0.0", "UID": "7915f0892cb87e97", "BOMRef": "pkg:npm/%40tootallnate/once@2.0.0" }, "InstalledVersion": "2.0.0", "FixedVersion": "3.0.1", "Status": "fixed", "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3449", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:acab8c27ffa57c57a47500de1dd2599d4df4b543f4271f9225e132d6d7366a13", "Title": "@tootallnate/once: @tootallnate/once: Denial of Service due to incorrect control flow scoping with AbortSignal", "Description": "Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then() usage to hang indefinitely. This can cause a control-flow leak that can lead to stalled requests, blocked workers, or degraded application availability.", "Severity": "LOW", "CweIDs": [ "CWE-705" ], "VendorSeverity": { "ghsa": 1, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", "V3Score": 3.3, "V40Score": 1.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-3449", "https://github.com/TooTallNate/once", "https://github.com/TooTallNate/once/commit/b9f43cc5259bee2952d91ad3cdbd201a82df448a", "https://github.com/TooTallNate/once/issues/8", "https://nvd.nist.gov/vuln/detail/CVE-2026-3449", "https://security.snyk.io/vuln/SNYK-JS-TOOTALLNATEONCE-15250612", "https://www.cve.org/CVERecord?id=CVE-2026-3449" ], "PublishedDate": "2026-03-03T05:17:25.017Z", "LastModifiedDate": "2026-03-03T21:52:29.877Z" }, { "VulnerabilityID": "CVE-2025-69873", "VendorIDs": [ "GHSA-2g4f-4pwh-qvx6" ], "PkgID": "ajv@6.12.6", "PkgName": "ajv", "PkgIdentifier": { "PURL": "pkg:npm/ajv@6.12.6", "UID": "6afce0e3fb938715", "BOMRef": "pkg:npm/ajv@6.12.6" }, "InstalledVersion": "6.12.6", "FixedVersion": "8.18.0, 6.14.0", "Status": "fixed", "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69873", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:e60019248483252c8fa38c4e881c8fef790df69427334906b2a7ffcd67000d8c", "Title": "ajv: ReDoS via $data reference", "Description": "ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp() constructor without validation. An attacker can inject a malicious regex pattern (e.g., \"^(a|a)*$\") combined with crafted input to cause catastrophic backtracking. A 31-character payload causes approximately 44 seconds of CPU blocking, with each additional character doubling execution time. This enables complete denial of service with a single HTTP request against any API using ajv with $data: true for dynamic schema validation. This issue is also fixed in version 6.14.0.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1333", "CWE-400" ], "VendorSeverity": { "ghsa": 2, "redhat": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", "V40Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-69873", "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md", "https://github.com/advisories/GHSA-2g4f-4pwh-qvx6", "https://github.com/ajv-validator/ajv", "https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5", "https://github.com/ajv-validator/ajv/pull/2586", "https://github.com/ajv-validator/ajv/pull/2588", "https://github.com/ajv-validator/ajv/pull/2590", "https://github.com/ajv-validator/ajv/releases/tag/v6.14.0", "https://github.com/ajv-validator/ajv/releases/tag/v8.18.0", "https://github.com/github/advisory-database/pull/6991", "https://nvd.nist.gov/vuln/detail/CVE-2025-69873", "https://www.cve.org/CVERecord?id=CVE-2025-69873" ], "PublishedDate": "2026-02-11T19:15:50.467Z", "LastModifiedDate": "2026-03-02T21:16:24.213Z" }, { "VulnerabilityID": "CVE-2026-25639", "VendorIDs": [ "GHSA-43fc-jf86-j433" ], "PkgID": "axios@1.12.2", "PkgName": "axios", "PkgIdentifier": { "PURL": "pkg:npm/axios@1.12.2", "UID": "a61e859244c5db3d", "BOMRef": "pkg:npm/axios@1.12.2" }, "InstalledVersion": "1.12.2", "FixedVersion": "1.13.5, 0.30.3", "Status": "fixed", "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25639", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:185e4eadca40af1c96a07633e1714bdfd539d15e22be656cee267d012e0b11e1", "Title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig", "Description": "Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service. This vulnerability is fixed in versions 0.30.3 and 1.13.5.", "Severity": "HIGH", "CweIDs": [ "CWE-754" ], "VendorSeverity": { "ghsa": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-25639", "https://github.com/axios/axios", "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57", "https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e", "https://github.com/axios/axios/pull/7369", "https://github.com/axios/axios/pull/7388", "https://github.com/axios/axios/releases/tag/v0.30.3", "https://github.com/axios/axios/releases/tag/v1.13.5", "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433", "https://nvd.nist.gov/vuln/detail/CVE-2026-25639", "https://www.cve.org/CVERecord?id=CVE-2026-25639" ], "PublishedDate": "2026-02-09T21:15:49.01Z", "LastModifiedDate": "2026-02-18T18:24:34.12Z" }, { "VulnerabilityID": "CVE-2026-33750", "VendorIDs": [ "GHSA-f886-m6hf-6m8v" ], "PkgID": "brace-expansion@1.1.12", "PkgName": "brace-expansion", "PkgIdentifier": { "PURL": "pkg:npm/brace-expansion@1.1.12", "UID": "4683577cbf9aa70f", "BOMRef": "pkg:npm/brace-expansion@1.1.12" }, "InstalledVersion": "1.1.12", "FixedVersion": "5.0.5, 3.0.2, 2.0.3, 1.1.13", "Status": "fixed", "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33750", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:394a3896a15db60c16b500cd0496318a9d7e9483acbff1c2c70676117951d5e8", "Title": "brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern", "Description": "The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value (e.g., `{1..2..0}`) causes the sequence generation loop to run indefinitely, making the process hang for seconds and allocate heaps of memory. Versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13 fix the issue. As a workaround, sanitize strings passed to `expand()` to ensure a step value of `0` is not used.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33750", "https://github.com/juliangruber/brace-expansion", "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L107-L113", "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L184", "https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5", "https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2", "https://github.com/juliangruber/brace-expansion/commit/b9cacd9e55e7a1fa588fe4b7bb1159d52f1d902a", "https://github.com/juliangruber/brace-expansion/issues/98", "https://github.com/juliangruber/brace-expansion/pull/95", "https://github.com/juliangruber/brace-expansion/pull/96", "https://github.com/juliangruber/brace-expansion/pull/97", "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-f886-m6hf-6m8v", "https://nvd.nist.gov/vuln/detail/CVE-2026-33750", "https://www.cve.org/CVERecord?id=CVE-2026-33750" ], "PublishedDate": "2026-03-27T15:16:57.297Z", "LastModifiedDate": "2026-03-30T13:26:29.793Z" }, { "VulnerabilityID": "CVE-2026-24001", "VendorIDs": [ "GHSA-73rr-hh4g-fpgx" ], "PkgID": "diff@5.2.0", "PkgName": "diff", "PkgIdentifier": { "PURL": "pkg:npm/diff@5.2.0", "UID": "d674b3f4e198d7cd", "BOMRef": "pkg:npm/diff@5.2.0" }, "InstalledVersion": "5.2.0", "FixedVersion": "8.0.3, 5.2.2, 4.0.4, 3.5.1", "Status": "fixed", "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-24001", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:0577606435d7fe1ef946c676fbe82c462ebb59d485a16daa96f31bb1a3b5f981", "Title": "jsdiff: denial of service vulnerability in parsePatch and applyPatch", "Description": "jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, attempting to parse a patch whose filename headers contain the line break characters `\\r`, `\\u2028`, or `\\u2029` can cause the `parsePatch` method to enter an infinite loop. It then consumes memory without limit until the process crashes due to running out of memory. Applications are therefore likely to be vulnerable to a denial-of-service attack if they call `parsePatch` with a user-provided patch as input. A large payload is not needed to trigger the vulnerability, so size limits on user input do not provide any protection. Furthermore, some applications may be vulnerable even when calling `parsePatch` on a patch generated by the application itself if the user is nonetheless able to control the filename headers (e.g. by directly providing the filenames of the files to be diffed). The `applyPatch` method is similarly affected if (and only if) called with a string representation of a patch as an argument, since under the hood it parses that string using `parsePatch`. Other methods of the library are unaffected. Finally, a second and lesser interdependent bug - a ReDOS - also exhibits when those same line break characters are present in a patch's *patch* header (also known as its \"leading garbage\"). A maliciously-crafted patch header of length *n* can take `parsePatch` O(*n*³) time to parse. Versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1 contain a fix. As a workaround, do not attempt to parse patches that contain any of these characters: `\\r`, `\\u2028`, or `\\u2029`.", "Severity": "LOW", "CweIDs": [ "CWE-400", "CWE-1333" ], "VendorSeverity": { "ghsa": 1, "nvd": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U", "V40Score": 2.7 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-24001", "https://github.com/kpdecker/jsdiff", "https://github.com/kpdecker/jsdiff/commit/15a1585230748c8ae6f8274c202e0c87309142f5", "https://github.com/kpdecker/jsdiff/issues/653", "https://github.com/kpdecker/jsdiff/pull/649", "https://github.com/kpdecker/jsdiff/security/advisories/GHSA-73rr-hh4g-fpgx", "https://nvd.nist.gov/vuln/detail/CVE-2026-24001", "https://www.cve.org/CVERecord?id=CVE-2026-24001" ], "PublishedDate": "2026-01-22T03:15:47.627Z", "LastModifiedDate": "2026-03-04T15:23:41.347Z" }, { "VulnerabilityID": "CVE-2026-32141", "VendorIDs": [ "GHSA-25h7-pfq9-p65f" ], "PkgID": "flatted@3.3.3", "PkgName": "flatted", "PkgIdentifier": { "PURL": "pkg:npm/flatted@3.3.3", "UID": "eacf8e537c68d754", "BOMRef": "pkg:npm/flatted@3.3.3" }, "InstalledVersion": "3.3.3", "FixedVersion": "3.4.0", "Status": "fixed", "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32141", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:62c3e12dd8e11bbdbf17ba7b5a7d0ce88525de9dada4c0116ce2c4f8e730299d", "Title": "flatted: flatted: Unbounded recursion DoS in parse() revive phase", "Description": "flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse() function uses a recursive revive() phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow that crashes the Node.js process. This vulnerability is fixed in 3.4.0.", "Severity": "HIGH", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "ghsa": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32141", "https://github.com/WebReflection/flatted", "https://github.com/WebReflection/flatted/commit/7eb65d857e1a40de11c47461cdbc8541449f0606", "https://github.com/WebReflection/flatted/pull/88", "https://github.com/WebReflection/flatted/security/advisories/GHSA-25h7-pfq9-p65f", "https://nvd.nist.gov/vuln/detail/CVE-2026-32141", "https://www.cve.org/CVERecord?id=CVE-2026-32141" ], "PublishedDate": "2026-03-12T18:16:25.837Z", "LastModifiedDate": "2026-03-19T21:07:24.717Z" }, { "VulnerabilityID": "CVE-2026-33228", "VendorIDs": [ "GHSA-rf6f-7fwh-wjgh" ], "PkgID": "flatted@3.3.3", "PkgName": "flatted", "PkgIdentifier": { "PURL": "pkg:npm/flatted@3.3.3", "UID": "eacf8e537c68d754", "BOMRef": "pkg:npm/flatted@3.3.3" }, "InstalledVersion": "3.3.3", "FixedVersion": "3.4.2", "Status": "fixed", "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33228", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:823d0d140d8b884463cc30117479f55fe870b31b07835a9a91af8262c70816d4", "Title": "flatted: Flatted: Prototype pollution vulnerability allows arbitrary code execution via crafted JSON.", "Description": "flatted is a circular JSON parser. Prior to version 3.4.2, the parse() function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with the key \"__proto__\" returns Array.prototype via the inherited getter. This object is then treated as a legitimate parsed value and assigned as a property of the output object, effectively leaking a live reference to Array.prototype to the consumer. Any code that subsequently writes to that property will pollute the global prototype. This issue has been patched in version 3.4.2.", "Severity": "HIGH", "CweIDs": [ "CWE-1321" ], "VendorSeverity": { "ghsa": 3, "nvd": 4, "redhat": 4 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "V40Score": 8.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33228", "https://github.com/WebReflection/flatted", "https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802", "https://github.com/WebReflection/flatted/releases/tag/v3.4.2", "https://github.com/WebReflection/flatted/security/advisories/GHSA-rf6f-7fwh-wjgh", "https://nvd.nist.gov/vuln/detail/CVE-2026-33228", "https://www.cve.org/CVERecord?id=CVE-2026-33228" ], "PublishedDate": "2026-03-20T23:16:46.51Z", "LastModifiedDate": "2026-03-23T19:14:31.04Z" }, { "VulnerabilityID": "CVE-2026-4800", "VendorIDs": [ "GHSA-r5fr-rjxr-66jc" ], "PkgID": "lodash@4.17.21", "PkgName": "lodash", "PkgIdentifier": { "PURL": "pkg:npm/lodash@4.17.21", "UID": "10f479cc7e576928", "BOMRef": "pkg:npm/lodash@4.17.21" }, "InstalledVersion": "4.17.21", "FixedVersion": "4.18.0", "Status": "fixed", "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4800", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:76703af5c40ea26eb6a807312fa41989bfbf01a94ac661b1d38af00b97203bff", "Title": "lodash: lodash: Arbitrary code execution via untrusted input in template imports", "Description": "Impact:\n\nThe fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h4-6jhm) added validation for the variable option in _.template but did not apply the same validation to options.imports key names. Both paths flow into the same Function() constructor sink.\n\nWhen an application passes untrusted input as options.imports key names, an attacker can inject default-parameter expressions that execute arbitrary code at template compilation time.\n\nAdditionally, _.template uses assignInWith to merge imports, which enumerates inherited properties via for..in. If Object.prototype has been polluted by any other vector, the polluted keys are copied into the imports object and passed to Function().\n\nPatches:\n\nUsers should upgrade to version 4.18.0.\n\nWorkarounds:\n\nDo not pass untrusted input as key names in options.imports. Only use developer-controlled, static key names.", "Severity": "HIGH", "CweIDs": [ "CWE-94" ], "VendorSeverity": { "ghsa": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-4800", "https://cna.openjsf.org/security-advisories.html", "https://github.com/advisories/GHSA-35jh-r3h4-6jhm", "https://github.com/lodash/lodash", "https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c", "https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc", "https://nvd.nist.gov/vuln/detail/CVE-2026-4800", "https://www.cve.org/CVERecord?id=CVE-2026-4800" ], "PublishedDate": "2026-03-31T20:16:29.66Z", "LastModifiedDate": "2026-04-01T14:23:37.727Z" }, { "VulnerabilityID": "CVE-2025-13465", "VendorIDs": [ "GHSA-xxjr-mmjv-4gpg" ], "PkgID": "lodash@4.17.21", "PkgName": "lodash", "PkgIdentifier": { "PURL": "pkg:npm/lodash@4.17.21", "UID": "10f479cc7e576928", "BOMRef": "pkg:npm/lodash@4.17.21" }, "InstalledVersion": "4.17.21", "FixedVersion": "4.17.23", "Status": "fixed", "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-13465", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:ad15e270fc40b402e03c1888c2eb0a67e44dab4d4e014f6718c386cfb98744a8", "Title": "lodash: prototype pollution in _.unset and _.omit functions", "Description": "Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes.\n\nThe issue permits deletion of properties but does not allow overwriting their original behavior.\n\nThis issue is patched on 4.17.23", "Severity": "MEDIUM", "CweIDs": [ "CWE-1321" ], "VendorSeverity": { "alma": 3, "ghsa": 2, "nvd": 2, "oracle-oval": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:P", "V3Score": 6.5, "V40Score": 6.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "V3Score": 8.2 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:2452", "https://access.redhat.com/security/cve/CVE-2025-13465", "https://bugzilla.redhat.com/2431740", "https://errata.almalinux.org/9/ALSA-2026-2452.html", "https://github.com/lodash/lodash", "https://github.com/lodash/lodash/commit/edadd452146f7e4bad4ea684e955708931d84d81", "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg", "https://linux.oracle.com/cve/CVE-2025-13465.html", "https://linux.oracle.com/errata/ELSA-2026-2452.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-13465", "https://www.cve.org/CVERecord?id=CVE-2025-13465" ], "PublishedDate": "2026-01-21T20:16:05.25Z", "LastModifiedDate": "2026-02-17T17:10:07.52Z" }, { "VulnerabilityID": "CVE-2026-2950", "VendorIDs": [ "GHSA-f23m-r3pf-42rh" ], "PkgID": "lodash@4.17.21", "PkgName": "lodash", "PkgIdentifier": { "PURL": "pkg:npm/lodash@4.17.21", "UID": "10f479cc7e576928", "BOMRef": "pkg:npm/lodash@4.17.21" }, "InstalledVersion": "4.17.21", "FixedVersion": "4.18.0", "Status": "fixed", "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-2950", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:a5faf7fc43c1ae4c271c49693e56e6b40902104b09133773535b249fb8e9bad7", "Title": "Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototy ...", "Description": "Impact:\n\nLodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the _.unset and _.omit functions. The fix for (CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg) only guards against string key members, so an attacker can bypass the check by passing array-wrapped path segments. This allows deletion of properties from built-in prototypes such as Object.prototype, Number.prototype, and String.prototype.\n\nThe issue permits deletion of prototype properties but does not allow overwriting their original behavior.\n\nPatches:\n\nThis issue is patched in 4.18.0.\n\nWorkarounds:\n\nNone. Upgrade to the patched version.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1321" ], "VendorSeverity": { "ghsa": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "V3Score": 6.5 } }, "References": [ "https://github.com/lodash/lodash", "https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh", "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg", "https://nvd.nist.gov/vuln/detail/CVE-2026-2950" ], "PublishedDate": "2026-03-31T20:16:26.207Z", "LastModifiedDate": "2026-04-01T14:23:37.727Z" }, { "VulnerabilityID": "CVE-2026-4800", "VendorIDs": [ "GHSA-r5fr-rjxr-66jc" ], "PkgID": "lodash-es@4.17.21", "PkgName": "lodash-es", "PkgIdentifier": { "PURL": "pkg:npm/lodash-es@4.17.21", "UID": "4ea9d8c1a6f6e4de", "BOMRef": "pkg:npm/lodash-es@4.17.21" }, "InstalledVersion": "4.17.21", "FixedVersion": "4.18.0", "Status": "fixed", "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4800", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:623635b41681043e00bcfb4205f2eebc762ee4bdcfd67e9875bea8dd3ae82296", "Title": "lodash: lodash: Arbitrary code execution via untrusted input in template imports", "Description": "Impact:\n\nThe fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h4-6jhm) added validation for the variable option in _.template but did not apply the same validation to options.imports key names. Both paths flow into the same Function() constructor sink.\n\nWhen an application passes untrusted input as options.imports key names, an attacker can inject default-parameter expressions that execute arbitrary code at template compilation time.\n\nAdditionally, _.template uses assignInWith to merge imports, which enumerates inherited properties via for..in. If Object.prototype has been polluted by any other vector, the polluted keys are copied into the imports object and passed to Function().\n\nPatches:\n\nUsers should upgrade to version 4.18.0.\n\nWorkarounds:\n\nDo not pass untrusted input as key names in options.imports. Only use developer-controlled, static key names.", "Severity": "HIGH", "CweIDs": [ "CWE-94" ], "VendorSeverity": { "ghsa": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-4800", "https://cna.openjsf.org/security-advisories.html", "https://github.com/advisories/GHSA-35jh-r3h4-6jhm", "https://github.com/lodash/lodash", "https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c", "https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc", "https://nvd.nist.gov/vuln/detail/CVE-2026-4800", "https://www.cve.org/CVERecord?id=CVE-2026-4800" ], "PublishedDate": "2026-03-31T20:16:29.66Z", "LastModifiedDate": "2026-04-01T14:23:37.727Z" }, { "VulnerabilityID": "CVE-2025-13465", "VendorIDs": [ "GHSA-xxjr-mmjv-4gpg" ], "PkgID": "lodash-es@4.17.21", "PkgName": "lodash-es", "PkgIdentifier": { "PURL": "pkg:npm/lodash-es@4.17.21", "UID": "4ea9d8c1a6f6e4de", "BOMRef": "pkg:npm/lodash-es@4.17.21" }, "InstalledVersion": "4.17.21", "FixedVersion": "4.17.23", "Status": "fixed", "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-13465", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:c346f338e703f2e58c3776398600f6fc207276fde19b4303cddd4b6498982a3d", "Title": "lodash: prototype pollution in _.unset and _.omit functions", "Description": "Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes.\n\nThe issue permits deletion of properties but does not allow overwriting their original behavior.\n\nThis issue is patched on 4.17.23", "Severity": "MEDIUM", "CweIDs": [ "CWE-1321" ], "VendorSeverity": { "alma": 3, "ghsa": 2, "nvd": 2, "oracle-oval": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:P", "V3Score": 6.5, "V40Score": 6.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "V3Score": 8.2 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:2452", "https://access.redhat.com/security/cve/CVE-2025-13465", "https://bugzilla.redhat.com/2431740", "https://errata.almalinux.org/9/ALSA-2026-2452.html", "https://github.com/lodash/lodash", "https://github.com/lodash/lodash/commit/edadd452146f7e4bad4ea684e955708931d84d81", "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg", "https://linux.oracle.com/cve/CVE-2025-13465.html", "https://linux.oracle.com/errata/ELSA-2026-2452.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-13465", "https://www.cve.org/CVERecord?id=CVE-2025-13465" ], "PublishedDate": "2026-01-21T20:16:05.25Z", "LastModifiedDate": "2026-02-17T17:10:07.52Z" }, { "VulnerabilityID": "CVE-2026-2950", "VendorIDs": [ "GHSA-f23m-r3pf-42rh" ], "PkgID": "lodash-es@4.17.21", "PkgName": "lodash-es", "PkgIdentifier": { "PURL": "pkg:npm/lodash-es@4.17.21", "UID": "4ea9d8c1a6f6e4de", "BOMRef": "pkg:npm/lodash-es@4.17.21" }, "InstalledVersion": "4.17.21", "FixedVersion": "4.18.0", "Status": "fixed", "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-2950", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:f4a9ec48ff3220094ce55ab67993f7215e46fde18298567b094eae37dd81b608", "Title": "Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototy ...", "Description": "Impact:\n\nLodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the _.unset and _.omit functions. The fix for (CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg) only guards against string key members, so an attacker can bypass the check by passing array-wrapped path segments. This allows deletion of properties from built-in prototypes such as Object.prototype, Number.prototype, and String.prototype.\n\nThe issue permits deletion of prototype properties but does not allow overwriting their original behavior.\n\nPatches:\n\nThis issue is patched in 4.18.0.\n\nWorkarounds:\n\nNone. Upgrade to the patched version.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1321" ], "VendorSeverity": { "ghsa": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "V3Score": 6.5 } }, "References": [ "https://github.com/lodash/lodash", "https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh", "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg", "https://nvd.nist.gov/vuln/detail/CVE-2026-2950" ], "PublishedDate": "2026-03-31T20:16:26.207Z", "LastModifiedDate": "2026-04-01T14:23:37.727Z" }, { "VulnerabilityID": "CVE-2026-26996", "VendorIDs": [ "GHSA-3ppc-4f35-3m26" ], "PkgID": "minimatch@3.1.2", "PkgName": "minimatch", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@3.1.2", "UID": "2d4384ee87c531e9", "BOMRef": "pkg:npm/minimatch@3.1.2" }, "InstalledVersion": "3.1.2", "FixedVersion": "10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3", "Status": "fixed", "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26996", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:f6d0828911f78c6328a53b27b810bcbcbb78dadf0d4842cc827bcf1bdf1202af", "Title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal character that doesn't appear in the test string. Each * compiles to a separate [^/]*? regex group, and when the match fails, V8's regex engine backtracks exponentially across all possible splits. The time complexity is O(4^N) where N is the number of * characters. With N=15, a single minimatch() call takes ~2 seconds. With N=34, it hangs effectively forever. Any application that passes user-controlled strings to minimatch() as the pattern argument is vulnerable to DoS. This issue has been fixed in version 10.2.1.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "ghsa": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V40Score": 8.7 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-26996", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5", "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26", "https://nvd.nist.gov/vuln/detail/CVE-2026-26996", "https://www.cve.org/CVERecord?id=CVE-2026-26996" ], "PublishedDate": "2026-02-20T03:16:01.62Z", "LastModifiedDate": "2026-03-06T21:32:10.65Z" }, { "VulnerabilityID": "CVE-2026-27903", "VendorIDs": [ "GHSA-7r86-cg39-jmmj" ], "PkgID": "minimatch@3.1.2", "PkgName": "minimatch", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@3.1.2", "UID": "2d4384ee87c531e9", "BOMRef": "pkg:npm/minimatch@3.1.2" }, "InstalledVersion": "3.1.2", "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3", "Status": "fixed", "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27903", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:9cb4fe9ed317eb6e07b3184ecbc32e154ebc08a5a24460170fcfdf6627a7d9de", "Title": "minimatch: minimatch: Denial of Service due to unbounded recursive backtracking via crafted glob patterns", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3, `matchOne()` performs unbounded recursive backtracking when a glob pattern contains multiple non-adjacent `**` (GLOBSTAR) segments and the input path does not match. The time complexity is O(C(n, k)) -- binomial -- where `n` is the number of path segments and `k` is the number of globstars. With k=11 and n=30, a call to the default `minimatch()` API stalls for roughly 5 seconds. With k=13, it exceeds 15 seconds. No memoization or call budget exists to bound this behavior. Any application where an attacker can influence the glob pattern passed to `minimatch()` is vulnerable. The realistic attack surface includes build tools and task runners that accept user-supplied glob arguments (ESLint, Webpack, Rollup config), multi-tenant systems where one tenant configures glob-based rules that run in a shared process, admin or developer interfaces that accept ignore-rule or filter configuration as globs, and CI/CD pipelines that evaluate user-submitted config files containing glob patterns. An attacker who can place a crafted pattern into any of these paths can stall the Node.js event loop for tens of seconds per invocation. The pattern is 56 bytes for a 5-second stall and does not require authentication in contexts where pattern input is part of the feature. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.3 fix the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27903", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/0bf499aa45f5059b56809cc3b75ff3eafeb8d748", "https://github.com/isaacs/minimatch/security/advisories/GHSA-7r86-cg39-jmmj", "https://nvd.nist.gov/vuln/detail/CVE-2026-27903", "https://www.cve.org/CVERecord?id=CVE-2026-27903" ], "PublishedDate": "2026-02-26T02:16:21.353Z", "LastModifiedDate": "2026-02-27T17:21:22.37Z" }, { "VulnerabilityID": "CVE-2026-27904", "VendorIDs": [ "GHSA-23c5-xmqv-rm74" ], "PkgID": "minimatch@3.1.2", "PkgName": "minimatch", "PkgIdentifier": { "PURL": "pkg:npm/minimatch@3.1.2", "UID": "2d4384ee87c531e9", "BOMRef": "pkg:npm/minimatch@3.1.2" }, "InstalledVersion": "3.1.2", "FixedVersion": "10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4", "Status": "fixed", "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27904", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:414cb9f02fe18fb23936419fb2e181eb42da3da0f291f016a97056426d32538d", "Title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions", "Description": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), which exhibit catastrophic backtracking in V8. With a 12-byte pattern `*(*(*(a|b)))` and an 18-byte non-matching input, `minimatch()` stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes this to minutes. This is the most severe finding: it is triggered by the default `minimatch()` API with no special options, and the minimum viable pattern is only 12 bytes. The same issue affects `+()` extglobs equally. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 fix the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27904", "https://github.com/isaacs/minimatch", "https://github.com/isaacs/minimatch/commit/11d0df6165d15a955462316b26d52e5efae06fce", "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74", "https://nvd.nist.gov/vuln/detail/CVE-2026-27904", "https://www.cve.org/CVERecord?id=CVE-2026-27904" ], "PublishedDate": "2026-02-26T02:16:21.76Z", "LastModifiedDate": "2026-02-27T17:16:23.773Z" }, { "VulnerabilityID": "CVE-2026-33671", "VendorIDs": [ "GHSA-c2c7-rcm5-vvqj" ], "PkgID": "picomatch@2.3.1", "PkgName": "picomatch", "PkgIdentifier": { "PURL": "pkg:npm/picomatch@2.3.1", "UID": "8030a8bb2e718b8b", "BOMRef": "2c8131b2-ba7f-4c8f-97bb-6649a03b4e30" }, "InstalledVersion": "2.3.1", "FixedVersion": "4.0.4, 3.0.2, 2.3.2", "Status": "fixed", "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33671", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:5f32ca997dc089571229582624a2b4c035b1e8bfe8267e0ed2e966def3ec67d9", "Title": "picomatch: Picomatch: Regular Expression Denial of Service via crafted extglob patterns", "Description": "Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as `+()` and `*()`, especially when combined with overlapping alternatives or nested extglobs, are compiled into regular expressions that can exhibit catastrophic backtracking on non-matching input. Applications are impacted when they allow untrusted users to supply glob patterns that are passed to `picomatch` for compilation or matching. In those cases, an attacker can cause excessive CPU consumption and block the Node.js event loop, resulting in a denial of service. Applications that only use trusted, developer-controlled glob patterns are much less likely to be exposed in a security-relevant way. This issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2. Users should upgrade to one of these versions or later, depending on their supported release line. If upgrading is not immediately possible, avoid passing untrusted glob patterns to `picomatch`. Possible mitigations include disabling extglob support for untrusted patterns by using `noextglob: true`, rejecting or sanitizing patterns containing nested extglobs or extglob quantifiers such as `+()` and `*()`, enforcing strict allowlists for accepted pattern syntax, running matching in an isolated worker or separate process with time and resource limits, and applying application-level request throttling and input validation for any endpoint that accepts glob patterns.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33671", "https://github.com/micromatch/picomatch", "https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d", "https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj", "https://nvd.nist.gov/vuln/detail/CVE-2026-33671", "https://www.cve.org/CVERecord?id=CVE-2026-33671" ], "PublishedDate": "2026-03-26T22:16:30.21Z", "LastModifiedDate": "2026-04-01T13:45:11.687Z" }, { "VulnerabilityID": "CVE-2026-33672", "VendorIDs": [ "GHSA-3v7f-55p6-f55p" ], "PkgID": "picomatch@2.3.1", "PkgName": "picomatch", "PkgIdentifier": { "PURL": "pkg:npm/picomatch@2.3.1", "UID": "8030a8bb2e718b8b", "BOMRef": "2c8131b2-ba7f-4c8f-97bb-6649a03b4e30" }, "InstalledVersion": "2.3.1", "FixedVersion": "4.0.4, 3.0.2, 2.3.2", "Status": "fixed", "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33672", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:7de110acdc840aea538fe6155c80f530db0a1c9eb1e178236e2f172606c310b8", "Title": "picomatch: Picomatch: Data integrity compromised via method injection with crafted POSIX bracket expressions", "Description": "Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to a method injection vulnerability affecting the `POSIX_REGEX_SOURCE` object. Because the object inherits from `Object.prototype`, specially crafted POSIX bracket expressions (e.g., `[[:constructor:]]`) can reference inherited method names. These methods are implicitly converted to strings and injected into the generated regular expression. This leads to incorrect glob matching behavior (integrity impact), where patterns may match unintended filenames. The issue does not enable remote code execution, but it can cause security-relevant logic errors in applications that rely on glob matching for filtering, validation, or access control. All users of affected `picomatch` versions that process untrusted or user-controlled glob patterns are potentially impacted. This issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2. Users should upgrade to one of these versions or later, depending on their supported release line. If upgrading is not immediately possible, avoid passing untrusted glob patterns to picomatch. Possible mitigations include sanitizing or rejecting untrusted glob patterns, especially those containing POSIX character classes like `[[:...:]]`; avoiding the use of POSIX bracket expressions if user input is involved; and manually patching the library by modifying `POSIX_REGEX_SOURCE` to use a null prototype.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1321" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33672", "https://github.com/micromatch/picomatch", "https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903", "https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p", "https://nvd.nist.gov/vuln/detail/CVE-2026-33672", "https://www.cve.org/CVERecord?id=CVE-2026-33672" ], "PublishedDate": "2026-03-26T22:16:30.387Z", "LastModifiedDate": "2026-04-01T13:44:53.397Z" }, { "VulnerabilityID": "CVE-2026-33671", "VendorIDs": [ "GHSA-c2c7-rcm5-vvqj" ], "PkgID": "picomatch@4.0.2", "PkgName": "picomatch", "PkgIdentifier": { "PURL": "pkg:npm/picomatch@4.0.2", "UID": "702ad856852ece0", "BOMRef": "pkg:npm/picomatch@4.0.2" }, "InstalledVersion": "4.0.2", "FixedVersion": "4.0.4, 3.0.2, 2.3.2", "Status": "fixed", "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33671", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:8b083fb1a0c84cf4604a0fd0758a1cd4815e276677288cc520e6ca9a10845fbe", "Title": "picomatch: Picomatch: Regular Expression Denial of Service via crafted extglob patterns", "Description": "Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as `+()` and `*()`, especially when combined with overlapping alternatives or nested extglobs, are compiled into regular expressions that can exhibit catastrophic backtracking on non-matching input. Applications are impacted when they allow untrusted users to supply glob patterns that are passed to `picomatch` for compilation or matching. In those cases, an attacker can cause excessive CPU consumption and block the Node.js event loop, resulting in a denial of service. Applications that only use trusted, developer-controlled glob patterns are much less likely to be exposed in a security-relevant way. This issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2. Users should upgrade to one of these versions or later, depending on their supported release line. If upgrading is not immediately possible, avoid passing untrusted glob patterns to `picomatch`. Possible mitigations include disabling extglob support for untrusted patterns by using `noextglob: true`, rejecting or sanitizing patterns containing nested extglobs or extglob quantifiers such as `+()` and `*()`, enforcing strict allowlists for accepted pattern syntax, running matching in an isolated worker or separate process with time and resource limits, and applying application-level request throttling and input validation for any endpoint that accepts glob patterns.", "Severity": "HIGH", "CweIDs": [ "CWE-1333" ], "VendorSeverity": { "ghsa": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33671", "https://github.com/micromatch/picomatch", "https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d", "https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj", "https://nvd.nist.gov/vuln/detail/CVE-2026-33671", "https://www.cve.org/CVERecord?id=CVE-2026-33671" ], "PublishedDate": "2026-03-26T22:16:30.21Z", "LastModifiedDate": "2026-04-01T13:45:11.687Z" }, { "VulnerabilityID": "CVE-2026-33672", "VendorIDs": [ "GHSA-3v7f-55p6-f55p" ], "PkgID": "picomatch@4.0.2", "PkgName": "picomatch", "PkgIdentifier": { "PURL": "pkg:npm/picomatch@4.0.2", "UID": "702ad856852ece0", "BOMRef": "pkg:npm/picomatch@4.0.2" }, "InstalledVersion": "4.0.2", "FixedVersion": "4.0.4, 3.0.2, 2.3.2", "Status": "fixed", "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33672", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:bfc39bce56c7be2c53abfbd483662a91e9f597802bda36194204fe465306a8ea", "Title": "picomatch: Picomatch: Data integrity compromised via method injection with crafted POSIX bracket expressions", "Description": "Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to a method injection vulnerability affecting the `POSIX_REGEX_SOURCE` object. Because the object inherits from `Object.prototype`, specially crafted POSIX bracket expressions (e.g., `[[:constructor:]]`) can reference inherited method names. These methods are implicitly converted to strings and injected into the generated regular expression. This leads to incorrect glob matching behavior (integrity impact), where patterns may match unintended filenames. The issue does not enable remote code execution, but it can cause security-relevant logic errors in applications that rely on glob matching for filtering, validation, or access control. All users of affected `picomatch` versions that process untrusted or user-controlled glob patterns are potentially impacted. This issue is fixed in picomatch 4.0.4, 3.0.2 and 2.3.2. Users should upgrade to one of these versions or later, depending on their supported release line. If upgrading is not immediately possible, avoid passing untrusted glob patterns to picomatch. Possible mitigations include sanitizing or rejecting untrusted glob patterns, especially those containing POSIX character classes like `[[:...:]]`; avoiding the use of POSIX bracket expressions if user input is involved; and manually patching the library by modifying `POSIX_REGEX_SOURCE` to use a null prototype.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1321" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33672", "https://github.com/micromatch/picomatch", "https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903", "https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p", "https://nvd.nist.gov/vuln/detail/CVE-2026-33672", "https://www.cve.org/CVERecord?id=CVE-2026-33672" ], "PublishedDate": "2026-03-26T22:16:30.387Z", "LastModifiedDate": "2026-04-01T13:44:53.397Z" }, { "VulnerabilityID": "CVE-2026-22028", "VendorIDs": [ "GHSA-36hm-qxxp-pg3m" ], "PkgID": "preact@10.26.9", "PkgName": "preact", "PkgIdentifier": { "PURL": "pkg:npm/preact@10.26.9", "UID": "69a85ebe217a8c6e", "BOMRef": "pkg:npm/preact@10.26.9" }, "InstalledVersion": "10.26.9", "FixedVersion": "10.26.10, 10.27.3, 10.28.2", "Status": "fixed", "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22028", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:936e2087d6644b543349047139e5971dba652555b895489031083f255ee7cd44", "Title": "preact: Preact: Arbitrary script execution via JSON serialization protection bypass", "Description": "Preact, a lightweight web development framework, JSON serialization protection to prevent Virtual DOM elements from being constructed from arbitrary JSON. A regression introduced in Preact 10.26.5 caused this protection to be softened. In applications where values from JSON payloads are assumed to be strings and passed unmodified to Preact as children, a specially-crafted JSON payload could be constructed that would be incorrectly treated as a valid VNode. When this chain of failures occurs it can result in HTML injection, which can allow arbitrary script execution if not mitigated by CSP or other means. Applications using affected Preact versions are vulnerable if they meet all of the following conditions: first, pass unmodified, unsanitized values from user-modifiable data sources (APIs, databases, local storage, etc.) directly into the render tree; second assume these values are strings but the data source could return actual JavaScript objects instead of JSON strings; and third, the data source either fails to perform type sanitization AND blindly stores/returns raw objects interchangeably with strings, OR is compromised (e.g., poisoned local storage, filesystem, or database). Versions 10.26.10, 10.27.3, and 10.28.2 patch the issue. The patch versions restore the previous strict equality checks that prevent JSON-parsed objects from being treated as valid VNodes. Other mitigations are available for those who cannot immediately upgrade. Validate input types, cast or validate network data, sanitize external data, and use Content Security Policy (CSP).", "Severity": "HIGH", "CweIDs": [ "CWE-843" ], "VendorSeverity": { "ghsa": 3, "nvd": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U", "V40Score": 7.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-22028", "https://github.com/preactjs/preact", "https://github.com/preactjs/preact/security/advisories/GHSA-36hm-qxxp-pg3m", "https://nvd.nist.gov/vuln/detail/CVE-2026-22028", "https://www.cve.org/CVERecord?id=CVE-2026-22028" ], "PublishedDate": "2026-01-08T15:15:44.853Z", "LastModifiedDate": "2026-01-12T18:58:38.207Z" }, { "VulnerabilityID": "CVE-2025-68470", "VendorIDs": [ "GHSA-9jcx-v3wj-wh4m" ], "PkgID": "react-router@6.30.1", "PkgName": "react-router", "PkgIdentifier": { "PURL": "pkg:npm/react-router@6.30.1", "UID": "e551d39035993c1f", "BOMRef": "pkg:npm/react-router@6.30.1" }, "InstalledVersion": "6.30.1", "FixedVersion": "6.30.2, 7.9.6", "Status": "fixed", "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68470", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:1f584cae03602051f743ca5aa1e173f7cc510ce2be3dccb511cf85bbf21bf8cb", "Title": "react-router: React Router unexpected external redirect", "Description": "React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate(), \u003cLink\u003e, or redirect(), the app performs a navigation/redirect to an external URL. This is only an issue if you are passing untrusted content into navigation paths in your application code. This issue has been patched in versions 6.30.2 and 7.9.6.", "Severity": "MEDIUM", "CweIDs": [ "CWE-601" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-68470", "https://github.com/remix-run/react-router", "https://github.com/remix-run/react-router/security/advisories/GHSA-9jcx-v3wj-wh4m", "https://nvd.nist.gov/vuln/detail/CVE-2025-68470", "https://www.cve.org/CVERecord?id=CVE-2025-68470" ], "PublishedDate": "2026-01-10T03:15:48.477Z", "LastModifiedDate": "2026-01-30T18:20:54.873Z" }, { "VulnerabilityID": "CVE-2026-27606", "VendorIDs": [ "GHSA-mw96-cpmx-2vgc" ], "PkgID": "rollup@2.79.2", "PkgName": "rollup", "PkgIdentifier": { "PURL": "pkg:npm/rollup@2.79.2", "UID": "b50113f8348303e2", "BOMRef": "pkg:npm/rollup@2.79.2" }, "InstalledVersion": "2.79.2", "FixedVersion": "2.80.0, 3.30.0, 4.59.0", "Status": "fixed", "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27606", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:37679548e4c37b01e70516290b86a15ffd6e14403cfe0bdb7078ca4e40d70556", "Title": "rollup: Rollup: Remote Code Execution via Path Traversal Vulnerability", "Description": "Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler (specifically v4.x and present in current source) is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker to control output filenames (e.g., via CLI named inputs, manual chunk aliases, or malicious plugins) and use traversal sequences (`../`) to overwrite files anywhere on the host filesystem that the build process has permissions for. This can lead to persistent Remote Code Execution (RCE) by overwriting critical system or user configuration files. Versions 2.80.0, 3.30.0, and 4.59.0 contain a patch for the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "ghsa": 3, "nvd": 4, "redhat": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P", "V40Score": 8.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27606", "https://github.com/rollup/rollup", "https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2", "https://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44e", "https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3", "https://github.com/rollup/rollup/releases/tag/v2.80.0", "https://github.com/rollup/rollup/releases/tag/v3.30.0", "https://github.com/rollup/rollup/releases/tag/v4.59.0", "https://github.com/rollup/rollup/security/advisories/GHSA-mw96-cpmx-2vgc", "https://nvd.nist.gov/vuln/detail/CVE-2026-27606", "https://www.cve.org/CVERecord?id=CVE-2026-27606" ], "PublishedDate": "2026-02-25T03:16:04.603Z", "LastModifiedDate": "2026-02-25T16:05:11.063Z" }, { "VulnerabilityID": "CVE-2026-27606", "VendorIDs": [ "GHSA-mw96-cpmx-2vgc" ], "PkgID": "rollup@4.44.2", "PkgName": "rollup", "PkgIdentifier": { "PURL": "pkg:npm/rollup@4.44.2", "UID": "ac6774b2279320b6", "BOMRef": "pkg:npm/rollup@4.44.2" }, "InstalledVersion": "4.44.2", "FixedVersion": "2.80.0, 3.30.0, 4.59.0", "Status": "fixed", "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27606", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:1826534c4058c9a037371f846f4d92ebe535a31bc461297a8d96f9142150e823", "Title": "rollup: Rollup: Remote Code Execution via Path Traversal Vulnerability", "Description": "Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler (specifically v4.x and present in current source) is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker to control output filenames (e.g., via CLI named inputs, manual chunk aliases, or malicious plugins) and use traversal sequences (`../`) to overwrite files anywhere on the host filesystem that the build process has permissions for. This can lead to persistent Remote Code Execution (RCE) by overwriting critical system or user configuration files. Versions 2.80.0, 3.30.0, and 4.59.0 contain a patch for the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "ghsa": 3, "nvd": 4, "redhat": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P", "V40Score": 8.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27606", "https://github.com/rollup/rollup", "https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2", "https://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44e", "https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3", "https://github.com/rollup/rollup/releases/tag/v2.80.0", "https://github.com/rollup/rollup/releases/tag/v3.30.0", "https://github.com/rollup/rollup/releases/tag/v4.59.0", "https://github.com/rollup/rollup/security/advisories/GHSA-mw96-cpmx-2vgc", "https://nvd.nist.gov/vuln/detail/CVE-2026-27606", "https://www.cve.org/CVERecord?id=CVE-2026-27606" ], "PublishedDate": "2026-02-25T03:16:04.603Z", "LastModifiedDate": "2026-02-25T16:05:11.063Z" }, { "VulnerabilityID": "CVE-2026-23745", "VendorIDs": [ "GHSA-8qq5-rm4j-mr97" ], "PkgID": "tar@7.4.3", "PkgName": "tar", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.4.3", "UID": "8bfcd00e66b934fe", "BOMRef": "pkg:npm/tar@7.4.3" }, "InstalledVersion": "7.4.3", "FixedVersion": "7.5.3", "Status": "fixed", "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23745", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:54e246eafd3a19461f8c7bff7d84dd18db3694ccc2b656243163e8a0a26bf55b", "Title": "node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives", "Description": "node-tar is a Tar for Node.js. The node-tar library (\u003c= 7.5.2) fails to sanitize the linkpath of Link (hardlink) and SymbolicLink entries when preservePaths is false (the default secure behavior). This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwrite via hardlinks and Symlink Poisoning via absolute symlink targets. This vulnerability is fixed in 7.5.3.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 2, "redhat": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N", "V40Score": 8.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "V3Score": 8.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23745", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/340eb285b6d986e91969a1170d7fe9b0face405e", "https://github.com/isaacs/node-tar/security/advisories/GHSA-8qq5-rm4j-mr97", "https://nvd.nist.gov/vuln/detail/CVE-2026-23745", "https://www.cve.org/CVERecord?id=CVE-2026-23745" ], "PublishedDate": "2026-01-16T22:16:26.83Z", "LastModifiedDate": "2026-02-18T16:20:07.823Z" }, { "VulnerabilityID": "CVE-2026-23950", "VendorIDs": [ "GHSA-r6q2-hw4h-h46w" ], "PkgID": "tar@7.4.3", "PkgName": "tar", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.4.3", "UID": "8bfcd00e66b934fe", "BOMRef": "pkg:npm/tar@7.4.3" }, "InstalledVersion": "7.4.3", "FixedVersion": "7.5.4", "Status": "fixed", "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23950", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:b4abfc3829172450c256597b8c5ff5b1a420470b772ff307f623f0ebd2d17057", "Title": "node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition", "Description": "node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the `path-reservations` system. On case-insensitive or normalization-insensitive filesystems (such as macOS APFS, In which it has been tested), the library fails to lock colliding paths (e.g., `ß` and `ss`), allowing them to be processed in parallel. This bypasses the library's internal concurrency safeguards and permits Symlink Poisoning attacks via race conditions. The library uses a `PathReservations` system to ensure that metadata checks and file operations for the same path are serialized. This prevents race conditions where one entry might clobber another concurrently. This is a Race Condition which enables Arbitrary File Overwrite. This vulnerability affects users and systems using node-tar on macOS (APFS/HFS+). Because of using `NFD` Unicode normalization (in which `ß` and `ss` are different), conflicting paths do not have their order properly preserved under filesystems that ignore Unicode normalization (e.g., APFS (in which `ß` causes an inode collision with `ss`)). This enables an attacker to circumvent internal parallelization locks (`PathReservations`) using conflicting filenames within a malicious tar archive. The patch in version 7.5.4 updates `path-reservations.js` to use a normalization form that matches the target filesystem's behavior (e.g., `NFKD`), followed by first `toLocaleLowerCase('en')` and then `toLocaleUpperCase('en')`. As a workaround, users who cannot upgrade promptly, and who are programmatically using `node-tar` to extract arbitrary tarball data should filter out all `SymbolicLink` entries (as npm does) to defend against arbitrary file writes via this file system entry name collision issue.", "Severity": "HIGH", "CweIDs": [ "CWE-176", "CWE-352", "CWE-367" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 2, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L", "V3Score": 8.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L", "V3Score": 8.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23950", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/3b1abfae650056edfabcbe0a0df5954d390521e6", "https://github.com/isaacs/node-tar/security/advisories/GHSA-r6q2-hw4h-h46w", "https://nvd.nist.gov/vuln/detail/CVE-2026-23950", "https://www.cve.org/CVERecord?id=CVE-2026-23950" ], "PublishedDate": "2026-01-20T01:15:57.87Z", "LastModifiedDate": "2026-02-18T15:50:29.91Z" }, { "VulnerabilityID": "CVE-2026-24842", "VendorIDs": [ "GHSA-34x7-hfp2-rc4v" ], "PkgID": "tar@7.4.3", "PkgName": "tar", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.4.3", "UID": "8bfcd00e66b934fe", "BOMRef": "pkg:npm/tar@7.4.3" }, "InstalledVersion": "7.4.3", "FixedVersion": "7.5.7", "Status": "fixed", "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-24842", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:25f22c6eb657f3708958a40b6d41993023a9ef6e710b714256e5ca272632fbc7", "Title": "node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check", "Description": "node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolution semantics than the actual hardlink creation logic. This mismatch allows an attacker to craft a malicious TAR archive that bypasses path traversal protections and creates hardlinks to arbitrary files outside the extraction directory. Version 7.5.7 contains a fix for the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-22", "CWE-59" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", "V3Score": 8.2 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", "V3Score": 8.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-24842", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/f4a7aa9bc3d717c987fdf1480ff7a64e87ffdb46", "https://github.com/isaacs/node-tar/security/advisories/GHSA-34x7-hfp2-rc4v", "https://nvd.nist.gov/vuln/detail/CVE-2026-24842", "https://www.cve.org/CVERecord?id=CVE-2026-24842" ], "PublishedDate": "2026-01-28T01:16:14.947Z", "LastModifiedDate": "2026-02-02T14:30:10.89Z" }, { "VulnerabilityID": "CVE-2026-26960", "VendorIDs": [ "GHSA-83g3-92jg-28cx" ], "PkgID": "tar@7.4.3", "PkgName": "tar", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.4.3", "UID": "8bfcd00e66b934fe", "BOMRef": "pkg:npm/tar@7.4.3" }, "InstalledVersion": "7.4.3", "FixedVersion": "7.5.8", "Status": "fixed", "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-26960", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:c319a059b780724d6f7019dff0df1ba6191903f27fea6a377249166cb813dd7e", "Title": "tar: node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation", "Description": "node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting user. Severity is high because the primitive bypasses path protections and turns archive extraction into a direct filesystem access primitive. This issue has been fixed in version 7.5.8.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 7.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-26960", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384", "https://github.com/isaacs/node-tar/commit/d18e4e1f846f4ddddc153b0f536a19c050e7499f", "https://github.com/isaacs/node-tar/security/advisories/GHSA-83g3-92jg-28cx", "https://nvd.nist.gov/vuln/detail/CVE-2026-26960", "https://www.cve.org/CVERecord?id=CVE-2026-26960" ], "PublishedDate": "2026-02-20T02:16:53.883Z", "LastModifiedDate": "2026-02-20T19:24:16.537Z" }, { "VulnerabilityID": "CVE-2026-29786", "VendorIDs": [ "GHSA-qffp-2rhf-9h96" ], "PkgID": "tar@7.4.3", "PkgName": "tar", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.4.3", "UID": "8bfcd00e66b934fe", "BOMRef": "pkg:npm/tar@7.4.3" }, "InstalledVersion": "7.4.3", "FixedVersion": "7.5.10", "Status": "fixed", "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-29786", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:0b2ce4e5b4b2c8e01e6262392e3c66ed1c149c21556d1d078d420fce857191d7", "Title": "node-tar: hardlink path traversal via drive-relative linkpath", "Description": "node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This issue has been patched in version 7.5.10.", "Severity": "HIGH", "CweIDs": [ "CWE-22", "CWE-59" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 2, "redhat": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L", "V40Score": 8.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "V3Score": 6.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "V3Score": 8.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-29786", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f", "https://github.com/isaacs/node-tar/security/advisories/GHSA-qffp-2rhf-9h96", "https://nvd.nist.gov/vuln/detail/CVE-2026-29786", "https://www.cve.org/CVERecord?id=CVE-2026-29786" ], "PublishedDate": "2026-03-07T16:15:55.587Z", "LastModifiedDate": "2026-03-11T21:50:01.91Z" }, { "VulnerabilityID": "CVE-2026-31802", "VendorIDs": [ "GHSA-9ppj-qmqm-q256" ], "PkgID": "tar@7.4.3", "PkgName": "tar", "PkgIdentifier": { "PURL": "pkg:npm/tar@7.4.3", "UID": "8bfcd00e66b934fe", "BOMRef": "pkg:npm/tar@7.4.3" }, "InstalledVersion": "7.4.3", "FixedVersion": "7.5.11", "Status": "fixed", "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31802", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:6e9eccfea9e7c52691eca667ec3de15ddbe4c5b0d3b34f96f327f9c8420425b9", "Title": "tar: tar: File overwrite via drive-relative symlink traversal", "Description": "node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar (npm) can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This vulnerability is fixed in 7.5.11.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "ghsa": 3, "nvd": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N", "V40Score": 8.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 6.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31802", "https://github.com/isaacs/node-tar", "https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad", "https://github.com/isaacs/node-tar/security/advisories/GHSA-9ppj-qmqm-q256", "https://nvd.nist.gov/vuln/detail/CVE-2026-31802", "https://www.cve.org/CVERecord?id=CVE-2026-31802" ], "PublishedDate": "2026-03-10T07:44:58.02Z", "LastModifiedDate": "2026-03-18T18:13:34.703Z" }, { "VulnerabilityID": "CVE-2026-1526", "VendorIDs": [ "GHSA-vrm6-8vpv-qv8q" ], "PkgID": "undici@6.21.3", "PkgName": "undici", "PkgIdentifier": { "PURL": "pkg:npm/undici@6.21.3", "UID": "169b8c052eb1d39c", "BOMRef": "pkg:npm/undici@6.21.3" }, "InstalledVersion": "6.21.3", "FixedVersion": "6.24.0, 7.24.0", "Status": "fixed", "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-1526", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:c62df4f6607d812c4af608d5f24b067224530958d5ae904654953b8c02955a3a", "Title": "undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression", "Description": "The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforcing any limit on the decompressed data size. A malicious WebSocket server can send a small compressed frame (a \"decompression bomb\") that expands to an extremely large size in memory, causing the Node.js process to exhaust available memory and crash or become unresponsive.\n\nThe vulnerability exists in the PerMessageDeflate.decompress() method, which accumulates all decompressed chunks in memory and concatenates them into a single Buffer without checking whether the total size exceeds a safe threshold.", "Severity": "HIGH", "CweIDs": [ "CWE-409" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-1526", "https://cna.openjsf.org/security-advisories.html", "https://datatracker.ietf.org/doc/html/rfc7692", "https://github.com/nodejs/undici", "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q", "https://hackerone.com/reports/3481206", "https://nvd.nist.gov/vuln/detail/CVE-2026-1526", "https://owasp.org/www-community/attacks/Denial_of_Service", "https://www.cve.org/CVERecord?id=CVE-2026-1526" ], "PublishedDate": "2026-03-12T21:16:23.933Z", "LastModifiedDate": "2026-03-20T15:56:47.337Z" }, { "VulnerabilityID": "CVE-2026-1528", "VendorIDs": [ "GHSA-f269-vfmq-vjvj" ], "PkgID": "undici@6.21.3", "PkgName": "undici", "PkgIdentifier": { "PURL": "pkg:npm/undici@6.21.3", "UID": "169b8c052eb1d39c", "BOMRef": "pkg:npm/undici@6.21.3" }, "InstalledVersion": "6.21.3", "FixedVersion": "6.24.0, 7.24.0", "Status": "fixed", "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-1528", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:df33ac7fd6c8caf2e8ae94dd5b72206744b0c78e1c3725155cf7bc21405ede2e", "Title": "undici: undici: Denial of Service via crafted WebSocket frame with large length", "Description": "ImpactA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process.\n\nPatches\n\nPatched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.", "Severity": "HIGH", "CweIDs": [ "CWE-248", "CWE-1284" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-1528", "https://cna.openjsf.org/security-advisories.html", "https://github.com/nodejs/undici", "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj", "https://hackerone.com/reports/3537648", "https://nvd.nist.gov/vuln/detail/CVE-2026-1528", "https://www.cve.org/CVERecord?id=CVE-2026-1528" ], "PublishedDate": "2026-03-12T21:16:25.33Z", "LastModifiedDate": "2026-03-20T15:41:40.11Z" }, { "VulnerabilityID": "CVE-2026-2229", "VendorIDs": [ "GHSA-v9p9-hfj2-hcw8" ], "PkgID": "undici@6.21.3", "PkgName": "undici", "PkgIdentifier": { "PURL": "pkg:npm/undici@6.21.3", "UID": "169b8c052eb1d39c", "BOMRef": "pkg:npm/undici@6.21.3" }, "InstalledVersion": "6.21.3", "FixedVersion": "6.24.0, 7.24.0", "Status": "fixed", "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-2229", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:640e6f9dd640196c89af0a02ac87ddc0ccdac54d5d5295a62bbaadca9c8e0691", "Title": "undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter", "Description": "ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the server_max_window_bits parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression. A malicious server can respond with an out-of-range server_max_window_bits value (outside zlib's valid range of 8-15). When the server subsequently sends a compressed frame, the client attempts to create a zlib InflateRaw instance with the invalid windowBits value, causing a synchronous RangeError exception that is not caught, resulting in immediate process termination.\n\nThe vulnerability exists because:\n\n * The isValidClientWindowBits() function only validates that the value contains ASCII digits, not that it falls within the valid range 8-15\n * The createInflateRaw() call is not wrapped in a try-catch block\n * The resulting exception propagates up through the call stack and crashes the Node.js process", "Severity": "HIGH", "CweIDs": [ "CWE-248", "CWE-1284" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-2229", "https://cna.openjsf.org/security-advisories.html", "https://datatracker.ietf.org/doc/html/rfc7692", "https://github.com/nodejs/undici", "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8", "https://hackerone.com/reports/3487486", "https://nodejs.org/api/zlib.html#class-zlibinflateraw", "https://nvd.nist.gov/vuln/detail/CVE-2026-2229", "https://www.cve.org/CVERecord?id=CVE-2026-2229" ], "PublishedDate": "2026-03-12T21:16:25.573Z", "LastModifiedDate": "2026-03-20T15:39:12.24Z" }, { "VulnerabilityID": "CVE-2026-1525", "VendorIDs": [ "GHSA-2mjp-6q6p-2qxm" ], "PkgID": "undici@6.21.3", "PkgName": "undici", "PkgIdentifier": { "PURL": "pkg:npm/undici@6.21.3", "UID": "169b8c052eb1d39c", "BOMRef": "pkg:npm/undici@6.21.3" }, "InstalledVersion": "6.21.3", "FixedVersion": "6.24.0, 7.24.0", "Status": "fixed", "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-1525", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:86af27fe6cf2468a4ae3fe86eac1864fdd0c6546bf6859827e586ca41f3af5b7", "Title": "undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers", "Description": "Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names (e.g., Content-Length and content-length). This produces malformed HTTP/1.1 requests with multiple conflicting Content-Length values on the wire.\n\nWho is impacted:\n\n * Applications using undici.request(), undici.Client, or similar low-level APIs with headers passed as flat arrays\n * Applications that accept user-controlled header names without case-normalization\n\n\nPotential consequences:\n\n * Denial of Service: Strict HTTP parsers (proxies, servers) will reject requests with duplicate Content-Length headers (400 Bad Request)\n * HTTP Request Smuggling: In deployments where an intermediary and backend interpret duplicate headers inconsistently (e.g., one uses the first value, the other uses the last), this can enable request smuggling attacks leading to ACL bypass, cache poisoning, or credential hijacking", "Severity": "MEDIUM", "CweIDs": [ "CWE-444" ], "VendorSeverity": { "amazon": 3, "ghsa": 2, "nvd": 4, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "V3Score": 6.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 7.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-1525", "https://cna.openjsf.org/security-advisories.html", "https://cwe.mitre.org/data/definitions/444.html", "https://github.com/nodejs/undici", "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm", "https://hackerone.com/reports/3556037", "https://nvd.nist.gov/vuln/detail/CVE-2026-1525", "https://www.cve.org/CVERecord?id=CVE-2026-1525", "https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6" ], "PublishedDate": "2026-03-12T20:16:02.67Z", "LastModifiedDate": "2026-03-19T17:29:34.053Z" }, { "VulnerabilityID": "CVE-2026-1527", "VendorIDs": [ "GHSA-4992-7rv2-5pvq" ], "PkgID": "undici@6.21.3", "PkgName": "undici", "PkgIdentifier": { "PURL": "pkg:npm/undici@6.21.3", "UID": "169b8c052eb1d39c", "BOMRef": "pkg:npm/undici@6.21.3" }, "InstalledVersion": "6.21.3", "FixedVersion": "6.24.0, 7.24.0", "Status": "fixed", "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-1527", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:1419d070c27321c779730c7c3d4b0803e40f859d08764b3ecb5fb39a279ee634", "Title": "undici: Undici: HTTP header injection and request smuggling vulnerability", "Description": "ImpactWhen an application passes user-controlled input to the upgrade option of client.request(), an attacker can inject CRLF sequences (\\r\\n) to:\n\n * Inject arbitrary HTTP headers\n * Terminate the HTTP request prematurely and smuggle raw data to non-HTTP services (Redis, Memcached, Elasticsearch)\nThe vulnerability exists because undici writes the upgrade value directly to the socket without validating for invalid header characters:\n\n// lib/dispatcher/client-h1.js:1121\nif (upgrade) {\n header += `connection: upgrade\\r\\nupgrade: ${upgrade}\\r\\n`\n}", "Severity": "MEDIUM", "CweIDs": [ "CWE-93" ], "VendorSeverity": { "amazon": 3, "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "V3Score": 4.6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-1527", "https://cna.openjsf.org/security-advisories.html", "https://github.com/nodejs/undici", "https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq", "https://hackerone.com/reports/3487198", "https://nvd.nist.gov/vuln/detail/CVE-2026-1527", "https://www.cve.org/CVERecord?id=CVE-2026-1527" ], "PublishedDate": "2026-03-12T21:16:25.137Z", "LastModifiedDate": "2026-03-20T15:49:31.37Z" }, { "VulnerabilityID": "CVE-2026-22036", "VendorIDs": [ "GHSA-g9mf-h72j-4rw9" ], "PkgID": "undici@6.21.3", "PkgName": "undici", "PkgIdentifier": { "PURL": "pkg:npm/undici@6.21.3", "UID": "169b8c052eb1d39c", "BOMRef": "pkg:npm/undici@6.21.3" }, "InstalledVersion": "6.21.3", "FixedVersion": "7.18.2, 6.23.0", "Status": "fixed", "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22036", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:f9ba4bac4f1b37b9f6e17094d8da9b6d79677891efa3ee4a16ff73aa713651fa", "Title": "undici: Undici: Denial of Service via excessive decompression steps", "Description": "Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This vulnerability is fixed in 7.18.0 and 6.23.0.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "ghsa": 2, "nvd": 3, "redhat": 1 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-22036", "https://github.com/nodejs/undici", "https://github.com/nodejs/undici/commit/b04e3cbb569c1596f86c108e9b52c79d8475dcb3", "https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-h72j-4rw9", "https://nvd.nist.gov/vuln/detail/CVE-2026-22036", "https://www.cve.org/CVERecord?id=CVE-2026-22036" ], "PublishedDate": "2026-01-14T19:16:47.833Z", "LastModifiedDate": "2026-01-22T21:15:50.07Z" }, { "VulnerabilityID": "CVE-2026-33532", "VendorIDs": [ "GHSA-48c2-rrv3-qjmp" ], "PkgID": "yaml@1.10.2", "PkgName": "yaml", "PkgIdentifier": { "PURL": "pkg:npm/yaml@1.10.2", "UID": "c042626dec653818", "BOMRef": "pkg:npm/yaml@1.10.2" }, "InstalledVersion": "1.10.2", "FixedVersion": "2.8.3, 1.10.3", "Status": "fixed", "Layer": { "Digest": "sha256:7402b9be6444ae3d7b8859d5dc23256ce3540933bf4002763fc03551a57df7cf", "DiffID": "sha256:5644df2a2b7f8b177a60fc27f5db2e1cf91756c65ced2a930589e7e47ada57e5" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33532", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, "Fingerprint": "sha256:ea5ff7f0bd377620ee8af63b26165c9bbcf783f2de087e53ee89a6ad56d3fcbd", "Title": "yaml: yaml: Denial of Service via deeply nested YAML document parsing", "Description": "`yaml` is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of `yaml` on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a depth bound. An attacker who can supply YAML for parsing can trigger a `RangeError: Maximum call stack size exceeded` with a small payload (~2–10 KB). The `RangeError` is not a `YAMLParseError`, so applications that only catch YAML-specific errors will encounter an unexpected exception type. Depending on the host application's exception handling, this can fail requests or terminate the Node.js process. Flow sequences allow deep nesting with minimal bytes (2 bytes per level: one `[` and one `]`). On the default Node.js stack, approximately 1,000–5,000 levels of nesting (2–10 KB input) exhaust the call stack. The exact threshold is environment-dependent (Node.js version, stack size, call stack depth at invocation). Note: the library's `Parser` (CST phase) uses a stack-based iterative approach and is not affected. Only the compose/resolve phase uses actual call-stack recursion. All three public parsing APIs are affected: `YAML.parse()`, `YAML.parseDocument()`, and `YAML.parseAllDocuments()`. Versions 1.10.3 and 2.8.3 contain a patch.", "Severity": "MEDIUM", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33532", "https://github.com/eemeli/yaml", "https://github.com/eemeli/yaml/commit/1e84ebbea7ec35011a4c61bbb820a529ee4f359b", "https://github.com/eemeli/yaml/releases/tag/v1.10.3", "https://github.com/eemeli/yaml/releases/tag/v2.8.3", "https://github.com/eemeli/yaml/security/advisories/GHSA-48c2-rrv3-qjmp", "https://nvd.nist.gov/vuln/detail/CVE-2026-33532", "https://www.cve.org/CVERecord?id=CVE-2026-33532" ], "PublishedDate": "2026-03-26T20:16:15.543Z", "LastModifiedDate": "2026-04-02T18:11:37.49Z" } ] }, { "Target": "Python", "Class": "lang-pkgs", "Type": "python-pkg", "Packages": [ { "ID": "amdsmi@26.2.0+021c61fc", "Name": "amdsmi", "Identifier": { "PURL": "pkg:pypi/amdsmi@26.2.0%2B021c61fc", "UID": "74037df4b774e9b8", "BOMRef": "b1a815ec-f5fd-4467-b67d-61380f26d02d" }, "Version": "26.2.0+021c61fc", "Licenses": [ "amdsmi-LICENSE" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "FilePath": "opt/rocm-7.1.1/share/amd_smi/amdsmi.egg-info/PKG-INFO", "Digest": "sha1:7d210b241d018215c8121f7c3f0c05e5b2709ccc" }, { "ID": "amdsmi@26.2.0+021c61fc", "Name": "amdsmi", "Identifier": { "PURL": "pkg:pypi/amdsmi@26.2.0%2B021c61fc", "UID": "adde0d8076594838", "BOMRef": "56d58a33-e5f0-4f49-a4cd-e25ed446f924" }, "Version": "26.2.0+021c61fc", "Licenses": [ "amdsmi-LICENSE" ], "Layer": { "Digest": "sha256:3f32255fa398fa0e2a9b4f224a666bf310985dea29263103895f8f497f975404", "DiffID": "sha256:9e13a1781003fcd937af66889483864840f5a96f7611ef2650da0e046acecf0f" }, "FilePath": "usr/local/lib/python3.10/dist-packages/amdsmi-26.2.0+021c61fc.dist-info/METADATA", "Digest": "sha1:7d210b241d018215c8121f7c3f0c05e5b2709ccc" } ] }, { "Target": "qdrant/qdrant.spdx.json", "Class": "lang-pkgs", "Type": "cargo", "Packages": [ { "ID": "actix-codec@0.5.0", "Name": "actix-codec", "Identifier": { "PURL": "pkg:cargo/actix-codec@0.5.0", "UID": "ee6350432ca4e978", "BOMRef": "pkg:cargo/actix-codec@0.5.0" }, "Version": "0.5.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "bitflags@1.3.2", "bytes@1.10.1", "futures-core@0.3.31", "futures-sink@0.3.31", "log@0.4.28", "memchr@2.7.4", "pin-project-lite@0.2.12", "tokio-util@0.7.16", "tokio@1.48.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "actix-cors@0.7.1", "Name": "actix-cors", "Identifier": { "PURL": "pkg:cargo/actix-cors@0.7.1", "UID": "5bc34cc33f2dfd31", "BOMRef": "pkg:cargo/actix-cors@0.7.1" }, "Version": "0.7.1", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "actix-utils@3.0.1", "actix-web@4.11.0", "derive_more@2.0.1", "futures-util@0.3.31", "log@0.4.28", "once_cell@1.21.3", "smallvec@1.15.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "actix-files@0.6.8", "Name": "actix-files", "Identifier": { "PURL": "pkg:cargo/actix-files@0.6.8", "UID": "99d2c6d5036f12e4", "BOMRef": "pkg:cargo/actix-files@0.6.8" }, "Version": "0.6.8", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "actix-http@3.11.0", "actix-service@2.0.2", "actix-utils@3.0.1", "actix-web@4.11.0", "bitflags@2.9.1", "bytes@1.10.1", "derive_more@2.0.1", "futures-core@0.3.31", "http-range@0.1.5", "log@0.4.28", "mime@0.3.16", "mime_guess@2.0.4", "percent-encoding@2.3.2", "pin-project-lite@0.2.12", "v_htmlescape@0.15.8" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "actix-http@3.11.0", "Name": "actix-http", "Identifier": { "PURL": "pkg:cargo/actix-http@3.11.0", "UID": "9688a8438c3a153f", "BOMRef": "pkg:cargo/actix-http@3.11.0" }, "Version": "3.11.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "actix-codec@0.5.0", "actix-rt@2.10.0", "actix-service@2.0.2", "actix-tls@3.4.0", "actix-utils@3.0.1", "base64@0.22.0", "bitflags@2.9.1", "brotli@8.0.1", "bytes@1.10.1", "bytestring@1.2.0", "derive_more@2.0.1", "encoding_rs@0.8.33", "flate2@1.1.4", "foldhash@0.1.4", "futures-core@0.3.31", "h2@0.3.26", "http@0.2.12", "httparse@1.10.1", "httpdate@1.0.2", "itoa@1.0.5", "language-tags@0.3.2", "local-channel@0.1.3", "mime@0.3.16", "percent-encoding@2.3.2", "pin-project-lite@0.2.12", "rand@0.9.2", "sha1@0.10.5", "smallvec@1.15.1", "tokio-util@0.7.16", "tokio@1.48.0", "tracing@0.1.43", "zstd@0.13.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "actix-macros@0.2.3", "Name": "actix-macros", "Identifier": { "PURL": "pkg:cargo/actix-macros@0.2.3", "UID": "e510ebbb452cdbec", "BOMRef": "pkg:cargo/actix-macros@0.2.3" }, "Version": "0.2.3", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "quote@1.0.42", "syn@1.0.107" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "actix-multipart@0.7.2", "Name": "actix-multipart", "Identifier": { "PURL": "pkg:cargo/actix-multipart@0.7.2", "UID": "484cb9bc565cd5bf", "BOMRef": "pkg:cargo/actix-multipart@0.7.2" }, "Version": "0.7.2", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "actix-multipart-derive@0.7.0", "actix-utils@3.0.1", "actix-web@4.11.0", "derive_more@0.99.17", "futures-core@0.3.31", "futures-util@0.3.31", "httparse@1.10.1", "local-waker@0.1.3", "log@0.4.28", "memchr@2.7.4", "mime@0.3.16", "rand@0.8.5", "serde@1.0.226", "serde_json@1.0.145", "serde_plain@1.0.1", "tempfile@3.23.0", "tokio@1.48.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "actix-multipart-derive@0.7.0", "Name": "actix-multipart-derive", "Identifier": { "PURL": "pkg:cargo/actix-multipart-derive@0.7.0", "UID": "af0eb5a61615dbc9", "BOMRef": "pkg:cargo/actix-multipart-derive@0.7.0" }, "Version": "0.7.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "darling@0.20.8", "parse-size@1.0.0", "proc-macro2@1.0.101", "quote@1.0.42", "syn@2.0.111" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "actix-router@0.5.3", "Name": "actix-router", "Identifier": { "PURL": "pkg:cargo/actix-router@0.5.3", "UID": "1eb43a23fdcffa46", "BOMRef": "pkg:cargo/actix-router@0.5.3" }, "Version": "0.5.3", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "bytestring@1.2.0", "cfg-if@1.0.0", "http@0.2.12", "regex-lite@0.1.5", "regex@1.11.0", "serde@1.0.226", "tracing@0.1.43" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "actix-rt@2.10.0", "Name": "actix-rt", "Identifier": { "PURL": "pkg:cargo/actix-rt@2.10.0", "UID": "6028e90267c58d05", "BOMRef": "pkg:cargo/actix-rt@2.10.0" }, "Version": "2.10.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "futures-core@0.3.31", "tokio@1.48.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "actix-server@2.6.0", "Name": "actix-server", "Identifier": { "PURL": "pkg:cargo/actix-server@2.6.0", "UID": "d524fe065db9dd73", "BOMRef": "pkg:cargo/actix-server@2.6.0" }, "Version": "2.6.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "actix-rt@2.10.0", "actix-service@2.0.2", "actix-utils@3.0.1", "futures-core@0.3.31", "futures-util@0.3.31", "mio@1.0.1", "socket2@0.5.10", "tokio@1.48.0", "tracing@0.1.43" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "actix-service@2.0.2", "Name": "actix-service", "Identifier": { "PURL": "pkg:cargo/actix-service@2.0.2", "UID": "7b8525357df708ab", "BOMRef": "pkg:cargo/actix-service@2.0.2" }, "Version": "2.0.2", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "futures-core@0.3.31", "paste@1.0.11", "pin-project-lite@0.2.12" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "actix-tls@3.4.0", "Name": "actix-tls", "Identifier": { "PURL": "pkg:cargo/actix-tls@3.4.0", "UID": "fa86226c872dd861", "BOMRef": "pkg:cargo/actix-tls@3.4.0" }, "Version": "3.4.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "actix-rt@2.10.0", "actix-service@2.0.2", "actix-utils@3.0.1", "futures-core@0.3.31", "impl-more@0.1.6", "pin-project-lite@0.2.12", "rustls-pki-types@1.12.0", "tokio-rustls@0.26.0", "tokio-util@0.7.16", "tokio@1.48.0", "tracing@0.1.43" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "actix-utils@3.0.1", "Name": "actix-utils", "Identifier": { "PURL": "pkg:cargo/actix-utils@3.0.1", "UID": "a4ee3f8d1ad115b4", "BOMRef": "pkg:cargo/actix-utils@3.0.1" }, "Version": "3.0.1", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "local-waker@0.1.3", "pin-project-lite@0.2.12" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "actix-web@4.11.0", "Name": "actix-web", "Identifier": { "PURL": "pkg:cargo/actix-web@4.11.0", "UID": "3c1ba5feb170d5b6", "BOMRef": "pkg:cargo/actix-web@4.11.0" }, "Version": "4.11.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "actix-codec@0.5.0", "actix-http@3.11.0", "actix-macros@0.2.3", "actix-router@0.5.3", "actix-rt@2.10.0", "actix-server@2.6.0", "actix-service@2.0.2", "actix-tls@3.4.0", "actix-utils@3.0.1", "actix-web-codegen@4.3.0", "bytes@1.10.1", "bytestring@1.2.0", "cfg-if@1.0.0", "cookie@0.16.2", "derive_more@2.0.1", "encoding_rs@0.8.33", "foldhash@0.1.4", "futures-core@0.3.31", "futures-util@0.3.31", "impl-more@0.1.6", "itoa@1.0.5", "language-tags@0.3.2", "log@0.4.28", "mime@0.3.16", "once_cell@1.21.3", "pin-project-lite@0.2.12", "regex-lite@0.1.5", "regex@1.11.0", "serde@1.0.226", "serde_json@1.0.145", "serde_urlencoded@0.7.1", "smallvec@1.15.1", "socket2@0.5.10", "time@0.3.17", "tracing@0.1.43", "url@2.5.7" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "actix-web-codegen@4.3.0", "Name": "actix-web-codegen", "Identifier": { "PURL": "pkg:cargo/actix-web-codegen@4.3.0", "UID": "a0a39cefb50206df", "BOMRef": "pkg:cargo/actix-web-codegen@4.3.0" }, "Version": "4.3.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "actix-router@0.5.3", "proc-macro2@1.0.101", "quote@1.0.42", "syn@2.0.111" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "actix-web-extras@0.1.0", "Name": "actix-web-extras", "Identifier": { "PURL": "pkg:cargo/actix-web-extras@0.1.0", "UID": "8df88d9b24c3c968", "BOMRef": "pkg:cargo/actix-web-extras@0.1.0" }, "Version": "0.1.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "actix-web@4.11.0", "futures-core@0.3.31", "futures-util@0.3.31", "pin-project-lite@0.2.12" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "actix-web-validator@7.0.0", "Name": "actix-web-validator", "Identifier": { "PURL": "pkg:cargo/actix-web-validator@7.0.0", "UID": "c190a4719fdc1fe4", "BOMRef": "pkg:cargo/actix-web-validator@7.0.0" }, "Version": "7.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "actix-http@3.11.0", "actix-router@0.5.3", "actix-web@4.11.0", "bytes@1.10.1", "futures-util@0.3.31", "futures@0.3.31", "log@0.4.28", "mime@0.3.16", "serde@1.0.226", "serde_json@1.0.145", "serde_qs@0.13.0", "serde_urlencoded@0.7.1", "thiserror@2.0.17", "validator@0.20.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "addr2line@0.19.0", "Name": "addr2line", "Identifier": { "PURL": "pkg:cargo/addr2line@0.19.0", "UID": "11698a7a4b884730", "BOMRef": "pkg:cargo/addr2line@0.19.0" }, "Version": "0.19.0", "Licenses": [ "Apache-2.0 OR MIT" ], "DependsOn": [ "gimli@0.27.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "adler@1.0.2", "Name": "adler", "Identifier": { "PURL": "pkg:cargo/adler@1.0.2", "UID": "5685a3fa30122a52", "BOMRef": "pkg:cargo/adler@1.0.2" }, "Version": "1.0.2", "Licenses": [ "0BSD OR MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "adler2@2.0.0", "Name": "adler2", "Identifier": { "PURL": "pkg:cargo/adler2@2.0.0", "UID": "424a3e68b55a4108", "BOMRef": "pkg:cargo/adler2@2.0.0" }, "Version": "2.0.0", "Licenses": [ "0BSD OR MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "adler32@1.2.0", "Name": "adler32", "Identifier": { "PURL": "pkg:cargo/adler32@1.2.0", "UID": "335a4935cd5112ac", "BOMRef": "pkg:cargo/adler32@1.2.0" }, "Version": "1.2.0", "Licenses": [ "Zlib" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "ahash@0.8.11", "Name": "ahash", "Identifier": { "PURL": "pkg:cargo/ahash@0.8.11", "UID": "9848cf69baf3715d", "BOMRef": "pkg:cargo/ahash@0.8.11" }, "Version": "0.8.11", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "cfg-if@1.0.0", "getrandom@0.2.11", "once_cell@1.21.3", "serde@1.0.226", "zerocopy@0.7.35" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "aho-corasick@1.1.3", "Name": "aho-corasick", "Identifier": { "PURL": "pkg:cargo/aho-corasick@1.1.3", "UID": "e37660e520f0b5c8", "BOMRef": "pkg:cargo/aho-corasick@1.1.3" }, "Version": "1.1.3", "Licenses": [ "Unlicense OR MIT" ], "DependsOn": [ "memchr@2.7.4" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "aligned-vec@0.6.1", "Name": "aligned-vec", "Identifier": { "PURL": "pkg:cargo/aligned-vec@0.6.1", "UID": "29e782102d7f37f", "BOMRef": "pkg:cargo/aligned-vec@0.6.1" }, "Version": "0.6.1", "Licenses": [ "MIT" ], "DependsOn": [ "equator@0.2.2" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "alloc-no-stdlib@2.0.4", "Name": "alloc-no-stdlib", "Identifier": { "PURL": "pkg:cargo/alloc-no-stdlib@2.0.4", "UID": "2a6f49c99b87df4c", "BOMRef": "pkg:cargo/alloc-no-stdlib@2.0.4" }, "Version": "2.0.4", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "alloc-stdlib@0.2.2", "Name": "alloc-stdlib", "Identifier": { "PURL": "pkg:cargo/alloc-stdlib@0.2.2", "UID": "f6d521e10e44400", "BOMRef": "pkg:cargo/alloc-stdlib@0.2.2" }, "Version": "0.2.2", "Licenses": [ "BSD-3-Clause" ], "DependsOn": [ "alloc-no-stdlib@2.0.4" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "allocator-api2@0.2.16", "Name": "allocator-api2", "Identifier": { "PURL": "pkg:cargo/allocator-api2@0.2.16", "UID": "1868d36812edb50", "BOMRef": "pkg:cargo/allocator-api2@0.2.16" }, "Version": "0.2.16", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "android_system_properties@0.1.5", "Name": "android_system_properties", "Identifier": { "PURL": "pkg:cargo/android_system_properties@0.1.5", "UID": "903d00e5da5cec0c", "BOMRef": "pkg:cargo/android_system_properties@0.1.5" }, "Version": "0.1.5", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "libc@0.2.174" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "anstream@0.6.11", "Name": "anstream", "Identifier": { "PURL": "pkg:cargo/anstream@0.6.11", "UID": "dc7e4e04eb46231c", "BOMRef": "pkg:cargo/anstream@0.6.11" }, "Version": "0.6.11", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "anstyle-parse@0.2.0", "anstyle-query@1.0.0", "anstyle-wincon@3.0.1", "anstyle@1.0.8", "colorchoice@1.0.0", "utf8parse@0.2.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "anstyle@1.0.8", "Name": "anstyle", "Identifier": { "PURL": "pkg:cargo/anstyle@1.0.8", "UID": "f5e26489cc7de776", "BOMRef": "pkg:cargo/anstyle@1.0.8" }, "Version": "1.0.8", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "anstyle-parse@0.2.0", "Name": "anstyle-parse", "Identifier": { "PURL": "pkg:cargo/anstyle-parse@0.2.0", "UID": "38e10555416c44b9", "BOMRef": "pkg:cargo/anstyle-parse@0.2.0" }, "Version": "0.2.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "utf8parse@0.2.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "anstyle-query@1.0.0", "Name": "anstyle-query", "Identifier": { "PURL": "pkg:cargo/anstyle-query@1.0.0", "UID": "8887306c57fb288c", "BOMRef": "pkg:cargo/anstyle-query@1.0.0" }, "Version": "1.0.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "windows-sys@0.48.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "anstyle-wincon@3.0.1", "Name": "anstyle-wincon", "Identifier": { "PURL": "pkg:cargo/anstyle-wincon@3.0.1", "UID": "6cbf3bc76b325767", "BOMRef": "pkg:cargo/anstyle-wincon@3.0.1" }, "Version": "3.0.1", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "anstyle@1.0.8", "windows-sys@0.48.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "antidote@1.0.0", "Name": "antidote", "Identifier": { "PURL": "pkg:cargo/antidote@1.0.0", "UID": "968fd2c6349fd844", "BOMRef": "pkg:cargo/antidote@1.0.0" }, "Version": "1.0.0", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "anyhow@1.0.100", "Name": "anyhow", "Identifier": { "PURL": "pkg:cargo/anyhow@1.0.100", "UID": "e154ff7fa91da5c8", "BOMRef": "pkg:cargo/anyhow@1.0.100" }, "Version": "1.0.100", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "approx@0.5.1", "Name": "approx", "Identifier": { "PURL": "pkg:cargo/approx@0.5.1", "UID": "19313e48030bd8ca", "BOMRef": "pkg:cargo/approx@0.5.1" }, "Version": "0.5.1", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "num-traits@0.2.19" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "arc-swap@1.7.1", "Name": "arc-swap", "Identifier": { "PURL": "pkg:cargo/arc-swap@1.7.1", "UID": "f97c531192d21a8b", "BOMRef": "pkg:cargo/arc-swap@1.7.1" }, "Version": "1.7.1", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "arraydeque@0.5.1", "Name": "arraydeque", "Identifier": { "PURL": "pkg:cargo/arraydeque@0.5.1", "UID": "774f6a390570851b", "BOMRef": "pkg:cargo/arraydeque@0.5.1" }, "Version": "0.5.1", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "arrayvec@0.4.12", "Name": "arrayvec", "Identifier": { "PURL": "pkg:cargo/arrayvec@0.4.12", "UID": "ea161ee186425efd", "BOMRef": "pkg:cargo/arrayvec@0.4.12" }, "Version": "0.4.12", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "nodrop@0.1.14" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "arrayvec@0.7.6", "Name": "arrayvec", "Identifier": { "PURL": "pkg:cargo/arrayvec@0.7.6", "UID": "1f40f2208dd59c87", "BOMRef": "pkg:cargo/arrayvec@0.7.6" }, "Version": "0.7.6", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "ash@0.38.0+1.3.281", "Name": "ash", "Identifier": { "PURL": "pkg:cargo/ash@0.38.0%2B1.3.281", "UID": "a8a6902e018383ab", "BOMRef": "pkg:cargo/ash@0.38.0%2B1.3.281" }, "Version": "0.38.0+1.3.281", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "libloading@0.8.5" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "async-stream@0.3.3", "Name": "async-stream", "Identifier": { "PURL": "pkg:cargo/async-stream@0.3.3", "UID": "dfbb0a31e22d0b4e", "BOMRef": "pkg:cargo/async-stream@0.3.3" }, "Version": "0.3.3", "Licenses": [ "MIT" ], "DependsOn": [ "async-stream-impl@0.3.3", "futures-core@0.3.31" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "async-stream-impl@0.3.3", "Name": "async-stream-impl", "Identifier": { "PURL": "pkg:cargo/async-stream-impl@0.3.3", "UID": "f9796a401d750243", "BOMRef": "pkg:cargo/async-stream-impl@0.3.3" }, "Version": "0.3.3", "Licenses": [ "MIT" ], "DependsOn": [ "proc-macro2@1.0.101", "quote@1.0.42", "syn@1.0.107" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "async-trait@0.1.89", "Name": "async-trait", "Identifier": { "PURL": "pkg:cargo/async-trait@0.1.89", "UID": "6a0c86cf2a4ec3cb", "BOMRef": "pkg:cargo/async-trait@0.1.89" }, "Version": "0.1.89", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "proc-macro2@1.0.101", "quote@1.0.42", "syn@2.0.111" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "atomic_refcell@0.1.13", "Name": "atomic_refcell", "Identifier": { "PURL": "pkg:cargo/atomic_refcell@0.1.13", "UID": "edf2ccd8b71fb7b4", "BOMRef": "pkg:cargo/atomic_refcell@0.1.13" }, "Version": "0.1.13", "Licenses": [ "Apache-2.0 OR MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "atomicwrites@0.4.4", "Name": "atomicwrites", "Identifier": { "PURL": "pkg:cargo/atomicwrites@0.4.4", "UID": "62c45e47d9587aa1", "BOMRef": "pkg:cargo/atomicwrites@0.4.4" }, "Version": "0.4.4", "Licenses": [ "MIT" ], "DependsOn": [ "rustix@0.38.40", "tempfile@3.23.0", "windows-sys@0.52.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "axum@0.6.12", "Name": "axum", "Identifier": { "PURL": "pkg:cargo/axum@0.6.12", "UID": "d45e294b42b3e5cc", "BOMRef": "pkg:cargo/axum@0.6.12" }, "Version": "0.6.12", "Licenses": [ "MIT" ], "DependsOn": [ "async-trait@0.1.89", "axum-core@0.3.3", "bitflags@1.3.2", "bytes@1.10.1", "futures-util@0.3.31", "http-body@0.4.5", "http@0.2.12", "hyper@0.14.26", "itoa@1.0.5", "matchit@0.7.0", "memchr@2.7.4", "mime@0.3.16", "percent-encoding@2.3.2", "pin-project-lite@0.2.12", "serde@1.0.226", "sync_wrapper@0.1.2", "tower-layer@0.3.3", "tower-service@0.3.3", "tower@0.4.13" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "axum@0.7.5", "Name": "axum", "Identifier": { "PURL": "pkg:cargo/axum@0.7.5", "UID": "405cf18eaccc9a6d", "BOMRef": "pkg:cargo/axum@0.7.5" }, "Version": "0.7.5", "Licenses": [ "MIT" ], "DependsOn": [ "async-trait@0.1.89", "axum-core@0.4.3", "bytes@1.10.1", "futures-util@0.3.31", "http-body-util@0.1.2", "http-body@1.0.0", "http@1.3.1", "itoa@1.0.5", "matchit@0.7.0", "memchr@2.7.4", "mime@0.3.16", "percent-encoding@2.3.2", "pin-project-lite@0.2.12", "serde@1.0.226", "sync_wrapper@1.0.1", "tower-layer@0.3.3", "tower-service@0.3.3", "tower@0.4.13" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "axum-core@0.3.3", "Name": "axum-core", "Identifier": { "PURL": "pkg:cargo/axum-core@0.3.3", "UID": "ef13265206fba070", "BOMRef": "pkg:cargo/axum-core@0.3.3" }, "Version": "0.3.3", "Licenses": [ "MIT" ], "DependsOn": [ "async-trait@0.1.89", "bytes@1.10.1", "futures-util@0.3.31", "http-body@0.4.5", "http@0.2.12", "mime@0.3.16", "tower-layer@0.3.3", "tower-service@0.3.3" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "axum-core@0.4.3", "Name": "axum-core", "Identifier": { "PURL": "pkg:cargo/axum-core@0.4.3", "UID": "f88f2b273ff6914d", "BOMRef": "pkg:cargo/axum-core@0.4.3" }, "Version": "0.4.3", "Licenses": [ "MIT" ], "DependsOn": [ "async-trait@0.1.89", "bytes@1.10.1", "futures-util@0.3.31", "http-body-util@0.1.2", "http-body@1.0.0", "http@1.3.1", "mime@0.3.16", "pin-project-lite@0.2.12", "sync_wrapper@0.1.2", "tower-layer@0.3.3", "tower-service@0.3.3" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "backtrace@0.3.67", "Name": "backtrace", "Identifier": { "PURL": "pkg:cargo/backtrace@0.3.67", "UID": "beb2aa2c406b9ed1", "BOMRef": "pkg:cargo/backtrace@0.3.67" }, "Version": "0.3.67", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "addr2line@0.19.0", "cfg-if@1.0.0", "libc@0.2.174", "miniz_oxide@0.6.2", "object@0.30.0", "rustc-demangle@0.1.21" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "base16ct@0.2.0", "Name": "base16ct", "Identifier": { "PURL": "pkg:cargo/base16ct@0.2.0", "UID": "6c17fb6ebb3535dd", "BOMRef": "pkg:cargo/base16ct@0.2.0" }, "Version": "0.2.0", "Licenses": [ "Apache-2.0 OR MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "base64@0.13.1", "Name": "base64", "Identifier": { "PURL": "pkg:cargo/base64@0.13.1", "UID": "d358c79a309065aa", "BOMRef": "pkg:cargo/base64@0.13.1" }, "Version": "0.13.1", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "base64@0.21.0", "Name": "base64", "Identifier": { "PURL": "pkg:cargo/base64@0.21.0", "UID": "fc29d2d5bc13cbeb", "BOMRef": "pkg:cargo/base64@0.21.0" }, "Version": "0.21.0", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "base64@0.22.0", "Name": "base64", "Identifier": { "PURL": "pkg:cargo/base64@0.22.0", "UID": "8415bf6b728295da", "BOMRef": "pkg:cargo/base64@0.22.0" }, "Version": "0.22.0", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "base64ct@1.8.0", "Name": "base64ct", "Identifier": { "PURL": "pkg:cargo/base64ct@1.8.0", "UID": "f7ce7fe3b015aac9", "BOMRef": "pkg:cargo/base64ct@1.8.0" }, "Version": "1.8.0", "Licenses": [ "Apache-2.0 OR MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "bincode@1.3.3", "Name": "bincode", "Identifier": { "PURL": "pkg:cargo/bincode@1.3.3", "UID": "b6865b8c1a1272d7", "BOMRef": "pkg:cargo/bincode@1.3.3" }, "Version": "1.3.3", "Licenses": [ "MIT" ], "DependsOn": [ "serde@1.0.226" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "bincode@2.0.1", "Name": "bincode", "Identifier": { "PURL": "pkg:cargo/bincode@2.0.1", "UID": "575fbf7fc1db4103", "BOMRef": "pkg:cargo/bincode@2.0.1" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "bincode_derive@2.0.1", "serde@1.0.226", "unty@0.0.4" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "bincode_derive@2.0.1", "Name": "bincode_derive", "Identifier": { "PURL": "pkg:cargo/bincode_derive@2.0.1", "UID": "56bc90fc5b7599a3", "BOMRef": "pkg:cargo/bincode_derive@2.0.1" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "virtue@0.0.18" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "binout@0.2.1", "Name": "binout", "Identifier": { "PURL": "pkg:cargo/binout@0.2.1", "UID": "969500e77a52352", "BOMRef": "pkg:cargo/binout@0.2.1" }, "Version": "0.2.1", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "bitflags@1.3.2", "Name": "bitflags", "Identifier": { "PURL": "pkg:cargo/bitflags@1.3.2", "UID": "b6e1a6ac870fbc8", "BOMRef": "pkg:cargo/bitflags@1.3.2" }, "Version": "1.3.2", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "bitflags@2.9.1", "Name": "bitflags", "Identifier": { "PURL": "pkg:cargo/bitflags@2.9.1", "UID": "3985e09e7da56023", "BOMRef": "pkg:cargo/bitflags@2.9.1" }, "Version": "2.9.1", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "bitm@0.4.2", "Name": "bitm", "Identifier": { "PURL": "pkg:cargo/bitm@0.4.2", "UID": "458f963e0215776c", "BOMRef": "pkg:cargo/bitm@0.4.2" }, "Version": "0.4.2", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "dyn_size_of@0.4.2" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "bitpacking@0.9.2", "Name": "bitpacking", "Identifier": { "PURL": "pkg:cargo/bitpacking@0.9.2", "UID": "659aed9693326afe", "BOMRef": "pkg:cargo/bitpacking@0.9.2" }, "Version": "0.9.2", "Licenses": [ "MIT" ], "DependsOn": [ "crunchy@0.2.2" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "bitvec@1.0.1", "Name": "bitvec", "Identifier": { "PURL": "pkg:cargo/bitvec@1.0.1", "UID": "f6c05b3480d2ccf7", "BOMRef": "pkg:cargo/bitvec@1.0.1" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "funty@2.0.0", "radium@0.7.0", "tap@1.0.1", "wyz@0.5.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "blake2-rfc@0.2.18", "Name": "blake2-rfc", "Identifier": { "PURL": "pkg:cargo/blake2-rfc@0.2.18", "UID": "967124676d2ca6a2", "BOMRef": "pkg:cargo/blake2-rfc@0.2.18" }, "Version": "0.2.18", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "arrayvec@0.4.12", "constant_time_eq@0.1.5" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "block-buffer@0.10.3", "Name": "block-buffer", "Identifier": { "PURL": "pkg:cargo/block-buffer@0.10.3", "UID": "97f6f5ebf69d9d28", "BOMRef": "pkg:cargo/block-buffer@0.10.3" }, "Version": "0.10.3", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "generic-array@0.14.9" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "brotli@8.0.1", "Name": "brotli", "Identifier": { "PURL": "pkg:cargo/brotli@8.0.1", "UID": "bd0eb0fb61220cfd", "BOMRef": "pkg:cargo/brotli@8.0.1" }, "Version": "8.0.1", "Licenses": [ "BSD-3-Clause AND MIT" ], "DependsOn": [ "alloc-no-stdlib@2.0.4", "alloc-stdlib@0.2.2", "brotli-decompressor@5.0.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "brotli-decompressor@5.0.0", "Name": "brotli-decompressor", "Identifier": { "PURL": "pkg:cargo/brotli-decompressor@5.0.0", "UID": "56c302d19b1258fb", "BOMRef": "pkg:cargo/brotli-decompressor@5.0.0" }, "Version": "5.0.0", "Licenses": [ "BSD-3-Clause OR MIT" ], "DependsOn": [ "alloc-no-stdlib@2.0.4", "alloc-stdlib@0.2.2" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "bumpalo@3.11.1", "Name": "bumpalo", "Identifier": { "PURL": "pkg:cargo/bumpalo@3.11.1", "UID": "498b80105e630258", "BOMRef": "pkg:cargo/bumpalo@3.11.1" }, "Version": "3.11.1", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "bytemuck@1.24.0", "Name": "bytemuck", "Identifier": { "PURL": "pkg:cargo/bytemuck@1.24.0", "UID": "3e2a94d6209b97d6", "BOMRef": "pkg:cargo/bytemuck@1.24.0" }, "Version": "1.24.0", "Licenses": [ "Zlib OR Apache-2.0 OR MIT" ], "DependsOn": [ "bytemuck_derive@1.10.2" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "bytemuck_derive@1.10.2", "Name": "bytemuck_derive", "Identifier": { "PURL": "pkg:cargo/bytemuck_derive@1.10.2", "UID": "8b24e19e925047ca", "BOMRef": "pkg:cargo/bytemuck_derive@1.10.2" }, "Version": "1.10.2", "Licenses": [ "Zlib OR Apache-2.0 OR MIT" ], "DependsOn": [ "proc-macro2@1.0.101", "quote@1.0.42", "syn@2.0.111" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "byteorder@1.5.0", "Name": "byteorder", "Identifier": { "PURL": "pkg:cargo/byteorder@1.5.0", "UID": "e3990a5e8f615db1", "BOMRef": "pkg:cargo/byteorder@1.5.0" }, "Version": "1.5.0", "Licenses": [ "Unlicense OR MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "bytes@1.10.1", "Name": "bytes", "Identifier": { "PURL": "pkg:cargo/bytes@1.10.1", "UID": "5ac53cb4dcab165a", "BOMRef": "pkg:cargo/bytes@1.10.1" }, "Version": "1.10.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "bytestring@1.2.0", "Name": "bytestring", "Identifier": { "PURL": "pkg:cargo/bytestring@1.2.0", "UID": "83180f1e2490ec13", "BOMRef": "pkg:cargo/bytestring@1.2.0" }, "Version": "1.2.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "bytes@1.10.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "bzip2-sys@0.1.11+1.0.8", "Name": "bzip2-sys", "Identifier": { "PURL": "pkg:cargo/bzip2-sys@0.1.11%2B1.0.8", "UID": "f6334aa1423a379e", "BOMRef": "pkg:cargo/bzip2-sys@0.1.11%2B1.0.8" }, "Version": "0.1.11+1.0.8", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "libc@0.2.174" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "cedarwood@0.4.6", "Name": "cedarwood", "Identifier": { "PURL": "pkg:cargo/cedarwood@0.4.6", "UID": "a1e4ac7a2d690c9b", "BOMRef": "pkg:cargo/cedarwood@0.4.6" }, "Version": "0.4.6", "Licenses": [ "BSD-2-Clause" ], "DependsOn": [ "smallvec@1.15.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "cfg-if@1.0.0", "Name": "cfg-if", "Identifier": { "PURL": "pkg:cargo/cfg-if@1.0.0", "UID": "fb9905228a129324", "BOMRef": "pkg:cargo/cfg-if@1.0.0" }, "Version": "1.0.0", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "cgroups-rs@0.3.4", "Name": "cgroups-rs", "Identifier": { "PURL": "pkg:cargo/cgroups-rs@0.3.4", "UID": "b3ce663d5b2e99d", "BOMRef": "pkg:cargo/cgroups-rs@0.3.4" }, "Version": "0.3.4", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "libc@0.2.174", "log@0.4.28", "nix@0.25.1", "regex@1.11.0", "thiserror@1.0.69" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "charabia@0.9.7", "Name": "charabia", "Identifier": { "PURL": "pkg:cargo/charabia@0.9.7", "UID": "53fccad63cfe9c99", "BOMRef": "pkg:cargo/charabia@0.9.7" }, "Version": "0.9.7", "Licenses": [ "MIT" ], "DependsOn": [ "aho-corasick@1.1.3", "csv@1.4.0", "either@1.13.0", "fst@0.4.7", "irg-kvariants@0.1.1", "jieba-rs@0.7.3", "once_cell@1.21.3", "serde@1.0.226", "slice-group-by@0.3.1", "unicode-normalization@0.1.24", "whatlang@0.16.4" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "chrono@0.4.42", "Name": "chrono", "Identifier": { "PURL": "pkg:cargo/chrono@0.4.42", "UID": "3a6c1ed465b648bb", "BOMRef": "pkg:cargo/chrono@0.4.42" }, "Version": "0.4.42", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "iana-time-zone@0.1.53", "js-sys@0.3.77", "num-traits@0.2.19", "serde@1.0.226", "wasm-bindgen@0.2.100", "windows-link@0.2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "clap@4.5.53", "Name": "clap", "Identifier": { "PURL": "pkg:cargo/clap@4.5.53", "UID": "921bcce45e209142", "BOMRef": "pkg:cargo/clap@4.5.53" }, "Version": "4.5.53", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "clap_builder@4.5.53", "clap_derive@4.5.49" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "clap_builder@4.5.53", "Name": "clap_builder", "Identifier": { "PURL": "pkg:cargo/clap_builder@4.5.53", "UID": "de1edca7244b474", "BOMRef": "pkg:cargo/clap_builder@4.5.53" }, "Version": "4.5.53", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "anstream@0.6.11", "anstyle@1.0.8", "clap_lex@0.7.4", "strsim@0.11.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "clap_derive@4.5.49", "Name": "clap_derive", "Identifier": { "PURL": "pkg:cargo/clap_derive@4.5.49", "UID": "d5ead66246574e99", "BOMRef": "pkg:cargo/clap_derive@4.5.49" }, "Version": "4.5.49", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "heck@0.5.0", "proc-macro2@1.0.101", "quote@1.0.42", "syn@2.0.111" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "clap_lex@0.7.4", "Name": "clap_lex", "Identifier": { "PURL": "pkg:cargo/clap_lex@0.7.4", "UID": "e3b21026e9f45ed0", "BOMRef": "pkg:cargo/clap_lex@0.7.4" }, "Version": "0.7.4", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "colorchoice@1.0.0", "Name": "colorchoice", "Identifier": { "PURL": "pkg:cargo/colorchoice@1.0.0", "UID": "a8c81e24e4519a56", "BOMRef": "pkg:cargo/colorchoice@1.0.0" }, "Version": "1.0.0", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "colored@3.0.0", "Name": "colored", "Identifier": { "PURL": "pkg:cargo/colored@3.0.0", "UID": "e7138028289f3e1b", "BOMRef": "pkg:cargo/colored@3.0.0" }, "Version": "3.0.0", "Licenses": [ "MPL-2.0" ], "DependsOn": [ "windows-sys@0.59.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "config@0.15.18", "Name": "config", "Identifier": { "PURL": "pkg:cargo/config@0.15.18", "UID": "89ce6607fe986a1", "BOMRef": "pkg:cargo/config@0.15.18" }, "Version": "0.15.18", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "pathdiff@0.2.3", "serde_core@1.0.226", "winnow@0.7.13", "yaml-rust2@0.10.4" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "console@0.16.0", "Name": "console", "Identifier": { "PURL": "pkg:cargo/console@0.16.0", "UID": "394bb894b6edbbe0", "BOMRef": "pkg:cargo/console@0.16.0" }, "Version": "0.16.0", "Licenses": [ "MIT" ], "DependsOn": [ "encode_unicode@1.0.0", "libc@0.2.174", "once_cell@1.21.3", "unicode-width@0.2.0", "windows-sys@0.60.2" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "console-api@0.8.1", "Name": "console-api", "Identifier": { "PURL": "pkg:cargo/console-api@0.8.1", "UID": "72340637767b82f", "BOMRef": "pkg:cargo/console-api@0.8.1" }, "Version": "0.8.1", "Licenses": [ "MIT" ], "DependsOn": [ "futures-core@0.3.31", "prost-types@0.13.1", "prost@0.13.1", "tonic@0.12.3", "tracing-core@0.1.35" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "console-subscriber@0.4.1", "Name": "console-subscriber", "Identifier": { "PURL": "pkg:cargo/console-subscriber@0.4.1", "UID": "18e491842eda818b", "BOMRef": "pkg:cargo/console-subscriber@0.4.1" }, "Version": "0.4.1", "Licenses": [ "MIT" ], "DependsOn": [ "console-api@0.8.1", "crossbeam-channel@0.5.15", "crossbeam-utils@0.8.20", "futures-task@0.3.31", "hdrhistogram@7.5.2", "humantime@2.3.0", "hyper-util@0.1.13", "parking_lot@0.12.5", "prost-types@0.13.1", "prost@0.13.1", "serde@1.0.226", "serde_json@1.0.145", "thread_local@1.1.7", "tokio-stream@0.1.17", "tokio@1.48.0", "tonic@0.12.3", "tracing-core@0.1.35", "tracing-subscriber@0.3.22", "tracing@0.1.43" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "const-oid@0.9.6", "Name": "const-oid", "Identifier": { "PURL": "pkg:cargo/const-oid@0.9.6", "UID": "4b3db106b5bbf809", "BOMRef": "pkg:cargo/const-oid@0.9.6" }, "Version": "0.9.6", "Licenses": [ "Apache-2.0 OR MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "constant_time_eq@0.1.5", "Name": "constant_time_eq", "Identifier": { "PURL": "pkg:cargo/constant_time_eq@0.1.5", "UID": "41dea17b79eb1f47", "BOMRef": "pkg:cargo/constant_time_eq@0.1.5" }, "Version": "0.1.5", "Licenses": [ "CC0-1.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "constant_time_eq@0.4.2", "Name": "constant_time_eq", "Identifier": { "PURL": "pkg:cargo/constant_time_eq@0.4.2", "UID": "f4f9c01f453a2496", "BOMRef": "pkg:cargo/constant_time_eq@0.4.2" }, "Version": "0.4.2", "Licenses": [ "CC0-1.0 OR MIT-0 OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "convert_case@0.4.0", "Name": "convert_case", "Identifier": { "PURL": "pkg:cargo/convert_case@0.4.0", "UID": "6f067af68a04f709", "BOMRef": "pkg:cargo/convert_case@0.4.0" }, "Version": "0.4.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "cookie@0.16.2", "Name": "cookie", "Identifier": { "PURL": "pkg:cargo/cookie@0.16.2", "UID": "939ab060d5f13910", "BOMRef": "pkg:cargo/cookie@0.16.2" }, "Version": "0.16.2", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "percent-encoding@2.3.2", "time@0.3.17" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "core-foundation@0.9.4", "Name": "core-foundation", "Identifier": { "PURL": "pkg:cargo/core-foundation@0.9.4", "UID": "8c82e0793a538a08", "BOMRef": "pkg:cargo/core-foundation@0.9.4" }, "Version": "0.9.4", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "core-foundation-sys@0.8.7", "libc@0.2.174" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "core-foundation-sys@0.8.7", "Name": "core-foundation-sys", "Identifier": { "PURL": "pkg:cargo/core-foundation-sys@0.8.7", "UID": "2fdfd997f3b71793", "BOMRef": "pkg:cargo/core-foundation-sys@0.8.7" }, "Version": "0.8.7", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "core2@0.4.0", "Name": "core2", "Identifier": { "PURL": "pkg:cargo/core2@0.4.0", "UID": "f8bc156a3a9cb061", "BOMRef": "pkg:cargo/core2@0.4.0" }, "Version": "0.4.0", "Licenses": [ "Apache-2.0 OR MIT" ], "DependsOn": [ "memchr@2.7.4" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "count-min-sketch@0.1.8", "Name": "count-min-sketch", "Identifier": { "PURL": "pkg:cargo/count-min-sketch@0.1.8", "UID": "3e0cea0c7647366d", "BOMRef": "pkg:cargo/count-min-sketch@0.1.8" }, "Version": "0.1.8", "Licenses": [ "MIT" ], "DependsOn": [ "rand@0.8.5", "siphasher@1.0.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "cpp_demangle@0.4.2", "Name": "cpp_demangle", "Identifier": { "PURL": "pkg:cargo/cpp_demangle@0.4.2", "UID": "31b48f03b1e565a5", "BOMRef": "pkg:cargo/cpp_demangle@0.4.2" }, "Version": "0.4.2", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "cfg-if@1.0.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "cpufeatures@0.2.17", "Name": "cpufeatures", "Identifier": { "PURL": "pkg:cargo/cpufeatures@0.2.17", "UID": "bc7d48e5d618201f", "BOMRef": "pkg:cargo/cpufeatures@0.2.17" }, "Version": "0.2.17", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "libc@0.2.174" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "crc32c@0.6.8", "Name": "crc32c", "Identifier": { "PURL": "pkg:cargo/crc32c@0.6.8", "UID": "2e15ee666528ed9", "BOMRef": "pkg:cargo/crc32c@0.6.8" }, "Version": "0.6.8", "Licenses": [ "Apache-2.0 OR MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "crc32fast@1.3.2", "Name": "crc32fast", "Identifier": { "PURL": "pkg:cargo/crc32fast@1.3.2", "UID": "99e019ae7825c908", "BOMRef": "pkg:cargo/crc32fast@1.3.2" }, "Version": "1.3.2", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "cfg-if@1.0.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "crossbeam-channel@0.5.15", "Name": "crossbeam-channel", "Identifier": { "PURL": "pkg:cargo/crossbeam-channel@0.5.15", "UID": "5257eba060788b6e", "BOMRef": "pkg:cargo/crossbeam-channel@0.5.15" }, "Version": "0.5.15", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "crossbeam-utils@0.8.20" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "crossbeam-deque@0.8.2", "Name": "crossbeam-deque", "Identifier": { "PURL": "pkg:cargo/crossbeam-deque@0.8.2", "UID": "d2c640da98d37443", "BOMRef": "pkg:cargo/crossbeam-deque@0.8.2" }, "Version": "0.8.2", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "cfg-if@1.0.0", "crossbeam-epoch@0.9.13", "crossbeam-utils@0.8.20" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "crossbeam-epoch@0.9.13", "Name": "crossbeam-epoch", "Identifier": { "PURL": "pkg:cargo/crossbeam-epoch@0.9.13", "UID": "4d66794e9e1c868c", "BOMRef": "pkg:cargo/crossbeam-epoch@0.9.13" }, "Version": "0.9.13", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "cfg-if@1.0.0", "crossbeam-utils@0.8.20", "memoffset@0.7.1", "scopeguard@1.1.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "crossbeam-utils@0.8.20", "Name": "crossbeam-utils", "Identifier": { "PURL": "pkg:cargo/crossbeam-utils@0.8.20", "UID": "1fdf8725fee0d672", "BOMRef": "pkg:cargo/crossbeam-utils@0.8.20" }, "Version": "0.8.20", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "crunchy@0.2.2", "Name": "crunchy", "Identifier": { "PURL": "pkg:cargo/crunchy@0.2.2", "UID": "cc4f812206c7782c", "BOMRef": "pkg:cargo/crunchy@0.2.2" }, "Version": "0.2.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "crypto-bigint@0.5.5", "Name": "crypto-bigint", "Identifier": { "PURL": "pkg:cargo/crypto-bigint@0.5.5", "UID": "ee37735604fddb4c", "BOMRef": "pkg:cargo/crypto-bigint@0.5.5" }, "Version": "0.5.5", "Licenses": [ "Apache-2.0 OR MIT" ], "DependsOn": [ "generic-array@0.14.9", "rand_core@0.6.4", "subtle@2.5.0", "zeroize@1.8.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "crypto-common@0.1.6", "Name": "crypto-common", "Identifier": { "PURL": "pkg:cargo/crypto-common@0.1.6", "UID": "91f2f90e48a439ab", "BOMRef": "pkg:cargo/crypto-common@0.1.6" }, "Version": "0.1.6", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "generic-array@0.14.9", "typenum@1.16.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "csv@1.4.0", "Name": "csv", "Identifier": { "PURL": "pkg:cargo/csv@1.4.0", "UID": "47fb0103e2302a3f", "BOMRef": "pkg:cargo/csv@1.4.0" }, "Version": "1.4.0", "Licenses": [ "Unlicense OR MIT" ], "DependsOn": [ "csv-core@0.1.11", "itoa@1.0.5", "ryu@1.0.12", "serde_core@1.0.226" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "csv-core@0.1.11", "Name": "csv-core", "Identifier": { "PURL": "pkg:cargo/csv-core@0.1.11", "UID": "c73bdf66c1af6eca", "BOMRef": "pkg:cargo/csv-core@0.1.11" }, "Version": "0.1.11", "Licenses": [ "Unlicense OR MIT" ], "DependsOn": [ "memchr@2.7.4" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "curve25519-dalek@4.1.3", "Name": "curve25519-dalek", "Identifier": { "PURL": "pkg:cargo/curve25519-dalek@4.1.3", "UID": "db91afe0ba666b27", "BOMRef": "pkg:cargo/curve25519-dalek@4.1.3" }, "Version": "4.1.3", "Licenses": [ "BSD-3-Clause" ], "DependsOn": [ "cfg-if@1.0.0", "cpufeatures@0.2.17", "curve25519-dalek-derive@0.1.1", "digest@0.10.7", "fiat-crypto@0.2.9", "subtle@2.5.0", "zeroize@1.8.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "curve25519-dalek-derive@0.1.1", "Name": "curve25519-dalek-derive", "Identifier": { "PURL": "pkg:cargo/curve25519-dalek-derive@0.1.1", "UID": "7c3868b310ff734a", "BOMRef": "pkg:cargo/curve25519-dalek-derive@0.1.1" }, "Version": "0.1.1", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "proc-macro2@1.0.101", "quote@1.0.42", "syn@2.0.111" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "cxx@1.0.85", "Name": "cxx", "Identifier": { "PURL": "pkg:cargo/cxx@1.0.85", "UID": "cb1262025632f5b3", "BOMRef": "pkg:cargo/cxx@1.0.85" }, "Version": "1.0.85", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "cxxbridge-macro@1.0.85", "link-cplusplus@1.0.8" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "cxxbridge-macro@1.0.85", "Name": "cxxbridge-macro", "Identifier": { "PURL": "pkg:cargo/cxxbridge-macro@1.0.85", "UID": "5010716db2a87e3d", "BOMRef": "pkg:cargo/cxxbridge-macro@1.0.85" }, "Version": "1.0.85", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "proc-macro2@1.0.101", "quote@1.0.42", "syn@1.0.107" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "daachorse@1.0.0", "Name": "daachorse", "Identifier": { "PURL": "pkg:cargo/daachorse@1.0.0", "UID": "512cd6692d891e0b", "BOMRef": "pkg:cargo/daachorse@1.0.0" }, "Version": "1.0.0", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "darling@0.20.8", "Name": "darling", "Identifier": { "PURL": "pkg:cargo/darling@0.20.8", "UID": "3882f31a4f7b1fad", "BOMRef": "pkg:cargo/darling@0.20.8" }, "Version": "0.20.8", "Licenses": [ "MIT" ], "DependsOn": [ "darling_core@0.20.8", "darling_macro@0.20.8" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "darling_core@0.20.8", "Name": "darling_core", "Identifier": { "PURL": "pkg:cargo/darling_core@0.20.8", "UID": "96f5f40516b13b7c", "BOMRef": "pkg:cargo/darling_core@0.20.8" }, "Version": "0.20.8", "Licenses": [ "MIT" ], "DependsOn": [ "fnv@1.0.7", "ident_case@1.0.1", "proc-macro2@1.0.101", "quote@1.0.42", "strsim@0.10.0", "syn@2.0.111" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "darling_macro@0.20.8", "Name": "darling_macro", "Identifier": { "PURL": "pkg:cargo/darling_macro@0.20.8", "UID": "6d2da774e02175e7", "BOMRef": "pkg:cargo/darling_macro@0.20.8" }, "Version": "0.20.8", "Licenses": [ "MIT" ], "DependsOn": [ "darling_core@0.20.8", "quote@1.0.42", "syn@2.0.111" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "dary_heap@0.3.7", "Name": "dary_heap", "Identifier": { "PURL": "pkg:cargo/dary_heap@0.3.7", "UID": "1222b70eb2284344", "BOMRef": "pkg:cargo/dary_heap@0.3.7" }, "Version": "0.3.7", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "dashmap@6.1.0", "Name": "dashmap", "Identifier": { "PURL": "pkg:cargo/dashmap@6.1.0", "UID": "7b95b923c35be525", "BOMRef": "pkg:cargo/dashmap@6.1.0" }, "Version": "6.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "cfg-if@1.0.0", "crossbeam-utils@0.8.20", "hashbrown@0.14.2", "lock_api@0.4.14", "once_cell@1.21.3", "parking_lot_core@0.9.12" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "data-encoding@2.9.0", "Name": "data-encoding", "Identifier": { "PURL": "pkg:cargo/data-encoding@2.9.0", "UID": "be939b9f2271649e", "BOMRef": "pkg:cargo/data-encoding@2.9.0" }, "Version": "2.9.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "debugid@0.8.0", "Name": "debugid", "Identifier": { "PURL": "pkg:cargo/debugid@0.8.0", "UID": "4f3b777c623561a4", "BOMRef": "pkg:cargo/debugid@0.8.0" }, "Version": "0.8.0", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "uuid@1.18.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "delegate@0.13.4", "Name": "delegate", "Identifier": { "PURL": "pkg:cargo/delegate@0.13.4", "UID": "2eb697dbc1c2e37a", "BOMRef": "pkg:cargo/delegate@0.13.4" }, "Version": "0.13.4", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "proc-macro2@1.0.101", "quote@1.0.42", "syn@2.0.111" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "der@0.7.10", "Name": "der", "Identifier": { "PURL": "pkg:cargo/der@0.7.10", "UID": "b2b031897db5fc90", "BOMRef": "pkg:cargo/der@0.7.10" }, "Version": "0.7.10", "Licenses": [ "Apache-2.0 OR MIT" ], "DependsOn": [ "const-oid@0.9.6", "pem-rfc7468@0.7.0", "zeroize@1.8.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "derive_more@0.99.17", "Name": "derive_more", "Identifier": { "PURL": "pkg:cargo/derive_more@0.99.17", "UID": "804d904705d82df3", "BOMRef": "pkg:cargo/derive_more@0.99.17" }, "Version": "0.99.17", "Licenses": [ "MIT" ], "DependsOn": [ "convert_case@0.4.0", "proc-macro2@1.0.101", "quote@1.0.42", "syn@1.0.107" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "derive_more@2.0.1", "Name": "derive_more", "Identifier": { "PURL": "pkg:cargo/derive_more@2.0.1", "UID": "79384f08de9d7ef0", "BOMRef": "pkg:cargo/derive_more@2.0.1" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "derive_more-impl@2.0.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "derive_more-impl@2.0.1", "Name": "derive_more-impl", "Identifier": { "PURL": "pkg:cargo/derive_more-impl@2.0.1", "UID": "eac5a75358a9c5ab", "BOMRef": "pkg:cargo/derive_more-impl@2.0.1" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "proc-macro2@1.0.101", "quote@1.0.42", "syn@2.0.111", "unicode-xid@0.2.6" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "digest@0.10.7", "Name": "digest", "Identifier": { "PURL": "pkg:cargo/digest@0.10.7", "UID": "96389fd10a90ccea", "BOMRef": "pkg:cargo/digest@0.10.7" }, "Version": "0.10.7", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "block-buffer@0.10.3", "const-oid@0.9.6", "crypto-common@0.1.6", "subtle@2.5.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "displaydoc@0.2.5", "Name": "displaydoc", "Identifier": { "PURL": "pkg:cargo/displaydoc@0.2.5", "UID": "d78891dbdf3e4b11", "BOMRef": "pkg:cargo/displaydoc@0.2.5" }, "Version": "0.2.5", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "proc-macro2@1.0.101", "quote@1.0.42", "syn@2.0.111" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "docopt@1.1.1", "Name": "docopt", "Identifier": { "PURL": "pkg:cargo/docopt@1.1.1", "UID": "34dc3ba4ccd05114", "BOMRef": "pkg:cargo/docopt@1.1.1" }, "Version": "1.1.1", "Licenses": [ "Unlicense OR MIT" ], "DependsOn": [ "lazy_static@1.5.0", "regex@1.11.0", "serde@1.0.226", "strsim@0.10.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "dyn-clone@1.0.10", "Name": "dyn-clone", "Identifier": { "PURL": "pkg:cargo/dyn-clone@1.0.10", "UID": "b94281b4b67194cb", "BOMRef": "pkg:cargo/dyn-clone@1.0.10" }, "Version": "1.0.10", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "dyn_size_of@0.4.2", "Name": "dyn_size_of", "Identifier": { "PURL": "pkg:cargo/dyn_size_of@0.4.2", "UID": "77ec31d28624cce0", "BOMRef": "pkg:cargo/dyn_size_of@0.4.2" }, "Version": "0.4.2", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "earcutr@0.4.2", "Name": "earcutr", "Identifier": { "PURL": "pkg:cargo/earcutr@0.4.2", "UID": "ea9293523746a1f5", "BOMRef": "pkg:cargo/earcutr@0.4.2" }, "Version": "0.4.2", "Licenses": [ "ISC" ], "DependsOn": [ "itertools@0.10.5", "num-traits@0.2.19" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "ecdsa@0.16.9", "Name": "ecdsa", "Identifier": { "PURL": "pkg:cargo/ecdsa@0.16.9", "UID": "35cfb440e78f6202", "BOMRef": "pkg:cargo/ecdsa@0.16.9" }, "Version": "0.16.9", "Licenses": [ "Apache-2.0 OR MIT" ], "DependsOn": [ "der@0.7.10", "digest@0.10.7", "elliptic-curve@0.13.8", "rfc6979@0.4.0", "signature@2.2.0", "spki@0.7.3" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "ecow@0.2.6", "Name": "ecow", "Identifier": { "PURL": "pkg:cargo/ecow@0.2.6", "UID": "f8fcae2597cb8d84", "BOMRef": "pkg:cargo/ecow@0.2.6" }, "Version": "0.2.6", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "serde@1.0.226" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "ed25519@2.2.3", "Name": "ed25519", "Identifier": { "PURL": "pkg:cargo/ed25519@2.2.3", "UID": "a20e3de7f0eb0c39", "BOMRef": "pkg:cargo/ed25519@2.2.3" }, "Version": "2.2.3", "Licenses": [ "Apache-2.0 OR MIT" ], "DependsOn": [ "pkcs8@0.10.2", "signature@2.2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "ed25519-dalek@2.2.0", "Name": "ed25519-dalek", "Identifier": { "PURL": "pkg:cargo/ed25519-dalek@2.2.0", "UID": "1d64c1661954fc4b", "BOMRef": "pkg:cargo/ed25519-dalek@2.2.0" }, "Version": "2.2.0", "Licenses": [ "BSD-3-Clause" ], "DependsOn": [ "curve25519-dalek@4.1.3", "ed25519@2.2.3", "serde@1.0.226", "sha2@0.10.9", "subtle@2.5.0", "zeroize@1.8.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "either@1.13.0", "Name": "either", "Identifier": { "PURL": "pkg:cargo/either@1.13.0", "UID": "996a63fb60fd013a", "BOMRef": "pkg:cargo/either@1.13.0" }, "Version": "1.13.0", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "elliptic-curve@0.13.8", "Name": "elliptic-curve", "Identifier": { "PURL": "pkg:cargo/elliptic-curve@0.13.8", "UID": "f3822da7a89f8c2e", "BOMRef": "pkg:cargo/elliptic-curve@0.13.8" }, "Version": "0.13.8", "Licenses": [ "Apache-2.0 OR MIT" ], "DependsOn": [ "base16ct@0.2.0", "crypto-bigint@0.5.5", "digest@0.10.7", "ff@0.13.1", "generic-array@0.14.9", "group@0.13.0", "hkdf@0.12.4", "pem-rfc7468@0.7.0", "pkcs8@0.10.2", "rand_core@0.6.4", "sec1@0.7.3", "subtle@2.5.0", "zeroize@1.8.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "encode_unicode@1.0.0", "Name": "encode_unicode", "Identifier": { "PURL": "pkg:cargo/encode_unicode@1.0.0", "UID": "bc7d40760983187c", "BOMRef": "pkg:cargo/encode_unicode@1.0.0" }, "Version": "1.0.0", "Licenses": [ "Apache-2.0 OR MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "encoding_rs@0.8.33", "Name": "encoding_rs", "Identifier": { "PURL": "pkg:cargo/encoding_rs@0.8.33", "UID": "d1d4570a8cff199d", "BOMRef": "pkg:cargo/encoding_rs@0.8.33" }, "Version": "0.8.33", "Licenses": [ "(Apache-2.0 OR MIT) AND BSD-3-Clause" ], "DependsOn": [ "cfg-if@1.0.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "env_filter@0.1.0", "Name": "env_filter", "Identifier": { "PURL": "pkg:cargo/env_filter@0.1.0", "UID": "d39de08f7b818339", "BOMRef": "pkg:cargo/env_filter@0.1.0" }, "Version": "0.1.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "log@0.4.28", "regex@1.11.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "env_logger@0.11.8", "Name": "env_logger", "Identifier": { "PURL": "pkg:cargo/env_logger@0.11.8", "UID": "20f1ad1789a26229", "BOMRef": "pkg:cargo/env_logger@0.11.8" }, "Version": "0.11.8", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "anstream@0.6.11", "anstyle@1.0.8", "env_filter@0.1.0", "jiff@0.2.15", "log@0.4.28" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "equator@0.2.2", "Name": "equator", "Identifier": { "PURL": "pkg:cargo/equator@0.2.2", "UID": "24954517bb80da69", "BOMRef": "pkg:cargo/equator@0.2.2" }, "Version": "0.2.2", "Licenses": [ "MIT" ], "DependsOn": [ "equator-macro@0.2.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "equator-macro@0.2.1", "Name": "equator-macro", "Identifier": { "PURL": "pkg:cargo/equator-macro@0.2.1", "UID": "aa6c4485bffd131e", "BOMRef": "pkg:cargo/equator-macro@0.2.1" }, "Version": "0.2.1", "Licenses": [ "MIT" ], "DependsOn": [ "proc-macro2@1.0.101", "quote@1.0.42", "syn@2.0.111" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "equivalent@1.0.1", "Name": "equivalent", "Identifier": { "PURL": "pkg:cargo/equivalent@1.0.1", "UID": "21e9020d4414b88e", "BOMRef": "pkg:cargo/equivalent@1.0.1" }, "Version": "1.0.1", "Licenses": [ "Apache-2.0 OR MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "erased-serde@0.3.31", "Name": "erased-serde", "Identifier": { "PURL": "pkg:cargo/erased-serde@0.3.31", "UID": "67675b495c5a909c", "BOMRef": "pkg:cargo/erased-serde@0.3.31" }, "Version": "0.3.31", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "serde@1.0.226" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "erased-serde@0.4.2", "Name": "erased-serde", "Identifier": { "PURL": "pkg:cargo/erased-serde@0.4.2", "UID": "2402c5cba7b76279", "BOMRef": "pkg:cargo/erased-serde@0.4.2" }, "Version": "0.4.2", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "serde@1.0.226" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "errno@0.3.10", "Name": "errno", "Identifier": { "PURL": "pkg:cargo/errno@0.3.10", "UID": "348939fc1bfc9498", "BOMRef": "pkg:cargo/errno@0.3.10" }, "Version": "0.3.10", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "libc@0.2.174", "windows-sys@0.59.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "faccess@0.2.4", "Name": "faccess", "Identifier": { "PURL": "pkg:cargo/faccess@0.2.4", "UID": "ab75014f755c5ce3", "BOMRef": "pkg:cargo/faccess@0.2.4" }, "Version": "0.2.4", "Licenses": [ "MIT" ], "DependsOn": [ "bitflags@1.3.2", "libc@0.2.174", "winapi@0.3.9" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "fastrand@2.2.0", "Name": "fastrand", "Identifier": { "PURL": "pkg:cargo/fastrand@2.2.0", "UID": "9e371d9256411ee4", "BOMRef": "pkg:cargo/fastrand@2.2.0" }, "Version": "2.2.0", "Licenses": [ "Apache-2.0 OR MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "ff@0.13.1", "Name": "ff", "Identifier": { "PURL": "pkg:cargo/ff@0.13.1", "UID": "2c81053ff1fc9af8", "BOMRef": "pkg:cargo/ff@0.13.1" }, "Version": "0.13.1", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "rand_core@0.6.4", "subtle@2.5.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "fiat-crypto@0.2.9", "Name": "fiat-crypto", "Identifier": { "PURL": "pkg:cargo/fiat-crypto@0.2.9", "UID": "44f892b22a961a70", "BOMRef": "pkg:cargo/fiat-crypto@0.2.9" }, "Version": "0.2.9", "Licenses": [ "MIT OR Apache-2.0 OR BSD-1-Clause" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "filetime@0.2.19", "Name": "filetime", "Identifier": { "PURL": "pkg:cargo/filetime@0.2.19", "UID": "693e6ff61c0a8518", "BOMRef": "pkg:cargo/filetime@0.2.19" }, "Version": "0.2.19", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "cfg-if@1.0.0", "libc@0.2.174", "redox_syscall@0.2.16", "windows-sys@0.42.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "findshlibs@0.10.2", "Name": "findshlibs", "Identifier": { "PURL": "pkg:cargo/findshlibs@0.10.2", "UID": "7b574390581a3276", "BOMRef": "pkg:cargo/findshlibs@0.10.2" }, "Version": "0.10.2", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "lazy_static@1.5.0", "libc@0.2.174", "winapi@0.3.9" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "fixedbitset@0.4.2", "Name": "fixedbitset", "Identifier": { "PURL": "pkg:cargo/fixedbitset@0.4.2", "UID": "688837623e9a6501", "BOMRef": "pkg:cargo/fixedbitset@0.4.2" }, "Version": "0.4.2", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "flate2@1.1.4", "Name": "flate2", "Identifier": { "PURL": "pkg:cargo/flate2@1.1.4", "UID": "ab0a5f53652be5b5", "BOMRef": "pkg:cargo/flate2@1.1.4" }, "Version": "1.1.4", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "crc32fast@1.3.2", "miniz_oxide@0.8.5" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "float_next_after@1.0.0", "Name": "float_next_after", "Identifier": { "PURL": "pkg:cargo/float_next_after@1.0.0", "UID": "db0a1f4eb601860e", "BOMRef": "pkg:cargo/float_next_after@1.0.0" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "fnv@1.0.7", "Name": "fnv", "Identifier": { "PURL": "pkg:cargo/fnv@1.0.7", "UID": "5e4aaf941288020f", "BOMRef": "pkg:cargo/fnv@1.0.7" }, "Version": "1.0.7", "Licenses": [ "Apache-2.0 OR MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "foldhash@0.1.4", "Name": "foldhash", "Identifier": { "PURL": "pkg:cargo/foldhash@0.1.4", "UID": "f4461c157790959d", "BOMRef": "pkg:cargo/foldhash@0.1.4" }, "Version": "0.1.4", "Licenses": [ "Zlib" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "foreign-types@0.5.0", "Name": "foreign-types", "Identifier": { "PURL": "pkg:cargo/foreign-types@0.5.0", "UID": "fb5d7dfc6327946f", "BOMRef": "pkg:cargo/foreign-types@0.5.0" }, "Version": "0.5.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "foreign-types-macros@0.2.3", "foreign-types-shared@0.3.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "foreign-types-macros@0.2.3", "Name": "foreign-types-macros", "Identifier": { "PURL": "pkg:cargo/foreign-types-macros@0.2.3", "UID": "545e5fb906cc82be", "BOMRef": "pkg:cargo/foreign-types-macros@0.2.3" }, "Version": "0.2.3", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "proc-macro2@1.0.101", "quote@1.0.42", "syn@2.0.111" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "foreign-types-shared@0.3.1", "Name": "foreign-types-shared", "Identifier": { "PURL": "pkg:cargo/foreign-types-shared@0.3.1", "UID": "5378191feec26b73", "BOMRef": "pkg:cargo/foreign-types-shared@0.3.1" }, "Version": "0.3.1", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "form_urlencoded@1.2.2", "Name": "form_urlencoded", "Identifier": { "PURL": "pkg:cargo/form_urlencoded@1.2.2", "UID": "cb2868a5663a9b94", "BOMRef": "pkg:cargo/form_urlencoded@1.2.2" }, "Version": "1.2.2", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "percent-encoding@2.3.2" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "fs-err@3.2.0", "Name": "fs-err", "Identifier": { "PURL": "pkg:cargo/fs-err@3.2.0", "UID": "4559deece9da3917", "BOMRef": "pkg:cargo/fs-err@3.2.0" }, "Version": "3.2.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "path_facts@0.2.1", "tokio@1.48.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "fs4@0.13.1", "Name": "fs4", "Identifier": { "PURL": "pkg:cargo/fs4@0.13.1", "UID": "8af0e4f5fa67c9b2", "BOMRef": "pkg:cargo/fs4@0.13.1" }, "Version": "0.13.1", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "rustix@1.0.2", "windows-sys@0.59.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "fs_extra@1.3.0", "Name": "fs_extra", "Identifier": { "PURL": "pkg:cargo/fs_extra@1.3.0", "UID": "ffe3ac151bf27c06", "BOMRef": "pkg:cargo/fs_extra@1.3.0" }, "Version": "1.3.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "fst@0.4.7", "Name": "fst", "Identifier": { "PURL": "pkg:cargo/fst@0.4.7", "UID": "4bddf5829cc88fe2", "BOMRef": "pkg:cargo/fst@0.4.7" }, "Version": "0.4.7", "Licenses": [ "Unlicense OR MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "funty@2.0.0", "Name": "funty", "Identifier": { "PURL": "pkg:cargo/funty@2.0.0", "UID": "ad530af73c54f3c2", "BOMRef": "pkg:cargo/funty@2.0.0" }, "Version": "2.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "futures@0.3.31", "Name": "futures", "Identifier": { "PURL": "pkg:cargo/futures@0.3.31", "UID": "fa7a0c389baa83a3", "BOMRef": "pkg:cargo/futures@0.3.31" }, "Version": "0.3.31", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "futures-channel@0.3.31", "futures-core@0.3.31", "futures-executor@0.3.31", "futures-io@0.3.31", "futures-sink@0.3.31", "futures-task@0.3.31", "futures-util@0.3.31" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "futures-channel@0.3.31", "Name": "futures-channel", "Identifier": { "PURL": "pkg:cargo/futures-channel@0.3.31", "UID": "aa829ea2fb866367", "BOMRef": "pkg:cargo/futures-channel@0.3.31" }, "Version": "0.3.31", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "futures-core@0.3.31", "futures-sink@0.3.31" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "futures-core@0.3.31", "Name": "futures-core", "Identifier": { "PURL": "pkg:cargo/futures-core@0.3.31", "UID": "7176c2343efcfa0b", "BOMRef": "pkg:cargo/futures-core@0.3.31" }, "Version": "0.3.31", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "futures-executor@0.3.31", "Name": "futures-executor", "Identifier": { "PURL": "pkg:cargo/futures-executor@0.3.31", "UID": "f96fb332e9ea6a95", "BOMRef": "pkg:cargo/futures-executor@0.3.31" }, "Version": "0.3.31", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "futures-core@0.3.31", "futures-task@0.3.31", "futures-util@0.3.31" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "futures-io@0.3.31", "Name": "futures-io", "Identifier": { "PURL": "pkg:cargo/futures-io@0.3.31", "UID": "448318df4e4a57cf", "BOMRef": "pkg:cargo/futures-io@0.3.31" }, "Version": "0.3.31", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "futures-macro@0.3.31", "Name": "futures-macro", "Identifier": { "PURL": "pkg:cargo/futures-macro@0.3.31", "UID": "bc59595899e22c2b", "BOMRef": "pkg:cargo/futures-macro@0.3.31" }, "Version": "0.3.31", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "proc-macro2@1.0.101", "quote@1.0.42", "syn@2.0.111" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "futures-sink@0.3.31", "Name": "futures-sink", "Identifier": { "PURL": "pkg:cargo/futures-sink@0.3.31", "UID": "8c14d80732ae1a60", "BOMRef": "pkg:cargo/futures-sink@0.3.31" }, "Version": "0.3.31", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "futures-task@0.3.31", "Name": "futures-task", "Identifier": { "PURL": "pkg:cargo/futures-task@0.3.31", "UID": "9ad04ea48822747a", "BOMRef": "pkg:cargo/futures-task@0.3.31" }, "Version": "0.3.31", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "futures-util@0.3.31", "Name": "futures-util", "Identifier": { "PURL": "pkg:cargo/futures-util@0.3.31", "UID": "544cde8537a2eaaa", "BOMRef": "pkg:cargo/futures-util@0.3.31" }, "Version": "0.3.31", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "futures-channel@0.3.31", "futures-core@0.3.31", "futures-io@0.3.31", "futures-macro@0.3.31", "futures-sink@0.3.31", "futures-task@0.3.31", "memchr@2.7.4", "pin-project-lite@0.2.12", "pin-utils@0.1.0", "slab@0.4.11" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "fxhash@0.2.1", "Name": "fxhash", "Identifier": { "PURL": "pkg:cargo/fxhash@0.2.1", "UID": "22cacf75cc7701a7", "BOMRef": "pkg:cargo/fxhash@0.2.1" }, "Version": "0.2.1", "Licenses": [ "Apache-2.0 OR MIT" ], "DependsOn": [ "byteorder@1.5.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "generator@0.7.4", "Name": "generator", "Identifier": { "PURL": "pkg:cargo/generator@0.7.4", "UID": "efc9493d1240c958", "BOMRef": "pkg:cargo/generator@0.7.4" }, "Version": "0.7.4", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "libc@0.2.174", "log@0.4.28", "windows@0.48.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "generic-array@0.14.9", "Name": "generic-array", "Identifier": { "PURL": "pkg:cargo/generic-array@0.14.9", "UID": "789c7ddb95e8d39b", "BOMRef": "pkg:cargo/generic-array@0.14.9" }, "Version": "0.14.9", "Licenses": [ "MIT" ], "DependsOn": [ "typenum@1.16.0", "zeroize@1.8.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "geo@0.31.0", "Name": "geo", "Identifier": { "PURL": "pkg:cargo/geo@0.31.0", "UID": "c47324a31ffacb49", "BOMRef": "pkg:cargo/geo@0.31.0" }, "Version": "0.31.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "earcutr@0.4.2", "float_next_after@1.0.0", "geo-types@0.7.17", "geographiclib-rs@0.2.3", "i_overlay@4.0.2", "log@0.4.28", "num-traits@0.2.19", "robust@1.1.0", "rstar@0.12.0", "spade@2.12.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "geo-types@0.7.17", "Name": "geo-types", "Identifier": { "PURL": "pkg:cargo/geo-types@0.7.17", "UID": "6b5acac1692fdff3", "BOMRef": "pkg:cargo/geo-types@0.7.17" }, "Version": "0.7.17", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "approx@0.5.1", "num-traits@0.2.19", "rayon@1.11.0", "rstar@0.12.0", "serde@1.0.226" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "geographiclib-rs@0.2.3", "Name": "geographiclib-rs", "Identifier": { "PURL": "pkg:cargo/geographiclib-rs@0.2.3", "UID": "ede4454cf5c888ac", "BOMRef": "pkg:cargo/geographiclib-rs@0.2.3" }, "Version": "0.2.3", "Licenses": [ "MIT" ], "DependsOn": [ "lazy_static@1.5.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "geohash@0.13.1", "Name": "geohash", "Identifier": { "PURL": "pkg:cargo/geohash@0.13.1", "UID": "335970ae7b151fc4", "BOMRef": "pkg:cargo/geohash@0.13.1" }, "Version": "0.13.1", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "geo-types@0.7.17", "libm@0.2.6" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "getrandom@0.1.16", "Name": "getrandom", "Identifier": { "PURL": "pkg:cargo/getrandom@0.1.16", "UID": "9f93cec267de3f83", "BOMRef": "pkg:cargo/getrandom@0.1.16" }, "Version": "0.1.16", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "cfg-if@1.0.0", "libc@0.2.174", "wasi@0.9.0+wasi-snapshot-preview1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "getrandom@0.2.11", "Name": "getrandom", "Identifier": { "PURL": "pkg:cargo/getrandom@0.2.11", "UID": "8c3d841854c4a32d", "BOMRef": "pkg:cargo/getrandom@0.2.11" }, "Version": "0.2.11", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "cfg-if@1.0.0", "libc@0.2.174", "wasi@0.11.0+wasi-snapshot-preview1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "getrandom@0.3.0", "Name": "getrandom", "Identifier": { "PURL": "pkg:cargo/getrandom@0.3.0", "UID": "9f9a866507dc1200", "BOMRef": "pkg:cargo/getrandom@0.3.0" }, "Version": "0.3.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "cfg-if@1.0.0", "libc@0.2.174", "wasi@0.13.3+wasi-0.2.2", "windows-targets@0.52.6" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "getset@0.1.2", "Name": "getset", "Identifier": { "PURL": "pkg:cargo/getset@0.1.2", "UID": "725c7fd11ce6c862", "BOMRef": "pkg:cargo/getset@0.1.2" }, "Version": "0.1.2", "Licenses": [ "MIT" ], "DependsOn": [ "proc-macro-error@1.0.4", "proc-macro2@1.0.101", "quote@1.0.42", "syn@1.0.107" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "gimli@0.27.0", "Name": "gimli", "Identifier": { "PURL": "pkg:cargo/gimli@0.27.0", "UID": "8cddb6ea5112819f", "BOMRef": "pkg:cargo/gimli@0.27.0" }, "Version": "0.27.0", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "gpu-allocator@0.27.0", "Name": "gpu-allocator", "Identifier": { "PURL": "pkg:cargo/gpu-allocator@0.27.0", "UID": "a1cd16ef8657c9f8", "BOMRef": "pkg:cargo/gpu-allocator@0.27.0" }, "Version": "0.27.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "ash@0.38.0+1.3.281", "log@0.4.28", "presser@0.3.1", "thiserror@1.0.69", "windows@0.57.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "group@0.13.0", "Name": "group", "Identifier": { "PURL": "pkg:cargo/group@0.13.0", "UID": "a81f04423e45512", "BOMRef": "pkg:cargo/group@0.13.0" }, "Version": "0.13.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "ff@0.13.1", "rand_core@0.6.4", "subtle@2.5.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "h2@0.3.26", "Name": "h2", "Identifier": { "PURL": "pkg:cargo/h2@0.3.26", "UID": "b565e1534208e19d", "BOMRef": "pkg:cargo/h2@0.3.26" }, "Version": "0.3.26", "Licenses": [ "MIT" ], "DependsOn": [ "bytes@1.10.1", "fnv@1.0.7", "futures-core@0.3.31", "futures-sink@0.3.31", "futures-util@0.3.31", "http@0.2.12", "indexmap@2.11.4", "slab@0.4.11", "tokio-util@0.7.16", "tokio@1.48.0", "tracing@0.1.43" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "h2@0.4.4", "Name": "h2", "Identifier": { "PURL": "pkg:cargo/h2@0.4.4", "UID": "8f4827c64c2fd693", "BOMRef": "pkg:cargo/h2@0.4.4" }, "Version": "0.4.4", "Licenses": [ "MIT" ], "DependsOn": [ "bytes@1.10.1", "fnv@1.0.7", "futures-core@0.3.31", "futures-sink@0.3.31", "futures-util@0.3.31", "http@1.3.1", "indexmap@2.11.4", "slab@0.4.11", "tokio-util@0.7.16", "tokio@1.48.0", "tracing@0.1.43" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "half@1.8.2", "Name": "half", "Identifier": { "PURL": "pkg:cargo/half@1.8.2", "UID": "9efcb930a894c0e2", "BOMRef": "pkg:cargo/half@1.8.2" }, "Version": "1.8.2", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "half@2.7.0", "Name": "half", "Identifier": { "PURL": "pkg:cargo/half@2.7.0", "UID": "9ec0f6ecbb7e41", "BOMRef": "pkg:cargo/half@2.7.0" }, "Version": "2.7.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "cfg-if@1.0.0", "crunchy@0.2.2", "num-traits@0.2.19", "serde@1.0.226", "zerocopy@0.8.31" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "hash32@0.3.1", "Name": "hash32", "Identifier": { "PURL": "pkg:cargo/hash32@0.3.1", "UID": "f1513739d5150aa6", "BOMRef": "pkg:cargo/hash32@0.3.1" }, "Version": "0.3.1", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "byteorder@1.5.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "hashbrown@0.12.3", "Name": "hashbrown", "Identifier": { "PURL": "pkg:cargo/hashbrown@0.12.3", "UID": "902544d8542d1559", "BOMRef": "pkg:cargo/hashbrown@0.12.3" }, "Version": "0.12.3", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "hashbrown@0.14.2", "Name": "hashbrown", "Identifier": { "PURL": "pkg:cargo/hashbrown@0.14.2", "UID": "6634af8e77d9ec6b", "BOMRef": "pkg:cargo/hashbrown@0.14.2" }, "Version": "0.14.2", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "ahash@0.8.11", "allocator-api2@0.2.16" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "hashbrown@0.15.2", "Name": "hashbrown", "Identifier": { "PURL": "pkg:cargo/hashbrown@0.15.2", "UID": "5146c4a047e324c5", "BOMRef": "pkg:cargo/hashbrown@0.15.2" }, "Version": "0.15.2", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "allocator-api2@0.2.16", "equivalent@1.0.1", "foldhash@0.1.4" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "hashlink@0.10.0", "Name": "hashlink", "Identifier": { "PURL": "pkg:cargo/hashlink@0.10.0", "UID": "40fb96f472ec8db9", "BOMRef": "pkg:cargo/hashlink@0.10.0" }, "Version": "0.10.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "hashbrown@0.15.2" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "hashring@0.3.6", "Name": "hashring", "Identifier": { "PURL": "pkg:cargo/hashring@0.3.6", "UID": "fe6fcfecf9e9a8f5", "BOMRef": "pkg:cargo/hashring@0.3.6" }, "Version": "0.3.6", "Licenses": [ "MIT" ], "DependsOn": [ "siphasher@0.3.10" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "hdrhistogram@7.5.2", "Name": "hdrhistogram", "Identifier": { "PURL": "pkg:cargo/hdrhistogram@7.5.2", "UID": "3626ad9c50c35693", "BOMRef": "pkg:cargo/hdrhistogram@7.5.2" }, "Version": "7.5.2", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "base64@0.13.1", "byteorder@1.5.0", "flate2@1.1.4", "nom@7.1.3", "num-traits@0.2.19" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "heapless@0.8.0", "Name": "heapless", "Identifier": { "PURL": "pkg:cargo/heapless@0.8.0", "UID": "15ed5c24c1e391ac", "BOMRef": "pkg:cargo/heapless@0.8.0" }, "Version": "0.8.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "hash32@0.3.1", "stable_deref_trait@1.2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "heck@0.5.0", "Name": "heck", "Identifier": { "PURL": "pkg:cargo/heck@0.5.0", "UID": "3f163f2c885a9187", "BOMRef": "pkg:cargo/heck@0.5.0" }, "Version": "0.5.0", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "hermit-abi@0.3.9", "Name": "hermit-abi", "Identifier": { "PURL": "pkg:cargo/hermit-abi@0.3.9", "UID": "e05b08cace0a028a", "BOMRef": "pkg:cargo/hermit-abi@0.3.9" }, "Version": "0.3.9", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "hermit-abi@0.5.1", "Name": "hermit-abi", "Identifier": { "PURL": "pkg:cargo/hermit-abi@0.5.1", "UID": "c0c6609324f52cef", "BOMRef": "pkg:cargo/hermit-abi@0.5.1" }, "Version": "0.5.1", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "hex@0.4.3", "Name": "hex", "Identifier": { "PURL": "pkg:cargo/hex@0.4.3", "UID": "33f09fa398c75c6f", "BOMRef": "pkg:cargo/hex@0.4.3" }, "Version": "0.4.3", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "hkdf@0.12.4", "Name": "hkdf", "Identifier": { "PURL": "pkg:cargo/hkdf@0.12.4", "UID": "371fe514367c1670", "BOMRef": "pkg:cargo/hkdf@0.12.4" }, "Version": "0.12.4", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "hmac@0.12.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "hmac@0.12.1", "Name": "hmac", "Identifier": { "PURL": "pkg:cargo/hmac@0.12.1", "UID": "eac07a79a4a5b8ef", "BOMRef": "pkg:cargo/hmac@0.12.1" }, "Version": "0.12.1", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "digest@0.10.7" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "http@0.2.12", "Name": "http", "Identifier": { "PURL": "pkg:cargo/http@0.2.12", "UID": "2303f2a4b757227f", "BOMRef": "pkg:cargo/http@0.2.12" }, "Version": "0.2.12", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "bytes@1.10.1", "fnv@1.0.7", "itoa@1.0.5" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "http@1.3.1", "Name": "http", "Identifier": { "PURL": "pkg:cargo/http@1.3.1", "UID": "cf2a5a22f14f74f3", "BOMRef": "pkg:cargo/http@1.3.1" }, "Version": "1.3.1", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "bytes@1.10.1", "fnv@1.0.7", "itoa@1.0.5" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "http-body@0.4.5", "Name": "http-body", "Identifier": { "PURL": "pkg:cargo/http-body@0.4.5", "UID": "b63a15854214b592", "BOMRef": "pkg:cargo/http-body@0.4.5" }, "Version": "0.4.5", "Licenses": [ "MIT" ], "DependsOn": [ "bytes@1.10.1", "http@0.2.12", "pin-project-lite@0.2.12" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "http-body@1.0.0", "Name": "http-body", "Identifier": { "PURL": "pkg:cargo/http-body@1.0.0", "UID": "4bbf8a1616e532ef", "BOMRef": "pkg:cargo/http-body@1.0.0" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "bytes@1.10.1", "http@1.3.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "http-body-util@0.1.2", "Name": "http-body-util", "Identifier": { "PURL": "pkg:cargo/http-body-util@0.1.2", "UID": "73aa279abb8cfde7", "BOMRef": "pkg:cargo/http-body-util@0.1.2" }, "Version": "0.1.2", "Licenses": [ "MIT" ], "DependsOn": [ "bytes@1.10.1", "futures-util@0.3.31", "http-body@1.0.0", "http@1.3.1", "pin-project-lite@0.2.12" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "http-range@0.1.5", "Name": "http-range", "Identifier": { "PURL": "pkg:cargo/http-range@0.1.5", "UID": "973c698f6a7c866a", "BOMRef": "pkg:cargo/http-range@0.1.5" }, "Version": "0.1.5", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "http-serde@2.1.1", "Name": "http-serde", "Identifier": { "PURL": "pkg:cargo/http-serde@2.1.1", "UID": "268009d42f021def", "BOMRef": "pkg:cargo/http-serde@2.1.1" }, "Version": "2.1.1", "Licenses": [ "Apache-2.0 OR MIT" ], "DependsOn": [ "http@1.3.1", "serde@1.0.226" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "httparse@1.10.1", "Name": "httparse", "Identifier": { "PURL": "pkg:cargo/httparse@1.10.1", "UID": "61c7d85b456143c9", "BOMRef": "pkg:cargo/httparse@1.10.1" }, "Version": "1.10.1", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "httpdate@1.0.2", "Name": "httpdate", "Identifier": { "PURL": "pkg:cargo/httpdate@1.0.2", "UID": "4d7274759b39aa65", "BOMRef": "pkg:cargo/httpdate@1.0.2" }, "Version": "1.0.2", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "humantime@2.3.0", "Name": "humantime", "Identifier": { "PURL": "pkg:cargo/humantime@2.3.0", "UID": "be06552c56f36c5f", "BOMRef": "pkg:cargo/humantime@2.3.0" }, "Version": "2.3.0", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "hyper@0.14.26", "Name": "hyper", "Identifier": { "PURL": "pkg:cargo/hyper@0.14.26", "UID": "cbcdb5d338267458", "BOMRef": "pkg:cargo/hyper@0.14.26" }, "Version": "0.14.26", "Licenses": [ "MIT" ], "DependsOn": [ "bytes@1.10.1", "futures-channel@0.3.31", "futures-core@0.3.31", "futures-util@0.3.31", "h2@0.3.26", "http-body@0.4.5", "http@0.2.12", "httparse@1.10.1", "httpdate@1.0.2", "itoa@1.0.5", "pin-project-lite@0.2.12", "socket2@0.4.9", "tokio@1.48.0", "tower-service@0.3.3", "tracing@0.1.43", "want@0.3.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "hyper@1.6.0", "Name": "hyper", "Identifier": { "PURL": "pkg:cargo/hyper@1.6.0", "UID": "cca5a7c3b6966966", "BOMRef": "pkg:cargo/hyper@1.6.0" }, "Version": "1.6.0", "Licenses": [ "MIT" ], "DependsOn": [ "bytes@1.10.1", "futures-channel@0.3.31", "futures-util@0.3.31", "h2@0.4.4", "http-body@1.0.0", "http@1.3.1", "httparse@1.10.1", "httpdate@1.0.2", "itoa@1.0.5", "pin-project-lite@0.2.12", "smallvec@1.15.1", "tokio@1.48.0", "want@0.3.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "hyper-rustls@0.27.2", "Name": "hyper-rustls", "Identifier": { "PURL": "pkg:cargo/hyper-rustls@0.27.2", "UID": "ad786d95f3d7529f", "BOMRef": "pkg:cargo/hyper-rustls@0.27.2" }, "Version": "0.27.2", "Licenses": [ "Apache-2.0 OR ISC OR MIT" ], "DependsOn": [ "futures-util@0.3.31", "http@1.3.1", "hyper-util@0.1.13", "hyper@1.6.0", "rustls-native-certs@0.7.0", "rustls-pki-types@1.12.0", "rustls@0.23.35", "tokio-rustls@0.26.0", "tokio@1.48.0", "tower-service@0.3.3", "webpki-roots@0.26.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "hyper-timeout@0.4.1", "Name": "hyper-timeout", "Identifier": { "PURL": "pkg:cargo/hyper-timeout@0.4.1", "UID": "53aa6375684f848", "BOMRef": "pkg:cargo/hyper-timeout@0.4.1" }, "Version": "0.4.1", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "hyper@0.14.26", "pin-project-lite@0.2.12", "tokio-io-timeout@1.2.0", "tokio@1.48.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "hyper-timeout@0.5.1", "Name": "hyper-timeout", "Identifier": { "PURL": "pkg:cargo/hyper-timeout@0.5.1", "UID": "d92b8d351d312bcc", "BOMRef": "pkg:cargo/hyper-timeout@0.5.1" }, "Version": "0.5.1", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "hyper-util@0.1.13", "hyper@1.6.0", "pin-project-lite@0.2.12", "tokio@1.48.0", "tower-service@0.3.3" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "hyper-util@0.1.13", "Name": "hyper-util", "Identifier": { "PURL": "pkg:cargo/hyper-util@0.1.13", "UID": "472ad256f448670", "BOMRef": "pkg:cargo/hyper-util@0.1.13" }, "Version": "0.1.13", "Licenses": [ "MIT" ], "DependsOn": [ "base64@0.22.0", "bytes@1.10.1", "futures-channel@0.3.31", "futures-core@0.3.31", "futures-util@0.3.31", "http-body@1.0.0", "http@1.3.1", "hyper@1.6.0", "ipnet@2.11.0", "libc@0.2.174", "percent-encoding@2.3.2", "pin-project-lite@0.2.12", "socket2@0.5.10", "tokio@1.48.0", "tower-service@0.3.3", "tracing@0.1.43" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "i_float@1.15.0", "Name": "i_float", "Identifier": { "PURL": "pkg:cargo/i_float@1.15.0", "UID": "1ff43a00d83b8f37", "BOMRef": "pkg:cargo/i_float@1.15.0" }, "Version": "1.15.0", "Licenses": [ "MIT" ], "DependsOn": [ "libm@0.2.6" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "i_key_sort@0.6.0", "Name": "i_key_sort", "Identifier": { "PURL": "pkg:cargo/i_key_sort@0.6.0", "UID": "f5aee61789d91178", "BOMRef": "pkg:cargo/i_key_sort@0.6.0" }, "Version": "0.6.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "i_overlay@4.0.2", "Name": "i_overlay", "Identifier": { "PURL": "pkg:cargo/i_overlay@4.0.2", "UID": "4d08f4195f1516a8", "BOMRef": "pkg:cargo/i_overlay@4.0.2" }, "Version": "4.0.2", "Licenses": [ "MIT" ], "DependsOn": [ "i_float@1.15.0", "i_key_sort@0.6.0", "i_shape@1.14.0", "i_tree@0.16.0", "rayon@1.11.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "i_shape@1.14.0", "Name": "i_shape", "Identifier": { "PURL": "pkg:cargo/i_shape@1.14.0", "UID": "ea1f558b4af64b2a", "BOMRef": "pkg:cargo/i_shape@1.14.0" }, "Version": "1.14.0", "Licenses": [ "MIT" ], "DependsOn": [ "i_float@1.15.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "i_tree@0.16.0", "Name": "i_tree", "Identifier": { "PURL": "pkg:cargo/i_tree@0.16.0", "UID": "5269f12f7ec6bce7", "BOMRef": "pkg:cargo/i_tree@0.16.0" }, "Version": "0.16.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "iana-time-zone@0.1.53", "Name": "iana-time-zone", "Identifier": { "PURL": "pkg:cargo/iana-time-zone@0.1.53", "UID": "93bf8b4e21494d56", "BOMRef": "pkg:cargo/iana-time-zone@0.1.53" }, "Version": "0.1.53", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "android_system_properties@0.1.5", "core-foundation-sys@0.8.7", "iana-time-zone-haiku@0.1.1", "js-sys@0.3.77", "wasm-bindgen@0.2.100", "winapi@0.3.9" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "iana-time-zone-haiku@0.1.1", "Name": "iana-time-zone-haiku", "Identifier": { "PURL": "pkg:cargo/iana-time-zone-haiku@0.1.1", "UID": "6069bf67acfdcf68", "BOMRef": "pkg:cargo/iana-time-zone-haiku@0.1.1" }, "Version": "0.1.1", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "cxx@1.0.85" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "icu_collections@1.5.0", "Name": "icu_collections", "Identifier": { "PURL": "pkg:cargo/icu_collections@1.5.0", "UID": "e90002e3e1594fea", "BOMRef": "pkg:cargo/icu_collections@1.5.0" }, "Version": "1.5.0", "Licenses": [ "Unicode-3.0" ], "DependsOn": [ "displaydoc@0.2.5", "yoke@0.7.4", "zerofrom@0.1.4", "zerovec@0.10.4" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "icu_locid@1.5.0", "Name": "icu_locid", "Identifier": { "PURL": "pkg:cargo/icu_locid@1.5.0", "UID": "74cf8be21e3aaeca", "BOMRef": "pkg:cargo/icu_locid@1.5.0" }, "Version": "1.5.0", "Licenses": [ "Unicode-3.0" ], "DependsOn": [ "displaydoc@0.2.5", "litemap@0.7.3", "tinystr@0.7.6", "writeable@0.5.5", "zerovec@0.10.4" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "icu_locid_transform@1.5.0", "Name": "icu_locid_transform", "Identifier": { "PURL": "pkg:cargo/icu_locid_transform@1.5.0", "UID": "f110d383bbc4770d", "BOMRef": "pkg:cargo/icu_locid_transform@1.5.0" }, "Version": "1.5.0", "Licenses": [ "Unicode-3.0" ], "DependsOn": [ "displaydoc@0.2.5", "icu_locid@1.5.0", "icu_locid_transform_data@1.5.0", "icu_provider@1.5.0", "tinystr@0.7.6", "zerovec@0.10.4" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "icu_locid_transform_data@1.5.0", "Name": "icu_locid_transform_data", "Identifier": { "PURL": "pkg:cargo/icu_locid_transform_data@1.5.0", "UID": "7b86cc8c90cd8329", "BOMRef": "pkg:cargo/icu_locid_transform_data@1.5.0" }, "Version": "1.5.0", "Licenses": [ "Unicode-3.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "icu_normalizer@1.5.0", "Name": "icu_normalizer", "Identifier": { "PURL": "pkg:cargo/icu_normalizer@1.5.0", "UID": "66d64643586d9fde", "BOMRef": "pkg:cargo/icu_normalizer@1.5.0" }, "Version": "1.5.0", "Licenses": [ "Unicode-3.0" ], "DependsOn": [ "displaydoc@0.2.5", "icu_collections@1.5.0", "icu_normalizer_data@1.5.0", "icu_properties@1.5.1", "icu_provider@1.5.0", "smallvec@1.15.1", "utf16_iter@1.0.5", "utf8_iter@1.0.4", "write16@1.0.0", "zerovec@0.10.4" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "icu_normalizer_data@1.5.0", "Name": "icu_normalizer_data", "Identifier": { "PURL": "pkg:cargo/icu_normalizer_data@1.5.0", "UID": "503c49986041fdd4", "BOMRef": "pkg:cargo/icu_normalizer_data@1.5.0" }, "Version": "1.5.0", "Licenses": [ "Unicode-3.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "icu_properties@1.5.1", "Name": "icu_properties", "Identifier": { "PURL": "pkg:cargo/icu_properties@1.5.1", "UID": "2331e8f50b1aa4a6", "BOMRef": "pkg:cargo/icu_properties@1.5.1" }, "Version": "1.5.1", "Licenses": [ "Unicode-3.0" ], "DependsOn": [ "displaydoc@0.2.5", "icu_collections@1.5.0", "icu_locid_transform@1.5.0", "icu_properties_data@1.5.0", "icu_provider@1.5.0", "tinystr@0.7.6", "zerovec@0.10.4" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "icu_properties_data@1.5.0", "Name": "icu_properties_data", "Identifier": { "PURL": "pkg:cargo/icu_properties_data@1.5.0", "UID": "6a3058d5ef5084a5", "BOMRef": "pkg:cargo/icu_properties_data@1.5.0" }, "Version": "1.5.0", "Licenses": [ "Unicode-3.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "icu_provider@1.5.0", "Name": "icu_provider", "Identifier": { "PURL": "pkg:cargo/icu_provider@1.5.0", "UID": "58d964c91cebc5cc", "BOMRef": "pkg:cargo/icu_provider@1.5.0" }, "Version": "1.5.0", "Licenses": [ "Unicode-3.0" ], "DependsOn": [ "displaydoc@0.2.5", "icu_locid@1.5.0", "icu_provider_macros@1.5.0", "stable_deref_trait@1.2.0", "tinystr@0.7.6", "writeable@0.5.5", "yoke@0.7.4", "zerofrom@0.1.4", "zerovec@0.10.4" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "icu_provider_macros@1.5.0", "Name": "icu_provider_macros", "Identifier": { "PURL": "pkg:cargo/icu_provider_macros@1.5.0", "UID": "a470487593137d2", "BOMRef": "pkg:cargo/icu_provider_macros@1.5.0" }, "Version": "1.5.0", "Licenses": [ "Unicode-3.0" ], "DependsOn": [ "proc-macro2@1.0.101", "quote@1.0.42", "syn@2.0.111" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "ident_case@1.0.1", "Name": "ident_case", "Identifier": { "PURL": "pkg:cargo/ident_case@1.0.1", "UID": "6664dc2ca5642f87", "BOMRef": "pkg:cargo/ident_case@1.0.1" }, "Version": "1.0.1", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "idna@1.1.0", "Name": "idna", "Identifier": { "PURL": "pkg:cargo/idna@1.1.0", "UID": "c31f8e587c2127af", "BOMRef": "pkg:cargo/idna@1.1.0" }, "Version": "1.1.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "idna_adapter@1.2.0", "smallvec@1.15.1", "utf8_iter@1.0.4" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "idna_adapter@1.2.0", "Name": "idna_adapter", "Identifier": { "PURL": "pkg:cargo/idna_adapter@1.2.0", "UID": "39e9f2d610c184ec", "BOMRef": "pkg:cargo/idna_adapter@1.2.0" }, "Version": "1.2.0", "Licenses": [ "Apache-2.0 OR MIT" ], "DependsOn": [ "icu_normalizer@1.5.0", "icu_properties@1.5.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "impl-more@0.1.6", "Name": "impl-more", "Identifier": { "PURL": "pkg:cargo/impl-more@0.1.6", "UID": "3cd1e8e5aef8f4b0", "BOMRef": "pkg:cargo/impl-more@0.1.6" }, "Version": "0.1.6", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "include-flate@0.3.0", "Name": "include-flate", "Identifier": { "PURL": "pkg:cargo/include-flate@0.3.0", "UID": "607fa207374a5746", "BOMRef": "pkg:cargo/include-flate@0.3.0" }, "Version": "0.3.0", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "include-flate-codegen@0.2.0", "lazy_static@1.5.0", "libflate@2.1.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "include-flate-codegen@0.2.0", "Name": "include-flate-codegen", "Identifier": { "PURL": "pkg:cargo/include-flate-codegen@0.2.0", "UID": "f9dc8f54083405c7", "BOMRef": "pkg:cargo/include-flate-codegen@0.2.0" }, "Version": "0.2.0", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "libflate@2.1.0", "proc-macro2@1.0.101", "quote@1.0.42", "syn@2.0.111" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "indexmap@1.9.2", "Name": "indexmap", "Identifier": { "PURL": "pkg:cargo/indexmap@1.9.2", "UID": "4800e223a1302015", "BOMRef": "pkg:cargo/indexmap@1.9.2" }, "Version": "1.9.2", "Licenses": [ "Apache-2.0 OR MIT" ], "DependsOn": [ "hashbrown@0.12.3", "serde@1.0.226" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "indexmap@2.11.4", "Name": "indexmap", "Identifier": { "PURL": "pkg:cargo/indexmap@2.11.4", "UID": "cf2c8ecde5750712", "BOMRef": "pkg:cargo/indexmap@2.11.4" }, "Version": "2.11.4", "Licenses": [ "Apache-2.0 OR MIT" ], "DependsOn": [ "equivalent@1.0.1", "hashbrown@0.15.2", "serde@1.0.226", "serde_core@1.0.226" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "indicatif@0.18.3", "Name": "indicatif", "Identifier": { "PURL": "pkg:cargo/indicatif@0.18.3", "UID": "e1ce8c1c40541a48", "BOMRef": "pkg:cargo/indicatif@0.18.3" }, "Version": "0.18.3", "Licenses": [ "MIT" ], "DependsOn": [ "console@0.16.0", "portable-atomic@1.11.1", "rayon@1.11.0", "unicode-width@0.2.0", "unit-prefix@0.5.1", "web-time@1.1.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "indoc@2.0.6", "Name": "indoc", "Identifier": { "PURL": "pkg:cargo/indoc@2.0.6", "UID": "1da32476bc28b0a4", "BOMRef": "pkg:cargo/indoc@2.0.6" }, "Version": "2.0.6", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "integer-encoding@4.1.0", "Name": "integer-encoding", "Identifier": { "PURL": "pkg:cargo/integer-encoding@4.1.0", "UID": "dfed68b423b02917", "BOMRef": "pkg:cargo/integer-encoding@4.1.0" }, "Version": "4.1.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "inventory@0.3.14", "Name": "inventory", "Identifier": { "PURL": "pkg:cargo/inventory@0.3.14", "UID": "556d52fdd8b6e378", "BOMRef": "pkg:cargo/inventory@0.3.14" }, "Version": "0.3.14", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "io-uring@0.7.11", "Name": "io-uring", "Identifier": { "PURL": "pkg:cargo/io-uring@0.7.11", "UID": "7a4ca64f05c90e97", "BOMRef": "pkg:cargo/io-uring@0.7.11" }, "Version": "0.7.11", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "bitflags@2.9.1", "cfg-if@1.0.0", "libc@0.2.174" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "ipnet@2.11.0", "Name": "ipnet", "Identifier": { "PURL": "pkg:cargo/ipnet@2.11.0", "UID": "5a7298385b7136dd", "BOMRef": "pkg:cargo/ipnet@2.11.0" }, "Version": "2.11.0", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "irg-kvariants@0.1.1", "Name": "irg-kvariants", "Identifier": { "PURL": "pkg:cargo/irg-kvariants@0.1.1", "UID": "5b35ff2338087220", "BOMRef": "pkg:cargo/irg-kvariants@0.1.1" }, "Version": "0.1.1", "Licenses": [ "MIT" ], "DependsOn": [ "csv@1.4.0", "once_cell@1.21.3", "serde@1.0.226" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "iri-string@0.7.8", "Name": "iri-string", "Identifier": { "PURL": "pkg:cargo/iri-string@0.7.8", "UID": "32981cf65e433f60", "BOMRef": "pkg:cargo/iri-string@0.7.8" }, "Version": "0.7.8", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "memchr@2.7.4", "serde@1.0.226" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "is_sorted@0.1.1", "Name": "is_sorted", "Identifier": { "PURL": "pkg:cargo/is_sorted@0.1.1", "UID": "45c8448a9e97d9", "BOMRef": "pkg:cargo/is_sorted@0.1.1" }, "Version": "0.1.1", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "itertools@0.10.5", "Name": "itertools", "Identifier": { "PURL": "pkg:cargo/itertools@0.10.5", "UID": "7b20edf256a8db79", "BOMRef": "pkg:cargo/itertools@0.10.5" }, "Version": "0.10.5", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "either@1.13.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "itertools@0.12.1", "Name": "itertools", "Identifier": { "PURL": "pkg:cargo/itertools@0.12.1", "UID": "48105dd6331bc413", "BOMRef": "pkg:cargo/itertools@0.12.1" }, "Version": "0.12.1", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "either@1.13.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "itertools@0.13.0", "Name": "itertools", "Identifier": { "PURL": "pkg:cargo/itertools@0.13.0", "UID": "206c6e963babad5f", "BOMRef": "pkg:cargo/itertools@0.13.0" }, "Version": "0.13.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "either@1.13.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "itertools@0.14.0", "Name": "itertools", "Identifier": { "PURL": "pkg:cargo/itertools@0.14.0", "UID": "599a57822e60eaf8", "BOMRef": "pkg:cargo/itertools@0.14.0" }, "Version": "0.14.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "either@1.13.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "itoa@1.0.5", "Name": "itoa", "Identifier": { "PURL": "pkg:cargo/itoa@1.0.5", "UID": "1a107f47d85ecbf0", "BOMRef": "pkg:cargo/itoa@1.0.5" }, "Version": "1.0.5", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "jieba-macros@0.7.1", "Name": "jieba-macros", "Identifier": { "PURL": "pkg:cargo/jieba-macros@0.7.1", "UID": "75cecef7be257ac3", "BOMRef": "pkg:cargo/jieba-macros@0.7.1" }, "Version": "0.7.1", "Licenses": [ "MIT" ], "DependsOn": [ "phf_codegen@0.11.2" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "jieba-rs@0.7.3", "Name": "jieba-rs", "Identifier": { "PURL": "pkg:cargo/jieba-rs@0.7.3", "UID": "abd803c95fb2e14d", "BOMRef": "pkg:cargo/jieba-rs@0.7.3" }, "Version": "0.7.3", "Licenses": [ "MIT" ], "DependsOn": [ "cedarwood@0.4.6", "fxhash@0.2.1", "include-flate@0.3.0", "jieba-macros@0.7.1", "lazy_static@1.5.0", "phf@0.11.2", "regex@1.11.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "jiff@0.2.15", "Name": "jiff", "Identifier": { "PURL": "pkg:cargo/jiff@0.2.15", "UID": "6eb7e6d6790eddfd", "BOMRef": "pkg:cargo/jiff@0.2.15" }, "Version": "0.2.15", "Licenses": [ "Unlicense OR MIT" ], "DependsOn": [ "jiff-static@0.2.15", "log@0.4.28", "portable-atomic-util@0.2.4", "portable-atomic@1.11.1", "serde@1.0.226" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "jiff-static@0.2.15", "Name": "jiff-static", "Identifier": { "PURL": "pkg:cargo/jiff-static@0.2.15", "UID": "384396b3dea20859", "BOMRef": "pkg:cargo/jiff-static@0.2.15" }, "Version": "0.2.15", "Licenses": [ "Unlicense OR MIT" ], "DependsOn": [ "proc-macro2@1.0.101", "quote@1.0.42", "syn@2.0.111" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "js-sys@0.3.77", "Name": "js-sys", "Identifier": { "PURL": "pkg:cargo/js-sys@0.3.77", "UID": "cd95e581f4db2eac", "BOMRef": "pkg:cargo/js-sys@0.3.77" }, "Version": "0.3.77", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "once_cell@1.21.3", "wasm-bindgen@0.2.100" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "jsonwebtoken@10.0.0", "Name": "jsonwebtoken", "Identifier": { "PURL": "pkg:cargo/jsonwebtoken@10.0.0", "UID": "621e9b2ff6a20d2f", "BOMRef": "pkg:cargo/jsonwebtoken@10.0.0" }, "Version": "10.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "base64@0.22.0", "ed25519-dalek@2.2.0", "getrandom@0.2.11", "hmac@0.12.1", "js-sys@0.3.77", "p256@0.13.2", "p384@0.13.1", "pem@3.0.3", "rand@0.8.5", "rsa@0.9.8", "serde@1.0.226", "serde_json@1.0.145", "sha2@0.10.9", "signature@2.2.0", "simple_asn1@0.6.2" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "language-tags@0.3.2", "Name": "language-tags", "Identifier": { "PURL": "pkg:cargo/language-tags@0.3.2", "UID": "e5139a36eea10d70", "BOMRef": "pkg:cargo/language-tags@0.3.2" }, "Version": "0.3.2", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "lazy_static@1.5.0", "Name": "lazy_static", "Identifier": { "PURL": "pkg:cargo/lazy_static@1.5.0", "UID": "566dd22b90731595", "BOMRef": "pkg:cargo/lazy_static@1.5.0" }, "Version": "1.5.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "spin@0.9.8" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "libc@0.2.174", "Name": "libc", "Identifier": { "PURL": "pkg:cargo/libc@0.2.174", "UID": "fe74ecba44fd7f2", "BOMRef": "pkg:cargo/libc@0.2.174" }, "Version": "0.2.174", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "libflate@1.4.0", "Name": "libflate", "Identifier": { "PURL": "pkg:cargo/libflate@1.4.0", "UID": "7ba35401b371318d", "BOMRef": "pkg:cargo/libflate@1.4.0" }, "Version": "1.4.0", "Licenses": [ "MIT" ], "DependsOn": [ "adler32@1.2.0", "crc32fast@1.3.2", "libflate_lz77@1.2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "libflate@2.1.0", "Name": "libflate", "Identifier": { "PURL": "pkg:cargo/libflate@2.1.0", "UID": "b73949bad7d5ea2c", "BOMRef": "pkg:cargo/libflate@2.1.0" }, "Version": "2.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "adler32@1.2.0", "core2@0.4.0", "crc32fast@1.3.2", "dary_heap@0.3.7", "libflate_lz77@2.1.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "libflate_lz77@1.2.0", "Name": "libflate_lz77", "Identifier": { "PURL": "pkg:cargo/libflate_lz77@1.2.0", "UID": "59c1ecf2b0285f9f", "BOMRef": "pkg:cargo/libflate_lz77@1.2.0" }, "Version": "1.2.0", "Licenses": [ "MIT" ], "DependsOn": [ "rle-decode-fast@1.0.3" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "libflate_lz77@2.1.0", "Name": "libflate_lz77", "Identifier": { "PURL": "pkg:cargo/libflate_lz77@2.1.0", "UID": "4e79f1addf90e056", "BOMRef": "pkg:cargo/libflate_lz77@2.1.0" }, "Version": "2.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "core2@0.4.0", "hashbrown@0.14.2", "rle-decode-fast@1.0.3" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "libloading@0.8.5", "Name": "libloading", "Identifier": { "PURL": "pkg:cargo/libloading@0.8.5", "UID": "d1d4fc78f72b2603", "BOMRef": "pkg:cargo/libloading@0.8.5" }, "Version": "0.8.5", "Licenses": [ "ISC" ], "DependsOn": [ "cfg-if@1.0.0", "windows-targets@0.52.6" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "libm@0.2.6", "Name": "libm", "Identifier": { "PURL": "pkg:cargo/libm@0.2.6", "UID": "4beab3a5012ab19e", "BOMRef": "pkg:cargo/libm@0.2.6" }, "Version": "0.2.6", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "librocksdb-sys@0.17.3+10.4.2", "Name": "librocksdb-sys", "Identifier": { "PURL": "pkg:cargo/librocksdb-sys@0.17.3%2B10.4.2", "UID": "2f1889442f2018d0", "BOMRef": "pkg:cargo/librocksdb-sys@0.17.3%2B10.4.2" }, "Version": "0.17.3+10.4.2", "Licenses": [ "MIT OR Apache-2.0 OR BSD-3-Clause" ], "DependsOn": [ "bzip2-sys@0.1.11+1.0.8", "libc@0.2.174", "libz-sys@1.1.8", "lz4-sys@1.11.1+lz4-1.10.0", "zstd-sys@2.0.9+zstd.1.5.5" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "libz-sys@1.1.8", "Name": "libz-sys", "Identifier": { "PURL": "pkg:cargo/libz-sys@1.1.8", "UID": "ec09e016b8fd4a9b", "BOMRef": "pkg:cargo/libz-sys@1.1.8" }, "Version": "1.1.8", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "link-cplusplus@1.0.8", "Name": "link-cplusplus", "Identifier": { "PURL": "pkg:cargo/link-cplusplus@1.0.8", "UID": "d1a7861548e8b8e8", "BOMRef": "pkg:cargo/link-cplusplus@1.0.8" }, "Version": "1.0.8", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "linux-raw-sys@0.4.14", "Name": "linux-raw-sys", "Identifier": { "PURL": "pkg:cargo/linux-raw-sys@0.4.14", "UID": "a0b894758c2f5d5c", "BOMRef": "pkg:cargo/linux-raw-sys@0.4.14" }, "Version": "0.4.14", "Licenses": [ "Apache-2.0 OR Apache-2.0 OR MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "linux-raw-sys@0.9.2", "Name": "linux-raw-sys", "Identifier": { "PURL": "pkg:cargo/linux-raw-sys@0.9.2", "UID": "cb6a26aa0d090645", "BOMRef": "pkg:cargo/linux-raw-sys@0.9.2" }, "Version": "0.9.2", "Licenses": [ "Apache-2.0 OR Apache-2.0 OR MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "litemap@0.7.3", "Name": "litemap", "Identifier": { "PURL": "pkg:cargo/litemap@0.7.3", "UID": "e07b80bbc2871ee6", "BOMRef": "pkg:cargo/litemap@0.7.3" }, "Version": "0.7.3", "Licenses": [ "Unicode-3.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "local-channel@0.1.3", "Name": "local-channel", "Identifier": { "PURL": "pkg:cargo/local-channel@0.1.3", "UID": "277c4de0f58dc960", "BOMRef": "pkg:cargo/local-channel@0.1.3" }, "Version": "0.1.3", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "futures-core@0.3.31", "futures-sink@0.3.31", "futures-util@0.3.31", "local-waker@0.1.3" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "local-waker@0.1.3", "Name": "local-waker", "Identifier": { "PURL": "pkg:cargo/local-waker@0.1.3", "UID": "d8a3ca2d96804164", "BOMRef": "pkg:cargo/local-waker@0.1.3" }, "Version": "0.1.3", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "lock_api@0.4.14", "Name": "lock_api", "Identifier": { "PURL": "pkg:cargo/lock_api@0.4.14", "UID": "84467192cf7388af", "BOMRef": "pkg:cargo/lock_api@0.4.14" }, "Version": "0.4.14", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "scopeguard@1.1.0", "serde@1.0.226" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "log@0.4.28", "Name": "log", "Identifier": { "PURL": "pkg:cargo/log@0.4.28", "UID": "f7cbab919997917d", "BOMRef": "pkg:cargo/log@0.4.28" }, "Version": "0.4.28", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "loom@0.7.1", "Name": "loom", "Identifier": { "PURL": "pkg:cargo/loom@0.7.1", "UID": "67045ca1b5e6d40b", "BOMRef": "pkg:cargo/loom@0.7.1" }, "Version": "0.7.1", "Licenses": [ "MIT" ], "DependsOn": [ "cfg-if@1.0.0", "generator@0.7.4", "scoped-tls@1.0.1", "tracing-subscriber@0.3.22", "tracing@0.1.43" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "lz4-sys@1.11.1+lz4-1.10.0", "Name": "lz4-sys", "Identifier": { "PURL": "pkg:cargo/lz4-sys@1.11.1%2Blz4-1.10.0", "UID": "618f0a8c16c823bb", "BOMRef": "pkg:cargo/lz4-sys@1.11.1%2Blz4-1.10.0" }, "Version": "1.11.1+lz4-1.10.0", "Licenses": [ "MIT" ], "DependsOn": [ "libc@0.2.174" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "lz4_flex@0.12.0", "Name": "lz4_flex", "Identifier": { "PURL": "pkg:cargo/lz4_flex@0.12.0", "UID": "8759a2cd440828c8", "BOMRef": "pkg:cargo/lz4_flex@0.12.0" }, "Version": "0.12.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "macro_rules_attribute@0.2.2", "Name": "macro_rules_attribute", "Identifier": { "PURL": "pkg:cargo/macro_rules_attribute@0.2.2", "UID": "df9f801878e8d484", "BOMRef": "pkg:cargo/macro_rules_attribute@0.2.2" }, "Version": "0.2.2", "Licenses": [ "Apache-2.0 OR MIT OR Zlib" ], "DependsOn": [ "macro_rules_attribute-proc_macro@0.2.2", "paste@1.0.11" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "macro_rules_attribute-proc_macro@0.2.2", "Name": "macro_rules_attribute-proc_macro", "Identifier": { "PURL": "pkg:cargo/macro_rules_attribute-proc_macro@0.2.2", "UID": "2e3160088cad424e", "BOMRef": "pkg:cargo/macro_rules_attribute-proc_macro@0.2.2" }, "Version": "0.2.2", "Licenses": [ "Apache-2.0 OR MIT OR Zlib" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "matchers@0.2.0", "Name": "matchers", "Identifier": { "PURL": "pkg:cargo/matchers@0.2.0", "UID": "161cdf32d8d11a8a", "BOMRef": "pkg:cargo/matchers@0.2.0" }, "Version": "0.2.0", "Licenses": [ "MIT" ], "DependsOn": [ "regex-automata@0.4.8" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "matchit@0.7.0", "Name": "matchit", "Identifier": { "PURL": "pkg:cargo/matchit@0.7.0", "UID": "21ad258592fe1fb8", "BOMRef": "pkg:cargo/matchit@0.7.0" }, "Version": "0.7.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "md-5@0.10.6", "Name": "md-5", "Identifier": { "PURL": "pkg:cargo/md-5@0.10.6", "UID": "4cbd944e3ef27b57", "BOMRef": "pkg:cargo/md-5@0.10.6" }, "Version": "0.10.6", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "cfg-if@1.0.0", "digest@0.10.7" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "memchr@2.7.4", "Name": "memchr", "Identifier": { "PURL": "pkg:cargo/memchr@2.7.4", "UID": "ff3b5845cf56c405", "BOMRef": "pkg:cargo/memchr@2.7.4" }, "Version": "2.7.4", "Licenses": [ "Unlicense OR MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "memmap2@0.9.8", "Name": "memmap2", "Identifier": { "PURL": "pkg:cargo/memmap2@0.9.8", "UID": "96d3e6ed7d0bf33f", "BOMRef": "pkg:cargo/memmap2@0.9.8" }, "Version": "0.9.8", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "libc@0.2.174" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "memoffset@0.7.1", "Name": "memoffset", "Identifier": { "PURL": "pkg:cargo/memoffset@0.7.1", "UID": "e0aa6191d4c8da64", "BOMRef": "pkg:cargo/memoffset@0.7.1" }, "Version": "0.7.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "memoffset@0.9.1", "Name": "memoffset", "Identifier": { "PURL": "pkg:cargo/memoffset@0.9.1", "UID": "c23c457555a14cad", "BOMRef": "pkg:cargo/memoffset@0.9.1" }, "Version": "0.9.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "mime@0.3.16", "Name": "mime", "Identifier": { "PURL": "pkg:cargo/mime@0.3.16", "UID": "1182c77de8cd1123", "BOMRef": "pkg:cargo/mime@0.3.16" }, "Version": "0.3.16", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "mime_guess@2.0.4", "Name": "mime_guess", "Identifier": { "PURL": "pkg:cargo/mime_guess@2.0.4", "UID": "17f17cf13f27a80b", "BOMRef": "pkg:cargo/mime_guess@2.0.4" }, "Version": "2.0.4", "Licenses": [ "MIT" ], "DependsOn": [ "mime@0.3.16", "unicase@2.6.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "minimal-lexical@0.2.1", "Name": "minimal-lexical", "Identifier": { "PURL": "pkg:cargo/minimal-lexical@0.2.1", "UID": "ea425e2fc1de589d", "BOMRef": "pkg:cargo/minimal-lexical@0.2.1" }, "Version": "0.2.1", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "miniz_oxide@0.6.2", "Name": "miniz_oxide", "Identifier": { "PURL": "pkg:cargo/miniz_oxide@0.6.2", "UID": "6091aa282d35c1e8", "BOMRef": "pkg:cargo/miniz_oxide@0.6.2" }, "Version": "0.6.2", "Licenses": [ "MIT OR Zlib OR Apache-2.0" ], "DependsOn": [ "adler@1.0.2" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "miniz_oxide@0.8.5", "Name": "miniz_oxide", "Identifier": { "PURL": "pkg:cargo/miniz_oxide@0.8.5", "UID": "25d08c18113ddeaa", "BOMRef": "pkg:cargo/miniz_oxide@0.8.5" }, "Version": "0.8.5", "Licenses": [ "MIT OR Zlib OR Apache-2.0" ], "DependsOn": [ "adler2@2.0.0", "simd-adler32@0.3.7" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "mio@1.0.1", "Name": "mio", "Identifier": { "PURL": "pkg:cargo/mio@1.0.1", "UID": "61772e3bc98a890a", "BOMRef": "pkg:cargo/mio@1.0.1" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "DependsOn": [ "hermit-abi@0.3.9", "libc@0.2.174", "log@0.4.28", "wasi@0.11.0+wasi-snapshot-preview1", "windows-sys@0.52.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "names@0.14.0", "Name": "names", "Identifier": { "PURL": "pkg:cargo/names@0.14.0", "UID": "c53adf6b4e7a380b", "BOMRef": "pkg:cargo/names@0.14.0" }, "Version": "0.14.0", "Licenses": [ "MIT" ], "DependsOn": [ "rand@0.8.5" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "nix@0.25.1", "Name": "nix", "Identifier": { "PURL": "pkg:cargo/nix@0.25.1", "UID": "6055b56c31ac799c", "BOMRef": "pkg:cargo/nix@0.25.1" }, "Version": "0.25.1", "Licenses": [ "MIT" ], "DependsOn": [ "bitflags@1.3.2", "cfg-if@1.0.0", "libc@0.2.174" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "nix@0.27.1", "Name": "nix", "Identifier": { "PURL": "pkg:cargo/nix@0.27.1", "UID": "33f97d60dad033ed", "BOMRef": "pkg:cargo/nix@0.27.1" }, "Version": "0.27.1", "Licenses": [ "MIT" ], "DependsOn": [ "bitflags@2.9.1", "cfg-if@1.0.0", "libc@0.2.174" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "nix@0.29.0", "Name": "nix", "Identifier": { "PURL": "pkg:cargo/nix@0.29.0", "UID": "2c78ef22062400be", "BOMRef": "pkg:cargo/nix@0.29.0" }, "Version": "0.29.0", "Licenses": [ "MIT" ], "DependsOn": [ "bitflags@2.9.1", "cfg-if@1.0.0", "libc@0.2.174" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "nodrop@0.1.14", "Name": "nodrop", "Identifier": { "PURL": "pkg:cargo/nodrop@0.1.14", "UID": "dfd4206fd5cfa3f7", "BOMRef": "pkg:cargo/nodrop@0.1.14" }, "Version": "0.1.14", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "nom@7.1.3", "Name": "nom", "Identifier": { "PURL": "pkg:cargo/nom@7.1.3", "UID": "c055ee148a66512e", "BOMRef": "pkg:cargo/nom@7.1.3" }, "Version": "7.1.3", "Licenses": [ "MIT" ], "DependsOn": [ "memchr@2.7.4", "minimal-lexical@0.2.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "nom@8.0.0", "Name": "nom", "Identifier": { "PURL": "pkg:cargo/nom@8.0.0", "UID": "516c26f3517b737e", "BOMRef": "pkg:cargo/nom@8.0.0" }, "Version": "8.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "memchr@2.7.4" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "ntapi@0.4.1", "Name": "ntapi", "Identifier": { "PURL": "pkg:cargo/ntapi@0.4.1", "UID": "f6e3b5d4253749e9", "BOMRef": "pkg:cargo/ntapi@0.4.1" }, "Version": "0.4.1", "Licenses": [ "Apache-2.0 OR MIT" ], "DependsOn": [ "winapi@0.3.9" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "nu-ansi-term@0.50.1", "Name": "nu-ansi-term", "Identifier": { "PURL": "pkg:cargo/nu-ansi-term@0.50.1", "UID": "ba61e21f3f9350fc", "BOMRef": "pkg:cargo/nu-ansi-term@0.50.1" }, "Version": "0.50.1", "Licenses": [ "MIT" ], "DependsOn": [ "windows-sys@0.52.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "num-bigint@0.4.4", "Name": "num-bigint", "Identifier": { "PURL": "pkg:cargo/num-bigint@0.4.4", "UID": "189eea589250b45d", "BOMRef": "pkg:cargo/num-bigint@0.4.4" }, "Version": "0.4.4", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "num-integer@0.1.46", "num-traits@0.2.19" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "num-bigint-dig@0.8.4", "Name": "num-bigint-dig", "Identifier": { "PURL": "pkg:cargo/num-bigint-dig@0.8.4", "UID": "1723dd273a8e5419", "BOMRef": "pkg:cargo/num-bigint-dig@0.8.4" }, "Version": "0.8.4", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "byteorder@1.5.0", "lazy_static@1.5.0", "libm@0.2.6", "num-integer@0.1.46", "num-iter@0.1.45", "num-traits@0.2.19", "rand@0.8.5", "smallvec@1.15.1", "zeroize@1.8.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "num-cmp@0.1.0", "Name": "num-cmp", "Identifier": { "PURL": "pkg:cargo/num-cmp@0.1.0", "UID": "5ed6a92b54bfc35b", "BOMRef": "pkg:cargo/num-cmp@0.1.0" }, "Version": "0.1.0", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "num-derive@0.4.2", "Name": "num-derive", "Identifier": { "PURL": "pkg:cargo/num-derive@0.4.2", "UID": "1809ddad09f633fe", "BOMRef": "pkg:cargo/num-derive@0.4.2" }, "Version": "0.4.2", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "proc-macro2@1.0.101", "quote@1.0.42", "syn@2.0.111" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "num-integer@0.1.46", "Name": "num-integer", "Identifier": { "PURL": "pkg:cargo/num-integer@0.1.46", "UID": "e270d4b41fc26df1", "BOMRef": "pkg:cargo/num-integer@0.1.46" }, "Version": "0.1.46", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "num-traits@0.2.19" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "num-iter@0.1.45", "Name": "num-iter", "Identifier": { "PURL": "pkg:cargo/num-iter@0.1.45", "UID": "ea63a1763b49c5", "BOMRef": "pkg:cargo/num-iter@0.1.45" }, "Version": "0.1.45", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "num-integer@0.1.46", "num-traits@0.2.19" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "num-traits@0.2.19", "Name": "num-traits", "Identifier": { "PURL": "pkg:cargo/num-traits@0.2.19", "UID": "73fcfb874da3f3a", "BOMRef": "pkg:cargo/num-traits@0.2.19" }, "Version": "0.2.19", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "libm@0.2.6" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "num_cpus@1.17.0", "Name": "num_cpus", "Identifier": { "PURL": "pkg:cargo/num_cpus@1.17.0", "UID": "35f0c5c0740b048a", "BOMRef": "pkg:cargo/num_cpus@1.17.0" }, "Version": "1.17.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "hermit-abi@0.5.1", "libc@0.2.174" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "objc2-core-foundation@0.3.1", "Name": "objc2-core-foundation", "Identifier": { "PURL": "pkg:cargo/objc2-core-foundation@0.3.1", "UID": "4dcc7999be93e667", "BOMRef": "pkg:cargo/objc2-core-foundation@0.3.1" }, "Version": "0.3.1", "Licenses": [ "Zlib OR Apache-2.0 OR MIT" ], "DependsOn": [ "bitflags@2.9.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "objc2-io-kit@0.3.1", "Name": "objc2-io-kit", "Identifier": { "PURL": "pkg:cargo/objc2-io-kit@0.3.1", "UID": "5ac12a4edbb46701", "BOMRef": "pkg:cargo/objc2-io-kit@0.3.1" }, "Version": "0.3.1", "Licenses": [ "Zlib OR Apache-2.0 OR MIT" ], "DependsOn": [ "libc@0.2.174", "objc2-core-foundation@0.3.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "object@0.30.0", "Name": "object", "Identifier": { "PURL": "pkg:cargo/object@0.30.0", "UID": "c58d86a72f7b3d27", "BOMRef": "pkg:cargo/object@0.30.0" }, "Version": "0.30.0", "Licenses": [ "Apache-2.0 OR MIT" ], "DependsOn": [ "memchr@2.7.4" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "object_store@0.12.4", "Name": "object_store", "Identifier": { "PURL": "pkg:cargo/object_store@0.12.4", "UID": "a97d7995ba967fd6", "BOMRef": "pkg:cargo/object_store@0.12.4" }, "Version": "0.12.4", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "async-trait@0.1.89", "base64@0.22.0", "bytes@1.10.1", "chrono@0.4.42", "form_urlencoded@1.2.2", "futures@0.3.31", "http-body-util@0.1.2", "http@1.3.1", "humantime@2.3.0", "hyper@1.6.0", "itertools@0.14.0", "md-5@0.10.6", "parking_lot@0.12.5", "percent-encoding@2.3.2", "quick-xml@0.38.0", "rand@0.9.2", "reqwest@0.12.24", "ring@0.17.13", "serde@1.0.226", "serde_json@1.0.145", "serde_urlencoded@0.7.1", "thiserror@2.0.17", "tokio@1.48.0", "tracing@0.1.43", "url@2.5.7", "walkdir@2.5.0", "wasm-bindgen-futures@0.4.42", "web-time@1.1.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "once_cell@1.21.3", "Name": "once_cell", "Identifier": { "PURL": "pkg:cargo/once_cell@1.21.3", "UID": "2f3d1511c5ad7d82", "BOMRef": "pkg:cargo/once_cell@1.21.3" }, "Version": "1.21.3", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "openssl-probe@0.1.5", "Name": "openssl-probe", "Identifier": { "PURL": "pkg:cargo/openssl-probe@0.1.5", "UID": "c4a03a5b03a82dd0", "BOMRef": "pkg:cargo/openssl-probe@0.1.5" }, "Version": "0.1.5", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "ordered-float@2.10.1", "Name": "ordered-float", "Identifier": { "PURL": "pkg:cargo/ordered-float@2.10.1", "UID": "cce7e40c8716707b", "BOMRef": "pkg:cargo/ordered-float@2.10.1" }, "Version": "2.10.1", "Licenses": [ "MIT" ], "DependsOn": [ "num-traits@0.2.19" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "ordered-float@5.1.0", "Name": "ordered-float", "Identifier": { "PURL": "pkg:cargo/ordered-float@5.1.0", "UID": "87cd11eb35bc0668", "BOMRef": "pkg:cargo/ordered-float@5.1.0" }, "Version": "5.1.0", "Licenses": [ "MIT" ], "DependsOn": [ "num-traits@0.2.19", "rand@0.8.5", "schemars@0.8.22", "serde@1.0.226" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "p256@0.13.2", "Name": "p256", "Identifier": { "PURL": "pkg:cargo/p256@0.13.2", "UID": "90320dea531b8ff2", "BOMRef": "pkg:cargo/p256@0.13.2" }, "Version": "0.13.2", "Licenses": [ "Apache-2.0 OR MIT" ], "DependsOn": [ "ecdsa@0.16.9", "elliptic-curve@0.13.8", "primeorder@0.13.6", "sha2@0.10.9" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "p384@0.13.1", "Name": "p384", "Identifier": { "PURL": "pkg:cargo/p384@0.13.1", "UID": "902630dd47d1801a", "BOMRef": "pkg:cargo/p384@0.13.1" }, "Version": "0.13.1", "Licenses": [ "Apache-2.0 OR MIT" ], "DependsOn": [ "ecdsa@0.16.9", "elliptic-curve@0.13.8", "primeorder@0.13.6", "sha2@0.10.9" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "parking_lot@0.12.5", "Name": "parking_lot", "Identifier": { "PURL": "pkg:cargo/parking_lot@0.12.5", "UID": "d132bf90522e9ac3", "BOMRef": "pkg:cargo/parking_lot@0.12.5" }, "Version": "0.12.5", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "lock_api@0.4.14", "parking_lot_core@0.9.12" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "parking_lot_core@0.9.12", "Name": "parking_lot_core", "Identifier": { "PURL": "pkg:cargo/parking_lot_core@0.9.12", "UID": "b18c69ad7a3b79e", "BOMRef": "pkg:cargo/parking_lot_core@0.9.12" }, "Version": "0.9.12", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "backtrace@0.3.67", "cfg-if@1.0.0", "libc@0.2.174", "petgraph@0.6.2", "redox_syscall@0.5.12", "smallvec@1.15.1", "windows-link@0.2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "parse-size@1.0.0", "Name": "parse-size", "Identifier": { "PURL": "pkg:cargo/parse-size@1.0.0", "UID": "a7e7e11a21e44756", "BOMRef": "pkg:cargo/parse-size@1.0.0" }, "Version": "1.0.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "paste@1.0.11", "Name": "paste", "Identifier": { "PURL": "pkg:cargo/paste@1.0.11", "UID": "fe515462c29320d0", "BOMRef": "pkg:cargo/paste@1.0.11" }, "Version": "1.0.11", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "path_facts@0.2.1", "Name": "path_facts", "Identifier": { "PURL": "pkg:cargo/path_facts@0.2.1", "UID": "3d2ddbcb74ccaff7", "BOMRef": "pkg:cargo/path_facts@0.2.1" }, "Version": "0.2.1", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "faccess@0.2.4" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "pathdiff@0.2.3", "Name": "pathdiff", "Identifier": { "PURL": "pkg:cargo/pathdiff@0.2.3", "UID": "5f8da916667d1687", "BOMRef": "pkg:cargo/pathdiff@0.2.3" }, "Version": "0.2.3", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "pem@3.0.3", "Name": "pem", "Identifier": { "PURL": "pkg:cargo/pem@3.0.3", "UID": "bf2f926867661460", "BOMRef": "pkg:cargo/pem@3.0.3" }, "Version": "3.0.3", "Licenses": [ "MIT" ], "DependsOn": [ "base64@0.21.0", "serde@1.0.226" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "pem-rfc7468@0.7.0", "Name": "pem-rfc7468", "Identifier": { "PURL": "pkg:cargo/pem-rfc7468@0.7.0", "UID": "ba129453eb031c59", "BOMRef": "pkg:cargo/pem-rfc7468@0.7.0" }, "Version": "0.7.0", "Licenses": [ "Apache-2.0 OR MIT" ], "DependsOn": [ "base64ct@1.8.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "percent-encoding@2.3.2", "Name": "percent-encoding", "Identifier": { "PURL": "pkg:cargo/percent-encoding@2.3.2", "UID": "62b161b73b334e05", "BOMRef": "pkg:cargo/percent-encoding@2.3.2" }, "Version": "2.3.2", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "permutation_iterator@0.1.2", "Name": "permutation_iterator", "Identifier": { "PURL": "pkg:cargo/permutation_iterator@0.1.2", "UID": "9e4d313ae435f37f", "BOMRef": "pkg:cargo/permutation_iterator@0.1.2" }, "Version": "0.1.2", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "blake2-rfc@0.2.18", "rand@0.7.3" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "petgraph@0.6.2", "Name": "petgraph", "Identifier": { "PURL": "pkg:cargo/petgraph@0.6.2", "UID": "3653cc33dc746363", "BOMRef": "pkg:cargo/petgraph@0.6.2" }, "Version": "0.6.2", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "fixedbitset@0.4.2", "indexmap@1.9.2" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "ph@0.8.5", "Name": "ph", "Identifier": { "PURL": "pkg:cargo/ph@0.8.5", "UID": "754e088cc193d22", "BOMRef": "pkg:cargo/ph@0.8.5" }, "Version": "0.8.5", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "aligned-vec@0.6.1", "binout@0.2.1", "bitm@0.4.2", "dyn_size_of@0.4.2", "rayon@1.11.0", "seedable_hash@0.1.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "phf@0.11.2", "Name": "phf", "Identifier": { "PURL": "pkg:cargo/phf@0.11.2", "UID": "74caf375efd9c12a", "BOMRef": "pkg:cargo/phf@0.11.2" }, "Version": "0.11.2", "Licenses": [ "MIT" ], "DependsOn": [ "phf_shared@0.11.2" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "phf_codegen@0.11.2", "Name": "phf_codegen", "Identifier": { "PURL": "pkg:cargo/phf_codegen@0.11.2", "UID": "4b8e05563a3d0ab1", "BOMRef": "pkg:cargo/phf_codegen@0.11.2" }, "Version": "0.11.2", "Licenses": [ "MIT" ], "DependsOn": [ "phf_generator@0.11.2", "phf_shared@0.11.2" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "phf_generator@0.11.2", "Name": "phf_generator", "Identifier": { "PURL": "pkg:cargo/phf_generator@0.11.2", "UID": "34637ce353f076f5", "BOMRef": "pkg:cargo/phf_generator@0.11.2" }, "Version": "0.11.2", "Licenses": [ "MIT" ], "DependsOn": [ "phf_shared@0.11.2", "rand@0.8.5" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "phf_shared@0.11.2", "Name": "phf_shared", "Identifier": { "PURL": "pkg:cargo/phf_shared@0.11.2", "UID": "53d099665860a041", "BOMRef": "pkg:cargo/phf_shared@0.11.2" }, "Version": "0.11.2", "Licenses": [ "MIT" ], "DependsOn": [ "siphasher@0.3.10" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "pin-project@1.0.12", "Name": "pin-project", "Identifier": { "PURL": "pkg:cargo/pin-project@1.0.12", "UID": "20a673b3f38acacd", "BOMRef": "pkg:cargo/pin-project@1.0.12" }, "Version": "1.0.12", "Licenses": [ "Apache-2.0 OR MIT" ], "DependsOn": [ "pin-project-internal@1.0.12" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "pin-project-internal@1.0.12", "Name": "pin-project-internal", "Identifier": { "PURL": "pkg:cargo/pin-project-internal@1.0.12", "UID": "f1425ec717e52560", "BOMRef": "pkg:cargo/pin-project-internal@1.0.12" }, "Version": "1.0.12", "Licenses": [ "Apache-2.0 OR MIT" ], "DependsOn": [ "proc-macro2@1.0.101", "quote@1.0.42", "syn@1.0.107" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "pin-project-lite@0.2.12", "Name": "pin-project-lite", "Identifier": { "PURL": "pkg:cargo/pin-project-lite@0.2.12", "UID": "57a331861b65cbf5", "BOMRef": "pkg:cargo/pin-project-lite@0.2.12" }, "Version": "0.2.12", "Licenses": [ "Apache-2.0 OR MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "pin-utils@0.1.0", "Name": "pin-utils", "Identifier": { "PURL": "pkg:cargo/pin-utils@0.1.0", "UID": "c703fc82ced780dc", "BOMRef": "pkg:cargo/pin-utils@0.1.0" }, "Version": "0.1.0", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "pkcs1@0.7.5", "Name": "pkcs1", "Identifier": { "PURL": "pkg:cargo/pkcs1@0.7.5", "UID": "9ff19b88211c5db7", "BOMRef": "pkg:cargo/pkcs1@0.7.5" }, "Version": "0.7.5", "Licenses": [ "Apache-2.0 OR MIT" ], "DependsOn": [ "der@0.7.10", "pkcs8@0.10.2", "spki@0.7.3" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "pkcs8@0.10.2", "Name": "pkcs8", "Identifier": { "PURL": "pkg:cargo/pkcs8@0.10.2", "UID": "cf0c86951cd1747d", "BOMRef": "pkg:cargo/pkcs8@0.10.2" }, "Version": "0.10.2", "Licenses": [ "Apache-2.0 OR MIT" ], "DependsOn": [ "der@0.7.10", "spki@0.7.3" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "portable-atomic@1.11.1", "Name": "portable-atomic", "Identifier": { "PURL": "pkg:cargo/portable-atomic@1.11.1", "UID": "5989ed458ff1f385", "BOMRef": "pkg:cargo/portable-atomic@1.11.1" }, "Version": "1.11.1", "Licenses": [ "Apache-2.0 OR MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "portable-atomic-util@0.2.4", "Name": "portable-atomic-util", "Identifier": { "PURL": "pkg:cargo/portable-atomic-util@0.2.4", "UID": "4061c3b3b1c461a9", "BOMRef": "pkg:cargo/portable-atomic-util@0.2.4" }, "Version": "0.2.4", "Licenses": [ "Apache-2.0 OR MIT" ], "DependsOn": [ "portable-atomic@1.11.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "pprof2@0.13.1", "Name": "pprof2", "Identifier": { "PURL": "pkg:cargo/pprof2@0.13.1", "UID": "9cf237b2755e138f", "BOMRef": "pkg:cargo/pprof2@0.13.1" }, "Version": "0.13.1", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "backtrace@0.3.67", "cfg-if@1.0.0", "findshlibs@0.10.2", "libc@0.2.174", "log@0.4.28", "nix@0.27.1", "once_cell@1.21.3", "parking_lot@0.12.5", "smallvec@1.15.1", "symbolic-demangle@12.12.3", "tempfile@3.23.0", "thiserror@2.0.17" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "ppv-lite86@0.2.17", "Name": "ppv-lite86", "Identifier": { "PURL": "pkg:cargo/ppv-lite86@0.2.17", "UID": "d45ae46c1fc9ec22", "BOMRef": "pkg:cargo/ppv-lite86@0.2.17" }, "Version": "0.2.17", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "presser@0.3.1", "Name": "presser", "Identifier": { "PURL": "pkg:cargo/presser@0.3.1", "UID": "46d88570d863a8a", "BOMRef": "pkg:cargo/presser@0.3.1" }, "Version": "0.3.1", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "primeorder@0.13.6", "Name": "primeorder", "Identifier": { "PURL": "pkg:cargo/primeorder@0.13.6", "UID": "45331b956e61e7d7", "BOMRef": "pkg:cargo/primeorder@0.13.6" }, "Version": "0.13.6", "Licenses": [ "Apache-2.0 OR MIT" ], "DependsOn": [ "elliptic-curve@0.13.8" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "proc-macro-error@1.0.4", "Name": "proc-macro-error", "Identifier": { "PURL": "pkg:cargo/proc-macro-error@1.0.4", "UID": "b2f51d168b19e12", "BOMRef": "pkg:cargo/proc-macro-error@1.0.4" }, "Version": "1.0.4", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "proc-macro-error-attr@1.0.4", "proc-macro2@1.0.101", "quote@1.0.42", "syn@1.0.107" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "proc-macro-error-attr@1.0.4", "Name": "proc-macro-error-attr", "Identifier": { "PURL": "pkg:cargo/proc-macro-error-attr@1.0.4", "UID": "87f8bc87731bc7f0", "BOMRef": "pkg:cargo/proc-macro-error-attr@1.0.4" }, "Version": "1.0.4", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "proc-macro2@1.0.101", "quote@1.0.42" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "proc-macro-error-attr2@2.0.0", "Name": "proc-macro-error-attr2", "Identifier": { "PURL": "pkg:cargo/proc-macro-error-attr2@2.0.0", "UID": "f6012834d65d93d2", "BOMRef": "pkg:cargo/proc-macro-error-attr2@2.0.0" }, "Version": "2.0.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "proc-macro2@1.0.101", "quote@1.0.42" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "proc-macro-error2@2.0.1", "Name": "proc-macro-error2", "Identifier": { "PURL": "pkg:cargo/proc-macro-error2@2.0.1", "UID": "8ab9a173b7cdc73c", "BOMRef": "pkg:cargo/proc-macro-error2@2.0.1" }, "Version": "2.0.1", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "proc-macro-error-attr2@2.0.0", "proc-macro2@1.0.101", "quote@1.0.42", "syn@2.0.111" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "proc-macro2@1.0.101", "Name": "proc-macro2", "Identifier": { "PURL": "pkg:cargo/proc-macro2@1.0.101", "UID": "8dbdc8cc58adde56", "BOMRef": "pkg:cargo/proc-macro2@1.0.101" }, "Version": "1.0.101", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "unicode-ident@1.0.13" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "procfs@0.18.0", "Name": "procfs", "Identifier": { "PURL": "pkg:cargo/procfs@0.18.0", "UID": "70fe6d60b871bcde", "BOMRef": "pkg:cargo/procfs@0.18.0" }, "Version": "0.18.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "bitflags@2.9.1", "procfs-core@0.18.0", "rustix@1.0.2" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "procfs-core@0.18.0", "Name": "procfs-core", "Identifier": { "PURL": "pkg:cargo/procfs-core@0.18.0", "UID": "974fbad10f2cd8a6", "BOMRef": "pkg:cargo/procfs-core@0.18.0" }, "Version": "0.18.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "bitflags@2.9.1", "hex@0.4.3" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "prometheus@0.14.0", "Name": "prometheus", "Identifier": { "PURL": "pkg:cargo/prometheus@0.14.0", "UID": "aa918eeb116ab4a2", "BOMRef": "pkg:cargo/prometheus@0.14.0" }, "Version": "0.14.0", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "cfg-if@1.0.0", "fnv@1.0.7", "lazy_static@1.5.0", "memchr@2.7.4", "parking_lot@0.12.5", "thiserror@2.0.17" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "prost@0.11.9", "Name": "prost", "Identifier": { "PURL": "pkg:cargo/prost@0.11.9", "UID": "3c66534ec219e6f4", "BOMRef": "pkg:cargo/prost@0.11.9" }, "Version": "0.11.9", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "bytes@1.10.1", "prost-derive@0.11.9" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "prost@0.12.6", "Name": "prost", "Identifier": { "PURL": "pkg:cargo/prost@0.12.6", "UID": "74b0695f1515a758", "BOMRef": "pkg:cargo/prost@0.12.6" }, "Version": "0.12.6", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "bytes@1.10.1", "prost-derive@0.12.6" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "prost@0.13.1", "Name": "prost", "Identifier": { "PURL": "pkg:cargo/prost@0.13.1", "UID": "ce16a190ac1667b", "BOMRef": "pkg:cargo/prost@0.13.1" }, "Version": "0.13.1", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "bytes@1.10.1", "prost-derive@0.13.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "prost-derive@0.11.9", "Name": "prost-derive", "Identifier": { "PURL": "pkg:cargo/prost-derive@0.11.9", "UID": "404f37d8cb6c9b7e", "BOMRef": "pkg:cargo/prost-derive@0.11.9" }, "Version": "0.11.9", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "anyhow@1.0.100", "itertools@0.10.5", "proc-macro2@1.0.101", "quote@1.0.42", "syn@1.0.107" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "prost-derive@0.12.6", "Name": "prost-derive", "Identifier": { "PURL": "pkg:cargo/prost-derive@0.12.6", "UID": "abad3ade76769109", "BOMRef": "pkg:cargo/prost-derive@0.12.6" }, "Version": "0.12.6", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "anyhow@1.0.100", "itertools@0.12.1", "proc-macro2@1.0.101", "quote@1.0.42", "syn@2.0.111" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "prost-derive@0.13.1", "Name": "prost-derive", "Identifier": { "PURL": "pkg:cargo/prost-derive@0.13.1", "UID": "654e731b477e3c5e", "BOMRef": "pkg:cargo/prost-derive@0.13.1" }, "Version": "0.13.1", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "anyhow@1.0.100", "itertools@0.13.0", "proc-macro2@1.0.101", "quote@1.0.42", "syn@2.0.111" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "prost-types@0.12.6", "Name": "prost-types", "Identifier": { "PURL": "pkg:cargo/prost-types@0.12.6", "UID": "e0e9281605c28106", "BOMRef": "pkg:cargo/prost-types@0.12.6" }, "Version": "0.12.6", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "prost@0.12.6" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "prost-types@0.13.1", "Name": "prost-types", "Identifier": { "PURL": "pkg:cargo/prost-types@0.13.1", "UID": "266a1de930543d45", "BOMRef": "pkg:cargo/prost-types@0.13.1" }, "Version": "0.13.1", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "prost@0.13.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "prost-wkt@0.5.1", "Name": "prost-wkt", "Identifier": { "PURL": "pkg:cargo/prost-wkt@0.5.1", "UID": "828fa83a6e6a8447", "BOMRef": "pkg:cargo/prost-wkt@0.5.1" }, "Version": "0.5.1", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "chrono@0.4.42", "inventory@0.3.14", "prost@0.12.6", "serde@1.0.226", "serde_derive@1.0.226", "serde_json@1.0.145", "typetag@0.2.15" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "prost-wkt-types@0.5.1", "Name": "prost-wkt-types", "Identifier": { "PURL": "pkg:cargo/prost-wkt-types@0.5.1", "UID": "27f8767d86d1eeaf", "BOMRef": "pkg:cargo/prost-wkt-types@0.5.1" }, "Version": "0.5.1", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "chrono@0.4.42", "prost-wkt@0.5.1", "prost@0.12.6", "serde@1.0.226", "serde_derive@1.0.226", "serde_json@1.0.145" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "protobuf@2.28.0", "Name": "protobuf", "Identifier": { "PURL": "pkg:cargo/protobuf@2.28.0", "UID": "b3442da4ac268dfe", "BOMRef": "pkg:cargo/protobuf@2.28.0" }, "Version": "2.28.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "pyo3@0.27.1", "Name": "pyo3", "Identifier": { "PURL": "pkg:cargo/pyo3@0.27.1", "UID": "91bb5ecbd3382110", "BOMRef": "pkg:cargo/pyo3@0.27.1" }, "Version": "0.27.1", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "indoc@2.0.6", "libc@0.2.174", "memoffset@0.9.1", "once_cell@1.21.3", "portable-atomic@1.11.1", "pyo3-ffi@0.27.1", "pyo3-macros@0.27.1", "unindent@0.2.4", "uuid@1.18.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "pyo3-build-config@0.27.1", "Name": "pyo3-build-config", "Identifier": { "PURL": "pkg:cargo/pyo3-build-config@0.27.1", "UID": "44da7251866bc827", "BOMRef": "pkg:cargo/pyo3-build-config@0.27.1" }, "Version": "0.27.1", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "target-lexicon@0.13.3" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "pyo3-ffi@0.27.1", "Name": "pyo3-ffi", "Identifier": { "PURL": "pkg:cargo/pyo3-ffi@0.27.1", "UID": "367dfd532595c5ae", "BOMRef": "pkg:cargo/pyo3-ffi@0.27.1" }, "Version": "0.27.1", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "libc@0.2.174" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "pyo3-macros@0.27.1", "Name": "pyo3-macros", "Identifier": { "PURL": "pkg:cargo/pyo3-macros@0.27.1", "UID": "7a2c00c294b9476f", "BOMRef": "pkg:cargo/pyo3-macros@0.27.1" }, "Version": "0.27.1", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "proc-macro2@1.0.101", "pyo3-macros-backend@0.27.1", "quote@1.0.42", "syn@2.0.111" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "pyo3-macros-backend@0.27.1", "Name": "pyo3-macros-backend", "Identifier": { "PURL": "pkg:cargo/pyo3-macros-backend@0.27.1", "UID": "393f1cf7a879e666", "BOMRef": "pkg:cargo/pyo3-macros-backend@0.27.1" }, "Version": "0.27.1", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "heck@0.5.0", "proc-macro2@1.0.101", "pyo3-build-config@0.27.1", "quote@1.0.42", "syn@2.0.111" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "pyroscope@0.5.8", "Name": "pyroscope", "Identifier": { "PURL": "pkg:cargo/pyroscope@0.5.8", "UID": "25dcd88d7d87fe1d", "BOMRef": "pkg:cargo/pyroscope@0.5.8" }, "Version": "0.5.8", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "libc@0.2.174", "libflate@1.4.0", "log@0.4.28", "names@0.14.0", "prost@0.11.9", "reqwest@0.12.24", "serde_json@1.0.145", "thiserror@1.0.69", "url@2.5.7", "winapi@0.3.9" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "pyroscope_pprofrs@0.2.10", "Name": "pyroscope_pprofrs", "Identifier": { "PURL": "pkg:cargo/pyroscope_pprofrs@0.2.10", "UID": "25fe615d472079d", "BOMRef": "pkg:cargo/pyroscope_pprofrs@0.2.10" }, "Version": "0.2.10", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "log@0.4.28", "pprof2@0.13.1", "pyroscope@0.5.8" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "quick-xml@0.38.0", "Name": "quick-xml", "Identifier": { "PURL": "pkg:cargo/quick-xml@0.38.0", "UID": "73c800627303bf50", "BOMRef": "pkg:cargo/quick-xml@0.38.0" }, "Version": "0.38.0", "Licenses": [ "MIT" ], "DependsOn": [ "memchr@2.7.4", "serde@1.0.226" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "quinn@0.11.2", "Name": "quinn", "Identifier": { "PURL": "pkg:cargo/quinn@0.11.2", "UID": "31e0a705db2a3423", "BOMRef": "pkg:cargo/quinn@0.11.2" }, "Version": "0.11.2", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "bytes@1.10.1", "pin-project-lite@0.2.12", "quinn-proto@0.11.8", "quinn-udp@0.5.2", "rustc-hash@1.1.0", "rustls@0.23.35", "thiserror@1.0.69", "tokio@1.48.0", "tracing@0.1.43" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "quinn-proto@0.11.8", "Name": "quinn-proto", "Identifier": { "PURL": "pkg:cargo/quinn-proto@0.11.8", "UID": "d68224646810d28d", "BOMRef": "pkg:cargo/quinn-proto@0.11.8" }, "Version": "0.11.8", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "bytes@1.10.1", "rand@0.8.5", "ring@0.17.13", "rustc-hash@2.1.1", "rustls@0.23.35", "slab@0.4.11", "thiserror@1.0.69", "tinyvec@1.10.0", "tracing@0.1.43" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "quinn-udp@0.5.2", "Name": "quinn-udp", "Identifier": { "PURL": "pkg:cargo/quinn-udp@0.5.2", "UID": "5b5d8bd462f4bec5", "BOMRef": "pkg:cargo/quinn-udp@0.5.2" }, "Version": "0.5.2", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "libc@0.2.174", "once_cell@1.21.3", "socket2@0.5.10", "tracing@0.1.43", "windows-sys@0.52.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "quote@1.0.42", "Name": "quote", "Identifier": { "PURL": "pkg:cargo/quote@1.0.42", "UID": "df7a34fcc73610fe", "BOMRef": "pkg:cargo/quote@1.0.42" }, "Version": "1.0.42", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "proc-macro2@1.0.101" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "radium@0.7.0", "Name": "radium", "Identifier": { "PURL": "pkg:cargo/radium@0.7.0", "UID": "32cb369bb2f8bcb6", "BOMRef": "pkg:cargo/radium@0.7.0" }, "Version": "0.7.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "raft@0.7.0", "Name": "raft", "Identifier": { "PURL": "pkg:cargo/raft@0.7.0", "UID": "cd6c8bc22a8d55b4", "BOMRef": "pkg:cargo/raft@0.7.0" }, "Version": "0.7.0", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "fxhash@0.2.1", "getset@0.1.2", "protobuf@2.28.0", "raft-proto@0.7.0", "rand@0.8.5", "slog@2.8.2", "thiserror@1.0.69" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "raft-proto@0.7.0", "Name": "raft-proto", "Identifier": { "PURL": "pkg:cargo/raft-proto@0.7.0", "UID": "39c130ff7a4f7b0c", "BOMRef": "pkg:cargo/raft-proto@0.7.0" }, "Version": "0.7.0", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "lazy_static@1.5.0", "prost@0.11.9", "protobuf@2.28.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "rand@0.7.3", "Name": "rand", "Identifier": { "PURL": "pkg:cargo/rand@0.7.3", "UID": "ca1004f80d67546f", "BOMRef": "pkg:cargo/rand@0.7.3" }, "Version": "0.7.3", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "getrandom@0.1.16", "libc@0.2.174", "rand_chacha@0.2.2", "rand_core@0.5.1", "rand_hc@0.2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "rand@0.8.5", "Name": "rand", "Identifier": { "PURL": "pkg:cargo/rand@0.8.5", "UID": "cc4980a3602173cd", "BOMRef": "pkg:cargo/rand@0.8.5" }, "Version": "0.8.5", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "libc@0.2.174", "rand_chacha@0.3.1", "rand_core@0.6.4", "serde@1.0.226" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "rand@0.9.2", "Name": "rand", "Identifier": { "PURL": "pkg:cargo/rand@0.9.2", "UID": "ef937a8a6ff04fa6", "BOMRef": "pkg:cargo/rand@0.9.2" }, "Version": "0.9.2", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "rand_chacha@0.9.0", "rand_core@0.9.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "rand_chacha@0.2.2", "Name": "rand_chacha", "Identifier": { "PURL": "pkg:cargo/rand_chacha@0.2.2", "UID": "309a90964b69cfd5", "BOMRef": "pkg:cargo/rand_chacha@0.2.2" }, "Version": "0.2.2", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "ppv-lite86@0.2.17", "rand_core@0.5.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "rand_chacha@0.3.1", "Name": "rand_chacha", "Identifier": { "PURL": "pkg:cargo/rand_chacha@0.3.1", "UID": "c7b27677379e3c3e", "BOMRef": "pkg:cargo/rand_chacha@0.3.1" }, "Version": "0.3.1", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "ppv-lite86@0.2.17", "rand_core@0.6.4" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "rand_chacha@0.9.0", "Name": "rand_chacha", "Identifier": { "PURL": "pkg:cargo/rand_chacha@0.9.0", "UID": "5e3c908bcb6f2fb2", "BOMRef": "pkg:cargo/rand_chacha@0.9.0" }, "Version": "0.9.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "ppv-lite86@0.2.17", "rand_core@0.9.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "rand_core@0.5.1", "Name": "rand_core", "Identifier": { "PURL": "pkg:cargo/rand_core@0.5.1", "UID": "eb0af0549ac85410", "BOMRef": "pkg:cargo/rand_core@0.5.1" }, "Version": "0.5.1", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "getrandom@0.1.16" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "rand_core@0.6.4", "Name": "rand_core", "Identifier": { "PURL": "pkg:cargo/rand_core@0.6.4", "UID": "9f6e25d1041e6476", "BOMRef": "pkg:cargo/rand_core@0.6.4" }, "Version": "0.6.4", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "getrandom@0.2.11", "serde@1.0.226" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "rand_core@0.9.0", "Name": "rand_core", "Identifier": { "PURL": "pkg:cargo/rand_core@0.9.0", "UID": "e69bea344aa802aa", "BOMRef": "pkg:cargo/rand_core@0.9.0" }, "Version": "0.9.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "getrandom@0.3.0", "zerocopy@0.8.31" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "rand_distr@0.5.1", "Name": "rand_distr", "Identifier": { "PURL": "pkg:cargo/rand_distr@0.5.1", "UID": "afd2ae1e31b7e132", "BOMRef": "pkg:cargo/rand_distr@0.5.1" }, "Version": "0.5.1", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "num-traits@0.2.19", "rand@0.9.2" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "rand_hc@0.2.0", "Name": "rand_hc", "Identifier": { "PURL": "pkg:cargo/rand_hc@0.2.0", "UID": "b9948a7a1238168", "BOMRef": "pkg:cargo/rand_hc@0.2.0" }, "Version": "0.2.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "rand_core@0.5.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "rayon@1.11.0", "Name": "rayon", "Identifier": { "PURL": "pkg:cargo/rayon@1.11.0", "UID": "5aa2fbd2daa38527", "BOMRef": "pkg:cargo/rayon@1.11.0" }, "Version": "1.11.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "either@1.13.0", "rayon-core@1.13.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "rayon-core@1.13.0", "Name": "rayon-core", "Identifier": { "PURL": "pkg:cargo/rayon-core@1.13.0", "UID": "d60885b72ac6798b", "BOMRef": "pkg:cargo/rayon-core@1.13.0" }, "Version": "1.13.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "crossbeam-deque@0.8.2", "crossbeam-utils@0.8.20" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "redox_syscall@0.2.16", "Name": "redox_syscall", "Identifier": { "PURL": "pkg:cargo/redox_syscall@0.2.16", "UID": "44472b6cef4adfcf", "BOMRef": "pkg:cargo/redox_syscall@0.2.16" }, "Version": "0.2.16", "Licenses": [ "MIT" ], "DependsOn": [ "bitflags@1.3.2" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "redox_syscall@0.5.12", "Name": "redox_syscall", "Identifier": { "PURL": "pkg:cargo/redox_syscall@0.5.12", "UID": "6c49c791a2445812", "BOMRef": "pkg:cargo/redox_syscall@0.5.12" }, "Version": "0.5.12", "Licenses": [ "MIT" ], "DependsOn": [ "bitflags@2.9.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "regex@1.11.0", "Name": "regex", "Identifier": { "PURL": "pkg:cargo/regex@1.11.0", "UID": "b71f52bdc2b3f4f9", "BOMRef": "pkg:cargo/regex@1.11.0" }, "Version": "1.11.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "aho-corasick@1.1.3", "memchr@2.7.4", "regex-automata@0.4.8", "regex-syntax@0.8.5" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "regex-automata@0.4.8", "Name": "regex-automata", "Identifier": { "PURL": "pkg:cargo/regex-automata@0.4.8", "UID": "226c8660b09439f1", "BOMRef": "pkg:cargo/regex-automata@0.4.8" }, "Version": "0.4.8", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "aho-corasick@1.1.3", "memchr@2.7.4", "regex-syntax@0.8.5" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "regex-lite@0.1.5", "Name": "regex-lite", "Identifier": { "PURL": "pkg:cargo/regex-lite@0.1.5", "UID": "deb0d15ca1abebd7", "BOMRef": "pkg:cargo/regex-lite@0.1.5" }, "Version": "0.1.5", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "regex-syntax@0.8.5", "Name": "regex-syntax", "Identifier": { "PURL": "pkg:cargo/regex-syntax@0.8.5", "UID": "a6591339aa043a78", "BOMRef": "pkg:cargo/regex-syntax@0.8.5" }, "Version": "0.8.5", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "reqwest@0.12.24", "Name": "reqwest", "Identifier": { "PURL": "pkg:cargo/reqwest@0.12.24", "UID": "ba487df7faff65a0", "BOMRef": "pkg:cargo/reqwest@0.12.24" }, "Version": "0.12.24", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "base64@0.22.0", "bytes@1.10.1", "futures-channel@0.3.31", "futures-core@0.3.31", "futures-util@0.3.31", "h2@0.4.4", "http-body-util@0.1.2", "http-body@1.0.0", "http@1.3.1", "hyper-rustls@0.27.2", "hyper-util@0.1.13", "hyper@1.6.0", "js-sys@0.3.77", "log@0.4.28", "percent-encoding@2.3.2", "pin-project-lite@0.2.12", "quinn@0.11.2", "rustls-native-certs@0.8.0", "rustls-pki-types@1.12.0", "rustls@0.23.35", "serde@1.0.226", "serde_json@1.0.145", "serde_urlencoded@0.7.1", "sync_wrapper@1.0.1", "tokio-rustls@0.26.0", "tokio-util@0.7.16", "tokio@1.48.0", "tower-http@0.6.6", "tower-service@0.3.3", "tower@0.5.2", "url@2.5.7", "wasm-bindgen-futures@0.4.42", "wasm-bindgen@0.2.100", "wasm-streams@0.4.0", "web-sys@0.3.69", "webpki-roots@1.0.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "rfc6979@0.4.0", "Name": "rfc6979", "Identifier": { "PURL": "pkg:cargo/rfc6979@0.4.0", "UID": "76c2feadaeed4fe7", "BOMRef": "pkg:cargo/rfc6979@0.4.0" }, "Version": "0.4.0", "Licenses": [ "Apache-2.0 OR MIT" ], "DependsOn": [ "hmac@0.12.1", "subtle@2.5.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "ring@0.17.13", "Name": "ring", "Identifier": { "PURL": "pkg:cargo/ring@0.17.13", "UID": "30f238560cbd4774", "BOMRef": "pkg:cargo/ring@0.17.13" }, "Version": "0.17.13", "Licenses": [ "Apache-2.0 AND ISC" ], "DependsOn": [ "cfg-if@1.0.0", "getrandom@0.2.11", "libc@0.2.174", "untrusted@0.9.0", "windows-sys@0.52.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "ringbuffer@0.16.0", "Name": "ringbuffer", "Identifier": { "PURL": "pkg:cargo/ringbuffer@0.16.0", "UID": "7dfe1f7f96b3d915", "BOMRef": "pkg:cargo/ringbuffer@0.16.0" }, "Version": "0.16.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "rle-decode-fast@1.0.3", "Name": "rle-decode-fast", "Identifier": { "PURL": "pkg:cargo/rle-decode-fast@1.0.3", "UID": "e3ab7cef6a9e9de6", "BOMRef": "pkg:cargo/rle-decode-fast@1.0.3" }, "Version": "1.0.3", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "rmp@0.8.14", "Name": "rmp", "Identifier": { "PURL": "pkg:cargo/rmp@0.8.14", "UID": "f74d270ce59cb4e3", "BOMRef": "pkg:cargo/rmp@0.8.14" }, "Version": "0.8.14", "Licenses": [ "MIT" ], "DependsOn": [ "byteorder@1.5.0", "num-traits@0.2.19", "paste@1.0.11" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "rmp-serde@1.3.0", "Name": "rmp-serde", "Identifier": { "PURL": "pkg:cargo/rmp-serde@1.3.0", "UID": "97c1ed9a167d7981", "BOMRef": "pkg:cargo/rmp-serde@1.3.0" }, "Version": "1.3.0", "Licenses": [ "MIT" ], "DependsOn": [ "byteorder@1.5.0", "rmp@0.8.14", "serde@1.0.226" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "roaring@0.11.2", "Name": "roaring", "Identifier": { "PURL": "pkg:cargo/roaring@0.11.2", "UID": "1fe2bb5b3ff3514d", "BOMRef": "pkg:cargo/roaring@0.11.2" }, "Version": "0.11.2", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "bytemuck@1.24.0", "byteorder@1.5.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "robust@1.1.0", "Name": "robust", "Identifier": { "PURL": "pkg:cargo/robust@1.1.0", "UID": "84373d2bff9747d3", "BOMRef": "pkg:cargo/robust@1.1.0" }, "Version": "1.1.0", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "rocksdb@0.24.0", "Name": "rocksdb", "Identifier": { "PURL": "pkg:cargo/rocksdb@0.24.0", "UID": "deae0582d512372a", "BOMRef": "pkg:cargo/rocksdb@0.24.0" }, "Version": "0.24.0", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "libc@0.2.174", "librocksdb-sys@0.17.3+10.4.2" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "rsa@0.9.8", "Name": "rsa", "Identifier": { "PURL": "pkg:cargo/rsa@0.9.8", "UID": "6765f8a255f08994", "BOMRef": "pkg:cargo/rsa@0.9.8" }, "Version": "0.9.8", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "const-oid@0.9.6", "digest@0.10.7", "num-bigint-dig@0.8.4", "num-integer@0.1.46", "num-traits@0.2.19", "pkcs1@0.7.5", "pkcs8@0.10.2", "rand_core@0.6.4", "signature@2.2.0", "spki@0.7.3", "subtle@2.5.0", "zeroize@1.8.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "rstack@0.3.3", "Name": "rstack", "Identifier": { "PURL": "pkg:cargo/rstack@0.3.3", "UID": "d31c85eeb3b844da", "BOMRef": "pkg:cargo/rstack@0.3.3" }, "Version": "0.3.3", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "cfg-if@1.0.0", "libc@0.2.174", "log@0.4.28", "unwind@0.4.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "rstack-self@0.3.0", "Name": "rstack-self", "Identifier": { "PURL": "pkg:cargo/rstack-self@0.3.0", "UID": "a18dd5f32dc47dcc", "BOMRef": "pkg:cargo/rstack-self@0.3.0" }, "Version": "0.3.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "antidote@1.0.0", "backtrace@0.3.67", "bincode@1.3.3", "lazy_static@1.5.0", "libc@0.2.174", "rstack@0.3.3", "serde@1.0.226" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "rstar@0.12.0", "Name": "rstar", "Identifier": { "PURL": "pkg:cargo/rstar@0.12.0", "UID": "2c27e4977eff7ce9", "BOMRef": "pkg:cargo/rstar@0.12.0" }, "Version": "0.12.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "heapless@0.8.0", "num-traits@0.2.19", "smallvec@1.15.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "rustc-demangle@0.1.21", "Name": "rustc-demangle", "Identifier": { "PURL": "pkg:cargo/rustc-demangle@0.1.21", "UID": "5d9ae89ab708d50b", "BOMRef": "pkg:cargo/rustc-demangle@0.1.21" }, "Version": "0.1.21", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "rustc-hash@1.1.0", "Name": "rustc-hash", "Identifier": { "PURL": "pkg:cargo/rustc-hash@1.1.0", "UID": "4f3b5ad45d4cf9c6", "BOMRef": "pkg:cargo/rustc-hash@1.1.0" }, "Version": "1.1.0", "Licenses": [ "Apache-2.0 OR MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "rustc-hash@2.1.1", "Name": "rustc-hash", "Identifier": { "PURL": "pkg:cargo/rustc-hash@2.1.1", "UID": "550a20187242a8f9", "BOMRef": "pkg:cargo/rustc-hash@2.1.1" }, "Version": "2.1.1", "Licenses": [ "Apache-2.0 OR MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "rustix@0.38.40", "Name": "rustix", "Identifier": { "PURL": "pkg:cargo/rustix@0.38.40", "UID": "d1a9c4cb77cb88c", "BOMRef": "pkg:cargo/rustix@0.38.40" }, "Version": "0.38.40", "Licenses": [ "Apache-2.0 OR Apache-2.0 OR MIT" ], "DependsOn": [ "bitflags@2.9.1", "errno@0.3.10", "libc@0.2.174", "linux-raw-sys@0.4.14", "windows-sys@0.52.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "rustix@1.0.2", "Name": "rustix", "Identifier": { "PURL": "pkg:cargo/rustix@1.0.2", "UID": "ba49102164c514b8", "BOMRef": "pkg:cargo/rustix@1.0.2" }, "Version": "1.0.2", "Licenses": [ "Apache-2.0 OR Apache-2.0 OR MIT" ], "DependsOn": [ "bitflags@2.9.1", "errno@0.3.10", "libc@0.2.174", "linux-raw-sys@0.9.2", "windows-sys@0.59.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "rustls@0.22.4", "Name": "rustls", "Identifier": { "PURL": "pkg:cargo/rustls@0.22.4", "UID": "a20d7fff8b6f6015", "BOMRef": "pkg:cargo/rustls@0.22.4" }, "Version": "0.22.4", "Licenses": [ "Apache-2.0 OR ISC OR MIT" ], "DependsOn": [ "log@0.4.28", "ring@0.17.13", "rustls-pki-types@1.12.0", "rustls-webpki@0.102.8", "subtle@2.5.0", "zeroize@1.8.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "rustls@0.23.35", "Name": "rustls", "Identifier": { "PURL": "pkg:cargo/rustls@0.23.35", "UID": "22e66a7b3715b1b0", "BOMRef": "pkg:cargo/rustls@0.23.35" }, "Version": "0.23.35", "Licenses": [ "Apache-2.0 OR ISC OR MIT" ], "DependsOn": [ "log@0.4.28", "once_cell@1.21.3", "ring@0.17.13", "rustls-pki-types@1.12.0", "rustls-webpki@0.103.6", "subtle@2.5.0", "zeroize@1.8.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "rustls-native-certs@0.7.0", "Name": "rustls-native-certs", "Identifier": { "PURL": "pkg:cargo/rustls-native-certs@0.7.0", "UID": "242c47f199f5c15", "BOMRef": "pkg:cargo/rustls-native-certs@0.7.0" }, "Version": "0.7.0", "Licenses": [ "Apache-2.0 OR ISC OR MIT" ], "DependsOn": [ "openssl-probe@0.1.5", "rustls-pemfile@2.2.0", "rustls-pki-types@1.12.0", "schannel@0.1.23", "security-framework@2.10.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "rustls-native-certs@0.8.0", "Name": "rustls-native-certs", "Identifier": { "PURL": "pkg:cargo/rustls-native-certs@0.8.0", "UID": "d53c07a61530b73b", "BOMRef": "pkg:cargo/rustls-native-certs@0.8.0" }, "Version": "0.8.0", "Licenses": [ "Apache-2.0 OR ISC OR MIT" ], "DependsOn": [ "openssl-probe@0.1.5", "rustls-pemfile@2.2.0", "rustls-pki-types@1.12.0", "schannel@0.1.23", "security-framework@2.10.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "rustls-pemfile@2.2.0", "Name": "rustls-pemfile", "Identifier": { "PURL": "pkg:cargo/rustls-pemfile@2.2.0", "UID": "a81faa5f85b9ba3", "BOMRef": "pkg:cargo/rustls-pemfile@2.2.0" }, "Version": "2.2.0", "Licenses": [ "Apache-2.0 OR ISC OR MIT" ], "DependsOn": [ "rustls-pki-types@1.12.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "rustls-pki-types@1.12.0", "Name": "rustls-pki-types", "Identifier": { "PURL": "pkg:cargo/rustls-pki-types@1.12.0", "UID": "d4151587e7d8a7e7", "BOMRef": "pkg:cargo/rustls-pki-types@1.12.0" }, "Version": "1.12.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "zeroize@1.8.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "rustls-webpki@0.102.8", "Name": "rustls-webpki", "Identifier": { "PURL": "pkg:cargo/rustls-webpki@0.102.8", "UID": "24af12296369a40d", "BOMRef": "pkg:cargo/rustls-webpki@0.102.8" }, "Version": "0.102.8", "Licenses": [ "ISC" ], "DependsOn": [ "ring@0.17.13", "rustls-pki-types@1.12.0", "untrusted@0.9.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "rustls-webpki@0.103.6", "Name": "rustls-webpki", "Identifier": { "PURL": "pkg:cargo/rustls-webpki@0.103.6", "UID": "48a5ca1dab2b835", "BOMRef": "pkg:cargo/rustls-webpki@0.103.6" }, "Version": "0.103.6", "Licenses": [ "ISC" ], "DependsOn": [ "ring@0.17.13", "rustls-pki-types@1.12.0", "untrusted@0.9.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "rustversion@1.0.11", "Name": "rustversion", "Identifier": { "PURL": "pkg:cargo/rustversion@1.0.11", "UID": "e86893f391d1c704", "BOMRef": "pkg:cargo/rustversion@1.0.11" }, "Version": "1.0.11", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "ryu@1.0.12", "Name": "ryu", "Identifier": { "PURL": "pkg:cargo/ryu@1.0.12", "UID": "e189b3cad9bae237", "BOMRef": "pkg:cargo/ryu@1.0.12" }, "Version": "1.0.12", "Licenses": [ "Apache-2.0 OR BSL-1.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "same-file@1.0.6", "Name": "same-file", "Identifier": { "PURL": "pkg:cargo/same-file@1.0.6", "UID": "d835aa81a0b660a8", "BOMRef": "pkg:cargo/same-file@1.0.6" }, "Version": "1.0.6", "Licenses": [ "Unlicense OR MIT" ], "DependsOn": [ "winapi-util@0.1.5" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "scc@2.4.0", "Name": "scc", "Identifier": { "PURL": "pkg:cargo/scc@2.4.0", "UID": "54c5e5586241f368", "BOMRef": "pkg:cargo/scc@2.4.0" }, "Version": "2.4.0", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "sdd@3.0.10" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "schannel@0.1.23", "Name": "schannel", "Identifier": { "PURL": "pkg:cargo/schannel@0.1.23", "UID": "50e663bded12005f", "BOMRef": "pkg:cargo/schannel@0.1.23" }, "Version": "0.1.23", "Licenses": [ "MIT" ], "DependsOn": [ "windows-sys@0.52.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "schemars@0.8.22", "Name": "schemars", "Identifier": { "PURL": "pkg:cargo/schemars@0.8.22", "UID": "100a87c4161af409", "BOMRef": "pkg:cargo/schemars@0.8.22" }, "Version": "0.8.22", "Licenses": [ "MIT" ], "DependsOn": [ "chrono@0.4.42", "dyn-clone@1.0.10", "indexmap@1.9.2", "indexmap@2.11.4", "schemars_derive@0.8.22", "serde@1.0.226", "serde_json@1.0.145", "url@2.5.7", "uuid@1.18.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "schemars_derive@0.8.22", "Name": "schemars_derive", "Identifier": { "PURL": "pkg:cargo/schemars_derive@0.8.22", "UID": "b03b0d417024bf24", "BOMRef": "pkg:cargo/schemars_derive@0.8.22" }, "Version": "0.8.22", "Licenses": [ "MIT" ], "DependsOn": [ "proc-macro2@1.0.101", "quote@1.0.42", "serde_derive_internals@0.29.0", "syn@2.0.111" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "scoped-tls@1.0.1", "Name": "scoped-tls", "Identifier": { "PURL": "pkg:cargo/scoped-tls@1.0.1", "UID": "4879cbedbc3b292f", "BOMRef": "pkg:cargo/scoped-tls@1.0.1" }, "Version": "1.0.1", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "scopeguard@1.1.0", "Name": "scopeguard", "Identifier": { "PURL": "pkg:cargo/scopeguard@1.1.0", "UID": "1def113ab1000254", "BOMRef": "pkg:cargo/scopeguard@1.1.0" }, "Version": "1.1.0", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "sdd@3.0.10", "Name": "sdd", "Identifier": { "PURL": "pkg:cargo/sdd@3.0.10", "UID": "b40198a5b40d5fc7", "BOMRef": "pkg:cargo/sdd@3.0.10" }, "Version": "3.0.10", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "seahash@4.1.0", "Name": "seahash", "Identifier": { "PURL": "pkg:cargo/seahash@4.1.0", "UID": "f7c28bd403abf328", "BOMRef": "pkg:cargo/seahash@4.1.0" }, "Version": "4.1.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "sec1@0.7.3", "Name": "sec1", "Identifier": { "PURL": "pkg:cargo/sec1@0.7.3", "UID": "5960e04d44e0bc09", "BOMRef": "pkg:cargo/sec1@0.7.3" }, "Version": "0.7.3", "Licenses": [ "Apache-2.0 OR MIT" ], "DependsOn": [ "base16ct@0.2.0", "der@0.7.10", "generic-array@0.14.9", "pkcs8@0.10.2", "subtle@2.5.0", "zeroize@1.8.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "security-framework@2.10.0", "Name": "security-framework", "Identifier": { "PURL": "pkg:cargo/security-framework@2.10.0", "UID": "8dab01e8eba73608", "BOMRef": "pkg:cargo/security-framework@2.10.0" }, "Version": "2.10.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "bitflags@1.3.2", "core-foundation-sys@0.8.7", "core-foundation@0.9.4", "libc@0.2.174", "security-framework-sys@2.11.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "security-framework-sys@2.11.0", "Name": "security-framework-sys", "Identifier": { "PURL": "pkg:cargo/security-framework-sys@2.11.0", "UID": "3e10ab03ec6680ff", "BOMRef": "pkg:cargo/security-framework-sys@2.11.0" }, "Version": "2.11.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "core-foundation-sys@0.8.7", "libc@0.2.174" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "seedable_hash@0.1.1", "Name": "seedable_hash", "Identifier": { "PURL": "pkg:cargo/seedable_hash@0.1.1", "UID": "f53a6280963916b1", "BOMRef": "pkg:cargo/seedable_hash@0.1.1" }, "Version": "0.1.1", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "wyhash@0.5.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "self_cell@1.2.0", "Name": "self_cell", "Identifier": { "PURL": "pkg:cargo/self_cell@1.2.0", "UID": "d3d8b8939b6baad5", "BOMRef": "pkg:cargo/self_cell@1.2.0" }, "Version": "1.2.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "semver@1.0.27", "Name": "semver", "Identifier": { "PURL": "pkg:cargo/semver@1.0.27", "UID": "89095789b3755d31", "BOMRef": "pkg:cargo/semver@1.0.27" }, "Version": "1.0.27", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "serde@1.0.226", "serde_core@1.0.226" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "serde@1.0.226", "Name": "serde", "Identifier": { "PURL": "pkg:cargo/serde@1.0.226", "UID": "8db5ea4a8c02ac3f", "BOMRef": "pkg:cargo/serde@1.0.226" }, "Version": "1.0.226", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "serde_core@1.0.226", "serde_derive@1.0.226" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "serde-untagged@0.1.9", "Name": "serde-untagged", "Identifier": { "PURL": "pkg:cargo/serde-untagged@0.1.9", "UID": "c576878722b73ae6", "BOMRef": "pkg:cargo/serde-untagged@0.1.9" }, "Version": "0.1.9", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "erased-serde@0.4.2", "serde@1.0.226", "serde_core@1.0.226", "typeid@1.0.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "serde-value@0.7.0", "Name": "serde-value", "Identifier": { "PURL": "pkg:cargo/serde-value@0.7.0", "UID": "9bba356caa67bd70", "BOMRef": "pkg:cargo/serde-value@0.7.0" }, "Version": "0.7.0", "Licenses": [ "MIT" ], "DependsOn": [ "ordered-float@2.10.1", "serde@1.0.226" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "serde_cbor@0.11.2", "Name": "serde_cbor", "Identifier": { "PURL": "pkg:cargo/serde_cbor@0.11.2", "UID": "b0961a1ef8d2ed9a", "BOMRef": "pkg:cargo/serde_cbor@0.11.2" }, "Version": "0.11.2", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "half@1.8.2", "serde@1.0.226" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "serde_core@1.0.226", "Name": "serde_core", "Identifier": { "PURL": "pkg:cargo/serde_core@1.0.226", "UID": "ed91e828ebb55154", "BOMRef": "pkg:cargo/serde_core@1.0.226" }, "Version": "1.0.226", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "serde_derive@1.0.226" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "serde_derive@1.0.226", "Name": "serde_derive", "Identifier": { "PURL": "pkg:cargo/serde_derive@1.0.226", "UID": "d5bbd1db9e58cc72", "BOMRef": "pkg:cargo/serde_derive@1.0.226" }, "Version": "1.0.226", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "proc-macro2@1.0.101", "quote@1.0.42", "syn@2.0.111" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "serde_derive_internals@0.29.0", "Name": "serde_derive_internals", "Identifier": { "PURL": "pkg:cargo/serde_derive_internals@0.29.0", "UID": "b6b8c31af1b7c6dc", "BOMRef": "pkg:cargo/serde_derive_internals@0.29.0" }, "Version": "0.29.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "proc-macro2@1.0.101", "quote@1.0.42", "syn@2.0.111" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "serde_json@1.0.145", "Name": "serde_json", "Identifier": { "PURL": "pkg:cargo/serde_json@1.0.145", "UID": "ecf9a93ed5780deb", "BOMRef": "pkg:cargo/serde_json@1.0.145" }, "Version": "1.0.145", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "indexmap@2.11.4", "itoa@1.0.5", "memchr@2.7.4", "ryu@1.0.12", "serde@1.0.226", "serde_core@1.0.226" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "serde_plain@1.0.1", "Name": "serde_plain", "Identifier": { "PURL": "pkg:cargo/serde_plain@1.0.1", "UID": "4c94320d71e740dd", "BOMRef": "pkg:cargo/serde_plain@1.0.1" }, "Version": "1.0.1", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "serde@1.0.226" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "serde_qs@0.13.0", "Name": "serde_qs", "Identifier": { "PURL": "pkg:cargo/serde_qs@0.13.0", "UID": "e1f4e18e121c4af7", "BOMRef": "pkg:cargo/serde_qs@0.13.0" }, "Version": "0.13.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "actix-web@4.11.0", "futures@0.3.31", "percent-encoding@2.3.2", "serde@1.0.226", "thiserror@1.0.69" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "serde_urlencoded@0.7.1", "Name": "serde_urlencoded", "Identifier": { "PURL": "pkg:cargo/serde_urlencoded@0.7.1", "UID": "7b7cd29fe93c7dcc", "BOMRef": "pkg:cargo/serde_urlencoded@0.7.1" }, "Version": "0.7.1", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "form_urlencoded@1.2.2", "itoa@1.0.5", "ryu@1.0.12", "serde@1.0.226" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "serde_variant@0.1.3", "Name": "serde_variant", "Identifier": { "PURL": "pkg:cargo/serde_variant@0.1.3", "UID": "adcc6c166bd6f336", "BOMRef": "pkg:cargo/serde_variant@0.1.3" }, "Version": "0.1.3", "Licenses": [ "Apache-2.0 OR MIT" ], "DependsOn": [ "serde@1.0.226" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "serial_test@3.2.0", "Name": "serial_test", "Identifier": { "PURL": "pkg:cargo/serial_test@3.2.0", "UID": "71702a7245ce7611", "BOMRef": "pkg:cargo/serial_test@3.2.0" }, "Version": "3.2.0", "Licenses": [ "MIT" ], "DependsOn": [ "once_cell@1.21.3", "parking_lot@0.12.5", "scc@2.4.0", "serial_test_derive@3.2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "serial_test_derive@3.2.0", "Name": "serial_test_derive", "Identifier": { "PURL": "pkg:cargo/serial_test_derive@3.2.0", "UID": "3fc2517078d31216", "BOMRef": "pkg:cargo/serial_test_derive@3.2.0" }, "Version": "3.2.0", "Licenses": [ "MIT" ], "DependsOn": [ "proc-macro2@1.0.101", "quote@1.0.42", "syn@2.0.111" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "sha1@0.10.5", "Name": "sha1", "Identifier": { "PURL": "pkg:cargo/sha1@0.10.5", "UID": "84d8291857ebd627", "BOMRef": "pkg:cargo/sha1@0.10.5" }, "Version": "0.10.5", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "cfg-if@1.0.0", "cpufeatures@0.2.17", "digest@0.10.7" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "sha2@0.10.9", "Name": "sha2", "Identifier": { "PURL": "pkg:cargo/sha2@0.10.9", "UID": "da9f55a83b870128", "BOMRef": "pkg:cargo/sha2@0.10.9" }, "Version": "0.10.9", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "cfg-if@1.0.0", "cpufeatures@0.2.17", "digest@0.10.7" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "shaderc@0.10.1", "Name": "shaderc", "Identifier": { "PURL": "pkg:cargo/shaderc@0.10.1", "UID": "95fd98d533265c71", "BOMRef": "pkg:cargo/shaderc@0.10.1" }, "Version": "0.10.1", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "libc@0.2.174", "shaderc-sys@0.10.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "shaderc-sys@0.10.1", "Name": "shaderc-sys", "Identifier": { "PURL": "pkg:cargo/shaderc-sys@0.10.1", "UID": "c5a5375a4b8229ce", "BOMRef": "pkg:cargo/shaderc-sys@0.10.1" }, "Version": "0.10.1", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "libc@0.2.174", "link-cplusplus@1.0.8" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "sharded-slab@0.1.4", "Name": "sharded-slab", "Identifier": { "PURL": "pkg:cargo/sharded-slab@0.1.4", "UID": "718fa690e0639ce1", "BOMRef": "pkg:cargo/sharded-slab@0.1.4" }, "Version": "0.1.4", "Licenses": [ "MIT" ], "DependsOn": [ "lazy_static@1.5.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "signal-hook-registry@1.4.0", "Name": "signal-hook-registry", "Identifier": { "PURL": "pkg:cargo/signal-hook-registry@1.4.0", "UID": "f2f1c2d65dda8f9", "BOMRef": "pkg:cargo/signal-hook-registry@1.4.0" }, "Version": "1.4.0", "Licenses": [ "Apache-2.0 OR MIT" ], "DependsOn": [ "libc@0.2.174" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "signature@2.2.0", "Name": "signature", "Identifier": { "PURL": "pkg:cargo/signature@2.2.0", "UID": "20c477f22bfc01b7", "BOMRef": "pkg:cargo/signature@2.2.0" }, "Version": "2.2.0", "Licenses": [ "Apache-2.0 OR MIT" ], "DependsOn": [ "digest@0.10.7", "rand_core@0.6.4" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "simd-adler32@0.3.7", "Name": "simd-adler32", "Identifier": { "PURL": "pkg:cargo/simd-adler32@0.3.7", "UID": "6cf6860f80ec39d0", "BOMRef": "pkg:cargo/simd-adler32@0.3.7" }, "Version": "0.3.7", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "simple_asn1@0.6.2", "Name": "simple_asn1", "Identifier": { "PURL": "pkg:cargo/simple_asn1@0.6.2", "UID": "5f60afaebedf4307", "BOMRef": "pkg:cargo/simple_asn1@0.6.2" }, "Version": "0.6.2", "Licenses": [ "ISC" ], "DependsOn": [ "num-bigint@0.4.4", "num-traits@0.2.19", "thiserror@1.0.69", "time@0.3.17" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "siphasher@0.3.10", "Name": "siphasher", "Identifier": { "PURL": "pkg:cargo/siphasher@0.3.10", "UID": "98fe7a438f998bac", "BOMRef": "pkg:cargo/siphasher@0.3.10" }, "Version": "0.3.10", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "siphasher@1.0.1", "Name": "siphasher", "Identifier": { "PURL": "pkg:cargo/siphasher@1.0.1", "UID": "d4f5416f7d3f85a", "BOMRef": "pkg:cargo/siphasher@1.0.1" }, "Version": "1.0.1", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "slab@0.4.11", "Name": "slab", "Identifier": { "PURL": "pkg:cargo/slab@0.4.11", "UID": "15e0851d86aa11fd", "BOMRef": "pkg:cargo/slab@0.4.11" }, "Version": "0.4.11", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "slice-group-by@0.3.1", "Name": "slice-group-by", "Identifier": { "PURL": "pkg:cargo/slice-group-by@0.3.1", "UID": "ba98911bea96b8f6", "BOMRef": "pkg:cargo/slice-group-by@0.3.1" }, "Version": "0.3.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "slog@2.8.2", "Name": "slog", "Identifier": { "PURL": "pkg:cargo/slog@2.8.2", "UID": "edc351b76b19f984", "BOMRef": "pkg:cargo/slog@2.8.2" }, "Version": "2.8.2", "Licenses": [ "MPL-2.0 OR MIT OR Apache-2.0" ], "DependsOn": [ "anyhow@1.0.100", "erased-serde@0.3.31", "serde_core@1.0.226" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "slog-scope@4.4.0", "Name": "slog-scope", "Identifier": { "PURL": "pkg:cargo/slog-scope@4.4.0", "UID": "823c4709c9057de2", "BOMRef": "pkg:cargo/slog-scope@4.4.0" }, "Version": "4.4.0", "Licenses": [ "MPL-2.0 OR MIT OR Apache-2.0" ], "DependsOn": [ "arc-swap@1.7.1", "lazy_static@1.5.0", "slog@2.8.2" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "slog-stdlog@4.1.1", "Name": "slog-stdlog", "Identifier": { "PURL": "pkg:cargo/slog-stdlog@4.1.1", "UID": "2acd8dcef2d7838", "BOMRef": "pkg:cargo/slog-stdlog@4.1.1" }, "Version": "4.1.1", "Licenses": [ "MPL-2.0 OR MIT OR Apache-2.0" ], "DependsOn": [ "log@0.4.28", "slog-scope@4.4.0", "slog@2.8.2" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "smallvec@1.15.1", "Name": "smallvec", "Identifier": { "PURL": "pkg:cargo/smallvec@1.15.1", "UID": "bc32462292b8c04c", "BOMRef": "pkg:cargo/smallvec@1.15.1" }, "Version": "1.15.1", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "socket2@0.4.9", "Name": "socket2", "Identifier": { "PURL": "pkg:cargo/socket2@0.4.9", "UID": "81e40e60ab27bd0b", "BOMRef": "pkg:cargo/socket2@0.4.9" }, "Version": "0.4.9", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "libc@0.2.174", "winapi@0.3.9" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "socket2@0.5.10", "Name": "socket2", "Identifier": { "PURL": "pkg:cargo/socket2@0.5.10", "UID": "d17cc597770bc64a", "BOMRef": "pkg:cargo/socket2@0.5.10" }, "Version": "0.5.10", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "libc@0.2.174", "windows-sys@0.52.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "socket2@0.6.0", "Name": "socket2", "Identifier": { "PURL": "pkg:cargo/socket2@0.6.0", "UID": "61b907bdc9fea544", "BOMRef": "pkg:cargo/socket2@0.6.0" }, "Version": "0.6.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "libc@0.2.174", "windows-sys@0.59.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "spade@2.12.1", "Name": "spade", "Identifier": { "PURL": "pkg:cargo/spade@2.12.1", "UID": "b63c7743f29aca20", "BOMRef": "pkg:cargo/spade@2.12.1" }, "Version": "2.12.1", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "hashbrown@0.14.2", "num-traits@0.2.19", "robust@1.1.0", "smallvec@1.15.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "spin@0.9.8", "Name": "spin", "Identifier": { "PURL": "pkg:cargo/spin@0.9.8", "UID": "a4dcfbac6f7610e4", "BOMRef": "pkg:cargo/spin@0.9.8" }, "Version": "0.9.8", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "spki@0.7.3", "Name": "spki", "Identifier": { "PURL": "pkg:cargo/spki@0.7.3", "UID": "c01dae7645db7b73", "BOMRef": "pkg:cargo/spki@0.7.3" }, "Version": "0.7.3", "Licenses": [ "Apache-2.0 OR MIT" ], "DependsOn": [ "base64ct@1.8.0", "der@0.7.10" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "stable_deref_trait@1.2.0", "Name": "stable_deref_trait", "Identifier": { "PURL": "pkg:cargo/stable_deref_trait@1.2.0", "UID": "71450c66696f12df", "BOMRef": "pkg:cargo/stable_deref_trait@1.2.0" }, "Version": "1.2.0", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "strsim@0.10.0", "Name": "strsim", "Identifier": { "PURL": "pkg:cargo/strsim@0.10.0", "UID": "37b8a8dd11404f41", "BOMRef": "pkg:cargo/strsim@0.10.0" }, "Version": "0.10.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "strsim@0.11.0", "Name": "strsim", "Identifier": { "PURL": "pkg:cargo/strsim@0.11.0", "UID": "b39864b613b195e7", "BOMRef": "pkg:cargo/strsim@0.11.0" }, "Version": "0.11.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "strum@0.27.2", "Name": "strum", "Identifier": { "PURL": "pkg:cargo/strum@0.27.2", "UID": "e1118e5be3b8f1ea", "BOMRef": "pkg:cargo/strum@0.27.2" }, "Version": "0.27.2", "Licenses": [ "MIT" ], "DependsOn": [ "strum_macros@0.27.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "strum_macros@0.27.1", "Name": "strum_macros", "Identifier": { "PURL": "pkg:cargo/strum_macros@0.27.1", "UID": "4d72b6ebe99317b3", "BOMRef": "pkg:cargo/strum_macros@0.27.1" }, "Version": "0.27.1", "Licenses": [ "MIT" ], "DependsOn": [ "heck@0.5.0", "proc-macro2@1.0.101", "quote@1.0.42", "rustversion@1.0.11", "syn@2.0.111" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "subtle@2.5.0", "Name": "subtle", "Identifier": { "PURL": "pkg:cargo/subtle@2.5.0", "UID": "fa6b7e3b4469bbed", "BOMRef": "pkg:cargo/subtle@2.5.0" }, "Version": "2.5.0", "Licenses": [ "BSD-3-Clause" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "symbolic-common@12.12.3", "Name": "symbolic-common", "Identifier": { "PURL": "pkg:cargo/symbolic-common@12.12.3", "UID": "b5b2d4af23b834f1", "BOMRef": "pkg:cargo/symbolic-common@12.12.3" }, "Version": "12.12.3", "Licenses": [ "MIT" ], "DependsOn": [ "debugid@0.8.0", "memmap2@0.9.8", "stable_deref_trait@1.2.0", "uuid@1.18.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "symbolic-demangle@12.12.3", "Name": "symbolic-demangle", "Identifier": { "PURL": "pkg:cargo/symbolic-demangle@12.12.3", "UID": "3ab7a0f32dad816a", "BOMRef": "pkg:cargo/symbolic-demangle@12.12.3" }, "Version": "12.12.3", "Licenses": [ "MIT" ], "DependsOn": [ "cpp_demangle@0.4.2", "rustc-demangle@0.1.21", "symbolic-common@12.12.3" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "syn@1.0.107", "Name": "syn", "Identifier": { "PURL": "pkg:cargo/syn@1.0.107", "UID": "2dc26216fa00abe6", "BOMRef": "pkg:cargo/syn@1.0.107" }, "Version": "1.0.107", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "proc-macro2@1.0.101", "quote@1.0.42", "unicode-ident@1.0.13" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "syn@2.0.111", "Name": "syn", "Identifier": { "PURL": "pkg:cargo/syn@2.0.111", "UID": "5fbc79402ab753c4", "BOMRef": "pkg:cargo/syn@2.0.111" }, "Version": "2.0.111", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "proc-macro2@1.0.101", "quote@1.0.42", "unicode-ident@1.0.13" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "sync_wrapper@0.1.2", "Name": "sync_wrapper", "Identifier": { "PURL": "pkg:cargo/sync_wrapper@0.1.2", "UID": "a3ec37bc67e63543", "BOMRef": "pkg:cargo/sync_wrapper@0.1.2" }, "Version": "0.1.2", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "sync_wrapper@1.0.1", "Name": "sync_wrapper", "Identifier": { "PURL": "pkg:cargo/sync_wrapper@1.0.1", "UID": "82aa29f3f4eb4fa3", "BOMRef": "pkg:cargo/sync_wrapper@1.0.1" }, "Version": "1.0.1", "Licenses": [ "Apache-2.0" ], "DependsOn": [ "futures-core@0.3.31" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "synstructure@0.13.1", "Name": "synstructure", "Identifier": { "PURL": "pkg:cargo/synstructure@0.13.1", "UID": "e50e28b4211bdc4e", "BOMRef": "pkg:cargo/synstructure@0.13.1" }, "Version": "0.13.1", "Licenses": [ "MIT" ], "DependsOn": [ "proc-macro2@1.0.101", "quote@1.0.42", "syn@2.0.111" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "sys-info@0.9.1", "Name": "sys-info", "Identifier": { "PURL": "pkg:cargo/sys-info@0.9.1", "UID": "4d51bf2a94cbe11b", "BOMRef": "pkg:cargo/sys-info@0.9.1" }, "Version": "0.9.1", "Licenses": [ "MIT" ], "DependsOn": [ "libc@0.2.174" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "sysinfo@0.37.2", "Name": "sysinfo", "Identifier": { "PURL": "pkg:cargo/sysinfo@0.37.2", "UID": "be8559600527dba2", "BOMRef": "pkg:cargo/sysinfo@0.37.2" }, "Version": "0.37.2", "Licenses": [ "MIT" ], "DependsOn": [ "libc@0.2.174", "memchr@2.7.4", "ntapi@0.4.1", "objc2-core-foundation@0.3.1", "objc2-io-kit@0.3.1", "windows@0.61.3" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "tap@1.0.1", "Name": "tap", "Identifier": { "PURL": "pkg:cargo/tap@1.0.1", "UID": "6344926598bbc1fc", "BOMRef": "pkg:cargo/tap@1.0.1" }, "Version": "1.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "target-lexicon@0.13.3", "Name": "target-lexicon", "Identifier": { "PURL": "pkg:cargo/target-lexicon@0.13.3", "UID": "bc50219edf07f917", "BOMRef": "pkg:cargo/target-lexicon@0.13.3" }, "Version": "0.13.3", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "tempfile@3.23.0", "Name": "tempfile", "Identifier": { "PURL": "pkg:cargo/tempfile@3.23.0", "UID": "e18cd4f29bafcfc3", "BOMRef": "pkg:cargo/tempfile@3.23.0" }, "Version": "3.23.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "fastrand@2.2.0", "getrandom@0.3.0", "once_cell@1.21.3", "rustix@1.0.2", "windows-sys@0.60.2" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "thiserror@1.0.69", "Name": "thiserror", "Identifier": { "PURL": "pkg:cargo/thiserror@1.0.69", "UID": "af9722fb503ae00c", "BOMRef": "pkg:cargo/thiserror@1.0.69" }, "Version": "1.0.69", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "thiserror-impl@1.0.69" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "thiserror@2.0.17", "Name": "thiserror", "Identifier": { "PURL": "pkg:cargo/thiserror@2.0.17", "UID": "881f3282584adc5a", "BOMRef": "pkg:cargo/thiserror@2.0.17" }, "Version": "2.0.17", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "thiserror-impl@2.0.17" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "thiserror-impl@1.0.69", "Name": "thiserror-impl", "Identifier": { "PURL": "pkg:cargo/thiserror-impl@1.0.69", "UID": "27753399b597d633", "BOMRef": "pkg:cargo/thiserror-impl@1.0.69" }, "Version": "1.0.69", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "proc-macro2@1.0.101", "quote@1.0.42", "syn@2.0.111" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "thiserror-impl@2.0.17", "Name": "thiserror-impl", "Identifier": { "PURL": "pkg:cargo/thiserror-impl@2.0.17", "UID": "7338d313dd966f7c", "BOMRef": "pkg:cargo/thiserror-impl@2.0.17" }, "Version": "2.0.17", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "proc-macro2@1.0.101", "quote@1.0.42", "syn@2.0.111" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "thread-priority@3.0.0", "Name": "thread-priority", "Identifier": { "PURL": "pkg:cargo/thread-priority@3.0.0", "UID": "e70dacf43b34679e", "BOMRef": "pkg:cargo/thread-priority@3.0.0" }, "Version": "3.0.0", "Licenses": [ "MIT" ], "DependsOn": [ "bitflags@2.9.1", "cfg-if@1.0.0", "libc@0.2.174", "log@0.4.28", "rustversion@1.0.11", "windows@0.61.3" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "thread_local@1.1.7", "Name": "thread_local", "Identifier": { "PURL": "pkg:cargo/thread_local@1.1.7", "UID": "d8c610cc22d04ff7", "BOMRef": "pkg:cargo/thread_local@1.1.7" }, "Version": "1.1.7", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "cfg-if@1.0.0", "once_cell@1.21.3" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "tikv-jemalloc-ctl@0.6.0", "Name": "tikv-jemalloc-ctl", "Identifier": { "PURL": "pkg:cargo/tikv-jemalloc-ctl@0.6.0", "UID": "914dabae5ec5e311", "BOMRef": "pkg:cargo/tikv-jemalloc-ctl@0.6.0" }, "Version": "0.6.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "libc@0.2.174", "paste@1.0.11", "tikv-jemalloc-sys@0.6.1+5.3.0-1-ge13ca993e8ccb9ba9847cc330696e02839f328f7" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "tikv-jemalloc-sys@0.6.1+5.3.0-1-ge13ca993e8ccb9ba9847cc330696e02839f328f7", "Name": "tikv-jemalloc-sys", "Identifier": { "PURL": "pkg:cargo/tikv-jemalloc-sys@0.6.1%2B5.3.0-1-ge13ca993e8ccb9ba9847cc330696e02839f328f7", "UID": "18d7e51560462882", "BOMRef": "pkg:cargo/tikv-jemalloc-sys@0.6.1%2B5.3.0-1-ge13ca993e8ccb9ba9847cc330696e02839f328f7" }, "Version": "0.6.1+5.3.0-1-ge13ca993e8ccb9ba9847cc330696e02839f328f7", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "libc@0.2.174" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "tikv-jemallocator@0.6.1", "Name": "tikv-jemallocator", "Identifier": { "PURL": "pkg:cargo/tikv-jemallocator@0.6.1", "UID": "7111512f4f73c93b", "BOMRef": "pkg:cargo/tikv-jemallocator@0.6.1" }, "Version": "0.6.1", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "libc@0.2.174", "tikv-jemalloc-sys@0.6.1+5.3.0-1-ge13ca993e8ccb9ba9847cc330696e02839f328f7" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "time@0.3.17", "Name": "time", "Identifier": { "PURL": "pkg:cargo/time@0.3.17", "UID": "498dc42ad7813385", "BOMRef": "pkg:cargo/time@0.3.17" }, "Version": "0.3.17", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "itoa@1.0.5", "serde@1.0.226", "time-core@0.1.0", "time-macros@0.2.6" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "time-core@0.1.0", "Name": "time-core", "Identifier": { "PURL": "pkg:cargo/time-core@0.1.0", "UID": "dac45b76ecc866de", "BOMRef": "pkg:cargo/time-core@0.1.0" }, "Version": "0.1.0", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "time-macros@0.2.6", "Name": "time-macros", "Identifier": { "PURL": "pkg:cargo/time-macros@0.2.6", "UID": "842bd0b3a1fc6f52", "BOMRef": "pkg:cargo/time-macros@0.2.6" }, "Version": "0.2.6", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "time-core@0.1.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "tinystr@0.7.6", "Name": "tinystr", "Identifier": { "PURL": "pkg:cargo/tinystr@0.7.6", "UID": "ccdfb99d906107e3", "BOMRef": "pkg:cargo/tinystr@0.7.6" }, "Version": "0.7.6", "Licenses": [ "Unicode-3.0" ], "DependsOn": [ "displaydoc@0.2.5", "zerovec@0.10.4" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "tinyvec@1.10.0", "Name": "tinyvec", "Identifier": { "PURL": "pkg:cargo/tinyvec@1.10.0", "UID": "6daf2a175ce5ab14", "BOMRef": "pkg:cargo/tinyvec@1.10.0" }, "Version": "1.10.0", "Licenses": [ "Zlib OR Apache-2.0 OR MIT" ], "DependsOn": [ "tinyvec_macros@0.1.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "tinyvec_macros@0.1.0", "Name": "tinyvec_macros", "Identifier": { "PURL": "pkg:cargo/tinyvec_macros@0.1.0", "UID": "4e32d14326ea877e", "BOMRef": "pkg:cargo/tinyvec_macros@0.1.0" }, "Version": "0.1.0", "Licenses": [ "MIT OR Apache-2.0 OR Zlib" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "tokio@1.48.0", "Name": "tokio", "Identifier": { "PURL": "pkg:cargo/tokio@1.48.0", "UID": "b18c09ab8e2d7c41", "BOMRef": "pkg:cargo/tokio@1.48.0" }, "Version": "1.48.0", "Licenses": [ "MIT" ], "DependsOn": [ "bytes@1.10.1", "libc@0.2.174", "mio@1.0.1", "parking_lot@0.12.5", "pin-project-lite@0.2.12", "signal-hook-registry@1.4.0", "socket2@0.6.0", "tokio-macros@2.6.0", "tracing@0.1.43", "windows-sys@0.61.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "tokio-io-timeout@1.2.0", "Name": "tokio-io-timeout", "Identifier": { "PURL": "pkg:cargo/tokio-io-timeout@1.2.0", "UID": "a5fd0edd78f2789e", "BOMRef": "pkg:cargo/tokio-io-timeout@1.2.0" }, "Version": "1.2.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "pin-project-lite@0.2.12", "tokio@1.48.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "tokio-macros@2.6.0", "Name": "tokio-macros", "Identifier": { "PURL": "pkg:cargo/tokio-macros@2.6.0", "UID": "eac6a94fcec751fb", "BOMRef": "pkg:cargo/tokio-macros@2.6.0" }, "Version": "2.6.0", "Licenses": [ "MIT" ], "DependsOn": [ "proc-macro2@1.0.101", "quote@1.0.42", "syn@2.0.111" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "tokio-rustls@0.25.0", "Name": "tokio-rustls", "Identifier": { "PURL": "pkg:cargo/tokio-rustls@0.25.0", "UID": "c1ceeb41afb2b7b8", "BOMRef": "pkg:cargo/tokio-rustls@0.25.0" }, "Version": "0.25.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "rustls-pki-types@1.12.0", "rustls@0.22.4", "tokio@1.48.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "tokio-rustls@0.26.0", "Name": "tokio-rustls", "Identifier": { "PURL": "pkg:cargo/tokio-rustls@0.26.0", "UID": "ca874604b6d3361d", "BOMRef": "pkg:cargo/tokio-rustls@0.26.0" }, "Version": "0.26.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "rustls-pki-types@1.12.0", "rustls@0.23.35", "tokio@1.48.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "tokio-stream@0.1.17", "Name": "tokio-stream", "Identifier": { "PURL": "pkg:cargo/tokio-stream@0.1.17", "UID": "ffdde3854f122264", "BOMRef": "pkg:cargo/tokio-stream@0.1.17" }, "Version": "0.1.17", "Licenses": [ "MIT" ], "DependsOn": [ "futures-core@0.3.31", "pin-project-lite@0.2.12", "tokio@1.48.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "tokio-util@0.7.16", "Name": "tokio-util", "Identifier": { "PURL": "pkg:cargo/tokio-util@0.7.16", "UID": "62ffb5936e37ee84", "BOMRef": "pkg:cargo/tokio-util@0.7.16" }, "Version": "0.7.16", "Licenses": [ "MIT" ], "DependsOn": [ "bytes@1.10.1", "futures-core@0.3.31", "futures-sink@0.3.31", "futures-util@0.3.31", "pin-project-lite@0.2.12", "tokio@1.48.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "tonic@0.11.0", "Name": "tonic", "Identifier": { "PURL": "pkg:cargo/tonic@0.11.0", "UID": "3cc1684ee04af950", "BOMRef": "pkg:cargo/tonic@0.11.0" }, "Version": "0.11.0", "Licenses": [ "MIT" ], "DependsOn": [ "async-stream@0.3.3", "async-trait@0.1.89", "axum@0.6.12", "base64@0.21.0", "bytes@1.10.1", "flate2@1.1.4", "h2@0.3.26", "http-body@0.4.5", "http@0.2.12", "hyper-timeout@0.4.1", "hyper@0.14.26", "percent-encoding@2.3.2", "pin-project@1.0.12", "prost@0.12.6", "rustls-pemfile@2.2.0", "rustls-pki-types@1.12.0", "tokio-rustls@0.25.0", "tokio-stream@0.1.17", "tokio@1.48.0", "tower-layer@0.3.3", "tower-service@0.3.3", "tower@0.4.13", "tracing@0.1.43" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "tonic@0.12.3", "Name": "tonic", "Identifier": { "PURL": "pkg:cargo/tonic@0.12.3", "UID": "ae9860f928eceb6b", "BOMRef": "pkg:cargo/tonic@0.12.3" }, "Version": "0.12.3", "Licenses": [ "MIT" ], "DependsOn": [ "async-stream@0.3.3", "async-trait@0.1.89", "axum@0.7.5", "base64@0.22.0", "bytes@1.10.1", "h2@0.4.4", "http-body-util@0.1.2", "http-body@1.0.0", "http@1.3.1", "hyper-timeout@0.5.1", "hyper-util@0.1.13", "hyper@1.6.0", "percent-encoding@2.3.2", "pin-project@1.0.12", "prost@0.13.1", "socket2@0.5.10", "tokio-stream@0.1.17", "tokio@1.48.0", "tower-layer@0.3.3", "tower-service@0.3.3", "tower@0.4.13", "tracing@0.1.43" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "tonic-reflection@0.11.0", "Name": "tonic-reflection", "Identifier": { "PURL": "pkg:cargo/tonic-reflection@0.11.0", "UID": "5a7a9d8a0b44b00f", "BOMRef": "pkg:cargo/tonic-reflection@0.11.0" }, "Version": "0.11.0", "Licenses": [ "MIT" ], "DependsOn": [ "prost-types@0.12.6", "prost@0.12.6", "tokio-stream@0.1.17", "tokio@1.48.0", "tonic@0.11.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "tower@0.4.13", "Name": "tower", "Identifier": { "PURL": "pkg:cargo/tower@0.4.13", "UID": "ed41cf61e90f5e6e", "BOMRef": "pkg:cargo/tower@0.4.13" }, "Version": "0.4.13", "Licenses": [ "MIT" ], "DependsOn": [ "futures-core@0.3.31", "futures-util@0.3.31", "indexmap@1.9.2", "pin-project-lite@0.2.12", "pin-project@1.0.12", "rand@0.8.5", "slab@0.4.11", "tokio-util@0.7.16", "tokio@1.48.0", "tower-layer@0.3.3", "tower-service@0.3.3", "tracing@0.1.43" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "tower@0.5.2", "Name": "tower", "Identifier": { "PURL": "pkg:cargo/tower@0.5.2", "UID": "477a8c74262076a6", "BOMRef": "pkg:cargo/tower@0.5.2" }, "Version": "0.5.2", "Licenses": [ "MIT" ], "DependsOn": [ "futures-core@0.3.31", "futures-util@0.3.31", "pin-project-lite@0.2.12", "sync_wrapper@1.0.1", "tokio@1.48.0", "tower-layer@0.3.3", "tower-service@0.3.3" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "tower-http@0.6.6", "Name": "tower-http", "Identifier": { "PURL": "pkg:cargo/tower-http@0.6.6", "UID": "56ae4b68d99d3498", "BOMRef": "pkg:cargo/tower-http@0.6.6" }, "Version": "0.6.6", "Licenses": [ "MIT" ], "DependsOn": [ "bitflags@2.9.1", "bytes@1.10.1", "futures-util@0.3.31", "http-body@1.0.0", "http@1.3.1", "iri-string@0.7.8", "pin-project-lite@0.2.12", "tower-layer@0.3.3", "tower-service@0.3.3", "tower@0.5.2" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "tower-layer@0.3.3", "Name": "tower-layer", "Identifier": { "PURL": "pkg:cargo/tower-layer@0.3.3", "UID": "3947076b4b4955d5", "BOMRef": "pkg:cargo/tower-layer@0.3.3" }, "Version": "0.3.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "tower-service@0.3.3", "Name": "tower-service", "Identifier": { "PURL": "pkg:cargo/tower-service@0.3.3", "UID": "a2e7cec5f2433d7", "BOMRef": "pkg:cargo/tower-service@0.3.3" }, "Version": "0.3.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "tracing@0.1.43", "Name": "tracing", "Identifier": { "PURL": "pkg:cargo/tracing@0.1.43", "UID": "daaf3f16670bd72b", "BOMRef": "pkg:cargo/tracing@0.1.43" }, "Version": "0.1.43", "Licenses": [ "MIT" ], "DependsOn": [ "log@0.4.28", "pin-project-lite@0.2.12", "tracing-attributes@0.1.31", "tracing-core@0.1.35" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "tracing-attributes@0.1.31", "Name": "tracing-attributes", "Identifier": { "PURL": "pkg:cargo/tracing-attributes@0.1.31", "UID": "d1632aa4b5cf95e5", "BOMRef": "pkg:cargo/tracing-attributes@0.1.31" }, "Version": "0.1.31", "Licenses": [ "MIT" ], "DependsOn": [ "proc-macro2@1.0.101", "quote@1.0.42", "syn@2.0.111" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "tracing-core@0.1.35", "Name": "tracing-core", "Identifier": { "PURL": "pkg:cargo/tracing-core@0.1.35", "UID": "942083df78e89510", "BOMRef": "pkg:cargo/tracing-core@0.1.35" }, "Version": "0.1.35", "Licenses": [ "MIT" ], "DependsOn": [ "once_cell@1.21.3", "valuable@0.1.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "tracing-log@0.2.0", "Name": "tracing-log", "Identifier": { "PURL": "pkg:cargo/tracing-log@0.2.0", "UID": "1d0bcb14ff2dfcac", "BOMRef": "pkg:cargo/tracing-log@0.2.0" }, "Version": "0.2.0", "Licenses": [ "MIT" ], "DependsOn": [ "log@0.4.28", "once_cell@1.21.3", "tracing-core@0.1.35" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "tracing-serde@0.2.0", "Name": "tracing-serde", "Identifier": { "PURL": "pkg:cargo/tracing-serde@0.2.0", "UID": "c157aba9222014f4", "BOMRef": "pkg:cargo/tracing-serde@0.2.0" }, "Version": "0.2.0", "Licenses": [ "MIT" ], "DependsOn": [ "serde@1.0.226", "tracing-core@0.1.35" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "tracing-subscriber@0.3.22", "Name": "tracing-subscriber", "Identifier": { "PURL": "pkg:cargo/tracing-subscriber@0.3.22", "UID": "465ba0ac18475b90", "BOMRef": "pkg:cargo/tracing-subscriber@0.3.22" }, "Version": "0.3.22", "Licenses": [ "MIT" ], "DependsOn": [ "matchers@0.2.0", "nu-ansi-term@0.50.1", "once_cell@1.21.3", "parking_lot@0.12.5", "regex-automata@0.4.8", "serde@1.0.226", "serde_json@1.0.145", "sharded-slab@0.1.4", "smallvec@1.15.1", "thread_local@1.1.7", "tracing-core@0.1.35", "tracing-log@0.2.0", "tracing-serde@0.2.0", "tracing@0.1.43" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "tracing-tracy@0.11.4", "Name": "tracing-tracy", "Identifier": { "PURL": "pkg:cargo/tracing-tracy@0.11.4", "UID": "4660943754a81cf7", "BOMRef": "pkg:cargo/tracing-tracy@0.11.4" }, "Version": "0.11.4", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "tracing-core@0.1.35", "tracing-subscriber@0.3.22", "tracy-client@0.17.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "tracy-client@0.17.0", "Name": "tracy-client", "Identifier": { "PURL": "pkg:cargo/tracy-client@0.17.0", "UID": "659f5bbf0addfe26", "BOMRef": "pkg:cargo/tracy-client@0.17.0" }, "Version": "0.17.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "loom@0.7.1", "once_cell@1.21.3", "tracy-client-sys@0.21.2" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "tracy-client-sys@0.21.2", "Name": "tracy-client-sys", "Identifier": { "PURL": "pkg:cargo/tracy-client-sys@0.21.2", "UID": "740d7818acc9f029", "BOMRef": "pkg:cargo/tracy-client-sys@0.21.2" }, "Version": "0.21.2", "Licenses": [ "(MIT OR Apache-2.0) AND BSD-3-Clause" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "try-lock@0.2.3", "Name": "try-lock", "Identifier": { "PURL": "pkg:cargo/try-lock@0.2.3", "UID": "53d0e6d0aba56a5", "BOMRef": "pkg:cargo/try-lock@0.2.3" }, "Version": "0.2.3", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "typeid@1.0.0", "Name": "typeid", "Identifier": { "PURL": "pkg:cargo/typeid@1.0.0", "UID": "26d285d115c1365", "BOMRef": "pkg:cargo/typeid@1.0.0" }, "Version": "1.0.0", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "typenum@1.16.0", "Name": "typenum", "Identifier": { "PURL": "pkg:cargo/typenum@1.16.0", "UID": "1e6fa44e5980bfc8", "BOMRef": "pkg:cargo/typenum@1.16.0" }, "Version": "1.16.0", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "typetag@0.2.15", "Name": "typetag", "Identifier": { "PURL": "pkg:cargo/typetag@0.2.15", "UID": "32def2ce68f6e38a", "BOMRef": "pkg:cargo/typetag@0.2.15" }, "Version": "0.2.15", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "erased-serde@0.4.2", "inventory@0.3.14", "once_cell@1.21.3", "serde@1.0.226", "typetag-impl@0.2.15" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "typetag-impl@0.2.15", "Name": "typetag-impl", "Identifier": { "PURL": "pkg:cargo/typetag-impl@0.2.15", "UID": "fd9a3b8801373d9d", "BOMRef": "pkg:cargo/typetag-impl@0.2.15" }, "Version": "0.2.15", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "proc-macro2@1.0.101", "quote@1.0.42", "syn@2.0.111" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "unicase@2.6.0", "Name": "unicase", "Identifier": { "PURL": "pkg:cargo/unicase@2.6.0", "UID": "65e90e7bdb68001e", "BOMRef": "pkg:cargo/unicase@2.6.0" }, "Version": "2.6.0", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "unicode-ident@1.0.13", "Name": "unicode-ident", "Identifier": { "PURL": "pkg:cargo/unicode-ident@1.0.13", "UID": "3f032876c3ff67a", "BOMRef": "pkg:cargo/unicode-ident@1.0.13" }, "Version": "1.0.13", "Licenses": [ "(MIT OR Apache-2.0) AND Unicode-DFS-2016" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "unicode-normalization@0.1.24", "Name": "unicode-normalization", "Identifier": { "PURL": "pkg:cargo/unicode-normalization@0.1.24", "UID": "c6feabcde8c4ae4d", "BOMRef": "pkg:cargo/unicode-normalization@0.1.24" }, "Version": "0.1.24", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "tinyvec@1.10.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "unicode-width@0.2.0", "Name": "unicode-width", "Identifier": { "PURL": "pkg:cargo/unicode-width@0.2.0", "UID": "b39fd98932e2185", "BOMRef": "pkg:cargo/unicode-width@0.2.0" }, "Version": "0.2.0", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "unicode-xid@0.2.6", "Name": "unicode-xid", "Identifier": { "PURL": "pkg:cargo/unicode-xid@0.2.6", "UID": "e9e1ea2cd516bc8b", "BOMRef": "pkg:cargo/unicode-xid@0.2.6" }, "Version": "0.2.6", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "unindent@0.2.4", "Name": "unindent", "Identifier": { "PURL": "pkg:cargo/unindent@0.2.4", "UID": "e5d86df2275f97fa", "BOMRef": "pkg:cargo/unindent@0.2.4" }, "Version": "0.2.4", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "unit-prefix@0.5.1", "Name": "unit-prefix", "Identifier": { "PURL": "pkg:cargo/unit-prefix@0.5.1", "UID": "990bd345063ddf89", "BOMRef": "pkg:cargo/unit-prefix@0.5.1" }, "Version": "0.5.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "untrusted@0.9.0", "Name": "untrusted", "Identifier": { "PURL": "pkg:cargo/untrusted@0.9.0", "UID": "12d6b308be1ffc85", "BOMRef": "pkg:cargo/untrusted@0.9.0" }, "Version": "0.9.0", "Licenses": [ "ISC" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "unty@0.0.4", "Name": "unty", "Identifier": { "PURL": "pkg:cargo/unty@0.0.4", "UID": "180933aa23ec7e18", "BOMRef": "pkg:cargo/unty@0.0.4" }, "Version": "0.0.4", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "unwind@0.4.1", "Name": "unwind", "Identifier": { "PURL": "pkg:cargo/unwind@0.4.1", "UID": "9749490c29cde8d1", "BOMRef": "pkg:cargo/unwind@0.4.1" }, "Version": "0.4.1", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "foreign-types@0.5.0", "libc@0.2.174", "unwind-sys@0.1.3" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "unwind-sys@0.1.3", "Name": "unwind-sys", "Identifier": { "PURL": "pkg:cargo/unwind-sys@0.1.3", "UID": "3bf7ac487bdd640", "BOMRef": "pkg:cargo/unwind-sys@0.1.3" }, "Version": "0.1.3", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "libc@0.2.174" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "url@2.5.7", "Name": "url", "Identifier": { "PURL": "pkg:cargo/url@2.5.7", "UID": "5ca40592d3f73d00", "BOMRef": "pkg:cargo/url@2.5.7" }, "Version": "2.5.7", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "form_urlencoded@1.2.2", "idna@1.1.0", "percent-encoding@2.3.2", "serde@1.0.226" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "utf16_iter@1.0.5", "Name": "utf16_iter", "Identifier": { "PURL": "pkg:cargo/utf16_iter@1.0.5", "UID": "8c3480ed9ca77273", "BOMRef": "pkg:cargo/utf16_iter@1.0.5" }, "Version": "1.0.5", "Licenses": [ "Apache-2.0 OR MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "utf8_iter@1.0.4", "Name": "utf8_iter", "Identifier": { "PURL": "pkg:cargo/utf8_iter@1.0.4", "UID": "ab020c3cadfaa418", "BOMRef": "pkg:cargo/utf8_iter@1.0.4" }, "Version": "1.0.4", "Licenses": [ "Apache-2.0 OR MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "utf8parse@0.2.1", "Name": "utf8parse", "Identifier": { "PURL": "pkg:cargo/utf8parse@0.2.1", "UID": "742459eeae7a7167", "BOMRef": "pkg:cargo/utf8parse@0.2.1" }, "Version": "0.2.1", "Licenses": [ "Apache-2.0 OR MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "uuid@1.18.1", "Name": "uuid", "Identifier": { "PURL": "pkg:cargo/uuid@1.18.1", "UID": "8dd8c94234d8094a", "BOMRef": "pkg:cargo/uuid@1.18.1" }, "Version": "1.18.1", "Licenses": [ "Apache-2.0 OR MIT" ], "DependsOn": [ "getrandom@0.3.0", "js-sys@0.3.77", "serde@1.0.226", "wasm-bindgen@0.2.100" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "v_htmlescape@0.15.8", "Name": "v_htmlescape", "Identifier": { "PURL": "pkg:cargo/v_htmlescape@0.15.8", "UID": "d60a84a2b4b7a397", "BOMRef": "pkg:cargo/v_htmlescape@0.15.8" }, "Version": "0.15.8", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "validator@0.20.0", "Name": "validator", "Identifier": { "PURL": "pkg:cargo/validator@0.20.0", "UID": "9969d4440a7a3ec", "BOMRef": "pkg:cargo/validator@0.20.0" }, "Version": "0.20.0", "Licenses": [ "MIT" ], "DependsOn": [ "idna@1.1.0", "once_cell@1.21.3", "regex@1.11.0", "serde@1.0.226", "serde_derive@1.0.226", "serde_json@1.0.145", "url@2.5.7", "validator_derive@0.20.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "validator_derive@0.20.0", "Name": "validator_derive", "Identifier": { "PURL": "pkg:cargo/validator_derive@0.20.0", "UID": "4a36dcc22bc66082", "BOMRef": "pkg:cargo/validator_derive@0.20.0" }, "Version": "0.20.0", "Licenses": [ "MIT" ], "DependsOn": [ "darling@0.20.8", "once_cell@1.21.3", "proc-macro-error2@2.0.1", "proc-macro2@1.0.101", "quote@1.0.42", "syn@2.0.111" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "valuable@0.1.0", "Name": "valuable", "Identifier": { "PURL": "pkg:cargo/valuable@0.1.0", "UID": "422f573a398faa76", "BOMRef": "pkg:cargo/valuable@0.1.0" }, "Version": "0.1.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "vaporetto@0.6.5", "Name": "vaporetto", "Identifier": { "PURL": "pkg:cargo/vaporetto@0.6.5", "UID": "64780072e9b30f97", "BOMRef": "pkg:cargo/vaporetto@0.6.5" }, "Version": "0.6.5", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "bincode@2.0.1", "daachorse@1.0.0", "hashbrown@0.15.2" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "virtue@0.0.18", "Name": "virtue", "Identifier": { "PURL": "pkg:cargo/virtue@0.0.18", "UID": "103d0fc89ca2adfa", "BOMRef": "pkg:cargo/virtue@0.0.18" }, "Version": "0.0.18", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "walkdir@2.5.0", "Name": "walkdir", "Identifier": { "PURL": "pkg:cargo/walkdir@2.5.0", "UID": "98542305671f7573", "BOMRef": "pkg:cargo/walkdir@2.5.0" }, "Version": "2.5.0", "Licenses": [ "Unlicense OR MIT" ], "DependsOn": [ "same-file@1.0.6", "winapi-util@0.1.5" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "want@0.3.0", "Name": "want", "Identifier": { "PURL": "pkg:cargo/want@0.3.0", "UID": "ce27d0486ceeb411", "BOMRef": "pkg:cargo/want@0.3.0" }, "Version": "0.3.0", "Licenses": [ "MIT" ], "DependsOn": [ "log@0.4.28", "try-lock@0.2.3" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "wasi@0.11.0+wasi-snapshot-preview1", "Name": "wasi", "Identifier": { "PURL": "pkg:cargo/wasi@0.11.0%2Bwasi-snapshot-preview1", "UID": "9daeaa7b194ede7c", "BOMRef": "pkg:cargo/wasi@0.11.0%2Bwasi-snapshot-preview1" }, "Version": "0.11.0+wasi-snapshot-preview1", "Licenses": [ "Apache-2.0 OR Apache-2.0 OR MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "wasi@0.13.3+wasi-0.2.2", "Name": "wasi", "Identifier": { "PURL": "pkg:cargo/wasi@0.13.3%2Bwasi-0.2.2", "UID": "767ddecb20fbfe43", "BOMRef": "pkg:cargo/wasi@0.13.3%2Bwasi-0.2.2" }, "Version": "0.13.3+wasi-0.2.2", "Licenses": [ "Apache-2.0 OR Apache-2.0 OR MIT" ], "DependsOn": [ "wit-bindgen-rt@0.33.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "wasi@0.9.0+wasi-snapshot-preview1", "Name": "wasi", "Identifier": { "PURL": "pkg:cargo/wasi@0.9.0%2Bwasi-snapshot-preview1", "UID": "403595da1f13d9e8", "BOMRef": "pkg:cargo/wasi@0.9.0%2Bwasi-snapshot-preview1" }, "Version": "0.9.0+wasi-snapshot-preview1", "Licenses": [ "Apache-2.0 OR Apache-2.0 OR MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "wasm-bindgen@0.2.100", "Name": "wasm-bindgen", "Identifier": { "PURL": "pkg:cargo/wasm-bindgen@0.2.100", "UID": "aa1bd90527211eb8", "BOMRef": "pkg:cargo/wasm-bindgen@0.2.100" }, "Version": "0.2.100", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "cfg-if@1.0.0", "once_cell@1.21.3", "rustversion@1.0.11", "wasm-bindgen-macro@0.2.100" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "wasm-bindgen-backend@0.2.100", "Name": "wasm-bindgen-backend", "Identifier": { "PURL": "pkg:cargo/wasm-bindgen-backend@0.2.100", "UID": "8224eed8cada0cd7", "BOMRef": "pkg:cargo/wasm-bindgen-backend@0.2.100" }, "Version": "0.2.100", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "bumpalo@3.11.1", "log@0.4.28", "proc-macro2@1.0.101", "quote@1.0.42", "syn@2.0.111", "wasm-bindgen-shared@0.2.100" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "wasm-bindgen-futures@0.4.42", "Name": "wasm-bindgen-futures", "Identifier": { "PURL": "pkg:cargo/wasm-bindgen-futures@0.4.42", "UID": "893389fa58e09669", "BOMRef": "pkg:cargo/wasm-bindgen-futures@0.4.42" }, "Version": "0.4.42", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "cfg-if@1.0.0", "js-sys@0.3.77", "wasm-bindgen@0.2.100", "web-sys@0.3.69" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "wasm-bindgen-macro@0.2.100", "Name": "wasm-bindgen-macro", "Identifier": { "PURL": "pkg:cargo/wasm-bindgen-macro@0.2.100", "UID": "edd00c67530c9994", "BOMRef": "pkg:cargo/wasm-bindgen-macro@0.2.100" }, "Version": "0.2.100", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "quote@1.0.42", "wasm-bindgen-macro-support@0.2.100" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "wasm-bindgen-macro-support@0.2.100", "Name": "wasm-bindgen-macro-support", "Identifier": { "PURL": "pkg:cargo/wasm-bindgen-macro-support@0.2.100", "UID": "95866e435e050b07", "BOMRef": "pkg:cargo/wasm-bindgen-macro-support@0.2.100" }, "Version": "0.2.100", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "proc-macro2@1.0.101", "quote@1.0.42", "syn@2.0.111", "wasm-bindgen-backend@0.2.100", "wasm-bindgen-shared@0.2.100" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "wasm-bindgen-shared@0.2.100", "Name": "wasm-bindgen-shared", "Identifier": { "PURL": "pkg:cargo/wasm-bindgen-shared@0.2.100", "UID": "488c20a365d0265c", "BOMRef": "pkg:cargo/wasm-bindgen-shared@0.2.100" }, "Version": "0.2.100", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "unicode-ident@1.0.13" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "wasm-streams@0.4.0", "Name": "wasm-streams", "Identifier": { "PURL": "pkg:cargo/wasm-streams@0.4.0", "UID": "779f7fa555ed8430", "BOMRef": "pkg:cargo/wasm-streams@0.4.0" }, "Version": "0.4.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "futures-util@0.3.31", "js-sys@0.3.77", "wasm-bindgen-futures@0.4.42", "wasm-bindgen@0.2.100", "web-sys@0.3.69" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "web-sys@0.3.69", "Name": "web-sys", "Identifier": { "PURL": "pkg:cargo/web-sys@0.3.69", "UID": "7291a547c00ca3db", "BOMRef": "pkg:cargo/web-sys@0.3.69" }, "Version": "0.3.69", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "js-sys@0.3.77", "wasm-bindgen@0.2.100" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "web-time@1.1.0", "Name": "web-time", "Identifier": { "PURL": "pkg:cargo/web-time@1.1.0", "UID": "88f5f30c2efd9c5b", "BOMRef": "pkg:cargo/web-time@1.1.0" }, "Version": "1.1.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "js-sys@0.3.77", "wasm-bindgen@0.2.100" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "webpki-roots@0.26.1", "Name": "webpki-roots", "Identifier": { "PURL": "pkg:cargo/webpki-roots@0.26.1", "UID": "8b8e105d78f41591", "BOMRef": "pkg:cargo/webpki-roots@0.26.1" }, "Version": "0.26.1", "Licenses": [ "MPL-2.0" ], "DependsOn": [ "rustls-pki-types@1.12.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "webpki-roots@1.0.0", "Name": "webpki-roots", "Identifier": { "PURL": "pkg:cargo/webpki-roots@1.0.0", "UID": "9a6b07b41321e29b", "BOMRef": "pkg:cargo/webpki-roots@1.0.0" }, "Version": "1.0.0", "Licenses": [ "CDLA-Permissive-2.0" ], "DependsOn": [ "rustls-pki-types@1.12.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "whatlang@0.16.4", "Name": "whatlang", "Identifier": { "PURL": "pkg:cargo/whatlang@0.16.4", "UID": "7e916d339ca542b9", "BOMRef": "pkg:cargo/whatlang@0.16.4" }, "Version": "0.16.4", "Licenses": [ "MIT" ], "DependsOn": [ "hashbrown@0.14.2", "once_cell@1.21.3" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "winapi@0.3.9", "Name": "winapi", "Identifier": { "PURL": "pkg:cargo/winapi@0.3.9", "UID": "22500750ad6dc177", "BOMRef": "pkg:cargo/winapi@0.3.9" }, "Version": "0.3.9", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "winapi-i686-pc-windows-gnu@0.4.0", "winapi-x86_64-pc-windows-gnu@0.4.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "winapi-i686-pc-windows-gnu@0.4.0", "Name": "winapi-i686-pc-windows-gnu", "Identifier": { "PURL": "pkg:cargo/winapi-i686-pc-windows-gnu@0.4.0", "UID": "8b654648d932898a", "BOMRef": "pkg:cargo/winapi-i686-pc-windows-gnu@0.4.0" }, "Version": "0.4.0", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "winapi-util@0.1.5", "Name": "winapi-util", "Identifier": { "PURL": "pkg:cargo/winapi-util@0.1.5", "UID": "57f2311b03997887", "BOMRef": "pkg:cargo/winapi-util@0.1.5" }, "Version": "0.1.5", "Licenses": [ "Unlicense OR MIT" ], "DependsOn": [ "winapi@0.3.9" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "winapi-x86_64-pc-windows-gnu@0.4.0", "Name": "winapi-x86_64-pc-windows-gnu", "Identifier": { "PURL": "pkg:cargo/winapi-x86_64-pc-windows-gnu@0.4.0", "UID": "70d46ec7df320821", "BOMRef": "pkg:cargo/winapi-x86_64-pc-windows-gnu@0.4.0" }, "Version": "0.4.0", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows@0.48.0", "Name": "windows", "Identifier": { "PURL": "pkg:cargo/windows@0.48.0", "UID": "41c07d69d3b40492", "BOMRef": "pkg:cargo/windows@0.48.0" }, "Version": "0.48.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "windows-targets@0.48.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows@0.57.0", "Name": "windows", "Identifier": { "PURL": "pkg:cargo/windows@0.57.0", "UID": "2e401b7e98c0bf6c", "BOMRef": "pkg:cargo/windows@0.57.0" }, "Version": "0.57.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "windows-core@0.57.0", "windows-targets@0.52.6" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows@0.61.3", "Name": "windows", "Identifier": { "PURL": "pkg:cargo/windows@0.61.3", "UID": "8d1f73d9d60c7ad6", "BOMRef": "pkg:cargo/windows@0.61.3" }, "Version": "0.61.3", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "windows-collections@0.2.0", "windows-core@0.61.2", "windows-future@0.2.1", "windows-link@0.1.3", "windows-numerics@0.2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows-collections@0.2.0", "Name": "windows-collections", "Identifier": { "PURL": "pkg:cargo/windows-collections@0.2.0", "UID": "7f2f0243e32cea9b", "BOMRef": "pkg:cargo/windows-collections@0.2.0" }, "Version": "0.2.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "windows-core@0.61.2" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows-core@0.57.0", "Name": "windows-core", "Identifier": { "PURL": "pkg:cargo/windows-core@0.57.0", "UID": "f2fa4a8c217ff554", "BOMRef": "pkg:cargo/windows-core@0.57.0" }, "Version": "0.57.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "windows-implement@0.57.0", "windows-interface@0.57.0", "windows-result@0.1.2", "windows-targets@0.52.6" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows-core@0.61.2", "Name": "windows-core", "Identifier": { "PURL": "pkg:cargo/windows-core@0.61.2", "UID": "6418937d8d5e130", "BOMRef": "pkg:cargo/windows-core@0.61.2" }, "Version": "0.61.2", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "windows-implement@0.60.0", "windows-interface@0.59.1", "windows-link@0.1.3", "windows-result@0.3.4", "windows-strings@0.4.2" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows-future@0.2.1", "Name": "windows-future", "Identifier": { "PURL": "pkg:cargo/windows-future@0.2.1", "UID": "3fd881e648a02698", "BOMRef": "pkg:cargo/windows-future@0.2.1" }, "Version": "0.2.1", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "windows-core@0.61.2", "windows-link@0.1.3", "windows-threading@0.1.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows-implement@0.57.0", "Name": "windows-implement", "Identifier": { "PURL": "pkg:cargo/windows-implement@0.57.0", "UID": "acac6b29c833b6ab", "BOMRef": "pkg:cargo/windows-implement@0.57.0" }, "Version": "0.57.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "proc-macro2@1.0.101", "quote@1.0.42", "syn@2.0.111" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows-implement@0.60.0", "Name": "windows-implement", "Identifier": { "PURL": "pkg:cargo/windows-implement@0.60.0", "UID": "2ddbcf3a52fb1fd5", "BOMRef": "pkg:cargo/windows-implement@0.60.0" }, "Version": "0.60.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "proc-macro2@1.0.101", "quote@1.0.42", "syn@2.0.111" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows-interface@0.57.0", "Name": "windows-interface", "Identifier": { "PURL": "pkg:cargo/windows-interface@0.57.0", "UID": "397ba7057f832c3d", "BOMRef": "pkg:cargo/windows-interface@0.57.0" }, "Version": "0.57.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "proc-macro2@1.0.101", "quote@1.0.42", "syn@2.0.111" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows-interface@0.59.1", "Name": "windows-interface", "Identifier": { "PURL": "pkg:cargo/windows-interface@0.59.1", "UID": "c1970d79999078a2", "BOMRef": "pkg:cargo/windows-interface@0.59.1" }, "Version": "0.59.1", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "proc-macro2@1.0.101", "quote@1.0.42", "syn@2.0.111" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows-link@0.1.3", "Name": "windows-link", "Identifier": { "PURL": "pkg:cargo/windows-link@0.1.3", "UID": "59941efa95239dcc", "BOMRef": "pkg:cargo/windows-link@0.1.3" }, "Version": "0.1.3", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows-link@0.2.0", "Name": "windows-link", "Identifier": { "PURL": "pkg:cargo/windows-link@0.2.0", "UID": "81efe3082ec4d217", "BOMRef": "pkg:cargo/windows-link@0.2.0" }, "Version": "0.2.0", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows-numerics@0.2.0", "Name": "windows-numerics", "Identifier": { "PURL": "pkg:cargo/windows-numerics@0.2.0", "UID": "97b0dd31052f3a9f", "BOMRef": "pkg:cargo/windows-numerics@0.2.0" }, "Version": "0.2.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "windows-core@0.61.2", "windows-link@0.1.3" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows-result@0.1.2", "Name": "windows-result", "Identifier": { "PURL": "pkg:cargo/windows-result@0.1.2", "UID": "f56035cc7e69bf2b", "BOMRef": "pkg:cargo/windows-result@0.1.2" }, "Version": "0.1.2", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "windows-targets@0.52.6" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows-result@0.3.4", "Name": "windows-result", "Identifier": { "PURL": "pkg:cargo/windows-result@0.3.4", "UID": "8aabddee73946266", "BOMRef": "pkg:cargo/windows-result@0.3.4" }, "Version": "0.3.4", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "windows-link@0.1.3" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows-strings@0.4.2", "Name": "windows-strings", "Identifier": { "PURL": "pkg:cargo/windows-strings@0.4.2", "UID": "bb515c9855d1da62", "BOMRef": "pkg:cargo/windows-strings@0.4.2" }, "Version": "0.4.2", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "windows-link@0.1.3" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows-sys@0.42.0", "Name": "windows-sys", "Identifier": { "PURL": "pkg:cargo/windows-sys@0.42.0", "UID": "fdd78169f01abef6", "BOMRef": "pkg:cargo/windows-sys@0.42.0" }, "Version": "0.42.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "windows_aarch64_gnullvm@0.42.2", "windows_aarch64_msvc@0.42.2", "windows_i686_gnu@0.42.2", "windows_i686_msvc@0.42.2", "windows_x86_64_gnu@0.42.2", "windows_x86_64_gnullvm@0.42.2", "windows_x86_64_msvc@0.42.2" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows-sys@0.48.0", "Name": "windows-sys", "Identifier": { "PURL": "pkg:cargo/windows-sys@0.48.0", "UID": "386f959eff89c5d2", "BOMRef": "pkg:cargo/windows-sys@0.48.0" }, "Version": "0.48.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "windows-targets@0.48.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows-sys@0.52.0", "Name": "windows-sys", "Identifier": { "PURL": "pkg:cargo/windows-sys@0.52.0", "UID": "28bbe62c0506cb74", "BOMRef": "pkg:cargo/windows-sys@0.52.0" }, "Version": "0.52.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "windows-targets@0.52.6" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows-sys@0.59.0", "Name": "windows-sys", "Identifier": { "PURL": "pkg:cargo/windows-sys@0.59.0", "UID": "b6210ec4bde31985", "BOMRef": "pkg:cargo/windows-sys@0.59.0" }, "Version": "0.59.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "windows-targets@0.52.6" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows-sys@0.60.2", "Name": "windows-sys", "Identifier": { "PURL": "pkg:cargo/windows-sys@0.60.2", "UID": "b8e6e6dd566dbda8", "BOMRef": "pkg:cargo/windows-sys@0.60.2" }, "Version": "0.60.2", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "windows-targets@0.53.2" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows-sys@0.61.1", "Name": "windows-sys", "Identifier": { "PURL": "pkg:cargo/windows-sys@0.61.1", "UID": "8f40580bdf8b41f2", "BOMRef": "pkg:cargo/windows-sys@0.61.1" }, "Version": "0.61.1", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "windows-link@0.2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows-targets@0.48.0", "Name": "windows-targets", "Identifier": { "PURL": "pkg:cargo/windows-targets@0.48.0", "UID": "e7710ada741817e7", "BOMRef": "pkg:cargo/windows-targets@0.48.0" }, "Version": "0.48.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "windows_aarch64_gnullvm@0.48.0", "windows_aarch64_msvc@0.48.0", "windows_i686_gnu@0.48.0", "windows_i686_msvc@0.48.0", "windows_x86_64_gnu@0.48.0", "windows_x86_64_gnullvm@0.48.0", "windows_x86_64_msvc@0.48.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows-targets@0.52.6", "Name": "windows-targets", "Identifier": { "PURL": "pkg:cargo/windows-targets@0.52.6", "UID": "10850d22d19da3eb", "BOMRef": "pkg:cargo/windows-targets@0.52.6" }, "Version": "0.52.6", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "windows_aarch64_gnullvm@0.52.6", "windows_aarch64_msvc@0.52.6", "windows_i686_gnu@0.52.6", "windows_i686_gnullvm@0.52.6", "windows_i686_msvc@0.52.6", "windows_x86_64_gnu@0.52.6", "windows_x86_64_gnullvm@0.52.6", "windows_x86_64_msvc@0.52.6" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows-targets@0.53.2", "Name": "windows-targets", "Identifier": { "PURL": "pkg:cargo/windows-targets@0.53.2", "UID": "bd12065a28f4eb47", "BOMRef": "pkg:cargo/windows-targets@0.53.2" }, "Version": "0.53.2", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "windows_aarch64_gnullvm@0.53.0", "windows_aarch64_msvc@0.53.0", "windows_i686_gnu@0.53.0", "windows_i686_gnullvm@0.53.0", "windows_i686_msvc@0.53.0", "windows_x86_64_gnu@0.53.0", "windows_x86_64_gnullvm@0.53.0", "windows_x86_64_msvc@0.53.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows-threading@0.1.0", "Name": "windows-threading", "Identifier": { "PURL": "pkg:cargo/windows-threading@0.1.0", "UID": "db0a8d7644c50e57", "BOMRef": "pkg:cargo/windows-threading@0.1.0" }, "Version": "0.1.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "windows-link@0.1.3" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows_aarch64_gnullvm@0.42.2", "Name": "windows_aarch64_gnullvm", "Identifier": { "PURL": "pkg:cargo/windows_aarch64_gnullvm@0.42.2", "UID": "a7690e75fc15db2d", "BOMRef": "pkg:cargo/windows_aarch64_gnullvm@0.42.2" }, "Version": "0.42.2", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows_aarch64_gnullvm@0.48.0", "Name": "windows_aarch64_gnullvm", "Identifier": { "PURL": "pkg:cargo/windows_aarch64_gnullvm@0.48.0", "UID": "bd42cc562cda53", "BOMRef": "pkg:cargo/windows_aarch64_gnullvm@0.48.0" }, "Version": "0.48.0", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows_aarch64_gnullvm@0.52.6", "Name": "windows_aarch64_gnullvm", "Identifier": { "PURL": "pkg:cargo/windows_aarch64_gnullvm@0.52.6", "UID": "460538bd615f11d6", "BOMRef": "pkg:cargo/windows_aarch64_gnullvm@0.52.6" }, "Version": "0.52.6", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows_aarch64_gnullvm@0.53.0", "Name": "windows_aarch64_gnullvm", "Identifier": { "PURL": "pkg:cargo/windows_aarch64_gnullvm@0.53.0", "UID": "fd8311aeb2c7b1b1", "BOMRef": "pkg:cargo/windows_aarch64_gnullvm@0.53.0" }, "Version": "0.53.0", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows_aarch64_msvc@0.42.2", "Name": "windows_aarch64_msvc", "Identifier": { "PURL": "pkg:cargo/windows_aarch64_msvc@0.42.2", "UID": "a37b74d0000da8ce", "BOMRef": "pkg:cargo/windows_aarch64_msvc@0.42.2" }, "Version": "0.42.2", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows_aarch64_msvc@0.48.0", "Name": "windows_aarch64_msvc", "Identifier": { "PURL": "pkg:cargo/windows_aarch64_msvc@0.48.0", "UID": "9c2c2f508b4c9db", "BOMRef": "pkg:cargo/windows_aarch64_msvc@0.48.0" }, "Version": "0.48.0", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows_aarch64_msvc@0.52.6", "Name": "windows_aarch64_msvc", "Identifier": { "PURL": "pkg:cargo/windows_aarch64_msvc@0.52.6", "UID": "54f22cd2e3b42304", "BOMRef": "pkg:cargo/windows_aarch64_msvc@0.52.6" }, "Version": "0.52.6", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows_aarch64_msvc@0.53.0", "Name": "windows_aarch64_msvc", "Identifier": { "PURL": "pkg:cargo/windows_aarch64_msvc@0.53.0", "UID": "99bd2a6883fad2fd", "BOMRef": "pkg:cargo/windows_aarch64_msvc@0.53.0" }, "Version": "0.53.0", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows_i686_gnu@0.42.2", "Name": "windows_i686_gnu", "Identifier": { "PURL": "pkg:cargo/windows_i686_gnu@0.42.2", "UID": "4f0221d0e6c8867d", "BOMRef": "pkg:cargo/windows_i686_gnu@0.42.2" }, "Version": "0.42.2", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows_i686_gnu@0.48.0", "Name": "windows_i686_gnu", "Identifier": { "PURL": "pkg:cargo/windows_i686_gnu@0.48.0", "UID": "3bb89806e3e4dd2", "BOMRef": "pkg:cargo/windows_i686_gnu@0.48.0" }, "Version": "0.48.0", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows_i686_gnu@0.52.6", "Name": "windows_i686_gnu", "Identifier": { "PURL": "pkg:cargo/windows_i686_gnu@0.52.6", "UID": "7cd8466a1d367827", "BOMRef": "pkg:cargo/windows_i686_gnu@0.52.6" }, "Version": "0.52.6", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows_i686_gnu@0.53.0", "Name": "windows_i686_gnu", "Identifier": { "PURL": "pkg:cargo/windows_i686_gnu@0.53.0", "UID": "90b7413309218f8d", "BOMRef": "pkg:cargo/windows_i686_gnu@0.53.0" }, "Version": "0.53.0", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows_i686_gnullvm@0.52.6", "Name": "windows_i686_gnullvm", "Identifier": { "PURL": "pkg:cargo/windows_i686_gnullvm@0.52.6", "UID": "9912fd9d96a94004", "BOMRef": "pkg:cargo/windows_i686_gnullvm@0.52.6" }, "Version": "0.52.6", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows_i686_gnullvm@0.53.0", "Name": "windows_i686_gnullvm", "Identifier": { "PURL": "pkg:cargo/windows_i686_gnullvm@0.53.0", "UID": "917e7d8b2527a17e", "BOMRef": "pkg:cargo/windows_i686_gnullvm@0.53.0" }, "Version": "0.53.0", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows_i686_msvc@0.42.2", "Name": "windows_i686_msvc", "Identifier": { "PURL": "pkg:cargo/windows_i686_msvc@0.42.2", "UID": "4f6266b7bbe730bf", "BOMRef": "pkg:cargo/windows_i686_msvc@0.42.2" }, "Version": "0.42.2", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows_i686_msvc@0.48.0", "Name": "windows_i686_msvc", "Identifier": { "PURL": "pkg:cargo/windows_i686_msvc@0.48.0", "UID": "9d49046c5860dbcd", "BOMRef": "pkg:cargo/windows_i686_msvc@0.48.0" }, "Version": "0.48.0", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows_i686_msvc@0.52.6", "Name": "windows_i686_msvc", "Identifier": { "PURL": "pkg:cargo/windows_i686_msvc@0.52.6", "UID": "865c14b7b87bce18", "BOMRef": "pkg:cargo/windows_i686_msvc@0.52.6" }, "Version": "0.52.6", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows_i686_msvc@0.53.0", "Name": "windows_i686_msvc", "Identifier": { "PURL": "pkg:cargo/windows_i686_msvc@0.53.0", "UID": "2b86849ca59fbe08", "BOMRef": "pkg:cargo/windows_i686_msvc@0.53.0" }, "Version": "0.53.0", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows_x86_64_gnu@0.42.2", "Name": "windows_x86_64_gnu", "Identifier": { "PURL": "pkg:cargo/windows_x86_64_gnu@0.42.2", "UID": "edb5852ba63889bb", "BOMRef": "pkg:cargo/windows_x86_64_gnu@0.42.2" }, "Version": "0.42.2", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows_x86_64_gnu@0.48.0", "Name": "windows_x86_64_gnu", "Identifier": { "PURL": "pkg:cargo/windows_x86_64_gnu@0.48.0", "UID": "52745003533fa2c7", "BOMRef": "pkg:cargo/windows_x86_64_gnu@0.48.0" }, "Version": "0.48.0", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows_x86_64_gnu@0.52.6", "Name": "windows_x86_64_gnu", "Identifier": { "PURL": "pkg:cargo/windows_x86_64_gnu@0.52.6", "UID": "4602626feee406aa", "BOMRef": "pkg:cargo/windows_x86_64_gnu@0.52.6" }, "Version": "0.52.6", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows_x86_64_gnu@0.53.0", "Name": "windows_x86_64_gnu", "Identifier": { "PURL": "pkg:cargo/windows_x86_64_gnu@0.53.0", "UID": "785f68a8315a12e5", "BOMRef": "pkg:cargo/windows_x86_64_gnu@0.53.0" }, "Version": "0.53.0", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows_x86_64_gnullvm@0.42.2", "Name": "windows_x86_64_gnullvm", "Identifier": { "PURL": "pkg:cargo/windows_x86_64_gnullvm@0.42.2", "UID": "82f1306b993f48cc", "BOMRef": "pkg:cargo/windows_x86_64_gnullvm@0.42.2" }, "Version": "0.42.2", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows_x86_64_gnullvm@0.48.0", "Name": "windows_x86_64_gnullvm", "Identifier": { "PURL": "pkg:cargo/windows_x86_64_gnullvm@0.48.0", "UID": "c041750cece11e5d", "BOMRef": "pkg:cargo/windows_x86_64_gnullvm@0.48.0" }, "Version": "0.48.0", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows_x86_64_gnullvm@0.52.6", "Name": "windows_x86_64_gnullvm", "Identifier": { "PURL": "pkg:cargo/windows_x86_64_gnullvm@0.52.6", "UID": "6aca0d1a88f6bc3", "BOMRef": "pkg:cargo/windows_x86_64_gnullvm@0.52.6" }, "Version": "0.52.6", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows_x86_64_gnullvm@0.53.0", "Name": "windows_x86_64_gnullvm", "Identifier": { "PURL": "pkg:cargo/windows_x86_64_gnullvm@0.53.0", "UID": "ed149a7b9f017c5", "BOMRef": "pkg:cargo/windows_x86_64_gnullvm@0.53.0" }, "Version": "0.53.0", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows_x86_64_msvc@0.42.2", "Name": "windows_x86_64_msvc", "Identifier": { "PURL": "pkg:cargo/windows_x86_64_msvc@0.42.2", "UID": "f481f017dcede22a", "BOMRef": "pkg:cargo/windows_x86_64_msvc@0.42.2" }, "Version": "0.42.2", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows_x86_64_msvc@0.48.0", "Name": "windows_x86_64_msvc", "Identifier": { "PURL": "pkg:cargo/windows_x86_64_msvc@0.48.0", "UID": "e38997002f706c37", "BOMRef": "pkg:cargo/windows_x86_64_msvc@0.48.0" }, "Version": "0.48.0", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows_x86_64_msvc@0.52.6", "Name": "windows_x86_64_msvc", "Identifier": { "PURL": "pkg:cargo/windows_x86_64_msvc@0.52.6", "UID": "b1a55f4b6f867bf1", "BOMRef": "pkg:cargo/windows_x86_64_msvc@0.52.6" }, "Version": "0.52.6", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "windows_x86_64_msvc@0.53.0", "Name": "windows_x86_64_msvc", "Identifier": { "PURL": "pkg:cargo/windows_x86_64_msvc@0.53.0", "UID": "552b7e7aba0575ae", "BOMRef": "pkg:cargo/windows_x86_64_msvc@0.53.0" }, "Version": "0.53.0", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "winnow@0.7.13", "Name": "winnow", "Identifier": { "PURL": "pkg:cargo/winnow@0.7.13", "UID": "af50e6d72154d953", "BOMRef": "pkg:cargo/winnow@0.7.13" }, "Version": "0.7.13", "Licenses": [ "MIT" ], "DependsOn": [ "memchr@2.7.4" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "wit-bindgen-rt@0.33.0", "Name": "wit-bindgen-rt", "Identifier": { "PURL": "pkg:cargo/wit-bindgen-rt@0.33.0", "UID": "f2fcaa4ac2db3f92", "BOMRef": "pkg:cargo/wit-bindgen-rt@0.33.0" }, "Version": "0.33.0", "Licenses": [ "Apache-2.0 OR Apache-2.0 OR MIT" ], "DependsOn": [ "bitflags@2.9.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "write16@1.0.0", "Name": "write16", "Identifier": { "PURL": "pkg:cargo/write16@1.0.0", "UID": "b03f56e3386e8ed8", "BOMRef": "pkg:cargo/write16@1.0.0" }, "Version": "1.0.0", "Licenses": [ "Apache-2.0 OR MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "writeable@0.5.5", "Name": "writeable", "Identifier": { "PURL": "pkg:cargo/writeable@0.5.5", "UID": "8581a836b1d4da99", "BOMRef": "pkg:cargo/writeable@0.5.5" }, "Version": "0.5.5", "Licenses": [ "Unicode-3.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "wyhash@0.5.0", "Name": "wyhash", "Identifier": { "PURL": "pkg:cargo/wyhash@0.5.0", "UID": "c8abc3ee426c69d6", "BOMRef": "pkg:cargo/wyhash@0.5.0" }, "Version": "0.5.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "rand_core@0.6.4" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "wyz@0.5.1", "Name": "wyz", "Identifier": { "PURL": "pkg:cargo/wyz@0.5.1", "UID": "885f0633d46c2cf6", "BOMRef": "pkg:cargo/wyz@0.5.1" }, "Version": "0.5.1", "Licenses": [ "MIT" ], "DependsOn": [ "tap@1.0.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "xattr@1.3.1", "Name": "xattr", "Identifier": { "PURL": "pkg:cargo/xattr@1.3.1", "UID": "9971afe617995d6e", "BOMRef": "pkg:cargo/xattr@1.3.1" }, "Version": "1.3.1", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "libc@0.2.174", "linux-raw-sys@0.4.14", "rustix@0.38.40" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "yaml-rust2@0.10.4", "Name": "yaml-rust2", "Identifier": { "PURL": "pkg:cargo/yaml-rust2@0.10.4", "UID": "2e0fa22362f56a75", "BOMRef": "pkg:cargo/yaml-rust2@0.10.4" }, "Version": "0.10.4", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "arraydeque@0.5.1", "encoding_rs@0.8.33", "hashlink@0.10.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "yoke@0.7.4", "Name": "yoke", "Identifier": { "PURL": "pkg:cargo/yoke@0.7.4", "UID": "ab3e79022594a732", "BOMRef": "pkg:cargo/yoke@0.7.4" }, "Version": "0.7.4", "Licenses": [ "Unicode-3.0" ], "DependsOn": [ "serde@1.0.226", "stable_deref_trait@1.2.0", "yoke-derive@0.7.4", "zerofrom@0.1.4" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "yoke-derive@0.7.4", "Name": "yoke-derive", "Identifier": { "PURL": "pkg:cargo/yoke-derive@0.7.4", "UID": "b86b36d1e7f8e7f7", "BOMRef": "pkg:cargo/yoke-derive@0.7.4" }, "Version": "0.7.4", "Licenses": [ "Unicode-3.0" ], "DependsOn": [ "proc-macro2@1.0.101", "quote@1.0.42", "syn@2.0.111", "synstructure@0.13.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "zerocopy@0.7.35", "Name": "zerocopy", "Identifier": { "PURL": "pkg:cargo/zerocopy@0.7.35", "UID": "d79456857d9393fa", "BOMRef": "pkg:cargo/zerocopy@0.7.35" }, "Version": "0.7.35", "Licenses": [ "BSD-2-Clause OR Apache-2.0 OR MIT" ], "DependsOn": [ "zerocopy-derive@0.7.35" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "zerocopy@0.8.31", "Name": "zerocopy", "Identifier": { "PURL": "pkg:cargo/zerocopy@0.8.31", "UID": "96f26a28170c4cc", "BOMRef": "pkg:cargo/zerocopy@0.8.31" }, "Version": "0.8.31", "Licenses": [ "BSD-2-Clause OR Apache-2.0 OR MIT" ], "DependsOn": [ "zerocopy-derive@0.8.31" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "zerocopy-derive@0.7.35", "Name": "zerocopy-derive", "Identifier": { "PURL": "pkg:cargo/zerocopy-derive@0.7.35", "UID": "55b1e8bb15fe804f", "BOMRef": "pkg:cargo/zerocopy-derive@0.7.35" }, "Version": "0.7.35", "Licenses": [ "BSD-2-Clause OR Apache-2.0 OR MIT" ], "DependsOn": [ "proc-macro2@1.0.101", "quote@1.0.42", "syn@2.0.111" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "zerocopy-derive@0.8.31", "Name": "zerocopy-derive", "Identifier": { "PURL": "pkg:cargo/zerocopy-derive@0.8.31", "UID": "b6845a47a3b671b9", "BOMRef": "pkg:cargo/zerocopy-derive@0.8.31" }, "Version": "0.8.31", "Licenses": [ "BSD-2-Clause OR Apache-2.0 OR MIT" ], "DependsOn": [ "proc-macro2@1.0.101", "quote@1.0.42", "syn@2.0.111" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "zerofrom@0.1.4", "Name": "zerofrom", "Identifier": { "PURL": "pkg:cargo/zerofrom@0.1.4", "UID": "3ae9913da97fa956", "BOMRef": "pkg:cargo/zerofrom@0.1.4" }, "Version": "0.1.4", "Licenses": [ "Unicode-3.0" ], "DependsOn": [ "zerofrom-derive@0.1.4" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "zerofrom-derive@0.1.4", "Name": "zerofrom-derive", "Identifier": { "PURL": "pkg:cargo/zerofrom-derive@0.1.4", "UID": "ca8ec6929e96b753", "BOMRef": "pkg:cargo/zerofrom-derive@0.1.4" }, "Version": "0.1.4", "Licenses": [ "Unicode-3.0" ], "DependsOn": [ "proc-macro2@1.0.101", "quote@1.0.42", "syn@2.0.111", "synstructure@0.13.1" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "zeroize@1.8.1", "Name": "zeroize", "Identifier": { "PURL": "pkg:cargo/zeroize@1.8.1", "UID": "710ae032b80aa9b8", "BOMRef": "pkg:cargo/zeroize@1.8.1" }, "Version": "1.8.1", "Licenses": [ "Apache-2.0 OR MIT" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "zerovec@0.10.4", "Name": "zerovec", "Identifier": { "PURL": "pkg:cargo/zerovec@0.10.4", "UID": "346c2841f40ccca2", "BOMRef": "pkg:cargo/zerovec@0.10.4" }, "Version": "0.10.4", "Licenses": [ "Unicode-3.0" ], "DependsOn": [ "yoke@0.7.4", "zerofrom@0.1.4", "zerovec-derive@0.10.3" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "zerovec-derive@0.10.3", "Name": "zerovec-derive", "Identifier": { "PURL": "pkg:cargo/zerovec-derive@0.10.3", "UID": "bdc5f436cc856bb1", "BOMRef": "pkg:cargo/zerovec-derive@0.10.3" }, "Version": "0.10.3", "Licenses": [ "Unicode-3.0" ], "DependsOn": [ "proc-macro2@1.0.101", "quote@1.0.42", "syn@2.0.111" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "zstd@0.13.0", "Name": "zstd", "Identifier": { "PURL": "pkg:cargo/zstd@0.13.0", "UID": "5320d3f8142bf40", "BOMRef": "pkg:cargo/zstd@0.13.0" }, "Version": "0.13.0", "Licenses": [ "MIT" ], "DependsOn": [ "zstd-safe@7.0.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "zstd-safe@7.0.0", "Name": "zstd-safe", "Identifier": { "PURL": "pkg:cargo/zstd-safe@7.0.0", "UID": "a8091a70e68bca50", "BOMRef": "pkg:cargo/zstd-safe@7.0.0" }, "Version": "7.0.0", "Licenses": [ "MIT OR Apache-2.0" ], "DependsOn": [ "zstd-sys@2.0.9+zstd.1.5.5" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } }, { "ID": "zstd-sys@2.0.9+zstd.1.5.5", "Name": "zstd-sys", "Identifier": { "PURL": "pkg:cargo/zstd-sys@2.0.9%2Bzstd.1.5.5", "UID": "5a1604207db67cce", "BOMRef": "pkg:cargo/zstd-sys@2.0.9%2Bzstd.1.5.5" }, "Version": "2.0.9+zstd.1.5.5", "Licenses": [ "MIT OR Apache-2.0" ], "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" } } ], "Vulnerabilities": [ { "VulnerabilityID": "GHSA-8v2v-wjwg-vx6r", "PkgID": "actix-files@0.6.8", "PkgName": "actix-files", "PkgIdentifier": { "PURL": "pkg:cargo/actix-files@0.6.8", "UID": "99d2c6d5036f12e4", "BOMRef": "pkg:cargo/actix-files@0.6.8" }, "InstalledVersion": "0.6.8", "FixedVersion": "0.6.10", "Status": "fixed", "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" }, "SeveritySource": "ghsa", "PrimaryURL": "https://github.com/advisories/GHSA-8v2v-wjwg-vx6r", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Rust", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Arust" }, "Fingerprint": "sha256:2e4cae43379c0a0c500f5be52152a2d14f5f13740ae2f4420fbc501e129fd40e", "Title": "actix-files has a possible exposure of information vulnerability", "Description": "### Summary\n\nWhen passing a non-existing folder to the `actix_files::Files::new()` method causes the actix server to expose unexpected files.\n\n### Details\n\nThe `actix-files` library exposes a [`Files` struct](https://github.com/actix/actix-web/blob/fba766b4beb92278665d58815c94d336015225c5/actix-files/src/files.rs#L38) that configures an actix `service` to serve the files in a folder as static assets. Below you can find the [signature of the `Files::new` method](https://github.com/actix/actix-web/blob/fba766b4beb92278665d58815c94d336015225c5/actix-files/src/files.rs#L98):\n\n```rust\npub fn new\u003cT: Into\u003cPathBuf\u003e\u003e(mount_path: \u0026str, serve_from: T) -\u003e Files\n```\n\nWhen the `mount_path` you pass to `Files` doesn't exist, [it defaults to an empty path](https://github.com/actix/actix-web/blob/fba766b4beb92278665d58815c94d336015225c5/actix-files/src/files.rs#L104) (`Path::new()`). When the service receives a HTTP request, it [joins the request information with the empty path](https://github.com/actix/actix-web/blob/fba766b4beb92278665d58815c94d336015225c5/actix-files/src/service.rs#L136) and calls `canonicalize`. Rust resolves this path as relative and returns any file that matches it.\n\nThis behavior causes the library to expose unexpected files when the folder is not present.\n\n### PoC\n\n_There is a working PoC on https://github.com/Angelmmiguel/actix-files-vuln, although the next steps can be followed to reproduce the issue_\n\n1. Clone the https://github.com/actix/examples repository.\n2. Change your directory to the `basics/static-files` folder.\n3. Edit the `src/main.rs` file and change the line 13 to mount a non-existing folder:\n\n ```diff\n - .service(Files::new(\"/images\", \"static/images/\").show_files_listing())\n + .service(Files::new(\"/images\", \"static/missing/\").show_files_listing())\n ```\n \n4. Run the project with `cargo run`.\n5. Access the \u003chttp://localhost:8080/images/Cargo.toml\u003e URL.\n\n### Impact\n\nThis is an exposure of information vulnerability. It affects anyone using the `actix-files::Files` library that mounts a non-existing folder for any reason.", "Severity": "MEDIUM", "VendorSeverity": { "ghsa": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "V40Score": 6.3 } }, "References": [ "https://github.com/actix/actix-web", "https://github.com/actix/actix-web/blob/fba766b4beb92278665d58815c94d336015225c5/actix-files/src/files.rs#L104", "https://github.com/actix/actix-web/blob/fba766b4beb92278665d58815c94d336015225c5/actix-files/src/files.rs#L38", "https://github.com/actix/actix-web/blob/fba766b4beb92278665d58815c94d336015225c5/actix-files/src/files.rs#L98", "https://github.com/actix/actix-web/blob/fba766b4beb92278665d58815c94d336015225c5/actix-files/src/service.rs#L136", "https://github.com/actix/actix-web/security/advisories/GHSA-8v2v-wjwg-vx6r" ], "PublishedDate": "2026-02-06T18:56:20Z", "LastModifiedDate": "2026-02-06T18:56:20Z" }, { "VulnerabilityID": "GHSA-gcqf-3g44-vc9p", "PkgID": "actix-files@0.6.8", "PkgName": "actix-files", "PkgIdentifier": { "PURL": "pkg:cargo/actix-files@0.6.8", "UID": "99d2c6d5036f12e4", "BOMRef": "pkg:cargo/actix-files@0.6.8" }, "InstalledVersion": "0.6.8", "FixedVersion": "0.6.10", "Status": "fixed", "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" }, "SeveritySource": "ghsa", "PrimaryURL": "https://github.com/advisories/GHSA-gcqf-3g44-vc9p", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Rust", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Arust" }, "Fingerprint": "sha256:14a4949902f24653b044bda71a9a0906f0dc920ead90276d8ddc94721cb7003b", "Title": "[actix-files] Panic triggered by empty Range header in GET request for static file", "Description": "### Summary\nA GET request for a static file served by `actix-files` with an empty `Range` header triggers a panic. With `panic = \"abort\"`, a remote user may crash the process on-demand.\n\n### Details\n`actix-files` assumes that `HttpRange::parse()`, when `Ok`, always returns a vector with at least one element. When `parse()` is called on an empty string, it returns `Ok(vec![])`. This can cause a panic at named.rs:534 when handling an HTTP request with an empty `Range:` header. This shouldn't significantly impact programs built with the default `panic = \"unwind\"`, as the only effect is that the connection is closed when the worker thread panics and new threads are spooled up on demand. Programs built with `panic = \"abort\"` are vulnerable to being crashed on-demand by any user with permissions to perform a `GET` request for a static file served by `actix-files`.\nhttps://github.com/actix/actix-web/blob/0383f4bdd1210e726143ca1ebcf01169b67a4b6c/actix-files/src/named.rs#L530-L535\n\n### PoC\n\u003cdetails\u003e\n\u003csummary\u003eMinimal reproduction\u003c/summary\u003e\n\n`Cargo.toml`:\n```toml\n[package]\nname = \"example\"\nversion = \"0.1.0\"\nedition = \"2021\"\n\n[dependencies]\nactix-web = \"=4.5.1\"\nactix-files = \"=0.6.5\"\n\n[profile.dev]\npanic = \"abort\"\n```\n`src/main.rs`:\n```rust\nuse actix_files::NamedFile;\nuse actix_web::{get, Responder};\n\n#[get(\"/\")]\nasync fn index() -\u003e impl Responder {\n NamedFile::open(\"test_file\")\n}\n\n#[actix_web::main]\nasync fn main() -\u003e std::io::Result\u003c()\u003e {\n use actix_web::{App, HttpServer};\n\n HttpServer::new(|| App::new().service(index))\n .bind((\"127.0.0.1\", 8080))?\n .run()\n .await\n}\n```\n`test.sh`:\n```sh\n#!/bin/bash\n\necho foo \u003e test_file\ncargo b\ncargo r\u0026\nsleep 1\nnc 127.0.0.1 8080 \u003c\u003c EOF\nGET / HTTP/1.1\nRange:\n\nEOF\nkill %1\n```\n\nCreate these files, then run `chmod +x test.sh \u0026\u0026 ./test.sh`. The server should start, then crash upon receiving the `GET` request from `netcat`.\n\nThis assumes a reasonably UNIX-like system with Rust, `bash` and `netcat` installed.\n\u003c/details\u003e\n\n### Impact\nIt is believed that only programs compiled with panic = \"abort\" are affected significantly. The only potential impact that can be seen is Denial of Service, though an attacker able to repeatedly send GET requests without those requests getting blocked by rate limiting, DDoS protection, etc. would be able to keep a server down indefinitely. As only a single unblocked request is needed to trigger the panic, merely having a rate limiter may not be enough to prevent this.\n\nThough the impact in the worst case is significant, the real-world risk of this vulnerability appears to be limited, as it would be expected that anyone for whom uptime is a significant concern would not compile their program with panic = \"abort\".", "Severity": "MEDIUM", "VendorSeverity": { "ghsa": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "V40Score": 6.9 } }, "References": [ "https://github.com/actix/actix-web", "https://github.com/actix/actix-web/blob/0383f4bdd1210e726143ca1ebcf01169b67a4b6c/actix-files/src/named.rs#L530-L535", "https://github.com/actix/actix-web/security/advisories/GHSA-gcqf-3g44-vc9p" ], "PublishedDate": "2026-02-06T19:00:12Z", "LastModifiedDate": "2026-02-06T19:00:13Z" }, { "VulnerabilityID": "CVE-2026-25541", "VendorIDs": [ "GHSA-434x-w66g-qw3r" ], "PkgID": "bytes@1.10.1", "PkgName": "bytes", "PkgIdentifier": { "PURL": "pkg:cargo/bytes@1.10.1", "UID": "5ac53cb4dcab165a", "BOMRef": "pkg:cargo/bytes@1.10.1" }, "InstalledVersion": "1.10.1", "FixedVersion": "1.11.1", "Status": "fixed", "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25541", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Rust", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Arust" }, "Fingerprint": "sha256:581822a40bffb16ff638fe13466c6fb04f63eec0f62b7e9ed1947a02ab4a2802", "Title": "Bytes is a utility library for working with bytes. From version 1.2.1 ...", "Description": "Bytes is a utility library for working with bytes. From version 1.2.1 to before 1.11.1, Bytes is vulnerable to integer overflow in BytesMut::reserve. In the unique reclaim path of BytesMut::reserve, if the condition \"v_capacity \u003e= new_cap + offset\" uses an unchecked addition. When new_cap + offset overflows usize in release builds, this condition may incorrectly pass, causing self.cap to be set to a value that exceeds the actual allocated capacity. Subsequent APIs such as spare_capacity_mut() then trust this corrupted cap value and may create out-of-bounds slices, leading to UB. This behavior is observable in release builds (integer overflow wraps), whereas debug builds panic due to overflow checks. This issue has been patched in version 1.11.1.", "Severity": "MEDIUM", "CweIDs": [ "CWE-680" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "ghsa": 2, "nvd": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P", "V40Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://github.com/tokio-rs/bytes", "https://github.com/tokio-rs/bytes/commit/d0293b0e35838123c51ca5dfdf468ecafee4398f", "https://github.com/tokio-rs/bytes/releases/tag/v1.11.1", "https://github.com/tokio-rs/bytes/security/advisories/GHSA-434x-w66g-qw3r", "https://nvd.nist.gov/vuln/detail/CVE-2026-25541", "https://rustsec.org/advisories/RUSTSEC-2026-0007.html" ], "PublishedDate": "2026-02-04T22:16:00.383Z", "LastModifiedDate": "2026-02-27T20:13:28.537Z" }, { "VulnerabilityID": "CVE-2026-25537", "VendorIDs": [ "GHSA-h395-gr6q-cpjc" ], "PkgID": "jsonwebtoken@10.0.0", "PkgName": "jsonwebtoken", "PkgIdentifier": { "PURL": "pkg:cargo/jsonwebtoken@10.0.0", "UID": "621e9b2ff6a20d2f", "BOMRef": "pkg:cargo/jsonwebtoken@10.0.0" }, "InstalledVersion": "10.0.0", "FixedVersion": "10.3.0", "Status": "fixed", "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25537", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Rust", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Arust" }, "Fingerprint": "sha256:8847295f41cbb82146b440f12ab512ed5262c6d396a2bc6df04b24908abef73b", "Title": "jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass", "Description": "jsonwebtoken is a JWT lib in rust. Prior to version 10.3.0, there is a Type Confusion vulnerability in jsonwebtoken, specifically, in its claim validation logic. When a standard claim (such as nbf or exp) is provided with an incorrect JSON type (Like a String instead of a Number), the library’s internal parsing mechanism marks the claim as “FailedToParse”. Crucially, the validation logic treats this “FailedToParse” state identically to “NotPresent”. This means that if a check is enabled (like: validate_nbf = true), but the claim is not explicitly marked as required in required_spec_claims, the library will skip the validation check entirely for the malformed claim, treating it as if it were not there. This allows attackers to bypass critical time-based security restrictions (like “Not Before” checks) and commit potential authentication and authorization bypasses. This issue has been patched in version 10.3.0.", "Severity": "MEDIUM", "CweIDs": [ "CWE-843" ], "VendorSeverity": { "ghsa": 2, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P", "V40Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-25537", "https://github.com/Keats/jsonwebtoken", "https://github.com/Keats/jsonwebtoken/commit/abbc3076742c4161347bc6b8bf4aa5eb86e1dc01", "https://github.com/Keats/jsonwebtoken/security/advisories/GHSA-h395-gr6q-cpjc", "https://nvd.nist.gov/vuln/detail/CVE-2026-25537", "https://www.cve.org/CVERecord?id=CVE-2026-25537" ], "PublishedDate": "2026-02-04T22:15:59.807Z", "LastModifiedDate": "2026-02-11T19:13:47.607Z" }, { "VulnerabilityID": "CVE-2026-32829", "VendorIDs": [ "GHSA-vvp9-7p8x-rfvv" ], "PkgID": "lz4_flex@0.12.0", "PkgName": "lz4_flex", "PkgIdentifier": { "PURL": "pkg:cargo/lz4_flex@0.12.0", "UID": "8759a2cd440828c8", "BOMRef": "pkg:cargo/lz4_flex@0.12.0" }, "InstalledVersion": "0.12.0", "FixedVersion": "0.11.6, 0.12.1", "Status": "fixed", "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32829", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Rust", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Arust" }, "Fingerprint": "sha256:b5509bb457423a5bd9e5b0e8a92d1d8d577660d7d72fb4a6d3d8fc72854801c9", "Title": "lz4_flex: lz4_flex's decompression can leak information from uninitialized memory or reused output buffer", "Description": "lz4_flex is a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and below, and 0.12.0, decompressing invalid LZ4 data can leak sensitive information from uninitialized memory or from previous decompression operations. The library fails to properly validate offset values during LZ4 \"match copy operations,\" allowing out-of-bounds reads from the output buffer. The block-based API functions (`decompress_into`, `decompress_into_with_dict`, and others when `safe-decode` is disabled) are affected, while all frame APIs are unaffected. The impact is potential exposure of sensitive data and secrets through crafted or malformed LZ4 input. This issue has been fixed in versions 0.11.6 and 0.12.1.", "Severity": "HIGH", "CweIDs": [ "CWE-201", "CWE-823" ], "VendorSeverity": { "amazon": 2, "ghsa": 3, "nvd": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "V40Score": 8.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32829", "https://github.com/PSeitz/lz4_flex", "https://github.com/PSeitz/lz4_flex/commit/055502ee5d297ecd6bf448ac91c055c7f6df9b6d", "https://github.com/PSeitz/lz4_flex/security/advisories/GHSA-vvp9-7p8x-rfvv", "https://nvd.nist.gov/vuln/detail/CVE-2026-32829", "https://rustsec.org/advisories/RUSTSEC-2026-0041.html", "https://www.cve.org/CVERecord?id=CVE-2026-32829" ], "PublishedDate": "2026-03-20T01:15:56.277Z", "LastModifiedDate": "2026-03-30T15:05:23.41Z" }, { "VulnerabilityID": "CVE-2025-53605", "VendorIDs": [ "GHSA-2gh3-rmm4-6rq5" ], "PkgID": "protobuf@2.28.0", "PkgName": "protobuf", "PkgIdentifier": { "PURL": "pkg:cargo/protobuf@2.28.0", "UID": "b3442da4ac268dfe", "BOMRef": "pkg:cargo/protobuf@2.28.0" }, "InstalledVersion": "2.28.0", "FixedVersion": "3.7.2", "Status": "fixed", "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-53605", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Rust", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Arust" }, "Fingerprint": "sha256:ae182f1145da1bd8287ea39ac3595421359c1be6a82c768630bfa2e84ef0b3ac", "Title": "protobuf: Protobuf: Uncontrolled Recursion Vulnerability", "Description": "The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::coded_input_stream::CodedInputStream::skip_group parsing of unknown fields in untrusted input.", "Severity": "MEDIUM", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U", "V40Score": 6.6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-53605", "https://crates.io/crates/protobuf", "https://github.com/stepancheg/rust-protobuf", "https://github.com/stepancheg/rust-protobuf/commit/f06992f46771c0a092593b9ebf7afd48740b3ed6", "https://github.com/stepancheg/rust-protobuf/issues/749", "https://nvd.nist.gov/vuln/detail/CVE-2025-53605", "https://rustsec.org/advisories/RUSTSEC-2024-0437", "https://rustsec.org/advisories/RUSTSEC-2024-0437.html", "https://www.cve.org/CVERecord?id=CVE-2025-53605" ], "PublishedDate": "2025-07-05T01:15:28.523Z", "LastModifiedDate": "2025-07-08T16:18:53.607Z" }, { "VulnerabilityID": "CVE-2026-31812", "VendorIDs": [ "GHSA-6xvm-j4wr-6v98" ], "PkgID": "quinn-proto@0.11.8", "PkgName": "quinn-proto", "PkgIdentifier": { "PURL": "pkg:cargo/quinn-proto@0.11.8", "UID": "d68224646810d28d", "BOMRef": "pkg:cargo/quinn-proto@0.11.8" }, "InstalledVersion": "0.11.8", "FixedVersion": "0.11.14", "Status": "fixed", "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31812", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Rust", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Arust" }, "Fingerprint": "sha256:e8785f33dd33c76160bfe2b8fa551a93fc44575215040a613b5aaddb939c886c", "Title": "quinn-proto: quinn-proto: Denial of Service via crafted QUIC Initial packet", "Description": "Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malformed quic_transport_parameters. In quinn-proto parsing logic, attacker-controlled varints are decoded with unwrap(), so truncated encodings cause Err(UnexpectedEnd) and panic. This is reachable over the network with a single packet and no prior trust or authentication. This vulnerability is fixed in 0.11.14.", "Severity": "HIGH", "CweIDs": [ "CWE-248" ], "VendorSeverity": { "ghsa": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V40Score": 8.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31812", "https://github.com/quinn-rs/quinn", "https://github.com/quinn-rs/quinn/pull/2559", "https://github.com/quinn-rs/quinn/security/advisories/GHSA-6xvm-j4wr-6v98", "https://nvd.nist.gov/vuln/detail/CVE-2026-31812", "https://rustsec.org/advisories/RUSTSEC-2026-0037.html", "https://www.cve.org/CVERecord?id=CVE-2026-31812" ], "PublishedDate": "2026-03-10T22:16:18.84Z", "LastModifiedDate": "2026-03-11T13:52:47.683Z" }, { "VulnerabilityID": "CVE-2026-21895", "VendorIDs": [ "GHSA-9c48-w39g-hm26" ], "PkgID": "rsa@0.9.8", "PkgName": "rsa", "PkgIdentifier": { "PURL": "pkg:cargo/rsa@0.9.8", "UID": "6765f8a255f08994", "BOMRef": "pkg:cargo/rsa@0.9.8" }, "InstalledVersion": "0.9.8", "FixedVersion": "0.9.10", "Status": "fixed", "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-21895", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Rust", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Arust" }, "Fingerprint": "sha256:ed579d81013200818fdd5307a15573a31da19e46bf60ddc511ea686c48d85d28", "Title": "RSA: RSA crate: Denial of Service due to malformed prime in private key generation", "Description": "The `rsa` crate is an RSA implementation written in rust. Prior to version 0.9.10, when creating a RSA private key from its components, the construction panics instead of returning an error when one of the primes is `1`. Version 0.9.10 fixes the issue.", "Severity": "LOW", "CweIDs": [ "CWE-703" ], "VendorSeverity": { "ghsa": 1, "nvd": 2, "redhat": 1 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U", "V40Score": 2.7 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-21895", "https://github.com/RustCrypto/RSA", "https://github.com/RustCrypto/RSA/commit/2926c91bef7cb14a7ccd42220a698cf4b1b692f7", "https://github.com/RustCrypto/RSA/security/advisories/GHSA-9c48-w39g-hm26", "https://nvd.nist.gov/vuln/detail/CVE-2026-21895", "https://www.cve.org/CVERecord?id=CVE-2026-21895" ], "PublishedDate": "2026-01-08T14:15:57.72Z", "LastModifiedDate": "2026-03-12T19:27:31.327Z" }, { "VulnerabilityID": "GHSA-pwjx-qhcg-rvj4", "PkgID": "rustls-webpki@0.102.8", "PkgName": "rustls-webpki", "PkgIdentifier": { "PURL": "pkg:cargo/rustls-webpki@0.102.8", "UID": "24af12296369a40d", "BOMRef": "pkg:cargo/rustls-webpki@0.102.8" }, "InstalledVersion": "0.102.8", "FixedVersion": "0.103.10, 0.104.0-alpha.5", "Status": "fixed", "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" }, "SeveritySource": "ghsa", "PrimaryURL": "https://github.com/advisories/GHSA-pwjx-qhcg-rvj4", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Rust", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Arust" }, "Fingerprint": "sha256:06fd67f61f08b6f2230c517054a0bd28df1dc90adbddf30a08f369d33a353a23", "Title": "webpki: CRLs not considered authoritative by Distribution Point due to faulty matching logic", "Description": "If a certificate had more than one `distributionPoint`, then only the first `distributionPoint` would be considered against each CRL's `IssuingDistributionPoint` `distributionPoint`, and then the certificate's subsequent `distributionPoint`s would be ignored.\n\nThe impact was that correct provided CRLs would not be consulted to check revocation. With `UnknownStatusPolicy::Deny` (the default) this would lead to incorrect but safe `Error::UnknownRevocationStatus`. With `UnknownStatusPolicy::Allow` this would lead to inappropriate acceptance of revoked certificates.\n\nThis vulnerability is thought to be of limited impact. This is because both the certificate and CRL are signed -- an attacker would need to compromise a trusted issuing authority to trigger this bug. An attacker with such capabilities could likely bypass revocation checking through other more impactful means (such as publishing a valid, empty CRL.)\n\nMore likely, this bug would be latent in normal use, and an attacker could leverage faulty revocation checking to continue using a revoked credential.", "Severity": "MEDIUM", "VendorSeverity": { "ghsa": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N", "V3Score": 4.4 } }, "References": [ "https://github.com/rustls/webpki", "https://github.com/rustls/webpki/security/advisories/GHSA-pwjx-qhcg-rvj4", "https://rustsec.org/advisories/RUSTSEC-2026-0049.html" ], "PublishedDate": "2026-03-20T21:51:17Z", "LastModifiedDate": "2026-03-25T19:56:38Z" }, { "VulnerabilityID": "GHSA-pwjx-qhcg-rvj4", "PkgID": "rustls-webpki@0.103.6", "PkgName": "rustls-webpki", "PkgIdentifier": { "PURL": "pkg:cargo/rustls-webpki@0.103.6", "UID": "48a5ca1dab2b835", "BOMRef": "pkg:cargo/rustls-webpki@0.103.6" }, "InstalledVersion": "0.103.6", "FixedVersion": "0.103.10, 0.104.0-alpha.5", "Status": "fixed", "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" }, "SeveritySource": "ghsa", "PrimaryURL": "https://github.com/advisories/GHSA-pwjx-qhcg-rvj4", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Rust", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Arust" }, "Fingerprint": "sha256:078af7bd94abeb1c92dcdf858fcfba7f732935c410febe6b51951650c9f2ae64", "Title": "webpki: CRLs not considered authoritative by Distribution Point due to faulty matching logic", "Description": "If a certificate had more than one `distributionPoint`, then only the first `distributionPoint` would be considered against each CRL's `IssuingDistributionPoint` `distributionPoint`, and then the certificate's subsequent `distributionPoint`s would be ignored.\n\nThe impact was that correct provided CRLs would not be consulted to check revocation. With `UnknownStatusPolicy::Deny` (the default) this would lead to incorrect but safe `Error::UnknownRevocationStatus`. With `UnknownStatusPolicy::Allow` this would lead to inappropriate acceptance of revoked certificates.\n\nThis vulnerability is thought to be of limited impact. This is because both the certificate and CRL are signed -- an attacker would need to compromise a trusted issuing authority to trigger this bug. An attacker with such capabilities could likely bypass revocation checking through other more impactful means (such as publishing a valid, empty CRL.)\n\nMore likely, this bug would be latent in normal use, and an attacker could leverage faulty revocation checking to continue using a revoked credential.", "Severity": "MEDIUM", "VendorSeverity": { "ghsa": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N", "V3Score": 4.4 } }, "References": [ "https://github.com/rustls/webpki", "https://github.com/rustls/webpki/security/advisories/GHSA-pwjx-qhcg-rvj4", "https://rustsec.org/advisories/RUSTSEC-2026-0049.html" ], "PublishedDate": "2026-03-20T21:51:17Z", "LastModifiedDate": "2026-03-25T19:56:38Z" }, { "VulnerabilityID": "CVE-2026-25727", "VendorIDs": [ "GHSA-r6v5-fh4h-64xc" ], "PkgID": "time@0.3.17", "PkgName": "time", "PkgIdentifier": { "PURL": "pkg:cargo/time@0.3.17", "UID": "498dc42ad7813385", "BOMRef": "pkg:cargo/time@0.3.17" }, "InstalledVersion": "0.3.17", "FixedVersion": "0.3.47", "Status": "fixed", "Layer": { "Digest": "sha256:54ac9e526f931a282770ca4f989f6a202bd05dc63e49a0b9ee56b659e8f105e2", "DiffID": "sha256:e47c6e3e8c9f0c6026a9dfae8065dc220e85ec22b527bf1bd6ddee7137a6be11" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25727", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Rust", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Arust" }, "Fingerprint": "sha256:6dd1ba774744967c470eec79e6164b39e15a10825e3b4025108075030b25029d", "Title": "time: time affected by a stack exhaustion denial of service attack", "Description": "time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.", "Severity": "MEDIUM", "CweIDs": [ "CWE-121" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "nvd": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H", "V40Score": 6.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-25727", "https://github.com/time-rs/time", "https://github.com/time-rs/time/blob/main/CHANGELOG.md#0347-2026-02-05", "https://github.com/time-rs/time/commit/1c63dc7985b8fa26bd8c689423cc56b7a03841ee", "https://github.com/time-rs/time/releases/tag/v0.3.47", "https://github.com/time-rs/time/security/advisories/GHSA-r6v5-fh4h-64xc", "https://nvd.nist.gov/vuln/detail/CVE-2026-25727", "https://rustsec.org/advisories/RUSTSEC-2026-0009.html", "https://www.cve.org/CVERecord?id=CVE-2026-25727" ], "PublishedDate": "2026-02-06T20:16:11.86Z", "LastModifiedDate": "2026-02-24T15:23:35.563Z" } ] } ] }